From b801b1ece342e33d1e425a5d3a43084a1781b31c Mon Sep 17 00:00:00 2001 From: Jon Palmer <328224+jonspalmer@users.noreply.github.com> Date: Wed, 22 Jul 2020 15:44:21 -0400 Subject: [PATCH 001/645] Add Client option for access_token_class (#516) --- lib/oauth2/client.rb | 22 ++++++++++++---------- spec/oauth2/client_spec.rb | 14 ++++++++++++++ 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 020bd654..d0a36f7e 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -28,6 +28,7 @@ class Client # rubocop:disable Metrics/ClassLength # @option options [Boolean] :raise_errors (true) whether or not to raise an OAuth2::Error # @option options [Logger] :logger (::Logger.new($stdout)) which logger to use when OAUTH_DEBUG is enabled # on responses with 400+ status codes + # @option options [Class] :access_token_class (AccessToken) class used to create access tokens # @yield [builder] The Faraday connection builder def initialize(client_id, client_secret, options = {}, &block) opts = options.dup @@ -35,15 +36,16 @@ def initialize(client_id, client_secret, options = {}, &block) @secret = client_secret @site = opts.delete(:site) ssl = opts.delete(:ssl) - @options = {:authorize_url => 'oauth/authorize', - :token_url => 'oauth/token', - :token_method => :post, - :auth_scheme => :basic_auth, - :connection_opts => {}, - :connection_build => block, - :max_redirects => 5, - :raise_errors => true, - :logger => ::Logger.new($stdout)}.merge!(opts) + @options = {:authorize_url => 'oauth/authorize', + :token_url => 'oauth/token', + :token_method => :post, + :auth_scheme => :basic_auth, + :connection_opts => {}, + :connection_build => block, + :max_redirects => 5, + :raise_errors => true, + :logger => ::Logger.new($stdout), + :access_token_class => AccessToken}.merge!(opts) @options[:connection_opts][:ssl] = ssl if ssl end @@ -133,7 +135,7 @@ def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, Method # @param access_token_opts [Hash] access token options, to pass to the AccessToken object # @param access_token_class [Class] class of access token for easier subclassing OAuth2::AccessToken # @return [AccessToken] the initialized AccessToken - def get_token(params, access_token_opts = {}, access_token_class = AccessToken) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity + def get_token(params, access_token_opts = {}, access_token_class = options[:access_token_class]) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity # if ruby version >= 2.4 # params.transform_keys! do |key| # RESERVED_PARAM_KEYS.include?(key) ? key.to_sym : key diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index dd1ab049..9cb42b4e 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -431,6 +431,20 @@ expect(token.token).to eq('the-token') end + it 'returns a configured access token given by client.options[:access_token_class]' do + NewAccessToken = Class.new(AccessToken) + client = stubbed_client(access_token_class: NewAccessToken) do |stub| + stub.post('/oauth/token') do + [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] + end + end + + token = client.get_token({}) + expect(token).to be_a NewAccessToken + expect(token.token).to eq('the-token') + end + + it 'authenticates with request parameters' do client = stubbed_client(:auth_scheme => :request_body) do |stub| stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def') do |env| From 5723ae12f1a1fcb6aac64c3d5f8dd2840de559e7 Mon Sep 17 00:00:00 2001 From: An Vo Date: Thu, 23 Jul 2020 02:45:30 +0700 Subject: [PATCH 002/645] Update Mac to draft 05 (#509) * Upgrade MAC Token to http mac 05 * Fix test to cover case empty seq-nr string * Correct spec text --- lib/oauth2/mac_token.rb | 27 +++++++++++++-------------- spec/oauth2/mac_token_spec.rb | 33 +++++++++++++++++++++++++++------ 2 files changed, 40 insertions(+), 20 deletions(-) diff --git a/lib/oauth2/mac_token.rb b/lib/oauth2/mac_token.rb index df060742..583c9d44 100644 --- a/lib/oauth2/mac_token.rb +++ b/lib/oauth2/mac_token.rb @@ -29,6 +29,9 @@ def self.from_access_token(token, secret, options = {}) # @option opts [FixNum, String] :algorithm (hmac-sha-256) the algorithm to use for the HMAC digest (one of 'hmac-sha-256', 'hmac-sha-1') def initialize(client, token, secret, opts = {}) @secret = secret + @seq_nr = SecureRandom.random_number(2 ** 64) + @kid = opts.delete(:kid) || Base64.strict_encode64(Digest::SHA1.digest(token)) + self.algorithm = opts.delete(:algorithm) || 'hmac-sha-256' super(client, token, opts) @@ -59,33 +62,29 @@ def headers # @param [Symbol] verb the HTTP request method # @param [String] url the HTTP URL path of the request def header(verb, url) - timestamp = Time.now.utc.to_i - nonce = Digest::MD5.hexdigest([timestamp, SecureRandom.hex].join(':')) + timestamp = (Time.now.to_f * 1000).floor + @seq_nr = (@seq_nr + 1) % (2 ** 64) - uri = URI.parse(url) + uri = URI(url) raise(ArgumentError, "could not parse \"#{url}\" into URI") unless uri.is_a?(URI::HTTP) - mac = signature(timestamp, nonce, verb, uri) + mac = signature(timestamp, verb, uri) - "MAC id=\"#{token}\", ts=\"#{timestamp}\", nonce=\"#{nonce}\", mac=\"#{mac}\"" + "MAC kid=\"#{@kid}\", ts=\"#{timestamp}\", seq-nr=\"#{@seq_nr}\", mac=\"#{mac}\"" end # Generate the Base64-encoded HMAC digest signature # # @param [Fixnum] timestamp the timestamp of the request in seconds since epoch - # @param [String] nonce the MAC header nonce # @param [Symbol] verb the HTTP request method - # @param [String] uri the HTTP URL path of the request - def signature(timestamp, nonce, verb, uri) + # @param [String] url the HTTP URL path of the request + def signature(timestamp, verb, uri) signature = [ + "#{verb.to_s.upcase} #{uri.request_uri} HTTP/1.1", timestamp, - nonce, - verb.to_s.upcase, - uri.request_uri, - uri.host, - uri.port, - '', nil + @seq_nr, + '' ].join("\n") Base64.strict_encode64(OpenSSL::HMAC.digest(@algorithm, secret, signature)) diff --git a/spec/oauth2/mac_token_spec.rb b/spec/oauth2/mac_token_spec.rb index b82b7ad2..4ab9f0f4 100644 --- a/spec/oauth2/mac_token_spec.rb +++ b/spec/oauth2/mac_token_spec.rb @@ -1,6 +1,7 @@ RSpec.describe MACToken do - subject { described_class.new(client, token, 'abc123') } + subject { described_class.new(client, token, 'abc123', kid: kid) } + let(:kid) { 'this-token' } let(:token) { 'monkey' } let(:client) do Client.new('abc', 'def', :site => 'https://api.example.com/') do |builder| @@ -45,7 +46,7 @@ describe '#request' do VERBS.each do |verb| it "sends the token in the Authorization header for a #{verb.to_s.upcase} request" do - expect(subject.post('/token/header').body).to include("MAC id=\"#{token}\"") + expect(subject.post('/token/header').body).to include("MAC kid=\"#{kid}\"") end end end @@ -60,7 +61,7 @@ it 'generates the proper format' do header = subject.header('get', 'https://www.example.com/hello?a=1') - expect(header).to match(/MAC id="#{token}", ts="[0-9]+", nonce="[^"]+", mac="[^"]+"/) + expect(header).to match(/MAC kid="#{kid}", ts="[0-9]+", seq-nr="[^"]+", mac="[^"]+"/) end it 'passes ArgumentError with an invalid url' do @@ -68,14 +69,34 @@ end it 'passes URI::InvalidURIError through' do - expect { subject.header('get', nil) }.to raise_error(URI::InvalidURIError) + expect { subject.header('get', '\\') }.to raise_error(URI::InvalidURIError) + end + + it 'passes ArgumentError with nil url' do + expect { subject.header('get', nil) }.to raise_error(ArgumentError) + end + + it 'change seq-nr' do + header = subject.header('get', 'https://www.example.com/hello?a=1') + seq_nr_1 = header.match(/MAC kid="#{kid}", ts="[0-9]+", seq-nr="([^"]+)", mac="[^"]+"/)[1] + + header = subject.header('get', 'https://www.example.com/hello?a=1') + seq_nr_2 = header.match(/MAC kid="#{kid}", ts="[0-9]+", seq-nr="([^"]+)", mac="[^"]+"/)[1] + + expect(seq_nr_1).not_to be_empty + expect(seq_nr_2).not_to be_empty + expect(seq_nr_2).not_to eq(seq_nr_1) end end describe '#signature' do + let(:seq_nr_0) { 0 } + + before { allow(SecureRandom).to receive(:random_number).and_return(seq_nr_0) } + it 'generates properly' do - signature = subject.signature(0, 'random-string', 'get', URI('https://www.google.com/')) - expect(signature).to eq('rMDjVA3VJj3v1OmxM29QQljKia6msl5rjN83x3bZmi8=') + signature = subject.signature(0, 'get', URI('https://www.google.com/')) + expect(signature).to eq('ZdY7fRIXlCxKBVWMwv8jH53qxekdQ/I9TmOuszZ1Zvc=') end end From 0264fcbf22d4a969043de96c579756bf0a8bcbf4 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 23 Jul 2020 21:41:19 -0400 Subject: [PATCH 003/645] Revert "Add Client option for access_token_class (#516)" (#521) This reverts commit b801b1ece342e33d1e425a5d3a43084a1781b31c. --- lib/oauth2/client.rb | 22 ++++++++++------------ spec/oauth2/client_spec.rb | 14 -------------- 2 files changed, 10 insertions(+), 26 deletions(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index d0a36f7e..020bd654 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -28,7 +28,6 @@ class Client # rubocop:disable Metrics/ClassLength # @option options [Boolean] :raise_errors (true) whether or not to raise an OAuth2::Error # @option options [Logger] :logger (::Logger.new($stdout)) which logger to use when OAUTH_DEBUG is enabled # on responses with 400+ status codes - # @option options [Class] :access_token_class (AccessToken) class used to create access tokens # @yield [builder] The Faraday connection builder def initialize(client_id, client_secret, options = {}, &block) opts = options.dup @@ -36,16 +35,15 @@ def initialize(client_id, client_secret, options = {}, &block) @secret = client_secret @site = opts.delete(:site) ssl = opts.delete(:ssl) - @options = {:authorize_url => 'oauth/authorize', - :token_url => 'oauth/token', - :token_method => :post, - :auth_scheme => :basic_auth, - :connection_opts => {}, - :connection_build => block, - :max_redirects => 5, - :raise_errors => true, - :logger => ::Logger.new($stdout), - :access_token_class => AccessToken}.merge!(opts) + @options = {:authorize_url => 'oauth/authorize', + :token_url => 'oauth/token', + :token_method => :post, + :auth_scheme => :basic_auth, + :connection_opts => {}, + :connection_build => block, + :max_redirects => 5, + :raise_errors => true, + :logger => ::Logger.new($stdout)}.merge!(opts) @options[:connection_opts][:ssl] = ssl if ssl end @@ -135,7 +133,7 @@ def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, Method # @param access_token_opts [Hash] access token options, to pass to the AccessToken object # @param access_token_class [Class] class of access token for easier subclassing OAuth2::AccessToken # @return [AccessToken] the initialized AccessToken - def get_token(params, access_token_opts = {}, access_token_class = options[:access_token_class]) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity + def get_token(params, access_token_opts = {}, access_token_class = AccessToken) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity # if ruby version >= 2.4 # params.transform_keys! do |key| # RESERVED_PARAM_KEYS.include?(key) ? key.to_sym : key diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 9cb42b4e..dd1ab049 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -431,20 +431,6 @@ expect(token.token).to eq('the-token') end - it 'returns a configured access token given by client.options[:access_token_class]' do - NewAccessToken = Class.new(AccessToken) - client = stubbed_client(access_token_class: NewAccessToken) do |stub| - stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] - end - end - - token = client.get_token({}) - expect(token).to be_a NewAccessToken - expect(token.token).to eq('the-token') - end - - it 'authenticates with request parameters' do client = stubbed_client(:auth_scheme => :request_body) do |stub| stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def') do |env| From f60af5fcb203cf502352e648ff68738863e4e128 Mon Sep 17 00:00:00 2001 From: Jesse Cotton Date: Sat, 7 Nov 2020 14:11:55 -0800 Subject: [PATCH 004/645] Add new token_method post_with_query_string (#525) --- lib/oauth2/client.rb | 6 ++++-- spec/oauth2/client_spec.rb | 11 +++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 020bd654..dcbafdcc 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -21,7 +21,7 @@ class Client # rubocop:disable Metrics/ClassLength # @option options [String] :redirect_uri the absolute URI to the Redirection Endpoint for use in authorization grants and token exchange # @option options [String] :authorize_url ('/oauth/authorize') absolute or relative URL path to the Authorization endpoint # @option options [String] :token_url ('/oauth/token') absolute or relative URL path to the Token endpoint - # @option options [Symbol] :token_method (:post) HTTP method to use to request token (:get or :post) + # @option options [Symbol] :token_method (:post) HTTP method to use to request token (:get, :post, :post_with_query_string) # @option options [Symbol] :auth_scheme (:basic_auth) HTTP method to use to authorize request (:basic_auth or :request_body) # @option options [Hash] :connection_opts ({}) Hash of connection options to pass to initialize Faraday with # @option options [FixNum] :max_redirects (5) maximum number of redirects to follow @@ -157,7 +157,9 @@ def get_token(params, access_token_opts = {}, access_token_class = AccessToken) opts[:headers] = {} end opts[:headers].merge!(headers) - response = request(options[:token_method], token_url, opts) + http_method = options[:token_method] + http_method = :post if http_method == :post_with_query_string + response = request(http_method, token_url, opts) response_contains_token = response.parsed.is_a?(Hash) && (response.parsed['access_token'] || response.parsed['id_token']) diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index dd1ab049..74a4d2f2 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -499,6 +499,17 @@ client.get_token('arbitrary' => 'parameter') end + context 'when token_method is set to post_with_query_string' do + it 'uses the http post method and passes parameters in the query string' do + client = stubbed_client(:token_method => :post_with_query_string) do |stub| + stub.post('/oauth/token?state=abc123') do |env| + [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] + end + end + client.get_token('state' => 'abc123') + end + end + def stubbed_client(params = {}, &stubs) params = {:site => 'https://api.example.com/'}.merge(params) OAuth2::Client.new('abc', 'def', params) do |builder| From 11c909acda379ee6470631a043e9fb98f9ddf217 Mon Sep 17 00:00:00 2001 From: James Pinto Date: Mon, 1 Mar 2021 04:09:56 -0300 Subject: [PATCH 005/645] Travis - Updating readme link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d9094115..34962176 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ If you need the readme for a released version of the gem please find it below: [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=shield)][fossa1] [gem]: https://rubygems.org/gems/oauth2 -[travis]: http://travis-ci.org/oauth-xx/oauth2 +[travis]: https://travis-ci.com/oauth-xx/oauth2 [coveralls]: https://coveralls.io/r/oauth-xx/oauth2 [codeclimate-maintainability]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability [codeclimate-coverage]: https://codeclimate.com/github/oauth-xx/oauth2/test_coverage From ece22a45e571d2a2d2c03b91168a4f9444660090 Mon Sep 17 00:00:00 2001 From: dobon Date: Wed, 17 Mar 2021 16:37:51 -0700 Subject: [PATCH 006/645] fix bug with expires_at timestamp parsing. (#533) Co-authored-by: dobon <> --- lib/oauth2/access_token.rb | 9 ++++---- spec/oauth2/access_token_spec.rb | 36 +++++++++++++++++++++++++------- 2 files changed, 33 insertions(+), 12 deletions(-) diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 274a6250..712b0bbb 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -177,10 +177,11 @@ def configure_authentication!(opts) # rubocop:disable MethodLength, Metrics/AbcS end def convert_expires_at(expires_at) - expires_at_i = expires_at.to_i - return expires_at_i if expires_at_i > Time.now.utc.to_i - return Time.parse(expires_at).to_i if expires_at.is_a?(String) - expires_at_i + begin + Time.iso8601(expires_at.to_s).to_i + rescue ArgumentError + expires_at.to_i + end end end end diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index b1a51b7f..4c61ea9c 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -50,7 +50,7 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize expect(hash).to eq(hash_before) end - it 'initalizes with a form-urlencoded key/value string' do + it 'initializes with a form-urlencoded key/value string' do kvform = "access_token=#{token}&expires_at=#{Time.now.to_i + 200}&foo=bar" target = described_class.from_kvform(client, kvform) assert_initialized_token(target) @@ -70,13 +70,33 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize expect(opts).to eq(opts_before) end - it 'initializes with a string expires_at' do - future = Time.now.utc + 100_000 - hash = {:access_token => token, :expires_at => future.iso8601, 'foo' => 'bar'} - target = described_class.from_hash(client, hash) - assert_initialized_token(target) - expect(target.expires_at).to be_a(Integer) - expect(target.expires_at).to eql(future.to_i) + describe 'expires_at' do + let(:expires_at) { 1361396829 } + let(:hash) do + { + :access_token => token, + :expires_at => expires_at.to_s, + 'foo' => 'bar' + } + end + + it 'initializes with an integer timestamp expires_at' do + target = described_class.from_hash(client, hash.merge(:expires_at => expires_at)) + assert_initialized_token(target) + expect(target.expires_at).to eql(expires_at) + end + + it 'initializes with a string timestamp expires_at' do + target = described_class.from_hash(client, hash) + assert_initialized_token(target) + expect(target.expires_at).to eql(expires_at) + end + + it 'initializes with a string time expires_at' do + target = described_class.from_hash(client, hash.merge(:expires_at => Time.at(expires_at).iso8601)) + assert_initialized_token(target) + expect(target.expires_at).to eql(expires_at) + end end describe 'expires_latency' do From ebe95171c3d34b9f8f4a4dfdca2e5094efc2deee Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 19 Mar 2021 04:41:25 +0700 Subject: [PATCH 007/645] Compatibility with Ruby OpenSSL versions (#536) * Switch to Github Actions for Ruby 2.4|5|6|7 * Don't forget Ruby 3.0 * add Ruby 2.2 and 2.3 to GH Actions * Better Gemfile * Migrate too Github Actions * Turn off code coverage for old versions of Ruby * Fix specs * Better specs * Fix for old Rubies * Rubocop lint --- .github/dependabot.yml | 8 + .github/workflows/style.yml | 37 +++++ .github/workflows/test.yml | 57 +++++++ .rubocop.yml | 30 ++-- .rubocop_todo.yml | 93 +++++++++-- .travis.yml | 14 +- Gemfile | 43 +++-- README.md | 22 +-- Rakefile | 16 +- bin/console | 1 + gemfiles/jruby_1.7.gemfile | 7 - gemfiles/jruby_9.0.gemfile | 7 - gemfiles/jruby_9.1.gemfile | 4 +- gemfiles/jruby_9.2.gemfile | 4 +- gemfiles/jruby_head.gemfile | 4 +- gemfiles/ruby_1.9.gemfile | 11 -- gemfiles/ruby_2.0.gemfile | 6 - gemfiles/ruby_2.1.gemfile | 6 - gemfiles/ruby_2.2.gemfile | 3 - gemfiles/ruby_2.3.gemfile | 3 - gemfiles/ruby_2.4.gemfile | 3 - gemfiles/ruby_2.5.gemfile | 3 - gemfiles/ruby_2.6.gemfile | 3 - gemfiles/ruby_2.7.gemfile | 9 -- gemfiles/ruby_head.gemfile | 4 +- gemfiles/truffleruby.gemfile | 4 +- lib/oauth2.rb | 2 + lib/oauth2/access_token.rb | 27 ++-- lib/oauth2/authenticator.rb | 8 +- lib/oauth2/client.rb | 32 ++-- lib/oauth2/error.rb | 10 +- lib/oauth2/mac_token.rb | 22 ++- lib/oauth2/response.rb | 13 +- lib/oauth2/snaky_hash.rb | 18 ++- lib/oauth2/strategy/assertion.rb | 10 +- lib/oauth2/strategy/auth_code.rb | 9 +- lib/oauth2/strategy/base.rb | 2 + lib/oauth2/strategy/client_credentials.rb | 2 + lib/oauth2/strategy/implicit.rb | 2 + lib/oauth2/strategy/password.rb | 6 +- lib/oauth2/version.rb | 10 +- oauth2.gemspec | 18 +-- spec/examples/google_spec.rb | 20 ++- spec/helper.rb | 33 ++-- spec/oauth2/access_token_spec.rb | 52 +++--- spec/oauth2/authenticator_spec.rb | 10 +- spec/oauth2/client_spec.rb | 150 +++++++++--------- spec/oauth2/error_spec.rb | 23 +-- spec/oauth2/mac_token_spec.rb | 20 +-- spec/oauth2/response_spec.rb | 64 ++++---- spec/oauth2/snaky_hash_spec.rb | 12 +- spec/oauth2/strategy/assertion_spec.rb | 44 ++--- spec/oauth2/strategy/auth_code_spec.rb | 15 +- spec/oauth2/strategy/base_spec.rb | 2 + .../strategy/client_credentials_spec.rb | 8 +- spec/oauth2/strategy/implicit_spec.rb | 8 +- spec/oauth2/strategy/password_spec.rb | 4 +- spec/oauth2/version_spec.rb | 3 + spec/spec_helper.rb | 3 +- 59 files changed, 636 insertions(+), 428 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/style.yml create mode 100644 .github/workflows/test.yml delete mode 100644 gemfiles/jruby_1.7.gemfile delete mode 100644 gemfiles/jruby_9.0.gemfile delete mode 100644 gemfiles/ruby_1.9.gemfile delete mode 100644 gemfiles/ruby_2.0.gemfile delete mode 100644 gemfiles/ruby_2.1.gemfile delete mode 100644 gemfiles/ruby_2.2.gemfile delete mode 100644 gemfiles/ruby_2.3.gemfile delete mode 100644 gemfiles/ruby_2.4.gemfile delete mode 100644 gemfiles/ruby_2.5.gemfile delete mode 100644 gemfiles/ruby_2.6.gemfile delete mode 100644 gemfiles/ruby_2.7.gemfile diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..a0267668 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,8 @@ +version: 2 +updates: + - package-ecosystem: bundler + directory: "/" + schedule: + interval: daily + time: "04:28" + open-pull-requests-limit: 10 \ No newline at end of file diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml new file mode 100644 index 00000000..fd211ace --- /dev/null +++ b/.github/workflows/style.yml @@ -0,0 +1,37 @@ +name: Code Style Checks + +on: + push: + branches: + - 'main' + - 'master' + - '*-maintenance' + - '*-dev' + tags: + - '!*' # Do not execute on tags + pull_request: + branches: + - '*' + +jobs: + rubocop: + name: Rubocop + if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + strategy: + fail-fast: false + matrix: + ruby: + - 2.7 + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Setup Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + bundler-cache: true + - name: Install dependencies + run: bundle install --jobs 3 --retry 3 + - name: Run Rubocop + run: bundle exec rubocop -DESP \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..4ef2d58a --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,57 @@ +name: Unit Tests + +on: + push: + branches: + - 'main' + - 'master' + - '*-maintenance' + - '*-dev' + tags: + - '!*' # Do not execute on tags + pull_request: + branches: + - '*' + +jobs: + test: + name: Specs - Ruby ${{ matrix.ruby }} ${{ matrix.name_extra || '' }} + if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + strategy: + fail-fast: false + matrix: + ruby: + - 3.0.0 + - 2.7 + - 2.6 + - 2.5 + - 2.4 + - 2.3 + - 2.2 + runs-on: ubuntu-20.04 + continue-on-error: ${{ matrix.allow_failure || endsWith(matrix.ruby, 'head') }} + steps: + - uses: amancevice/setup-code-climate@v0 + name: CodeClimate Install + if: matrix.ruby == '2.7' && github.event_name != 'pull_request' + with: + cc_test_reporter_id: ${{ secrets.CC_TEST_REPORTER_ID }} + - uses: actions/checkout@v2 + - name: Setup Ruby + uses: ruby/setup-ruby@v1 + with: + bundler: ${{ matrix.bundler || 2 }} + bundler-cache: true + ruby-version: ${{ matrix.ruby }} + - name: Install dependencies + run: bundle install --jobs 3 --retry 3 --binstubs --standalone + - name: CodeClimate Pre-build Notification + run: cc-test-reporter before-build + if: matrix.ruby == '2.7' && github.event_name != 'pull_request' + continue-on-error: ${{ matrix.allow_failures != 'false' }} + - name: Run tests + run: bundle exec rake test + - name: CodeClimate Post-build Notification + run: cc-test-reporter after-build + if: matrix.ruby == '2.7' && github.event_name != 'pull_request' && always() + continue-on-error: ${{ matrix.allow_failures != 'false' }} diff --git a/.rubocop.yml b/.rubocop.yml index c6a41973..12f32c41 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,30 +1,42 @@ -require: rubocop-rspec inherit_from: - .rubocop_todo.yml - .rubocop_rspec.yml + +require: + - 'rubocop-md' + - 'rubocop-packaging' + - 'rubocop-performance' + - 'rubocop-rake' + - 'rubocop-rspec' + AllCops: + NewCops: enable DisplayCopNames: true # Display the name of the failing cops - TargetRubyVersion: 2.1 Exclude: - 'gemfiles/vendor/**/*' - 'vendor/**/*' - '**/.irbrc' -Gemspec/RequiredRubyVersion: - Enabled: false - Metrics/BlockLength: + IgnoredMethods: + - context + - describe + - it + - shared_context + - shared_examples + - shared_examples_for + - namespace + - draw + +Gemspec/RequiredRubyVersion: Enabled: false Metrics/BlockNesting: Max: 2 -Metrics/LineLength: +Layout/LineLength: Enabled: false -Metrics/MethodLength: - Max: 15 - Metrics/ParameterLists: Max: 4 diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index e7701734..ab1cf691 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,15 +1,86 @@ -Style/HashSyntax: - EnforcedStyle: hash_rockets +# This configuration was generated by +# `rubocop --auto-gen-config` +# on 2021-03-18 21:07:13 UTC using RuboCop version 1.11.0. +# The point is for the user to remove these configuration records +# one by one as the offenses are removed from the code base. +# Note that changes in the inspected code, or installation of new +# versions of RuboCop, may require this file to be generated again. -Style/Lambda: - Enabled: false +# Offense count: 1 +# Configuration parameters: AllowedMethods. +# AllowedMethods: enums +Lint/ConstantDefinitionInBlock: + Exclude: + - 'spec/oauth2/access_token_spec.rb' -Style/SymbolArray: - Enabled: false +# Offense count: 5 +# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods. +# IgnoredMethods: refine +Metrics/BlockLength: + Max: 35 -Style/EachWithObject: - Enabled: false +# Offense count: 1 +# Configuration parameters: IgnoredMethods. +Metrics/CyclomaticComplexity: + Max: 8 -# Once we drop Rubies that lack support for __dir__ we can turn this on. -Style/ExpandPathArguments: - Enabled: false +# Offense count: 1 +# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods. +Metrics/MethodLength: + Max: 18 + +# Offense count: 2 +# Configuration parameters: IgnoredMethods. +Metrics/PerceivedComplexity: + Max: 13 + +# Offense count: 9 +# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers. +# SupportedStyles: snake_case, normalcase, non_integer +# AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339 +Naming/VariableNumber: + Exclude: + - 'spec/oauth2/mac_token_spec.rb' + - 'spec/oauth2/response_spec.rb' + +# Offense count: 1 +Packaging/GemspecGit: + Exclude: + - 'oauth2.gemspec' + +# Offense count: 2 +# Configuration parameters: MinSize. +Performance/CollectionLiteralInLoop: + Exclude: + - 'spec/oauth2/strategy/auth_code_spec.rb' + - 'spec/oauth2/strategy/client_credentials_spec.rb' + +# Offense count: 17 +# Configuration parameters: Prefixes. +# Prefixes: when, with, without +RSpec/ContextWording: + Exclude: + - 'spec/oauth2/access_token_spec.rb' + - 'spec/oauth2/authenticator_spec.rb' + - 'spec/oauth2/client_spec.rb' + - 'spec/oauth2/snaky_hash_spec.rb' + +# Offense count: 1 +RSpec/LeakyConstantDeclaration: + Exclude: + - 'spec/oauth2/access_token_spec.rb' + +# Offense count: 27 +# Configuration parameters: AllowSubject. +RSpec/MultipleMemoizedHelpers: + Max: 10 + +# Offense count: 1 +Rake/Desc: + Exclude: + - 'Rakefile' + +# Offense count: 1 +Style/MixinUsage: + Exclude: + - 'spec/helper.rb' diff --git a/.travis.yml b/.travis.yml index 1e2c74fd..32691c15 100644 --- a/.travis.yml +++ b/.travis.yml @@ -47,22 +47,12 @@ matrix: - rvm: jruby-9.2 # jruby-9.2 often fails to download, thus failing the build. fast_finish: true include: - - rvm: 2.2 - gemfile: gemfiles/ruby_2.2.gemfile + # oauth2 2.x series releases will support Ruby versions below, and not above + # NOTE: Specs for Ruby 2.2, 2.3, 2.4, 2.5, 2.6, 2.7 & 3.0 are now running with Github Actions - rvm: jruby-9.1 # targets MRI v2.3 gemfile: gemfiles/jruby_9.1.gemfile - - rvm: 2.3 - gemfile: gemfiles/ruby_2.3.gemfile - - rvm: 2.4 - gemfile: gemfiles/ruby_2.4.gemfile - rvm: jruby-9.2 # targets MRI v2.5 gemfile: gemfiles/jruby_9.2.gemfile - - rvm: 2.5 - gemfile: gemfiles/ruby_2.5.gemfile - - rvm: 2.6 - gemfile: gemfiles/ruby_2.6.gemfile - - rvm: 2.7 - gemfile: gemfiles/ruby_2.7.gemfile - rvm: jruby-head gemfile: gemfiles/jruby_head.gemfile - rvm: ruby-head diff --git a/Gemfile b/Gemfile index 9d6c338f..8d5a7de4 100644 --- a/Gemfile +++ b/Gemfile @@ -1,22 +1,41 @@ +# frozen_string_literal: true + source 'https://rubygems.org/' -git_source(:github) { |repo_name| "https://github.com/#{repo_name}" } +gemspec -group :test do - gem 'coveralls' - gem 'simplecov', '>= 0.9' -end +git_source(:github) { |repo_name| "https://github.com/#{repo_name}" } ruby_version = Gem::Version.new(RUBY_VERSION) -debuggable_version = Gem::Version.new('2.6') + +# No need to run byebug / pry on earlier versions +debuggable_version = Gem::Version.new('2.4') + +### deps for documentation and rdoc.info +group :documentation do + gem 'github-markup', platform: :mri + gem 'rdoc' + gem 'redcarpet', platform: :mri + gem 'yard', require: false +end group :development, :test do if ruby_version >= debuggable_version - gem 'pry' - gem 'byebug' - gem 'pry-byebug' + gem 'byebug', platform: :mri + gem 'pry', platform: :mri + gem 'pry-byebug', platform: :mri end -end -# Specify non-special dependencies in oauth2.gemspec -gemspec + if ruby_version >= Gem::Version.new('2.7') + # No need to run rubocop or simplecov on earlier versions + gem 'rubocop', '~> 1.9', platform: :mri + gem 'rubocop-md', platform: :mri + gem 'rubocop-packaging', platform: :mri + gem 'rubocop-performance', platform: :mri + gem 'rubocop-rake', platform: :mri + gem 'rubocop-rspec', platform: :mri + + gem 'coveralls' + gem 'simplecov', platform: :mri + end +end diff --git a/README.md b/README.md index 34962176..186756b3 100644 --- a/README.md +++ b/README.md @@ -69,13 +69,13 @@ Or inside Gemfile ```ruby require 'oauth2' -client = OAuth2::Client.new('client_id', 'client_secret', :site => 'https://example.org/') +client = OAuth2::Client.new('client_id', 'client_secret', site: 'https://example.org/') -client.auth_code.authorize_url(https://github.com/:redirect_uri%20=%3E%20'http://localhost:8080/oauth2/callback') +client.auth_code.authorize_url(https://github.com/redirect_uri:%20'http://localhost:8080/oauth2/callback') # => "https://example.org/oauth/authorization?response_type=code&client_id=client_id&redirect_uri=http://localhost:8080/oauth2/callback" -token = client.auth_code.get_token('authorization_code_value', :redirect_uri => 'http://localhost:8080/oauth2/callback', :headers => {'Authorization' => 'Basic some_password'}) -response = token.get('/api/resource', :params => { 'query_foo' => 'bar' }) +token = client.auth_code.get_token('authorization_code_value', redirect_uri: 'http://localhost:8080/oauth2/callback', headers: {'Authorization' => 'Basic some_password'}) +response = token.get('/api/resource', params: {'query_foo' => 'bar'}) response.class.name # => OAuth2::Response ``` @@ -97,8 +97,8 @@ require 'oauth2' client = OAuth2::Client.new( 'client_id', 'client_secret', - :site => 'https://example.org/', - :logger => Logger.new('example.log', 'weekly') + site: 'https://example.org/', + logger: Logger.new('example.log', 'weekly') ) ``` @@ -141,10 +141,10 @@ authentication grant types have helper strategy classes that simplify client use. They are available via the `#auth_code`, `#implicit`, `#password`, `#client_credentials`, and `#assertion` methods respectively. ```ruby -auth_url = client.auth_code.authorize_url(https://github.com/:redirect_uri%20=%3E%20'http://localhost:8080/oauth/callback') -token = client.auth_code.get_token('code_value', :redirect_uri => 'http://localhost:8080/oauth/callback') +auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20'http://localhost:8080/oauth/callback') +token = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback') -auth_url = client.implicit.authorize_url(https://github.com/:redirect_uri%20=%3E%20'http://localhost:8080/oauth/callback') +auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20'http://localhost:8080/oauth/callback') # get the token params in the callback and token = OAuth2::AccessToken.from_kvform(client, query_string) @@ -159,7 +159,7 @@ If you want to specify additional headers to be sent out with the request, add a 'headers' hash under 'params': ```ruby -token = client.auth_code.get_token('code_value', :redirect_uri => 'http://localhost:8080/oauth/callback', :headers => {'Some' => 'Header'}) +token = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback', headers: {'Some' => 'Header'}) ``` You can always use the `#request` method on the `OAuth2::Client` instance to make @@ -181,7 +181,7 @@ For information on supported Rubies for the current 1.x release of oauth2 see th * Ruby 2.2 - Support ends with version 2.x series * Ruby 2.3 - Support ends with version 3.x series - - [JRuby 9.1][jruby-9.1] (targets MRI v2.3) + - [JRuby 9.1][jruby-9.1] (targets MRI v2.3) * Ruby 2.4 - Support ends with version 4.x series * Ruby 2.5 - Support ends with version 5.x series - [JRuby 9.2][jruby-9.2] (targets MRI v2.5) diff --git a/Rakefile b/Rakefile index 1066a1b6..0637fa12 100644 --- a/Rakefile +++ b/Rakefile @@ -1,14 +1,10 @@ # encoding: utf-8 +# frozen_string_literal: true # !/usr/bin/env rake -require 'bundler/gem_tasks' - -begin - require 'wwtd/tasks' -rescue LoadError - puts 'failed to load wwtd' -end +lib = File.expand_path('lib', __dir__) +$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) begin require 'rspec/core/rake_task' @@ -18,7 +14,7 @@ rescue LoadError warn 'rspec is disabled' end end -task :test => :spec +task test: :spec begin require 'rubocop/rake_task' @@ -33,7 +29,7 @@ end namespace :doc do require 'rdoc/task' - require File.expand_path('../lib/oauth2/version', __FILE__) + require 'oauth2/version' RDoc::Task.new do |rdoc| rdoc.rdoc_dir = 'rdoc' rdoc.title = "oauth2 #{OAuth2::Version}" @@ -42,4 +38,4 @@ namespace :doc do end end -task :default => [:test, :rubocop] +task default: %i[test rubocop] diff --git a/bin/console b/bin/console index f1158589..b3c40a59 100755 --- a/bin/console +++ b/bin/console @@ -1,4 +1,5 @@ #!/usr/bin/env ruby +# frozen_string_literal: true require 'bundler/setup' require 'oauth2' diff --git a/gemfiles/jruby_1.7.gemfile b/gemfiles/jruby_1.7.gemfile deleted file mode 100644 index 3acfed07..00000000 --- a/gemfiles/jruby_1.7.gemfile +++ /dev/null @@ -1,7 +0,0 @@ -source 'https://rubygems.org/' - -group :test do - gem 'rake', [">= 10.0", "< 12"] -end - -gemspec :path => '../' diff --git a/gemfiles/jruby_9.0.gemfile b/gemfiles/jruby_9.0.gemfile deleted file mode 100644 index 13fd08d3..00000000 --- a/gemfiles/jruby_9.0.gemfile +++ /dev/null @@ -1,7 +0,0 @@ -source 'https://rubygems.org/' - -gem 'faraday', '~> 0.15.4' - -gem 'rake', [">= 10.0", "< 12"] - -gemspec :path => '../' diff --git a/gemfiles/jruby_9.1.gemfile b/gemfiles/jruby_9.1.gemfile index a02c547f..fb2b9158 100644 --- a/gemfiles/jruby_9.1.gemfile +++ b/gemfiles/jruby_9.1.gemfile @@ -1,3 +1,5 @@ +# frozen_string_literal: true + source 'https://rubygems.org/' -gemspec :path => '../' +gemspec path: '../' diff --git a/gemfiles/jruby_9.2.gemfile b/gemfiles/jruby_9.2.gemfile index a02c547f..fb2b9158 100644 --- a/gemfiles/jruby_9.2.gemfile +++ b/gemfiles/jruby_9.2.gemfile @@ -1,3 +1,5 @@ +# frozen_string_literal: true + source 'https://rubygems.org/' -gemspec :path => '../' +gemspec path: '../' diff --git a/gemfiles/jruby_head.gemfile b/gemfiles/jruby_head.gemfile index a02c547f..fb2b9158 100644 --- a/gemfiles/jruby_head.gemfile +++ b/gemfiles/jruby_head.gemfile @@ -1,3 +1,5 @@ +# frozen_string_literal: true + source 'https://rubygems.org/' -gemspec :path => '../' +gemspec path: '../' diff --git a/gemfiles/ruby_1.9.gemfile b/gemfiles/ruby_1.9.gemfile deleted file mode 100644 index bbef7523..00000000 --- a/gemfiles/ruby_1.9.gemfile +++ /dev/null @@ -1,11 +0,0 @@ -source 'https://rubygems.org/' - -gem 'faraday', '~> 0.15.4' - -gem 'json', '< 2.0' -gem 'rack', '~> 1.2' -gem 'rake', [">= 10.0", "< 12"] -gem 'term-ansicolor', '< 1.4.0' -gem 'tins', '< 1.7' - -gemspec :path => '../' diff --git a/gemfiles/ruby_2.0.gemfile b/gemfiles/ruby_2.0.gemfile deleted file mode 100644 index 87a679f6..00000000 --- a/gemfiles/ruby_2.0.gemfile +++ /dev/null @@ -1,6 +0,0 @@ -source 'https://rubygems.org/' - -gem 'faraday', '~> 0.15.4' -gem 'rack', '~> 1.2' - -gemspec :path => '../' diff --git a/gemfiles/ruby_2.1.gemfile b/gemfiles/ruby_2.1.gemfile deleted file mode 100644 index 87a679f6..00000000 --- a/gemfiles/ruby_2.1.gemfile +++ /dev/null @@ -1,6 +0,0 @@ -source 'https://rubygems.org/' - -gem 'faraday', '~> 0.15.4' -gem 'rack', '~> 1.2' - -gemspec :path => '../' diff --git a/gemfiles/ruby_2.2.gemfile b/gemfiles/ruby_2.2.gemfile deleted file mode 100644 index a02c547f..00000000 --- a/gemfiles/ruby_2.2.gemfile +++ /dev/null @@ -1,3 +0,0 @@ -source 'https://rubygems.org/' - -gemspec :path => '../' diff --git a/gemfiles/ruby_2.3.gemfile b/gemfiles/ruby_2.3.gemfile deleted file mode 100644 index a02c547f..00000000 --- a/gemfiles/ruby_2.3.gemfile +++ /dev/null @@ -1,3 +0,0 @@ -source 'https://rubygems.org/' - -gemspec :path => '../' diff --git a/gemfiles/ruby_2.4.gemfile b/gemfiles/ruby_2.4.gemfile deleted file mode 100644 index a02c547f..00000000 --- a/gemfiles/ruby_2.4.gemfile +++ /dev/null @@ -1,3 +0,0 @@ -source 'https://rubygems.org/' - -gemspec :path => '../' diff --git a/gemfiles/ruby_2.5.gemfile b/gemfiles/ruby_2.5.gemfile deleted file mode 100644 index a02c547f..00000000 --- a/gemfiles/ruby_2.5.gemfile +++ /dev/null @@ -1,3 +0,0 @@ -source 'https://rubygems.org/' - -gemspec :path => '../' diff --git a/gemfiles/ruby_2.6.gemfile b/gemfiles/ruby_2.6.gemfile deleted file mode 100644 index a02c547f..00000000 --- a/gemfiles/ruby_2.6.gemfile +++ /dev/null @@ -1,3 +0,0 @@ -source 'https://rubygems.org/' - -gemspec :path => '../' diff --git a/gemfiles/ruby_2.7.gemfile b/gemfiles/ruby_2.7.gemfile deleted file mode 100644 index 822e2f2c..00000000 --- a/gemfiles/ruby_2.7.gemfile +++ /dev/null @@ -1,9 +0,0 @@ -source 'https://rubygems.org/' - -group :development do - gem 'pry' - gem 'byebug' - gem 'pry-byebug' -end - -gemspec :path => '../' diff --git a/gemfiles/ruby_head.gemfile b/gemfiles/ruby_head.gemfile index a02c547f..fb2b9158 100644 --- a/gemfiles/ruby_head.gemfile +++ b/gemfiles/ruby_head.gemfile @@ -1,3 +1,5 @@ +# frozen_string_literal: true + source 'https://rubygems.org/' -gemspec :path => '../' +gemspec path: '../' diff --git a/gemfiles/truffleruby.gemfile b/gemfiles/truffleruby.gemfile index a02c547f..fb2b9158 100644 --- a/gemfiles/truffleruby.gemfile +++ b/gemfiles/truffleruby.gemfile @@ -1,3 +1,5 @@ +# frozen_string_literal: true + source 'https://rubygems.org/' -gemspec :path => '../' +gemspec path: '../' diff --git a/lib/oauth2.rb b/lib/oauth2.rb index 61a97927..a772b4ae 100644 --- a/lib/oauth2.rb +++ b/lib/oauth2.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # includes modules from stdlib require 'cgi' require 'time' diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 712b0bbb..29f69299 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module OAuth2 class AccessToken attr_reader :client, :token, :expires_in, :expires_at, :expires_latency, :params @@ -38,11 +40,11 @@ def from_kvform(client, kvform) # @option opts [String] :header_format ('Bearer %s') the string format to use for the Authorization header # @option opts [String] :param_name ('access_token') the parameter name to use for transmission of the # Access Token value in :body or :query transmission mode - def initialize(client, token, opts = {}) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/CyclomaticComplexity + def initialize(client, token, opts = {}) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity @client = client @token = token.to_s opts = opts.dup - [:refresh_token, :expires_in, :expires_at, :expires_latency].each do |arg| + %i[refresh_token expires_in expires_at expires_latency].each do |arg| instance_variable_set("@#{arg}", opts.delete(arg) || opts.delete(arg.to_s)) end @expires_in ||= opts.delete('expires') @@ -51,9 +53,9 @@ def initialize(client, token, opts = {}) # rubocop:disable Metrics/AbcSize, Metr @expires_latency &&= @expires_latency.to_i @expires_at ||= Time.now.to_i + @expires_in if @expires_in @expires_at -= @expires_latency if @expires_latency - @options = {:mode => opts.delete(:mode) || :header, - :header_format => opts.delete(:header_format) || 'Bearer %s', - :param_name => opts.delete(:param_name) || 'access_token'} + @options = {mode: opts.delete(:mode) || :header, + header_format: opts.delete(:header_format) || 'Bearer %s', + param_name: opts.delete(:param_name) || 'access_token'} @params = opts end @@ -84,6 +86,7 @@ def expired? # @note options should be carried over to the new AccessToken def refresh(params = {}, access_token_opts = {}, access_token_class = self.class) raise('A refresh_token is not available') unless refresh_token + params[:grant_type] = 'refresh_token' params[:refresh_token] = refresh_token new_token = @client.get_token(params, access_token_opts, access_token_class) @@ -99,7 +102,7 @@ def refresh(params = {}, access_token_opts = {}, access_token_class = self.class # # @return [Hash] a hash of AccessToken property values def to_hash - params.merge(:access_token => token, :refresh_token => refresh_token, :expires_at => expires_at) + params.merge(access_token: token, refresh_token: refresh_token, expires_at: expires_at) end # Make a request with the Access Token @@ -155,7 +158,7 @@ def headers private - def configure_authentication!(opts) # rubocop:disable MethodLength, Metrics/AbcSize + def configure_authentication!(opts) # rubocop:disable Metrics/AbcSize case options[:mode] when :header opts[:headers] ||= {} @@ -168,7 +171,7 @@ def configure_authentication!(opts) # rubocop:disable MethodLength, Metrics/AbcS if opts[:body].is_a?(Hash) opts[:body][options[:param_name]] = token else - opts[:body] << "&#{options[:param_name]}=#{token}" + opts[:body] += "&#{options[:param_name]}=#{token}" end # @todo support for multi-part (file uploads) else @@ -177,11 +180,9 @@ def configure_authentication!(opts) # rubocop:disable MethodLength, Metrics/AbcS end def convert_expires_at(expires_at) - begin - Time.iso8601(expires_at.to_s).to_i - rescue ArgumentError - expires_at.to_i - end + Time.iso8601(expires_at.to_s).to_i + rescue ArgumentError + expires_at.to_i end end end diff --git a/lib/oauth2/authenticator.rb b/lib/oauth2/authenticator.rb index d21660db..1ac10ddc 100644 --- a/lib/oauth2/authenticator.rb +++ b/lib/oauth2/authenticator.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'base64' module OAuth2 @@ -35,7 +37,7 @@ def apply(params) end def self.encode_basic_auth(user, password) - 'Basic ' + Base64.strict_encode64(user + ':' + password) + "Basic #{Base64.strict_encode64("#{user}:#{password}")}" end private @@ -49,7 +51,7 @@ def apply_params_auth(params) # When using schemes that don't require the client_secret to be passed i.e TLS Client Auth, # we don't want to send the secret def apply_client_id(params) - { 'client_id' => id }.merge(params) + {'client_id' => id}.merge(params) end # Adds an `Authorization` header with Basic Auth credentials if and only if @@ -57,7 +59,7 @@ def apply_client_id(params) def apply_basic_auth(params) headers = params.fetch(:headers, {}) headers = basic_auth_header.merge(headers) - params.merge(:headers => headers) + params.merge(headers: headers) end # @see https://tools.ietf.org/html/rfc2617#section-2 diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index dcbafdcc..a97396c1 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -1,10 +1,12 @@ +# frozen_string_literal: true + require 'faraday' require 'logger' module OAuth2 # The OAuth2::Client class class Client # rubocop:disable Metrics/ClassLength - RESERVED_PARAM_KEYS = ['headers', 'parse'].freeze + RESERVED_PARAM_KEYS = %w[headers parse].freeze attr_reader :id, :secret, :site attr_accessor :options @@ -35,15 +37,15 @@ def initialize(client_id, client_secret, options = {}, &block) @secret = client_secret @site = opts.delete(:site) ssl = opts.delete(:ssl) - @options = {:authorize_url => 'oauth/authorize', - :token_url => 'oauth/token', - :token_method => :post, - :auth_scheme => :basic_auth, - :connection_opts => {}, - :connection_build => block, - :max_redirects => 5, - :raise_errors => true, - :logger => ::Logger.new($stdout)}.merge!(opts) + @options = {authorize_url: 'oauth/authorize', + token_url: 'oauth/token', + token_method: :post, + auth_scheme: :basic_auth, + connection_opts: {}, + connection_build: block, + max_redirects: 5, + raise_errors: true, + logger: ::Logger.new($stdout)}.merge!(opts) @options[:connection_opts][:ssl] = ssl if ssl end @@ -96,19 +98,20 @@ def token_url(https://github.com/params%20=%20nil) # code response for this request. Will default to client option # @option opts [Symbol] :parse @see Response::initialize # @yield [req] The Faraday request - def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, MethodLength, Metrics/AbcSize + def request(verb, url, opts = {}) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/AbcSize url = connection.build_https://github.com/url(url).to_s response = connection.run_request(verb, url, opts[:body], opts[:headers]) do |req| req.params.update(opts[:params]) if opts[:params] yield(req) if block_given? end - response = Response.new(response, :parse => opts[:parse]) + response = Response.new(response, parse: opts[:parse]) case response.status when 301, 302, 303, 307 opts[:redirect_count] ||= 0 opts[:redirect_count] += 1 return response if opts[:redirect_count] > options[:max_redirects] + if response.status == 303 verb = :get opts.delete(:body) @@ -120,6 +123,7 @@ def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, Method when 400..599 error = Error.new(response) raise(error) if opts.fetch(:raise_errors, options[:raise_errors]) + response else error = Error.new(response) @@ -147,7 +151,7 @@ def get_token(params, access_token_opts = {}, access_token_class = AccessToken) end.to_h params = authenticator.apply(params) - opts = {:raise_errors => options[:raise_errors], :parse => params.delete(:parse)} + opts = {raise_errors: options[:raise_errors], parse: params.delete(:parse)} headers = params.delete(:headers) || {} if options[:token_method] == :post opts[:body] = params @@ -248,7 +252,7 @@ def build_access_token(response, access_token_opts, access_token_class) end def oauth_debug_logging(builder) - builder.response :logger, options[:logger], :bodies => true if ENV['OAUTH_DEBUG'] == 'true' + builder.response :logger, options[:logger], bodies: true if ENV['OAUTH_DEBUG'] == 'true' end end end diff --git a/lib/oauth2/error.rb b/lib/oauth2/error.rb index 335084c4..0d2c8407 100644 --- a/lib/oauth2/error.rb +++ b/lib/oauth2/error.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module OAuth2 class Error < StandardError attr_reader :response, :code, :description @@ -26,7 +28,7 @@ def error_message(response_body, opts = {}) error_string = if response_body.respond_to?(:encode) && opts[:error_description].respond_to?(:encoding) script_encoding = opts[:error_description].encoding - response_body.encode(script_encoding, :invalid => :replace, :undef => :replace) + response_body.encode(script_encoding, invalid: :replace, undef: :replace) else response_body end @@ -40,10 +42,10 @@ def parse_error_description(code, description) return {} unless code || description error_description = '' - error_description << "#{code}: " if code - error_description << description if description + error_description += "#{code}: " if code + error_description += description if description - {:error_description => error_description} + {error_description: error_description} end end end diff --git a/lib/oauth2/mac_token.rb b/lib/oauth2/mac_token.rb index 583c9d44..9a9ac7ff 100644 --- a/lib/oauth2/mac_token.rb +++ b/lib/oauth2/mac_token.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'base64' require 'digest' require 'openssl' @@ -12,7 +14,7 @@ class MACToken < AccessToken # @param [Hash] options the options to create the Access Token with # @see MACToken#initialize def self.from_access_token(token, secret, options = {}) - new(token.client, token.token, secret, token.params.merge(:refresh_token => token.refresh_token, :expires_in => token.expires_in, :expires_at => token.expires_at).merge(options)) + new(token.client, token.token, secret, token.params.merge(refresh_token: token.refresh_token, expires_in: token.expires_in, expires_at: token.expires_at).merge(options)) end attr_reader :secret, :algorithm @@ -29,7 +31,7 @@ def self.from_access_token(token, secret, options = {}) # @option opts [FixNum, String] :algorithm (hmac-sha-256) the algorithm to use for the HMAC digest (one of 'hmac-sha-256', 'hmac-sha-1') def initialize(client, token, secret, opts = {}) @secret = secret - @seq_nr = SecureRandom.random_number(2 ** 64) + @seq_nr = SecureRandom.random_number(2**64) @kid = opts.delete(:kid) || Base64.strict_encode64(Digest::SHA1.digest(token)) self.algorithm = opts.delete(:algorithm) || 'hmac-sha-256' @@ -63,7 +65,7 @@ def headers # @param [String] url the HTTP URL path of the request def header(verb, url) timestamp = (Time.now.to_f * 1000).floor - @seq_nr = (@seq_nr + 1) % (2 ** 64) + @seq_nr = (@seq_nr + 1) % (2**64) uri = URI(url) @@ -84,7 +86,7 @@ def signature(timestamp, verb, uri) "#{verb.to_s.upcase} #{uri.request_uri} HTTP/1.1", timestamp, @seq_nr, - '' + '', ].join("\n") Base64.strict_encode64(OpenSSL::HMAC.digest(@algorithm, secret, signature)) @@ -97,9 +99,17 @@ def algorithm=(alg) @algorithm = begin case alg.to_s when 'hmac-sha-1' - OpenSSL::Digest::SHA1.new + begin + OpenSSL::Digest('SHA1').new + rescue StandardError + OpenSSL::Digest.new('SHA1') + end when 'hmac-sha-256' - OpenSSL::Digest::SHA256.new + begin + OpenSSL::Digest('SHA256').new + rescue StandardError + OpenSSL::Digest.new('SHA256') + end else raise(ArgumentError, 'Unsupported algorithm') end diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index dd2ae93f..17c23f62 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'multi_json' require 'multi_xml' require 'rack' @@ -11,8 +13,8 @@ class Response # Procs that, when called, will parse a response body according # to the specified format. @@parsers = { - :query => lambda { |body| Rack::Utils.parse_query(body) }, - :text => lambda { |body| body }, + query: ->(body) { Rack::Utils.parse_query(body) }, + text: ->(body) { body }, } # Content type assignments for various potential HTTP content types. @@ -42,7 +44,7 @@ def self.register_parser(key, mime_types, &block) # :json, or :automatic (determined by Content-Type response header) def initialize(response, opts = {}) @response = response - @options = {:parse => :automatic}.merge(opts) + @options = {parse: :automatic}.merge(opts) end # The HTTP response headers @@ -87,6 +89,7 @@ def parsed # Attempts to determine the content type of the response. def content_type return nil unless response.headers + ((response.headers.values_at('content-type', 'Content-Type').compact.first || '').split(';').first || '').strip.downcase end @@ -122,9 +125,9 @@ def parser end OAuth2::Response.register_parser(:xml, ['text/xml', 'application/rss+xml', 'application/rdf+xml', 'application/atom+xml', 'application/xml']) do |body| - MultiXml.parse(body) rescue body # rubocop:disable RescueModifier + MultiXml.parse(body) rescue body # rubocop:disable Style/RescueModifier end OAuth2::Response.register_parser(:json, ['application/json', 'text/javascript', 'application/hal+json', 'application/vnd.collection+json', 'application/vnd.api+json']) do |body| - MultiJson.load(body) rescue body # rubocop:disable RescueModifier + MultiJson.load(body) rescue body # rubocop:disable Style/RescueModifier end diff --git a/lib/oauth2/snaky_hash.rb b/lib/oauth2/snaky_hash.rb index 568160d4..dd830b46 100644 --- a/lib/oauth2/snaky_hash.rb +++ b/lib/oauth2/snaky_hash.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module OAuth2 # Hash which allow assign string key in camel case # and query on both camel and snake case @@ -16,25 +18,25 @@ def [](key) def fetch(key, *extras) super(key) { nil } || super(camelize(key)) { nil } || super(camelize_upcase_first_letter(key), *extras) rescue KeyError - raise KeyError.new("key not found: \"#{key}\"") + raise KeyError, "key not found: \"#{key}\"" end def key?(key) super(key) || super(camelize(key)) || super(camelize_upcase_first_letter(key)) end - private + private def camelize_upcase_first_letter(string) - string.sub(/^[a-z\d]*/) { |match| match.capitalize } - .gsub(/(?:_|(\/))([a-z\d]*)/) { "#{$1}#{$2.capitalize}" } - .gsub("/", "::") + string.sub(/^[a-z\d]*/, &:capitalize). + gsub(%r{(?:_|(/))([a-z\d]*)}) { "#{Regexp.last_match(1)}#{Regexp.last_match(2).capitalize}" }. + gsub('/', '::') end def camelize(string) - string.sub(/^(?:(?=\b|[A-Z_])|\w)/) { |match| match.downcase } - .gsub(/(?:_|(\/))([a-z\d]*)/) { "#{$1}#{$2.capitalize}" } - .gsub("/", "::") + string.sub(/^(?:(?=\b|[A-Z_])|\w)/, &:downcase). + gsub(%r{(?:_|(/))([a-z\d]*)}) { "#{Regexp.last_match(1)}#{Regexp.last_match(2).capitalize}" }. + gsub('/', '::') end end end diff --git a/lib/oauth2/strategy/assertion.rb b/lib/oauth2/strategy/assertion.rb index 9dfbc4df..e915d126 100644 --- a/lib/oauth2/strategy/assertion.rb +++ b/lib/oauth2/strategy/assertion.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'jwt' module OAuth2 @@ -85,15 +87,13 @@ def get_token(claims, encoding_opts, request_opts = {}, response_opts = {}) def build_request(assertion, request_opts = {}) { - :grant_type => 'urn:ietf:params:oauth:grant-type:jwt-bearer', - :assertion => assertion, + grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer', + assertion: assertion, }.merge(request_opts) end def build_assertion(claims, encoding_opts) - if !encoding_opts.is_a?(Hash) || ([:algorithm, :key] - encoding_opts.keys).any? - raise ArgumentError.new(:message => 'Please provide an encoding_opts hash with :algorithm and :key') - end + raise ArgumentError.new(message: 'Please provide an encoding_opts hash with :algorithm and :key') if !encoding_opts.is_a?(Hash) || (%i[algorithm key] - encoding_opts.keys).any? JWT.encode(claims, encoding_opts[:key], encoding_opts[:algorithm]) end diff --git a/lib/oauth2/strategy/auth_code.rb b/lib/oauth2/strategy/auth_code.rb index 3d1b8e5c..9f2479c6 100644 --- a/lib/oauth2/strategy/auth_code.rb +++ b/lib/oauth2/strategy/auth_code.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module OAuth2 module Strategy # The Authorization Code Strategy @@ -27,11 +29,12 @@ def authorize_url(https://github.com/params%20=%20%7B%7D) # @note that you must also provide a :redirect_uri with most OAuth 2.0 providers def get_token(code, params = {}, opts = {}) params = {'grant_type' => 'authorization_code', 'code' => code}.merge(@client.redirection_params).merge(params) - params.keys.each do |key| - params[key.to_s] = params.delete(key) if key.is_a?(Symbol) + params_dup = params.dup + params.each_key do |key| + params_dup[key.to_s] = params_dup.delete(key) if key.is_a?(Symbol) end - @client.get_token(params, opts) + @client.get_token(params_dup, opts) end private diff --git a/lib/oauth2/strategy/base.rb b/lib/oauth2/strategy/base.rb index 9d16bb4a..801a723e 100644 --- a/lib/oauth2/strategy/base.rb +++ b/lib/oauth2/strategy/base.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module OAuth2 module Strategy class Base diff --git a/lib/oauth2/strategy/client_credentials.rb b/lib/oauth2/strategy/client_credentials.rb index 35ac5fd8..dba8a3d0 100644 --- a/lib/oauth2/strategy/client_credentials.rb +++ b/lib/oauth2/strategy/client_credentials.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module OAuth2 module Strategy # The Client Credentials Strategy diff --git a/lib/oauth2/strategy/implicit.rb b/lib/oauth2/strategy/implicit.rb index 41ecb8da..93af6cdb 100644 --- a/lib/oauth2/strategy/implicit.rb +++ b/lib/oauth2/strategy/implicit.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module OAuth2 module Strategy # The Implicit Strategy diff --git a/lib/oauth2/strategy/password.rb b/lib/oauth2/strategy/password.rb index 49bfc6e3..887c76c7 100644 --- a/lib/oauth2/strategy/password.rb +++ b/lib/oauth2/strategy/password.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module OAuth2 module Strategy # The Resource Owner Password Credentials Authorization Strategy @@ -18,8 +20,8 @@ def authorize_url # @param [Hash] params additional params def get_token(username, password, params = {}, opts = {}) params = {'grant_type' => 'password', - 'username' => username, - 'password' => password}.merge(params) + 'username' => username, + 'password' => password}.merge(params) @client.get_token(params, opts) end end diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index 9b02e785..05f128a0 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module OAuth2 module Version module_function @@ -35,10 +37,10 @@ def pre # @return [Hash] def to_h { - :major => major, - :minor => minor, - :patch => patch, - :pre => pre, + major: major, + minor: minor, + patch: patch, + pre: pre, } end diff --git a/oauth2.gemspec b/oauth2.gemspec index 093ae436..faaa535b 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -1,6 +1,7 @@ -# coding: utf-8 +# encoding: utf-8 +# frozen_string_literal: true -lib = File.expand_path('../lib', __FILE__) +lib = File.expand_path('lib', __dir__) $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) require 'oauth2/version' @@ -23,11 +24,11 @@ Gem::Specification.new do |spec| spec.version = OAuth2::Version spec.metadata = { - 'bug_tracker_uri' => 'https://github.com/oauth-xx/oauth2/issues', - 'changelog_uri' => "https://github.com/oauth-xx/oauth2/blob/v#{spec.version}/CHANGELOG.md", + 'bug_tracker_uri' => 'https://github.com/oauth-xx/oauth2/issues', + 'changelog_uri' => "https://github.com/oauth-xx/oauth2/blob/v#{spec.version}/CHANGELOG.md", 'documentation_uri' => "https://www.rubydoc.info/gems/oauth2/#{spec.version}", - 'source_code_uri' => "https://github.com/oauth-xx/oauth2/tree/v#{spec.version}", - 'wiki_uri' => 'https://github.com/oauth-xx/oauth2/wiki' + 'source_code_uri' => "https://github.com/oauth-xx/oauth2/tree/v#{spec.version}", + 'wiki_uri' => 'https://github.com/oauth-xx/oauth2/wiki', } spec.require_paths = %w[lib] @@ -40,13 +41,12 @@ Gem::Specification.new do |spec| spec.add_development_dependency 'addressable', '~> 2.3' spec.add_development_dependency 'backports', '~> 3.11' spec.add_development_dependency 'bundler', '>= 1.16' - spec.add_development_dependency 'coveralls', '~> 0.8' spec.add_development_dependency 'rake', '>= 11' spec.add_development_dependency 'rdoc', ['>= 5.0', '< 7'] spec.add_development_dependency 'rspec', '~> 3.0' - spec.add_development_dependency 'rspec-stubbed_env' - spec.add_development_dependency 'rspec-pending_for' spec.add_development_dependency 'rspec-block_is_expected' + spec.add_development_dependency 'rspec-pending_for' + spec.add_development_dependency 'rspec-stubbed_env' spec.add_development_dependency 'silent_stream' spec.add_development_dependency 'wwtd' end diff --git a/spec/examples/google_spec.rb b/spec/examples/google_spec.rb index b3f1224d..e550f95d 100644 --- a/spec/examples/google_spec.rb +++ b/spec/examples/google_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'jwt' RSpec.describe 'using OAuth2 with Google' do @@ -9,10 +11,10 @@ OAuth2::Client.new( '', '', - :site => 'https://accounts.google.com/', - :authorize_url => '/o/oauth2/auth', - :token_url => '/o/oauth2/token', - :auth_scheme => :request_body + site: 'https://accounts.google.com/', + authorize_url: '/o/oauth2/auth', + token_url: '/o/oauth2/token', + auth_scheme: :request_body ) end @@ -41,7 +43,7 @@ let(:optional_claims) do { - 'sub' => 'some.user@example.com' + 'sub' => 'some.user@example.com', # The email address of the user for which the application is requesting delegated access. } end @@ -49,6 +51,7 @@ let(:algorithm) { 'RS256' } # Per Google: "Service accounts rely on the RSA SHA-256 algorithm" + # rubocop:disable Style/RedundantBegin let(:key) do begin OpenSSL::PKCS12.new(File.read('spec/fixtures/google_service_account_key.p12'), 'notasecret').key @@ -60,12 +63,13 @@ OpenSSL::PKey::RSA.new(1024) end end + # rubocop:enable Style/RedundantBegin # Per Google: # "Take note of the service account's email address and store the service account's P12 private key file in a # location accessible to your application. Your application needs them to make authorized API calls." - let(:encoding_options) { {:key => key, :algorithm => algorithm} } + let(:encoding_options) { {key: key, algorithm: algorithm} } before do client.connection.build do |builder| @@ -101,7 +105,7 @@ expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') expect(@request_body[:assertion]).to be_a(String) - payload, header = JWT.decode(@request_body[:assertion], key, true, :algorithm => algorithm) + payload, header = JWT.decode(@request_body[:assertion], key, true, algorithm: algorithm) expect(header['alg']).to eq('RS256') expect(payload.keys).to match_array(%w[iss scope aud exp iat]) @@ -125,7 +129,7 @@ expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') expect(@request_body[:assertion]).to be_a(String) - payload, header = JWT.decode(@request_body[:assertion], key, true, :algorithm => algorithm) + payload, header = JWT.decode(@request_body[:assertion], key, true, algorithm: algorithm) expect(header['alg']).to eq('RS256') expect(payload.keys).to match_array(%w[iss scope aud exp iat sub]) diff --git a/spec/helper.rb b/spec/helper.rb index 0d9cb10d..396aa75d 100644 --- a/spec/helper.rb +++ b/spec/helper.rb @@ -1,18 +1,27 @@ +# frozen_string_literal: true + require 'oauth2' -require 'simplecov' -require 'coveralls' require 'rspec' require 'rspec/stubbed_env' require 'silent_stream' -SimpleCov.formatters = SimpleCov::Formatter::MultiFormatter.new([ - SimpleCov::Formatter::HTMLFormatter, - Coveralls::SimpleCov::Formatter -]) +ruby_version = Gem::Version.new(RUBY_VERSION) + +# No need to get coverage for older versions of Ruby +coverable_version = Gem::Version.new('2.7') + +if ruby_version >= coverable_version + require 'simplecov' + require 'coveralls' + SimpleCov.formatters = SimpleCov::Formatter::MultiFormatter.new([ + SimpleCov::Formatter::HTMLFormatter, + Coveralls::SimpleCov::Formatter, + ]) -SimpleCov.start do - add_filter '/spec' - minimum_coverage(95) + SimpleCov.start do + add_filter '/spec' + minimum_coverage(95) + end end require 'addressable/uri' @@ -20,9 +29,7 @@ Faraday.default_adapter = :test DEBUG = ENV['DEBUG'] == 'true' -if DEBUG && RUBY_VERSION >= '2.6' - require 'byebug' -end +require 'byebug' if DEBUG && RUBY_VERSION >= '2.6' # This is dangerous - HERE BE DRAGONS. # It allows us to refer to classes without the namespace, but at what cost?!? @@ -36,4 +43,4 @@ config.include SilentStream end -VERBS = [:get, :post, :put, :delete].freeze +VERBS = %i[get post put delete].freeze diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 4c61ea9c..f563373e 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -1,10 +1,12 @@ +# frozen_string_literal: true + RSpec.describe AccessToken do subject { described_class.new(client, token) } let(:token) { 'monkey' } - let(:refresh_body) { MultiJson.encode(:access_token => 'refreshed_foo', :expires_in => 600, :refresh_token => 'refresh_bar') } + let(:refresh_body) { MultiJson.encode(access_token: 'refreshed_foo', expires_in: 600, refresh_token: 'refresh_bar') } let(:client) do - Client.new('abc', 'def', :site => 'https://api.example.com/') do |builder| + Client.new('abc', 'def', site: 'https://api.example.com/') do |builder| builder.request :url_encoded builder.adapter :test do |stub| VERBS.each do |verb| @@ -44,7 +46,7 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize end it 'from_hash does not modify opts hash' do - hash = {:access_token => token, :expires_at => Time.now.to_i} + hash = {access_token: token, expires_at: Time.now.to_i} hash_before = hash.dup described_class.from_hash(client, hash) expect(hash).to eq(hash_before) @@ -57,31 +59,31 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize end it 'sets options' do - target = described_class.new(client, token, :param_name => 'foo', :header_format => 'Bearer %', :mode => :body) + target = described_class.new(client, token, param_name: 'foo', header_format: 'Bearer %', mode: :body) expect(target.options[:param_name]).to eq('foo') expect(target.options[:header_format]).to eq('Bearer %') expect(target.options[:mode]).to eq(:body) end it 'does not modify opts hash' do - opts = {:param_name => 'foo', :header_format => 'Bearer %', :mode => :body} + opts = {param_name: 'foo', header_format: 'Bearer %', mode: :body} opts_before = opts.dup described_class.new(client, token, opts) expect(opts).to eq(opts_before) end describe 'expires_at' do - let(:expires_at) { 1361396829 } + let(:expires_at) { 1_361_396_829 } let(:hash) do { :access_token => token, :expires_at => expires_at.to_s, - 'foo' => 'bar' + 'foo' => 'bar', } end it 'initializes with an integer timestamp expires_at' do - target = described_class.from_hash(client, hash.merge(:expires_at => expires_at)) + target = described_class.from_hash(client, hash.merge(expires_at: expires_at)) assert_initialized_token(target) expect(target.expires_at).to eql(expires_at) end @@ -93,7 +95,7 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize end it 'initializes with a string time expires_at' do - target = described_class.from_hash(client, hash.merge(:expires_at => Time.at(expires_at).iso8601)) + target = described_class.from_hash(client, hash.merge(expires_at: Time.at(expires_at).iso8601)) assert_initialized_token(target) expect(target.expires_at).to eql(expires_at) end @@ -105,14 +107,14 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize let(:expires_latency) { 10 } let(:hash) do { - :access_token => token, - :expires_latency => expires_latency, - :expires_in => expires_in, + access_token: token, + expires_latency: expires_latency, + expires_in: expires_in, } end it 'sets it via options' do - target = described_class.from_hash(client, hash.merge(:expires_latency => expires_latency.to_s)) + target = described_class.from_hash(client, hash.merge(expires_latency: expires_latency.to_s)) expect(target.expires_latency).to eq expires_latency end @@ -129,7 +131,7 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize end it 'reduces expires_at by the given amount if expires_at is provided as option' do - target = described_class.from_hash(client, hash.merge(:expires_at => expires_at)) + target = described_class.from_hash(client, hash.merge(expires_at: expires_at)) expect(target.expires_at).to eq(expires_at - expires_latency) end end @@ -180,7 +182,7 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize context 'params include [number]' do VERBS.each do |verb| it "sends #{verb.to_s.upcase} correct query" do - expect(subject.__send__(verb, '/token/query_string', :params => {'foo[bar][1]' => 'val'}).body).to include('foo[bar][1]=val') + expect(subject.__send__(verb, '/token/query_string', params: {'foo[bar][1]' => 'val'}).body).to include('foo[bar][1]=val') end end end @@ -192,11 +194,11 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize end it 'is true if there is an expires_in' do - expect(described_class.new(client, token, :refresh_token => 'abaca', :expires_in => 600)).to be_expires + expect(described_class.new(client, token, refresh_token: 'abaca', expires_in: 600)).to be_expires end it 'is true if there is an expires_at' do - expect(described_class.new(client, token, :refresh_token => 'abaca', :expires_in => Time.now.getutc.to_i + 600)).to be_expires + expect(described_class.new(client, token, refresh_token: 'abaca', expires_in: Time.now.getutc.to_i + 600)).to be_expires end end @@ -206,11 +208,11 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize end it 'is false if expires_in is in the future' do - expect(described_class.new(client, token, :refresh_token => 'abaca', :expires_in => 10_800)).not_to be_expired + expect(described_class.new(client, token, refresh_token: 'abaca', expires_in: 10_800)).not_to be_expired end it 'is true if expires_at is in the past' do - access = described_class.new(client, token, :refresh_token => 'abaca', :expires_in => 600) + access = described_class.new(client, token, refresh_token: 'abaca', expires_in: 600) @now = Time.now + 10_800 allow(Time).to receive(:now).and_return(@now) expect(access).to be_expired @@ -218,7 +220,7 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize it 'is true if expires_at is now' do @now = Time.now - access = described_class.new(client, token, :refresh_token => 'abaca', :expires_at => @now.to_i) + access = described_class.new(client, token, refresh_token: 'abaca', expires_at: @now.to_i) allow(Time).to receive(:now).and_return(@now) expect(access).to be_expired end @@ -226,13 +228,13 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize describe '#refresh' do let(:access) do - described_class.new(client, token, :refresh_token => 'abaca', - :expires_in => 600, - :param_name => 'o_param') + described_class.new(client, token, refresh_token: 'abaca', + expires_in: 600, + param_name: 'o_param') end let(:new_access) do NewAccessToken = Class.new(described_class) - NewAccessToken.new(client, token, :refresh_token => 'abaca') + NewAccessToken.new(client, token, refresh_token: 'abaca') end it 'returns a refresh token with appropriate values carried over' do @@ -247,7 +249,7 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize end context 'with a nil refresh_token in the response' do - let(:refresh_body) { MultiJson.encode(:access_token => 'refreshed_foo', :expires_in => 600, :refresh_token => nil) } + let(:refresh_body) { MultiJson.encode(access_token: 'refreshed_foo', expires_in: 600, refresh_token: nil) } it 'copies the refresh_token from the original token' do refreshed = access.refresh diff --git a/spec/oauth2/authenticator_spec.rb b/spec/oauth2/authenticator_spec.rb index 57defdcf..fcaa5a5f 100644 --- a/spec/oauth2/authenticator_spec.rb +++ b/spec/oauth2/authenticator_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + RSpec.describe OAuth2::Authenticator do subject do described_class.new(client_id, client_secret, mode) @@ -58,17 +60,17 @@ context 'with Basic authentication' do let(:mode) { :basic_auth } - let(:header) { 'Basic ' + Base64.strict_encode64("#{client_id}:#{client_secret}") } + let(:header) { "Basic #{Base64.strict_encode64("#{client_id}:#{client_secret}")}" } it 'encodes credentials in headers' do output = subject.apply({}) - expect(output).to eq(:headers => {'Authorization' => header}) + expect(output).to eq(headers: {'Authorization' => header}) end it 'does not overwrite existing credentials' do - input = {:headers => {'Authorization' => 'Bearer abc123'}} + input = {headers: {'Authorization' => 'Bearer abc123'}} output = subject.apply(input) - expect(output).to eq(:headers => {'Authorization' => 'Bearer abc123'}) + expect(output).to eq(headers: {'Authorization' => 'Bearer abc123'}) end it 'does not overwrite existing params or headers' do diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 74a4d2f2..66ed3783 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -1,22 +1,23 @@ # coding: utf-8 +# frozen_string_literal: true require 'nkf' RSpec.describe OAuth2::Client do subject do - described_class.new('abc', 'def', {:site => 'https://api.example.com/'}.merge(options)) do |builder| + described_class.new('abc', 'def', {site: 'https://api.example.com/'}.merge(options)) do |builder| builder.adapter :test do |stub| stub.get('/success') { |env| [200, {'Content-Type' => 'text/awesome'}, 'yay'] } stub.get('/reflect') { |env| [200, {}, env[:body]] } stub.post('/reflect') { |env| [200, {}, env[:body]] } - stub.get('/unauthorized') { |env| [401, {'Content-Type' => 'application/json'}, MultiJson.encode(:error => error_value, :error_description => error_description_value)] } + stub.get('/unauthorized') { |env| [401, {'Content-Type' => 'application/json'}, MultiJson.encode(error: error_value, error_description: error_description_value)] } stub.get('/conflict') { |env| [409, {'Content-Type' => 'text/plain'}, 'not authorized'] } stub.get('/redirect') { |env| [302, {'Content-Type' => 'text/plain', 'location' => '/success'}, ''] } stub.post('/redirect') { |env| [303, {'Content-Type' => 'text/plain', 'location' => '/reflect'}, ''] } stub.get('/error') { |env| [500, {'Content-Type' => 'text/plain'}, 'unknown error'] } stub.get('/empty_get') { |env| [204, {}, nil] } - stub.get('/different_encoding') { |env| [500, {'Content-Type' => 'application/json'}, NKF.nkf('-We', MultiJson.encode(:error => error_value, :error_description => '∞'))] } - stub.get('/ascii_8bit_encoding') { |env| [500, {'Content-Type' => 'application/json'}, MultiJson.encode(:error => 'invalid_request', :error_description => 'é').force_encoding('ASCII-8BIT')] } + stub.get('/different_encoding') { |env| [500, {'Content-Type' => 'application/json'}, NKF.nkf('-We', MultiJson.encode(error: error_value, error_description: '∞'))] } + stub.get('/ascii_8bit_encoding') { |env| [500, {'Content-Type' => 'application/json'}, MultiJson.encode(error: 'invalid_request', error_description: 'é').force_encoding('ASCII-8BIT')] } end end end @@ -61,33 +62,33 @@ end it 'allows true/false for raise_errors option' do - client = described_class.new('abc', 'def', :site => 'https://api.example.com/', :raise_errors => false) + client = described_class.new('abc', 'def', site: 'https://api.example.com/', raise_errors: false) expect(client.options[:raise_errors]).to be false - client = described_class.new('abc', 'def', :site => 'https://api.example.com/', :raise_errors => true) + client = described_class.new('abc', 'def', site: 'https://api.example.com/', raise_errors: true) expect(client.options[:raise_errors]).to be true end it 'allows override of raise_errors option' do - client = described_class.new('abc', 'def', :site => 'https://api.example.com/', :raise_errors => true) do |builder| + client = described_class.new('abc', 'def', site: 'https://api.example.com/', raise_errors: true) do |builder| builder.adapter :test do |stub| stub.get('/notfound') { |env| [404, {}, nil] } end end expect(client.options[:raise_errors]).to be true expect { client.request(:get, '/notfound') }.to raise_error(OAuth2::Error) - response = client.request(:get, '/notfound', :raise_errors => false) + response = client.request(:get, '/notfound', raise_errors: false) expect(response.status).to eq(404) end it 'allows get/post for access_token_method option' do - client = described_class.new('abc', 'def', :site => 'https://api.example.com/', :access_token_method => :get) + client = described_class.new('abc', 'def', site: 'https://api.example.com/', access_token_method: :get) expect(client.options[:access_token_method]).to eq(:get) - client = described_class.new('abc', 'def', :site => 'https://api.example.com/', :access_token_method => :post) + client = described_class.new('abc', 'def', site: 'https://api.example.com/', access_token_method: :post) expect(client.options[:access_token_method]).to eq(:post) end it 'does not mutate the opts hash argument' do - opts = {:site => 'http://example.com/'} + opts = {site: 'http://example.com/'} opts2 = opts.dup described_class.new 'abc', 'def', opts expect(opts).to eq(opts2) @@ -112,7 +113,7 @@ context 'when a URL with path is used in the site' do let(:options) do - {:site => 'https://example.com/blog'} + {site: 'https://example.com/blog'} end it 'generates an authorization URL relative to the site' do @@ -138,7 +139,7 @@ end it 'does not add the redirect_uri param to the auth_code token exchange request' do - client = described_class.new('abc', 'def', :site => 'https://api.example.com/', :auth_scheme => :request_body) do |builder| + client = described_class.new('abc', 'def', site: 'https://api.example.com/', auth_scheme: :request_body) do |builder| builder.adapter :test do |stub| stub.post('/oauth/token', auth_code_params) do [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] @@ -157,7 +158,7 @@ end it 'adds the redirect_uri param to the auth_code token exchange request' do - client = described_class.new('abc', 'def', :redirect_uri => 'https://site.com/oauth/callback', :site => 'https://api.example.com/', :auth_scheme => :request_body) do |builder| + client = described_class.new('abc', 'def', redirect_uri: 'https://site.com/oauth/callback', site: 'https://api.example.com/', auth_scheme: :request_body) do |builder| builder.adapter :test do |stub| stub.post('/oauth/token', auth_code_params.merge('redirect_uri' => 'https://site.com/oauth/callback')) do [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] @@ -171,7 +172,7 @@ describe 'custom headers' do context 'string key headers' do it 'adds the custom headers to request' do - client = described_class.new('abc', 'def', :site => 'https://api.example.com/', :auth_scheme => :request_body) do |builder| + client = described_class.new('abc', 'def', site: 'https://api.example.com/', auth_scheme: :request_body) do |builder| builder.adapter :test do |stub| stub.post('/oauth/token') do |env| expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'}) @@ -179,14 +180,14 @@ end end end - header_params = {'headers' => { 'CustomHeader' => 'CustomHeader' }} + header_params = {'headers' => {'CustomHeader' => 'CustomHeader'}} client.auth_code.get_token('code', header_params) end end context 'symbol key headers' do it 'adds the custom headers to request' do - client = described_class.new('abc', 'def', :site => 'https://api.example.com/', :auth_scheme => :request_body) do |builder| + client = described_class.new('abc', 'def', site: 'https://api.example.com/', auth_scheme: :request_body) do |builder| builder.adapter :test do |stub| stub.post('/oauth/token') do |env| expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'}) @@ -194,14 +195,14 @@ end end end - header_params = {headers: { 'CustomHeader' => 'CustomHeader' }} + header_params = {headers: {'CustomHeader' => 'CustomHeader'}} client.auth_code.get_token('code', header_params) end end context 'string key custom headers with basic auth' do it 'adds the custom headers to request' do - client = described_class.new('abc', 'def', :site => 'https://api.example.com/') do |builder| + client = described_class.new('abc', 'def', site: 'https://api.example.com/') do |builder| builder.adapter :test do |stub| stub.post('/oauth/token') do |env| expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'}) @@ -209,14 +210,14 @@ end end end - header_params = {'headers' => { 'CustomHeader' => 'CustomHeader' }} + header_params = {'headers' => {'CustomHeader' => 'CustomHeader'}} client.auth_code.get_token('code', header_params) end end context 'symbol key custom headers with basic auth' do it 'adds the custom headers to request' do - client = described_class.new('abc', 'def', :site => 'https://api.example.com/') do |builder| + client = described_class.new('abc', 'def', site: 'https://api.example.com/') do |builder| builder.adapter :test do |stub| stub.post('/oauth/token') do |env| expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'}) @@ -224,7 +225,7 @@ end end end - header_params = {headers: { 'CustomHeader' => 'CustomHeader' }} + header_params = {headers: {'CustomHeader' => 'CustomHeader'}} client.auth_code.get_token('code', header_params) end end @@ -237,6 +238,7 @@ before do stub_env('OAUTH_DEBUG' => debug_value) end + context 'when OAUTH_DEBUG=true' do let(:debug_value) { 'true' } @@ -251,10 +253,11 @@ subject.request(:get, '/success') end.not_to raise_error end + it 'prints both request and response bodies to STDOUT' do printed = capture(:stdout) do subject.request(:get, '/success') - subject.request(:get, '/reflect', :body => 'this is magical') + subject.request(:get, '/reflect', body: 'this is magical') end expect(printed).to match 'request: GET https://api.example.com/success' expect(printed).to match 'response: Content-Type:' @@ -263,6 +266,7 @@ expect(printed).to match 'response: this is magical' end end + context 'when OAUTH_DEBUG=false' do let(:debug_value) { 'false' } @@ -277,10 +281,11 @@ subject.request(:get, '/success') end.not_to raise_error end + it 'prints nothing to STDOUT' do printed = capture(:stdout) do subject.request(:get, '/success') - subject.request(:get, '/reflect', :body => 'this is magical') + subject.request(:get, '/reflect', body: 'this is magical') end expect(printed).to eq '' end @@ -300,58 +305,48 @@ expect(response.headers).to eq('Content-Type' => 'text/awesome') end - context 'when OAUTH_DEBUG=true and logger is set to log to /dev/null' do - around do |example| - begin - original = ENV['OAUTH_DEBUG'] - ENV['OAUTH_DEBUG'] = 'true' - - original_logger = subject.options[:logger] - subject.options[:logger] = Logger.new('/dev/null') - - example.call - ensure - subject.options[:logger] = original_logger - - if original.nil? - ENV.delete('OAUTH_DEBUG') - else - ENV['OAUTH_DEBUG'] = original - end - end - end - - it 'will not log anything to standard out if logger is overridden to use /dev/null' do - output = capture(:stdout) do - subject.request(:get, '/success') - end - - expect(output).to be_empty - end - end - context 'with ENV' do include_context 'with stubbed env' context 'when OAUTH_DEBUG=true' do before do stub_env('OAUTH_DEBUG' => 'true') end + it 'outputs to $stdout when OAUTH_DEBUG=true' do output = capture(:stdout) do subject.request(:get, '/success') end logs = [ - 'request: GET https://api.example.com/success', - 'response: Status 200', - 'response: Content-Type: "text/awesome"' + 'request: GET https://api.example.com/success', + 'response: Status 200', + 'response: Content-Type: "text/awesome"', ] expect(output).to include(*logs) end + + context 'logger is set to log to /dev/null' do + around do |example| + original_logger = subject.options[:logger] + subject.options[:logger] = Logger.new('/dev/null') + + example.call + + subject.options[:logger] = original_logger + end + + it 'will not log anything to standard out if logger is overridden to use /dev/null' do + output = capture(:stdout) do + subject.request(:get, '/success') + end + + expect(output).to be_empty + end + end end end it 'posts a body' do - response = subject.request(:post, '/reflect', :body => 'foo=bar') + response = subject.request(:post, '/reflect', body: 'foo=bar') expect(response.body).to eq('foo=bar') end @@ -363,7 +358,7 @@ end it 'redirects using GET on a 303' do - response = subject.request(:post, '/redirect', :body => 'foo=bar') + response = subject.request(:post, '/redirect', body: 'foo=bar') expect(response.body).to be_empty expect(response.status).to eq(200) end @@ -398,22 +393,18 @@ end it 'parses OAuth2 standard error response' do - begin - subject.request(:get, '/unauthorized') - rescue StandardError => e - expect(e.code).to eq(error_value) - expect(e.description).to eq(error_description_value) - expect(e.to_s).to match(/#{error_value}/) - expect(e.to_s).to match(/#{error_description_value}/) + expect { subject.request(:get, '/unauthorized') }.to raise_error do |ex| + expect(ex.code).to eq(error_value) + expect(ex.description).to eq(error_description_value) + expect(ex.to_s).to match(/#{error_value}/) + expect(ex.to_s).to match(/#{error_description_value}/) end end it 'provides the response in the Exception' do - begin - subject.request(:get, '/error') - rescue StandardError => e - expect(e.response).to be_a(OAuth2::Response) - expect(e.to_s).to match(/unknown error/) + expect { subject.request(:get, '/error') }.to raise_error do |ex| + expect(ex.response).not_to be_nil + expect(ex.to_s).to match(/unknown error/) end end end @@ -432,7 +423,7 @@ end it 'authenticates with request parameters' do - client = stubbed_client(:auth_scheme => :request_body) do |stub| + client = stubbed_client(auth_scheme: :request_body) do |stub| stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def') do |env| [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] end @@ -441,9 +432,10 @@ end it 'authenticates with Basic auth' do - client = stubbed_client(:auth_scheme => :basic_auth) do |stub| + client = stubbed_client(auth_scheme: :basic_auth) do |stub| stub.post('/oauth/token') do |env| raise Faraday::Adapter::Test::Stubs::NotFound unless env[:request_headers]['Authorization'] == OAuth2::Authenticator.encode_basic_auth('abc', 'def') + [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] end end @@ -465,7 +457,7 @@ context 'when the :raise_errors flag is set to false' do context 'when the request body is nil' do it 'returns a nil :access_token' do - client = stubbed_client(:raise_errors => false) do |stub| + client = stubbed_client(raise_errors: false) do |stub| stub.post('/oauth/token') do [500, {'Content-Type' => 'application/json'}, nil] end @@ -491,7 +483,7 @@ end it 'forwards given token parameters' do - client = stubbed_client(:auth_scheme => :request_body) do |stub| + client = stubbed_client(auth_scheme: :request_body) do |stub| stub.post('/oauth/token', 'arbitrary' => 'parameter', 'client_id' => 'abc', 'client_secret' => 'def') do |env| [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] end @@ -501,7 +493,7 @@ context 'when token_method is set to post_with_query_string' do it 'uses the http post method and passes parameters in the query string' do - client = stubbed_client(:token_method => :post_with_query_string) do |stub| + client = stubbed_client(token_method: :post_with_query_string) do |stub| stub.post('/oauth/token?state=abc123') do |env| [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] end @@ -511,7 +503,7 @@ end def stubbed_client(params = {}, &stubs) - params = {:site => 'https://api.example.com/'}.merge(params) + params = {site: 'https://api.example.com/'}.merge(params) OAuth2::Client.new('abc', 'def', params) do |builder| builder.adapter :test, &stubs end @@ -528,7 +520,7 @@ def stubbed_client(params = {}, &stubs) context 'with SSL options' do subject do - cli = described_class.new('abc', 'def', :site => 'https://api.example.com/', :ssl => {:ca_file => 'foo.pem'}) + cli = described_class.new('abc', 'def', site: 'https://api.example.com/', ssl: {ca_file: 'foo.pem'}) cli.connection.build do |b| b.adapter :test end @@ -542,7 +534,7 @@ def stubbed_client(params = {}, &stubs) context 'without a connection-configuration block' do subject do - described_class.new('abc', 'def', :site => 'https://api.example.com/') + described_class.new('abc', 'def', site: 'https://api.example.com/') end it 'applies default faraday middleware to the connection' do diff --git a/spec/oauth2/error_spec.rb b/spec/oauth2/error_spec.rb index b38ac93d..bb04454f 100644 --- a/spec/oauth2/error_spec.rb +++ b/spec/oauth2/error_spec.rb @@ -1,19 +1,20 @@ # encoding: UTF-8 +# frozen_string_literal: true RSpec.describe OAuth2::Error do let(:subject) { described_class.new(response) } let(:response) do raw_response = Faraday::Response.new( - :status => 418, - :response_headers => response_headers, - :body => response_body + status: 418, + response_headers: response_headers, + body: response_body ) OAuth2::Response.new(raw_response) end let(:response_headers) { {'Content-Type' => 'application/json'} } - let(:response_body) { {:text => 'Coffee brewing failed'}.to_json } + let(:response_body) { {text: 'Coffee brewing failed'}.to_json } it 'sets the response object to #response on self' do error = described_class.new(response) @@ -36,7 +37,7 @@ context 'when the response is parseable as a hash' do let(:response_body) { response_hash.to_json } - let(:response_hash) { {:text => 'Coffee brewing failed'} } + let(:response_hash) { {text: 'Coffee brewing failed'} } context 'when the response has an error and error_description' do before do @@ -47,7 +48,7 @@ it 'prepends to the error message with a return character' do expect(subject.message.each_line.to_a).to eq( [ - 'i_am_a_teapot: Short and stout' + "\n", + "i_am_a_teapot: Short and stout\n", '{"text":"Coffee brewing failed","error_description":"Short and stout","error":"i_am_a_teapot"}', ] ) @@ -63,9 +64,9 @@ it 'replaces them' do # The skip can be removed once support for < 2.1 is dropped. - encoding = {:reason => 'encode/scrub only works as of Ruby 2.1'} - skip_for(encoding.merge(:engine => 'ruby', :versions => %w[1.8.7 1.9.3 2.0.0])) - skip_for(encoding.merge(:engine => 'jruby')) + encoding = {reason: 'encode/scrub only works as of Ruby 2.1'} + skip_for(encoding.merge(engine: 'ruby', versions: %w[1.8.7 1.9.3 2.0.0])) + skip_for(encoding.merge(engine: 'jruby')) # See https://bibwild.wordpress.com/2013/03/12/removing-illegal-bytes-for-encoding-in-ruby-1-9-strings/ raise 'Invalid characters not replaced' unless subject.message.include?('� invalid �') @@ -75,7 +76,7 @@ context 'with undefined characters present' do before do - response_hash[:error_description] << ": 'A magical voyage of tea 🍵'" + response_hash[:error_description] += ": 'A magical voyage of tea 🍵'" end it 'replaces them' do @@ -87,7 +88,7 @@ context 'when the response is not an encodable thing' do let(:response_headers) { {'Content-Type' => 'who knows'} } - let(:response_body) { {:text => 'Coffee brewing failed'} } + let(:response_body) { {text: 'Coffee brewing failed'} } before do expect(response_body).not_to respond_to(:encode) diff --git a/spec/oauth2/mac_token_spec.rb b/spec/oauth2/mac_token_spec.rb index 4ab9f0f4..9b38db91 100644 --- a/spec/oauth2/mac_token_spec.rb +++ b/spec/oauth2/mac_token_spec.rb @@ -1,10 +1,12 @@ +# frozen_string_literal: true + RSpec.describe MACToken do subject { described_class.new(client, token, 'abc123', kid: kid) } let(:kid) { 'this-token' } let(:token) { 'monkey' } let(:client) do - Client.new('abc', 'def', :site => 'https://api.example.com/') do |builder| + Client.new('abc', 'def', site: 'https://api.example.com/') do |builder| builder.request :url_encoded builder.adapter :test do |stub| VERBS.each do |verb| @@ -29,17 +31,17 @@ end it 'handles hmac-sha-256' do - mac = described_class.new(client, token, 'abc123', :algorithm => 'hmac-sha-256') + mac = described_class.new(client, token, 'abc123', algorithm: 'hmac-sha-256') expect(mac.algorithm).to be_instance_of(OpenSSL::Digest::SHA256) end it 'handles hmac-sha-1' do - mac = described_class.new(client, token, 'abc123', :algorithm => 'hmac-sha-1') + mac = described_class.new(client, token, 'abc123', algorithm: 'hmac-sha-1') expect(mac.algorithm).to be_instance_of(OpenSSL::Digest::SHA1) end it 'raises on improper algorithm' do - expect { described_class.new(client, token, 'abc123', :algorithm => 'invalid-sha') }.to raise_error(ArgumentError) + expect { described_class.new(client, token, 'abc123', algorithm: 'invalid-sha') }.to raise_error(ArgumentError) end end @@ -112,10 +114,10 @@ let(:access_token) do AccessToken.new( client, token, - :expires_at => 1, - :expires_in => 1, - :refresh_token => 'abc', - :random => 1 + expires_at: 1, + expires_in: 1, + refresh_token: 'abc', + random: 1 ) end @@ -132,7 +134,7 @@ end it 'initializes params' do - expect(subject.params).to eq(:random => 1) + expect(subject.params).to eq(random: 1) end end end diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb index 5078d1f5..f09db243 100644 --- a/spec/oauth2/response_spec.rb +++ b/spec/oauth2/response_spec.rb @@ -1,5 +1,7 @@ +# frozen_string_literal: true + RSpec.describe OAuth2::Response do - let(:raw_response) { Faraday::Response.new(:status => status, :response_headers => headers, :body => body) } + let(:raw_response) { Faraday::Response.new(status: status, response_headers: headers, body: body) } let(:status) { 200 } let(:headers) { {'foo' => 'bar'} } let(:body) { 'foo' } @@ -16,9 +18,9 @@ describe '.register_parser' do let(:response) do - double('response', :headers => {'Content-Type' => 'application/foo-bar'}, - :status => 200, - :body => 'baz') + double('response', headers: {'Content-Type' => 'application/foo-bar'}, + status: 200, + body: 'baz') end before do @@ -67,7 +69,7 @@ it 'parses application/x-www-form-urlencoded body' do headers = {'Content-Type' => 'application/x-www-form-urlencoded'} body = 'foo=bar&answer=42' - response = double('response', :headers => headers, :body => body) + response = double('response', headers: headers, body: body) subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(2) expect(subject.parsed['foo']).to eq('bar') @@ -76,8 +78,8 @@ it 'parses application/json body' do headers = {'Content-Type' => 'application/json'} - body = MultiJson.encode(:foo => 'bar', :answer => 42) - response = double('response', :headers => headers, :body => body) + body = MultiJson.encode(foo: 'bar', answer: 42) + response = double('response', headers: headers, body: body) subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(2) expect(subject.parsed['foo']).to eq('bar') @@ -86,8 +88,8 @@ it 'parses alternative application/json extension bodies' do headers = {'Content-Type' => 'application/hal+json'} - body = MultiJson.encode(:foo => 'bar', :answer => 42) - response = double('response', :headers => headers, :body => body) + body = MultiJson.encode(foo: 'bar', answer: 42) + response = double('response', headers: headers, body: body) subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(2) expect(subject.parsed['foo']).to eq('bar') @@ -96,24 +98,24 @@ it 'parses application/vnd.collection+json body' do headers = {'Content-Type' => 'application/vnd.collection+json'} - body = MultiJson.encode(:collection => {}) - response = double('response', :headers => headers, :body => body) + body = MultiJson.encode(collection: {}) + response = double('response', headers: headers, body: body) subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(1) end it 'parses application/vnd.api+json body' do headers = {'Content-Type' => 'application/vnd.api+json'} - body = MultiJson.encode(:collection => {}) - response = double('response', :headers => headers, :body => body) + body = MultiJson.encode(collection: {}) + response = double('response', headers: headers, body: body) subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(1) end - it "parses application/Json body" do + it 'parses application/Json body' do headers = {'Content-Type' => 'application/Json'} - body = MultiJson.encode(:foo => 'bar', :answer => 42) - response = double('response', :headers => headers, :body => body) + body = MultiJson.encode(foo: 'bar', answer: 42) + response = double('response', headers: headers, body: body) subject = Response.new(response) expect(subject.parsed.keys.size).to eq(2) expect(subject.parsed['foo']).to eq('bar') @@ -124,7 +126,7 @@ headers = {'Content-Type' => 'text/html'} body = '' - response = double('response', :headers => headers, :body => body) + response = double('response', headers: headers, body: body) expect(MultiJson).not_to receive(:decode) expect(MultiJson).not_to receive(:load) @@ -134,14 +136,14 @@ expect(subject.parsed).to be_nil end - it "should snakecase json keys when parsing" do + it 'snakecases json keys when parsing' do headers = {'Content-Type' => 'application/json'} - body = MultiJson.encode("accessToken" => 'bar', "MiGever" => "Ani") - response = double('response', :headers => headers, :body => body) + body = MultiJson.encode('accessToken' => 'bar', 'MiGever' => 'Ani') + response = double('response', headers: headers, body: body) subject = Response.new(response) expect(subject.parsed.keys.size).to eq(2) expect(subject.parsed['access_token']).to eq('bar') - expect(subject.parsed['mi_gever']).to eq("Ani") + expect(subject.parsed['mi_gever']).to eq('Ani') end it 'supports registered parsers with arity == 0; passing nothing' do @@ -151,9 +153,9 @@ headers = {'Content-Type' => 'text/html'} body = '' - response = double('response', :headers => headers, :body => body) + response = double('response', headers: headers, body: body) - subject = described_class.new(response, :parse => :arity_0) + subject = described_class.new(response, parse: :arity_0) expect(subject.parsed).to eq('a-ok') end @@ -161,7 +163,7 @@ it 'supports registered parsers with arity == 2; passing body and response' do headers = {'Content-Type' => 'text/html'} body = '' - response = double('response', :headers => headers, :body => body) + response = double('response', headers: headers, body: body) described_class.register_parser(:arity_2, []) do |passed_body, passed_response| expect(passed_body).to eq(body) @@ -170,7 +172,7 @@ 'a-ok' end - subject = described_class.new(response, :parse => :arity_2) + subject = described_class.new(response, parse: :arity_2) expect(subject.parsed).to eq('a-ok') end @@ -178,7 +180,7 @@ it 'supports registered parsers with arity > 2; passing body and response' do headers = {'Content-Type' => 'text/html'} body = '' - response = double('response', :headers => headers, :body => body) + response = double('response', headers: headers, body: body) described_class.register_parser(:arity_3, []) do |passed_body, passed_response, *args| expect(passed_body).to eq(body) @@ -188,7 +190,7 @@ 'a-ok' end - subject = described_class.new(response, :parse => :arity_3) + subject = described_class.new(response, parse: :arity_3) expect(subject.parsed).to eq('a-ok') end @@ -196,9 +198,9 @@ it 'supports directly passed parsers' do headers = {'Content-Type' => 'text/html'} body = '' - response = double('response', :headers => headers, :body => body) + response = double('response', headers: headers, body: body) - subject = described_class.new(response, :parse => lambda { 'a-ok' }) + subject = described_class.new(response, parse: -> { 'a-ok' }) expect(subject.parsed).to eq('a-ok') end @@ -213,7 +215,7 @@ headers = {'Content-Type' => 'text/xml'} body = 'baz' - response = double('response', :headers => headers, :body => body) + response = double('response', headers: headers, body: body) expect(described_class.new(response).parsed).to eq('foo' => {'bar' => 'baz'}) end @@ -221,7 +223,7 @@ headers = {'Content-Type' => 'application/xml'} body = 'baz' - response = double('response', :headers => headers, :body => body) + response = double('response', headers: headers, body: body) expect(described_class.new(response).parsed).to eq('foo' => {'bar' => 'baz'}) end end diff --git a/spec/oauth2/snaky_hash_spec.rb b/spec/oauth2/snaky_hash_spec.rb index 14d4ef66..b17308f3 100644 --- a/spec/oauth2/snaky_hash_spec.rb +++ b/spec/oauth2/snaky_hash_spec.rb @@ -1,9 +1,11 @@ +# frozen_string_literal: true + RSpec.describe SnakyHash do subject { described_class.new } describe '.build' do context 'build from hash' do - subject { described_class.build({ 'AccessToken' => '1' }) } + subject { described_class.build({'AccessToken' => '1'}) } it 'create correct snake hash' do expect(subject).to be_a(described_class) @@ -85,19 +87,19 @@ subject { described_class.new } it 'raise KeyError with key' do - expect { + expect do subject.fetch('https://github.com/access_token') - }.to raise_error(KeyError, /access_token/) + end.to raise_error(KeyError, /access_token/) end it 'return default value' do - expect(subject.fetch('https://github.com/access_token') {'default'}).to eq('default') + expect(subject.fetch('https://github.com/access_token', 'default')).to eq('default') end end end describe '#key?' do - context 'Camel case key' do + context 'Camel case key' do subject { described_class.build('AccessToken' => '1') } it 'return true' do diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index fdc04804..e287aec8 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -1,10 +1,12 @@ +# frozen_string_literal: true + require 'jwt' RSpec.describe OAuth2::Strategy::Assertion do subject { client.assertion } let(:client) do - cli = OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com/', :auth_scheme => auth_scheme) + cli = OAuth2::Client.new('abc', 'def', site: 'http://api.example.com/', auth_scheme: auth_scheme) cli.connection.build do |b| b.adapter :test do |stub| stub.post('/oauth/token') do |token_request| @@ -38,13 +40,13 @@ let(:timestamp) { Time.now.to_i } let(:claims) do { - :iss => 'carp@example.com', - :scope => 'https://oauth.example.com/auth/flounder', - :aud => 'https://sturgeon.example.com/oauth2/token', - :exp => timestamp + 3600, - :iat => timestamp, - :sub => '12345', - :custom_claim => 'ling cod', + iss: 'carp@example.com', + scope: 'https://oauth.example.com/auth/flounder', + aud: 'https://sturgeon.example.com/oauth2/token', + exp: timestamp + 3600, + iat: timestamp, + sub: '12345', + custom_claim: 'ling cod', } end @@ -54,8 +56,8 @@ describe 'assembling a JWT assertion' do let(:jwt) do - payload, header = JWT.decode(@request_body[:assertion], key, true, :algorithm => algorithm) - {:payload => payload, :header => header} + payload, header = JWT.decode(@request_body[:assertion], key, true, algorithm: algorithm) + {payload: payload, header: header} end let(:payload) { jwt[:payload] } @@ -66,7 +68,7 @@ let(:key) { 'super_secret!' } before do - subject.get_token(claims, :algorithm => algorithm, :key => key) + subject.get_token(claims, algorithm: algorithm, key: key) raise 'No request made!' if @request_body.nil? end @@ -89,7 +91,7 @@ let(:key) { OpenSSL::PKey::RSA.new(1024) } before do - subject.get_token(claims, :algorithm => algorithm, :key => key) + subject.get_token(claims, algorithm: algorithm, key: key) raise 'No request made!' if @request_body.nil? end @@ -108,7 +110,7 @@ end context 'with bad encoding params' do - let(:encoding_opts) { {:algorithm => algorithm, :key => key} } + let(:encoding_opts) { {algorithm: algorithm, key: key} } describe 'non-supported algorithms' do let(:algorithm) { 'the blockchain' } @@ -155,7 +157,7 @@ let(:auth_scheme) { :request_body } it 'includes assertion and grant_type, along with the client parameters' do - subject.get_token(claims, :algorithm => algorithm, :key => key) + subject.get_token(claims, algorithm: algorithm, key: key) expect(@request_body).not_to be_nil expect(@request_body.keys).to match_array([:assertion, :grant_type, 'client_id', 'client_secret']) expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') @@ -165,7 +167,7 @@ end it 'includes other params via request_options' do - subject.get_token(claims, {:algorithm => algorithm, :key => key}, :scope => 'dover sole') + subject.get_token(claims, {algorithm: algorithm, key: key}, scope: 'dover sole') expect(@request_body).not_to be_nil expect(@request_body.keys).to match_array([:assertion, :grant_type, :scope, 'client_id', 'client_secret']) expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') @@ -180,17 +182,17 @@ let(:auth_scheme) { :basic_auth } it 'includes assertion and grant_type by default' do - subject.get_token(claims, :algorithm => algorithm, :key => key) + subject.get_token(claims, algorithm: algorithm, key: key) expect(@request_body).not_to be_nil - expect(@request_body.keys).to match_array([:assertion, :grant_type]) + expect(@request_body.keys).to match_array(%i[assertion grant_type]) expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') expect(@request_body[:assertion]).to be_a(String) end it 'includes other params via request_options' do - subject.get_token(claims, {:algorithm => algorithm, :key => key}, :scope => 'dover sole') + subject.get_token(claims, {algorithm: algorithm, key: key}, scope: 'dover sole') expect(@request_body).not_to be_nil - expect(@request_body.keys).to match_array([:assertion, :grant_type, :scope]) + expect(@request_body.keys).to match_array(%i[assertion grant_type scope]) expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') expect(@request_body[:assertion]).to be_a(String) expect(@request_body[:scope]).to eq('dover sole') @@ -199,7 +201,7 @@ end describe 'returning the response' do - let(:access_token) { subject.get_token(claims, {:algorithm => algorithm, :key => key}, {}, response_opts) } + let(:access_token) { subject.get_token(claims, {algorithm: algorithm, key: key}, {}, response_opts) } let(:response_opts) { {} } %w[json formencoded].each do |mode| @@ -233,7 +235,7 @@ end context 'with custom response_opts' do - let(:response_opts) { {:custom_token_option => 'mackerel'} } + let(:response_opts) { {custom_token_option: 'mackerel'} } it 'passes them into the token params' do expect(access_token.params).to eq(response_opts) diff --git a/spec/oauth2/strategy/auth_code_spec.rb b/spec/oauth2/strategy/auth_code_spec.rb index 72bffe1d..d156acc8 100644 --- a/spec/oauth2/strategy/auth_code_spec.rb +++ b/spec/oauth2/strategy/auth_code_spec.rb @@ -1,4 +1,5 @@ # encoding: utf-8 +# frozen_string_literal: true RSpec.describe OAuth2::Strategy::AuthCode do subject { client.auth_code } @@ -6,12 +7,12 @@ let(:code) { 'sushi' } let(:kvform_token) { 'expires_in=600&access_token=salmon&refresh_token=trout&extra_param=steve' } let(:facebook_token) { kvform_token.gsub('_in', '') } - let(:json_token) { MultiJson.encode(:expires_in => 600, :access_token => 'salmon', :refresh_token => 'trout', :extra_param => 'steve') } + let(:json_token) { MultiJson.encode(expires_in: 600, access_token: 'salmon', refresh_token: 'trout', extra_param: 'steve') } let(:redirect_uri) { 'http://example.com/redirect_uri' } let(:microsoft_token) { 'id_token=jwt' } let(:client) do - OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com/') do |builder| + OAuth2::Client.new('abc', 'def', site: 'http://api.example.com/') do |builder| builder.adapter :test do |stub| stub.get("/oauth/token?client_id=abc&code=#{code}&grant_type=authorization_code") do |env| case @mode @@ -56,7 +57,7 @@ end it 'raises an error if the client_secret is passed in' do - expect { subject.authorize_url(https://github.com/:client_secret%20=%3E%20'def') }.to raise_error(ArgumentError) + expect { subject.authorize_url(https://github.com/client_secret:%20'def') }.to raise_error(ArgumentError) end it 'raises an error if the client_secret is passed in with string keys' do @@ -65,7 +66,7 @@ it 'includes passed in options' do cb = 'http://myserver.local/oauth/callback' - expect(subject.authorize_url(https://github.com/:redirect_uri%20=%3E%20cb)).to include("redirect_uri=#{CGI.escape(cb)}") + expect(subject.authorize_url(https://github.com/redirect_uri:%20cb)).to include("redirect_uri=#{CGI.escape(cb)}") end end @@ -78,12 +79,12 @@ end it 'includes redirect_uri once in the request parameters' do - expect { subject.get_token(code, :redirect_uri => redirect_uri) }.not_to raise_error + expect { subject.get_token(code, redirect_uri: redirect_uri) }.not_to raise_error end end describe '#get_token (handling utf-8 data)' do - let(:json_token) { MultiJson.encode(:expires_in => 600, :access_token => 'salmon', :refresh_token => 'trout', :extra_param => 'André') } + let(:json_token) { MultiJson.encode(expires_in: 600, access_token: 'salmon', refresh_token: 'trout', extra_param: 'André') } before do @mode = 'json' @@ -113,7 +114,7 @@ end %w[json formencoded from_facebook].each do |mode| - [:get, :post].each do |verb| + %i[get post].each do |verb| describe "#get_token (#{mode}, access_token_method=#{verb}" do before do @mode = mode diff --git a/spec/oauth2/strategy/base_spec.rb b/spec/oauth2/strategy/base_spec.rb index 63fbeec1..33b98389 100644 --- a/spec/oauth2/strategy/base_spec.rb +++ b/spec/oauth2/strategy/base_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + RSpec.describe OAuth2::Strategy::Base do it 'initializes with a Client' do expect { described_class.new(OAuth2::Client.new('abc', 'def')) }.not_to raise_error diff --git a/spec/oauth2/strategy/client_credentials_spec.rb b/spec/oauth2/strategy/client_credentials_spec.rb index df77a39b..85ebca75 100644 --- a/spec/oauth2/strategy/client_credentials_spec.rb +++ b/spec/oauth2/strategy/client_credentials_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + RSpec.describe OAuth2::Strategy::ClientCredentials do subject { client.client_credentials } @@ -5,7 +7,7 @@ let(:json_token) { '{"expires_in":600,"access_token":"salmon","refresh_token":"trout"}' } let(:client) do - OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com/') do |builder| + OAuth2::Client.new('abc', 'def', site: 'http://api.example.com/') do |builder| builder.adapter :test do |stub| stub.post('/oauth/token', 'grant_type' => 'client_credentials') do |env| client_id, client_secret = Base64.decode64(env[:request_headers]['Authorization'].split(' ', 2)[1]).split(':', 2) @@ -37,7 +39,7 @@ end %w[json formencoded].each do |mode| - [:basic_auth, :request_body].each do |auth_scheme| + %i[basic_auth request_body].each do |auth_scheme| describe "#get_token (#{mode}) (#{auth_scheme})" do before do @mode = mode @@ -71,7 +73,7 @@ describe '#get_token (with extra header parameters)' do before do @mode = 'json' - @access = subject.get_token(:headers => {'X-Extra-Header' => 'wow'}) + @access = subject.get_token(headers: {'X-Extra-Header' => 'wow'}) end it 'sends the header correctly.' do diff --git a/spec/oauth2/strategy/implicit_spec.rb b/spec/oauth2/strategy/implicit_spec.rb index d2434817..18588fea 100644 --- a/spec/oauth2/strategy/implicit_spec.rb +++ b/spec/oauth2/strategy/implicit_spec.rb @@ -1,7 +1,9 @@ +# frozen_string_literal: true + RSpec.describe OAuth2::Strategy::Implicit do subject { client.implicit } - let(:client) { OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com/') } + let(:client) { OAuth2::Client.new('abc', 'def', site: 'http://api.example.com/') } describe '#authorize_url' do it 'includes the client_id' do @@ -17,7 +19,7 @@ end it 'raises an error if the client_secret is passed in' do - expect { subject.authorize_url(https://github.com/:client_secret%20=%3E%20'def') }.to raise_error(ArgumentError) + expect { subject.authorize_url(https://github.com/client_secret:%20'def') }.to raise_error(ArgumentError) end it 'raises an error if the client_secret is passed in with string keys' do @@ -26,7 +28,7 @@ it 'includes passed in options' do cb = 'http://myserver.local/oauth/callback' - expect(subject.authorize_url(https://github.com/:redirect_uri%20=%3E%20cb)).to include("redirect_uri=#{CGI.escape(cb)}") + expect(subject.authorize_url(https://github.com/redirect_uri:%20cb)).to include("redirect_uri=#{CGI.escape(cb)}") end end diff --git a/spec/oauth2/strategy/password_spec.rb b/spec/oauth2/strategy/password_spec.rb index 3ab6da8c..47e54c77 100644 --- a/spec/oauth2/strategy/password_spec.rb +++ b/spec/oauth2/strategy/password_spec.rb @@ -1,8 +1,10 @@ +# frozen_string_literal: true + RSpec.describe OAuth2::Strategy::Password do subject { client.password } let(:client) do - cli = OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com/') + cli = OAuth2::Client.new('abc', 'def', site: 'http://api.example.com/') cli.connection.build do |b| b.adapter :test do |stub| stub.post('/oauth/token') do |env| diff --git a/spec/oauth2/version_spec.rb b/spec/oauth2/version_spec.rb index be0658b4..39a1c295 100644 --- a/spec/oauth2/version_spec.rb +++ b/spec/oauth2/version_spec.rb @@ -1,7 +1,10 @@ +# frozen_string_literal: true + RSpec.describe OAuth2::Version do it 'has a version number' do expect(described_class).not_to be nil end + it 'is greater than 0.1.0' do expect(Gem::Version.new(described_class) > Gem::Version.new('0.1.0')).to be(true) end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 0618ddf9..70308938 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,4 +1,5 @@ -require 'bundler/setup' +# frozen_string_literal: true + require 'oauth2' require 'helper' require 'rspec/pending_for' From d4e700f91917770e3471f2bc94ee8aa1aedd5cb5 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 15:43:03 -0600 Subject: [PATCH 008/645] CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ab56755..70a79717 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. ## [unreleased] +- [#536](https://github.com/oauth-xx/oauth2/pull/536) - Compatibility with Ruby OpenSSL versions, Github Actions, Rubocop updated (@pboling) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage) - **Breaking**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. See [#285](https://github.com/oauth-xx/oauth2/issues/285) (@tetsuya, @wy193777) - Token is expired if `expired_at` time is now (@davestevens) From 62b84e898259900f2ca6f53097a83762e330150f Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 16:00:44 -0600 Subject: [PATCH 009/645] Update CHANGELOG.md --- CHANGELOG.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 70a79717..55a892c7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ All notable changes to this project will be documented in this file. ## [unreleased] -- [#536](https://github.com/oauth-xx/oauth2/pull/536) - Compatibility with Ruby OpenSSL versions, Github Actions, Rubocop updated (@pboling) +- [#536](https://github.com/oauth-xx/oauth2/pull/536) - Compatibility with Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://github.com/oauth-xx/oauth2/pull/535) on 1-4-stable line (@pboling) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage) - **Breaking**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. See [#285](https://github.com/oauth-xx/oauth2/issues/285) (@tetsuya, @wy193777) - Token is expired if `expired_at` time is now (@davestevens) @@ -15,6 +15,11 @@ All notable changes to this project will be documented in this file. - Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params (@dfockler) +## [1.4.5] - 2020-03-18 + +- [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [#536](https://github.com/oauth-xx/oauth2/pull/536) on master branch (@pboling) +- [#518](https://github.com/oauth-xx/oauth2/pull/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer) + ## [1.4.4] - 2020-02-12 - [#408](https://github.com/oauth-xx/oauth2/pull/408) - Fixed expires_at for formatted time (@Lomey) From 3df40b3b60dfda7ffe0a96ecc8bbcbe6694e7919 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 16:01:25 -0600 Subject: [PATCH 010/645] Typo in CHANGELOG --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 55a892c7..1cac7f5f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,7 @@ All notable changes to this project will be documented in this file. - Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params (@dfockler) -## [1.4.5] - 2020-03-18 +## [1.4.5] - 2021-03-18 - [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [#536](https://github.com/oauth-xx/oauth2/pull/536) on master branch (@pboling) - [#518](https://github.com/oauth-xx/oauth2/pull/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer) From d121780ad41fa3241a0c8e926e3461a32230506f Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 16:03:05 -0600 Subject: [PATCH 011/645] Document 1.4.5 release --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 186756b3..9cc874b1 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ If you need the readme for a released version of the gem please find it below: | Version | Release Date | Readme | |----------|--------------|----------------------------------------------------------| +| 1.4.5 | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.5/README.md | | 1.4.4 | Feb 12, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.4/README.md | | 1.4.3 | Jan 29, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.3/README.md | | 1.4.2 | Oct 1, 2019 | https://github.com/oauth-xx/oauth2/blob/v1.4.2/README.md | From 06073a7a850f93b90523d2799a3ea7ceae71ad74 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 16:42:41 -0600 Subject: [PATCH 012/645] Badge for Github Actions --- .travis.yml | 9 --------- README.md | 2 ++ 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index 32691c15..f1f3ffe3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,14 +19,6 @@ before_install: gem install --no-document bundler "bundler:>=2.0" fi -before_script: - - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter - - chmod +x ./cc-test-reporter - - ./cc-test-reporter before-build - -after_script: - - ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT - bundler_args: --no-deployment --jobs 3 --retry 3 cache: bundler @@ -34,7 +26,6 @@ cache: bundler env: global: - JRUBY_OPTS="$JRUBY_OPTS -Xcli.debug=true --debug" - - CC_TEST_REPORTER_ID=29caf9cf27d27ae609c088feb9d4ba34460f7a39251f2e8615c9a16f3075530e language: ruby diff --git a/README.md b/README.md index 9cc874b1..4c74ad2b 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,7 @@ If you need the readme for a released version of the gem please find it below: [![Total Downloads](https://img.shields.io/gem/dt/oauth2.svg)][gem] [![Downloads Today](https://img.shields.io/gem/rt/oauth2.svg)][gem] [![Build Status](http://img.shields.io/travis/oauth-xx/oauth2.svg)][travis] +[![Build Status](https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2Foauth-xx%2Foauth2%2Fbadge&style=flat)][github-actions] [![Test Coverage](https://api.codeclimate.com/v1/badges/688c612528ff90a46955/test_coverage)][codeclimate-coverage] [![Maintainability](https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability)][codeclimate-maintainability] [![Depfu](https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg)][depfu] @@ -36,6 +37,7 @@ If you need the readme for a released version of the gem please find it below: [gem]: https://rubygems.org/gems/oauth2 [travis]: https://travis-ci.com/oauth-xx/oauth2 +[github-actions]: https://actions-badge.atrox.dev/oauth-xx/oauth2/goto [coveralls]: https://coveralls.io/r/oauth-xx/oauth2 [codeclimate-maintainability]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability [codeclimate-coverage]: https://codeclimate.com/github/oauth-xx/oauth2/test_coverage From c690e5a31f445feb3e63e768012a608cc538763a Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 20:36:09 -0600 Subject: [PATCH 013/645] Document version 1.4.6 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4c74ad2b..51658523 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ If you need the readme for a released version of the gem please find it below: | Version | Release Date | Readme | |----------|--------------|----------------------------------------------------------| +| 1.4.6 | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.6/README.md | | 1.4.5 | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.5/README.md | | 1.4.4 | Feb 12, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.4/README.md | | 1.4.3 | Jan 29, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.3/README.md | From 7b7dfa8cbdea92771b8c4f2ee76e30f3408e7fd2 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 20:37:43 -0600 Subject: [PATCH 014/645] CHANGELOG --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1cac7f5f..f4ede5b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,12 @@ All notable changes to this project will be documented in this file. - Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params (@dfockler) +## [1.4.6] - 2021-03-18 + +- [#540](https://github.com/oauth-xx/oauth2/pull/540) - Add VERSION constant (@pboling) +- [#537](https://github.com/oauth-xx/oauth2/pull/537) - Fix crash in OAuth2::Client#get_token (@anderscarling) +- [#538](https://github.com/oauth-xx/oauth2/pull/538) - Remove reliance on globally included OAuth2 in tests for version 1.4 (@anderscarling) + ## [1.4.5] - 2021-03-18 - [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [#536](https://github.com/oauth-xx/oauth2/pull/536) on master branch (@pboling) From f44f790ddef02f0498f62789740bc4f93a75bee5 Mon Sep 17 00:00:00 2001 From: Anders Carling Date: Fri, 19 Mar 2021 03:49:42 +0100 Subject: [PATCH 015/645] Remove reliance on globally included OAuth2 in tests for version 2.0 (#539) --- spec/helper.rb | 5 ----- spec/oauth2/access_token_spec.rb | 4 ++-- spec/oauth2/mac_token_spec.rb | 6 +++--- spec/oauth2/response_spec.rb | 4 ++-- spec/oauth2/snaky_hash_spec.rb | 2 +- spec/oauth2/strategy/assertion_spec.rb | 2 +- 6 files changed, 9 insertions(+), 14 deletions(-) diff --git a/spec/helper.rb b/spec/helper.rb index 396aa75d..46940b76 100644 --- a/spec/helper.rb +++ b/spec/helper.rb @@ -31,11 +31,6 @@ DEBUG = ENV['DEBUG'] == 'true' require 'byebug' if DEBUG && RUBY_VERSION >= '2.6' -# This is dangerous - HERE BE DRAGONS. -# It allows us to refer to classes without the namespace, but at what cost?!? -# TODO: Refactor to use explicit references everywhere -include OAuth2 - RSpec.configure do |config| config.expect_with :rspec do |c| c.syntax = :expect diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index f563373e..cc3213bb 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -1,12 +1,12 @@ # frozen_string_literal: true -RSpec.describe AccessToken do +RSpec.describe OAuth2::AccessToken do subject { described_class.new(client, token) } let(:token) { 'monkey' } let(:refresh_body) { MultiJson.encode(access_token: 'refreshed_foo', expires_in: 600, refresh_token: 'refresh_bar') } let(:client) do - Client.new('abc', 'def', site: 'https://api.example.com/') do |builder| + OAuth2::Client.new('abc', 'def', site: 'https://api.example.com/') do |builder| builder.request :url_encoded builder.adapter :test do |stub| VERBS.each do |verb| diff --git a/spec/oauth2/mac_token_spec.rb b/spec/oauth2/mac_token_spec.rb index 9b38db91..33bd7700 100644 --- a/spec/oauth2/mac_token_spec.rb +++ b/spec/oauth2/mac_token_spec.rb @@ -1,12 +1,12 @@ # frozen_string_literal: true -RSpec.describe MACToken do +RSpec.describe OAuth2::MACToken do subject { described_class.new(client, token, 'abc123', kid: kid) } let(:kid) { 'this-token' } let(:token) { 'monkey' } let(:client) do - Client.new('abc', 'def', site: 'https://api.example.com/') do |builder| + OAuth2::Client.new('abc', 'def', site: 'https://api.example.com/') do |builder| builder.request :url_encoded builder.adapter :test do |stub| VERBS.each do |verb| @@ -112,7 +112,7 @@ subject { described_class.from_access_token(access_token, 'hello') } let(:access_token) do - AccessToken.new( + OAuth2::AccessToken.new( client, token, expires_at: 1, expires_in: 1, diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb index f09db243..42456ed6 100644 --- a/spec/oauth2/response_spec.rb +++ b/spec/oauth2/response_spec.rb @@ -116,7 +116,7 @@ headers = {'Content-Type' => 'application/Json'} body = MultiJson.encode(foo: 'bar', answer: 42) response = double('response', headers: headers, body: body) - subject = Response.new(response) + subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(2) expect(subject.parsed['foo']).to eq('bar') expect(subject.parsed['answer']).to eq(42) @@ -140,7 +140,7 @@ headers = {'Content-Type' => 'application/json'} body = MultiJson.encode('accessToken' => 'bar', 'MiGever' => 'Ani') response = double('response', headers: headers, body: body) - subject = Response.new(response) + subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(2) expect(subject.parsed['access_token']).to eq('bar') expect(subject.parsed['mi_gever']).to eq('Ani') diff --git a/spec/oauth2/snaky_hash_spec.rb b/spec/oauth2/snaky_hash_spec.rb index b17308f3..ccdc1d64 100644 --- a/spec/oauth2/snaky_hash_spec.rb +++ b/spec/oauth2/snaky_hash_spec.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -RSpec.describe SnakyHash do +RSpec.describe OAuth2::SnakyHash do subject { described_class.new } describe '.build' do diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index e287aec8..4eff574f 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -211,7 +211,7 @@ end it 'returns an AccessToken' do - expect(access_token).to be_an(AccessToken) + expect(access_token).to be_an(OAuth2::AccessToken) end it 'returns AccessToken with same Client' do From 39e5a21a48377fbf47977da1f6a2ab91403176ff Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 20:52:46 -0600 Subject: [PATCH 016/645] CHANGELOG --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f4ede5b9..646f4da7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. ## [unreleased] +- [#539](https://github.com/oauth-xx/oauth2/pull/539) - Remove reliance on globally included OAuth2 in tests, analog of [#538](https://github.com/oauth-xx/oauth2/pull/538) for 1-4-stable (@anderscarling) - [#536](https://github.com/oauth-xx/oauth2/pull/536) - Compatibility with Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://github.com/oauth-xx/oauth2/pull/535) on 1-4-stable line (@pboling) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage) - **Breaking**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. See [#285](https://github.com/oauth-xx/oauth2/issues/285) (@tetsuya, @wy193777) @@ -19,7 +20,7 @@ All notable changes to this project will be documented in this file. - [#540](https://github.com/oauth-xx/oauth2/pull/540) - Add VERSION constant (@pboling) - [#537](https://github.com/oauth-xx/oauth2/pull/537) - Fix crash in OAuth2::Client#get_token (@anderscarling) -- [#538](https://github.com/oauth-xx/oauth2/pull/538) - Remove reliance on globally included OAuth2 in tests for version 1.4 (@anderscarling) +- [#538](https://github.com/oauth-xx/oauth2/pull/538) - Remove reliance on globally included OAuth2 in tests, analogous to [#539](https://github.com/oauth-xx/oauth2/pull/539) on master branch (@anderscarling) ## [1.4.5] - 2021-03-18 From ff7697fbe8d7fcc34c140fa31ccddc146ab5b30f Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 19 Mar 2021 10:29:36 +0700 Subject: [PATCH 017/645] Human Linting (#542) * Human Linting * VERSION * Version specs * Linting * CHANGELOG entry for #542 --- CHANGELOG.md | 1 + lib/oauth2/access_token.rb | 6 ++--- lib/oauth2/mac_token.rb | 4 +-- lib/oauth2/response.rb | 4 +-- lib/oauth2/strategy/assertion.rb | 8 +++--- lib/oauth2/version.rb | 16 +++++++----- spec/oauth2/access_token_spec.rb | 2 +- spec/oauth2/client_spec.rb | 26 +++++++++---------- spec/oauth2/mac_token_spec.rb | 6 ++--- spec/oauth2/response_spec.rb | 2 +- spec/oauth2/snaky_hash_spec.rb | 4 +-- spec/oauth2/strategy/auth_code_spec.rb | 8 +++--- .../strategy/client_credentials_spec.rb | 4 ++- spec/oauth2/strategy/password_spec.rb | 3 ++- spec/oauth2/version_spec.rb | 12 +++++++++ 15 files changed, 64 insertions(+), 42 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 646f4da7..89f46bc5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. ## [unreleased] +- [#542](https://github.com/oauth-xx/oauth2/pull/542) - Linting, spelling, type fixes. New VERSION constant. Bump to 2.0.0-alpha (@pboling) - [#539](https://github.com/oauth-xx/oauth2/pull/539) - Remove reliance on globally included OAuth2 in tests, analog of [#538](https://github.com/oauth-xx/oauth2/pull/538) for 1-4-stable (@anderscarling) - [#536](https://github.com/oauth-xx/oauth2/pull/536) - Compatibility with Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://github.com/oauth-xx/oauth2/pull/535) on 1-4-stable line (@pboling) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage) diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 29f69299..d0f5a272 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -10,7 +10,7 @@ class << self # # @param client [Client] the OAuth2::Client instance # @param hash [Hash] a hash of AccessToken property values - # @return [AccessToken] the initalized AccessToken + # @return [AccessToken] the initialized AccessToken def from_hash(client, hash) hash = hash.dup new(client, hash.delete('access_token') || hash.delete(:access_token), hash) @@ -20,13 +20,13 @@ def from_hash(client, hash) # # @param [Client] client the OAuth2::Client instance # @param [String] kvform the application/x-www-form-urlencoded string - # @return [AccessToken] the initalized AccessToken + # @return [AccessToken] the initialized AccessToken def from_kvform(client, kvform) from_hash(client, Rack::Utils.parse_query(kvform)) end end - # Initalize an AccessToken + # Initialize an AccessToken # # @param [Client] client the OAuth2::Client instance # @param [String] token the Access Token value diff --git a/lib/oauth2/mac_token.rb b/lib/oauth2/mac_token.rb index 9a9ac7ff..34092eee 100644 --- a/lib/oauth2/mac_token.rb +++ b/lib/oauth2/mac_token.rb @@ -19,7 +19,7 @@ def self.from_access_token(token, secret, options = {}) attr_reader :secret, :algorithm - # Initalize a MACToken + # Initialize a MACToken # # @param [Client] client the OAuth2::Client instance # @param [String] token the Access Token value @@ -80,7 +80,7 @@ def header(verb, url) # # @param [Fixnum] timestamp the timestamp of the request in seconds since epoch # @param [Symbol] verb the HTTP request method - # @param [String] url the HTTP URL path of the request + # @param [URI::HTTP] uri the HTTP URL path of the request def signature(timestamp, verb, uri) signature = [ "#{verb.to_s.upcase} #{uri.request_uri} HTTP/1.1", diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index 17c23f62..1008c0b7 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -94,7 +94,7 @@ def content_type end # Determines the parser (a Proc or other Object which responds to #call) - # that will be passed the {#body} (and optionall {#response}) to supply + # that will be passed the {#body} (and optional {#response}) to supply # {#parsed}. # # The parser can be supplied as the +:parse+ option in the form of a Proc @@ -129,5 +129,5 @@ def parser end OAuth2::Response.register_parser(:json, ['application/json', 'text/javascript', 'application/hal+json', 'application/vnd.collection+json', 'application/vnd.api+json']) do |body| - MultiJson.load(body) rescue body # rubocop:disable Style/RescueModifier + MultiJson.decode(body) rescue body # rubocop:disable Style/RescueModifier end diff --git a/lib/oauth2/strategy/assertion.rb b/lib/oauth2/strategy/assertion.rb index e915d126..09f57c65 100644 --- a/lib/oauth2/strategy/assertion.rb +++ b/lib/oauth2/strategy/assertion.rb @@ -13,7 +13,7 @@ module Strategy # :site => 'http://localhost:8080/', # :auth_scheme => :request_body) # - # claimset = { + # claim_set = { # :iss => "http://localhost:3001/", # :aud => "http://localhost:8080/oauth2/token" # :sub => "me@example.com", @@ -25,7 +25,7 @@ module Strategy # :key => 'secret_key', # } # - # access = client.assertion.get_token(claimset, encoding) + # access = client.assertion.get_token(claim_set, encoding) # access.token # actual access_token string # access.get("/api/stuff") # making api calls with access token in header # @@ -66,8 +66,8 @@ def authorize_url # @see https://tools.ietf.org/html/rfc7518#section-3.1 # # The object type of `:key` may depend on the value of `:algorithm`. Sample arguments: - # get_token(claimset, {:algorithm => 'HS256', :key => 'secret_key'}) - # get_token(claimset, {:algorithm => 'RS256', :key => OpenSSL::PKCS12.new(File.read('my_key.p12'), 'not_secret')}) + # get_token(claim_set, {:algorithm => 'HS256', :key => 'secret_key'}) + # get_token(claim_set, {:algorithm => 'RS256', :key => OpenSSL::PKCS12.new(File.read('my_key.p12'), 'not_secret')}) # # @param [Hash] request_opts options that will be used to assemble the request # @option request_opts [String] :scope the url parameter `scope` that may be required by some endpoints diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index 05f128a0..ed77ffec 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,34 +2,36 @@ module OAuth2 module Version + VERSION = to_s + module_function # The major version # # @return [Integer] def major - 1 + 2 end # The minor version # # @return [Integer] def minor - 4 + 0 end # The patch version # # @return [Integer] def patch - 3 + 0 end # The pre-release version, if any # - # @return [Integer, NilClass] + # @return [String, NilClass] def pre - nil + 'alpha' end # The version number as a hash @@ -55,7 +57,9 @@ def to_a # # @return [String] def to_s - to_a.join('.') + v = [major, minor, patch].compact.join('.') + v += "-#{pre}" if pre + v end end end diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index cc3213bb..b18852e2 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -15,7 +15,7 @@ stub.send(verb, '/token/query_string') { |env| [200, {}, CGI.unescape(Addressable::URI.parse(env[:url]).query)] } stub.send(verb, '/token/body') { |env| [200, {}, env[:body]] } end - stub.post('/oauth/token') { |env| [200, {'Content-Type' => 'application/json'}, refresh_body] } + stub.post('/oauth/token') { |_env| [200, {'Content-Type' => 'application/json'}, refresh_body] } end end end diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 66ed3783..b49a490f 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -7,17 +7,17 @@ subject do described_class.new('abc', 'def', {site: 'https://api.example.com/'}.merge(options)) do |builder| builder.adapter :test do |stub| - stub.get('/success') { |env| [200, {'Content-Type' => 'text/awesome'}, 'yay'] } + stub.get('/success') { |_env| [200, {'Content-Type' => 'text/awesome'}, 'yay'] } stub.get('/reflect') { |env| [200, {}, env[:body]] } stub.post('/reflect') { |env| [200, {}, env[:body]] } - stub.get('/unauthorized') { |env| [401, {'Content-Type' => 'application/json'}, MultiJson.encode(error: error_value, error_description: error_description_value)] } - stub.get('/conflict') { |env| [409, {'Content-Type' => 'text/plain'}, 'not authorized'] } - stub.get('/redirect') { |env| [302, {'Content-Type' => 'text/plain', 'location' => '/success'}, ''] } - stub.post('/redirect') { |env| [303, {'Content-Type' => 'text/plain', 'location' => '/reflect'}, ''] } - stub.get('/error') { |env| [500, {'Content-Type' => 'text/plain'}, 'unknown error'] } - stub.get('/empty_get') { |env| [204, {}, nil] } - stub.get('/different_encoding') { |env| [500, {'Content-Type' => 'application/json'}, NKF.nkf('-We', MultiJson.encode(error: error_value, error_description: '∞'))] } - stub.get('/ascii_8bit_encoding') { |env| [500, {'Content-Type' => 'application/json'}, MultiJson.encode(error: 'invalid_request', error_description: 'é').force_encoding('ASCII-8BIT')] } + stub.get('/unauthorized') { |_env| [401, {'Content-Type' => 'application/json'}, MultiJson.encode(error: error_value, error_description: error_description_value)] } + stub.get('/conflict') { |_env| [409, {'Content-Type' => 'text/plain'}, 'not authorized'] } + stub.get('/redirect') { |_env| [302, {'Content-Type' => 'text/plain', 'location' => '/success'}, ''] } + stub.post('/redirect') { |_env| [303, {'Content-Type' => 'text/plain', 'location' => '/reflect'}, ''] } + stub.get('/error') { |_env| [500, {'Content-Type' => 'text/plain'}, 'unknown error'] } + stub.get('/empty_get') { |_env| [204, {}, nil] } + stub.get('/different_encoding') { |_env| [500, {'Content-Type' => 'application/json'}, NKF.nkf('-We', MultiJson.encode(error: error_value, error_description: '∞'))] } + stub.get('/ascii_8bit_encoding') { |_env| [500, {'Content-Type' => 'application/json'}, MultiJson.encode(error: 'invalid_request', error_description: 'é').force_encoding('ASCII-8BIT')] } end end end @@ -71,7 +71,7 @@ it 'allows override of raise_errors option' do client = described_class.new('abc', 'def', site: 'https://api.example.com/', raise_errors: true) do |builder| builder.adapter :test do |stub| - stub.get('/notfound') { |env| [404, {}, nil] } + stub.get('/notfound') { |_env| [404, {}, nil] } end end expect(client.options[:raise_errors]).to be true @@ -424,7 +424,7 @@ it 'authenticates with request parameters' do client = stubbed_client(auth_scheme: :request_body) do |stub| - stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def') do |env| + stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def') do |_env| [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] end end @@ -484,7 +484,7 @@ it 'forwards given token parameters' do client = stubbed_client(auth_scheme: :request_body) do |stub| - stub.post('/oauth/token', 'arbitrary' => 'parameter', 'client_id' => 'abc', 'client_secret' => 'def') do |env| + stub.post('/oauth/token', 'arbitrary' => 'parameter', 'client_id' => 'abc', 'client_secret' => 'def') do |_env| [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] end end @@ -494,7 +494,7 @@ context 'when token_method is set to post_with_query_string' do it 'uses the http post method and passes parameters in the query string' do client = stubbed_client(token_method: :post_with_query_string) do |stub| - stub.post('/oauth/token?state=abc123') do |env| + stub.post('/oauth/token?state=abc123') do |_env| [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] end end diff --git a/spec/oauth2/mac_token_spec.rb b/spec/oauth2/mac_token_spec.rb index 33bd7700..cdacba3b 100644 --- a/spec/oauth2/mac_token_spec.rb +++ b/spec/oauth2/mac_token_spec.rb @@ -27,17 +27,17 @@ end it 'defaults algorithm to hmac-sha-256' do - expect(subject.algorithm).to be_instance_of(OpenSSL::Digest::SHA256) + expect(subject.algorithm).to be_instance_of(OpenSSL::Digest('SHA256')) end it 'handles hmac-sha-256' do mac = described_class.new(client, token, 'abc123', algorithm: 'hmac-sha-256') - expect(mac.algorithm).to be_instance_of(OpenSSL::Digest::SHA256) + expect(mac.algorithm).to be_instance_of(OpenSSL::Digest('SHA256')) end it 'handles hmac-sha-1' do mac = described_class.new(client, token, 'abc123', algorithm: 'hmac-sha-1') - expect(mac.algorithm).to be_instance_of(OpenSSL::Digest::SHA1) + expect(mac.algorithm).to be_instance_of(OpenSSL::Digest('SHA1')) end it 'raises on improper algorithm' do diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb index 42456ed6..ad82b5c1 100644 --- a/spec/oauth2/response_spec.rb +++ b/spec/oauth2/response_spec.rb @@ -24,7 +24,7 @@ end before do - described_class.register_parser(:foobar, 'application/foo-bar') do |body| + described_class.register_parser(:foobar, ['application/foo-bar']) do |body| "foobar #{body}" end end diff --git a/spec/oauth2/snaky_hash_spec.rb b/spec/oauth2/snaky_hash_spec.rb index ccdc1d64..de44e69b 100644 --- a/spec/oauth2/snaky_hash_spec.rb +++ b/spec/oauth2/snaky_hash_spec.rb @@ -67,7 +67,7 @@ end end - context 'Camel case key with dowcased first letter' do + context 'Camel case key with down-cased first letter' do subject { described_class.build('accessToken' => '1') } it 'return correct token' do @@ -107,7 +107,7 @@ end end - context 'Camel case key with dowcased first letter' do + context 'Camel case key with down-cased first letter' do subject { described_class.build('accessToken' => '1') } it 'return true' do diff --git a/spec/oauth2/strategy/auth_code_spec.rb b/spec/oauth2/strategy/auth_code_spec.rb index d156acc8..3f958eaa 100644 --- a/spec/oauth2/strategy/auth_code_spec.rb +++ b/spec/oauth2/strategy/auth_code_spec.rb @@ -14,7 +14,7 @@ let(:client) do OAuth2::Client.new('abc', 'def', site: 'http://api.example.com/') do |builder| builder.adapter :test do |stub| - stub.get("/oauth/token?client_id=abc&code=#{code}&grant_type=authorization_code") do |env| + stub.get("/oauth/token?client_id=abc&code=#{code}&grant_type=authorization_code") do |_env| case @mode when 'formencoded' [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, kvform_token] @@ -24,9 +24,10 @@ [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, facebook_token] when 'from_microsoft' [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, microsoft_token] + else raise ArgumentError, "Bad @mode: #{@mode}" end end - stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def', 'code' => 'sushi', 'grant_type' => 'authorization_code') do |env| + stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def', 'code' => 'sushi', 'grant_type' => 'authorization_code') do |_env| case @mode when 'formencoded' [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, kvform_token] @@ -34,9 +35,10 @@ [200, {'Content-Type' => 'application/json'}, json_token] when 'from_facebook' [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, facebook_token] + else raise ArgumentError, "Bad @mode: #{@mode}" end end - stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def', 'code' => 'sushi', 'grant_type' => 'authorization_code', 'redirect_uri' => redirect_uri) do |env| + stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def', 'code' => 'sushi', 'grant_type' => 'authorization_code', 'redirect_uri' => redirect_uri) do |_env| [200, {'Content-Type' => 'application/json'}, json_token] end end diff --git a/spec/oauth2/strategy/client_credentials_spec.rb b/spec/oauth2/strategy/client_credentials_spec.rb index 85ebca75..d261aa43 100644 --- a/spec/oauth2/strategy/client_credentials_spec.rb +++ b/spec/oauth2/strategy/client_credentials_spec.rb @@ -18,14 +18,16 @@ [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, kvform_token] when 'json' [200, {'Content-Type' => 'application/json'}, json_token] + else raise ArgumentError, "Bad @mode: #{@mode}" end end - stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def', 'grant_type' => 'client_credentials') do |env| + stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def', 'grant_type' => 'client_credentials') do |_env| case @mode when 'formencoded' [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, kvform_token] when 'json' [200, {'Content-Type' => 'application/json'}, json_token] + else raise ArgumentError, "Bad @mode: #{@mode}" end end end diff --git a/spec/oauth2/strategy/password_spec.rb b/spec/oauth2/strategy/password_spec.rb index 47e54c77..daee6f58 100644 --- a/spec/oauth2/strategy/password_spec.rb +++ b/spec/oauth2/strategy/password_spec.rb @@ -7,12 +7,13 @@ cli = OAuth2::Client.new('abc', 'def', site: 'http://api.example.com/') cli.connection.build do |b| b.adapter :test do |stub| - stub.post('/oauth/token') do |env| + stub.post('/oauth/token') do |_env| case @mode when 'formencoded' [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, 'expires_in=600&access_token=salmon&refresh_token=trout'] when 'json' [200, {'Content-Type' => 'application/json'}, '{"expires_in":600,"access_token":"salmon","refresh_token":"trout"}'] + else raise ArgumentError, "Bad @mode: #{@mode}" end end end diff --git a/spec/oauth2/version_spec.rb b/spec/oauth2/version_spec.rb index 39a1c295..454a5f7c 100644 --- a/spec/oauth2/version_spec.rb +++ b/spec/oauth2/version_spec.rb @@ -5,7 +5,19 @@ expect(described_class).not_to be nil end + it 'can be a string' do + expect(described_class.to_s).to be_a(String) + end + + it 'allows Constant access' do + expect(described_class::VERSION).to be_a(String) + end + it 'is greater than 0.1.0' do expect(Gem::Version.new(described_class) > Gem::Version.new('0.1.0')).to be(true) end + + it 'is pre-release' do + expect(Gem::Version.new(described_class).prerelease?).to be(true) + end end From 33ab7ed6b68a64738d6f48c5cc1fd7aa68538320 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 21:38:16 -0600 Subject: [PATCH 018/645] Cleanup --- CODE_OF_CONDUCT.md | 151 +++++++++++++++++++++++++++++++-------------- LICENSE | 2 +- oauth2.gemspec | 7 +-- 3 files changed, 109 insertions(+), 51 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 395b407d..99ab478b 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,74 +1,133 @@ + # Contributor Covenant Code of Conduct ## Our Pledge -In the interest of fostering an open and welcoming environment, we as -contributors and maintainers pledge to making participation in our project and -our community a harassment-free experience for everyone, regardless of age, body -size, disability, ethnicity, gender identity and expression, level of experience, -nationality, personal appearance, race, religion, or sexual identity and -orientation. +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. ## Our Standards -Examples of behavior that contributes to creating a positive environment -include: +Examples of behavior that contributes to a positive environment for our +community include: -* Using welcoming and inclusive language -* Being respectful of differing viewpoints and experiences -* Gracefully accepting constructive criticism -* Focusing on what is best for the community -* Showing empathy towards other community members +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the + overall community -Examples of unacceptable behavior by participants include: +Examples of unacceptable behavior include: -* The use of sexualized language or imagery and unwelcome sexual attention or -advances -* Trolling, insulting/derogatory comments, and personal or political attacks +* The use of sexualized language or imagery, and sexual attention or + advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks * Public or private harassment -* Publishing others' private information, such as a physical or electronic - address, without explicit permission +* Publishing others' private information, such as a physical or email + address, without their explicit permission * Other conduct which could reasonably be considered inappropriate in a professional setting -## Our Responsibilities +## Enforcement Responsibilities -Project maintainers are responsible for clarifying the standards of acceptable -behavior and are expected to take appropriate and fair corrective action in -response to any instances of unacceptable behavior. +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. -Project maintainers have the right and responsibility to remove, edit, or -reject comments, commits, code, wiki edits, issues, and other contributions -that are not aligned to this Code of Conduct, or to ban temporarily or -permanently any contributor for other behaviors that they deem inappropriate, -threatening, offensive, or harmful. +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. ## Scope -This Code of Conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. Examples of -representing a project or community include using an official project e-mail -address, posting via an official social media account, or acting as an appointed -representative at an online or offline event. Representation of a project may be -further defined and clarified by project maintainers. +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at peter.boling@gmail.com. All -complaints will be reviewed and investigated and will result in a response that -is deemed necessary and appropriate to the circumstances. The project team is -obligated to maintain confidentiality with regard to the reporter of an incident. -Further details of specific enforcement policies may be posted separately. +reported to the community leaders responsible for enforcement at +[INSERT CONTACT METHOD]. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning -Project maintainers who do not follow or enforce the Code of Conduct in good -faith may face temporary or permanent repercussions as determined by other -members of the project's leadership. +**Community Impact**: A violation through a single incident or series +of actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or +permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within +the community. ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, -available at [http://contributor-covenant.org/version/1/4][version] +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.0, available at +[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0]. + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. + +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][FAQ]. Translations are available +at [https://www.contributor-covenant.org/translations][translations]. -[homepage]: http://contributor-covenant.org -[version]: http://contributor-covenant.org/version/1/4/ +[homepage]: https://www.contributor-covenant.org +[v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html +[Mozilla CoC]: https://github.com/mozilla/diversity +[FAQ]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations diff --git a/LICENSE b/LICENSE index 6dda5ca1..96eb4e8f 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ MIT License Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc. -Copyright (c) 2017 - 2018 oauth-xx organization, https://github.com/oauth-xx +Copyright (c) 2017 - 2021 oauth-xx organization, https://github.com/oauth-xx Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/oauth2.gemspec b/oauth2.gemspec index faaa535b..e82d8a73 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -18,7 +18,7 @@ Gem::Specification.new do |spec| spec.homepage = 'https://github.com/oauth-xx/oauth2' spec.licenses = %w[MIT] spec.name = 'oauth2' - spec.required_ruby_version = '>= 1.9.0' + spec.required_ruby_version = '>= 2.2.0' spec.required_rubygems_version = '>= 1.3.5' spec.summary = 'A Ruby wrapper for the OAuth 2.0 protocol.' spec.version = OAuth2::Version @@ -33,10 +33,9 @@ Gem::Specification.new do |spec| spec.require_paths = %w[lib] spec.bindir = 'exe' + spec.files = Dir['lib/**/*', 'LICENSE', 'README.md', 'CHANGELOG.md', 'CODE_OF_CONDUCT.md'] + spec.test_files = Dir['spec/**/*'] spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } - spec.files = `git ls-files -z`.split("\x0").reject do |f| - f.match(%r{^(bin|test|spec|features)/}) - end spec.add_development_dependency 'addressable', '~> 2.3' spec.add_development_dependency 'backports', '~> 3.11' From 18029b07ca72c6fa371a0abe6ef0b60a1a4b7d5f Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 21:40:43 -0600 Subject: [PATCH 019/645] Linting --- oauth2.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index e82d8a73..8ad7ddd0 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -35,7 +35,7 @@ Gem::Specification.new do |spec| spec.bindir = 'exe' spec.files = Dir['lib/**/*', 'LICENSE', 'README.md', 'CHANGELOG.md', 'CODE_OF_CONDUCT.md'] spec.test_files = Dir['spec/**/*'] - spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } + spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } spec.add_development_dependency 'addressable', '~> 2.3' spec.add_development_dependency 'backports', '~> 3.11' From ef3fc7465c03263f08a944ef93c383ba6ee2db15 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 21:53:22 -0600 Subject: [PATCH 020/645] Document 1.4.7 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 51658523..8af11281 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ If you need the readme for a released version of the gem please find it below: | Version | Release Date | Readme | |----------|--------------|----------------------------------------------------------| +| 1.4.7 | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.7/README.md | | 1.4.6 | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.6/README.md | | 1.4.5 | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.5/README.md | | 1.4.4 | Feb 12, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.4/README.md | From cabbe9e54369e1058e51a63ef72a572a6c20794f Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 21:54:02 -0600 Subject: [PATCH 021/645] CHANGELOG --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 89f46bc5..a880f48a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,10 @@ All notable changes to this project will be documented in this file. - Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params (@dfockler) +## [1.4.7] - 2021-03-18 + +- [#541](https://github.com/oauth-xx/oauth2/pull/541) - Backport fix to expires_at handling [#533](https://github.com/oauth-xx/oauth2/pull/533) to 1-4-stable branch. (@dobon) + ## [1.4.6] - 2021-03-18 - [#540](https://github.com/oauth-xx/oauth2/pull/540) - Add VERSION constant (@pboling) From 422d3132343227cec84d5d34a7a8ce4825439bdb Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 21:57:06 -0600 Subject: [PATCH 022/645] Travis.com --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8af11281..543f1662 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ If you need the readme for a released version of the gem please find it below: [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=shield)][fossa1] [gem]: https://rubygems.org/gems/oauth2 -[travis]: https://travis-ci.com/oauth-xx/oauth2 +[travis]: https://travis-ci.org/oauth-xx/oauth2 [github-actions]: https://actions-badge.atrox.dev/oauth-xx/oauth2/goto [coveralls]: https://coveralls.io/r/oauth-xx/oauth2 [codeclimate-maintainability]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability From 86f4e74d5d40fc3aa027f767c03b191fa4f0355c Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Thu, 9 Sep 2021 09:08:26 -0700 Subject: [PATCH 023/645] Raise an error if Location header not present for redirection (#550) We saw this when trying to use Azure Government Cloud. When `https://graph.microsoft.com/v1.0/me` was used instead of `https://graph.microsoft.us/v1.0/me`, Azure returned a 302 response with no `Location` header. As a result, the OAuth2 client would mysteriously try to make a GET request to `http:/`, which would fail in Net::HTTP: ``` NoMethodError (undefined method `include?' for nil:NilClass): /opt/gitlab/embedded/lib/ruby/2.7.0/net/http.rb:1650:in `addr_port' /opt/gitlab/embedded/lib/ruby/2.7.0/net/http.rb:1585:in `begin_transport' /opt/gitlab/embedded/lib/ruby/2.7.0/net/http.rb:1518:in `transport_request' /opt/gitlab/embedded/lib/ruby/2.7.0/net/http.rb:1492:in `request' ``` --- lib/oauth2/client.rb | 8 +++++++- spec/oauth2/client_spec.rb | 5 +++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index a97396c1..18d0533a 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -116,7 +116,13 @@ def request(verb, url, opts = {}) # rubocop:disable Metrics/CyclomaticComplexity verb = :get opts.delete(:body) end - request(verb, response.headers['location'], opts) + location = response.headers['location'] + if location + request(verb, location, opts) + else + error = Error.new(response) + raise(error, "Got #{response.status} status code, but no Location header was present") + end when 200..299, 300..399 # on non-redirecting 3xx statuses, just return the response response diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index b49a490f..a6552c11 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -13,6 +13,7 @@ stub.get('/unauthorized') { |_env| [401, {'Content-Type' => 'application/json'}, MultiJson.encode(error: error_value, error_description: error_description_value)] } stub.get('/conflict') { |_env| [409, {'Content-Type' => 'text/plain'}, 'not authorized'] } stub.get('/redirect') { |_env| [302, {'Content-Type' => 'text/plain', 'location' => '/success'}, ''] } + stub.get('/redirect_no_loc') { |_env| [302, {'Content-Type' => 'text/plain'}, ''] } stub.post('/redirect') { |_env| [303, {'Content-Type' => 'text/plain', 'location' => '/reflect'}, ''] } stub.get('/error') { |_env| [500, {'Content-Type' => 'text/plain'}, 'unknown error'] } stub.get('/empty_get') { |_env| [204, {}, nil] } @@ -363,6 +364,10 @@ expect(response.status).to eq(200) end + it 'raises an error if a redirect has no Location header' do + expect { subject.request(:get, '/redirect_no_loc') }.to raise_error(OAuth2::Error, 'Got 302 status code, but no Location header was present') + end + it 'obeys the :max_redirects option' do max_redirects = subject.options[:max_redirects] subject.options[:max_redirects] = 0 From b9ebaec9b5c8be3e1999f4f7d325657ad48e7b0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Rosick=C3=BD?= Date: Thu, 9 Sep 2021 18:09:18 +0200 Subject: [PATCH 024/645] missing require (#552) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Pavel Rosický --- lib/oauth2.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/oauth2.rb b/lib/oauth2.rb index a772b4ae..3363cd6f 100644 --- a/lib/oauth2.rb +++ b/lib/oauth2.rb @@ -5,6 +5,7 @@ require 'time' # includes gem files +require 'oauth2/version' require 'oauth2/error' require 'oauth2/snaky_hash' require 'oauth2/authenticator' From c3db1800b8abb5c94dd1155cf891318db7de16df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Rosick=C3=BD?= Date: Thu, 9 Sep 2021 18:10:52 +0200 Subject: [PATCH 025/645] skip coverage on non-mri (#551) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Pavel Rosický --- Gemfile | 2 +- spec/helper.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 8d5a7de4..725ee9bb 100644 --- a/Gemfile +++ b/Gemfile @@ -35,7 +35,7 @@ group :development, :test do gem 'rubocop-rake', platform: :mri gem 'rubocop-rspec', platform: :mri - gem 'coveralls' + gem 'coveralls', platform: :mri gem 'simplecov', platform: :mri end end diff --git a/spec/helper.rb b/spec/helper.rb index 46940b76..02f3fb6d 100644 --- a/spec/helper.rb +++ b/spec/helper.rb @@ -10,7 +10,7 @@ # No need to get coverage for older versions of Ruby coverable_version = Gem::Version.new('2.7') -if ruby_version >= coverable_version +if ruby_version >= coverable_version && RUBY_ENGINE == "ruby" require 'simplecov' require 'coveralls' SimpleCov.formatters = SimpleCov::Formatter::MultiFormatter.new([ From b575388523c3c156934b1516ece3413c22566adf Mon Sep 17 00:00:00 2001 From: Nicholas Palaniuk Date: Thu, 9 Sep 2021 11:14:18 -0500 Subject: [PATCH 026/645] Rescue Faraday::ConnectionFailed (#152) (#549) --- lib/oauth2/client.rb | 13 ++++++++++--- spec/oauth2/client_spec.rb | 16 ++++++++++++++++ 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 18d0533a..60e1bb74 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -4,6 +4,7 @@ require 'logger' module OAuth2 + ConnectionError = Class.new(StandardError) # The OAuth2::Client class class Client # rubocop:disable Metrics/ClassLength RESERVED_PARAM_KEYS = %w[headers parse].freeze @@ -100,10 +101,16 @@ def token_url(https://github.com/params%20=%20nil) # @yield [req] The Faraday request def request(verb, url, opts = {}) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/AbcSize url = connection.build_https://github.com/url(url).to_s - response = connection.run_request(verb, url, opts[:body], opts[:headers]) do |req| - req.params.update(opts[:params]) if opts[:params] - yield(req) if block_given? + + begin + response = connection.run_request(verb, url, opts[:body], opts[:headers]) do |req| + req.params.update(opts[:params]) if opts[:params] + yield(req) if block_given? + end + rescue Faraday::ConnectionFailed => e + raise ConnectionError.new(e) end + response = Response.new(response, parse: opts[:parse]) case response.status diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index a6552c11..1d0164e8 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -412,6 +412,22 @@ expect(ex.to_s).to match(/unknown error/) end end + + context 'when errors are raised by Faraday' do + let(:connection) { instance_double(Faraday::Connection, build_url: double) } + + it 'rescues Faraday::ConnectionFailed' do + allow(connection).to( + receive(:run_request).and_raise(Faraday::ConnectionFailed.new('fail')) + ) + allow(subject).to receive(:connection).and_return(connection) # rubocop:disable RSpec/SubjectStub + + expect { subject.request(:get, '/redirect') }.to raise_error do |e| + expect(e.class).to eq(OAuth2::ConnectionError) + expect(e.message).to eq('fail') + end + end + end end describe '#get_token' do From 1940e9ad6f395b2fb80f09e4140d17fe0344325a Mon Sep 17 00:00:00 2001 From: Jan Zaydowicz Date: Thu, 9 Sep 2021 18:14:44 +0200 Subject: [PATCH 027/645] feat: add support parsing for application/problem+json (#553) application/problem+json is an extension of the application/json format to describe errors in an standardized way. --- lib/oauth2/response.rb | 2 +- spec/oauth2/response_spec.rb | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index 1008c0b7..e455363c 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -128,6 +128,6 @@ def parser MultiXml.parse(body) rescue body # rubocop:disable Style/RescueModifier end -OAuth2::Response.register_parser(:json, ['application/json', 'text/javascript', 'application/hal+json', 'application/vnd.collection+json', 'application/vnd.api+json']) do |body| +OAuth2::Response.register_parser(:json, ['application/json', 'text/javascript', 'application/hal+json', 'application/vnd.collection+json', 'application/vnd.api+json', 'application/problem+json']) do |body| MultiJson.decode(body) rescue body # rubocop:disable Style/RescueModifier end diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb index ad82b5c1..055a6b6a 100644 --- a/spec/oauth2/response_spec.rb +++ b/spec/oauth2/response_spec.rb @@ -122,6 +122,16 @@ expect(subject.parsed['answer']).to eq(42) end + it 'parses application/problem+json body' do + headers = {'Content-Type' => 'application/problem+json'} + body = MultiJson.encode(type: 'https://tools.ietf.org/html/rfc7231#section-6.5.4', title: 'Not Found') + response = double('response', headers: headers, body: body) + subject = described_class.new(response) + expect(subject.parsed.keys.size).to eq(2) + expect(subject.parsed['type']).to eq('https://tools.ietf.org/html/rfc7231#section-6.5.4') + expect(subject.parsed['title']).to eq('Not Found') + end + it "doesn't try to parse other content-types" do headers = {'Content-Type' => 'text/html'} body = '' From 26ba9b7b44c2ec982e547ebab7fbd6543e7f55d2 Mon Sep 17 00:00:00 2001 From: Benjamin Quorning <22333+bquorning@users.noreply.github.com> Date: Mon, 14 Feb 2022 19:44:16 +0100 Subject: [PATCH 028/645] =?UTF-8?q?=F0=9F=94=80=20Lock=20RuboCop=20minor?= =?UTF-8?q?=20version=20(#567)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Lock RuboCop version with ~> When contributing a feature or bugfix, you shouldn't have to deal with fixing errors from an unrelated RuboCop update. * Fix various new RuboCop offenses --- .rubocop.yml | 8 +++++ .rubocop_todo.yml | 29 +++++++++---------- Gemfile | 12 ++++---- lib/oauth2/client.rb | 2 +- spec/examples/google_spec.rb | 2 -- spec/helper.rb | 2 +- spec/oauth2/error_spec.rb | 3 +- spec/oauth2/response_spec.rb | 4 +-- .../strategy/client_credentials_spec.rb | 2 +- 9 files changed, 35 insertions(+), 29 deletions(-) diff --git a/.rubocop.yml b/.rubocop.yml index 12f32c41..1b266cac 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -85,6 +85,14 @@ Style/EmptyMethod: Style/Encoding: Enabled: false +# Does not work with older rubies +Style/MapToHash: + Enabled: false + +# Does not work with older rubies +Style/RedundantBegin: + Enabled: false + Style/TrailingCommaInArrayLiteral: EnforcedStyleForMultiline: comma diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index ab1cf691..1167567e 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,11 +1,19 @@ # This configuration was generated by # `rubocop --auto-gen-config` -# on 2021-03-18 21:07:13 UTC using RuboCop version 1.11.0. +# on 2022-02-05 22:10:31 UTC using RuboCop version 1.25.1. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new # versions of RuboCop, may require this file to be generated again. +# Offense count: 1 +# Cop supports --auto-correct. +# Configuration parameters: Include. +# Include: **/*.gemspec +Gemspec/RequireMFA: + Exclude: + - 'oauth2.gemspec' + # Offense count: 1 # Configuration parameters: AllowedMethods. # AllowedMethods: enums @@ -13,7 +21,7 @@ Lint/ConstantDefinitionInBlock: Exclude: - 'spec/oauth2/access_token_spec.rb' -# Offense count: 5 +# Offense count: 6 # Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods. # IgnoredMethods: refine Metrics/BlockLength: @@ -24,7 +32,7 @@ Metrics/BlockLength: Metrics/CyclomaticComplexity: Max: 8 -# Offense count: 1 +# Offense count: 6 # Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods. Metrics/MethodLength: Max: 18 @@ -43,11 +51,6 @@ Naming/VariableNumber: - 'spec/oauth2/mac_token_spec.rb' - 'spec/oauth2/response_spec.rb' -# Offense count: 1 -Packaging/GemspecGit: - Exclude: - - 'oauth2.gemspec' - # Offense count: 2 # Configuration parameters: MinSize. Performance/CollectionLiteralInLoop: @@ -55,7 +58,7 @@ Performance/CollectionLiteralInLoop: - 'spec/oauth2/strategy/auth_code_spec.rb' - 'spec/oauth2/strategy/client_credentials_spec.rb' -# Offense count: 17 +# Offense count: 18 # Configuration parameters: Prefixes. # Prefixes: when, with, without RSpec/ContextWording: @@ -70,17 +73,13 @@ RSpec/LeakyConstantDeclaration: Exclude: - 'spec/oauth2/access_token_spec.rb' -# Offense count: 27 +# Offense count: 26 # Configuration parameters: AllowSubject. RSpec/MultipleMemoizedHelpers: Max: 10 # Offense count: 1 +# Cop supports --auto-correct. Rake/Desc: Exclude: - 'Rakefile' - -# Offense count: 1 -Style/MixinUsage: - Exclude: - - 'spec/helper.rb' diff --git a/Gemfile b/Gemfile index 725ee9bb..20b97285 100644 --- a/Gemfile +++ b/Gemfile @@ -28,12 +28,12 @@ group :development, :test do if ruby_version >= Gem::Version.new('2.7') # No need to run rubocop or simplecov on earlier versions - gem 'rubocop', '~> 1.9', platform: :mri - gem 'rubocop-md', platform: :mri - gem 'rubocop-packaging', platform: :mri - gem 'rubocop-performance', platform: :mri - gem 'rubocop-rake', platform: :mri - gem 'rubocop-rspec', platform: :mri + gem 'rubocop', '~> 1.25.1', platform: :mri + gem 'rubocop-md', '~> 1.0.1', platform: :mri + gem 'rubocop-packaging', '~> 0.5.1', platform: :mri + gem 'rubocop-performance', '~> 1.13.2', platform: :mri + gem 'rubocop-rake', '~> 0.6.0', platform: :mri + gem 'rubocop-rspec', '~> 2.8.0', platform: :mri gem 'coveralls', platform: :mri gem 'simplecov', platform: :mri diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 60e1bb74..2032445a 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -108,7 +108,7 @@ def request(verb, url, opts = {}) # rubocop:disable Metrics/CyclomaticComplexity yield(req) if block_given? end rescue Faraday::ConnectionFailed => e - raise ConnectionError.new(e) + raise ConnectionError, e end response = Response.new(response, parse: opts[:parse]) diff --git a/spec/examples/google_spec.rb b/spec/examples/google_spec.rb index e550f95d..d7555674 100644 --- a/spec/examples/google_spec.rb +++ b/spec/examples/google_spec.rb @@ -51,7 +51,6 @@ let(:algorithm) { 'RS256' } # Per Google: "Service accounts rely on the RSA SHA-256 algorithm" - # rubocop:disable Style/RedundantBegin let(:key) do begin OpenSSL::PKCS12.new(File.read('spec/fixtures/google_service_account_key.p12'), 'notasecret').key @@ -63,7 +62,6 @@ OpenSSL::PKey::RSA.new(1024) end end - # rubocop:enable Style/RedundantBegin # Per Google: # "Take note of the service account's email address and store the service account's P12 private key file in a diff --git a/spec/helper.rb b/spec/helper.rb index 02f3fb6d..66683744 100644 --- a/spec/helper.rb +++ b/spec/helper.rb @@ -10,7 +10,7 @@ # No need to get coverage for older versions of Ruby coverable_version = Gem::Version.new('2.7') -if ruby_version >= coverable_version && RUBY_ENGINE == "ruby" +if ruby_version >= coverable_version && RUBY_ENGINE == 'ruby' require 'simplecov' require 'coveralls' SimpleCov.formatters = SimpleCov::Formatter::MultiFormatter.new([ diff --git a/spec/oauth2/error_spec.rb b/spec/oauth2/error_spec.rb index bb04454f..989c68f7 100644 --- a/spec/oauth2/error_spec.rb +++ b/spec/oauth2/error_spec.rb @@ -2,7 +2,8 @@ # frozen_string_literal: true RSpec.describe OAuth2::Error do - let(:subject) { described_class.new(response) } + subject { described_class.new(response) } + let(:response) do raw_response = Faraday::Response.new( status: 418, diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb index 055a6b6a..e4bafdfb 100644 --- a/spec/oauth2/response_spec.rb +++ b/spec/oauth2/response_spec.rb @@ -1,13 +1,13 @@ # frozen_string_literal: true RSpec.describe OAuth2::Response do + subject { described_class.new(raw_response) } + let(:raw_response) { Faraday::Response.new(status: status, response_headers: headers, body: body) } let(:status) { 200 } let(:headers) { {'foo' => 'bar'} } let(:body) { 'foo' } - let(:subject) { described_class.new(raw_response) } - describe '#initialize' do it 'returns the status, headers and body' do expect(subject.headers).to eq(headers) diff --git a/spec/oauth2/strategy/client_credentials_spec.rb b/spec/oauth2/strategy/client_credentials_spec.rb index d261aa43..7b32d5b2 100644 --- a/spec/oauth2/strategy/client_credentials_spec.rb +++ b/spec/oauth2/strategy/client_credentials_spec.rb @@ -11,7 +11,7 @@ builder.adapter :test do |stub| stub.post('/oauth/token', 'grant_type' => 'client_credentials') do |env| client_id, client_secret = Base64.decode64(env[:request_headers]['Authorization'].split(' ', 2)[1]).split(':', 2) - client_id == 'abc' && client_secret == 'def' || raise(Faraday::Adapter::Test::Stubs::NotFound) + (client_id == 'abc' && client_secret == 'def') || raise(Faraday::Adapter::Test::Stubs::NotFound) @last_headers = env[:request_headers] case @mode when 'formencoded' From 67cf1d65e4e622f21a46d62796181f209bddac8f Mon Sep 17 00:00:00 2001 From: Benjamin Quorning <22333+bquorning@users.noreply.github.com> Date: Mon, 14 Feb 2022 19:44:53 +0100 Subject: [PATCH 029/645] Remove development_dependency wwtd (#566) Last use of wwtd was removed in ebe95171c3d34b9f8f4a4dfdca2e5094efc2dee. --- oauth2.gemspec | 1 - 1 file changed, 1 deletion(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index 8ad7ddd0..62b31755 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -47,5 +47,4 @@ Gem::Specification.new do |spec| spec.add_development_dependency 'rspec-pending_for' spec.add_development_dependency 'rspec-stubbed_env' spec.add_development_dependency 'silent_stream' - spec.add_development_dependency 'wwtd' end From 15071316df422cb4dafd7ece3c5871a44c1320c6 Mon Sep 17 00:00:00 2001 From: Bouke van der Bijl Date: Mon, 14 Feb 2022 18:45:46 +0000 Subject: [PATCH 030/645] =?UTF-8?q?=F0=9F=94=80=20Don't=20set=20auth=20par?= =?UTF-8?q?ams=20if=20they=20are=20nil=20(#560)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/oauth2/authenticator.rb | 9 +++++++-- spec/oauth2/authenticator_spec.rb | 8 ++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/lib/oauth2/authenticator.rb b/lib/oauth2/authenticator.rb index 1ac10ddc..5820621f 100644 --- a/lib/oauth2/authenticator.rb +++ b/lib/oauth2/authenticator.rb @@ -45,13 +45,18 @@ def self.encode_basic_auth(user, password) # Adds client_id and client_secret request parameters if they are not # already set. def apply_params_auth(params) - {'client_id' => id, 'client_secret' => secret}.merge(params) + result = {} + result['client_id'] = id unless id.nil? + result['client_secret'] = secret unless secret.nil? + result.merge(params) end # When using schemes that don't require the client_secret to be passed i.e TLS Client Auth, # we don't want to send the secret def apply_client_id(params) - {'client_id' => id}.merge(params) + result = {} + result['client_id'] = id unless id.nil? + result.merge(params) end # Adds an `Authorization` header with Basic Auth credentials if and only if diff --git a/spec/oauth2/authenticator_spec.rb b/spec/oauth2/authenticator_spec.rb index fcaa5a5f..58d3daff 100644 --- a/spec/oauth2/authenticator_spec.rb +++ b/spec/oauth2/authenticator_spec.rb @@ -39,6 +39,14 @@ ) end + context 'passing nil secret' do + let(:client_secret) { nil } + it 'does not set nil client_secret' do + output = subject.apply({}) + expect(output).to eq('client_id' => 'foo') + end + end + context 'using tls client authentication' do let(:mode) { :tls_client_auth } From 21f303de1026d149adb01d106476421d6400fc96 Mon Sep 17 00:00:00 2001 From: Ryo Takahashi Date: Tue, 15 Feb 2022 03:46:39 +0900 Subject: [PATCH 031/645] Fix spec for support faraday 2 (#561) Co-authored-by: Ryo Takahashi --- oauth2.gemspec | 2 +- spec/examples/google_spec.rb | 5 +++-- spec/oauth2/client_spec.rb | 2 +- spec/oauth2/strategy/assertion_spec.rb | 17 +++++++++-------- spec/oauth2/strategy/password_spec.rb | 3 ++- 5 files changed, 16 insertions(+), 13 deletions(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index 62b31755..b4327e71 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -6,7 +6,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) require 'oauth2/version' Gem::Specification.new do |spec| - spec.add_dependency 'faraday', ['>= 0.8', '< 2.0'] + spec.add_dependency 'faraday', ['>= 1.0', '< 3.0'] spec.add_dependency 'jwt', ['>= 1.0', '< 3.0'] spec.add_dependency 'multi_json', '~> 1.3' spec.add_dependency 'multi_xml', '~> 0.5' diff --git a/spec/examples/google_spec.rb b/spec/examples/google_spec.rb index d7555674..cf1aa7ee 100644 --- a/spec/examples/google_spec.rb +++ b/spec/examples/google_spec.rb @@ -70,10 +70,11 @@ let(:encoding_options) { {key: key, algorithm: algorithm} } before do - client.connection.build do |builder| + client.connection = Faraday.new(client.site, client.options[:connection_opts]) do |builder| + builder.request :url_encoded builder.adapter :test do |stub| stub.post('https://accounts.google.com/o/oauth2/token') do |token_request| - @request_body = token_request.body + @request_body = Rack::Utils.parse_nested_query(token_request.body).transform_keys(&:to_sym) [ 200, diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 1d0164e8..a724bbc0 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -542,7 +542,7 @@ def stubbed_client(params = {}, &stubs) context 'with SSL options' do subject do cli = described_class.new('abc', 'def', site: 'https://api.example.com/', ssl: {ca_file: 'foo.pem'}) - cli.connection.build do |b| + cli.connection = Faraday.new(cli.site, cli.options[:connection_opts]) do |b| b.adapter :test end cli diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index 4eff574f..3631d75c 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -7,10 +7,11 @@ let(:client) do cli = OAuth2::Client.new('abc', 'def', site: 'http://api.example.com/', auth_scheme: auth_scheme) - cli.connection.build do |b| + cli.connection = Faraday.new(cli.site, cli.options[:connection_opts]) do |b| + b.request :url_encoded b.adapter :test do |stub| stub.post('/oauth/token') do |token_request| - @request_body = token_request.body + @request_body = Rack::Utils.parse_nested_query(token_request.body).transform_keys(&:to_sym) case @response_format when 'formencoded' @@ -159,22 +160,22 @@ it 'includes assertion and grant_type, along with the client parameters' do subject.get_token(claims, algorithm: algorithm, key: key) expect(@request_body).not_to be_nil - expect(@request_body.keys).to match_array([:assertion, :grant_type, 'client_id', 'client_secret']) + expect(@request_body.keys).to match_array(%i[assertion grant_type client_id client_secret]) expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') expect(@request_body[:assertion]).to be_a(String) - expect(@request_body['client_id']).to eq('abc') - expect(@request_body['client_secret']).to eq('def') + expect(@request_body[:client_id]).to eq('abc') + expect(@request_body[:client_secret]).to eq('def') end it 'includes other params via request_options' do subject.get_token(claims, {algorithm: algorithm, key: key}, scope: 'dover sole') expect(@request_body).not_to be_nil - expect(@request_body.keys).to match_array([:assertion, :grant_type, :scope, 'client_id', 'client_secret']) + expect(@request_body.keys).to match_array(%i[assertion grant_type scope client_id client_secret]) expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') expect(@request_body[:assertion]).to be_a(String) expect(@request_body[:scope]).to eq('dover sole') - expect(@request_body['client_id']).to eq('abc') - expect(@request_body['client_secret']).to eq('def') + expect(@request_body[:client_id]).to eq('abc') + expect(@request_body[:client_secret]).to eq('def') end end diff --git a/spec/oauth2/strategy/password_spec.rb b/spec/oauth2/strategy/password_spec.rb index daee6f58..040b6455 100644 --- a/spec/oauth2/strategy/password_spec.rb +++ b/spec/oauth2/strategy/password_spec.rb @@ -5,7 +5,8 @@ let(:client) do cli = OAuth2::Client.new('abc', 'def', site: 'http://api.example.com/') - cli.connection.build do |b| + cli.connection = Faraday.new(cli.site, cli.options[:connection_opts]) do |b| + b.request :url_encoded b.adapter :test do |stub| stub.post('/oauth/token') do |_env| case @mode From 7b452ac8148e44a04e506cfe9b6bca83f6364835 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 02:35:09 +0700 Subject: [PATCH 032/645] =?UTF-8?q?=F0=9F=93=9D=20=20Revise=20Ruby=20Suppo?= =?UTF-8?q?rt=20Matrix?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 543f1662..326a8e00 100644 --- a/README.md +++ b/README.md @@ -184,19 +184,13 @@ For information on supported Rubies for the current 1.x release of oauth2 see th ### Rubies with continued support past Oauth2 2.x -* Ruby 2.2 - Support ends with version 2.x series -* Ruby 2.3 - Support ends with version 3.x series - - [JRuby 9.1][jruby-9.1] (targets MRI v2.3) -* Ruby 2.4 - Support ends with version 4.x series -* Ruby 2.5 - Support ends with version 5.x series +* Ruby 2.5 - Support ends with version 3.x series - [JRuby 9.2][jruby-9.2] (targets MRI v2.5) - [truffleruby][truffleruby] (targets MRI 2.5) -* Ruby 2.6 - Support ends with version 6.x series -* Ruby 2.7 - Support ends with version 7.x series +* Ruby 2.6 - Support ends with version 3.x series? +* Ruby 2.7 - Support ends with version 4.x series? +* Ruby 3.0 - Support ends with version 5.x series? -[jruby-1.7]: https://www.jruby.org/2017/05/11/jruby-1-7-27.html -[jruby-9.0]: https://www.jruby.org/2016/01/26/jruby-9-0-5-0.html -[jruby-9.1]: https://www.jruby.org/2017/05/16/jruby-9-1-9-0.html [jruby-9.2]: https://www.jruby.org/2018/05/24/jruby-9-2-0-0.html [truffleruby]: https://github.com/oracle/truffleruby From 4d79264d5aa40b70f98419eafa382648f1df4e61 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 02:36:58 +0700 Subject: [PATCH 033/645] =?UTF-8?q?=F0=9F=94=A5=20Drop=20Rubies=20<=202.5?= =?UTF-8?q?=20for=202.x=20release?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/test.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4ef2d58a..e596ec1c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,13 +21,11 @@ jobs: fail-fast: false matrix: ruby: - - 3.0.0 + - 3.1 + - 3.0 - 2.7 - 2.6 - 2.5 - - 2.4 - - 2.3 - - 2.2 runs-on: ubuntu-20.04 continue-on-error: ${{ matrix.allow_failure || endsWith(matrix.ruby, 'head') }} steps: From e3c55393ca0515007c2ec3d25af03a804e50b630 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 05:34:47 +0700 Subject: [PATCH 034/645] =?UTF-8?q?=E2=9C=A8=20Add=20FUNDING.yml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/FUNDING.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 00000000..e21342e5 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,13 @@ +# These are supported funding model platforms + +github: [pboling] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] +patreon: galtzo # Replace with a single Patreon username +open_collective: # Replace with a single Open Collective username +ko_fi: pboling # Replace with a single Ko-fi username +tidelift: rubygems/oauth2 # Replace with a single Tidelift platform-name/package-name e.g., npm/babel +community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry +liberapay: pboling # Replace with a single Liberapay username +issuehunt: pboling # Replace with a single IssueHunt username +otechie: # Replace with a single Otechie username +lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry +custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] From 90924902461cfb84d2e7d685d5e56bddbb89cd5d Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 08:49:15 +0700 Subject: [PATCH 035/645] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20Require=20MFA?= =?UTF-8?q?=20to=20push=20gems?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- oauth2.gemspec | 1 + 1 file changed, 1 insertion(+) diff --git a/oauth2.gemspec b/oauth2.gemspec index b4327e71..91ff1bc8 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -29,6 +29,7 @@ Gem::Specification.new do |spec| 'documentation_uri' => "https://www.rubydoc.info/gems/oauth2/#{spec.version}", 'source_code_uri' => "https://github.com/oauth-xx/oauth2/tree/v#{spec.version}", 'wiki_uri' => 'https://github.com/oauth-xx/oauth2/wiki', + "rubygems_mfa_required" => "true" } spec.require_paths = %w[lib] From f65c53ba7dc88ebc61a5ba2c853c620afa4902f7 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 08:51:33 +0700 Subject: [PATCH 036/645] =?UTF-8?q?=E2=9C=A8=20Add=20Danger?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/danger.yml | 36 ++++++++++++++++++++++++ Dangerfile | 15 ++++++++++ Gemfile | 53 +++++++++++++++++++----------------- 3 files changed, 79 insertions(+), 25 deletions(-) create mode 100644 .github/workflows/danger.yml create mode 100644 Dangerfile diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml new file mode 100644 index 00000000..437c5d77 --- /dev/null +++ b/.github/workflows/danger.yml @@ -0,0 +1,36 @@ +name: What's up Danger? + +on: + pull_request: + branches: + - 'main' + - 'master' + - '*-stable' + +jobs: + danger: + runs-on: ubuntu-latest + if: github.event_name == 'pull_request' # if only run pull request when multiple trigger workflow + strategy: + fail-fast: false + matrix: + ruby: + - 2.7 + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Install cURL Headers + run: sudo apt-get install libcurl4-openssl-dev + - name: Setup Ruby & Bundle + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + bundler-cache: true + - uses: MeilCli/danger-action@v5 + with: + plugins_file: 'Gemfile' + install_path: 'vendor/bundle' + danger_file: 'Dangerfile' + danger_id: 'danger-pr' + env: + DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }} diff --git a/Dangerfile b/Dangerfile new file mode 100644 index 00000000..41c4b546 --- /dev/null +++ b/Dangerfile @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +# Ideas... +# 1. Check for hashtags in PR title, and disallow changes to changelog? +# e.g. github.pr_title.include? "#trivial" + +# Make it more obvious that a PR is a work in progress and shouldn't be merged yet +warn("PR is classed as Work in Progress") if github.pr_title.include? "[WIP]" + +# Warn when there is a big PR +warn("Big PR") if git.lines_of_code > 500 + +# Don't let testing shortcuts get into master by accident +raise("fdescribe left in tests") if `grep -r fdescribe specs/ `.length > 1 +raise("fit left in tests") if `grep -r fit specs/ `.length > 1 diff --git a/Gemfile b/Gemfile index 20b97285..4303cd9e 100644 --- a/Gemfile +++ b/Gemfile @@ -6,10 +6,34 @@ gemspec git_source(:github) { |repo_name| "https://github.com/#{repo_name}" } -ruby_version = Gem::Version.new(RUBY_VERSION) - -# No need to run byebug / pry on earlier versions -debuggable_version = Gem::Version.new('2.4') +platforms :mri do + ruby_version = Gem::Version.new(RUBY_VERSION) + minimum_version = ->(version) { ruby_version >= Gem::Version.new(version) && RUBY_ENGINE == "ruby" } + linting = minimum_version.call("2.7") + coverage = minimum_version.call("2.7") + debug = minimum_version.call("2.5") + if linting + gem "danger", "~> 8.4" + gem "rubocop", "~> 1.22" + gem "rubocop-md", "~> 1.0" + gem "rubocop-packaging", "~> 0.5" + gem "rubocop-performance", "~> 1.11" + gem "rubocop-rake", "~> 0.6" + gem "rubocop-rspec" + gem "rubocop-thread_safety", "~> 0.4" + end + if coverage + gem 'coveralls' + gem "simplecov" + gem "simplecov-cobertura" + end + if debug + # No need to run byebug / pry on earlier versions + gem 'byebug' + gem 'pry' + gem 'pry-byebug' + end +end ### deps for documentation and rdoc.info group :documentation do @@ -18,24 +42,3 @@ group :documentation do gem 'redcarpet', platform: :mri gem 'yard', require: false end - -group :development, :test do - if ruby_version >= debuggable_version - gem 'byebug', platform: :mri - gem 'pry', platform: :mri - gem 'pry-byebug', platform: :mri - end - - if ruby_version >= Gem::Version.new('2.7') - # No need to run rubocop or simplecov on earlier versions - gem 'rubocop', '~> 1.25.1', platform: :mri - gem 'rubocop-md', '~> 1.0.1', platform: :mri - gem 'rubocop-packaging', '~> 0.5.1', platform: :mri - gem 'rubocop-performance', '~> 1.13.2', platform: :mri - gem 'rubocop-rake', '~> 0.6.0', platform: :mri - gem 'rubocop-rspec', '~> 2.8.0', platform: :mri - - gem 'coveralls', platform: :mri - gem 'simplecov', platform: :mri - end -end From 3a7709642681dc14b38a5b26d3df157652a7e8e8 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 08:53:09 +0700 Subject: [PATCH 037/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20Style=20checks=20w?= =?UTF-8?q?ill=20run=20on=20ubuntu-latest=20as=20a=20canary?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/style.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml index fd211ace..539b3576 100644 --- a/.github/workflows/style.yml +++ b/.github/workflows/style.yml @@ -7,6 +7,7 @@ on: - 'master' - '*-maintenance' - '*-dev' + - '*-stable' tags: - '!*' # Do not execute on tags pull_request: @@ -22,16 +23,16 @@ jobs: matrix: ruby: - 2.7 - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 - - name: Setup Ruby + - name: Install cURL Headers + run: sudo apt-get install libcurl4-openssl-dev + - name: Setup Ruby & Bundle uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true - - name: Install dependencies - run: bundle install --jobs 3 --retry 3 - name: Run Rubocop - run: bundle exec rubocop -DESP \ No newline at end of file + run: bundle exec rubocop -DESP From 7be956fd397a3d47580efbfebee25906b5635aff Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 08:53:44 +0700 Subject: [PATCH 038/645] =?UTF-8?q?=E2=9C=A8=20Add=20Github's=20CodeQL?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/codeql-analysis.yml | 70 +++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000..5832ebea --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,70 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ master, main, "*-stable" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master, main, "*-stable" ] + schedule: + - cron: '35 1 * * 5' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'ruby' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://git.io/codeql-language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹ️ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 From 387e0b973cef1d1c371f895e98748cf098d1e6e7 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 09:56:55 +0700 Subject: [PATCH 039/645] =?UTF-8?q?=F0=9F=93=9D=20Upgrading=20README.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 126 +++++++++++++++++++++++++++++++++++------------------- 1 file changed, 81 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index 326a8e00..42e4a513 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,39 @@ +# OAuth2 + ⚠️ **_WARNING_**: You are viewing the README of the master branch which contains unreleased changes for version 2.0.0. Please help us reach the [2.0.0 release milestone](https://github.com/oauth-xx/oauth2/milestone/1) by submitting PRs, or reviewing PRs and issues. ---- +### Oauth2 gem is _always_ looking for additional maintainers. See [#307](https://github.com/oauth-xx/oauth2/issues/307). -# OAuth2 +## What + +
+ OAuth 2.0 logo +
+ OAuth 2.0 is the industry-standard protocol for authorization. + OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, + desktop applications, mobile phones, and living room devices. (more) + This is a RubyGem for implementing OAuth 2.0 clients and servers in Ruby applications. + See the sibling oauth gem for OAuth 1.0 implementations in Ruby. +
+
+ +## Release Documentation + +### Version 2.0.x + +
+ 2.0.x Readmes + +| Version | Release Date | Readme | +|---------|--------------|----------------------------------------------------------| +| 2.0.0 | Unreleased | https://github.com/oauth-xx/oauth2/blob/master/README.md | +
-If you need the readme for a released version of the gem please find it below: +### Older Releases + +
+ 1.4.x Readmes | Version | Release Date | Readme | |----------|--------------|----------------------------------------------------------| @@ -17,12 +45,28 @@ If you need the readme for a released version of the gem please find it below: | 1.4.2 | Oct 1, 2019 | https://github.com/oauth-xx/oauth2/blob/v1.4.2/README.md | | 1.4.1 | Oct 13, 2018 | https://github.com/oauth-xx/oauth2/blob/v1.4.1/README.md | | 1.4.0 | Jun 9, 2017 | https://github.com/oauth-xx/oauth2/blob/v1.4.0/README.md | +
+ +
+ 1.3.x Readmes + +| Version | Release Date | Readme | +|----------|--------------|----------------------------------------------------------| | 1.3.1 | Mar 3, 2017 | https://github.com/oauth-xx/oauth2/blob/v1.3.1/README.md | | 1.3.0 | Dec 27, 2016 | https://github.com/oauth-xx/oauth2/blob/v1.3.0/README.md | +
+ +
+ ≤= 1.2.x Readmes (2016 and before) + +| Version | Release Date | Readme | +|----------|--------------|----------------------------------------------------------| | 1.2.0 | Jun 30, 2016 | https://github.com/oauth-xx/oauth2/blob/v1.2.0/README.md | | 1.1.0 | Jan 30, 2016 | https://github.com/oauth-xx/oauth2/blob/v1.1.0/README.md | | 1.0.0 | May 23, 2014 | https://github.com/oauth-xx/oauth2/blob/v1.0.0/README.md | | < 1.0.0 | Find here | https://github.com/oauth-xx/oauth2/tags | +
+ [![Gem Version](http://img.shields.io/gem/v/oauth2.svg)][gem] [![Total Downloads](https://img.shields.io/gem/dt/oauth2.svg)][gem] @@ -49,10 +93,6 @@ If you need the readme for a released version of the gem please find it below: [code-triage]: https://www.codetriage.com/oauth-xx/oauth2 [fossa1]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_shield -### Oauth2 gem is looking for additional maintainers. See [#307](https://github.com/oauth-xx/oauth2/issues/307). - -A Ruby wrapper for the OAuth 2.0 specification. - ## Installation gem install oauth2 @@ -61,6 +101,37 @@ Or inside Gemfile gem 'oauth2' +## Compatibility + +Targeted ruby compatibility is non-EOL versions of Ruby, currently 2.7, 3.0 and +3.1. Compatibility is further distinguished by supported and unsupported versions of Ruby. +Ruby is limited to 2.2+ in the gemspec. The `master` branch currently targets 2.0.x releases. + +| Ruby OAuth 2 Version | Maintenance Branch | Officially Supported Rubies | Unofficially Supported Rubies | +|----------------------|--------------------|-----------------------------|-------------------------------| +| 2.0.x (hypothetical) | `master` | 2.7, 3.0, 3.1 | 2.6, 2.5 | +| 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | +| older | N/A | Best of luck to you! | Please upgrade! | + +NOTE: Once 2.0 is released, the 1.4 series will only receive critical bug and security updates. + +
+ Ruby Compatibility Policy + +If something doesn't work on one of these interpreters, it's a bug. + +This library may inadvertently work (or seem to work) on other Ruby +implementations, however support will only be provided for the versions listed +above. + +If you would like this library to support another Ruby version, you may +volunteer to be a maintainer. Being a maintainer entails making sure all tests +run and pass on that implementation. When something breaks on your +implementation, you will be responsible for providing patches in a timely +fashion. If critical issues for a particular implementation exist at the time +of a major release, support for that Ruby version may be dropped. +
+ ## Resources * [View Source on GitHub][code] * [Report Issues on GitHub][issues] @@ -85,7 +156,8 @@ response.class.name # => OAuth2::Response ``` -### DEBUGGING +
+ Debugging Set an environment variable, however you would [normally do that](https://github.com/bkeepers/dotenv). @@ -106,6 +178,7 @@ client = OAuth2::Client.new( logger: Logger.new('example.log', 'weekly') ) ``` +
## OAuth2::Response @@ -170,43 +243,6 @@ token = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost You can always use the `#request` method on the `OAuth2::Client` instance to make requests for tokens for any Authentication grant type. - -## Supported Ruby Versions - -This library aims to support and is [tested against][travis] the following Ruby -implementations: - -### Rubies with support ending at Oauth2 1.x - -For information on supported Rubies for the current 1.x release of oauth2 see the [README for 1.4.x](https://github.com/oauth-xx/oauth2/blob/1-4-stable/README.md) - ---- - -### Rubies with continued support past Oauth2 2.x - -* Ruby 2.5 - Support ends with version 3.x series - - [JRuby 9.2][jruby-9.2] (targets MRI v2.5) - - [truffleruby][truffleruby] (targets MRI 2.5) -* Ruby 2.6 - Support ends with version 3.x series? -* Ruby 2.7 - Support ends with version 4.x series? -* Ruby 3.0 - Support ends with version 5.x series? - -[jruby-9.2]: https://www.jruby.org/2018/05/24/jruby-9-2-0-0.html -[truffleruby]: https://github.com/oracle/truffleruby - -If something doesn't work on one of these interpreters, it's a bug. - -This library may inadvertently work (or seem to work) on other Ruby -implementations, however support will only be provided for the versions listed -above. - -If you would like this library to support another Ruby version, you may -volunteer to be a maintainer. Being a maintainer entails making sure all tests -run and pass on that implementation. When something breaks on your -implementation, you will be responsible for providing patches in a timely -fashion. If critical issues for a particular implementation exist at the time -of a major release, support for that Ruby version may be dropped. - ## Versioning This library aims to adhere to [Semantic Versioning 2.0.0][semver]. From c7d0fe97472fc01d05964c6e94ff65c3d7399618 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 10:00:59 +0700 Subject: [PATCH 040/645] =?UTF-8?q?=F0=9F=9A=A8=20Fix=20lints?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- Dangerfile | 8 ++++---- Gemfile | 28 ++++++++++++++-------------- oauth2.gemspec | 2 +- spec/oauth2/authenticator_spec.rb | 1 + 4 files changed, 20 insertions(+), 19 deletions(-) diff --git a/Dangerfile b/Dangerfile index 41c4b546..518ea63a 100644 --- a/Dangerfile +++ b/Dangerfile @@ -5,11 +5,11 @@ # e.g. github.pr_title.include? "#trivial" # Make it more obvious that a PR is a work in progress and shouldn't be merged yet -warn("PR is classed as Work in Progress") if github.pr_title.include? "[WIP]" +warn('PR is classed as Work in Progress') if github.pr_title.include? '[WIP]' # Warn when there is a big PR -warn("Big PR") if git.lines_of_code > 500 +warn('Big PR') if git.lines_of_code > 500 # Don't let testing shortcuts get into master by accident -raise("fdescribe left in tests") if `grep -r fdescribe specs/ `.length > 1 -raise("fit left in tests") if `grep -r fit specs/ `.length > 1 +raise('fdescribe left in tests') if `grep -r fdescribe specs/ `.length > 1 +raise('fit left in tests') if `grep -r fit specs/ `.length > 1 diff --git a/Gemfile b/Gemfile index 4303cd9e..8aea0468 100644 --- a/Gemfile +++ b/Gemfile @@ -8,24 +8,24 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}" } platforms :mri do ruby_version = Gem::Version.new(RUBY_VERSION) - minimum_version = ->(version) { ruby_version >= Gem::Version.new(version) && RUBY_ENGINE == "ruby" } - linting = minimum_version.call("2.7") - coverage = minimum_version.call("2.7") - debug = minimum_version.call("2.5") + minimum_version = ->(version) { ruby_version >= Gem::Version.new(version) && RUBY_ENGINE == 'ruby' } + linting = minimum_version.call('2.7') + coverage = minimum_version.call('2.7') + debug = minimum_version.call('2.5') if linting - gem "danger", "~> 8.4" - gem "rubocop", "~> 1.22" - gem "rubocop-md", "~> 1.0" - gem "rubocop-packaging", "~> 0.5" - gem "rubocop-performance", "~> 1.11" - gem "rubocop-rake", "~> 0.6" - gem "rubocop-rspec" - gem "rubocop-thread_safety", "~> 0.4" + gem 'danger', '~> 8.4' + gem 'rubocop', '~> 1.22' + gem 'rubocop-md', '~> 1.0' + gem 'rubocop-packaging', '~> 0.5' + gem 'rubocop-performance', '~> 1.11' + gem 'rubocop-rake', '~> 0.6' + gem 'rubocop-rspec' + gem 'rubocop-thread_safety', '~> 0.4' end if coverage gem 'coveralls' - gem "simplecov" - gem "simplecov-cobertura" + gem 'simplecov' + gem 'simplecov-cobertura' end if debug # No need to run byebug / pry on earlier versions diff --git a/oauth2.gemspec b/oauth2.gemspec index 91ff1bc8..a273b872 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -29,7 +29,7 @@ Gem::Specification.new do |spec| 'documentation_uri' => "https://www.rubydoc.info/gems/oauth2/#{spec.version}", 'source_code_uri' => "https://github.com/oauth-xx/oauth2/tree/v#{spec.version}", 'wiki_uri' => 'https://github.com/oauth-xx/oauth2/wiki', - "rubygems_mfa_required" => "true" + 'rubygems_mfa_required' => 'true', } spec.require_paths = %w[lib] diff --git a/spec/oauth2/authenticator_spec.rb b/spec/oauth2/authenticator_spec.rb index 58d3daff..74e1ff17 100644 --- a/spec/oauth2/authenticator_spec.rb +++ b/spec/oauth2/authenticator_spec.rb @@ -41,6 +41,7 @@ context 'passing nil secret' do let(:client_secret) { nil } + it 'does not set nil client_secret' do output = subject.apply({}) expect(output).to eq('client_id' => 'foo') From 1147a1f8bf3f983df98a1927ec0ec799c19da799 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 10:10:21 +0700 Subject: [PATCH 041/645] =?UTF-8?q?=F0=9F=90=9B=20Logo=20&=20text=20alignm?= =?UTF-8?q?ent?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 42e4a513..5c0ec3c6 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,18 @@ # OAuth2 -⚠️ **_WARNING_**: You are viewing the README of the master branch which contains unreleased changes for version 2.0.0. -Please help us reach the [2.0.0 release milestone](https://github.com/oauth-xx/oauth2/milestone/1) by submitting PRs, or reviewing PRs and issues. - -### Oauth2 gem is _always_ looking for additional maintainers. See [#307](https://github.com/oauth-xx/oauth2/issues/307). - ## What
- OAuth 2.0 logo + OAuth 2.0 logo
OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. (more) This is a RubyGem for implementing OAuth 2.0 clients and servers in Ruby applications. See the sibling oauth gem for OAuth 1.0 implementations in Ruby. + ⚠️ **_WARNING_**: You are viewing the README of the master branch which contains unreleased changes for version 2.0.0. + Please help us reach the 2.0.0 release milestone by submitting PRs, or reviewing PRs and issues. + Oauth2 gem is always looking for additional maintainers. See #307.
From d34c0c2b7b37053b1e6a423a39ec23424a59c05d Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 10:39:15 +0700 Subject: [PATCH 042/645] =?UTF-8?q?=E2=9C=A8=20Add=20Logo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 24 +++++++++++++++++------- docs/images/logo/oauth2-logo.png | Bin 0 -> 13391 bytes 2 files changed, 17 insertions(+), 7 deletions(-) create mode 100644 docs/images/logo/oauth2-logo.png diff --git a/README.md b/README.md index 5c0ec3c6..faf89466 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,31 @@ -# OAuth2 +

+ + OAuth 2.0 Logo + +

## What
- OAuth 2.0 logo + OAuth 2.0 logo
OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, - desktop applications, mobile phones, and living room devices. (more) + desktop applications, mobile phones, and living room devices. This is a RubyGem for implementing OAuth 2.0 clients and servers in Ruby applications. - See the sibling oauth gem for OAuth 1.0 implementations in Ruby. - ⚠️ **_WARNING_**: You are viewing the README of the master branch which contains unreleased changes for version 2.0.0. - Please help us reach the 2.0.0 release milestone by submitting PRs, or reviewing PRs and issues. - Oauth2 gem is always looking for additional maintainers. See #307. + ⚠️ **_WARNING_**: You are viewing the README of the master branch which contains unreleased changes for version 2.0.0 ⚠️
+ OAuth 2.0 logo
+--- + +* [OAuth 2.0 Spec](http://oauth.net/2/) +* [OAuth 1.0 sibling gem](https://github.com/oauth-xx/oauth-ruby) +* Help us reach the [2.0.0 release milestone](https://github.com/oauth-xx/oauth2/milestone/1) by submitting PRs, or reviewing PRs and issues. +* Oauth2 gem is _always_ looking for additional maintainers. See [#307](https://github.com/oauth-xx/oauth2/issues/307). + + ## Release Documentation ### Version 2.0.x diff --git a/docs/images/logo/oauth2-logo.png b/docs/images/logo/oauth2-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..41a8d35aa834108cdfb86d5b9d8eef369367c324 GIT binary patch literal 13391 zcmV-VG_cEwP);*gahA3bM0|@pO zijgSR5H$hG`#ry%`Olp1&F;Osmk@&7GxN;uzWqG^r=N4)9n81+Hs9vkRi`anxNwta zKJ%H|9B{w^dp-HdPu~BDPkiFS$3FJ4$3Nl`k666le*0bc;0Hf=<^Aq=zt#7-&wW*Brk+Uxk;ci(;CuDkBK{~hjdhrMon>sxQL_uhMNGMI1cS3BZ}BQ|@} zo8GkhYhU}?1uuX3%a4B1i(Yi{^Pm6xCC`5LvsWB+&_P`R-z`|MpnJj-p3pt|(U0yP z{_ux)1$cM=``^DSz`K3+*{8ev-S6HN=v@Ka?Xkxm-5u|E$8N_RcU-ak_S-MH?QL&+ z@-1(9%cF00vzslr@r`f1d);!g!F*eH?USGUD>s!0mz3z40%U<@ft^n^2IpmP;S$XYgS)3c z{pmwt*nj{1yL;dJ-b2t!!@F&_-L|{ct!~wAv&}YLK5u%{o36geO>T1D7F%p_!VPbD z!$UUSc;g-Gkv1I6x3%9+Ipvg{zy9^FFZ$vazj)ebKJ%HCpZ@fxyAOZ(!`-{z{qFAV zZ-0CDwzs{lJL;&Tx(|Hd1KkNHoX~yiTi@z_{No>Yzx?GdyYtUKzgxC!S@+k!{|~1`q#g@fB*a6 zq2cfU{O3Pi`+eogl|x#!YE^g1C6{!UUV3Tw-~ax%TfKU9*KY*lH^2E!_oXj=se9F{ zUNsbet+v{#E0DYET<1DnX?l0d4?FkV zb1(Sa?|wJbx&pl`(7PZ0@Q2;mXP@0IS+ZmZ@IU|g&k*hP*%ASu(Jin6f4J?k%PtG~ z9U2}NA?P>zfANc7bnkoL`@{r8ZLi1f3hbc}Y_P!w7u4^=inblhxACpa?hb$Z+ux2Y z;FbfaKp$%EuYdjP?zg}FZTE*i`~k>J^BPp=G0kg$?mB<^)1QXs{w;5LOLz3qN4w4t z{IVd-_RuAis~`xrj|81SjBB*tH7e2vJOaAU3k1;Awm z)F1!&NB(yRbm*dsF6#dBm%oe!9R+aa_`LJZ>mK;P2Mz(_Op?upNsg$H@+bopzQz;U0ifz(biXYpf~=}kA8G$ndoIq zH!UtRPP2gw?0g4)fVJIcfS*y*1Gp&sUiZ3J_mGD?q+7grai@LlYhUZ`agTd+`|i7M z_ktI^z_~zPg911cUVd7{F0vQc4WD6DbC0Jz?P<~U(6XXKi#ER6fnChr_vDjLKAmqy zXP$W`(=AeFa%mG_qv6Bf-}%mWhEe%TUhR80d~FLj6Ws#-!WX_U zfG3!1{r*s+4?p~HDcUe#tDJo3yQ^5!En2il9~?gl_|o{t1n|)5Mf+YYfPVk`-@jQ! z*@u@oz4Y7P{`N4+KJB#A_(4FUH2~*>&pGFuVFBeyPkK`Kl&3s}3C2vIj@5J|XcOQC z@P|J1p`!X(0Y?G6jp7MURq%#@Z@u-_-HmQ^BdOXD{HhCd7!fBow_*5w(`c!uA@@@kc5Mf6G8MuM(Y%%S3jm~)ng1!66R_nV;Ux2j$M zPc(nf{{+y79d_8pRrWll0PoN-#~d>>P4Fc7LzYWIp)ykZDq z4UW*7RMJM8c7B|o-TBUU#%LNnH02S12Rz^b00T0x5#ZMVUE{BrZzf&2Rw1WteElSi zrFi2T-`Mx<$CQh>>IQT*pt04P-~8qi0aCyZ1Fj$Z;0Jta2-vfNPJ_4s{u|(OX@cWB zZ6^pKXaM&?k9oJvd4e_?je!5CM?I?h;0HhGxK!dsf({@VgEWr$7O8tCErlCkhbC== zKZP4~jcZ)v#QNOoDhGCH!uGFu&1=qPDhv4TxZ{rN&N}O?01e1|r^S8;^fk=7l&l6! z01n{za5Mxx!Q96`{&B#r0eD+O7aX2+(n-p)L!bMrU;WBwt z8*THfz~$Q~2K^JC_ymj9Zqjd~buH*;U+Y@e+Wx9E9=&S~RW2#OnO*}L{FbVj&PicZ zy@uxaagTdkSI2ghq5-}IJ-`pm^|8kuOOpZ4_X@IXW6u3{AAqn9(Q?G3w?&v#(*h99 zrNOqxe~$#+aq9S@eQDVn-tdNKKENjeT@(*cfua<&X?4F9c+rBsq&|0D@4+s=wnqWJ z^rbI-=@68P%4reJ8fx>Gzx-u>bC}Q8SaX+Q$eMW2Rmuk7nD&6ql&WwM5L(SzDALdr z$4j#a%BWz?e)ncwjDpc_{#q&3v-nQf2q6&Mi^c;Icz~qgK=+#fI97JxcOv+)fFtb- zU-*LPT&*3ThG_c&;ar(V3;NRf++)23yCxg#Qh+a2wKDb$Y)r&(0Euw-rfBPB5XcXdL(cHIzeC+lB$LL zmX^^_*8yzGu7rWRsPXd77&+}{4Y&-k14{#Nu7Jr@Vtvqq9%QzQXgz?7;DJu)Jd2=A zB+g&kXTk)(?|uPt4Y1=XqU{-2sp(QmtcFrub0`35haP(9&^7g2BKVm1^6A^HH(;0M zY*};;Un+FreV?^xZn`O^Vcv}77@*Kbg%zM9-vw*MbZ&?Mu_DYoYycd<+aXof$AFFN zIyV|F4$uebW$x{nbDowIuzj|3>T}EWL9;i0%wryN5-@4dJKph*08R4{V1Nh&Ge>BU z;mQPLB3EGBCjcWHN!9vk8YUw99B1ST*n%ikG#Z3KYnAw2LX#OU8UAD?SQS1$z{ji$ z`j~FV0$Wv%r2sx6I1wVhxg6*8nq0qqmXogZJiVm#7(hSrk&onij4=aw4N_=f(rMgI zJMF}jGQa#he@X}ta}3O+Yymu}oPdmG5fmCt$bf+v>x^njlUXkL%@ruqrZ^M-E`u;k zI8G>8Wl4xEFIJ0iH zia?1b^W#3F@jeAh22xUi^T{%p;o=&!+;%xRbA5S02)iqK5q=1a`+k7Z+08Y>*Ja;_N)^@@JOJ|fWEdd-Wr>~CZ5_~5h z6EwUdByH_|_jLw#N#&+RXPL|=jiGS>WzG#IpqW6I6RT|tRQTSSdQ6K`YIPkEv5AUi zkPHK{yWQ<>lQ6$O;XnY^{^ojso!_P;%N$y*?Vp3DzPHF& z{mv}fbe#Zxm%H5Mhyq*?0yN<29MI4>(A%h8)eXg0lYYOYS1MAfb5c9SmT1p7N))UD z*5Bt`R>XI{FkrVNV013OOaLYUbt0mXOnRDFq}-tGVwafxX=?A%*7hDpT;X7sFWIM3 zjY||wm~ws@*tB*W=%^2RfKOq@ry$INf_J^^U2ug`Uqjgqz3KI00TBUh32LefQ}Ui{)01644EfISoFeSaPeCk&aV zMymyMVV2L9Fghl+1v@4`k$=l@RXh>7@6tEfgyGFx!*|<~+6m<10&)$rW#rtx%fq>{ z7W5QU`p?@p|16B09k40T%oTL}YOlR;t%F^Rym{r%7Xh397CqB!QP-nN#xa(rgD4|euDk2d>6O2IzcV?@vT>AM_RVA|}L zRuMG634mwveH`^cr|Esr{hkJNuEBkC-HVEDzP5e$QKX;QR8Rn@oDu*%XtTPD2sTnQ4H zcv1f(&)qlgsk>huO_v?D*F9>jfn7d(`=S;68-J+y4`?~0PbPf~=p&^ZjNRp3_ zB>Vb-oCa_-%BTB2z8So^w4FGyqG;_*nkb)joD1{c%Ar67c8FOAdJp)Kz8u)cAAh`v z*FcHEg)plnOaxZeYXL_sTLp17pLOC|@`8-pcWCGk#NG>d3RQ5H3 z$I<}1UqeA}l!=tBBm z%c%{*V21f{Q#9Hpb5PY&2F|?#I7#r(?Y584_JFR*uLfY+*eCliSa1edVCUHE z&-`!z&}<6|0Jb(7hASD18B!q=!4t$-l?W%$OFlDRT;PvQ7)o*-xY8 z&`c}s|L%9c+g$+-0E$7h+%qJ&i{J%7c|PBq*)8^sqZV|tc%tQf&;xkBqfyJ3@wJ^H zv-z9=uaxG1OzX9-3aCsvz@z1(Ku4{n({6LfSP7<2q_4vmhx$=+G?{6p-M)*Kji+N| zz@|ySHbg2-xq_RruV0WeOBOm&HMmGq{Kw0)-^Yn3h)AY zrwXiAiEvfb0(K~7J=Bld13K+C8&wrdL8HxkTe1y+G6BZ|m-e>D(g?m^j*RJ;Y^-=4 zx6D9AES3S81a=6>Ko^uoVD)1ZwV<0s5iJh|@KH2wb_`)$Ri8Ue1$fn-7s)Z@-O?7I znnXyuL*qbi&AQ*}*eTisz)_T`K>Q#}5G`s+z(kT=OI&azHS^#xH(K8I3&^xxpvkXK z0=jES2?cPYv>eT5-lds%mZ?*VCI-9w=0;V?I-PIK>{4JO+C3ZS0bD9ZyZLTJE5i_! z?_mfaX$3#2BuYy#B*!{mUd^P-sjtjtf&-zXu_2~wH&wl96b&&(Nf zAy^$db&!PNfzd`&!HK!&wvVxlT=Y(Ei}*v zzX`BsCa3|}IX+u*Eh%eWI26!lTkPO>J6@im)vD`V?|PHHTc(C54_5Ll;B|^tn->oB zv6>#RL(IA9$9dx+?bRuM83Eijc{ULFYz#^D%6{e>=mZ19_;%Y&ah|40*HR5@^Z4Y@ zz%n6W+GceNixXdtJfn$0TR*TXfh^wgCZauV|ys)SUplgNI>|-X`*t^kNK&_ zWvMR!Fx@tc2HITQgweLt;nm*7I|MgcoIWJ}u$0KWyzCF9@26c2!`E5Uh-m zF(Y6AA{>)8K^-9p$ow0C-6yL`lx}?n7%Aj5&5|Y{dA8!6nt=Eva(h*uiw&E1e z)EDsZg$1zSA`2ZSHSa04dItUUOy}3zB4?iWR=#Jq8W^|?;D$i~3cMLWkA{c%Ze~|> zE{AvHkzh0R(J+-F+H0R~CrdKm-h(PK0WhKzN%?Nnaq8D)d zOqEH5fCczWpvSZaa2l?Rs@Rh1lLtWYVJdi-oP9bT&~;crg}|gB18`vJ^d!wNtm`w~ z$UOqSXR^;k3Bgs~(c;-y0r!}+8Jux_8r_b$2XuX*JixYHe;osK`Fmd(GMTcJE-P32 zfX|qxYnCswU`1B{yPO3ukVNM*dd_I3(lijIptFIVRja8H z5Hf;?^_&bl0fS1YKyGY(^xDCMGGSq?|lOD6q zXUlbs=}NKO1XH;L!BGHD02Ru_1?drFps}wcAb+oX~6awKkazmftY_X zuw5|d8eEC(fJF(O92e_j&}S;Z#W~yrpa`9QXFgr}oWKlttS7MbBbFx=#n7j`m;gWZ zmy2?*Omm(=(^CcH#|5OWwf9KCOFQ?o@`K;8_A9T(MA7hQIr9x@9bg7Mln3OOXt$EA z?K%Yn8q_BmAYE}R2Iz41MfzP+0H(H{C^i(J1$e9h^9@i$I{@h#w!4O^Un*Jvk7lNP zOYo*_`YIK3T|!AwJhNxj56|h7Fk!w~Llh%@8AYC*ptDFoLxkIQiUA8i1AZjv)x=SN z&i}aVHxlsj84Km!S>V^#ZeTOtd?zb_$sR%nJrvDKNX5Z6`b!WqWGsuE9()m%ydP3GjdpOwYhf+wa-j2e>JFx?kc1Yrm#x0x1H{OlM>< zvsv9YGjd!Xc-D%;t z*JB>fck{z4NI(wg{I&UAEP#9%(9BKyFn%j22sQxjceE8b$L|0oA`eq^5*Yb!k)&q; zjH%<#-8)gOECARUGIcJd=NdGM24YZ3xtZcj%VS3EqY=}#uYUEbz}6qYB=~ZF_jUgS zpupDu+>_mt zL9kIKgrGj~`pTL)&Zr-YlU6Hx@PPsfTo;dfwe>Rd&b@!d95ex%)eX`sAjf=%n z@nZmYyax(lMBajoN!cC(jLv%op9$;`M);(;CLds?@3w`}G2_lP>5zswFC$YZK07gl z^m7i){Pq-Ekn06Z&y)odR*Dk7et#Y3JeH7^A`IE5AB2+d>jPj%@!NKkV3v!_Sb(=@ zaB)B<5X(jaUitG%sf`8rYT@!kel(gh3jvts%EOJ6<^R5r4$^L##kXKaKtdR1UreD$ zSEnNJiE0IT7?c;~Mr$Ha?m?hvjI@uSIxiJA&*Z+M=DC9HeJmN@r-6i+u(pC5Gp;Wz z4I#{6O`cU$uMUvcg#~N`Y=AkB<(!G{_9N%x84C?~$|u+rtgajhc+Iw04d?>hK{2x~ zHW7JHQpO!9jQAbG=sZ;NW1z=WV~h$Pzl1S>;*Xgy#|La?Jb_(C+8iGyON-(PJUhX0 z&jds6=URf(IWz%MM#GXj6F`NI#2RrY`fD5Ekj(%ukvOoWX|ZCCX%&RKkbMw_q@c4= zUZa8^c$1e9;=$^XfY;=_mB6B*0)~J+4d4PP=^8)oe4U{AeZqJT#gAp-9&2KII-VfR z@xW$1q9rID6U?~=H$vmGKY^lSa!=dzZ;s7##&5@!1axBugf3vGF9DP*0=o1K*b%}$ zrQkxiMfWY>69Z3iXt?Xt?BmfIUO+7qt%}ew3DbZ!A?cuCO0dU|$IOpCo^&%?{H+JX zm{ura{$vd_$n}$thB+9|EDF3Z)pc{<42mRpw4YC%YvTf>bMe{n+wR3h0FuJEXRj|Y zxAx1W6Pb@9eM~tP;OWDpRoeSV@q5{V?(AeaSJ#wr( zlQ!@(xnEx(SPX80VDQiJTQOa(A%Nqr1t_i^z$5LhBXBWfI#)AJJAoabe4+$}tc+-! z6;i;7bqN4|GvffzU#=<{PfICaQ5-_fq|XI#E|S0qxLKdYsLg^Ub^0$$+E}Dis1f~RRQrMbcfB_vyv_!t{nqdU9 z&nICN$rt2dPVS#MZ?>i53PmbVb7&SNdL9ve%y)u8_hvSc8hxv=v2;Mw7ugQ538KC_ z#(DaZluLi25ctGe7}ab0hbFkm_-_8TP%We+bR^zU}fgo#4Gd>Gg@pP?RS00 zV4zol&7qkQ3&e~~yJj2Vqm1IE0OWg~qs@tF7d~43iZA`X>ZAQKk!ZR;vrKKR zfp$rYTtlCj*YF~hGy;=BC;dp=;at^D+MnXoOw`B4IfAwPdH#w5ee`&E)n7L$%~;|+ zry}*7tn(viq!3_;YMGfJMr>%Z4y9xH1X6-9*8;X^Jf<1Q%o6FhKSdSSYlmW;Pb>H= zQ?lmJ3^*9JbZ-J1OO^icwX{^~l?qx?J%D;vefA7~TZj+~6yGi$p>6i-m%iXZ6d-(| z6ozss94(E~%|?A(+>3?vtV_ybZZa6x>RqR&culq7ZHD2^v4VhMw1i1TOgO1cr$PbU zu^2=PFtHsV@LN4V0fJ`p`za~_8*}^?jT+jVLo>t(oYcC3olGLk(&+z~AZ=gb7W9J!(w9Ei$Zwi&wy-sMGJ&LilTa&wz&6b7UMCM`YBfjfXekUWXEHHj zQm|1vZ{P(8n2-p&Pnlol!7{_6?R?C**Lz_i!Eqd|4(J#oPoAC9a2i zVI^cJgmlJPtNi$a{N04qKxcKPM`N`o zm1ZZ$P9DzO@wszpX6w+{6j6W^H$ubQBdK75AST^5rQnRh#Ui+lG)%ClZz62qIzD|h zHetKp?!j^a+i#XC8gF>oL=%=GL%&lH1(o9y80Br%!I|f!*PQ0v$`oG)bn~Jz&#Xs4 zA4|?*qNQeXavjt;9g7*3ql(CNQfDy{=rkIG_(Nc0zWpL$8tpsNYAWuuO`ilxF~d!6 z3%G1={bDpM{m#&8pC9@ZpY54}OGsTOVC!SFneghX{;(cC9dGV|*at5%O==pVYyvfw z&tHFDR)a({uRN)xJeyXeettCtm_*(>+9w?yNl9na)azQ(1KI=Z{G(C8woQk90+e(r zb_i;sX*3^U$ed=TWHp8W&@~AYVnIUr%^ZdVXh3Nx&q4r^ZJs@YI)Kx6$MDtqN^m2r zjt%8+yb%6~s>{NfS>zg-4Koc9PA*U!z{;LqF~jWdRIfnh1m?J+c1$K|6N4S1<@|`C z$ZQOt>KKLtRflXtZKs(+e$aj63Nk^_WDISNCDQ!mwR;5ku>^3z zN#?AJP<2{o0Vp6O<>@TV=hv7%+9o)nVJ+YoyB;=gmIM%!o*AaBl)mVLLJEyDw!7&9b>%0nnQvqK6*q|itRI5SrufR-n zPlNm4`xNkLF|#hfVa{|oDGs0mI_B60Y?ej9!yK{(>#K$nN}8Eft^haS63~Io%o7ZP zn|`xulnLMhtiHP(rRnW4t?Lvw(!F-kC(KXIo)7`8r|bmiLA%L8fv zH?pS6sEDK=Ot^ir5=ALIFh3q&=8}dXR@eG6L%fPWg1^HCm#0-J^EL(0#UjYkcoiht zI}O+&)N4R{I&X`(xGIXb z8C>306AO-$+nJbX_GOmYPD=d>oKYphQ`a?}D2!^EVp~9`>G>yr-xI}SX7b#2@jJ>0 zR0v}-HjVlV^D^IkjX88E11wqg)DE~H$7f}0z|Q}t*pBl2c^#U0^sHG@*EtYttH9&s zKfq?vj~lFwR=#ul^1UmhRc69q6zQ50?2t|x2R9JHhe=le9L9ubzCeza8UZ2*EkywG z$`6*nIibV`gaQDB$M<9iZH^2q&*b=4pz;Yw8ZEfW2p6(1X4;UeK_B;Wea{o}ysU%Z zmpK>1goksXte@v<`E9OcMU`f^AFQob_1UAcPTUY<#>pq3u|nWFK(A{vb9s?Z%P0U~ zH1jx0C@`Iw$7sO2Mk^Ev1kEtbN{+tZ#NVoz0WL9xeMun+o{5F5li&Sk1-$-vj>H|I zj1Ab&qIr(+BK(<@kL?gN;gO1o%#C}jwf`-PFTZ&KbCIDtTB(zn4Ko4tA3p28F&XH2 zeF$c`cFQo#6~qBP`w`7FxWi{Vh7XpH<`}>z-(s@g^5xX$BQUN(*a(#KT!Y{MJNtp{ z8h(o-XlFppeE{tm&daMrkz+*UER=%}8U-i;8~}4Xb1M3$*?gpTy9Ge! z5gf&wTthBQU=kc+q-ziy*I=ey1Bjj>&*2)bnd!;`Lf3SDp4oTz>T4ejT2on0vh?$imr_T1l76G@uNnu7c zjzGy#X*1?VTaf#)2m&A91451g7=X<_$pIDR>Y|6b}QYrI223K^e66X4sQB1qE z37`NX05S2jN{3vViKnGZbTkjeRPwE@Fyy<@DCf`w0b2`L)}+yF8pvW~ziYD?wsS4c z1(<7Pe~8H!A2_!KI{Q2u(7A>1=JHTdLeHfDCGL^h9x+%Kt)|axTH1Z4KnpMerwP}g zd2o3zu$g2;Lo#_V{{}>mXu5cT04T5o)G!thEwk+xm<1q=XKrb!^D@sY_XHMS%E*BR&gIO0fB7B}1$xIRX&?m=`lT zj)1~7m_mioec|xj1dm^54FYzKBQ!qyK(Ja$5a_%dKZ+;;%j7K> zO0lAIz#kY4t_;wRkx~KO;z6Kg&UZt3@gA_5=Kziwj>j}0(zd)gD$?yc-!6y}m8vdT zk}PNhBI^S5Xgx3jRKTJkd~SbVdrW}#d(?5RK_GG+_snDl<~#jt`%DM|aOUQvz8)gv zqu%n6Y0un{ax6DzUcoU}8rVtI3iOkbN1Mi!WkgLa8iN9M$Zt_DCaXRX0_9DD;ry0y zd2=#<%cRkE|61&A#_~~P<+MNw1e64KKKt4_j_hxN2CQe{!$sVP+4noqJ3!LMK47-d z&eRoJzujs*)82nIiasl0b3rP6Duvw5N%dU{cBMA8_ASe&pCgY3y4furHd0IanM^ZS zfSln%U<28#46@!!u)_*CM}7~;(C~Nu zUzNLINeGp5nvplwNFQVeo*zi<081aR{HE0j=&~(q?OMS5uSLN#_vVT$7cxiSoT}z+ zIaps>MULB*A78?!105K7_gGd^3f3?{$V1yU#ue;$qST zb^+aU2k@L5u#?3o>Ubt@Ye~^|gY~UddN~u%T5n8_^=>F$|oQ zTJTf7$}Ctu&r%zKUj9Un)(iM-6K?>&o>vg0NFx;kx>75U#S$z)7C7c!Eikl{X(w<5 zBEzdK0Xcvp0)P^<<<;YOlV#QJE!8D-`m(fWm%;klYLem}K$lJd9Yb}h_pTS3-cDu^ z_#{uAgn$sY(SqQ21i&_$#D8b-g=uE4X;4zJ6i|Rm=$tpoFWcVU$9V(khC#DY-V;ucq-umI%$|t? zXeLkk48S?24;b>?v>327k8jU!-+?X)2V7>=^vU)JV&6&;1i_+Mfol`2om~Oq_JgZh zD=@Yypicz4v<>hW1+a7&2qTz-W_l;P;)?)G1RF-rcAiwr=$8P``e~nj+n(nc^(?d# z5CIs`aK1L%642?}G{jYa<@O$qfc4n&(yj%jV5#%Vx{$2a3BVljk0vuJq50W zCu8i#ln<9@U-ert_Mj?`ET`oLMO4W!FcS>NFeXf7_8do(RGet25+lUW~snaFh&VN8z(uwIdXDf{wxt~7?gk8 zxAv;s1M`~^Bb6`aHi9yWvT9TH58&$knC-f9Xx9a}h~IT)1I#f5G++}tnMUq2jrp4SJFA4l#Xs?Hzk($ox(_K(l%(OfU@g*m3~pEGyh7qXvL6gyCWU zk-2heG*X1jhudy6DjL|QfZL~R&u1nwW(+>_WzbN?NEOG*z)Vk z^MB;ExE=UF0WLF~_o5)$H4c!F$ld^ii4=eZMAoF!e9^jrifCu*-Og)2Tgq{nP?1qL z*Ax_rz(wNA>t4s!=MIDUHY4!cTD4l*enEk4-nIGH#=cE{F!rrrB5xJ(CbCWx+y^I1 zbXz|f5L>_7KW`M+w3yZk__z|!fHGDtr?&5ciaQP~(6=4Tx2dK?Z&7}ILCtbGC9fax zc1Q1zGw$s*-z)*MEXp@90*GeXQR{yr3}eaukl&dXU*IXS7}#)+tVs1e)iI#2D!@;v z;}(=gZ!wr}m#-DDI~VAS%EX^m+P>1bcfBUmnD=loT`htq1T26wPe3R47WHSWJ(D1q zUM3i2IaKQy;zgRQP4P+c#N!Q92RW*^h)J`p3)lOi@w~N#jVASU` zAwovLzY`pQuP(sPt3t~OB}9i5*gKY>Y&e*2>#o)NXErNf_b8ATc=dNpb2_;MV2OWr z065AY_f*br@`D(F8<3(UpBK;tc!10ASD0y1vtLdwu#c|N>;hxcrQMqi=G*$!{Ii3< z^C%y`SG|R5fB)80fFEDc|6)0RX}W)4TwR*JvNU~JY5L+y+m0`=7uK-r{-x=A70}xh l@S6 Date: Wed, 16 Feb 2022 10:47:45 +0700 Subject: [PATCH 043/645] =?UTF-8?q?=E2=9C=A8=20Add=20Logos?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .../{oauth2-logo.png => oauth2-logo-124px.png} | Bin docs/images/logo/ruby-logo-124px.jpeg | Bin 0 -> 3935 bytes 2 files changed, 0 insertions(+), 0 deletions(-) rename docs/images/logo/{oauth2-logo.png => oauth2-logo-124px.png} (100%) create mode 100644 docs/images/logo/ruby-logo-124px.jpeg diff --git a/docs/images/logo/oauth2-logo.png b/docs/images/logo/oauth2-logo-124px.png similarity index 100% rename from docs/images/logo/oauth2-logo.png rename to docs/images/logo/oauth2-logo-124px.png diff --git a/docs/images/logo/ruby-logo-124px.jpeg b/docs/images/logo/ruby-logo-124px.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..f1fc0df851631b4ca2cebd0c23da287f4b04cd87 GIT binary patch literal 3935 zcmbW1c{tSF`^P_HY-1M^k-f1cYm{Z8kX@D;S;Ipi#AInKQ&}dVd2B_*}_m6jY4)|aFD~`4bXjtC%zvqvnVH68g(l0-NWc(!SMbh2_+{{2Y5Do^319aRVFgJ+y2@pA61q0}} z{SG^BKy+Yw21X`k2n*}6Lk$-|2LglX=)nvOzor329FGI^+zcnglyn(+uDddc2kMT@RMpjkrg1W}VOINPy8yH?QGPbs{g(K{4 z*t`GX;d$$}mpAfWP;f}-eN_*#)HGar#pO4-U}j`wVq{=uVq$_om|56(+1XfG*#u7TaPkTZ zikuM^6cQ4ZRDg<#%S#9eNvq4qD=Mj~s)|4_YHKKKDX6F_(~gsXAP@)}E88h{_EXAY zLSoAQXQNFVUrT1%7{CSw9bYCeHvj|n4y5xQu>7v26nDpg>eDA12g{S05e;YT4nTvM zW-m)*l>);n5S}sc#zFaQazbso<@X$cb8;~vWuYT+I_IaHs#@~ecBL=f{|Yvq{Bh5v z4La7iMx@SAk!s^xj>gFJXYu%vhh&75=^yR|LE2pkSKxUI#rufKp1e6SX8PLPx1bWY z2%BWsr7ZH3)8FBB{R*poGtQ-n4gMqjO?Pfg9j@*V$EKA!EsaH^VzOd9AFoMN$4@v6 za<4e92%r7gx73L#3Y^S(akQ)LW4rme&ZD8@QF{et$9v%=xnbtiwDE>YeLWFYV|v5WL}7lm35c3DH7IY%EB7=R}-(;bZzk7 z4aytLDX(1%S>MceamF2Z(SWys@Tbo^L`MvOA706GiS4DVQ@84%f zP$$Q43g6?4fL=>-v2l&_Af9_j^$X*eFf(1qDerzmzCV%~eexAPu}SP38Lr|BIFy-T zxT3Z`!x|TB2Z{&`!$GTt&domEdh-hzi}V{@C}}FU&Dm^+IOiJ$_a%enyB4M5h(>E( zY4dP`EcVNxJco+~yRce%fNmk!EC->qoM-868EHTR?$H3*a(16kv`GZgv2s8{;P7g$ z!zhzHT1+qAS5jS#e*Rq2dOb%z2WDDWaBOMD^_GBKb{2wrw$qpYQ-_~8tMBXAGaf?M zVD+=j6+}6n)<}s%!^ebZ=pI-5Zs_IZN~KyFpf}+-S6@o#ooOg`Q=MDFg4uD0lM@X_ zD|^J7jt-qZnpc$hf>tTIYqE@@EF*QPj^$E|!khtiBiz;JdSp?GrQ&NSmG~#(;i#J< zgmA@82d_x}%!?w62ZH;PMrXX7jRamy#H%Q^yP=Z9Qs8Q3-s?_7Yig{c>fI`9I!`pE zcfk+$_lmud&gSAJS&i7r&W)sx1GR{EM0;cV1?{WncvCHHTLr!{ps){BH>anViIXbz zmnFGW;kx9WJ2c?^a{wXngTP`o(;aZm0N$^qJ&2#M&|RBgn(-N+o>%dTWE&_g&F8j{ zcxhS825<``p%r1WE4gL`L>)|0hFfZ}Aq)P~&h{#aTC3$|bj^*`PvX&JVcn6r#q9NG z5k%}5WJ!jt%+78{A>PwIagOb!9UZ5ocZum9zIGyrlh z1s3Bs@9}kI{{n?BhnhBf*637BkM+~EZEVXo1eJ@qpzWaZ*>f6jrfs{tULB?KsY}R} zPkI$e>)$)ra7m1W`uyd2j)jTRn!$O2b21GBrqVT+gdrLnP2cYJchP`gRfWh0o=wKX zlTOCeSbg(7g#Af%#@oZ2G>0vW zl8?%?kFzgeQhRPttT&t;ljls1f@3Ty;=}uqDSOw$s!*VV?Lsp8V?8ELjkoFzCM??t z%PL3%?qgjKvWJ%1!(N3Ne=rl#O*PTn40}xjcuQe1oF2j&)ca}$GL)h_NW`aV$_s6e z{rk-;)|Gv;{f)ve%hL+elJzyqq3e<_+G&6m9Ez=x8afgQ14P?Tjt(?ShoD9E18>>F zCMn)BYGUHbDt{=7j+hW$;@V!YH4W@0hv4?K`W_%e13|OP2Kw^L^QN0Adk~k-C()S; z6+cPekT$+1^_gZ?23Bcp-xJ2$vY%r}gu*7i@091$UsGXC1Sn35CV9TqA-F`nJZAs;YFEip! zhZ4LuU7oo2*7)3(g4Nyr*Z~_I*QKa9(tyWD%6)#xs^`IhPZ@QEOP!haWuf`u2!l@#yA?} zSYg(1X2|FR_oCmISZ(=HX@4ctm2OoI5{|qaxi_+gMQt~;hKuy8 z2Br%(l;;O>T=fY4P)M09qXBe1y$I;0$PCYvlVd2_++X|y(`^rld6hH`iBS-}dy}@@ zEqz_2DQPw#`)p(s5ukAdNKNb@WjSMFb$}g%9*L-tW^X! zfFGc-D$}|})oc%>v7hZh zSpPVoYyt-g~dqIfGSXSp-^NEX{S@Ql0R5} zZaz-i!V0aGxuRuK#9!fX7d@;2UAjmOE!Qu(Xx8qOoqd{BkUQ8R=}~8Ik_C_AO1G5a zu;%m0?>rFQb!?fYn$186-_o`GRPC}_`OdCe-!or>g5MV z7xl)6HnKmg`t;Ab-C24Qrxr$k{NZF+lLDxGJC6w&;rxCIjYfH50^Q@cw%Vy_+vM_b zg|02+z5>dpW05x0L#~z-;acCLOeqLAo8f0OXR2CJn9mdErZ*XI1v&eO3)CALvnZaa zaTrz8`9>zmyTlCdliqE@$=DESFDzBFpE)Xoe}2lpOk@0Tn7ynep>i>*XV&^O9@UcH zA76jE$lSATc-Lf8KD)!lVS`@F>!ON8N^ zToK&TW{0toP`&uJD-MSlIc&B!6uzU0{Y&_1)$|jAMwfhP0f<&Y#2d_!&$3v5Qz-dD zo`s-6VQGK~bSbY1Q+_17CqTM5xL@27j3xHahIctng?ftckt3aS47j_PlOfl>wli70 z-{P!LBb^}>xZFmizUALtW&ad$y#Z?(h7D+&ZH)-IkvW3d#&eCuN5DVJrHb5p^HFRE zE)=z`mS``F+R+v|=_(Ja--+AO`H3{QGMd{axNRDK=w>pTI9IT@8TIv}_&bq!8CY2W zDkN5Z?flD!3-89FZzevY0lhv?E$2~qli1dxv#YsZY7Bfv@96L?r59^;c3-}ASjI&I z#)A4C!cT7$i^>Ntfsn#N>v-Oc)ogVTO91;m7Ymq*M-oHO6CsjOq(AfOJSdz zUSV3APSxJ*3q_m4g_&!PAD?W0yzxLT4X}0f5jp(xH8stIb>dIb=O$h%X>Q3Mn)J4f zr6WRup&936&a8Ih@@U><^C4~vPr)@6+V$xWWhsm@gTs6wQj0sN^KDcR$*deZ!x|O6 z@wL>DFxr7V3gaViMmHMD{vZb)fd?->MynIhc_qY(HRvae>^QVbz&woOh_#4}ZnYwY qT<{zlT@_TsisKOS9Et^-51q^O`Km>8O0iI$IGlL+7JM5<8~qPnrbf^J literal 0 HcmV?d00001 From a75a29ae2ca7066cff29dd47fbee84d64335e7dd Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 11:03:45 +0700 Subject: [PATCH 044/645] =?UTF-8?q?=E2=9C=A8=20Add=20Logos?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- docs/images/logo/ruby-logo-198px.svg | 948 +++++++++++++++++++++++++++ 1 file changed, 948 insertions(+) create mode 100644 docs/images/logo/ruby-logo-198px.svg diff --git a/docs/images/logo/ruby-logo-198px.svg b/docs/images/logo/ruby-logo-198px.svg new file mode 100644 index 00000000..59cf324f --- /dev/null +++ b/docs/images/logo/ruby-logo-198px.svg @@ -0,0 +1,948 @@ + + + +image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file From 5e334e33f31b7d4e2716c09d40b70237139dde0f Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 11:13:57 +0700 Subject: [PATCH 045/645] =?UTF-8?q?=F0=9F=93=9D=20Improve=20Readme?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 27 +++++++++++++-------------- docs/images/logo/README.txt | 15 +++++++++++++++ 2 files changed, 28 insertions(+), 14 deletions(-) create mode 100644 docs/images/logo/README.txt diff --git a/README.md b/README.md index faf89466..a9346e8d 100644 --- a/README.md +++ b/README.md @@ -1,22 +1,21 @@

- - OAuth 2.0 Logo - + + OAuth 2.0 Logo by Chris Messina + + + Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 +

## What -
- OAuth 2.0 logo -
- OAuth 2.0 is the industry-standard protocol for authorization. - OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, - desktop applications, mobile phones, and living room devices. - This is a RubyGem for implementing OAuth 2.0 clients and servers in Ruby applications. - ⚠️ **_WARNING_**: You are viewing the README of the master branch which contains unreleased changes for version 2.0.0 ⚠️ -
- OAuth 2.0 logo -
+OAuth 2.0 is the industry-standard protocol for authorization. +OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, + desktop applications, mobile phones, and living room devices. +This is a RubyGem for implementing OAuth 2.0 clients and servers in Ruby applications. +See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. + +⚠️ **_WARNING_**: You are viewing the `README` of the master branch which contains unreleased changes for version 2.0.0. ⚠️ --- diff --git a/docs/images/logo/README.txt b/docs/images/logo/README.txt new file mode 100644 index 00000000..bb405554 --- /dev/null +++ b/docs/images/logo/README.txt @@ -0,0 +1,15 @@ +The OAuth 2.0 Logo - oauth2-logo-124px.png (resized) + +https://oauth.net/about/credits/ + +The OAuth logo was designed by Chris Messina. + +--- + +The Ruby Logo - ruby-logo-124px.jpeg (resized) + +https://www.ruby-lang.org/en/about/logo/ + +Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 + +https://creativecommons.org/licenses/by-sa/2.5 From 53c767e4b802209f169e3930e92af6b00bdba511 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 11:17:09 +0700 Subject: [PATCH 046/645] =?UTF-8?q?=F0=9F=90=9B=20Assets=20must=20use=20FQ?= =?UTF-8?q?DN=20to=20be=20accessible=20from=20RDoc.info?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a9346e8d..440e1fac 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@

- OAuth 2.0 Logo by Chris Messina + OAuth 2.0 Logo by Chris Messina - Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 + Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5

From 1405d34f536a2dd666794050ac5b744c031553d7 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 19:22:27 +0700 Subject: [PATCH 047/645] =?UTF-8?q?=F0=9F=9A=A8=20Fix=20whitespace?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 440e1fac..0fe80397 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. ⚠️ **_WARNING_**: You are viewing the `README` of the master branch which contains unreleased changes for version 2.0.0. ⚠️ ---- +--- * [OAuth 2.0 Spec](http://oauth.net/2/) * [OAuth 1.0 sibling gem](https://github.com/oauth-xx/oauth-ruby) From 86e5db4df11a71318e48cc6a558178b76fa60de0 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 21:37:22 +0700 Subject: [PATCH 048/645] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20Split=20tests=20in?= =?UTF-8?q?to=20supported=20and=20unsupported=20sets?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/{test.yml => supported.yml} | 18 ++++---- .github/workflows/unsupported.yml | 41 +++++++++++++++++++ 2 files changed, 51 insertions(+), 8 deletions(-) rename .github/workflows/{test.yml => supported.yml} (84%) create mode 100644 .github/workflows/unsupported.yml diff --git a/.github/workflows/test.yml b/.github/workflows/supported.yml similarity index 84% rename from .github/workflows/test.yml rename to .github/workflows/supported.yml index e596ec1c..11a1bfbe 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/supported.yml @@ -7,6 +7,7 @@ on: - 'master' - '*-maintenance' - '*-dev' + - '*-stable' tags: - '!*' # Do not execute on tags pull_request: @@ -21,12 +22,12 @@ jobs: fail-fast: false matrix: ruby: + - truffleruby-head + - ruby-head - 3.1 - 3.0 - 2.7 - - 2.6 - - 2.5 - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest continue-on-error: ${{ matrix.allow_failure || endsWith(matrix.ruby, 'head') }} steps: - uses: amancevice/setup-code-climate@v0 @@ -34,15 +35,16 @@ jobs: if: matrix.ruby == '2.7' && github.event_name != 'pull_request' with: cc_test_reporter_id: ${{ secrets.CC_TEST_REPORTER_ID }} - - uses: actions/checkout@v2 - - name: Setup Ruby + - name: Checkout + uses: actions/checkout@v2 + - name: Install cURL Headers + run: sudo apt-get install libcurl4-openssl-dev + - name: Setup Ruby & Bundle uses: ruby/setup-ruby@v1 with: + ruby-version: ${{ matrix.ruby }} bundler: ${{ matrix.bundler || 2 }} bundler-cache: true - ruby-version: ${{ matrix.ruby }} - - name: Install dependencies - run: bundle install --jobs 3 --retry 3 --binstubs --standalone - name: CodeClimate Pre-build Notification run: cc-test-reporter before-build if: matrix.ruby == '2.7' && github.event_name != 'pull_request' diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml new file mode 100644 index 00000000..1ebe11c7 --- /dev/null +++ b/.github/workflows/unsupported.yml @@ -0,0 +1,41 @@ +name: Unit Tests + +on: + push: + branches: + - 'main' + - 'master' + - '*-maintenance' + - '*-dev' + - '*-stable' + tags: + - '!*' # Do not execute on tags + pull_request: + branches: + - '*' + +jobs: + test: + name: Specs - Ruby ${{ matrix.ruby }} ${{ matrix.name_extra || '' }} + if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + strategy: + fail-fast: false + matrix: + ruby: + - 2.6 + - 2.5 + runs-on: ubuntu-20.04 + continue-on-error: ${{ matrix.allow_failure || endsWith(matrix.ruby, 'head') }} + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Install cURL Headers + run: sudo apt-get install libcurl4-openssl-dev + - name: Setup Ruby & Bundle + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + bundler: ${{ matrix.bundler || 2 }} + bundler-cache: true + - name: Run tests + run: bundle exec rake test From da05429d2d12bda6846152112a65260d5abdf8f3 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 21:37:42 +0700 Subject: [PATCH 049/645] =?UTF-8?q?=F0=9F=93=9D=20Clarify=20v2=20is=20unre?= =?UTF-8?q?leased?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0fe80397..361d1c56 100644 --- a/README.md +++ b/README.md @@ -116,7 +116,7 @@ Ruby is limited to 2.2+ in the gemspec. The `master` branch currently targets 2. | Ruby OAuth 2 Version | Maintenance Branch | Officially Supported Rubies | Unofficially Supported Rubies | |----------------------|--------------------|-----------------------------|-------------------------------| -| 2.0.x (hypothetical) | `master` | 2.7, 3.0, 3.1 | 2.6, 2.5 | +| 2.0.x (unreleased) | `master` | 2.7, 3.0, 3.1 | 2.6, 2.5 | | 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | | older | N/A | Best of luck to you! | Please upgrade! | From 7564b818778daebc1be830bddb31edfddffeb520 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 22:12:55 +0700 Subject: [PATCH 050/645] =?UTF-8?q?=F0=9F=90=9B=20Proper=20Ruby=20version?= =?UTF-8?q?=20logic?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- spec/helper.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/spec/helper.rb b/spec/helper.rb index 66683744..c1bb5cc3 100644 --- a/spec/helper.rb +++ b/spec/helper.rb @@ -6,11 +6,11 @@ require 'silent_stream' ruby_version = Gem::Version.new(RUBY_VERSION) +minimum_version = ->(version) { ruby_version >= Gem::Version.new(version) && RUBY_ENGINE == 'ruby' } +coverage = minimum_version.call('2.7') +debug = minimum_version.call('2.5') -# No need to get coverage for older versions of Ruby -coverable_version = Gem::Version.new('2.7') - -if ruby_version >= coverable_version && RUBY_ENGINE == 'ruby' +if coverage require 'simplecov' require 'coveralls' SimpleCov.formatters = SimpleCov::Formatter::MultiFormatter.new([ @@ -29,7 +29,7 @@ Faraday.default_adapter = :test DEBUG = ENV['DEBUG'] == 'true' -require 'byebug' if DEBUG && RUBY_VERSION >= '2.6' +require 'byebug' if DEBUG && debug RSpec.configure do |config| config.expect_with :rspec do |c| From 32ee3132be8b2392658138720f7d994c1fd4ff2a Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 22:25:16 +0700 Subject: [PATCH 051/645] =?UTF-8?q?=F0=9F=90=9B=20Proper=20Ruby=20Versions?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit > A general rule is if the version text has a decimal point and ends with a zero, it should be quoted. If one wants to quote all the version values for consistency, that's fine. ref: https://github.com/ruby/setup-ruby/issues/252#issuecomment-1002371647 Signed-off-by: Peter Boling --- .github/workflows/danger.yml | 2 +- .github/workflows/style.yml | 2 +- .github/workflows/supported.yml | 6 +++--- .github/workflows/unsupported.yml | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml index 437c5d77..ec98f76c 100644 --- a/.github/workflows/danger.yml +++ b/.github/workflows/danger.yml @@ -15,7 +15,7 @@ jobs: fail-fast: false matrix: ruby: - - 2.7 + - "2.7" steps: - name: Checkout uses: actions/checkout@v2 diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml index 539b3576..a4653064 100644 --- a/.github/workflows/style.yml +++ b/.github/workflows/style.yml @@ -22,7 +22,7 @@ jobs: fail-fast: false matrix: ruby: - - 2.7 + - "2.7" runs-on: ubuntu-latest steps: - name: Checkout diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml index 11a1bfbe..74f8bcf7 100644 --- a/.github/workflows/supported.yml +++ b/.github/workflows/supported.yml @@ -24,9 +24,9 @@ jobs: ruby: - truffleruby-head - ruby-head - - 3.1 - - 3.0 - - 2.7 + - "3.1" + - "3.0" + - "2.7" runs-on: ubuntu-latest continue-on-error: ${{ matrix.allow_failure || endsWith(matrix.ruby, 'head') }} steps: diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml index 1ebe11c7..e4fbe968 100644 --- a/.github/workflows/unsupported.yml +++ b/.github/workflows/unsupported.yml @@ -22,8 +22,8 @@ jobs: fail-fast: false matrix: ruby: - - 2.6 - - 2.5 + - "2.6" + - "2.5" runs-on: ubuntu-20.04 continue-on-error: ${{ matrix.allow_failure || endsWith(matrix.ruby, 'head') }} steps: From 0c86c3f2f130dcd362210adfff5089244c4ad83a Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 16 Feb 2022 22:40:51 +0700 Subject: [PATCH 052/645] =?UTF-8?q?=E2=9C=A8=20Add=20jruby,=20and=20more?= =?UTF-8?q?=20heads=20to=20build?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/supported.yml | 10 ++++++++-- .github/workflows/unsupported.yml | 5 ++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml index 74f8bcf7..f90c9247 100644 --- a/.github/workflows/supported.yml +++ b/.github/workflows/supported.yml @@ -21,9 +21,14 @@ jobs: strategy: fail-fast: false matrix: + rubygems: latest + bundler: latest ruby: - - truffleruby-head - ruby-head + - truffleruby-head + - truffleruby + - jruby-head + - jruby - "3.1" - "3.0" - "2.7" @@ -43,7 +48,8 @@ jobs: uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} - bundler: ${{ matrix.bundler || 2 }} + rubygems: ${{ matrix.rubygems || latest }} + bundler: ${{ matrix.bundler || latest }} bundler-cache: true - name: CodeClimate Pre-build Notification run: cc-test-reporter before-build diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml index e4fbe968..8ccd746c 100644 --- a/.github/workflows/unsupported.yml +++ b/.github/workflows/unsupported.yml @@ -21,6 +21,8 @@ jobs: strategy: fail-fast: false matrix: + rubygems: latest + bundler: latest ruby: - "2.6" - "2.5" @@ -35,7 +37,8 @@ jobs: uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} - bundler: ${{ matrix.bundler || 2 }} + rubygems: ${{ matrix.rubygems || latest }} + bundler: ${{ matrix.bundler || latest }} bundler-cache: true - name: Run tests run: bundle exec rake test From 880db72aaca5de600033c27664253df091faa988 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 17 Feb 2022 00:01:44 +0700 Subject: [PATCH 053/645] =?UTF-8?q?=F0=9F=90=9B=20rubygems=20and=20bundler?= =?UTF-8?q?=20need=20to=20be=20arrays=20in=20Matrix?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/supported.yml | 6 ++++-- .github/workflows/unsupported.yml | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml index f90c9247..78748c52 100644 --- a/.github/workflows/supported.yml +++ b/.github/workflows/supported.yml @@ -21,8 +21,10 @@ jobs: strategy: fail-fast: false matrix: - rubygems: latest - bundler: latest + rubygems: + - latest + bundler: + - latest ruby: - ruby-head - truffleruby-head diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml index 8ccd746c..cbce8ff7 100644 --- a/.github/workflows/unsupported.yml +++ b/.github/workflows/unsupported.yml @@ -21,8 +21,10 @@ jobs: strategy: fail-fast: false matrix: - rubygems: latest - bundler: latest + rubygems: + - latest + bundler: + - latest ruby: - "2.6" - "2.5" From 7c35acdb5f138b0d2f52450f844de8cfdcfa7c77 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 17 Feb 2022 00:04:41 +0700 Subject: [PATCH 054/645] =?UTF-8?q?=F0=9F=90=9B=20rubygems=20and=20bundler?= =?UTF-8?q?=20values=20are=20strings?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/supported.yml | 4 ++-- .github/workflows/unsupported.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml index 78748c52..86518319 100644 --- a/.github/workflows/supported.yml +++ b/.github/workflows/supported.yml @@ -50,8 +50,8 @@ jobs: uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} - rubygems: ${{ matrix.rubygems || latest }} - bundler: ${{ matrix.bundler || latest }} + rubygems: ${{ matrix.rubygems || "latest" }} + bundler: ${{ matrix.bundler || "latest" }} bundler-cache: true - name: CodeClimate Pre-build Notification run: cc-test-reporter before-build diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml index cbce8ff7..58085677 100644 --- a/.github/workflows/unsupported.yml +++ b/.github/workflows/unsupported.yml @@ -39,8 +39,8 @@ jobs: uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} - rubygems: ${{ matrix.rubygems || latest }} - bundler: ${{ matrix.bundler || latest }} + rubygems: ${{ matrix.rubygems || "latest" }} + bundler: ${{ matrix.bundler || "latest" }} bundler-cache: true - name: Run tests run: bundle exec rake test From 6d53afb8225eae7abfd43aa05d9873dabad6f7c1 Mon Sep 17 00:00:00 2001 From: "depfu[bot]" <23717796+depfu[bot]@users.noreply.github.com> Date: Wed, 16 Feb 2022 15:16:53 -0700 Subject: [PATCH 055/645] =?UTF-8?q?=F0=9F=94=80=20Update=20faraday=20to=20?= =?UTF-8?q?version=202.2.0=20(#565)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update faraday to version 2.2.0 * 🐛 rubygems and bundler values are loaded from matrix Signed-off-by: Peter Boling Co-authored-by: depfu[bot] <23717796+depfu[bot]@users.noreply.github.com> Co-authored-by: Peter Boling --- .github/workflows/supported.yml | 4 ++-- .github/workflows/unsupported.yml | 4 ++-- oauth2.gemspec | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml index 86518319..a99af0b1 100644 --- a/.github/workflows/supported.yml +++ b/.github/workflows/supported.yml @@ -50,8 +50,8 @@ jobs: uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} - rubygems: ${{ matrix.rubygems || "latest" }} - bundler: ${{ matrix.bundler || "latest" }} + rubygems: ${{ matrix.rubygems }} + bundler: ${{ matrix.bundler }} bundler-cache: true - name: CodeClimate Pre-build Notification run: cc-test-reporter before-build diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml index 58085677..7ffdfe7a 100644 --- a/.github/workflows/unsupported.yml +++ b/.github/workflows/unsupported.yml @@ -39,8 +39,8 @@ jobs: uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} - rubygems: ${{ matrix.rubygems || "latest" }} - bundler: ${{ matrix.bundler || "latest" }} + rubygems: ${{ matrix.rubygems }} + bundler: ${{ matrix.bundler }} bundler-cache: true - name: Run tests run: bundle exec rake test diff --git a/oauth2.gemspec b/oauth2.gemspec index a273b872..60e6dfcd 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -6,7 +6,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) require 'oauth2/version' Gem::Specification.new do |spec| - spec.add_dependency 'faraday', ['>= 1.0', '< 3.0'] + spec.add_dependency 'faraday', ['>= 0.8', '< 3.0'] spec.add_dependency 'jwt', ['>= 1.0', '< 3.0'] spec.add_dependency 'multi_json', '~> 1.3' spec.add_dependency 'multi_xml', '~> 0.5' @@ -29,7 +29,6 @@ Gem::Specification.new do |spec| 'documentation_uri' => "https://www.rubydoc.info/gems/oauth2/#{spec.version}", 'source_code_uri' => "https://github.com/oauth-xx/oauth2/tree/v#{spec.version}", 'wiki_uri' => 'https://github.com/oauth-xx/oauth2/wiki', - 'rubygems_mfa_required' => 'true', } spec.require_paths = %w[lib] @@ -48,4 +47,5 @@ Gem::Specification.new do |spec| spec.add_development_dependency 'rspec-pending_for' spec.add_development_dependency 'rspec-stubbed_env' spec.add_development_dependency 'silent_stream' + spec.add_development_dependency 'wwtd' end From 1acf3617b4f9c1f9a562874c97b44cc53fb9c588 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 17 Feb 2022 10:58:47 +0700 Subject: [PATCH 056/645] =?UTF-8?q?=E2=9E=96=20Remove=20rdoc=20in=20favor?= =?UTF-8?q?=20of=20yard?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Gemfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Gemfile b/Gemfile index 8aea0468..76ad3011 100644 --- a/Gemfile +++ b/Gemfile @@ -38,7 +38,6 @@ end ### deps for documentation and rdoc.info group :documentation do gem 'github-markup', platform: :mri - gem 'rdoc' gem 'redcarpet', platform: :mri gem 'yard', require: false end From 7b0a31e7f467414ede718f2da92599962d764c86 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 17 Feb 2022 11:01:02 +0700 Subject: [PATCH 057/645] =?UTF-8?q?=E2=9E=95=20Add=20coveralls=5Freborn=20?= =?UTF-8?q?and=20simplecov-lcov?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Gemfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 76ad3011..d6457b6b 100644 --- a/Gemfile +++ b/Gemfile @@ -23,9 +23,10 @@ platforms :mri do gem 'rubocop-thread_safety', '~> 0.4' end if coverage - gem 'coveralls' - gem 'simplecov' - gem 'simplecov-cobertura' + gem 'coveralls_reborn', '~> 0.23', :require => false + gem 'simplecov', '~> 0.21', :require => false + gem 'simplecov-cobertura' # XML for Jenkins + gem 'simplecov-lcov', '~> 0.8', :require => false end if debug # No need to run byebug / pry on earlier versions From 9b3975e7caa455742f04cf9e0849f98c0cf480c8 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 17 Feb 2022 11:14:06 +0700 Subject: [PATCH 058/645] =?UTF-8?q?=F0=9F=8F=97=EF=B8=8F=20Only=20load=20b?= =?UTF-8?q?yebug=20when=20DEBUG=3Dtrue?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - and ruby is MRI >= 2.5 --- spec/helper.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/spec/helper.rb b/spec/helper.rb index c1bb5cc3..d1acf0fa 100644 --- a/spec/helper.rb +++ b/spec/helper.rb @@ -5,6 +5,8 @@ require 'rspec/stubbed_env' require 'silent_stream' +DEBUG = ENV['DEBUG'] == 'true' + ruby_version = Gem::Version.new(RUBY_VERSION) minimum_version = ->(version) { ruby_version >= Gem::Version.new(version) && RUBY_ENGINE == 'ruby' } coverage = minimum_version.call('2.7') @@ -24,6 +26,8 @@ end end +require 'byebug' if DEBUG && debug + require 'addressable/uri' Faraday.default_adapter = :test From c997937d7c1b3461c8b7ebd8e8bea421254b74c3 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 17 Feb 2022 11:14:40 +0700 Subject: [PATCH 059/645] =?UTF-8?q?=E2=9C=A8=20Proper=20code=20coverage=20?= =?UTF-8?q?setup?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/coverage.yml | 116 ++++++++++++++++++++++++++++++ .github/workflows/supported.yml | 38 +++++----- .github/workflows/unsupported.yml | 29 +++++++- spec/helper.rb | 25 +++++-- 4 files changed, 184 insertions(+), 24 deletions(-) create mode 100644 .github/workflows/coverage.yml diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml new file mode 100644 index 00000000..5194c0f7 --- /dev/null +++ b/.github/workflows/coverage.yml @@ -0,0 +1,116 @@ +name: Code Coverage + +on: + push: + branches: + - 'main' + - 'master' + - '*-maintenance' + - '*-dev' + - '*-stable' + tags: + - '!*' # Do not execute on tags + pull_request: + branches: + - '*' + # Allow manually triggering the workflow. + workflow_dispatch: + +# Cancels all previous workflow runs for the same branch that have not yet completed. +concurrency: + # The concurrency group contains the workflow name and the branch name. + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + test: + name: Specs with Coverage - Ruby ${{ matrix.ruby }} ${{ matrix.name_extra || '' }} + if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + strategy: + fail-fast: false + matrix: + rubygems: + - latest + bundler: + - latest + ruby: + - "2.7" + include: + # Includes a new variable experimental with a value of false + # for the matrix legs matching rubygems: latest, which is all of them. + # This is here for parity with the unsupported.yml + # This is a hack. Combined with continue-on-error it should allow us + # to have a workflow with allowed failure. + # This is the "supported" build matrix, so only the "head" builds are experimental here. + - rubygems: latest + experimental: false + + runs-on: ubuntu-latest + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + steps: + - name: Install cURL Headers + run: sudo apt-get install libcurl4-openssl-dev + + - uses: amancevice/setup-code-climate@v0 + name: CodeClimate Install + if: matrix.ruby == '2.7' && github.event_name != 'pull_request' && always() + with: + cc_test_reporter_id: ${{ secrets.CC_TEST_REPORTER_ID }} + + - name: Checkout + uses: actions/checkout@v2 + + - name: Setup Ruby & Bundle + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + rubygems: ${{ matrix.rubygems }} + bundler: ${{ matrix.bundler }} + bundler-cache: true + + - name: CodeClimate Pre-build Notification + run: cc-test-reporter before-build + if: matrix.ruby == '2.7' && github.event_name != 'pull_request' && always() + continue-on-error: ${{ matrix.experimental != 'false' }} + + - name: Run tests + run: bundle exec rake test + + - name: Code Coverage Summary Report + uses: irongut/CodeCoverageSummary@v1.2.0 + with: + filename: ./coverage/coverage.xml + badge: true + fail_below_min: true + format: markdown + hide_branch_rate: true + hide_complexity: true + indicators: true + output: both + thresholds: '95 97' + continue-on-error: ${{ matrix.experimental != 'false' }} + + - name: Add Coverage PR Comment + uses: marocchino/sticky-pull-request-comment@v2 + if: matrix.ruby == '2.7' && github.event_name == 'pull_request' && always() + with: + recreate: true + path: code-coverage-results.md + continue-on-error: ${{ matrix.experimental != 'false' }} + + - name: Coveralls + uses: coverallsapp/github-action@master + if: matrix.ruby == '2.7' && github.event_name != 'pull_request' && always() + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + continue-on-error: ${{ matrix.experimental != 'false' }} + + - name: CodeCov + uses: codecov/codecov-action@v2 + if: matrix.ruby == '2.7' && github.event_name != 'pull_request' && always() + with: + files: ./coverage/coverage.xml + flags: unittests + name: codecov-upload + fail_ci_if_error: true + continue-on-error: ${{ matrix.experimental != 'false' }} diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml index a99af0b1..62312ed4 100644 --- a/.github/workflows/supported.yml +++ b/.github/workflows/supported.yml @@ -1,4 +1,4 @@ -name: Unit Tests +name: Supported Ruby Unit Tests on: push: @@ -13,6 +13,14 @@ on: pull_request: branches: - '*' + # Allow manually triggering the workflow. + workflow_dispatch: + +# Cancels all previous workflow runs for the same branch that have not yet completed. +concurrency: + # The concurrency group contains the workflow name and the branch name. + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: test: @@ -26,22 +34,26 @@ jobs: bundler: - latest ruby: - - ruby-head - truffleruby-head - truffleruby - jruby-head - jruby - "3.1" - "3.0" - - "2.7" + # - "2.7" tested in coverage workflow + include: + # Includes a new variable experimental with a value of false + # for the matrix legs matching rubygems: latest, which is all of them. + # This is here for parity with the unsupported.yml + # This is a hack. Combined with continue-on-error it should allow us + # to have a workflow with allowed failure. + # This is the "supported" build matrix, so only the "head" builds are experimental here. + - rubygems: latest + experimental: false + runs-on: ubuntu-latest - continue-on-error: ${{ matrix.allow_failure || endsWith(matrix.ruby, 'head') }} + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - - uses: amancevice/setup-code-climate@v0 - name: CodeClimate Install - if: matrix.ruby == '2.7' && github.event_name != 'pull_request' - with: - cc_test_reporter_id: ${{ secrets.CC_TEST_REPORTER_ID }} - name: Checkout uses: actions/checkout@v2 - name: Install cURL Headers @@ -53,13 +65,5 @@ jobs: rubygems: ${{ matrix.rubygems }} bundler: ${{ matrix.bundler }} bundler-cache: true - - name: CodeClimate Pre-build Notification - run: cc-test-reporter before-build - if: matrix.ruby == '2.7' && github.event_name != 'pull_request' - continue-on-error: ${{ matrix.allow_failures != 'false' }} - name: Run tests run: bundle exec rake test - - name: CodeClimate Post-build Notification - run: cc-test-reporter after-build - if: matrix.ruby == '2.7' && github.event_name != 'pull_request' && always() - continue-on-error: ${{ matrix.allow_failures != 'false' }} diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml index 7ffdfe7a..8206a092 100644 --- a/.github/workflows/unsupported.yml +++ b/.github/workflows/unsupported.yml @@ -1,4 +1,4 @@ -name: Unit Tests +name: Unsupported Ruby Unit Tests on: push: @@ -13,6 +13,14 @@ on: pull_request: branches: - '*' + # Allow manually triggering the workflow. + workflow_dispatch: + +# Cancels all previous workflow runs for the same branch that have not yet completed. +concurrency: + # The concurrency group contains the workflow name and the branch name. + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: test: @@ -26,10 +34,27 @@ jobs: bundler: - latest ruby: + - ruby-head - "2.6" - "2.5" + - "2.4" + - "2.3" + - "2.2" + - "2.1" + include: + # Includes a new variable experimental with a value of true + # for the matrix legs matching rubygems: latest, which is all of them. + # This is the "unsupported" build matrix, so only many builds are experimental here. + # Even so, we do want to "support" some of the EOL rubies in the 1.4.x series on a marginal basis. + - ruby: ruby-head + experimental: true + - ruby: "2.1" + experimental: true + - ruby: "2.2" + experimental: true + runs-on: ubuntu-20.04 - continue-on-error: ${{ matrix.allow_failure || endsWith(matrix.ruby, 'head') }} + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - name: Checkout uses: actions/checkout@v2 diff --git a/spec/helper.rb b/spec/helper.rb index d1acf0fa..517007cf 100644 --- a/spec/helper.rb +++ b/spec/helper.rb @@ -14,13 +14,28 @@ if coverage require 'simplecov' - require 'coveralls' - SimpleCov.formatters = SimpleCov::Formatter::MultiFormatter.new([ - SimpleCov::Formatter::HTMLFormatter, - Coveralls::SimpleCov::Formatter, - ]) SimpleCov.start do + if ENV['CI'] + require 'simplecov-lcov' + require 'simplecov-cobertura' + require 'coveralls' + + SimpleCov::Formatter::LcovFormatter.config do |c| + c.report_with_single_file = true + c.single_report_path = 'coverage/lcov.info' + end + + SimpleCov.formatters = [ + SimpleCov::Formatter::HTMLFormatter, + SimpleCov::Formatter::LcovFormatter, + SimpleCov::Formatter::CoberturaFormatter, + Coveralls::SimpleCov::Formatter, + ] + else + formatter SimpleCov::Formatter::HTMLFormatter + end + add_filter '/spec' minimum_coverage(95) end From 2ed97d7aeb364a1f204dca731a03949d0d18861b Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 17 Feb 2022 11:16:58 +0700 Subject: [PATCH 060/645] =?UTF-8?q?=E2=9E=96=20Drop=20unsupported=20rubies?= =?UTF-8?q?=202.1,=202.2,=202.3,=202.4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/unsupported.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml index 8206a092..944a4f9c 100644 --- a/.github/workflows/unsupported.yml +++ b/.github/workflows/unsupported.yml @@ -37,10 +37,6 @@ jobs: - ruby-head - "2.6" - "2.5" - - "2.4" - - "2.3" - - "2.2" - - "2.1" include: # Includes a new variable experimental with a value of true # for the matrix legs matching rubygems: latest, which is all of them. @@ -48,10 +44,6 @@ jobs: # Even so, we do want to "support" some of the EOL rubies in the 1.4.x series on a marginal basis. - ruby: ruby-head experimental: true - - ruby: "2.1" - experimental: true - - ruby: "2.2" - experimental: true runs-on: ubuntu-20.04 continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} From c2fa95a4f2806ea01363efcf215958cba17e9902 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 17 Feb 2022 11:20:47 +0700 Subject: [PATCH 061/645] =?UTF-8?q?=F0=9F=8E=A8=20No=20more=20Hash=20Rocke?= =?UTF-8?q?ts?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Gemfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index d6457b6b..1006ebaf 100644 --- a/Gemfile +++ b/Gemfile @@ -23,10 +23,10 @@ platforms :mri do gem 'rubocop-thread_safety', '~> 0.4' end if coverage - gem 'coveralls_reborn', '~> 0.23', :require => false - gem 'simplecov', '~> 0.21', :require => false + gem 'coveralls_reborn', '~> 0.23', require: false + gem 'simplecov', '~> 0.21', require: false gem 'simplecov-cobertura' # XML for Jenkins - gem 'simplecov-lcov', '~> 0.8', :require => false + gem 'simplecov-lcov', '~> 0.8', require: false end if debug # No need to run byebug / pry on earlier versions From e5ac2b0870677c861d605ddb072ff342e61d137e Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 18 Feb 2022 00:49:41 +0700 Subject: [PATCH 062/645] =?UTF-8?q?=E2=9E=96=20Remove=20Danger=20(Faraday?= =?UTF-8?q?=20incompatibility)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - https://github.com/danger/danger/issues/1349 Signed-off-by: Peter Boling --- .github/workflows/danger.yml | 3 ++- Gemfile | 4 +++- spec/helper.rb | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml index ec98f76c..75cf8529 100644 --- a/.github/workflows/danger.yml +++ b/.github/workflows/danger.yml @@ -10,7 +10,8 @@ on: jobs: danger: runs-on: ubuntu-latest - if: github.event_name == 'pull_request' # if only run pull request when multiple trigger workflow + if: false + # if: github.event_name == 'pull_request' # if only run pull request when multiple trigger workflow strategy: fail-fast: false matrix: diff --git a/Gemfile b/Gemfile index 1006ebaf..3f772901 100644 --- a/Gemfile +++ b/Gemfile @@ -13,7 +13,9 @@ platforms :mri do coverage = minimum_version.call('2.7') debug = minimum_version.call('2.5') if linting - gem 'danger', '~> 8.4' + # Danger is incompatible with Faraday 2 (for now) + # see: https://github.com/danger/danger/issues/1349 + # gem 'danger', '~> 8.4' gem 'rubocop', '~> 1.22' gem 'rubocop-md', '~> 1.0' gem 'rubocop-packaging', '~> 0.5' diff --git a/spec/helper.rb b/spec/helper.rb index 517007cf..fdee7c8e 100644 --- a/spec/helper.rb +++ b/spec/helper.rb @@ -16,7 +16,7 @@ require 'simplecov' SimpleCov.start do - if ENV['CI'] + if ENV['CI'] || ENV['CODECOV'] require 'simplecov-lcov' require 'simplecov-cobertura' require 'coveralls' From 5587957c7738001cd57e943ae84b4f215e987e57 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 18 Feb 2022 11:50:06 +0700 Subject: [PATCH 063/645] =?UTF-8?q?=E2=9C=A8=20Add=20Security=20Policy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- SECURITY.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..9e7d133b --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,15 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | +|--------------|-----------| +| 2.0. | ✅ | +| 1.4. | ✅ | +| older | ⛔️ | + +## Reporting a Vulnerability + +Peter Boling is the primary maintainer of this gem. Please find a way +to [contact him directly](https://railsbling.com/contact) to report the issue. Include as much relevant information as +possible. From 31bccc4d0e24857256de4a33caea8c1d942fea0f Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 18 Feb 2022 11:50:37 +0700 Subject: [PATCH 064/645] =?UTF-8?q?=E2=9C=A8=20The=20Best=20Badges?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 215 +++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 166 insertions(+), 49 deletions(-) diff --git a/README.md b/README.md index 361d1c56..989f99fa 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@

- OAuth 2.0 Logo by Chris Messina + OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0 Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 @@ -15,15 +15,21 @@ OAuth 2.0 focuses on client developer simplicity while providing specific author This is a RubyGem for implementing OAuth 2.0 clients and servers in Ruby applications. See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. -⚠️ **_WARNING_**: You are viewing the `README` of the master branch which contains unreleased changes for version 2.0.0. ⚠️ +⚠️ **_WARNING_**: You are viewing the `README` of the master branch which contains +unreleased changes for version 2.0.0. ⚠️ --- -* [OAuth 2.0 Spec](http://oauth.net/2/) -* [OAuth 1.0 sibling gem](https://github.com/oauth-xx/oauth-ruby) -* Help us reach the [2.0.0 release milestone](https://github.com/oauth-xx/oauth2/milestone/1) by submitting PRs, or reviewing PRs and issues. -* Oauth2 gem is _always_ looking for additional maintainers. See [#307](https://github.com/oauth-xx/oauth2/issues/307). +* [OAuth 2.0 Spec][oauth2-spec] +* [OAuth 1.0 sibling gem][sibling-gem] +* Help us reach the [![2.0.0 release milestone][next-milestone-pct-img]][next-milestone-pct] by submitting or reviewing PRs and issues. +* Oauth2 gem is _always_ looking for additional maintainers. See [#307][maintainers-discussion]. +[oauth2-spec]: https://oauth.net/2/ +[sibling-gem]: https://github.com/oauth-xx/oauth-ruby +[next-milestone-pct]: https://github.com/oauth-xx/oauth2/milestone/1 +[next-milestone-pct-img]: https://img.shields.io/github/milestones/progress-percent/oauth-xx/oauth2/1 +[maintainers-discussion]: https://github.com/oauth-xx/oauth2/issues/307 ## Release Documentation @@ -74,53 +80,173 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. | < 1.0.0 | Find here | https://github.com/oauth-xx/oauth2/tags | + + +| | Project | oauth2 | +|:----|-----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] | +| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-open-img]][🖐prs-open] [![Closed PRs][🧮prs-closed-img]][🧮prs-closed] | +| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img]][🏘depfu] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] | +| 4️⃣ | testing | [![Build][⛳️tot-bld-img]][⛳️tot-bld] [![supported][🖇supported-wf-img]][🖇supported-wf] [![EOL & Code Coverage Build][🏘eol-wf-img]][🏘eol-wf] [![unsupported][🚎unsupported-wf-img]][🚎unsupported-wf] | +| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img]][⛳cclim-cov] [![CodeCov][🖇codecov-img]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img])][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] | +| 7️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | +| 8️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] | + + + + +[⛳️gem]: https://rubygems.org/gems/oauth2 +[⛳️name-img]: https://img.shields.io/badge/name-oauth2-brightgreen.svg?style=flat +[🖇src-license]: https://opensource.org/licenses/MIT +[🖇src-license-img]: https://img.shields.io/badge/License-MIT-green.svg +[🏘fossa]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_shield +[🏘fossa-img]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=shield +[🚎yard]: https://www.rubydoc.info/github/oauth-xx/oauth2 +[🚎yard-img]: https://img.shields.io/badge/documentation-rubydoc-brightgreen.svg?style=flat +[🖐inch-ci-img]: http://inch-ci.org/github/oauth-xx/oauth2.png + + +[⛳️version-img]: http://img.shields.io/gem/v/oauth2.svg +[🖇DL-total-img]: https://img.shields.io/gem/dt/oauth2.svg +[🏘DL-rank-img]: https://img.shields.io/gem/rt/oauth2.svg +[🚎src-home]: https://github.com/oauth-xx/oauth2 +[🚎src-home-img]: https://img.shields.io/badge/source-github-brightgreen.svg?style=flat +[🖐prs-open]: https://github.com/oauth-xx/oauth2/pulls +[🖐prs-open-img]: https://img.shields.io/github/issues-pr/oauth-xx/oauth2 +[🧮prs-closed]: https://github.com/oauth-xx/oauth2/pulls?q=is%3Apr+is%3Aclosed +[🧮prs-closed-img]: https://img.shields.io/github/issues-pr-closed/oauth-xx/oauth2 + + +[⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability +[⛳cclim-maint-img]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability +[🖇triage-help]: https://www.codetriage.com/oauth-xx/oauth2 +[🖇triage-help-img]: https://www.codetriage.com/oauth-xx/oauth2/badges/users.svg +[🏘depfu]: https://depfu.com/github/oauth-xx/oauth2?project_id=4445 +[🏘depfu-img]: https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg +[🚎contributors]: https://github.com/oauth-xx/oauth2/graphs/contributors +[🚎contributors-img]: https://img.shields.io/github/contributors-anon/oauth-xx/oauth2 +[🖐style-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/style.yml +[🖐style-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/style.yml/badge.svg + + +[⛳️tot-bld]: https://actions-badge.atrox.dev/oauth-xx/oauth2/goto +[⛳️tot-bld-img]: https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2Foauth-xx%2Foauth2%2Fbadge&style=flat +[🖇supported-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml +[🖇supported-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml/badge.svg +[🏘eol-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml +[🏘eol-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml/badge.svg +[🚎unsupported-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml +[🚎unsupported-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml/badge.svg +[🖐issues]: https://github.com/oauth-xx/oauth2/issues +[🖐issues-img]: https://github.com/oauth-xx/oauth2/issues + + +[⛳cclim-cov]: https://codeclimate.com/github/oauth-xx/oauth2/test_coverage +[⛳cclim-cov-img]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/test_coverage +[🖇codecov-img]: https://codecov.io/gh/oauth-xx/oauth2/branch/master/graph/badge.svg?token=bNqSzNiuo2 +[🖇codecov]: https://codecov.io/gh/oauth-xx/oauth2 +[🏘coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=master +[🏘coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth2/badge.svg?branch=master +[🚎sec-pol]: SECURITY.md +[🚎sec-pol-img]: https://img.shields.io/badge/security-policy-brightgreen.svg?style=flat +[🖐codeQL]: https://github.com/oauth-xx/oauth2/security/code-scanning +[🖐codeQL-img]: https://github.com/oauth-xx/oauth2/actions/workflows/codeql-analysis.yml/badge.svg + + +[⛳gh-discussions]: https://github.com/oauth-xx/oauth2/discussions +[⛳gh-discussions-img]: https://img.shields.io/github/discussions/oauth-xx/oauth2 +[🖇codementor]: https://www.codementor.io/peterboling?utm_source=github&utm_medium=button&utm_term=peterboling&utm_campaign=github +[🖇codementor-img]: https://cdn.codementor.io/badges/get_help_github.svg +[🏘chat]: https://gitter.im/oauth-xx/oauth2 +[🏘chat-img]: https://img.shields.io/gitter/room/oauth-xx/oauth2.svg +[🚎blog]: http://www.railsbling.com/tags/oauth2/ +[🚎blog-img]: https://img.shields.io/badge/blog-railsbling-brightgreen.svg?style=flat +[🖐wiki]: https://github.com/oauth-xx/oauth2/wiki +[🖐wiki-img]: https://img.shields.io/badge/wiki-examples-brightgreen.svg?style=flat + + +[⛳liberapay-img]: https://img.shields.io/liberapay/patrons/pboling.svg?logo=liberapay +[⛳liberapay]: https://liberapay.com/pboling/donate +[🖇sponsor-img]: https://img.shields.io/badge/sponsor-pboling.svg?style=social&logo=github +[🖇sponsor]: https://github.com/sponsors/pboling +[🏘tweet-img]: https://img.shields.io/twitter/follow/galtzo.svg?style=social&label=Follow +[🏘tweet]: http://twitter.com/galtzo + + +[railsbling]: http://www.railsbling.com +[peterboling]: http://www.peterboling.com +[aboutme]: https://about.me/peter.boling +[angelme]: https://angel.co/peter-boling +[coderme]:http://coderwall.com/pboling +[politicme]: https://nationalprogressiveparty.org -[![Gem Version](http://img.shields.io/gem/v/oauth2.svg)][gem] -[![Total Downloads](https://img.shields.io/gem/dt/oauth2.svg)][gem] -[![Downloads Today](https://img.shields.io/gem/rt/oauth2.svg)][gem] -[![Build Status](http://img.shields.io/travis/oauth-xx/oauth2.svg)][travis] -[![Build Status](https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2Foauth-xx%2Foauth2%2Fbadge&style=flat)][github-actions] -[![Test Coverage](https://api.codeclimate.com/v1/badges/688c612528ff90a46955/test_coverage)][codeclimate-coverage] -[![Maintainability](https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability)][codeclimate-maintainability] -[![Depfu](https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg)][depfu] -[![Open Source Helpers](https://www.codetriage.com/oauth-xx/oauth2/badges/users.svg)][code-triage] -[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)][source-license] -[![Documentation](http://inch-ci.org/github/oauth-xx/oauth2.png)][inch-ci] -[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=shield)][fossa1] - -[gem]: https://rubygems.org/gems/oauth2 -[travis]: https://travis-ci.org/oauth-xx/oauth2 -[github-actions]: https://actions-badge.atrox.dev/oauth-xx/oauth2/goto -[coveralls]: https://coveralls.io/r/oauth-xx/oauth2 -[codeclimate-maintainability]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability -[codeclimate-coverage]: https://codeclimate.com/github/oauth-xx/oauth2/test_coverage -[depfu]: https://depfu.com/github/oauth-xx/oauth2 -[source-license]: https://opensource.org/licenses/MIT -[inch-ci]: http://inch-ci.org/github/oauth-xx/oauth2 -[code-triage]: https://www.codetriage.com/oauth-xx/oauth2 -[fossa1]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_shield ## Installation - gem install oauth2 +```shell +gem install oauth2 +``` + +Or inside a `Gemfile` -Or inside Gemfile +```ruby +gem 'oauth2' +``` +And then execute in a shell: +```shell +bundle +``` - gem 'oauth2' ## Compatibility Targeted ruby compatibility is non-EOL versions of Ruby, currently 2.7, 3.0 and 3.1. Compatibility is further distinguished by supported and unsupported versions of Ruby. -Ruby is limited to 2.2+ in the gemspec. The `master` branch currently targets 2.0.x releases. +Ruby is limited to 2.2+ for 2.x releases. See `1-4-stable` branch for older rubies. -| Ruby OAuth 2 Version | Maintenance Branch | Officially Supported Rubies | Unofficially Supported Rubies | -|----------------------|--------------------|-----------------------------|-------------------------------| -| 2.0.x (unreleased) | `master` | 2.7, 3.0, 3.1 | 2.6, 2.5 | -| 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | -| older | N/A | Best of luck to you! | Please upgrade! | +

+ Ruby Engine Compatibility + +This gem is tested against MRI, JRuby, and Truffleruby. +Each of those has varying versions that target a specific version of MRI Ruby. +This gem should work in the just-listed Ruby engines according to the targeted MRI compatibility in the table below. +If you would like to add support for additional engines, + first make sure Github Actions supports the engine, + then submit a PR to the correct maintenance branch as according to the table below. +
+ +| Ruby OAuth 2 Version | Maintenance Branch | Supported Officially | Supported Unofficially | Supported Incidentally | +|----------------------|--------------------|-------------------------|-------------------------------------------------| +| 2.0.x (unreleased) | `master` | 2.7, 3.0, 3.1 | 2.6, 2.5 | 2.4, 2.3, 2.2 | +| 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 2.0, 1.9 | +| older | N/A | Best of luck to you! | Please upgrade! | | NOTE: Once 2.0 is released, the 1.4 series will only receive critical bug and security updates. +See [SECURITY.md][🚎sec-pol]
Ruby Compatibility Policy @@ -139,15 +265,6 @@ fashion. If critical issues for a particular implementation exist at the time of a major release, support for that Ruby version may be dropped.
-## Resources -* [View Source on GitHub][code] -* [Report Issues on GitHub][issues] -* [Read More at the Wiki][wiki] - -[code]: https://github.com/oauth-xx/oauth2 -[issues]: https://github.com/oauth-xx/oauth2/issues -[wiki]: https://github.com/oauth-xx/oauth2/wiki - ## Usage Examples ```ruby @@ -273,7 +390,7 @@ spec.add_dependency 'oauth2', '~> 1.4' ## License -[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)][source-license] +[![License: MIT][🖇src-license-img]][🖇src-license] - Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc. - Copyright (c) 2017-2018 [oauth-xx organization][oauth-xx] From fb03beb81670b587c89ca298f94720b2864280be Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 18 Feb 2022 12:10:04 +0700 Subject: [PATCH 065/645] =?UTF-8?q?=F0=9F=93=84=20Update=20Copyright?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- LICENSE | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/LICENSE b/LICENSE index 96eb4e8f..0d3a82cd 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ MIT License Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc. -Copyright (c) 2017 - 2021 oauth-xx organization, https://github.com/oauth-xx +Copyright (c) 2017 - 2022 oauth-xx organization, https://github.com/oauth-xx Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 989f99fa..22cdd659 100644 --- a/README.md +++ b/README.md @@ -393,7 +393,7 @@ spec.add_dependency 'oauth2', '~> 1.4' [![License: MIT][🖇src-license-img]][🖇src-license] - Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc. -- Copyright (c) 2017-2018 [oauth-xx organization][oauth-xx] +- Copyright (c) 2017-2022 [oauth-xx organization][oauth-xx] - See [LICENSE][license] for details. [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=large)][fossa2] From 0c7cc9782e1d8d71f0e990b08e52b28bad1eec07 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 18 Feb 2022 12:11:22 +0700 Subject: [PATCH 066/645] =?UTF-8?q?=F0=9F=9A=9A=20Fix=20resource=20paths?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 22cdd659..92e416ec 100644 --- a/README.md +++ b/README.md @@ -171,7 +171,7 @@ The link tokens in the following sections should be kept ordered by the row and [🖇codecov]: https://codecov.io/gh/oauth-xx/oauth2 [🏘coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=master [🏘coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth2/badge.svg?branch=master -[🚎sec-pol]: SECURITY.md +[🚎sec-pol]: https://github.com/oauth-xx/oauth2/blob/master/SECURITY.md [🚎sec-pol-img]: https://img.shields.io/badge/security-policy-brightgreen.svg?style=flat [🖐codeQL]: https://github.com/oauth-xx/oauth2/security/code-scanning [🖐codeQL-img]: https://github.com/oauth-xx/oauth2/actions/workflows/codeql-analysis.yml/badge.svg @@ -398,7 +398,7 @@ spec.add_dependency 'oauth2', '~> 1.4' [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=large)][fossa2] -[license]: LICENSE +[license]: https://github.com/oauth-xx/oauth2/blob/master/LICENSE [oauth-xx]: https://github.com/oauth-xx [fossa2]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_large From 683f0e9eead2e1595959d12f2fb3ac888a2d1ef3 Mon Sep 17 00:00:00 2001 From: "depfu[bot]" <23717796+depfu[bot]@users.noreply.github.com> Date: Thu, 17 Feb 2022 22:14:55 -0700 Subject: [PATCH 067/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20Update=20Ruby=20to?= =?UTF-8?q?=20version=203.1.0=20(#571)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: depfu[bot] <23717796+depfu[bot]@users.noreply.github.com> --- .ruby-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ruby-version b/.ruby-version index 24ba9a38..fd2a0186 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.7.0 +3.1.0 From 0904373345458cc4d9889be93f92246f4a92e956 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 18 Feb 2022 12:16:55 +0700 Subject: [PATCH 068/645] =?UTF-8?q?=F0=9F=9A=9A=20Fix=20numbering?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 92e416ec..c913da02 100644 --- a/README.md +++ b/README.md @@ -111,8 +111,8 @@ badge #s: | 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img]][🏘depfu] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] | | 4️⃣ | testing | [![Build][⛳️tot-bld-img]][⛳️tot-bld] [![supported][🖇supported-wf-img]][🖇supported-wf] [![EOL & Code Coverage Build][🏘eol-wf-img]][🏘eol-wf] [![unsupported][🚎unsupported-wf-img]][🚎unsupported-wf] | | 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img]][⛳cclim-cov] [![CodeCov][🖇codecov-img]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img])][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] | -| 7️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | -| 8️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] | +| 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | +| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] | + [⛳gh-discussions]: https://github.com/oauth-xx/oauth2/discussions [⛳gh-discussions-img]: https://img.shields.io/github/discussions/oauth-xx/oauth2 [🖇codementor]: https://www.codementor.io/peterboling?utm_source=github&utm_medium=button&utm_term=peterboling&utm_campaign=github @@ -188,7 +188,7 @@ The link tokens in the following sections should be kept ordered by the row and [🖐wiki]: https://github.com/oauth-xx/oauth2/wiki [🖐wiki-img]: https://img.shields.io/badge/wiki-examples-brightgreen.svg?style=flat - + [⛳liberapay-img]: https://img.shields.io/liberapay/patrons/pboling.svg?logo=liberapay [⛳liberapay]: https://liberapay.com/pboling/donate [🖇sponsor-img]: https://img.shields.io/badge/sponsor-pboling.svg?style=social&logo=github From 082294ba0d0ed4047573f653671684b9b67d6211 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 18 Feb 2022 12:25:02 +0700 Subject: [PATCH 069/645] =?UTF-8?q?=E2=9C=A8=20Ruby=20Version=20and=20Engi?= =?UTF-8?q?ne=20Policies?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index c913da02..c5239d7f 100644 --- a/README.md +++ b/README.md @@ -229,7 +229,7 @@ Targeted ruby compatibility is non-EOL versions of Ruby, currently 2.7, 3.0 and Ruby is limited to 2.2+ for 2.x releases. See `1-4-stable` branch for older rubies.
- Ruby Engine Compatibility + Ruby Engine Compatibility Policy This gem is tested against MRI, JRuby, and Truffleruby. Each of those has varying versions that target a specific version of MRI Ruby. @@ -239,17 +239,8 @@ If you would like to add support for additional engines, then submit a PR to the correct maintenance branch as according to the table below.
-| Ruby OAuth 2 Version | Maintenance Branch | Supported Officially | Supported Unofficially | Supported Incidentally | -|----------------------|--------------------|-------------------------|-------------------------------------------------| -| 2.0.x (unreleased) | `master` | 2.7, 3.0, 3.1 | 2.6, 2.5 | 2.4, 2.3, 2.2 | -| 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 2.0, 1.9 | -| older | N/A | Best of luck to you! | Please upgrade! | | - -NOTE: Once 2.0 is released, the 1.4 series will only receive critical bug and security updates. -See [SECURITY.md][🚎sec-pol] -
- Ruby Compatibility Policy + Ruby Version Compatibility Policy If something doesn't work on one of these interpreters, it's a bug. @@ -265,6 +256,15 @@ fashion. If critical issues for a particular implementation exist at the time of a major release, support for that Ruby version may be dropped.
+| | Ruby OAuth 2 Version | Maintenance Branch | Supported Officially | Supported Unofficially | Supported Incidentally | +|:----|----------------------|--------------------|-------------------------|------------------------|------------------------| +| 1️⃣ | 2.0.x (unreleased) | `master` | 2.7, 3.0, 3.1 | 2.6, 2.5 | 2.4, 2.3, 2.2 | +| 2️⃣ | 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 2.0, 1.9 | +| 3️⃣ | older | N/A | Best of luck to you! | Please upgrade! | | + +NOTE: Once 2.0 is released, the 1.4 series will only receive critical bug and security updates. +See [SECURITY.md][🚎sec-pol] + ## Usage Examples ```ruby From 7a75cf2360f31431eb862203eda783ebb64c4695 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 18 Feb 2022 12:38:51 +0700 Subject: [PATCH 070/645] =?UTF-8?q?=E2=9C=A8=20Add=20Kloc=20Roll?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index c5239d7f..8a429c97 100644 --- a/README.md +++ b/README.md @@ -104,15 +104,15 @@ badge #s: 📗 --> -| | Project | oauth2 | -|:----|-----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] | -| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-open-img]][🖐prs-open] [![Closed PRs][🧮prs-closed-img]][🧮prs-closed] | -| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img]][🏘depfu] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] | -| 4️⃣ | testing | [![Build][⛳️tot-bld-img]][⛳️tot-bld] [![supported][🖇supported-wf-img]][🖇supported-wf] [![EOL & Code Coverage Build][🏘eol-wf-img]][🏘eol-wf] [![unsupported][🚎unsupported-wf-img]][🚎unsupported-wf] | -| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img]][⛳cclim-cov] [![CodeCov][🖇codecov-img]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img])][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] | -| 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | -| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] | +| | Project | oauth2 | +|:----|-----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] | +| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-open-img]][🖐prs-open] [![Closed PRs][🧮prs-closed-img]][🧮prs-closed] | +| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img]][🏘depfu] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] | +| 4️⃣ | testing | [![Build][⛳️tot-bld-img]][⛳️tot-bld] [![supported][🖇supported-wf-img]][🖇supported-wf] [![EOL & Code Coverage Build][🏘eol-wf-img]][🏘eol-wf] [![unsupported][🚎unsupported-wf-img]][🚎unsupported-wf] | +| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img]][⛳cclim-cov] [![CodeCov][🖇codecov-img]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img])][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] | +| 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | +| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] | [⛳️tot-bld]: https://actions-badge.atrox.dev/oauth-xx/oauth2/goto From 15208bac17f7cf92565a6edce846d4bdf72c1c56 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 18 Feb 2022 12:51:05 +0700 Subject: [PATCH 071/645] =?UTF-8?q?=F0=9F=9A=A8=20Lint=20Fixes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .rubocop.yml | 1 + README.md | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.rubocop.yml b/.rubocop.yml index 1b266cac..5760daa2 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -12,6 +12,7 @@ require: AllCops: NewCops: enable DisplayCopNames: true # Display the name of the failing cops + TargetRubyVersion: 2.5 Exclude: - 'gemfiles/vendor/**/*' - 'vendor/**/*' diff --git a/README.md b/README.md index 8a429c97..348ce398 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ OAuth 2.0 focuses on client developer simplicity while providing specific author This is a RubyGem for implementing OAuth 2.0 clients and servers in Ruby applications. See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. -⚠️ **_WARNING_**: You are viewing the `README` of the master branch which contains +⚠️ **_WARNING_**: You are viewing the `README` of the master branch which contains unreleased changes for version 2.0.0. ⚠️ --- @@ -236,7 +236,7 @@ Ruby is limited to 2.2+ for 2.x releases. See `1-4-stable` branch for older rubi This gem is tested against MRI, JRuby, and Truffleruby. Each of those has varying versions that target a specific version of MRI Ruby. This gem should work in the just-listed Ruby engines according to the targeted MRI compatibility in the table below. -If you would like to add support for additional engines, +If you would like to add support for additional engines, first make sure Github Actions supports the engine, then submit a PR to the correct maintenance branch as according to the table below. From 20e67fcce8f2475c366d72727f6d677ee2d287e1 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 18 Feb 2022 12:55:31 +0700 Subject: [PATCH 072/645] =?UTF-8?q?=F0=9F=92=9A=20Swap=20around=20head=20b?= =?UTF-8?q?uilds?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/supported.yml | 4 +--- .github/workflows/unsupported.yml | 4 +++- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml index 62312ed4..6b1e89cc 100644 --- a/.github/workflows/supported.yml +++ b/.github/workflows/supported.yml @@ -34,9 +34,7 @@ jobs: bundler: - latest ruby: - - truffleruby-head - - truffleruby - - jruby-head + - ruby-head - jruby - "3.1" - "3.0" diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml index 944a4f9c..e2002c9c 100644 --- a/.github/workflows/unsupported.yml +++ b/.github/workflows/unsupported.yml @@ -34,7 +34,9 @@ jobs: bundler: - latest ruby: - - ruby-head + - truffleruby-head + - truffleruby + - jruby-head - "2.6" - "2.5" include: From 6d055c11c3efa0246263a6541d4befc0fac28e8b Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 18 Feb 2022 13:16:49 +0700 Subject: [PATCH 073/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 348ce398..8f75713e 100644 --- a/README.md +++ b/README.md @@ -104,15 +104,15 @@ badge #s: 📗 --> -| | Project | oauth2 | -|:----|-----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] | -| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-open-img]][🖐prs-open] [![Closed PRs][🧮prs-closed-img]][🧮prs-closed] | +| | Project | oauth2 | +|:----|-----------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] | +| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-open-img]][🖐prs-open] [![Closed PRs][🧮prs-closed-img]][🧮prs-closed] | | 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img]][🏘depfu] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] | -| 4️⃣ | testing | [![Build][⛳️tot-bld-img]][⛳️tot-bld] [![supported][🖇supported-wf-img]][🖇supported-wf] [![EOL & Code Coverage Build][🏘eol-wf-img]][🏘eol-wf] [![unsupported][🚎unsupported-wf-img]][🚎unsupported-wf] | -| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img]][⛳cclim-cov] [![CodeCov][🖇codecov-img]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img])][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] | -| 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | -| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] | +| 4️⃣ | testing | [![Build][⛳️tot-bld-img]][⛳️tot-bld] [![supported][🖇supported-wf-img]][🖇supported-wf] [![EOL & Code Coverage Build][🏘eol-wf-img]][🏘eol-wf] [![unsupported][🚎unsupported-wf-img]][🚎unsupported-wf] | +| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img]][⛳cclim-cov] [![CodeCov][🖇codecov-img]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] | +| 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | +| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] | -| | Project | oauth2 | -|:----|-----------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] | -| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-open-img]][🖐prs-open] [![Closed PRs][🧮prs-closed-img]][🧮prs-closed] | -| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img]][🏘depfu] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] | -| 4️⃣ | testing | [![Build][⛳️tot-bld-img]][⛳️tot-bld] [![supported][🖇supported-wf-img]][🖇supported-wf] [![EOL & Code Coverage Build][🏘eol-wf-img]][🏘eol-wf] [![unsupported][🚎unsupported-wf-img]][🚎unsupported-wf] | -| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img]][⛳cclim-cov] [![CodeCov][🖇codecov-img]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] | -| 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | -| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] | +| | Project | oauth2 | +|:----|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] | +| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-o-img]][🖐prs-o] [![Closed PRs][🧮prs-c-img]][🧮prs-c] [![Next Version][📗next-img]][📗next] | +| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img]][🏘depfu] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] | +| 4️⃣ | testing | [![Open Issues][⛳iss-o-img]][⛳iss-o] [![Closed Issues][🖇iss-c-img]][🖇iss-c] [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] | +| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img]][⛳cclim-cov] [![CodeCov][🖇codecov-img]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🏘cov-wf-img]][🏘cov-wf] | +| 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | +| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] | [⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability @@ -157,16 +159,20 @@ The link tokens in the following sections should be kept ordered by the row and [🧮kloc-img]: https://img.shields.io/tokei/lines/github.com/oauth-xx/oauth2 -[⛳️tot-bld]: https://actions-badge.atrox.dev/oauth-xx/oauth2/goto -[⛳️tot-bld-img]: https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2Foauth-xx%2Foauth2%2Fbadge&style=flat -[🖇supported-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml -[🖇supported-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml/badge.svg -[🏘eol-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml -[🏘eol-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml/badge.svg -[🚎unsupported-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml -[🚎unsupported-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml/badge.svg -[🖐issues]: https://github.com/oauth-xx/oauth2/issues -[🖐issues-img]: https://github.com/oauth-xx/oauth2/issues +[⛳iss-o]: https://github.com/oauth-xx/oauth2/issues +[⛳iss-o-img]: https://img.shields.io/github/issues-raw/oauth-xx/oauth2 +[🖇iss-c]: https://github.com/oauth-xx/oauth2/issues?q=is%3Aissue+is%3Aclosed +[🖇iss-c-img]: https://img.shields.io/github/issues-closed-raw/oauth-xx/oauth2 +[🏘sup-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml +[🏘sup-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml/badge.svg +[🚎heads-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/heads.yml +[🚎heads-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/heads.yml/badge.svg +[🖐uns-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml +[🖐uns-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml/badge.svg +[🧮mac-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/macos.yml +[🧮mac-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/macos.yml/badge.svg +[📗win-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/windows.yml +[📗win-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/windows.yml/badge.svg [⛳cclim-cov]: https://codeclimate.com/github/oauth-xx/oauth2/test_coverage @@ -179,6 +185,8 @@ The link tokens in the following sections should be kept ordered by the row and [🚎sec-pol-img]: https://img.shields.io/badge/security-policy-brightgreen.svg?style=flat [🖐codeQL]: https://github.com/oauth-xx/oauth2/security/code-scanning [🖐codeQL-img]: https://github.com/oauth-xx/oauth2/actions/workflows/codeql-analysis.yml/badge.svg +[🧮cov-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml +[🧮cov-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml/badge.svg [⛳gh-discussions]: https://github.com/oauth-xx/oauth2/discussions From b6b51c9782898f63e31417c69ebce44d784dee92 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Mon, 21 Feb 2022 00:54:20 +0700 Subject: [PATCH 094/645] =?UTF-8?q?=F0=9F=93=9D=20Badge=20Fixes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 300effdf..8b9f817a 100644 --- a/README.md +++ b/README.md @@ -112,7 +112,7 @@ badge #s: | 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-o-img]][🖐prs-o] [![Closed PRs][🧮prs-c-img]][🧮prs-c] [![Next Version][📗next-img]][📗next] | | 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img]][🏘depfu] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] | | 4️⃣ | testing | [![Open Issues][⛳iss-o-img]][⛳iss-o] [![Closed Issues][🖇iss-c-img]][🖇iss-c] [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] | -| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img]][⛳cclim-cov] [![CodeCov][🖇codecov-img]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🏘cov-wf-img]][🏘cov-wf] | +| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img]][⛳cclim-cov] [![CodeCov][🖇codecov-img]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] | | 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | | 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] | From 074dedadbb22eee801514c2d1dcb21a02c7db208 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Mon, 21 Feb 2022 01:42:33 +0700 Subject: [PATCH 095/645] =?UTF-8?q?=E2=9E=95=20Proper=20backports=20setup?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- oauth2.gemspec | 1 + spec/ext/backports.rb | 3 +++ spec/spec_helper.rb | 3 +++ 3 files changed, 7 insertions(+) create mode 100644 spec/ext/backports.rb diff --git a/oauth2.gemspec b/oauth2.gemspec index 558a5c6d..f240bc04 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -39,6 +39,7 @@ Gem::Specification.new do |spec| spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } spec.add_development_dependency 'addressable', '>= 2' + spec.add_development_dependency 'backports', '>= 3' spec.add_development_dependency 'bundler', '>= 2' spec.add_development_dependency 'rake', '>= 12' spec.add_development_dependency 'rexml', '>= 3' diff --git a/spec/ext/backports.rb b/spec/ext/backports.rb new file mode 100644 index 00000000..e79eb61f --- /dev/null +++ b/spec/ext/backports.rb @@ -0,0 +1,3 @@ +# frozen_string_literal: true + +require 'backports/2.5.0/hash/transform_keys' \ No newline at end of file diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 8d7fe532..0b75fcf2 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -7,6 +7,9 @@ require 'addressable/uri' require 'rspec/pending_for' +# Extensions +require 'ext/backports' + DEBUG = ENV['DEBUG'] == 'true' RUN_COVERAGE = ENV['CI_CODECOV'] || ENV['CI'].nil? From d5ac7260ed4860f8a5bfa7dc0f531d0a2a2a002a Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Mon, 21 Feb 2022 01:48:55 +0700 Subject: [PATCH 096/645] =?UTF-8?q?=F0=9F=9A=A8=20Lint=20fixes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- spec/ext/backports.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/ext/backports.rb b/spec/ext/backports.rb index e79eb61f..5811858b 100644 --- a/spec/ext/backports.rb +++ b/spec/ext/backports.rb @@ -1,3 +1,3 @@ # frozen_string_literal: true -require 'backports/2.5.0/hash/transform_keys' \ No newline at end of file +require 'backports/2.5.0/hash/transform_keys' From db23ea24e048c55837d2df7f630b0bcaa5525812 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Mon, 21 Feb 2022 01:53:54 +0700 Subject: [PATCH 097/645] =?UTF-8?q?=F0=9F=8E=A8=20Normalize=20Compat=20Tab?= =?UTF-8?q?le?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8b9f817a..efbca1ad 100644 --- a/README.md +++ b/README.md @@ -270,8 +270,8 @@ of a major release, support for that Ruby version may be dropped. | | Ruby OAuth 2 Version | Maintenance Branch | Supported Officially | Supported Unofficially | Supported Incidentally | |:----|----------------------|--------------------|-------------------------|------------------------|------------------------| -| 1️⃣ | 2.0.x (unreleased) | `master` | 2.7, 3.0, 3.1 | 2.6, 2.5 | 2.4, 2.3, 2.2 | -| 2️⃣ | 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 2.0, 1.9 | +| 1️⃣ | 2.0.x (unreleased) | `master` | 2.7, 3.0, 3.1 | 2.5, 2.6 | 2.2, 2.3, 2.4 | +| 2️⃣ | 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 1.9, 2.0 | | 3️⃣ | older | N/A | Best of luck to you! | Please upgrade! | | NOTE: Once 2.0 is released, the 1.4 series will only receive critical bug and security updates. From b944da54cd70487c06d7252b9e4e7948eae56e73 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Sun, 20 Feb 2022 19:34:52 -0700 Subject: [PATCH 098/645] =?UTF-8?q?=F0=9F=94=80=20=E2=9C=A8=20IETF=20RFC?= =?UTF-8?q?=207231=20Section=207.1.2=20-=20handle=20relative=20location=20?= =?UTF-8?q?in=20redirect=20(#575)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * ✨ Support IETF RFC 7231 - Handle relative location in a 301 redirect. Signed-off-by: Peter Boling * ✅ Test for IETF RFC 7231 Section 7.1.2 - Handle relative location in a 301 redirect. Signed-off-by: Peter Boling * 🚑️ Fix SnakyHash and add tests. Pending Signed-off-by: Peter Boling * 🚑️ Fix SnakyHash by subclassing Hashie::Mash::Rash (from rash_alt) Signed-off-by: Peter Boling * 🚨 Lint fixes Signed-off-by: Peter Boling * 🧐 Pend spec on Windows due to missing /dev/null Signed-off-by: Peter Boling * 🔥 Remove test depending on /dev/null Signed-off-by: Peter Boling Co-authored-by: James Cowlishaw --- .rubocop_todo.yml | 7 +- Gemfile | 19 ++-- lib/oauth2.rb | 3 + lib/oauth2/client.rb | 6 +- lib/oauth2/response.rb | 2 +- lib/oauth2/snaky_hash.rb | 36 +------ oauth2.gemspec | 1 + spec/oauth2/client_spec.rb | 21 +--- spec/oauth2/response_spec.rb | 129 ++++++++++++++++++------- spec/oauth2/snaky_hash_spec.rb | 45 ++++----- spec/oauth2/strategy/assertion_spec.rb | 2 +- spec/spec_helper.rb | 11 ++- 12 files changed, 157 insertions(+), 125 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 86432c6c..383e38e5 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,6 +1,6 @@ # This configuration was generated by # `rubocop --auto-gen-config` -# on 2022-02-20 14:23:47 UTC using RuboCop version 1.25.1. +# on 2022-02-20 19:05:12 UTC using RuboCop version 1.25.1. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new @@ -16,7 +16,7 @@ Lint/ConstantDefinitionInBlock: # Offense count: 5 # Configuration parameters: IgnoredMethods, CountRepeatedAttributes. Metrics/AbcSize: - Max: 43 + Max: 47 # Offense count: 7 # Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods. @@ -32,7 +32,7 @@ Metrics/CyclomaticComplexity: # Offense count: 8 # Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods. Metrics/MethodLength: - Max: 36 + Max: 37 # Offense count: 2 # Configuration parameters: IgnoredMethods. @@ -63,7 +63,6 @@ RSpec/ContextWording: - 'spec/oauth2/access_token_spec.rb' - 'spec/oauth2/authenticator_spec.rb' - 'spec/oauth2/client_spec.rb' - - 'spec/oauth2/snaky_hash_spec.rb' # Offense count: 1 RSpec/LeakyConstantDeclaration: diff --git a/Gemfile b/Gemfile index 803ccc0e..1715b19d 100644 --- a/Gemfile +++ b/Gemfile @@ -8,13 +8,15 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}" } gem 'overcommit' +ruby_version = Gem::Version.new(RUBY_VERSION) +minimum_version = ->(version, engine = 'ruby') { ruby_version >= Gem::Version.new(version) && RUBY_ENGINE == engine } +linting = minimum_version.call('2.7') +coverage = minimum_version.call('2.7') +debug = minimum_version.call('2.5') + group :test do + gem 'pry', platforms: %i[mri jruby] platforms :mri do - ruby_version = Gem::Version.new(RUBY_VERSION) - minimum_version = ->(version) { ruby_version >= Gem::Version.new(version) && RUBY_ENGINE == 'ruby' } - linting = minimum_version.call('2.7') - coverage = minimum_version.call('2.7') - debug = minimum_version.call('2.5') if linting # Danger is incompatible with Faraday 2 (for now) # see: https://github.com/danger/danger/issues/1349 @@ -33,12 +35,15 @@ group :test do gem 'simplecov-lcov', '~> 0.8', require: false end if debug - # No need to run byebug / pry on earlier versions + # Add `byebug` to your code where you want to drop to REPL gem 'byebug' - gem 'pry' gem 'pry-byebug' end end + platforms :jruby do + # Add `binding.pry` to your code where you want to drop to REPL + gem 'pry-debugger-jruby' + end end ### deps for documentation and rdoc.info diff --git a/lib/oauth2.rb b/lib/oauth2.rb index 3363cd6f..d38069f9 100644 --- a/lib/oauth2.rb +++ b/lib/oauth2.rb @@ -4,6 +4,9 @@ require 'cgi' require 'time' +# third party gems +require 'rash' + # includes gem files require 'oauth2/version' require 'oauth2/error' diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index d166ada2..38bf4774 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -87,6 +87,9 @@ def token_url(https://github.com/params%20=%20nil) end # Makes a request relative to the specified site root. + # Updated HTTP 1.1 specification (IETF RFC 7231) relaxed the original constraint (IETF RFC 2616), + # allowing the use of relative URLs in Location headers. + # @see https://datatracker.ietf.org/doc/html/rfc7231#section-7.1.2 # # @param [Symbol] verb one of :get, :post, :put, :delete # @param [String] url URL path of request @@ -124,7 +127,8 @@ def request(verb, url, opts = {}) end location = response.headers['location'] if location - request(verb, location, opts) + full_location = response.response.env.url.merge(location) + request(verb, full_location, opts) else error = Error.new(response) raise(error, "Got #{response.status} status code, but no Location header was present") diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index e455363c..0871d322 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -81,7 +81,7 @@ def parsed end end - @parsed = OAuth2::SnakyHash.build(@parsed) if @parsed.is_a?(Hash) + @parsed = OAuth2::SnakyHash.new(@parsed) if @parsed.is_a?(Hash) @parsed end diff --git a/lib/oauth2/snaky_hash.rb b/lib/oauth2/snaky_hash.rb index dd830b46..836d9adb 100644 --- a/lib/oauth2/snaky_hash.rb +++ b/lib/oauth2/snaky_hash.rb @@ -3,40 +3,6 @@ module OAuth2 # Hash which allow assign string key in camel case # and query on both camel and snake case - class SnakyHash < ::Hash - # Build from another hash or SnakyHash - # - # @param [Hash, SnakyHash] hash initial values for hash - def self.build(hash) - new.merge!(hash) - end - - def [](key) - super(key) || super(camelize(key)) || super(camelize_upcase_first_letter(key)) - end - - def fetch(key, *extras) - super(key) { nil } || super(camelize(key)) { nil } || super(camelize_upcase_first_letter(key), *extras) - rescue KeyError - raise KeyError, "key not found: \"#{key}\"" - end - - def key?(key) - super(key) || super(camelize(key)) || super(camelize_upcase_first_letter(key)) - end - - private - - def camelize_upcase_first_letter(string) - string.sub(/^[a-z\d]*/, &:capitalize). - gsub(%r{(?:_|(/))([a-z\d]*)}) { "#{Regexp.last_match(1)}#{Regexp.last_match(2).capitalize}" }. - gsub('/', '::') - end - - def camelize(string) - string.sub(/^(?:(?=\b|[A-Z_])|\w)/, &:downcase). - gsub(%r{(?:_|(/))([a-z\d]*)}) { "#{Regexp.last_match(1)}#{Regexp.last_match(2).capitalize}" }. - gsub('/', '::') - end + class SnakyHash < ::Hashie::Mash::Rash end end diff --git a/oauth2.gemspec b/oauth2.gemspec index f240bc04..02cfb1cd 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -11,6 +11,7 @@ Gem::Specification.new do |spec| spec.add_dependency 'multi_json', '~> 1.3' spec.add_dependency 'multi_xml', '~> 0.5' spec.add_dependency 'rack', ['>= 1.2', '< 3'] + spec.add_dependency 'rash_alt', ['>= 0.4', '< 1'] spec.authors = ['Peter Boling', 'Michael Bleigh', 'Erik Michaels-Ober'] spec.description = 'A Ruby wrapper for the OAuth 2.0 protocol built with a similar style to the original OAuth spec.' diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index a724bbc0..71765d04 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -324,25 +324,6 @@ ] expect(output).to include(*logs) end - - context 'logger is set to log to /dev/null' do - around do |example| - original_logger = subject.options[:logger] - subject.options[:logger] = Logger.new('/dev/null') - - example.call - - subject.options[:logger] = original_logger - end - - it 'will not log anything to standard out if logger is overridden to use /dev/null' do - output = capture(:stdout) do - subject.request(:get, '/success') - end - - expect(output).to be_empty - end - end end end @@ -356,12 +337,14 @@ expect(response.body).to eq('yay') expect(response.status).to eq(200) expect(response.headers).to eq('Content-Type' => 'text/awesome') + expect(response.response.env.url.to_s).to eq('https://api.example.com/success') end it 'redirects using GET on a 303' do response = subject.request(:post, '/redirect', body: 'foo=bar') expect(response.body).to be_empty expect(response.status).to eq(200) + expect(response.response.env.url.to_s).to eq('https://api.example.com/reflect') end it 'raises an error if a redirect has no Location header' do diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb index 90568125..83c8a325 100644 --- a/spec/oauth2/response_spec.rb +++ b/spec/oauth2/response_spec.rb @@ -66,34 +66,107 @@ end describe '#parsed' do - it 'parses application/x-www-form-urlencoded body' do - headers = {'Content-Type' => 'application/x-www-form-urlencoded'} - body = 'foo=bar&answer=42' + subject(:parsed) do + headers = {'Content-Type' => content_type} response = double('response', headers: headers, body: body) - subject = described_class.new(response) - expect(subject.parsed.keys.size).to eq(2) - expect(subject.parsed['foo']).to eq('bar') - expect(subject.parsed['answer']).to eq('42') + instance = described_class.new(response) + instance.parsed end - it 'parses application/json body' do - headers = {'Content-Type' => 'application/json'} - body = MultiJson.encode(foo: 'bar', answer: 42) - response = double('response', headers: headers, body: body) - subject = described_class.new(response) - expect(subject.parsed.keys.size).to eq(2) - expect(subject.parsed['foo']).to eq('bar') - expect(subject.parsed['answer']).to eq(42) + shared_examples_for 'parsing JSON-like' do + it 'has num keys' do + expect(parsed.keys.size).to eq(6) + end + + it 'parses string' do + expect(parsed['foo']).to eq('bar') + expect(parsed.key('bar')).to eq('foo') + end + + it 'parses non-zero number' do + expect(parsed['answer']).to eq(42) + expect(parsed.key(42)).to eq('answer') + end + + it 'parses nil as NilClass' do + expect(parsed['krill']).to be_nil + expect(parsed.key(nil)).to eq('krill') + end + + it 'parses zero as number' do + expect(parsed['zero']).to eq(0) + expect(parsed.key(0)).to eq('zero') + end + + it 'parses false as FalseClass' do + expect(parsed['malign']).to eq(false) + expect(parsed.key(false)).to eq('malign') + end + + it 'parses false as TrueClass' do + expect(parsed['shine']).to eq(true) + expect(parsed.key(true)).to eq('shine') + end end - it 'parses alternative application/json extension bodies' do - headers = {'Content-Type' => 'application/hal+json'} - body = MultiJson.encode(foo: 'bar', answer: 42) - response = double('response', headers: headers, body: body) - subject = described_class.new(response) - expect(subject.parsed.keys.size).to eq(2) - expect(subject.parsed['foo']).to eq('bar') - expect(subject.parsed['answer']).to eq(42) + context 'when application/json' do + let(:content_type) { 'application/json' } + let(:body) { MultiJson.encode(foo: 'bar', answer: 42, krill: nil, zero: 0, malign: false, shine: true) } + + it_behaves_like 'parsing JSON-like' + end + + context 'when application/Json' do + let(:content_type) { 'application/Json' } + let(:body) { MultiJson.encode(foo: 'bar', answer: 42, krill: nil, zero: 0, malign: false, shine: true) } + + it_behaves_like 'parsing JSON-like' + end + + context 'when application/hal+json' do + let(:content_type) { 'application/hal+json' } + let(:body) { MultiJson.encode(foo: 'bar', answer: 42, krill: nil, zero: 0, malign: false, shine: true) } + + it_behaves_like 'parsing JSON-like' + end + + context 'when application/x-www-form-urlencoded' do + let(:content_type) { 'application/x-www-form-urlencoded' } + let(:body) { 'foo=bar&answer=42&krill=&zero=0&malign=false&shine=true' } + + it 'has num keys' do + expect(parsed.keys.size).to eq(6) + end + + it 'parses string' do + expect(parsed['foo']).to eq('bar') + expect(parsed.key('bar')).to eq('foo') + end + + it 'parses non-zero number as string' do + expect(parsed['answer']).to eq('42') + expect(parsed.key('42')).to eq('answer') + end + + it 'parses nil as empty string' do + expect(parsed['krill']).to eq('') + expect(parsed.key('')).to eq('krill') + end + + it 'parses zero as string' do + expect(parsed['zero']).to eq('0') + expect(parsed.key('0')).to eq('zero') + end + + it 'parses false as string' do + expect(parsed['malign']).to eq('false') + expect(parsed.key('false')).to eq('malign') + end + + it 'parses true as string' do + expect(parsed['shine']).to eq('true') + expect(parsed.key('true')).to eq('shine') + end end it 'parses application/vnd.collection+json body' do @@ -112,16 +185,6 @@ expect(subject.parsed.keys.size).to eq(1) end - it 'parses application/Json body' do - headers = {'Content-Type' => 'application/Json'} - body = MultiJson.encode(foo: 'bar', answer: 42) - response = double('response', headers: headers, body: body) - subject = described_class.new(response) - expect(subject.parsed.keys.size).to eq(2) - expect(subject.parsed['foo']).to eq('bar') - expect(subject.parsed['answer']).to eq(42) - end - it 'parses application/problem+json body' do headers = {'Content-Type' => 'application/problem+json'} body = MultiJson.encode(type: 'https://tools.ietf.org/html/rfc7231#section-6.5.4', title: 'Not Found') diff --git a/spec/oauth2/snaky_hash_spec.rb b/spec/oauth2/snaky_hash_spec.rb index de44e69b..439629ff 100644 --- a/spec/oauth2/snaky_hash_spec.rb +++ b/spec/oauth2/snaky_hash_spec.rb @@ -4,8 +4,8 @@ subject { described_class.new } describe '.build' do - context 'build from hash' do - subject { described_class.build({'AccessToken' => '1'}) } + context 'when build from hash' do + subject { described_class.new({'AccessToken' => '1'}) } it 'create correct snake hash' do expect(subject).to be_a(described_class) @@ -14,12 +14,12 @@ end end - context 'build from snake_hash' do + context 'when build from snake_hash' do subject do h = described_class.new h['AccessToken'] = '1' - described_class.build(h) + described_class.new(h) end it 'create correct snake hash' do @@ -38,14 +38,14 @@ expect(subject['access_token']).to eq('1') end - it 'returns assigned value with snake key only' do + it 'returns assigned value with snake key' do subject['access_token'] = '1' - expect(subject['AccessToken']).to eq(nil) + expect(subject['AccessToken']).to eq('1') expect(subject['access_token']).to eq('1') end - it 'overwrite snake key' do + it 'overwrite by alternate key' do subject['AccessToken'] = '1' expect(subject['AccessToken']).to eq('1') @@ -53,40 +53,41 @@ subject['access_token'] = '2' - expect(subject['AccessToken']).to eq('1') + expect(subject['AccessToken']).to eq('2') expect(subject['access_token']).to eq('2') end end describe '#fetch' do - context 'Camel case key' do - subject { described_class.build('AccessToken' => '1') } + context 'when Camel case key' do + subject { described_class.new('AccessToken' => '1') } it 'return correct token' do expect(subject.fetch('https://github.com/access_token')).to eq('1') end end - context 'Camel case key with down-cased first letter' do - subject { described_class.build('accessToken' => '1') } + context 'when Camel case key with down-cased first letter' do + subject { described_class.new('accessToken' => '1') } it 'return correct token' do expect(subject.fetch('https://github.com/access_token')).to eq('1') end end - context 'snake case key' do - subject { described_class.build('access_token' => '1') } + context 'when snake case key' do + subject { described_class.new('access_token' => '1') } it 'return correct token' do expect(subject.fetch('https://github.com/access_token')).to eq('1') end end - context 'missing any key' do + context 'when missing any key' do subject { described_class.new } it 'raise KeyError with key' do + pending_for(engine: 'jruby', versions: '3.1.0', reason: 'https://github.com/jruby/jruby/issues/7112') expect do subject.fetch('https://github.com/access_token') end.to raise_error(KeyError, /access_token/) @@ -99,31 +100,31 @@ end describe '#key?' do - context 'Camel case key' do - subject { described_class.build('AccessToken' => '1') } + context 'when Camel case key' do + subject { described_class.new('AccessToken' => '1') } it 'return true' do expect(subject.key?('access_token')).to eq(true) end end - context 'Camel case key with down-cased first letter' do - subject { described_class.build('accessToken' => '1') } + context 'when Camel case key with down-cased first letter' do + subject { described_class.new('accessToken' => '1') } it 'return true' do expect(subject.key?('access_token')).to eq(true) end end - context 'snake case key' do - subject { described_class.build('access_token' => '1') } + context 'when snake case key' do + subject { described_class.new('access_token' => '1') } it 'return true' do expect(subject.key?('access_token')).to eq(true) end end - context 'missing any key' do + context 'when missing any key' do subject { described_class.new } it 'return false' do diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index 67212736..fe653633 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -244,7 +244,7 @@ end context 'with custom response_opts' do - let(:response_opts) { {custom_token_option: 'mackerel'} } + let(:response_opts) { {'custom_token_option' => 'mackerel'} } it 'passes them into the token params' do expect(access_token.params).to eq(response_opts) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 0b75fcf2..01ff44cf 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -14,11 +14,18 @@ RUN_COVERAGE = ENV['CI_CODECOV'] || ENV['CI'].nil? ruby_version = Gem::Version.new(RUBY_VERSION) -minimum_version = ->(version) { ruby_version >= Gem::Version.new(version) && RUBY_ENGINE == 'ruby' } +minimum_version = ->(version, engine = 'ruby') { ruby_version >= Gem::Version.new(version) && RUBY_ENGINE == engine } coverage = minimum_version.call('2.7') && RUN_COVERAGE debug = minimum_version.call('2.5') && DEBUG -require 'byebug' if DEBUG && debug +if DEBUG + if debug + require 'byebug' + elsif minimum_version.call('2.7', 'jruby') + require 'pry-debugger-jruby' + end +end + require 'simplecov' if coverage # This gem From 9000e6fa70c9d0201e967529d7c1ebb74ef6f297 Mon Sep 17 00:00:00 2001 From: "depfu[bot]" <23717796+depfu[bot]@users.noreply.github.com> Date: Mon, 21 Feb 2022 17:07:35 -0700 Subject: [PATCH 099/645] =?UTF-8?q?=F0=9F=94=80=20=E2=AC=86=EF=B8=8F=20Upd?= =?UTF-8?q?ate=20Ruby=20to=20version=203.1.1=20(#574)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: depfu[bot] <23717796+depfu[bot]@users.noreply.github.com> --- .ruby-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ruby-version b/.ruby-version index fd2a0186..94ff29cc 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.1.0 +3.1.1 From 544b739b14c10b44b7b638e89490301591673a0d Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 29 Mar 2022 16:00:04 +0700 Subject: [PATCH 100/645] =?UTF-8?q?=F0=9F=94=80=20=F0=9F=92=A5=20Document?= =?UTF-8?q?=20Breaking=20(and=20other)=20Changes=20(#581)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 💥 Document Breaking (and other) Changes Signed-off-by: Peter Boling * 👷 Require rubocop passing on commit Signed-off-by: Peter Boling * 👷 Require rubocop passing on commit Signed-off-by: Peter Boling * 📝 Update installation instructions - Document Tidelift Signed-off-by: Peter Boling * 🚨 Actions DSL `if` requires a string Signed-off-by: Peter Boling * 👷 Remove JRuby-head from build Signed-off-by: Peter Boling --- .github/workflows/heads.yml | 1 - .github/workflows/jruby-head.yml | 71 +++++++++++++++++ .github/workflows/macos-ancient.yml | 2 +- .overcommit.yml | 33 ++++++++ CHANGELOG.md | 104 +++++++++++++++++++++---- README.md | 23 +++--- Rakefile | 3 + lib/oauth2/access_token.rb | 2 +- lib/oauth2/client.rb | 2 +- spec/oauth2/client_spec.rb | 2 +- spec/oauth2/response_spec.rb | 4 +- spec/oauth2/snaky_hash_spec.rb | 8 +- spec/oauth2/strategy/assertion_spec.rb | 2 +- spec/oauth2/version_spec.rb | 2 +- 14 files changed, 219 insertions(+), 40 deletions(-) create mode 100644 .github/workflows/jruby-head.yml create mode 100644 .overcommit.yml diff --git a/.github/workflows/heads.yml b/.github/workflows/heads.yml index 6dece37c..5467fbb9 100644 --- a/.github/workflows/heads.yml +++ b/.github/workflows/heads.yml @@ -43,7 +43,6 @@ jobs: ruby: - truffleruby+graalvm-head - truffleruby-head - - jruby-head - ruby-head include: # Includes a new variable experimental with a value of false diff --git a/.github/workflows/jruby-head.yml b/.github/workflows/jruby-head.yml new file mode 100644 index 00000000..c2072bb4 --- /dev/null +++ b/.github/workflows/jruby-head.yml @@ -0,0 +1,71 @@ +name: JRuby Head + +on: + push: + branches: + - 'main' + - 'master' + - '*-maintenance' + - '*-dev' + - '*-stable' + tags: + - '!*' # Do not execute on tags + pull_request: + branches: + - '*' + # Allow manually triggering the workflow. + workflow_dispatch: + +# Cancels all previous workflow runs for the same branch that have not yet completed. +concurrency: + # The concurrency group contains the workflow name and the branch name. + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + test: + name: Specs - Ruby ${{ matrix.ruby }} ${{matrix.gemfile}} ${{ matrix.name_extra || '' }} + env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile + if: "false" + # if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + strategy: + fail-fast: false + matrix: + experimental: [true] + gemfile: + - f0 + - f1 + - f2 + rubygems: + - latest + bundler: + - latest + ruby: + - jruby-head + include: + # Includes a new variable experimental with a value of false + # for the matrix legs matching rubygems: latest, which is all of them. + # This is here for parity with the unsupported.yml + # This is a hack. Combined with continue-on-error it should allow us + # to have a workflow with allowed failure. + # This is the "supported" build matrix, so only the "head" builds are experimental here. + - rubygems: latest + experimental: true + + runs-on: ubuntu-latest + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Install cURL Headers + run: sudo apt-get install libcurl4-openssl-dev + - name: Setup Ruby & Bundle + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + rubygems: ${{ matrix.rubygems }} + bundler: ${{ matrix.bundler }} + bundler-cache: true + - name: Run tests + run: bundle exec rake test diff --git a/.github/workflows/macos-ancient.yml b/.github/workflows/macos-ancient.yml index ba2ebf62..d620b9a6 100644 --- a/.github/workflows/macos-ancient.yml +++ b/.github/workflows/macos-ancient.yml @@ -27,7 +27,7 @@ jobs: name: Specs - Ruby ${{ matrix.ruby }} ${{matrix.gemfile}} ${{ matrix.name_extra || '' }} env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile - if: false + if: "false" # if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" strategy: fail-fast: false diff --git a/.overcommit.yml b/.overcommit.yml new file mode 100644 index 00000000..cbffc772 --- /dev/null +++ b/.overcommit.yml @@ -0,0 +1,33 @@ +# Use this file to configure the Overcommit hooks you wish to use. This will +# extend the default configuration defined in: +# https://github.com/sds/overcommit/blob/master/config/default.yml +# +# At the topmost level of this YAML file is a key representing type of hook +# being run (e.g. pre-commit, commit-msg, etc.). Within each type you can +# customize each hook, such as whether to only run it on certain files (via +# `include`), whether to only display output if it fails (via `quiet`), etc. +# +# For a complete list of hooks, see: +# https://github.com/sds/overcommit/tree/master/lib/overcommit/hook +# +# For a complete list of options that you can use to customize hooks, see: +# https://github.com/sds/overcommit#configuration +# +# Uncomment the following lines to make the configuration take effect. + +PreCommit: + RuboCop: + enabled: true + on_warn: fail # Treat all warnings as failures + + TrailingWhitespace: + enabled: true + exclude: + - '**/db/structure.sql' # Ignore trailing whitespace in generated files + +#PostCheckout: +# ALL: # Special hook name that customizes all hooks of this type +# quiet: true # Change all post-checkout hooks to only display output on failure +# +# IndexTags: +# enabled: true # Generate a tags file with `ctags` each time HEAD changes diff --git a/CHANGELOG.md b/CHANGELOG.md index 6d888c0e..46785147 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,21 +1,94 @@ -# Change Log +# Changelog All notable changes to this project will be documented in this file. -## [unreleased] +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -- [#542](https://github.com/oauth-xx/oauth2/pull/542) - Linting, spelling, type fixes. New VERSION constant. Bump to 2.0.0-alpha (@pboling) +## [Unreleased] + +- Officially support Ruby versions >= 2.7 +- Unofficially support Ruby versions >= 2.5 +- Incidentally support Ruby versions >= 2.2 +- Drop support for MAC Draft versions < 0.3 +- Add support for MAC Draft version 0.5 +- Support IETF rfc7523 JWT Bearer Tokens +- Support IETF rfc7231 Relative Location in Redirect +- Support IETF rfc6749 Don't set oauth params when nil +- Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) +- Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json` +- Adds new option to `OAuth2::Client#get_token`: + - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` +- Adds new option to `OAuth2::AccessToken#initialize`: + - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency + +... A lot more. + +### Added + +- [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Optionally pass raw response to parsers (@niels) +- [#220](https://github.com/oauth-xx/oauth2/pull/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore) +- [#298](https://github.com/oauth-xx/oauth2/pull/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig) +- [#305](https://github.com/oauth-xx/oauth2/pull/305) - Option: `OAuth2::Client#get_token` - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` (@styd) +- [#332](https://github.com/oauth-xx/oauth2/pull/332), [#334](https://github.com/oauth-xx/oauth2/pull/334), [#335](https://github.com/oauth-xx/oauth2/pull/335), [#360](https://github.com/oauth-xx/oauth2/pull/360), [#426](https://github.com/oauth-xx/oauth2/pull/426), [#427](https://github.com/oauth-xx/oauth2/pull/427), [#461](https://github.com/oauth-xx/oauth2/pull/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm) +- [#346](https://github.com/oauth-xx/oauth2/pull/571) - Modern gem structure (@pboling) +- [#351](https://github.com/oauth-xx/oauth2/pull/351) - Support Jruby 9k (@pboling) +- [#362](https://github.com/oauth-xx/oauth2/pull/362) - Support SemVer release version scheme (@pboling) +- [#363](https://github.com/oauth-xx/oauth2/pull/363) - New method `OAuth2::AccessToken#refresh!` same as old `refresh`, with backwards compatibility alias (@pboling) +- [#364](https://github.com/oauth-xx/oauth2/pull/364) - Support `application/hal+json` format (@pboling) +- [#365](https://github.com/oauth-xx/oauth2/pull/365) - Support `application/vnd.collection+json` format (@pboling) +- [#376](https://github.com/oauth-xx/oauth2/pull/376) - _Documentation_: Example / Test for Google 2-legged JWT (@jhmoore) +- [#381](https://github.com/oauth-xx/oauth2/pull/381) - Spec for extra header params on client credentials (@nikz) +- [#394](https://github.com/oauth-xx/oauth2/pull/394) - Option: `OAuth2::AccessToken#initialize` - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx) +- [#412](https://github.com/oauth-xx/oauth2/pull/412) - Support `application/vdn.api+json` format (from jsonapi.org) (@david-christensen) +- [#413](https://github.com/oauth-xx/oauth2/pull/413) - _Documentation_: License scan and report (@meganemura) +- [#442](https://github.com/oauth-xx/oauth2/pull/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound) +- [#494](https://github.com/oauth-xx/oauth2/pull/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork) +- [#509](https://github.com/oauth-xx/oauth2/pull/509) - Support IETF MAC Draft 05 (@anvox) +- [#549](https://github.com/oauth-xx/oauth2/pull/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionFailed` (@nikkypx) +- [#550](https://github.com/oauth-xx/oauth2/pull/550) - Raise error if location header not present when redirecting (@stanhu) +- [#552](https://github.com/oauth-xx/oauth2/pull/552) - Add missing `version.rb` require (@ahorek) +- [#553](https://github.com/oauth-xx/oauth2/pull/553) - Support `application/problem+json` format (@janz93) +- [#560](https:/˚/github.com/oauth-xx/oauth2/pull/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk) +- [#571](https://github.com/oauth-xx/oauth2/pull/571) - Support Ruby 3.1 (@pboling) +- [#575](https://github.com/oauth-xx/oauth2/pull/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling) + +### Changed + +- [#191](https://github.com/oauth-xx/oauth2/pull/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens) +- [#312](https://github.com/oauth-xx/oauth2/pull/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777) +- [#317](https://github.com/oauth-xx/oauth2/pull/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth) +- [#338](https://github.com/oauth-xx/oauth2/pull/338) - _Dependency_: Switch from `Rack::Utils.escape` to `CGI.escape` (@josephpage) +- [#339](https://github.com/oauth-xx/oauth2/pull/339), [#368](https://github.com/oauth-xx/oauth2/pull/368), [#424](https://github.com/oauth-xx/oauth2/pull/424), [#479](https://github.com/oauth-xx/oauth2/pull/479), [#493](https://github.com/oauth-xx/oauth2/pull/493), [#539](https://github.com/oauth-xx/oauth2/pull/539), [#542](https://github.com/oauth-xx/oauth2/pull/542), [#553](https://github.com/oauth-xx/oauth2/pull/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek) +- [#410](https://github.com/oauth-xx/oauth2/pull/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore) +- [#414](https://github.com/oauth-xx/oauth2/pull/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura) +- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING** default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost) +- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING** default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost) +- [#576](https://github.com/oauth-xx/oauth2/pull/576) - **BREAKING**: Stop rescuing parsing errors (@pboling) + +### Fixed + +- [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Handling of errors when using `omniauth-facebook` (@niels) +- [#294](https://github.com/oauth-xx/oauth2/pull/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom) +- [#300](https://github.com/oauth-xx/oauth2/pull/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare) +- [#318](https://github.com/oauth-xx/oauth2/pull/318), [#326](https://github.com/oauth-xx/oauth2/pull/326), [#343](https://github.com/oauth-xx/oauth2/pull/343), [#347](https://github.com/oauth-xx/oauth2/pull/347), [#397](https://github.com/oauth-xx/oauth2/pull/397), [#464](https://github.com/oauth-xx/oauth2/pull/464), [#561](https://github.com/oauth-xx/oauth2/pull/561), [#565](https://github.com/oauth-xx/oauth2/pull/565) - _Dependency_: Support all versions of `faraday` (see [gemfiles/README.md][gemfiles/readme] for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother) +- [#322](https://github.com/oauth-xx/oauth2/pull/322), [#331](https://github.com/oauth-xx/oauth2/pull/331), [#337](https://github.com/oauth-xx/oauth2/pull/337), [#361](https://github.com/oauth-xx/oauth2/pull/361), [#371](https://github.com/oauth-xx/oauth2/pull/371), [#377](https://github.com/oauth-xx/oauth2/pull/377), [#383](https://github.com/oauth-xx/oauth2/pull/383), [#392](https://github.com/oauth-xx/oauth2/pull/392), [#395](https://github.com/oauth-xx/oauth2/pull/395), [#400](https://github.com/oauth-xx/oauth2/pull/400), [#401](https://github.com/oauth-xx/oauth2/pull/401), [#403](https://github.com/oauth-xx/oauth2/pull/403), [#415](https://github.com/oauth-xx/oauth2/pull/415), [#567](https://github.com/oauth-xx/oauth2/pull/567) - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator) +- [#328](https://github.com/oauth-xx/oauth2/pull/328) - _Documentation_: Homepage URL is SSL (@amatsuda) +- [#339](https://github.com/oauth-xx/oauth2/pull/339), [#479](https://github.com/oauth-xx/oauth2/pull/479) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage) +- [#366](https://github.com/oauth-xx/oauth2/pull/366) - **Security**: Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling) +- [#380](https://github.com/oauth-xx/oauth2/pull/380) - Fix: Stop attempting to encode non-encodable objects in `Oauth2::Error` (@jhmoore) +- [#399](https://github.com/oauth-xx/oauth2/pull/399) - Fix: stop duplicating `redirect_uri` in `get_token` (@markus) +- [#410](https://github.com/oauth-xx/oauth2/pull/410) - Fix: `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore) +- [#460](https://github.com/oauth-xx/oauth2/pull/460) - Fix: stop throwing errors when `raise_errors` is set to `false`; analog of [#524](https://github.com/oauth-xx/oauth2/pull/524) for `1-4-stable` branch (@joaolrpaulo) +- [#472](https://github.com/oauth-xx/oauth2/pull/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler) +- [#482](https://github.com/oauth-xx/oauth2/pull/482) - _Documentation_: Update last of `intridea` links to `oauth-xx` (@pboling) +- [#536](https://github.com/oauth-xx/oauth2/pull/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://github.com/oauth-xx/oauth2/pull/535) on `1-4-stable` branch (@pboling) + +### Removed + +- [#341](https://github.com/oauth-xx/oauth2/pull/341) - Remove Rdoc & Jeweler related files (@josephpage) +- [#342](https://github.com/oauth-xx/oauth2/pull/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage) - [#539](https://github.com/oauth-xx/oauth2/pull/539) - Remove reliance on globally included OAuth2 in tests, analog of [#538](https://github.com/oauth-xx/oauth2/pull/538) for 1-4-stable (@anderscarling) -- [#536](https://github.com/oauth-xx/oauth2/pull/536) - Compatibility with Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://github.com/oauth-xx/oauth2/pull/535) on 1-4-stable line (@pboling) -- [#410](https://github.com/oauth-xx/oauth2/pull/410) - Fix `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore) -- Update testing infrastructure for all supported Rubies (@pboling and @josephpage) -- **Breaking**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. See [#285](https://github.com/oauth-xx/oauth2/issues/285) (@tetsuya, @wy193777) -- Token is expired if `expired_at` time is now (@davestevens) -- Set the response object on the access token on Client#get_token (@cpetschnig) -- Fix "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom) -- Oauth2::Error : Error codes are strings instead of symbols (@NobodysNightmare) -- _Dependency_: Upgrade jwt to 2.x.x (@travisofthenorth) -- Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling) -- **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params (@dfockler) +- [#566](https://github.com/oauth-xx/oauth2/pull/566) - _Dependency_: Removed `wwtd` (@bquorning) ## [1.4.9] - 2022-02-20 @@ -208,4 +281,5 @@ All notable changes to this project will be documented in this file. [1.4.7]: https://github.com/oauth-xx/oauth2/compare/v1.4.6...v1.4.7 [1.4.8]: https://github.com/oauth-xx/oauth2/compare/v1.4.7...v1.4.8 [1.4.9]: https://github.com/oauth-xx/oauth2/compare/v1.4.8...v1.4.9 -[unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.1...HEAD +[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...HEAD +[gemfiles/readme]: gemfiles/README.md diff --git a/README.md b/README.md index efbca1ad..c905aa31 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,7 @@ badge #s: 📗 --> -| | Project | oauth2 | +| | Project | bundle add oauth2 | |:----|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] | | 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-o-img]][🖐prs-o] [![Closed PRs][🧮prs-c-img]][🧮prs-c] [![Next Version][📗next-img]][📗next] | @@ -219,20 +219,19 @@ The link tokens in the following sections should be kept ordered by the row and ## Installation -```shell -gem install oauth2 -``` +Install the gem and add to the application's Gemfile by executing: -Or inside a `Gemfile` + $ bundle add oauth2 -```ruby -gem 'oauth2' -``` -And then execute in a shell: -```shell -bundle -``` +If bundler is not being used to manage dependencies, install the gem by executing: + + $ gem install oauth2 + +## OAuth2 for Enterprise + +Available as part of the Tidelift Subscription. +The maintainers of OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise) ## Compatibility diff --git a/Rakefile b/Rakefile index 968dd9ac..eb413795 100644 --- a/Rakefile +++ b/Rakefile @@ -9,10 +9,12 @@ begin require 'rspec/core/rake_task' RSpec::Core::RakeTask.new(:spec) rescue LoadError + desc 'spec task stub' task :spec do warn 'rspec is disabled' end end +desc 'alias test task to spec' task test: :spec begin @@ -21,6 +23,7 @@ begin task.options = ['-D'] # Display the name of the failing cops end rescue LoadError + desc 'rubocop task stub' task :rubocop do warn 'RuboCop is disabled' end diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index a17dbc0d..42514eaf 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -34,7 +34,7 @@ def from_kvform(client, kvform) # @option opts [String] :refresh_token (nil) the refresh_token value # @option opts [FixNum, String] :expires_in (nil) the number of seconds in which the AccessToken will expire # @option opts [FixNum, String] :expires_at (nil) the epoch time in seconds in which AccessToken will expire - # @option opts [FixNum, String] :expires_latency (nil) the number of seconds by which AccessToken validity will be reduced to offset latency + # @option opts [FixNum, String] :expires_latency (nil) the number of seconds by which AccessToken validity will be reduced to offset latency, @version 2.0+ # @option opts [Symbol] :mode (:header) the transmission mode of the Access Token parameter value # one of :header, :body or :query # @option opts [String] :header_format ('Bearer %s') the string format to use for the Authorization header diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 38bf4774..f60c3759 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -151,7 +151,7 @@ def request(verb, url, opts = {}) # # @param params [Hash] a Hash of params for the token endpoint # @param access_token_opts [Hash] access token options, to pass to the AccessToken object - # @param access_token_class [Class] class of access token for easier subclassing OAuth2::AccessToken + # @param access_token_class [Class] class of access token for easier subclassing OAuth2::AccessToken, @version 2.0+ # @return [AccessToken] the initialized AccessToken def get_token(params, access_token_opts = {}, access_token_class = AccessToken) # rubocop:disable Metrics/PerceivedComplexity params = params.map do |key, value| diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 71765d04..e368d5e8 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -467,7 +467,7 @@ end end - expect(client.get_token({})).to eq(nil) + expect(client.get_token({})).to be_nil end end diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb index 83c8a325..0a08dcbf 100644 --- a/spec/oauth2/response_spec.rb +++ b/spec/oauth2/response_spec.rb @@ -99,12 +99,12 @@ end it 'parses false as FalseClass' do - expect(parsed['malign']).to eq(false) + expect(parsed['malign']).to be(false) expect(parsed.key(false)).to eq('malign') end it 'parses false as TrueClass' do - expect(parsed['shine']).to eq(true) + expect(parsed['shine']).to be(true) expect(parsed.key(true)).to eq('shine') end end diff --git a/spec/oauth2/snaky_hash_spec.rb b/spec/oauth2/snaky_hash_spec.rb index 439629ff..1895e284 100644 --- a/spec/oauth2/snaky_hash_spec.rb +++ b/spec/oauth2/snaky_hash_spec.rb @@ -104,7 +104,7 @@ subject { described_class.new('AccessToken' => '1') } it 'return true' do - expect(subject.key?('access_token')).to eq(true) + expect(subject.key?('access_token')).to be(true) end end @@ -112,7 +112,7 @@ subject { described_class.new('accessToken' => '1') } it 'return true' do - expect(subject.key?('access_token')).to eq(true) + expect(subject.key?('access_token')).to be(true) end end @@ -120,7 +120,7 @@ subject { described_class.new('access_token' => '1') } it 'return true' do - expect(subject.key?('access_token')).to eq(true) + expect(subject.key?('access_token')).to be(true) end end @@ -128,7 +128,7 @@ subject { described_class.new } it 'return false' do - expect(subject.key?('access_token')).to eq(false) + expect(subject.key?('access_token')).to be(false) end end end diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index fe653633..c306f154 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -240,7 +240,7 @@ end it 'sets AccessToken#refresh_token to nil' do - expect(access_token.refresh_token).to eq(nil) + expect(access_token.refresh_token).to be_nil end context 'with custom response_opts' do diff --git a/spec/oauth2/version_spec.rb b/spec/oauth2/version_spec.rb index 454a5f7c..cccab2c0 100644 --- a/spec/oauth2/version_spec.rb +++ b/spec/oauth2/version_spec.rb @@ -2,7 +2,7 @@ RSpec.describe OAuth2::Version do it 'has a version number' do - expect(described_class).not_to be nil + expect(described_class).not_to be_nil end it 'can be a string' do From d043a6454a05f2e1543d9630ab45bec9ff75c228 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 29 Mar 2022 16:06:54 +0700 Subject: [PATCH 101/645] =?UTF-8?q?=F0=9F=9A=A8=20Adhere=20to=20KeepAChang?= =?UTF-8?q?elog=20v1=20format?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- CHANGELOG.md | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 46785147..ad85d1f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,10 @@ # Changelog All notable changes to this project will be documented in this file. -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), -and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +The format (since v2.0.0) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html). ## [Unreleased] - - Officially support Ruby versions >= 2.7 - Unofficially support Ruby versions >= 2.5 - Incidentally support Ruby versions >= 2.2 @@ -20,11 +19,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` - Adds new option to `OAuth2::AccessToken#initialize`: - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency - -... A lot more. +- ... A lot more. ### Added - - [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Optionally pass raw response to parsers (@niels) - [#220](https://github.com/oauth-xx/oauth2/pull/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore) - [#298](https://github.com/oauth-xx/oauth2/pull/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig) @@ -53,7 +50,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - [#575](https://github.com/oauth-xx/oauth2/pull/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling) ### Changed - - [#191](https://github.com/oauth-xx/oauth2/pull/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens) - [#312](https://github.com/oauth-xx/oauth2/pull/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777) - [#317](https://github.com/oauth-xx/oauth2/pull/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth) @@ -66,7 +62,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - [#576](https://github.com/oauth-xx/oauth2/pull/576) - **BREAKING**: Stop rescuing parsing errors (@pboling) ### Fixed - - [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Handling of errors when using `omniauth-facebook` (@niels) - [#294](https://github.com/oauth-xx/oauth2/pull/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom) - [#300](https://github.com/oauth-xx/oauth2/pull/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare) @@ -84,7 +79,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - [#536](https://github.com/oauth-xx/oauth2/pull/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://github.com/oauth-xx/oauth2/pull/535) on `1-4-stable` branch (@pboling) ### Removed - - [#341](https://github.com/oauth-xx/oauth2/pull/341) - Remove Rdoc & Jeweler related files (@josephpage) - [#342](https://github.com/oauth-xx/oauth2/pull/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage) - [#539](https://github.com/oauth-xx/oauth2/pull/539) - Remove reliance on globally included OAuth2 in tests, analog of [#538](https://github.com/oauth-xx/oauth2/pull/538) for 1-4-stable (@anderscarling) From 966594766584a205bb31aebc27099fba3dcefa64 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 29 Mar 2022 16:09:30 +0700 Subject: [PATCH 102/645] =?UTF-8?q?=F0=9F=9A=A8=20Adhere=20to=20KeepAChang?= =?UTF-8?q?elog=20v1=20format?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- CHANGELOG.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ad85d1f0..c9a699b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -239,7 +239,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [0.0.4] + [0.0.3] + [0.0.2] + [0.0.1] - 2010-04-22 - +[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...HEAD [0.0.1]: https://github.com/oauth-xx/oauth2/compare/311d9f4...v0.0.1 [0.0.2]: https://github.com/oauth-xx/oauth2/compare/v0.0.1...v0.0.2 [0.0.3]: https://github.com/oauth-xx/oauth2/compare/v0.0.2...v0.0.3 @@ -275,5 +275,4 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [1.4.7]: https://github.com/oauth-xx/oauth2/compare/v1.4.6...v1.4.7 [1.4.8]: https://github.com/oauth-xx/oauth2/compare/v1.4.7...v1.4.8 [1.4.9]: https://github.com/oauth-xx/oauth2/compare/v1.4.8...v1.4.9 -[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...HEAD [gemfiles/readme]: gemfiles/README.md From 392288ed00bb1fc7f8b63dbd8fb9fe3875c93f2f Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 29 Mar 2022 19:12:56 +0700 Subject: [PATCH 103/645] =?UTF-8?q?=F0=9F=94=80=20=F0=9F=9A=91=EF=B8=8F=20?= =?UTF-8?q?Stop=20rescuing=20parsing=20errors=20[fixes=20#167]=20(#576)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- lib/oauth2/response.rb | 4 ++-- spec/oauth2/client_spec.rb | 10 +++++++--- spec/oauth2/strategy/assertion_spec.rb | 2 +- spec/spec_helper.rb | 1 + 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index 0871d322..610cf865 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -125,9 +125,9 @@ def parser end OAuth2::Response.register_parser(:xml, ['text/xml', 'application/rss+xml', 'application/rdf+xml', 'application/atom+xml', 'application/xml']) do |body| - MultiXml.parse(body) rescue body # rubocop:disable Style/RescueModifier + MultiXml.parse(body) end OAuth2::Response.register_parser(:json, ['application/json', 'text/javascript', 'application/hal+json', 'application/vnd.collection+json', 'application/vnd.api+json', 'application/problem+json']) do |body| - MultiJson.decode(body) rescue body # rubocop:disable Style/RescueModifier + MultiJson.decode(body) end diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index e368d5e8..c2adcf35 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -460,14 +460,18 @@ context 'when the :raise_errors flag is set to false' do context 'when the request body is nil' do - it 'returns a nil :access_token' do - client = stubbed_client(raise_errors: false) do |stub| + subject(:get_token) { client.get_token({}) } + + let(:client) do + stubbed_client(raise_errors: false) do |stub| stub.post('/oauth/token') do [500, {'Content-Type' => 'application/json'}, nil] end end + end - expect(client.get_token({})).to be_nil + it 'raises error MultiJson::ParseError' do + block_is_expected { get_token }.to raise_error(MultiJson::ParseError) end end diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index c306f154..a173bdcf 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -71,7 +71,7 @@ expect(header['alg']).to eq(algorithm) end - it 'encodes the JWT as HS256' do + it 'has claims' do expect(payload).not_to be_nil expect(payload.keys).to match_array(%w[iss scope aud exp iat sub custom_claim]) payload.each do |key, claim| diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 01ff44cf..2ec291cc 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -6,6 +6,7 @@ require 'silent_stream' require 'addressable/uri' require 'rspec/pending_for' +require 'rspec/block_is_expected' # Extensions require 'ext/backports' From 3f9b148adeb2754c7c1becc97da67a86cab1e5c7 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 29 Mar 2022 19:51:51 +0700 Subject: [PATCH 104/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20relative=20UR?= =?UTF-8?q?Ls=20[closes=20#190]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c905aa31..d372b535 100644 --- a/README.md +++ b/README.md @@ -278,12 +278,14 @@ See [SECURITY.md][🚎sec-pol] ## Usage Examples +### `authorize_url` and `token_url` are on site root (Just Works!) + ```ruby require 'oauth2' client = OAuth2::Client.new('client_id', 'client_secret', site: 'https://example.org/') - +# => # "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code" token = client.auth_code.get_token('authorization_code_value', redirect_uri: 'http://localhost:8080/oauth2/callback', headers: {'Authorization' => 'Basic some_password'}) response = token.get('/api/resource', params: {'query_foo' => 'bar'}) @@ -291,6 +293,33 @@ response.class.name # => OAuth2::Response ``` +### Relative `authorize_url` and `token_url` (Not on site root, Just Works!) + +In above example, the default Authorization URL is `oauth/authorize` and default Access Token URL is `oauth/token`, and, as they are missing a leading `/`, both are relative. + +```ruby +client = OAuth2::Client.new('client_id', 'client_secret', site: 'https://example.org/nested/directory/on/your/server') +# => # # OAuth2::Client +``` +
Debugging From 5ce450e671a4e6d86f28a3bea30379403eccb69d Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 29 Mar 2022 19:56:59 +0700 Subject: [PATCH 105/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20what=20is=20n?= =?UTF-8?q?ew=20for=20v2!?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- CHANGELOG.md | 17 +---------------- README.md | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c9a699b0..e83c8cd2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,28 +5,13 @@ The format (since v2.0.0) is based on [Keep a Changelog v1](https://keepachangel and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html). ## [Unreleased] -- Officially support Ruby versions >= 2.7 -- Unofficially support Ruby versions >= 2.5 -- Incidentally support Ruby versions >= 2.2 -- Drop support for MAC Draft versions < 0.3 -- Add support for MAC Draft version 0.5 -- Support IETF rfc7523 JWT Bearer Tokens -- Support IETF rfc7231 Relative Location in Redirect -- Support IETF rfc6749 Don't set oauth params when nil -- Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) -- Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json` -- Adds new option to `OAuth2::Client#get_token`: - - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` -- Adds new option to `OAuth2::AccessToken#initialize`: - - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency -- ... A lot more. ### Added - [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Optionally pass raw response to parsers (@niels) +- [#190](https://github.com/oauth-xx/oauth2/pull/190), [#332](https://github.com/oauth-xx/oauth2/pull/332), [#334](https://github.com/oauth-xx/oauth2/pull/334), [#335](https://github.com/oauth-xx/oauth2/pull/335), [#360](https://github.com/oauth-xx/oauth2/pull/360), [#426](https://github.com/oauth-xx/oauth2/pull/426), [#427](https://github.com/oauth-xx/oauth2/pull/427), [#461](https://github.com/oauth-xx/oauth2/pull/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm) - [#220](https://github.com/oauth-xx/oauth2/pull/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore) - [#298](https://github.com/oauth-xx/oauth2/pull/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig) - [#305](https://github.com/oauth-xx/oauth2/pull/305) - Option: `OAuth2::Client#get_token` - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` (@styd) -- [#332](https://github.com/oauth-xx/oauth2/pull/332), [#334](https://github.com/oauth-xx/oauth2/pull/334), [#335](https://github.com/oauth-xx/oauth2/pull/335), [#360](https://github.com/oauth-xx/oauth2/pull/360), [#426](https://github.com/oauth-xx/oauth2/pull/426), [#427](https://github.com/oauth-xx/oauth2/pull/427), [#461](https://github.com/oauth-xx/oauth2/pull/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm) - [#346](https://github.com/oauth-xx/oauth2/pull/571) - Modern gem structure (@pboling) - [#351](https://github.com/oauth-xx/oauth2/pull/351) - Support Jruby 9k (@pboling) - [#362](https://github.com/oauth-xx/oauth2/pull/362) - Support SemVer release version scheme (@pboling) diff --git a/README.md b/README.md index d372b535..f6c094f7 100644 --- a/README.md +++ b/README.md @@ -233,6 +233,24 @@ Available as part of the Tidelift Subscription. The maintainers of OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise) +## What is new for v2.0 (unreleased, `master` branch)? + +- Officially support Ruby versions >= 2.7 +- Unofficially support Ruby versions >= 2.5 +- Incidentally support Ruby versions >= 2.2 +- Drop support for MAC Draft versions < 0.3 +- Add support for MAC Draft version 0.5 +- Support IETF rfc7523 JWT Bearer Tokens +- Support IETF rfc7231 Relative Location in Redirect +- Support IETF rfc6749 Don't set oauth params when nil +- Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) +- Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json` +- Adds new option to `OAuth2::Client#get_token`: + - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` +- Adds new option to `OAuth2::AccessToken#initialize`: + - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency +- [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#unreleased) + ## Compatibility Targeted ruby compatibility is non-EOL versions of Ruby, currently 2.7, 3.0 and From 8ab83ba7901632811842eed30852c5c1081b5523 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 29 Mar 2022 19:57:57 +0700 Subject: [PATCH 106/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20Typo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f6c094f7..c61e0625 100644 --- a/README.md +++ b/README.md @@ -239,7 +239,7 @@ The maintainers of OAuth2 and thousands of other packages are working with Tidel - Unofficially support Ruby versions >= 2.5 - Incidentally support Ruby versions >= 2.2 - Drop support for MAC Draft versions < 0.3 -- Add support for MAC Draft version 0.5 +- Add support for MAC Draft version 05 - Support IETF rfc7523 JWT Bearer Tokens - Support IETF rfc7231 Relative Location in Redirect - Support IETF rfc6749 Don't set oauth params when nil From ddb6d8e295f8b2812871f9ef61d03a58d90c3d37 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 29 Mar 2022 20:39:47 +0700 Subject: [PATCH 107/645] =?UTF-8?q?=F0=9F=92=9A=20Pend=20failing=20spec=20?= =?UTF-8?q?due=20to=20JRuby=20encoding=20bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ref: https://github.com/jruby/jruby/issues/4921 Signed-off-by: Peter Boling --- spec/oauth2/client_spec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index c2adcf35..778dff67 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -369,6 +369,7 @@ %w[/unauthorized /conflict /error /different_encoding /ascii_8bit_encoding].each do |error_path| it "raises OAuth2::Error on error response to path #{error_path}" do + pending_for(engine: 'jruby', reason: 'https://github.com/jruby/jruby/issues/4921') if error_path == '/different_encoding' expect { subject.request(:get, error_path) }.to raise_error(OAuth2::Error) end end From b238928f16512aca7d5d08f4db9076c1f2151207 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 29 Mar 2022 11:42:27 -0600 Subject: [PATCH 108/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20vulnerability?= =?UTF-8?q?=20reporting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- SECURITY.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 9e7d133b..c130079d 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -10,6 +10,4 @@ ## Reporting a Vulnerability -Peter Boling is the primary maintainer of this gem. Please find a way -to [contact him directly](https://railsbling.com/contact) to report the issue. Include as much relevant information as -possible. +Follow [these instructions](https://tidelift.com/security) to report any security vulnerabilities. From d99fa1d1815e5a1384a1cffaa88e119af7e71221 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 30 Mar 2022 16:57:55 +0700 Subject: [PATCH 109/645] =?UTF-8?q?=F0=9F=91=B7=20Update=20to=20checkout?= =?UTF-8?q?=20action=20v3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/coverage.yml | 6 +++--- .github/workflows/danger.yml | 2 +- .github/workflows/heads.yml | 2 +- .github/workflows/jruby-head.yml | 2 +- .github/workflows/macos-ancient.yml | 2 +- .github/workflows/macos.yml | 2 +- .github/workflows/style.yml | 2 +- .github/workflows/supported.yml | 2 +- .github/workflows/unsupported.yml | 2 +- .github/workflows/windows.yml | 2 +- 11 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5832ebea..ca362f89 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index c3c94a5c..18b46e2b 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -28,7 +28,7 @@ concurrency: jobs: test: - name: Specs with Coverage - Ruby ${{ matrix.ruby }} ${{matrix.gemfile}} ${{ matrix.name_extra || '' }} + name: Specs with Coverage - Ruby ${{ matrix.ruby }} ${{ matrix.name_extra || '' }} if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" strategy: fail-fast: false @@ -54,7 +54,7 @@ jobs: cc_test_reporter_id: ${{ secrets.CC_TEST_REPORTER_ID }} - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Ruby & Bundle uses: ruby/setup-ruby@v1 @@ -83,7 +83,7 @@ jobs: hide_complexity: true indicators: true output: both - thresholds: '95 97' + thresholds: '35 40' continue-on-error: ${{ matrix.experimental != 'false' }} - name: Add Coverage PR Comment diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml index 312d1655..c8a4409b 100644 --- a/.github/workflows/danger.yml +++ b/.github/workflows/danger.yml @@ -27,7 +27,7 @@ jobs: - "2.7" steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Install cURL Headers run: sudo apt-get install libcurl4-openssl-dev - name: Setup Ruby & Bundle diff --git a/.github/workflows/heads.yml b/.github/workflows/heads.yml index 5467fbb9..52485801 100644 --- a/.github/workflows/heads.yml +++ b/.github/workflows/heads.yml @@ -58,7 +58,7 @@ jobs: continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Install cURL Headers run: sudo apt-get install libcurl4-openssl-dev - name: Setup Ruby & Bundle diff --git a/.github/workflows/jruby-head.yml b/.github/workflows/jruby-head.yml index c2072bb4..d8ee366b 100644 --- a/.github/workflows/jruby-head.yml +++ b/.github/workflows/jruby-head.yml @@ -57,7 +57,7 @@ jobs: continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Install cURL Headers run: sudo apt-get install libcurl4-openssl-dev - name: Setup Ruby & Bundle diff --git a/.github/workflows/macos-ancient.yml b/.github/workflows/macos-ancient.yml index d620b9a6..847644cd 100644 --- a/.github/workflows/macos-ancient.yml +++ b/.github/workflows/macos-ancient.yml @@ -47,7 +47,7 @@ jobs: continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Ruby & Bundle uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 24a0e8a7..447aa830 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -49,7 +49,7 @@ jobs: continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Ruby & Bundle uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml index 5c88ad60..e3101dc1 100644 --- a/.github/workflows/style.yml +++ b/.github/workflows/style.yml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Install cURL Headers run: sudo apt-get install libcurl4-openssl-dev - name: Setup Ruby & Bundle diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml index b0e3b5a6..8843f9c3 100644 --- a/.github/workflows/supported.yml +++ b/.github/workflows/supported.yml @@ -51,7 +51,7 @@ jobs: continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Install cURL Headers run: sudo apt-get install libcurl4-openssl-dev - name: Setup Ruby & Bundle diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml index 3b4ee3fb..22d94b73 100644 --- a/.github/workflows/unsupported.yml +++ b/.github/workflows/unsupported.yml @@ -59,7 +59,7 @@ jobs: continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Install cURL Headers run: sudo apt-get install libcurl4-openssl-dev - name: Setup Ruby & Bundle diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 4f97a0da..1996289f 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -48,7 +48,7 @@ jobs: continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Ruby & Bundle uses: ruby/setup-ruby@v1 with: From 50f6d38ec251d815dc62cac9734e74ecdfac55cb Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 30 Mar 2022 17:06:49 +0700 Subject: [PATCH 110/645] =?UTF-8?q?=F0=9F=91=B7=20Updates=20to=20Code=20Co?= =?UTF-8?q?verage=20Reporting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - https://dev.to/pboling/ippccr-in-pursuit-of-perfect-code-coverage-reporting-3a2i Signed-off-by: Peter Boling --- .github/workflows/coverage.yml | 7 ++++++- .simplecov | 23 +++++++++++++++-------- Gemfile | 5 +++++ spec/spec_helper.rb | 14 +++++++++----- 4 files changed, 35 insertions(+), 14 deletions(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 18b46e2b..0eff1902 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -72,6 +72,11 @@ jobs: - name: Run tests run: bundle exec rake test + - name: CodeClimate Post-build Notification + run: cc-test-reporter after-build + if: matrix.ruby == '2.7' && github.event_name != 'pull_request' && always() + continue-on-error: ${{ matrix.experimental != 'false' }} + - name: Code Coverage Summary Report uses: irongut/CodeCoverageSummary@v1.2.0 with: @@ -83,7 +88,7 @@ jobs: hide_complexity: true indicators: true output: both - thresholds: '35 40' + thresholds: '86 88' continue-on-error: ${{ matrix.experimental != 'false' }} - name: Add Coverage PR Comment diff --git a/.simplecov b/.simplecov index 3fd985b8..0358a6e4 100644 --- a/.simplecov +++ b/.simplecov @@ -10,15 +10,20 @@ # and COVER_ALL, and CI_CODECOV, are set in the coverage.yml workflow only, # so coverage only runs in that workflow, and outputs all formats. # + if RUN_COVERAGE + require 'codecov' + require 'simplecov-lcov' + require 'simplecov-cobertura' + SimpleCov.start do enable_coverage :branch primary_coverage :branch + add_filter 'spec' + track_files '**/*.rb' - if ENV['COVER_ALL'] - require 'codecov' - require 'simplecov-lcov' - require 'simplecov-cobertura' + if ALL_FORMATTERS + command_name "#{ENV['GITHUB_WORKFLOW']} Job #{ENV['GITHUB_RUN_ID']}:#{ENV['GITHUB_RUN_NUMBER']}" SimpleCov::Formatter::LcovFormatter.config do |c| c.report_with_single_file = true @@ -26,16 +31,18 @@ if RUN_COVERAGE end SimpleCov.formatters = [ - SimpleCov::Formatter::CoberturaFormatter, SimpleCov::Formatter::HTMLFormatter, + SimpleCov::Formatter::CoberturaFormatter, SimpleCov::Formatter::LcovFormatter, - SimpleCov::Formatter::Codecov, + SimpleCov::Formatter::JSONFormatter, # For CodeClimate + SimpleCov::Formatter::Codecov, # For CodeCov ] else formatter SimpleCov::Formatter::HTMLFormatter end - add_filter 'spec' - minimum_coverage(85) + minimum_coverage(88) end +else + puts "Not running coverage on #{RUBY_ENGINE} #{RUBY_VERSION}" end diff --git a/Gemfile b/Gemfile index 1715b19d..ced5bbb6 100644 --- a/Gemfile +++ b/Gemfile @@ -6,6 +6,10 @@ gemspec git_source(:github) { |repo_name| "https://github.com/#{repo_name}" } +gem 'rake', '~> 13.0' + +gem 'rspec', '~> 3.0' + gem 'overcommit' ruby_version = Gem::Version.new(RUBY_VERSION) @@ -30,6 +34,7 @@ group :test do gem 'rubocop-thread_safety', '~> 0.4', require: false end if coverage + gem 'codecov', '~> 0.6' gem 'simplecov', '~> 0.21', require: false gem 'simplecov-cobertura' # XML for Jenkins gem 'simplecov-lcov', '~> 0.8', require: false diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 2ec291cc..f5d3a4b4 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -12,22 +12,26 @@ require 'ext/backports' DEBUG = ENV['DEBUG'] == 'true' -RUN_COVERAGE = ENV['CI_CODECOV'] || ENV['CI'].nil? ruby_version = Gem::Version.new(RUBY_VERSION) minimum_version = ->(version, engine = 'ruby') { ruby_version >= Gem::Version.new(version) && RUBY_ENGINE == engine } -coverage = minimum_version.call('2.7') && RUN_COVERAGE -debug = minimum_version.call('2.5') && DEBUG +actual_version = lambda do |major, minor| + actual = Gem::Version.new(ruby_version) + major == actual.segments[0] && minor == actual.segments[1] && RUBY_ENGINE == 'ruby' +end +debugging = minimum_version.call('2.7') && DEBUG +RUN_COVERAGE = minimum_version.call('2.6') && (ENV['COVER_ALL'] || ENV['CI_CODECOV'] || ENV['CI'].nil?) +ALL_FORMATTERS = actual_version.call(2, 7) && (ENV['COVER_ALL'] || ENV['CI_CODECOV'] || ENV['CI']) if DEBUG - if debug + if debugging require 'byebug' elsif minimum_version.call('2.7', 'jruby') require 'pry-debugger-jruby' end end -require 'simplecov' if coverage +require 'simplecov' if RUN_COVERAGE # This gem require 'oauth2' From f4f4d154071021144f04060796bdb9b34f2c66e3 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 30 Mar 2022 17:07:13 +0700 Subject: [PATCH 111/645] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20Updates=20to=20?= =?UTF-8?q?Security=20Policy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 39 ++++++++++++++++++++++++--------------- SECURITY.md | 3 ++- 2 files changed, 26 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index c61e0625..61e7657f 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@

- + OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0 - + Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5

@@ -21,15 +21,13 @@ unreleased changes for version 2.0.0. ⚠️ --- * [OAuth 2.0 Spec][oauth2-spec] -* [OAuth 1.0 sibling gem][sibling-gem] +* [oauth sibling gem][sibling-gem] for OAuth 1.0 implementations in Ruby. * Help us finish release [![2.0.0 release milestone][next-milestone-pct-img]][next-milestone-pct] by submitting or reviewing PRs and issues. -* Oauth2 gem is _always_ looking for additional maintainers. See [#307][maintainers-discussion]. [oauth2-spec]: https://oauth.net/2/ [sibling-gem]: https://github.com/oauth-xx/oauth-ruby [next-milestone-pct]: https://github.com/oauth-xx/oauth2/milestone/1 [next-milestone-pct-img]: https://img.shields.io/github/milestones/progress-percent/oauth-xx/oauth2/1 -[maintainers-discussion]: https://github.com/oauth-xx/oauth2/issues/307 ## Release Documentation @@ -82,6 +80,8 @@ unreleased changes for version 2.0.0. ⚠️ | < 1.0.0 | Find here | https://github.com/oauth-xx/oauth2/tags |
+## Status + | | Project | bundle add oauth2 | |:----|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] | | 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-o-img]][🖐prs-o] [![Closed PRs][🧮prs-c-img]][🧮prs-c] [![Next Version][📗next-img]][📗next] | -| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img]][🏘depfu] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] | +| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] | | 4️⃣ | testing | [![Open Issues][⛳iss-o-img]][⛳iss-o] [![Closed Issues][🖇iss-c-img]][🖇iss-c] [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] | -| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img]][⛳cclim-cov] [![CodeCov][🖇codecov-img]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] | +| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] | | 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | | 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] | @@ -146,11 +149,11 @@ The link tokens in the following sections should be kept ordered by the row and [⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability -[⛳cclim-maint-img]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability +[⛳cclim-maint-img♻️]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability [🖇triage-help]: https://www.codetriage.com/oauth-xx/oauth2 [🖇triage-help-img]: https://www.codetriage.com/oauth-xx/oauth2/badges/users.svg -[🏘depfu]: https://depfu.com/github/oauth-xx/oauth2?project_id=4445 -[🏘depfu-img]: https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg +[🏘depfu♻️]: https://depfu.com/github/oauth-xx/oauth2?project_id=4445 +[🏘depfu-img♻️]: https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg [🚎contributors]: https://github.com/oauth-xx/oauth2/graphs/contributors [🚎contributors-img]: https://img.shields.io/github/contributors-anon/oauth-xx/oauth2 [🖐style-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/style.yml @@ -176,8 +179,8 @@ The link tokens in the following sections should be kept ordered by the row and [⛳cclim-cov]: https://codeclimate.com/github/oauth-xx/oauth2/test_coverage -[⛳cclim-cov-img]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/test_coverage -[🖇codecov-img]: https://codecov.io/gh/oauth-xx/oauth2/branch/master/graph/badge.svg?token=bNqSzNiuo2 +[⛳cclim-cov-img♻️]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/test_coverage +[🖇codecov-img♻️]: https://codecov.io/gh/oauth-xx/oauth2/branch/master/graph/badge.svg?token=bNqSzNiuo2 [🖇codecov]: https://codecov.io/gh/oauth-xx/oauth2 [🏘coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=master [🏘coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth2/badge.svg?branch=master @@ -216,7 +219,6 @@ The link tokens in the following sections should be kept ordered by the row and [coderme]:http://coderwall.com/pboling [politicme]: https://nationalprogressiveparty.org - ## Installation Install the gem and add to the application's Gemfile by executing: @@ -231,14 +233,21 @@ If bundler is not being used to manage dependencies, install the gem by executin Available as part of the Tidelift Subscription. -The maintainers of OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise) +The maintainers of OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise) + +## Security contact information + +To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). +Tidelift will coordinate the fix and disclosure. + +For more see [SECURITY.md][🚎sec-pol]. ## What is new for v2.0 (unreleased, `master` branch)? - Officially support Ruby versions >= 2.7 - Unofficially support Ruby versions >= 2.5 - Incidentally support Ruby versions >= 2.2 -- Drop support for MAC Draft versions < 0.3 +- Drop support for MAC Draft versions < 03 - Add support for MAC Draft version 05 - Support IETF rfc7523 JWT Bearer Tokens - Support IETF rfc7231 Relative Location in Redirect diff --git a/SECURITY.md b/SECURITY.md index c130079d..bf071104 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -10,4 +10,5 @@ ## Reporting a Vulnerability -Follow [these instructions](https://tidelift.com/security) to report any security vulnerabilities. +To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). +Tidelift will coordinate the fix and disclosure. From 5e1c7f8c6e2c7a1638af314501cccadcafe68d98 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 30 Mar 2022 17:18:42 +0700 Subject: [PATCH 112/645] =?UTF-8?q?=F0=9F=8F=97=EF=B8=8F=20Updates=20to=20?= =?UTF-8?q?Overcommit=20rules?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .overcommit.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.overcommit.yml b/.overcommit.yml index cbffc772..9fbb7f23 100644 --- a/.overcommit.yml +++ b/.overcommit.yml @@ -22,12 +22,10 @@ PreCommit: TrailingWhitespace: enabled: true - exclude: - - '**/db/structure.sql' # Ignore trailing whitespace in generated files -#PostCheckout: -# ALL: # Special hook name that customizes all hooks of this type -# quiet: true # Change all post-checkout hooks to only display output on failure +PostCheckout: + ALL: # Special hook name that customizes all hooks of this type + quiet: true # Change all post-checkout hooks to only display output on failure # # IndexTags: # enabled: true # Generate a tags file with `ctags` each time HEAD changes From 5470dfe886748204feba512f5a6979d8cf4b84c1 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 30 Mar 2022 17:40:55 +0700 Subject: [PATCH 113/645] =?UTF-8?q?=F0=9F=91=B7=20We=20want=20code=20cover?= =?UTF-8?q?age=20PR=20comments?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/coverage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 0eff1902..1d127fa4 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -93,7 +93,7 @@ jobs: - name: Add Coverage PR Comment uses: marocchino/sticky-pull-request-comment@v2 - if: matrix.ruby == '2.7' && github.event_name == 'pull_request' && always() + if: matrix.ruby == '2.7' && always() with: recreate: true path: code-coverage-results.md From a1bf4e9eb0fa585a6a59c1dbcece4ea03ae6904e Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 30 Mar 2022 18:27:40 +0700 Subject: [PATCH 114/645] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20Refactor=20Code=20?= =?UTF-8?q?Coverage=20Reporting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - https://dev.to/pboling/ippccr-in-pursuit-of-perfect-code-coverage-reporting-3a2i Signed-off-by: Peter Boling --- .simplecov | 4 --- Gemfile | 60 ++++++++++++++++++++++----------------------- spec/spec_helper.rb | 10 +++++++- 3 files changed, 38 insertions(+), 36 deletions(-) diff --git a/.simplecov b/.simplecov index 0358a6e4..57ba84f5 100644 --- a/.simplecov +++ b/.simplecov @@ -12,10 +12,6 @@ # if RUN_COVERAGE - require 'codecov' - require 'simplecov-lcov' - require 'simplecov-cobertura' - SimpleCov.start do enable_coverage :branch primary_coverage :branch diff --git a/Gemfile b/Gemfile index ced5bbb6..2751367f 100644 --- a/Gemfile +++ b/Gemfile @@ -10,46 +10,44 @@ gem 'rake', '~> 13.0' gem 'rspec', '~> 3.0' -gem 'overcommit' - ruby_version = Gem::Version.new(RUBY_VERSION) minimum_version = ->(version, engine = 'ruby') { ruby_version >= Gem::Version.new(version) && RUBY_ENGINE == engine } linting = minimum_version.call('2.7') coverage = minimum_version.call('2.7') debug = minimum_version.call('2.5') -group :test do - gem 'pry', platforms: %i[mri jruby] - platforms :mri do - if linting - # Danger is incompatible with Faraday 2 (for now) - # see: https://github.com/danger/danger/issues/1349 - # gem 'danger', '~> 8.4' - gem 'rubocop', '~> 1.22', require: false - gem 'rubocop-md', '~> 1.0', require: false - gem 'rubocop-packaging', '~> 0.5', require: false - gem 'rubocop-performance', '~> 1.11', require: false - gem 'rubocop-rake', '~> 0.6', require: false - gem 'rubocop-rspec', require: false - gem 'rubocop-thread_safety', '~> 0.4', require: false - end - if coverage - gem 'codecov', '~> 0.6' - gem 'simplecov', '~> 0.21', require: false - gem 'simplecov-cobertura' # XML for Jenkins - gem 'simplecov-lcov', '~> 0.8', require: false - end - if debug - # Add `byebug` to your code where you want to drop to REPL - gem 'byebug' - gem 'pry-byebug' - end +gem 'overcommit', '~> 0.58' if linting + +gem 'pry', platforms: %i[mri jruby] +platforms :mri do + if linting + # Danger is incompatible with Faraday 2 (for now) + # see: https://github.com/danger/danger/issues/1349 + # gem 'danger', '~> 8.4' + gem 'rubocop', '~> 1.22', require: false + gem 'rubocop-md', '~> 1.0', require: false + gem 'rubocop-packaging', '~> 0.5', require: false + gem 'rubocop-performance', '~> 1.11', require: false + gem 'rubocop-rake', '~> 0.6', require: false + gem 'rubocop-rspec', require: false + gem 'rubocop-thread_safety', '~> 0.4', require: false + end + if coverage + gem 'codecov', '~> 0.6' + gem 'simplecov', '~> 0.21', require: false + gem 'simplecov-cobertura' # XML for Jenkins + gem 'simplecov-lcov', '~> 0.8', require: false end - platforms :jruby do - # Add `binding.pry` to your code where you want to drop to REPL - gem 'pry-debugger-jruby' + if debug + # Add `byebug` to your code where you want to drop to REPL + gem 'byebug' + gem 'pry-byebug' end end +platforms :jruby do + # Add `binding.pry` to your code where you want to drop to REPL + gem 'pry-debugger-jruby' +end ### deps for documentation and rdoc.info group :documentation do diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index f5d3a4b4..a98432c0 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,5 +1,8 @@ # frozen_string_literal: true +# ensure test env +ENV['RACK_ENV'] = 'test' + # Third Party Libraries require 'rspec' require 'rspec/stubbed_env' @@ -31,7 +34,12 @@ end end -require 'simplecov' if RUN_COVERAGE +if RUN_COVERAGE + require 'simplecov' + require 'codecov' + require 'simplecov-lcov' + require 'simplecov-cobertura' +end # This gem require 'oauth2' From 4777e5a14a5d593203536c68d87e1a2fc263aaae Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 30 Mar 2022 20:07:08 +0700 Subject: [PATCH 115/645] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20Refactor=20Code=20?= =?UTF-8?q?Coverage=20Reporting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - https://dev.to/pboling/ippccr-in-pursuit-of-perfect-code-coverage-reporting-3a2i Signed-off-by: Peter Boling --- .simplecov | 13 ------------- Gemfile | 3 ++- spec/spec_helper.rb | 18 +++++++++++++++++- 3 files changed, 19 insertions(+), 15 deletions(-) diff --git a/.simplecov b/.simplecov index 57ba84f5..cd305920 100644 --- a/.simplecov +++ b/.simplecov @@ -20,19 +20,6 @@ if RUN_COVERAGE if ALL_FORMATTERS command_name "#{ENV['GITHUB_WORKFLOW']} Job #{ENV['GITHUB_RUN_ID']}:#{ENV['GITHUB_RUN_NUMBER']}" - - SimpleCov::Formatter::LcovFormatter.config do |c| - c.report_with_single_file = true - c.single_report_path = 'coverage/lcov.info' - end - - SimpleCov.formatters = [ - SimpleCov::Formatter::HTMLFormatter, - SimpleCov::Formatter::CoberturaFormatter, - SimpleCov::Formatter::LcovFormatter, - SimpleCov::Formatter::JSONFormatter, # For CodeClimate - SimpleCov::Formatter::Codecov, # For CodeCov - ] else formatter SimpleCov::Formatter::HTMLFormatter end diff --git a/Gemfile b/Gemfile index 2751367f..26200b35 100644 --- a/Gemfile +++ b/Gemfile @@ -33,9 +33,10 @@ platforms :mri do gem 'rubocop-thread_safety', '~> 0.4', require: false end if coverage - gem 'codecov', '~> 0.6' + gem 'codecov', '~> 0.6' # For CodeCov gem 'simplecov', '~> 0.21', require: false gem 'simplecov-cobertura' # XML for Jenkins + gem 'simplecov-json' # For CodeClimate gem 'simplecov-lcov', '~> 0.8', require: false end if debug diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index a98432c0..64eb7012 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -35,10 +35,26 @@ end if RUN_COVERAGE - require 'simplecov' + require 'simplecov' # Config file `.simplecov` is run immediately when simplecov loads require 'codecov' + require 'simplecov-json' require 'simplecov-lcov' require 'simplecov-cobertura' + # This will override the formatter set in .simplecov + if ALL_FORMATTERS + SimpleCov::Formatter::LcovFormatter.config do |c| + c.report_with_single_file = true + c.single_report_path = 'coverage/lcov.info' + end + + SimpleCov.formatters = [ + SimpleCov::Formatter::HTMLFormatter, + SimpleCov::Formatter::CoberturaFormatter, # XML for Jenkins + SimpleCov::Formatter::LcovFormatter, + SimpleCov::Formatter::JSONFormatter, # For CodeClimate + SimpleCov::Formatter::Codecov, # For CodeCov + ] + end end # This gem From 4ec2a26ba51a86d1290abed41805787de486551f Mon Sep 17 00:00:00 2001 From: "depfu[bot]" <23717796+depfu[bot]@users.noreply.github.com> Date: Thu, 14 Apr 2022 04:25:14 -0600 Subject: [PATCH 116/645] =?UTF-8?q?=F0=9F=94=80=20=E2=AC=86=EF=B8=8F=20Upd?= =?UTF-8?q?ate=20Ruby=20to=20version=203.1.2=20(#584)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: depfu[bot] <23717796+depfu[bot]@users.noreply.github.com> --- .ruby-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ruby-version b/.ruby-version index 94ff29cc..ef538c28 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.1.1 +3.1.2 From 0a03f73acca61e39f5725ed58b54fd92fe32f284 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 3 May 2022 04:49:16 +0700 Subject: [PATCH 117/645] =?UTF-8?q?=F0=9F=94=A5=20Prefer=20.tool-versions?= =?UTF-8?q?=20over=20.ruby-version?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .ruby-version | 1 - 1 file changed, 1 deletion(-) delete mode 100644 .ruby-version diff --git a/.ruby-version b/.ruby-version deleted file mode 100644 index ef538c28..00000000 --- a/.ruby-version +++ /dev/null @@ -1 +0,0 @@ -3.1.2 From dc7e507658346b2c6bbaa78432f0bacc442c9db7 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 3 May 2022 06:34:35 +0700 Subject: [PATCH 118/645] =?UTF-8?q?=E2=9E=95=20rubocop-ruby2=5F2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .rubocop.yml | 20 +++++----- .rubocop_todo.yml | 54 ++++++-------------------- Gemfile | 13 ++++--- lib/oauth2/client.rb | 2 +- spec/oauth2/client_spec.rb | 8 ++-- spec/oauth2/snaky_hash_spec.rb | 2 +- spec/oauth2/strategy/assertion_spec.rb | 4 +- 7 files changed, 38 insertions(+), 65 deletions(-) diff --git a/.rubocop.yml b/.rubocop.yml index 5760daa2..4295599c 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -2,24 +2,26 @@ inherit_from: - .rubocop_todo.yml - .rubocop_rspec.yml +inherit_gem: + rubocop-ruby2_2: rubocop.yml + require: - 'rubocop-md' - - 'rubocop-packaging' + # Can be added once we reach rubocop-ruby2_3 + # - 'rubocop-packaging' - 'rubocop-performance' - 'rubocop-rake' - 'rubocop-rspec' AllCops: - NewCops: enable DisplayCopNames: true # Display the name of the failing cops - TargetRubyVersion: 2.5 Exclude: - 'gemfiles/vendor/**/*' - 'vendor/**/*' - '**/.irbrc' Metrics/BlockLength: - IgnoredMethods: + ExcludedMethods: - context - describe - it @@ -35,7 +37,7 @@ Gemspec/RequiredRubyVersion: Metrics/BlockNesting: Max: 2 -Layout/LineLength: +Metrics/LineLength: Enabled: false Metrics/ParameterLists: @@ -87,12 +89,12 @@ Style/Encoding: Enabled: false # Does not work with older rubies -Style/MapToHash: - Enabled: false +#Style/MapToHash: +# Enabled: false # Does not work with older rubies -Style/RedundantBegin: - Enabled: false +#Style/RedundantBegin: +# Enabled: false Style/TrailingCommaInArrayLiteral: EnforcedStyleForMultiline: comma diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 383e38e5..faae4159 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,61 +1,42 @@ # This configuration was generated by # `rubocop --auto-gen-config` -# on 2022-02-20 19:05:12 UTC using RuboCop version 1.25.1. +# on 2022-05-03 05:36:47 +0700 using RuboCop version 0.68.1. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new # versions of RuboCop, may require this file to be generated again. -# Offense count: 1 -# Configuration parameters: AllowedMethods. -# AllowedMethods: enums -Lint/ConstantDefinitionInBlock: - Exclude: - - 'spec/oauth2/access_token_spec.rb' - -# Offense count: 5 -# Configuration parameters: IgnoredMethods, CountRepeatedAttributes. +# Offense count: 6 Metrics/AbcSize: - Max: 47 + Max: 45 -# Offense count: 7 -# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods. -# IgnoredMethods: refine +# Offense count: 6 +# Configuration parameters: CountComments, ExcludedMethods. +# ExcludedMethods: refine Metrics/BlockLength: Max: 35 -# Offense count: 4 -# Configuration parameters: IgnoredMethods. +# Offense count: 3 Metrics/CyclomaticComplexity: - Max: 13 + Max: 11 # Offense count: 8 -# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods. +# Configuration parameters: CountComments, ExcludedMethods. Metrics/MethodLength: Max: 37 # Offense count: 2 -# Configuration parameters: IgnoredMethods. Metrics/PerceivedComplexity: Max: 13 -# Offense count: 9 -# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers. +# Offense count: 2 +# Configuration parameters: EnforcedStyle. # SupportedStyles: snake_case, normalcase, non_integer -# AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339 Naming/VariableNumber: Exclude: - 'spec/oauth2/mac_token_spec.rb' - - 'spec/oauth2/response_spec.rb' - -# Offense count: 2 -# Configuration parameters: MinSize. -Performance/CollectionLiteralInLoop: - Exclude: - - 'spec/oauth2/strategy/auth_code_spec.rb' - - 'spec/oauth2/strategy/client_credentials_spec.rb' -# Offense count: 19 +# Offense count: 8 # Configuration parameters: Prefixes. # Prefixes: when, with, without RSpec/ContextWording: @@ -68,14 +49,3 @@ RSpec/ContextWording: RSpec/LeakyConstantDeclaration: Exclude: - 'spec/oauth2/access_token_spec.rb' - -# Offense count: 29 -# Configuration parameters: AllowSubject. -RSpec/MultipleMemoizedHelpers: - Max: 12 - -# Offense count: 1 -# Cop supports --auto-correct. -Rake/Desc: - Exclude: - - 'Rakefile' diff --git a/Gemfile b/Gemfile index 26200b35..d8911f19 100644 --- a/Gemfile +++ b/Gemfile @@ -24,13 +24,14 @@ platforms :mri do # Danger is incompatible with Faraday 2 (for now) # see: https://github.com/danger/danger/issues/1349 # gem 'danger', '~> 8.4' - gem 'rubocop', '~> 1.22', require: false - gem 'rubocop-md', '~> 1.0', require: false - gem 'rubocop-packaging', '~> 0.5', require: false - gem 'rubocop-performance', '~> 1.11', require: false - gem 'rubocop-rake', '~> 0.6', require: false + gem 'rubocop-md', require: false + gem 'rubocop-ruby2_2', require: false + # Can be added once we reach rubocop-ruby2_3 + # gem 'rubocop-packaging', require: false + gem 'rubocop-performance', require: false + gem 'rubocop-rake', require: false gem 'rubocop-rspec', require: false - gem 'rubocop-thread_safety', '~> 0.4', require: false + gem 'rubocop-thread_safety', require: false end if coverage gem 'codecov', '~> 0.6' # For CodeCov diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index f60c3759..efe8ccd0 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -153,7 +153,7 @@ def request(verb, url, opts = {}) # @param access_token_opts [Hash] access token options, to pass to the AccessToken object # @param access_token_class [Class] class of access token for easier subclassing OAuth2::AccessToken, @version 2.0+ # @return [AccessToken] the initialized AccessToken - def get_token(params, access_token_opts = {}, access_token_class = AccessToken) # rubocop:disable Metrics/PerceivedComplexity + def get_token(params, access_token_opts = {}, access_token_class = AccessToken) params = params.map do |key, value| if RESERVED_PARAM_KEYS.include?(key) [key.to_sym, value] diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 778dff67..97a7905a 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -176,7 +176,7 @@ client = described_class.new('abc', 'def', site: 'https://api.example.com/', auth_scheme: :request_body) do |builder| builder.adapter :test do |stub| stub.post('/oauth/token') do |env| - expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'}) + expect(env.request_headers).to include('CustomHeader' => 'CustomHeader') [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] end end @@ -191,7 +191,7 @@ client = described_class.new('abc', 'def', site: 'https://api.example.com/', auth_scheme: :request_body) do |builder| builder.adapter :test do |stub| stub.post('/oauth/token') do |env| - expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'}) + expect(env.request_headers).to include('CustomHeader' => 'CustomHeader') [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] end end @@ -206,7 +206,7 @@ client = described_class.new('abc', 'def', site: 'https://api.example.com/') do |builder| builder.adapter :test do |stub| stub.post('/oauth/token') do |env| - expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'}) + expect(env.request_headers).to include('CustomHeader' => 'CustomHeader') [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] end end @@ -221,7 +221,7 @@ client = described_class.new('abc', 'def', site: 'https://api.example.com/') do |builder| builder.adapter :test do |stub| stub.post('/oauth/token') do |env| - expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'}) + expect(env.request_headers).to include('CustomHeader' => 'CustomHeader') [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] end end diff --git a/spec/oauth2/snaky_hash_spec.rb b/spec/oauth2/snaky_hash_spec.rb index 1895e284..eb21966f 100644 --- a/spec/oauth2/snaky_hash_spec.rb +++ b/spec/oauth2/snaky_hash_spec.rb @@ -5,7 +5,7 @@ describe '.build' do context 'when build from hash' do - subject { described_class.new({'AccessToken' => '1'}) } + subject { described_class.new('AccessToken' => '1') } it 'create correct snake hash' do expect(subject).to be_a(described_class) diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index a173bdcf..db5e009b 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -176,7 +176,7 @@ end it 'includes other params via request_options' do - client_assertion.get_token(claims, {algorithm: algorithm, key: key}, scope: 'dover sole') + client_assertion.get_token(claims, {algorithm: algorithm, key: key}, {scope: 'dover sole'}) expect(@request_body).not_to be_nil expect(@request_body.keys).to match_array(%i[assertion grant_type scope client_id client_secret]) expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') @@ -199,7 +199,7 @@ end it 'includes other params via request_options' do - client_assertion.get_token(claims, {algorithm: algorithm, key: key}, scope: 'dover sole') + client_assertion.get_token(claims, {algorithm: algorithm, key: key}, {scope: 'dover sole'}) expect(@request_body).not_to be_nil expect(@request_body.keys).to match_array(%i[assertion grant_type scope]) expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') From 8697c6e1ee89b99b259b7ca029a8cbd1a2997953 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 3 May 2022 06:49:52 +0700 Subject: [PATCH 119/645] =?UTF-8?q?=F0=9F=92=9A=20Try=20without=20installi?= =?UTF-8?q?ng=20libcurl4-openssl-dev?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/coverage.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 1d127fa4..eed048c4 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -44,9 +44,6 @@ jobs: runs-on: ubuntu-latest continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - - name: Install cURL Headers - run: sudo apt-get install libcurl4-openssl-dev - - uses: amancevice/setup-code-climate@v0 name: CodeClimate Install if: matrix.ruby == '2.7' && github.event_name != 'pull_request' && always() From 8467e796e41ee5e01413515b622422e6c810fc55 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 3 May 2022 06:53:44 +0700 Subject: [PATCH 120/645] =?UTF-8?q?=F0=9F=92=9A=20Do=20not=20install=20lib?= =?UTF-8?q?curl4-openssl-dev?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/danger.yml | 2 -- .github/workflows/heads.yml | 2 -- .github/workflows/jruby-head.yml | 2 -- .github/workflows/style.yml | 2 -- .github/workflows/supported.yml | 2 -- .github/workflows/unsupported.yml | 2 -- 6 files changed, 12 deletions(-) diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml index c8a4409b..c835a410 100644 --- a/.github/workflows/danger.yml +++ b/.github/workflows/danger.yml @@ -28,8 +28,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - name: Install cURL Headers - run: sudo apt-get install libcurl4-openssl-dev - name: Setup Ruby & Bundle uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/heads.yml b/.github/workflows/heads.yml index 52485801..40587841 100644 --- a/.github/workflows/heads.yml +++ b/.github/workflows/heads.yml @@ -59,8 +59,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - name: Install cURL Headers - run: sudo apt-get install libcurl4-openssl-dev - name: Setup Ruby & Bundle uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/jruby-head.yml b/.github/workflows/jruby-head.yml index d8ee366b..6e56c895 100644 --- a/.github/workflows/jruby-head.yml +++ b/.github/workflows/jruby-head.yml @@ -58,8 +58,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - name: Install cURL Headers - run: sudo apt-get install libcurl4-openssl-dev - name: Setup Ruby & Bundle uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml index e3101dc1..fdf9aaa3 100644 --- a/.github/workflows/style.yml +++ b/.github/workflows/style.yml @@ -32,8 +32,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - name: Install cURL Headers - run: sudo apt-get install libcurl4-openssl-dev - name: Setup Ruby & Bundle uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml index 8843f9c3..069f8d54 100644 --- a/.github/workflows/supported.yml +++ b/.github/workflows/supported.yml @@ -52,8 +52,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - name: Install cURL Headers - run: sudo apt-get install libcurl4-openssl-dev - name: Setup Ruby & Bundle uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml index 22d94b73..40f3949c 100644 --- a/.github/workflows/unsupported.yml +++ b/.github/workflows/unsupported.yml @@ -60,8 +60,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - name: Install cURL Headers - run: sudo apt-get install libcurl4-openssl-dev - name: Setup Ruby & Bundle uses: ruby/setup-ruby@v1 with: From c6a326b80912f3087542ce472dab3c8eb560b764 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Mon, 23 May 2022 19:25:16 +0700 Subject: [PATCH 121/645] =?UTF-8?q?=F0=9F=93=8C=20Use=20rubocop-lts=20to?= =?UTF-8?q?=20pin=20rubocop=20@=20Ruby=202.2=20compat?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .rubocop.yml | 2 +- oauth2.gemspec | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.rubocop.yml b/.rubocop.yml index 4295599c..6c9e1f99 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -3,7 +3,7 @@ inherit_from: - .rubocop_rspec.yml inherit_gem: - rubocop-ruby2_2: rubocop.yml + rubocop-lts: rubocop-lts.yml require: - 'rubocop-md' diff --git a/oauth2.gemspec b/oauth2.gemspec index 02cfb1cd..aa931d58 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -48,5 +48,6 @@ Gem::Specification.new do |spec| spec.add_development_dependency 'rspec-block_is_expected' spec.add_development_dependency 'rspec-pending_for' spec.add_development_dependency 'rspec-stubbed_env' + spec.add_development_dependency 'rubocop-lts', '~> 8.0' spec.add_development_dependency 'silent_stream' end From 7e5cd6c230db50ea981f965e4e95b4f3f190efd5 Mon Sep 17 00:00:00 2001 From: Alice-Qiu <67429666+Alice-Qiu@users.noreply.github.com> Date: Thu, 2 Jun 2022 22:41:53 -0400 Subject: [PATCH 122/645] =?UTF-8?q?=F0=9F=94=80=20Allow=20api=20response?= =?UTF-8?q?=20with=20'token'=20accepted=20same=20as=20access=5Ftoken=20(#5?= =?UTF-8?q?19)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add token in get_token * include token in the from_hash method Co-authored-by: sqiu --- lib/oauth2/access_token.rb | 2 +- lib/oauth2/client.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 42514eaf..a6a2ac93 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -13,7 +13,7 @@ class << self # @return [AccessToken] the initialized AccessToken def from_hash(client, hash) hash = hash.dup - new(client, hash.delete('access_token') || hash.delete(:access_token), hash) + new(client, hash.delete('access_token') || hash.delete(:access_token) || hash.delete('token') || hash.delete(:token), hash) end # Initializes an AccessToken from a key/value application/x-www-form-urlencoded string diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index efe8ccd0..4f370aa9 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -177,7 +177,7 @@ def get_token(params, access_token_opts = {}, access_token_class = AccessToken) http_method = :post if http_method == :post_with_query_string response = request(http_method, token_url, opts) response_contains_token = response.parsed.is_a?(Hash) && - (response.parsed['access_token'] || response.parsed['id_token']) + (response.parsed['access_token'] || response.parsed['id_token'] || response.parsed['token']) if options[:raise_errors] && !response_contains_token error = Error.new(response) From c7c65d0ef44aca26373b75e3c1e6154381602e08 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Tue, 7 Jun 2022 22:21:06 -0700 Subject: [PATCH 123/645] Drop support for MAC tokens (#589) * Drop support for MAC tokens MAC tokens never worked properly since the secret was never extracted from the authorization payload. https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-http-mac-05 never made it as a standard, and as far as I can tell, there is virtually no support on the server side for this either. Closes #248 Signed-off-by: Stan Hu * Regenerate Rubocop TODO * Disable Rubocop rules in Client#get_token This is a pre-existing condition. --- .rubocop_todo.yml | 11 +-- lib/oauth2.rb | 1 - lib/oauth2/client.rb | 2 +- lib/oauth2/mac_token.rb | 126 ------------------------------ spec/oauth2/mac_token_spec.rb | 140 ---------------------------------- 5 files changed, 3 insertions(+), 277 deletions(-) delete mode 100644 lib/oauth2/mac_token.rb delete mode 100644 spec/oauth2/mac_token_spec.rb diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index faae4159..4bca8a87 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,6 +1,6 @@ # This configuration was generated by # `rubocop --auto-gen-config` -# on 2022-05-03 05:36:47 +0700 using RuboCop version 0.68.1. +# on 2022-06-07 21:06:40 -0700 using RuboCop version 0.68.1. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new @@ -20,7 +20,7 @@ Metrics/BlockLength: Metrics/CyclomaticComplexity: Max: 11 -# Offense count: 8 +# Offense count: 7 # Configuration parameters: CountComments, ExcludedMethods. Metrics/MethodLength: Max: 37 @@ -29,13 +29,6 @@ Metrics/MethodLength: Metrics/PerceivedComplexity: Max: 13 -# Offense count: 2 -# Configuration parameters: EnforcedStyle. -# SupportedStyles: snake_case, normalcase, non_integer -Naming/VariableNumber: - Exclude: - - 'spec/oauth2/mac_token_spec.rb' - # Offense count: 8 # Configuration parameters: Prefixes. # Prefixes: when, with, without diff --git a/lib/oauth2.rb b/lib/oauth2.rb index d38069f9..40d76102 100644 --- a/lib/oauth2.rb +++ b/lib/oauth2.rb @@ -20,7 +20,6 @@ require 'oauth2/strategy/client_credentials' require 'oauth2/strategy/assertion' require 'oauth2/access_token' -require 'oauth2/mac_token' require 'oauth2/response' # The namespace of this library diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 4f370aa9..88441224 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -153,7 +153,7 @@ def request(verb, url, opts = {}) # @param access_token_opts [Hash] access token options, to pass to the AccessToken object # @param access_token_class [Class] class of access token for easier subclassing OAuth2::AccessToken, @version 2.0+ # @return [AccessToken] the initialized AccessToken - def get_token(params, access_token_opts = {}, access_token_class = AccessToken) + def get_token(params, access_token_opts = {}, access_token_class = AccessToken) # rubocop:disable Metrics/PerceivedComplexity params = params.map do |key, value| if RESERVED_PARAM_KEYS.include?(key) [key.to_sym, value] diff --git a/lib/oauth2/mac_token.rb b/lib/oauth2/mac_token.rb deleted file mode 100644 index 34092eee..00000000 --- a/lib/oauth2/mac_token.rb +++ /dev/null @@ -1,126 +0,0 @@ -# frozen_string_literal: true - -require 'base64' -require 'digest' -require 'openssl' -require 'securerandom' - -module OAuth2 - class MACToken < AccessToken - # Generates a MACToken from an AccessToken and secret - # - # @param [AccessToken] token the OAuth2::Token instance - # @option [String] secret the secret key value - # @param [Hash] options the options to create the Access Token with - # @see MACToken#initialize - def self.from_access_token(token, secret, options = {}) - new(token.client, token.token, secret, token.params.merge(refresh_token: token.refresh_token, expires_in: token.expires_in, expires_at: token.expires_at).merge(options)) - end - - attr_reader :secret, :algorithm - - # Initialize a MACToken - # - # @param [Client] client the OAuth2::Client instance - # @param [String] token the Access Token value - # @option [String] secret the secret key value - # @param [Hash] opts the options to create the Access Token with - # @option opts [String] :refresh_token (nil) the refresh_token value - # @option opts [FixNum, String] :expires_in (nil) the number of seconds in which the AccessToken will expire - # @option opts [FixNum, String] :expires_at (nil) the epoch time in seconds in which AccessToken will expire - # @option opts [FixNum, String] :algorithm (hmac-sha-256) the algorithm to use for the HMAC digest (one of 'hmac-sha-256', 'hmac-sha-1') - def initialize(client, token, secret, opts = {}) - @secret = secret - @seq_nr = SecureRandom.random_number(2**64) - @kid = opts.delete(:kid) || Base64.strict_encode64(Digest::SHA1.digest(token)) - - self.algorithm = opts.delete(:algorithm) || 'hmac-sha-256' - - super(client, token, opts) - end - - # Make a request with the MAC Token - # - # @param [Symbol] verb the HTTP request method - # @param [String] path the HTTP URL path of the request - # @param [Hash] opts the options to make the request with - # @see Client#request - def request(verb, path, opts = {}, &block) - url = client.connection.build_url(https://github.com/path,%20opts[:params]).to_s - - opts[:headers] ||= {} - opts[:headers]['Authorization'] = header(verb, url) - - @client.request(verb, path, opts, &block) - end - - # Get the headers hash (always an empty hash) - def headers - {} - end - - # Generate the MAC header - # - # @param [Symbol] verb the HTTP request method - # @param [String] url the HTTP URL path of the request - def header(verb, url) - timestamp = (Time.now.to_f * 1000).floor - @seq_nr = (@seq_nr + 1) % (2**64) - - uri = URI(url) - - raise(ArgumentError, "could not parse \"#{url}\" into URI") unless uri.is_a?(URI::HTTP) - - mac = signature(timestamp, verb, uri) - - "MAC kid=\"#{@kid}\", ts=\"#{timestamp}\", seq-nr=\"#{@seq_nr}\", mac=\"#{mac}\"" - end - - # Generate the Base64-encoded HMAC digest signature - # - # @param [Fixnum] timestamp the timestamp of the request in seconds since epoch - # @param [Symbol] verb the HTTP request method - # @param [URI::HTTP] uri the HTTP URL path of the request - def signature(timestamp, verb, uri) - signature = [ - "#{verb.to_s.upcase} #{uri.request_uri} HTTP/1.1", - timestamp, - @seq_nr, - '', - ].join("\n") - - Base64.strict_encode64(OpenSSL::HMAC.digest(@algorithm, secret, signature)) - end - - # Set the HMAC algorithm - # - # @param [String] alg the algorithm to use (one of 'hmac-sha-1', 'hmac-sha-256') - def algorithm=(alg) - @algorithm = begin - case alg.to_s - when 'hmac-sha-1' - begin - OpenSSL::Digest('SHA1').new - rescue StandardError - OpenSSL::Digest.new('SHA1') - end - when 'hmac-sha-256' - begin - OpenSSL::Digest('SHA256').new - rescue StandardError - OpenSSL::Digest.new('SHA256') - end - else - raise(ArgumentError, 'Unsupported algorithm') - end - end - end - - private - - # No-op since we need the verb and path - # and the MAC always goes in a header - def token=(_noop) - end - end -end diff --git a/spec/oauth2/mac_token_spec.rb b/spec/oauth2/mac_token_spec.rb deleted file mode 100644 index cdacba3b..00000000 --- a/spec/oauth2/mac_token_spec.rb +++ /dev/null @@ -1,140 +0,0 @@ -# frozen_string_literal: true - -RSpec.describe OAuth2::MACToken do - subject { described_class.new(client, token, 'abc123', kid: kid) } - - let(:kid) { 'this-token' } - let(:token) { 'monkey' } - let(:client) do - OAuth2::Client.new('abc', 'def', site: 'https://api.example.com/') do |builder| - builder.request :url_encoded - builder.adapter :test do |stub| - VERBS.each do |verb| - stub.send(verb, '/token/header') { |env| [200, {}, env[:request_headers]['Authorization']] } - end - end - end - end - - describe '#initialize' do - it 'assigns client and token' do - expect(subject.client).to eq(client) - expect(subject.token).to eq(token) - end - - it 'assigns secret' do - expect(subject.secret).to eq('abc123') - end - - it 'defaults algorithm to hmac-sha-256' do - expect(subject.algorithm).to be_instance_of(OpenSSL::Digest('SHA256')) - end - - it 'handles hmac-sha-256' do - mac = described_class.new(client, token, 'abc123', algorithm: 'hmac-sha-256') - expect(mac.algorithm).to be_instance_of(OpenSSL::Digest('SHA256')) - end - - it 'handles hmac-sha-1' do - mac = described_class.new(client, token, 'abc123', algorithm: 'hmac-sha-1') - expect(mac.algorithm).to be_instance_of(OpenSSL::Digest('SHA1')) - end - - it 'raises on improper algorithm' do - expect { described_class.new(client, token, 'abc123', algorithm: 'invalid-sha') }.to raise_error(ArgumentError) - end - end - - describe '#request' do - VERBS.each do |verb| - it "sends the token in the Authorization header for a #{verb.to_s.upcase} request" do - expect(subject.post('/token/header').body).to include("MAC kid=\"#{kid}\"") - end - end - end - - describe '#header' do - it 'does not generate the same header twice' do - header = subject.header('get', 'https://www.example.com/hello') - duplicate_header = subject.header('get', 'https://www.example.com/hello') - - expect(header).not_to eq(duplicate_header) - end - - it 'generates the proper format' do - header = subject.header('get', 'https://www.example.com/hello?a=1') - expect(header).to match(/MAC kid="#{kid}", ts="[0-9]+", seq-nr="[^"]+", mac="[^"]+"/) - end - - it 'passes ArgumentError with an invalid url' do - expect { subject.header('get', 'this-is-not-valid') }.to raise_error(ArgumentError) - end - - it 'passes URI::InvalidURIError through' do - expect { subject.header('get', '\\') }.to raise_error(URI::InvalidURIError) - end - - it 'passes ArgumentError with nil url' do - expect { subject.header('get', nil) }.to raise_error(ArgumentError) - end - - it 'change seq-nr' do - header = subject.header('get', 'https://www.example.com/hello?a=1') - seq_nr_1 = header.match(/MAC kid="#{kid}", ts="[0-9]+", seq-nr="([^"]+)", mac="[^"]+"/)[1] - - header = subject.header('get', 'https://www.example.com/hello?a=1') - seq_nr_2 = header.match(/MAC kid="#{kid}", ts="[0-9]+", seq-nr="([^"]+)", mac="[^"]+"/)[1] - - expect(seq_nr_1).not_to be_empty - expect(seq_nr_2).not_to be_empty - expect(seq_nr_2).not_to eq(seq_nr_1) - end - end - - describe '#signature' do - let(:seq_nr_0) { 0 } - - before { allow(SecureRandom).to receive(:random_number).and_return(seq_nr_0) } - - it 'generates properly' do - signature = subject.signature(0, 'get', URI('https://www.google.com/')) - expect(signature).to eq('ZdY7fRIXlCxKBVWMwv8jH53qxekdQ/I9TmOuszZ1Zvc=') - end - end - - describe '#headers' do - it 'is an empty hash' do - expect(subject.headers).to eq({}) - end - end - - describe '.from_access_token' do - subject { described_class.from_access_token(access_token, 'hello') } - - let(:access_token) do - OAuth2::AccessToken.new( - client, token, - expires_at: 1, - expires_in: 1, - refresh_token: 'abc', - random: 1 - ) - end - - it 'initializes client, token, and secret properly' do - expect(subject.client).to eq(client) - expect(subject.token).to eq(token) - expect(subject.secret).to eq('hello') - end - - it 'initializes configuration options' do - expect(subject.expires_at).to eq(1) - expect(subject.expires_in).to eq(1) - expect(subject.refresh_token).to eq('abc') - end - - it 'initializes params' do - expect(subject.params).to eq(random: 1) - end - end -end From bc0819f79419b10849b748791ceff92361498259 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Tue, 7 Jun 2022 22:21:22 -0700 Subject: [PATCH 124/645] =?UTF-8?q?=F0=9F=94=80=20Drop=20multi=5Fjson=20de?= =?UTF-8?q?pendency=20(#590)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As discussed in https://github.com/oauth-xx/oauth2/issues/579#issuecomment-1084174454, the Ruby JSON stdlib module should be good enough. Closes #579 --- lib/oauth2/response.rb | 8 ++++++-- oauth2.gemspec | 1 - spec/oauth2/access_token_spec.rb | 4 ++-- spec/oauth2/client_spec.rb | 24 ++++++++++++------------ spec/oauth2/error_spec.rb | 2 +- spec/oauth2/response_spec.rb | 17 ++++++++--------- spec/oauth2/strategy/auth_code_spec.rb | 4 ++-- 7 files changed, 31 insertions(+), 29 deletions(-) diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index 610cf865..d81b8e7b 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -require 'multi_json' +require 'json' require 'multi_xml' require 'rack' @@ -129,5 +129,9 @@ def parser end OAuth2::Response.register_parser(:json, ['application/json', 'text/javascript', 'application/hal+json', 'application/vnd.collection+json', 'application/vnd.api+json', 'application/problem+json']) do |body| - MultiJson.decode(body) + if body.respond_to?(:force_encoding) + body = body.dup.force_encoding(::Encoding::ASCII_8BIT) + end + + ::JSON.parse(body) end diff --git a/oauth2.gemspec b/oauth2.gemspec index aa931d58..35f4d7ef 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -8,7 +8,6 @@ require 'oauth2/version' Gem::Specification.new do |spec| spec.add_dependency 'faraday', ['>= 0.17.3', '< 3.0'] spec.add_dependency 'jwt', ['>= 1.0', '< 3.0'] - spec.add_dependency 'multi_json', '~> 1.3' spec.add_dependency 'multi_xml', '~> 0.5' spec.add_dependency 'rack', ['>= 1.2', '< 3'] spec.add_dependency 'rash_alt', ['>= 0.4', '< 1'] diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 12a772e5..3ae289dc 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -4,7 +4,7 @@ subject { described_class.new(client, token) } let(:token) { 'monkey' } - let(:refresh_body) { MultiJson.encode(access_token: 'refreshed_foo', expires_in: 600, refresh_token: 'refresh_bar') } + let(:refresh_body) { JSON.dump(access_token: 'refreshed_foo', expires_in: 600, refresh_token: 'refresh_bar') } let(:client) do OAuth2::Client.new('abc', 'def', site: 'https://api.example.com/') do |builder| builder.request :url_encoded @@ -249,7 +249,7 @@ def assert_initialized_token(target) end context 'with a nil refresh_token in the response' do - let(:refresh_body) { MultiJson.encode(access_token: 'refreshed_foo', expires_in: 600, refresh_token: nil) } + let(:refresh_body) { JSON.dump(access_token: 'refreshed_foo', expires_in: 600, refresh_token: nil) } it 'copies the refresh_token from the original token' do refreshed = access.refresh diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 97a7905a..5e5e000d 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -10,15 +10,15 @@ stub.get('/success') { |_env| [200, {'Content-Type' => 'text/awesome'}, 'yay'] } stub.get('/reflect') { |env| [200, {}, env[:body]] } stub.post('/reflect') { |env| [200, {}, env[:body]] } - stub.get('/unauthorized') { |_env| [401, {'Content-Type' => 'application/json'}, MultiJson.encode(error: error_value, error_description: error_description_value)] } + stub.get('/unauthorized') { |_env| [401, {'Content-Type' => 'application/json'}, JSON.dump(error: error_value, error_description: error_description_value)] } stub.get('/conflict') { |_env| [409, {'Content-Type' => 'text/plain'}, 'not authorized'] } stub.get('/redirect') { |_env| [302, {'Content-Type' => 'text/plain', 'location' => '/success'}, ''] } stub.get('/redirect_no_loc') { |_env| [302, {'Content-Type' => 'text/plain'}, ''] } stub.post('/redirect') { |_env| [303, {'Content-Type' => 'text/plain', 'location' => '/reflect'}, ''] } stub.get('/error') { |_env| [500, {'Content-Type' => 'text/plain'}, 'unknown error'] } stub.get('/empty_get') { |_env| [204, {}, nil] } - stub.get('/different_encoding') { |_env| [500, {'Content-Type' => 'application/json'}, NKF.nkf('-We', MultiJson.encode(error: error_value, error_description: '∞'))] } - stub.get('/ascii_8bit_encoding') { |_env| [500, {'Content-Type' => 'application/json'}, MultiJson.encode(error: 'invalid_request', error_description: 'é').force_encoding('ASCII-8BIT')] } + stub.get('/different_encoding') { |_env| [500, {'Content-Type' => 'application/json'}, NKF.nkf('-We', JSON.dump(error: error_value, error_description: '∞'))] } + stub.get('/ascii_8bit_encoding') { |_env| [500, {'Content-Type' => 'application/json'}, JSON.dump(error: 'invalid_request', error_description: 'é').force_encoding('ASCII-8BIT')] } end end end @@ -418,7 +418,7 @@ it 'returns a configured AccessToken' do client = stubbed_client do |stub| stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] + [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] end end @@ -430,7 +430,7 @@ it 'authenticates with request parameters' do client = stubbed_client(auth_scheme: :request_body) do |stub| stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def') do |_env| - [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] + [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] end end client.get_token({}) @@ -441,7 +441,7 @@ stub.post('/oauth/token') do |env| raise Faraday::Adapter::Test::Stubs::NotFound unless env[:request_headers]['Authorization'] == OAuth2::Authenticator.encode_basic_auth('abc', 'def') - [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] + [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] end end client.get_token({}) @@ -450,7 +450,7 @@ it 'sets the response object on the access token' do client = stubbed_client do |stub| stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] + [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] end end @@ -471,8 +471,8 @@ end end - it 'raises error MultiJson::ParseError' do - block_is_expected { get_token }.to raise_error(MultiJson::ParseError) + it 'raises error JSON::ParserError' do + block_is_expected { get_token }.to raise_error(JSON::ParserError) end end @@ -480,7 +480,7 @@ it 'returns the parsed :access_token from body' do client = stubbed_client do |stub| stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] + [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] end end @@ -494,7 +494,7 @@ it 'forwards given token parameters' do client = stubbed_client(auth_scheme: :request_body) do |stub| stub.post('/oauth/token', 'arbitrary' => 'parameter', 'client_id' => 'abc', 'client_secret' => 'def') do |_env| - [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] + [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] end end client.get_token('arbitrary' => 'parameter') @@ -504,7 +504,7 @@ it 'uses the http post method and passes parameters in the query string' do client = stubbed_client(token_method: :post_with_query_string) do |stub| stub.post('/oauth/token?state=abc123') do |_env| - [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] + [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] end end client.get_token('state' => 'abc123') diff --git a/spec/oauth2/error_spec.rb b/spec/oauth2/error_spec.rb index 989c68f7..a6d5ecb5 100644 --- a/spec/oauth2/error_spec.rb +++ b/spec/oauth2/error_spec.rb @@ -56,7 +56,7 @@ end context 'when the response needs to be encoded' do - let(:response_body) { MultiJson.encode(response_hash).force_encoding('ASCII-8BIT') } + let(:response_body) { JSON.dump(response_hash).force_encoding('ASCII-8BIT') } context 'with invalid characters present' do before do diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb index 0a08dcbf..d028e5a9 100644 --- a/spec/oauth2/response_spec.rb +++ b/spec/oauth2/response_spec.rb @@ -111,21 +111,21 @@ context 'when application/json' do let(:content_type) { 'application/json' } - let(:body) { MultiJson.encode(foo: 'bar', answer: 42, krill: nil, zero: 0, malign: false, shine: true) } + let(:body) { JSON.dump(foo: 'bar', answer: 42, krill: nil, zero: 0, malign: false, shine: true) } it_behaves_like 'parsing JSON-like' end context 'when application/Json' do let(:content_type) { 'application/Json' } - let(:body) { MultiJson.encode(foo: 'bar', answer: 42, krill: nil, zero: 0, malign: false, shine: true) } + let(:body) { JSON.dump(foo: 'bar', answer: 42, krill: nil, zero: 0, malign: false, shine: true) } it_behaves_like 'parsing JSON-like' end context 'when application/hal+json' do let(:content_type) { 'application/hal+json' } - let(:body) { MultiJson.encode(foo: 'bar', answer: 42, krill: nil, zero: 0, malign: false, shine: true) } + let(:body) { JSON.dump(foo: 'bar', answer: 42, krill: nil, zero: 0, malign: false, shine: true) } it_behaves_like 'parsing JSON-like' end @@ -171,7 +171,7 @@ it 'parses application/vnd.collection+json body' do headers = {'Content-Type' => 'application/vnd.collection+json'} - body = MultiJson.encode(collection: {}) + body = JSON.dump(collection: {}) response = double('response', headers: headers, body: body) subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(1) @@ -179,7 +179,7 @@ it 'parses application/vnd.api+json body' do headers = {'Content-Type' => 'application/vnd.api+json'} - body = MultiJson.encode(collection: {}) + body = JSON.dump(collection: {}) response = double('response', headers: headers, body: body) subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(1) @@ -187,7 +187,7 @@ it 'parses application/problem+json body' do headers = {'Content-Type' => 'application/problem+json'} - body = MultiJson.encode(type: 'https://tools.ietf.org/html/rfc7231#section-6.5.4', title: 'Not Found') + body = JSON.dump(type: 'https://tools.ietf.org/html/rfc7231#section-6.5.4', title: 'Not Found') response = double('response', headers: headers, body: body) subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(2) @@ -201,8 +201,7 @@ response = double('response', headers: headers, body: body) - expect(MultiJson).not_to receive(:decode) - expect(MultiJson).not_to receive(:load) + expect(JSON).not_to receive(:parse) expect(Rack::Utils).not_to receive(:parse_query) subject = described_class.new(response) @@ -211,7 +210,7 @@ it 'snakecases json keys when parsing' do headers = {'Content-Type' => 'application/json'} - body = MultiJson.encode('accessToken' => 'bar', 'MiGever' => 'Ani') + body = JSON.dump('accessToken' => 'bar', 'MiGever' => 'Ani') response = double('response', headers: headers, body: body) subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(2) diff --git a/spec/oauth2/strategy/auth_code_spec.rb b/spec/oauth2/strategy/auth_code_spec.rb index 3f958eaa..b915bf60 100644 --- a/spec/oauth2/strategy/auth_code_spec.rb +++ b/spec/oauth2/strategy/auth_code_spec.rb @@ -7,7 +7,7 @@ let(:code) { 'sushi' } let(:kvform_token) { 'expires_in=600&access_token=salmon&refresh_token=trout&extra_param=steve' } let(:facebook_token) { kvform_token.gsub('_in', '') } - let(:json_token) { MultiJson.encode(expires_in: 600, access_token: 'salmon', refresh_token: 'trout', extra_param: 'steve') } + let(:json_token) { JSON.dump(expires_in: 600, access_token: 'salmon', refresh_token: 'trout', extra_param: 'steve') } let(:redirect_uri) { 'http://example.com/redirect_uri' } let(:microsoft_token) { 'id_token=jwt' } @@ -86,7 +86,7 @@ end describe '#get_token (handling utf-8 data)' do - let(:json_token) { MultiJson.encode(expires_in: 600, access_token: 'salmon', refresh_token: 'trout', extra_param: 'André') } + let(:json_token) { JSON.dump(expires_in: 600, access_token: 'salmon', refresh_token: 'trout', extra_param: 'André') } before do @mode = 'json' From 86be4cac4145c55aed90769e1406c88812593832 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Thu, 9 Jun 2022 04:56:08 -0700 Subject: [PATCH 125/645] =?UTF-8?q?=F0=9F=94=80=20Backport=20extract=5Facc?= =?UTF-8?q?ess=5Ftoken=20option=20to=20OAuth2::Client=20(#591)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This pulls in the changes in #518 from the `1-4-stable` and deprecates the `extract_access_token` option in favor of the `access_token_class`. We move the `access_token_class` as a keyword argument to `get_token` to avoid having to do dynamic argument checking due to the legacy `extract_access_token` argument. `access_token_class` is now responsible for implementing two methods: - `.from_hash` - `.contains_token?` Closes #582 --- lib/oauth2/access_token.rb | 8 +++-- lib/oauth2/client.rb | 74 ++++++++++++++++++++++++++++---------- lib/oauth2/response.rb | 4 +-- spec/oauth2/client_spec.rb | 63 +++++++++++++++++++++++++++++++- 4 files changed, 124 insertions(+), 25 deletions(-) diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index a6a2ac93..ec85509a 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module OAuth2 - class AccessToken + class AccessToken # rubocop:disable Metrics/ClassLength attr_reader :client, :token, :expires_in, :expires_at, :expires_latency, :params attr_accessor :options, :refresh_token, :response @@ -24,6 +24,10 @@ def from_hash(client, hash) def from_kvform(client, kvform) from_hash(client, Rack::Utils.parse_query(kvform)) end + + def contains_token?(hash) + hash.key?('access_token') || hash.key?('id_token') || hash.key?('token') + end end # Initialize an AccessToken @@ -89,7 +93,7 @@ def refresh(params = {}, access_token_opts = {}, access_token_class = self.class params[:grant_type] = 'refresh_token' params[:refresh_token] = refresh_token - new_token = @client.get_token(params, access_token_opts, access_token_class) + new_token = @client.get_token(params, access_token_opts, access_token_class: access_token_class) new_token.options = options new_token.refresh_token = refresh_token unless new_token.refresh_token new_token diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 88441224..c8e564a0 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -30,6 +30,7 @@ class Client # rubocop:disable Metrics/ClassLength # @option options [FixNum] :max_redirects (5) maximum number of redirects to follow # @option options [Boolean] :raise_errors (true) whether or not to raise an OAuth2::Error on responses with 400+ status codes # @option options [Logger] :logger (::Logger.new($stdout)) which logger to use when OAUTH_DEBUG is enabled + # @option options [Proc] :extract_access_token proc that takes the client and the response Hash and extracts the access token from the response (DEPRECATED) # @yield [builder] The Faraday connection builder def initialize(client_id, client_secret, options = {}, &block) opts = options.dup @@ -37,15 +38,18 @@ def initialize(client_id, client_secret, options = {}, &block) @secret = client_secret @site = opts.delete(:site) ssl = opts.delete(:ssl) - @options = {authorize_url: 'oauth/authorize', - token_url: 'oauth/token', - token_method: :post, - auth_scheme: :basic_auth, - connection_opts: {}, - connection_build: block, - max_redirects: 5, - raise_errors: true, - logger: ::Logger.new($stdout)}.merge!(opts) + + @options = { + authorize_url: 'oauth/authorize', + token_url: 'oauth/token', + token_method: :post, + auth_scheme: :basic_auth, + connection_opts: {}, + connection_build: block, + max_redirects: 5, + raise_errors: true, + logger: ::Logger.new($stdout), + }.merge(opts) @options[:connection_opts][:ssl] = ssl if ssl end @@ -151,9 +155,10 @@ def request(verb, url, opts = {}) # # @param params [Hash] a Hash of params for the token endpoint # @param access_token_opts [Hash] access token options, to pass to the AccessToken object + # @param extract_access_token [Proc] proc that extracts the access token from the response (DEPRECATED) # @param access_token_class [Class] class of access token for easier subclassing OAuth2::AccessToken, @version 2.0+ # @return [AccessToken] the initialized AccessToken - def get_token(params, access_token_opts = {}, access_token_class = AccessToken) # rubocop:disable Metrics/PerceivedComplexity + def get_token(params, access_token_opts = {}, extract_access_token = options[:extract_access_token], access_token_class: AccessToken) params = params.map do |key, value| if RESERVED_PARAM_KEYS.include?(key) [key.to_sym, value] @@ -176,17 +181,15 @@ def get_token(params, access_token_opts = {}, access_token_class = AccessToken) http_method = options[:token_method] http_method = :post if http_method == :post_with_query_string response = request(http_method, token_url, opts) - response_contains_token = response.parsed.is_a?(Hash) && - (response.parsed['access_token'] || response.parsed['id_token'] || response.parsed['token']) - if options[:raise_errors] && !response_contains_token - error = Error.new(response) - raise(error) - elsif !response_contains_token - return nil + # In v1.49, the deprecated extract_access_token option retrieves the token from the response. + # We preserve this behavior here, but a custom access_token_class that implements #from_hash + # should be used instead. + if extract_access_token + parse_response_with_legacy_extract(response, access_token_opts, extract_access_token) + else + parse_response(response, access_token_opts, access_token_class) end - - build_access_token(response, access_token_opts, access_token_class) end # The Authorization Code strategy @@ -254,6 +257,30 @@ def authenticator Authenticator.new(id, secret, options[:auth_scheme]) end + def parse_response_with_legacy_extract(response, access_token_opts, extract_access_token) + access_token = build_access_token_legacy_extract(response, access_token_opts, extract_access_token) + + return access_token if access_token + + if options[:raise_errors] + error = Error.new(response) + raise(error) + end + + nil + end + + def parse_response(response, access_token_opts, access_token_class) + data = response.parsed + + if options[:raise_errors] && data.is_a?(Hash) && !access_token_class.contains_token?(data) + error = Error.new(response) + raise(error) + end + + build_access_token(response, access_token_opts, access_token_class) + end + # Builds the access token from the response of the HTTP call # # @return [AccessToken] the initialized AccessToken @@ -263,6 +290,15 @@ def build_access_token(response, access_token_opts, access_token_class) end end + # Builds the access token from the response of the HTTP call with legacy extract_access_token + # + # @return [AccessToken] the initialized AccessToken + def build_access_token_legacy_extract(response, access_token_opts, extract_access_token) + extract_access_token.call(self, response.parsed.merge(access_token_opts)) + rescue StandardError + nil + end + def oauth_debug_logging(builder) builder.response :logger, options[:logger], bodies: true if ENV['OAUTH_DEBUG'] == 'true' end diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index d81b8e7b..d34d6e70 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -129,9 +129,7 @@ def parser end OAuth2::Response.register_parser(:json, ['application/json', 'text/javascript', 'application/hal+json', 'application/vnd.collection+json', 'application/vnd.api+json', 'application/problem+json']) do |body| - if body.respond_to?(:force_encoding) - body = body.dup.force_encoding(::Encoding::ASCII_8BIT) - end + body = body.dup.force_encoding(::Encoding::ASCII_8BIT) if body.respond_to?(:force_encoding) ::JSON.parse(body) end diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 5e5e000d..6b5f6fe3 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -463,10 +463,11 @@ context 'when the request body is nil' do subject(:get_token) { client.get_token({}) } + let(:status_code) { 500 } let(:client) do stubbed_client(raise_errors: false) do |stub| stub.post('/oauth/token') do - [500, {'Content-Type' => 'application/json'}, nil] + [status_code, {'Content-Type' => 'application/json'}, nil] end end end @@ -474,6 +475,15 @@ it 'raises error JSON::ParserError' do block_is_expected { get_token }.to raise_error(JSON::ParserError) end + + context 'when extract_access_token raises an exception' do + let(:status_code) { 200 } + let(:extract_proc) { proc { |client, hash| raise ArgumentError } } + + it 'returns a nil :access_token' do + expect(client.get_token({}, {}, extract_proc)).to eq(nil) + end + end end context 'when the request body is not nil' do @@ -491,6 +501,57 @@ end end + describe 'with custom access_token_class option' do + let(:client) do + stubbed_client do |stub| + stub.post('/oauth/token') do + [200, {'Content-Type' => 'application/json'}, JSON.dump('custom_token' => 'the-token')] + end + end + end + + before do + custom_class = Class.new(OAuth2::AccessToken) do + def self.from_hash(client, hash) + new(client, hash.delete('custom_token')) + end + + def self.contains_token?(hash) + hash.key?('custom_token') + end + end + + stub_const('CustomAccessToken', custom_class) + end + + it 'returns the parsed :custom_token from body' do + client.get_token({}, {}, {access_token_class: CustomAccessToken}) + end + end + + describe 'with extract_access_token option' do + let(:client) do + stubbed_client(extract_access_token: extract_access_token) do |stub| + stub.post('/oauth/token') do + [200, {'Content-Type' => 'application/json'}, JSON.dump('data' => {'access_token' => 'the-token'})] + end + end + end + + let(:extract_access_token) do + proc do |client, hash| + token = hash['data']['access_token'] + OAuth2::AccessToken.new(client, token, hash) + end + end + + it 'returns a configured AccessToken' do + token = client.get_token({}) + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq('the-token') + end + end + it 'forwards given token parameters' do client = stubbed_client(auth_scheme: :request_body) do |stub| stub.post('/oauth/token', 'arbitrary' => 'parameter', 'client_id' => 'abc', 'client_secret' => 'def') do |_env| From f4a423362a78d6f9e95c9bba93dc99d89d7a1934 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Thu, 9 Jun 2022 13:23:08 -0700 Subject: [PATCH 126/645] =?UTF-8?q?=F0=9F=94=80=20Fix=20specs=20failing=20?= =?UTF-8?q?in=20Ruby=203.0+=20(#592)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fix specs failing in Ruby 3.0+ * Add tests for OAuth2::Version This will increase the code coverage a bit. * Add spec to cover raise_errors case This will fill in some code coverage gaps when the response is missing a token. --- spec/oauth2/client_spec.rb | 18 ++++++++++++++---- spec/oauth2/version_spec.rb | 24 ++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 6b5f6fe3..1314e64f 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -502,10 +502,11 @@ end describe 'with custom access_token_class option' do + let(:payload) { {'custom_token' => 'the-token'} } let(:client) do stubbed_client do |stub| stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, JSON.dump('custom_token' => 'the-token')] + [200, {'Content-Type' => 'application/json'}, JSON.dump(payload)] end end end @@ -525,7 +526,16 @@ def self.contains_token?(hash) end it 'returns the parsed :custom_token from body' do - client.get_token({}, {}, {access_token_class: CustomAccessToken}) + client.get_token({}, {}, nil, access_token_class: CustomAccessToken) + end + + context 'when the :raise_errors flag is set to true' do + let(:options) { {raise_errors: true} } + let(:payload) { {} } + + it 'raise an error' do + expect { client.get_token({}, {}, nil, access_token_class: CustomAccessToken) }.to raise_error(OAuth2::Error) + end end end @@ -558,7 +568,7 @@ def self.contains_token?(hash) [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] end end - client.get_token('arbitrary' => 'parameter') + client.get_token({'arbitrary' => 'parameter'}) # rubocop:disable Style/BracesAroundHashParameters end context 'when token_method is set to post_with_query_string' do @@ -568,7 +578,7 @@ def self.contains_token?(hash) [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] end end - client.get_token('state' => 'abc123') + client.get_token({'state' => 'abc123'}) # rubocop:disable Style/BracesAroundHashParameters end end diff --git a/spec/oauth2/version_spec.rb b/spec/oauth2/version_spec.rb index cccab2c0..cf64c7a4 100644 --- a/spec/oauth2/version_spec.rb +++ b/spec/oauth2/version_spec.rb @@ -20,4 +20,28 @@ it 'is pre-release' do expect(Gem::Version.new(described_class).prerelease?).to be(true) end + + it 'major version is an integer' do + expect(described_class.major).to be_a(Integer) + end + + it 'minor version is an integer' do + expect(described_class.minor).to be_a(Integer) + end + + it 'patch version is an integer' do + expect(described_class.patch).to be_a(Integer) + end + + it 'pre version is an String' do + expect(described_class.pre).to be_a(String) + end + + it 'returns a Hash' do + expect(described_class.to_h.keys).to match_array(%i[major minor patch pre]) + end + + it 'returns an Array' do + expect(described_class.to_a).to be_a(Array) + end end From 02998b1919faebaad3f2065f3677e5af46d4c6af Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Thu, 9 Jun 2022 22:43:48 -0700 Subject: [PATCH 127/645] =?UTF-8?q?=F0=9F=94=80=20Drop=20IETF=20MAC=20Draf?= =?UTF-8?q?t=2005=20CHANGELOG=20entry=20(#593)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We dropped MAC token support completely since the draft never made it as a standard, nor is it supported by any major OAuth provider. --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e83c8cd2..7783dd26 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,7 +25,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#413](https://github.com/oauth-xx/oauth2/pull/413) - _Documentation_: License scan and report (@meganemura) - [#442](https://github.com/oauth-xx/oauth2/pull/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound) - [#494](https://github.com/oauth-xx/oauth2/pull/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork) -- [#509](https://github.com/oauth-xx/oauth2/pull/509) - Support IETF MAC Draft 05 (@anvox) - [#549](https://github.com/oauth-xx/oauth2/pull/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionFailed` (@nikkypx) - [#550](https://github.com/oauth-xx/oauth2/pull/550) - Raise error if location header not present when redirecting (@stanhu) - [#552](https://github.com/oauth-xx/oauth2/pull/552) - Add missing `version.rb` require (@ahorek) From 6a463252bd4c8effad36b2ed7d7155c2df32f446 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Thu, 9 Jun 2022 22:45:04 -0700 Subject: [PATCH 128/645] =?UTF-8?q?=F0=9F=94=80=20Fix=20code=20coverage=20?= =?UTF-8?q?for=20version=20spec=20(#594)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Exclude version.rb from code coverage As explained in https://github.com/simplecov-ruby/simplecov/issues/557, since `oauth2.gemspec` calls `require 'oauth2/version.rb`, SimpleCov runs after that file is loaded. We can just exclude it from the code coverage metrics. * Drop version specs that fail on a released version These tests will fail on a tag, so let's just drop them. --- .simplecov | 1 + spec/oauth2/version_spec.rb | 8 -------- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/.simplecov b/.simplecov index cd305920..428b477a 100644 --- a/.simplecov +++ b/.simplecov @@ -16,6 +16,7 @@ if RUN_COVERAGE enable_coverage :branch primary_coverage :branch add_filter 'spec' + add_filter 'lib/oauth2/version.rb' track_files '**/*.rb' if ALL_FORMATTERS diff --git a/spec/oauth2/version_spec.rb b/spec/oauth2/version_spec.rb index cf64c7a4..250a3039 100644 --- a/spec/oauth2/version_spec.rb +++ b/spec/oauth2/version_spec.rb @@ -17,10 +17,6 @@ expect(Gem::Version.new(described_class) > Gem::Version.new('0.1.0')).to be(true) end - it 'is pre-release' do - expect(Gem::Version.new(described_class).prerelease?).to be(true) - end - it 'major version is an integer' do expect(described_class.major).to be_a(Integer) end @@ -33,10 +29,6 @@ expect(described_class.patch).to be_a(Integer) end - it 'pre version is an String' do - expect(described_class.pre).to be_a(String) - end - it 'returns a Hash' do expect(described_class.to_h.keys).to match_array(%i[major minor patch pre]) end From efae655f27565ce5644bf88144078ee61d7ce301 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 10 Jun 2022 12:53:55 +0700 Subject: [PATCH 129/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20dropping=20ex?= =?UTF-8?q?pired=20MAC=20Draft=20support?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 61e7657f..f05f6795 100644 --- a/README.md +++ b/README.md @@ -247,8 +247,7 @@ For more see [SECURITY.md][🚎sec-pol]. - Officially support Ruby versions >= 2.7 - Unofficially support Ruby versions >= 2.5 - Incidentally support Ruby versions >= 2.2 -- Drop support for MAC Draft versions < 03 -- Add support for MAC Draft version 05 +- Drop support for the expired MAC Draft (all versions) - Support IETF rfc7523 JWT Bearer Tokens - Support IETF rfc7231 Relative Location in Redirect - Support IETF rfc6749 Don't set oauth params when nil From b7266a108c5fb730dce59ca6ee0fde32b82b978c Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Sat, 11 Jun 2022 00:20:24 +0700 Subject: [PATCH 130/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- lib/oauth2/client.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index c8e564a0..b8910976 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -182,7 +182,7 @@ def get_token(params, access_token_opts = {}, extract_access_token = options[:ex http_method = :post if http_method == :post_with_query_string response = request(http_method, token_url, opts) - # In v1.49, the deprecated extract_access_token option retrieves the token from the response. + # In v1.4.x, the deprecated extract_access_token option retrieves the token from the response. # We preserve this behavior here, but a custom access_token_class that implements #from_hash # should be used instead. if extract_access_token From 9f177da55292b7e8bffd7da4158dabaaf41605a1 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Sat, 11 Jun 2022 00:21:06 +0700 Subject: [PATCH 131/645] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20require=5Frelative?= =?UTF-8?q?=20preferred=20with=20Ruby=202.0+?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- oauth2.gemspec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index 35f4d7ef..6fad0be0 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -1,9 +1,7 @@ # encoding: utf-8 # frozen_string_literal: true -lib = File.expand_path('lib', __dir__) -$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) -require 'oauth2/version' +require_relative "lib/oauth2/version" Gem::Specification.new do |spec| spec.add_dependency 'faraday', ['>= 0.17.3', '< 3.0'] From 83175f0fe6dc91476b687370ea45b21b0e3c9784 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Sat, 11 Jun 2022 00:21:43 +0700 Subject: [PATCH 132/645] =?UTF-8?q?=F0=9F=94=A5=20test=5Ffiles=20is=20depr?= =?UTF-8?q?ecated?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- oauth2.gemspec | 1 - 1 file changed, 1 deletion(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index 6fad0be0..e188823c 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -33,7 +33,6 @@ Gem::Specification.new do |spec| spec.require_paths = %w[lib] spec.bindir = 'exe' spec.files = Dir['lib/**/*', 'LICENSE', 'README.md', 'CHANGELOG.md', 'CODE_OF_CONDUCT.md'] - spec.test_files = Dir['spec/**/*'] spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } spec.add_development_dependency 'addressable', '>= 2' From b41f720044fc5d7b0b0e7b2eddba91825bdf0bd1 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Sat, 11 Jun 2022 00:28:07 +0700 Subject: [PATCH 133/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20minimum=20required?= =?UTF-8?q?=5Frubygems=5Fversion=202.7.11?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- oauth2.gemspec | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index e188823c..b1b7d5cb 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -1,7 +1,7 @@ # encoding: utf-8 # frozen_string_literal: true -require_relative "lib/oauth2/version" +require_relative 'lib/oauth2/version' Gem::Specification.new do |spec| spec.add_dependency 'faraday', ['>= 0.17.3', '< 3.0'] @@ -17,22 +17,29 @@ Gem::Specification.new do |spec| spec.licenses = %w[MIT] spec.name = 'oauth2' spec.required_ruby_version = '>= 2.2.0' - spec.required_rubygems_version = '>= 1.3.5' + spec.required_rubygems_version = '>= 2.7.11' spec.summary = 'A Ruby wrapper for the OAuth 2.0 protocol.' - spec.version = OAuth2::Version + spec.version = OAuth2::Version.to_s - spec.metadata = { - 'bug_tracker_uri' => 'https://github.com/oauth-xx/oauth2/issues', - 'changelog_uri' => "https://github.com/oauth-xx/oauth2/blob/v#{spec.version}/CHANGELOG.md", - 'documentation_uri' => "https://www.rubydoc.info/gems/oauth2/#{spec.version}", - 'source_code_uri' => "https://github.com/oauth-xx/oauth2/tree/v#{spec.version}", - 'wiki_uri' => 'https://github.com/oauth-xx/oauth2/wiki', - 'rubygems_mfa_required' => 'true', - } + spec.metadata["homepage_uri"] = spec.homepage + spec.metadata["source_code_uri"] = "#{spec.homepage}/tree/v#{spec.version}" + spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/v#{spec.version}/CHANGELOG.md" + spec.metadata["bug_tracker_uri"] = "#{spec.homepage}/issues" + spec.metadata["documentation_uri"] = "https://www.rubydoc.info/gems/#{spec.name}/#{spec.version}" + spec.metadata["wiki_uri"] = "#{spec.homepage}/wiki" + spec.metadata["rubygems_mfa_required"] = "true" spec.require_paths = %w[lib] spec.bindir = 'exe' - spec.files = Dir['lib/**/*', 'LICENSE', 'README.md', 'CHANGELOG.md', 'CODE_OF_CONDUCT.md'] + spec.files = Dir[ + 'lib/**/*', + 'CHANGELOG.md', + 'CODE_OF_CONDUCT.md', + 'CONTRIBUTING.md', + 'LICENSE', + 'README.md', + 'SECURITY.md', + ] spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } spec.add_development_dependency 'addressable', '>= 2' From b12fd9c375571486bbc74aa038d323c846efb9f0 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Sat, 11 Jun 2022 00:30:58 +0700 Subject: [PATCH 134/645] =?UTF-8?q?=F0=9F=9A=A8=20Linting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- oauth2.gemspec | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index b1b7d5cb..3b0b0322 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -21,13 +21,13 @@ Gem::Specification.new do |spec| spec.summary = 'A Ruby wrapper for the OAuth 2.0 protocol.' spec.version = OAuth2::Version.to_s - spec.metadata["homepage_uri"] = spec.homepage - spec.metadata["source_code_uri"] = "#{spec.homepage}/tree/v#{spec.version}" - spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/v#{spec.version}/CHANGELOG.md" - spec.metadata["bug_tracker_uri"] = "#{spec.homepage}/issues" - spec.metadata["documentation_uri"] = "https://www.rubydoc.info/gems/#{spec.name}/#{spec.version}" - spec.metadata["wiki_uri"] = "#{spec.homepage}/wiki" - spec.metadata["rubygems_mfa_required"] = "true" + spec.metadata['homepage_uri'] = spec.homepage + spec.metadata['source_code_uri'] = "#{spec.homepage}/tree/v#{spec.version}" + spec.metadata['changelog_uri'] = "#{spec.homepage}/blob/v#{spec.version}/CHANGELOG.md" + spec.metadata['bug_tracker_uri'] = "#{spec.homepage}/issues" + spec.metadata['documentation_uri'] = "https://www.rubydoc.info/gems/#{spec.name}/#{spec.version}" + spec.metadata['wiki_uri'] = "#{spec.homepage}/wiki" + spec.metadata['rubygems_mfa_required'] = 'true' spec.require_paths = %w[lib] spec.bindir = 'exe' From 17388f7fea35aa4099df4e8edad117265e42d165 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Sat, 11 Jun 2022 00:34:25 +0700 Subject: [PATCH 135/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=202.0.?= =?UTF-8?q?0-rc1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 10 +++------- lib/oauth2/version.rb | 2 +- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index f05f6795..21061ef5 100644 --- a/README.md +++ b/README.md @@ -15,14 +15,10 @@ OAuth 2.0 focuses on client developer simplicity while providing specific author This is a RubyGem for implementing OAuth 2.0 clients and servers in Ruby applications. See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. -⚠️ **_WARNING_**: You are viewing the `README` of the master branch which contains -unreleased changes for version 2.0.0. ⚠️ - --- * [OAuth 2.0 Spec][oauth2-spec] * [oauth sibling gem][sibling-gem] for OAuth 1.0 implementations in Ruby. -* Help us finish release [![2.0.0 release milestone][next-milestone-pct-img]][next-milestone-pct] by submitting or reviewing PRs and issues. [oauth2-spec]: https://oauth.net/2/ [sibling-gem]: https://github.com/oauth-xx/oauth-ruby @@ -38,7 +34,7 @@ unreleased changes for version 2.0.0. ⚠️ | Version | Release Date | Readme | |---------|--------------|----------------------------------------------------------| -| 2.0.0 | Unreleased | https://github.com/oauth-xx/oauth2/blob/master/README.md | +| 2.0.0 | Soon | https://github.com/oauth-xx/oauth2/blob/master/README.md | ### Older Releases @@ -299,7 +295,7 @@ of a major release, support for that Ruby version may be dropped. | 2️⃣ | 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 1.9, 2.0 | | 3️⃣ | older | N/A | Best of luck to you! | Please upgrade! | | -NOTE: Once 2.0 is released, the 1.4 series will only receive critical bug and security updates. +NOTE: The 1.4 series will only receive critical bug and security updates. See [SECURITY.md][🚎sec-pol] ## Usage Examples @@ -448,7 +444,7 @@ dependency on this gem using the [Pessimistic Version Constraint][pvc] with two For example: ```ruby -spec.add_dependency 'oauth2', '~> 1.4' +spec.add_dependency 'oauth2', '~> 2.0' ``` [semver]: http://semver.org/ diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index ed77ffec..41bf3df8 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -31,7 +31,7 @@ def patch # # @return [String, NilClass] def pre - 'alpha' + 'rc1' end # The version number as a hash From ef7a82ca423e9ea272947d75af41142284ee8400 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Sat, 11 Jun 2022 00:48:03 +0700 Subject: [PATCH 136/645] =?UTF-8?q?=F0=9F=90=9B=20Fix=20OAuth2::Version=20?= =?UTF-8?q?module?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- lib/oauth2/version.rb | 28 +++++++++++++--------------- oauth2.gemspec | 2 +- 2 files changed, 14 insertions(+), 16 deletions(-) diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index 41bf3df8..536ae446 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,36 +2,43 @@ module OAuth2 module Version - VERSION = to_s + VERSION = '2.0.0.rc1'.freeze module_function + # The version number as a string + # + # @return [String] + def to_s + VERSION + end + # The major version # # @return [Integer] def major - 2 + to_a[0].to_i end # The minor version # # @return [Integer] def minor - 0 + to_a[1].to_i end # The patch version # # @return [Integer] def patch - 0 + to_a[2].to_i end # The pre-release version, if any # # @return [String, NilClass] def pre - 'rc1' + to_a[3] end # The version number as a hash @@ -50,16 +57,7 @@ def to_h # # @return [Array] def to_a - [major, minor, patch, pre].compact - end - - # The version number as a string - # - # @return [String] - def to_s - v = [major, minor, patch].compact.join('.') - v += "-#{pre}" if pre - v + VERSION.split('.') end end end diff --git a/oauth2.gemspec b/oauth2.gemspec index 3b0b0322..3cc834ce 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -19,7 +19,7 @@ Gem::Specification.new do |spec| spec.required_ruby_version = '>= 2.2.0' spec.required_rubygems_version = '>= 2.7.11' spec.summary = 'A Ruby wrapper for the OAuth 2.0 protocol.' - spec.version = OAuth2::Version.to_s + spec.version = OAuth2::Version::VERSION spec.metadata['homepage_uri'] = spec.homepage spec.metadata['source_code_uri'] = "#{spec.homepage}/tree/v#{spec.version}" From 8d1b82cba899f78ff01a941019ab9b062f1108b1 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Sat, 11 Jun 2022 00:56:48 +0700 Subject: [PATCH 137/645] =?UTF-8?q?=E2=9C=A8=20binstubs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- bin/bundle | 116 ++++++++++++++++++++++++++++++++++++++++++++++++++++ bin/rake | 27 ++++++++++++ bin/rspec | 27 ++++++++++++ bin/rubocop | 27 ++++++++++++ 4 files changed, 197 insertions(+) create mode 100755 bin/bundle create mode 100755 bin/rake create mode 100755 bin/rspec create mode 100755 bin/rubocop diff --git a/bin/bundle b/bin/bundle new file mode 100755 index 00000000..fece50fe --- /dev/null +++ b/bin/bundle @@ -0,0 +1,116 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'bundle' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +require 'rubygems' + +m = Module.new do +module_function + + def invoked_as_script? + File.expand_path($PROGRAM_NAME) == File.expand_path(__FILE__) + end + + def env_var_version + ENV['BUNDLER_VERSION'] + end + + def cli_arg_version + return unless invoked_as_script? # don't want to hijack other binstubs + return unless 'update'.start_with?(ARGV.first || ' ') # must be running `bundle update` + + bundler_version = nil + update_index = nil + ARGV.each_with_index do |a, i| + bundler_version = a if update_index && update_index.succ == i && a =~ Gem::Version::ANCHORED_VERSION_PATTERN + next unless a =~ /\A--bundler(?:[= ](#{Gem::Version::VERSION_PATTERN}))?\z/ + + bundler_version = Regexp.last_match(1) + update_index = i + end + bundler_version + end + + def gemfile + gemfile = ENV['BUNDLE_GEMFILE'] + return gemfile if gemfile && !gemfile.empty? + + File.expand_path('../Gemfile', __dir__) + end + + def lockfile + lockfile = + case File.basename(gemfile) + when 'gems.rb' then gemfile.sub(/\.rb$/, gemfile) + else "#{gemfile}.lock" + end + File.expand_path(lockfile) + end + + def lockfile_version + return unless File.file?(lockfile) + + lockfile_contents = File.read(lockfile) + return unless lockfile_contents =~ /\n\nBUNDLED WITH\n\s{2,}(#{Gem::Version::VERSION_PATTERN})\n/ + + Regexp.last_match(1) + end + + def bundler_requirement + @bundler_requirement ||= + env_var_version || cli_arg_version || + bundler_requirement_for(lockfile_version) + end + + def bundler_requirement_for(version) + return "#{Gem::Requirement.default}.a" unless version + + bundler_gem_version = Gem::Version.new(version) + + requirement = bundler_gem_version.approximate_recommendation + + return requirement unless Gem.rubygems_version < Gem::Version.new('2.7.0') + + requirement += '.a' if bundler_gem_version.prerelease? + + requirement + end + + def load_bundler! + ENV['BUNDLE_GEMFILE'] ||= gemfile + + activate_bundler + end + + def activate_bundler + gem_error = activation_error_handling do + gem 'bundler', bundler_requirement + end + return if gem_error.nil? + + require_error = activation_error_handling do + require 'bundler/version' + end + return if require_error.nil? && Gem::Requirement.new(bundler_requirement).satisfied_by?(Gem::Version.new(Bundler::VERSION)) + + warn "Activating bundler (#{bundler_requirement}) failed:\n#{gem_error.message}\n\nTo install the version of bundler this project requires, run `gem install bundler -v '#{bundler_requirement}'`" + exit 42 + end + + def activation_error_handling + yield + nil + rescue StandardError, LoadError => e + e + end +end + +m.load_bundler! + +load Gem.bin_path('bundler', 'bundle') if m.invoked_as_script? diff --git a/bin/rake b/bin/rake new file mode 100755 index 00000000..5f615c2a --- /dev/null +++ b/bin/rake @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'rake' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) + +bundle_binstub = File.expand_path('bundle', __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require 'rubygems' +require 'bundler/setup' + +load Gem.bin_path('rake', 'rake') diff --git a/bin/rspec b/bin/rspec new file mode 100755 index 00000000..d3f4959a --- /dev/null +++ b/bin/rspec @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'rspec' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) + +bundle_binstub = File.expand_path('bundle', __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require 'rubygems' +require 'bundler/setup' + +load Gem.bin_path('rspec-core', 'rspec') diff --git a/bin/rubocop b/bin/rubocop new file mode 100755 index 00000000..cc105e8d --- /dev/null +++ b/bin/rubocop @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'rubocop' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) + +bundle_binstub = File.expand_path('bundle', __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require 'rubygems' +require 'bundler/setup' + +load Gem.bin_path('rubocop', 'rubocop') From 98602da1a627e98621d7641196751173728e9821 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Sat, 11 Jun 2022 01:11:12 +0700 Subject: [PATCH 138/645] =?UTF-8?q?=F0=9F=93=9D=20CHANGELOG.md=20for=20nex?= =?UTF-8?q?t=20release?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- CHANGELOG.md | 34 +++++++++------------------------- 1 file changed, 9 insertions(+), 25 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7783dd26..45161f83 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,6 @@ The format (since v2.0.0) is based on [Keep a Changelog v1](https://keepachangel and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html). ## [Unreleased] - ### Added - [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Optionally pass raw response to parsers (@niels) - [#190](https://github.com/oauth-xx/oauth2/pull/190), [#332](https://github.com/oauth-xx/oauth2/pull/332), [#334](https://github.com/oauth-xx/oauth2/pull/334), [#335](https://github.com/oauth-xx/oauth2/pull/335), [#360](https://github.com/oauth-xx/oauth2/pull/360), [#426](https://github.com/oauth-xx/oauth2/pull/426), [#427](https://github.com/oauth-xx/oauth2/pull/427), [#461](https://github.com/oauth-xx/oauth2/pull/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm) @@ -29,10 +28,10 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#550](https://github.com/oauth-xx/oauth2/pull/550) - Raise error if location header not present when redirecting (@stanhu) - [#552](https://github.com/oauth-xx/oauth2/pull/552) - Add missing `version.rb` require (@ahorek) - [#553](https://github.com/oauth-xx/oauth2/pull/553) - Support `application/problem+json` format (@janz93) -- [#560](https:/˚/github.com/oauth-xx/oauth2/pull/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk) +- [#560](https://github.com/oauth-xx/oauth2/pull/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk) - [#571](https://github.com/oauth-xx/oauth2/pull/571) - Support Ruby 3.1 (@pboling) - [#575](https://github.com/oauth-xx/oauth2/pull/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling) - +- [#581](https://github.com/oauth-xx/oauth2/pull/581) - _Documentation_: of breaking changes (@pboling) ### Changed - [#191](https://github.com/oauth-xx/oauth2/pull/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens) - [#312](https://github.com/oauth-xx/oauth2/pull/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777) @@ -41,10 +40,10 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#339](https://github.com/oauth-xx/oauth2/pull/339), [#368](https://github.com/oauth-xx/oauth2/pull/368), [#424](https://github.com/oauth-xx/oauth2/pull/424), [#479](https://github.com/oauth-xx/oauth2/pull/479), [#493](https://github.com/oauth-xx/oauth2/pull/493), [#539](https://github.com/oauth-xx/oauth2/pull/539), [#542](https://github.com/oauth-xx/oauth2/pull/542), [#553](https://github.com/oauth-xx/oauth2/pull/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek) - [#410](https://github.com/oauth-xx/oauth2/pull/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore) - [#414](https://github.com/oauth-xx/oauth2/pull/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura) -- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING** default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost) -- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING** default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost) +- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost) +- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost) - [#576](https://github.com/oauth-xx/oauth2/pull/576) - **BREAKING**: Stop rescuing parsing errors (@pboling) - +- [#591](https://github.com/oauth-xx/oauth2/pull/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated ### Fixed - [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Handling of errors when using `omniauth-facebook` (@niels) - [#294](https://github.com/oauth-xx/oauth2/pull/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom) @@ -55,21 +54,21 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#339](https://github.com/oauth-xx/oauth2/pull/339), [#479](https://github.com/oauth-xx/oauth2/pull/479) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage) - [#366](https://github.com/oauth-xx/oauth2/pull/366) - **Security**: Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling) - [#380](https://github.com/oauth-xx/oauth2/pull/380) - Fix: Stop attempting to encode non-encodable objects in `Oauth2::Error` (@jhmoore) -- [#399](https://github.com/oauth-xx/oauth2/pull/399) - Fix: stop duplicating `redirect_uri` in `get_token` (@markus) +- [#399](https://github.com/oauth-xx/oauth2/pull/399) - Fix: Stop duplicating `redirect_uri` in `get_token` (@markus) - [#410](https://github.com/oauth-xx/oauth2/pull/410) - Fix: `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore) -- [#460](https://github.com/oauth-xx/oauth2/pull/460) - Fix: stop throwing errors when `raise_errors` is set to `false`; analog of [#524](https://github.com/oauth-xx/oauth2/pull/524) for `1-4-stable` branch (@joaolrpaulo) +- [#460](https://github.com/oauth-xx/oauth2/pull/460) - Fix: Stop throwing errors when `raise_errors` is set to `false`; analog of [#524](https://github.com/oauth-xx/oauth2/pull/524) for `1-4-stable` branch (@joaolrpaulo) - [#472](https://github.com/oauth-xx/oauth2/pull/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler) - [#482](https://github.com/oauth-xx/oauth2/pull/482) - _Documentation_: Update last of `intridea` links to `oauth-xx` (@pboling) - [#536](https://github.com/oauth-xx/oauth2/pull/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://github.com/oauth-xx/oauth2/pull/535) on `1-4-stable` branch (@pboling) - ### Removed - [#341](https://github.com/oauth-xx/oauth2/pull/341) - Remove Rdoc & Jeweler related files (@josephpage) - [#342](https://github.com/oauth-xx/oauth2/pull/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage) - [#539](https://github.com/oauth-xx/oauth2/pull/539) - Remove reliance on globally included OAuth2 in tests, analog of [#538](https://github.com/oauth-xx/oauth2/pull/538) for 1-4-stable (@anderscarling) - [#566](https://github.com/oauth-xx/oauth2/pull/566) - _Dependency_: Removed `wwtd` (@bquorning) +- [#589](https://github.com/oauth-xx/oauth2/pull/589), [#593](https://github.com/oauth-xx/oauth2/pull/593) - Remove support for expired MAC token draft spec (@stanhu) +- [#590](https://github.com/oauth-xx/oauth2/pull/590) - _Dependency_: Removed `multi_json` (@stanhu) ## [1.4.9] - 2022-02-20 - - Fixes compatibility with Faraday v2 [572](https://github.com/oauth-xx/oauth2/issues/572) - Includes supported versions of Faraday in test matrix: - Faraday ~> 2.2.0 with Ruby >= 2.6 @@ -78,7 +77,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - Add Windows and MacOS to test matrix ## [1.4.8] - 2022-02-18 - - MFA is now required to push new gem versions (@pboling) - README overhaul w/ new Ruby Verion and Engine compatibility policies (@pboling) - [#569](https://github.com/oauth-xx/oauth2/pull/569) Backport fixes ([#561](https://github.com/oauth-xx/oauth2/pull/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind) @@ -88,40 +86,33 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#543](https://github.com/oauth-xx/oauth2/pull/543) - Support for more modern Open SSL libraries (@pboling) ## [1.4.7] - 2021-03-19 - - [#541](https://github.com/oauth-xx/oauth2/pull/541) - Backport fix to expires_at handling [#533](https://github.com/oauth-xx/oauth2/pull/533) to 1-4-stable branch. (@dobon) ## [1.4.6] - 2021-03-19 - - [#540](https://github.com/oauth-xx/oauth2/pull/540) - Add VERSION constant (@pboling) - [#537](https://github.com/oauth-xx/oauth2/pull/537) - Fix crash in OAuth2::Client#get_token (@anderscarling) - [#538](https://github.com/oauth-xx/oauth2/pull/538) - Remove reliance on globally included OAuth2 in tests, analogous to [#539](https://github.com/oauth-xx/oauth2/pull/539) on master branch (@anderscarling) ## [1.4.5] - 2021-03-18 - - [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [#536](https://github.com/oauth-xx/oauth2/pull/536) on master branch (@pboling) - [#518](https://github.com/oauth-xx/oauth2/pull/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer) - [#507](https://github.com/oauth-xx/oauth2/pull/507) - Fix camel case content type, response keys (@anvox) - [#500](https://github.com/oauth-xx/oauth2/pull/500) - Fix YARD documentation formatting (@olleolleolle) ## [1.4.4] - 2020-02-12 - - [#408](https://github.com/oauth-xx/oauth2/pull/408) - Fixed expires_at for formatted time (@Lomey) ## [1.4.3] - 2020-01-29 - - [#483](https://github.com/oauth-xx/oauth2/pull/483) - add project metadata to gemspec (@orien) - [#495](https://github.com/oauth-xx/oauth2/pull/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz) - Adds support for private_key_jwt and tls_client_auth - [#433](https://github.com/oauth-xx/oauth2/pull/433) - allow field names with square brackets and numbers in params (@asm256) ## [1.4.2] - 2019-10-01 - - [#478](https://github.com/oauth-xx/oauth2/pull/478) - support latest version of faraday & fix build (@pboling) - Officially support Ruby 2.6 and truffleruby ## [1.4.1] - 2018-10-13 - - [#417](https://github.com/oauth-xx/oauth2/pull/417) - update jwt dependency (@thewoolleyman) - [#419](https://github.com/oauth-xx/oauth2/pull/419) - remove rubocop dependency (temporary, added back in [#423](https://github.com/oauth-xx/oauth2/pull/423)) (@pboling) - [#418](https://github.com/oauth-xx/oauth2/pull/418) - update faraday dependency (@pboling) @@ -148,19 +139,16 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [jruby-9.2]: https://www.jruby.org/2018/05/24/jruby-9-2-0-0.html ## [1.4.0] - 2017-06-09 - - Drop Ruby 1.8.7 support (@sferik) - Fix some RuboCop offenses (@sferik) - _Dependency_: Remove Yardstick (@sferik) - _Dependency_: Upgrade Faraday to 0.12 (@sferik) ## [1.3.1] - 2017-03-03 - - Add support for Ruby 2.4.0 (@pschambacher) - _Dependency_: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher) ## [1.3.0] - 2016-12-28 - - Add support for header-based authentication to the `Client` so it can be used across the library (@bjeanes) - Default to header-based authentication when getting a token from an authorisation code (@maletor) - **Breaking**: Allow an `auth_scheme` (`:basic_auth` or `:request_body`) to be set on the client, defaulting to `:request_body` to maintain backwards compatibility (@maletor, @bjeanes) @@ -170,24 +158,20 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - Add support for Faraday 0.10 (@rhymes) ## [1.2.0] - 2016-07-01 - - Properly handle encoding of error responses (so we don't blow up, for example, when Google's response includes a ∞) (@Motoshi-Nishihira) - Make a copy of the options hash in `AccessToken#from_hash` to avoid accidental mutations (@Linuus) - Use `raise` rather than `fail` to throw exceptions (@sferik) ## [1.1.0] - 2016-01-30 - - Various refactors (eliminating `Hash#merge!` usage in `AccessToken#refresh!`, use `yield` instead of `#call`, freezing mutable objects in constants, replacing constants with class variables) (@sferik) - Add support for Rack 2, and bump various other dependencies (@sferik) ## [1.0.0] - 2014-07-09 - ### Added - Add an implementation of the MAC token spec. ### Fixed - Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7. - ## [0.5.0] - 2011-07-29 ### Changed From e1a7f0a625f689da807881e36d7be1881fc4a2e1 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Sat, 11 Jun 2022 01:24:50 +0700 Subject: [PATCH 139/645] =?UTF-8?q?=F0=9F=94=A5=20Remove=20required=5Fruby?= =?UTF-8?q?gems=5Fversion?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- oauth2.gemspec | 1 - 1 file changed, 1 deletion(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index 3cc834ce..4e83d569 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -17,7 +17,6 @@ Gem::Specification.new do |spec| spec.licenses = %w[MIT] spec.name = 'oauth2' spec.required_ruby_version = '>= 2.2.0' - spec.required_rubygems_version = '>= 2.7.11' spec.summary = 'A Ruby wrapper for the OAuth 2.0 protocol.' spec.version = OAuth2::Version::VERSION From 75496ce89090467a6d838ef3278ba9670545d5a2 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Sat, 11 Jun 2022 02:41:59 -0700 Subject: [PATCH 140/645] Gracefully handle empty responses in Client#get_token (#595) --- lib/oauth2/client.rb | 2 ++ spec/oauth2/client_spec.rb | 37 ++++++++++++++++++++++--------------- 2 files changed, 24 insertions(+), 15 deletions(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index b8910976..e2da5209 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -278,6 +278,8 @@ def parse_response(response, access_token_opts, access_token_class) raise(error) end + return unless data.is_a?(Hash) + build_access_token(response, access_token_opts, access_token_class) end diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 1314e64f..032e07ea 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -460,17 +460,19 @@ end context 'when the :raise_errors flag is set to false' do - context 'when the request body is nil' do - subject(:get_token) { client.get_token({}) } - - let(:status_code) { 500 } - let(:client) do - stubbed_client(raise_errors: false) do |stub| - stub.post('/oauth/token') do - [status_code, {'Content-Type' => 'application/json'}, nil] - end + let(:body) { nil } + let(:status_code) { 500 } + let(:content_type) { 'application/json' } + let(:client) do + stubbed_client(raise_errors: false) do |stub| + stub.post('/oauth/token') do + [status_code, {'Content-Type' => content_type}, body] end end + end + + context 'when the request body is nil' do + subject(:get_token) { client.get_token({}) } it 'raises error JSON::ParserError' do block_is_expected { get_token }.to raise_error(JSON::ParserError) @@ -487,18 +489,23 @@ end context 'when the request body is not nil' do - it 'returns the parsed :access_token from body' do - client = stubbed_client do |stub| - stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] - end - end + let(:body) { JSON.dump('access_token' => 'the-token') } + it 'returns the parsed :access_token from body' do token = client.get_token({}) expect(token.response).to be_a OAuth2::Response expect(token.response.parsed).to eq('access_token' => 'the-token') end end + + context 'when Content-Type is not JSON' do + let(:content_type) { 'text/plain' } + let(:body) { 'hello world' } + + it 'returns the parsed :access_token from body' do + expect(client.get_token({})).to be_nil + end + end end describe 'with custom access_token_class option' do From dad477cf96aed7ba2319d1310d171a5a2418e010 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Sat, 11 Jun 2022 13:50:58 -0700 Subject: [PATCH 141/645] =?UTF-8?q?=F0=9F=94=80=20Use=20a=20keyword=20argu?= =?UTF-8?q?ment=20for=20access=5Ftoken=5Fclass=20in=20AccessToken#refresh!?= =?UTF-8?q?=20(#596)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is to be consistent with `OAuth2::Client#get_token`. --- lib/oauth2/access_token.rb | 2 +- spec/oauth2/access_token_spec.rb | 23 ++++++++++++++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index ec85509a..a877bb3f 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -88,7 +88,7 @@ def expired? # # @return [AccessToken] a new AccessToken # @note options should be carried over to the new AccessToken - def refresh(params = {}, access_token_opts = {}, access_token_class = self.class) + def refresh(params = {}, access_token_opts = {}, access_token_class: self.class) raise('A refresh_token is not available') unless refresh_token params[:grant_type] = 'refresh_token' diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 3ae289dc..3ccd1149 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -233,10 +233,23 @@ def assert_initialized_token(target) param_name: 'o_param') end let(:new_access) do - NewAccessToken = Class.new(described_class) NewAccessToken.new(client, token, refresh_token: 'abaca') end + before do + custom_class = Class.new(described_class) do + def self.from_hash(client, hash) + new(client, hash.delete('refresh_token')) + end + + def self.contains_token?(hash) + hash.key?('refresh_token') + end + end + + stub_const('NewAccessToken', custom_class) + end + it 'returns a refresh token with appropriate values carried over' do refreshed = access.refresh expect(access.client).to eq(refreshed.client) @@ -257,6 +270,14 @@ def assert_initialized_token(target) expect(refreshed.refresh_token).to eq(access.refresh_token) end end + + context 'with a custom access_token_class' do + it 'returns a refresh token of NewAccessToken' do + refreshed = access.refresh!(access_token_class: new_access.class) + + expect(new_access.class).to eq(refreshed.class) + end + end end describe '#to_hash' do From 83db079975a63c7fa004f0c7af19ec811c160463 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Sun, 12 Jun 2022 22:41:23 +0700 Subject: [PATCH 142/645] Bump oauth2 to 2.0.0.rc2 --- lib/oauth2/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index 536ae446..c713c0bc 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,7 +2,7 @@ module OAuth2 module Version - VERSION = '2.0.0.rc1'.freeze + VERSION = '2.0.0.rc2'.freeze module_function From a74bf31554667feae79ee3c0ac3f413ff6ba7301 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Thu, 16 Jun 2022 01:41:25 -0700 Subject: [PATCH 143/645] =?UTF-8?q?=F0=9F=94=80=20Fix=20unparsable=20data?= =?UTF-8?q?=20not=20raised=20as=20an=20error=20(#598)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously if an unparsable response were returned with a 200 response, an OAuth2::Error would not be raised even if raised_errors were enabled. This cleans up and adds tests for this case. --- lib/oauth2/client.rb | 6 ++--- spec/oauth2/client_spec.rb | 49 ++++++++++++++++++++++++++++---------- 2 files changed, 40 insertions(+), 15 deletions(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index e2da5209..8977aeed 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -273,13 +273,13 @@ def parse_response_with_legacy_extract(response, access_token_opts, extract_acce def parse_response(response, access_token_opts, access_token_class) data = response.parsed - if options[:raise_errors] && data.is_a?(Hash) && !access_token_class.contains_token?(data) + unless data.is_a?(Hash) && access_token_class.contains_token?(data) + return unless options[:raise_errors] + error = Error.new(response) raise(error) end - return unless data.is_a?(Hash) - build_access_token(response, access_token_opts, access_token_class) end diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 032e07ea..ba31f853 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -488,22 +488,26 @@ end end - context 'when the request body is not nil' do - let(:body) { JSON.dump('access_token' => 'the-token') } + context 'when status code is 200' do + let(:status_code) { 200 } - it 'returns the parsed :access_token from body' do - token = client.get_token({}) - expect(token.response).to be_a OAuth2::Response - expect(token.response.parsed).to eq('access_token' => 'the-token') + context 'when the request body is not nil' do + let(:body) { JSON.dump('access_token' => 'the-token') } + + it 'returns the parsed :access_token from body' do + token = client.get_token({}) + expect(token.response).to be_a OAuth2::Response + expect(token.response.parsed).to eq('access_token' => 'the-token') + end end - end - context 'when Content-Type is not JSON' do - let(:content_type) { 'text/plain' } - let(:body) { 'hello world' } + context 'when Content-Type is not JSON' do + let(:content_type) { 'text/plain' } + let(:body) { 'hello world' } - it 'returns the parsed :access_token from body' do - expect(client.get_token({})).to be_nil + it 'returns the parsed :access_token from body' do + expect(client.get_token({})).to be_nil + end end end end @@ -544,6 +548,27 @@ def self.contains_token?(hash) expect { client.get_token({}, {}, nil, access_token_class: CustomAccessToken) }.to raise_error(OAuth2::Error) end end + + context 'when status code is 200' do + let(:status_code) { 200 } + + context 'when the request body is blank' do + let(:payload) { {} } + + it 'raises an error' do + expect { client.get_token({}) }.to raise_error(OAuth2::Error) + end + end + + context 'when Content-Type is not JSON' do + let(:content_type) { 'text/plain' } + let(:body) { 'hello world' } + + it 'raises an error' do + expect { client.get_token({}) }.to raise_error(OAuth2::Error) + end + end + end end describe 'with extract_access_token option' do From af089a63157b520ef8384884156a66431b6688b5 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 16 Jun 2022 17:12:43 +0700 Subject: [PATCH 144/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20changes=20in?= =?UTF-8?q?=20release=202.0.0.rc3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- CHANGELOG.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 45161f83..e0f0d36e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,10 @@ # Changelog All notable changes to this project will be documented in this file. -The format (since v2.0.0) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/), +The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html). -## [Unreleased] +## [2.0.0.rc3] - 2022-06-16 ### Added - [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Optionally pass raw response to parsers (@niels) - [#190](https://github.com/oauth-xx/oauth2/pull/190), [#332](https://github.com/oauth-xx/oauth2/pull/332), [#334](https://github.com/oauth-xx/oauth2/pull/334), [#335](https://github.com/oauth-xx/oauth2/pull/335), [#360](https://github.com/oauth-xx/oauth2/pull/360), [#426](https://github.com/oauth-xx/oauth2/pull/426), [#427](https://github.com/oauth-xx/oauth2/pull/427), [#461](https://github.com/oauth-xx/oauth2/pull/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm) @@ -60,6 +60,9 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#472](https://github.com/oauth-xx/oauth2/pull/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler) - [#482](https://github.com/oauth-xx/oauth2/pull/482) - _Documentation_: Update last of `intridea` links to `oauth-xx` (@pboling) - [#536](https://github.com/oauth-xx/oauth2/pull/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://github.com/oauth-xx/oauth2/pull/535) on `1-4-stable` branch (@pboling) +- [#595](https://github.com/oauth-xx/oauth2/pull/595) - Graceful handling of empty responses from `Client#get_token`, respecting `:raise_errors` config (@stanhu) +- [#596](https://github.com/oauth-xx/oauth2/pull/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu) +- [#598](https://github.com/oauth-xx/oauth2/pull/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu) ### Removed - [#341](https://github.com/oauth-xx/oauth2/pull/341) - Remove Rdoc & Jeweler related files (@josephpage) - [#342](https://github.com/oauth-xx/oauth2/pull/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage) From 6b0901c041dc5e3e6e03b6cf68dde4c6811ef7fb Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 16 Jun 2022 17:26:33 +0700 Subject: [PATCH 145/645] =?UTF-8?q?=F0=9F=91=B7=20Split=20Windows=20JRuby?= =?UTF-8?q?=20to=20separate=20build?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/windows-jruby.yml | 53 +++++++++++++++++++++++++++++ .github/workflows/windows.yml | 1 - 2 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/windows-jruby.yml diff --git a/.github/workflows/windows-jruby.yml b/.github/workflows/windows-jruby.yml new file mode 100644 index 00000000..9ab9d6cd --- /dev/null +++ b/.github/workflows/windows-jruby.yml @@ -0,0 +1,53 @@ +name: Windows JRuby + +on: + push: + branches: + - 'main' + - 'master' + - '*-maintenance' + - '*-dev' + - '*-stable' + tags: + - '!*' # Do not execute on tags + pull_request: + branches: + - '*' + # Allow manually triggering the workflow. + workflow_dispatch: + +# Cancels all previous workflow runs for the same branch that have not yet completed. +concurrency: + # The concurrency group contains the workflow name and the branch name. + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + test: + name: Specs - Ruby ${{ matrix.ruby }} ${{matrix.gemfile}} ${{ matrix.name_extra || '' }} + env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile + if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + strategy: + fail-fast: false + matrix: + experimental: [true] + gemfile: + - f2 + ruby: + - jruby + + runs-on: windows-latest + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Ruby & Bundle + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + rubygems: ${{ matrix.rubygems }} + bundler: ${{ matrix.bundler }} + bundler-cache: true + - name: Run tests + run: bundle exec rake test diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 1996289f..b5cb74fa 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -42,7 +42,6 @@ jobs: - "2.7" - "3.0" - "3.1" - - jruby runs-on: windows-latest continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} From aa6332120cbbc1de23450bd3134909c5c80b5ace Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 16 Jun 2022 18:08:09 +0700 Subject: [PATCH 146/645] =?UTF-8?q?=F0=9F=91=B7=20Do=20not=20install=20bun?= =?UTF-8?q?dler=20on=20Windows=20JRuby?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/windows-jruby.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/windows-jruby.yml b/.github/workflows/windows-jruby.yml index 9ab9d6cd..d1162c4e 100644 --- a/.github/workflows/windows-jruby.yml +++ b/.github/workflows/windows-jruby.yml @@ -34,6 +34,8 @@ jobs: experimental: [true] gemfile: - f2 + bundler: + - none ruby: - jruby From b01a05deb7624280186c058c195f5e365fe506e8 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 16 Jun 2022 18:08:27 +0700 Subject: [PATCH 147/645] =?UTF-8?q?=F0=9F=91=B7=20Make=20Windows=20non-exp?= =?UTF-8?q?erimental=20support?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index b5cb74fa..19df6468 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -31,7 +31,7 @@ jobs: strategy: fail-fast: false matrix: - experimental: [true] + experimental: [false] gemfile: - f2 rubygems: From c2b65fbf0944c4f0bb621c514d9616379576c64a Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 16 Jun 2022 19:54:45 +0700 Subject: [PATCH 148/645] =?UTF-8?q?=F0=9F=91=B7=20Turn=20off=20Windows=20J?= =?UTF-8?q?Ruby?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/workflows/windows-jruby.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/windows-jruby.yml b/.github/workflows/windows-jruby.yml index d1162c4e..f7e57780 100644 --- a/.github/workflows/windows-jruby.yml +++ b/.github/workflows/windows-jruby.yml @@ -27,7 +27,8 @@ jobs: name: Specs - Ruby ${{ matrix.ruby }} ${{matrix.gemfile}} ${{ matrix.name_extra || '' }} env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile - if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + if: "false" + # if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" strategy: fail-fast: false matrix: From 83b7233c3f98ebf629da5e4582d96fc996608aa7 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Mon, 20 Jun 2022 16:14:42 +0700 Subject: [PATCH 149/645] =?UTF-8?q?=F0=9F=99=88=20Ignore=20tool=20output?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 483474f6..655f9e3e 100644 --- a/.gitignore +++ b/.gitignore @@ -33,3 +33,4 @@ Gemfile.lock # Other /measurement/ +/.byebug_history From 3dba3cb5886da08529c154ef7001149f6a8125fd Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Mon, 20 Jun 2022 16:14:59 +0700 Subject: [PATCH 150/645] =?UTF-8?q?=F0=9F=94=A7=20Development=20Versions?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .tool-versions | 1 + 1 file changed, 1 insertion(+) create mode 100644 .tool-versions diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 00000000..974865fc --- /dev/null +++ b/.tool-versions @@ -0,0 +1 @@ +ruby 2.7.6 From 083fbac3f7185057cffb4120c7777a806252e741 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Mon, 20 Jun 2022 16:16:48 +0700 Subject: [PATCH 151/645] =?UTF-8?q?=F0=9F=99=88=20Ignore=20OS=20output?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 655f9e3e..e35dcc36 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,4 @@ Gemfile.lock # Other /measurement/ /.byebug_history +.DS_Store From 23c4db5d47f0765488d9f5877aa696b64f543156 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 21 Jun 2022 06:51:54 +0700 Subject: [PATCH 152/645] =?UTF-8?q?=F0=9F=91=BD=EF=B8=8F=20Extract=20versi?= =?UTF-8?q?on=5Fgem=20library=20from=20this=20one?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- Gemfile | 2 -- lib/oauth2.rb | 5 ++++ lib/oauth2/version.rb | 58 +------------------------------------------ oauth2.gemspec | 1 + 4 files changed, 7 insertions(+), 59 deletions(-) diff --git a/Gemfile b/Gemfile index d8911f19..b19f2d66 100644 --- a/Gemfile +++ b/Gemfile @@ -18,7 +18,6 @@ debug = minimum_version.call('2.5') gem 'overcommit', '~> 0.58' if linting -gem 'pry', platforms: %i[mri jruby] platforms :mri do if linting # Danger is incompatible with Faraday 2 (for now) @@ -43,7 +42,6 @@ platforms :mri do if debug # Add `byebug` to your code where you want to drop to REPL gem 'byebug' - gem 'pry-byebug' end end platforms :jruby do diff --git a/lib/oauth2.rb b/lib/oauth2.rb index 40d76102..1efe7923 100644 --- a/lib/oauth2.rb +++ b/lib/oauth2.rb @@ -6,6 +6,7 @@ # third party gems require 'rash' +require 'version_gem' # includes gem files require 'oauth2/version' @@ -25,3 +26,7 @@ # The namespace of this library module OAuth2 end + +OAuth2::Version.class_eval do + extend VersionGem::Basic +end diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index c713c0bc..cda17a59 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,62 +2,6 @@ module OAuth2 module Version - VERSION = '2.0.0.rc2'.freeze - - module_function - - # The version number as a string - # - # @return [String] - def to_s - VERSION - end - - # The major version - # - # @return [Integer] - def major - to_a[0].to_i - end - - # The minor version - # - # @return [Integer] - def minor - to_a[1].to_i - end - - # The patch version - # - # @return [Integer] - def patch - to_a[2].to_i - end - - # The pre-release version, if any - # - # @return [String, NilClass] - def pre - to_a[3] - end - - # The version number as a hash - # - # @return [Hash] - def to_h - { - major: major, - minor: minor, - patch: patch, - pre: pre, - } - end - - # The version number as an array - # - # @return [Array] - def to_a - VERSION.split('.') - end + VERSION = '2.0.0.rc3'.freeze end end diff --git a/oauth2.gemspec b/oauth2.gemspec index 4e83d569..d0b1619d 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -9,6 +9,7 @@ Gem::Specification.new do |spec| spec.add_dependency 'multi_xml', '~> 0.5' spec.add_dependency 'rack', ['>= 1.2', '< 3'] spec.add_dependency 'rash_alt', ['>= 0.4', '< 1'] + spec.add_dependency 'version_gem', '~> 1.0' spec.authors = ['Peter Boling', 'Michael Bleigh', 'Erik Michaels-Ober'] spec.description = 'A Ruby wrapper for the OAuth 2.0 protocol built with a similar style to the original OAuth spec.' From 9846a7d75780dea80c32b02544891f3d6d3f4b55 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 21 Jun 2022 16:48:03 +0700 Subject: [PATCH 153/645] =?UTF-8?q?=E2=9E=96=20rubocop-ruby2=5F2=20doesn't?= =?UTF-8?q?=20need=20to=20be=20a=20direct=20dependency?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- Gemfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index b19f2d66..5f04e5e4 100644 --- a/Gemfile +++ b/Gemfile @@ -24,8 +24,7 @@ platforms :mri do # see: https://github.com/danger/danger/issues/1349 # gem 'danger', '~> 8.4' gem 'rubocop-md', require: false - gem 'rubocop-ruby2_2', require: false - # Can be added once we reach rubocop-ruby2_3 + # Can be added once we reach rubocop-lts >= v10 (i.e. drop Ruby 2.2) # gem 'rubocop-packaging', require: false gem 'rubocop-performance', require: false gem 'rubocop-rake', require: false From 2313d090105079e91179825ca11ca699230026ac Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 21 Jun 2022 18:48:22 +0700 Subject: [PATCH 154/645] Bump oauth2 to 2.0.0 --- lib/oauth2/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index cda17a59..31d14906 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,6 +2,6 @@ module OAuth2 module Version - VERSION = '2.0.0.rc3'.freeze + VERSION = '2.0.0'.freeze end end From 68d4c0ca628f68b433d04f0959e04ded62f80fbb Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 08:35:39 +0700 Subject: [PATCH 155/645] =?UTF-8?q?=F0=9F=93=9D=20Document=202.0.0=20relea?= =?UTF-8?q?se?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- CHANGELOG.md | 2 +- README.md | 2 +- spec/oauth2/error_spec.rb | 3 --- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e0f0d36e..8a56ab0d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file. The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html). -## [2.0.0.rc3] - 2022-06-16 +## [2.0.0] - 2022-06-21 ### Added - [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Optionally pass raw response to parsers (@niels) - [#190](https://github.com/oauth-xx/oauth2/pull/190), [#332](https://github.com/oauth-xx/oauth2/pull/332), [#334](https://github.com/oauth-xx/oauth2/pull/334), [#335](https://github.com/oauth-xx/oauth2/pull/335), [#360](https://github.com/oauth-xx/oauth2/pull/360), [#426](https://github.com/oauth-xx/oauth2/pull/426), [#427](https://github.com/oauth-xx/oauth2/pull/427), [#461](https://github.com/oauth-xx/oauth2/pull/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm) diff --git a/README.md b/README.md index 21061ef5..e16bb884 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. | Version | Release Date | Readme | |---------|--------------|----------------------------------------------------------| -| 2.0.0 | Soon | https://github.com/oauth-xx/oauth2/blob/master/README.md | +| 2.0.0 | 2022-06-21 | https://github.com/oauth-xx/oauth2/blob/master/README.md | ### Older Releases diff --git a/spec/oauth2/error_spec.rb b/spec/oauth2/error_spec.rb index a6d5ecb5..fa7826fc 100644 --- a/spec/oauth2/error_spec.rb +++ b/spec/oauth2/error_spec.rb @@ -64,9 +64,6 @@ end it 'replaces them' do - # The skip can be removed once support for < 2.1 is dropped. - encoding = {reason: 'encode/scrub only works as of Ruby 2.1'} - skip_for(encoding.merge(engine: 'ruby', versions: %w[1.8.7 1.9.3 2.0.0])) skip_for(encoding.merge(engine: 'jruby')) # See https://bibwild.wordpress.com/2013/03/12/removing-illegal-bytes-for-encoding-in-ruby-1-9-strings/ From f16220b43141be1bfe706413859cd8ca52ea095d Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 08:36:13 +0700 Subject: [PATCH 156/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20Support?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- SECURITY.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index bf071104..cffa2826 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -12,3 +12,9 @@ To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure. + +## OAuth2 for Enterprise + +Available as part of the Tidelift Subscription. + +The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise&utm_term=repo) From b9d412bf28a94c380f4041929c2d575769818ffa Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 08:37:10 +0700 Subject: [PATCH 157/645] =?UTF-8?q?=F0=9F=93=9D=20Document=202.0.0=20relea?= =?UTF-8?q?se?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e16bb884..460945d6 100644 --- a/README.md +++ b/README.md @@ -238,7 +238,7 @@ Tidelift will coordinate the fix and disclosure. For more see [SECURITY.md][🚎sec-pol]. -## What is new for v2.0 (unreleased, `master` branch)? +## What is new for v2.0? - Officially support Ruby versions >= 2.7 - Unofficially support Ruby versions >= 2.5 @@ -291,7 +291,7 @@ of a major release, support for that Ruby version may be dropped. | | Ruby OAuth 2 Version | Maintenance Branch | Supported Officially | Supported Unofficially | Supported Incidentally | |:----|----------------------|--------------------|-------------------------|------------------------|------------------------| -| 1️⃣ | 2.0.x (unreleased) | `master` | 2.7, 3.0, 3.1 | 2.5, 2.6 | 2.2, 2.3, 2.4 | +| 1️⃣ | 2.0.x | `master` | 2.7, 3.0, 3.1 | 2.5, 2.6 | 2.2, 2.3, 2.4 | | 2️⃣ | 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 1.9, 2.0 | | 3️⃣ | older | N/A | Best of luck to you! | Please upgrade! | | From ab0974596d810b7a1ae6aa34acbd5216d924b80f Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 19:30:27 +0700 Subject: [PATCH 158/645] =?UTF-8?q?=F0=9F=92=9A=20Add=20missing=20test=20v?= =?UTF-8?q?ariable?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- spec/oauth2/error_spec.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/spec/oauth2/error_spec.rb b/spec/oauth2/error_spec.rb index fa7826fc..7f74661b 100644 --- a/spec/oauth2/error_spec.rb +++ b/spec/oauth2/error_spec.rb @@ -64,6 +64,8 @@ end it 'replaces them' do + # The skip can be removed once support for < 2.1 is dropped. + encoding = {reason: 'encode/scrub only works as of Ruby 2.1'} skip_for(encoding.merge(engine: 'jruby')) # See https://bibwild.wordpress.com/2013/03/12/removing-illegal-bytes-for-encoding-in-ruby-1-9-strings/ From 55176a67878f4bf8f47845824f69c5001a7d6f3f Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 19:50:09 +0700 Subject: [PATCH 159/645] =?UTF-8?q?=F0=9F=92=9A=20Improve=20Error=20Spec?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- spec/oauth2/error_spec.rb | 95 ++++++++++++++++++++++++++++++++++----- 1 file changed, 85 insertions(+), 10 deletions(-) diff --git a/spec/oauth2/error_spec.rb b/spec/oauth2/error_spec.rb index 7f74661b..d230ed48 100644 --- a/spec/oauth2/error_spec.rb +++ b/spec/oauth2/error_spec.rb @@ -42,17 +42,17 @@ context 'when the response has an error and error_description' do before do - response_hash[:error_description] = 'Short and stout' - response_hash[:error] = 'i_am_a_teapot' + response_hash['error_description'] = 'Short and stout' + response_hash['error'] = 'i_am_a_teapot' end it 'prepends to the error message with a return character' do expect(subject.message.each_line.to_a).to eq( - [ - "i_am_a_teapot: Short and stout\n", - '{"text":"Coffee brewing failed","error_description":"Short and stout","error":"i_am_a_teapot"}', - ] - ) + [ + "i_am_a_teapot: Short and stout\n", + '{"text":"Coffee brewing failed","error_description":"Short and stout","error":"i_am_a_teapot"}', + ] + ) end context 'when the response needs to be encoded' do @@ -76,7 +76,7 @@ context 'with undefined characters present' do before do - response_hash[:error_description] += ": 'A magical voyage of tea 🍵'" + response_hash['error_description'] += ": 'A magical voyage of tea 🍵'" end it 'replaces them' do @@ -111,8 +111,8 @@ context 'when there is no error description' do before do - expect(response_hash).not_to have_key(:error) - expect(response_hash).not_to have_key(:error_description) + expect(response_hash).not_to have_key('error') + expect(response_hash).not_to have_key('error_description') end it 'does not prepend anything to the message' do @@ -128,6 +128,81 @@ expect(subject.description).to be_nil end end + + context 'when there is code' do + before do + response_hash['error_description'] = 'Short and stout' + response_hash['error'] = 'i_am_a_teapot' + response_hash['code'] = '418' + end + + it 'prepends to the error message with a return character' do + expect(subject.message.each_line.to_a).to eq( + [ + "i_am_a_teapot: Short and stout\n", + { + "text": "Coffee brewing failed", + "error_description": "Short and stout", + "error": "i_am_a_teapot", + "code": "418", + }.to_json, + ] + ) + end + + context 'when the response needs to be encoded' do + let(:response_body) { JSON.dump(response_hash).force_encoding('ASCII-8BIT') } + + context 'with invalid characters present' do + before do + response_body.gsub!('stout', "\255 invalid \255") + end + + it 'replaces them' do + # The skip can be removed once support for < 2.1 is dropped. + encoding = {reason: 'encode/scrub only works as of Ruby 2.1'} + skip_for(encoding.merge(engine: 'jruby')) + # See https://bibwild.wordpress.com/2013/03/12/removing-illegal-bytes-for-encoding-in-ruby-1-9-strings/ + + raise 'Invalid characters not replaced' unless subject.message.include?('� invalid �') + # This will fail if {:invalid => replace} is not passed into `encode` + end + end + + context 'with undefined characters present' do + before do + response_hash['error_description'] += ": 'A magical voyage of tea 🍵'" + end + + it 'replaces them' do + raise 'Undefined characters not replaced' unless subject.message.include?('tea �') + # This will fail if {:undef => replace} is not passed into `encode` + end + end + end + + context 'when the response is not an encodable thing' do + let(:response_headers) { {'Content-Type' => 'who knows'} } + let(:response_body) { {text: 'Coffee brewing failed'} } + + before do + expect(response_body).not_to respond_to(:encode) + # i.e. a Ruby hash + end + + it 'does not try to encode the message string' do + expect(subject.message).to eq(response_body.to_s) + end + end + + it 'sets the code attribute' do + expect(subject.code).to eq('i_am_a_teapot') + end + + it 'sets the description attribute' do + expect(subject.description).to eq('Short and stout') + end + end end context 'when the response does not parse to a hash' do From 60b5e74ed58e4d82d5f04607bea0fe2c45e97edb Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 20:03:34 +0700 Subject: [PATCH 160/645] =?UTF-8?q?=F0=9F=92=9A=20Improve=20Access=20Token?= =?UTF-8?q?=20Spec?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add tests for patch Signed-off-by: Peter Boling --- spec/oauth2/access_token_spec.rb | 13 +++++++++++++ spec/spec_helper.rb | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 3ccd1149..01f70fda 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -250,6 +250,19 @@ def self.contains_token?(hash) stub_const('NewAccessToken', custom_class) end + context 'without refresh_token' do + let(:no_access) do + described_class.new(client, token, refresh_token: nil, + expires_in: 600, + param_name: 'o_param') + end + subject(:no_refresh) { no_access.refresh } + + it 'raises when no refresh_token' do + block_is_expected.to raise_error('A refresh_token is not available') + end + end + it 'returns a refresh token with appropriate values carried over' do refreshed = access.refresh expect(access.client).to eq(refreshed.client) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 64eb7012..a770c36d 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -68,4 +68,4 @@ require 'config/rspec/rspec_core' require 'config/rspec/silent_stream' -VERBS = %i[get post put delete].freeze +VERBS = %i[get post put delete patch].freeze From d3259c80c7cd9a1bb0b16cf4e1c32e4bdd1582d0 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 20:03:45 +0700 Subject: [PATCH 161/645] =?UTF-8?q?=F0=9F=92=9A=20Improve=20Authenticator?= =?UTF-8?q?=20Spec?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- spec/oauth2/authenticator_spec.rb | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/spec/oauth2/authenticator_spec.rb b/spec/oauth2/authenticator_spec.rb index 74e1ff17..f1475c8c 100644 --- a/spec/oauth2/authenticator_spec.rb +++ b/spec/oauth2/authenticator_spec.rb @@ -22,6 +22,15 @@ expect(output).to eq('client_id' => 'foo', 'client_secret' => 'bar') end + context 'when client_id nil' do + let(:client_id) { nil } + + it 'ignores client_id, but adds client_secret to params' do + output = subject.apply({}) + expect(output).to eq('client_secret' => 'bar') + end + end + it 'does not overwrite existing credentials' do input = {'client_secret' => 's3cr3t'} output = subject.apply(input) @@ -67,6 +76,28 @@ end end + context 'using tls_client_auth' do + let(:mode) { :tls_client_auth } + + context 'when client_id present' do + let(:client_id) { 'foobar' } + + it 'adds client_id to params' do + output = subject.apply({}) + expect(output).to eq({"client_id" => "foobar"}) + end + end + + context 'when client_id nil' do + let(:client_id) { nil } + + it 'ignores client_id for params' do + output = subject.apply({}) + expect(output).to eq({}) + end + end + end + context 'with Basic authentication' do let(:mode) { :basic_auth } let(:header) { "Basic #{Base64.strict_encode64("#{client_id}:#{client_secret}")}" } From 3721ee6a16c41f26a57414799feaaebeba70244b Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 21:23:46 +0700 Subject: [PATCH 162/645] =?UTF-8?q?=F0=9F=92=9A=20Improve=20Access=20Token?= =?UTF-8?q?=20Spec=20More?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- spec/oauth2/access_token_spec.rb | 72 ++++++++++++++++++++++++++++---- 1 file changed, 65 insertions(+), 7 deletions(-) diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 01f70fda..e58e52dd 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -58,11 +58,57 @@ def assert_initialized_token(target) assert_initialized_token(target) end - it 'sets options' do - target = described_class.new(client, token, param_name: 'foo', header_format: 'Bearer %', mode: :body) - expect(target.options[:param_name]).to eq('foo') - expect(target.options[:header_format]).to eq('Bearer %') - expect(target.options[:mode]).to eq(:body) + context 'with options' do + subject(:target) { described_class.new(client, token, **options) } + + context 'with body mode' do + let(:mode) { :body } + let(:options) { {param_name: 'foo', header_format: 'Bearer %', mode: mode} } + + it 'sets options' do + expect(target.options[:param_name]).to eq('foo') + expect(target.options[:header_format]).to eq('Bearer %') + expect(target.options[:mode]).to eq(mode) + end + end + + context 'with header mode' do + let(:mode) { :header } + let(:options) { {headers: {}, mode: mode} } + + it 'sets options' do + expect(target.options[:headers]).to be_nil + expect(target.options[:mode]).to eq(mode) + end + end + + context 'with query mode' do + let(:mode) { :query } + let(:options) { {params: {}, param_name: 'foo', mode: mode} } + + it 'sets options' do + expect(target.options[:param_name]).to eq('foo') + expect(target.options[:params]).to be_nil + expect(target.options[:mode]).to eq(mode) + end + end + + context 'with invalid mode' do + let(:mode) { :this_is_bad } + let(:options) { {mode: mode} } + + it 'does not raise on initialize' do + block_is_expected.not_to raise_error + end + + context 'with request' do + subject(:request) { target.post('/token/header') } + + it 'raises' do + block_is_expected.to raise_error("invalid :mode option of #{mode}") + end + end + end end it 'does not modify opts hash' do @@ -156,7 +202,7 @@ def assert_initialized_token(target) end VERBS.each do |verb| - it "sends the token in the Authorization header for a #{verb.to_s.upcase} request" do + it "sends the token in the body for a #{verb.to_s.upcase} request" do expect(subject.post('/token/query').body).to eq(token) end @@ -173,9 +219,21 @@ def assert_initialized_token(target) end VERBS.each do |verb| - it "sends the token in the Authorization header for a #{verb.to_s.upcase} request" do + it "sends the token in the body for a #{verb.to_s.upcase} request" do expect(subject.post('/token/body').body.split('=').last).to eq(token) end + + context 'when options[:param_name] include [number]' do + it "sends a #{verb.to_s.upcase} request when body is a hash" do + subject.options[:param_name] = 'auth[1]' + expect(subject.__send__(verb, '/token/body', body: {hi: 'there'}).body).to include("auth%5B1%5D=#{token}") + end + + it "sends a #{verb.to_s.upcase} request when body is overridden as string" do + subject.options[:param_name] = 'snoo[1]' + expect(subject.__send__(verb, '/token/body', body: "hi_there").body).to include("hi_there&snoo[1]=#{token}") + end + end end end From 7e89db6248cc2736cc30ca45a7fa76b194a27056 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 21:39:02 +0700 Subject: [PATCH 163/645] =?UTF-8?q?=F0=9F=92=9A=20Improve=20Client=20Spec?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- spec/oauth2/client_spec.rb | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index ba31f853..0fc9adaf 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -4,7 +4,7 @@ require 'nkf' RSpec.describe OAuth2::Client do - subject do + subject(:instance) do described_class.new('abc', 'def', {site: 'https://api.example.com/'}.merge(options)) do |builder| builder.adapter :test do |stub| stub.get('/success') { |_env| [200, {'Content-Type' => 'text/awesome'}, 'yay'] } @@ -19,6 +19,7 @@ stub.get('/empty_get') { |_env| [204, {}, nil] } stub.get('/different_encoding') { |_env| [500, {'Content-Type' => 'application/json'}, NKF.nkf('-We', JSON.dump(error: error_value, error_description: '∞'))] } stub.get('/ascii_8bit_encoding') { |_env| [500, {'Content-Type' => 'application/json'}, JSON.dump(error: 'invalid_request', error_description: 'é').force_encoding('ASCII-8BIT')] } + stub.get('/unhandled_status') { |_env| [600, {}, nil] } end end end @@ -96,6 +97,29 @@ end end + describe '#site=(val)' do + subject(:site) { instance.site = new_site } + + let(:options) do + {site: 'https://example.com/blog'} + end + let(:new_site) { 'https://example.com/sharpie' } + + it 'sets site' do + block_is_expected.to change(instance, :site).from('https://example.com/blog').to('https://example.com/sharpie') + end + + context 'with connection' do + before do + instance.connection + end + + it 'allows connection to reset with new url prefix' do + block_is_expected.to change { instance.connection.url_prefix }.from(URI('https://example.com/blog')).to(URI('https://example.com/sharpie')) + end + end + end + %w[authorize token].each do |url_type| describe ":#{url_type}_url option" do it "defaults to a path of /oauth/#{url_type}" do @@ -397,6 +421,13 @@ end end + it 'informs about unhandled status code' do + expect { subject.request(:get, '/unhandled_status') }.to raise_error do |ex| + expect(ex.response).not_to be_nil + expect(ex.to_s).to match(/Unhandled status code value of 600/) + end + end + context 'when errors are raised by Faraday' do let(:connection) { instance_double(Faraday::Connection, build_url: double) } From 092d8f79de64afcb3dc416f804cd2cdfa7c7a8bd Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 21:40:06 +0700 Subject: [PATCH 164/645] =?UTF-8?q?=F0=9F=9A=A8=20RuboCop=20drubbing?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- spec/oauth2/access_token_spec.rb | 9 +++++---- spec/oauth2/authenticator_spec.rb | 2 +- spec/oauth2/error_spec.rb | 30 +++++++++++++++--------------- 3 files changed, 21 insertions(+), 20 deletions(-) diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index e58e52dd..adacafe1 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -231,7 +231,7 @@ def assert_initialized_token(target) it "sends a #{verb.to_s.upcase} request when body is overridden as string" do subject.options[:param_name] = 'snoo[1]' - expect(subject.__send__(verb, '/token/body', body: "hi_there").body).to include("hi_there&snoo[1]=#{token}") + expect(subject.__send__(verb, '/token/body', body: 'hi_there').body).to include("hi_there&snoo[1]=#{token}") end end end @@ -309,12 +309,13 @@ def self.contains_token?(hash) end context 'without refresh_token' do + subject(:no_refresh) { no_access.refresh } + let(:no_access) do described_class.new(client, token, refresh_token: nil, - expires_in: 600, - param_name: 'o_param') + expires_in: 600, + param_name: 'o_param') end - subject(:no_refresh) { no_access.refresh } it 'raises when no refresh_token' do block_is_expected.to raise_error('A refresh_token is not available') diff --git a/spec/oauth2/authenticator_spec.rb b/spec/oauth2/authenticator_spec.rb index f1475c8c..4f06d306 100644 --- a/spec/oauth2/authenticator_spec.rb +++ b/spec/oauth2/authenticator_spec.rb @@ -84,7 +84,7 @@ it 'adds client_id to params' do output = subject.apply({}) - expect(output).to eq({"client_id" => "foobar"}) + expect(output).to eq('client_id' => 'foobar') end end diff --git a/spec/oauth2/error_spec.rb b/spec/oauth2/error_spec.rb index d230ed48..19d5658c 100644 --- a/spec/oauth2/error_spec.rb +++ b/spec/oauth2/error_spec.rb @@ -48,11 +48,11 @@ it 'prepends to the error message with a return character' do expect(subject.message.each_line.to_a).to eq( - [ - "i_am_a_teapot: Short and stout\n", - '{"text":"Coffee brewing failed","error_description":"Short and stout","error":"i_am_a_teapot"}', - ] - ) + [ + "i_am_a_teapot: Short and stout\n", + '{"text":"Coffee brewing failed","error_description":"Short and stout","error":"i_am_a_teapot"}', + ] + ) end context 'when the response needs to be encoded' do @@ -138,16 +138,16 @@ it 'prepends to the error message with a return character' do expect(subject.message.each_line.to_a).to eq( - [ - "i_am_a_teapot: Short and stout\n", - { - "text": "Coffee brewing failed", - "error_description": "Short and stout", - "error": "i_am_a_teapot", - "code": "418", - }.to_json, - ] - ) + [ + "i_am_a_teapot: Short and stout\n", + { + "text": 'Coffee brewing failed', + "error_description": 'Short and stout', + "error": 'i_am_a_teapot', + "code": '418', + }.to_json, + ] + ) end context 'when the response needs to be encoded' do From 6b10f4ebf0e8386a23a17a5d33136ecbe28bafe1 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 21:44:09 +0700 Subject: [PATCH 165/645] =?UTF-8?q?=F0=9F=93=9D=20Next=20milestone=20is=20?= =?UTF-8?q?now=202.0.1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 460945d6..6a357c60 100644 --- a/README.md +++ b/README.md @@ -140,8 +140,8 @@ The link tokens in the following sections should be kept ordered by the row and [🖐prs-o-img]: https://img.shields.io/github/issues-pr/oauth-xx/oauth2 [🧮prs-c]: https://github.com/oauth-xx/oauth2/pulls?q=is%3Apr+is%3Aclosed [🧮prs-c-img]: https://img.shields.io/github/issues-pr-closed/oauth-xx/oauth2 -[📗next]: https://github.com/oauth-xx/oauth2/milestone/1 -[📗next-img]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/1?label=Next%20Version +[📗next]: https://github.com/oauth-xx/oauth2/milestone/12 +[📗next-img]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/12?label=Next%20Version [⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability From 3ce048fc8c2a9447990c4431d8221f600a949763 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 21:46:37 +0700 Subject: [PATCH 166/645] =?UTF-8?q?=F0=9F=92=84=20Improve=20link=20to=20CH?= =?UTF-8?q?ANGELOG?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6a357c60..fe99f949 100644 --- a/README.md +++ b/README.md @@ -253,7 +253,7 @@ For more see [SECURITY.md][🚎sec-pol]. - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` - Adds new option to `OAuth2::AccessToken#initialize`: - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency -- [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#unreleased) +- [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#2.0.0) ## Compatibility From 8bee59b84e764e409a42359a141f143deed4ad49 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 21:58:43 +0700 Subject: [PATCH 167/645] =?UTF-8?q?=F0=9F=93=9D=20Better=20documentation?= =?UTF-8?q?=20of=20supported=20strategies?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index fe99f949..553b6bae 100644 --- a/README.md +++ b/README.md @@ -309,8 +309,8 @@ client = OAuth2::Client.new('client_id', 'client_secret', site: 'https://example client.auth_code.authorize_url(https://github.com/redirect_uri:%20'http://localhost:8080/oauth2/callback') # => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code" -token = client.auth_code.get_token('authorization_code_value', redirect_uri: 'http://localhost:8080/oauth2/callback', headers: {'Authorization' => 'Basic some_password'}) -response = token.get('/api/resource', params: {'query_foo' => 'bar'}) +access = client.auth_code.get_token('authorization_code_value', redirect_uri: 'http://localhost:8080/oauth2/callback', headers: {'Authorization' => 'Basic some_password'}) +response = access.get('/api/resource', params: {'query_foo' => 'bar'}) response.class.name # => OAuth2::Response ``` @@ -402,28 +402,42 @@ Response instance will contain the `OAuth2::Error` instance. Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion authentication grant types have helper strategy classes that simplify client -use. They are available via the `#auth_code`, `#implicit`, `#password`, `#client_credentials`, and `#assertion` methods respectively. +use. They are available via the [`#auth_code`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/auth_code.rb), [`#implicit`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/implicit.rb), [`#password`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/password.rb), [`#client_credentials`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/client_credentials.rb), and [`#assertion`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/assertion.rb) methods respectively. +These aren't full examples, but demonstrative of the differences between usage for each strategy. ```ruby auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20'http://localhost:8080/oauth/callback') -token = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback') +access = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback') auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20'http://localhost:8080/oauth/callback') # get the token params in the callback and -token = OAuth2::AccessToken.from_kvform(client, query_string) - -token = client.password.get_token('username', 'password') - -token = client.client_credentials.get_token - -token = client.assertion.get_token(assertion_params) +access = OAuth2::AccessToken.from_kvform(client, query_string) + +access = client.password.get_token('username', 'password') + +access = client.client_credentials.get_token + +# Client Assertion Strategy +# see: https://tools.ietf.org/html/rfc7523 +claimset = { + :iss => "http://localhost:3001/", + :aud => "http://localhost:8080/oauth2/token", + :sub => "me@example.com", + :exp => Time.now.utc.to_i + 3600 +} +assertion_params = [claimset, 'HS256', 'secret_key'] +access = client.assertion.get_token(assertion_params) + +# The `access` (i.e. access token) is then used like so: +access.token # actual access_token string, if you need it somewhere +access.get("/api/stuff") # making api calls with access token ``` If you want to specify additional headers to be sent out with the request, add a 'headers' hash under 'params': ```ruby -token = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback', headers: {'Some' => 'Header'}) +access = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback', headers: {'Some' => 'Header'}) ``` You can always use the `#request` method on the `OAuth2::Client` instance to make From fe70aa5958def0bfe31f7f72ca44b28b620f92d5 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 21:58:56 +0700 Subject: [PATCH 168/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typo=20in=20?= =?UTF-8?q?comment?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- lib/oauth2/strategy/assertion.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/oauth2/strategy/assertion.rb b/lib/oauth2/strategy/assertion.rb index 13badd9a..92ff6cf2 100644 --- a/lib/oauth2/strategy/assertion.rb +++ b/lib/oauth2/strategy/assertion.rb @@ -15,7 +15,7 @@ module Strategy # # claim_set = { # :iss => "http://localhost:3001/", - # :aud => "http://localhost:8080/oauth2/token" + # :aud => "http://localhost:8080/oauth2/token", # :sub => "me@example.com", # :exp => Time.now.utc.to_i + 3600, # } From 89517ff4a38e1ff0a9ebbef1c5b13778a019a118 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 22:20:23 +0700 Subject: [PATCH 169/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Order=20authors=20?= =?UTF-8?q?correctly,=20with=20recent=20first?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- oauth2.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index d0b1619d..de9f7436 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -11,7 +11,7 @@ Gem::Specification.new do |spec| spec.add_dependency 'rash_alt', ['>= 0.4', '< 1'] spec.add_dependency 'version_gem', '~> 1.0' - spec.authors = ['Peter Boling', 'Michael Bleigh', 'Erik Michaels-Ober'] + spec.authors = ['Peter Boling', 'Erik Michaels-Ober', 'Michael Bleigh'] spec.description = 'A Ruby wrapper for the OAuth 2.0 protocol built with a similar style to the original OAuth spec.' spec.email = ['peter.boling@gmail.com'] spec.homepage = 'https://github.com/oauth-xx/oauth2' From 71e96af36b0db7a4bc383d3ce2c7294530bc6d99 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 22:22:48 +0700 Subject: [PATCH 170/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=202.0.?= =?UTF-8?q?1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a56ab0d..5038b55a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file. The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html). +## [2.0.1] - 2022-06-22 +### Added +- Documentation improvements (@pboling) +- Increased test coverage to 99% (@pboling) + ## [2.0.0] - 2022-06-21 ### Added - [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Optionally pass raw response to parsers (@niels) @@ -210,7 +215,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [0.0.4] + [0.0.3] + [0.0.2] + [0.0.1] - 2010-04-22 -[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...HEAD +[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.0...HEAD [0.0.1]: https://github.com/oauth-xx/oauth2/compare/311d9f4...v0.0.1 [0.0.2]: https://github.com/oauth-xx/oauth2/compare/v0.0.1...v0.0.2 [0.0.3]: https://github.com/oauth-xx/oauth2/compare/v0.0.2...v0.0.3 @@ -246,4 +251,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [1.4.7]: https://github.com/oauth-xx/oauth2/compare/v1.4.6...v1.4.7 [1.4.8]: https://github.com/oauth-xx/oauth2/compare/v1.4.7...v1.4.8 [1.4.9]: https://github.com/oauth-xx/oauth2/compare/v1.4.8...v1.4.9 +[2.0.0]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...v2.0.0 +[2.0.1]: https://github.com/oauth-xx/oauth2/compare/v2.0.0...v2.0.1 [gemfiles/readme]: gemfiles/README.md From 338bfb3a81a52069cd962025eb3a9e3964ded7d1 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 22:23:11 +0700 Subject: [PATCH 171/645] Bump oauth2 to 2.0.1 --- lib/oauth2/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index 31d14906..02d74739 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,6 +2,6 @@ module OAuth2 module Version - VERSION = '2.0.0'.freeze + VERSION = '2.0.1'.freeze end end From 3fe2dc814fb8b58583b9a833b083606b9ba3ebb6 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 22:25:21 +0700 Subject: [PATCH 172/645] =?UTF-8?q?=F0=9F=93=9D=20Prepare=20release=202.0.?= =?UTF-8?q?1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 553b6bae..df868cf4 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,8 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. | Version | Release Date | Readme | |---------|--------------|----------------------------------------------------------| -| 2.0.0 | 2022-06-21 | https://github.com/oauth-xx/oauth2/blob/master/README.md | +| 2.0.1 | 2022-06-22 | https://github.com/oauth-xx/oauth2/blob/master/README.md | +| 2.0.0 | 2022-06-21 | https://github.com/oauth-xx/oauth2/blob/v2.0.0/README.md | ### Older Releases From 585bd5f3b7beb4784f7918babce8174f8fbc0c14 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 22 Jun 2022 23:09:47 +0700 Subject: [PATCH 173/645] =?UTF-8?q?=F0=9F=9A=A8=20Linting=20README.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index df868cf4..d286f28a 100644 --- a/README.md +++ b/README.md @@ -421,17 +421,17 @@ access = client.client_credentials.get_token # Client Assertion Strategy # see: https://tools.ietf.org/html/rfc7523 claimset = { - :iss => "http://localhost:3001/", - :aud => "http://localhost:8080/oauth2/token", - :sub => "me@example.com", - :exp => Time.now.utc.to_i + 3600 + iss: 'http://localhost:3001/', + aud: 'http://localhost:8080/oauth2/token', + sub: 'me@example.com', + exp: Time.now.utc.to_i + 3600, } assertion_params = [claimset, 'HS256', 'secret_key'] access = client.assertion.get_token(assertion_params) # The `access` (i.e. access token) is then used like so: access.token # actual access_token string, if you need it somewhere -access.get("/api/stuff") # making api calls with access token +access.get('/api/stuff') # making api calls with access token ``` If you want to specify additional headers to be sent out with the From e96dda8e872b517a59d260254180e87a2c63f311 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 24 Jun 2022 00:45:10 +0700 Subject: [PATCH 174/645] =?UTF-8?q?=F0=9F=99=88=20Dependabot=20should=20ig?= =?UTF-8?q?nore=20rubocop-lts?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .github/dependabot.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a0267668..89c4a1c3 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,4 +5,6 @@ updates: schedule: interval: daily time: "04:28" - open-pull-requests-limit: 10 \ No newline at end of file + open-pull-requests-limit: 10 + ignore: + - dependency-name: "rubocop-lts" From e5c02edd1cd9536ab8798a8c8b8434210518692f Mon Sep 17 00:00:00 2001 From: Felipe Zavan Date: Fri, 24 Jun 2022 15:12:21 +0100 Subject: [PATCH 175/645] Fix raised error class name in CHANGELOG (#607) The gem raises ConnectionError, not ConnectionFailed. See: https://github.com/oauth-xx/oauth2/blob/e96dda8e872b517a59d260254180e87a2c63f311/lib/oauth2/client.rb#L117 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5038b55a..4c28621c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,7 +29,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#413](https://github.com/oauth-xx/oauth2/pull/413) - _Documentation_: License scan and report (@meganemura) - [#442](https://github.com/oauth-xx/oauth2/pull/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound) - [#494](https://github.com/oauth-xx/oauth2/pull/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork) -- [#549](https://github.com/oauth-xx/oauth2/pull/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionFailed` (@nikkypx) +- [#549](https://github.com/oauth-xx/oauth2/pull/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionError` (@nikkypx) - [#550](https://github.com/oauth-xx/oauth2/pull/550) - Raise error if location header not present when redirecting (@stanhu) - [#552](https://github.com/oauth-xx/oauth2/pull/552) - Add missing `version.rb` require (@ahorek) - [#553](https://github.com/oauth-xx/oauth2/pull/553) - Support `application/problem+json` format (@janz93) From 4529f82a6d7c3da9d1a8c9b8ca1cf848b269b52f Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Fri, 24 Jun 2022 07:13:52 -0700 Subject: [PATCH 176/645] Move access_token_class parameter into Client constructor (#606) Mixing positional and keyword arguments raises deprecation warnings in Ruby 2.7. It's cleaner to make access_token_class an option at init time. Closes #605 --- lib/oauth2/access_token.rb | 4 ++-- lib/oauth2/client.rb | 10 ++++++---- spec/oauth2/access_token_spec.rb | 16 ++++++++++++---- spec/oauth2/client_spec.rb | 12 +++++++----- 4 files changed, 27 insertions(+), 15 deletions(-) diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index a877bb3f..8c07b412 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -88,12 +88,12 @@ def expired? # # @return [AccessToken] a new AccessToken # @note options should be carried over to the new AccessToken - def refresh(params = {}, access_token_opts = {}, access_token_class: self.class) + def refresh(params = {}, access_token_opts = {}) raise('A refresh_token is not available') unless refresh_token params[:grant_type] = 'refresh_token' params[:refresh_token] = refresh_token - new_token = @client.get_token(params, access_token_opts, access_token_class: access_token_class) + new_token = @client.get_token(params, access_token_opts) new_token.options = options new_token.refresh_token = refresh_token unless new_token.refresh_token new_token diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 8977aeed..50315603 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -31,6 +31,7 @@ class Client # rubocop:disable Metrics/ClassLength # @option options [Boolean] :raise_errors (true) whether or not to raise an OAuth2::Error on responses with 400+ status codes # @option options [Logger] :logger (::Logger.new($stdout)) which logger to use when OAUTH_DEBUG is enabled # @option options [Proc] :extract_access_token proc that takes the client and the response Hash and extracts the access token from the response (DEPRECATED) + # @option options [Class] :access_token_class [Class] class of access token for easier subclassing OAuth2::AccessToken, @version 2.0+ # @yield [builder] The Faraday connection builder def initialize(client_id, client_secret, options = {}, &block) opts = options.dup @@ -49,6 +50,7 @@ def initialize(client_id, client_secret, options = {}, &block) max_redirects: 5, raise_errors: true, logger: ::Logger.new($stdout), + access_token_class: AccessToken, }.merge(opts) @options[:connection_opts][:ssl] = ssl if ssl end @@ -156,9 +158,8 @@ def request(verb, url, opts = {}) # @param params [Hash] a Hash of params for the token endpoint # @param access_token_opts [Hash] access token options, to pass to the AccessToken object # @param extract_access_token [Proc] proc that extracts the access token from the response (DEPRECATED) - # @param access_token_class [Class] class of access token for easier subclassing OAuth2::AccessToken, @version 2.0+ # @return [AccessToken] the initialized AccessToken - def get_token(params, access_token_opts = {}, extract_access_token = options[:extract_access_token], access_token_class: AccessToken) + def get_token(params, access_token_opts = {}, extract_access_token = options[:extract_access_token]) params = params.map do |key, value| if RESERVED_PARAM_KEYS.include?(key) [key.to_sym, value] @@ -188,7 +189,7 @@ def get_token(params, access_token_opts = {}, extract_access_token = options[:ex if extract_access_token parse_response_with_legacy_extract(response, access_token_opts, extract_access_token) else - parse_response(response, access_token_opts, access_token_class) + parse_response(response, access_token_opts) end end @@ -270,7 +271,8 @@ def parse_response_with_legacy_extract(response, access_token_opts, extract_acce nil end - def parse_response(response, access_token_opts, access_token_class) + def parse_response(response, access_token_opts) + access_token_class = options[:access_token_class] data = response.parsed unless data.is_a?(Hash) && access_token_class.contains_token?(data) diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index adacafe1..5a0c2906 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -3,10 +3,12 @@ RSpec.describe OAuth2::AccessToken do subject { described_class.new(client, token) } + let(:base_options) { {site: 'https://api.example.com/'} } + let(:options) { {} } let(:token) { 'monkey' } let(:refresh_body) { JSON.dump(access_token: 'refreshed_foo', expires_in: 600, refresh_token: 'refresh_bar') } let(:client) do - OAuth2::Client.new('abc', 'def', site: 'https://api.example.com/') do |builder| + OAuth2::Client.new('abc', 'def', options.merge(base_options)) do |builder| builder.request :url_encoded builder.adapter :test do |stub| VERBS.each do |verb| @@ -285,10 +287,13 @@ def assert_initialized_token(target) end describe '#refresh' do + let(:options) { {access_token_class: access_token_class} } + let(:access_token_class) { NewAccessToken } let(:access) do described_class.new(client, token, refresh_token: 'abaca', expires_in: 600, - param_name: 'o_param') + param_name: 'o_param', + access_token_class: access_token_class) end let(:new_access) do NewAccessToken.new(client, token, refresh_token: 'abaca') @@ -314,7 +319,8 @@ def self.contains_token?(hash) let(:no_access) do described_class.new(client, token, refresh_token: nil, expires_in: 600, - param_name: 'o_param') + param_name: 'o_param', + access_token_class: access_token_class) end it 'raises when no refresh_token' do @@ -344,8 +350,10 @@ def self.contains_token?(hash) end context 'with a custom access_token_class' do + let(:access_token_class) { NewAccessToken } + it 'returns a refresh token of NewAccessToken' do - refreshed = access.refresh!(access_token_class: new_access.class) + refreshed = access.refresh! expect(new_access.class).to eq(refreshed.class) end diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 0fc9adaf..d87a83e2 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -544,11 +544,13 @@ end describe 'with custom access_token_class option' do + let(:options) { {access_token_class: CustomAccessToken} } let(:payload) { {'custom_token' => 'the-token'} } + let(:content_type) { 'application/json' } let(:client) do - stubbed_client do |stub| + stubbed_client(options) do |stub| stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, JSON.dump(payload)] + [200, {'Content-Type' => content_type}, JSON.dump(payload)] end end end @@ -568,15 +570,15 @@ def self.contains_token?(hash) end it 'returns the parsed :custom_token from body' do - client.get_token({}, {}, nil, access_token_class: CustomAccessToken) + client.get_token({}) end context 'when the :raise_errors flag is set to true' do - let(:options) { {raise_errors: true} } + let(:options) { {access_token_class: CustomAccessToken, raise_errors: true} } let(:payload) { {} } it 'raise an error' do - expect { client.get_token({}, {}, nil, access_token_class: CustomAccessToken) }.to raise_error(OAuth2::Error) + expect { client.get_token({}) }.to raise_error(OAuth2::Error) end end From c9a9b876fcc8795a69f4e705b14700da49754c0b Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Fri, 24 Jun 2022 07:15:09 -0700 Subject: [PATCH 177/645] Rescue Faraday::TimeoutError (#604) * Rescue Faraday::TimeoutError If Faraday hits a timeout, it will raise a `Faraday::TimeoutError`. Re-raise this as an `OAuth2::ConnectionError`, reusing the logic in https://github.com/oauth-xx/oauth2/pull/549. This came up in https://github.com/omniauth/omniauth-oauth2/pull/129. * Break out OAuth2::Client#request This resolves several Rubocop lint errors. --- lib/oauth2/client.rb | 32 ++++++++++++++++++++------------ spec/oauth2/client_spec.rb | 28 +++++++++++++++++++++++----- 2 files changed, 43 insertions(+), 17 deletions(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 50315603..28368e4c 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -5,6 +5,8 @@ module OAuth2 ConnectionError = Class.new(Faraday::ConnectionFailed) + TimeoutError = Class.new(Faraday::TimeoutError) + # The OAuth2::Client class class Client # rubocop:disable Metrics/ClassLength RESERVED_PARAM_KEYS = %w[headers parse].freeze @@ -108,18 +110,7 @@ def token_url(https://github.com/params%20=%20nil) # @option opts [Symbol] :parse @see Response::initialize # @yield [req] The Faraday request def request(verb, url, opts = {}) - url = connection.build_https://github.com/url(url).to_s - - begin - response = connection.run_request(verb, url, opts[:body], opts[:headers]) do |req| - req.params.update(opts[:params]) if opts[:params] - yield(req) if block_given? - end - rescue Faraday::ConnectionFailed => e - raise ConnectionError, e - end - - response = Response.new(response, parse: opts[:parse]) + response = execute_request(verb, url, opts) case response.status when 301, 302, 303, 307 @@ -251,6 +242,23 @@ def redirection_params private + def execute_request(verb, url, opts = {}) + url = connection.build_https://github.com/url(url).to_s + + begin + response = connection.run_request(verb, url, opts[:body], opts[:headers]) do |req| + req.params.update(opts[:params]) if opts[:params] + yield(req) if block_given? + end + rescue Faraday::ConnectionFailed => e + raise ConnectionError, e + rescue Faraday::TimeoutError => e + raise TimeoutError, e + end + + Response.new(response, parse: opts[:parse]) + end + # Returns the authenticator object # # @return [Authenticator] the initialized Authenticator diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index d87a83e2..f15ae1bc 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -431,17 +431,35 @@ context 'when errors are raised by Faraday' do let(:connection) { instance_double(Faraday::Connection, build_url: double) } - it 'rescues Faraday::ConnectionFailed' do + before do allow(connection).to( - receive(:run_request).and_raise(Faraday::ConnectionFailed.new('fail')) + receive(:run_request).and_raise(faraday_exception) ) allow(subject).to receive(:connection).and_return(connection) # rubocop:disable RSpec/SubjectStub + end - expect { subject.request(:get, '/redirect') }.to raise_error do |e| - expect(e.class).to eq(OAuth2::ConnectionError) - expect(e.message).to eq('fail') + shared_examples 'failed connection handler' do + it 'rescues the exception' do + expect { subject.request(:get, '/redirect') }.to raise_error do |e| + expect(e.class).to eq(expected_exception) + expect(e.message).to eq(faraday_exception.message) + end end end + + context 'with Faraday::ConnectionFailed' do + let(:faraday_exception) { Faraday::ConnectionFailed.new('fail') } + let(:expected_exception) { OAuth2::ConnectionError } + + it_behaves_like 'failed connection handler' + end + + context 'with Faraday::TimeoutError' do + let(:faraday_exception) { Faraday::TimeoutError.new('timeout') } + let(:expected_exception) { OAuth2::TimeoutError } + + it_behaves_like 'failed connection handler' + end end end From 1d703534b0303c6e13f7924f0fa48526e082f090 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 24 Jun 2022 21:30:04 +0700 Subject: [PATCH 178/645] =?UTF-8?q?=F0=9F=99=88=20Ignore=20version=20manag?= =?UTF-8?q?er=20dot=20files?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .gitignore | 4 ++++ .tool-versions | 1 - 2 files changed, 4 insertions(+), 1 deletion(-) delete mode 100644 .tool-versions diff --git a/.gitignore b/.gitignore index e35dcc36..ca121097 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,7 @@ Gemfile.lock /measurement/ /.byebug_history .DS_Store + +# Version Managers +.ruby-version +.tool-versions diff --git a/.tool-versions b/.tool-versions deleted file mode 100644 index 974865fc..00000000 --- a/.tool-versions +++ /dev/null @@ -1 +0,0 @@ -ruby 2.7.6 From 3f5c7743ec6ff1cc5e18e8ca25f5630efa285138 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 24 Jun 2022 21:30:25 +0700 Subject: [PATCH 179/645] =?UTF-8?q?=F0=9F=94=A5=20Travis=20CI?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .travis.yml | 52 ---------------------------------------------------- 1 file changed, 52 deletions(-) delete mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index f1f3ffe3..00000000 --- a/.travis.yml +++ /dev/null @@ -1,52 +0,0 @@ -before_install: - # rubygems 2.7.8 and greater include bundler - # - Ruby 2.2, and under, get RubyGems ~> 2.7.10, (includes bundler 1.17.3) - # - Anything else, including Ruby 2.3, and above, gets RubyGems ~> 3, and update bundler to latest - # - NOTE ON JRUBY: identifies as RUBY_VERSION ~> 1.9, 2.0, 2.3, or 2.5. - # - NOTE ON TRUFFLERUBY: identifies as RUBY_VERSION ~> 2.6 - - | - rv="$(ruby -e 'STDOUT.write RUBY_VERSION')" - echo "Discovered Ruby Version of =====> $rv" - if [ "$rv" \< "2.3" ]; then - gem update --system 2.7.10 - elif [ "$rv" \< "2.4" ]; then - gem update --system 2.7.10 --no-document - elif [ "$rv" = "2.5.3" ]; then - # JRUBY 9.2 Identifies as 2.5.3, and it fails to update rubygems - gem install --no-document bundler "bundler:>=2.0" - else - gem update --system --no-document --conservative - gem install --no-document bundler "bundler:>=2.0" - fi - -bundler_args: --no-deployment --jobs 3 --retry 3 - -cache: bundler - -env: - global: - - JRUBY_OPTS="$JRUBY_OPTS -Xcli.debug=true --debug" - -language: ruby - -matrix: - allow_failures: - - rvm: jruby-head - - rvm: ruby-head - - rvm: truffleruby - - rvm: jruby-9.1 # jruby-9.1 often fails to download, thus failing the build. - - rvm: jruby-9.2 # jruby-9.2 often fails to download, thus failing the build. - fast_finish: true - include: - # oauth2 2.x series releases will support Ruby versions below, and not above - # NOTE: Specs for Ruby 2.2, 2.3, 2.4, 2.5, 2.6, 2.7 & 3.0 are now running with Github Actions - - rvm: jruby-9.1 # targets MRI v2.3 - gemfile: gemfiles/jruby_9.1.gemfile - - rvm: jruby-9.2 # targets MRI v2.5 - gemfile: gemfiles/jruby_9.2.gemfile - - rvm: jruby-head - gemfile: gemfiles/jruby_head.gemfile - - rvm: ruby-head - gemfile: gemfiles/ruby_head.gemfile - - rvm: truffleruby - gemfile: gemfiles/truffleruby.gemfile From e8067ed1da7c7f6054102150bd735a228a01ddc5 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 24 Jun 2022 21:32:19 +0700 Subject: [PATCH 180/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=202.0.?= =?UTF-8?q?2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- CHANGELOG.md | 6 ++++++ README.md | 29 ++++++++++++++--------------- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c28621c..e390621b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html). +## [2.0.2] - 2022-06-24 +### Added +- [#604](https://github.com/oauth-xx/oauth2/pull/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu) +- [#606](https://github.com/oauth-xx/oauth2/pull/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu) +- [#607](https://github.com/oauth-xx/oauth2/pull/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan) + ## [2.0.1] - 2022-06-22 ### Added - Documentation improvements (@pboling) diff --git a/README.md b/README.md index d286f28a..6027c2c5 100644 --- a/README.md +++ b/README.md @@ -22,8 +22,6 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. [oauth2-spec]: https://oauth.net/2/ [sibling-gem]: https://github.com/oauth-xx/oauth-ruby -[next-milestone-pct]: https://github.com/oauth-xx/oauth2/milestone/1 -[next-milestone-pct-img]: https://img.shields.io/github/milestones/progress-percent/oauth-xx/oauth2/1 ## Release Documentation @@ -34,7 +32,8 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. | Version | Release Date | Readme | |---------|--------------|----------------------------------------------------------| -| 2.0.1 | 2022-06-22 | https://github.com/oauth-xx/oauth2/blob/master/README.md | +| 2.0.2 | 2022-06-24 | https://github.com/oauth-xx/oauth2/blob/v2.0.2/README.md | +| 2.0.1 | 2022-06-22 | https://github.com/oauth-xx/oauth2/blob/v2.0.1/README.md | | 2.0.0 | 2022-06-21 | https://github.com/oauth-xx/oauth2/blob/v2.0.0/README.md | @@ -106,15 +105,15 @@ appended indicators: ♻️ - URL needs to be updated from SASS integration. Find / Replace is insufficient. --> -| | Project | bundle add oauth2 | -|:----|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] | -| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-o-img]][🖐prs-o] [![Closed PRs][🧮prs-c-img]][🧮prs-c] [![Next Version][📗next-img]][📗next] | -| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] | -| 4️⃣ | testing | [![Open Issues][⛳iss-o-img]][⛳iss-o] [![Closed Issues][🖇iss-c-img]][🖇iss-c] [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] | -| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] | -| 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | -| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] | +| | Project | bundle add oauth2 | +|:----|-----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] | +| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-o-img]][🖐prs-o] [![Closed PRs][🧮prs-c-img]][🧮prs-c] [![Next Version][📗next-img♻️]][📗next♻️] | +| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] | +| 4️⃣ | testing | [![Open Issues][⛳iss-o-img]][⛳iss-o] [![Closed Issues][🖇iss-c-img]][🖇iss-c] [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] | +| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] | +| 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | +| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] | [⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability @@ -487,7 +486,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To ## Contributing -Bug reports and pull requests are welcome on GitHub at https://github.com/oauth-xx/oauth2. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct. +Bug reports and pull requests are welcome on GitHub at [https://github.com/oauth-xx/oauth2](https://github.com/oauth-xx/oauth2). This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct. ## Code of Conduct From fd776022d32005282c9355a86e5cebff97221842 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 24 Jun 2022 21:32:52 +0700 Subject: [PATCH 181/645] Bump oauth2 to 2.0.2 --- lib/oauth2/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index 02d74739..c7006333 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,6 +2,6 @@ module OAuth2 module Version - VERSION = '2.0.1'.freeze + VERSION = '2.0.2'.freeze end end From fe6fa3fb951953520a1856be26d58d5743b16598 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 24 Jun 2022 21:37:27 +0700 Subject: [PATCH 182/645] =?UTF-8?q?=F0=9F=94=A5=20Link=20cleanup?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 6027c2c5..7aedd092 100644 --- a/README.md +++ b/README.md @@ -113,7 +113,7 @@ appended indicators: | 4️⃣ | testing | [![Open Issues][⛳iss-o-img]][⛳iss-o] [![Closed Issues][🖇iss-c-img]][🖇iss-c] [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] | | 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] | | 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | -| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] | +| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] | [⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index c7006333..0d5156a0 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,6 +2,6 @@ module OAuth2 module Version - VERSION = '2.0.2'.freeze + VERSION = '2.0.3'.freeze end end From 9f05d136fa6ce20e9dff21906f70115b09ca70c4 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 1 Jul 2022 21:59:36 +0700 Subject: [PATCH 192/645] =?UTF-8?q?=F0=9F=90=9B=20Option=20:snaky=20should?= =?UTF-8?q?=20default=20to=20true=20(#618)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 🐛 Option :snaky should default to true - Fixes #617 Signed-off-by: Peter Boling * 💚 Coverage to 100% line / 97% branch Signed-off-by: Peter Boling * 💚 Enforce 97%+ branch coverage Signed-off-by: Peter Boling --- .simplecov | 2 +- CHANGELOG.md | 4 + lib/oauth2/client.rb | 16 +-- lib/oauth2/response.rb | 4 + spec/oauth2/error_spec.rb | 217 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 235 insertions(+), 8 deletions(-) diff --git a/.simplecov b/.simplecov index ba2ef96e..e144476b 100644 --- a/.simplecov +++ b/.simplecov @@ -25,7 +25,7 @@ if RUN_COVERAGE formatter SimpleCov::Formatter::HTMLFormatter end - minimum_coverage(line: 100, branch: 95) + minimum_coverage(line: 100, branch: 97) end else puts "Not running coverage on #{RUBY_ENGINE} #{RUBY_VERSION}" diff --git a/CHANGELOG.md b/CHANGELOG.md index 51dae770..29bc8dfb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html). +## [2.0.4] - 2022-07-01 +### Fixed +- [#618](https://github.com/oauth-xx/oauth2/pull/618) - In some scenarios the `snaky` option default value was not applied (@pboling) + ## [2.0.3] - 2022-06-28 ### Added - [#611](https://github.com/oauth-xx/oauth2/pull/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 14eb0c3b..a2e3a8c3 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -9,7 +9,7 @@ module OAuth2 # The OAuth2::Client class class Client # rubocop:disable Metrics/ClassLength - RESERVED_PARAM_KEYS = %w[headers parse].freeze + RESERVED_PARAM_KEYS = %w[body headers params parse snaky].freeze attr_reader :id, :secret, :site attr_accessor :options @@ -108,7 +108,7 @@ def token_url(https://github.com/params%20=%20nil) # @option opts [Boolean] :raise_errors whether or not to raise an OAuth2::Error on 400+ status # code response for this request. Will default to client option # @option opts [Symbol] :parse @see Response::initialize - # @option opts [Symbol] :snaky @see Response::initialize + # @option opts [true, false] :snaky (true) @see Response::initialize # @yield [req] @see Faraday::Connection#run_request def request(verb, url, opts = {}, &block) response = execute_request(verb, url, opts, &block) @@ -149,7 +149,7 @@ def request(verb, url, opts = {}, &block) # # @param params [Hash] a Hash of params for the token endpoint, except: # @option params [Symbol] :parse @see Response#initialize - # @option params [true, false] :snaky @see Response#initialize + # @option params [true, false] :snaky (true) @see Response#initialize # @param access_token_opts [Hash] access token options, to pass to the AccessToken object # @param extract_access_token [Proc] proc that extracts the access token from the response (DEPRECATED) # @yield [req] @see Faraday::Connection#run_request @@ -167,10 +167,9 @@ def get_token(params, access_token_opts = {}, extract_access_token = nil, &block request_opts = { raise_errors: options[:raise_errors], - parse: params.delete(:parse), - snaky: params.delete(:snaky), + parse: params.fetch(:parse, Response::DEFAULT_OPTIONS[:parse]), + snaky: params.fetch(:snaky, Response::DEFAULT_OPTIONS[:snaky]), } - params = authenticator.apply(params) headers = params.delete(:headers) || {} if options[:token_method] == :post @@ -267,7 +266,10 @@ def execute_request(verb, url, opts = {}) raise TimeoutError, e end - Response.new(response, parse: opts[:parse], snaky: opts[:snaky]) + parse = opts.fetch(:parse, Response::DEFAULT_OPTIONS[:parse]) + snaky = opts.fetch(:snaky, Response::DEFAULT_OPTIONS[:snaky]) + + Response.new(response, parse: parse, snaky: snaky) end # Returns the authenticator object diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index 8b580d40..b1742e7c 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -7,6 +7,10 @@ module OAuth2 # OAuth2::Response class class Response + DEFAULT_OPTIONS = { + parse: :automatic, + snaky: true, + }.freeze attr_reader :response attr_accessor :options diff --git a/spec/oauth2/error_spec.rb b/spec/oauth2/error_spec.rb index 19d5658c..2d5c348a 100644 --- a/spec/oauth2/error_spec.rb +++ b/spec/oauth2/error_spec.rb @@ -1,6 +1,25 @@ # encoding: UTF-8 # frozen_string_literal: true +class StirredHash < Hash + def to_str + '{"hello":"� Cool � StirredHash"}' + end +end + +class XmledString < String + XML = ' + + +� Cool � XmledString + + +'.freeze + def to_str + XML + end +end + RSpec.describe OAuth2::Error do subject { described_class.new(response) } @@ -100,6 +119,59 @@ end end + context 'when using :json parser with non-encodable data' do + let(:response_headers) { {'Content-Type' => 'application/hal+json'} } + let(:response_body) do + StirredHash.new( + "_links": { + "self": {"href": '/orders/523'}, + "warehouse": {"href": '/warehouse/56'}, + "invoice": {"href": '/invoices/873'}, + }, + "currency": 'USD', + "status": 'shipped', + "total": 10.20 + ) + end + + before do + expect(response_body).not_to respond_to(:force_encoding) + expect(response_body).to respond_to(:to_str) + end + + it 'does not force encode the message' do + expect(subject.message).to eq('{"hello":"� Cool � StirredHash"}') + end + end + + context 'when using :xml parser' do + let(:response_headers) { {'Content-Type' => 'text/xml'} } + let(:response_body) do + XmledString.new(XmledString::XML) + end + + before do + expect(response_body).to respond_to(:to_str) + end + + it 'parses the XML' do + expect(subject.message).to eq(XmledString::XML) + end + end + + context 'when using :xml parser with non-String-like thing' do + let(:response_headers) { {'Content-Type' => 'text/xml'} } + let(:response_body) { {hello: :world} } + + before do + expect(response_body).not_to respond_to(:to_str) + end + + it 'just returns the thing if it can' do + expect(subject.message).to eq('{:hello=>:world}') + end + end + it 'sets the code attribute' do expect(subject.code).to eq('i_am_a_teapot') end @@ -109,6 +181,14 @@ end end + it 'sets the code attribute to nil' do + expect(subject.code).to be_nil + end + + it 'sets the description attribute' do + expect(subject.description).to be_nil + end + context 'when there is no error description' do before do expect(response_hash).not_to have_key('error') @@ -203,6 +283,143 @@ expect(subject.description).to eq('Short and stout') end end + + context 'when there is code but no error_description' do + before do + response_hash.delete('error_description') + response_hash['error'] = 'i_am_a_teapot' + response_hash['code'] = '418' + end + + it 'prepends to the error message with a return character' do + expect(subject.message.each_line.to_a).to eq( + [ + "i_am_a_teapot: \n", + { + "text": 'Coffee brewing failed', + "error": 'i_am_a_teapot', + "code": '418', + }.to_json, + ] + ) + end + + context 'when the response needs to be encoded' do + let(:response_body) { JSON.dump(response_hash).force_encoding('ASCII-8BIT') } + + context 'with invalid characters present' do + before do + response_body.gsub!('brewing', "\255 invalid \255") + end + + it 'replaces them' do + # The skip can be removed once support for < 2.1 is dropped. + encoding = {reason: 'encode/scrub only works as of Ruby 2.1'} + skip_for(encoding.merge(engine: 'jruby')) + # See https://bibwild.wordpress.com/2013/03/12/removing-illegal-bytes-for-encoding-in-ruby-1-9-strings/ + + raise 'Invalid characters not replaced' unless subject.message.include?('� invalid �') + # This will fail if {:invalid => replace} is not passed into `encode` + end + end + end + + context 'when the response is not an encodable thing' do + let(:response_headers) { {'Content-Type' => 'who knows'} } + let(:response_body) { {text: 'Coffee brewing failed'} } + + before do + expect(response_body).not_to respond_to(:encode) + # i.e. a Ruby hash + end + + it 'does not try to encode the message string' do + expect(subject.message).to eq(response_body.to_s) + end + end + + it 'sets the code attribute' do + expect(subject.code).to eq('i_am_a_teapot') + end + + it 'does not set the description attribute' do + expect(subject.description).to be_nil + end + end + + context 'when there is error_description but no code' do + before do + response_hash['error_description'] = 'Short and stout' + response_hash['error'] = 'i_am_a_teapot' + response_hash.delete('code') + end + + it 'prepends to the error message with a return character' do + expect(subject.message.each_line.to_a).to eq( + [ + "i_am_a_teapot: Short and stout\n", + { + "text": 'Coffee brewing failed', + "error_description": 'Short and stout', + "error": 'i_am_a_teapot', + }.to_json, + ] + ) + end + + context 'when the response needs to be encoded' do + let(:response_body) { JSON.dump(response_hash).force_encoding('ASCII-8BIT') } + + context 'with invalid characters present' do + before do + response_body.gsub!('stout', "\255 invalid \255") + end + + it 'replaces them' do + # The skip can be removed once support for < 2.1 is dropped. + encoding = {reason: 'encode/scrub only works as of Ruby 2.1'} + skip_for(encoding.merge(engine: 'jruby')) + # See https://bibwild.wordpress.com/2013/03/12/removing-illegal-bytes-for-encoding-in-ruby-1-9-strings/ + + raise 'Invalid characters not replaced' unless subject.message.include?('� invalid �') + # This will fail if {:invalid => replace} is not passed into `encode` + end + end + + context 'with undefined characters present' do + before do + response_hash['error_description'] += ": 'A magical voyage of tea 🍵'" + end + + it 'replaces them' do + raise 'Undefined characters not replaced' unless subject.message.include?('tea �') + # This will fail if {:undef => replace} is not passed into `encode` + end + end + end + + context 'when the response is not an encodable thing' do + let(:response_headers) { {'Content-Type' => 'who knows'} } + let(:response_body) { {text: 'Coffee brewing failed'} } + + before do + expect(response_body).not_to respond_to(:encode) + # i.e. a Ruby hash + end + + it 'does not try to encode the message string' do + expect(subject.message).to eq(response_body.to_s) + end + end + + it 'sets the code attribute' do + expect(subject.code).to eq('i_am_a_teapot') + end + + it 'sets the description attribute' do + expect(subject.description).to eq('Short and stout') + end + end end context 'when the response does not parse to a hash' do From 35adcfbcac3cb84058969f5d0955df776e4389e8 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 1 Jul 2022 22:18:56 +0700 Subject: [PATCH 193/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20Latest=20version?= =?UTF-8?q?=5Fgem?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- oauth2.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index de9f7436..5f099e66 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -9,7 +9,7 @@ Gem::Specification.new do |spec| spec.add_dependency 'multi_xml', '~> 0.5' spec.add_dependency 'rack', ['>= 1.2', '< 3'] spec.add_dependency 'rash_alt', ['>= 0.4', '< 1'] - spec.add_dependency 'version_gem', '~> 1.0' + spec.add_dependency 'version_gem', '~> 1.1' spec.authors = ['Peter Boling', 'Erik Michaels-Ober', 'Michael Bleigh'] spec.description = 'A Ruby wrapper for the OAuth 2.0 protocol built with a similar style to the original OAuth spec.' From 00c8fdc08136df00ad04e7a5c445f635e584d127 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 1 Jul 2022 22:19:31 +0700 Subject: [PATCH 194/645] =?UTF-8?q?=F0=9F=93=9D=20Gem=20post=5Finstall=5Fm?= =?UTF-8?q?essage?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- oauth2.gemspec | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/oauth2.gemspec b/oauth2.gemspec index 5f099e66..2e2594b1 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -20,6 +20,18 @@ Gem::Specification.new do |spec| spec.required_ruby_version = '>= 2.2.0' spec.summary = 'A Ruby wrapper for the OAuth 2.0 protocol.' spec.version = OAuth2::Version::VERSION + spec.post_install_message = " +You have installed oauth2 version #{OAuth2::Version}, congratulations! + +There are BREAKING changes, but most will not encounter them, and updating your code should be easy! + +Please see: +• https://github.com/oauth-xx/oauth2#what-is-new-for-v20 +• https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md + +Please report issues, and support the project! Thanks, |7eter l-|. l3oling + +" spec.metadata['homepage_uri'] = spec.homepage spec.metadata['source_code_uri'] = "#{spec.homepage}/tree/v#{spec.version}" From 6aaaba23cb0d335985bc85e426731a6fd70820cb Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 1 Jul 2022 22:52:24 +0700 Subject: [PATCH 195/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=202.0.?= =?UTF-8?q?4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- CHANGELOG.md | 11 ++++++++--- README.md | 44 +++++++++++++++++++++++-------------------- lib/oauth2/version.rb | 2 +- 3 files changed, 33 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 29bc8dfb..6f6763c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -94,6 +94,9 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#589](https://github.com/oauth-xx/oauth2/pull/589), [#593](https://github.com/oauth-xx/oauth2/pull/593) - Remove support for expired MAC token draft spec (@stanhu) - [#590](https://github.com/oauth-xx/oauth2/pull/590) - _Dependency_: Removed `multi_json` (@stanhu) +## [1.4.10] - 2022-07-01 +- FIPS Compatibility [#587](https://github.com/oauth-xx/oauth2/pull/587) (@akostadinov) + ## [1.4.9] - 2022-02-20 - Fixes compatibility with Faraday v2 [572](https://github.com/oauth-xx/oauth2/issues/572) - Includes supported versions of Faraday in test matrix: @@ -104,7 +107,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [1.4.8] - 2022-02-18 - MFA is now required to push new gem versions (@pboling) -- README overhaul w/ new Ruby Verion and Engine compatibility policies (@pboling) +- README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling) - [#569](https://github.com/oauth-xx/oauth2/pull/569) Backport fixes ([#561](https://github.com/oauth-xx/oauth2/pull/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind) - Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling) - Add CodeQL, Security Policy, Funding info (@pboling) @@ -233,7 +236,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [0.0.4] + [0.0.3] + [0.0.2] + [0.0.1] - 2010-04-22 -[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.3...HEAD [0.0.1]: https://github.com/oauth-xx/oauth2/compare/311d9f4...v0.0.1 [0.0.2]: https://github.com/oauth-xx/oauth2/compare/v0.0.1...v0.0.2 [0.0.3]: https://github.com/oauth-xx/oauth2/compare/v0.0.2...v0.0.3 @@ -269,8 +271,11 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [1.4.7]: https://github.com/oauth-xx/oauth2/compare/v1.4.6...v1.4.7 [1.4.8]: https://github.com/oauth-xx/oauth2/compare/v1.4.7...v1.4.8 [1.4.9]: https://github.com/oauth-xx/oauth2/compare/v1.4.8...v1.4.9 -[2.0.0]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...v2.0.0 +[1.4.10]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...v1.4.10 +[2.0.0]: https://github.com/oauth-xx/oauth2/compare/v1.4.10...v2.0.0 [2.0.1]: https://github.com/oauth-xx/oauth2/compare/v2.0.0...v2.0.1 [2.0.2]: https://github.com/oauth-xx/oauth2/compare/v2.0.1...v2.0.2 [2.0.3]: https://github.com/oauth-xx/oauth2/compare/v2.0.2...v2.0.3 +[2.0.4]: https://github.com/oauth-xx/oauth2/compare/v2.0.3...v2.0.4 +[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.4...HEAD [gemfiles/readme]: gemfiles/README.md diff --git a/README.md b/README.md index 546783b4..8ef3eb09 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. | Version | Release Date | Readme | |---------|--------------|----------------------------------------------------------| +| 2.0.4 | 2022-07-01 | https://github.com/oauth-xx/oauth2/blob/v2.0.4/README.md | | 2.0.3 | 2022-06-28 | https://github.com/oauth-xx/oauth2/blob/v2.0.3/README.md | | 2.0.2 | 2022-06-24 | https://github.com/oauth-xx/oauth2/blob/v2.0.2/README.md | | 2.0.1 | 2022-06-22 | https://github.com/oauth-xx/oauth2/blob/v2.0.1/README.md | @@ -43,18 +44,19 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby.
1.4.x Readmes -| Version | Release Date | Readme | -|---------|--------------|----------------------------------------------------------| -| 1.4.9 | Feb 20, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.9/README.md | -| 1.4.8 | Feb 18, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.8/README.md | -| 1.4.7 | Mar 19, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.7/README.md | -| 1.4.6 | Mar 19, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.6/README.md | -| 1.4.5 | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.5/README.md | -| 1.4.4 | Feb 12, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.4/README.md | -| 1.4.3 | Jan 29, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.3/README.md | -| 1.4.2 | Oct 1, 2019 | https://github.com/oauth-xx/oauth2/blob/v1.4.2/README.md | -| 1.4.1 | Oct 13, 2018 | https://github.com/oauth-xx/oauth2/blob/v1.4.1/README.md | -| 1.4.0 | Jun 9, 2017 | https://github.com/oauth-xx/oauth2/blob/v1.4.0/README.md | +| Version | Release Date | Readme | +|---------|--------------|-----------------------------------------------------------| +| 1.4.10 | Jul 1, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.10/README.md | +| 1.4.9 | Feb 20, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.9/README.md | +| 1.4.8 | Feb 18, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.8/README.md | +| 1.4.7 | Mar 19, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.7/README.md | +| 1.4.6 | Mar 19, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.6/README.md | +| 1.4.5 | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.5/README.md | +| 1.4.4 | Feb 12, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.4/README.md | +| 1.4.3 | Jan 29, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.3/README.md | +| 1.4.2 | Oct 1, 2019 | https://github.com/oauth-xx/oauth2/blob/v1.4.2/README.md | +| 1.4.1 | Oct 13, 2018 | https://github.com/oauth-xx/oauth2/blob/v1.4.1/README.md | +| 1.4.0 | Jun 9, 2017 | https://github.com/oauth-xx/oauth2/blob/v1.4.0/README.md |
@@ -144,7 +146,7 @@ The link tokens in the following sections should be kept ordered by the row and [📗next♻️]: https://github.com/oauth-xx/oauth2/milestone/15 [📗next-img♻️]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/15?label=Next%20Version - + [⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability [⛳cclim-maint-img♻️]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability [🖇triage-help]: https://www.codetriage.com/oauth-xx/oauth2 @@ -229,7 +231,9 @@ If bundler is not being used to manage dependencies, install the gem by executin Available as part of the Tidelift Subscription. -The maintainers of OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise) +The maintainers of OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref] + +[tidelift-ref]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise ## Security contact information @@ -289,13 +293,13 @@ fashion. If critical issues for a particular implementation exist at the time of a major release, support for that Ruby version may be dropped.
-| | Ruby OAuth 2 Version | Maintenance Branch | Supported Officially | Supported Unofficially | Supported Incidentally | -|:----|----------------------|--------------------|-------------------------|------------------------|------------------------| -| 1️⃣ | 2.0.x | `master` | 2.7, 3.0, 3.1 | 2.5, 2.6 | 2.2, 2.3, 2.4 | -| 2️⃣ | 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 1.9, 2.0 | -| 3️⃣ | older | N/A | Best of luck to you! | Please upgrade! | | +| | Ruby OAuth2 Version | Maintenance Branch | Supported Officially | Supported Unofficially | Supported Incidentally | +|:----|---------------------|--------------------|-------------------------|------------------------|------------------------| +| 1️⃣ | 2.0.x | `master` | 2.7, 3.0, 3.1 | 2.5, 2.6 | 2.2, 2.3, 2.4 | +| 2️⃣ | 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 1.9, 2.0 | +| 3️⃣ | older | N/A | Best of luck to you! | Please upgrade! | | -NOTE: The 1.4 series will only receive critical bug and security updates. +NOTE: The 1.4 series will only receive critical security updates. See [SECURITY.md][🚎sec-pol] ## Usage Examples diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index 0d5156a0..1b05dae8 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,6 +2,6 @@ module OAuth2 module Version - VERSION = '2.0.3'.freeze + VERSION = '2.0.4'.freeze end end From dc55a4e0dc90973dd1d5d08dabf46d243707cfde Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 1 Jul 2022 23:24:16 +0700 Subject: [PATCH 196/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typos?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8ef3eb09..d74d71a9 100644 --- a/README.md +++ b/README.md @@ -517,7 +517,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To See [CONTRIBUTING.md][contributing] -[contributing]: https://github.com/oauth-xx/oauth2/blob/main/CONTRIBUTING.md +[contributing]: https://github.com/oauth-xx/oauth2/blob/master/CONTRIBUTING.md ## Contributors From 872d88d7331f39743ce84b717a2d390eee039a41 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 5 Jul 2022 21:30:47 +0700 Subject: [PATCH 197/645] =?UTF-8?q?=F0=9F=93=9D=20Add=20missing=20BREAKING?= =?UTF-8?q?=20change=20to=20CHANGELOG.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f6763c8..d102a1f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -65,6 +65,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#414](https://github.com/oauth-xx/oauth2/pull/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura) - [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost) - [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost) +- [#507](https://github.com/oauth-xx/oauth2/pull/507), [#575](https://github.com/oauth-xx/oauth2/pull/575) - **BREAKING**: Transform keys to camel case, always, by default (ultimately via `rash_alt` gem) - [#576](https://github.com/oauth-xx/oauth2/pull/576) - **BREAKING**: Stop rescuing parsing errors (@pboling) - [#591](https://github.com/oauth-xx/oauth2/pull/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated ### Fixed From 8323d06ce98f09eef141413b7b026f40ef074864 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 5 Jul 2022 21:37:08 +0700 Subject: [PATCH 198/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20key=20transfo?= =?UTF-8?q?rmation=20BREAKING=20change?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- CHANGELOG.md | 3 +++ README.md | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d102a1f4..ba36d16d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -66,6 +66,9 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost) - [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost) - [#507](https://github.com/oauth-xx/oauth2/pull/507), [#575](https://github.com/oauth-xx/oauth2/pull/575) - **BREAKING**: Transform keys to camel case, always, by default (ultimately via `rash_alt` gem) + - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem. + - However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case. + - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option. - [#576](https://github.com/oauth-xx/oauth2/pull/576) - **BREAKING**: Stop rescuing parsing errors (@pboling) - [#591](https://github.com/oauth-xx/oauth2/pull/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated ### Fixed diff --git a/README.md b/README.md index d74d71a9..6d58197b 100644 --- a/README.md +++ b/README.md @@ -257,6 +257,10 @@ For more see [SECURITY.md][🚎sec-pol]. - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` - Adds new option to `OAuth2::AccessToken#initialize`: - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency +- By default, keys are transformed to camel case. + - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem. + - However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case. + - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option. - [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#2.0.0) ## Compatibility From a81bc3bade0adbdbdfe3fb5bd475055a0f9d20e5 Mon Sep 17 00:00:00 2001 From: matt swanson Date: Wed, 6 Jul 2022 12:53:52 -0400 Subject: [PATCH 199/645] =?UTF-8?q?=F0=9F=94=80=20Update=20v2=20docs=20to?= =?UTF-8?q?=20highlight=20auth=5Fscheme=20changes=20(#620)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 6d58197b..63fcf1ea 100644 --- a/README.md +++ b/README.md @@ -261,6 +261,8 @@ For more see [SECURITY.md][🚎sec-pol]. - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem. - However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case. - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option. +- By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`) + - Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body - [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#2.0.0) ## Compatibility From 025d73b7730f11e4e92b9e87a5a1256c3a71c925 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 7 Jul 2022 19:58:29 +0700 Subject: [PATCH 200/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20BREAKING=20ch?= =?UTF-8?q?anges?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- .simplecov | 2 +- CHANGELOG.md | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.simplecov b/.simplecov index e144476b..423aa578 100644 --- a/.simplecov +++ b/.simplecov @@ -25,7 +25,7 @@ if RUN_COVERAGE formatter SimpleCov::Formatter::HTMLFormatter end - minimum_coverage(line: 100, branch: 97) + minimum_coverage(line: 100, branch: 100) end else puts "Not running coverage on #{RUBY_ENGINE} #{RUBY_VERSION}" diff --git a/CHANGELOG.md b/CHANGELOG.md index ba36d16d..c867ba7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file. The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html). +## [2.0.5] - 2022-07-07 +### Fixed +- [#621](https://github.com/oauth-xx/oauth2/pull/621) - Fixed [#528](https://github.com/oauth-xx/oauth2/issues/528) and [#619](https://github.com/oauth-xx/oauth2/issues/619) (@pboling) + - All data in responses is now returned, with the access token removed and set as `token` + - `refresh_token` is no longer dropped + - **BREAKING**: Microsoft's `id_token` is no longer left as `access_token['id_token']`, but moved to the standard `access_token.token` that all other strategies use + - `snaky` and `parse` are no longer passed through to request params + - There is now 100% test coverage, for lines _and_ branches, and it will stay that way. + ## [2.0.4] - 2022-07-01 ### Fixed - [#618](https://github.com/oauth-xx/oauth2/pull/618) - In some scenarios the `snaky` option default value was not applied (@pboling) @@ -281,5 +290,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [2.0.2]: https://github.com/oauth-xx/oauth2/compare/v2.0.1...v2.0.2 [2.0.3]: https://github.com/oauth-xx/oauth2/compare/v2.0.2...v2.0.3 [2.0.4]: https://github.com/oauth-xx/oauth2/compare/v2.0.3...v2.0.4 -[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.4...HEAD +[2.0.5]: https://github.com/oauth-xx/oauth2/compare/v2.0.4...v2.0.5 +[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.5...HEAD [gemfiles/readme]: gemfiles/README.md From f0fef915e56002fef94ca750c5f649a331a99923 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 7 Jul 2022 20:26:03 +0700 Subject: [PATCH 201/645] =?UTF-8?q?=F0=9F=94=80=20=F0=9F=90=9B=20Fix=20#52?= =?UTF-8?q?8,=20#619=20-=20Remove=20options=20parse=20and=20snaky,=20if=20?= =?UTF-8?q?present,=20passthru=20all=20others=20(#621)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 🐛 Fix #619 - Remove options parse and snaky, if present Signed-off-by: Peter Boling * 🐛 Fix #528 - 100% line coverage - 100% branch coverage Signed-off-by: Peter Boling --- CHANGELOG.md | 3 +- lib/oauth2/access_token.rb | 27 +- lib/oauth2/client.rb | 13 +- lib/oauth2/error.rb | 26 +- lib/oauth2/strategy/assertion.rb | 2 +- lib/oauth2/strategy/auth_code.rb | 2 +- lib/oauth2/strategy/client_credentials.rb | 2 +- spec/oauth2/access_token_spec.rb | 95 ++++++- spec/oauth2/client_spec.rb | 87 +++++++ spec/oauth2/error_spec.rb | 234 ++++++++++++++++-- spec/oauth2/response_spec.rb | 10 + spec/oauth2/strategy/assertion_spec.rb | 2 +- spec/oauth2/strategy/auth_code_spec.rb | 4 +- .../strategy/client_credentials_spec.rb | 14 +- 14 files changed, 469 insertions(+), 52 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c867ba7f..a93dd06a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,11 +6,12 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [2.0.5] - 2022-07-07 ### Fixed +- [#620](https://github.com/oauth-xx/oauth2/pull/620) - Documentation improvements, to help with upgrading (@swanson) - [#621](https://github.com/oauth-xx/oauth2/pull/621) - Fixed [#528](https://github.com/oauth-xx/oauth2/issues/528) and [#619](https://github.com/oauth-xx/oauth2/issues/619) (@pboling) - All data in responses is now returned, with the access token removed and set as `token` - `refresh_token` is no longer dropped - **BREAKING**: Microsoft's `id_token` is no longer left as `access_token['id_token']`, but moved to the standard `access_token.token` that all other strategies use - - `snaky` and `parse` are no longer passed through to request params + - Remove `parse` and `snaky` from options so they don't get included in response - There is now 100% test coverage, for lines _and_ branches, and it will stay that way. ## [2.0.4] - 2022-07-01 diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 3b5ceb97..0f9d4d57 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -8,12 +8,18 @@ class AccessToken # rubocop:disable Metrics/ClassLength class << self # Initializes an AccessToken from a Hash # - # @param client [Client] the OAuth2::Client instance - # @param hash [Hash] a hash of AccessToken property values + # @param [Client] client the OAuth2::Client instance + # @param [Hash] hash a hash of AccessToken property values + # @option hash [String] 'access_token', 'id_token', 'token', :access_token, :id_token, or :token the access token # @return [AccessToken] the initialized AccessToken def from_hash(client, hash) hash = hash.dup - new(client, hash.delete('access_token') || hash.delete(:access_token) || hash.delete('token') || hash.delete(:token), hash) + token = hash.delete('access_token') || hash.delete(:access_token) || + hash.delete('id_token') || hash.delete(:id_token) || + hash.delete('token') || hash.delete(:token) || + hash.delete('accessToken') || hash.delete(:accessToken) || + hash.delete('idToken') || hash.delete(:idToken) + new(client, token, hash) end # Initializes an AccessToken from a key/value application/x-www-form-urlencoded string @@ -24,10 +30,6 @@ def from_hash(client, hash) def from_kvform(client, kvform) from_hash(client, Rack::Utils.parse_query(kvform)) end - - def contains_token?(hash) - hash.key?('access_token') || hash.key?('id_token') || hash.key?('token') - end end # Initialize an AccessToken @@ -47,6 +49,11 @@ def contains_token?(hash) def initialize(client, token, opts = {}) @client = client @token = token.to_s + + if @client.options[:raise_errors] && (@token.nil? || @token.empty?) + error = Error.new(opts) + raise(error) + end opts = opts.dup %i[refresh_token expires_in expires_at expires_latency].each do |arg| instance_variable_set("@#{arg}", opts.delete(arg) || opts.delete(arg.to_s)) @@ -95,7 +102,11 @@ def refresh(params = {}, access_token_opts = {}) params[:refresh_token] = refresh_token new_token = @client.get_token(params, access_token_opts) new_token.options = options - new_token.refresh_token = refresh_token unless new_token.refresh_token + if new_token.refresh_token + # Keep it, if there is one + else + new_token.refresh_token = refresh_token + end new_token end # A compatibility alias diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index a2e3a8c3..8f2c82b2 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -165,10 +165,13 @@ def get_token(params, access_token_opts = {}, extract_access_token = nil, &block end end.to_h + parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse] + snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky] + request_opts = { raise_errors: options[:raise_errors], - parse: params.fetch(:parse, Response::DEFAULT_OPTIONS[:parse]), - snaky: params.fetch(:snaky, Response::DEFAULT_OPTIONS[:snaky]), + parse: parse, + snaky: snaky, } params = authenticator.apply(params) headers = params.delete(:headers) || {} @@ -266,8 +269,8 @@ def execute_request(verb, url, opts = {}) raise TimeoutError, e end - parse = opts.fetch(:parse, Response::DEFAULT_OPTIONS[:parse]) - snaky = opts.fetch(:snaky, Response::DEFAULT_OPTIONS[:snaky]) + parse = opts.key?(:parse) ? opts.delete(:parse) : Response::DEFAULT_OPTIONS[:parse] + snaky = opts.key?(:snaky) ? opts.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky] Response.new(response, parse: parse, snaky: snaky) end @@ -296,7 +299,7 @@ def parse_response(response, access_token_opts) access_token_class = options[:access_token_class] data = response.parsed - unless data.is_a?(Hash) && access_token_class.contains_token?(data) + unless data.is_a?(Hash) && !data.empty? return unless options[:raise_errors] error = Error.new(response) diff --git a/lib/oauth2/error.rb b/lib/oauth2/error.rb index 0d2c8407..cd99ff86 100644 --- a/lib/oauth2/error.rb +++ b/lib/oauth2/error.rb @@ -2,21 +2,29 @@ module OAuth2 class Error < StandardError - attr_reader :response, :code, :description + attr_reader :response, :body, :code, :description # standard error codes include: # 'invalid_request', 'invalid_client', 'invalid_token', 'invalid_grant', 'unsupported_grant_type', 'invalid_scope' + # response might be a Response object, or the response.parsed hash def initialize(response) @response = response - message_opts = {} - - if response.parsed.is_a?(Hash) - @code = response.parsed['error'] - @description = response.parsed['error_description'] - message_opts = parse_error_description(@code, @description) + if response.respond_to?(:parsed) + if response.parsed.is_a?(Hash) + @code = response.parsed['error'] + @description = response.parsed['error_description'] + end + elsif response.is_a?(Hash) + @code = response['error'] + @description = response['error_description'] end - - super(error_message(response.body, message_opts)) + @body = if response.respond_to?(:body) + response.body + else + @response + end + message_opts = parse_error_description(@code, @description) + super(error_message(@body, message_opts)) end private diff --git a/lib/oauth2/strategy/assertion.rb b/lib/oauth2/strategy/assertion.rb index 92ff6cf2..5d921fbc 100644 --- a/lib/oauth2/strategy/assertion.rb +++ b/lib/oauth2/strategy/assertion.rb @@ -80,7 +80,7 @@ def get_token(claims, encoding_opts, request_opts = {}, response_opts = {}) assertion = build_assertion(claims, encoding_opts) params = build_request(assertion, request_opts) - @client.get_token(params, response_opts.merge('refresh_token' => nil)) + @client.get_token(params, response_opts) end private diff --git a/lib/oauth2/strategy/auth_code.rb b/lib/oauth2/strategy/auth_code.rb index a061df5f..f3aaad0a 100644 --- a/lib/oauth2/strategy/auth_code.rb +++ b/lib/oauth2/strategy/auth_code.rb @@ -25,7 +25,7 @@ def authorize_url(https://github.com/params%20=%20%7B%7D) # # @param [String] code The Authorization Code value # @param [Hash] params additional params - # @param [Hash] opts options + # @param [Hash] opts access_token_opts, @see Client#get_token # @note that you must also provide a :redirect_uri with most OAuth 2.0 providers def get_token(code, params = {}, opts = {}) params = {'grant_type' => 'authorization_code', 'code' => code}.merge(@client.redirection_params).merge(params) diff --git a/lib/oauth2/strategy/client_credentials.rb b/lib/oauth2/strategy/client_credentials.rb index 778c4fa4..2fba0e86 100644 --- a/lib/oauth2/strategy/client_credentials.rb +++ b/lib/oauth2/strategy/client_credentials.rb @@ -19,7 +19,7 @@ def authorize_url # @param [Hash] opts options def get_token(params = {}, opts = {}) params = params.merge('grant_type' => 'client_credentials') - @client.get_token(params, opts.merge('refresh_token' => nil)) + @client.get_token(params, opts) end end end diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 5a0c2906..fb82115b 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -110,6 +110,77 @@ def assert_initialized_token(target) block_is_expected.to raise_error("invalid :mode option of #{mode}") end end + + context 'with client.options[:raise_errors] = true' do + let(:mode) { :this_is_bad } + let(:options) { {mode: mode, raise_errors: true} } + + before do + expect(client.options[:raise_errors]).to be(true) + end + + context 'when there is a token' do + it 'does not raise on initialize' do + block_is_expected.not_to raise_error + end + + context 'with request' do + subject(:request) { target.post('/token/header') } + + it 'raises' do + block_is_expected.to raise_error("invalid :mode option of #{mode}") + end + end + end + + context 'when there is empty token' do + let(:token) { '' } + + it 'raises on initialize' do + block_is_expected.to raise_error(OAuth2::Error, '{:mode=>:this_is_bad, :raise_errors=>true}') + end + end + + context 'when there is nil token' do + let(:token) { nil } + + it 'raises on initialize' do + block_is_expected.to raise_error(OAuth2::Error, '{:mode=>:this_is_bad, :raise_errors=>true}') + end + end + end + end + + context 'with client.options[:raise_errors] = true' do + let(:options) { {raise_errors: true} } + + before do + expect(client.options[:raise_errors]).to be(true) + end + + context 'when there is a token' do + let(:token) { 'hurdygurdy' } + + it 'does not raise on initialize' do + block_is_expected.not_to raise_error + end + end + + context 'when there is empty token' do + let(:token) { '' } + + it 'raises on initialize' do + block_is_expected.to raise_error(OAuth2::Error, '{:raise_errors=>true}') + end + end + + context 'when there is nil token' do + let(:token) { nil } + + it 'raises on initialize' do + block_is_expected.to raise_error(OAuth2::Error, '{:raise_errors=>true}') + end + end end end @@ -302,7 +373,7 @@ def assert_initialized_token(target) before do custom_class = Class.new(described_class) do def self.from_hash(client, hash) - new(client, hash.delete('refresh_token')) + new(client, hash.delete('access_token'), hash) end def self.contains_token?(hash) @@ -349,6 +420,28 @@ def self.contains_token?(hash) end end + context 'with a not-nil refresh_token in the response' do + let(:refresh_body) { JSON.dump(access_token: 'refreshed_foo', expires_in: 600, refresh_token: 'qerwer') } + + it 'copies the refresh_token from the original token' do + refreshed = access.refresh + + expect(refreshed.token).to eq('refreshed_foo') + expect(refreshed.refresh_token).to eq('qerwer') + end + end + + context 'with a not-nil, not camel case, refresh_token in the response' do + let(:refresh_body) { JSON.dump(accessToken: 'refreshed_foo', expires_in: 600, refreshToken: 'qerwer') } + + it 'copies the refresh_token from the original token' do + refreshed = access.refresh + + expect(refreshed.token).to eq('refreshed_foo') + expect(refreshed.refresh_token).to eq('qerwer') + end + end + context 'with a custom access_token_class' do let(:access_token_class) { NewAccessToken } diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 02a50e30..dbb7e693 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -476,6 +476,93 @@ expect(token.token).to eq('the-token') end + context 'when parse: :automatic' do + it 'returns a configured AccessToken' do + client = stubbed_client do |stub| + stub.post('/oauth/token') do + [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + end + end + + token = client.get_token(parse: :automatic) + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq('the-token') + end + end + + context 'when parse: :xml but response is JSON' do + it 'returns a configured AccessToken' do + client = stubbed_client do |stub| + stub.post('/oauth/token') do + [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + end + end + + expect { client.get_token(parse: :xml) }.to raise_error( + MultiXml::ParseError, + 'The document "{\"access_token\":\"the-token\"}" does not have a valid root' + ) + end + end + + context 'when parse is fuzzed' do + it 'returns a configured AccessToken' do + client = stubbed_client do |stub| + stub.post('/oauth/token') do + [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + end + end + + token = client.get_token(parse: 'random') + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq('the-token') + end + end + + context 'when parse is correct' do + it 'returns a configured AccessToken' do + client = stubbed_client do |stub| + stub.post('/oauth/token') do + [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + end + end + + token = client.get_token(parse: :json) + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq('the-token') + end + end + + context 'when snaky is falsy, but response is snaky' do + it 'returns a configured AccessToken' do + client = stubbed_client do |stub| + stub.post('/oauth/token') do + [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + end + end + + token = client.get_token(snaky: false) + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq('the-token') + expect(token.response.parsed.to_h).to eq('access_token' => 'the-token') + end + end + + context 'when snaky is falsy, but response is not snaky' do + it 'returns a configured AccessToken' do + client = stubbed_client do |stub| + stub.post('/oauth/token') do + [200, {'Content-Type' => 'application/json'}, JSON.dump('accessToken' => 'the-token')] + end + end + + token = client.get_token({snaky: false}, {param_name: 'accessToken'}) + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq('the-token') + expect(token.response.parsed.to_h).to eq('accessToken' => 'the-token') + end + end + it 'authenticates with request parameters' do client = stubbed_client(auth_scheme: :request_body) do |stub| stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def') do |_env| diff --git a/spec/oauth2/error_spec.rb b/spec/oauth2/error_spec.rb index 2d5c348a..fb1ed492 100644 --- a/spec/oauth2/error_spec.rb +++ b/spec/oauth2/error_spec.rb @@ -55,7 +55,7 @@ def to_str end end - context 'when the response is parseable as a hash' do + context 'when the response is parsed' do let(:response_body) { response_hash.to_json } let(:response_hash) { {text: 'Coffee brewing failed'} } @@ -65,6 +65,14 @@ def to_str response_hash['error'] = 'i_am_a_teapot' end + it 'sets the code attribute' do + expect(subject.code).to eq('i_am_a_teapot') + end + + it 'sets the description attribute' do + expect(subject.description).to eq('Short and stout') + end + it 'prepends to the error message with a return character' do expect(subject.message.each_line.to_a).to eq( [ @@ -171,14 +179,6 @@ def to_str expect(subject.message).to eq('{:hello=>:world}') end end - - it 'sets the code attribute' do - expect(subject.code).to eq('i_am_a_teapot') - end - - it 'sets the description attribute' do - expect(subject.description).to eq('Short and stout') - end end it 'sets the code attribute to nil' do @@ -209,11 +209,11 @@ def to_str end end - context 'when there is code' do + context 'when there is code (error)' do before do response_hash['error_description'] = 'Short and stout' response_hash['error'] = 'i_am_a_teapot' - response_hash['code'] = '418' + response_hash['status'] = '418' end it 'prepends to the error message with a return character' do @@ -224,7 +224,7 @@ def to_str "text": 'Coffee brewing failed', "error_description": 'Short and stout', "error": 'i_am_a_teapot', - "code": '418', + "status": '418', }.to_json, ] ) @@ -284,11 +284,11 @@ def to_str end end - context 'when there is code but no error_description' do + context 'when there is code (error) but no error_description' do before do response_hash.delete('error_description') response_hash['error'] = 'i_am_a_teapot' - response_hash['code'] = '418' + response_hash['status'] = '418' end it 'prepends to the error message with a return character' do @@ -298,7 +298,7 @@ def to_str { "text": 'Coffee brewing failed', "error": 'i_am_a_teapot', - "code": '418', + "status": '418', }.to_json, ] ) @@ -338,7 +338,7 @@ def to_str end end - it 'sets the code attribute' do + it 'sets the code attribute from error' do expect(subject.code).to eq('i_am_a_teapot') end @@ -347,21 +347,19 @@ def to_str end end - context 'when there is error_description but no code' do + context 'when there is error_description but no code (error)' do before do response_hash['error_description'] = 'Short and stout' - response_hash['error'] = 'i_am_a_teapot' - response_hash.delete('code') + response_hash.delete('error') end it 'prepends to the error message with a return character' do expect(subject.message.each_line.to_a).to eq( [ - "i_am_a_teapot: Short and stout\n", + "Short and stout\n", { "text": 'Coffee brewing failed', "error_description": 'Short and stout', - "error": 'i_am_a_teapot', }.to_json, ] ) @@ -412,6 +410,35 @@ def to_str end end + it 'sets the code attribute' do + expect(subject.code).to be_nil + end + + it 'sets the description attribute' do + expect(subject.description).to eq('Short and stout') + end + end + end + + context 'when the response is simple hash, not parsed' do + subject { described_class.new(response_hash) } + + let(:response_hash) { {text: 'Coffee brewing failed'} } + + it 'sets the code attribute to nil' do + expect(subject.code).to be_nil + end + + it 'sets the description attribute' do + expect(subject.description).to be_nil + end + + context 'when the response has an error and error_description' do + before do + response_hash['error_description'] = 'Short and stout' + response_hash['error'] = 'i_am_a_teapot' + end + it 'sets the code attribute' do expect(subject.code).to eq('i_am_a_teapot') end @@ -419,6 +446,171 @@ def to_str it 'sets the description attribute' do expect(subject.description).to eq('Short and stout') end + + it 'prepends to the error message with a return character' do + expect(subject.message.each_line.to_a).to eq( + [ + "i_am_a_teapot: Short and stout\n", + '{:text=>"Coffee brewing failed", "error_description"=>"Short and stout", "error"=>"i_am_a_teapot"}', + ] + ) + end + + context 'when using :xml parser with non-String-like thing' do + let(:response_headers) { {'Content-Type' => 'text/xml'} } + let(:response_hash) { {hello: :world} } + + before do + expect(response_hash).not_to respond_to(:to_str) + end + + it 'just returns whatever it can' do + expect(subject.message).to eq("i_am_a_teapot: Short and stout\n{:hello=>:world, \"error_description\"=>\"Short and stout\", \"error\"=>\"i_am_a_teapot\"}") + end + end + end + + context 'when using :xml parser with non-String-like thing' do + let(:response_headers) { {'Content-Type' => 'text/xml'} } + let(:response_hash) { {hello: :world} } + + before do + expect(response_hash).not_to respond_to(:to_str) + end + + it 'just returns the thing if it can' do + expect(subject.message).to eq('{:hello=>:world}') + end + end + + context 'when there is no error description' do + before do + expect(response_hash).not_to have_key('error') + expect(response_hash).not_to have_key('error_description') + end + + it 'does not prepend anything to the message' do + expect(subject.message.lines.count).to eq(1) + expect(subject.message).to eq '{:text=>"Coffee brewing failed"}' + end + + it 'does not set code' do + expect(subject.code).to be_nil + end + + it 'does not set description' do + expect(subject.description).to be_nil + end + end + + context 'when there is code (error)' do + before do + response_hash['error_description'] = 'Short and stout' + response_hash['error'] = 'i_am_a_teapot' + response_hash['status'] = '418' + end + + it 'prepends to the error message with a return character' do + expect(subject.message.each_line.to_a).to eq( + [ + "i_am_a_teapot: Short and stout\n", + '{:text=>"Coffee brewing failed", "error_description"=>"Short and stout", "error"=>"i_am_a_teapot", "status"=>"418"}', + ] + ) + end + + it 'sets the code attribute' do + expect(subject.code).to eq('i_am_a_teapot') + end + + it 'sets the description attribute' do + expect(subject.description).to eq('Short and stout') + end + end + + context 'when there is code (error) but no error_description' do + before do + response_hash.delete('error_description') + response_hash['error'] = 'i_am_a_teapot' + response_hash['status'] = '418' + end + + it 'sets the code attribute from error' do + expect(subject.code).to eq('i_am_a_teapot') + end + + it 'does not set the description attribute' do + expect(subject.description).to be_nil + end + + it 'prepends to the error message with a return character' do + expect(subject.message.each_line.to_a).to eq( + [ + "i_am_a_teapot: \n", + '{:text=>"Coffee brewing failed", "error"=>"i_am_a_teapot", "status"=>"418"}', + ] + ) + end + end + + context 'when there is error_description but no code (error)' do + before do + response_hash['error_description'] = 'Short and stout' + response_hash.delete('error') + end + + it 'prepends to the error message with a return character' do + expect(subject.message.each_line.to_a).to eq( + [ + "Short and stout\n", + '{:text=>"Coffee brewing failed", "error_description"=>"Short and stout"}', + ] + ) + end + + context 'when the response is not an encodable thing' do + let(:response_headers) { {'Content-Type' => 'who knows'} } + let(:response_hash) { {text: 'Coffee brewing failed'} } + + before do + expect(response_hash).not_to respond_to(:encode) + # i.e. a Ruby hash + end + + it 'does not try to encode the message string' do + expect(subject.message).to eq("Short and stout\n{:text=>\"Coffee brewing failed\", \"error_description\"=>\"Short and stout\"}") + end + end + + it 'sets the code attribute' do + expect(subject.code).to be_nil + end + + it 'sets the description attribute' do + expect(subject.description).to eq('Short and stout') + end + end + end + + context 'when the response is not a hash, not parsed' do + subject { described_class.new(response_thing) } + + let(:response_thing) { [200, 'Success'] } + + it 'sets the code attribute to nil' do + expect(subject.code).to be_nil + end + + it 'sets the description attribute' do + expect(subject.description).to be_nil + end + + it 'sets the body attribute' do + expect(subject.body).to eq(response_thing) + end + + it 'sets the response attribute' do + expect(subject.response).to eq(response_thing) end end diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb index 522cc64a..4ceb228f 100644 --- a/spec/oauth2/response_spec.rb +++ b/spec/oauth2/response_spec.rb @@ -303,6 +303,16 @@ expect(subject.parsed).to eq('a-ok') end + + it 'supports no parsing' do + headers = {'Content-Type' => 'text/html'} + body = '' + response = double('response', headers: headers, body: body) + + subject = described_class.new(response, parse: false) + + expect(subject.parsed).to eq(nil) + end end context 'with xml parser registration' do diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index db5e009b..43e498eb 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -240,7 +240,7 @@ end it 'sets AccessToken#refresh_token to nil' do - expect(access_token.refresh_token).to be_nil + expect(access_token.refresh_token).to eq('trout') end context 'with custom response_opts' do diff --git a/spec/oauth2/strategy/auth_code_spec.rb b/spec/oauth2/strategy/auth_code_spec.rb index b915bf60..fcc7be3b 100644 --- a/spec/oauth2/strategy/auth_code_spec.rb +++ b/spec/oauth2/strategy/auth_code_spec.rb @@ -9,7 +9,7 @@ let(:facebook_token) { kvform_token.gsub('_in', '') } let(:json_token) { JSON.dump(expires_in: 600, access_token: 'salmon', refresh_token: 'trout', extra_param: 'steve') } let(:redirect_uri) { 'http://example.com/redirect_uri' } - let(:microsoft_token) { 'id_token=jwt' } + let(:microsoft_token) { 'id_token=i_am_MSFT' } let(:client) do OAuth2::Client.new('abc', 'def', site: 'http://api.example.com/') do |builder| @@ -111,7 +111,7 @@ client.options[:token_method] = :get client.options[:auth_scheme] = :request_body @access = subject.get_token(code) - expect(@access['id_token']).to eq('jwt') + expect(@access.token).to eq('i_am_MSFT') end end diff --git a/spec/oauth2/strategy/client_credentials_spec.rb b/spec/oauth2/strategy/client_credentials_spec.rb index 7b32d5b2..b9480098 100644 --- a/spec/oauth2/strategy/client_credentials_spec.rb +++ b/spec/oauth2/strategy/client_credentials_spec.rb @@ -58,7 +58,7 @@ end it 'returns AccessToken without #refresh_token' do - expect(@access.refresh_token).to be_nil + expect(@access.refresh_token).to eq('trout') end it 'returns AccessToken with #expires_in' do @@ -82,4 +82,16 @@ expect(@last_headers['X-Extra-Header']).to eq('wow') end end + + describe '#get_token (with option overriding response)' do + before do + @mode = 'json' + @access = subject.get_token({}, {'refresh_token' => 'guppy'}) + end + + it 'override is applied' do + expect(@access.token).to eq('salmon') + expect(@access.refresh_token).to eq('guppy') + end + end end From 924d5337f42a615797f3635206806ffaa202ef92 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 7 Jul 2022 20:27:23 +0700 Subject: [PATCH 202/645] Bump oauth2 to 2.0.5 --- lib/oauth2/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index 1b05dae8..aa3f086e 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,6 +2,6 @@ module OAuth2 module Version - VERSION = '2.0.4'.freeze + VERSION = '2.0.5'.freeze end end From 8df9452e01494e155d6e5de94829bc9f55c63a1d Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 13 Jul 2022 10:01:42 +0700 Subject: [PATCH 203/645] =?UTF-8?q?=F0=9F=94=80=20623/allow=20refresh=20to?= =?UTF-8?q?ken=20with=20no=20access=20token=20(#624)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 📝 Link to v2.0.5 README.md Signed-off-by: Peter Boling * 🚑️ Fixes regression #623 in v2.0.5 - Adds more specs Signed-off-by: Peter Boling * 🚨 Update lint rules Signed-off-by: Peter Boling * 🔖 Prepare release v2.0.6 Signed-off-by: Peter Boling --- .rubocop_todo.yml | 23 ++- CHANGELOG.md | 7 +- README.md | 6 +- lib/oauth2/access_token.rb | 33 +++-- lib/oauth2/version.rb | 2 +- spec/oauth2/access_token_spec.rb | 239 ++++++++++++++++++++++++++++++- 6 files changed, 276 insertions(+), 34 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 4bca8a87..b3a3b14d 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,14 +1,14 @@ # This configuration was generated by # `rubocop --auto-gen-config` -# on 2022-06-07 21:06:40 -0700 using RuboCop version 0.68.1. +# on 2022-07-13 09:52:51 +0700 using RuboCop version 0.68.1. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new # versions of RuboCop, may require this file to be generated again. -# Offense count: 6 +# Offense count: 9 Metrics/AbcSize: - Max: 45 + Max: 35 # Offense count: 6 # Configuration parameters: CountComments, ExcludedMethods. @@ -16,20 +16,20 @@ Metrics/AbcSize: Metrics/BlockLength: Max: 35 -# Offense count: 3 +# Offense count: 5 Metrics/CyclomaticComplexity: - Max: 11 + Max: 12 -# Offense count: 7 +# Offense count: 10 # Configuration parameters: CountComments, ExcludedMethods. Metrics/MethodLength: - Max: 37 + Max: 34 -# Offense count: 2 +# Offense count: 3 Metrics/PerceivedComplexity: Max: 13 -# Offense count: 8 +# Offense count: 10 # Configuration parameters: Prefixes. # Prefixes: when, with, without RSpec/ContextWording: @@ -37,8 +37,3 @@ RSpec/ContextWording: - 'spec/oauth2/access_token_spec.rb' - 'spec/oauth2/authenticator_spec.rb' - 'spec/oauth2/client_spec.rb' - -# Offense count: 1 -RSpec/LeakyConstantDeclaration: - Exclude: - - 'spec/oauth2/access_token_spec.rb' diff --git a/CHANGELOG.md b/CHANGELOG.md index a93dd06a..54afea4d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html). +## [2.0.6] - 2022-07-13 +### Fixed +- [#624](https://github.com/oauth-xx/oauth2/pull/624) - Fixes a [regression](https://github.com/oauth-xx/oauth2/pull/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling) + ## [2.0.5] - 2022-07-07 ### Fixed - [#620](https://github.com/oauth-xx/oauth2/pull/620) - Documentation improvements, to help with upgrading (@swanson) @@ -292,5 +296,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [2.0.3]: https://github.com/oauth-xx/oauth2/compare/v2.0.2...v2.0.3 [2.0.4]: https://github.com/oauth-xx/oauth2/compare/v2.0.3...v2.0.4 [2.0.5]: https://github.com/oauth-xx/oauth2/compare/v2.0.4...v2.0.5 -[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.5...HEAD +[2.0.6]: https://github.com/oauth-xx/oauth2/compare/v2.0.5...v2.0.6 +[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.6...HEAD [gemfiles/readme]: gemfiles/README.md diff --git a/README.md b/README.md index 63fcf1ea..691c8145 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,8 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. | Version | Release Date | Readme | |---------|--------------|----------------------------------------------------------| +| 2.0.6 | 2022-07-13 | https://github.com/oauth-xx/oauth2/blob/v2.0.6/README.md | +| 2.0.5 | 2022-07-07 | https://github.com/oauth-xx/oauth2/blob/v2.0.5/README.md | | 2.0.4 | 2022-07-01 | https://github.com/oauth-xx/oauth2/blob/v2.0.4/README.md | | 2.0.3 | 2022-06-28 | https://github.com/oauth-xx/oauth2/blob/v2.0.3/README.md | | 2.0.2 | 2022-06-24 | https://github.com/oauth-xx/oauth2/blob/v2.0.2/README.md | @@ -143,8 +145,8 @@ The link tokens in the following sections should be kept ordered by the row and [🖐prs-o-img]: https://img.shields.io/github/issues-pr/oauth-xx/oauth2 [🧮prs-c]: https://github.com/oauth-xx/oauth2/pulls?q=is%3Apr+is%3Aclosed [🧮prs-c-img]: https://img.shields.io/github/issues-pr-closed/oauth-xx/oauth2 -[📗next♻️]: https://github.com/oauth-xx/oauth2/milestone/15 -[📗next-img♻️]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/15?label=Next%20Version +[📗next♻️]: https://github.com/oauth-xx/oauth2/milestone/2 +[📗next-img♻️]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/2?label=Next%20Version [⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 0f9d4d57..290981b6 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -2,6 +2,10 @@ module OAuth2 class AccessToken # rubocop:disable Metrics/ClassLength + TOKEN_KEYS_STR = %w[access_token id_token token accessToken idToken].freeze + TOKEN_KEYS_SYM = %i[access_token id_token token accessToken idToken].freeze + TOKEN_KEY_LOOKUP = TOKEN_KEYS_STR + TOKEN_KEYS_SYM + attr_reader :client, :token, :expires_in, :expires_at, :expires_latency, :params attr_accessor :options, :refresh_token, :response @@ -13,13 +17,13 @@ class << self # @option hash [String] 'access_token', 'id_token', 'token', :access_token, :id_token, or :token the access token # @return [AccessToken] the initialized AccessToken def from_hash(client, hash) - hash = hash.dup - token = hash.delete('access_token') || hash.delete(:access_token) || - hash.delete('id_token') || hash.delete(:id_token) || - hash.delete('token') || hash.delete(:token) || - hash.delete('accessToken') || hash.delete(:accessToken) || - hash.delete('idToken') || hash.delete(:idToken) - new(client, token, hash) + fresh = hash.dup + supported_keys = fresh.keys & TOKEN_KEY_LOOKUP + key = supported_keys[0] + # Having too many is sus, and may lead to bugs. Having none is fine (e.g. refresh flow doesn't need a token). + warn("OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (#{supported_keys}); using #{key.inspect}.") if supported_keys.length > 1 + token = fresh.delete(key) + new(client, token, fresh) end # Initializes an AccessToken from a key/value application/x-www-form-urlencoded string @@ -35,7 +39,7 @@ def from_kvform(client, kvform) # Initialize an AccessToken # # @param [Client] client the OAuth2::Client instance - # @param [String] token the Access Token value + # @param [String] token the Access Token value (optional, may not be used in refresh flows) # @param [Hash] opts the options to create the Access Token with # @option opts [String] :refresh_token (nil) the refresh_token value # @option opts [FixNum, String] :expires_in (nil) the number of seconds in which the AccessToken will expire @@ -50,14 +54,19 @@ def initialize(client, token, opts = {}) @client = client @token = token.to_s - if @client.options[:raise_errors] && (@token.nil? || @token.empty?) - error = Error.new(opts) - raise(error) - end opts = opts.dup %i[refresh_token expires_in expires_at expires_latency].each do |arg| instance_variable_set("@#{arg}", opts.delete(arg) || opts.delete(arg.to_s)) end + no_tokens = (@token.nil? || @token.empty?) && (@refresh_token.nil? || @refresh_token.empty?) + if no_tokens + if @client.options[:raise_errors] + error = Error.new(opts) + raise(error) + else + warn('OAuth2::AccessToken has no token') + end + end @expires_in ||= opts.delete('expires') @expires_in &&= @expires_in.to_i @expires_at &&= convert_expires_at(@expires_at) diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index aa3f086e..d1032cd9 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,6 +2,6 @@ module OAuth2 module Version - VERSION = '2.0.5'.freeze + VERSION = '2.0.6'.freeze end end diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index fb82115b..283c9eb0 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -22,6 +22,39 @@ end end + describe '.from_hash' do + subject(:target) { described_class.from_hash(client, hash) } + + let(:hash) do + { + :access_token => token, + :id_token => 'confusing bug here', + :refresh_token => 'foobar', + :expires_at => Time.now.to_i + 200, + 'foo' => 'bar', + } + end + + it 'return a hash equals to the hash used to initialize access token' do + expect(target.to_hash).to eq(hash) + end + + context 'with warning for too many tokens' do + subject(:printed) do + capture(:stderr) do + target + end + end + + it 'warns on STDERR' do + msg = <<-MSG.lstrip + OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key ([:access_token, :id_token]); using :access_token. + MSG + expect(printed).to eq(msg) + end + end + end + describe '#initialize' do it 'assigns client and token' do expect(subject.client).to eq(client) @@ -151,6 +184,144 @@ def assert_initialized_token(target) end end + context 'with client.options[:raise_errors] = false' do + let(:options) { {raise_errors: false} } + + before do + expect(client.options[:raise_errors]).to be(false) + end + + context 'when there is a token' do + let(:token) { 'hurdygurdy' } + + it 'does not raise on initialize' do + block_is_expected.not_to raise_error + end + + it 'has token' do + expect(target.token).to eq(token) + end + + it 'has no refresh_token' do + expect(target.refresh_token).to be_nil + end + + context 'when there is refresh_token' do + let(:options) { {raise_errors: false, refresh_token: 'zxcv'} } + + it 'does not raise on initialize' do + block_is_expected.not_to raise_error + end + + it 'has token' do + expect(target.token).to eq(token) + end + + it 'has refresh_token' do + expect(target.refresh_token).to eq('zxcv') + end + end + end + + context 'when there is empty token' do + let(:token) { '' } + + context 'when there is no refresh_token' do + it 'does not raise on initialize' do + block_is_expected.not_to raise_error + end + + it 'has no token' do + expect(target.token).to eq('') + end + + it 'has no refresh_token' do + expect(target.refresh_token).to be_nil + end + + context 'with warning for no token' do + subject(:printed) do + capture(:stderr) do + target + end + end + + it 'warns on STDERR' do + msg = <<-MSG.lstrip + OAuth2::AccessToken has no token + MSG + expect(printed).to eq(msg) + end + end + end + + context 'when there is refresh_token' do + let(:options) { {raise_errors: false, refresh_token: 'qwer'} } + + it 'does not raise on initialize' do + block_is_expected.not_to raise_error + end + + it 'has no token' do + expect(target.token).to eq('') + end + + it 'has refresh_token' do + expect(target.refresh_token).to eq('qwer') + end + end + end + + context 'when there is nil token' do + let(:token) { nil } + + context 'when there is no refresh_token' do + it 'does not raise on initialize' do + block_is_expected.not_to raise_error + end + + it 'has no token' do + expect(target.token).to eq('') + end + + it 'has no refresh_token' do + expect(target.refresh_token).to be_nil + end + + context 'with warning for no token' do + subject(:printed) do + capture(:stderr) do + target + end + end + + it 'warns on STDERR' do + msg = <<-MSG.lstrip + OAuth2::AccessToken has no token + MSG + expect(printed).to eq(msg) + end + end + end + + context 'when there is refresh_token' do + let(:options) { {raise_errors: false, refresh_token: 'asdf'} } + + it 'does not raise on initialize' do + block_is_expected.not_to raise_error + end + + it 'has no token' do + expect(target.token).to eq('') + end + + it 'has refresh_token' do + expect(target.refresh_token).to eq('asdf') + end + end + end + end + context 'with client.options[:raise_errors] = true' do let(:options) { {raise_errors: true} } @@ -164,21 +335,81 @@ def assert_initialized_token(target) it 'does not raise on initialize' do block_is_expected.not_to raise_error end + + it 'has token' do + expect(target.token).to eq(token) + end + + it 'has no refresh_token' do + expect(target.refresh_token).to be_nil + end + + context 'when there is refresh_token' do + let(:options) { {raise_errors: true, refresh_token: 'zxcv'} } + + it 'does not raise on initialize' do + block_is_expected.not_to raise_error + end + + it 'has token' do + expect(target.token).to eq(token) + end + + it 'has refresh_token' do + expect(target.refresh_token).to eq('zxcv') + end + end end context 'when there is empty token' do let(:token) { '' } - it 'raises on initialize' do - block_is_expected.to raise_error(OAuth2::Error, '{:raise_errors=>true}') + context 'when there is no refresh_token' do + it 'raises on initialize' do + block_is_expected.to raise_error(OAuth2::Error, '{:raise_errors=>true}') + end + end + + context 'when there is refresh_token' do + let(:options) { {raise_errors: true, refresh_token: 'qwer'} } + + it 'does not raise on initialize' do + block_is_expected.not_to raise_error + end + + it 'has no token' do + expect(target.token).to eq('') + end + + it 'has refresh_token' do + expect(target.refresh_token).to eq('qwer') + end end end context 'when there is nil token' do let(:token) { nil } - it 'raises on initialize' do - block_is_expected.to raise_error(OAuth2::Error, '{:raise_errors=>true}') + context 'when there is no refresh_token' do + it 'raises on initialize' do + block_is_expected.to raise_error(OAuth2::Error, '{:raise_errors=>true}') + end + end + + context 'when there is refresh_token' do + let(:options) { {raise_errors: true, refresh_token: 'asdf'} } + + it 'does not raise on initialize' do + block_is_expected.not_to raise_error + end + + it 'has no token' do + expect(target.token).to eq('') + end + + it 'has refresh_token' do + expect(target.refresh_token).to eq('asdf') + end end end end From 86a686e9553077e7a2c8ad37075285d8b71c1345 Mon Sep 17 00:00:00 2001 From: Hamed Asghari Date: Mon, 1 Aug 2022 17:01:11 -0600 Subject: [PATCH 204/645] Fix version interpolation in post install message (#625) --- oauth2.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index 2e2594b1..1af5d585 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -21,7 +21,7 @@ Gem::Specification.new do |spec| spec.summary = 'A Ruby wrapper for the OAuth 2.0 protocol.' spec.version = OAuth2::Version::VERSION spec.post_install_message = " -You have installed oauth2 version #{OAuth2::Version}, congratulations! +You have installed oauth2 version #{OAuth2::Version::VERSION}, congratulations! There are BREAKING changes, but most will not encounter them, and updating your code should be easy! From 5e20fdd6016e617b5b3080652dc75c43342b2b5a Mon Sep 17 00:00:00 2001 From: Rick Selby Date: Tue, 2 Aug 2022 00:03:38 +0100 Subject: [PATCH 205/645] 2.0.6 uses different token to 2.0.5 (#626) * Prefer the key order from the lookup, not the hash keys * Fix subject cop * Fix hash style cop --- lib/oauth2/access_token.rb | 2 +- spec/oauth2/access_token_spec.rb | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 290981b6..60f6b090 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -18,7 +18,7 @@ class << self # @return [AccessToken] the initialized AccessToken def from_hash(client, hash) fresh = hash.dup - supported_keys = fresh.keys & TOKEN_KEY_LOOKUP + supported_keys = TOKEN_KEY_LOOKUP & fresh.keys key = supported_keys[0] # Having too many is sus, and may lead to bugs. Having none is fine (e.g. refresh flow doesn't need a token). warn("OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (#{supported_keys}); using #{key.inspect}.") if supported_keys.length > 1 diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 283c9eb0..795e3810 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -53,6 +53,28 @@ expect(printed).to eq(msg) end end + + context 'with keys in a different order to the lookup' do + subject(:printed) do + capture(:stderr) do + target + end + end + + let(:hash) do + { + id_token: 'confusing bug here', + access_token: token, + } + end + + it 'warns on STDERR and selects the correct key' do + msg = <<-MSG.lstrip + OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key ([:access_token, :id_token]); using :access_token. + MSG + expect(printed).to eq(msg) + end + end end describe '#initialize' do From d499c582ae505c4cec53836a5cfef0e034b29f33 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Mon, 22 Aug 2022 05:12:37 -0600 Subject: [PATCH 206/645] 431/fix post json for token (#629) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 📝 Document release 2.0.7 Signed-off-by: Peter Boling * 🐛 Allow POST of JSON to get token - Fixes #431 - Thanks @terracatta Signed-off-by: Peter Boling * ♻️ Refactor method names that are too long Signed-off-by: Peter Boling * 🔖 Prepare release 2.0.7 Signed-off-by: Peter Boling * ♻️ Small Client refactor Signed-off-by: Peter Boling * 📝 Document impact of fix Signed-off-by: Peter Boling Signed-off-by: Peter Boling --- CHANGELOG.md | 9 ++++++ lib/oauth2/client.rb | 58 +++++++++++++++++++++++++------------- lib/oauth2/version.rb | 2 +- spec/oauth2/client_spec.rb | 13 +++++++++ 4 files changed, 62 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 54afea4d..acaf0b90 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file. The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html). +## [2.0.7] - 2022-08-22 +### Added +- [#629](https://github.com/oauth-xx/oauth2/pull/629) - Allow POST of JSON to get token (@pboling, @terracatta) + +### Fixed +- [#626](https://github.com/oauth-xx/oauth2/pull/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby) + - Note: This fixes compatibility with `omniauth-oauth2` and AWS +- [#625](https://github.com/oauth-xx/oauth2/pull/625) - Fixes the printed version in the post install message (@hasghari) + ## [2.0.6] - 2022-07-13 ### Fixed - [#624](https://github.com/oauth-xx/oauth2/pull/624) - Fixes a [regression](https://github.com/oauth-xx/oauth2/pull/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 8f2c82b2..bffd9cca 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -157,46 +157,50 @@ def request(verb, url, opts = {}, &block) def get_token(params, access_token_opts = {}, extract_access_token = nil, &block) warn('OAuth2::Client#get_token argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class` on #initialize.') if extract_access_token extract_access_token ||= options[:extract_access_token] - params = params.map do |key, value| - if RESERVED_PARAM_KEYS.include?(key) - [key.to_sym, value] - else - [key, value] - end - end.to_h - - parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse] - snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky] + parse, snaky, params, headers = parse_snaky_params_headers(params) request_opts = { raise_errors: options[:raise_errors], parse: parse, snaky: snaky, } - params = authenticator.apply(params) - headers = params.delete(:headers) || {} if options[:token_method] == :post - request_opts[:body] = params + + # NOTE: If proliferation of request types continues we should implement a parser solution for Request, + # just like we have with Response. + request_opts[:body] = if headers['Content-Type'] == 'application/json' + params.to_json + else + params + end + request_opts[:headers] = {'Content-Type' => 'application/x-www-form-urlencoded'} else request_opts[:params] = params request_opts[:headers] = {} end request_opts[:headers].merge!(headers) - http_method = options[:token_method] - http_method = :post if http_method == :post_with_query_string response = request(http_method, token_url, request_opts, &block) # In v1.4.x, the deprecated extract_access_token option retrieves the token from the response. # We preserve this behavior here, but a custom access_token_class that implements #from_hash # should be used instead. if extract_access_token - parse_response_with_legacy_extract(response, access_token_opts, extract_access_token) + parse_response_legacy(response, access_token_opts, extract_access_token) else parse_response(response, access_token_opts) end end + # The HTTP Method of the request + # @return [Symbol] HTTP verb, one of :get, :post, :put, :delete + def http_method + http_meth = options[:token_method].to_sym + return :post if http_meth == :post_with_query_string + + http_meth + end + # The Authorization Code strategy # # @see http://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-15#section-4.1 @@ -255,6 +259,22 @@ def redirection_params private + def parse_snaky_params_headers(params) + params = params.map do |key, value| + if RESERVED_PARAM_KEYS.include?(key) + [key.to_sym, value] + else + [key, value] + end + end.to_h + parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse] + snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky] + params = authenticator.apply(params) + # authenticator may add :headers, and we remove them here + headers = params.delete(:headers) || {} + [parse, snaky, params, headers] + end + def execute_request(verb, url, opts = {}) url = connection.build_https://github.com/url(url).to_s @@ -282,8 +302,8 @@ def authenticator Authenticator.new(id, secret, options[:auth_scheme]) end - def parse_response_with_legacy_extract(response, access_token_opts, extract_access_token) - access_token = build_access_token_legacy_extract(response, access_token_opts, extract_access_token) + def parse_response_legacy(response, access_token_opts, extract_access_token) + access_token = build_access_token_legacy(response, access_token_opts, extract_access_token) return access_token if access_token @@ -321,7 +341,7 @@ def build_access_token(response, access_token_opts, access_token_class) # Builds the access token from the response of the HTTP call with legacy extract_access_token # # @return [AccessToken] the initialized AccessToken - def build_access_token_legacy_extract(response, access_token_opts, extract_access_token) + def build_access_token_legacy(response, access_token_opts, extract_access_token) extract_access_token.call(self, response.parsed.merge(access_token_opts)) rescue StandardError nil diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index d1032cd9..46ec4307 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,6 +2,6 @@ module OAuth2 module Version - VERSION = '2.0.6'.freeze + VERSION = '2.0.7'.freeze end end diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index dbb7e693..57539b1b 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -583,6 +583,15 @@ client.get_token({}) end + it 'authenticates with JSON' do + client = stubbed_client(auth_scheme: :basic_auth) do |stub| + stub.post('/oauth/token') do |env| + [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + end + end + client.get_token(headers: {'Content-Type' => 'application/json'}) + end + it 'sets the response object on the access token' do client = stubbed_client do |stub| stub.post('/oauth/token') do @@ -901,6 +910,10 @@ def stubbed_client(params = {}, &stubs) end end + it 'instantiates an HTTP Method with this client' do + expect(subject.http_method).to be_kind_of(Symbol) + end + it 'instantiates an AuthCode strategy with this client' do expect(subject.auth_code).to be_kind_of(OAuth2::Strategy::AuthCode) end From 494a6ee61d8f7182de295bb6a5e37faa824f4bbe Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Mon, 22 Aug 2022 18:34:12 +0700 Subject: [PATCH 207/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20Release=202.0?= =?UTF-8?q?.7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Boling --- CHANGELOG.md | 9 ++++++++- README.md | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index acaf0b90..2eaa2e89 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html). +## Unreleased +### Added +### Changed +### Fixed +### Removed + ## [2.0.7] - 2022-08-22 ### Added - [#629](https://github.com/oauth-xx/oauth2/pull/629) - Allow POST of JSON to get token (@pboling, @terracatta) @@ -306,5 +312,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [2.0.4]: https://github.com/oauth-xx/oauth2/compare/v2.0.3...v2.0.4 [2.0.5]: https://github.com/oauth-xx/oauth2/compare/v2.0.4...v2.0.5 [2.0.6]: https://github.com/oauth-xx/oauth2/compare/v2.0.5...v2.0.6 -[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.6...HEAD +[2.0.7]: https://github.com/oauth-xx/oauth2/compare/v2.0.6...v2.0.7 +[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.7...HEAD [gemfiles/readme]: gemfiles/README.md diff --git a/README.md b/README.md index 691c8145..83dc1163 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. | Version | Release Date | Readme | |---------|--------------|----------------------------------------------------------| +| 2.0.7 | 2022-08-22 | https://github.com/oauth-xx/oauth2/blob/v2.0.7/README.md | | 2.0.6 | 2022-07-13 | https://github.com/oauth-xx/oauth2/blob/v2.0.6/README.md | | 2.0.5 | 2022-07-07 | https://github.com/oauth-xx/oauth2/blob/v2.0.5/README.md | | 2.0.4 | 2022-07-01 | https://github.com/oauth-xx/oauth2/blob/v2.0.4/README.md | From 8263793547e58af1092d4e32794c09005715746f Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 31 Aug 2022 05:11:26 +0700 Subject: [PATCH 208/645] =?UTF-8?q?=F0=9F=9A=B8=20Housekeeping?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2eaa2e89..f99d7d53 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file. The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html). -## Unreleased +## [Unreleased] ### Added ### Changed ### Fixed From 137109a176fb7652af4be0ad2bfb0cec219c517b Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 31 Aug 2022 05:21:12 +0700 Subject: [PATCH 209/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20Enterprise=20?= =?UTF-8?q?support?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- SECURITY.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 011ea669..dbcdde72 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,11 +2,11 @@ ## Supported Versions -| Version | Supported | -|----------|---------------------------| -| 2.latest | ✅ | -| 1.latest | ✅ (security updates only) | -| older | ⛔️ | +| Version | Supported | EOL | Post-EOL / Enterprise | +|----------|-----------|---------|---------------------------------------| +| 2.latest | ✅ | 04/2024 | [Tidelift Subscription][tidelift-ref] | +| 1.latest | ✅ | 04/2023 | [Tidelift Subscription][tidelift-ref] | +| <= 1 | ⛔ | ⛔ | ⛔ | ## Reporting a Vulnerability @@ -17,4 +17,6 @@ Tidelift will coordinate the fix and disclosure. Available as part of the Tidelift Subscription. -The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise&utm_term=repo) +The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref] + +[tidelift-ref]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise&utm_term=repo From daa77eac22566d3adccc3db09808450f190062a8 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 31 Aug 2022 05:22:49 +0700 Subject: [PATCH 210/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20EOL=20Policy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- SECURITY.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index dbcdde72..274337d2 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -8,6 +8,10 @@ | 1.latest | ✅ | 04/2023 | [Tidelift Subscription][tidelift-ref] | | <= 1 | ⛔ | ⛔ | ⛔ | +### EOL Policy + +Non-commercial support for the oldest version of Ruby (which itself is going EOL) will be dropped each year in April. + ## Reporting a Vulnerability To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). From d0c2c75cd8325c304f9d81f80df05832415eca83 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 31 Aug 2022 06:06:55 +0700 Subject: [PATCH 211/645] =?UTF-8?q?=F0=9F=94=A5=20Extract=20snaky=5Fhash?= =?UTF-8?q?=20to=20external=20library?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 4 + Gemfile | 1 + lib/oauth2.rb | 3 +- lib/oauth2/response.rb | 4 +- lib/oauth2/snaky_hash.rb | 8 -- lib/oauth2/version.rb | 2 +- oauth2.gemspec | 2 +- spec/oauth2/snaky_hash_spec.rb | 163 --------------------------------- 8 files changed, 10 insertions(+), 177 deletions(-) delete mode 100644 lib/oauth2/snaky_hash.rb delete mode 100644 spec/oauth2/snaky_hash_spec.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index f99d7d53..9fdb7e20 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,10 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ### Fixed ### Removed +## [2.0.8] - 2022-08-30 +### Changed +- Extract snaky_hash to external dependency (@pboling) + ## [2.0.7] - 2022-08-22 ### Added - [#629](https://github.com/oauth-xx/oauth2/pull/629) - Allow POST of JSON to get token (@pboling, @terracatta) diff --git a/Gemfile b/Gemfile index 5f04e5e4..ddd15b22 100644 --- a/Gemfile +++ b/Gemfile @@ -5,6 +5,7 @@ source 'https://rubygems.org/' gemspec git_source(:github) { |repo_name| "https://github.com/#{repo_name}" } +git_source(:gitlab) { |repo_name| "https://gitlab.com/#{repo_name}" } gem 'rake', '~> 13.0' diff --git a/lib/oauth2.rb b/lib/oauth2.rb index 1efe7923..478fffc5 100644 --- a/lib/oauth2.rb +++ b/lib/oauth2.rb @@ -5,13 +5,12 @@ require 'time' # third party gems -require 'rash' +require 'snaky_hash' require 'version_gem' # includes gem files require 'oauth2/version' require 'oauth2/error' -require 'oauth2/snaky_hash' require 'oauth2/authenticator' require 'oauth2/client' require 'oauth2/strategy/base' diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index b1742e7c..c5bbb3ba 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -46,7 +46,7 @@ def self.register_parser(key, mime_types, &block) # @param [Symbol] parse (:automatic) how to parse the response body. one of :query (for x-www-form-urlencoded), # :json, or :automatic (determined by Content-Type response header) # @param [true, false] snaky (true) Convert @parsed to a snake-case, - # indifferent-access OAuth2::SnakyHash, which is a subclass of Hashie::Mash::Rash (from rash_alt gem)? + # indifferent-access SnakyHash::StringKeyed, which is a subclass of Hashie::Mash (from hashie gem)? # @param [Hash] options all other options for initializing the instance def initialize(response, parse: :automatic, snaky: true, **options) @response = response @@ -90,7 +90,7 @@ def parsed end end - @parsed = OAuth2::SnakyHash.new(@parsed) if options[:snaky] && @parsed.is_a?(Hash) + @parsed = SnakyHash::StringKeyed.new(@parsed) if options[:snaky] && @parsed.is_a?(Hash) @parsed end diff --git a/lib/oauth2/snaky_hash.rb b/lib/oauth2/snaky_hash.rb deleted file mode 100644 index 836d9adb..00000000 --- a/lib/oauth2/snaky_hash.rb +++ /dev/null @@ -1,8 +0,0 @@ -# frozen_string_literal: true - -module OAuth2 - # Hash which allow assign string key in camel case - # and query on both camel and snake case - class SnakyHash < ::Hashie::Mash::Rash - end -end diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index 46ec4307..b99ea929 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,6 +2,6 @@ module OAuth2 module Version - VERSION = '2.0.7'.freeze + VERSION = '2.0.8'.freeze end end diff --git a/oauth2.gemspec b/oauth2.gemspec index 1af5d585..7bca9c00 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -8,7 +8,7 @@ Gem::Specification.new do |spec| spec.add_dependency 'jwt', ['>= 1.0', '< 3.0'] spec.add_dependency 'multi_xml', '~> 0.5' spec.add_dependency 'rack', ['>= 1.2', '< 3'] - spec.add_dependency 'rash_alt', ['>= 0.4', '< 1'] + spec.add_dependency 'snaky_hash', '~> 2.0' spec.add_dependency 'version_gem', '~> 1.1' spec.authors = ['Peter Boling', 'Erik Michaels-Ober', 'Michael Bleigh'] diff --git a/spec/oauth2/snaky_hash_spec.rb b/spec/oauth2/snaky_hash_spec.rb deleted file mode 100644 index 32bf0c33..00000000 --- a/spec/oauth2/snaky_hash_spec.rb +++ /dev/null @@ -1,163 +0,0 @@ -# frozen_string_literal: true - -RSpec.describe OAuth2::SnakyHash do - subject(:instance) { described_class.new } - - describe '.build' do - context 'when build from hash' do - subject { described_class.new('AccessToken' => '1') } - - it 'create correct snake hash' do - expect(subject).to be_a(described_class) - expect(subject['AccessToken']).to eq('1') - expect(subject['access_token']).to eq('1') - end - end - - context 'when build from snake_hash' do - subject do - h = described_class.new - h['AccessToken'] = '1' - - described_class.new(h) - end - - it 'create correct snake hash' do - expect(subject).to be_a(described_class) - expect(subject['AccessToken']).to eq('1') - expect(subject['access_token']).to eq('1') - end - end - end - - describe 'assign and query' do - it 'returns assigned value with camel key' do - subject['AccessToken'] = '1' - - expect(subject['AccessToken']).to eq('1') - expect(subject['access_token']).to eq('1') - end - - it 'returns assigned value with snake key' do - subject['access_token'] = '1' - - expect(subject['AccessToken']).to eq('1') - expect(subject['access_token']).to eq('1') - end - - it 'overwrite by alternate key' do - subject['AccessToken'] = '1' - - expect(subject['AccessToken']).to eq('1') - expect(subject['access_token']).to eq('1') - - subject['access_token'] = '2' - - expect(subject['AccessToken']).to eq('2') - expect(subject['access_token']).to eq('2') - end - end - - describe '#to_h' do - context 'when nil' do - it 'can be converted to empty hash' do - expect(instance.to_h).to eq({}) - end - end - - context 'when empty' do - subject(:instance) { described_class.new(original) } - - let(:original) { {} } - - it 'can be converted to empty hash' do - expect(instance.to_h).to eq({}) - end - end - - context 'when not empty' do - subject(:instance) { described_class.new(original) } - - let(:original) { {'a' => 'b', 'bTo' => 'aDo', 'v_rt' => 1, yy_yy: 'yy_yy', :LuLu => :CRays} } - - it 'converts to snake hash' do - expect(instance.to_h).to eq('a' => 'b', 'b_to' => 'aDo', 'lu_lu' => :CRays, 'v_rt' => 1, 'yy_yy' => 'yy_yy') - end - end - end - - describe '#fetch' do - context 'when Camel case key' do - subject { described_class.new('AccessToken' => '1') } - - it 'return correct token' do - expect(subject.fetch('https://github.com/access_token')).to eq('1') - end - end - - context 'when Camel case key with down-cased first letter' do - subject { described_class.new('accessToken' => '1') } - - it 'return correct token' do - expect(subject.fetch('https://github.com/access_token')).to eq('1') - end - end - - context 'when snake case key' do - subject { described_class.new('access_token' => '1') } - - it 'return correct token' do - expect(subject.fetch('https://github.com/access_token')).to eq('1') - end - end - - context 'when missing any key' do - subject { described_class.new } - - it 'raise KeyError with key' do - pending_for(engine: 'jruby', versions: '3.1.0', reason: 'https://github.com/jruby/jruby/issues/7112') - expect do - subject.fetch('https://github.com/access_token') - end.to raise_error(KeyError, /access_token/) - end - - it 'return default value' do - expect(subject.fetch('https://github.com/access_token', 'default')).to eq('default') - end - end - end - - describe '#key?' do - context 'when Camel case key' do - subject { described_class.new('AccessToken' => '1') } - - it 'return true' do - expect(subject.key?('access_token')).to be(true) - end - end - - context 'when Camel case key with down-cased first letter' do - subject { described_class.new('accessToken' => '1') } - - it 'return true' do - expect(subject.key?('access_token')).to be(true) - end - end - - context 'when snake case key' do - subject { described_class.new('access_token' => '1') } - - it 'return true' do - expect(subject.key?('access_token')).to be(true) - end - end - - context 'when missing any key' do - subject { described_class.new } - - it 'return false' do - expect(subject.key?('access_token')).to be(false) - end - end - end -end From 62616ced74da493a5466dc2879a30f7dc16c3e41 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 1 Sep 2022 02:08:16 +0000 Subject: [PATCH 212/645] =?UTF-8?q?=F0=9F=90=9B=20New=20global=20configura?= =?UTF-8?q?tion=20option=20OAuth2.config.silence=5Fextra=5Ftokens=5Fwarnin?= =?UTF-8?q?g=20(default:=20false)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_todo.yml | 15 +++++++++++---- CHANGELOG.md | 7 +++++-- lib/oauth2.rb | 9 +++++++++ lib/oauth2/access_token.rb | 13 +++++++++++-- spec/oauth2/access_token_spec.rb | 24 ++++++++++++++++++++++++ spec/oauth2_spec.rb | 31 +++++++++++++++++++++++++++++++ 6 files changed, 91 insertions(+), 8 deletions(-) create mode 100644 spec/oauth2_spec.rb diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index b3a3b14d..ef809e2c 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,6 +1,6 @@ # This configuration was generated by # `rubocop --auto-gen-config` -# on 2022-07-13 09:52:51 +0700 using RuboCop version 0.68.1. +# on 2022-09-01 09:04:26 +0700 using RuboCop version 0.68.1. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new @@ -16,14 +16,14 @@ Metrics/AbcSize: Metrics/BlockLength: Max: 35 -# Offense count: 5 +# Offense count: 4 Metrics/CyclomaticComplexity: Max: 12 -# Offense count: 10 +# Offense count: 11 # Configuration parameters: CountComments, ExcludedMethods. Metrics/MethodLength: - Max: 34 + Max: 28 # Offense count: 3 Metrics/PerceivedComplexity: @@ -37,3 +37,10 @@ RSpec/ContextWording: - 'spec/oauth2/access_token_spec.rb' - 'spec/oauth2/authenticator_spec.rb' - 'spec/oauth2/client_spec.rb' + +# Offense count: 1 +# Configuration parameters: EnforcedStyle. +# SupportedStyles: inline, group +Style/AccessModifierDeclarations: + Exclude: + - 'lib/oauth2.rb' diff --git a/CHANGELOG.md b/CHANGELOG.md index 9fdb7e20..af87b0d2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,9 +10,12 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ### Fixed ### Removed -## [2.0.8] - 2022-08-30 +## [2.0.8] - 2022-09-01 ### Changed -- Extract snaky_hash to external dependency (@pboling) +- [!630](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/630) - Extract snaky_hash to external dependency (@pboling) + +### Added +- [!631](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/631) - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes [#628](https://gitlab.com/oauth-xx/oauth2/-/issues/628) ## [2.0.7] - 2022-08-22 ### Added diff --git a/lib/oauth2.rb b/lib/oauth2.rb index 478fffc5..58310826 100644 --- a/lib/oauth2.rb +++ b/lib/oauth2.rb @@ -24,6 +24,15 @@ # The namespace of this library module OAuth2 + DEFAULT_CONFIG = SnakyHash::SymbolKeyed.new(silence_extra_tokens_warning: false) + @config = DEFAULT_CONFIG.dup + class << self + attr_accessor :config + end + def configure + yield @config + end + module_function :configure end OAuth2::Version.class_eval do diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 60f6b090..07f8a295 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -20,8 +20,7 @@ def from_hash(client, hash) fresh = hash.dup supported_keys = TOKEN_KEY_LOOKUP & fresh.keys key = supported_keys[0] - # Having too many is sus, and may lead to bugs. Having none is fine (e.g. refresh flow doesn't need a token). - warn("OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (#{supported_keys}); using #{key.inspect}.") if supported_keys.length > 1 + extra_tokens_warning(supported_keys, key) token = fresh.delete(key) new(client, token, fresh) end @@ -34,6 +33,16 @@ def from_hash(client, hash) def from_kvform(client, kvform) from_hash(client, Rack::Utils.parse_query(kvform)) end + + private + + # Having too many is sus, and may lead to bugs. Having none is fine (e.g. refresh flow doesn't need a token). + def extra_tokens_warning(supported_keys, key) + return if OAuth2.config.silence_extra_tokens_warning + return if supported_keys.length <= 1 + + warn("OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (#{supported_keys}); using #{key.inspect}.") + end end # Initialize an AccessToken diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 795e3810..90ce6a77 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -52,6 +52,30 @@ MSG expect(printed).to eq(msg) end + + context 'when silenced' do + subject(:printed) do + capture(:stderr) do + target + end + end + + before do + OAuth2.configure do |config| + config.silence_extra_tokens_warning = true + end + end + + after do + OAuth2.configure do |config| + config.silence_extra_tokens_warning = false + end + end + + it 'does not warn on STDERR' do + expect(printed).to eq('') + end + end end context 'with keys in a different order to the lookup' do diff --git a/spec/oauth2_spec.rb b/spec/oauth2_spec.rb new file mode 100644 index 00000000..62b824fd --- /dev/null +++ b/spec/oauth2_spec.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +RSpec.describe OAuth2 do + it 'has a default config for silence_extra_tokens_warning' do + expect(described_class.config.silence_extra_tokens_warning).to eq(false) + end + + describe '.configure' do + subject(:configure) do + described_class.configure do |config| + config.silence_extra_tokens_warning = true + end + end + + before do + described_class.configure do |config| + config.silence_extra_tokens_warning = false + end + end + + after do + described_class.configure do |config| + config.silence_extra_tokens_warning = false + end + end + + it 'can change setting of silence_extra_tokens_warning' do + block_is_expected.to change(described_class.config, :silence_extra_tokens_warning).from(false).to(true) + end + end +end From e0ca349a9f93bebd5d9281f02bbb771469535356 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 1 Sep 2022 21:48:36 +0700 Subject: [PATCH 213/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20new=20global?= =?UTF-8?q?=20config=20for=20skipping=20too=20many=20tokens=20warning?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index 83dc1163..9f65a19a 100644 --- a/README.md +++ b/README.md @@ -313,6 +313,19 @@ See [SECURITY.md][🚎sec-pol] ## Usage Examples +### Global Configuration + +If you started seeing this warning, but everything it working fine, you can now silence it. +```log +OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key +``` + +```ruby +OAuth2.configure do |config| + config.silence_extra_tokens_warning = true # default: false +end +``` + ### `authorize_url` and `token_url` are on site root (Just Works!) ```ruby From bf7dba05c0c900077b9055c56403213de31e6080 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 2 Sep 2022 20:29:45 +0000 Subject: [PATCH 214/645] Improve documentation and debugging in console --- bin/console | 1 + lib/oauth2/access_token.rb | 3 ++- spec/oauth2/access_token_spec.rb | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/bin/console b/bin/console index b3c40a59..d8fb16d0 100755 --- a/bin/console +++ b/bin/console @@ -6,6 +6,7 @@ require 'oauth2' # You can add fixtures and/or initialization code here to make experimenting # with your gem easier. You can also use a different console, if you like. +require 'byebug' if ENV['DEBUG'] == 'true' # (If you use this, don't forget to add pry to your Gemfile!) # require "pry" diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 07f8a295..7a278d20 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -14,7 +14,7 @@ class << self # # @param [Client] client the OAuth2::Client instance # @param [Hash] hash a hash of AccessToken property values - # @option hash [String] 'access_token', 'id_token', 'token', :access_token, :id_token, or :token the access token + # @option hash [String, Symbol] 'access_token', 'id_token', 'token', :access_token, :id_token, or :token the access token # @return [AccessToken] the initialized AccessToken def from_hash(client, hash) fresh = hash.dup @@ -76,6 +76,7 @@ def initialize(client, token, opts = {}) warn('OAuth2::AccessToken has no token') end end + # @option opts [Fixnum, String] :expires is deprecated @expires_in ||= opts.delete('expires') @expires_in &&= @expires_in.to_i @expires_at &&= convert_expires_at(@expires_at) diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 90ce6a77..470000a9 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -731,7 +731,7 @@ def self.contains_token?(hash) end describe '#to_hash' do - it 'return a hash equals to the hash used to initialize access token' do + it 'return a hash equal to the hash used to initialize access token' do hash = {:access_token => token, :refresh_token => 'foobar', :expires_at => Time.now.to_i + 200, 'foo' => 'bar'} access_token = described_class.from_hash(client, hash.clone) expect(access_token.to_hash).to eq(hash) From 260a8bb225f9bbfb529c22ca6bd802a9cd907f71 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 15 Sep 2022 05:53:41 +0700 Subject: [PATCH 215/645] =?UTF-8?q?=F0=9F=94=A7=20Complete=20migration=20f?= =?UTF-8?q?rom=20master=20to=20main=20branch?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql-analysis.yml | 4 ++-- .github/workflows/coverage.yml | 1 - .github/workflows/danger.yml | 1 - .github/workflows/heads.yml | 1 - .github/workflows/jruby-head.yml | 1 - .github/workflows/macos-ancient.yml | 1 - .github/workflows/macos.yml | 1 - .github/workflows/style.yml | 1 - .github/workflows/supported.yml | 1 - .github/workflows/unsupported.yml | 1 - .github/workflows/windows-jruby.yml | 1 - .github/workflows/windows.yml | 1 - CHANGELOG.md | 4 ++-- CONTRIBUTING.md | 2 +- Dangerfile | 2 +- README.md | 30 +++++++++++++++------------ oauth2.gemspec | 2 +- 17 files changed, 24 insertions(+), 31 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ca362f89..acf3d2f6 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,10 +13,10 @@ name: "CodeQL" on: push: - branches: [ master, main, "*-stable" ] + branches: [ main, "*-stable" ] pull_request: # The branches below must be a subset of the branches above - branches: [ master, main, "*-stable" ] + branches: [ main, "*-stable" ] schedule: - cron: '35 1 * * 5' diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 2ae6fa6e..a6f22b14 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -8,7 +8,6 @@ on: push: branches: - 'main' - - 'master' - '*-maintenance' - '*-dev' - '*-stable' diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml index c835a410..e31aca95 100644 --- a/.github/workflows/danger.yml +++ b/.github/workflows/danger.yml @@ -4,7 +4,6 @@ on: pull_request: branches: - 'main' - - 'master' - '*-stable' jobs: diff --git a/.github/workflows/heads.yml b/.github/workflows/heads.yml index 40587841..9bd8f0ae 100644 --- a/.github/workflows/heads.yml +++ b/.github/workflows/heads.yml @@ -4,7 +4,6 @@ on: push: branches: - 'main' - - 'master' - '*-maintenance' - '*-dev' - '*-stable' diff --git a/.github/workflows/jruby-head.yml b/.github/workflows/jruby-head.yml index 6e56c895..8c3960d4 100644 --- a/.github/workflows/jruby-head.yml +++ b/.github/workflows/jruby-head.yml @@ -4,7 +4,6 @@ on: push: branches: - 'main' - - 'master' - '*-maintenance' - '*-dev' - '*-stable' diff --git a/.github/workflows/macos-ancient.yml b/.github/workflows/macos-ancient.yml index 847644cd..11405d73 100644 --- a/.github/workflows/macos-ancient.yml +++ b/.github/workflows/macos-ancient.yml @@ -4,7 +4,6 @@ on: push: branches: - 'main' - - 'master' - '*-maintenance' - '*-dev' - '*-stable' diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 447aa830..af6381d5 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -4,7 +4,6 @@ on: push: branches: - 'main' - - 'master' - '*-maintenance' - '*-dev' - '*-stable' diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml index fdf9aaa3..d27761a7 100644 --- a/.github/workflows/style.yml +++ b/.github/workflows/style.yml @@ -4,7 +4,6 @@ on: push: branches: - 'main' - - 'master' - '*-maintenance' - '*-dev' - '*-stable' diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml index 069f8d54..a62d1ef1 100644 --- a/.github/workflows/supported.yml +++ b/.github/workflows/supported.yml @@ -4,7 +4,6 @@ on: push: branches: - 'main' - - 'master' - '*-maintenance' - '*-dev' - '*-stable' diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml index 40f3949c..c22770af 100644 --- a/.github/workflows/unsupported.yml +++ b/.github/workflows/unsupported.yml @@ -4,7 +4,6 @@ on: push: branches: - 'main' - - 'master' - '*-maintenance' - '*-dev' - '*-stable' diff --git a/.github/workflows/windows-jruby.yml b/.github/workflows/windows-jruby.yml index f7e57780..d214df19 100644 --- a/.github/workflows/windows-jruby.yml +++ b/.github/workflows/windows-jruby.yml @@ -4,7 +4,6 @@ on: push: branches: - 'main' - - 'master' - '*-maintenance' - '*-dev' - '*-stable' diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 19df6468..8bf170c7 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -4,7 +4,6 @@ on: push: branches: - 'main' - - 'master' - '*-maintenance' - '*-dev' - '*-stable' diff --git a/CHANGELOG.md b/CHANGELOG.md index af87b0d2..b6fc81b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -160,10 +160,10 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [1.4.6] - 2021-03-19 - [#540](https://github.com/oauth-xx/oauth2/pull/540) - Add VERSION constant (@pboling) - [#537](https://github.com/oauth-xx/oauth2/pull/537) - Fix crash in OAuth2::Client#get_token (@anderscarling) -- [#538](https://github.com/oauth-xx/oauth2/pull/538) - Remove reliance on globally included OAuth2 in tests, analogous to [#539](https://github.com/oauth-xx/oauth2/pull/539) on master branch (@anderscarling) +- [#538](https://github.com/oauth-xx/oauth2/pull/538) - Remove reliance on globally included OAuth2 in tests, analogous to [#539](https://github.com/oauth-xx/oauth2/pull/539) on main branch (@anderscarling) ## [1.4.5] - 2021-03-18 -- [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [#536](https://github.com/oauth-xx/oauth2/pull/536) on master branch (@pboling) +- [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [#536](https://github.com/oauth-xx/oauth2/pull/536) on main branch (@pboling) - [#518](https://github.com/oauth-xx/oauth2/pull/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer) - [#507](https://github.com/oauth-xx/oauth2/pull/507) - Fix camel case content type, response keys (@anvox) - [#500](https://github.com/oauth-xx/oauth2/pull/500) - Fix YARD documentation formatting (@olleolleolle) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c11ff521..ed315d0c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -33,7 +33,7 @@ Made with [contributors-img][contrib-rocks]. [comment]: <> (Following links are used by README, CONTRIBUTING) -[conduct]: https://github.com/oauth-xx/oauth2/blob/master/CODE_OF_CONDUCT.md +[conduct]: https://github.com/oauth-xx/oauth2/blob/main/CODE_OF_CONDUCT.md [contrib-rocks]: https://contrib.rocks diff --git a/Dangerfile b/Dangerfile index 518ea63a..2f8600bb 100644 --- a/Dangerfile +++ b/Dangerfile @@ -10,6 +10,6 @@ warn('PR is classed as Work in Progress') if github.pr_title.include? '[WIP]' # Warn when there is a big PR warn('Big PR') if git.lines_of_code > 500 -# Don't let testing shortcuts get into master by accident +# Don't let testing shortcuts get into main by accident raise('fdescribe left in tests') if `grep -r fdescribe specs/ `.length > 1 raise('fit left in tests') if `grep -r fit specs/ `.length > 1 diff --git a/README.md b/README.md index 9f65a19a..77916947 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@

- OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0 + OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0 - Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 + Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5

@@ -182,11 +182,11 @@ The link tokens in the following sections should be kept ordered by the row and [⛳cclim-cov]: https://codeclimate.com/github/oauth-xx/oauth2/test_coverage [⛳cclim-cov-img♻️]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/test_coverage -[🖇codecov-img♻️]: https://codecov.io/gh/oauth-xx/oauth2/branch/master/graph/badge.svg?token=bNqSzNiuo2 +[🖇codecov-img♻️]: https://codecov.io/gh/oauth-xx/oauth2/branch/main/graph/badge.svg?token=bNqSzNiuo2 [🖇codecov]: https://codecov.io/gh/oauth-xx/oauth2 -[🏘coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=master -[🏘coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth2/badge.svg?branch=master -[🚎sec-pol]: https://github.com/oauth-xx/oauth2/blob/master/SECURITY.md +[🏘coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=main +[🏘coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth2/badge.svg?branch=main +[🚎sec-pol]: https://github.com/oauth-xx/oauth2/blob/main/SECURITY.md [🚎sec-pol-img]: https://img.shields.io/badge/security-policy-brightgreen.svg?style=flat [🖐codeQL]: https://github.com/oauth-xx/oauth2/security/code-scanning [🖐codeQL-img]: https://github.com/oauth-xx/oauth2/actions/workflows/codeql-analysis.yml/badge.svg @@ -266,7 +266,7 @@ For more see [SECURITY.md][🚎sec-pol]. - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option. - By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`) - Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body -- [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#2.0.0) +- [... A lot more](https://github.com/oauth-xx/oauth2/blob/main/CHANGELOG.md#2.0.0) ## Compatibility @@ -304,7 +304,7 @@ of a major release, support for that Ruby version may be dropped. | | Ruby OAuth2 Version | Maintenance Branch | Supported Officially | Supported Unofficially | Supported Incidentally | |:----|---------------------|--------------------|-------------------------|------------------------|------------------------| -| 1️⃣ | 2.0.x | `master` | 2.7, 3.0, 3.1 | 2.5, 2.6 | 2.2, 2.3, 2.4 | +| 1️⃣ | 2.0.x | `main` | 2.7, 3.0, 3.1 | 2.5, 2.6 | 2.2, 2.3, 2.4 | | 2️⃣ | 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 1.9, 2.0 | | 3️⃣ | older | N/A | Best of luck to you! | Please upgrade! | | @@ -423,7 +423,7 @@ The `AccessToken` methods `#get`, `#post`, `#put` and `#delete` and the generic will return an instance of the #OAuth2::Response class. This instance contains a `#parsed` method that will parse the response body and -return a Hash-like [`OAuth2::SnakyHash`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/snaky_hash.rb) if the `Content-Type` is `application/x-www-form-urlencoded` or if +return a Hash-like [`OAuth2::SnakyHash`](https://github.com/oauth-xx/oauth2/blob/main/lib/oauth2/snaky_hash.rb) if the `Content-Type` is `application/x-www-form-urlencoded` or if the body is a JSON object. It will return an Array if the body is a JSON array. Otherwise, it will return the original body string. @@ -453,7 +453,11 @@ Response instance will contain the `OAuth2::Error` instance. Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion authentication grant types have helper strategy classes that simplify client -use. They are available via the [`#auth_code`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/auth_code.rb), [`#implicit`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/implicit.rb), [`#password`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/password.rb), [`#client_credentials`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/client_credentials.rb), and [`#assertion`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/assertion.rb) methods respectively. +use. They are available via the [`#auth_code`](https://github.com/oauth-xx/oauth2/blob/main/lib/oauth2/strategy/auth_code.rb), +[`#implicit`](https://github.com/oauth-xx/oauth2/blob/main/lib/oauth2/strategy/implicit.rb), +[`#password`](https://github.com/oauth-xx/oauth2/blob/main/lib/oauth2/strategy/password.rb), +[`#client_credentials`](https://github.com/oauth-xx/oauth2/blob/main/lib/oauth2/strategy/client_credentials.rb), and +[`#assertion`](https://github.com/oauth-xx/oauth2/blob/main/lib/oauth2/strategy/assertion.rb) methods respectively. These aren't full examples, but demonstrative of the differences between usage for each strategy. ```ruby @@ -525,7 +529,7 @@ spec.add_dependency 'oauth2', '~> 2.0' [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=large)][fossa2] -[license]: https://github.com/oauth-xx/oauth2/blob/master/LICENSE +[license]: https://github.com/oauth-xx/oauth2/blob/main/LICENSE [oauth-xx]: https://github.com/oauth-xx [fossa2]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_large @@ -539,7 +543,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To See [CONTRIBUTING.md][contributing] -[contributing]: https://github.com/oauth-xx/oauth2/blob/master/CONTRIBUTING.md +[contributing]: https://github.com/oauth-xx/oauth2/blob/main/CONTRIBUTING.md ## Contributors @@ -549,4 +553,4 @@ Made with [contributors-img](https://contrib.rocks). ## Code of Conduct -Everyone interacting in the OAuth2 project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/oauth-xx/oauth2/blob/master/CODE_OF_CONDUCT.md). +Everyone interacting in the OAuth2 project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/oauth-xx/oauth2/blob/main/CODE_OF_CONDUCT.md). diff --git a/oauth2.gemspec b/oauth2.gemspec index 7bca9c00..40b180ad 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -27,7 +27,7 @@ There are BREAKING changes, but most will not encounter them, and updating your Please see: • https://github.com/oauth-xx/oauth2#what-is-new-for-v20 -• https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md +• https://github.com/oauth-xx/oauth2/blob/main/CHANGELOG.md Please report issues, and support the project! Thanks, |7eter l-|. l3oling From 272edd68f594d457ab02da85c40179f0e93521da Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 15 Sep 2022 07:13:27 +0700 Subject: [PATCH 216/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20Allow=20rack=20v3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- oauth2.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index 40b180ad..23f4701e 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -7,7 +7,7 @@ Gem::Specification.new do |spec| spec.add_dependency 'faraday', ['>= 0.17.3', '< 3.0'] spec.add_dependency 'jwt', ['>= 1.0', '< 3.0'] spec.add_dependency 'multi_xml', '~> 0.5' - spec.add_dependency 'rack', ['>= 1.2', '< 3'] + spec.add_dependency 'rack', ['>= 1.2', '< 4'] spec.add_dependency 'snaky_hash', '~> 2.0' spec.add_dependency 'version_gem', '~> 1.1' From 5e405dcecbb24a37ce92204225c0c321520698f7 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 15 Sep 2022 08:01:29 +0700 Subject: [PATCH 217/645] =?UTF-8?q?=F0=9F=94=A7=20Migration=20from=20Githu?= =?UTF-8?q?b=20to=20Gitlab?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- oauth2.gemspec | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index 23f4701e..eaf71eea 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -14,7 +14,7 @@ Gem::Specification.new do |spec| spec.authors = ['Peter Boling', 'Erik Michaels-Ober', 'Michael Bleigh'] spec.description = 'A Ruby wrapper for the OAuth 2.0 protocol built with a similar style to the original OAuth spec.' spec.email = ['peter.boling@gmail.com'] - spec.homepage = 'https://github.com/oauth-xx/oauth2' + spec.homepage = 'https://gitlab.com/oauth-xx/oauth2' spec.licenses = %w[MIT] spec.name = 'oauth2' spec.required_ruby_version = '>= 2.2.0' @@ -23,22 +23,28 @@ Gem::Specification.new do |spec| spec.post_install_message = " You have installed oauth2 version #{OAuth2::Version::VERSION}, congratulations! -There are BREAKING changes, but most will not encounter them, and updating your code should be easy! +There are BREAKING changes if you are upgrading from < v2, but most will not encounter them, and updating your code should be easy! + +We have made two other major migrations: +1. master branch renamed to main +2. Github has been replaced with Gitlab Please see: -• https://github.com/oauth-xx/oauth2#what-is-new-for-v20 -• https://github.com/oauth-xx/oauth2/blob/main/CHANGELOG.md +• https://gitlab.com/oauth-xx/oauth2#what-is-new-for-v20 +• https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md +• https://groups.google.com/g/oauth-ruby/c/QA_dtrXWXaE Please report issues, and support the project! Thanks, |7eter l-|. l3oling " spec.metadata['homepage_uri'] = spec.homepage - spec.metadata['source_code_uri'] = "#{spec.homepage}/tree/v#{spec.version}" - spec.metadata['changelog_uri'] = "#{spec.homepage}/blob/v#{spec.version}/CHANGELOG.md" - spec.metadata['bug_tracker_uri'] = "#{spec.homepage}/issues" + spec.metadata['source_code_uri'] = "#{spec.homepage}/-/tree/v#{spec.version}" + spec.metadata['changelog_uri'] = "#{spec.homepage}/-/blob/v#{spec.version}/CHANGELOG.md" + spec.metadata['bug_tracker_uri'] = "#{spec.homepage}/-/issues" spec.metadata['documentation_uri'] = "https://www.rubydoc.info/gems/#{spec.name}/#{spec.version}" - spec.metadata['wiki_uri'] = "#{spec.homepage}/wiki" + spec.metadata['wiki_uri'] = "#{spec.homepage}/-/wiki" + spec.metadata['funding_uri'] = "https://liberapay.com/pboling" spec.metadata['rubygems_mfa_required'] = 'true' spec.require_paths = %w[lib] From 10d9a8374e08bb15938168c6b7c3ef74aae68ee5 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 15 Sep 2022 11:27:16 +0700 Subject: [PATCH 218/645] =?UTF-8?q?=E2=9C=85=20More=20tests?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- spec/oauth2/strategy/auth_code_spec.rb | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/spec/oauth2/strategy/auth_code_spec.rb b/spec/oauth2/strategy/auth_code_spec.rb index fcc7be3b..e1997b1a 100644 --- a/spec/oauth2/strategy/auth_code_spec.rb +++ b/spec/oauth2/strategy/auth_code_spec.rb @@ -80,9 +80,15 @@ client.options[:redirect_uri] = redirect_uri end - it 'includes redirect_uri once in the request parameters' do + it 'does not raise error' do expect { subject.get_token(code, redirect_uri: redirect_uri) }.not_to raise_error end + + it 'gets a token' do + access = subject.get_token(code, redirect_uri: redirect_uri) + + expect(access.token).to eq('salmon') + end end describe '#get_token (handling utf-8 data)' do @@ -103,9 +109,14 @@ subject.get_token(code) end + + it 'can get a token' do + access = subject.get_token(code) + expect(access.token).to eq('salmon') + end end - describe '#get_token' do + describe '#get_token (from microsoft)' do it "doesn't treat an OpenID Connect token with only an id_token (like from Microsoft) as invalid" do @mode = 'from_microsoft' client.options[:token_method] = :get From ef8c2c1d24eb4cdf5f4f2c74c3e125d3d23a9cf8 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 15 Sep 2022 12:03:41 +0700 Subject: [PATCH 219/645] =?UTF-8?q?=F0=9F=94=A7=20Migration=20from=20Githu?= =?UTF-8?q?b=20to=20Gitlab?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 298 +++++++++++++++++++++++++----------------------- CONTRIBUTING.md | 10 +- LICENSE | 2 +- README.md | 121 +++++++++----------- oauth2.gemspec | 2 +- 5 files changed, 216 insertions(+), 217 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b6fc81b7..3dd4bc45 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,14 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ### Fixed ### Removed +## [2.0.9] - 2022-09-15 +### Added +- More specs (@pboling) + +### Changed +- Complete migration to main branch as default (@pboling) +- Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling) + ## [2.0.8] - 2022-09-01 ### Changed - [!630](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/630) - Extract snaky_hash to external dependency (@pboling) @@ -19,21 +27,21 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [2.0.7] - 2022-08-22 ### Added -- [#629](https://github.com/oauth-xx/oauth2/pull/629) - Allow POST of JSON to get token (@pboling, @terracatta) +- [#629](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/629) - Allow POST of JSON to get token (@pboling, @terracatta) ### Fixed -- [#626](https://github.com/oauth-xx/oauth2/pull/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby) +- [#626](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby) - Note: This fixes compatibility with `omniauth-oauth2` and AWS -- [#625](https://github.com/oauth-xx/oauth2/pull/625) - Fixes the printed version in the post install message (@hasghari) +- [#625](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/625) - Fixes the printed version in the post install message (@hasghari) ## [2.0.6] - 2022-07-13 ### Fixed -- [#624](https://github.com/oauth-xx/oauth2/pull/624) - Fixes a [regression](https://github.com/oauth-xx/oauth2/pull/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling) +- [#624](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/624) - Fixes a [regression](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling) ## [2.0.5] - 2022-07-07 ### Fixed -- [#620](https://github.com/oauth-xx/oauth2/pull/620) - Documentation improvements, to help with upgrading (@swanson) -- [#621](https://github.com/oauth-xx/oauth2/pull/621) - Fixed [#528](https://github.com/oauth-xx/oauth2/issues/528) and [#619](https://github.com/oauth-xx/oauth2/issues/619) (@pboling) +- [#620](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/620) - Documentation improvements, to help with upgrading (@swanson) +- [#621](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/621) - Fixed [#528](https://gitlab.com/oauth-xx/oauth2/-/issues/528) and [#619](https://gitlab.com/oauth-xx/oauth2/-/issues/619) (@pboling) - All data in responses is now returned, with the access token removed and set as `token` - `refresh_token` is no longer dropped - **BREAKING**: Microsoft's `id_token` is no longer left as `access_token['id_token']`, but moved to the standard `access_token.token` that all other strategies use @@ -42,21 +50,21 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [2.0.4] - 2022-07-01 ### Fixed -- [#618](https://github.com/oauth-xx/oauth2/pull/618) - In some scenarios the `snaky` option default value was not applied (@pboling) +- [#618](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/618) - In some scenarios the `snaky` option default value was not applied (@pboling) ## [2.0.3] - 2022-06-28 ### Added -- [#611](https://github.com/oauth-xx/oauth2/pull/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling) -- [#612](https://github.com/oauth-xx/oauth2/pull/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling) +- [#611](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling) +- [#612](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling) ### Fixed -- [#608](https://github.com/oauth-xx/oauth2/pull/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler) -- [#615](https://github.com/oauth-xx/oauth2/pull/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling) +- [#608](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler) +- [#615](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling) ## [2.0.2] - 2022-06-24 ### Fixed -- [#604](https://github.com/oauth-xx/oauth2/pull/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu) -- [#606](https://github.com/oauth-xx/oauth2/pull/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu) -- [#607](https://github.com/oauth-xx/oauth2/pull/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan) +- [#604](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu) +- [#606](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu) +- [#607](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan) ## [2.0.1] - 2022-06-22 ### Added @@ -65,80 +73,80 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [2.0.0] - 2022-06-21 ### Added -- [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Optionally pass raw response to parsers (@niels) -- [#190](https://github.com/oauth-xx/oauth2/pull/190), [#332](https://github.com/oauth-xx/oauth2/pull/332), [#334](https://github.com/oauth-xx/oauth2/pull/334), [#335](https://github.com/oauth-xx/oauth2/pull/335), [#360](https://github.com/oauth-xx/oauth2/pull/360), [#426](https://github.com/oauth-xx/oauth2/pull/426), [#427](https://github.com/oauth-xx/oauth2/pull/427), [#461](https://github.com/oauth-xx/oauth2/pull/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm) -- [#220](https://github.com/oauth-xx/oauth2/pull/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore) -- [#298](https://github.com/oauth-xx/oauth2/pull/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig) -- [#305](https://github.com/oauth-xx/oauth2/pull/305) - Option: `OAuth2::Client#get_token` - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` (@styd) -- [#346](https://github.com/oauth-xx/oauth2/pull/571) - Modern gem structure (@pboling) -- [#351](https://github.com/oauth-xx/oauth2/pull/351) - Support Jruby 9k (@pboling) -- [#362](https://github.com/oauth-xx/oauth2/pull/362) - Support SemVer release version scheme (@pboling) -- [#363](https://github.com/oauth-xx/oauth2/pull/363) - New method `OAuth2::AccessToken#refresh!` same as old `refresh`, with backwards compatibility alias (@pboling) -- [#364](https://github.com/oauth-xx/oauth2/pull/364) - Support `application/hal+json` format (@pboling) -- [#365](https://github.com/oauth-xx/oauth2/pull/365) - Support `application/vnd.collection+json` format (@pboling) -- [#376](https://github.com/oauth-xx/oauth2/pull/376) - _Documentation_: Example / Test for Google 2-legged JWT (@jhmoore) -- [#381](https://github.com/oauth-xx/oauth2/pull/381) - Spec for extra header params on client credentials (@nikz) -- [#394](https://github.com/oauth-xx/oauth2/pull/394) - Option: `OAuth2::AccessToken#initialize` - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx) -- [#412](https://github.com/oauth-xx/oauth2/pull/412) - Support `application/vdn.api+json` format (from jsonapi.org) (@david-christensen) -- [#413](https://github.com/oauth-xx/oauth2/pull/413) - _Documentation_: License scan and report (@meganemura) -- [#442](https://github.com/oauth-xx/oauth2/pull/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound) -- [#494](https://github.com/oauth-xx/oauth2/pull/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork) -- [#549](https://github.com/oauth-xx/oauth2/pull/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionError` (@nikkypx) -- [#550](https://github.com/oauth-xx/oauth2/pull/550) - Raise error if location header not present when redirecting (@stanhu) -- [#552](https://github.com/oauth-xx/oauth2/pull/552) - Add missing `version.rb` require (@ahorek) -- [#553](https://github.com/oauth-xx/oauth2/pull/553) - Support `application/problem+json` format (@janz93) -- [#560](https://github.com/oauth-xx/oauth2/pull/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk) -- [#571](https://github.com/oauth-xx/oauth2/pull/571) - Support Ruby 3.1 (@pboling) -- [#575](https://github.com/oauth-xx/oauth2/pull/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling) -- [#581](https://github.com/oauth-xx/oauth2/pull/581) - _Documentation_: of breaking changes (@pboling) +- [#158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [#344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Optionally pass raw response to parsers (@niels) +- [#190](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/190), [#332](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/332), [#334](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/334), [#335](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/335), [#360](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/360), [#426](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/426), [#427](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/427), [#461](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm) +- [#220](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore) +- [#298](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig) +- [#305](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/305) - Option: `OAuth2::Client#get_token` - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` (@styd) +- [#346](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Modern gem structure (@pboling) +- [#351](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/351) - Support Jruby 9k (@pboling) +- [#362](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/362) - Support SemVer release version scheme (@pboling) +- [#363](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/363) - New method `OAuth2::AccessToken#refresh!` same as old `refresh`, with backwards compatibility alias (@pboling) +- [#364](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/364) - Support `application/hal+json` format (@pboling) +- [#365](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/365) - Support `application/vnd.collection+json` format (@pboling) +- [#376](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/376) - _Documentation_: Example / Test for Google 2-legged JWT (@jhmoore) +- [#381](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/381) - Spec for extra header params on client credentials (@nikz) +- [#394](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/394) - Option: `OAuth2::AccessToken#initialize` - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx) +- [#412](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/412) - Support `application/vdn.api+json` format (from jsonapi.org) (@david-christensen) +- [#413](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/413) - _Documentation_: License scan and report (@meganemura) +- [#442](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound) +- [#494](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork) +- [#549](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionError` (@nikkypx) +- [#550](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/550) - Raise error if location header not present when redirecting (@stanhu) +- [#552](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/552) - Add missing `version.rb` require (@ahorek) +- [#553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - Support `application/problem+json` format (@janz93) +- [#560](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk) +- [#571](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Support Ruby 3.1 (@pboling) +- [#575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling) +- [#581](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/581) - _Documentation_: of breaking changes (@pboling) ### Changed -- [#191](https://github.com/oauth-xx/oauth2/pull/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens) -- [#312](https://github.com/oauth-xx/oauth2/pull/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777) -- [#317](https://github.com/oauth-xx/oauth2/pull/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth) -- [#338](https://github.com/oauth-xx/oauth2/pull/338) - _Dependency_: Switch from `Rack::Utils.escape` to `CGI.escape` (@josephpage) -- [#339](https://github.com/oauth-xx/oauth2/pull/339), [#368](https://github.com/oauth-xx/oauth2/pull/368), [#424](https://github.com/oauth-xx/oauth2/pull/424), [#479](https://github.com/oauth-xx/oauth2/pull/479), [#493](https://github.com/oauth-xx/oauth2/pull/493), [#539](https://github.com/oauth-xx/oauth2/pull/539), [#542](https://github.com/oauth-xx/oauth2/pull/542), [#553](https://github.com/oauth-xx/oauth2/pull/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek) -- [#410](https://github.com/oauth-xx/oauth2/pull/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore) -- [#414](https://github.com/oauth-xx/oauth2/pull/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura) -- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost) -- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost) -- [#507](https://github.com/oauth-xx/oauth2/pull/507), [#575](https://github.com/oauth-xx/oauth2/pull/575) - **BREAKING**: Transform keys to camel case, always, by default (ultimately via `rash_alt` gem) +- [#191](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens) +- [#312](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777) +- [#317](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth) +- [#338](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/338) - _Dependency_: Switch from `Rack::Utils.escape` to `CGI.escape` (@josephpage) +- [#339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [#368](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/368), [#424](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/424), [#479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479), [#493](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/493), [#539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539), [#542](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/542), [#553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek) +- [#410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore) +- [#414](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura) +- [#489](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost) +- [#489](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost) +- [#507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507), [#575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - **BREAKING**: Transform keys to camel case, always, by default (ultimately via `rash_alt` gem) - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem. - However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case. - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option. -- [#576](https://github.com/oauth-xx/oauth2/pull/576) - **BREAKING**: Stop rescuing parsing errors (@pboling) -- [#591](https://github.com/oauth-xx/oauth2/pull/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated +- [#576](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - **BREAKING**: Stop rescuing parsing errors (@pboling) +- [#591](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated ### Fixed -- [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Handling of errors when using `omniauth-facebook` (@niels) -- [#294](https://github.com/oauth-xx/oauth2/pull/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom) -- [#300](https://github.com/oauth-xx/oauth2/pull/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare) -- [#318](https://github.com/oauth-xx/oauth2/pull/318), [#326](https://github.com/oauth-xx/oauth2/pull/326), [#343](https://github.com/oauth-xx/oauth2/pull/343), [#347](https://github.com/oauth-xx/oauth2/pull/347), [#397](https://github.com/oauth-xx/oauth2/pull/397), [#464](https://github.com/oauth-xx/oauth2/pull/464), [#561](https://github.com/oauth-xx/oauth2/pull/561), [#565](https://github.com/oauth-xx/oauth2/pull/565) - _Dependency_: Support all versions of `faraday` (see [gemfiles/README.md][gemfiles/readme] for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother) -- [#322](https://github.com/oauth-xx/oauth2/pull/322), [#331](https://github.com/oauth-xx/oauth2/pull/331), [#337](https://github.com/oauth-xx/oauth2/pull/337), [#361](https://github.com/oauth-xx/oauth2/pull/361), [#371](https://github.com/oauth-xx/oauth2/pull/371), [#377](https://github.com/oauth-xx/oauth2/pull/377), [#383](https://github.com/oauth-xx/oauth2/pull/383), [#392](https://github.com/oauth-xx/oauth2/pull/392), [#395](https://github.com/oauth-xx/oauth2/pull/395), [#400](https://github.com/oauth-xx/oauth2/pull/400), [#401](https://github.com/oauth-xx/oauth2/pull/401), [#403](https://github.com/oauth-xx/oauth2/pull/403), [#415](https://github.com/oauth-xx/oauth2/pull/415), [#567](https://github.com/oauth-xx/oauth2/pull/567) - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator) -- [#328](https://github.com/oauth-xx/oauth2/pull/328) - _Documentation_: Homepage URL is SSL (@amatsuda) -- [#339](https://github.com/oauth-xx/oauth2/pull/339), [#479](https://github.com/oauth-xx/oauth2/pull/479) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage) -- [#366](https://github.com/oauth-xx/oauth2/pull/366) - **Security**: Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling) -- [#380](https://github.com/oauth-xx/oauth2/pull/380) - Fix: Stop attempting to encode non-encodable objects in `Oauth2::Error` (@jhmoore) -- [#399](https://github.com/oauth-xx/oauth2/pull/399) - Fix: Stop duplicating `redirect_uri` in `get_token` (@markus) -- [#410](https://github.com/oauth-xx/oauth2/pull/410) - Fix: `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore) -- [#460](https://github.com/oauth-xx/oauth2/pull/460) - Fix: Stop throwing errors when `raise_errors` is set to `false`; analog of [#524](https://github.com/oauth-xx/oauth2/pull/524) for `1-4-stable` branch (@joaolrpaulo) -- [#472](https://github.com/oauth-xx/oauth2/pull/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler) -- [#482](https://github.com/oauth-xx/oauth2/pull/482) - _Documentation_: Update last of `intridea` links to `oauth-xx` (@pboling) -- [#536](https://github.com/oauth-xx/oauth2/pull/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://github.com/oauth-xx/oauth2/pull/535) on `1-4-stable` branch (@pboling) -- [#595](https://github.com/oauth-xx/oauth2/pull/595) - Graceful handling of empty responses from `Client#get_token`, respecting `:raise_errors` config (@stanhu) -- [#596](https://github.com/oauth-xx/oauth2/pull/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu) -- [#598](https://github.com/oauth-xx/oauth2/pull/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu) +- [#158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [#344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Handling of errors when using `omniauth-facebook` (@niels) +- [#294](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom) +- [#300](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare) +- [#318](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/318), [#326](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/326), [#343](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/343), [#347](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/347), [#397](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/397), [#464](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/464), [#561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561), [#565](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/565) - _Dependency_: Support all versions of `faraday` (see [gemfiles/README.md][gemfiles/readme] for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother) +- [#322](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/322), [#331](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/331), [#337](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/337), [#361](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/361), [#371](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/371), [#377](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/377), [#383](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/383), [#392](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/392), [#395](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/395), [#400](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/400), [#401](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/401), [#403](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/403), [#415](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/415), [#567](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/567) - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator) +- [#328](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/328) - _Documentation_: Homepage URL is SSL (@amatsuda) +- [#339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [#479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage) +- [#366](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/366) - **Security**: Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling) +- [#380](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/380) - Fix: Stop attempting to encode non-encodable objects in `Oauth2::Error` (@jhmoore) +- [#399](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/399) - Fix: Stop duplicating `redirect_uri` in `get_token` (@markus) +- [#410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - Fix: `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore) +- [#460](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/460) - Fix: Stop throwing errors when `raise_errors` is set to `false`; analog of [#524](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/524) for `1-4-stable` branch (@joaolrpaulo) +- [#472](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler) +- [#482](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/482) - _Documentation_: Update last of `intridea` links to `oauth-xx` (@pboling) +- [#536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) on `1-4-stable` branch (@pboling) +- [#595](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/595) - Graceful handling of empty responses from `Client#get_token`, respecting `:raise_errors` config (@stanhu) +- [#596](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu) +- [#598](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu) ### Removed -- [#341](https://github.com/oauth-xx/oauth2/pull/341) - Remove Rdoc & Jeweler related files (@josephpage) -- [#342](https://github.com/oauth-xx/oauth2/pull/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage) -- [#539](https://github.com/oauth-xx/oauth2/pull/539) - Remove reliance on globally included OAuth2 in tests, analog of [#538](https://github.com/oauth-xx/oauth2/pull/538) for 1-4-stable (@anderscarling) -- [#566](https://github.com/oauth-xx/oauth2/pull/566) - _Dependency_: Removed `wwtd` (@bquorning) -- [#589](https://github.com/oauth-xx/oauth2/pull/589), [#593](https://github.com/oauth-xx/oauth2/pull/593) - Remove support for expired MAC token draft spec (@stanhu) -- [#590](https://github.com/oauth-xx/oauth2/pull/590) - _Dependency_: Removed `multi_json` (@stanhu) +- [#341](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/341) - Remove Rdoc & Jeweler related files (@josephpage) +- [#342](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage) +- [#539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) - Remove reliance on globally included OAuth2 in tests, analog of [#538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) for 1-4-stable (@anderscarling) +- [#566](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/566) - _Dependency_: Removed `wwtd` (@bquorning) +- [#589](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/589), [#593](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/593) - Remove support for expired MAC token draft spec (@stanhu) +- [#590](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/590) - _Dependency_: Removed `multi_json` (@stanhu) ## [1.4.10] - 2022-07-01 -- FIPS Compatibility [#587](https://github.com/oauth-xx/oauth2/pull/587) (@akostadinov) +- FIPS Compatibility [#587](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/587) (@akostadinov) ## [1.4.9] - 2022-02-20 -- Fixes compatibility with Faraday v2 [572](https://github.com/oauth-xx/oauth2/issues/572) +- Fixes compatibility with Faraday v2 [572](https://gitlab.com/oauth-xx/oauth2/-/issues/572) - Includes supported versions of Faraday in test matrix: - Faraday ~> 2.2.0 with Ruby >= 2.6 - Faraday ~> 1.10 with Ruby >= 2.4 @@ -148,47 +156,47 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [1.4.8] - 2022-02-18 - MFA is now required to push new gem versions (@pboling) - README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling) -- [#569](https://github.com/oauth-xx/oauth2/pull/569) Backport fixes ([#561](https://github.com/oauth-xx/oauth2/pull/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind) +- [#569](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/569) Backport fixes ([#561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind) - Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling) - Add CodeQL, Security Policy, Funding info (@pboling) - Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling) -- [#543](https://github.com/oauth-xx/oauth2/pull/543) - Support for more modern Open SSL libraries (@pboling) +- [#543](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/543) - Support for more modern Open SSL libraries (@pboling) ## [1.4.7] - 2021-03-19 -- [#541](https://github.com/oauth-xx/oauth2/pull/541) - Backport fix to expires_at handling [#533](https://github.com/oauth-xx/oauth2/pull/533) to 1-4-stable branch. (@dobon) +- [#541](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/541) - Backport fix to expires_at handling [#533](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/533) to 1-4-stable branch. (@dobon) ## [1.4.6] - 2021-03-19 -- [#540](https://github.com/oauth-xx/oauth2/pull/540) - Add VERSION constant (@pboling) -- [#537](https://github.com/oauth-xx/oauth2/pull/537) - Fix crash in OAuth2::Client#get_token (@anderscarling) -- [#538](https://github.com/oauth-xx/oauth2/pull/538) - Remove reliance on globally included OAuth2 in tests, analogous to [#539](https://github.com/oauth-xx/oauth2/pull/539) on main branch (@anderscarling) +- [#540](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/540) - Add VERSION constant (@pboling) +- [#537](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/537) - Fix crash in OAuth2::Client#get_token (@anderscarling) +- [#538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) - Remove reliance on globally included OAuth2 in tests, analogous to [#539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) on main branch (@anderscarling) ## [1.4.5] - 2021-03-18 -- [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [#536](https://github.com/oauth-xx/oauth2/pull/536) on main branch (@pboling) -- [#518](https://github.com/oauth-xx/oauth2/pull/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer) -- [#507](https://github.com/oauth-xx/oauth2/pull/507) - Fix camel case content type, response keys (@anvox) -- [#500](https://github.com/oauth-xx/oauth2/pull/500) - Fix YARD documentation formatting (@olleolleolle) +- [#535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [#536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) on main branch (@pboling) +- [#518](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer) +- [#507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507) - Fix camel case content type, response keys (@anvox) +- [#500](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/500) - Fix YARD documentation formatting (@olleolleolle) ## [1.4.4] - 2020-02-12 -- [#408](https://github.com/oauth-xx/oauth2/pull/408) - Fixed expires_at for formatted time (@Lomey) +- [#408](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/408) - Fixed expires_at for formatted time (@Lomey) ## [1.4.3] - 2020-01-29 -- [#483](https://github.com/oauth-xx/oauth2/pull/483) - add project metadata to gemspec (@orien) -- [#495](https://github.com/oauth-xx/oauth2/pull/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz) +- [#483](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/483) - add project metadata to gemspec (@orien) +- [#495](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz) - Adds support for private_key_jwt and tls_client_auth -- [#433](https://github.com/oauth-xx/oauth2/pull/433) - allow field names with square brackets and numbers in params (@asm256) +- [#433](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/433) - allow field names with square brackets and numbers in params (@asm256) ## [1.4.2] - 2019-10-01 -- [#478](https://github.com/oauth-xx/oauth2/pull/478) - support latest version of faraday & fix build (@pboling) +- [#478](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/478) - support latest version of faraday & fix build (@pboling) - Officially support Ruby 2.6 and truffleruby ## [1.4.1] - 2018-10-13 -- [#417](https://github.com/oauth-xx/oauth2/pull/417) - update jwt dependency (@thewoolleyman) -- [#419](https://github.com/oauth-xx/oauth2/pull/419) - remove rubocop dependency (temporary, added back in [#423](https://github.com/oauth-xx/oauth2/pull/423)) (@pboling) -- [#418](https://github.com/oauth-xx/oauth2/pull/418) - update faraday dependency (@pboling) -- [#420](https://github.com/oauth-xx/oauth2/pull/420) - update [oauth2.gemspec](https://github.com/oauth-xx/oauth2/blob/1-4-stable/oauth2.gemspec) (@pboling) -- [#421](https://github.com/oauth-xx/oauth2/pull/421) - fix [CHANGELOG.md](https://github.com/oauth-xx/oauth2/blob/1-4-stable/CHANGELOG.md) for previous releases (@pboling) -- [#422](https://github.com/oauth-xx/oauth2/pull/422) - update [LICENSE](https://github.com/oauth-xx/oauth2/blob/1-4-stable/LICENSE) and [README.md](https://github.com/oauth-xx/oauth2/blob/1-4-stable/README.md) (@pboling) -- [#423](https://github.com/oauth-xx/oauth2/pull/423) - update [builds](https://travis-ci.org/oauth-xx/oauth2/builds), [Rakefile](https://github.com/oauth-xx/oauth2/blob/1-4-stable/Rakefile) (@pboling) +- [#417](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/417) - update jwt dependency (@thewoolleyman) +- [#419](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/419) - remove rubocop dependency (temporary, added back in [#423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423)) (@pboling) +- [#418](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/418) - update faraday dependency (@pboling) +- [#420](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/420) - update [oauth2.gemspec](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/oauth2.gemspec) (@pboling) +- [#421](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/421) - fix [CHANGELOG.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/CHANGELOG.md) for previous releases (@pboling) +- [#422](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/422) - update [LICENSE](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/LICENSE) and [README.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/README.md) (@pboling) +- [#423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423) - update [builds](https://travis-ci.org/oauth-xx/oauth2/builds), [Rakefile](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/Rakefile) (@pboling) - officially document supported Rubies * Ruby 1.9.3 * Ruby 2.0.0 @@ -276,49 +284,49 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [0.0.4] + [0.0.3] + [0.0.2] + [0.0.1] - 2010-04-22 -[0.0.1]: https://github.com/oauth-xx/oauth2/compare/311d9f4...v0.0.1 -[0.0.2]: https://github.com/oauth-xx/oauth2/compare/v0.0.1...v0.0.2 -[0.0.3]: https://github.com/oauth-xx/oauth2/compare/v0.0.2...v0.0.3 -[0.0.4]: https://github.com/oauth-xx/oauth2/compare/v0.0.3...v0.0.4 -[0.0.5]: https://github.com/oauth-xx/oauth2/compare/v0.0.4...v0.0.5 -[0.0.6]: https://github.com/oauth-xx/oauth2/compare/v0.0.5...v0.0.6 -[0.0.7]: https://github.com/oauth-xx/oauth2/compare/v0.0.6...v0.0.7 -[0.0.8]: https://github.com/oauth-xx/oauth2/compare/v0.0.7...v0.0.8 -[0.0.9]: https://github.com/oauth-xx/oauth2/compare/v0.0.8...v0.0.9 -[0.0.10]: https://github.com/oauth-xx/oauth2/compare/v0.0.9...v0.0.10 -[0.0.11]: https://github.com/oauth-xx/oauth2/compare/v0.0.10...v0.0.11 -[0.0.12]: https://github.com/oauth-xx/oauth2/compare/v0.0.11...v0.0.12 -[0.0.13]: https://github.com/oauth-xx/oauth2/compare/v0.0.12...v0.0.13 -[0.1.0]: https://github.com/oauth-xx/oauth2/compare/v0.0.13...v0.1.0 -[0.1.1]: https://github.com/oauth-xx/oauth2/compare/v0.1.0...v0.1.1 -[0.2.0]: https://github.com/oauth-xx/oauth2/compare/v0.1.1...v0.2.0 -[0.3.0]: https://github.com/oauth-xx/oauth2/compare/v0.2.0...v0.3.0 -[0.4.0]: https://github.com/oauth-xx/oauth2/compare/v0.3.0...v0.4.0 -[0.4.1]: https://github.com/oauth-xx/oauth2/compare/v0.4.0...v0.4.1 -[0.5.0]: https://github.com/oauth-xx/oauth2/compare/v0.4.1...v0.5.0 -[1.0.0]: https://github.com/oauth-xx/oauth2/compare/v0.9.4...v1.0.0 -[1.1.0]: https://github.com/oauth-xx/oauth2/compare/v1.0.0...v1.1.0 -[1.2.0]: https://github.com/oauth-xx/oauth2/compare/v1.1.0...v1.2.0 -[1.3.0]: https://github.com/oauth-xx/oauth2/compare/v1.2.0...v1.3.0 -[1.3.1]: https://github.com/oauth-xx/oauth2/compare/v1.3.0...v1.3.1 -[1.4.0]: https://github.com/oauth-xx/oauth2/compare/v1.3.1...v1.4.0 -[1.4.1]: https://github.com/oauth-xx/oauth2/compare/v1.4.0...v1.4.1 -[1.4.2]: https://github.com/oauth-xx/oauth2/compare/v1.4.1...v1.4.2 -[1.4.3]: https://github.com/oauth-xx/oauth2/compare/v1.4.2...v1.4.3 -[1.4.4]: https://github.com/oauth-xx/oauth2/compare/v1.4.3...v1.4.4 -[1.4.5]: https://github.com/oauth-xx/oauth2/compare/v1.4.4...v1.4.5 -[1.4.6]: https://github.com/oauth-xx/oauth2/compare/v1.4.5...v1.4.6 -[1.4.7]: https://github.com/oauth-xx/oauth2/compare/v1.4.6...v1.4.7 -[1.4.8]: https://github.com/oauth-xx/oauth2/compare/v1.4.7...v1.4.8 -[1.4.9]: https://github.com/oauth-xx/oauth2/compare/v1.4.8...v1.4.9 -[1.4.10]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...v1.4.10 -[2.0.0]: https://github.com/oauth-xx/oauth2/compare/v1.4.10...v2.0.0 -[2.0.1]: https://github.com/oauth-xx/oauth2/compare/v2.0.0...v2.0.1 -[2.0.2]: https://github.com/oauth-xx/oauth2/compare/v2.0.1...v2.0.2 -[2.0.3]: https://github.com/oauth-xx/oauth2/compare/v2.0.2...v2.0.3 -[2.0.4]: https://github.com/oauth-xx/oauth2/compare/v2.0.3...v2.0.4 -[2.0.5]: https://github.com/oauth-xx/oauth2/compare/v2.0.4...v2.0.5 -[2.0.6]: https://github.com/oauth-xx/oauth2/compare/v2.0.5...v2.0.6 -[2.0.7]: https://github.com/oauth-xx/oauth2/compare/v2.0.6...v2.0.7 -[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.7...HEAD +[0.0.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/311d9f4...v0.0.1 +[0.0.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.1...v0.0.2 +[0.0.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.2...v0.0.3 +[0.0.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.3...v0.0.4 +[0.0.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.4...v0.0.5 +[0.0.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.5...v0.0.6 +[0.0.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.6...v0.0.7 +[0.0.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.7...v0.0.8 +[0.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.8...v0.0.9 +[0.0.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.9...v0.0.10 +[0.0.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.10...v0.0.11 +[0.0.12]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.11...v0.0.12 +[0.0.13]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.12...v0.0.13 +[0.1.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.13...v0.1.0 +[0.1.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.1.0...v0.1.1 +[0.2.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.1.1...v0.2.0 +[0.3.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.2.0...v0.3.0 +[0.4.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.3.0...v0.4.0 +[0.4.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.4.0...v0.4.1 +[0.5.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.4.1...v0.5.0 +[1.0.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.9.4...v1.0.0 +[1.1.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.0.0...v1.1.0 +[1.2.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.1.0...v1.2.0 +[1.3.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.2.0...v1.3.0 +[1.3.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.3.0...v1.3.1 +[1.4.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.3.1...v1.4.0 +[1.4.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.0...v1.4.1 +[1.4.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.1...v1.4.2 +[1.4.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.2...v1.4.3 +[1.4.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.3...v1.4.4 +[1.4.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.4...v1.4.5 +[1.4.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.5...v1.4.6 +[1.4.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.6...v1.4.7 +[1.4.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.7...v1.4.8 +[1.4.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.8...v1.4.9 +[1.4.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.9...v1.4.10 +[2.0.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.10...v2.0.0 +[2.0.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.0...v2.0.1 +[2.0.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.1...v2.0.2 +[2.0.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.2...v2.0.3 +[2.0.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.3...v2.0.4 +[2.0.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.4...v2.0.5 +[2.0.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.5...v2.0.6 +[2.0.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.6...v2.0.7 +[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.7...HEAD [gemfiles/readme]: gemfiles/README.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ed315d0c..82219102 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,6 +1,6 @@ ## Contributing -Bug reports and pull requests are welcome on GitHub at [https://github.com/oauth-xx/oauth2][source] +Bug reports and pull requests are welcome on GitLab at [https://gitlab.com/oauth-xx/oauth2][source] . This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct][conduct]. @@ -27,18 +27,18 @@ To submit a patch, please fork the project and create a patch with tests. Once y ## Contributors -[![Contributors](https://contrib.rocks/image?repo=oauth-xx/oauth2)][contributors] +[![Contributors](https://contrib.rocks/image?repo=oauth-xx/oauth2)][🚎contributors] Made with [contributors-img][contrib-rocks]. [comment]: <> (Following links are used by README, CONTRIBUTING) -[conduct]: https://github.com/oauth-xx/oauth2/blob/main/CODE_OF_CONDUCT.md +[conduct]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CODE_OF_CONDUCT.md [contrib-rocks]: https://contrib.rocks -[contributors]: https://github.com/oauth-xx/oauth2/graphs/contributors +[🚎contributors]: https://gitlab.com/oauth-xx/oauth2/-/graphs/main [comment]: <> (Following links are used by README, CONTRIBUTING, Homepage) -[source]: https://github.com/oauth-xx/oauth2/ +[source]: https://gitlab.com/oauth-xx/oauth2/ diff --git a/LICENSE b/LICENSE index 0d3a82cd..5fd4bd3c 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ MIT License Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc. -Copyright (c) 2017 - 2022 oauth-xx organization, https://github.com/oauth-xx +Copyright (c) 2017 - 2022 oauth-xx organization, https://gitlab.com/oauth-xx Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 77916947..6cfe36ea 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. * [oauth sibling gem][sibling-gem] for OAuth 1.0 implementations in Ruby. [oauth2-spec]: https://oauth.net/2/ -[sibling-gem]: https://github.com/oauth-xx/oauth-ruby +[sibling-gem]: https://gitlab.com/oauth-xx/oauth ## Release Documentation @@ -32,14 +32,16 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. | Version | Release Date | Readme | |---------|--------------|----------------------------------------------------------| -| 2.0.7 | 2022-08-22 | https://github.com/oauth-xx/oauth2/blob/v2.0.7/README.md | -| 2.0.6 | 2022-07-13 | https://github.com/oauth-xx/oauth2/blob/v2.0.6/README.md | -| 2.0.5 | 2022-07-07 | https://github.com/oauth-xx/oauth2/blob/v2.0.5/README.md | -| 2.0.4 | 2022-07-01 | https://github.com/oauth-xx/oauth2/blob/v2.0.4/README.md | -| 2.0.3 | 2022-06-28 | https://github.com/oauth-xx/oauth2/blob/v2.0.3/README.md | -| 2.0.2 | 2022-06-24 | https://github.com/oauth-xx/oauth2/blob/v2.0.2/README.md | -| 2.0.1 | 2022-06-22 | https://github.com/oauth-xx/oauth2/blob/v2.0.1/README.md | -| 2.0.0 | 2022-06-21 | https://github.com/oauth-xx/oauth2/blob/v2.0.0/README.md | +| 2.0.9 | 2022-09-15 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.9/README.md | +| 2.0.8 | 2022-09-01 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.8/README.md | +| 2.0.7 | 2022-08-22 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.7/README.md | +| 2.0.6 | 2022-07-13 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.6/README.md | +| 2.0.5 | 2022-07-07 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.5/README.md | +| 2.0.4 | 2022-07-01 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.4/README.md | +| 2.0.3 | 2022-06-28 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.3/README.md | +| 2.0.2 | 2022-06-24 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.2/README.md | +| 2.0.1 | 2022-06-22 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.1/README.md | +| 2.0.0 | 2022-06-21 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.0/README.md | ### Older Releases @@ -49,17 +51,17 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. | Version | Release Date | Readme | |---------|--------------|-----------------------------------------------------------| -| 1.4.10 | Jul 1, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.10/README.md | -| 1.4.9 | Feb 20, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.9/README.md | -| 1.4.8 | Feb 18, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.8/README.md | -| 1.4.7 | Mar 19, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.7/README.md | -| 1.4.6 | Mar 19, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.6/README.md | -| 1.4.5 | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.5/README.md | -| 1.4.4 | Feb 12, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.4/README.md | -| 1.4.3 | Jan 29, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.3/README.md | -| 1.4.2 | Oct 1, 2019 | https://github.com/oauth-xx/oauth2/blob/v1.4.2/README.md | -| 1.4.1 | Oct 13, 2018 | https://github.com/oauth-xx/oauth2/blob/v1.4.1/README.md | -| 1.4.0 | Jun 9, 2017 | https://github.com/oauth-xx/oauth2/blob/v1.4.0/README.md | +| 1.4.10 | Jul 1, 2022 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.10/README.md | +| 1.4.9 | Feb 20, 2022 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.9/README.md | +| 1.4.8 | Feb 18, 2022 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.8/README.md | +| 1.4.7 | Mar 19, 2021 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.7/README.md | +| 1.4.6 | Mar 19, 2021 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.6/README.md | +| 1.4.5 | Mar 18, 2021 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.5/README.md | +| 1.4.4 | Feb 12, 2020 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.4/README.md | +| 1.4.3 | Jan 29, 2020 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.3/README.md | +| 1.4.2 | Oct 1, 2019 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.2/README.md | +| 1.4.1 | Oct 13, 2018 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.1/README.md | +| 1.4.0 | Jun 9, 2017 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.0/README.md |
@@ -67,8 +69,8 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. | Version | Release Date | Readme | |----------|--------------|----------------------------------------------------------| -| 1.3.1 | Mar 3, 2017 | https://github.com/oauth-xx/oauth2/blob/v1.3.1/README.md | -| 1.3.0 | Dec 27, 2016 | https://github.com/oauth-xx/oauth2/blob/v1.3.0/README.md | +| 1.3.1 | Mar 3, 2017 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.3.1/README.md | +| 1.3.0 | Dec 27, 2016 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.3.0/README.md |
@@ -76,10 +78,10 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. | Version | Release Date | Readme | |----------|--------------|----------------------------------------------------------| -| 1.2.0 | Jun 30, 2016 | https://github.com/oauth-xx/oauth2/blob/v1.2.0/README.md | -| 1.1.0 | Jan 30, 2016 | https://github.com/oauth-xx/oauth2/blob/v1.1.0/README.md | -| 1.0.0 | May 23, 2014 | https://github.com/oauth-xx/oauth2/blob/v1.0.0/README.md | -| < 1.0.0 | Find here | https://github.com/oauth-xx/oauth2/tags | +| 1.2.0 | Jun 30, 2016 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.2.0/README.md | +| 1.1.0 | Jan 30, 2016 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.1.0/README.md | +| 1.0.0 | May 23, 2014 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.0.0/README.md | +| < 1.0.0 | Find here | https://gitlab.com/oauth-xx/oauth2/-/tags |
## Status @@ -111,15 +113,15 @@ appended indicators: ♻️ - URL needs to be updated from SASS integration. Find / Replace is insufficient. --> -| | Project | bundle add oauth2 | -|:----|-----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] | -| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-o-img]][🖐prs-o] [![Closed PRs][🧮prs-c-img]][🧮prs-c] [![Next Version][📗next-img♻️]][📗next♻️] | -| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] | -| 4️⃣ | testing | [![Open Issues][⛳iss-o-img]][⛳iss-o] [![Closed Issues][🖇iss-c-img]][🖇iss-c] [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] | -| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] | -| 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | -| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] | +| | Project | bundle add oauth2 | +|:----|-----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] | +| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] | +| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] | +| 4️⃣ | testing | [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] | +| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] | +| 6️⃣ | resources | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | +| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] | [⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability @@ -156,7 +152,7 @@ The link tokens in the following sections should be kept ordered by the row and [🖇triage-help-img]: https://www.codetriage.com/oauth-xx/oauth2/badges/users.svg [🏘depfu♻️]: https://depfu.com/github/oauth-xx/oauth2?project_id=4445 [🏘depfu-img♻️]: https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg -[🚎contributors]: https://github.com/oauth-xx/oauth2/graphs/contributors +[🚎contributors]: https://gitlab.com/oauth-xx/oauth2/-/graphs/main [🚎contributors-img]: https://img.shields.io/github/contributors-anon/oauth-xx/oauth2 [🖐style-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/style.yml [🖐style-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/style.yml/badge.svg @@ -164,10 +160,6 @@ The link tokens in the following sections should be kept ordered by the row and [🧮kloc-img]: https://img.shields.io/tokei/lines/github.com/oauth-xx/oauth2 -[⛳iss-o]: https://github.com/oauth-xx/oauth2/issues -[⛳iss-o-img]: https://img.shields.io/github/issues-raw/oauth-xx/oauth2 -[🖇iss-c]: https://github.com/oauth-xx/oauth2/issues?q=is%3Aissue+is%3Aclosed -[🖇iss-c-img]: https://img.shields.io/github/issues-closed-raw/oauth-xx/oauth2 [🏘sup-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml [🏘sup-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml/badge.svg [🚎heads-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/heads.yml @@ -186,7 +178,7 @@ The link tokens in the following sections should be kept ordered by the row and [🖇codecov]: https://codecov.io/gh/oauth-xx/oauth2 [🏘coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=main [🏘coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth2/badge.svg?branch=main -[🚎sec-pol]: https://github.com/oauth-xx/oauth2/blob/main/SECURITY.md +[🚎sec-pol]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/SECURITY.md [🚎sec-pol-img]: https://img.shields.io/badge/security-policy-brightgreen.svg?style=flat [🖐codeQL]: https://github.com/oauth-xx/oauth2/security/code-scanning [🖐codeQL-img]: https://github.com/oauth-xx/oauth2/actions/workflows/codeql-analysis.yml/badge.svg @@ -194,15 +186,15 @@ The link tokens in the following sections should be kept ordered by the row and [🧮cov-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml/badge.svg -[⛳gh-discussions]: https://github.com/oauth-xx/oauth2/discussions -[⛳gh-discussions-img]: https://img.shields.io/github/discussions/oauth-xx/oauth2 +[⛳gg-discussions]: https://groups.google.com/g/oauth-ruby +[⛳gg-discussions-img]: https://img.shields.io/badge/google-group-purple.svg?style=flat [🖇codementor]: https://www.codementor.io/peterboling?utm_source=github&utm_medium=button&utm_term=peterboling&utm_campaign=github [🖇codementor-img]: https://cdn.codementor.io/badges/get_help_github.svg [🏘chat]: https://gitter.im/oauth-xx/oauth2 [🏘chat-img]: https://img.shields.io/gitter/room/oauth-xx/oauth2.svg [🚎blog]: http://www.railsbling.com/tags/oauth2/ [🚎blog-img]: https://img.shields.io/badge/blog-railsbling-brightgreen.svg?style=flat -[🖐wiki]: https://github.com/oauth-xx/oauth2/wiki +[🖐wiki]: https://gitlab.com/oauth-xx/oauth2/-/wikis/home [🖐wiki-img]: https://img.shields.io/badge/wiki-examples-brightgreen.svg?style=flat @@ -266,7 +258,7 @@ For more see [SECURITY.md][🚎sec-pol]. - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option. - By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`) - Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body -- [... A lot more](https://github.com/oauth-xx/oauth2/blob/main/CHANGELOG.md#2.0.0) +- [... A lot more](https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md#2.0.0) ## Compatibility @@ -281,8 +273,7 @@ This gem is tested against MRI, JRuby, and Truffleruby. Each of those has varying versions that target a specific version of MRI Ruby. This gem should work in the just-listed Ruby engines according to the targeted MRI compatibility in the table below. If you would like to add support for additional engines, - first make sure Github Actions supports the engine, - then submit a PR to the correct maintenance branch as according to the table below. + see `gemfiles/README.md`, then submit a PR to the correct maintenance branch as according to the table below.
@@ -423,7 +414,7 @@ The `AccessToken` methods `#get`, `#post`, `#put` and `#delete` and the generic will return an instance of the #OAuth2::Response class. This instance contains a `#parsed` method that will parse the response body and -return a Hash-like [`OAuth2::SnakyHash`](https://github.com/oauth-xx/oauth2/blob/main/lib/oauth2/snaky_hash.rb) if the `Content-Type` is `application/x-www-form-urlencoded` or if +return a Hash-like [`OAuth2::SnakyHash`](https://gitlab.com/oauth-xx/oauth2/-/blob/main/lib/oauth2/snaky_hash.rb) if the `Content-Type` is `application/x-www-form-urlencoded` or if the body is a JSON object. It will return an Array if the body is a JSON array. Otherwise, it will return the original body string. @@ -453,11 +444,11 @@ Response instance will contain the `OAuth2::Error` instance. Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion authentication grant types have helper strategy classes that simplify client -use. They are available via the [`#auth_code`](https://github.com/oauth-xx/oauth2/blob/main/lib/oauth2/strategy/auth_code.rb), -[`#implicit`](https://github.com/oauth-xx/oauth2/blob/main/lib/oauth2/strategy/implicit.rb), -[`#password`](https://github.com/oauth-xx/oauth2/blob/main/lib/oauth2/strategy/password.rb), -[`#client_credentials`](https://github.com/oauth-xx/oauth2/blob/main/lib/oauth2/strategy/client_credentials.rb), and -[`#assertion`](https://github.com/oauth-xx/oauth2/blob/main/lib/oauth2/strategy/assertion.rb) methods respectively. +use. They are available via the [`#auth_code`](https://gitlab.com/oauth-xx/oauth2/-/blob/main/lib/oauth2/strategy/auth_code.rb), +[`#implicit`](https://gitlab.com/oauth-xx/oauth2/-/blob/main/lib/oauth2/strategy/implicit.rb), +[`#password`](https://gitlab.com/oauth-xx/oauth2/-/blob/main/lib/oauth2/strategy/password.rb), +[`#client_credentials`](https://gitlab.com/oauth-xx/oauth2/-/blob/main/lib/oauth2/strategy/client_credentials.rb), and +[`#assertion`](https://gitlab.com/oauth-xx/oauth2/-/blob/main/lib/oauth2/strategy/assertion.rb) methods respectively. These aren't full examples, but demonstrative of the differences between usage for each strategy. ```ruby @@ -529,7 +520,7 @@ spec.add_dependency 'oauth2', '~> 2.0' [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=large)][fossa2] -[license]: https://github.com/oauth-xx/oauth2/blob/main/LICENSE +[license]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/LICENSE [oauth-xx]: https://github.com/oauth-xx [fossa2]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_large @@ -543,14 +534,14 @@ To install this gem onto your local machine, run `bundle exec rake install`. To See [CONTRIBUTING.md][contributing] -[contributing]: https://github.com/oauth-xx/oauth2/blob/main/CONTRIBUTING.md +[contributing]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CONTRIBUTING.md ## Contributors -[![Contributors](https://contrib.rocks/image?repo=oauth-xx/oauth2)]("https://github.com/oauth-xx/oauth2/graphs/contributors") +[![Contributors](https://contrib.rocks/image?repo=oauth-xx/oauth2)]("https://gitlab.com/oauth-xx/oauth2/-/graphs/main") Made with [contributors-img](https://contrib.rocks). ## Code of Conduct -Everyone interacting in the OAuth2 project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/oauth-xx/oauth2/blob/main/CODE_OF_CONDUCT.md). +Everyone interacting in the OAuth2 project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://gitlab.com/oauth-xx/oauth2/-/blob/main/CODE_OF_CONDUCT.md). diff --git a/oauth2.gemspec b/oauth2.gemspec index eaf71eea..159af4d8 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -44,7 +44,7 @@ Please report issues, and support the project! Thanks, |7eter l-|. l3oling spec.metadata['bug_tracker_uri'] = "#{spec.homepage}/-/issues" spec.metadata['documentation_uri'] = "https://www.rubydoc.info/gems/#{spec.name}/#{spec.version}" spec.metadata['wiki_uri'] = "#{spec.homepage}/-/wiki" - spec.metadata['funding_uri'] = "https://liberapay.com/pboling" + spec.metadata['funding_uri'] = 'https://liberapay.com/pboling' spec.metadata['rubygems_mfa_required'] = 'true' spec.require_paths = %w[lib] From 1e81b62048ec85b861994844d092ee4eef2c2c3c Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 16 Sep 2022 10:58:39 +0700 Subject: [PATCH 220/645] =?UTF-8?q?=F0=9F=94=A7=20Migration=20from=20Githu?= =?UTF-8?q?b=20to=20Gitlab?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6cfe36ea..61399d4d 100644 --- a/README.md +++ b/README.md @@ -521,7 +521,7 @@ spec.add_dependency 'oauth2', '~> 2.0' [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=large)][fossa2] [license]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/LICENSE -[oauth-xx]: https://github.com/oauth-xx +[oauth-xx]: https://gitlab.com/oauth-xx [fossa2]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_large ## Development From e9d70c9f385675583491c44b6928cad27c08bb2b Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 16 Sep 2022 11:47:21 +0700 Subject: [PATCH 221/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Correct=20typos=20?= =?UTF-8?q?in=20CHANGELOG.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3dd4bc45..7908f4a2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,10 +10,9 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ### Fixed ### Removed -## [2.0.9] - 2022-09-15 +## [2.0.9] - 2022-09-16 ### Added - More specs (@pboling) - ### Changed - Complete migration to main branch as default (@pboling) - Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling) @@ -21,14 +20,12 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [2.0.8] - 2022-09-01 ### Changed - [!630](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/630) - Extract snaky_hash to external dependency (@pboling) - ### Added - [!631](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/631) - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes [#628](https://gitlab.com/oauth-xx/oauth2/-/issues/628) ## [2.0.7] - 2022-08-22 ### Added - [#629](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/629) - Allow POST of JSON to get token (@pboling, @terracatta) - ### Fixed - [#626](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby) - Note: This fixes compatibility with `omniauth-oauth2` and AWS @@ -246,11 +243,10 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [1.0.0] - 2014-07-09 ### Added - Add an implementation of the MAC token spec. - ### Fixed - Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7. -## [0.5.0] - 2011-07-29 +## [0.5.0] - 2011-07-29 ### Changed - [breaking] `oauth_token` renamed to `oauth_bearer`. - [breaking] `authorize_path` Client option renamed to `authorize_url`. From bbd243110ee0f345693e0ed4d4f4ef13021483cb Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 16 Sep 2022 11:48:42 +0700 Subject: [PATCH 222/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=202.0.?= =?UTF-8?q?9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/oauth2/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index b99ea929..f130d4f4 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,6 +2,6 @@ module OAuth2 module Version - VERSION = '2.0.8'.freeze + VERSION = '2.0.9'.freeze end end From 39f0f2a5eb73e6045a758c1a8d0a9dbfec61c889 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 16 Sep 2022 11:49:50 +0700 Subject: [PATCH 223/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Correct=20typos=20?= =?UTF-8?q?in=20CHANGELOG.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7908f4a2..992d85c9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -248,11 +248,11 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [0.5.0] - 2011-07-29 ### Changed -- [breaking] `oauth_token` renamed to `oauth_bearer`. -- [breaking] `authorize_path` Client option renamed to `authorize_url`. -- [breaking] `access_token_path` Client option renamed to `token_url`. -- [breaking] `access_token_method` Client option renamed to `token_method`. -- [breaking] `web_server` renamed to `auth_code`. +- *breaking* `oauth_token` renamed to `oauth_bearer`. +- *breaking* `authorize_path` Client option renamed to `authorize_url`. +- *breaking* `access_token_path` Client option renamed to `token_url`. +- *breaking* `access_token_method` Client option renamed to `token_method`. +- *breaking* `web_server` renamed to `auth_code`. ## [0.4.1] - 2011-04-20 From 8c88ad2f309374599ac56cd253fb93e3ad81cf07 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 16 Sep 2022 12:06:45 +0700 Subject: [PATCH 224/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=202.0.?= =?UTF-8?q?9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 11 +++++++++-- README.md | 7 ++++--- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 992d85c9..4179165f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -139,6 +139,10 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#589](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/589), [#593](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/593) - Remove support for expired MAC token draft spec (@stanhu) - [#590](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/590) - _Dependency_: Removed `multi_json` (@stanhu) +## [1.4.11] - 2022-09-16 +- Complete migration to main branch as default (@pboling) +- Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling) + ## [1.4.10] - 2022-07-01 - FIPS Compatibility [#587](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/587) (@akostadinov) @@ -316,7 +320,8 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [1.4.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.7...v1.4.8 [1.4.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.8...v1.4.9 [1.4.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.9...v1.4.10 -[2.0.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.10...v2.0.0 +[1.4.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.10...v1.4.11 +[2.0.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.11...v2.0.0 [2.0.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.0...v2.0.1 [2.0.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.1...v2.0.2 [2.0.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.2...v2.0.3 @@ -324,5 +329,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [2.0.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.4...v2.0.5 [2.0.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.5...v2.0.6 [2.0.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.6...v2.0.7 -[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.7...HEAD +[2.0.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.7...v2.0.8 +[2.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.8...v2.0.9 +[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.9...HEAD [gemfiles/readme]: gemfiles/README.md diff --git a/README.md b/README.md index 61399d4d..2436c276 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. | Version | Release Date | Readme | |---------|--------------|----------------------------------------------------------| -| 2.0.9 | 2022-09-15 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.9/README.md | +| 2.0.9 | 2022-09-16 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.9/README.md | | 2.0.8 | 2022-09-01 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.8/README.md | | 2.0.7 | 2022-08-22 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.7/README.md | | 2.0.6 | 2022-07-13 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.6/README.md | @@ -49,8 +49,9 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby.
1.4.x Readmes -| Version | Release Date | Readme | -|---------|--------------|-----------------------------------------------------------| +| Version | Release Date | Readme | +|---------|--------------|-------------------------------------------------------------| +| 1.4.11 | Sep 16, 2022 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.11/README.md | | 1.4.10 | Jul 1, 2022 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.10/README.md | | 1.4.9 | Feb 20, 2022 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.9/README.md | | 1.4.8 | Feb 18, 2022 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.8/README.md | From e03dafd79a3c3587cd8a4b58c2a1d664b8298314 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Mon, 19 Sep 2022 09:19:20 +0700 Subject: [PATCH 225/645] =?UTF-8?q?=F0=9F=9A=9A=20Add=20file=20type=20exte?= =?UTF-8?q?nsion=20to=20LICENSE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- LICENSE => LICENSE.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename LICENSE => LICENSE.txt (100%) diff --git a/LICENSE b/LICENSE.txt similarity index 100% rename from LICENSE rename to LICENSE.txt From 76c49a137c97c6251479c0bfab6fc7bcbc8d2470 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Mon, 19 Sep 2022 09:33:29 +0700 Subject: [PATCH 226/645] =?UTF-8?q?=F0=9F=94=A7=20Commit=20gemfile.lock(s)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 3 --- 1 file changed, 3 deletions(-) diff --git a/.gitignore b/.gitignore index ca121097..2d9b95ea 100644 --- a/.gitignore +++ b/.gitignore @@ -6,14 +6,11 @@ .rspec_status # Bundler -Gemfile.lock /.bundle/ /gemfiles/.bundle/ /gemfiles/.bundle/config /gemfiles/vendor/ -/gemfiles/*.lock - # Specs /coverage/ /spec/reports/ From 93d5289069274e0e4514d628da927e176beba3ec Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Mon, 19 Sep 2022 09:33:45 +0700 Subject: [PATCH 227/645] =?UTF-8?q?=F0=9F=94=A7=20Commit=20gemfile.lock(s)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Gemfile.lock | 153 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 Gemfile.lock diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 00000000..1df2cd99 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,153 @@ +PATH + remote: . + specs: + oauth2 (2.0.9) + faraday (>= 0.17.3, < 3.0) + jwt (>= 1.0, < 3.0) + multi_xml (~> 0.5) + rack (>= 1.2, < 4) + snaky_hash (~> 2.0) + version_gem (~> 1.1) + +GEM + remote: https://rubygems.org/ + specs: + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) + ast (2.4.2) + backports (3.23.0) + byebug (11.1.3) + childprocess (4.1.0) + codecov (0.6.0) + simplecov (>= 0.15, < 0.22) + diff-lcs (1.5.0) + docile (1.4.0) + faraday (2.5.2) + faraday-net_http (>= 2.0, < 3.1) + ruby2_keywords (>= 0.0.4) + faraday-net_http (3.0.0) + github-markup (4.0.1) + hashie (5.0.0) + iniparse (1.5.0) + jaro_winkler (1.5.4) + json (2.6.2) + jwt (2.5.0) + multi_xml (0.6.0) + overcommit (0.59.1) + childprocess (>= 0.6.3, < 5) + iniparse (~> 1.4) + rexml (~> 3.2) + parallel (1.22.1) + parser (3.1.2.1) + ast (~> 2.4.1) + public_suffix (5.0.0) + rack (3.0.0) + rainbow (2.2.2) + rake + rake (13.0.6) + redcarpet (3.5.1) + rexml (3.2.5) + rspec (3.11.0) + rspec-core (~> 3.11.0) + rspec-expectations (~> 3.11.0) + rspec-mocks (~> 3.11.0) + rspec-block_is_expected (1.0.2) + rspec-core + rspec-core (3.11.0) + rspec-support (~> 3.11.0) + rspec-expectations (3.11.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-mocks (3.11.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-pending_for (0.1.16) + rspec-core + ruby_engine (>= 1, < 3) + ruby_version (~> 1.0) + rspec-stubbed_env (1.0.0) + rspec (>= 3.0) + rspec-support (3.11.1) + rubocop (0.68.1) + jaro_winkler (~> 1.5.1) + parallel (~> 1.10) + parser (>= 2.5, != 2.5.1.1) + rainbow (>= 2.2.2, < 4.0) + ruby-progressbar (~> 1.7) + unicode-display_width (>= 1.4.0, < 1.6) + rubocop-lts (8.0.2) + rubocop-ruby2_2 (~> 1.0.4) + rubocop-md (0.4.1) + rubocop (>= 0.60) + rubocop-performance (1.3.0) + rubocop (>= 0.68.0) + rubocop-rake (0.5.1) + rubocop + rubocop-rspec (1.41.0) + rubocop (>= 0.68.1) + rubocop-ruby2_2 (1.0.4) + rubocop (= 0.68.1) + rubocop-thread_safety (0.4.4) + rubocop (>= 0.53.0) + ruby-progressbar (1.11.0) + ruby2_keywords (0.0.5) + ruby_engine (2.0.0) + ruby_version (1.0.2) + silent_stream (1.0.6) + simplecov (0.21.2) + docile (~> 1.1) + simplecov-html (~> 0.11) + simplecov_json_formatter (~> 0.1) + simplecov-cobertura (2.1.0) + rexml + simplecov (~> 0.19) + simplecov-html (0.12.3) + simplecov-json (0.2.3) + json + simplecov + simplecov-lcov (0.8.0) + simplecov_json_formatter (0.1.4) + snaky_hash (2.0.0) + hashie + version_gem (~> 1.1) + unicode-display_width (1.5.0) + version_gem (1.1.0) + webrick (1.7.0) + yard (0.9.28) + webrick (~> 1.7.0) + +PLATFORMS + x86_64-darwin-21 + +DEPENDENCIES + addressable (>= 2) + backports (>= 3) + bundler (>= 2) + byebug + codecov (~> 0.6) + github-markup + oauth2! + overcommit (~> 0.58) + pry-debugger-jruby + rake (~> 13.0) + redcarpet + rexml (>= 3) + rspec (~> 3.0) + rspec-block_is_expected + rspec-pending_for + rspec-stubbed_env + rubocop-lts (~> 8.0) + rubocop-md + rubocop-performance + rubocop-rake + rubocop-rspec + rubocop-thread_safety + silent_stream + simplecov (~> 0.21) + simplecov-cobertura + simplecov-json + simplecov-lcov (~> 0.8) + yard + +BUNDLED WITH + 2.3.22 From 4e9870d514b8ef43386f222b98f145ff1cc28ddc Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 22 Sep 2022 06:34:19 +0700 Subject: [PATCH 228/645] =?UTF-8?q?=F0=9F=93=9D=20Mention=20doorkeeper=20f?= =?UTF-8?q?or=20server=20implementation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2436c276..bae02ef8 100644 --- a/README.md +++ b/README.md @@ -12,16 +12,17 @@ OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. -This is a RubyGem for implementing OAuth 2.0 clients and servers in Ruby applications. -See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby. +This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications. --- * [OAuth 2.0 Spec][oauth2-spec] +* [doorkeeper gem][doorkeeper-gem] for OAuth 2.0 server/provider implementation. * [oauth sibling gem][sibling-gem] for OAuth 1.0 implementations in Ruby. [oauth2-spec]: https://oauth.net/2/ [sibling-gem]: https://gitlab.com/oauth-xx/oauth +[doorkeeper-gem]: https://github.com/doorkeeper-gem/doorkeeper ## Release Documentation From a7c7e685755d193293703d87c1a90ad5b598d120 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 27 Sep 2022 14:39:12 -0600 Subject: [PATCH 229/645] =?UTF-8?q?=F0=9F=93=8C=20Lockfile=20for=20faraday?= =?UTF-8?q?=20v2=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gemfiles/f2.gemfile.lock | 98 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 gemfiles/f2.gemfile.lock diff --git a/gemfiles/f2.gemfile.lock b/gemfiles/f2.gemfile.lock new file mode 100644 index 00000000..3019558a --- /dev/null +++ b/gemfiles/f2.gemfile.lock @@ -0,0 +1,98 @@ +PATH + remote: .. + specs: + oauth2 (2.0.10) + faraday (>= 0.17.3, < 3.0) + jwt (>= 1.0, < 3.0) + multi_xml (~> 0.5) + rack (>= 1.2, < 4) + snaky_hash (~> 2.0) + version_gem (~> 1.1) + +GEM + remote: https://rubygems.org/ + specs: + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) + ast (2.4.2) + backports (3.23.0) + diff-lcs (1.5.0) + faraday (2.5.2) + faraday-net_http (>= 2.0, < 3.1) + ruby2_keywords (>= 0.0.4) + faraday-net_http (3.0.0) + hashie (5.0.0) + jaro_winkler (1.5.4) + jwt (2.5.0) + multi_xml (0.6.0) + parallel (1.22.1) + parser (3.1.2.1) + ast (~> 2.4.1) + public_suffix (5.0.0) + rack (3.0.0) + rainbow (3.1.1) + rake (13.0.6) + rexml (3.2.5) + rspec (3.11.0) + rspec-core (~> 3.11.0) + rspec-expectations (~> 3.11.0) + rspec-mocks (~> 3.11.0) + rspec-block_is_expected (1.0.2) + rspec-core + rspec-core (3.11.0) + rspec-support (~> 3.11.0) + rspec-expectations (3.11.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-mocks (3.11.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-pending_for (0.1.16) + rspec-core + ruby_engine (>= 1, < 3) + ruby_version (~> 1.0) + rspec-stubbed_env (1.0.0) + rspec (>= 3.0) + rspec-support (3.11.1) + rubocop (0.68.1) + jaro_winkler (~> 1.5.1) + parallel (~> 1.10) + parser (>= 2.5, != 2.5.1.1) + rainbow (>= 2.2.2, < 4.0) + ruby-progressbar (~> 1.7) + unicode-display_width (>= 1.4.0, < 1.6) + rubocop-lts (8.0.2) + rubocop-ruby2_2 (~> 1.0.4) + rubocop-ruby2_2 (1.0.4) + rubocop (= 0.68.1) + ruby-progressbar (1.11.0) + ruby2_keywords (0.0.5) + ruby_engine (2.0.0) + ruby_version (1.0.2) + silent_stream (1.0.6) + snaky_hash (2.0.1) + hashie + version_gem (~> 1.1, >= 1.1.1) + unicode-display_width (1.5.0) + version_gem (1.1.1) + +PLATFORMS + x86_64-darwin-21 + +DEPENDENCIES + addressable (>= 2) + backports (>= 3) + bundler (>= 2) + faraday (~> 2.2) + oauth2! + rake (>= 12) + rexml (>= 3) + rspec (>= 3) + rspec-block_is_expected + rspec-pending_for + rspec-stubbed_env + rubocop-lts (~> 8.0) + silent_stream + +BUNDLED WITH + 2.3.22 From eb4bcc6c568f8f7ff4ace57fb6f05e6635d14505 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 27 Sep 2022 14:39:34 -0600 Subject: [PATCH 230/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typo=20in=20?= =?UTF-8?q?comment?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Rakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index eb413795..9449ebe8 100644 --- a/Rakefile +++ b/Rakefile @@ -36,7 +36,7 @@ end # rdoc.rdoc_dir = 'rdoc' # rdoc.title = "oauth2 #{OAuth2::Version}" # rdoc.main = 'README.md' -# rdoc.rdoc_files.include('README.md', 'LICENSE.md', 'lib/**/*.rb') +# rdoc.rdoc_files.include('README.md', 'LICENSE.txt', 'lib/**/*.rb') # end # end From 23e3a0ef438efa5ff6dd0741272e7533c81ee062 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 27 Sep 2022 14:40:54 -0600 Subject: [PATCH 231/645] =?UTF-8?q?=F0=9F=94=8D=EF=B8=8F=20Improve=20CHANG?= =?UTF-8?q?ELOG.md=20formatting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add links to tagged releases --- CHANGELOG.md | 238 ++++++++++++++++++++++++++++++++------------------- 1 file changed, 149 insertions(+), 89 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4179165f..d91eb259 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,20 +10,20 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ### Fixed ### Removed -## [2.0.9] - 2022-09-16 +## [2.0.9] - 2022-09-16 ([tag][2.0.9t]) ### Added - More specs (@pboling) ### Changed - Complete migration to main branch as default (@pboling) - Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling) -## [2.0.8] - 2022-09-01 +## [2.0.8] - 2022-09-01 ([tag][2.0.8t]) ### Changed - [!630](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/630) - Extract snaky_hash to external dependency (@pboling) ### Added - [!631](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/631) - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes [#628](https://gitlab.com/oauth-xx/oauth2/-/issues/628) -## [2.0.7] - 2022-08-22 +## [2.0.7] - 2022-08-22 ([tag][2.0.7t]) ### Added - [#629](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/629) - Allow POST of JSON to get token (@pboling, @terracatta) ### Fixed @@ -31,11 +31,11 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - Note: This fixes compatibility with `omniauth-oauth2` and AWS - [#625](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/625) - Fixes the printed version in the post install message (@hasghari) -## [2.0.6] - 2022-07-13 +## [2.0.6] - 2022-07-13 ([tag][2.0.6t]) ### Fixed - [#624](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/624) - Fixes a [regression](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling) -## [2.0.5] - 2022-07-07 +## [2.0.5] - 2022-07-07 ([tag][2.0.5t]) ### Fixed - [#620](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/620) - Documentation improvements, to help with upgrading (@swanson) - [#621](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/621) - Fixed [#528](https://gitlab.com/oauth-xx/oauth2/-/issues/528) and [#619](https://gitlab.com/oauth-xx/oauth2/-/issues/619) (@pboling) @@ -45,11 +45,11 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - Remove `parse` and `snaky` from options so they don't get included in response - There is now 100% test coverage, for lines _and_ branches, and it will stay that way. -## [2.0.4] - 2022-07-01 +## [2.0.4] - 2022-07-01 ([tag][2.0.4t]) ### Fixed - [#618](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/618) - In some scenarios the `snaky` option default value was not applied (@pboling) -## [2.0.3] - 2022-06-28 +## [2.0.3] - 2022-06-28 ([tag][2.0.3t]) ### Added - [#611](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling) - [#612](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling) @@ -57,18 +57,18 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#608](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler) - [#615](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling) -## [2.0.2] - 2022-06-24 +## [2.0.2] - 2022-06-24 ([tag][2.0.2t]) ### Fixed - [#604](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu) - [#606](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu) - [#607](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan) -## [2.0.1] - 2022-06-22 +## [2.0.1] - 2022-06-22 ([tag][2.0.1t]) ### Added - Documentation improvements (@pboling) - Increased test coverage to 99% (@pboling) -## [2.0.0] - 2022-06-21 +## [2.0.0] - 2022-06-21 ([tag][2.0.0t]) ### Added - [#158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [#344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Optionally pass raw response to parsers (@niels) - [#190](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/190), [#332](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/332), [#334](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/334), [#335](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/335), [#360](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/360), [#426](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/426), [#427](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/427), [#461](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm) @@ -139,14 +139,14 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#589](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/589), [#593](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/593) - Remove support for expired MAC token draft spec (@stanhu) - [#590](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/590) - _Dependency_: Removed `multi_json` (@stanhu) -## [1.4.11] - 2022-09-16 +## [1.4.11] - 2022-09-16 ([tag][1.4.11t]) - Complete migration to main branch as default (@pboling) - Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling) -## [1.4.10] - 2022-07-01 +## [1.4.10] - 2022-07-01 ([tag][1.4.10t]) - FIPS Compatibility [#587](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/587) (@akostadinov) -## [1.4.9] - 2022-02-20 +## [1.4.9] - 2022-02-20 ([tag][1.4.9t]) - Fixes compatibility with Faraday v2 [572](https://gitlab.com/oauth-xx/oauth2/-/issues/572) - Includes supported versions of Faraday in test matrix: - Faraday ~> 2.2.0 with Ruby >= 2.6 @@ -154,7 +154,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - Faraday ~> 0.17.3 with Ruby >= 1.9 - Add Windows and MacOS to test matrix -## [1.4.8] - 2022-02-18 +## [1.4.8] - 2022-02-18 ([tag][1.4.8t]) - MFA is now required to push new gem versions (@pboling) - README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling) - [#569](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/569) Backport fixes ([#561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind) @@ -163,34 +163,34 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling) - [#543](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/543) - Support for more modern Open SSL libraries (@pboling) -## [1.4.7] - 2021-03-19 +## [1.4.7] - 2021-03-19 ([tag][1.4.7t]) - [#541](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/541) - Backport fix to expires_at handling [#533](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/533) to 1-4-stable branch. (@dobon) -## [1.4.6] - 2021-03-19 +## [1.4.6] - 2021-03-19 ([tag][1.4.6t]) - [#540](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/540) - Add VERSION constant (@pboling) - [#537](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/537) - Fix crash in OAuth2::Client#get_token (@anderscarling) - [#538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) - Remove reliance on globally included OAuth2 in tests, analogous to [#539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) on main branch (@anderscarling) -## [1.4.5] - 2021-03-18 +## [1.4.5] - 2021-03-18 ([tag][1.4.5t]) - [#535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [#536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) on main branch (@pboling) - [#518](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer) - [#507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507) - Fix camel case content type, response keys (@anvox) - [#500](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/500) - Fix YARD documentation formatting (@olleolleolle) -## [1.4.4] - 2020-02-12 +## [1.4.4] - 2020-02-12 ([tag][1.4.4t]) - [#408](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/408) - Fixed expires_at for formatted time (@Lomey) -## [1.4.3] - 2020-01-29 +## [1.4.3] - 2020-01-29 ([tag][1.4.3t]) - [#483](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/483) - add project metadata to gemspec (@orien) - [#495](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz) - Adds support for private_key_jwt and tls_client_auth - [#433](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/433) - allow field names with square brackets and numbers in params (@asm256) -## [1.4.2] - 2019-10-01 +## [1.4.2] - 2019-10-01 ([tag][1.4.2t]) - [#478](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/478) - support latest version of faraday & fix build (@pboling) - Officially support Ruby 2.6 and truffleruby -## [1.4.1] - 2018-10-13 +## [1.4.1] - 2018-10-13 ([tag][1.4.1t]) - [#417](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/417) - update jwt dependency (@thewoolleyman) - [#419](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/419) - remove rubocop dependency (temporary, added back in [#423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423)) (@pboling) - [#418](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/418) - update faraday dependency (@pboling) @@ -216,17 +216,17 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [jruby-9.1]: https://www.jruby.org/2017/05/16/jruby-9-1-9-0.html [jruby-9.2]: https://www.jruby.org/2018/05/24/jruby-9-2-0-0.html -## [1.4.0] - 2017-06-09 +## [1.4.0] - 2017-06-09 ([tag][1.4.0t]) - Drop Ruby 1.8.7 support (@sferik) - Fix some RuboCop offenses (@sferik) - _Dependency_: Remove Yardstick (@sferik) - _Dependency_: Upgrade Faraday to 0.12 (@sferik) -## [1.3.1] - 2017-03-03 +## [1.3.1] - 2017-03-03 ([tag][1.3.1t]) - Add support for Ruby 2.4.0 (@pschambacher) - _Dependency_: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher) -## [1.3.0] - 2016-12-28 +## [1.3.0] - 2016-12-28 ([tag][1.3.0t]) - Add support for header-based authentication to the `Client` so it can be used across the library (@bjeanes) - Default to header-based authentication when getting a token from an authorisation code (@maletor) - **Breaking**: Allow an `auth_scheme` (`:basic_auth` or `:request_body`) to be set on the client, defaulting to `:request_body` to maintain backwards compatibility (@maletor, @bjeanes) @@ -235,22 +235,22 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - Avoid instantiating an `Error` if there is no error to raise (@urkle) - Add support for Faraday 0.10 (@rhymes) -## [1.2.0] - 2016-07-01 +## [1.2.0] - 2016-07-01 ([tag][1.2.0t]) - Properly handle encoding of error responses (so we don't blow up, for example, when Google's response includes a ∞) (@Motoshi-Nishihira) - Make a copy of the options hash in `AccessToken#from_hash` to avoid accidental mutations (@Linuus) - Use `raise` rather than `fail` to throw exceptions (@sferik) -## [1.1.0] - 2016-01-30 +## [1.1.0] - 2016-01-30 ([tag][1.1.0t]) - Various refactors (eliminating `Hash#merge!` usage in `AccessToken#refresh!`, use `yield` instead of `#call`, freezing mutable objects in constants, replacing constants with class variables) (@sferik) - Add support for Rack 2, and bump various other dependencies (@sferik) -## [1.0.0] - 2014-07-09 +## [1.0.0] - 2014-07-09 ([tag][1.0.0t]) ### Added - Add an implementation of the MAC token spec. ### Fixed - Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7. -## [0.5.0] - 2011-07-29 +## [0.5.0] - 2011-07-29 ([tag][0.5.0t]) ### Changed - *breaking* `oauth_token` renamed to `oauth_bearer`. - *breaking* `authorize_path` Client option renamed to `authorize_url`. @@ -258,78 +258,138 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - *breaking* `access_token_method` Client option renamed to `token_method`. - *breaking* `web_server` renamed to `auth_code`. -## [0.4.1] - 2011-04-20 +## [0.4.1] - 2011-04-20 ([tag][0.4.1t]) -## [0.4.0] - 2011-04-20 +## [0.4.0] - 2011-04-20 ([tag][0.4.0t]) -## [0.3.0] - 2011-04-08 +## [0.3.0] - 2011-04-08 ([tag][0.3.0t]) -## [0.2.0] - 2011-04-01 +## [0.2.0] - 2011-04-01 ([tag][0.2.0t]) -## [0.1.1] - 2011-01-12 +## [0.1.1] - 2011-01-12 ([tag][0.1.1t]) -## [0.1.0] - 2010-10-13 +## [0.1.0] - 2010-10-13 ([tag][0.1.0t]) -## [0.0.13] + [0.0.12] + [0.0.11] - 2010-08-17 +## [0.0.13] - 2010-08-17 ([tag][0.0.13t]) -## [0.0.10] - 2010-06-19 +## [0.0.12] - 2010-08-17 ([tag][0.0.12t]) -## [0.0.9] - 2010-06-18 +## [0.0.11] - 2010-08-17 ([tag][0.0.11t]) -## [0.0.8] + [0.0.7] - 2010-04-27 +## [0.0.10] - 2010-06-19 ([tag][0.0.10t]) -## [0.0.6] - 2010-04-25 +## [0.0.9] - 2010-06-18 ([tag][0.0.9t]) -## [0.0.5] - 2010-04-23 +## [0.0.8] - 2010-04-27 ([tag][0.0.8t]) -## [0.0.4] + [0.0.3] + [0.0.2] + [0.0.1] - 2010-04-22 +## [0.0.7] - 2010-04-27 ([tag][0.0.7t]) + +## [0.0.6] - 2010-04-25 ([tag][0.0.6t]) + +## [0.0.5] - 2010-04-23 ([tag][0.0.5t]) + +## [0.0.4] - 2010-04-22 ([tag][0.0.4t]) + +## [0.0.3] - 2010-04-22 ([tag][0.0.3t]) + +## [0.0.2] - 2010-04-22 ([tag][0.0.2t]) + +## [0.0.1] - 2010-04-22 ([tag][0.0.1t]) -[0.0.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/311d9f4...v0.0.1 -[0.0.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.1...v0.0.2 -[0.0.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.2...v0.0.3 -[0.0.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.3...v0.0.4 -[0.0.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.4...v0.0.5 -[0.0.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.5...v0.0.6 -[0.0.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.6...v0.0.7 -[0.0.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.7...v0.0.8 -[0.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.8...v0.0.9 -[0.0.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.9...v0.0.10 -[0.0.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.10...v0.0.11 -[0.0.12]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.11...v0.0.12 -[0.0.13]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.12...v0.0.13 -[0.1.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.13...v0.1.0 -[0.1.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.1.0...v0.1.1 -[0.2.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.1.1...v0.2.0 -[0.3.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.2.0...v0.3.0 -[0.4.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.3.0...v0.4.0 -[0.4.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.4.0...v0.4.1 -[0.5.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.4.1...v0.5.0 -[1.0.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.9.4...v1.0.0 -[1.1.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.0.0...v1.1.0 -[1.2.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.1.0...v1.2.0 -[1.3.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.2.0...v1.3.0 -[1.3.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.3.0...v1.3.1 -[1.4.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.3.1...v1.4.0 -[1.4.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.0...v1.4.1 -[1.4.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.1...v1.4.2 -[1.4.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.2...v1.4.3 -[1.4.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.3...v1.4.4 -[1.4.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.4...v1.4.5 -[1.4.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.5...v1.4.6 -[1.4.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.6...v1.4.7 -[1.4.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.7...v1.4.8 -[1.4.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.8...v1.4.9 -[1.4.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.9...v1.4.10 -[1.4.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.10...v1.4.11 -[2.0.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.11...v2.0.0 -[2.0.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.0...v2.0.1 -[2.0.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.1...v2.0.2 -[2.0.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.2...v2.0.3 -[2.0.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.3...v2.0.4 -[2.0.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.4...v2.0.5 -[2.0.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.5...v2.0.6 -[2.0.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.6...v2.0.7 -[2.0.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.7...v2.0.8 -[2.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.8...v2.0.9 -[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.9...HEAD [gemfiles/readme]: gemfiles/README.md + +[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.9...HEAD +[2.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.8...v2.0.9 +[2.0.9t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.9 +[2.0.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.7...v2.0.8 +[2.0.8t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.8 +[2.0.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.6...v2.0.7 +[2.0.7t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.7 +[2.0.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.5...v2.0.6 +[2.0.6t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.6 +[2.0.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.4...v2.0.5 +[2.0.5t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.5 +[2.0.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.3...v2.0.4 +[2.0.4t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.4 +[2.0.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.2...v2.0.3 +[2.0.3t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.3 +[2.0.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.1...v2.0.2 +[2.0.2t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.2 +[2.0.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.0...v2.0.1 +[2.0.1t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.1 +[2.0.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.11...v2.0.0 +[2.0.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.0 +[1.4.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.10...v1.4.11 +[1.4.11t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.11 +[1.4.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.9...v1.4.10 +[1.4.10t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.10 +[1.4.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.8...v1.4.9 +[1.4.9t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.9 +[1.4.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.7...v1.4.8 +[1.4.8t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.8 +[1.4.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.6...v1.4.7 +[1.4.7t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.7 +[1.4.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.5...v1.4.6 +[1.4.6t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.6 +[1.4.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.4...v1.4.5 +[1.4.5t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.5 +[1.4.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.3...v1.4.4 +[1.4.4t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.4 +[1.4.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.2...v1.4.3 +[1.4.3t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.3 +[1.4.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.1...v1.4.2 +[1.4.2t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.2 +[1.4.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.0...v1.4.1 +[1.4.1t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.1 +[1.4.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.3.1...v1.4.0 +[1.4.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.0 +[1.3.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.3.0...v1.3.1 +[1.3.1t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.3.1 +[1.3.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.2.0...v1.3.0 +[1.3.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.3.0 +[1.2.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.1.0...v1.2.0 +[1.2.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.2.0 +[1.1.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.0.0...v1.1.0 +[1.1.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.1.0 +[1.0.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.9.4...v1.0.0 +[1.0.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.0.0 +[0.5.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.4.1...v0.5.0 +[0.5.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.5.0 +[0.4.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.4.0...v0.4.1 +[0.4.1t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.4.1 +[0.4.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.3.0...v0.4.0 +[0.4.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.4.0 +[0.3.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.2.0...v0.3.0 +[0.3.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.3.0 +[0.2.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.1.1...v0.2.0 +[0.2.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.2.0 +[0.1.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.1.0...v0.1.1 +[0.1.1t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.1.1 +[0.1.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.13...v0.1.0 +[0.1.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.1.0 +[0.0.13]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.12...v0.0.13 +[0.0.13t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.13 +[0.0.12]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.11...v0.0.12 +[0.0.12t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.12 +[0.0.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.10...v0.0.11 +[0.0.11t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.11 +[0.0.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.9...v0.0.10 +[0.0.10t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.10 +[0.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.8...v0.0.9 +[0.0.9t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.9 +[0.0.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.7...v0.0.8 +[0.0.8t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.8 +[0.0.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.6...v0.0.7 +[0.0.7t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.7 +[0.0.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.5...v0.0.6 +[0.0.6t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.6 +[0.0.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.4...v0.0.5 +[0.0.5t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.5 +[0.0.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.3...v0.0.4 +[0.0.4t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.4 +[0.0.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.2...v0.0.3 +[0.0.3t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.3 +[0.0.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.1...v0.0.2 +[0.0.2t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.2 +[0.0.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/311d9f4...v0.0.1 +[0.0.1t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.1 From 1eaa5d63023c8d4262ff8e735dbc38f9a2d871c3 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 27 Sep 2022 14:42:43 -0600 Subject: [PATCH 232/645] =?UTF-8?q?=E2=9E=96=20Remove=20rubocop-md=20depen?= =?UTF-8?q?dency=20(temporary)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop.yml | 5 +++-- Gemfile | 3 ++- Gemfile.lock | 9 +++------ 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/.rubocop.yml b/.rubocop.yml index 6c9e1f99..879d964a 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -6,8 +6,9 @@ inherit_gem: rubocop-lts: rubocop-lts.yml require: - - 'rubocop-md' - # Can be added once we reach rubocop-ruby2_3 + # Try adding back once we reach rubocop-ruby2_3+ + # - 'rubocop-md' + # Can be added once we reach rubocop-ruby2_3+ # - 'rubocop-packaging' - 'rubocop-performance' - 'rubocop-rake' diff --git a/Gemfile b/Gemfile index ddd15b22..96cff377 100644 --- a/Gemfile +++ b/Gemfile @@ -24,7 +24,8 @@ platforms :mri do # Danger is incompatible with Faraday 2 (for now) # see: https://github.com/danger/danger/issues/1349 # gem 'danger', '~> 8.4' - gem 'rubocop-md', require: false + # Commented out rubocop-md because of the <--rubocop/md--> bug + # gem 'rubocop-md', require: false # Can be added once we reach rubocop-lts >= v10 (i.e. drop Ruby 2.2) # gem 'rubocop-packaging', require: false gem 'rubocop-performance', require: false diff --git a/Gemfile.lock b/Gemfile.lock index 1df2cd99..d4793753 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -77,8 +77,6 @@ GEM unicode-display_width (>= 1.4.0, < 1.6) rubocop-lts (8.0.2) rubocop-ruby2_2 (~> 1.0.4) - rubocop-md (0.4.1) - rubocop (>= 0.60) rubocop-performance (1.3.0) rubocop (>= 0.68.0) rubocop-rake (0.5.1) @@ -107,11 +105,11 @@ GEM simplecov simplecov-lcov (0.8.0) simplecov_json_formatter (0.1.4) - snaky_hash (2.0.0) + snaky_hash (2.0.1) hashie - version_gem (~> 1.1) + version_gem (~> 1.1, >= 1.1.1) unicode-display_width (1.5.0) - version_gem (1.1.0) + version_gem (1.1.1) webrick (1.7.0) yard (0.9.28) webrick (~> 1.7.0) @@ -137,7 +135,6 @@ DEPENDENCIES rspec-pending_for rspec-stubbed_env rubocop-lts (~> 8.0) - rubocop-md rubocop-performance rubocop-rake rubocop-rspec From 14fb60792aae643a3877cc0656d721c8f48fc2c5 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 27 Sep 2022 14:47:59 -0600 Subject: [PATCH 233/645] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20Add=20checksums?= =?UTF-8?q?=20for=20release=202.0.10?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Gemfile.lock | 2 +- bin/checksum | 19 ++++++++++ certs/pboling.pem | 27 ++++++++++++++ checksums/oauth2-2.0.10.gem.sha256 | 1 + checksums/oauth2-2.0.10.gem.sha512 | 1 + lib/oauth2/version.rb | 2 +- oauth2.gemspec | 57 ++++++++++++++++++++---------- 7 files changed, 89 insertions(+), 20 deletions(-) create mode 100755 bin/checksum create mode 100644 certs/pboling.pem create mode 100644 checksums/oauth2-2.0.10.gem.sha256 create mode 100644 checksums/oauth2-2.0.10.gem.sha512 diff --git a/Gemfile.lock b/Gemfile.lock index d4793753..14452141 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - oauth2 (2.0.9) + oauth2 (2.0.10) faraday (>= 0.17.3, < 3.0) jwt (>= 1.0, < 3.0) multi_xml (~> 0.5) diff --git a/bin/checksum b/bin/checksum new file mode 100755 index 00000000..a3cd0f88 --- /dev/null +++ b/bin/checksum @@ -0,0 +1,19 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +require "digest/sha2" +gems = Dir["*.gem"] +puts "Found: #{gems.inspect}" +raise "No Gems" if gems.length.zero? +raise "Too Many Gems" if gems.length > 1 + +built_gem_path = gems.first +checksum512 = Digest::SHA512.new.hexdigest(File.read(built_gem_path)) +checksum512_path = "checksums/#{built_gem_path}.sha512" +File.write(checksum512_path, checksum512) + +checksum256 = Digest::SHA256.new.hexdigest(File.read(built_gem_path)) +checksum256_path = "checksums/#{built_gem_path}.sha256" +File.write(checksum256_path, checksum256) + +puts "You must now git add and commit '#{checksum256_path}' and '#{checksum512_path}'" diff --git a/certs/pboling.pem b/certs/pboling.pem new file mode 100644 index 00000000..f11daea5 --- /dev/null +++ b/certs/pboling.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEgDCCAuigAwIBAgIBATANBgkqhkiG9w0BAQsFADBDMRUwEwYDVQQDDAxwZXRl +ci5ib2xpbmcxFTATBgoJkiaJk/IsZAEZFgVnbWFpbDETMBEGCgmSJomT8ixkARkW +A2NvbTAeFw0yMjA5MTgyMzEyMzBaFw0yMzA5MTgyMzEyMzBaMEMxFTATBgNVBAMM +DHBldGVyLmJvbGluZzEVMBMGCgmSJomT8ixkARkWBWdtYWlsMRMwEQYKCZImiZPy +LGQBGRYDY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA2Dn1GM3W +8K2/rvN1zz+06bQMcxD16ZKTihVwi7Pb1v3T98rM4Omnxohm3s+CwpDWGeiB9pj6 +0I/CTce0e4e3s8GKJSOrg93veImPSoH2PfsMsRsuB8wtqyiOCjLbF5o6S29x87r0 +LA5EawH+Lh4xqrkkPjdffsmLk7TaCig/vlmNvnzxXKBdey/X/aEJZXzzBiWRfVdh +O1fmMbVKyieGv9HK7+pLotIoT08bjDv8NP6V7zZslwQRqW27bQc6cqC2LGIbTYO3 +3jt1kQxfMWmhOictS6SzG9VtKSrXf0L4Neq0Gh7CLBZBvJFWJYZPfb92YNITDbd8 +emPOAQlXXNMN4mMXsEqtEhCPZRMnmwO+fOk/cC4AyglKi9lnQugCQoFV1XDMZST/ +CYbzdQyadOdPDInTntG6V+Uw51d2QGXZ6PDDfrx9+toc/3sl5h68rCUGgE6Q3jPz +srinqmBsxv2vTpmd4FjmiAtEnwH5/ooLpQYL8UdAjEoeysxS3AwIh+5dAgMBAAGj +fzB9MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBQWU6D156a2cle+ +lb5RBfvVXlxTwjAhBgNVHREEGjAYgRZwZXRlci5ib2xpbmdAZ21haWwuY29tMCEG +A1UdEgQaMBiBFnBldGVyLmJvbGluZ0BnbWFpbC5jb20wDQYJKoZIhvcNAQELBQAD +ggGBAJ4SqhPlgUiLYIrphGXIaxXScHyvx4kixuvdrwhI4VoQV2qXvO7R6ZjOXVwX +f/z84BWPiTZ8lzThPbt1UV/BGwkvLw9I4RjOdzvUz3J42j9Ly6q63isall07bo3F +QWe/OBvIMBF1IbjC3q5vKPg4rq8+TkNRJNoE86U2gfR+PkW3jYYs9uiy0GloHDCP +k5xgaj0vSL0Uy5mTOPdk3K6a/sUGZyYniWK05zdhIi956ynhfGaFO988FFdVw5Jq +LHtXfIpAU8F7ES04syZSslxOluw7VlcSKyRdVIr737J92ZTduppB4PRGSKRgBsWV +hXTahRE72Kyw53Q7FAuzF3v102WxAAQ7BuMjW+MyCUT75fwPm3W4ELPL8HYkNGE7 +2oA5CPghFitRnvYS3GNrDG+9bNiRMEskeaBYwZ9UgReBQIwGYVj7LZk3UhiAsn44 +gwGrEXGQGDZ0NIgBcmvMOqlXjkGQwQvugKycJ024z89+fz2332vdZIKTrSxJrXGk +4/bR9A== +-----END CERTIFICATE----- diff --git a/checksums/oauth2-2.0.10.gem.sha256 b/checksums/oauth2-2.0.10.gem.sha256 new file mode 100644 index 00000000..623e2626 --- /dev/null +++ b/checksums/oauth2-2.0.10.gem.sha256 @@ -0,0 +1 @@ +8c18b6470acd1ec188bd31f5d364066146a2751052a3fb7de06ff88c78a6069d \ No newline at end of file diff --git a/checksums/oauth2-2.0.10.gem.sha512 b/checksums/oauth2-2.0.10.gem.sha512 new file mode 100644 index 00000000..0e07fd2a --- /dev/null +++ b/checksums/oauth2-2.0.10.gem.sha512 @@ -0,0 +1 @@ +753a5803757e2b30214dfe4ef6ce93ec1edea7b9448b8078f082128a039339c1c43d5a21bbf68a2476acc49358f7311c3106ba35821c7bdf3e1c71e800c15eee \ No newline at end of file diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index f130d4f4..c4c3e3bd 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,6 +2,6 @@ module OAuth2 module Version - VERSION = '2.0.9'.freeze + VERSION = '2.0.10'.freeze end end diff --git a/oauth2.gemspec b/oauth2.gemspec index 159af4d8..e0c953c7 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -11,31 +11,53 @@ Gem::Specification.new do |spec| spec.add_dependency 'snaky_hash', '~> 2.0' spec.add_dependency 'version_gem', '~> 1.1' - spec.authors = ['Peter Boling', 'Erik Michaels-Ober', 'Michael Bleigh'] - spec.description = 'A Ruby wrapper for the OAuth 2.0 protocol built with a similar style to the original OAuth spec.' - spec.email = ['peter.boling@gmail.com'] - spec.homepage = 'https://gitlab.com/oauth-xx/oauth2' - spec.licenses = %w[MIT] - spec.name = 'oauth2' + spec.cert_chain = ['certs/pboling.pem'] + spec.signing_key = File.expand_path('~/.ssh/gem-private_key.pem') if $PROGRAM_NAME.end_with?('gem') + + spec.authors = ['Peter Boling', 'Erik Michaels-Ober', 'Michael Bleigh'] + spec.summary = 'OAuth 2.0 Core Ruby implementation' + spec.description = 'A Ruby wrapper for the OAuth 2.0 protocol built with a similar style to the original OAuth spec.' + spec.email = ['peter.boling@gmail.com', 'oauth-ruby@googlegroups.com'] + spec.homepage = 'https://gitlab.com/oauth-xx/oauth2' + spec.licenses = 'MIT' + spec.name = 'oauth2' spec.required_ruby_version = '>= 2.2.0' - spec.summary = 'A Ruby wrapper for the OAuth 2.0 protocol.' - spec.version = OAuth2::Version::VERSION + spec.version = OAuth2::Version::VERSION spec.post_install_message = " You have installed oauth2 version #{OAuth2::Version::VERSION}, congratulations! There are BREAKING changes if you are upgrading from < v2, but most will not encounter them, and updating your code should be easy! +Please see: +• #{spec.homepage}/-/blob/main/SECURITY.md +• #{spec.homepage}/-/blob/v#{spec.version}/CHANGELOG.md#2010-2022-09-19 +• Summary: #{spec.homepage}#what-is-new-for-v20 -We have made two other major migrations: +Major updates: 1. master branch renamed to main -2. Github has been replaced with Gitlab - -Please see: -• https://gitlab.com/oauth-xx/oauth2#what-is-new-for-v20 -• https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md +• Update your local: git checkout master; git branch -m master main; git branch --unset-upstream; git branch -u origin/main +2. Github has been replaced with Gitlab; I wrote about some of the reasons here: +• https://dev.to/galtzo/im-leaving-github-50ba +• Update your local: git remote set-url origin git@gitlab.com:oauth-xx/oauth2.git +3. Google Group is active (again)! • https://groups.google.com/g/oauth-ruby/c/QA_dtrXWXaE +4. Gitter Chat is active (still)! +• https://gitter.im/oauth-xx/ +5. Non-commercial support for the 2.x series will end by April, 2024. Please make a plan to upgrade to the next version prior to that date. +Support will be dropped for Ruby 2.2, 2.3, 2.4, 2.5, 2.6, 2.7 and any other Ruby versions which will also have reached EOL by then. +6. Gem releases are now cryptographically signed for security. + +If you are a human, please consider a donation as I move toward supporting myself with Open Source work: +• https://liberapay.com/pboling +• https://ko-fi.com/pboling +• https://patreon.com/galtzo + +If you are a corporation, please consider supporting this project, and open source work generally, with a TideLift subscription. +• https://tidelift.com/funding/github/rubygems/oauth +• Or hire me. I am looking for a job! -Please report issues, and support the project! Thanks, |7eter l-|. l3oling +Please report issues, and support the project! +Thanks, |7eter l-|. l3oling " spec.metadata['homepage_uri'] = spec.homepage @@ -44,21 +66,20 @@ Please report issues, and support the project! Thanks, |7eter l-|. l3oling spec.metadata['bug_tracker_uri'] = "#{spec.homepage}/-/issues" spec.metadata['documentation_uri'] = "https://www.rubydoc.info/gems/#{spec.name}/#{spec.version}" spec.metadata['wiki_uri'] = "#{spec.homepage}/-/wiki" + spec.metadata['mailing_list_uri'] = 'https://groups.google.com/g/oauth-ruby' spec.metadata['funding_uri'] = 'https://liberapay.com/pboling' spec.metadata['rubygems_mfa_required'] = 'true' spec.require_paths = %w[lib] - spec.bindir = 'exe' spec.files = Dir[ 'lib/**/*', 'CHANGELOG.md', 'CODE_OF_CONDUCT.md', 'CONTRIBUTING.md', - 'LICENSE', + 'LICENSE.txt', 'README.md', 'SECURITY.md', ] - spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } spec.add_development_dependency 'addressable', '>= 2' spec.add_development_dependency 'backports', '>= 3' From 1548d361d38c8ad3b95eba86552427fa10f3f62f Mon Sep 17 00:00:00 2001 From: nov Date: Tue, 27 Sep 2022 16:01:55 +0900 Subject: [PATCH 234/645] =?UTF-8?q?=F0=9F=90=9B=20encode=20space=20as=20'%?= =?UTF-8?q?20',=20not=20as=20'+'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/oauth2/client.rb | 2 ++ spec/oauth2/client_spec.rb | 14 ++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index bffd9cca..104d2b9c 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -3,6 +3,8 @@ require 'faraday' require 'logger' +Faraday::Utils.default_space_encoding = '%20' + module OAuth2 ConnectionError = Class.new(Faraday::ConnectionFailed) TimeoutError = Class.new(Faraday::TimeoutError) diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 57539b1b..07666d7e 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -318,6 +318,20 @@ end end + describe '#authorize_url' do + subject { instance.authorize_url(https://github.com/params) } + + context 'when space included' do + let(:params) do + {scope: 'email profile'} + end + + it 'encoded as %20' do + expect(subject).to include 'email%20profile' + end + end + end + describe '#request' do it 'works with a null response body' do expect(subject.request(:get, 'empty_get').body).to eq('') From 2fd5da028bfd397a1b374b45fec49448481559a0 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 27 Sep 2022 15:44:40 -0600 Subject: [PATCH 235/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20for=20release?= =?UTF-8?q?=202.0.10?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 16 +++++++++++++++- README.md | 27 ++++++++++++++------------- checksums/oauth2-2.0.10.gem.sha256 | 2 +- checksums/oauth2-2.0.10.gem.sha512 | 2 +- 4 files changed, 31 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d91eb259..710ad65b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,18 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ### Fixed ### Removed +## [2.0.10] - 2022-09-27 ([tag][2.0.10t]) +### Added +- Certificate for signing gem releases (@pboling) +- Gemspec metadata (@pboling) + - funding_uri + - mailing_list_uri +- SHA256 and SHA512 Checksums for release (@pboling) +### Changed +- Gem releases are now cryptographically signed (@pboling) +### Fixed +- [!633](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/633) Spaces will now be encoded as `%20` instead of `+` (@nov.matake) + ## [2.0.9] - 2022-09-16 ([tag][2.0.9t]) ### Added - More specs (@pboling) @@ -298,7 +310,9 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [gemfiles/readme]: gemfiles/README.md -[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.9...HEAD +[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.10...HEAD +[2.0.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.09....v2.0.10 +[2.0.10t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.10 [2.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.8...v2.0.9 [2.0.9t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.9 [2.0.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.7...v2.0.8 diff --git a/README.md b/README.md index bae02ef8..91a22c16 100644 --- a/README.md +++ b/README.md @@ -31,18 +31,19 @@ This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby appli
2.0.x Readmes -| Version | Release Date | Readme | -|---------|--------------|----------------------------------------------------------| -| 2.0.9 | 2022-09-16 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.9/README.md | -| 2.0.8 | 2022-09-01 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.8/README.md | -| 2.0.7 | 2022-08-22 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.7/README.md | -| 2.0.6 | 2022-07-13 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.6/README.md | -| 2.0.5 | 2022-07-07 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.5/README.md | -| 2.0.4 | 2022-07-01 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.4/README.md | -| 2.0.3 | 2022-06-28 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.3/README.md | -| 2.0.2 | 2022-06-24 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.2/README.md | -| 2.0.1 | 2022-06-22 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.1/README.md | -| 2.0.0 | 2022-06-21 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.0/README.md | +| Version | Release Date | Readme | +|---------|--------------|-------------------------------------------------------------| +| 2.0.10 | 2022-09-27 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.10/README.md | +| 2.0.9 | 2022-09-16 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.9/README.md | +| 2.0.8 | 2022-09-01 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.8/README.md | +| 2.0.7 | 2022-08-22 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.7/README.md | +| 2.0.6 | 2022-07-13 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.6/README.md | +| 2.0.5 | 2022-07-07 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.5/README.md | +| 2.0.4 | 2022-07-01 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.4/README.md | +| 2.0.3 | 2022-06-28 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.3/README.md | +| 2.0.2 | 2022-06-24 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.2/README.md | +| 2.0.1 | 2022-06-22 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.1/README.md | +| 2.0.0 | 2022-06-21 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.0/README.md |
### Older Releases @@ -136,7 +137,7 @@ The link tokens in the following sections should be kept ordered by the row and [🖇src-license-img]: https://img.shields.io/badge/License-MIT-green.svg [🏘fossa]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_shield [🏘fossa-img]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=shield -[🚎yard]: https://www.rubydoc.info/github/oauth-xx/oauth2 +[🚎yard]: https://www.rubydoc.info/gems/oauth2 [🚎yard-img]: https://img.shields.io/badge/documentation-rubydoc-brightgreen.svg?style=flat [🖐inch-ci-img]: http://inch-ci.org/github/oauth-xx/oauth2.png diff --git a/checksums/oauth2-2.0.10.gem.sha256 b/checksums/oauth2-2.0.10.gem.sha256 index 623e2626..e0e65592 100644 --- a/checksums/oauth2-2.0.10.gem.sha256 +++ b/checksums/oauth2-2.0.10.gem.sha256 @@ -1 +1 @@ -8c18b6470acd1ec188bd31f5d364066146a2751052a3fb7de06ff88c78a6069d \ No newline at end of file +e0bbe33434c32cdd01bc970f265c64db42b44f42d2036896710b1cf3e682e704 \ No newline at end of file diff --git a/checksums/oauth2-2.0.10.gem.sha512 b/checksums/oauth2-2.0.10.gem.sha512 index 0e07fd2a..02ad7661 100644 --- a/checksums/oauth2-2.0.10.gem.sha512 +++ b/checksums/oauth2-2.0.10.gem.sha512 @@ -1 +1 @@ -753a5803757e2b30214dfe4ef6ce93ec1edea7b9448b8078f082128a039339c1c43d5a21bbf68a2476acc49358f7311c3106ba35821c7bdf3e1c71e800c15eee \ No newline at end of file +a73cc4c6502893f219e4b1cc5d2df480184bbf11069b43e08b781f4d278ce7219097e8904710948b644d22de95b98cdad575de1d1864d815d0e3064c2601a270 \ No newline at end of file From 4f6fcb67ee83d1dbed2761b2891858493ce6b010 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 27 Sep 2022 17:38:40 -0600 Subject: [PATCH 236/645] =?UTF-8?q?=F0=9F=99=88=20Ignore=20gemfiles=20lock?= =?UTF-8?q?=20files?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 1 + gemfiles/f2.gemfile.lock | 98 ---------------------------------------- 2 files changed, 1 insertion(+), 98 deletions(-) delete mode 100644 gemfiles/f2.gemfile.lock diff --git a/.gitignore b/.gitignore index 2d9b95ea..38ac0429 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,7 @@ # Bundler /.bundle/ +/gemfiles/*.lock /gemfiles/.bundle/ /gemfiles/.bundle/config /gemfiles/vendor/ diff --git a/gemfiles/f2.gemfile.lock b/gemfiles/f2.gemfile.lock deleted file mode 100644 index 3019558a..00000000 --- a/gemfiles/f2.gemfile.lock +++ /dev/null @@ -1,98 +0,0 @@ -PATH - remote: .. - specs: - oauth2 (2.0.10) - faraday (>= 0.17.3, < 3.0) - jwt (>= 1.0, < 3.0) - multi_xml (~> 0.5) - rack (>= 1.2, < 4) - snaky_hash (~> 2.0) - version_gem (~> 1.1) - -GEM - remote: https://rubygems.org/ - specs: - addressable (2.8.1) - public_suffix (>= 2.0.2, < 6.0) - ast (2.4.2) - backports (3.23.0) - diff-lcs (1.5.0) - faraday (2.5.2) - faraday-net_http (>= 2.0, < 3.1) - ruby2_keywords (>= 0.0.4) - faraday-net_http (3.0.0) - hashie (5.0.0) - jaro_winkler (1.5.4) - jwt (2.5.0) - multi_xml (0.6.0) - parallel (1.22.1) - parser (3.1.2.1) - ast (~> 2.4.1) - public_suffix (5.0.0) - rack (3.0.0) - rainbow (3.1.1) - rake (13.0.6) - rexml (3.2.5) - rspec (3.11.0) - rspec-core (~> 3.11.0) - rspec-expectations (~> 3.11.0) - rspec-mocks (~> 3.11.0) - rspec-block_is_expected (1.0.2) - rspec-core - rspec-core (3.11.0) - rspec-support (~> 3.11.0) - rspec-expectations (3.11.1) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.11.0) - rspec-mocks (3.11.1) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.11.0) - rspec-pending_for (0.1.16) - rspec-core - ruby_engine (>= 1, < 3) - ruby_version (~> 1.0) - rspec-stubbed_env (1.0.0) - rspec (>= 3.0) - rspec-support (3.11.1) - rubocop (0.68.1) - jaro_winkler (~> 1.5.1) - parallel (~> 1.10) - parser (>= 2.5, != 2.5.1.1) - rainbow (>= 2.2.2, < 4.0) - ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 1.6) - rubocop-lts (8.0.2) - rubocop-ruby2_2 (~> 1.0.4) - rubocop-ruby2_2 (1.0.4) - rubocop (= 0.68.1) - ruby-progressbar (1.11.0) - ruby2_keywords (0.0.5) - ruby_engine (2.0.0) - ruby_version (1.0.2) - silent_stream (1.0.6) - snaky_hash (2.0.1) - hashie - version_gem (~> 1.1, >= 1.1.1) - unicode-display_width (1.5.0) - version_gem (1.1.1) - -PLATFORMS - x86_64-darwin-21 - -DEPENDENCIES - addressable (>= 2) - backports (>= 3) - bundler (>= 2) - faraday (~> 2.2) - oauth2! - rake (>= 12) - rexml (>= 3) - rspec (>= 3) - rspec-block_is_expected - rspec-pending_for - rspec-stubbed_env - rubocop-lts (~> 8.0) - silent_stream - -BUNDLED WITH - 2.3.22 From cfc3ed478437f466682d22c7b6e1888cf18a884f Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 28 Sep 2022 12:27:52 -0600 Subject: [PATCH 237/645] =?UTF-8?q?=F0=9F=90=9B=20default=5Fspace=5Fencodi?= =?UTF-8?q?ng=20only=20available=20w/=20Faraday=20v1+?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/oauth2/client.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 104d2b9c..5e66b89e 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -3,7 +3,10 @@ require 'faraday' require 'logger' -Faraday::Utils.default_space_encoding = '%20' +if Faraday::Utils.respond_to?(:default_space_encoding) + # This setting doesn't exist in faraday 0.x + Faraday::Utils.default_space_encoding = '%20' +end module OAuth2 ConnectionError = Class.new(Faraday::ConnectionFailed) From 2a018ff833b2b745118720cbedee14935197efc7 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 28 Sep 2022 14:45:54 -0600 Subject: [PATCH 238/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20documentatio?= =?UTF-8?q?n=20references=20to=20snakes=20and=20camels?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 4 ++-- README.md | 6 +++--- oauth2.gemspec | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 710ad65b..3460e701 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -118,9 +118,9 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#414](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura) - [#489](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost) - [#489](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost) -- [#507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507), [#575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - **BREAKING**: Transform keys to camel case, always, by default (ultimately via `rash_alt` gem) +- [#507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507), [#575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - **BREAKING**: Transform keys to snake case, always, by default (ultimately via `rash_alt` gem) - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem. - - However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case. + - However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be snake case. - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option. - [#576](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - **BREAKING**: Stop rescuing parsing errors (@pboling) - [#591](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated diff --git a/README.md b/README.md index 91a22c16..ea417ed8 100644 --- a/README.md +++ b/README.md @@ -255,13 +255,13 @@ For more see [SECURITY.md][🚎sec-pol]. - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` - Adds new option to `OAuth2::AccessToken#initialize`: - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency -- By default, keys are transformed to camel case. +- By default, keys are transformed to snake case. - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem. - - However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case. + - However, this is a _breaking_ change if you rely on `response.parsed.to_h` to retain the original case, and the original wasn't snake case, as the keys in the result will be snake case. - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option. - By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`) - Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body -- [... A lot more](https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md#2.0.0) +- [... A lot more](https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md#200-2022-06-21-tag) ## Compatibility diff --git a/oauth2.gemspec b/oauth2.gemspec index e0c953c7..9e08984e 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -29,8 +29,8 @@ You have installed oauth2 version #{OAuth2::Version::VERSION}, congratulations! There are BREAKING changes if you are upgrading from < v2, but most will not encounter them, and updating your code should be easy! Please see: • #{spec.homepage}/-/blob/main/SECURITY.md -• #{spec.homepage}/-/blob/v#{spec.version}/CHANGELOG.md#2010-2022-09-19 -• Summary: #{spec.homepage}#what-is-new-for-v20 +• #{spec.homepage}/-/blob/v#{spec.version}/CHANGELOG.md#200-2022-06-21-tag +• Summary of most important breaking changes: #{spec.homepage}#what-is-new-for-v20 Major updates: 1. master branch renamed to main From f2a7260492c484eb2c23e3b27eb1e29540dfe4fd Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 29 Sep 2022 02:05:11 -0600 Subject: [PATCH 239/645] =?UTF-8?q?=F0=9F=94=8D=EF=B8=8F=20Improve=20markd?= =?UTF-8?q?own=20anchor=20tokens?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CONTRIBUTING.md | 4 ++-- README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 82219102..a3a67b96 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,6 +1,6 @@ ## Contributing -Bug reports and pull requests are welcome on GitLab at [https://gitlab.com/oauth-xx/oauth2][source] +Bug reports and pull requests are welcome on GitLab at [https://gitlab.com/oauth-xx/oauth2][🚎src-main] . This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct][conduct]. @@ -41,4 +41,4 @@ Made with [contributors-img][contrib-rocks]. [comment]: <> (Following links are used by README, CONTRIBUTING, Homepage) -[source]: https://gitlab.com/oauth-xx/oauth2/ +[🚎src-main]: https://gitlab.com/oauth-xx/oauth2/-/tree/main diff --git a/README.md b/README.md index ea417ed8..df06c0c0 100644 --- a/README.md +++ b/README.md @@ -119,7 +119,7 @@ appended indicators: | | Project | bundle add oauth2 | |:----|-----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] | -| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] | +| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-main] | | 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] | | 4️⃣ | testing | [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] | | 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] | @@ -145,7 +145,7 @@ The link tokens in the following sections should be kept ordered by the row and [⛳️version-img]: http://img.shields.io/gem/v/oauth2.svg [🖇DL-total-img]: https://img.shields.io/gem/dt/oauth2.svg [🏘DL-rank-img]: https://img.shields.io/gem/rt/oauth2.svg -[🚎src-home]: https://gitlab.com/oauth-xx/oauth2/ +[🚎src-main]: https://gitlab.com/oauth-xx/oauth2/-/tree/main [🚎src-home-img]: https://img.shields.io/badge/source-gitlab-blue.svg?style=flat From eaa00ba10d4f1ecbffc1b3695080ab0d6752708d Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 29 Sep 2022 12:43:52 -0600 Subject: [PATCH 240/645] =?UTF-8?q?=F0=9F=94=8D=EF=B8=8F=20Improve=20markd?= =?UTF-8?q?own=20anchor=20tokens?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index df06c0c0..5ff18f9d 100644 --- a/README.md +++ b/README.md @@ -118,8 +118,8 @@ appended indicators: | | Project | bundle add oauth2 | |:----|-----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] | -| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-main] | +| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![SemVer 2.0.0][🧮semver-img]][🧮semver] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] | +| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-main-img]][🚎src-main] | | 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] | | 4️⃣ | testing | [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] | | 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] | @@ -139,14 +139,17 @@ The link tokens in the following sections should be kept ordered by the row and [🏘fossa-img]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=shield [🚎yard]: https://www.rubydoc.info/gems/oauth2 [🚎yard-img]: https://img.shields.io/badge/documentation-rubydoc-brightgreen.svg?style=flat -[🖐inch-ci-img]: http://inch-ci.org/github/oauth-xx/oauth2.png +[🧮semver]: http://semver.org/ +[🧮semver-img]: https://img.shields.io/badge/semver-2.0.0-FFDD67.svg?style=flat +[📗keep-changelog]: https://keepachangelog.com/en/1.0.0/ +[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-FFDD67.svg?style=flat [⛳️version-img]: http://img.shields.io/gem/v/oauth2.svg [🖇DL-total-img]: https://img.shields.io/gem/dt/oauth2.svg [🏘DL-rank-img]: https://img.shields.io/gem/rt/oauth2.svg [🚎src-main]: https://gitlab.com/oauth-xx/oauth2/-/tree/main -[🚎src-home-img]: https://img.shields.io/badge/source-gitlab-blue.svg?style=flat +[🚎src-main-img]: https://img.shields.io/badge/source-gitlab-blue.svg?style=flat [⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability From 72e8f836a2619ae12104a395ebf49cba091ae80c Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 29 Sep 2022 12:52:03 -0600 Subject: [PATCH 241/645] =?UTF-8?q?=F0=9F=94=8D=EF=B8=8F=20Improve=20markd?= =?UTF-8?q?own=20anchor=20tokens=20and=20targets?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CONTRIBUTING.md | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a3a67b96..5918bb64 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -4,7 +4,9 @@ Bug reports and pull requests are welcome on GitLab at [https://gitlab.com/oauth . This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct][conduct]. -To submit a patch, please fork the project and create a patch with tests. Once you're happy with it send a pull request! +To submit a patch, please fork the project and create a patch with +tests. Once you're happy with it send a pull request and post a message to the +[google group][mailinglist] or on the [gitter chat][🏘chat]. ## Detailed instructions on Submitting a Pull Request 1. [Fork the repository.][fork] @@ -27,18 +29,13 @@ To submit a patch, please fork the project and create a patch with tests. Once y ## Contributors -[![Contributors](https://contrib.rocks/image?repo=oauth-xx/oauth2)][🚎contributors] +See: [https://gitlab.com/oauth-xx/oauth2/-/graphs/main][🚎contributors] Made with [contributors-img][contrib-rocks]. -[comment]: <> (Following links are used by README, CONTRIBUTING) - +[comment]: <> (Following links are used by README, CONTRIBUTING, Homepage) [conduct]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CODE_OF_CONDUCT.md - -[contrib-rocks]: https://contrib.rocks - [🚎contributors]: https://gitlab.com/oauth-xx/oauth2/-/graphs/main - -[comment]: <> (Following links are used by README, CONTRIBUTING, Homepage) - +[mailinglist]: http://groups.google.com/group/oauth-ruby [🚎src-main]: https://gitlab.com/oauth-xx/oauth2/-/tree/main +[🏘chat]: https://gitter.im/oauth-xx/oauth2 \ No newline at end of file From 09990fa2113fe0a41e191b088d2ee33e5b8fbbe4 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 29 Sep 2022 12:54:02 -0600 Subject: [PATCH 242/645] =?UTF-8?q?=F0=9F=94=8D=EF=B8=8F=20Improve=20markd?= =?UTF-8?q?own=20anchor=20tokens=20and=20targets?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CONTRIBUTING.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5918bb64..1b81c846 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -31,8 +31,6 @@ tests. Once you're happy with it send a pull request and post a message to the See: [https://gitlab.com/oauth-xx/oauth2/-/graphs/main][🚎contributors] -Made with [contributors-img][contrib-rocks]. - [comment]: <> (Following links are used by README, CONTRIBUTING, Homepage) [conduct]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CODE_OF_CONDUCT.md [🚎contributors]: https://gitlab.com/oauth-xx/oauth2/-/graphs/main From 2f49ed5537cdcf29e34b1f0224dce0520cf0d621 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 29 Sep 2022 15:05:47 -0600 Subject: [PATCH 243/645] =?UTF-8?q?=F0=9F=94=8D=EF=B8=8F=20Improve=20markd?= =?UTF-8?q?own=20anchor=20tokens=20and=20targets?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 5ff18f9d..e2b6e06d 100644 --- a/README.md +++ b/README.md @@ -116,15 +116,15 @@ appended indicators: ♻️ - URL needs to be updated from SASS integration. Find / Replace is insufficient. --> -| | Project | bundle add oauth2 | -|:----|-----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![SemVer 2.0.0][🧮semver-img]][🧮semver] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] | -| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-main-img]][🚎src-main] | -| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] | -| 4️⃣ | testing | [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] | -| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] | -| 6️⃣ | resources | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | -| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] | +| | Project | bundle add oauth2 | +|:----|-----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![SemVer 2.0.0][🧮semver-img]][🧮semver] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] | +| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-main-img]][🚎src-main] | +| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] | +| 4️⃣ | testing | [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] | +| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] | +| 6️⃣ | resources | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | +| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] | [🏘sup-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml From 44f26453ed655fae40c35dae0c5b8524510d441d Mon Sep 17 00:00:00 2001 From: shota-kuwahara Date: Thu, 13 Oct 2022 13:53:21 +0900 Subject: [PATCH 244/645] fix No and url --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3460e701..d23a6cb0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -116,8 +116,8 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [#368](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/368), [#424](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/424), [#479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479), [#493](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/493), [#539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539), [#542](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/542), [#553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek) - [#410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore) - [#414](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura) -- [#489](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost) -- [#489](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost) +- [#469](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost) +- [#469](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost) - [#507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507), [#575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - **BREAKING**: Transform keys to snake case, always, by default (ultimately via `rash_alt` gem) - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem. - However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be snake case. From b373235edf14369b09aa134692bd4342d30aa366 Mon Sep 17 00:00:00 2001 From: Jessie Young Date: Wed, 24 May 2023 09:01:49 +0000 Subject: [PATCH 245/645] Update file .gitlab-ci.yml --- .gitlab-ci.yml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 00000000..d802adfe --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,36 @@ +default: + image: ruby:3.1 + +workflow: + rules: + # For merge requests, create a pipeline. + - if: '$CI_MERGE_REQUEST_IID' + # For `master` branch, create a pipeline (this includes on schedules, pushes, merges, etc.). + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + # For tags, create a pipeline. + - if: '$CI_COMMIT_TAG' + + +.test_template: &test_definition + image: ruby:${RUBY_VERSION} + stage: test + script: + - gem install bundler --no-document + - bundle config --local path vendor + - bundle install + - bundle exec rake verify build install + cache: + key: ${CI_JOB_IMAGE} + paths: + - vendor/ruby +ruby: + <<: *test_definition + parallel: + matrix: + - RUBY_VERSION: ["2.7", "3.0", "3.1", "3.2"] + +static-analysis: + before_script: + - bundle install + script: + - rake verify \ No newline at end of file From 9001abcdc2f2f33a35a60af7bf8684a8ae84596b Mon Sep 17 00:00:00 2001 From: Jessie Young Date: Wed, 24 May 2023 09:04:44 +0000 Subject: [PATCH 246/645] Remove verify step for now --- .gitlab-ci.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d802adfe..85c3b57d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -27,10 +27,4 @@ ruby: <<: *test_definition parallel: matrix: - - RUBY_VERSION: ["2.7", "3.0", "3.1", "3.2"] - -static-analysis: - before_script: - - bundle install - script: - - rake verify \ No newline at end of file + - RUBY_VERSION: ["2.7", "3.0", "3.1", "3.2"] \ No newline at end of file From d688826300f33229e8dba7c59f2431b0575ca747 Mon Sep 17 00:00:00 2001 From: Jessie Young Date: Wed, 24 May 2023 09:08:25 +0000 Subject: [PATCH 247/645] Update file .gitlab-ci.yml --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 85c3b57d..78e6ace2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -18,7 +18,7 @@ workflow: - gem install bundler --no-document - bundle config --local path vendor - bundle install - - bundle exec rake verify build install + - bundle exec rake test cache: key: ${CI_JOB_IMAGE} paths: From 37703150fc0970369400e0cd567da4ff408f1537 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 8 Aug 2023 00:12:25 -0600 Subject: [PATCH 248/645] =?UTF-8?q?=F0=9F=91=B7=20Use=20image=20ruby:3.2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitlab-ci.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 78e6ace2..cf4655d4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ default: - image: ruby:3.1 + image: ruby:3.2 workflow: rules: @@ -10,14 +10,13 @@ workflow: # For tags, create a pipeline. - if: '$CI_COMMIT_TAG' - .test_template: &test_definition image: ruby:${RUBY_VERSION} stage: test script: - - gem install bundler --no-document + - gem update --system - bundle config --local path vendor - - bundle install + - bundle install --jobs 4 --retry 3 - bundle exec rake test cache: key: ${CI_JOB_IMAGE} @@ -27,4 +26,4 @@ ruby: <<: *test_definition parallel: matrix: - - RUBY_VERSION: ["2.7", "3.0", "3.1", "3.2"] \ No newline at end of file + - RUBY_VERSION: ["2.7", "3.0", "3.1", "3.2"] From 77f407da12c5b5b56096f4a652020b7abf347a87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=9A=D0=B0=D1=80=D0=B8=D0=BC=20=D0=93=D0=B8=D0=BC=D0=B0?= =?UTF-8?q?=D0=B4=D0=B5=D0=B5=D0=B2?= Date: Tue, 26 Sep 2023 01:47:58 +0300 Subject: [PATCH 249/645] fix: fix expired? method when expires_in is 0 --- lib/oauth2/access_token.rb | 2 +- spec/oauth2/access_token_spec.rb | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 7a278d20..4440d6f3 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -81,7 +81,7 @@ def initialize(client, token, opts = {}) @expires_in &&= @expires_in.to_i @expires_at &&= convert_expires_at(@expires_at) @expires_latency &&= @expires_latency.to_i - @expires_at ||= Time.now.to_i + @expires_in if @expires_in + @expires_at ||= Time.now.to_i + @expires_in if @expires_in && !@expires_in.zero? @expires_at -= @expires_latency if @expires_latency @options = {mode: opts.delete(:mode) || :header, header_format: opts.delete(:header_format) || 'Bearer %s', diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 470000a9..d41ab897 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -615,6 +615,10 @@ def assert_initialized_token(target) expect(described_class.new(client, token)).not_to be_expired end + it 'is false if expires_in is 0 (token is permanent)' do + expect(described_class.new(client, token, refresh_token: 'abaca', expires_in: 0)).not_to be_expired + end + it 'is false if expires_in is in the future' do expect(described_class.new(client, token, refresh_token: 'abaca', expires_in: 10_800)).not_to be_expired end From 84b0678b9af88bc55e52b91f797c031e9cd55a77 Mon Sep 17 00:00:00 2001 From: Elise Wood Date: Wed, 3 Jan 2024 13:29:11 -0800 Subject: [PATCH 250/645] Only instantiate OAuth2::Error if raise_errors option is true --- lib/oauth2/client.rb | 6 ++++-- spec/oauth2/client_spec.rb | 8 ++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 5e66b89e..ff9535d7 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -140,8 +140,10 @@ def request(verb, url, opts = {}, &block) # on non-redirecting 3xx statuses, just return the response response when 400..599 - error = Error.new(response) - raise(error) if opts.fetch(:raise_errors, options[:raise_errors]) + if opts.fetch(:raise_errors, options[:raise_errors]) + error = Error.new(response) + raise(error) + end response else diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 07666d7e..0ab18e5a 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -16,6 +16,7 @@ stub.get('/redirect_no_loc') { |_env| [302, {'Content-Type' => 'text/plain'}, ''] } stub.post('/redirect') { |_env| [303, {'Content-Type' => 'text/plain', 'location' => '/reflect'}, ''] } stub.get('/error') { |_env| [500, {'Content-Type' => 'text/plain'}, 'unknown error'] } + stub.get('/unparsable_error') { |_env| [500, {'Content-Type' => 'application/json'}, 'unknown error'] } stub.get('/empty_get') { |_env| [204, {}, nil] } stub.get('/different_encoding') { |_env| [500, {'Content-Type' => 'application/json'}, NKF.nkf('-We', JSON.dump(error: error_value, error_description: '∞'))] } stub.get('/ascii_8bit_encoding') { |_env| [500, {'Content-Type' => 'application/json'}, JSON.dump(error: 'invalid_request', error_description: 'é').force_encoding('ASCII-8BIT')] } @@ -95,6 +96,13 @@ described_class.new 'abc', 'def', opts expect(opts).to eq(opts2) end + + it 'raises exception if JSON is expected, but server returns invalid JSON' do + client = instance + expect { client.request(:get, '/unparsable_error') }.to raise_error(JSON::ParserError) + response = client.request(:get, '/unparsable_error', raise_errors: false) + expect(response.status).to eq(500) + end end describe '#site=(val)' do From 55f9e8274b656c2202f0f40d9cf887efb8daba39 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Mon, 12 Feb 2024 15:14:26 +0700 Subject: [PATCH 251/645] =?UTF-8?q?=F0=9F=91=B7=20Split=20current=20/=20le?= =?UTF-8?q?gacy=20rubygems?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ref: https://github.com/rubygems/rubygems/issues/7308 --- .gitlab-ci.yml | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index cf4655d4..20aa732c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -10,20 +10,43 @@ workflow: # For tags, create a pipeline. - if: '$CI_COMMIT_TAG' -.test_template: &test_definition +.test_template-current: &test_definition-current image: ruby:${RUBY_VERSION} stage: test script: - - gem update --system + - gem update --system > /dev/null 2>&1 - bundle config --local path vendor - - bundle install --jobs 4 --retry 3 + - bundle install --quiet --jobs 4 --retry 3 - bundle exec rake test cache: key: ${CI_JOB_IMAGE} paths: - vendor/ruby -ruby: - <<: *test_definition + +.test_template-legacy: &test_definition-legacy + image: ruby:${RUBY_VERSION} + stage: test + script: + # Because we support EOL Ruby still... + - gem install rubygems-update -v 3.4.22 > /dev/null 2>&1 + # Actually updates both RubyGems and Bundler! + - update_rubygems > /dev/null 2>&1 + - bundle config --local path vendor + - bundle install --quiet --jobs 4 --retry 3 + - bundle exec rake test + cache: + key: ${CI_JOB_IMAGE} + paths: + - vendor/ruby + +ruby-current: + <<: *test_definition-current + parallel: + matrix: + - RUBY_VERSION: ["3.0", "3.1", "3.2"] + +ruby-legacy: + <<: *test_definition-legacy parallel: matrix: - - RUBY_VERSION: ["2.7", "3.0", "3.1", "3.2"] + - RUBY_VERSION: ["2.7"] From 0e7a3dba481eb0b63d907193d20baffc5d554980 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=20J=20Mart=C3=ADnez?= Date: Fri, 23 Feb 2024 15:36:43 +0000 Subject: [PATCH 252/645] Update typo error in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e2b6e06d..de991abf 100644 --- a/README.md +++ b/README.md @@ -310,7 +310,7 @@ See [SECURITY.md][🚎sec-pol] ### Global Configuration -If you started seeing this warning, but everything it working fine, you can now silence it. +If you started seeing this warning, but everything is working fine, you can now silence it. ```log OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key ``` From 1e650f44ce1228dacc2e4cce205769936c99b770 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 15 Mar 2024 01:47:32 +0000 Subject: [PATCH 253/645] =?UTF-8?q?=F0=9F=93=9D=20Add=20Mastodon=20Verific?= =?UTF-8?q?ation=20Links?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/README.md b/README.md index e2b6e06d..d7a8d2c2 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,27 @@ This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby appli [sibling-gem]: https://gitlab.com/oauth-xx/oauth [doorkeeper-gem]: https://github.com/doorkeeper-gem/doorkeeper +If this library has helped you, or your organization, +please support my efforts by making a donation, becoming a sponsor, or giving me a shout on Mastodon. + +[![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] +[![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] + + +Buy me coffee donation button + + +Patreon donate button + + + + + +[⛳liberapay-img]: https://img.shields.io/liberapay/patrons/pboling.svg?logo=liberapay +[⛳liberapay]: https://liberapay.com/pboling/donate +[🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github +[🖇sponsor]: https://github.com/sponsors/pboling + ## Release Documentation ### Version 2.0.x From 3f8145b95ca0f5be8e9b4fa2921121133a95f1a6 Mon Sep 17 00:00:00 2001 From: Manuel van Rijn Date: Wed, 8 May 2024 16:43:26 +0200 Subject: [PATCH 254/645] Do not include sensitive information in the `inspect` I'd like to add this functionality to filter out sensitive information because these are exposed when an exception occurs. In my case, I had to manually catch any exception that could occur and send them to an error tracker and noticed that all these attributes were exposed. Of course, the main problem was that my code resulted in throwing this exception, but to me it also felt like a good suggestion to filter these attributes so they aren't unintentionally being exposed. --- lib/oauth2.rb | 1 + lib/oauth2/access_token.rb | 3 +++ lib/oauth2/authenticator.rb | 3 +++ lib/oauth2/client.rb | 3 +++ lib/oauth2/filtered_attributes.rb | 31 +++++++++++++++++++++++++++++++ spec/oauth2/access_token_spec.rb | 12 ++++++++++++ spec/oauth2/authenticator_spec.rb | 6 ++++++ spec/oauth2/client_spec.rb | 6 ++++++ 8 files changed, 65 insertions(+) create mode 100644 lib/oauth2/filtered_attributes.rb diff --git a/lib/oauth2.rb b/lib/oauth2.rb index 58310826..00f51b08 100644 --- a/lib/oauth2.rb +++ b/lib/oauth2.rb @@ -10,6 +10,7 @@ # includes gem files require 'oauth2/version' +require 'oauth2/filtered_attributes' require 'oauth2/error' require 'oauth2/authenticator' require 'oauth2/client' diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 4440d6f3..45682629 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -6,8 +6,11 @@ class AccessToken # rubocop:disable Metrics/ClassLength TOKEN_KEYS_SYM = %i[access_token id_token token accessToken idToken].freeze TOKEN_KEY_LOOKUP = TOKEN_KEYS_STR + TOKEN_KEYS_SYM + include FilteredAttributes + attr_reader :client, :token, :expires_in, :expires_at, :expires_latency, :params attr_accessor :options, :refresh_token, :response + filtered_attributes :token, :refresh_token class << self # Initializes an AccessToken from a Hash diff --git a/lib/oauth2/authenticator.rb b/lib/oauth2/authenticator.rb index eafc3ef0..f3e2888a 100644 --- a/lib/oauth2/authenticator.rb +++ b/lib/oauth2/authenticator.rb @@ -4,7 +4,10 @@ module OAuth2 class Authenticator + include FilteredAttributes + attr_reader :mode, :id, :secret + filtered_attributes :secret def initialize(id, secret, mode) @id = id diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index ff9535d7..e87a5cd0 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -16,9 +16,12 @@ module OAuth2 class Client # rubocop:disable Metrics/ClassLength RESERVED_PARAM_KEYS = %w[body headers params parse snaky].freeze + include FilteredAttributes + attr_reader :id, :secret, :site attr_accessor :options attr_writer :connection + filtered_attributes :secret # Instantiate a new OAuth 2.0 client using the # Client ID and Client Secret registered to your diff --git a/lib/oauth2/filtered_attributes.rb b/lib/oauth2/filtered_attributes.rb new file mode 100644 index 00000000..299d2d92 --- /dev/null +++ b/lib/oauth2/filtered_attributes.rb @@ -0,0 +1,31 @@ +module OAuth2 + module FilteredAttributes + def self.included(base) + base.extend(ClassMethods) + end + + module ClassMethods + def filtered_attributes(*attributes) + @filtered_attribute_names = attributes.map(&:to_sym) + end + + def filtered_attribute_names + @filtered_attribute_names || [] + end + end + + def inspect + filtered_attribute_names = self.class.filtered_attribute_names + return super if filtered_attribute_names.empty? + + inspected_vars = instance_variables.map do |var| + if filtered_attribute_names.any? { |filtered_var| var.to_s.include?(filtered_var.to_s) } + "#{var}=[FILTERED]" + else + "#{var}=#{instance_variable_get(var).inspect}" + end + end + "#<#{self.class}:#{object_id} #{inspected_vars.join(', ')}>" + end + end +end diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index d41ab897..ae828fa2 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -741,4 +741,16 @@ def self.contains_token?(hash) expect(access_token.to_hash).to eq(hash) end end + + describe '#inspect' do + let(:inspect_result) { described_class.new(nil, 'secret-token', { refresh_token: 'secret-refresh-token' }).inspect } + + it 'filters out the @token value' do + expect(inspect_result).to include('@token=[FILTERED]') + end + + it 'filters out the @refresh_token value' do + expect(inspect_result).to include('@refresh_token=[FILTERED]') + end + end end diff --git a/spec/oauth2/authenticator_spec.rb b/spec/oauth2/authenticator_spec.rb index 4f06d306..158bc593 100644 --- a/spec/oauth2/authenticator_spec.rb +++ b/spec/oauth2/authenticator_spec.rb @@ -123,4 +123,10 @@ end end end + + describe '#inspect' do + it 'filters out the @secret value' do + expect(subject.inspect).to include('@secret=[FILTERED]') + end + end end diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 0ab18e5a..d87d61ec 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -967,4 +967,10 @@ def stubbed_client(params = {}, &stubs) expect(subject.connection.builder.handlers).to include(Faraday::Request::UrlEncoded) end end + + describe '#inspect' do + it 'filters out the @secret value' do + expect(subject.inspect).to include('@secret=[FILTERED]') + end + end end From 9e90ff54f2bdf2a61c64e5e2dae20a9c8df1c219 Mon Sep 17 00:00:00 2001 From: Aboling0 <142766788+Aboling0@users.noreply.github.com> Date: Wed, 23 Oct 2024 22:47:13 -0600 Subject: [PATCH 255/645] =?UTF-8?q?=F0=9F=92=B8=20Update=20funding=20(#632?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/FUNDING.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index e21342e5..f6d2e5aa 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,13 +1,13 @@ # These are supported funding model platforms +buy_me_a_coffee: pboling +community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry github: [pboling] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] -patreon: galtzo # Replace with a single Patreon username -open_collective: # Replace with a single Open Collective username +issuehunt: pboling # Replace with a single IssueHunt username ko_fi: pboling # Replace with a single Ko-fi username -tidelift: rubygems/oauth2 # Replace with a single Tidelift platform-name/package-name e.g., npm/babel -community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry liberapay: pboling # Replace with a single Liberapay username -issuehunt: pboling # Replace with a single IssueHunt username -otechie: # Replace with a single Otechie username -lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry -custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] +open_collective: # Replace with a single Open Collective username +patreon: galtzo # Replace with a single Patreon username +polar: pboling +thanks_dev: gh/pboling +tidelift: rubygems/oauth2 # Replace with a single Tidelift platform-name/package-name e.g., npm/babel From 0d17e9d5774879de4876ff04e8403277791a843e Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 13 May 2025 00:58:00 +0700 Subject: [PATCH 256/645] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20=2020-year=20ce?= =?UTF-8?q?rt=20for=20cryptographic=20signing=20of=20release?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 1 + SECURITY.md | 4 +-- certs/pboling.pem | 42 +++++++++++++++--------------- checksums/oauth2-2.0.10.gem.sha256 | 1 - checksums/oauth2-2.0.10.gem.sha512 | 1 - oauth2.gemspec | 17 ++++++++++-- 6 files changed, 39 insertions(+), 27 deletions(-) delete mode 100644 checksums/oauth2-2.0.10.gem.sha256 delete mode 100644 checksums/oauth2-2.0.10.gem.sha512 diff --git a/CHANGELOG.md b/CHANGELOG.md index 265d6adc..19b37eec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - SHA256 and SHA512 Checksums for release (@pboling) ### Changed - Gem releases are now cryptographically signed, with a 20-year cert (@pboling) + - Allow linux distros to build release without signing, as their package managers sign independently ### Fixed - [#633](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/633) - Spaces will now be encoded as `%20` instead of `+` (@nov.matake) - [#634](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/634) - `CHANGELOG.md` documentation fix (@skuwa229) diff --git a/SECURITY.md b/SECURITY.md index 274337d2..f41dda1f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,8 +4,8 @@ | Version | Supported | EOL | Post-EOL / Enterprise | |----------|-----------|---------|---------------------------------------| -| 2.latest | ✅ | 04/2024 | [Tidelift Subscription][tidelift-ref] | -| 1.latest | ✅ | 04/2023 | [Tidelift Subscription][tidelift-ref] | +| 2.latest | ✅ | 04/2026 | [Tidelift Subscription][tidelift-ref] | +| 1.latest | ✅ | 10/2025 | [Tidelift Subscription][tidelift-ref] | | <= 1 | ⛔ | ⛔ | ⛔ | ### EOL Policy diff --git a/certs/pboling.pem b/certs/pboling.pem index f11daea5..d5c7e8bb 100644 --- a/certs/pboling.pem +++ b/certs/pboling.pem @@ -1,27 +1,27 @@ -----BEGIN CERTIFICATE----- MIIEgDCCAuigAwIBAgIBATANBgkqhkiG9w0BAQsFADBDMRUwEwYDVQQDDAxwZXRl ci5ib2xpbmcxFTATBgoJkiaJk/IsZAEZFgVnbWFpbDETMBEGCgmSJomT8ixkARkW -A2NvbTAeFw0yMjA5MTgyMzEyMzBaFw0yMzA5MTgyMzEyMzBaMEMxFTATBgNVBAMM +A2NvbTAeFw0yNTA1MDQxNTMzMDlaFw00NTA0MjkxNTMzMDlaMEMxFTATBgNVBAMM DHBldGVyLmJvbGluZzEVMBMGCgmSJomT8ixkARkWBWdtYWlsMRMwEQYKCZImiZPy -LGQBGRYDY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA2Dn1GM3W -8K2/rvN1zz+06bQMcxD16ZKTihVwi7Pb1v3T98rM4Omnxohm3s+CwpDWGeiB9pj6 -0I/CTce0e4e3s8GKJSOrg93veImPSoH2PfsMsRsuB8wtqyiOCjLbF5o6S29x87r0 -LA5EawH+Lh4xqrkkPjdffsmLk7TaCig/vlmNvnzxXKBdey/X/aEJZXzzBiWRfVdh -O1fmMbVKyieGv9HK7+pLotIoT08bjDv8NP6V7zZslwQRqW27bQc6cqC2LGIbTYO3 -3jt1kQxfMWmhOictS6SzG9VtKSrXf0L4Neq0Gh7CLBZBvJFWJYZPfb92YNITDbd8 -emPOAQlXXNMN4mMXsEqtEhCPZRMnmwO+fOk/cC4AyglKi9lnQugCQoFV1XDMZST/ -CYbzdQyadOdPDInTntG6V+Uw51d2QGXZ6PDDfrx9+toc/3sl5h68rCUGgE6Q3jPz -srinqmBsxv2vTpmd4FjmiAtEnwH5/ooLpQYL8UdAjEoeysxS3AwIh+5dAgMBAAGj -fzB9MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBQWU6D156a2cle+ -lb5RBfvVXlxTwjAhBgNVHREEGjAYgRZwZXRlci5ib2xpbmdAZ21haWwuY29tMCEG +LGQBGRYDY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAruUoo0WA +uoNuq6puKWYeRYiZekz/nsDeK5x/0IEirzcCEvaHr3Bmz7rjo1I6On3gGKmiZs61 +LRmQ3oxy77ydmkGTXBjruJB+pQEn7UfLSgQ0xa1/X3kdBZt6RmabFlBxnHkoaGY5 +mZuZ5+Z7walmv6sFD9ajhzj+oIgwWfnEHkXYTR8I6VLN7MRRKGMPoZ/yvOmxb2DN +coEEHWKO9CvgYpW7asIihl/9GMpKiRkcYPm9dGQzZc6uTwom1COfW0+ZOFrDVBuV +FMQRPswZcY4Wlq0uEBLPU7hxnCL9nKK6Y9IhdDcz1mY6HZ91WImNslOSI0S8hRpj +yGOWxQIhBT3fqCBlRIqFQBudrnD9jSNpSGsFvbEijd5ns7Z9ZMehXkXDycpGAUj1 +to/5cuTWWw1JqUWrKJYoifnVhtE1o1DZ+LkPtWxHtz5kjDG/zR3MG0Ula0UOavlD +qbnbcXPBnwXtTFeZ3C+yrWpE4pGnl3yGkZj9SMTlo9qnTMiPmuWKQDatAgMBAAGj +fzB9MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBQE8uWvNbPVNRXZ +HlgPbc2PCzC4bjAhBgNVHREEGjAYgRZwZXRlci5ib2xpbmdAZ21haWwuY29tMCEG A1UdEgQaMBiBFnBldGVyLmJvbGluZ0BnbWFpbC5jb20wDQYJKoZIhvcNAQELBQAD -ggGBAJ4SqhPlgUiLYIrphGXIaxXScHyvx4kixuvdrwhI4VoQV2qXvO7R6ZjOXVwX -f/z84BWPiTZ8lzThPbt1UV/BGwkvLw9I4RjOdzvUz3J42j9Ly6q63isall07bo3F -QWe/OBvIMBF1IbjC3q5vKPg4rq8+TkNRJNoE86U2gfR+PkW3jYYs9uiy0GloHDCP -k5xgaj0vSL0Uy5mTOPdk3K6a/sUGZyYniWK05zdhIi956ynhfGaFO988FFdVw5Jq -LHtXfIpAU8F7ES04syZSslxOluw7VlcSKyRdVIr737J92ZTduppB4PRGSKRgBsWV -hXTahRE72Kyw53Q7FAuzF3v102WxAAQ7BuMjW+MyCUT75fwPm3W4ELPL8HYkNGE7 -2oA5CPghFitRnvYS3GNrDG+9bNiRMEskeaBYwZ9UgReBQIwGYVj7LZk3UhiAsn44 -gwGrEXGQGDZ0NIgBcmvMOqlXjkGQwQvugKycJ024z89+fz2332vdZIKTrSxJrXGk -4/bR9A== +ggGBAJbnUwfJQFPkBgH9cL7hoBfRtmWiCvdqdjeTmi04u8zVNCUox0A4gT982DE9 +wmuN12LpdajxZONqbXuzZvc+nb0StFwmFYZG6iDwaf4BPywm2e/Vmq0YG45vZXGR +L8yMDSK1cQXjmA+ZBKOHKWavxP6Vp7lWvjAhz8RFwqF9GuNIdhv9NpnCAWcMZtpm +GUPyIWw/Cw/2wZp74QzZj6Npx+LdXoLTF1HMSJXZ7/pkxLCsB8m4EFVdb/IrW/0k +kNSfjtAfBHO8nLGuqQZVH9IBD1i9K6aSs7pT6TW8itXUIlkIUI2tg5YzW6OFfPzq +QekSkX3lZfY+HTSp/o+YvKkqWLUV7PQ7xh1ZYDtocpaHwgxe/j3bBqHE+CUPH2vA +0V/FwdTRWcwsjVoOJTrYcff8pBZ8r2MvtAc54xfnnhGFzeRHfcltobgFxkAXdE6p +DVjBtqT23eugOqQ73umLcYDZkc36vnqGxUBSsXrzY9pzV5gGr2I8YUxMqf6ATrZt +L9nRqA== -----END CERTIFICATE----- diff --git a/checksums/oauth2-2.0.10.gem.sha256 b/checksums/oauth2-2.0.10.gem.sha256 deleted file mode 100644 index e0e65592..00000000 --- a/checksums/oauth2-2.0.10.gem.sha256 +++ /dev/null @@ -1 +0,0 @@ -e0bbe33434c32cdd01bc970f265c64db42b44f42d2036896710b1cf3e682e704 \ No newline at end of file diff --git a/checksums/oauth2-2.0.10.gem.sha512 b/checksums/oauth2-2.0.10.gem.sha512 deleted file mode 100644 index 02ad7661..00000000 --- a/checksums/oauth2-2.0.10.gem.sha512 +++ /dev/null @@ -1 +0,0 @@ -a73cc4c6502893f219e4b1cc5d2df480184bbf11069b43e08b781f4d278ce7219097e8904710948b644d22de95b98cdad575de1d1864d815d0e3064c2601a270 \ No newline at end of file diff --git a/oauth2.gemspec b/oauth2.gemspec index 9e08984e..ba436492 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -11,8 +11,21 @@ Gem::Specification.new do |spec| spec.add_dependency 'snaky_hash', '~> 2.0' spec.add_dependency 'version_gem', '~> 1.1' - spec.cert_chain = ['certs/pboling.pem'] - spec.signing_key = File.expand_path('~/.ssh/gem-private_key.pem') if $PROGRAM_NAME.end_with?('gem') + # Linux distros may package ruby gems differently, + # and securely certify them independently via alternate package management systems. + # Ref: https://gitlab.com/oauth-xx/version_gem/-/issues/3 + # Hence, only enable signing if the cert_file is present. + # See CONTRIBUTING.md + default_user_cert = "certs/#{ENV.fetch("https://github.com/GEM_CERT_USER", ENV["USER"])}.pem" + default_user_cert_path = File.join(__dir__, default_user_cert) + cert_file_path = ENV.fetch("https://github.com/GEM_CERT_PATH", default_user_cert_path) + cert_chain = cert_file_path.split(",") + if cert_file_path && cert_chain.map { |fp| File.exist?(fp) } + spec.cert_chain = cert_chain + if $PROGRAM_NAME.end_with?("gem", "rake") && ARGV[0] == "build" + spec.signing_key = File.expand_path("~/.ssh/gem-private_key.pem") + end + end spec.authors = ['Peter Boling', 'Erik Michaels-Ober', 'Michael Bleigh'] spec.summary = 'OAuth 2.0 Core Ruby implementation' From 0ad33698aebb44b24d91b0209a682c7de913f098 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 13 May 2025 01:05:43 +0700 Subject: [PATCH 257/645] =?UTF-8?q?=F0=9F=93=9D=20Disambiguate=20MR=20and?= =?UTF-8?q?=20Issue=20links=20(!=20vs=20#)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 212 +++++++++++++++++++++++++-------------------------- 1 file changed, 106 insertions(+), 106 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 19b37eec..a6ba79f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,7 +12,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [2.0.10] - 2025-05-12 ([tag][2.0.10t]) ### Added -- [#635](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/635) - `.gitlab-ci.yml` file (@jessieay) +[!635](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/635) - `.gitlab-ci.yml` file (@jessieay) - 20 year certificate for signing gem releases, expires 2045-04-29 (@pboling) - Gemspec metadata (@pboling) - funding_uri @@ -23,12 +23,12 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - Gem releases are now cryptographically signed, with a 20-year cert (@pboling) - Allow linux distros to build release without signing, as their package managers sign independently ### Fixed -- [#633](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/633) - Spaces will now be encoded as `%20` instead of `+` (@nov.matake) -- [#634](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/634) - `CHANGELOG.md` documentation fix (@skuwa229) -- [#638](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/638) - fix `expired?` when `expires_in` is `0` (@disep) -- [#639](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/639) - Only instantiate `OAuth2::Error` if `raise_errors` option is `true` (@glytch2) -- [#640](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/640) - `README.md` documentation fix (@martinezcoder) -- [#641](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/641) - Do not include sensitive information in the `inspect` (@manuelvanrijn) +[!633](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/633) - Spaces will now be encoded as `%20` instead of `+` (@nov.matake) +[!634](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/634) - `CHANGELOG.md` documentation fix (@skuwa229) +[!638](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/638) - fix `expired?` when `expires_in` is `0` (@disep) +[!639](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/639) - Only instantiate `OAuth2::Error` if `raise_errors` option is `true` (@glytch2) +[!640](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/640) - `README.md` documentation fix (@martinezcoder) +[!641](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/641) - Do not include sensitive information in the `inspect` (@manuelvanrijn) ## [2.0.9] - 2022-09-16 ([tag][2.0.9t]) ### Added @@ -45,20 +45,20 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [2.0.7] - 2022-08-22 ([tag][2.0.7t]) ### Added -- [#629](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/629) - Allow POST of JSON to get token (@pboling, @terracatta) +[!629](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/629) - Allow POST of JSON to get token (@pboling, @terracatta) ### Fixed -- [#626](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby) +[!626](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby) - Note: This fixes compatibility with `omniauth-oauth2` and AWS -- [#625](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/625) - Fixes the printed version in the post install message (@hasghari) +[!625](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/625) - Fixes the printed version in the post install message (@hasghari) ## [2.0.6] - 2022-07-13 ([tag][2.0.6t]) ### Fixed -- [#624](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/624) - Fixes a [regression](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling) +[!624](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/624) - Fixes a [regression](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling) ## [2.0.5] - 2022-07-07 ([tag][2.0.5t]) ### Fixed -- [#620](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/620) - Documentation improvements, to help with upgrading (@swanson) -- [#621](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/621) - Fixed [#528](https://gitlab.com/oauth-xx/oauth2/-/issues/528) and [#619](https://gitlab.com/oauth-xx/oauth2/-/issues/619) (@pboling) +[!620](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/620) - Documentation improvements, to help with upgrading (@swanson) +[!621](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/621) - Fixed [#528](https://gitlab.com/oauth-xx/oauth2/-/issues/528) and [#619](https://gitlab.com/oauth-xx/oauth2/-/issues/619) (@pboling) - All data in responses is now returned, with the access token removed and set as `token` - `refresh_token` is no longer dropped - **BREAKING**: Microsoft's `id_token` is no longer left as `access_token['id_token']`, but moved to the standard `access_token.token` that all other strategies use @@ -67,21 +67,21 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [2.0.4] - 2022-07-01 ([tag][2.0.4t]) ### Fixed -- [#618](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/618) - In some scenarios the `snaky` option default value was not applied (@pboling) +[!618](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/618) - In some scenarios the `snaky` option default value was not applied (@pboling) ## [2.0.3] - 2022-06-28 ([tag][2.0.3t]) ### Added -- [#611](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling) -- [#612](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling) +[!611](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling) +[!612](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling) ### Fixed -- [#608](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler) -- [#615](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling) +[!608](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler) +[!615](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling) ## [2.0.2] - 2022-06-24 ([tag][2.0.2t]) ### Fixed -- [#604](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu) -- [#606](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu) -- [#607](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan) +[!604](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu) +[!606](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu) +[!607](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan) ## [2.0.1] - 2022-06-22 ([tag][2.0.1t]) ### Added @@ -90,81 +90,81 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [2.0.0] - 2022-06-21 ([tag][2.0.0t]) ### Added -- [#158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [#344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Optionally pass raw response to parsers (@niels) -- [#190](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/190), [#332](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/332), [#334](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/334), [#335](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/335), [#360](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/360), [#426](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/426), [#427](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/427), [#461](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm) -- [#220](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore) -- [#298](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig) -- [#305](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/305) - Option: `OAuth2::Client#get_token` - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` (@styd) -- [#346](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Modern gem structure (@pboling) -- [#351](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/351) - Support Jruby 9k (@pboling) -- [#362](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/362) - Support SemVer release version scheme (@pboling) -- [#363](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/363) - New method `OAuth2::AccessToken#refresh!` same as old `refresh`, with backwards compatibility alias (@pboling) -- [#364](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/364) - Support `application/hal+json` format (@pboling) -- [#365](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/365) - Support `application/vnd.collection+json` format (@pboling) -- [#376](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/376) - _Documentation_: Example / Test for Google 2-legged JWT (@jhmoore) -- [#381](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/381) - Spec for extra header params on client credentials (@nikz) -- [#394](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/394) - Option: `OAuth2::AccessToken#initialize` - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx) -- [#412](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/412) - Support `application/vdn.api+json` format (from jsonapi.org) (@david-christensen) -- [#413](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/413) - _Documentation_: License scan and report (@meganemura) -- [#442](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound) -- [#494](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork) -- [#549](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionError` (@nikkypx) -- [#550](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/550) - Raise error if location header not present when redirecting (@stanhu) -- [#552](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/552) - Add missing `version.rb` require (@ahorek) -- [#553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - Support `application/problem+json` format (@janz93) -- [#560](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk) -- [#571](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Support Ruby 3.1 (@pboling) -- [#575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling) -- [#581](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/581) - _Documentation_: of breaking changes (@pboling) +[!158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [!344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Optionally pass raw response to parsers (@niels) +[!190](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/190), [!332](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/332), [!334](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/334), [!335](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/335), [!360](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/360), [!426](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/426), [!427](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/427), [!461](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm) +[!220](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore) +[!298](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig) +[!305](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/305) - Option: `OAuth2::Client#get_token` - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` (@styd) +[!346](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Modern gem structure (@pboling) +[!351](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/351) - Support Jruby 9k (@pboling) +[!362](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/362) - Support SemVer release version scheme (@pboling) +[!363](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/363) - New method `OAuth2::AccessToken#refresh!` same as old `refresh`, with backwards compatibility alias (@pboling) +[!364](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/364) - Support `application/hal+json` format (@pboling) +[!365](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/365) - Support `application/vnd.collection+json` format (@pboling) +[!376](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/376) - _Documentation_: Example / Test for Google 2-legged JWT (@jhmoore) +[!381](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/381) - Spec for extra header params on client credentials (@nikz) +[!394](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/394) - Option: `OAuth2::AccessToken#initialize` - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx) +[!412](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/412) - Support `application/vdn.api+json` format (from jsonapi.org) (@david-christensen) +[!413](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/413) - _Documentation_: License scan and report (@meganemura) +[!442](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound) +[!494](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork) +[!549](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionError` (@nikkypx) +[!550](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/550) - Raise error if location header not present when redirecting (@stanhu) +[!552](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/552) - Add missing `version.rb` require (@ahorek) +[!553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - Support `application/problem+json` format (@janz93) +[!560](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk) +[!571](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Support Ruby 3.1 (@pboling) +[!575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling) +[!581](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/581) - _Documentation_: of breaking changes (@pboling) ### Changed -- [#191](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens) -- [#312](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777) -- [#317](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth) -- [#338](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/338) - _Dependency_: Switch from `Rack::Utils.escape` to `CGI.escape` (@josephpage) -- [#339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [#368](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/368), [#424](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/424), [#479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479), [#493](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/493), [#539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539), [#542](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/542), [#553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek) -- [#410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore) -- [#414](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura) -- [#469](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost) -- [#469](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost) -- [#507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507), [#575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - **BREAKING**: Transform keys to snake case, always, by default (ultimately via `rash_alt` gem) +[!191](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens) +[!312](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777) +[!317](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth) +[!338](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/338) - _Dependency_: Switch from `Rack::Utils.escape` to `CGI.escape` (@josephpage) +[!339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [!368](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/368), [!424](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/424), [!479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479), [!493](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/493), [!539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539), [!542](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/542), [!553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek) +[!410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore) +[!414](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura) +[!469](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost) +[!469](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost) +[!507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507), [!575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - **BREAKING**: Transform keys to snake case, always, by default (ultimately via `rash_alt` gem) - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem. - However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be snake case. - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option. -- [#576](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - **BREAKING**: Stop rescuing parsing errors (@pboling) -- [#591](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated +[!576](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - **BREAKING**: Stop rescuing parsing errors (@pboling) +[!591](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated ### Fixed -- [#158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [#344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Handling of errors when using `omniauth-facebook` (@niels) -- [#294](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom) -- [#300](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare) -- [#318](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/318), [#326](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/326), [#343](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/343), [#347](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/347), [#397](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/397), [#464](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/464), [#561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561), [#565](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/565) - _Dependency_: Support all versions of `faraday` (see [gemfiles/README.md][gemfiles/readme] for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother) -- [#322](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/322), [#331](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/331), [#337](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/337), [#361](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/361), [#371](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/371), [#377](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/377), [#383](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/383), [#392](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/392), [#395](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/395), [#400](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/400), [#401](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/401), [#403](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/403), [#415](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/415), [#567](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/567) - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator) -- [#328](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/328) - _Documentation_: Homepage URL is SSL (@amatsuda) -- [#339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [#479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage) -- [#366](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/366) - **Security**: Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling) -- [#380](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/380) - Fix: Stop attempting to encode non-encodable objects in `Oauth2::Error` (@jhmoore) -- [#399](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/399) - Fix: Stop duplicating `redirect_uri` in `get_token` (@markus) -- [#410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - Fix: `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore) -- [#460](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/460) - Fix: Stop throwing errors when `raise_errors` is set to `false`; analog of [#524](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/524) for `1-4-stable` branch (@joaolrpaulo) -- [#472](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler) -- [#482](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/482) - _Documentation_: Update last of `intridea` links to `oauth-xx` (@pboling) -- [#536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) on `1-4-stable` branch (@pboling) -- [#595](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/595) - Graceful handling of empty responses from `Client#get_token`, respecting `:raise_errors` config (@stanhu) -- [#596](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu) -- [#598](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu) +[!158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [!344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Handling of errors when using `omniauth-facebook` (@niels) +[!294](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom) +[!300](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare) +[!318](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/318), [!326](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/326), [!343](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/343), [!347](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/347), [!397](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/397), [!464](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/464), [!561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561), [!565](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/565) - _Dependency_: Support all versions of `faraday` (see [gemfiles/README.md][gemfiles/readme] for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother) +[!322](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/322), [!331](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/331), [!337](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/337), [!361](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/361), [!371](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/371), [!377](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/377), [!383](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/383), [!392](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/392), [!395](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/395), [!400](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/400), [!401](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/401), [!403](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/403), [!415](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/415), [!567](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/567) - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator) +[!328](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/328) - _Documentation_: Homepage URL is SSL (@amatsuda) +[!339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [!479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage) +[!366](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/366) - **Security**: Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling) +[!380](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/380) - Fix: Stop attempting to encode non-encodable objects in `Oauth2::Error` (@jhmoore) +[!399](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/399) - Fix: Stop duplicating `redirect_uri` in `get_token` (@markus) +[!410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - Fix: `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore) +[!460](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/460) - Fix: Stop throwing errors when `raise_errors` is set to `false`; analog of [!524](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/524) for `1-4-stable` branch (@joaolrpaulo) +[!472](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler) +[!482](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/482) - _Documentation_: Update last of `intridea` links to `oauth-xx` (@pboling) +[!536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [!535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) on `1-4-stable` branch (@pboling) +[!595](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/595) - Graceful handling of empty responses from `Client#get_token`, respecting `:raise_errors` config (@stanhu) +[!596](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu) +[!598](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu) ### Removed -- [#341](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/341) - Remove Rdoc & Jeweler related files (@josephpage) -- [#342](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage) -- [#539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) - Remove reliance on globally included OAuth2 in tests, analog of [#538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) for 1-4-stable (@anderscarling) -- [#566](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/566) - _Dependency_: Removed `wwtd` (@bquorning) -- [#589](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/589), [#593](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/593) - Remove support for expired MAC token draft spec (@stanhu) -- [#590](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/590) - _Dependency_: Removed `multi_json` (@stanhu) +[!341](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/341) - Remove Rdoc & Jeweler related files (@josephpage) +[!342](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage) +[!539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) - Remove reliance on globally included OAuth2 in tests, analog of [!538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) for 1-4-stable (@anderscarling) +[!566](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/566) - _Dependency_: Removed `wwtd` (@bquorning) +[!589](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/589), [!593](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/593) - Remove support for expired MAC token draft spec (@stanhu) +[!590](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/590) - _Dependency_: Removed `multi_json` (@stanhu) ## [1.4.11] - 2022-09-16 ([tag][1.4.11t]) - Complete migration to main branch as default (@pboling) - Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling) ## [1.4.10] - 2022-07-01 ([tag][1.4.10t]) -- FIPS Compatibility [#587](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/587) (@akostadinov) +- FIPS Compatibility [!587](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/587) (@akostadinov) ## [1.4.9] - 2022-02-20 ([tag][1.4.9t]) - Fixes compatibility with Faraday v2 [572](https://gitlab.com/oauth-xx/oauth2/-/issues/572) @@ -177,47 +177,47 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [1.4.8] - 2022-02-18 ([tag][1.4.8t]) - MFA is now required to push new gem versions (@pboling) - README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling) -- [#569](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/569) Backport fixes ([#561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind) +[!569](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/569) Backport fixes ([!561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind) - Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling) - Add CodeQL, Security Policy, Funding info (@pboling) - Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling) -- [#543](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/543) - Support for more modern Open SSL libraries (@pboling) +[!543](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/543) - Support for more modern Open SSL libraries (@pboling) ## [1.4.7] - 2021-03-19 ([tag][1.4.7t]) -- [#541](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/541) - Backport fix to expires_at handling [#533](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/533) to 1-4-stable branch. (@dobon) +[!541](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/541) - Backport fix to expires_at handling [!533](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/533) to 1-4-stable branch. (@dobon) ## [1.4.6] - 2021-03-19 ([tag][1.4.6t]) -- [#540](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/540) - Add VERSION constant (@pboling) -- [#537](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/537) - Fix crash in OAuth2::Client#get_token (@anderscarling) -- [#538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) - Remove reliance on globally included OAuth2 in tests, analogous to [#539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) on main branch (@anderscarling) +[!540](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/540) - Add VERSION constant (@pboling) +[!537](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/537) - Fix crash in OAuth2::Client#get_token (@anderscarling) +[!538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) - Remove reliance on globally included OAuth2 in tests, analogous to [!539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) on main branch (@anderscarling) ## [1.4.5] - 2021-03-18 ([tag][1.4.5t]) -- [#535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [#536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) on main branch (@pboling) -- [#518](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer) -- [#507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507) - Fix camel case content type, response keys (@anvox) -- [#500](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/500) - Fix YARD documentation formatting (@olleolleolle) +[!535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [!536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) on main branch (@pboling) +[!518](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer) +[!507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507) - Fix camel case content type, response keys (@anvox) +[!500](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/500) - Fix YARD documentation formatting (@olleolleolle) ## [1.4.4] - 2020-02-12 ([tag][1.4.4t]) -- [#408](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/408) - Fixed expires_at for formatted time (@Lomey) +[!408](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/408) - Fixed expires_at for formatted time (@Lomey) ## [1.4.3] - 2020-01-29 ([tag][1.4.3t]) -- [#483](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/483) - add project metadata to gemspec (@orien) -- [#495](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz) +[!483](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/483) - add project metadata to gemspec (@orien) +[!495](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz) - Adds support for private_key_jwt and tls_client_auth -- [#433](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/433) - allow field names with square brackets and numbers in params (@asm256) +[!433](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/433) - allow field names with square brackets and numbers in params (@asm256) ## [1.4.2] - 2019-10-01 ([tag][1.4.2t]) -- [#478](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/478) - support latest version of faraday & fix build (@pboling) +[!478](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/478) - support latest version of faraday & fix build (@pboling) - Officially support Ruby 2.6 and truffleruby ## [1.4.1] - 2018-10-13 ([tag][1.4.1t]) -- [#417](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/417) - update jwt dependency (@thewoolleyman) -- [#419](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/419) - remove rubocop dependency (temporary, added back in [#423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423)) (@pboling) -- [#418](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/418) - update faraday dependency (@pboling) -- [#420](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/420) - update [oauth2.gemspec](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/oauth2.gemspec) (@pboling) -- [#421](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/421) - fix [CHANGELOG.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/CHANGELOG.md) for previous releases (@pboling) -- [#422](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/422) - update [LICENSE](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/LICENSE) and [README.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/README.md) (@pboling) -- [#423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423) - update [builds](https://travis-ci.org/oauth-xx/oauth2/builds), [Rakefile](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/Rakefile) (@pboling) +[!417](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/417) - update jwt dependency (@thewoolleyman) +[!419](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/419) - remove rubocop dependency (temporary, added back in [!423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423)) (@pboling) +[!418](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/418) - update faraday dependency (@pboling) +[!420](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/420) - update [oauth2.gemspec](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/oauth2.gemspec) (@pboling) +[!421](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/421) - fix [CHANGELOG.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/CHANGELOG.md) for previous releases (@pboling) +[!422](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/422) - update [LICENSE](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/LICENSE) and [README.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/README.md) (@pboling) +[!423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423) - update [builds](https://travis-ci.org/oauth-xx/oauth2/builds), [Rakefile](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/Rakefile) (@pboling) - officially document supported Rubies * Ruby 1.9.3 * Ruby 2.0.0 From 8239c736b55b2275c8884c87ee2e2c2b0f337797 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 13 May 2025 01:29:57 +0700 Subject: [PATCH 258/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20Gemspec=20updates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - add nkf dev dep - remove bundler dev dep - modernize files inclusion - add news_uri metadata - update post install message --- Gemfile.lock | 220 ++++++++++++++++++++++++++++++++----------------- oauth2.gemspec | 84 +++++++++++-------- 2 files changed, 194 insertions(+), 110 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 14452141..e93c8076 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -7,91 +7,137 @@ PATH multi_xml (~> 0.5) rack (>= 1.2, < 4) snaky_hash (~> 2.0) - version_gem (~> 1.1) + version_gem (>= 1.1.8, < 3) GEM remote: https://rubygems.org/ specs: - addressable (2.8.1) - public_suffix (>= 2.0.2, < 6.0) - ast (2.4.2) - backports (3.23.0) - byebug (11.1.3) - childprocess (4.1.0) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) + ast (2.4.3) + backports (3.25.1) + base64 (0.2.0) + bigdecimal (3.1.9) + byebug (12.0.0) + childprocess (5.1.0) + logger (~> 1.5) codecov (0.6.0) simplecov (>= 0.15, < 0.22) - diff-lcs (1.5.0) - docile (1.4.0) - faraday (2.5.2) - faraday-net_http (>= 2.0, < 3.1) - ruby2_keywords (>= 0.0.4) - faraday-net_http (3.0.0) - github-markup (4.0.1) + diff-lcs (1.6.2) + diffy (3.4.3) + docile (1.4.1) + faraday (2.13.1) + faraday-net_http (>= 2.0, < 3.5) + json + logger + faraday-net_http (3.4.0) + net-http (>= 0.5.0) + github-markup (5.0.1) hashie (5.0.0) iniparse (1.5.0) - jaro_winkler (1.5.4) - json (2.6.2) - jwt (2.5.0) - multi_xml (0.6.0) - overcommit (0.59.1) - childprocess (>= 0.6.3, < 5) + json (2.11.3) + jwt (2.10.1) + base64 + language_server-protocol (3.17.0.5) + lint_roller (1.1.0) + logger (1.7.0) + multi_xml (0.7.2) + bigdecimal (~> 3.1) + net-http (0.6.0) + uri + nkf (0.2.0) + overcommit (0.67.1) + childprocess (>= 0.6.3, < 6) iniparse (~> 1.4) - rexml (~> 3.2) - parallel (1.22.1) - parser (3.1.2.1) + rexml (>= 3.3.9) + parallel (1.27.0) + parser (3.3.8.0) ast (~> 2.4.1) - public_suffix (5.0.0) - rack (3.0.0) - rainbow (2.2.2) - rake - rake (13.0.6) - redcarpet (3.5.1) - rexml (3.2.5) - rspec (3.11.0) - rspec-core (~> 3.11.0) - rspec-expectations (~> 3.11.0) - rspec-mocks (~> 3.11.0) - rspec-block_is_expected (1.0.2) - rspec-core - rspec-core (3.11.0) - rspec-support (~> 3.11.0) - rspec-expectations (3.11.1) + racc + prism (1.4.0) + public_suffix (6.0.2) + racc (1.8.1) + rack (3.1.14) + rainbow (3.1.1) + rake (13.2.1) + redcarpet (3.6.1) + regexp_parser (2.10.0) + rexml (3.4.1) + rspec (3.13.0) + rspec-core (~> 3.13.0) + rspec-expectations (~> 3.13.0) + rspec-mocks (~> 3.13.0) + rspec-block_is_expected (1.0.6) + rspec-core (3.13.3) + rspec-support (~> 3.13.0) + rspec-expectations (3.13.4) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.11.0) - rspec-mocks (3.11.1) + rspec-support (~> 3.13.0) + rspec-mocks (3.13.4) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.11.0) - rspec-pending_for (0.1.16) - rspec-core - ruby_engine (>= 1, < 3) + rspec-support (~> 3.13.0) + rspec-pending_for (0.1.17) + rake (>= 10) + rspec-core (~> 3.0) + ruby_engine (~> 2.0) ruby_version (~> 1.0) - rspec-stubbed_env (1.0.0) - rspec (>= 3.0) - rspec-support (3.11.1) - rubocop (0.68.1) - jaro_winkler (~> 1.5.1) + rspec-stubbed_env (1.0.2) + rspec-support (3.13.3) + rubocop (1.75.5) + json (~> 2.3) + language_server-protocol (~> 3.17.0.2) + lint_roller (~> 1.1.0) parallel (~> 1.10) - parser (>= 2.5, != 2.5.1.1) + parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) + regexp_parser (>= 2.9.3, < 3.0) + rubocop-ast (>= 1.44.0, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 1.6) - rubocop-lts (8.0.2) - rubocop-ruby2_2 (~> 1.0.4) - rubocop-performance (1.3.0) - rubocop (>= 0.68.0) - rubocop-rake (0.5.1) - rubocop - rubocop-rspec (1.41.0) - rubocop (>= 0.68.1) - rubocop-ruby2_2 (1.0.4) - rubocop (= 0.68.1) - rubocop-thread_safety (0.4.4) - rubocop (>= 0.53.0) - ruby-progressbar (1.11.0) - ruby2_keywords (0.0.5) - ruby_engine (2.0.0) - ruby_version (1.0.2) - silent_stream (1.0.6) + unicode-display_width (>= 2.4.0, < 4.0) + rubocop-ast (1.44.1) + parser (>= 3.3.7.2) + prism (~> 1.4) + rubocop-gradual (0.3.6) + diff-lcs (>= 1.2.0, < 2.0) + diffy (~> 3.0) + parallel (~> 1.10) + rainbow (>= 2.2.2, < 4.0) + rubocop (~> 1.0) + rubocop-lts (8.1.1) + rubocop-ruby2_2 (>= 2.0.3, < 3) + standard-rubocop-lts (>= 1.0.3, < 3) + version_gem (>= 1.1.2, < 3) + rubocop-md (1.2.4) + rubocop (>= 1.45) + rubocop-performance (1.25.0) + lint_roller (~> 1.1) + rubocop (>= 1.75.0, < 2.0) + rubocop-ast (>= 1.38.0, < 2.0) + rubocop-rake (0.7.1) + lint_roller (~> 1.1) + rubocop (>= 1.72.1) + rubocop-rspec (3.6.0) + lint_roller (~> 1.1) + rubocop (~> 1.72, >= 1.72.1) + rubocop-ruby2_2 (2.0.5) + rubocop-gradual (~> 0.3, >= 0.3.1) + rubocop-md (~> 1.2) + rubocop-rake (~> 0.6) + rubocop-shopify (~> 2.14) + rubocop-thread_safety (~> 0.5, >= 0.5.1) + standard-rubocop-lts (~> 1.0, >= 1.0.7) + version_gem (>= 1.1.3, < 3) + rubocop-shopify (2.17.0) + rubocop (~> 1.62) + rubocop-thread_safety (0.7.2) + lint_roller (~> 1.1) + rubocop (~> 1.72, >= 1.72.1) + ruby-progressbar (1.13.0) + ruby_engine (2.0.3) + ruby_version (1.0.3) + silent_stream (1.0.10) + logger (>= 1.4.4) + version_gem (~> 1.1, >= 1.1.7) simplecov (0.21.2) docile (~> 1.1) simplecov-html (~> 0.11) @@ -99,7 +145,7 @@ GEM simplecov-cobertura (2.1.0) rexml simplecov (~> 0.19) - simplecov-html (0.12.3) + simplecov-html (0.13.1) simplecov-json (0.2.3) json simplecov @@ -108,22 +154,42 @@ GEM snaky_hash (2.0.1) hashie version_gem (~> 1.1, >= 1.1.1) - unicode-display_width (1.5.0) - version_gem (1.1.1) - webrick (1.7.0) - yard (0.9.28) - webrick (~> 1.7.0) + standard (1.49.0) + language_server-protocol (~> 3.17.0.2) + lint_roller (~> 1.0) + rubocop (~> 1.75.2) + standard-custom (~> 1.0.0) + standard-performance (~> 1.8) + standard-custom (1.0.2) + lint_roller (~> 1.0) + rubocop (~> 1.50) + standard-performance (1.8.0) + lint_roller (~> 1.1) + rubocop-performance (~> 1.25.0) + standard-rubocop-lts (1.0.10) + rspec-block_is_expected (~> 1.0, >= 1.0.5) + standard (>= 1.35.1, < 2) + standard-custom (>= 1.0.2, < 2) + standard-performance (>= 1.3.1, < 2) + version_gem (>= 1.1.4, < 3) + unicode-display_width (3.1.4) + unicode-emoji (~> 4.0, >= 4.0.4) + unicode-emoji (4.0.4) + uri (1.0.3) + version_gem (1.1.8) + yard (0.9.37) PLATFORMS x86_64-darwin-21 + x86_64-linux DEPENDENCIES addressable (>= 2) backports (>= 3) - bundler (>= 2) byebug codecov (~> 0.6) github-markup + nkf (~> 0.2) oauth2! overcommit (~> 0.58) pry-debugger-jruby @@ -147,4 +213,4 @@ DEPENDENCIES yard BUNDLED WITH - 2.3.22 + 2.6.8 diff --git a/oauth2.gemspec b/oauth2.gemspec index ba436492..ecb1a31f 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -4,13 +4,6 @@ require_relative 'lib/oauth2/version' Gem::Specification.new do |spec| - spec.add_dependency 'faraday', ['>= 0.17.3', '< 3.0'] - spec.add_dependency 'jwt', ['>= 1.0', '< 3.0'] - spec.add_dependency 'multi_xml', '~> 0.5' - spec.add_dependency 'rack', ['>= 1.2', '< 4'] - spec.add_dependency 'snaky_hash', '~> 2.0' - spec.add_dependency 'version_gem', '~> 1.1' - # Linux distros may package ruby gems differently, # and securely certify them independently via alternate package management systems. # Ref: https://gitlab.com/oauth-xx/version_gem/-/issues/3 @@ -36,7 +29,7 @@ Gem::Specification.new do |spec| spec.name = 'oauth2' spec.required_ruby_version = '>= 2.2.0' spec.version = OAuth2::Version::VERSION - spec.post_install_message = " + spec.post_install_message = <<~POST You have installed oauth2 version #{OAuth2::Version::VERSION}, congratulations! There are BREAKING changes if you are upgrading from < v2, but most will not encounter them, and updating your code should be easy! @@ -45,33 +38,32 @@ Please see: • #{spec.homepage}/-/blob/v#{spec.version}/CHANGELOG.md#200-2022-06-21-tag • Summary of most important breaking changes: #{spec.homepage}#what-is-new-for-v20 -Major updates: -1. master branch renamed to main -• Update your local: git checkout master; git branch -m master main; git branch --unset-upstream; git branch -u origin/main -2. Github has been replaced with Gitlab; I wrote about some of the reasons here: -• https://dev.to/galtzo/im-leaving-github-50ba -• Update your local: git remote set-url origin git@gitlab.com:oauth-xx/oauth2.git -3. Google Group is active (again)! +There are BUGFIXES in v2.0.10, which depending on how you relied on them instead of reporting and fixing them, may be BREAKING for you. +For more information please see: +https://railsbling.com/tags/oauth2 + +Important News: +1. Google Group is "active" (again)! • https://groups.google.com/g/oauth-ruby/c/QA_dtrXWXaE -4. Gitter Chat is active (still)! -• https://gitter.im/oauth-xx/ -5. Non-commercial support for the 2.x series will end by April, 2024. Please make a plan to upgrade to the next version prior to that date. -Support will be dropped for Ruby 2.2, 2.3, 2.4, 2.5, 2.6, 2.7 and any other Ruby versions which will also have reached EOL by then. -6. Gem releases are now cryptographically signed for security. +2. Non-commercial support for the 2.x series will end by April, 2026. Please make a plan to upgrade to the next version prior to that date. +Support will be dropped for Ruby 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 3.0, 3.1 and any other Ruby versions which will also have reached EOL by then. +3. Gem releases are now cryptographically signed with a 20-year cert, with checksums by stone_checksums. +4. I need your support. -If you are a human, please consider a donation as I move toward supporting myself with Open Source work: +If you are a sentient, please consider a donation as I move toward supporting myself with Open Source work: • https://liberapay.com/pboling • https://ko-fi.com/pboling -• https://patreon.com/galtzo +• https://www.buymeacoffee.com/pboling +• https://github.com/sponsors/pboling If you are a corporation, please consider supporting this project, and open source work generally, with a TideLift subscription. • https://tidelift.com/funding/github/rubygems/oauth • Or hire me. I am looking for a job! -Please report issues, and support the project! +Please report issues, and star the project! Thanks, |7eter l-|. l3oling -" +POST spec.metadata['homepage_uri'] = spec.homepage spec.metadata['source_code_uri'] = "#{spec.homepage}/-/tree/v#{spec.version}" @@ -80,23 +72,49 @@ Thanks, |7eter l-|. l3oling spec.metadata['documentation_uri'] = "https://www.rubydoc.info/gems/#{spec.name}/#{spec.version}" spec.metadata['wiki_uri'] = "#{spec.homepage}/-/wiki" spec.metadata['mailing_list_uri'] = 'https://groups.google.com/g/oauth-ruby' + spec.metadata["news_uri"] = "https://www.railsbling.com/tags/#{spec.name}" spec.metadata['funding_uri'] = 'https://liberapay.com/pboling' spec.metadata['rubygems_mfa_required'] = 'true' - spec.require_paths = %w[lib] + # Specify which files should be added to the gem when it is released. spec.files = Dir[ - 'lib/**/*', - 'CHANGELOG.md', - 'CODE_OF_CONDUCT.md', - 'CONTRIBUTING.md', - 'LICENSE.txt', - 'README.md', - 'SECURITY.md', + # Splats (alphabetical) + "lib/**/*", + ] + # Automatically included with gem package, no need to list again in files. + spec.extra_rdoc_files = Dir[ + # Files (alphabetical) + "CHANGELOG.md", + "CODE_OF_CONDUCT.md", + "CONTRIBUTING.md", + "LICENSE.txt", + "README.md", + "SECURITY.md", ] + spec.rdoc_options += [ + "--title", + "#{spec.name} - #{spec.summary}", + "--main", + "README.md", + "--line-numbers", + "--inline-source", + "--quiet", + ] + spec.require_paths = ["lib"] + spec.bindir = "exe" + spec.executables = [] + + spec.add_dependency 'faraday', ['>= 0.17.3', '< 3.0'] + spec.add_dependency 'jwt', ['>= 1.0', '< 3.0'] + spec.add_dependency 'multi_xml', '~> 0.5' + spec.add_dependency 'rack', ['>= 1.2', '< 4'] + spec.add_dependency 'snaky_hash', '~> 2.0' + spec.add_dependency("version_gem", ">= 1.1.8", "< 3") # Ruby >= 2.2.0 spec.add_development_dependency 'addressable', '>= 2' spec.add_development_dependency 'backports', '>= 3' - spec.add_development_dependency 'bundler', '>= 2' + spec.add_development_dependency 'nkf', '~> 0.2' + spec.add_development_dependency 'byebug', '~> 11' spec.add_development_dependency 'rake', '>= 12' spec.add_development_dependency 'rexml', '>= 3' spec.add_development_dependency 'rspec', '>= 3' From e9e21dadbddb935e92bbc62b4817875412a4c6d8 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Mon, 12 May 2025 22:39:26 +0700 Subject: [PATCH 259/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20updates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/FUNDING.yml | 2 +- .github/dependabot.yml | 4 + CONTRIBUTING.md | 162 +++++++++++++++++++++++++++++++++-------- oauth2.gemspec | 2 +- 4 files changed, 137 insertions(+), 33 deletions(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index f6d2e5aa..e6c57875 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -9,5 +9,5 @@ liberapay: pboling # Replace with a single Liberapay username open_collective: # Replace with a single Open Collective username patreon: galtzo # Replace with a single Patreon username polar: pboling -thanks_dev: gh/pboling +thanks_dev: u/gh/pboling tidelift: rubygems/oauth2 # Replace with a single Tidelift platform-name/package-name e.g., npm/babel diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 89c4a1c3..dc043b45 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,3 +8,7 @@ updates: open-pull-requests-limit: 10 ignore: - dependency-name: "rubocop-lts" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1b81c846..b4401666 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,38 +2,138 @@ Bug reports and pull requests are welcome on GitLab at [https://gitlab.com/oauth-xx/oauth2][🚎src-main] . This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to -the [code of conduct][conduct]. - -To submit a patch, please fork the project and create a patch with -tests. Once you're happy with it send a pull request and post a message to the -[google group][mailinglist] or on the [gitter chat][🏘chat]. - -## Detailed instructions on Submitting a Pull Request -1. [Fork the repository.][fork] -2. [Create a topic branch.][branch] -3. Add specs for your unimplemented feature or bug fix. -4. Run `bundle exec rake spec`. If your specs pass, return to step 3. -5. Implement your feature or bug fix. -6. Run `bundle exec rake`. If your specs fail, return to step 5. -7. Run `open coverage/index.html`. If your changes are not completely covered - by your tests, return to step 3. -8. Add documentation for your feature or bug fix. -9. Run `bundle exec rake verify_measurements`. If your changes are not 100% - documented, go back to step 8. -10. Commit and push your changes. -11. [Submit a pull request.][pr] - -[fork]: http://help.github.com/fork-a-repo/ -[branch]: http://learn.github.com/p/branching.html -[pr]: http://help.github.com/send-pull-requests/ +the [code of conduct][🤝conduct]. + +To submit a patch, please fork the project and create a patch with tests. +Once you're happy with it send a pull request. + +We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you make changes, remember to update it. + +## You can help! + +Take a look at the `reek` list which is the file called `REEK` and find something to improve. + +Simply follow these instructions: + +1. Fork the repository +2. Create your feature branch (`git checkout -b my-new-feature`) +3. Make some fixes. +4. Commit your changes (`git commit -am 'Added some feature'`) +5. Push to the branch (`git push origin my-new-feature`) +6. Make sure to add tests for it. This is important, so it doesn't break in a future release. +7. Create new Pull Request. + +## Appraisals + +From time to time the appraisal gemfiles in `gemfiles/` will need to be updated. +They are created and updated with the commands: + +NOTE: We run on a [fork][🚎appraisal-fork] of Appraisal. + +Please upvote the PR for `eval_gemfile` [support][🚎appraisal-eval-gemfile-pr] + +```shell +BUNDLE_GEMFILE=Appraisal.root.gemfile bundle +BUNDLE_GEMFILE=Appraisal.root.gemfile bundle exec appraisal update +bundle exec rake rubocop_gradual:autocorrect +``` + +When adding an appraisal to CI check the [runner tool cache][🏃‍♂️runner-tool-cache] to see which runner to use. + +## The Reek List + +Take a look at the `reek` list which is the file called `REEK` and find something to improve. + +To refresh the `reek` list: + +```bash +bundle exec reek > REEK +``` + +## Run Tests + +To run all tests + +```bash +bundle exec rake test +``` + +## Lint It + +Run all the default tasks, which includes running the gradually autocorrecting linter, `rubocop-gradual`. + +```bash +bundle exec rake +``` + +Or just run the linter. + +```bash +bundle exec rake rubocop_gradual:autocorrect +``` ## Contributors -See: [https://gitlab.com/oauth-xx/oauth2/-/graphs/main][🚎contributors] +Your picture could be here! + +[![Contributors][🖐contributors-img]][🖐contributors] + +Made with [contributors-img][🖐contrib-rocks]. + +Also see GitLab Contributors: [https://gitlab.com/oauth-xx/oauth2/-/graphs/main][🚎contributors-gl] + +## For Maintainers + +### One-time, Per-maintainer, Setup + +**IMPORTANT**: If you want to sign the build you create, +your public key for signing gems will need to be picked up by the line in the +`gemspec` defining the `spec.cert_chain` (check the relevant ENV variables there). +All releases to RubyGems.org will be signed. +See: [RubyGems Security Guide][🔒️rubygems-security-guide] + +NOTE: To build without signing the gem you must set `SKIP_GEM_SIGNING` to some value in your environment. + +### To release a new version: + +1. Run `bin/setup && bin/rake` as a tests, coverage, & linting sanity check +2. Update the version number in `version.rb`, and ensure `CHANGELOG.md` reflects changes +3. Run `bin/setup && bin/rake` again as a secondary check, and to update `Gemfile.lock` +4. Run `git commit -am "🔖 Prepare release v"` to commit the changes +5. Run `git push` to trigger the final CI pipeline before release, & merge PRs + - NOTE: Remember to [check the build][🧪build]! +6. Run `export GIT_TRUNK_BRANCH_NAME="$(git remote show origin | grep 'HEAD branch' | cut -d ' ' -f5)" && echo $GIT_TRUNK_BRANCH_NAME` +7. Run `git checkout $GIT_TRUNK_BRANCH_NAME` +8. Run `git pull origin $GIT_TRUNK_BRANCH_NAME` to ensure you will release the latest trunk code +9. Set `SOURCE_DATE_EPOCH` so `rake build` and `rake release` use same timestamp, and generate same checksums + - Run `export SOURCE_DATE_EPOCH=$EPOCHSECONDS && echo $SOURCE_DATE_EPOCH` + - If the echo above has no output, then it didn't work. + - Note that you'll need the `zsh/datetime` module, if running `zsh`. + - In older versions of `bash` you can use `date +%s` instead, i.e. `export SOURCE_DATE_EPOCH=$(date +%s) && echo $SOURCE_DATE_EPOCH` +10. Run `bundle exec rake build` +11. Run `bin/gem_checksums` (more context [1][🔒️rubygems-checksums-pr], [2][🔒️rubygems-guides-pr]) + to create SHA-256 and SHA-512 checksums. This functionality is provided by the `stone_checksums` + [gem][💎stone_checksums]. + - Checksums will be committed automatically by the script, but not pushed +12. Run `bundle exec rake release` which will create a git tag for the version, + push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems] -[comment]: <> (Following links are used by README, CONTRIBUTING, Homepage) -[conduct]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CODE_OF_CONDUCT.md -[🚎contributors]: https://gitlab.com/oauth-xx/oauth2/-/graphs/main -[mailinglist]: http://groups.google.com/group/oauth-ruby -[🚎src-main]: https://gitlab.com/oauth-xx/oauth2/-/tree/main -[🏘chat]: https://gitter.im/oauth-xx/oauth2 \ No newline at end of file +[🚎src-main]: https://gitlab.com/oauth-xx/oauth2 +[🧪build]: https://github.com/oauth-xx/oauth2/actions +[🤝conduct]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CODE_OF_CONDUCT.md +[🖐contrib-rocks]: https://contrib.rocks +[🖐contributors]: https://github.com/oauth-xx/oauth2/graphs/contributors +[🚎contributors-gl]: https://gitlab.com/oauth-xx/oauth2/-/graphs/main +[🖐contributors-img]: https://contrib.rocks/image?repo=oauth-xx/oauth2 +[💎rubygems]: https://rubygems.org +[🔒️rubygems-security-guide]: https://guides.rubygems.org/security/#building-gems +[🔒️rubygems-checksums-pr]: https://github.com/rubygems/rubygems/pull/6022 +[🔒️rubygems-guides-pr]: https://github.com/rubygems/guides/pull/325 +[💎stone_checksums]: https://github.com/pboling/stone_checksums +[📗keep-changelog]: https://keepachangelog.com/en/1.0.0/ +[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-FFDD67.svg?style=flat +[📌semver-breaking]: https://github.com/semver/semver/issues/716#issuecomment-869336139 +[📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html +[🚎appraisal-eval-gemfile-pr]: https://github.com/thoughtbot/appraisal/pull/248 +[🚎appraisal-fork]: https://github.com/pboling/appraisal/tree/galtzo +[🏃‍♂️runner-tool-cache]: https://github.com/ruby/ruby-builder/releases/tag/toolcache diff --git a/oauth2.gemspec b/oauth2.gemspec index ecb1a31f..e21d069e 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -50,7 +50,7 @@ Support will be dropped for Ruby 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 3.0, 3.1 and any 3. Gem releases are now cryptographically signed with a 20-year cert, with checksums by stone_checksums. 4. I need your support. -If you are a sentient, please consider a donation as I move toward supporting myself with Open Source work: +If you are sentient, please consider a donation as I move toward supporting myself with Open Source work: • https://liberapay.com/pboling • https://ko-fi.com/pboling • https://www.buymeacoffee.com/pboling From da048560ca86714708a863bed01ac90af1453da9 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 13 May 2025 00:50:55 +0700 Subject: [PATCH 260/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20changes=20in?= =?UTF-8?q?=20HEAD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d23a6cb0..265d6adc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,17 +10,24 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ### Fixed ### Removed -## [2.0.10] - 2022-09-27 ([tag][2.0.10t]) +## [2.0.10] - 2025-05-12 ([tag][2.0.10t]) ### Added -- Certificate for signing gem releases (@pboling) +- [#635](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/635) - `.gitlab-ci.yml` file (@jessieay) +- 20 year certificate for signing gem releases, expires 2045-04-29 (@pboling) - Gemspec metadata (@pboling) - funding_uri + - news_uri - mailing_list_uri - SHA256 and SHA512 Checksums for release (@pboling) ### Changed -- Gem releases are now cryptographically signed (@pboling) +- Gem releases are now cryptographically signed, with a 20-year cert (@pboling) ### Fixed -- [!633](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/633) Spaces will now be encoded as `%20` instead of `+` (@nov.matake) +- [#633](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/633) - Spaces will now be encoded as `%20` instead of `+` (@nov.matake) +- [#634](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/634) - `CHANGELOG.md` documentation fix (@skuwa229) +- [#638](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/638) - fix `expired?` when `expires_in` is `0` (@disep) +- [#639](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/639) - Only instantiate `OAuth2::Error` if `raise_errors` option is `true` (@glytch2) +- [#640](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/640) - `README.md` documentation fix (@martinezcoder) +- [#641](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/641) - Do not include sensitive information in the `inspect` (@manuelvanrijn) ## [2.0.9] - 2022-09-16 ([tag][2.0.9t]) ### Added From fc87de3dde8be161a5c513bc2cbcdb75340275d6 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 05:47:53 +0700 Subject: [PATCH 261/645] =?UTF-8?q?=F0=9F=94=A8=20binstubs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bin/bundle | 32 ++++++++++++++++---------------- bin/bundle-audit | 27 +++++++++++++++++++++++++++ bin/bundler-audit | 27 +++++++++++++++++++++++++++ bin/code_climate_reek | 27 +++++++++++++++++++++++++++ bin/coderay | 27 +++++++++++++++++++++++++++ bin/console | 7 +++---- bin/github-markup | 27 +++++++++++++++++++++++++++ bin/htmldiff | 27 +++++++++++++++++++++++++++ bin/irb | 27 +++++++++++++++++++++++++++ bin/ldiff | 27 +++++++++++++++++++++++++++ bin/racc | 27 +++++++++++++++++++++++++++ bin/rake | 10 +++++----- bin/rdbg | 27 +++++++++++++++++++++++++++ bin/rdoc | 27 +++++++++++++++++++++++++++ bin/redcarpet | 27 +++++++++++++++++++++++++++ bin/reek | 27 +++++++++++++++++++++++++++ bin/ri | 27 +++++++++++++++++++++++++++ bin/rspec | 10 +++++----- bin/rubocop | 10 +++++----- bin/rubocop-gradual | 27 +++++++++++++++++++++++++++ bin/ruby-parse | 27 +++++++++++++++++++++++++++ bin/ruby-rewrite | 27 +++++++++++++++++++++++++++ bin/standardrb | 27 +++++++++++++++++++++++++++ bin/thor | 27 +++++++++++++++++++++++++++ bin/yard | 27 +++++++++++++++++++++++++++ bin/yard-junk | 27 +++++++++++++++++++++++++++ bin/yardoc | 27 +++++++++++++++++++++++++++ bin/yri | 27 +++++++++++++++++++++++++++ 28 files changed, 655 insertions(+), 35 deletions(-) create mode 100644 bin/bundle-audit create mode 100644 bin/bundler-audit create mode 100644 bin/code_climate_reek create mode 100644 bin/coderay create mode 100644 bin/github-markup create mode 100644 bin/htmldiff create mode 100644 bin/irb create mode 100644 bin/ldiff create mode 100644 bin/racc create mode 100644 bin/rdbg create mode 100644 bin/rdoc create mode 100644 bin/redcarpet create mode 100644 bin/reek create mode 100644 bin/ri create mode 100644 bin/rubocop-gradual create mode 100644 bin/ruby-parse create mode 100644 bin/ruby-rewrite create mode 100644 bin/standardrb create mode 100644 bin/thor create mode 100644 bin/yard create mode 100644 bin/yard-junk create mode 100644 bin/yardoc create mode 100644 bin/yri diff --git a/bin/bundle b/bin/bundle index fece50fe..4a95618e 100755 --- a/bin/bundle +++ b/bin/bundle @@ -8,7 +8,7 @@ # this file is here to facilitate running it. # -require 'rubygems' +require "rubygems" m = Module.new do module_function @@ -18,18 +18,18 @@ module_function end def env_var_version - ENV['BUNDLER_VERSION'] + ENV["BUNDLER_VERSION"] end def cli_arg_version return unless invoked_as_script? # don't want to hijack other binstubs - return unless 'update'.start_with?(ARGV.first || ' ') # must be running `bundle update` + return unless "update".start_with?(ARGV.first || " ") # must be running `bundle update` bundler_version = nil update_index = nil ARGV.each_with_index do |a, i| bundler_version = a if update_index && update_index.succ == i && a =~ Gem::Version::ANCHORED_VERSION_PATTERN - next unless a =~ /\A--bundler(?:[= ](#{Gem::Version::VERSION_PATTERN}))?\z/ + next unless a =~ /\A--bundler(?:[= ](#{Gem::Version::VERSION_PATTERN}))?\z/o bundler_version = Regexp.last_match(1) update_index = i @@ -38,16 +38,16 @@ module_function end def gemfile - gemfile = ENV['BUNDLE_GEMFILE'] + gemfile = ENV["BUNDLE_GEMFILE"] return gemfile if gemfile && !gemfile.empty? - File.expand_path('../Gemfile', __dir__) + File.expand_path("../Gemfile", __dir__) end def lockfile lockfile = case File.basename(gemfile) - when 'gems.rb' then gemfile.sub(/\.rb$/, gemfile) + when "gems.rb" then gemfile.sub(/\.rb$/, gemfile) else "#{gemfile}.lock" end File.expand_path(lockfile) @@ -57,7 +57,7 @@ module_function return unless File.file?(lockfile) lockfile_contents = File.read(lockfile) - return unless lockfile_contents =~ /\n\nBUNDLED WITH\n\s{2,}(#{Gem::Version::VERSION_PATTERN})\n/ + return unless lockfile_contents =~ /\n\nBUNDLED WITH\n\s{2,}(#{Gem::Version::VERSION_PATTERN})\n/o Regexp.last_match(1) end @@ -75,32 +75,32 @@ module_function requirement = bundler_gem_version.approximate_recommendation - return requirement unless Gem.rubygems_version < Gem::Version.new('2.7.0') + return requirement unless Gem.rubygems_version < Gem::Version.new("2.7.0") - requirement += '.a' if bundler_gem_version.prerelease? + requirement += ".a" if bundler_gem_version.prerelease? requirement end def load_bundler! - ENV['BUNDLE_GEMFILE'] ||= gemfile + ENV["BUNDLE_GEMFILE"] ||= gemfile activate_bundler end def activate_bundler gem_error = activation_error_handling do - gem 'bundler', bundler_requirement + gem("bundler", bundler_requirement) end return if gem_error.nil? require_error = activation_error_handling do - require 'bundler/version' + require "bundler/version" end return if require_error.nil? && Gem::Requirement.new(bundler_requirement).satisfied_by?(Gem::Version.new(Bundler::VERSION)) - warn "Activating bundler (#{bundler_requirement}) failed:\n#{gem_error.message}\n\nTo install the version of bundler this project requires, run `gem install bundler -v '#{bundler_requirement}'`" - exit 42 + warn("Activating bundler (#{bundler_requirement}) failed:\n#{gem_error.message}\n\nTo install the version of bundler this project requires, run `gem install bundler -v '#{bundler_requirement}'`") + exit(42) end def activation_error_handling @@ -113,4 +113,4 @@ end m.load_bundler! -load Gem.bin_path('bundler', 'bundle') if m.invoked_as_script? +load Gem.bin_path("bundler", "bundle") if m.invoked_as_script? diff --git a/bin/bundle-audit b/bin/bundle-audit new file mode 100644 index 00000000..a0e7ba0e --- /dev/null +++ b/bin/bundle-audit @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'bundle-audit' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("bundler-audit", "bundle-audit") diff --git a/bin/bundler-audit b/bin/bundler-audit new file mode 100644 index 00000000..334a7378 --- /dev/null +++ b/bin/bundler-audit @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'bundler-audit' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("bundler-audit", "bundler-audit") diff --git a/bin/code_climate_reek b/bin/code_climate_reek new file mode 100644 index 00000000..afe0d79f --- /dev/null +++ b/bin/code_climate_reek @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'code_climate_reek' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("reek", "code_climate_reek") diff --git a/bin/coderay b/bin/coderay new file mode 100644 index 00000000..b13b22e9 --- /dev/null +++ b/bin/coderay @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'coderay' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("coderay", "coderay") diff --git a/bin/console b/bin/console index d8fb16d0..53fc8fd9 100755 --- a/bin/console +++ b/bin/console @@ -1,16 +1,15 @@ #!/usr/bin/env ruby # frozen_string_literal: true -require 'bundler/setup' -require 'oauth2' +require "bundler/setup" +require "oauth2" # You can add fixtures and/or initialization code here to make experimenting # with your gem easier. You can also use a different console, if you like. -require 'byebug' if ENV['DEBUG'] == 'true' # (If you use this, don't forget to add pry to your Gemfile!) # require "pry" # Pry.start -require 'irb' +require "irb" IRB.start(__FILE__) diff --git a/bin/github-markup b/bin/github-markup new file mode 100644 index 00000000..5cb47930 --- /dev/null +++ b/bin/github-markup @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'github-markup' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("github-markup", "github-markup") diff --git a/bin/htmldiff b/bin/htmldiff new file mode 100644 index 00000000..0aeaec87 --- /dev/null +++ b/bin/htmldiff @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'htmldiff' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("diff-lcs", "htmldiff") diff --git a/bin/irb b/bin/irb new file mode 100644 index 00000000..e7de6d6c --- /dev/null +++ b/bin/irb @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'irb' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("irb", "irb") diff --git a/bin/ldiff b/bin/ldiff new file mode 100644 index 00000000..8173edec --- /dev/null +++ b/bin/ldiff @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'ldiff' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("diff-lcs", "ldiff") diff --git a/bin/racc b/bin/racc new file mode 100644 index 00000000..81900158 --- /dev/null +++ b/bin/racc @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'racc' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("racc", "racc") diff --git a/bin/rake b/bin/rake index 5f615c2a..51e10c4a 100755 --- a/bin/rake +++ b/bin/rake @@ -8,9 +8,9 @@ # this file is here to facilitate running it. # -ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) -bundle_binstub = File.expand_path('bundle', __dir__) +bundle_binstub = File.expand_path("bundle", __dir__) if File.file?(bundle_binstub) if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ @@ -21,7 +21,7 @@ Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this end end -require 'rubygems' -require 'bundler/setup' +require "rubygems" +require "bundler/setup" -load Gem.bin_path('rake', 'rake') +load Gem.bin_path("rake", "rake") diff --git a/bin/rdbg b/bin/rdbg new file mode 100644 index 00000000..5e3b279f --- /dev/null +++ b/bin/rdbg @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'rdbg' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("debug", "rdbg") diff --git a/bin/rdoc b/bin/rdoc new file mode 100644 index 00000000..d2b6bcf8 --- /dev/null +++ b/bin/rdoc @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'rdoc' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("rdoc", "rdoc") diff --git a/bin/redcarpet b/bin/redcarpet new file mode 100644 index 00000000..76a1cb80 --- /dev/null +++ b/bin/redcarpet @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'redcarpet' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("redcarpet", "redcarpet") diff --git a/bin/reek b/bin/reek new file mode 100644 index 00000000..2ec45920 --- /dev/null +++ b/bin/reek @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'reek' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("reek", "reek") diff --git a/bin/ri b/bin/ri new file mode 100644 index 00000000..72e25813 --- /dev/null +++ b/bin/ri @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'ri' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("rdoc", "ri") diff --git a/bin/rspec b/bin/rspec index d3f4959a..757e79b3 100755 --- a/bin/rspec +++ b/bin/rspec @@ -8,9 +8,9 @@ # this file is here to facilitate running it. # -ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) -bundle_binstub = File.expand_path('bundle', __dir__) +bundle_binstub = File.expand_path("bundle", __dir__) if File.file?(bundle_binstub) if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ @@ -21,7 +21,7 @@ Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this end end -require 'rubygems' -require 'bundler/setup' +require "rubygems" +require "bundler/setup" -load Gem.bin_path('rspec-core', 'rspec') +load Gem.bin_path("rspec-core", "rspec") diff --git a/bin/rubocop b/bin/rubocop index cc105e8d..2b1fa1f7 100755 --- a/bin/rubocop +++ b/bin/rubocop @@ -8,9 +8,9 @@ # this file is here to facilitate running it. # -ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) -bundle_binstub = File.expand_path('bundle', __dir__) +bundle_binstub = File.expand_path("bundle", __dir__) if File.file?(bundle_binstub) if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ @@ -21,7 +21,7 @@ Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this end end -require 'rubygems' -require 'bundler/setup' +require "rubygems" +require "bundler/setup" -load Gem.bin_path('rubocop', 'rubocop') +load Gem.bin_path("rubocop", "rubocop") diff --git a/bin/rubocop-gradual b/bin/rubocop-gradual new file mode 100644 index 00000000..07520055 --- /dev/null +++ b/bin/rubocop-gradual @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'rubocop-gradual' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("rubocop-gradual", "rubocop-gradual") diff --git a/bin/ruby-parse b/bin/ruby-parse new file mode 100644 index 00000000..d8ebc68d --- /dev/null +++ b/bin/ruby-parse @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'ruby-parse' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("parser", "ruby-parse") diff --git a/bin/ruby-rewrite b/bin/ruby-rewrite new file mode 100644 index 00000000..b4574aba --- /dev/null +++ b/bin/ruby-rewrite @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'ruby-rewrite' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("parser", "ruby-rewrite") diff --git a/bin/standardrb b/bin/standardrb new file mode 100644 index 00000000..b329561c --- /dev/null +++ b/bin/standardrb @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'standardrb' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("standard", "standardrb") diff --git a/bin/thor b/bin/thor new file mode 100644 index 00000000..ec401151 --- /dev/null +++ b/bin/thor @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'thor' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("thor", "thor") diff --git a/bin/yard b/bin/yard new file mode 100644 index 00000000..ea9daf5f --- /dev/null +++ b/bin/yard @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'yard' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("yard", "yard") diff --git a/bin/yard-junk b/bin/yard-junk new file mode 100644 index 00000000..be420a5c --- /dev/null +++ b/bin/yard-junk @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'yard-junk' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("yard-junk", "yard-junk") diff --git a/bin/yardoc b/bin/yardoc new file mode 100644 index 00000000..e1324dc1 --- /dev/null +++ b/bin/yardoc @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'yardoc' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("yard", "yardoc") diff --git a/bin/yri b/bin/yri new file mode 100644 index 00000000..f968fde1 --- /dev/null +++ b/bin/yri @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'yri' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("yard", "yri") From d69b7df178889a94b5a18cda110eb043ea783487 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 05:49:14 +0700 Subject: [PATCH 262/645] =?UTF-8?q?=F0=9F=94=A8=20direnv=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .envrc | 38 ++++++++++++++++++++++++++++++++++++++ .gitignore | 3 +++ 2 files changed, 41 insertions(+) create mode 100644 .envrc diff --git a/.envrc b/.envrc new file mode 100644 index 00000000..83123050 --- /dev/null +++ b/.envrc @@ -0,0 +1,38 @@ +# Run any command in this library's bin/ without the bin/ prefix! +PATH_add bin + +# Only add things to this file that should be shared with the team. + +# **dotenv** (See end of file for .env.local integration) +# .env would override anything in this file, if enabled. +# .env is a DOCKER standard, and if we use it, it would be in deployed, or DOCKER, environments. +# Override and customize anything below in your own .env.local +# If you are using dotenv and not direnv, +# copy the following `export` statements to your own .env file. + +### General Ruby ### +# Turn off Ruby Warnings about deprecated code +# export RUBYOPT="-W0" + +### External Testing Controls +export K_SOUP_COV_DO=true # Means you want code coverage +# Available formats are html, xml, rcov, lcov, json, tty +export K_SOUP_COV_COMMAND_NAME="RSpec Coverage" +export K_SOUP_COV_FORMATTERS="html,tty" +export K_SOUP_COV_MIN_BRANCH=100 # Means you want to enforce X% branch coverage +export K_SOUP_COV_MIN_LINE=100 # Means you want to enforce X% line coverage +export K_SOUP_COV_MIN_HARD=true # Means you want the build to fail if the coverage thresholds are not met +export K_SOUP_COV_MULTI_FORMATTERS=true +export K_SOUP_COV_OPEN_BIN= # Means don't try to open coverage results in browser +export MAX_ROWS=1 # Setting for simplecov-console gem for tty output, limits to the worst N rows of bad coverage + +# Internal Debugging Controls +export DEBUG=false # do not allow byebug statements (override in .env.local) + +# .env would override anything in this file, if `dotenv` is uncommented below. +# .env is a DOCKER standard, and if we use it, it would be in deployed, or DOCKER, environments, +# and that is why we generally want to leave it commented out. +# dotenv + +# .env.local will override anything in this file. +dotenv_if_exists .env.local diff --git a/.gitignore b/.gitignore index 38ac0429..aa5a7c14 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,6 @@ # Version Managers .ruby-version .tool-versions + +# Local config +.env.local \ No newline at end of file From f8a623695ce3c91d73ebe8a5ab638865199a9a0f Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 05:50:33 +0700 Subject: [PATCH 263/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20rubocop-lts?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - add kettle-soup-cover for code coverage --- .rubocop.yml | 18 +-- .rubocop_gradual.lock | 207 +++++++++++++++++++++++++ .rubocop_rspec.yml | 8 +- .rubocop_todo.yml | 46 ------ .simplecov | 33 +--- Gemfile | 73 +++------ Gemfile.lock | 154 ++++++++++++++---- Rakefile | 99 ++++++++---- gemfiles/README.md | 2 +- gemfiles/f0.gemfile | 6 +- gemfiles/f1.gemfile | 6 +- gemfiles/f2.gemfile | 6 +- gemfiles/jruby_9.1.gemfile | 4 +- gemfiles/jruby_9.2.gemfile | 4 +- gemfiles/jruby_head.gemfile | 4 +- gemfiles/modular/audit.gemfile | 5 + gemfiles/modular/coverage.gemfile | 6 + gemfiles/modular/documentation.gemfile | 10 ++ gemfiles/modular/style.gemfile | 19 +++ gemfiles/omnibus.gemfile | 18 +++ gemfiles/ruby_head.gemfile | 4 +- gemfiles/truffleruby.gemfile | 4 +- oauth2.gemspec | 22 ++- spec/config/faraday.rb | 2 + spec/config/multi_xml.rb | 2 + spec/config/rspec/rspec_core.rb | 2 +- spec/spec_helper.rb | 84 +++------- 27 files changed, 554 insertions(+), 294 deletions(-) create mode 100644 .rubocop_gradual.lock delete mode 100644 .rubocop_todo.yml create mode 100644 gemfiles/modular/audit.gemfile create mode 100644 gemfiles/modular/coverage.gemfile create mode 100644 gemfiles/modular/documentation.gemfile create mode 100644 gemfiles/modular/style.gemfile create mode 100644 gemfiles/omnibus.gemfile diff --git a/.rubocop.yml b/.rubocop.yml index 879d964a..e28d34dd 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,19 +1,9 @@ inherit_from: - - .rubocop_todo.yml - .rubocop_rspec.yml inherit_gem: rubocop-lts: rubocop-lts.yml -require: - # Try adding back once we reach rubocop-ruby2_3+ - # - 'rubocop-md' - # Can be added once we reach rubocop-ruby2_3+ - # - 'rubocop-packaging' - - 'rubocop-performance' - - 'rubocop-rake' - - 'rubocop-rspec' - AllCops: DisplayCopNames: true # Display the name of the failing cops Exclude: @@ -38,7 +28,7 @@ Gemspec/RequiredRubyVersion: Metrics/BlockNesting: Max: 2 -Metrics/LineLength: +Layout/LineLength: Enabled: false Metrics/ParameterLists: @@ -60,12 +50,6 @@ Lint/UnusedBlockArgument: - 'vendor/**/*' - '**/.irbrc' -RSpec/DescribeClass: - Exclude: - - 'spec/examples/*' - -RSpec/NestedGroups: - Enabled: false Style/ClassVars: Enabled: false diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock new file mode 100644 index 00000000..de198d17 --- /dev/null +++ b/.rubocop_gradual.lock @@ -0,0 +1,207 @@ +{ + "bin/bundle:3976421676": [ + [66, 5, 20, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2485198147], + [78, 5, 74, "Style/InvertibleUnlessCondition: Prefer `if Gem.rubygems_version >= Gem::Version.new(\"2.7.0\")` over `unless Gem.rubygems_version < Gem::Version.new(\"2.7.0\")`.", 2453573257] + ], + "lib/oauth2.rb:3930909031": [ + [31, 5, 21, "ThreadSafety/ClassAndModuleAttributes: Avoid mutating class and module attributes.", 622027168], + [34, 11, 7, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 651502127] + ], + "lib/oauth2/authenticator.rb:3711266135": [ + [42, 5, 113, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 734523108] + ], + "lib/oauth2/filtered_attributes.rb:1202323815": [ + [3, 5, 63, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2901108034], + [9, 9, 25, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2012823020], + [13, 9, 25, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2012823020] + ], + "lib/oauth2/response.rb:877496664": [ + [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] + ], + "oauth2.gemspec:823817436": [ + [32, 31, 2, "Lint/Syntax: unexpected token tLSHFT\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 5859461], + [35, 64, 4, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2087698944], + [35, 78, 9, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2902117850], + [35, 94, 3, "Lint/Syntax: unexpected token kAND\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193409806], + [41, 7, 3, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193410195], + [41, 25, 2, "Lint/Syntax: no . floating literal anymore; put 0 before dot\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 5859035], + [41, 27, 3, "Lint/Syntax: no . floating literal anymore; put 0 before dot\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193348138], + [41, 38, 9, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2779422747], + [41, 116, 2, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 5861058], + [42, 5, 4, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2087699184], + [43, 6, 2, "Lint/Syntax: unexpected token tSYMBOL\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 5859664], + [46, 11, 5, "Lint/Syntax: unexpected token tCONSTANT\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 208130522], + [46, 29, 1, "Lint/Syntax: unexpected token tLPAREN2\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 177549], + [47, 11, 6, "Lint/Syntax: unknown regexp options: grp\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 1394395017], + [48, 19, 7, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 1917612522], + [48, 35, 1, "Lint/Syntax: unexpected token tINTEGER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 177559], + [48, 55, 2, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 5861086], + [48, 78, 4, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2087696263], + [49, 34, 3, "Lint/Syntax: unexpected token tFLOAT\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193360715], + [49, 137, 4, "Lint/Syntax: unexpected token kTHEN\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2087960114], + [50, 65, 4, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2087760165], + [50, 76, 9, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 3934292795], + [51, 1, 1, "Lint/Syntax: unexpected token tINTEGER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 177553], + [53, 29, 8, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2398562734], + [54, 3, 6, "Lint/Syntax: unexpected token tLABEL\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 1598486836], + [54, 11, 9, "Lint/Syntax: unknown regexp options: lbrapay\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 1036172892], + [55, 11, 2, "Lint/Syntax: unknown regexp options: k\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 5861345], + [56, 11, 3, "Lint/Syntax: unknown regexp options: www\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193428850], + [57, 11, 6, "Lint/Syntax: unknown regexp options: gthb\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 1391167104], + [59, 34, 8, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2398562734], + [59, 68, 3, "Lint/Syntax: unexpected token kAND\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193409806], + [59, 105, 1, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 177604], + [60, 11, 8, "Lint/Syntax: unknown regexp options: tdlft\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 911676110], + [61, 34, 4, "Lint/Syntax: unexpected token tFID\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2088000451], + [63, 23, 3, "Lint/Syntax: unexpected token kAND\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193409806], + [65, 9, 1, "Lint/Syntax: unexpected token tPIPE\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 177625], + [65, 18, 1, "Lint/Syntax: unexpected token tPIPE\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 177625], + [125, 1, 3, "Lint/Syntax: unexpected token kEND\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193405706] + ], + "spec/examples/google_spec.rb:1491180421": [ + [9, 3, 5115, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1014001606], + [97, 5, 1016, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3156315524], + [121, 5, 783, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 1916865261] + ], + "spec/oauth2/access_token_spec.rb:656128421": [ + [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547], + [25, 3, 1935, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1152039306], + [42, 5, 915, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1914441490], + [56, 7, 507, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3775341637], + [81, 5, 564, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 935902373], + [145, 7, 371, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 81675473], + [156, 7, 269, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2703574041], + [166, 7, 343, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 571450510], + [177, 7, 1669, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2358061917], + [185, 9, 218, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2937949503], + [193, 9, 1211, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3948450440], + [201, 11, 416, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3896472588], + [206, 13, 238, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 669428729], + [215, 11, 249, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 962614116], + [223, 11, 248, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1923581233], + [471, 5, 968, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 908014549], + [500, 5, 1224, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [9/5]", 2179768666], + [590, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088], + [641, 3, 3135, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 2805647353], + [660, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639], + [664, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967], + [672, 5, 472, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [9/5]", 1289485551], + [702, 5, 346, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 2554883613], + [712, 5, 398, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 2789987624], + [723, 5, 413, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 1645012911], + [734, 5, 263, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 4224752268], + [753, 3, 385, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 293530329] + ], + "spec/oauth2/authenticator_spec.rb:3057923804": [ + [3, 1, 36, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/authenticator*_spec.rb`.", 819808017], + [51, 15, 20, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 482779785], + [60, 15, 33, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 297534737], + [69, 15, 38, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1480816240], + [79, 13, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2314399065] + ], + "spec/oauth2/client_spec.rb:3227433278": [ + [6, 1, 29, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/client*_spec.rb`.", 439549885], + [174, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224], + [193, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205], + [206, 15, 20, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2320605227], + [221, 15, 20, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1276531672], + [236, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1383956904], + [251, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3376202107], + [472, 7, 241, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1113144453], + [479, 7, 233, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2616254065], + [588, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], + [597, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], + [608, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], + [629, 5, 1711, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 821658737], + [641, 7, 564, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3188010848], + [648, 9, 314, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 2323166106], + [653, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], + [658, 7, 745, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2242274228], + [661, 9, 379, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3157074309], + [671, 9, 266, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 165934392], + [682, 5, 2992, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3212702825], + [698, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [702, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [710, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], + [714, 7, 812, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3531056573], + [722, 9, 505, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2126944993], + [738, 7, 571, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2450549440], + [741, 9, 209, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 1769133328], + [749, 9, 262, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 165934392], + [759, 7, 275, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 4192619324], + [767, 7, 377, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1634937780], + [782, 5, 1920, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3715188517], + [798, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [802, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [810, 7, 298, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2420524519], + [819, 7, 474, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2129407861], + [831, 7, 357, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1696484657], + [882, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325], + [907, 5, 459, "RSpec/NoExpectationExample: No expectation found in this example.", 2216851076], + [917, 7, 450, "RSpec/NoExpectationExample: No expectation found in this example.", 2619808549] + ], + "spec/oauth2/error_spec.rb:1869444751": [ + [23, 1, 28, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/error*_spec.rb`.", 3385870076], + [93, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], + [109, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233], + [241, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], + [257, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233], + [315, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], + [376, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], + [392, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233] + ], + "spec/oauth2/response_spec.rb:3742350944": [ + [3, 1, 31, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/response*_spec.rb`.", 3190869319], + [317, 33, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785] + ], + "spec/oauth2/strategy/assertion_spec.rb:2689603075": [ + [6, 1, 42, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/assertion*_spec.rb`.", 3665690869], + [39, 3, 8004, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3790653154], + [59, 5, 3375, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 1213098407], + [68, 7, 475, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 3673049530], + [83, 7, 511, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 1482428850], + [94, 9, 174, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 509043384], + [101, 7, 626, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 1073364157], + [112, 9, 276, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [12/5]", 3402508104], + [121, 7, 1439, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 4214782678], + [124, 9, 407, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 2866741766], + [134, 9, 268, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 4208916299], + [142, 9, 312, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 4006695562], + [152, 9, 300, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 504386954], + [164, 5, 2485, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3985973933], + [165, 7, 1368, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 975431363], + [190, 7, 1057, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2712213015], + [212, 5, 1639, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [9/5]", 325089515], + [217, 9, 1383, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [9/5]", 2493875547], + [246, 11, 260, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [9/5]", 3397767518], + [254, 11, 223, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [9/5]", 242220550] + ], + "spec/oauth2/strategy/auth_code_spec.rb:142083698": [ + [4, 1, 41, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/auth_code*_spec.rb`.", 1553708922], + [4, 1, 5753, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 833437399], + [48, 3, 919, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3083983110], + [75, 3, 522, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 1383502446], + [94, 3, 672, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3159970527], + [119, 3, 372, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3139680688], + [131, 7, 986, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2685471594] + ], + "spec/oauth2/strategy/base_spec.rb:2524881749": [ + [3, 1, 37, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/base*_spec.rb`.", 1951594922] + ], + "spec/oauth2/strategy/client_credentials_spec.rb:2609739899": [ + [3, 1, 50, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/client_credentials*_spec.rb`.", 690311422] + ], + "spec/oauth2/strategy/implicit_spec.rb:1595799281": [ + [3, 1, 41, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/implicit*_spec.rb`.", 3731171632] + ], + "spec/oauth2/strategy/password_spec.rb:331601826": [ + [3, 1, 41, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/password*_spec.rb`.", 3463323840] + ], + "spec/oauth2/version_spec.rb:2895330438": [ + [3, 1, 30, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/version*_spec.rb`.", 1099517182] + ], + "spec/oauth2_spec.rb:1511642301": [ + [3, 1, 21, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2*_spec.rb`.", 3359091140], + [5, 68, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785] + ] +} diff --git a/.rubocop_rspec.yml b/.rubocop_rspec.yml index 347777dc..461083ca 100644 --- a/.rubocop_rspec.yml +++ b/.rubocop_rspec.yml @@ -1,6 +1,3 @@ -RSpec/FilePath: - Enabled: false - RSpec/MultipleExpectations: Enabled: false @@ -24,3 +21,8 @@ RSpec/NestedGroups: RSpec/ExpectInHook: Enabled: false + +RSpec/DescribeClass: + Exclude: + - 'spec/examples/*' + diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml deleted file mode 100644 index ef809e2c..00000000 --- a/.rubocop_todo.yml +++ /dev/null @@ -1,46 +0,0 @@ -# This configuration was generated by -# `rubocop --auto-gen-config` -# on 2022-09-01 09:04:26 +0700 using RuboCop version 0.68.1. -# The point is for the user to remove these configuration records -# one by one as the offenses are removed from the code base. -# Note that changes in the inspected code, or installation of new -# versions of RuboCop, may require this file to be generated again. - -# Offense count: 9 -Metrics/AbcSize: - Max: 35 - -# Offense count: 6 -# Configuration parameters: CountComments, ExcludedMethods. -# ExcludedMethods: refine -Metrics/BlockLength: - Max: 35 - -# Offense count: 4 -Metrics/CyclomaticComplexity: - Max: 12 - -# Offense count: 11 -# Configuration parameters: CountComments, ExcludedMethods. -Metrics/MethodLength: - Max: 28 - -# Offense count: 3 -Metrics/PerceivedComplexity: - Max: 13 - -# Offense count: 10 -# Configuration parameters: Prefixes. -# Prefixes: when, with, without -RSpec/ContextWording: - Exclude: - - 'spec/oauth2/access_token_spec.rb' - - 'spec/oauth2/authenticator_spec.rb' - - 'spec/oauth2/client_spec.rb' - -# Offense count: 1 -# Configuration parameters: EnforcedStyle. -# SupportedStyles: inline, group -Style/AccessModifierDeclarations: - Exclude: - - 'lib/oauth2.rb' diff --git a/.simplecov b/.simplecov index 423aa578..bfe90c08 100644 --- a/.simplecov +++ b/.simplecov @@ -1,32 +1,3 @@ -# frozen_string_literal: true +require "kettle/soup/cover/config" -# To get coverage -# On Local, default (HTML) output, it just works, coverage is turned on: -# bundle exec rspec spec -# On Local, all output formats: -# COVER_ALL=true bundle exec rspec spec -# -# On CI, all output formats, the ENV variables CI is always set, -# and COVER_ALL, and CI_CODECOV, are set in the coverage.yml workflow only, -# so coverage only runs in that workflow, and outputs all formats. -# - -if RUN_COVERAGE - SimpleCov.start do - enable_coverage :branch - primary_coverage :branch - add_filter 'spec' - add_filter 'lib/oauth2/version.rb' - track_files '**/*.rb' - - if ALL_FORMATTERS - command_name "#{ENV['GITHUB_WORKFLOW']} Job #{ENV['GITHUB_RUN_ID']}:#{ENV['GITHUB_RUN_NUMBER']}" - else - formatter SimpleCov::Formatter::HTMLFormatter - end - - minimum_coverage(line: 100, branch: 100) - end -else - puts "Not running coverage on #{RUBY_ENGINE} #{RUBY_VERSION}" -end +SimpleCov.start diff --git a/Gemfile b/Gemfile index 96cff377..b031a325 100644 --- a/Gemfile +++ b/Gemfile @@ -1,58 +1,31 @@ # frozen_string_literal: true -source 'https://rubygems.org/' - -gemspec +source "https://rubygems.org/" git_source(:github) { |repo_name| "https://github.com/#{repo_name}" } git_source(:gitlab) { |repo_name| "https://gitlab.com/#{repo_name}" } -gem 'rake', '~> 13.0' - -gem 'rspec', '~> 3.0' - -ruby_version = Gem::Version.new(RUBY_VERSION) -minimum_version = ->(version, engine = 'ruby') { ruby_version >= Gem::Version.new(version) && RUBY_ENGINE == engine } -linting = minimum_version.call('2.7') -coverage = minimum_version.call('2.7') -debug = minimum_version.call('2.5') - -gem 'overcommit', '~> 0.58' if linting - -platforms :mri do - if linting - # Danger is incompatible with Faraday 2 (for now) - # see: https://github.com/danger/danger/issues/1349 - # gem 'danger', '~> 8.4' - # Commented out rubocop-md because of the <--rubocop/md--> bug - # gem 'rubocop-md', require: false - # Can be added once we reach rubocop-lts >= v10 (i.e. drop Ruby 2.2) - # gem 'rubocop-packaging', require: false - gem 'rubocop-performance', require: false - gem 'rubocop-rake', require: false - gem 'rubocop-rspec', require: false - gem 'rubocop-thread_safety', require: false - end - if coverage - gem 'codecov', '~> 0.6' # For CodeCov - gem 'simplecov', '~> 0.21', require: false - gem 'simplecov-cobertura' # XML for Jenkins - gem 'simplecov-json' # For CodeClimate - gem 'simplecov-lcov', '~> 0.8', require: false - end - if debug - # Add `byebug` to your code where you want to drop to REPL - gem 'byebug' - end -end -platforms :jruby do - # Add `binding.pry` to your code where you want to drop to REPL - gem 'pry-debugger-jruby' -end +#### IMPORTANT ####################################################### +# Gemfile is for local development ONLY; Gemfile is NOT loaded in CI # +####################################################### IMPORTANT #### + +# Include dependencies from .gemspec +gemspec -### deps for documentation and rdoc.info -group :documentation do - gem 'github-markup', platform: :mri - gem 'redcarpet', platform: :mri - gem 'yard', require: false +platform :mri do + # Use binding.break, binding.b, or debugger in code + gem "debug", ">= 1.0.0" # ruby >= 2.7 + gem "gem_bench", "~> 2.0", ">= 2.0.5" end + +# Security Audit +eval_gemfile "gemfiles/modular/audit.gemfile" + +# Code Coverage +eval_gemfile "gemfiles/modular/coverage.gemfile" + +# Linting +eval_gemfile "gemfiles/modular/style.gemfile" + +# Documentation +eval_gemfile "gemfiles/modular/documentation.gemfile" diff --git a/Gemfile.lock b/Gemfile.lock index e93c8076..8a781169 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,15 @@ +GIT + remote: https://github.com/pboling/yard-junk + revision: 54ccebabbfa9a9cd44d0b991687ebbfd22c32b55 + branch: next + specs: + yard-junk (0.0.10) + backports (>= 3.18) + benchmark + ostruct + rainbow + yard + PATH remote: . specs: @@ -14,30 +26,80 @@ GEM specs: addressable (2.8.7) public_suffix (>= 2.0.2, < 7.0) + ansi (1.5.0) ast (2.4.3) backports (3.25.1) base64 (0.2.0) + benchmark (0.4.0) bigdecimal (3.1.9) - byebug (12.0.0) - childprocess (5.1.0) - logger (~> 1.5) - codecov (0.6.0) - simplecov (>= 0.15, < 0.22) + bundler-audit (0.9.2) + bundler (>= 1.2.0, < 3) + thor (~> 1.0) + concurrent-ruby (1.3.5) + date (3.4.1) + debug (1.10.0) + irb (~> 1.10) + reline (>= 0.3.8) diff-lcs (1.6.2) diffy (3.4.3) docile (1.4.1) + dry-configurable (1.3.0) + dry-core (~> 1.1) + zeitwerk (~> 2.6) + dry-core (1.1.0) + concurrent-ruby (~> 1.0) + logger + zeitwerk (~> 2.6) + dry-inflector (1.2.0) + dry-initializer (3.2.0) + dry-logic (1.6.0) + bigdecimal + concurrent-ruby (~> 1.0) + dry-core (~> 1.1) + zeitwerk (~> 2.6) + dry-schema (1.14.1) + concurrent-ruby (~> 1.0) + dry-configurable (~> 1.0, >= 1.0.1) + dry-core (~> 1.1) + dry-initializer (~> 3.2) + dry-logic (~> 1.5) + dry-types (~> 1.8) + zeitwerk (~> 2.6) + dry-types (1.8.2) + bigdecimal (~> 3.0) + concurrent-ruby (~> 1.0) + dry-core (~> 1.0) + dry-inflector (~> 1.0) + dry-logic (~> 1.4) + zeitwerk (~> 2.6) faraday (2.13.1) faraday-net_http (>= 2.0, < 3.5) json logger faraday-net_http (3.4.0) net-http (>= 0.5.0) + gem_bench (2.0.5) + bundler (>= 1.14) + version_gem (~> 1.1, >= 1.1.4) github-markup (5.0.1) hashie (5.0.0) - iniparse (1.5.0) - json (2.11.3) + io-console (0.8.0) + irb (1.15.2) + pp (>= 0.6.0) + rdoc (>= 4.0.0) + reline (>= 0.4.2) + json (2.12.0) jwt (2.10.1) base64 + kettle-soup-cover (1.0.6) + simplecov (~> 0.22) + simplecov-cobertura (~> 2.1) + simplecov-console (~> 0.9, >= 0.9.1) + simplecov-html (~> 0.12) + simplecov-lcov (~> 0.8) + simplecov-rcov (~> 0.3, >= 0.3.3) + simplecov_json_formatter (~> 0.1, >= 0.1.4) + version_gem (~> 1.1, >= 1.1.7) language_server-protocol (3.17.0.5) lint_roller (1.1.0) logger (1.7.0) @@ -46,22 +108,35 @@ GEM net-http (0.6.0) uri nkf (0.2.0) - overcommit (0.67.1) - childprocess (>= 0.6.3, < 6) - iniparse (~> 1.4) - rexml (>= 3.3.9) + ostruct (0.6.1) parallel (1.27.0) parser (3.3.8.0) ast (~> 2.4.1) racc + pp (0.6.2) + prettyprint + prettyprint (0.2.0) prism (1.4.0) + psych (5.2.6) + date + stringio public_suffix (6.0.2) racc (1.8.1) rack (3.1.14) rainbow (3.1.1) rake (13.2.1) + rdoc (6.13.1) + psych (>= 4.0.0) redcarpet (3.6.1) + reek (6.5.0) + dry-schema (~> 1.13) + logger (~> 1.6) + parser (~> 3.3.0) + rainbow (>= 2.0, < 4.0) + rexml (~> 3.1) regexp_parser (2.10.0) + reline (0.6.1) + io-console (~> 0.5) rexml (3.4.1) rspec (3.13.0) rspec-core (~> 3.13.0) @@ -109,6 +184,9 @@ GEM version_gem (>= 1.1.2, < 3) rubocop-md (1.2.4) rubocop (>= 1.45) + rubocop-packaging (0.6.0) + lint_roller (~> 1.1.0) + rubocop (>= 1.72.1, < 2.0) rubocop-performance (1.25.0) lint_roller (~> 1.1) rubocop (>= 1.75.0, < 2.0) @@ -138,26 +216,29 @@ GEM silent_stream (1.0.10) logger (>= 1.4.4) version_gem (~> 1.1, >= 1.1.7) - simplecov (0.21.2) + simplecov (0.22.0) docile (~> 1.1) simplecov-html (~> 0.11) simplecov_json_formatter (~> 0.1) simplecov-cobertura (2.1.0) rexml simplecov (~> 0.19) - simplecov-html (0.13.1) - simplecov-json (0.2.3) - json + simplecov-console (0.9.3) + ansi simplecov + terminal-table + simplecov-html (0.13.1) simplecov-lcov (0.8.0) + simplecov-rcov (0.3.7) + simplecov (>= 0.4.1) simplecov_json_formatter (0.1.4) snaky_hash (2.0.1) hashie version_gem (~> 1.1, >= 1.1.1) - standard (1.49.0) + standard (1.50.0) language_server-protocol (~> 3.17.0.2) lint_roller (~> 1.0) - rubocop (~> 1.75.2) + rubocop (~> 1.75.5) standard-custom (~> 1.0.0) standard-performance (~> 1.8) standard-custom (1.0.2) @@ -172,12 +253,17 @@ GEM standard-custom (>= 1.0.2, < 2) standard-performance (>= 1.3.1, < 2) version_gem (>= 1.1.4, < 3) + stringio (3.1.7) + terminal-table (4.0.0) + unicode-display_width (>= 1.1.1, < 4) + thor (1.3.2) unicode-display_width (3.1.4) unicode-emoji (~> 4.0, >= 4.0.4) unicode-emoji (4.0.4) uri (1.0.3) version_gem (1.1.8) yard (0.9.37) + zeitwerk (2.7.2) PLATFORMS x86_64-darwin-21 @@ -186,31 +272,31 @@ PLATFORMS DEPENDENCIES addressable (>= 2) backports (>= 3) - byebug - codecov (~> 0.6) - github-markup + benchmark (~> 0.4) + bundler-audit (~> 0.9.2) + debug (>= 1.0.0) + gem_bench (~> 2.0, >= 2.0.5) + github-markup (~> 5.0, >= 5.0.1) + kettle-soup-cover (~> 1.0, >= 1.0.6) nkf (~> 0.2) oauth2! - overcommit (~> 0.58) - pry-debugger-jruby - rake (~> 13.0) - redcarpet + rake (>= 12) + rdoc (~> 6.11) + redcarpet (~> 3.6) + reek (~> 6.4) rexml (>= 3) - rspec (~> 3.0) + rspec (>= 3) rspec-block_is_expected rspec-pending_for rspec-stubbed_env + rubocop (~> 1.73, >= 1.73.2) rubocop-lts (~> 8.0) - rubocop-performance - rubocop-rake - rubocop-rspec - rubocop-thread_safety + rubocop-packaging (~> 0.5, >= 0.5.2) + rubocop-rspec (~> 3.2) silent_stream - simplecov (~> 0.21) - simplecov-cobertura - simplecov-json - simplecov-lcov (~> 0.8) - yard + standard (~> 1.47) + yard (~> 0.9, >= 0.9.37) + yard-junk (~> 0.0, >= 0.0.10)! BUNDLED WITH 2.6.8 diff --git a/Rakefile b/Rakefile index 9449ebe8..cdd18938 100644 --- a/Rakefile +++ b/Rakefile @@ -1,43 +1,88 @@ -# encoding: utf-8 -# frozen_string_literal: true +require "bundler/gem_tasks" -# !/usr/bin/env rake +defaults = [] -require 'bundler/gem_tasks' +# See: https://docs.gitlab.com/ci/variables/predefined_variables/ +is_gitlab = ENV.fetch("https://github.com/GITLAB_CI", "false").casecmp("true") == 0 +# Setup Bundle Audit begin - require 'rspec/core/rake_task' + require "bundler/audit/task" + + Bundler::Audit::Task.new + defaults.push("bundle:audit:update", "bundle:audit") +rescue LoadError + desc("(stub) bundle:audit is unavailable") + task("bundle:audit") do + warn("NOTE: bundler-audit isn't installed, or is disabled for #{RUBY_VERSION} in the current environment") + end + desc("(stub) bundle:audit:update is unavailable") + task("bundle:audit:update") do + warn("NOTE: bundler-audit isn't installed, or is disabled for #{RUBY_VERSION} in the current environment") + end +end + +begin + require "rspec/core/rake_task" + RSpec::Core::RakeTask.new(:spec) + defaults << "spec" rescue LoadError - desc 'spec task stub' - task :spec do - warn 'rspec is disabled' + desc("spec task stub") + task(:spec) do + warn("NOTE: rspec isn't installed, or is disabled for #{RUBY_VERSION} in the current environment") end end -desc 'alias test task to spec' + +desc "run spec task with test task" task test: :spec +# Setup RuboCop-LTS begin - require 'rubocop/rake_task' - RuboCop::RakeTask.new do |task| - task.options = ['-D'] # Display the name of the failing cops + require "rubocop/lts" + + Rubocop::Lts.install_tasks + defaults << "rubocop_gradual" +rescue LoadError + desc("(stub) rubocop_gradual is unavailable") + task(:rubocop_gradual) do + warn("NOTE: rubocop-lts isn't installed, or is disabled for #{RUBY_VERSION} in the current environment") + end +end + +# Setup Yard +begin + require "yard" + + YARD::Rake::YardocTask.new(:yard) do |t| + t.files = [ + # Splats (alphabetical) + "lib/**/*.rb", + ] + end + defaults << "yard" +rescue LoadError + desc("(stub) yard is unavailable") + task(:yard) do + warn("NOTE: yard isn't installed, or is disabled for #{RUBY_VERSION} in the current environment") + end +end + +# Setup Reek +begin + require "reek/rake/task" + + Reek::Rake::Task.new do |t| + t.fail_on_error = true + t.verbose = false + t.source_files = "{lib,spec}/**/*.rb" end + defaults << "reek" unless is_gitlab rescue LoadError - desc 'rubocop task stub' - task :rubocop do - warn 'RuboCop is disabled' + desc("(stub) reek is unavailable") + task(:reek) do + warn("NOTE: reek isn't installed, or is disabled for #{RUBY_VERSION} in the current environment") end end -# namespace :doc do -# require 'rdoc/task' -# require 'oauth2/version' -# RDoc::Task.new do |rdoc| -# rdoc.rdoc_dir = 'rdoc' -# rdoc.title = "oauth2 #{OAuth2::Version}" -# rdoc.main = 'README.md' -# rdoc.rdoc_files.include('README.md', 'LICENSE.txt', 'lib/**/*.rb') -# end -# end - -task default: %i[test rubocop] +task default: defaults diff --git a/gemfiles/README.md b/gemfiles/README.md index 1ac3a713..b217d4cf 100644 --- a/gemfiles/README.md +++ b/gemfiles/README.md @@ -4,7 +4,7 @@ and thus is the oldest version oauth2 is compatible with. ```ruby -gem 'faraday', ['>= 0.17.3', '< 3.0'] +gem "faraday", [">= 0.17.3", "< 3.0"] ``` # Ruby diff --git a/gemfiles/f0.gemfile b/gemfiles/f0.gemfile index 4cb7f887..dc8d3f31 100644 --- a/gemfiles/f0.gemfile +++ b/gemfiles/f0.gemfile @@ -1,11 +1,11 @@ # frozen_string_literal: true -source 'https://rubygems.org/' +source "https://rubygems.org/" # See README.md in this directory # 0.17.3 is the first version that stops using &Proc.new for block forwarding, # and thus is the oldest version oauth2 is compatible with. -gem 'faraday', '~> 0.17.4' +gem "faraday", "~> 0.17.4" -gemspec path: '../' +gemspec path: "../" diff --git a/gemfiles/f1.gemfile b/gemfiles/f1.gemfile index 94cba5c6..40043bca 100644 --- a/gemfiles/f1.gemfile +++ b/gemfiles/f1.gemfile @@ -1,9 +1,9 @@ # frozen_string_literal: true -source 'https://rubygems.org/' +source "https://rubygems.org/" # See README.md in this directory -gem 'faraday', '~> 1.10' +gem "faraday", "~> 1.10" -gemspec path: '../' +gemspec path: "../" diff --git a/gemfiles/f2.gemfile b/gemfiles/f2.gemfile index 7c3868df..44081f52 100644 --- a/gemfiles/f2.gemfile +++ b/gemfiles/f2.gemfile @@ -1,9 +1,9 @@ # frozen_string_literal: true -source 'https://rubygems.org/' +source "https://rubygems.org/" # See README.md in this directory -gem 'faraday', '~> 2.2' +gem "faraday", "~> 2.2" -gemspec path: '../' +gemspec path: "../" diff --git a/gemfiles/jruby_9.1.gemfile b/gemfiles/jruby_9.1.gemfile index fb2b9158..7573a1b5 100644 --- a/gemfiles/jruby_9.1.gemfile +++ b/gemfiles/jruby_9.1.gemfile @@ -1,5 +1,5 @@ # frozen_string_literal: true -source 'https://rubygems.org/' +source "https://rubygems.org/" -gemspec path: '../' +gemspec path: "../" diff --git a/gemfiles/jruby_9.2.gemfile b/gemfiles/jruby_9.2.gemfile index fb2b9158..7573a1b5 100644 --- a/gemfiles/jruby_9.2.gemfile +++ b/gemfiles/jruby_9.2.gemfile @@ -1,5 +1,5 @@ # frozen_string_literal: true -source 'https://rubygems.org/' +source "https://rubygems.org/" -gemspec path: '../' +gemspec path: "../" diff --git a/gemfiles/jruby_head.gemfile b/gemfiles/jruby_head.gemfile index fb2b9158..7573a1b5 100644 --- a/gemfiles/jruby_head.gemfile +++ b/gemfiles/jruby_head.gemfile @@ -1,5 +1,5 @@ # frozen_string_literal: true -source 'https://rubygems.org/' +source "https://rubygems.org/" -gemspec path: '../' +gemspec path: "../" diff --git a/gemfiles/modular/audit.gemfile b/gemfiles/modular/audit.gemfile new file mode 100644 index 00000000..e5cc9199 --- /dev/null +++ b/gemfiles/modular/audit.gemfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +# Many gems are dropping support for Ruby < 3, +# so we only want to run our security audit in CI on Ruby 3+ +gem "bundler-audit", "~> 0.9.2" diff --git a/gemfiles/modular/coverage.gemfile b/gemfiles/modular/coverage.gemfile new file mode 100644 index 00000000..5ef0c45a --- /dev/null +++ b/gemfiles/modular/coverage.gemfile @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +# We run code coverage on the latest version of Ruby only. + +# Coverage +gem "kettle-soup-cover", "~> 1.0", ">= 1.0.6", require: false diff --git a/gemfiles/modular/documentation.gemfile b/gemfiles/modular/documentation.gemfile new file mode 100644 index 00000000..fdfa2fba --- /dev/null +++ b/gemfiles/modular/documentation.gemfile @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +# Documentation +gem "github-markup", "~> 5.0", ">= 5.0.1" +gem "redcarpet", "~> 3.6" +gem "yard", "~> 0.9", ">= 0.9.37", require: false +gem "yard-junk", "~> 0.0", ">= 0.0.10", github: "pboling/yard-junk", branch: "next" + +# Std Lib extractions +gem "rdoc", "~> 6.11" diff --git a/gemfiles/modular/style.gemfile b/gemfiles/modular/style.gemfile new file mode 100644 index 00000000..8966ca93 --- /dev/null +++ b/gemfiles/modular/style.gemfile @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +# We run rubocop on the latest version of Ruby, +# but in support of the oldest supported version of Ruby + +gem "reek", "~> 6.4" +gem "rubocop", "~> 1.73", ">= 1.73.2" +# gem "rubocop-lts", "~> 0.1", ">= 0.1.1" # Linting for Ruby >= 1.8 +gem "rubocop-packaging", "~> 0.5", ">= 0.5.2" +gem "rubocop-rspec", "~> 3.2" +gem "standard", "~> 1.47" + +# Std Lib extractions +gem "benchmark", "~> 0.4" # Removed from Std Lib in Ruby 3.5 + +# gem "rubocop-lts", :path => "/home/pboling/src/rubocop-lts/rubocop-lts" +# gem "rubocop-lts-rspec", :path => "/home/pboling/src/rubocop-lts/rubocop-lts-rspec" +# gem "rubocop-ruby1_8", :path => "/home/pboling/src/rubocop-lts/rubocop-ruby1_8" +# gem "standard-rubocop-lts", :path => "/home/pboling/src/rubocop-lts/standard-rubocop-lts" diff --git a/gemfiles/omnibus.gemfile b/gemfiles/omnibus.gemfile new file mode 100644 index 00000000..553053f5 --- /dev/null +++ b/gemfiles/omnibus.gemfile @@ -0,0 +1,18 @@ +# This gemfile is used for GitLab CI, current ruby pipeline. +# This gemfile includes all dependencies necessary to run the naked `rake default` set of tasks + +source "https://rubygems.org/" + +git_source(:github) { |repo_name| "https://github.com/#{repo_name}" } +git_source(:gitlab) { |repo_name| "https://gitlab.com/#{repo_name}" } + +eval_gemfile "modular/audit.gemfile" +eval_gemfile "modular/coverage.gemfile" +eval_gemfile "modular/documentation.gemfile" +eval_gemfile "modular/style.gemfile" + +# Root Gemfile is only for local development. +# On CI, we only need the gemspec dependencies (including development dependencies). +# Exceptions, if any, will be found in gemfiles/*.gemfile + +gemspec path: "../" diff --git a/gemfiles/ruby_head.gemfile b/gemfiles/ruby_head.gemfile index fb2b9158..7573a1b5 100644 --- a/gemfiles/ruby_head.gemfile +++ b/gemfiles/ruby_head.gemfile @@ -1,5 +1,5 @@ # frozen_string_literal: true -source 'https://rubygems.org/' +source "https://rubygems.org/" -gemspec path: '../' +gemspec path: "../" diff --git a/gemfiles/truffleruby.gemfile b/gemfiles/truffleruby.gemfile index fb2b9158..7573a1b5 100644 --- a/gemfiles/truffleruby.gemfile +++ b/gemfiles/truffleruby.gemfile @@ -1,5 +1,5 @@ # frozen_string_literal: true -source 'https://rubygems.org/' +source "https://rubygems.org/" -gemspec path: '../' +gemspec path: "../" diff --git a/oauth2.gemspec b/oauth2.gemspec index e21d069e..67b8006f 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -1,7 +1,18 @@ # encoding: utf-8 # frozen_string_literal: true -require_relative 'lib/oauth2/version' +gem_version = + if RUBY_VERSION >= "3.1" + # Loading version into an anonymous module allows version.rb to get code coverage from SimpleCov! + # See: https://github.com/simplecov-ruby/simplecov/issues/557#issuecomment-2630782358 + Module.new.tap { |mod| Kernel.load("lib/oauth2/version.rb", mod) }::OAuth2::Version::VERSION + else + lib = File.expand_path("lib", __dir__) + $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) + require "oauth2/version" + OAuth2::Version::VERSION + end + Gem::Specification.new do |spec| # Linux distros may package ruby gems differently, @@ -28,9 +39,9 @@ Gem::Specification.new do |spec| spec.licenses = 'MIT' spec.name = 'oauth2' spec.required_ruby_version = '>= 2.2.0' - spec.version = OAuth2::Version::VERSION - spec.post_install_message = <<~POST -You have installed oauth2 version #{OAuth2::Version::VERSION}, congratulations! + spec.version = gem_version + spec.post_install_message = %{ +You have installed oauth2 version #{gem_version}, congratulations! There are BREAKING changes if you are upgrading from < v2, but most will not encounter them, and updating your code should be easy! Please see: @@ -63,7 +74,7 @@ If you are a corporation, please consider supporting this project, and open sour Please report issues, and star the project! Thanks, |7eter l-|. l3oling -POST +} spec.metadata['homepage_uri'] = spec.homepage spec.metadata['source_code_uri'] = "#{spec.homepage}/-/tree/v#{spec.version}" @@ -114,7 +125,6 @@ POST spec.add_development_dependency 'addressable', '>= 2' spec.add_development_dependency 'backports', '>= 3' spec.add_development_dependency 'nkf', '~> 0.2' - spec.add_development_dependency 'byebug', '~> 11' spec.add_development_dependency 'rake', '>= 12' spec.add_development_dependency 'rexml', '>= 3' spec.add_development_dependency 'rspec', '>= 3' diff --git a/spec/config/faraday.rb b/spec/config/faraday.rb index 2051ebb1..e9158898 100644 --- a/spec/config/faraday.rb +++ b/spec/config/faraday.rb @@ -1,3 +1,5 @@ # frozen_string_literal: true +require "faraday" + Faraday.default_adapter = :test diff --git a/spec/config/multi_xml.rb b/spec/config/multi_xml.rb index 2d788eb5..8d579c28 100644 --- a/spec/config/multi_xml.rb +++ b/spec/config/multi_xml.rb @@ -1,3 +1,5 @@ # frozen_string_literal: true +require "multi_xml" + MultiXml.parser = :rexml diff --git a/spec/config/rspec/rspec_core.rb b/spec/config/rspec/rspec_core.rb index 7ee40059..b960d8c0 100644 --- a/spec/config/rspec/rspec_core.rb +++ b/spec/config/rspec/rspec_core.rb @@ -2,7 +2,7 @@ RSpec.configure do |config| # Enable flags like --only-failures and --next-failure - config.example_status_persistence_file_path = '.rspec_status' + config.example_status_persistence_file_path = ".rspec_status" # Disable RSpec exposing methods globally on `Module` and `main` config.disable_monkey_patching! diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index a770c36d..4821f668 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,71 +1,37 @@ # frozen_string_literal: true # ensure test env -ENV['RACK_ENV'] = 'test' +ENV["RACK_ENV"] = "test" # Third Party Libraries -require 'rspec' -require 'rspec/stubbed_env' -require 'silent_stream' -require 'addressable/uri' -require 'rspec/pending_for' -require 'rspec/block_is_expected' +require "rspec/stubbed_env" +require "silent_stream" +require "addressable/uri" +require "rspec/pending_for" +require "rspec/block_is_expected" # Extensions -require 'ext/backports' - -DEBUG = ENV['DEBUG'] == 'true' - -ruby_version = Gem::Version.new(RUBY_VERSION) -minimum_version = ->(version, engine = 'ruby') { ruby_version >= Gem::Version.new(version) && RUBY_ENGINE == engine } -actual_version = lambda do |major, minor| - actual = Gem::Version.new(ruby_version) - major == actual.segments[0] && minor == actual.segments[1] && RUBY_ENGINE == 'ruby' -end -debugging = minimum_version.call('2.7') && DEBUG -RUN_COVERAGE = minimum_version.call('2.6') && (ENV['COVER_ALL'] || ENV['CI_CODECOV'] || ENV['CI'].nil?) -ALL_FORMATTERS = actual_version.call(2, 7) && (ENV['COVER_ALL'] || ENV['CI_CODECOV'] || ENV['CI']) - -if DEBUG - if debugging - require 'byebug' - elsif minimum_version.call('2.7', 'jruby') - require 'pry-debugger-jruby' - end -end - -if RUN_COVERAGE - require 'simplecov' # Config file `.simplecov` is run immediately when simplecov loads - require 'codecov' - require 'simplecov-json' - require 'simplecov-lcov' - require 'simplecov-cobertura' - # This will override the formatter set in .simplecov - if ALL_FORMATTERS - SimpleCov::Formatter::LcovFormatter.config do |c| - c.report_with_single_file = true - c.single_report_path = 'coverage/lcov.info' - end - - SimpleCov.formatters = [ - SimpleCov::Formatter::HTMLFormatter, - SimpleCov::Formatter::CoberturaFormatter, # XML for Jenkins - SimpleCov::Formatter::LcovFormatter, - SimpleCov::Formatter::JSONFormatter, # For CodeClimate - SimpleCov::Formatter::Codecov, # For CodeCov - ] - end -end - -# This gem -require 'oauth2' +require_relative "ext/backports" # Library Configs -require 'config/multi_xml' -require 'config/faraday' +require_relative "config/debug" +require_relative "config/multi_xml" +require_relative "config/faraday" +require_relative "config/constants" # RSpec Configs -require 'config/rspec/rspec_core' -require 'config/rspec/silent_stream' +require_relative "config/rspec/rspec_core" +require_relative "config/rspec/silent_stream" + +# NOTE: Gemfiles for older rubies won't have kettle-soup-cover. +# The rescue LoadError handles that scenario. +begin + require "kettle-soup-cover" + require "simplecov" if Kettle::Soup::Cover::DO_COV # `.simplecov` is run here! +rescue LoadError => error + # check the error message, if you are so inclined, and re-raise if not what is expected + raise error unless error.message.include?("kettle") +end -VERBS = %i[get post put delete patch].freeze +# This gem +require "oauth2" From d8ba9c90b627e058e5d7bc4b1507af1872afb608 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 05:51:37 +0700 Subject: [PATCH 264/645] =?UTF-8?q?=F0=9F=91=B7=20Don't=20attempt=20to=20u?= =?UTF-8?q?pdate=20rubygems=20on=20truffleruby=20/=20jruby?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/heads.yml | 4 ++-- .github/workflows/jruby-head.yml | 4 ++-- .github/workflows/style.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/heads.yml b/.github/workflows/heads.yml index 9bd8f0ae..3292009a 100644 --- a/.github/workflows/heads.yml +++ b/.github/workflows/heads.yml @@ -36,9 +36,9 @@ jobs: - f1 - f2 rubygems: - - latest + - default bundler: - - latest + - default ruby: - truffleruby+graalvm-head - truffleruby-head diff --git a/.github/workflows/jruby-head.yml b/.github/workflows/jruby-head.yml index 8c3960d4..9c0498d9 100644 --- a/.github/workflows/jruby-head.yml +++ b/.github/workflows/jruby-head.yml @@ -37,9 +37,9 @@ jobs: - f1 - f2 rubygems: - - latest + - default bundler: - - latest + - default ruby: - jruby-head include: diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml index d27761a7..edb198fd 100644 --- a/.github/workflows/style.yml +++ b/.github/workflows/style.yml @@ -26,7 +26,7 @@ jobs: bundler: - latest ruby: - - "2.7" + - ruby runs-on: ubuntu-latest steps: - name: Checkout From 1680fdae50f2e979e2b5d0642863797ad4a6dc3c Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 05:52:05 +0700 Subject: [PATCH 265/645] =?UTF-8?q?=F0=9F=91=B7=20More=20spec=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- spec/config/constants.rb | 1 + spec/config/debug.rb | 5 +++++ 2 files changed, 6 insertions(+) create mode 100644 spec/config/constants.rb create mode 100644 spec/config/debug.rb diff --git a/spec/config/constants.rb b/spec/config/constants.rb new file mode 100644 index 00000000..0c1b205b --- /dev/null +++ b/spec/config/constants.rb @@ -0,0 +1 @@ +VERBS = %i[get post put delete patch].freeze diff --git a/spec/config/debug.rb b/spec/config/debug.rb new file mode 100644 index 00000000..82591a95 --- /dev/null +++ b/spec/config/debug.rb @@ -0,0 +1,5 @@ +load_debugger = ENV.fetch("https://github.com/DEBUG", "false").casecmp("true") == 0 + +puts "LOADING DEBUGGER: #{load_debugger}" if load_debugger + +require "debug" if load_debugger \ No newline at end of file From 5ef62857bb8c734f924658e4cfee0ef209f4dd97 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 05:52:26 +0700 Subject: [PATCH 266/645] =?UTF-8?q?=F0=9F=91=B7=20Spec=20fixes=20and=20lin?= =?UTF-8?q?ting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitlab-ci.yml | 39 +- .rspec | 2 +- spec/examples/google_spec.rb | 64 +- spec/ext/backports.rb | 2 +- spec/oauth2/access_token_spec.rb | 464 +++++------ spec/oauth2/authenticator_spec.rb | 129 ++-- spec/oauth2/client_spec.rb | 719 +++++++++--------- spec/oauth2/error_spec.rb | 452 +++++------ spec/oauth2/response_spec.rb | 311 ++++---- spec/oauth2/strategy/assertion_spec.rb | 174 ++--- spec/oauth2/strategy/auth_code_spec.rb | 124 +-- spec/oauth2/strategy/base_spec.rb | 4 +- .../strategy/client_credentials_spec.rb | 68 +- spec/oauth2/strategy/implicit_spec.rb | 32 +- spec/oauth2/strategy/password_spec.rb | 32 +- spec/oauth2/version_spec.rb | 20 +- spec/oauth2_spec.rb | 6 +- 17 files changed, 1364 insertions(+), 1278 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 20aa732c..b864d3c4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,20 @@ default: image: ruby:3.2 +variables: + BUNDLE_INSTALL_FLAGS: "--quiet --jobs=$(nproc) --retry=3" + BUNDLE_FROZEN: "false" # No lockfile! + BUNDLE_GEMFILE: gemfiles/omnibus.gemfile + K_SOUP_COV_DEBUG: true + K_SOUP_COV_DO: true + K_SOUP_COV_HARD: true + K_SOUP_COV_MIN_BRANCH: 46 + K_SOUP_COV_MIN_LINE: 93 + K_SOUP_COV_VERBOSE: true + K_SOUP_COV_FORMATTERS: "html,xml,rcov,lcov,json,tty" + K_SOUP_COV_MULTI_FORMATTERS: true + K_SOUP_COV_COMMAND_NAME: "RSpec Coverage" + workflow: rules: # For merge requests, create a pipeline. @@ -16,7 +30,20 @@ workflow: script: - gem update --system > /dev/null 2>&1 - bundle config --local path vendor - - bundle install --quiet --jobs 4 --retry 3 + - bundle install + - bundle exec rake test + cache: + key: ${CI_JOB_IMAGE} + paths: + - vendor/ruby + +.test_template-eol: &test_definition-eol + image: ruby:${RUBY_VERSION} + stage: test + script: + - gem update --system > /dev/null 2>&1 + - bundle config --local path vendor + - bundle install - bundle exec rake test cache: key: ${CI_JOB_IMAGE} @@ -32,7 +59,7 @@ workflow: # Actually updates both RubyGems and Bundler! - update_rubygems > /dev/null 2>&1 - bundle config --local path vendor - - bundle install --quiet --jobs 4 --retry 3 + - bundle install - bundle exec rake test cache: key: ${CI_JOB_IMAGE} @@ -43,7 +70,13 @@ ruby-current: <<: *test_definition-current parallel: matrix: - - RUBY_VERSION: ["3.0", "3.1", "3.2"] + - RUBY_VERSION: ["3.1", "3.2", "3.3", "3.4"] + +ruby-eol: + <<: *test_definition-eol + parallel: + matrix: + - RUBY_VERSION: ["3.0"] ruby-legacy: <<: *test_definition-legacy diff --git a/.rspec b/.rspec index 2db90875..6c6110e5 100644 --- a/.rspec +++ b/.rspec @@ -1,4 +1,4 @@ --format documentation ---require spec_helper --color +--require spec_helper --order random diff --git a/spec/examples/google_spec.rb b/spec/examples/google_spec.rb index cf1aa7ee..425abb07 100644 --- a/spec/examples/google_spec.rb +++ b/spec/examples/google_spec.rb @@ -1,20 +1,20 @@ # frozen_string_literal: true -require 'jwt' +require "jwt" -RSpec.describe 'using OAuth2 with Google' do +RSpec.describe "using OAuth2 with Google" do # This describes authenticating to a Google API via a service account. # See their docs: https://developers.google.com/identity/protocols/OAuth2ServiceAccount - describe 'via 2-legged JWT assertion' do + describe "via 2-legged JWT assertion" do let(:client) do OAuth2::Client.new( - '', - '', - site: 'https://accounts.google.com/', - authorize_url: '/o/oauth2/auth', - token_url: '/o/oauth2/token', - auth_scheme: :request_body + "", + "", + site: "https://accounts.google.com/", + authorize_url: "/o/oauth2/auth", + token_url: "/o/oauth2/token", + auth_scheme: :request_body, ) end @@ -22,38 +22,38 @@ let(:required_claims) do { - 'iss' => '761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com', + "iss" => "761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com", # The email address of the service account. - 'scope' => 'https://www.googleapis.com/auth/devstorage.readonly%20https://www.googleapis.com/auth/prediction', + "scope" => "https://www.googleapis.com/auth/devstorage.readonly%20https://www.googleapis.com/auth/prediction", # A space-delimited list of the permissions that the application requests. - 'aud' => 'https://www.googleapis.com/oauth2/v4/token', + "aud" => "https://www.googleapis.com/oauth2/v4/token", # A descriptor of the intended target of the assertion. When making an access token request this value # is always https://www.googleapis.com/oauth2/v4/token. - 'exp' => Time.now.to_i + 3600, + "exp" => Time.now.to_i + 3600, # The expiration time of the assertion, specified as seconds since 00:00:00 UTC, January 1, 1970. This value # has a maximum of 1 hour after the issued time. - 'iat' => Time.now.to_i, + "iat" => Time.now.to_i, # The time the assertion was issued, specified as seconds since 00:00:00 UTC, January 1, 1970. } end let(:optional_claims) do { - 'sub' => 'some.user@example.com', + "sub" => "some.user@example.com", # The email address of the user for which the application is requesting delegated access. } end - let(:algorithm) { 'RS256' } + let(:algorithm) { "RS256" } # Per Google: "Service accounts rely on the RSA SHA-256 algorithm" let(:key) do begin - OpenSSL::PKCS12.new(File.read('spec/fixtures/google_service_account_key.p12'), 'notasecret').key + OpenSSL::PKCS12.new(File.read("spec/fixtures/google_service_account_key.p12"), "notasecret").key # This simulates the .p12 file that Google gives you to download and keep somewhere. This is meant to # illustrate extracting the key and using it to generate the JWT. rescue OpenSSL::PKCS12::PKCS12Error @@ -73,20 +73,20 @@ client.connection = Faraday.new(client.site, client.options[:connection_opts]) do |builder| builder.request :url_encoded builder.adapter :test do |stub| - stub.post('https://accounts.google.com/o/oauth2/token') do |token_request| + stub.post("https://accounts.google.com/o/oauth2/token") do |token_request| @request_body = Rack::Utils.parse_nested_query(token_request.body).transform_keys(&:to_sym) [ 200, { - 'Content-Type' => 'application/json', + "Content-Type" => "application/json", }, { - 'access_token' => '1/8xbJqaOZXSUZbHLl5EOtu1pxz3fmmetKx9W8CV4t79M', - 'token_type' => 'Bearer', - 'expires_in' => 3600, + "access_token" => "1/8xbJqaOZXSUZbHLl5EOtu1pxz3fmmetKx9W8CV4t79M", + "token_type" => "Bearer", + "expires_in" => 3600, }.to_json, ] end @@ -94,18 +94,18 @@ end end - context 'when passing the required claims' do + context "when passing the required claims" do let(:claims) { required_claims } - it 'sends a JWT with the 5 keys' do + it "sends a JWT with the 5 keys" do client.assertion.get_token(claims, encoding_options) - expect(@request_body).not_to be_nil, 'No access token request was made!' - expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') + expect(@request_body).not_to be_nil, "No access token request was made!" + expect(@request_body[:grant_type]).to eq("urn:ietf:params:oauth:grant-type:jwt-bearer") expect(@request_body[:assertion]).to be_a(String) payload, header = JWT.decode(@request_body[:assertion], key, true, algorithm: algorithm) - expect(header['alg']).to eq('RS256') + expect(header["alg"]).to eq("RS256") expect(payload.keys).to match_array(%w[iss scope aud exp iat]) # Note that these specifically do _not_ include the 'sub' claim, which is indicated as being 'required' @@ -118,18 +118,18 @@ end end - context 'when including the optional `sub` claim' do + context "when including the optional `sub` claim" do let(:claims) { required_claims.merge(optional_claims) } - it 'sends a JWT with the 6 keys' do + it "sends a JWT with the 6 keys" do client.assertion.get_token(claims, encoding_options) - expect(@request_body).not_to be_nil, 'No access token request was made!' - expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') + expect(@request_body).not_to be_nil, "No access token request was made!" + expect(@request_body[:grant_type]).to eq("urn:ietf:params:oauth:grant-type:jwt-bearer") expect(@request_body[:assertion]).to be_a(String) payload, header = JWT.decode(@request_body[:assertion], key, true, algorithm: algorithm) - expect(header['alg']).to eq('RS256') + expect(header["alg"]).to eq("RS256") expect(payload.keys).to match_array(%w[iss scope aud exp iat sub]) payload.each do |key, value| diff --git a/spec/ext/backports.rb b/spec/ext/backports.rb index 5811858b..21f76e1c 100644 --- a/spec/ext/backports.rb +++ b/spec/ext/backports.rb @@ -1,3 +1,3 @@ # frozen_string_literal: true -require 'backports/2.5.0/hash/transform_keys' +require "backports/2.5.0/hash/transform_keys" diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index ae828fa2..ba662a09 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -3,57 +3,57 @@ RSpec.describe OAuth2::AccessToken do subject { described_class.new(client, token) } - let(:base_options) { {site: 'https://api.example.com/'} } + let(:base_options) { {site: "https://api.example.com/"} } let(:options) { {} } - let(:token) { 'monkey' } - let(:refresh_body) { JSON.dump(access_token: 'refreshed_foo', expires_in: 600, refresh_token: 'refresh_bar') } + let(:token) { "monkey" } + let(:refresh_body) { JSON.dump(access_token: "refreshed_foo", expires_in: 600, refresh_token: "refresh_bar") } let(:client) do - OAuth2::Client.new('abc', 'def', options.merge(base_options)) do |builder| + OAuth2::Client.new("abc", "def", options.merge(base_options)) do |builder| builder.request :url_encoded builder.adapter :test do |stub| VERBS.each do |verb| - stub.send(verb, '/token/header') { |env| [200, {}, env[:request_headers]['Authorization']] } - stub.send(verb, "/token/query?access_token=#{token}") { |env| [200, {}, Addressable::URI.parse(env[:url]).query_values['access_token']] } - stub.send(verb, '/token/query_string') { |env| [200, {}, CGI.unescape(Addressable::URI.parse(env[:url]).query)] } - stub.send(verb, '/token/body') { |env| [200, {}, env[:body]] } + stub.send(verb, "/token/header") { |env| [200, {}, env[:request_headers]["Authorization"]] } + stub.send(verb, "/token/query?access_token=#{token}") { |env| [200, {}, Addressable::URI.parse(env[:url]).query_values["access_token"]] } + stub.send(verb, "/token/query_string") { |env| [200, {}, CGI.unescape(Addressable::URI.parse(env[:url]).query)] } + stub.send(verb, "/token/body") { |env| [200, {}, env[:body]] } end - stub.post('/oauth/token') { |_env| [200, {'Content-Type' => 'application/json'}, refresh_body] } + stub.post("/oauth/token") { |_env| [200, {"Content-Type" => "application/json"}, refresh_body] } end end end - describe '.from_hash' do + describe ".from_hash" do subject(:target) { described_class.from_hash(client, hash) } let(:hash) do { :access_token => token, - :id_token => 'confusing bug here', - :refresh_token => 'foobar', + :id_token => "confusing bug here", + :refresh_token => "foobar", :expires_at => Time.now.to_i + 200, - 'foo' => 'bar', + "foo" => "bar", } end - it 'return a hash equals to the hash used to initialize access token' do + it "return a hash equals to the hash used to initialize access token" do expect(target.to_hash).to eq(hash) end - context 'with warning for too many tokens' do + context "with warning for too many tokens" do subject(:printed) do capture(:stderr) do target end end - it 'warns on STDERR' do + it "warns on STDERR" do msg = <<-MSG.lstrip OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key ([:access_token, :id_token]); using :access_token. MSG expect(printed).to eq(msg) end - context 'when silenced' do + context "when silenced" do subject(:printed) do capture(:stderr) do target @@ -72,13 +72,13 @@ end end - it 'does not warn on STDERR' do - expect(printed).to eq('') + it "does not warn on STDERR" do + expect(printed).to eq("") end end end - context 'with keys in a different order to the lookup' do + context "with keys in a different order to the lookup" do subject(:printed) do capture(:stderr) do target @@ -87,12 +87,12 @@ let(:hash) do { - id_token: 'confusing bug here', + id_token: "confusing bug here", access_token: token, } end - it 'warns on STDERR and selects the correct key' do + it "warns on STDERR and selects the correct key" do msg = <<-MSG.lstrip OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key ([:access_token, :id_token]); using :access_token. MSG @@ -101,96 +101,96 @@ end end - describe '#initialize' do - it 'assigns client and token' do + describe "#initialize" do + it "assigns client and token" do expect(subject.client).to eq(client) expect(subject.token).to eq(token) end - it 'assigns extra params' do - target = described_class.new(client, token, 'foo' => 'bar') - expect(target.params).to include('foo') - expect(target.params['foo']).to eq('bar') + it "assigns extra params" do + target = described_class.new(client, token, "foo" => "bar") + expect(target.params).to include("foo") + expect(target.params["foo"]).to eq("bar") end def assert_initialized_token(target) expect(target.token).to eq(token) expect(target).to be_expires - expect(target.params.keys).to include('foo') - expect(target.params['foo']).to eq('bar') + expect(target.params.keys).to include("foo") + expect(target.params["foo"]).to eq("bar") end - it 'initializes with a Hash' do - hash = {:access_token => token, :expires_at => Time.now.to_i + 200, 'foo' => 'bar'} + it "initializes with a Hash" do + hash = {:access_token => token, :expires_at => Time.now.to_i + 200, "foo" => "bar"} target = described_class.from_hash(client, hash) assert_initialized_token(target) end - it 'from_hash does not modify opts hash' do + it "from_hash does not modify opts hash" do hash = {access_token: token, expires_at: Time.now.to_i} hash_before = hash.dup described_class.from_hash(client, hash) expect(hash).to eq(hash_before) end - it 'initializes with a form-urlencoded key/value string' do + it "initializes with a form-urlencoded key/value string" do kvform = "access_token=#{token}&expires_at=#{Time.now.to_i + 200}&foo=bar" target = described_class.from_kvform(client, kvform) assert_initialized_token(target) end - context 'with options' do + context "with options" do subject(:target) { described_class.new(client, token, **options) } - context 'with body mode' do + context "with body mode" do let(:mode) { :body } - let(:options) { {param_name: 'foo', header_format: 'Bearer %', mode: mode} } + let(:options) { {param_name: "foo", header_format: "Bearer %", mode: mode} } - it 'sets options' do - expect(target.options[:param_name]).to eq('foo') - expect(target.options[:header_format]).to eq('Bearer %') + it "sets options" do + expect(target.options[:param_name]).to eq("foo") + expect(target.options[:header_format]).to eq("Bearer %") expect(target.options[:mode]).to eq(mode) end end - context 'with header mode' do + context "with header mode" do let(:mode) { :header } let(:options) { {headers: {}, mode: mode} } - it 'sets options' do + it "sets options" do expect(target.options[:headers]).to be_nil expect(target.options[:mode]).to eq(mode) end end - context 'with query mode' do + context "with query mode" do let(:mode) { :query } - let(:options) { {params: {}, param_name: 'foo', mode: mode} } + let(:options) { {params: {}, param_name: "foo", mode: mode} } - it 'sets options' do - expect(target.options[:param_name]).to eq('foo') + it "sets options" do + expect(target.options[:param_name]).to eq("foo") expect(target.options[:params]).to be_nil expect(target.options[:mode]).to eq(mode) end end - context 'with invalid mode' do + context "with invalid mode" do let(:mode) { :this_is_bad } let(:options) { {mode: mode} } - it 'does not raise on initialize' do + it "does not raise on initialize" do block_is_expected.not_to raise_error end - context 'with request' do - subject(:request) { target.post('/token/header') } + context "with request" do + subject(:request) { target.post("/token/header") } - it 'raises' do + it "raises" do block_is_expected.to raise_error("invalid :mode option of #{mode}") end end - context 'with client.options[:raise_errors] = true' do + context "with client.options[:raise_errors] = true" do let(:mode) { :this_is_bad } let(:options) { {mode: mode, raise_errors: true} } @@ -198,101 +198,101 @@ def assert_initialized_token(target) expect(client.options[:raise_errors]).to be(true) end - context 'when there is a token' do - it 'does not raise on initialize' do + context "when there is a token" do + it "does not raise on initialize" do block_is_expected.not_to raise_error end - context 'with request' do - subject(:request) { target.post('/token/header') } + context "with request" do + subject(:request) { target.post("/token/header") } - it 'raises' do + it "raises" do block_is_expected.to raise_error("invalid :mode option of #{mode}") end end end - context 'when there is empty token' do - let(:token) { '' } + context "when there is empty token" do + let(:token) { "" } - it 'raises on initialize' do - block_is_expected.to raise_error(OAuth2::Error, '{:mode=>:this_is_bad, :raise_errors=>true}') + it "raises on initialize" do + block_is_expected.to raise_error(OAuth2::Error, {:mode=>:this_is_bad, :raise_errors=>true}.to_s) end end - context 'when there is nil token' do + context "when there is nil token" do let(:token) { nil } - it 'raises on initialize' do - block_is_expected.to raise_error(OAuth2::Error, '{:mode=>:this_is_bad, :raise_errors=>true}') + it "raises on initialize" do + block_is_expected.to raise_error(OAuth2::Error, {:mode=>:this_is_bad, :raise_errors=>true}.to_s) end end end end - context 'with client.options[:raise_errors] = false' do + context "with client.options[:raise_errors] = false" do let(:options) { {raise_errors: false} } before do expect(client.options[:raise_errors]).to be(false) end - context 'when there is a token' do - let(:token) { 'hurdygurdy' } + context "when there is a token" do + let(:token) { "hurdygurdy" } - it 'does not raise on initialize' do + it "does not raise on initialize" do block_is_expected.not_to raise_error end - it 'has token' do + it "has token" do expect(target.token).to eq(token) end - it 'has no refresh_token' do + it "has no refresh_token" do expect(target.refresh_token).to be_nil end - context 'when there is refresh_token' do - let(:options) { {raise_errors: false, refresh_token: 'zxcv'} } + context "when there is refresh_token" do + let(:options) { {raise_errors: false, refresh_token: "zxcv"} } - it 'does not raise on initialize' do + it "does not raise on initialize" do block_is_expected.not_to raise_error end - it 'has token' do + it "has token" do expect(target.token).to eq(token) end - it 'has refresh_token' do - expect(target.refresh_token).to eq('zxcv') + it "has refresh_token" do + expect(target.refresh_token).to eq("zxcv") end end end - context 'when there is empty token' do - let(:token) { '' } + context "when there is empty token" do + let(:token) { "" } - context 'when there is no refresh_token' do - it 'does not raise on initialize' do + context "when there is no refresh_token" do + it "does not raise on initialize" do block_is_expected.not_to raise_error end - it 'has no token' do - expect(target.token).to eq('') + it "has no token" do + expect(target.token).to eq("") end - it 'has no refresh_token' do + it "has no refresh_token" do expect(target.refresh_token).to be_nil end - context 'with warning for no token' do + context "with warning for no token" do subject(:printed) do capture(:stderr) do target end end - it 'warns on STDERR' do + it "warns on STDERR" do msg = <<-MSG.lstrip OAuth2::AccessToken has no token MSG @@ -301,47 +301,47 @@ def assert_initialized_token(target) end end - context 'when there is refresh_token' do - let(:options) { {raise_errors: false, refresh_token: 'qwer'} } + context "when there is refresh_token" do + let(:options) { {raise_errors: false, refresh_token: "qwer"} } - it 'does not raise on initialize' do + it "does not raise on initialize" do block_is_expected.not_to raise_error end - it 'has no token' do - expect(target.token).to eq('') + it "has no token" do + expect(target.token).to eq("") end - it 'has refresh_token' do - expect(target.refresh_token).to eq('qwer') + it "has refresh_token" do + expect(target.refresh_token).to eq("qwer") end end end - context 'when there is nil token' do + context "when there is nil token" do let(:token) { nil } - context 'when there is no refresh_token' do - it 'does not raise on initialize' do + context "when there is no refresh_token" do + it "does not raise on initialize" do block_is_expected.not_to raise_error end - it 'has no token' do - expect(target.token).to eq('') + it "has no token" do + expect(target.token).to eq("") end - it 'has no refresh_token' do + it "has no refresh_token" do expect(target.refresh_token).to be_nil end - context 'with warning for no token' do + context "with warning for no token" do subject(:printed) do capture(:stderr) do target end end - it 'warns on STDERR' do + it "warns on STDERR" do msg = <<-MSG.lstrip OAuth2::AccessToken has no token MSG @@ -350,154 +350,154 @@ def assert_initialized_token(target) end end - context 'when there is refresh_token' do - let(:options) { {raise_errors: false, refresh_token: 'asdf'} } + context "when there is refresh_token" do + let(:options) { {raise_errors: false, refresh_token: "asdf"} } - it 'does not raise on initialize' do + it "does not raise on initialize" do block_is_expected.not_to raise_error end - it 'has no token' do - expect(target.token).to eq('') + it "has no token" do + expect(target.token).to eq("") end - it 'has refresh_token' do - expect(target.refresh_token).to eq('asdf') + it "has refresh_token" do + expect(target.refresh_token).to eq("asdf") end end end end - context 'with client.options[:raise_errors] = true' do + context "with client.options[:raise_errors] = true" do let(:options) { {raise_errors: true} } before do expect(client.options[:raise_errors]).to be(true) end - context 'when there is a token' do - let(:token) { 'hurdygurdy' } + context "when there is a token" do + let(:token) { "hurdygurdy" } - it 'does not raise on initialize' do + it "does not raise on initialize" do block_is_expected.not_to raise_error end - it 'has token' do + it "has token" do expect(target.token).to eq(token) end - it 'has no refresh_token' do + it "has no refresh_token" do expect(target.refresh_token).to be_nil end - context 'when there is refresh_token' do - let(:options) { {raise_errors: true, refresh_token: 'zxcv'} } + context "when there is refresh_token" do + let(:options) { {raise_errors: true, refresh_token: "zxcv"} } - it 'does not raise on initialize' do + it "does not raise on initialize" do block_is_expected.not_to raise_error end - it 'has token' do + it "has token" do expect(target.token).to eq(token) end - it 'has refresh_token' do - expect(target.refresh_token).to eq('zxcv') + it "has refresh_token" do + expect(target.refresh_token).to eq("zxcv") end end end - context 'when there is empty token' do - let(:token) { '' } + context "when there is empty token" do + let(:token) { "" } - context 'when there is no refresh_token' do - it 'raises on initialize' do - block_is_expected.to raise_error(OAuth2::Error, '{:raise_errors=>true}') + context "when there is no refresh_token" do + it "raises on initialize" do + block_is_expected.to raise_error(OAuth2::Error, {:raise_errors=>true}.to_s) end end - context 'when there is refresh_token' do - let(:options) { {raise_errors: true, refresh_token: 'qwer'} } + context "when there is refresh_token" do + let(:options) { {raise_errors: true, refresh_token: "qwer"} } - it 'does not raise on initialize' do + it "does not raise on initialize" do block_is_expected.not_to raise_error end - it 'has no token' do - expect(target.token).to eq('') + it "has no token" do + expect(target.token).to eq("") end - it 'has refresh_token' do - expect(target.refresh_token).to eq('qwer') + it "has refresh_token" do + expect(target.refresh_token).to eq("qwer") end end end - context 'when there is nil token' do + context "when there is nil token" do let(:token) { nil } - context 'when there is no refresh_token' do - it 'raises on initialize' do - block_is_expected.to raise_error(OAuth2::Error, '{:raise_errors=>true}') + context "when there is no refresh_token" do + it "raises on initialize" do + block_is_expected.to raise_error(OAuth2::Error, {:raise_errors=>true}.to_s) end end - context 'when there is refresh_token' do - let(:options) { {raise_errors: true, refresh_token: 'asdf'} } + context "when there is refresh_token" do + let(:options) { {raise_errors: true, refresh_token: "asdf"} } - it 'does not raise on initialize' do + it "does not raise on initialize" do block_is_expected.not_to raise_error end - it 'has no token' do - expect(target.token).to eq('') + it "has no token" do + expect(target.token).to eq("") end - it 'has refresh_token' do - expect(target.refresh_token).to eq('asdf') + it "has refresh_token" do + expect(target.refresh_token).to eq("asdf") end end end end end - it 'does not modify opts hash' do - opts = {param_name: 'foo', header_format: 'Bearer %', mode: :body} + it "does not modify opts hash" do + opts = {param_name: "foo", header_format: "Bearer %", mode: :body} opts_before = opts.dup described_class.new(client, token, opts) expect(opts).to eq(opts_before) end - describe 'expires_at' do + describe "expires_at" do let(:expires_at) { 1_361_396_829 } let(:hash) do { :access_token => token, :expires_at => expires_at.to_s, - 'foo' => 'bar', + "foo" => "bar", } end - it 'initializes with an integer timestamp expires_at' do + it "initializes with an integer timestamp expires_at" do target = described_class.from_hash(client, hash.merge(expires_at: expires_at)) assert_initialized_token(target) expect(target.expires_at).to eql(expires_at) end - it 'initializes with a string timestamp expires_at' do + it "initializes with a string timestamp expires_at" do target = described_class.from_hash(client, hash) assert_initialized_token(target) expect(target.expires_at).to eql(expires_at) end - it 'initializes with a string time expires_at' do + it "initializes with a string time expires_at" do target = described_class.from_hash(client, hash.merge(expires_at: Time.at(expires_at).iso8601)) assert_initialized_token(target) expect(target.expires_at).to eql(expires_at) end end - describe 'expires_latency' do + describe "expires_latency" do let(:expires_at) { 1_530_000_000 } let(:expires_in) { 100 } let(:expires_latency) { 10 } @@ -509,224 +509,232 @@ def assert_initialized_token(target) } end - it 'sets it via options' do + it "sets it via options" do target = described_class.from_hash(client, hash.merge(expires_latency: expires_latency.to_s)) expect(target.expires_latency).to eq expires_latency end - it 'sets it nil by default' do + it "sets it nil by default" do hash.delete(:expires_latency) target = described_class.from_hash(client, hash) expect(target.expires_latency).to be_nil end - it 'reduces expires_at by the given amount' do + it "reduces expires_at by the given amount" do allow(Time).to receive(:now).and_return(expires_at) target = described_class.from_hash(client, hash) expect(target.expires_at).to eq(expires_at + expires_in - expires_latency) end - it 'reduces expires_at by the given amount if expires_at is provided as option' do + it "reduces expires_at by the given amount if expires_at is provided as option" do target = described_class.from_hash(client, hash.merge(expires_at: expires_at)) expect(target.expires_at).to eq(expires_at - expires_latency) end end end - describe '#request' do - context 'with :mode => :header' do + describe "#request" do + context "with :mode => :header" do before do subject.options[:mode] = :header end VERBS.each do |verb| it "sends the token in the Authorization header for a #{verb.to_s.upcase} request" do - expect(subject.post('/token/header').body).to include(token) + expect(subject.post("/token/header").body).to include(token) end end end - context 'with :mode => :query' do + context "with :mode => :query" do before do subject.options[:mode] = :query end VERBS.each do |verb| it "sends the token in the body for a #{verb.to_s.upcase} request" do - expect(subject.post('/token/query').body).to eq(token) + expect(subject.post("/token/query").body).to eq(token) end it "sends a #{verb.to_s.upcase} request and options[:param_name] include [number]." do - subject.options[:param_name] = 'auth[1]' - expect(subject.__send__(verb, '/token/query_string').body).to include("auth[1]=#{token}") + subject.options[:param_name] = "auth[1]" + expect(subject.__send__(verb, "/token/query_string").body).to include("auth[1]=#{token}") end end end - context 'with :mode => :body' do + context "with :mode => :body" do before do subject.options[:mode] = :body end VERBS.each do |verb| it "sends the token in the body for a #{verb.to_s.upcase} request" do - expect(subject.post('/token/body').body.split('=').last).to eq(token) + expect(subject.post("/token/body").body.split("=").last).to eq(token) end - context 'when options[:param_name] include [number]' do + context "when options[:param_name] include [number]" do it "sends a #{verb.to_s.upcase} request when body is a hash" do - subject.options[:param_name] = 'auth[1]' - expect(subject.__send__(verb, '/token/body', body: {hi: 'there'}).body).to include("auth%5B1%5D=#{token}") + subject.options[:param_name] = "auth[1]" + expect(subject.__send__(verb, "/token/body", body: {hi: "there"}).body).to include("auth%5B1%5D=#{token}") end it "sends a #{verb.to_s.upcase} request when body is overridden as string" do - subject.options[:param_name] = 'snoo[1]' - expect(subject.__send__(verb, '/token/body', body: 'hi_there').body).to include("hi_there&snoo[1]=#{token}") + subject.options[:param_name] = "snoo[1]" + expect(subject.__send__(verb, "/token/body", body: "hi_there").body).to include("hi_there&snoo[1]=#{token}") end end end end - context 'params include [number]' do + context "params include [number]" do VERBS.each do |verb| it "sends #{verb.to_s.upcase} correct query" do - expect(subject.__send__(verb, '/token/query_string', params: {'foo[bar][1]' => 'val'}).body).to include('foo[bar][1]=val') + expect(subject.__send__(verb, "/token/query_string", params: {"foo[bar][1]" => "val"}).body).to include("foo[bar][1]=val") end end end end - describe '#expires?' do - it 'is false if there is no expires_at' do + describe "#expires?" do + it "is false if there is no expires_at" do expect(described_class.new(client, token)).not_to be_expires end - it 'is true if there is an expires_in' do - expect(described_class.new(client, token, refresh_token: 'abaca', expires_in: 600)).to be_expires + it "is true if there is an expires_in" do + expect(described_class.new(client, token, refresh_token: "abaca", expires_in: 600)).to be_expires end - it 'is true if there is an expires_at' do - expect(described_class.new(client, token, refresh_token: 'abaca', expires_in: Time.now.getutc.to_i + 600)).to be_expires + it "is true if there is an expires_at" do + expect(described_class.new(client, token, refresh_token: "abaca", expires_in: Time.now.getutc.to_i + 600)).to be_expires end end - describe '#expired?' do - it 'is false if there is no expires_in or expires_at' do + describe "#expired?" do + it "is false if there is no expires_in or expires_at" do expect(described_class.new(client, token)).not_to be_expired end - it 'is false if expires_in is 0 (token is permanent)' do - expect(described_class.new(client, token, refresh_token: 'abaca', expires_in: 0)).not_to be_expired + it "is false if expires_in is 0 (token is permanent)" do + expect(described_class.new(client, token, refresh_token: "abaca", expires_in: 0)).not_to be_expired end - it 'is false if expires_in is in the future' do - expect(described_class.new(client, token, refresh_token: 'abaca', expires_in: 10_800)).not_to be_expired + it "is false if expires_in is in the future" do + expect(described_class.new(client, token, refresh_token: "abaca", expires_in: 10_800)).not_to be_expired end - it 'is true if expires_at is in the past' do - access = described_class.new(client, token, refresh_token: 'abaca', expires_in: 600) + it "is true if expires_at is in the past" do + access = described_class.new(client, token, refresh_token: "abaca", expires_in: 600) @now = Time.now + 10_800 allow(Time).to receive(:now).and_return(@now) expect(access).to be_expired end - it 'is true if expires_at is now' do + it "is true if expires_at is now" do @now = Time.now - access = described_class.new(client, token, refresh_token: 'abaca', expires_at: @now.to_i) + access = described_class.new(client, token, refresh_token: "abaca", expires_at: @now.to_i) allow(Time).to receive(:now).and_return(@now) expect(access).to be_expired end end - describe '#refresh' do + describe "#refresh" do let(:options) { {access_token_class: access_token_class} } let(:access_token_class) { NewAccessToken } let(:access) do - described_class.new(client, token, refresh_token: 'abaca', - expires_in: 600, - param_name: 'o_param', - access_token_class: access_token_class) + described_class.new( + client, + token, + refresh_token: "abaca", + expires_in: 600, + param_name: "o_param", + access_token_class: access_token_class, + ) end let(:new_access) do - NewAccessToken.new(client, token, refresh_token: 'abaca') + NewAccessToken.new(client, token, refresh_token: "abaca") end before do custom_class = Class.new(described_class) do def self.from_hash(client, hash) - new(client, hash.delete('access_token'), hash) + new(client, hash.delete("access_token"), hash) end def self.contains_token?(hash) - hash.key?('refresh_token') + hash.key?("refresh_token") end end - stub_const('NewAccessToken', custom_class) + stub_const("NewAccessToken", custom_class) end - context 'without refresh_token' do + context "without refresh_token" do subject(:no_refresh) { no_access.refresh } let(:no_access) do - described_class.new(client, token, refresh_token: nil, - expires_in: 600, - param_name: 'o_param', - access_token_class: access_token_class) + described_class.new( + client, + token, + refresh_token: nil, + expires_in: 600, + param_name: "o_param", + access_token_class: access_token_class, + ) end - it 'raises when no refresh_token' do - block_is_expected.to raise_error('A refresh_token is not available') + it "raises when no refresh_token" do + block_is_expected.to raise_error("A refresh_token is not available") end end - it 'returns a refresh token with appropriate values carried over' do + it "returns a refresh token with appropriate values carried over" do refreshed = access.refresh expect(access.client).to eq(refreshed.client) expect(access.options[:param_name]).to eq(refreshed.options[:param_name]) end - it 'returns a refresh token of the same access token class' do + it "returns a refresh token of the same access token class" do refreshed = new_access.refresh! expect(new_access.class).to eq(refreshed.class) end - context 'with a nil refresh_token in the response' do - let(:refresh_body) { JSON.dump(access_token: 'refreshed_foo', expires_in: 600, refresh_token: nil) } + context "with a nil refresh_token in the response" do + let(:refresh_body) { JSON.dump(access_token: "refreshed_foo", expires_in: 600, refresh_token: nil) } - it 'copies the refresh_token from the original token' do + it "copies the refresh_token from the original token" do refreshed = access.refresh expect(refreshed.refresh_token).to eq(access.refresh_token) end end - context 'with a not-nil refresh_token in the response' do - let(:refresh_body) { JSON.dump(access_token: 'refreshed_foo', expires_in: 600, refresh_token: 'qerwer') } + context "with a not-nil refresh_token in the response" do + let(:refresh_body) { JSON.dump(access_token: "refreshed_foo", expires_in: 600, refresh_token: "qerwer") } - it 'copies the refresh_token from the original token' do + it "copies the refresh_token from the original token" do refreshed = access.refresh - expect(refreshed.token).to eq('refreshed_foo') - expect(refreshed.refresh_token).to eq('qerwer') + expect(refreshed.token).to eq("refreshed_foo") + expect(refreshed.refresh_token).to eq("qerwer") end end - context 'with a not-nil, not camel case, refresh_token in the response' do - let(:refresh_body) { JSON.dump(accessToken: 'refreshed_foo', expires_in: 600, refreshToken: 'qerwer') } + context "with a not-nil, not camel case, refresh_token in the response" do + let(:refresh_body) { JSON.dump(accessToken: "refreshed_foo", expires_in: 600, refreshToken: "qerwer") } - it 'copies the refresh_token from the original token' do + it "copies the refresh_token from the original token" do refreshed = access.refresh - expect(refreshed.token).to eq('refreshed_foo') - expect(refreshed.refresh_token).to eq('qerwer') + expect(refreshed.token).to eq("refreshed_foo") + expect(refreshed.refresh_token).to eq("qerwer") end end - context 'with a custom access_token_class' do + context "with a custom access_token_class" do let(:access_token_class) { NewAccessToken } - it 'returns a refresh token of NewAccessToken' do + it "returns a refresh token of NewAccessToken" do refreshed = access.refresh! expect(new_access.class).to eq(refreshed.class) @@ -734,23 +742,23 @@ def self.contains_token?(hash) end end - describe '#to_hash' do - it 'return a hash equal to the hash used to initialize access token' do - hash = {:access_token => token, :refresh_token => 'foobar', :expires_at => Time.now.to_i + 200, 'foo' => 'bar'} + describe "#to_hash" do + it "return a hash equal to the hash used to initialize access token" do + hash = {:access_token => token, :refresh_token => "foobar", :expires_at => Time.now.to_i + 200, "foo" => "bar"} access_token = described_class.from_hash(client, hash.clone) expect(access_token.to_hash).to eq(hash) end end - describe '#inspect' do - let(:inspect_result) { described_class.new(nil, 'secret-token', { refresh_token: 'secret-refresh-token' }).inspect } + describe "#inspect" do + let(:inspect_result) { described_class.new(nil, "secret-token", {refresh_token: "secret-refresh-token"}).inspect } - it 'filters out the @token value' do - expect(inspect_result).to include('@token=[FILTERED]') + it "filters out the @token value" do + expect(inspect_result).to include("@token=[FILTERED]") end - it 'filters out the @refresh_token value' do - expect(inspect_result).to include('@refresh_token=[FILTERED]') + it "filters out the @refresh_token value" do + expect(inspect_result).to include("@refresh_token=[FILTERED]") end end end diff --git a/spec/oauth2/authenticator_spec.rb b/spec/oauth2/authenticator_spec.rb index 158bc593..da40428c 100644 --- a/spec/oauth2/authenticator_spec.rb +++ b/spec/oauth2/authenticator_spec.rb @@ -5,128 +5,163 @@ described_class.new(client_id, client_secret, mode) end - let(:client_id) { 'foo' } - let(:client_secret) { 'bar' } + let(:client_id) { "foo" } + let(:client_secret) { "bar" } let(:mode) { :undefined } - it 'raises NotImplementedError for unknown authentication mode' do + it "raises NotImplementedError for unknown authentication mode" do expect { subject.apply({}) }.to raise_error(NotImplementedError) end - describe '#apply' do - context 'with parameter-based authentication' do + describe "#apply" do + context "with parameter-based authentication" do let(:mode) { :request_body } - it 'adds client_id and client_secret to params' do + it "adds client_id and client_secret to params" do output = subject.apply({}) - expect(output).to eq('client_id' => 'foo', 'client_secret' => 'bar') + expect(output).to eq("client_id" => "foo", "client_secret" => "bar") end - context 'when client_id nil' do + context "when client_id nil" do let(:client_id) { nil } - it 'ignores client_id, but adds client_secret to params' do + it "ignores client_id, but adds client_secret to params" do output = subject.apply({}) - expect(output).to eq('client_secret' => 'bar') + expect(output).to eq("client_secret" => "bar") end end - it 'does not overwrite existing credentials' do - input = {'client_secret' => 's3cr3t'} + it "does not overwrite existing credentials" do + input = {"client_secret" => "s3cr3t"} output = subject.apply(input) - expect(output).to eq('client_id' => 'foo', 'client_secret' => 's3cr3t') + expect(output).to eq("client_id" => "foo", "client_secret" => "s3cr3t") end - it 'preserves other parameters' do - input = {'state' => '42', :headers => {'A' => 'b'}} + it "preserves other parameters" do + input = {"state" => "42", :headers => {"A" => "b"}} output = subject.apply(input) expect(output).to eq( - 'client_id' => 'foo', - 'client_secret' => 'bar', - 'state' => '42', - :headers => {'A' => 'b'} + "client_id" => "foo", + "client_secret" => "bar", + "state" => "42", + :headers => {"A" => "b"}, ) end - context 'passing nil secret' do + context "passing nil secret" do let(:client_secret) { nil } - it 'does not set nil client_secret' do + it "does not set nil client_secret" do output = subject.apply({}) - expect(output).to eq('client_id' => 'foo') + expect(output).to eq("client_id" => "foo") end end - context 'using tls client authentication' do + context "using tls client authentication" do let(:mode) { :tls_client_auth } - it 'does not add client_secret' do + it "does not add client_secret" do output = subject.apply({}) - expect(output).to eq('client_id' => 'foo') + expect(output).to eq("client_id" => "foo") end end - context 'using private key jwt authentication' do + context "using private key jwt authentication" do let(:mode) { :private_key_jwt } - it 'does not include client_id or client_secret' do + it "does not include client_id or client_secret" do output = subject.apply({}) expect(output).to eq({}) end end end - context 'using tls_client_auth' do + context "using tls_client_auth" do let(:mode) { :tls_client_auth } - context 'when client_id present' do - let(:client_id) { 'foobar' } + context "when client_id present" do + let(:client_id) { "foobar" } - it 'adds client_id to params' do + it "adds client_id to params" do output = subject.apply({}) - expect(output).to eq('client_id' => 'foobar') + expect(output).to eq("client_id" => "foobar") end end - context 'when client_id nil' do + context "when client_id nil" do let(:client_id) { nil } - it 'ignores client_id for params' do + it "ignores client_id for params" do output = subject.apply({}) expect(output).to eq({}) end end end - context 'with Basic authentication' do + context "with Basic authentication" do let(:mode) { :basic_auth } let(:header) { "Basic #{Base64.strict_encode64("#{client_id}:#{client_secret}")}" } - it 'encodes credentials in headers' do + it "encodes credentials in headers" do output = subject.apply({}) - expect(output).to eq(headers: {'Authorization' => header}) + expect(output).to eq(headers: {"Authorization" => header}) end - it 'does not overwrite existing credentials' do - input = {headers: {'Authorization' => 'Bearer abc123'}} + it "does not overwrite existing credentials" do + input = {headers: {"Authorization" => "Bearer abc123"}} output = subject.apply(input) - expect(output).to eq(headers: {'Authorization' => 'Bearer abc123'}) + expect(output).to eq(headers: {"Authorization" => "Bearer abc123"}) end - it 'does not overwrite existing params or headers' do - input = {'state' => '42', :headers => {'A' => 'b'}} + it "does not overwrite existing params or headers" do + input = {"state" => "42", :headers => {"A" => "b"}} output = subject.apply(input) expect(output).to eq( - 'state' => '42', - :headers => {'A' => 'b', 'Authorization' => header} + "state" => "42", + :headers => {"A" => "b", "Authorization" => header}, ) end end end - describe '#inspect' do - it 'filters out the @secret value' do - expect(subject.inspect).to include('@secret=[FILTERED]') + describe "#inspect" do + it "filters secret by default" do + expect(described_class.filtered_attribute_names).to include(:secret) + end + it "filters out the @secret value" do + expect(subject.inspect).to include("@secret=[FILTERED]") + end + + context "when filter is changed" do + before do + @original_filter = described_class.filtered_attribute_names + described_class.filtered_attributes :vanilla + end + it "changes the filter" do + expect(described_class.filtered_attribute_names).to eq([:vanilla]) + end + it "does not filter out the @secret value" do + expect(subject.inspect).to include("@secret=\"bar\"") + end + after do + described_class.filtered_attributes(*@original_filter) + end + end + + context "when filter is empty" do + before do + @original_filter = described_class.filtered_attribute_names + described_class.filtered_attributes + end + it "changes the filter" do + expect(described_class.filtered_attribute_names).to eq([]) + end + it "does not filter out the @secret value" do + expect(subject.inspect).to include("@secret=\"bar\"") + end + after do + described_class.filtered_attributes(*@original_filter) + end end end end diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index d87d61ec..8855827f 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -1,129 +1,129 @@ # coding: utf-8 # frozen_string_literal: true -require 'nkf' +require "nkf" RSpec.describe OAuth2::Client do subject(:instance) do - described_class.new('abc', 'def', {site: 'https://api.example.com/'}.merge(options)) do |builder| + described_class.new("abc", "def", {site: "https://api.example.com/"}.merge(options)) do |builder| builder.adapter :test do |stub| - stub.get('/success') { |_env| [200, {'Content-Type' => 'text/awesome'}, 'yay'] } - stub.get('/reflect') { |env| [200, {}, env[:body]] } - stub.post('/reflect') { |env| [200, {}, env[:body]] } - stub.get('/unauthorized') { |_env| [401, {'Content-Type' => 'application/json'}, JSON.dump(error: error_value, error_description: error_description_value)] } - stub.get('/conflict') { |_env| [409, {'Content-Type' => 'text/plain'}, 'not authorized'] } - stub.get('/redirect') { |_env| [302, {'Content-Type' => 'text/plain', 'location' => '/success'}, ''] } - stub.get('/redirect_no_loc') { |_env| [302, {'Content-Type' => 'text/plain'}, ''] } - stub.post('/redirect') { |_env| [303, {'Content-Type' => 'text/plain', 'location' => '/reflect'}, ''] } - stub.get('/error') { |_env| [500, {'Content-Type' => 'text/plain'}, 'unknown error'] } - stub.get('/unparsable_error') { |_env| [500, {'Content-Type' => 'application/json'}, 'unknown error'] } - stub.get('/empty_get') { |_env| [204, {}, nil] } - stub.get('/different_encoding') { |_env| [500, {'Content-Type' => 'application/json'}, NKF.nkf('-We', JSON.dump(error: error_value, error_description: '∞'))] } - stub.get('/ascii_8bit_encoding') { |_env| [500, {'Content-Type' => 'application/json'}, JSON.dump(error: 'invalid_request', error_description: 'é').force_encoding('ASCII-8BIT')] } - stub.get('/unhandled_status') { |_env| [600, {}, nil] } + stub.get("/success") { |_env| [200, {"Content-Type" => "text/awesome"}, "yay"] } + stub.get("/reflect") { |env| [200, {}, env[:body]] } + stub.post("/reflect") { |env| [200, {}, env[:body]] } + stub.get("/unauthorized") { |_env| [401, {"Content-Type" => "application/json"}, JSON.dump(error: error_value, error_description: error_description_value)] } + stub.get("/conflict") { |_env| [409, {"Content-Type" => "text/plain"}, "not authorized"] } + stub.get("/redirect") { |_env| [302, {"Content-Type" => "text/plain", "location" => "/success"}, ""] } + stub.get("/redirect_no_loc") { |_env| [302, {"Content-Type" => "text/plain"}, ""] } + stub.post("/redirect") { |_env| [303, {"Content-Type" => "text/plain", "location" => "/reflect"}, ""] } + stub.get("/error") { |_env| [500, {"Content-Type" => "text/plain"}, "unknown error"] } + stub.get("/unparsable_error") { |_env| [500, {"Content-Type" => "application/json"}, "unknown error"] } + stub.get("/empty_get") { |_env| [204, {}, nil] } + stub.get("/different_encoding") { |_env| [500, {"Content-Type" => "application/json"}, NKF.nkf("-We", JSON.dump(error: error_value, error_description: "∞"))] } + stub.get("/ascii_8bit_encoding") { |_env| [500, {"Content-Type" => "application/json"}, JSON.dump(error: "invalid_request", error_description: "é").force_encoding("ASCII-8BIT")] } + stub.get("/unhandled_status") { |_env| [600, {}, nil] } end end end - let!(:error_value) { 'invalid_token' } - let!(:error_description_value) { 'bad bad token' } + let!(:error_value) { "invalid_token" } + let!(:error_description_value) { "bad bad token" } let(:options) { {} } - describe '#initialize' do - it 'assigns id and secret' do - expect(subject.id).to eq('abc') - expect(subject.secret).to eq('def') + describe "#initialize" do + it "assigns id and secret" do + expect(subject.id).to eq("abc") + expect(subject.secret).to eq("def") end - it 'assigns site from the options hash' do - expect(subject.site).to eq('https://api.example.com/') + it "assigns site from the options hash" do + expect(subject.site).to eq("https://api.example.com/") end - it 'assigns Faraday::Connection#host' do - expect(subject.connection.host).to eq('api.example.com') + it "assigns Faraday::Connection#host" do + expect(subject.connection.host).to eq("api.example.com") end - it 'leaves Faraday::Connection#ssl unset' do + it "leaves Faraday::Connection#ssl unset" do expect(subject.connection.ssl).to be_empty end - it 'is able to pass a block to configure the connection' do - builder = double('builder') + it "is able to pass a block to configure the connection" do + builder = double("builder") allow(Faraday).to receive(:new).and_yield(builder) allow(builder).to receive(:response) expect(builder).to receive(:adapter).with(:test) - described_class.new('abc', 'def') do |client| + described_class.new("abc", "def") do |client| client.adapter :test end.connection end - it 'defaults raise_errors to true' do + it "defaults raise_errors to true" do expect(subject.options[:raise_errors]).to be true end - it 'allows true/false for raise_errors option' do - client = described_class.new('abc', 'def', site: 'https://api.example.com/', raise_errors: false) + it "allows true/false for raise_errors option" do + client = described_class.new("abc", "def", site: "https://api.example.com/", raise_errors: false) expect(client.options[:raise_errors]).to be false - client = described_class.new('abc', 'def', site: 'https://api.example.com/', raise_errors: true) + client = described_class.new("abc", "def", site: "https://api.example.com/", raise_errors: true) expect(client.options[:raise_errors]).to be true end - it 'allows override of raise_errors option' do - client = described_class.new('abc', 'def', site: 'https://api.example.com/', raise_errors: true) do |builder| + it "allows override of raise_errors option" do + client = described_class.new("abc", "def", site: "https://api.example.com/", raise_errors: true) do |builder| builder.adapter :test do |stub| - stub.get('/notfound') { |_env| [404, {}, nil] } + stub.get("/notfound") { |_env| [404, {}, nil] } end end expect(client.options[:raise_errors]).to be true - expect { client.request(:get, '/notfound') }.to raise_error(OAuth2::Error) - response = client.request(:get, '/notfound', raise_errors: false) + expect { client.request(:get, "/notfound") }.to raise_error(OAuth2::Error) + response = client.request(:get, "/notfound", raise_errors: false) expect(response.status).to eq(404) end - it 'allows get/post for access_token_method option' do - client = described_class.new('abc', 'def', site: 'https://api.example.com/', access_token_method: :get) + it "allows get/post for access_token_method option" do + client = described_class.new("abc", "def", site: "https://api.example.com/", access_token_method: :get) expect(client.options[:access_token_method]).to eq(:get) - client = described_class.new('abc', 'def', site: 'https://api.example.com/', access_token_method: :post) + client = described_class.new("abc", "def", site: "https://api.example.com/", access_token_method: :post) expect(client.options[:access_token_method]).to eq(:post) end - it 'does not mutate the opts hash argument' do - opts = {site: 'http://example.com/'} + it "does not mutate the opts hash argument" do + opts = {site: "http://example.com/"} opts2 = opts.dup - described_class.new 'abc', 'def', opts + described_class.new "abc", "def", opts expect(opts).to eq(opts2) end - it 'raises exception if JSON is expected, but server returns invalid JSON' do + it "raises exception if JSON is expected, but server returns invalid JSON" do client = instance - expect { client.request(:get, '/unparsable_error') }.to raise_error(JSON::ParserError) - response = client.request(:get, '/unparsable_error', raise_errors: false) + expect { client.request(:get, "/unparsable_error") }.to raise_error(JSON::ParserError) + response = client.request(:get, "/unparsable_error", raise_errors: false) expect(response.status).to eq(500) end end - describe '#site=(val)' do + describe "#site=(val)" do subject(:site) { instance.site = new_site } let(:options) do - {site: 'https://example.com/blog'} + {site: "https://example.com/blog"} end - let(:new_site) { 'https://example.com/sharpie' } + let(:new_site) { "https://example.com/sharpie" } - it 'sets site' do - block_is_expected.to change(instance, :site).from('https://example.com/blog').to('https://example.com/sharpie') + it "sets site" do + block_is_expected.to change(instance, :site).from("https://example.com/blog").to("https://example.com/sharpie") end - context 'with connection' do + context "with connection" do before do instance.connection end - it 'allows connection to reset with new url prefix' do - block_is_expected.to change { instance.connection.url_prefix }.from(URI('https://example.com/blog')).to(URI('https://example.com/sharpie')) + it "allows connection to reset with new url prefix" do + block_is_expected.to change { instance.connection.url_prefix }.from(URI("https://example.com/blog")).to(URI("https://example.com/sharpie")) end end end @@ -135,237 +135,237 @@ end it "is settable via the :#{url_type}_url option" do - subject.options[:"#{url_type}_url"] = '/oauth/custom' - expect(subject.send("#{url_type}_url")).to eq('https://api.example.com/oauth/custom') + subject.options[:"#{url_type}_url"] = "/oauth/custom" + expect(subject.send("#{url_type}_url")).to eq("https://api.example.com/oauth/custom") end - it 'allows a different host than the site' do - subject.options[:"#{url_type}_url"] = 'https://api.foo.com/oauth/custom' - expect(subject.send("#{url_type}_url")).to eq('https://api.foo.com/oauth/custom') + it "allows a different host than the site" do + subject.options[:"#{url_type}_url"] = "https://api.foo.com/oauth/custom" + expect(subject.send("#{url_type}_url")).to eq("https://api.foo.com/oauth/custom") end - context 'when a URL with path is used in the site' do + context "when a URL with path is used in the site" do let(:options) do - {site: 'https://example.com/blog'} + {site: "https://example.com/blog"} end - it 'generates an authorization URL relative to the site' do + it "generates an authorization URL relative to the site" do expect(subject.send("#{url_type}_url")).to eq("https://example.com/blog/oauth/#{url_type}") end end end end - describe ':redirect_uri option' do + describe ":redirect_uri option" do let(:auth_code_params) do { - 'client_id' => 'abc', - 'client_secret' => 'def', - 'code' => 'code', - 'grant_type' => 'authorization_code', + "client_id" => "abc", + "client_secret" => "def", + "code" => "code", + "grant_type" => "authorization_code", } end - context 'when blank' do - it 'there is no redirect_uri param added to authorization URL' do - expect(subject.authorize_url('https://github.com/a'%20=%3E%20'b')).to eq('https://api.example.com/oauth/authorize?a=b') + context "when blank" do + it "there is no redirect_uri param added to authorization URL" do + expect(subject.authorize_url("https://github.com/a%22%20=%3E%20%22b")).to eq("https://api.example.com/oauth/authorize?a=b") end - it 'does not add the redirect_uri param to the auth_code token exchange request' do - client = described_class.new('abc', 'def', site: 'https://api.example.com/', auth_scheme: :request_body) do |builder| + it "does not add the redirect_uri param to the auth_code token exchange request" do + client = described_class.new("abc", "def", site: "https://api.example.com/", auth_scheme: :request_body) do |builder| builder.adapter :test do |stub| - stub.post('/oauth/token', auth_code_params) do - [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] + stub.post("/oauth/token", auth_code_params) do + [200, {"Content-Type" => "application/json"}, '{"access_token":"token"}'] end end end - client.auth_code.get_token('code') + client.auth_code.get_token("code") end end - context 'when set' do - before { subject.options[:redirect_uri] = 'https://site.com/oauth/callback' } + context "when set" do + before { subject.options[:redirect_uri] = "https://site.com/oauth/callback" } - it 'adds the redirect_uri param to authorization URL' do - expect(subject.authorize_url('https://github.com/a'%20=%3E%20'b')).to eq('https://api.example.com/oauth/authorize?a=b&redirect_uri=https%3A%2F%2Fsite.com%2Foauth%2Fcallback') + it "adds the redirect_uri param to authorization URL" do + expect(subject.authorize_url("https://github.com/a%22%20=%3E%20%22b")).to eq("https://api.example.com/oauth/authorize?a=b&redirect_uri=https%3A%2F%2Fsite.com%2Foauth%2Fcallback") end - it 'adds the redirect_uri param to the auth_code token exchange request' do - client = described_class.new('abc', 'def', redirect_uri: 'https://site.com/oauth/callback', site: 'https://api.example.com/', auth_scheme: :request_body) do |builder| + it "adds the redirect_uri param to the auth_code token exchange request" do + client = described_class.new("abc", "def", redirect_uri: "https://site.com/oauth/callback", site: "https://api.example.com/", auth_scheme: :request_body) do |builder| builder.adapter :test do |stub| - stub.post('/oauth/token', auth_code_params.merge('redirect_uri' => 'https://site.com/oauth/callback')) do - [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] + stub.post("/oauth/token", auth_code_params.merge("redirect_uri" => "https://site.com/oauth/callback")) do + [200, {"Content-Type" => "application/json"}, '{"access_token":"token"}'] end end end - client.auth_code.get_token('code') + client.auth_code.get_token("code") end end - describe 'custom headers' do - context 'string key headers' do - it 'adds the custom headers to request' do - client = described_class.new('abc', 'def', site: 'https://api.example.com/', auth_scheme: :request_body) do |builder| + describe "custom headers" do + context "string key headers" do + it "adds the custom headers to request" do + client = described_class.new("abc", "def", site: "https://api.example.com/", auth_scheme: :request_body) do |builder| builder.adapter :test do |stub| - stub.post('/oauth/token') do |env| - expect(env.request_headers).to include('CustomHeader' => 'CustomHeader') - [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] + stub.post("/oauth/token") do |env| + expect(env.request_headers).to include("CustomHeader" => "CustomHeader") + [200, {"Content-Type" => "application/json"}, '{"access_token":"token"}'] end end end - header_params = {'headers' => {'CustomHeader' => 'CustomHeader'}} - client.auth_code.get_token('code', header_params) + header_params = {"headers" => {"CustomHeader" => "CustomHeader"}} + client.auth_code.get_token("code", header_params) end end - context 'symbol key headers' do - it 'adds the custom headers to request' do - client = described_class.new('abc', 'def', site: 'https://api.example.com/', auth_scheme: :request_body) do |builder| + context "symbol key headers" do + it "adds the custom headers to request" do + client = described_class.new("abc", "def", site: "https://api.example.com/", auth_scheme: :request_body) do |builder| builder.adapter :test do |stub| - stub.post('/oauth/token') do |env| - expect(env.request_headers).to include('CustomHeader' => 'CustomHeader') - [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] + stub.post("/oauth/token") do |env| + expect(env.request_headers).to include("CustomHeader" => "CustomHeader") + [200, {"Content-Type" => "application/json"}, '{"access_token":"token"}'] end end end - header_params = {headers: {'CustomHeader' => 'CustomHeader'}} - client.auth_code.get_token('code', header_params) + header_params = {headers: {"CustomHeader" => "CustomHeader"}} + client.auth_code.get_token("code", header_params) end end - context 'string key custom headers with basic auth' do - it 'adds the custom headers to request' do - client = described_class.new('abc', 'def', site: 'https://api.example.com/') do |builder| + context "string key custom headers with basic auth" do + it "adds the custom headers to request" do + client = described_class.new("abc", "def", site: "https://api.example.com/") do |builder| builder.adapter :test do |stub| - stub.post('/oauth/token') do |env| - expect(env.request_headers).to include('CustomHeader' => 'CustomHeader') - [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] + stub.post("/oauth/token") do |env| + expect(env.request_headers).to include("CustomHeader" => "CustomHeader") + [200, {"Content-Type" => "application/json"}, '{"access_token":"token"}'] end end end - header_params = {'headers' => {'CustomHeader' => 'CustomHeader'}} - client.auth_code.get_token('code', header_params) + header_params = {"headers" => {"CustomHeader" => "CustomHeader"}} + client.auth_code.get_token("code", header_params) end end - context 'symbol key custom headers with basic auth' do - it 'adds the custom headers to request' do - client = described_class.new('abc', 'def', site: 'https://api.example.com/') do |builder| + context "symbol key custom headers with basic auth" do + it "adds the custom headers to request" do + client = described_class.new("abc", "def", site: "https://api.example.com/") do |builder| builder.adapter :test do |stub| - stub.post('/oauth/token') do |env| - expect(env.request_headers).to include('CustomHeader' => 'CustomHeader') - [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] + stub.post("/oauth/token") do |env| + expect(env.request_headers).to include("CustomHeader" => "CustomHeader") + [200, {"Content-Type" => "application/json"}, '{"access_token":"token"}'] end end end - header_params = {headers: {'CustomHeader' => 'CustomHeader'}} - client.auth_code.get_token('code', header_params) + header_params = {headers: {"CustomHeader" => "CustomHeader"}} + client.auth_code.get_token("code", header_params) end end end end - describe '#connection' do - context 'when debugging' do - include_context 'with stubbed env' + describe "#connection" do + context "when debugging" do + include_context "with stubbed env" before do - stub_env('OAUTH_DEBUG' => debug_value) + stub_env("OAUTH_DEBUG" => debug_value) end - context 'when OAUTH_DEBUG=true' do - let(:debug_value) { 'true' } + context "when OAUTH_DEBUG=true" do + let(:debug_value) { "true" } - it 'smoothly handles successive requests' do + it "smoothly handles successive requests" do silence_all do # first request (always goes smoothly) - subject.request(:get, '/success') + subject.request(:get, "/success") end expect do # second request (used to throw Faraday::RackBuilder::StackLocked) - subject.request(:get, '/success') + subject.request(:get, "/success") end.not_to raise_error end - it 'prints both request and response bodies to STDOUT' do + it "prints both request and response bodies to STDOUT" do printed = capture(:stdout) do - subject.request(:get, '/success') - subject.request(:get, '/reflect', body: 'this is magical') + subject.request(:get, "/success") + subject.request(:get, "/reflect", body: "this is magical") end - expect(printed).to match 'request: GET https://api.example.com/success' - expect(printed).to match 'response: Content-Type:' - expect(printed).to match 'response: yay' - expect(printed).to match 'request: this is magical' - expect(printed).to match 'response: this is magical' + expect(printed).to match "request: GET https://api.example.com/success" + expect(printed).to match "response: Content-Type:" + expect(printed).to match "response: yay" + expect(printed).to match "request: this is magical" + expect(printed).to match "response: this is magical" end end - context 'when OAUTH_DEBUG=false' do - let(:debug_value) { 'false' } + context "when OAUTH_DEBUG=false" do + let(:debug_value) { "false" } - it 'smoothly handles successive requests' do + it "smoothly handles successive requests" do silence_all do # first request (always goes smoothly) - subject.request(:get, '/success') + subject.request(:get, "/success") end expect do # second request (used to throw Faraday::RackBuilder::StackLocked) - subject.request(:get, '/success') + subject.request(:get, "/success") end.not_to raise_error end - it 'prints nothing to STDOUT' do + it "prints nothing to STDOUT" do printed = capture(:stdout) do - subject.request(:get, '/success') - subject.request(:get, '/reflect', body: 'this is magical') + subject.request(:get, "/success") + subject.request(:get, "/reflect", body: "this is magical") end - expect(printed).to eq '' + expect(printed).to eq "" end end end end - describe '#authorize_url' do + describe "#authorize_url" do subject { instance.authorize_url(https://github.com/params) } - context 'when space included' do + context "when space included" do let(:params) do - {scope: 'email profile'} + {scope: "email profile"} end - it 'encoded as %20' do - expect(subject).to include 'email%20profile' + it "encoded as %20" do + expect(subject).to include "email%20profile" end end end - describe '#request' do - it 'works with a null response body' do - expect(subject.request(:get, 'empty_get').body).to eq('') + describe "#request" do + it "works with a null response body" do + expect(subject.request(:get, "empty_get").body).to eq("") end - it 'returns on a successful response' do - response = subject.request(:get, '/success') - expect(response.body).to eq('yay') + it "returns on a successful response" do + response = subject.request(:get, "/success") + expect(response.body).to eq("yay") expect(response.status).to eq(200) - expect(response.headers).to eq('Content-Type' => 'text/awesome') + expect(response.headers).to eq("Content-Type" => "text/awesome") end - context 'with ENV' do - include_context 'with stubbed env' - context 'when OAUTH_DEBUG=true' do + context "with ENV" do + include_context "with stubbed env" + context "when OAUTH_DEBUG=true" do before do - stub_env('OAUTH_DEBUG' => 'true') + stub_env("OAUTH_DEBUG" => "true") end - it 'outputs to $stdout when OAUTH_DEBUG=true' do + it "outputs to $stdout when OAUTH_DEBUG=true" do output = capture(:stdout) do - subject.request(:get, '/success') + subject.request(:get, "/success") end logs = [ - 'request: GET https://api.example.com/success', - 'response: Status 200', + "request: GET https://api.example.com/success", + "response: Status 200", 'response: Content-Type: "text/awesome"', ] expect(output).to include(*logs) @@ -373,62 +373,62 @@ end end - it 'posts a body' do - response = subject.request(:post, '/reflect', body: 'foo=bar') - expect(response.body).to eq('foo=bar') + it "posts a body" do + response = subject.request(:post, "/reflect", body: "foo=bar") + expect(response.body).to eq("foo=bar") end - it 'follows redirects properly' do - response = subject.request(:get, '/redirect') - expect(response.body).to eq('yay') + it "follows redirects properly" do + response = subject.request(:get, "/redirect") + expect(response.body).to eq("yay") expect(response.status).to eq(200) - expect(response.headers).to eq('Content-Type' => 'text/awesome') - expect(response.response.env.url.to_s).to eq('https://api.example.com/success') + expect(response.headers).to eq("Content-Type" => "text/awesome") + expect(response.response.env.url.to_s).to eq("https://api.example.com/success") end - it 'redirects using GET on a 303' do - response = subject.request(:post, '/redirect', body: 'foo=bar') + it "redirects using GET on a 303" do + response = subject.request(:post, "/redirect", body: "foo=bar") expect(response.body).to be_empty expect(response.status).to eq(200) - expect(response.response.env.url.to_s).to eq('https://api.example.com/reflect') + expect(response.response.env.url.to_s).to eq("https://api.example.com/reflect") end - it 'raises an error if a redirect has no Location header' do - expect { subject.request(:get, '/redirect_no_loc') }.to raise_error(OAuth2::Error, 'Got 302 status code, but no Location header was present') + it "raises an error if a redirect has no Location header" do + expect { subject.request(:get, "/redirect_no_loc") }.to raise_error(OAuth2::Error, "Got 302 status code, but no Location header was present") end - it 'obeys the :max_redirects option' do + it "obeys the :max_redirects option" do max_redirects = subject.options[:max_redirects] subject.options[:max_redirects] = 0 - response = subject.request(:get, '/redirect') + response = subject.request(:get, "/redirect") expect(response.status).to eq(302) subject.options[:max_redirects] = max_redirects end - it 'returns if raise_errors is false' do + it "returns if raise_errors is false" do subject.options[:raise_errors] = false - response = subject.request(:get, '/unauthorized') + response = subject.request(:get, "/unauthorized") expect(response.status).to eq(401) - expect(response.headers).to eq('Content-Type' => 'application/json') + expect(response.headers).to eq("Content-Type" => "application/json") end %w[/unauthorized /conflict /error /different_encoding /ascii_8bit_encoding].each do |error_path| it "raises OAuth2::Error on error response to path #{error_path}" do - pending_for(engine: 'jruby', reason: 'https://github.com/jruby/jruby/issues/4921') if error_path == '/different_encoding' + pending_for(engine: "jruby", reason: "https://github.com/jruby/jruby/issues/4921") if error_path == "/different_encoding" expect { subject.request(:get, error_path) }.to raise_error(OAuth2::Error) end end - it 're-encodes response body in the error message' do - expect { subject.request(:get, '/ascii_8bit_encoding') }.to raise_error do |ex| + it "re-encodes response body in the error message" do + expect { subject.request(:get, "/ascii_8bit_encoding") }.to raise_error do |ex| expect(ex.message).to eq("invalid_request: é\n{\"error\":\"invalid_request\",\"error_description\":\"��\"}") - expect(ex.message.encoding.name).to eq('UTF-8') + expect(ex.message.encoding.name).to eq("UTF-8") end end - it 'parses OAuth2 standard error response' do - expect { subject.request(:get, '/unauthorized') }.to raise_error do |ex| + it "parses OAuth2 standard error response" do + expect { subject.request(:get, "/unauthorized") }.to raise_error do |ex| expect(ex.code).to eq(error_value) expect(ex.description).to eq(error_description_value) expect(ex.to_s).to match(/#{error_value}/) @@ -436,257 +436,254 @@ end end - it 'provides the response in the Exception' do - expect { subject.request(:get, '/error') }.to raise_error do |ex| + it "provides the response in the Exception" do + expect { subject.request(:get, "/error") }.to raise_error do |ex| expect(ex.response).not_to be_nil expect(ex.to_s).to match(/unknown error/) end end - it 'informs about unhandled status code' do - expect { subject.request(:get, '/unhandled_status') }.to raise_error do |ex| + it "informs about unhandled status code" do + expect { subject.request(:get, "/unhandled_status") }.to raise_error do |ex| expect(ex.response).not_to be_nil expect(ex.to_s).to match(/Unhandled status code value of 600/) end end - context 'when errors are raised by Faraday' do + context "when errors are raised by Faraday" do let(:connection) { instance_double(Faraday::Connection, build_url: double) } before do allow(connection).to( - receive(:run_request).and_raise(faraday_exception) + receive(:run_request).and_raise(faraday_exception), ) allow(subject).to receive(:connection).and_return(connection) # rubocop:disable RSpec/SubjectStub end - shared_examples 'failed connection handler' do - it 'rescues the exception' do - expect { subject.request(:get, '/redirect') }.to raise_error do |e| + shared_examples "failed connection handler" do + it "rescues the exception" do + expect { subject.request(:get, "/redirect") }.to raise_error do |e| expect(e.class).to eq(expected_exception) expect(e.message).to eq(faraday_exception.message) end end end - context 'with Faraday::ConnectionFailed' do - let(:faraday_exception) { Faraday::ConnectionFailed.new('fail') } + context "with Faraday::ConnectionFailed" do + let(:faraday_exception) { Faraday::ConnectionFailed.new("fail") } let(:expected_exception) { OAuth2::ConnectionError } - it_behaves_like 'failed connection handler' + it_behaves_like "failed connection handler" end - context 'with Faraday::TimeoutError' do - let(:faraday_exception) { Faraday::TimeoutError.new('timeout') } + context "with Faraday::TimeoutError" do + let(:faraday_exception) { Faraday::TimeoutError.new("timeout") } let(:expected_exception) { OAuth2::TimeoutError } - it_behaves_like 'failed connection handler' + it_behaves_like "failed connection handler" end end end - describe '#get_token' do - it 'returns a configured AccessToken' do + describe "#get_token" do + it "returns a configured AccessToken" do client = stubbed_client do |stub| - stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + stub.post("/oauth/token") do + [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] end end token = client.get_token({}) expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq('the-token') + expect(token.token).to eq("the-token") end - context 'when parse: :automatic' do - it 'returns a configured AccessToken' do + context "when parse: :automatic" do + it "returns a configured AccessToken" do client = stubbed_client do |stub| - stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + stub.post("/oauth/token") do + [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] end end token = client.get_token(parse: :automatic) expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq('the-token') + expect(token.token).to eq("the-token") end end - context 'when parse: :xml but response is JSON' do - it 'returns a configured AccessToken' do + context "when parse: :xml but response is JSON" do + it "returns a configured AccessToken" do client = stubbed_client do |stub| - stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + stub.post("/oauth/token") do + [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] end end - expect { client.get_token(parse: :xml) }.to raise_error( - MultiXml::ParseError, - 'The document "{\"access_token\":\"the-token\"}" does not have a valid root' - ) + expect { client.get_token(parse: :xml) }.to raise_error(MultiXml::ParseError) end end - context 'when parse is fuzzed' do - it 'returns a configured AccessToken' do + context "when parse is fuzzed" do + it "returns a configured AccessToken" do client = stubbed_client do |stub| - stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + stub.post("/oauth/token") do + [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] end end - token = client.get_token(parse: 'random') + token = client.get_token(parse: "random") expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq('the-token') + expect(token.token).to eq("the-token") end end - context 'when parse is correct' do - it 'returns a configured AccessToken' do + context "when parse is correct" do + it "returns a configured AccessToken" do client = stubbed_client do |stub| - stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + stub.post("/oauth/token") do + [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] end end token = client.get_token(parse: :json) expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq('the-token') + expect(token.token).to eq("the-token") end end - context 'when snaky is falsy, but response is snaky' do - it 'returns a configured AccessToken' do + context "when snaky is falsy, but response is snaky" do + it "returns a configured AccessToken" do client = stubbed_client do |stub| - stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + stub.post("/oauth/token") do + [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] end end token = client.get_token(snaky: false) expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq('the-token') - expect(token.response.parsed.to_h).to eq('access_token' => 'the-token') + expect(token.token).to eq("the-token") + expect(token.response.parsed.to_h).to eq("access_token" => "the-token") end end - context 'when snaky is falsy, but response is not snaky' do - it 'returns a configured AccessToken' do + context "when snaky is falsy, but response is not snaky" do + it "returns a configured AccessToken" do client = stubbed_client do |stub| - stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, JSON.dump('accessToken' => 'the-token')] + stub.post("/oauth/token") do + [200, {"Content-Type" => "application/json"}, JSON.dump("accessToken" => "the-token")] end end - token = client.get_token({snaky: false}, {param_name: 'accessToken'}) + token = client.get_token({snaky: false}, {param_name: "accessToken"}) expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq('the-token') - expect(token.response.parsed.to_h).to eq('accessToken' => 'the-token') + expect(token.token).to eq("the-token") + expect(token.response.parsed.to_h).to eq("accessToken" => "the-token") end end - it 'authenticates with request parameters' do + it "authenticates with request parameters" do client = stubbed_client(auth_scheme: :request_body) do |stub| - stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def') do |_env| - [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + stub.post("/oauth/token", "client_id" => "abc", "client_secret" => "def") do |_env| + [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] end end client.get_token({}) end - it 'authenticates with Basic auth' do + it "authenticates with Basic auth" do client = stubbed_client(auth_scheme: :basic_auth) do |stub| - stub.post('/oauth/token') do |env| - raise Faraday::Adapter::Test::Stubs::NotFound unless env[:request_headers]['Authorization'] == OAuth2::Authenticator.encode_basic_auth('abc', 'def') + stub.post("/oauth/token") do |env| + raise Faraday::Adapter::Test::Stubs::NotFound unless env[:request_headers]["Authorization"] == OAuth2::Authenticator.encode_basic_auth("abc", "def") - [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] end end client.get_token({}) end - it 'authenticates with JSON' do + it "authenticates with JSON" do client = stubbed_client(auth_scheme: :basic_auth) do |stub| - stub.post('/oauth/token') do |env| - [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + stub.post("/oauth/token") do |env| + [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] end end - client.get_token(headers: {'Content-Type' => 'application/json'}) + client.get_token(headers: {"Content-Type" => "application/json"}) end - it 'sets the response object on the access token' do + it "sets the response object on the access token" do client = stubbed_client do |stub| - stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + stub.post("/oauth/token") do + [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] end end token = client.get_token({}) expect(token.response).to be_a OAuth2::Response - expect(token.response.parsed).to eq('access_token' => 'the-token') + expect(token.response.parsed).to eq("access_token" => "the-token") end - context 'when the :raise_errors flag is set to false' do + context "when the :raise_errors flag is set to false" do let(:body) { nil } let(:status_code) { 500 } - let(:content_type) { 'application/json' } + let(:content_type) { "application/json" } let(:client) do stubbed_client(raise_errors: false) do |stub| - stub.post('/oauth/token') do - [status_code, {'Content-Type' => content_type}, body] + stub.post("/oauth/token") do + [status_code, {"Content-Type" => content_type}, body] end end end - context 'when the request body is nil' do + context "when the request body is nil" do subject(:get_token) { client.get_token({}) } - it 'raises error JSON::ParserError' do + it "raises error JSON::ParserError" do block_is_expected { get_token }.to raise_error(JSON::ParserError) end - context 'when extract_access_token raises an exception' do + context "when extract_access_token raises an exception" do let(:status_code) { 200 } let(:extract_proc) { proc { |client, hash| raise ArgumentError } } - it 'returns a nil :access_token' do + it "returns a nil :access_token" do expect(client.get_token({}, {}, extract_proc)).to eq(nil) end end end - context 'when status code is 200' do + context "when status code is 200" do let(:status_code) { 200 } - context 'when the request body is not nil' do - let(:body) { JSON.dump('access_token' => 'the-token') } + context "when the request body is not nil" do + let(:body) { JSON.dump("access_token" => "the-token") } - it 'returns the parsed :access_token from body' do + it "returns the parsed :access_token from body" do token = client.get_token({}) expect(token.response).to be_a OAuth2::Response - expect(token.response.parsed).to eq('access_token' => 'the-token') + expect(token.response.parsed).to eq("access_token" => "the-token") end end - context 'when Content-Type is not JSON' do - let(:content_type) { 'text/plain' } - let(:body) { 'hello world' } + context "when Content-Type is not JSON" do + let(:content_type) { "text/plain" } + let(:body) { "hello world" } - it 'returns the parsed :access_token from body' do + it "returns the parsed :access_token from body" do expect(client.get_token({})).to be_nil end end end end - describe 'with custom access_token_class option' do + describe "with custom access_token_class option" do let(:options) { {access_token_class: CustomAccessToken} } - let(:payload) { {'custom_token' => 'the-token'} } - let(:content_type) { 'application/json' } + let(:payload) { {"custom_token" => "the-token"} } + let(:content_type) { "application/json" } let(:client) do stubbed_client(options) do |stub| - stub.post('/oauth/token') do - [200, {'Content-Type' => content_type}, JSON.dump(payload)] + stub.post("/oauth/token") do + [200, {"Content-Type" => content_type}, JSON.dump(payload)] end end end @@ -696,96 +693,96 @@ attr_accessor :response def self.from_hash(client, hash) - new(client, hash.delete('custom_token')) + new(client, hash.delete("custom_token")) end def self.contains_token?(hash) - hash.key?('custom_token') + hash.key?("custom_token") end end - stub_const('CustomAccessToken', custom_class) + stub_const("CustomAccessToken", custom_class) end - it 'returns the parsed :custom_token from body' do + it "returns the parsed :custom_token from body" do client.get_token({}) end - context 'when the :raise_errors flag is set to true' do + context "when the :raise_errors flag is set to true" do let(:options) { {access_token_class: CustomAccessToken, raise_errors: true} } let(:payload) { {} } - it 'raises an error' do + it "raises an error" do expect { client.get_token({}) }.to raise_error(OAuth2::Error) end - context 'when the legacy extract_access_token' do + context "when the legacy extract_access_token" do let(:extract_access_token) do proc do |client, hash| - token = hash['data']['access_token'] + token = hash["data"]["access_token"] OAuth2::AccessToken.new(client, token, hash) end end let(:options) { {raise_errors: true} } let(:payload) { {} } - it 'raises an error' do + it "raises an error" do expect { client.get_token({}, {}, extract_access_token) }.to raise_error(OAuth2::Error) end end end - context 'when status code is 200' do + context "when status code is 200" do let(:status_code) { 200 } - context 'when the request body is blank' do + context "when the request body is blank" do let(:payload) { {} } - it 'raises an error' do + it "raises an error" do expect { client.get_token({}) }.to raise_error(OAuth2::Error) end end - context 'when Content-Type is not JSON' do - let(:content_type) { 'text/plain' } - let(:body) { 'hello world' } + context "when Content-Type is not JSON" do + let(:content_type) { "text/plain" } + let(:body) { "hello world" } - it 'raises an error' do + it "raises an error" do expect { client.get_token({}) }.to raise_error(OAuth2::Error) end end end - context 'when access token instance responds to response=' do + context "when access token instance responds to response=" do let(:options) { {access_token_class: CustomAccessToken, raise_errors: false} } - it 'sets response' do + it "sets response" do expect(client.get_token({}).response).to be_a(OAuth2::Response) end end - context 'when request has a block' do + context "when request has a block" do subject(:request) do client.get_token({}) do |req| - raise 'Block is executing' + raise "Block is executing" end end let(:options) { {access_token_class: CustomAccessToken, raise_errors: false} } - it 'sets response' do - block_is_expected.to raise_error('Block is executing') + it "sets response" do + block_is_expected.to raise_error("Block is executing") end end end - describe 'abnormal custom access_token_class option' do - let(:payload) { {'custom_token' => 'the-token'} } - let(:content_type) { 'application/json' } + describe "abnormal custom access_token_class option" do + let(:payload) { {"custom_token" => "the-token"} } + let(:content_type) { "application/json" } let(:client) do stubbed_client(options) do |stub| - stub.post('/oauth/token') do - [200, {'Content-Type' => content_type}, JSON.dump(payload)] + stub.post("/oauth/token") do + [200, {"Content-Type" => content_type}, JSON.dump(payload)] end end end @@ -796,31 +793,31 @@ def initialize(client, hash) end def self.from_hash(client, hash) - new(client, hash.delete('custom_token')) + new(client, hash.delete("custom_token")) end def self.contains_token?(hash) - hash.key?('custom_token') + hash.key?("custom_token") end end - stub_const('StrangeAccessToken', custom_class) + stub_const("StrangeAccessToken", custom_class) end - context 'when the :raise_errors flag is set to true' do + context "when the :raise_errors flag is set to true" do let(:options) { {access_token_class: StrangeAccessToken, raise_errors: true} } let(:payload) { {} } - it 'raises an error' do + it "raises an error" do expect { client.get_token({}) }.to raise_error(OAuth2::Error) end end - context 'when access token instance does not responds to response=' do + context "when access token instance does not responds to response=" do let(:options) { {access_token_class: StrangeAccessToken} } - let(:payload) { {'custom_token' => 'the-token'} } + let(:payload) { {"custom_token" => "the-token"} } - it 'sets response' do + it "sets response" do token_access = client.get_token({}) expect(token_access).to be_a(StrangeAccessToken) expect(token_access).not_to respond_to(:response=) @@ -828,58 +825,58 @@ def self.contains_token?(hash) end end - context 'when request has a block' do + context "when request has a block" do subject(:request) do client.get_token({}) do |req| - raise 'Block is executing' + raise "Block is executing" end end let(:options) { {access_token_class: StrangeAccessToken} } - it 'sets response' do - block_is_expected.to raise_error('Block is executing') + it "sets response" do + block_is_expected.to raise_error("Block is executing") end end end - describe 'with extract_access_token option' do + describe "with extract_access_token option" do let(:client) do stubbed_client(extract_access_token: extract_access_token) do |stub| - stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, JSON.dump('data' => {'access_token' => 'the-token'})] + stub.post("/oauth/token") do + [200, {"Content-Type" => "application/json"}, JSON.dump("data" => {"access_token" => "the-token"})] end end end let(:extract_access_token) do proc do |client, hash| - token = hash['data']['access_token'] + token = hash["data"]["access_token"] OAuth2::AccessToken.new(client, token, hash) end end - it 'returns a configured AccessToken' do + it "returns a configured AccessToken" do token = client.get_token({}) expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq('the-token') + expect(token.token).to eq("the-token") end - context 'with deprecation' do + context "with deprecation" do subject(:printed) do capture(:stderr) do client.get_token({}) end end - it 'warns on STDERR' do + it "warns on STDERR" do msg = <<-MSG.lstrip OAuth2::Client#initialize argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class`. MSG expect(printed).to eq(msg) end - context 'on request' do + context "on request" do subject(:printed) do capture(:stderr) do client.get_token({}, {}, extract_access_token) @@ -888,13 +885,13 @@ def self.contains_token?(hash) let(:client) do stubbed_client do |stub| - stub.post('/oauth/token') do - [200, {'Content-Type' => 'application/json'}, JSON.dump('data' => {'access_token' => 'the-token'})] + stub.post("/oauth/token") do + [200, {"Content-Type" => "application/json"}, JSON.dump("data" => {"access_token" => "the-token"})] end end end - it 'warns on STDERR' do + it "warns on STDERR" do msg = <<-MSG.lstrip OAuth2::Client#get_token argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class` on #initialize. MSG @@ -904,73 +901,73 @@ def self.contains_token?(hash) end end - it 'forwards given token parameters' do + it "forwards given token parameters" do client = stubbed_client(auth_scheme: :request_body) do |stub| - stub.post('/oauth/token', 'arbitrary' => 'parameter', 'client_id' => 'abc', 'client_secret' => 'def') do |_env| - [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + stub.post("/oauth/token", "arbitrary" => "parameter", "client_id" => "abc", "client_secret" => "def") do |_env| + [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] end end - client.get_token({'arbitrary' => 'parameter'}) # rubocop:disable Style/BracesAroundHashParameters + client.get_token({"arbitrary" => "parameter"}) # rubocop:disable Style/BracesAroundHashParameters end - context 'when token_method is set to post_with_query_string' do - it 'uses the http post method and passes parameters in the query string' do + context "when token_method is set to post_with_query_string" do + it "uses the http post method and passes parameters in the query string" do client = stubbed_client(token_method: :post_with_query_string) do |stub| - stub.post('/oauth/token?state=abc123') do |_env| - [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')] + stub.post("/oauth/token?state=abc123") do |_env| + [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] end end - client.get_token({'state' => 'abc123'}) # rubocop:disable Style/BracesAroundHashParameters + client.get_token({"state" => "abc123"}) # rubocop:disable Style/BracesAroundHashParameters end end def stubbed_client(params = {}, &stubs) - params = {site: 'https://api.example.com/'}.merge(params) - OAuth2::Client.new('abc', 'def', params) do |builder| + params = {site: "https://api.example.com/"}.merge(params) + OAuth2::Client.new("abc", "def", params) do |builder| builder.adapter :test, &stubs end end end - it 'instantiates an HTTP Method with this client' do - expect(subject.http_method).to be_kind_of(Symbol) + it "instantiates an HTTP Method with this client" do + expect(subject.http_method).to be_a(Symbol) end - it 'instantiates an AuthCode strategy with this client' do - expect(subject.auth_code).to be_kind_of(OAuth2::Strategy::AuthCode) + it "instantiates an AuthCode strategy with this client" do + expect(subject.auth_code).to be_a(OAuth2::Strategy::AuthCode) end - it 'instantiates an Implicit strategy with this client' do - expect(subject.implicit).to be_kind_of(OAuth2::Strategy::Implicit) + it "instantiates an Implicit strategy with this client" do + expect(subject.implicit).to be_a(OAuth2::Strategy::Implicit) end - context 'with SSL options' do + context "with SSL options" do subject do - cli = described_class.new('abc', 'def', site: 'https://api.example.com/', ssl: {ca_file: 'foo.pem'}) + cli = described_class.new("abc", "def", site: "https://api.example.com/", ssl: {ca_file: "foo.pem"}) cli.connection = Faraday.new(cli.site, cli.options[:connection_opts]) do |b| b.adapter :test end cli end - it 'passes the SSL options along to Faraday::Connection#ssl' do - expect(subject.connection.ssl.fetch(:ca_file)).to eq('foo.pem') + it "passes the SSL options along to Faraday::Connection#ssl" do + expect(subject.connection.ssl.fetch(:ca_file)).to eq("foo.pem") end end - context 'without a connection-configuration block' do + context "without a connection-configuration block" do subject do - described_class.new('abc', 'def', site: 'https://api.example.com/') + described_class.new("abc", "def", site: "https://api.example.com/") end - it 'applies default faraday middleware to the connection' do + it "applies default faraday middleware to the connection" do expect(subject.connection.builder.handlers).to include(Faraday::Request::UrlEncoded) end end - describe '#inspect' do - it 'filters out the @secret value' do - expect(subject.inspect).to include('@secret=[FILTERED]') + describe "#inspect" do + it "filters out the @secret value" do + expect(subject.inspect).to include("@secret=[FILTERED]") end end end diff --git a/spec/oauth2/error_spec.rb b/spec/oauth2/error_spec.rb index fb1ed492..f006b163 100644 --- a/spec/oauth2/error_spec.rb +++ b/spec/oauth2/error_spec.rb @@ -1,4 +1,4 @@ -# encoding: UTF-8 +# encoding: utf-8 # frozen_string_literal: true class StirredHash < Hash @@ -14,7 +14,7 @@ class XmledString < String � Cool � XmledString -'.freeze +' def to_str XML end @@ -27,119 +27,119 @@ def to_str raw_response = Faraday::Response.new( status: 418, response_headers: response_headers, - body: response_body + body: response_body, ) OAuth2::Response.new(raw_response) end - let(:response_headers) { {'Content-Type' => 'application/json'} } - let(:response_body) { {text: 'Coffee brewing failed'}.to_json } + let(:response_headers) { {"Content-Type" => "application/json"} } + let(:response_body) { {text: "Coffee brewing failed"}.to_json } - it 'sets the response object to #response on self' do + it "sets the response object to #response on self" do error = described_class.new(response) expect(error.response).to equal(response) end - describe 'attr_readers' do - it 'has code' do + describe "attr_readers" do + it "has code" do expect(subject).to respond_to(:code) end - it 'has description' do + it "has description" do expect(subject).to respond_to(:description) end - it 'has response' do + it "has response" do expect(subject).to respond_to(:response) end end - context 'when the response is parsed' do + context "when the response is parsed" do let(:response_body) { response_hash.to_json } - let(:response_hash) { {text: 'Coffee brewing failed'} } + let(:response_hash) { {text: "Coffee brewing failed"} } - context 'when the response has an error and error_description' do + context "when the response has an error and error_description" do before do - response_hash['error_description'] = 'Short and stout' - response_hash['error'] = 'i_am_a_teapot' + response_hash["error_description"] = "Short and stout" + response_hash["error"] = "i_am_a_teapot" end - it 'sets the code attribute' do - expect(subject.code).to eq('i_am_a_teapot') + it "sets the code attribute" do + expect(subject.code).to eq("i_am_a_teapot") end - it 'sets the description attribute' do - expect(subject.description).to eq('Short and stout') + it "sets the description attribute" do + expect(subject.description).to eq("Short and stout") end - it 'prepends to the error message with a return character' do + it "prepends to the error message with a return character" do expect(subject.message.each_line.to_a).to eq( [ "i_am_a_teapot: Short and stout\n", '{"text":"Coffee brewing failed","error_description":"Short and stout","error":"i_am_a_teapot"}', - ] + ], ) end - context 'when the response needs to be encoded' do - let(:response_body) { JSON.dump(response_hash).force_encoding('ASCII-8BIT') } + context "when the response needs to be encoded" do + let(:response_body) { JSON.dump(response_hash).force_encoding("ASCII-8BIT") } - context 'with invalid characters present' do + context "with invalid characters present" do before do - response_body.gsub!('stout', "\255 invalid \255") + response_body.gsub!("stout", "\255 invalid \255") end - it 'replaces them' do + it "replaces them" do # The skip can be removed once support for < 2.1 is dropped. - encoding = {reason: 'encode/scrub only works as of Ruby 2.1'} - skip_for(encoding.merge(engine: 'jruby')) + encoding = {reason: "encode/scrub only works as of Ruby 2.1"} + skip_for(encoding.merge(engine: "jruby")) # See https://bibwild.wordpress.com/2013/03/12/removing-illegal-bytes-for-encoding-in-ruby-1-9-strings/ - raise 'Invalid characters not replaced' unless subject.message.include?('� invalid �') + raise "Invalid characters not replaced" unless subject.message.include?("� invalid �") # This will fail if {:invalid => replace} is not passed into `encode` end end - context 'with undefined characters present' do + context "with undefined characters present" do before do - response_hash['error_description'] += ": 'A magical voyage of tea 🍵'" + response_hash["error_description"] += ": 'A magical voyage of tea 🍵'" end - it 'replaces them' do - raise 'Undefined characters not replaced' unless subject.message.include?('tea �') + it "replaces them" do + raise "Undefined characters not replaced" unless subject.message.include?("tea �") # This will fail if {:undef => replace} is not passed into `encode` end end end - context 'when the response is not an encodable thing' do - let(:response_headers) { {'Content-Type' => 'who knows'} } - let(:response_body) { {text: 'Coffee brewing failed'} } + context "when the response is not an encodable thing" do + let(:response_headers) { {"Content-Type" => "who knows"} } + let(:response_body) { {text: "Coffee brewing failed"} } before do expect(response_body).not_to respond_to(:encode) # i.e. a Ruby hash end - it 'does not try to encode the message string' do + it "does not try to encode the message string" do expect(subject.message).to eq(response_body.to_s) end end - context 'when using :json parser with non-encodable data' do - let(:response_headers) { {'Content-Type' => 'application/hal+json'} } + context "when using :json parser with non-encodable data" do + let(:response_headers) { {"Content-Type" => "application/hal+json"} } let(:response_body) do - StirredHash.new( + StirredHash[ "_links": { - "self": {"href": '/orders/523'}, - "warehouse": {"href": '/warehouse/56'}, - "invoice": {"href": '/invoices/873'}, + "self": {"href": "/orders/523"}, + "warehouse": {"href": "/warehouse/56"}, + "invoice": {"href": "/invoices/873"}, }, - "currency": 'USD', - "status": 'shipped', - "total": 10.20 - ) + "currency": "USD", + "status": "shipped", + "total": 10.20, + ] end before do @@ -147,13 +147,13 @@ def to_str expect(response_body).to respond_to(:to_str) end - it 'does not force encode the message' do + it "does not force encode the message" do expect(subject.message).to eq('{"hello":"� Cool � StirredHash"}') end end - context 'when using :xml parser' do - let(:response_headers) { {'Content-Type' => 'text/xml'} } + context "when using :xml parser" do + let(:response_headers) { {"Content-Type" => "text/xml"} } let(:response_body) do XmledString.new(XmledString::XML) end @@ -162,482 +162,492 @@ def to_str expect(response_body).to respond_to(:to_str) end - it 'parses the XML' do + it "parses the XML" do expect(subject.message).to eq(XmledString::XML) end end - context 'when using :xml parser with non-String-like thing' do - let(:response_headers) { {'Content-Type' => 'text/xml'} } + context "when using :xml parser with non-String-like thing" do + let(:response_headers) { {"Content-Type" => "text/xml"} } let(:response_body) { {hello: :world} } before do expect(response_body).not_to respond_to(:to_str) end - it 'just returns the thing if it can' do - expect(subject.message).to eq('{:hello=>:world}') + it "just returns the thing if it can" do + expect(subject.message).to eq({:hello=>:world}.to_s) end end end - it 'sets the code attribute to nil' do + it "sets the code attribute to nil" do expect(subject.code).to be_nil end - it 'sets the description attribute' do + it "sets the description attribute" do expect(subject.description).to be_nil end - context 'when there is no error description' do + context "when there is no error description" do before do - expect(response_hash).not_to have_key('error') - expect(response_hash).not_to have_key('error_description') + expect(response_hash).not_to have_key("error") + expect(response_hash).not_to have_key("error_description") end - it 'does not prepend anything to the message' do + it "does not prepend anything to the message" do expect(subject.message.lines.count).to eq(1) expect(subject.message).to eq '{"text":"Coffee brewing failed"}' end - it 'does not set code' do + it "does not set code" do expect(subject.code).to be_nil end - it 'does not set description' do + it "does not set description" do expect(subject.description).to be_nil end end - context 'when there is code (error)' do + context "when there is code (error)" do before do - response_hash['error_description'] = 'Short and stout' - response_hash['error'] = 'i_am_a_teapot' - response_hash['status'] = '418' + response_hash["error_description"] = "Short and stout" + response_hash["error"] = "i_am_a_teapot" + response_hash["status"] = "418" end - it 'prepends to the error message with a return character' do + it "prepends to the error message with a return character" do expect(subject.message.each_line.to_a).to eq( [ "i_am_a_teapot: Short and stout\n", { - "text": 'Coffee brewing failed', - "error_description": 'Short and stout', - "error": 'i_am_a_teapot', - "status": '418', + "text": "Coffee brewing failed", + "error_description": "Short and stout", + "error": "i_am_a_teapot", + "status": "418", }.to_json, - ] + ], ) end - context 'when the response needs to be encoded' do - let(:response_body) { JSON.dump(response_hash).force_encoding('ASCII-8BIT') } + context "when the response needs to be encoded" do + let(:response_body) { JSON.dump(response_hash).force_encoding("ASCII-8BIT") } - context 'with invalid characters present' do + context "with invalid characters present" do before do - response_body.gsub!('stout', "\255 invalid \255") + response_body.gsub!("stout", "\255 invalid \255") end - it 'replaces them' do + it "replaces them" do # The skip can be removed once support for < 2.1 is dropped. - encoding = {reason: 'encode/scrub only works as of Ruby 2.1'} - skip_for(encoding.merge(engine: 'jruby')) + encoding = {reason: "encode/scrub only works as of Ruby 2.1"} + skip_for(encoding.merge(engine: "jruby")) # See https://bibwild.wordpress.com/2013/03/12/removing-illegal-bytes-for-encoding-in-ruby-1-9-strings/ - raise 'Invalid characters not replaced' unless subject.message.include?('� invalid �') + raise "Invalid characters not replaced" unless subject.message.include?("� invalid �") # This will fail if {:invalid => replace} is not passed into `encode` end end - context 'with undefined characters present' do + context "with undefined characters present" do before do - response_hash['error_description'] += ": 'A magical voyage of tea 🍵'" + response_hash["error_description"] += ": 'A magical voyage of tea 🍵'" end - it 'replaces them' do - raise 'Undefined characters not replaced' unless subject.message.include?('tea �') + it "replaces them" do + raise "Undefined characters not replaced" unless subject.message.include?("tea �") # This will fail if {:undef => replace} is not passed into `encode` end end end - context 'when the response is not an encodable thing' do - let(:response_headers) { {'Content-Type' => 'who knows'} } - let(:response_body) { {text: 'Coffee brewing failed'} } + context "when the response is not an encodable thing" do + let(:response_headers) { {"Content-Type" => "who knows"} } + let(:response_body) { {text: "Coffee brewing failed"} } before do expect(response_body).not_to respond_to(:encode) # i.e. a Ruby hash end - it 'does not try to encode the message string' do + it "does not try to encode the message string" do expect(subject.message).to eq(response_body.to_s) end end - it 'sets the code attribute' do - expect(subject.code).to eq('i_am_a_teapot') + it "sets the code attribute" do + expect(subject.code).to eq("i_am_a_teapot") end - it 'sets the description attribute' do - expect(subject.description).to eq('Short and stout') + it "sets the description attribute" do + expect(subject.description).to eq("Short and stout") end end - context 'when there is code (error) but no error_description' do + context "when there is code (error) but no error_description" do before do - response_hash.delete('error_description') - response_hash['error'] = 'i_am_a_teapot' - response_hash['status'] = '418' + response_hash.delete("error_description") + response_hash["error"] = "i_am_a_teapot" + response_hash["status"] = "418" end - it 'prepends to the error message with a return character' do + it "prepends to the error message with a return character" do expect(subject.message.each_line.to_a).to eq( [ "i_am_a_teapot: \n", { - "text": 'Coffee brewing failed', - "error": 'i_am_a_teapot', - "status": '418', + "text": "Coffee brewing failed", + "error": "i_am_a_teapot", + "status": "418", }.to_json, - ] + ], ) end - context 'when the response needs to be encoded' do - let(:response_body) { JSON.dump(response_hash).force_encoding('ASCII-8BIT') } + context "when the response needs to be encoded" do + let(:response_body) { JSON.dump(response_hash).force_encoding("ASCII-8BIT") } - context 'with invalid characters present' do + context "with invalid characters present" do before do - response_body.gsub!('brewing', "\255 invalid \255") + response_body.gsub!("brewing", "\255 invalid \255") end - it 'replaces them' do + it "replaces them" do # The skip can be removed once support for < 2.1 is dropped. - encoding = {reason: 'encode/scrub only works as of Ruby 2.1'} - skip_for(encoding.merge(engine: 'jruby')) + encoding = {reason: "encode/scrub only works as of Ruby 2.1"} + skip_for(encoding.merge(engine: "jruby")) # See https://bibwild.wordpress.com/2013/03/12/removing-illegal-bytes-for-encoding-in-ruby-1-9-strings/ - raise 'Invalid characters not replaced' unless subject.message.include?('� invalid �') + raise "Invalid characters not replaced" unless subject.message.include?("� invalid �") # This will fail if {:invalid => replace} is not passed into `encode` end end end - context 'when the response is not an encodable thing' do - let(:response_headers) { {'Content-Type' => 'who knows'} } - let(:response_body) { {text: 'Coffee brewing failed'} } + context "when the response is not an encodable thing" do + let(:response_headers) { {"Content-Type" => "who knows"} } + let(:response_body) { {text: "Coffee brewing failed"} } before do expect(response_body).not_to respond_to(:encode) # i.e. a Ruby hash end - it 'does not try to encode the message string' do + it "does not try to encode the message string" do expect(subject.message).to eq(response_body.to_s) end end - it 'sets the code attribute from error' do - expect(subject.code).to eq('i_am_a_teapot') + it "sets the code attribute from error" do + expect(subject.code).to eq("i_am_a_teapot") end - it 'does not set the description attribute' do + it "does not set the description attribute" do expect(subject.description).to be_nil end end - context 'when there is error_description but no code (error)' do + context "when there is error_description but no code (error)" do before do - response_hash['error_description'] = 'Short and stout' - response_hash.delete('error') + response_hash["error_description"] = "Short and stout" + response_hash.delete("error") end - it 'prepends to the error message with a return character' do + it "prepends to the error message with a return character" do expect(subject.message.each_line.to_a).to eq( [ "Short and stout\n", { - "text": 'Coffee brewing failed', - "error_description": 'Short and stout', + "text": "Coffee brewing failed", + "error_description": "Short and stout", }.to_json, - ] + ], ) end - context 'when the response needs to be encoded' do - let(:response_body) { JSON.dump(response_hash).force_encoding('ASCII-8BIT') } + context "when the response needs to be encoded" do + let(:response_body) { JSON.dump(response_hash).force_encoding("ASCII-8BIT") } - context 'with invalid characters present' do + context "with invalid characters present" do before do - response_body.gsub!('stout', "\255 invalid \255") + response_body.gsub!("stout", "\255 invalid \255") end - it 'replaces them' do + it "replaces them" do # The skip can be removed once support for < 2.1 is dropped. - encoding = {reason: 'encode/scrub only works as of Ruby 2.1'} - skip_for(encoding.merge(engine: 'jruby')) + encoding = {reason: "encode/scrub only works as of Ruby 2.1"} + skip_for(encoding.merge(engine: "jruby")) # See https://bibwild.wordpress.com/2013/03/12/removing-illegal-bytes-for-encoding-in-ruby-1-9-strings/ - raise 'Invalid characters not replaced' unless subject.message.include?('� invalid �') + raise "Invalid characters not replaced" unless subject.message.include?("� invalid �") # This will fail if {:invalid => replace} is not passed into `encode` end end - context 'with undefined characters present' do + context "with undefined characters present" do before do - response_hash['error_description'] += ": 'A magical voyage of tea 🍵'" + response_hash["error_description"] += ": 'A magical voyage of tea 🍵'" end - it 'replaces them' do - raise 'Undefined characters not replaced' unless subject.message.include?('tea �') + it "replaces them" do + raise "Undefined characters not replaced" unless subject.message.include?("tea �") # This will fail if {:undef => replace} is not passed into `encode` end end end - context 'when the response is not an encodable thing' do - let(:response_headers) { {'Content-Type' => 'who knows'} } - let(:response_body) { {text: 'Coffee brewing failed'} } + context "when the response is not an encodable thing" do + let(:response_headers) { {"Content-Type" => "who knows"} } + let(:response_body) { {text: "Coffee brewing failed"} } before do expect(response_body).not_to respond_to(:encode) # i.e. a Ruby hash end - it 'does not try to encode the message string' do + it "does not try to encode the message string" do expect(subject.message).to eq(response_body.to_s) end end - it 'sets the code attribute' do + it "sets the code attribute" do expect(subject.code).to be_nil end - it 'sets the description attribute' do - expect(subject.description).to eq('Short and stout') + it "sets the description attribute" do + expect(subject.description).to eq("Short and stout") end end end - context 'when the response is simple hash, not parsed' do + context "when the response is simple hash, not parsed" do subject { described_class.new(response_hash) } - let(:response_hash) { {text: 'Coffee brewing failed'} } + let(:response_hash) { {text: "Coffee brewing failed"} } - it 'sets the code attribute to nil' do + it "sets the code attribute to nil" do expect(subject.code).to be_nil end - it 'sets the description attribute' do + it "sets the description attribute" do expect(subject.description).to be_nil end - context 'when the response has an error and error_description' do + context "when the response has an error and error_description" do before do - response_hash['error_description'] = 'Short and stout' - response_hash['error'] = 'i_am_a_teapot' + response_hash["error_description"] = "Short and stout" + response_hash["error"] = "i_am_a_teapot" end - it 'sets the code attribute' do - expect(subject.code).to eq('i_am_a_teapot') + it "sets the code attribute" do + expect(subject.code).to eq("i_am_a_teapot") end - it 'sets the description attribute' do - expect(subject.description).to eq('Short and stout') + it "sets the description attribute" do + expect(subject.description).to eq("Short and stout") end - it 'prepends to the error message with a return character' do + it "prepends to the error message with a return character" do expect(subject.message.each_line.to_a).to eq( [ "i_am_a_teapot: Short and stout\n", - '{:text=>"Coffee brewing failed", "error_description"=>"Short and stout", "error"=>"i_am_a_teapot"}', - ] + {:text=>"Coffee brewing failed", "error_description"=>"Short and stout", "error"=>"i_am_a_teapot"}.to_s, + ], ) end - context 'when using :xml parser with non-String-like thing' do - let(:response_headers) { {'Content-Type' => 'text/xml'} } + context "when using :xml parser with non-String-like thing" do + let(:response_headers) { {"Content-Type" => "text/xml"} } let(:response_hash) { {hello: :world} } before do expect(response_hash).not_to respond_to(:to_str) end - it 'just returns whatever it can' do - expect(subject.message).to eq("i_am_a_teapot: Short and stout\n{:hello=>:world, \"error_description\"=>\"Short and stout\", \"error\"=>\"i_am_a_teapot\"}") + it "just returns whatever it can" do + expect(subject.message.each_line.to_a).to eq( + [ + "i_am_a_teapot: Short and stout\n", + {:hello=>:world, "error_description"=>"Short and stout", "error"=>"i_am_a_teapot"}.to_s + ] + ) end end end - context 'when using :xml parser with non-String-like thing' do - let(:response_headers) { {'Content-Type' => 'text/xml'} } + context "when using :xml parser with non-String-like thing" do + let(:response_headers) { {"Content-Type" => "text/xml"} } let(:response_hash) { {hello: :world} } before do expect(response_hash).not_to respond_to(:to_str) end - it 'just returns the thing if it can' do - expect(subject.message).to eq('{:hello=>:world}') + it "just returns the thing if it can" do + expect(subject.message).to eq({:hello=>:world}.to_s) end end - context 'when there is no error description' do + context "when there is no error description" do before do - expect(response_hash).not_to have_key('error') - expect(response_hash).not_to have_key('error_description') + expect(response_hash).not_to have_key("error") + expect(response_hash).not_to have_key("error_description") end - it 'does not prepend anything to the message' do + it "does not prepend anything to the message" do expect(subject.message.lines.count).to eq(1) - expect(subject.message).to eq '{:text=>"Coffee brewing failed"}' + expect(subject.message).to eq({:text=>"Coffee brewing failed"}.to_s) end - it 'does not set code' do + it "does not set code" do expect(subject.code).to be_nil end - it 'does not set description' do + it "does not set description" do expect(subject.description).to be_nil end end - context 'when there is code (error)' do + context "when there is code (error)" do before do - response_hash['error_description'] = 'Short and stout' - response_hash['error'] = 'i_am_a_teapot' - response_hash['status'] = '418' + response_hash["error_description"] = "Short and stout" + response_hash["error"] = "i_am_a_teapot" + response_hash["status"] = "418" end - it 'prepends to the error message with a return character' do + it "prepends to the error message with a return character" do expect(subject.message.each_line.to_a).to eq( [ "i_am_a_teapot: Short and stout\n", - '{:text=>"Coffee brewing failed", "error_description"=>"Short and stout", "error"=>"i_am_a_teapot", "status"=>"418"}', - ] + {:text=>"Coffee brewing failed", "error_description"=>"Short and stout", "error"=>"i_am_a_teapot", "status"=>"418"}.to_s, + ], ) end - it 'sets the code attribute' do - expect(subject.code).to eq('i_am_a_teapot') + it "sets the code attribute" do + expect(subject.code).to eq("i_am_a_teapot") end - it 'sets the description attribute' do - expect(subject.description).to eq('Short and stout') + it "sets the description attribute" do + expect(subject.description).to eq("Short and stout") end end - context 'when there is code (error) but no error_description' do + context "when there is code (error) but no error_description" do before do - response_hash.delete('error_description') - response_hash['error'] = 'i_am_a_teapot' - response_hash['status'] = '418' + response_hash.delete("error_description") + response_hash["error"] = "i_am_a_teapot" + response_hash["status"] = "418" end - it 'sets the code attribute from error' do - expect(subject.code).to eq('i_am_a_teapot') + it "sets the code attribute from error" do + expect(subject.code).to eq("i_am_a_teapot") end - it 'does not set the description attribute' do + it "does not set the description attribute" do expect(subject.description).to be_nil end - it 'prepends to the error message with a return character' do + it "prepends to the error message with a return character" do expect(subject.message.each_line.to_a).to eq( [ "i_am_a_teapot: \n", - '{:text=>"Coffee brewing failed", "error"=>"i_am_a_teapot", "status"=>"418"}', - ] + {:text=>"Coffee brewing failed", "error"=>"i_am_a_teapot", "status"=>"418"}.to_s, + ], ) end end - context 'when there is error_description but no code (error)' do + context "when there is error_description but no code (error)" do before do - response_hash['error_description'] = 'Short and stout' - response_hash.delete('error') + response_hash["error_description"] = "Short and stout" + response_hash.delete("error") end - it 'prepends to the error message with a return character' do + it "prepends to the error message with a return character" do expect(subject.message.each_line.to_a).to eq( [ "Short and stout\n", - '{:text=>"Coffee brewing failed", "error_description"=>"Short and stout"}', - ] + {:text=>"Coffee brewing failed", "error_description"=>"Short and stout"}.to_s, + ], ) end - context 'when the response is not an encodable thing' do - let(:response_headers) { {'Content-Type' => 'who knows'} } - let(:response_hash) { {text: 'Coffee brewing failed'} } + context "when the response is not an encodable thing" do + let(:response_headers) { {"Content-Type" => "who knows"} } + let(:response_hash) { {text: "Coffee brewing failed"} } before do expect(response_hash).not_to respond_to(:encode) # i.e. a Ruby hash end - it 'does not try to encode the message string' do - expect(subject.message).to eq("Short and stout\n{:text=>\"Coffee brewing failed\", \"error_description\"=>\"Short and stout\"}") + it "does not try to encode the message string" do + expect(subject.message.each_line.to_a).to eq( + [ + "Short and stout\n", + {:text=>"Coffee brewing failed", "error_description"=>"Short and stout"}.to_s + ] + ) end end - it 'sets the code attribute' do + it "sets the code attribute" do expect(subject.code).to be_nil end - it 'sets the description attribute' do - expect(subject.description).to eq('Short and stout') + it "sets the description attribute" do + expect(subject.description).to eq("Short and stout") end end end - context 'when the response is not a hash, not parsed' do + context "when the response is not a hash, not parsed" do subject { described_class.new(response_thing) } - let(:response_thing) { [200, 'Success'] } + let(:response_thing) { [200, "Success"] } - it 'sets the code attribute to nil' do + it "sets the code attribute to nil" do expect(subject.code).to be_nil end - it 'sets the description attribute' do + it "sets the description attribute" do expect(subject.description).to be_nil end - it 'sets the body attribute' do + it "sets the body attribute" do expect(subject.body).to eq(response_thing) end - it 'sets the response attribute' do + it "sets the response attribute" do expect(subject.response).to eq(response_thing) end end - context 'when the response does not parse to a hash' do - let(:response_headers) { {'Content-Type' => 'text/html'} } - let(:response_body) { 'Hello, I am a teapot' } + context "when the response does not parse to a hash" do + let(:response_headers) { {"Content-Type" => "text/html"} } + let(:response_body) { "Hello, I am a teapot" } before do expect(response.parsed).not_to be_a(Hash) end - it 'does not do anything to the message' do + it "does not do anything to the message" do expect(subject.message.lines.count).to eq(1) expect(subject.message).to eq(response_body) end - it 'does not set code' do + it "does not set code" do expect(subject.code).to be_nil end - it 'does not set description' do + it "does not set description" do expect(subject.description).to be_nil end end - describe 'parsing json' do - it 'does not blow up' do + describe "parsing json" do + it "does not blow up" do expect { subject.to_json }.not_to raise_error expect { subject.response.to_json }.not_to raise_error end diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb index 4ceb228f..5a0689f2 100644 --- a/spec/oauth2/response_spec.rb +++ b/spec/oauth2/response_spec.rb @@ -5,201 +5,204 @@ let(:raw_response) { Faraday::Response.new(status: status, response_headers: headers, body: body) } let(:status) { 200 } - let(:headers) { {'foo' => 'bar'} } - let(:body) { 'foo' } + let(:headers) { {"foo" => "bar"} } + let(:body) { "foo" } - describe '#initialize' do - it 'returns the status, headers and body' do + describe "#initialize" do + it "returns the status, headers and body" do expect(subject.headers).to eq(headers) expect(subject.status).to eq(status) expect(subject.body).to eq(body) end end - describe '.register_parser' do + describe ".register_parser" do let(:response) do - double('response', headers: {'Content-Type' => 'application/foo-bar'}, - status: 200, - body: 'baz') + double( + "response", + headers: {"Content-Type" => "application/foo-bar"}, + status: 200, + body: "baz", + ) end before do - described_class.register_parser(:foobar, ['application/foo-bar']) do |body| + described_class.register_parser(:foobar, ["application/foo-bar"]) do |body| "foobar #{body}" end end - it 'adds to the content types and parsers' do + it "adds to the content types and parsers" do expect(described_class.send(:class_variable_get, :@@parsers).keys).to include(:foobar) - expect(described_class.send(:class_variable_get, :@@content_types).keys).to include('application/foo-bar') + expect(described_class.send(:class_variable_get, :@@content_types).keys).to include("application/foo-bar") end - it 'is able to parse that content type automatically' do - expect(described_class.new(response).parsed).to eq('foobar baz') + it "is able to parse that content type automatically" do + expect(described_class.new(response).parsed).to eq("foobar baz") end end - describe '#content_type' do - context 'when headers are blank' do + describe "#content_type" do + context "when headers are blank" do let(:headers) { nil } - it 'returns nil' do + it "returns nil" do expect(subject.content_type).to be_nil end end - context 'when content-type is not present' do - let(:headers) { {'a fuzzy' => 'fuzzer'} } + context "when content-type is not present" do + let(:headers) { {"a fuzzy" => "fuzzer"} } - it 'returns empty string' do - expect(subject.content_type).to eq('') + it "returns empty string" do + expect(subject.content_type).to eq("") end end - context 'when content-type is present' do - let(:headers) { {'Content-Type' => 'application/x-www-form-urlencoded'} } + context "when content-type is present" do + let(:headers) { {"Content-Type" => "application/x-www-form-urlencoded"} } - it 'returns the content type header contents' do - expect(subject.content_type).to eq('application/x-www-form-urlencoded') + it "returns the content type header contents" do + expect(subject.content_type).to eq("application/x-www-form-urlencoded") end end end - describe '#parsed' do + describe "#parsed" do subject(:parsed) do - headers = {'Content-Type' => content_type} - response = double('response', headers: headers, body: body) + headers = {"Content-Type" => content_type} + response = double("response", headers: headers, body: body) instance = described_class.new(response) instance.parsed end - shared_examples_for 'parsing JSON-like' do - it 'has num keys' do + shared_examples_for "parsing JSON-like" do + it "has num keys" do expect(parsed.keys.size).to eq(6) end - it 'parses string' do - expect(parsed['foo']).to eq('bar') - expect(parsed.key('bar')).to eq('foo') + it "parses string" do + expect(parsed["foo"]).to eq("bar") + expect(parsed.key("bar")).to eq("foo") end - it 'parses non-zero number' do - expect(parsed['answer']).to eq(42) - expect(parsed.key(42)).to eq('answer') + it "parses non-zero number" do + expect(parsed["answer"]).to eq(42) + expect(parsed.key(42)).to eq("answer") end - it 'parses nil as NilClass' do - expect(parsed['krill']).to be_nil - expect(parsed.key(nil)).to eq('krill') + it "parses nil as NilClass" do + expect(parsed["krill"]).to be_nil + expect(parsed.key(nil)).to eq("krill") end - it 'parses zero as number' do - expect(parsed['zero']).to eq(0) - expect(parsed.key(0)).to eq('zero') + it "parses zero as number" do + expect(parsed["zero"]).to eq(0) + expect(parsed.key(0)).to eq("zero") end - it 'parses false as FalseClass' do - expect(parsed['malign']).to be(false) - expect(parsed.key(false)).to eq('malign') + it "parses false as FalseClass" do + expect(parsed["malign"]).to be(false) + expect(parsed.key(false)).to eq("malign") end - it 'parses false as TrueClass' do - expect(parsed['shine']).to be(true) - expect(parsed.key(true)).to eq('shine') + it "parses false as TrueClass" do + expect(parsed["shine"]).to be(true) + expect(parsed.key(true)).to eq("shine") end end - context 'when application/json' do - let(:content_type) { 'application/json' } - let(:body) { JSON.dump(foo: 'bar', answer: 42, krill: nil, zero: 0, malign: false, shine: true) } + context "when application/json" do + let(:content_type) { "application/json" } + let(:body) { JSON.dump(foo: "bar", answer: 42, krill: nil, zero: 0, malign: false, shine: true) } - it_behaves_like 'parsing JSON-like' + it_behaves_like "parsing JSON-like" end - context 'when application/Json' do - let(:content_type) { 'application/Json' } - let(:body) { JSON.dump(foo: 'bar', answer: 42, krill: nil, zero: 0, malign: false, shine: true) } + context "when application/Json" do + let(:content_type) { "application/Json" } + let(:body) { JSON.dump(foo: "bar", answer: 42, krill: nil, zero: 0, malign: false, shine: true) } - it_behaves_like 'parsing JSON-like' + it_behaves_like "parsing JSON-like" end - context 'when application/hal+json' do - let(:content_type) { 'application/hal+json' } - let(:body) { JSON.dump(foo: 'bar', answer: 42, krill: nil, zero: 0, malign: false, shine: true) } + context "when application/hal+json" do + let(:content_type) { "application/hal+json" } + let(:body) { JSON.dump(foo: "bar", answer: 42, krill: nil, zero: 0, malign: false, shine: true) } - it_behaves_like 'parsing JSON-like' + it_behaves_like "parsing JSON-like" end - context 'when application/x-www-form-urlencoded' do - let(:content_type) { 'application/x-www-form-urlencoded' } - let(:body) { 'foo=bar&answer=42&krill=&zero=0&malign=false&shine=true' } + context "when application/x-www-form-urlencoded" do + let(:content_type) { "application/x-www-form-urlencoded" } + let(:body) { "foo=bar&answer=42&krill=&zero=0&malign=false&shine=true" } - it 'has num keys' do + it "has num keys" do expect(parsed.keys.size).to eq(6) end - it 'parses string' do - expect(parsed['foo']).to eq('bar') - expect(parsed.key('bar')).to eq('foo') + it "parses string" do + expect(parsed["foo"]).to eq("bar") + expect(parsed.key("bar")).to eq("foo") end - it 'parses non-zero number as string' do - expect(parsed['answer']).to eq('42') - expect(parsed.key('42')).to eq('answer') + it "parses non-zero number as string" do + expect(parsed["answer"]).to eq("42") + expect(parsed.key("42")).to eq("answer") end - it 'parses nil as empty string' do - expect(parsed['krill']).to eq('') - expect(parsed.key('')).to eq('krill') + it "parses nil as empty string" do + expect(parsed["krill"]).to eq("") + expect(parsed.key("")).to eq("krill") end - it 'parses zero as string' do - expect(parsed['zero']).to eq('0') - expect(parsed.key('0')).to eq('zero') + it "parses zero as string" do + expect(parsed["zero"]).to eq("0") + expect(parsed.key("0")).to eq("zero") end - it 'parses false as string' do - expect(parsed['malign']).to eq('false') - expect(parsed.key('false')).to eq('malign') + it "parses false as string" do + expect(parsed["malign"]).to eq("false") + expect(parsed.key("false")).to eq("malign") end - it 'parses true as string' do - expect(parsed['shine']).to eq('true') - expect(parsed.key('true')).to eq('shine') + it "parses true as string" do + expect(parsed["shine"]).to eq("true") + expect(parsed.key("true")).to eq("shine") end end - it 'parses application/vnd.collection+json body' do - headers = {'Content-Type' => 'application/vnd.collection+json'} + it "parses application/vnd.collection+json body" do + headers = {"Content-Type" => "application/vnd.collection+json"} body = JSON.dump(collection: {}) - response = double('response', headers: headers, body: body) + response = double("response", headers: headers, body: body) subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(1) end - it 'parses application/vnd.api+json body' do - headers = {'Content-Type' => 'application/vnd.api+json'} + it "parses application/vnd.api+json body" do + headers = {"Content-Type" => "application/vnd.api+json"} body = JSON.dump(collection: {}) - response = double('response', headers: headers, body: body) + response = double("response", headers: headers, body: body) subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(1) end - it 'parses application/problem+json body' do - headers = {'Content-Type' => 'application/problem+json'} - body = JSON.dump(type: 'https://tools.ietf.org/html/rfc7231#section-6.5.4', title: 'Not Found') - response = double('response', headers: headers, body: body) + it "parses application/problem+json body" do + headers = {"Content-Type" => "application/problem+json"} + body = JSON.dump(type: "https://tools.ietf.org/html/rfc7231#section-6.5.4", title: "Not Found") + response = double("response", headers: headers, body: body) subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(2) - expect(subject.parsed['type']).to eq('https://tools.ietf.org/html/rfc7231#section-6.5.4') - expect(subject.parsed['title']).to eq('Not Found') + expect(subject.parsed["type"]).to eq("https://tools.ietf.org/html/rfc7231#section-6.5.4") + expect(subject.parsed["title"]).to eq("Not Found") end it "doesn't try to parse other content-types" do - headers = {'Content-Type' => 'text/html'} - body = '' + headers = {"Content-Type" => "text/html"} + body = "" - response = double('response', headers: headers, body: body) + response = double("response", headers: headers, body: body) expect(JSON).not_to receive(:parse) expect(Rack::Utils).not_to receive(:parse_query) @@ -209,10 +212,10 @@ end it "doesn't parse bodies which have previously been parsed" do - headers = {'Content-Type' => 'application/json'} - body = {foo: 'bar', answer: 42, krill: nil, zero: 0, malign: false, shine: true} + headers = {"Content-Type" => "application/json"} + body = {foo: "bar", answer: 42, krill: nil, zero: 0, malign: false, shine: true} - response = double('response', headers: headers, body: body) + response = double("response", headers: headers, body: body) expect(JSON).not_to receive(:parse) expect(Rack::Utils).not_to receive(:parse_query) @@ -221,93 +224,93 @@ expect(subject.parsed.keys.size).to eq(6) end - it 'snakecases json keys when parsing' do - headers = {'Content-Type' => 'application/json'} - body = JSON.dump('accessToken' => 'bar', 'MiGever' => 'Ani') - response = double('response', headers: headers, body: body) + it "snakecases json keys when parsing" do + headers = {"Content-Type" => "application/json"} + body = JSON.dump("accessToken" => "bar", "MiGever" => "Ani") + response = double("response", headers: headers, body: body) subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(2) - expect(subject.parsed['access_token']).to eq('bar') - expect(subject.parsed['mi_gever']).to eq('Ani') + expect(subject.parsed["access_token"]).to eq("bar") + expect(subject.parsed["mi_gever"]).to eq("Ani") end - context 'when not snaky' do - it 'does not snakecase json keys when parsing' do - headers = {'Content-Type' => 'application/json'} - body = JSON.dump('accessToken' => 'bar', 'MiGever' => 'Ani') - response = double('response', headers: headers, body: body) + context "when not snaky" do + it "does not snakecase json keys when parsing" do + headers = {"Content-Type" => "application/json"} + body = JSON.dump("accessToken" => "bar", "MiGever" => "Ani") + response = double("response", headers: headers, body: body) subject = described_class.new(response, snaky: false) expect(subject.parsed.keys.size).to eq(2) - expect(subject.parsed['accessToken']).to eq('bar') - expect(subject.parsed['MiGever']).to eq('Ani') - expect(subject.parsed['access_token']).to be_nil - expect(subject.parsed['mi_gever']).to be_nil + expect(subject.parsed["accessToken"]).to eq("bar") + expect(subject.parsed["MiGever"]).to eq("Ani") + expect(subject.parsed["access_token"]).to be_nil + expect(subject.parsed["mi_gever"]).to be_nil end end - it 'supports registered parsers with arity == 0; passing nothing' do + it "supports registered parsers with arity == 0; passing nothing" do described_class.register_parser(:arity_0, []) do - 'a-ok' + "a-ok" end - headers = {'Content-Type' => 'text/html'} - body = '' - response = double('response', headers: headers, body: body) + headers = {"Content-Type" => "text/html"} + body = "" + response = double("response", headers: headers, body: body) subject = described_class.new(response, parse: :arity_0) - expect(subject.parsed).to eq('a-ok') + expect(subject.parsed).to eq("a-ok") end - it 'supports registered parsers with arity == 2; passing body and response' do - headers = {'Content-Type' => 'text/html'} - body = '' - response = double('response', headers: headers, body: body) + it "supports registered parsers with arity == 2; passing body and response" do + headers = {"Content-Type" => "text/html"} + body = "" + response = double("response", headers: headers, body: body) described_class.register_parser(:arity_2, []) do |passed_body, passed_response| expect(passed_body).to eq(body) expect(passed_response).to eq(response) - 'a-ok' + "a-ok" end subject = described_class.new(response, parse: :arity_2) - expect(subject.parsed).to eq('a-ok') + expect(subject.parsed).to eq("a-ok") end - it 'supports registered parsers with arity > 2; passing body and response' do - headers = {'Content-Type' => 'text/html'} - body = '' - response = double('response', headers: headers, body: body) + it "supports registered parsers with arity > 2; passing body and response" do + headers = {"Content-Type" => "text/html"} + body = "" + response = double("response", headers: headers, body: body) described_class.register_parser(:arity_3, []) do |passed_body, passed_response, *args| expect(passed_body).to eq(body) expect(passed_response).to eq(response) expect(args).to eq([]) - 'a-ok' + "a-ok" end subject = described_class.new(response, parse: :arity_3) - expect(subject.parsed).to eq('a-ok') + expect(subject.parsed).to eq("a-ok") end - it 'supports directly passed parsers' do - headers = {'Content-Type' => 'text/html'} - body = '' - response = double('response', headers: headers, body: body) + it "supports directly passed parsers" do + headers = {"Content-Type" => "text/html"} + body = "" + response = double("response", headers: headers, body: body) - subject = described_class.new(response, parse: -> { 'a-ok' }) + subject = described_class.new(response, parse: -> { "a-ok" }) - expect(subject.parsed).to eq('a-ok') + expect(subject.parsed).to eq("a-ok") end - it 'supports no parsing' do - headers = {'Content-Type' => 'text/html'} - body = '' - response = double('response', headers: headers, body: body) + it "supports no parsing" do + headers = {"Content-Type" => "text/html"} + body = "" + response = double("response", headers: headers, body: body) subject = described_class.new(response, parse: false) @@ -315,30 +318,30 @@ end end - context 'with xml parser registration' do - it 'tries to load multi_xml.rb and use it' do + context "with xml parser registration" do + it "tries to load multi_xml.rb and use it" do expect(described_class.send(:class_variable_get, :@@parsers)[:xml]).not_to be_nil end - it 'is able to parse xml' do - headers = {'Content-Type' => 'text/xml'} + it "is able to parse xml" do + headers = {"Content-Type" => "text/xml"} body = 'baz' - response = double('response', headers: headers, body: body) - expect(described_class.new(response).parsed).to eq('foo' => {'bar' => 'baz'}) + response = double("response", headers: headers, body: body) + expect(described_class.new(response).parsed).to eq("foo" => {"bar" => "baz"}) end - it 'is able to parse application/xml' do - headers = {'Content-Type' => 'application/xml'} + it "is able to parse application/xml" do + headers = {"Content-Type" => "application/xml"} body = 'baz' - response = double('response', headers: headers, body: body) - expect(described_class.new(response).parsed).to eq('foo' => {'bar' => 'baz'}) + response = double("response", headers: headers, body: body) + expect(described_class.new(response).parsed).to eq("foo" => {"bar" => "baz"}) end end - describe 'converting to json' do - it 'does not blow up' do + describe "converting to json" do + it "does not blow up" do expect { subject.to_json }.not_to raise_error end end diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index 43e498eb..64498d53 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -1,26 +1,26 @@ # frozen_string_literal: true -require 'openssl' -require 'jwt' +require "openssl" +require "jwt" RSpec.describe OAuth2::Strategy::Assertion do let(:client_assertion) { client.assertion } let(:client) do - cli = OAuth2::Client.new('abc', 'def', site: 'http://api.example.com/', auth_scheme: auth_scheme) + cli = OAuth2::Client.new("abc", "def", site: "http://api.example.com/", auth_scheme: auth_scheme) cli.connection = Faraday.new(cli.site, cli.options[:connection_opts]) do |b| b.request :url_encoded b.adapter :test do |stub| - stub.post('/oauth/token') do |token_request| + stub.post("/oauth/token") do |token_request| @request_body = Rack::Utils.parse_nested_query(token_request.body).transform_keys(&:to_sym) case @response_format - when 'formencoded' - [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, 'expires_in=600&access_token=salmon&refresh_token=trout'] - when 'json' - [200, {'Content-Type' => 'application/json'}, '{"expires_in":600,"access_token":"salmon","refresh_token":"trout"}'] + when "formencoded" + [200, {"Content-Type" => "application/x-www-form-urlencoded"}, "expires_in=600&access_token=salmon&refresh_token=trout"] + when "json" + [200, {"Content-Type" => "application/json"}, '{"expires_in":600,"access_token":"salmon","refresh_token":"trout"}'] else - raise 'Please define @response_format to choose a response content type!' + raise "Please define @response_format to choose a response content type!" end end end @@ -30,33 +30,33 @@ let(:auth_scheme) { :request_body } - describe '#authorize_url' do - it 'raises NotImplementedError' do + describe "#authorize_url" do + it "raises NotImplementedError" do expect { client_assertion.authorize_url }.to raise_error(NotImplementedError) end end - describe '#get_token' do - let(:algorithm) { 'HS256' } - let(:key) { 'arowana' } + describe "#get_token" do + let(:algorithm) { "HS256" } + let(:key) { "arowana" } let(:timestamp) { Time.now.to_i } let(:claims) do { - iss: 'carp@example.com', - scope: 'https://oauth.example.com/auth/flounder', - aud: 'https://sturgeon.example.com/oauth2/token', + iss: "carp@example.com", + scope: "https://oauth.example.com/auth/flounder", + aud: "https://sturgeon.example.com/oauth2/token", exp: timestamp + 3600, iat: timestamp, - sub: '12345', - custom_claim: 'ling cod', + sub: "12345", + custom_claim: "ling cod", } end before do - @response_format = 'json' + @response_format = "json" end - describe 'assembling a JWT assertion' do + describe "assembling a JWT assertion" do let(:jwt) do payload, header = JWT.decode(@request_body[:assertion], key, true, algorithm: algorithm) {payload: payload, header: header} @@ -65,13 +65,13 @@ let(:payload) { jwt[:payload] } let(:header) { jwt[:header] } - shared_examples_for 'encodes the JWT' do - it 'indicates algorithm in the header' do + shared_examples_for "encodes the JWT" do + it "indicates algorithm in the header" do expect(header).not_to be_nil - expect(header['alg']).to eq(algorithm) + expect(header["alg"]).to eq(algorithm) end - it 'has claims' do + it "has claims" do expect(payload).not_to be_nil expect(payload.keys).to match_array(%w[iss scope aud exp iat sub custom_claim]) payload.each do |key, claim| @@ -80,136 +80,136 @@ end end - context 'when encoding as HS256' do - let(:algorithm) { 'HS256' } - let(:key) { 'super_secret!' } + context "when encoding as HS256" do + let(:algorithm) { "HS256" } + let(:key) { "super_secret!" } before do client_assertion.get_token(claims, algorithm: algorithm, key: key) - raise 'No request made!' if @request_body.nil? + raise "No request made!" if @request_body.nil? end - it_behaves_like 'encodes the JWT' + it_behaves_like "encodes the JWT" - context 'with real key' do - let(:key) { '1883be842495c3b58f68ca71fbf1397fbb9ed2fdf8990f8404a25d0a1b995943' } + context "with real key" do + let(:key) { "1883be842495c3b58f68ca71fbf1397fbb9ed2fdf8990f8404a25d0a1b995943" } - it_behaves_like 'encodes the JWT' + it_behaves_like "encodes the JWT" end end - context 'when encoding as RS256' do - let(:algorithm) { 'RS256' } + context "when encoding as RS256" do + let(:algorithm) { "RS256" } let(:key) { OpenSSL::PKey::RSA.new(1024) } before do client_assertion.get_token(claims, algorithm: algorithm, key: key) - raise 'No request made!' if @request_body.nil? + raise "No request made!" if @request_body.nil? end - it_behaves_like 'encodes the JWT' + it_behaves_like "encodes the JWT" - context 'with private key' do - let(:private_key_file) { 'spec/fixtures/RS256/jwtRS256.key' } - let(:password) { '' } + context "with private key" do + let(:private_key_file) { "spec/fixtures/RS256/jwtRS256.key" } + let(:password) { "" } let(:key) { OpenSSL::PKey::RSA.new(File.read(private_key_file), password) } - it_behaves_like 'encodes the JWT' + it_behaves_like "encodes the JWT" end end - context 'with bad encoding params' do + context "with bad encoding params" do let(:encoding_opts) { {algorithm: algorithm, key: key} } - describe 'non-supported algorithms' do - let(:algorithm) { 'the blockchain' } - let(:key) { 'machine learning' } + describe "non-supported algorithms" do + let(:algorithm) { "the blockchain" } + let(:key) { "machine learning" } - it 'raises NotImplementedError' do + it "raises JWT::EncodeError" do # this behavior is handled by the JWT gem, but this should make sure it is consistent - expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(NotImplementedError) + expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(JWT::EncodeError, "Unsupported signing method") end end - describe 'of a wrong object type' do - let(:encoding_opts) { 'the cloud' } + describe "of a wrong object type" do + let(:encoding_opts) { "the cloud" } - it 'raises ArgumentError' do + it "raises ArgumentError" do expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(ArgumentError, /encoding_opts/) end end - describe 'missing encoding_opts[:algorithm]' do + describe "missing encoding_opts[:algorithm]" do before do encoding_opts.delete(:algorithm) end - it 'raises ArgumentError' do + it "raises ArgumentError" do expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(ArgumentError, /encoding_opts/) end end - describe 'missing encoding_opts[:key]' do + describe "missing encoding_opts[:key]" do before do encoding_opts.delete(:key) end - it 'raises ArgumentError' do + it "raises ArgumentError" do expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(ArgumentError, /encoding_opts/) end end end end - describe 'POST request parameters' do - context 'when using :auth_scheme => :request_body' do + describe "POST request parameters" do + context "when using :auth_scheme => :request_body" do let(:auth_scheme) { :request_body } - it 'includes assertion and grant_type, along with the client parameters' do + it "includes assertion and grant_type, along with the client parameters" do client_assertion.get_token(claims, algorithm: algorithm, key: key) expect(@request_body).not_to be_nil expect(@request_body.keys).to match_array(%i[assertion grant_type client_id client_secret]) - expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') + expect(@request_body[:grant_type]).to eq("urn:ietf:params:oauth:grant-type:jwt-bearer") expect(@request_body[:assertion]).to be_a(String) - expect(@request_body[:client_id]).to eq('abc') - expect(@request_body[:client_secret]).to eq('def') + expect(@request_body[:client_id]).to eq("abc") + expect(@request_body[:client_secret]).to eq("def") end - it 'includes other params via request_options' do - client_assertion.get_token(claims, {algorithm: algorithm, key: key}, {scope: 'dover sole'}) + it "includes other params via request_options" do + client_assertion.get_token(claims, {algorithm: algorithm, key: key}, {scope: "dover sole"}) expect(@request_body).not_to be_nil expect(@request_body.keys).to match_array(%i[assertion grant_type scope client_id client_secret]) - expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') + expect(@request_body[:grant_type]).to eq("urn:ietf:params:oauth:grant-type:jwt-bearer") expect(@request_body[:assertion]).to be_a(String) - expect(@request_body[:scope]).to eq('dover sole') - expect(@request_body[:client_id]).to eq('abc') - expect(@request_body[:client_secret]).to eq('def') + expect(@request_body[:scope]).to eq("dover sole") + expect(@request_body[:client_id]).to eq("abc") + expect(@request_body[:client_secret]).to eq("def") end end - context 'when using :auth_scheme => :basic_auth' do + context "when using :auth_scheme => :basic_auth" do let(:auth_scheme) { :basic_auth } - it 'includes assertion and grant_type by default' do + it "includes assertion and grant_type by default" do client_assertion.get_token(claims, algorithm: algorithm, key: key) expect(@request_body).not_to be_nil expect(@request_body.keys).to match_array(%i[assertion grant_type]) - expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') + expect(@request_body[:grant_type]).to eq("urn:ietf:params:oauth:grant-type:jwt-bearer") expect(@request_body[:assertion]).to be_a(String) end - it 'includes other params via request_options' do - client_assertion.get_token(claims, {algorithm: algorithm, key: key}, {scope: 'dover sole'}) + it "includes other params via request_options" do + client_assertion.get_token(claims, {algorithm: algorithm, key: key}, {scope: "dover sole"}) expect(@request_body).not_to be_nil expect(@request_body.keys).to match_array(%i[assertion grant_type scope]) - expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer') + expect(@request_body[:grant_type]).to eq("urn:ietf:params:oauth:grant-type:jwt-bearer") expect(@request_body[:assertion]).to be_a(String) - expect(@request_body[:scope]).to eq('dover sole') + expect(@request_body[:scope]).to eq("dover sole") end end end - describe 'returning the response' do + describe "returning the response" do let(:access_token) { client_assertion.get_token(claims, {algorithm: algorithm, key: key}, {}, response_opts) } let(:response_opts) { {} } @@ -219,42 +219,42 @@ @response_format = mode end - it 'returns an AccessToken' do + it "returns an AccessToken" do expect(access_token).to be_an(OAuth2::AccessToken) end - it 'returns AccessToken with same Client' do + it "returns AccessToken with same Client" do expect(access_token.client).to eq(client) end - it 'returns AccessToken with #token' do - expect(access_token.token).to eq('salmon') + it "returns AccessToken with #token" do + expect(access_token.token).to eq("salmon") end - it 'returns AccessToken with #expires_in' do + it "returns AccessToken with #expires_in" do expect(access_token.expires_in).to eq(600) end - it 'returns AccessToken with #expires_at' do + it "returns AccessToken with #expires_at" do expect(access_token.expires_at).not_to be_nil end - it 'sets AccessToken#refresh_token to nil' do - expect(access_token.refresh_token).to eq('trout') + it "sets AccessToken#refresh_token to nil" do + expect(access_token.refresh_token).to eq("trout") end - context 'with custom response_opts' do - let(:response_opts) { {'custom_token_option' => 'mackerel'} } + context "with custom response_opts" do + let(:response_opts) { {"custom_token_option" => "mackerel"} } - it 'passes them into the token params' do + it "passes them into the token params" do expect(access_token.params).to eq(response_opts) end end - context 'when no custom opts are passed in' do + context "when no custom opts are passed in" do let(:response_opts) { {} } - it 'does not set any params by default' do + it "does not set any params by default" do expect(access_token.params).to eq({}) end end diff --git a/spec/oauth2/strategy/auth_code_spec.rb b/spec/oauth2/strategy/auth_code_spec.rb index e1997b1a..ed3817b4 100644 --- a/spec/oauth2/strategy/auth_code_spec.rb +++ b/spec/oauth2/strategy/auth_code_spec.rb @@ -4,125 +4,125 @@ RSpec.describe OAuth2::Strategy::AuthCode do subject { client.auth_code } - let(:code) { 'sushi' } - let(:kvform_token) { 'expires_in=600&access_token=salmon&refresh_token=trout&extra_param=steve' } - let(:facebook_token) { kvform_token.gsub('_in', '') } - let(:json_token) { JSON.dump(expires_in: 600, access_token: 'salmon', refresh_token: 'trout', extra_param: 'steve') } - let(:redirect_uri) { 'http://example.com/redirect_uri' } - let(:microsoft_token) { 'id_token=i_am_MSFT' } + let(:code) { "sushi" } + let(:kvform_token) { "expires_in=600&access_token=salmon&refresh_token=trout&extra_param=steve" } + let(:facebook_token) { kvform_token.gsub("_in", "") } + let(:json_token) { JSON.dump(expires_in: 600, access_token: "salmon", refresh_token: "trout", extra_param: "steve") } + let(:redirect_uri) { "http://example.com/redirect_uri" } + let(:microsoft_token) { "id_token=i_am_MSFT" } let(:client) do - OAuth2::Client.new('abc', 'def', site: 'http://api.example.com/') do |builder| + OAuth2::Client.new("abc", "def", site: "http://api.example.com/") do |builder| builder.adapter :test do |stub| stub.get("/oauth/token?client_id=abc&code=#{code}&grant_type=authorization_code") do |_env| case @mode - when 'formencoded' - [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, kvform_token] - when 'json' - [200, {'Content-Type' => 'application/json'}, json_token] - when 'from_facebook' - [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, facebook_token] - when 'from_microsoft' - [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, microsoft_token] + when "formencoded" + [200, {"Content-Type" => "application/x-www-form-urlencoded"}, kvform_token] + when "json" + [200, {"Content-Type" => "application/json"}, json_token] + when "from_facebook" + [200, {"Content-Type" => "application/x-www-form-urlencoded"}, facebook_token] + when "from_microsoft" + [200, {"Content-Type" => "application/x-www-form-urlencoded"}, microsoft_token] else raise ArgumentError, "Bad @mode: #{@mode}" end end - stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def', 'code' => 'sushi', 'grant_type' => 'authorization_code') do |_env| + stub.post("/oauth/token", "client_id" => "abc", "client_secret" => "def", "code" => "sushi", "grant_type" => "authorization_code") do |_env| case @mode - when 'formencoded' - [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, kvform_token] - when 'json' - [200, {'Content-Type' => 'application/json'}, json_token] - when 'from_facebook' - [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, facebook_token] + when "formencoded" + [200, {"Content-Type" => "application/x-www-form-urlencoded"}, kvform_token] + when "json" + [200, {"Content-Type" => "application/json"}, json_token] + when "from_facebook" + [200, {"Content-Type" => "application/x-www-form-urlencoded"}, facebook_token] else raise ArgumentError, "Bad @mode: #{@mode}" end end - stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def', 'code' => 'sushi', 'grant_type' => 'authorization_code', 'redirect_uri' => redirect_uri) do |_env| - [200, {'Content-Type' => 'application/json'}, json_token] + stub.post("/oauth/token", "client_id" => "abc", "client_secret" => "def", "code" => "sushi", "grant_type" => "authorization_code", "redirect_uri" => redirect_uri) do |_env| + [200, {"Content-Type" => "application/json"}, json_token] end end end end - describe '#authorize_url' do - it 'includes the client_id' do - expect(subject.authorize_url).to include('client_id=abc') + describe "#authorize_url" do + it "includes the client_id" do + expect(subject.authorize_url).to include("client_id=abc") end - it 'includes the type' do - expect(subject.authorize_url).to include('response_type=code') + it "includes the type" do + expect(subject.authorize_url).to include("response_type=code") end - it 'does not include the client_secret' do - expect(subject.authorize_url).not_to include('client_secret=def') + it "does not include the client_secret" do + expect(subject.authorize_url).not_to include("client_secret=def") end - it 'raises an error if the client_secret is passed in' do - expect { subject.authorize_url(https://github.com/client_secret:%20'def') }.to raise_error(ArgumentError) + it "raises an error if the client_secret is passed in" do + expect { subject.authorize_url(https://github.com/client_secret:%20%22def") }.to raise_error(ArgumentError) end - it 'raises an error if the client_secret is passed in with string keys' do - expect { subject.authorize_url('https://github.com/client_secret'%20=%3E%20'def') }.to raise_error(ArgumentError) + it "raises an error if the client_secret is passed in with string keys" do + expect { subject.authorize_url("https://github.com/client_secret%22%20=%3E%20%22def") }.to raise_error(ArgumentError) end - it 'includes passed in options' do - cb = 'http://myserver.local/oauth/callback' + it "includes passed in options" do + cb = "http://myserver.local/oauth/callback" expect(subject.authorize_url(https://github.com/redirect_uri:%20cb)).to include("redirect_uri=#{CGI.escape(cb)}") end end - describe '#get_token (with dynamic redirect_uri)' do + describe "#get_token (with dynamic redirect_uri)" do before do - @mode = 'json' + @mode = "json" client.options[:token_method] = :post client.options[:auth_scheme] = :request_body client.options[:redirect_uri] = redirect_uri end - it 'does not raise error' do + it "does not raise error" do expect { subject.get_token(code, redirect_uri: redirect_uri) }.not_to raise_error end - it 'gets a token' do + it "gets a token" do access = subject.get_token(code, redirect_uri: redirect_uri) - expect(access.token).to eq('salmon') + expect(access.token).to eq("salmon") end end - describe '#get_token (handling utf-8 data)' do - let(:json_token) { JSON.dump(expires_in: 600, access_token: 'salmon', refresh_token: 'trout', extra_param: 'André') } + describe "#get_token (handling utf-8 data)" do + let(:json_token) { JSON.dump(expires_in: 600, access_token: "salmon", refresh_token: "trout", extra_param: "André") } before do - @mode = 'json' + @mode = "json" client.options[:token_method] = :post client.options[:auth_scheme] = :request_body end - it 'does not raise an error' do + it "does not raise an error" do expect { subject.get_token(code) }.not_to raise_error end - it 'does not create an error instance' do + it "does not create an error instance" do expect(OAuth2::Error).not_to receive(:new) subject.get_token(code) end - it 'can get a token' do + it "can get a token" do access = subject.get_token(code) - expect(access.token).to eq('salmon') + expect(access.token).to eq("salmon") end end - describe '#get_token (from microsoft)' do + describe "#get_token (from microsoft)" do it "doesn't treat an OpenID Connect token with only an id_token (like from Microsoft) as invalid" do - @mode = 'from_microsoft' + @mode = "from_microsoft" client.options[:token_method] = :get client.options[:auth_scheme] = :request_body @access = subject.get_token(code) - expect(@access.token).to eq('i_am_MSFT') + expect(@access.token).to eq("i_am_MSFT") end end @@ -136,28 +136,28 @@ @access = subject.get_token(code) end - it 'returns AccessToken with same Client' do + it "returns AccessToken with same Client" do expect(@access.client).to eq(client) end - it 'returns AccessToken with #token' do - expect(@access.token).to eq('salmon') + it "returns AccessToken with #token" do + expect(@access.token).to eq("salmon") end - it 'returns AccessToken with #refresh_token' do - expect(@access.refresh_token).to eq('trout') + it "returns AccessToken with #refresh_token" do + expect(@access.refresh_token).to eq("trout") end - it 'returns AccessToken with #expires_in' do + it "returns AccessToken with #expires_in" do expect(@access.expires_in).to eq(600) end - it 'returns AccessToken with #expires_at' do - expect(@access.expires_at).to be_kind_of(Integer) + it "returns AccessToken with #expires_at" do + expect(@access.expires_at).to be_a(Integer) end - it 'returns AccessToken with params accessible via []' do - expect(@access['extra_param']).to eq('steve') + it "returns AccessToken with params accessible via []" do + expect(@access["extra_param"]).to eq("steve") end end end diff --git a/spec/oauth2/strategy/base_spec.rb b/spec/oauth2/strategy/base_spec.rb index 33b98389..4d0e4dec 100644 --- a/spec/oauth2/strategy/base_spec.rb +++ b/spec/oauth2/strategy/base_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true RSpec.describe OAuth2::Strategy::Base do - it 'initializes with a Client' do - expect { described_class.new(OAuth2::Client.new('abc', 'def')) }.not_to raise_error + it "initializes with a Client" do + expect { described_class.new(OAuth2::Client.new("abc", "def")) }.not_to raise_error end end diff --git a/spec/oauth2/strategy/client_credentials_spec.rb b/spec/oauth2/strategy/client_credentials_spec.rb index b9480098..e0baad92 100644 --- a/spec/oauth2/strategy/client_credentials_spec.rb +++ b/spec/oauth2/strategy/client_credentials_spec.rb @@ -3,30 +3,30 @@ RSpec.describe OAuth2::Strategy::ClientCredentials do subject { client.client_credentials } - let(:kvform_token) { 'expires_in=600&access_token=salmon&refresh_token=trout' } + let(:kvform_token) { "expires_in=600&access_token=salmon&refresh_token=trout" } let(:json_token) { '{"expires_in":600,"access_token":"salmon","refresh_token":"trout"}' } let(:client) do - OAuth2::Client.new('abc', 'def', site: 'http://api.example.com/') do |builder| + OAuth2::Client.new("abc", "def", site: "http://api.example.com/") do |builder| builder.adapter :test do |stub| - stub.post('/oauth/token', 'grant_type' => 'client_credentials') do |env| - client_id, client_secret = Base64.decode64(env[:request_headers]['Authorization'].split(' ', 2)[1]).split(':', 2) - (client_id == 'abc' && client_secret == 'def') || raise(Faraday::Adapter::Test::Stubs::NotFound) + stub.post("/oauth/token", "grant_type" => "client_credentials") do |env| + client_id, client_secret = Base64.decode64(env[:request_headers]["Authorization"].split(" ", 2)[1]).split(":", 2) + (client_id == "abc" && client_secret == "def") || raise(Faraday::Adapter::Test::Stubs::NotFound) @last_headers = env[:request_headers] case @mode - when 'formencoded' - [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, kvform_token] - when 'json' - [200, {'Content-Type' => 'application/json'}, json_token] + when "formencoded" + [200, {"Content-Type" => "application/x-www-form-urlencoded"}, kvform_token] + when "json" + [200, {"Content-Type" => "application/json"}, json_token] else raise ArgumentError, "Bad @mode: #{@mode}" end end - stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def', 'grant_type' => 'client_credentials') do |_env| + stub.post("/oauth/token", "client_id" => "abc", "client_secret" => "def", "grant_type" => "client_credentials") do |_env| case @mode - when 'formencoded' - [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, kvform_token] - when 'json' - [200, {'Content-Type' => 'application/json'}, json_token] + when "formencoded" + [200, {"Content-Type" => "application/x-www-form-urlencoded"}, kvform_token] + when "json" + [200, {"Content-Type" => "application/json"}, json_token] else raise ArgumentError, "Bad @mode: #{@mode}" end end @@ -34,8 +34,8 @@ end end - describe '#authorize_url' do - it 'raises NotImplementedError' do + describe "#authorize_url" do + it "raises NotImplementedError" do expect { subject.authorize_url }.to raise_error(NotImplementedError) end end @@ -49,49 +49,49 @@ @access = subject.get_token end - it 'returns AccessToken with same Client' do + it "returns AccessToken with same Client" do expect(@access.client).to eq(client) end - it 'returns AccessToken with #token' do - expect(@access.token).to eq('salmon') + it "returns AccessToken with #token" do + expect(@access.token).to eq("salmon") end - it 'returns AccessToken without #refresh_token' do - expect(@access.refresh_token).to eq('trout') + it "returns AccessToken without #refresh_token" do + expect(@access.refresh_token).to eq("trout") end - it 'returns AccessToken with #expires_in' do + it "returns AccessToken with #expires_in" do expect(@access.expires_in).to eq(600) end - it 'returns AccessToken with #expires_at' do + it "returns AccessToken with #expires_at" do expect(@access.expires_at).not_to be_nil end end end end - describe '#get_token (with extra header parameters)' do + describe "#get_token (with extra header parameters)" do before do - @mode = 'json' - @access = subject.get_token(headers: {'X-Extra-Header' => 'wow'}) + @mode = "json" + @access = subject.get_token(headers: {"X-Extra-Header" => "wow"}) end - it 'sends the header correctly.' do - expect(@last_headers['X-Extra-Header']).to eq('wow') + it "sends the header correctly." do + expect(@last_headers["X-Extra-Header"]).to eq("wow") end end - describe '#get_token (with option overriding response)' do + describe "#get_token (with option overriding response)" do before do - @mode = 'json' - @access = subject.get_token({}, {'refresh_token' => 'guppy'}) + @mode = "json" + @access = subject.get_token({}, {"refresh_token" => "guppy"}) end - it 'override is applied' do - expect(@access.token).to eq('salmon') - expect(@access.refresh_token).to eq('guppy') + it "override is applied" do + expect(@access.token).to eq("salmon") + expect(@access.refresh_token).to eq("guppy") end end end diff --git a/spec/oauth2/strategy/implicit_spec.rb b/spec/oauth2/strategy/implicit_spec.rb index 18588fea..b443da48 100644 --- a/spec/oauth2/strategy/implicit_spec.rb +++ b/spec/oauth2/strategy/implicit_spec.rb @@ -3,37 +3,37 @@ RSpec.describe OAuth2::Strategy::Implicit do subject { client.implicit } - let(:client) { OAuth2::Client.new('abc', 'def', site: 'http://api.example.com/') } + let(:client) { OAuth2::Client.new("abc", "def", site: "http://api.example.com/") } - describe '#authorize_url' do - it 'includes the client_id' do - expect(subject.authorize_url).to include('client_id=abc') + describe "#authorize_url" do + it "includes the client_id" do + expect(subject.authorize_url).to include("client_id=abc") end - it 'includes the type' do - expect(subject.authorize_url).to include('response_type=token') + it "includes the type" do + expect(subject.authorize_url).to include("response_type=token") end - it 'does not include the client_secret' do - expect(subject.authorize_url).not_to include('client_secret=def') + it "does not include the client_secret" do + expect(subject.authorize_url).not_to include("client_secret=def") end - it 'raises an error if the client_secret is passed in' do - expect { subject.authorize_url(https://github.com/client_secret:%20'def') }.to raise_error(ArgumentError) + it "raises an error if the client_secret is passed in" do + expect { subject.authorize_url(https://github.com/client_secret:%20%22def") }.to raise_error(ArgumentError) end - it 'raises an error if the client_secret is passed in with string keys' do - expect { subject.authorize_url('https://github.com/client_secret'%20=%3E%20'def') }.to raise_error(ArgumentError) + it "raises an error if the client_secret is passed in with string keys" do + expect { subject.authorize_url("https://github.com/client_secret%22%20=%3E%20%22def") }.to raise_error(ArgumentError) end - it 'includes passed in options' do - cb = 'http://myserver.local/oauth/callback' + it "includes passed in options" do + cb = "http://myserver.local/oauth/callback" expect(subject.authorize_url(https://github.com/redirect_uri:%20cb)).to include("redirect_uri=#{CGI.escape(cb)}") end end - describe '#get_token' do - it 'raises NotImplementedError' do + describe "#get_token" do + it "raises NotImplementedError" do expect { subject.get_token }.to raise_error(NotImplementedError) end end diff --git a/spec/oauth2/strategy/password_spec.rb b/spec/oauth2/strategy/password_spec.rb index 040b6455..b3dbe9e8 100644 --- a/spec/oauth2/strategy/password_spec.rb +++ b/spec/oauth2/strategy/password_spec.rb @@ -4,16 +4,16 @@ subject { client.password } let(:client) do - cli = OAuth2::Client.new('abc', 'def', site: 'http://api.example.com/') + cli = OAuth2::Client.new("abc", "def", site: "http://api.example.com/") cli.connection = Faraday.new(cli.site, cli.options[:connection_opts]) do |b| b.request :url_encoded b.adapter :test do |stub| - stub.post('/oauth/token') do |_env| + stub.post("/oauth/token") do |_env| case @mode - when 'formencoded' - [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, 'expires_in=600&access_token=salmon&refresh_token=trout'] - when 'json' - [200, {'Content-Type' => 'application/json'}, '{"expires_in":600,"access_token":"salmon","refresh_token":"trout"}'] + when "formencoded" + [200, {"Content-Type" => "application/x-www-form-urlencoded"}, "expires_in=600&access_token=salmon&refresh_token=trout"] + when "json" + [200, {"Content-Type" => "application/json"}, '{"expires_in":600,"access_token":"salmon","refresh_token":"trout"}'] else raise ArgumentError, "Bad @mode: #{@mode}" end end @@ -22,8 +22,8 @@ cli end - describe '#authorize_url' do - it 'raises NotImplementedError' do + describe "#authorize_url" do + it "raises NotImplementedError" do expect { subject.authorize_url }.to raise_error(NotImplementedError) end end @@ -32,26 +32,26 @@ describe "#get_token (#{mode})" do before do @mode = mode - @access = subject.get_token('username', 'password') + @access = subject.get_token("username", "password") end - it 'returns AccessToken with same Client' do + it "returns AccessToken with same Client" do expect(@access.client).to eq(client) end - it 'returns AccessToken with #token' do - expect(@access.token).to eq('salmon') + it "returns AccessToken with #token" do + expect(@access.token).to eq("salmon") end - it 'returns AccessToken with #refresh_token' do - expect(@access.refresh_token).to eq('trout') + it "returns AccessToken with #refresh_token" do + expect(@access.refresh_token).to eq("trout") end - it 'returns AccessToken with #expires_in' do + it "returns AccessToken with #expires_in" do expect(@access.expires_in).to eq(600) end - it 'returns AccessToken with #expires_at' do + it "returns AccessToken with #expires_at" do expect(@access.expires_at).not_to be_nil end end diff --git a/spec/oauth2/version_spec.rb b/spec/oauth2/version_spec.rb index 250a3039..1f2edbe1 100644 --- a/spec/oauth2/version_spec.rb +++ b/spec/oauth2/version_spec.rb @@ -1,39 +1,39 @@ # frozen_string_literal: true RSpec.describe OAuth2::Version do - it 'has a version number' do + it "has a version number" do expect(described_class).not_to be_nil end - it 'can be a string' do + it "can be a string" do expect(described_class.to_s).to be_a(String) end - it 'allows Constant access' do + it "allows Constant access" do expect(described_class::VERSION).to be_a(String) end - it 'is greater than 0.1.0' do - expect(Gem::Version.new(described_class) > Gem::Version.new('0.1.0')).to be(true) + it "is greater than 0.1.0" do + expect(Gem::Version.new(described_class) > Gem::Version.new("0.1.0")).to be(true) end - it 'major version is an integer' do + it "major version is an integer" do expect(described_class.major).to be_a(Integer) end - it 'minor version is an integer' do + it "minor version is an integer" do expect(described_class.minor).to be_a(Integer) end - it 'patch version is an integer' do + it "patch version is an integer" do expect(described_class.patch).to be_a(Integer) end - it 'returns a Hash' do + it "returns a Hash" do expect(described_class.to_h.keys).to match_array(%i[major minor patch pre]) end - it 'returns an Array' do + it "returns an Array" do expect(described_class.to_a).to be_a(Array) end end diff --git a/spec/oauth2_spec.rb b/spec/oauth2_spec.rb index 62b824fd..51ed31fc 100644 --- a/spec/oauth2_spec.rb +++ b/spec/oauth2_spec.rb @@ -1,11 +1,11 @@ # frozen_string_literal: true RSpec.describe OAuth2 do - it 'has a default config for silence_extra_tokens_warning' do + it "has a default config for silence_extra_tokens_warning" do expect(described_class.config.silence_extra_tokens_warning).to eq(false) end - describe '.configure' do + describe ".configure" do subject(:configure) do described_class.configure do |config| config.silence_extra_tokens_warning = true @@ -24,7 +24,7 @@ end end - it 'can change setting of silence_extra_tokens_warning' do + it "can change setting of silence_extra_tokens_warning" do block_is_expected.to change(described_class.config, :silence_extra_tokens_warning).from(false).to(true) end end From 24baf1c76cf925dd80a61ba9212386d70400ef54 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 05:53:19 +0700 Subject: [PATCH 267/645] =?UTF-8?q?=F0=9F=9A=A8=20Linting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 2 +- Dangerfile | 8 ++--- lib/oauth2.rb | 34 ++++++++++----------- lib/oauth2/access_token.rb | 20 +++++++------ lib/oauth2/authenticator.rb | 10 +++---- lib/oauth2/client.rb | 36 +++++++++++------------ lib/oauth2/error.rb | 28 +++++++++--------- lib/oauth2/filtered_attributes.rb | 2 +- lib/oauth2/response.rb | 24 +++++++-------- lib/oauth2/strategy/assertion.rb | 8 ++--- lib/oauth2/strategy/auth_code.rb | 6 ++-- lib/oauth2/strategy/client_credentials.rb | 4 +-- lib/oauth2/strategy/implicit.rb | 6 ++-- lib/oauth2/strategy/password.rb | 10 ++++--- lib/oauth2/version.rb | 2 +- 15 files changed, 102 insertions(+), 98 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a6ba79f2..cf322133 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -309,7 +309,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [0.0.5] - 2010-04-23 ([tag][0.0.5t]) ## [0.0.4] - 2010-04-22 ([tag][0.0.4t]) - + ## [0.0.3] - 2010-04-22 ([tag][0.0.3t]) ## [0.0.2] - 2010-04-22 ([tag][0.0.2t]) diff --git a/Dangerfile b/Dangerfile index 2f8600bb..a01a246d 100644 --- a/Dangerfile +++ b/Dangerfile @@ -5,11 +5,11 @@ # e.g. github.pr_title.include? "#trivial" # Make it more obvious that a PR is a work in progress and shouldn't be merged yet -warn('PR is classed as Work in Progress') if github.pr_title.include? '[WIP]' +warn("PR is classed as Work in Progress") if github.pr_title.include?("[WIP]") # Warn when there is a big PR -warn('Big PR') if git.lines_of_code > 500 +warn("Big PR") if git.lines_of_code > 500 # Don't let testing shortcuts get into main by accident -raise('fdescribe left in tests') if `grep -r fdescribe specs/ `.length > 1 -raise('fit left in tests') if `grep -r fit specs/ `.length > 1 +raise("fdescribe left in tests") if %x(grep -r fdescribe specs/).length > 1 +raise("fit left in tests") if %x(grep -r fit specs/).length > 1 diff --git a/lib/oauth2.rb b/lib/oauth2.rb index 00f51b08..2f950419 100644 --- a/lib/oauth2.rb +++ b/lib/oauth2.rb @@ -1,27 +1,27 @@ # frozen_string_literal: true # includes modules from stdlib -require 'cgi' -require 'time' +require "cgi" +require "time" # third party gems -require 'snaky_hash' -require 'version_gem' +require "snaky_hash" +require "version_gem" # includes gem files -require 'oauth2/version' -require 'oauth2/filtered_attributes' -require 'oauth2/error' -require 'oauth2/authenticator' -require 'oauth2/client' -require 'oauth2/strategy/base' -require 'oauth2/strategy/auth_code' -require 'oauth2/strategy/implicit' -require 'oauth2/strategy/password' -require 'oauth2/strategy/client_credentials' -require 'oauth2/strategy/assertion' -require 'oauth2/access_token' -require 'oauth2/response' +require "oauth2/version" +require "oauth2/filtered_attributes" +require "oauth2/error" +require "oauth2/authenticator" +require "oauth2/client" +require "oauth2/strategy/base" +require "oauth2/strategy/auth_code" +require "oauth2/strategy/implicit" +require "oauth2/strategy/password" +require "oauth2/strategy/client_credentials" +require "oauth2/strategy/assertion" +require "oauth2/access_token" +require "oauth2/response" # The namespace of this library module OAuth2 diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 45682629..04a2049d 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -76,19 +76,21 @@ def initialize(client, token, opts = {}) error = Error.new(opts) raise(error) else - warn('OAuth2::AccessToken has no token') + warn("OAuth2::AccessToken has no token") end end # @option opts [Fixnum, String] :expires is deprecated - @expires_in ||= opts.delete('expires') + @expires_in ||= opts.delete("expires") @expires_in &&= @expires_in.to_i @expires_at &&= convert_expires_at(@expires_at) @expires_latency &&= @expires_latency.to_i @expires_at ||= Time.now.to_i + @expires_in if @expires_in && !@expires_in.zero? @expires_at -= @expires_latency if @expires_latency - @options = {mode: opts.delete(:mode) || :header, - header_format: opts.delete(:header_format) || 'Bearer %s', - param_name: opts.delete(:param_name) || 'access_token'} + @options = { + mode: opts.delete(:mode) || :header, + header_format: opts.delete(:header_format) || "Bearer %s", + param_name: opts.delete(:param_name) || "access_token", + } @params = opts end @@ -118,9 +120,9 @@ def expired? # @return [AccessToken] a new AccessToken # @note options should be carried over to the new AccessToken def refresh(params = {}, access_token_opts = {}) - raise('A refresh_token is not available') unless refresh_token + raise("A refresh_token is not available") unless refresh_token - params[:grant_type] = 'refresh_token' + params[:grant_type] = "refresh_token" params[:refresh_token] = refresh_token new_token = @client.get_token(params, access_token_opts) new_token.options = options @@ -133,7 +135,7 @@ def refresh(params = {}, access_token_opts = {}) end # A compatibility alias # @note does not modify the receiver, so bang is not the default method - alias refresh! refresh + alias_method :refresh!, :refresh # Convert AccessToken to a hash which can be used to rebuild itself with AccessToken.from_hash # @@ -190,7 +192,7 @@ def delete(path, opts = {}, &block) # Get the headers hash (includes Authorization token) def headers - {'Authorization' => options[:header_format] % token} + {"Authorization" => options[:header_format] % token} end private diff --git a/lib/oauth2/authenticator.rb b/lib/oauth2/authenticator.rb index f3e2888a..512d1cd7 100644 --- a/lib/oauth2/authenticator.rb +++ b/lib/oauth2/authenticator.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -require 'base64' +require "base64" module OAuth2 class Authenticator @@ -49,8 +49,8 @@ def self.encode_basic_auth(user, password) # already set. def apply_params_auth(params) result = {} - result['client_id'] = id unless id.nil? - result['client_secret'] = secret unless secret.nil? + result["client_id"] = id unless id.nil? + result["client_secret"] = secret unless secret.nil? result.merge(params) end @@ -58,7 +58,7 @@ def apply_params_auth(params) # we don't want to send the secret def apply_client_id(params) result = {} - result['client_id'] = id unless id.nil? + result["client_id"] = id unless id.nil? result.merge(params) end @@ -72,7 +72,7 @@ def apply_basic_auth(params) # @see https://datatracker.ietf.org/doc/html/rfc2617#section-2 def basic_auth_header - {'Authorization' => self.class.encode_basic_auth(id, secret)} + {"Authorization" => self.class.encode_basic_auth(id, secret)} end end end diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index e87a5cd0..4176cc25 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -1,11 +1,11 @@ # frozen_string_literal: true -require 'faraday' -require 'logger' +require "faraday" +require "logger" if Faraday::Utils.respond_to?(:default_space_encoding) # This setting doesn't exist in faraday 0.x - Faraday::Utils.default_space_encoding = '%20' + Faraday::Utils.default_space_encoding = "%20" end module OAuth2 @@ -49,10 +49,10 @@ def initialize(client_id, client_secret, options = {}, &block) @secret = client_secret @site = opts.delete(:site) ssl = opts.delete(:ssl) - warn('OAuth2::Client#initialize argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class`.') if opts[:extract_access_token] + warn("OAuth2::Client#initialize argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class`.") if opts[:extract_access_token] @options = { - authorize_url: 'oauth/authorize', - token_url: 'oauth/token', + authorize_url: "oauth/authorize", + token_url: "oauth/token", token_method: :post, auth_scheme: :basic_auth, connection_opts: {}, @@ -81,8 +81,8 @@ def connection if options[:connection_build] options[:connection_build].call(builder) else - builder.request :url_encoded # form-encode POST params - builder.adapter Faraday.default_adapter # make requests with Net::HTTP + builder.request(:url_encoded) # form-encode POST params + builder.adapter(Faraday.default_adapter) # make requests with Net::HTTP end end end @@ -131,7 +131,7 @@ def request(verb, url, opts = {}, &block) verb = :get opts.delete(:body) end - location = response.headers['location'] + location = response.headers["location"] if location full_location = response.response.env.url.merge(location) request(verb, full_location, opts) @@ -165,7 +165,7 @@ def request(verb, url, opts = {}, &block) # @yield [req] @see Faraday::Connection#run_request # @return [AccessToken] the initialized AccessToken def get_token(params, access_token_opts = {}, extract_access_token = nil, &block) - warn('OAuth2::Client#get_token argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class` on #initialize.') if extract_access_token + warn("OAuth2::Client#get_token argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class` on #initialize.") if extract_access_token extract_access_token ||= options[:extract_access_token] parse, snaky, params, headers = parse_snaky_params_headers(params) @@ -178,13 +178,13 @@ def get_token(params, access_token_opts = {}, extract_access_token = nil, &block # NOTE: If proliferation of request types continues we should implement a parser solution for Request, # just like we have with Response. - request_opts[:body] = if headers['Content-Type'] == 'application/json' - params.to_json - else - params - end + request_opts[:body] = if headers["Content-Type"] == "application/json" + params.to_json + else + params + end - request_opts[:headers] = {'Content-Type' => 'application/x-www-form-urlencoded'} + request_opts[:headers] = {"Content-Type" => "application/x-www-form-urlencoded"} else request_opts[:params] = params request_opts[:headers] = {} @@ -261,7 +261,7 @@ def assertion # @return [Hash] the params to add to a request or URL def redirection_params if options[:redirect_uri] - {'redirect_uri' => options[:redirect_uri]} + {"redirect_uri" => options[:redirect_uri]} else {} end @@ -358,7 +358,7 @@ def build_access_token_legacy(response, access_token_opts, extract_access_token) end def oauth_debug_logging(builder) - builder.response :logger, options[:logger], bodies: true if ENV['OAUTH_DEBUG'] == 'true' + builder.response(:logger, options[:logger], bodies: true) if ENV["OAUTH_DEBUG"] == "true" end end end diff --git a/lib/oauth2/error.rb b/lib/oauth2/error.rb index cd99ff86..076abbe0 100644 --- a/lib/oauth2/error.rb +++ b/lib/oauth2/error.rb @@ -11,18 +11,18 @@ def initialize(response) @response = response if response.respond_to?(:parsed) if response.parsed.is_a?(Hash) - @code = response.parsed['error'] - @description = response.parsed['error_description'] + @code = response.parsed["error"] + @description = response.parsed["error_description"] end elsif response.is_a?(Hash) - @code = response['error'] - @description = response['error_description'] + @code = response["error"] + @description = response["error_description"] end @body = if response.respond_to?(:body) - response.body - else - @response - end + response.body + else + @response + end message_opts = parse_error_description(@code, @description) super(error_message(@body, message_opts)) end @@ -35,11 +35,11 @@ def error_message(response_body, opts = {}) lines << opts[:error_description] if opts[:error_description] error_string = if response_body.respond_to?(:encode) && opts[:error_description].respond_to?(:encoding) - script_encoding = opts[:error_description].encoding - response_body.encode(script_encoding, invalid: :replace, undef: :replace) - else - response_body - end + script_encoding = opts[:error_description].encoding + response_body.encode(script_encoding, invalid: :replace, undef: :replace) + else + response_body + end lines << error_string @@ -49,7 +49,7 @@ def error_message(response_body, opts = {}) def parse_error_description(code, description) return {} unless code || description - error_description = '' + error_description = "" error_description += "#{code}: " if code error_description += description if description diff --git a/lib/oauth2/filtered_attributes.rb b/lib/oauth2/filtered_attributes.rb index 299d2d92..2794b94b 100644 --- a/lib/oauth2/filtered_attributes.rb +++ b/lib/oauth2/filtered_attributes.rb @@ -25,7 +25,7 @@ def inspect "#{var}=#{instance_variable_get(var).inspect}" end end - "#<#{self.class}:#{object_id} #{inspected_vars.join(', ')}>" + "#<#{self.class}:#{object_id} #{inspected_vars.join(", ")}>" end end end diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index c5bbb3ba..7003bf20 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -1,8 +1,8 @@ # frozen_string_literal: true -require 'json' -require 'multi_xml' -require 'rack' +require "json" +require "multi_xml" +require "rack" module OAuth2 # OAuth2::Response class @@ -23,8 +23,8 @@ class Response # Content type assignments for various potential HTTP content types. @@content_types = { - 'application/x-www-form-urlencoded' => :query, - 'text/plain' => :text, + "application/x-www-form-urlencoded" => :query, + "text/plain" => :text, } # Adds a new content type parser. @@ -68,7 +68,7 @@ def status # The HTTP response body def body - response.body || '' + response.body || "" end # The {#response} {#body} as parsed by {#parser}. @@ -97,9 +97,9 @@ def parsed # Attempts to determine the content type of the response. def content_type - return nil unless response.headers + return unless response.headers - ((response.headers.values_at('content-type', 'Content-Type').compact.first || '').split(';').first || '').strip.downcase + ((response.headers.values_at("content-type", "Content-Type").compact.first || "").split(";").first || "").strip.downcase end # Determines the parser (a Proc or other Object which responds to #call) @@ -133,16 +133,16 @@ def parser end end -OAuth2::Response.register_parser(:xml, ['text/xml', 'application/rss+xml', 'application/rdf+xml', 'application/atom+xml', 'application/xml']) do |body| +OAuth2::Response.register_parser(:xml, ["text/xml", "application/rss+xml", "application/rdf+xml", "application/atom+xml", "application/xml"]) do |body| next body unless body.respond_to?(:to_str) MultiXml.parse(body) end -OAuth2::Response.register_parser(:json, ['application/json', 'text/javascript', 'application/hal+json', 'application/vnd.collection+json', 'application/vnd.api+json', 'application/problem+json']) do |body| +OAuth2::Response.register_parser(:json, ["application/json", "text/javascript", "application/hal+json", "application/vnd.collection+json", "application/vnd.api+json", "application/problem+json"]) do |body| next body unless body.respond_to?(:to_str) - body = body.dup.force_encoding(::Encoding::ASCII_8BIT) if body.respond_to?(:force_encoding) + body = body.dup.force_encoding(Encoding::ASCII_8BIT) if body.respond_to?(:force_encoding) - ::JSON.parse(body) + JSON.parse(body) end diff --git a/lib/oauth2/strategy/assertion.rb b/lib/oauth2/strategy/assertion.rb index 5d921fbc..800a4a78 100644 --- a/lib/oauth2/strategy/assertion.rb +++ b/lib/oauth2/strategy/assertion.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -require 'jwt' +require "jwt" module OAuth2 module Strategy @@ -34,7 +34,7 @@ class Assertion < Base # # @raise [NotImplementedError] def authorize_url - raise(NotImplementedError, 'The authorization endpoint is not used in this strategy') + raise(NotImplementedError, "The authorization endpoint is not used in this strategy") end # Retrieve an access token given the specified client. @@ -87,13 +87,13 @@ def get_token(claims, encoding_opts, request_opts = {}, response_opts = {}) def build_request(assertion, request_opts = {}) { - grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer', + grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer", assertion: assertion, }.merge(request_opts) end def build_assertion(claims, encoding_opts) - raise ArgumentError.new(message: 'Please provide an encoding_opts hash with :algorithm and :key') if !encoding_opts.is_a?(Hash) || (%i[algorithm key] - encoding_opts.keys).any? + raise ArgumentError.new(message: "Please provide an encoding_opts hash with :algorithm and :key") if !encoding_opts.is_a?(Hash) || (%i[algorithm key] - encoding_opts.keys).any? JWT.encode(claims, encoding_opts[:key], encoding_opts[:algorithm]) end diff --git a/lib/oauth2/strategy/auth_code.rb b/lib/oauth2/strategy/auth_code.rb index f3aaad0a..96eedf5d 100644 --- a/lib/oauth2/strategy/auth_code.rb +++ b/lib/oauth2/strategy/auth_code.rb @@ -10,7 +10,7 @@ class AuthCode < Base # # @param [Hash] params additional query parameters def authorize_params(params = {}) - params.merge('response_type' => 'code', 'client_id' => @client.id) + params.merge("response_type" => "code", "client_id" => @client.id) end # The authorization URL endpoint of the provider @@ -28,7 +28,7 @@ def authorize_url(https://github.com/params%20=%20%7B%7D) # @param [Hash] opts access_token_opts, @see Client#get_token # @note that you must also provide a :redirect_uri with most OAuth 2.0 providers def get_token(code, params = {}, opts = {}) - params = {'grant_type' => 'authorization_code', 'code' => code}.merge(@client.redirection_params).merge(params) + params = {"grant_type" => "authorization_code", "code" => code}.merge(@client.redirection_params).merge(params) params_dup = params.dup params.each_key do |key| params_dup[key.to_s] = params_dup.delete(key) if key.is_a?(Symbol) @@ -40,7 +40,7 @@ def get_token(code, params = {}, opts = {}) private def assert_valid_params(params) - raise(ArgumentError, 'client_secret is not allowed in authorize URL query params') if params.key?(:client_secret) || params.key?('client_secret') + raise(ArgumentError, "client_secret is not allowed in authorize URL query params") if params.key?(:client_secret) || params.key?("client_secret") end end end diff --git a/lib/oauth2/strategy/client_credentials.rb b/lib/oauth2/strategy/client_credentials.rb index 2fba0e86..00a3ed80 100644 --- a/lib/oauth2/strategy/client_credentials.rb +++ b/lib/oauth2/strategy/client_credentials.rb @@ -10,7 +10,7 @@ class ClientCredentials < Base # # @raise [NotImplementedError] def authorize_url - raise(NotImplementedError, 'The authorization endpoint is not used in this strategy') + raise(NotImplementedError, "The authorization endpoint is not used in this strategy") end # Retrieve an access token given the specified client. @@ -18,7 +18,7 @@ def authorize_url # @param [Hash] params additional params # @param [Hash] opts options def get_token(params = {}, opts = {}) - params = params.merge('grant_type' => 'client_credentials') + params = params.merge("grant_type" => "client_credentials") @client.get_token(params, opts) end end diff --git a/lib/oauth2/strategy/implicit.rb b/lib/oauth2/strategy/implicit.rb index 5e61d1d6..e9efe5c2 100644 --- a/lib/oauth2/strategy/implicit.rb +++ b/lib/oauth2/strategy/implicit.rb @@ -10,7 +10,7 @@ class Implicit < Base # # @param [Hash] params additional query parameters def authorize_params(params = {}) - params.merge('response_type' => 'token', 'client_id' => @client.id) + params.merge("response_type" => "token", "client_id" => @client.id) end # The authorization URL endpoint of the provider @@ -25,13 +25,13 @@ def authorize_url(https://github.com/params%20=%20%7B%7D) # # @raise [NotImplementedError] def get_token(*) - raise(NotImplementedError, 'The token is accessed differently in this strategy') + raise(NotImplementedError, "The token is accessed differently in this strategy") end private def assert_valid_params(params) - raise(ArgumentError, 'client_secret is not allowed in authorize URL query params') if params.key?(:client_secret) || params.key?('client_secret') + raise(ArgumentError, "client_secret is not allowed in authorize URL query params") if params.key?(:client_secret) || params.key?("client_secret") end end end diff --git a/lib/oauth2/strategy/password.rb b/lib/oauth2/strategy/password.rb index d41ca07a..79acf654 100644 --- a/lib/oauth2/strategy/password.rb +++ b/lib/oauth2/strategy/password.rb @@ -10,7 +10,7 @@ class Password < Base # # @raise [NotImplementedError] def authorize_url - raise(NotImplementedError, 'The authorization endpoint is not used in this strategy') + raise(NotImplementedError, "The authorization endpoint is not used in this strategy") end # Retrieve an access token given the specified End User username and password. @@ -19,9 +19,11 @@ def authorize_url # @param [String] password the End User password # @param [Hash] params additional params def get_token(username, password, params = {}, opts = {}) - params = {'grant_type' => 'password', - 'username' => username, - 'password' => password}.merge(params) + params = { + "grant_type" => "password", + "username" => username, + "password" => password, + }.merge(params) @client.get_token(params, opts) end end diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index c4c3e3bd..42e2e99c 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -2,6 +2,6 @@ module OAuth2 module Version - VERSION = '2.0.10'.freeze + VERSION = "2.0.10" end end From 1777b96d22d0ad1c87729b91312cd5618854365c Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 05:53:34 +0700 Subject: [PATCH 268/645] =?UTF-8?q?=F0=9F=93=9D=20Improve=20documentation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 609 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 387 insertions(+), 222 deletions(-) diff --git a/README.md b/README.md index 473cdc47..0f3afb24 100644 --- a/README.md +++ b/README.md @@ -7,14 +7,43 @@

-## What +## OAuth2 + +[![Version][👽versioni]][👽version] +[![License: MIT][📄license-img]][📄license-ref] +[![Downloads Rank][👽dl-ranki]][👽dl-rank] +[![Open Source Helpers][👽oss-helpi]][👽oss-help] +[![Depfu][🔑depfui♻️]][🔑depfu] +[![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov] +[![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] +[![CodeClimate Test Coverage][🔑cc-covi♻️]][🔑cc-cov] +[![Maintainability][🔑cc-mnti♻️]][🔑cc-mnt] +[![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] +[![CI Current][🚎11-c-wfi]][🚎11-c-wf] +[![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] +[![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] +[![CI Supported][🚎6-s-wfi]][🚎6-s-wf] +[![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] +[![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] +[![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] +[![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] +[![CI Style][🚎5-st-wfi]][🚎5-st-wf] + +--- + +[![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] +[![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] +[![Buy me a coffee][🖇buyme-small-img]][🖇buyme] +[![Donate on Polar][🖇polar-img]][🖇polar] +[![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] +[![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon] OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications. ---- +## 💡 Info you can shake a stick at * [OAuth 2.0 Spec][oauth2-spec] * [doorkeeper gem][doorkeeper-gem] for OAuth 2.0 server/provider implementation. @@ -24,28 +53,21 @@ This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby appli [sibling-gem]: https://gitlab.com/oauth-xx/oauth [doorkeeper-gem]: https://github.com/doorkeeper-gem/doorkeeper -If this library has helped you, or your organization, -please support my efforts by making a donation, becoming a sponsor, or giving me a shout on Mastodon. - -[![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] -[![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] - - -Buy me coffee donation button - - -Patreon donate button - - - - - -[⛳liberapay-img]: https://img.shields.io/liberapay/patrons/pboling.svg?logo=liberapay -[⛳liberapay]: https://liberapay.com/pboling/donate -[🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github -[🖇sponsor]: https://github.com/sponsors/pboling - -## Release Documentation +| Tokens to Remember | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace] | +|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Works with JRuby | [![JRuby 9.1 Compat][💎jruby-9.1i]][🚎10-j-wf] [![JRuby 9.2 Compat][💎jruby-9.2i]][🚎10-j-wf] [![JRuby 9.3 Compat][💎jruby-9.3i]][🚎10-j-wf] [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf] | +| Works with Truffle Ruby | [![Truffle Ruby 22.3 Compat][💎truby-22.3i]][🚎9-t-wf] [![Truffle Ruby 23.0 Compat][💎truby-23.0i]][🚎9-t-wf] [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf] [![Truffle Ruby HEAD Compat][💎truby-headi]][🚎3-hd-wf] | +| Works with MRI Ruby 3 | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf] | +| Works with MRI Ruby 2 | [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf] | +| Source | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc] | +| Documentation | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![HEAD on RubyDoc.info][📜docs-head-rd-img]][🚎yard-head] [![BDFL Blog][🚂bdfl-blog-img]][🚂bdfl-blog] [![Wiki][📜wiki-img]][📜wiki] | +| Compliance | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Enforced Code Style][💎rlts-img]][💎rlts] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![FOSSA][🏘fossa-img]][🏘fossa] | +| Expert 1:1 Support | [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] `or` [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor] | +| Enterprise Support | [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
💡Subscribe for support guarantees covering _all_ FLOSS dependencies!
💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]!
💡Tidelift pays maintainers to maintain the software you depend on!
📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers! | +| Comrade BDFL 🎖️ | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto] | +| `...` 💖 | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub] [🛖][💖🛖hut] [🧪][💖🧪lab] | + +## 🚀 Release Documentation ### Version 2.0.x @@ -108,136 +130,7 @@ please support my efforts by making a donation, becoming a sponsor, or giving me | < 1.0.0 | Find here | https://gitlab.com/oauth-xx/oauth2/-/tags |
-## Status - - - -| | Project | bundle add oauth2 | -|:----|-----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![SemVer 2.0.0][🧮semver-img]][🧮semver] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] | -| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-main-img]][🚎src-main] | -| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] | -| 4️⃣ | testing | [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] | -| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] | -| 6️⃣ | resources | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] | -| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] | - - - - -[⛳️gem]: https://rubygems.org/gems/oauth2 -[⛳️name-img]: https://img.shields.io/badge/name-oauth2-brightgreen.svg?style=flat -[🖇src-license]: https://opensource.org/licenses/MIT -[🖇src-license-img]: https://img.shields.io/badge/License-MIT-green.svg -[🏘fossa]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_shield -[🏘fossa-img]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=shield -[🚎yard]: https://www.rubydoc.info/gems/oauth2 -[🚎yard-img]: https://img.shields.io/badge/documentation-rubydoc-brightgreen.svg?style=flat -[🧮semver]: http://semver.org/ -[🧮semver-img]: https://img.shields.io/badge/semver-2.0.0-FFDD67.svg?style=flat -[📗keep-changelog]: https://keepachangelog.com/en/1.0.0/ -[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-FFDD67.svg?style=flat - - -[⛳️version-img]: http://img.shields.io/gem/v/oauth2.svg -[🖇DL-total-img]: https://img.shields.io/gem/dt/oauth2.svg -[🏘DL-rank-img]: https://img.shields.io/gem/rt/oauth2.svg -[🚎src-main]: https://gitlab.com/oauth-xx/oauth2/-/tree/main -[🚎src-main-img]: https://img.shields.io/badge/source-gitlab-blue.svg?style=flat - - -[⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability -[⛳cclim-maint-img♻️]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability -[🖇triage-help]: https://www.codetriage.com/oauth-xx/oauth2 -[🖇triage-help-img]: https://www.codetriage.com/oauth-xx/oauth2/badges/users.svg -[🏘depfu♻️]: https://depfu.com/github/oauth-xx/oauth2?project_id=4445 -[🏘depfu-img♻️]: https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg -[🚎contributors]: https://gitlab.com/oauth-xx/oauth2/-/graphs/main -[🚎contributors-img]: https://img.shields.io/github/contributors-anon/oauth-xx/oauth2 -[🖐style-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/style.yml -[🖐style-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/style.yml/badge.svg - - -[🏘sup-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml -[🏘sup-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml/badge.svg -[🚎heads-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/heads.yml -[🚎heads-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/heads.yml/badge.svg -[🖐uns-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml -[🖐uns-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml/badge.svg -[🧮mac-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/macos.yml -[🧮mac-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/macos.yml/badge.svg -[📗win-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/windows.yml -[📗win-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/windows.yml/badge.svg - - -[⛳cclim-cov]: https://codeclimate.com/github/oauth-xx/oauth2/test_coverage -[⛳cclim-cov-img♻️]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/test_coverage -[🖇codecov-img♻️]: https://codecov.io/gh/oauth-xx/oauth2/branch/main/graph/badge.svg?token=bNqSzNiuo2 -[🖇codecov]: https://codecov.io/gh/oauth-xx/oauth2 -[🏘coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=main -[🏘coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth2/badge.svg?branch=main -[🚎sec-pol]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/SECURITY.md -[🚎sec-pol-img]: https://img.shields.io/badge/security-policy-brightgreen.svg?style=flat -[🖐codeQL]: https://github.com/oauth-xx/oauth2/security/code-scanning -[🖐codeQL-img]: https://github.com/oauth-xx/oauth2/actions/workflows/codeql-analysis.yml/badge.svg -[🧮cov-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml -[🧮cov-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml/badge.svg - - -[⛳gg-discussions]: https://groups.google.com/g/oauth-ruby -[⛳gg-discussions-img]: https://img.shields.io/badge/google-group-purple.svg?style=flat -[🖇codementor]: https://www.codementor.io/peterboling?utm_source=github&utm_medium=button&utm_term=peterboling&utm_campaign=github -[🖇codementor-img]: https://cdn.codementor.io/badges/get_help_github.svg -[🏘chat]: https://gitter.im/oauth-xx/oauth2 -[🏘chat-img]: https://img.shields.io/gitter/room/oauth-xx/oauth2.svg -[🚎blog]: http://www.railsbling.com/tags/oauth2/ -[🚎blog-img]: https://img.shields.io/badge/blog-railsbling-brightgreen.svg?style=flat -[🖐wiki]: https://gitlab.com/oauth-xx/oauth2/-/wikis/home -[🖐wiki-img]: https://img.shields.io/badge/wiki-examples-brightgreen.svg?style=flat - - -[⛳liberapay-img]: https://img.shields.io/liberapay/patrons/pboling.svg?logo=liberapay -[⛳liberapay]: https://liberapay.com/pboling/donate -[🖇sponsor-img]: https://img.shields.io/badge/sponsor-pboling.svg?style=social&logo=github -[🖇sponsor]: https://github.com/sponsors/pboling -[🏘tweet-img]: https://img.shields.io/twitter/follow/galtzo.svg?style=social&label=Follow -[🏘tweet]: http://twitter.com/galtzo - - -[railsbling]: http://www.railsbling.com -[peterboling]: http://www.peterboling.com -[aboutme]: https://about.me/peter.boling -[angelme]: https://angel.co/peter-boling -[coderme]:http://coderwall.com/pboling - -## Installation +## ✨ Installation Install the gem and add to the application's Gemfile by executing: @@ -247,6 +140,36 @@ If bundler is not being used to manage dependencies, install the gem by executin $ gem install oauth2 +### 🔒 Secure Installation + +`oauth2` is cryptographically signed, and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by +[stone_checksums][💎stone_checksums]. Be sure the gem you install hasn’t been tampered with +by following the instructions below. + +Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate: + +```shell +gem cert --add <(curl -Ls https://raw.github.com/kettle-rb/oauth2/main/certs/pboling.pem) +``` + +You only need to do that once. Then proceed to install with: + +```shell +gem install oauth2 -P MediumSecurity +``` + +The `MediumSecurity` trust profile will verify signed gems, but allow the installation of unsigned dependencies. + +This is necessary because not all of `oauth2`’s dependencies are signed, so we cannot use `HighSecurity`. + +If you want to up your security game full-time: + +```shell +bundle config set --global trust-policy MediumSecurity +``` + +NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine. + ## OAuth2 for Enterprise Available as part of the Tidelift Subscription. @@ -260,7 +183,7 @@ The maintainers of OAuth2 and thousands of other packages are working with Tidel To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure. -For more see [SECURITY.md][🚎sec-pol]. +For more see [SECURITY.md][🔐security]. ## What is new for v2.0? @@ -345,14 +268,14 @@ end ### `authorize_url` and `token_url` are on site root (Just Works!) ```ruby -require 'oauth2' -client = OAuth2::Client.new('client_id', 'client_secret', site: 'https://example.org/') +require "oauth2" +client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/") # => # "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code" -access = client.auth_code.get_token('authorization_code_value', redirect_uri: 'http://localhost:8080/oauth2/callback', headers: {'Authorization' => 'Basic some_password'}) -response = access.get('/api/resource', params: {'query_foo' => 'bar'}) +access = client.auth_code.get_token("authorization_code_value", redirect_uri: "http://localhost:8080/oauth2/callback", headers: {"Authorization" => "Basic some_password"}) +response = access.get("/api/resource", params: {"query_foo" => "bar"}) response.class.name # => OAuth2::Response ``` @@ -362,9 +285,9 @@ response.class.name In above example, the default Authorization URL is `oauth/authorize` and default Access Token URL is `oauth/token`, and, as they are missing a leading `/`, both are relative. ```ruby -client = OAuth2::Client.new('client_id', 'client_secret', site: 'https://example.org/nested/directory/on/your/server') +client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server") # => # "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code" ``` @@ -373,12 +296,14 @@ client.auth_code.authorize_url(redirect_uri: 'http://localhost:8080/oauth2/callb%20You%20can%20specify%20custom%20URLs%20for%20authorization%20and%20access%20token,%20and%20when%20using%20a%20leading%20%60/%60%20they%20will%20_not%20be%20relative_,%20as%20shown%20below:%20%20%60%60%60ruby-client%20=%20OAuth2::Client.new('client_id', 'client_secret', - site: 'https://example.org/nested/directory/on/your/server', - authorize_url: '/jaunty/authorize/', - token_url: '/stirrups/access_token') +client = OAuth2::Client.new( +"client_id", +"client_secret", + site: "https://example.org/nested/directory/on/your/server", + authorize_url: "/jaunty/authorize/", + token_url: "/stirrups/access_token") # => # "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code" client.class.name # => OAuth2::Client @@ -387,7 +312,7 @@ client.class.name ### snake_case and indifferent access in Response#parsed ```ruby -response = access.get('/api/resource', params: {'query_foo' => 'bar'}) +response = access.get("/api/resource", params: {"query_foo" => "bar"}) # Even if the actual response is CamelCase. it will be made available as snaky: JSON.parse(response.body) # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"} response.parsed # => {"access_token"=>"aaaaaaaa", "additional_data"=>"additional"} @@ -401,11 +326,11 @@ response.parsed.class.name # => OAuth2::SnakyHash (subclass of Hashie::Ma #### What if I hate snakes and/or indifference? ```ruby -response = access.get('/api/resource', params: {'query_foo' => 'bar'}, snaky: false) +response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false) JSON.parse(response.body) # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"} response.parsed # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"} -response.parsed['accessToken'] # => "aaaaaaaa" -response.parsed['additionalData'] # => "additional" +response.parsed["accessToken"] # => "aaaaaaaa" +response.parsed["additionalData"] # => "additional" response.parsed.class.name # => Hash (just, regular old Hash) ``` @@ -416,19 +341,19 @@ Set an environment variable, however you would [normally do that](https://github ```ruby # will log both request and response, including bodies -ENV['OAUTH_DEBUG'] = 'true' +ENV["OAUTH_DEBUG"] = "true" ``` By default, debug output will go to `$stdout`. This can be overridden when initializing your OAuth2::Client. ```ruby -require 'oauth2' +require "oauth2" client = OAuth2::Client.new( - 'client_id', - 'client_secret', - site: 'https://example.org/', - logger: Logger.new('example.log', 'weekly') + "client_id", + "client_secret", + site: "https://example.org/", + logger: Logger.new("example.log", "weekly"), ) ```
@@ -477,96 +402,336 @@ use. They are available via the [`#auth_code`](https://gitlab.com/oauth-xx/oauth These aren't full examples, but demonstrative of the differences between usage for each strategy. ```ruby -auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20'http://localhost:8080/oauth/callback') -access = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback') +auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth/callback") +access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback") -auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20'http://localhost:8080/oauth/callback') +auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth/callback") # get the token params in the callback and access = OAuth2::AccessToken.from_kvform(client, query_string) -access = client.password.get_token('username', 'password') +access = client.password.get_token("username", "password") access = client.client_credentials.get_token # Client Assertion Strategy # see: https://tools.ietf.org/html/rfc7523 claimset = { - iss: 'http://localhost:3001/', - aud: 'http://localhost:8080/oauth2/token', - sub: 'me@example.com', + iss: "http://localhost:3001/", + aud: "http://localhost:8080/oauth2/token", + sub: "me@example.com", exp: Time.now.utc.to_i + 3600, } -assertion_params = [claimset, 'HS256', 'secret_key'] +assertion_params = [claimset, "HS256", "secret_key"] access = client.assertion.get_token(assertion_params) # The `access` (i.e. access token) is then used like so: access.token # actual access_token string, if you need it somewhere -access.get('/api/stuff') # making api calls with access token +access.get("/api/stuff") # making api calls with access token ``` If you want to specify additional headers to be sent out with the request, add a 'headers' hash under 'params': ```ruby -access = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback', headers: {'Some' => 'Header'}) +access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: {"Some" => "Header"}) ``` You can always use the `#request` method on the `OAuth2::Client` instance to make requests for tokens for any Authentication grant type. -## Versioning +### 🚀 Release Instructions -This library aims to adhere to [Semantic Versioning 2.0.0][semver]. -Violations of this scheme should be reported as bugs. Specifically, -if a minor or patch version is released that breaks backward -compatibility, a new version should be immediately released that -restores compatibility. Breaking changes to the public API will -only be introduced with new major versions. +See [CONTRIBUTING.md][🤝contributing]. -As a result of this policy, you can (and should) specify a -dependency on this gem using the [Pessimistic Version Constraint][pvc] with two digits of precision. +## 🔐 Security -For example: +See [SECURITY.md][🔐security]. -```ruby -spec.add_dependency 'oauth2', '~> 2.0' -``` +## 🤝 Contributing -[semver]: http://semver.org/ -[pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint +If you need some ideas of where to help, you could work on adding more code coverage, +or if it is already 💯 (see [below](#code-coverage)) check TODOs (see [below](#todos)), +or check [issues][🤝issues], or [PRs][🤝pulls], +or use the gem and think about how it could be better. -## License +We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you make changes, remember to update it. -[![License: MIT][🖇src-license-img]][🖇src-license] +See [CONTRIBUTING.md][🤝contributing] for more detailed instructions. -- Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc. -- Copyright (c) 2017-2022 [oauth-xx organization][oauth-xx] -- See [LICENSE][license] for details. +### Code Coverage -[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=large)][fossa2] +[![Coverage Graph][🔑codecov-g♻️]][🔑codecov] -[license]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/LICENSE -[oauth-xx]: https://gitlab.com/oauth-xx -[fossa2]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_large +### 🪇 Code of Conduct + +Everyone interacting in this project's codebases, issue trackers, +chat rooms and mailing lists is expected to follow the [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct]. + +## 🌈 Contributors + +[![Contributors][🖐contributors-img]][🖐contributors] + +Made with [contributors-img][🖐contrib-rocks]. + +Also see GitLab Contributors: [https://gitlab.com/oauth-xx/oauth2/-/graphs/main][🚎contributors-gl] + +## ⭐️ Star History + + + + + + Star History Chart + + + +## 📌 Versioning + +This Library adheres to [![Semantic Versioning 2.0.0][📌semver-img]][📌semver]. +Violations of this scheme should be reported as bugs. +Specifically, if a minor or patch version is released that breaks backward compatibility, +a new version should be immediately released that restores compatibility. +Breaking changes to the public API will only be introduced with new major versions. + +### 📌 Is "Platform Support" part of the public API? + +Yes. But I'm obligated to include notes... + +SemVer should, but doesn't explicitly, say that dropping support for specific Platforms +is a *breaking change* to an API. +It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless. + +> dropping support for a platform is both obviously and objectively a breaking change + +- Jordan Harband (@ljharb, maintainer of SemVer) [in SemVer issue 716][📌semver-breaking] + +To get a better understanding of how SemVer is intended to work over a project's lifetime, +read this article from the creator of SemVer: -## Development +- ["Major Version Numbers are Not Sacred"][📌major-versions-not-sacred] -After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. +As a result of this policy, and the interpretive lens used by the maintainer, +you can (and should) specify a dependency on these libraries using +the [Pessimistic Version Constraint][📌pvc] with two digits of precision. -To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org). +For example: + +```ruby +spec.add_dependency("oauth2", "~> 1.0") +``` + +See [CHANGELOG.md][📌changelog] for list of releases. -## Contributing +## 📄 License -See [CONTRIBUTING.md][contributing] +The gem is available as open source under the terms of +the [MIT License][📄license] [![License: MIT][📄license-img]][📄license-ref]. +See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright-notice-explainer]. -[contributing]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CONTRIBUTING.md -## Contributors +[![FOSSA Status][fossa2-img])][fossa2] -[![Contributors](https://contrib.rocks/image?repo=oauth-xx/oauth2)]("https://gitlab.com/oauth-xx/oauth2/-/graphs/main") +[fossa2]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_large +[fossa2-img]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=large + +### © Copyright + +
    +
  • + 2017 - 2025 Peter H. Boling, of + + RailsBling.com + + Rails Bling + + , and oauth2 contributors +
    • +
  • + Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc. +
    • +
+ +## 🤑 One more thing + +You made it to the bottom of the page, +so perhaps you'll indulge me for another 20 seconds. +I maintain many dozens of gems, including this one, +because I want Ruby to be a great place for people to solve problems, big and small. +Please consider supporting my efforts via the giant yellow link below, +or one of the others at the head of this README. + +[![Buy me a latte][🖇buyme-img]][🖇buyme] -Made with [contributors-img](https://contrib.rocks). +[⛳gg-discussions]: https://groups.google.com/g/oauth-ruby +[⛳gg-discussions-img]: https://img.shields.io/badge/google-group-purple.svg?style=flat + +[✇bundle-group-pattern]: https://gist.github.com/pboling/4564780 +[⛳️gem-namespace]: https://github.com/oauth-xx/oauth2 +[⛳️namespace-img]: https://img.shields.io/badge/namespace-OAuth2-brightgreen.svg?style=flat&logo=ruby&logoColor=white +[⛳️gem-name]: https://rubygems.org/gems/oauth2 +[⛳️name-img]: https://img.shields.io/badge/name-oauth2-brightgreen.svg?style=flat&logo=rubygems&logoColor=red +[🚂bdfl-blog]: http://www.railsbling.com/tags/oauth2 +[🚂bdfl-blog-img]: https://img.shields.io/badge/blog-railsbling-0093D0.svg?style=for-the-badge&logo=rubyonrails&logoColor=orange +[🚂bdfl-contact]: http://www.railsbling.com/contact +[🚂bdfl-contact-img]: https://img.shields.io/badge/Contact-BDFL-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red +[💖🖇linkedin]: http://www.linkedin.com/in/peterboling +[💖🖇linkedin-img]: https://img.shields.io/badge/PeterBoling-LinkedIn-0B66C2?style=flat&logo=newjapanprowrestling +[💖✌️wellfound]: https://angel.co/u/peter-boling +[💖✌️wellfound-img]: https://img.shields.io/badge/peter--boling-orange?style=flat&logo=wellfound +[💖💲crunchbase]: https://www.crunchbase.com/person/peter-boling +[💖💲crunchbase-img]: https://img.shields.io/badge/peter--boling-purple?style=flat&logo=crunchbase +[💖🐘ruby-mast]: https://ruby.social/@galtzo +[💖🐘ruby-mast-img]: https://img.shields.io/mastodon/follow/109447111526622197?domain=https%3A%2F%2Fruby.social&style=flat&logo=mastodon&label=Ruby%20%40galtzo +[💖🦋bluesky]: https://bsky.app/profile/galtzo.com +[💖🦋bluesky-img]: https://img.shields.io/badge/@galtzo.com-0285FF?style=flat&logo=bluesky&logoColor=white +[💖🌳linktree]: https://linktr.ee/galtzo +[💖🌳linktree-img]: https://img.shields.io/badge/galtzo-purple?style=flat&logo=linktree +[💖💁🏼‍♂️devto]: https://dev.to/galtzo +[💖💁🏼‍♂️devto-img]: https://img.shields.io/badge/dev.to-0A0A0A?style=flat&logo=devdotto&logoColor=white +[💖💁🏼‍♂️aboutme]: https://about.me/peter.boling +[💖💁🏼‍♂️aboutme-img]: https://img.shields.io/badge/about.me-0A0A0A?style=flat&logo=aboutme&logoColor=white +[💖🧊berg]: https://codeberg.org/pboling +[💖🐙hub]: https://github.org/pboling +[💖🛖hut]: https://sr.ht/~galtzo/ +[💖🧪lab]: https://gitlab.com/pboling +[👨🏼‍🏫expsup-upwork]: https://www.upwork.com/freelancers/~014942e9b056abdf86?mp_source=share +[👨🏼‍🏫expsup-upwork-img]: https://img.shields.io/badge/UpWork-13544E?style=for-the-badge&logo=Upwork&logoColor=white +[👨🏼‍🏫expsup-codementor]: https://www.codementor.io/peterboling?utm_source=github&utm_medium=button&utm_term=peterboling&utm_campaign=github +[👨🏼‍🏫expsup-codementor-img]: https://img.shields.io/badge/CodeMentor-Get_Help-1abc9c?style=for-the-badge&logo=CodeMentor&logoColor=white +[🏙️entsup-tidelift]: https://tidelift.com/subscription +[🏙️entsup-tidelift-img]: https://img.shields.io/badge/Tidelift_and_Sonar-Enterprise_Support-FD3456?style=for-the-badge&logo=sonar&logoColor=white +[🏙️entsup-tidelift-sonar]: https://blog.tidelift.com/tidelift-joins-sonar +[💁🏼‍♂️peterboling]: http://www.peterboling.com +[🚂railsbling]: http://www.railsbling.com +[📜src-gl-img]: https://img.shields.io/badge/GitLab-FBA326?style=for-the-badge&logo=Gitlab&logoColor=orange +[📜src-gl]: https://gitlab.com/oauth-xx/oauth2/ +[📜src-cb-img]: https://img.shields.io/badge/CodeBerg-4893CC?style=for-the-badge&logo=CodeBerg&logoColor=blue +[📜src-cb]: https://codeberg.org/oauth-xx/oauth2 +[📜src-gh-img]: https://img.shields.io/badge/GitHub-238636?style=for-the-badge&logo=Github&logoColor=green +[📜src-gh]: https://github.com/oauth-xx/oauth2 +[📜docs-cr-rd-img]: https://img.shields.io/badge/RubyDoc-Current_Release-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white +[📜docs-head-rd-img]: https://img.shields.io/badge/RubyDoc-HEAD-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white +[📜wiki]: https://gitlab.com/oauth-xx/oauth2/-/wikis/home +[📜wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=Wiki&logoColor=white +[👽dl-rank]: https://rubygems.org/gems/oauth2 +[👽dl-ranki]: https://img.shields.io/gem/rd/oauth2.svg +[👽oss-help]: https://www.codetriage.com/oauth-xx/oauth2 +[👽oss-helpi]: https://www.codetriage.com/oauth-xx/oauth2/badges/users.svg +[👽version]: https://rubygems.org/gems/oauth2 +[👽versioni]: https://img.shields.io/gem/v/oauth2.svg +[🔑cc-mnt]: https://qlty.sh/gh/oauth-xx/projects/oauth2 +[🔑cc-mnti♻️]: https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/maintainability.svg +[🔑cc-cov]: https://qlty.sh/gh/oauth-xx/projects/oauth2 +[🔑cc-covi♻️]: https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/test_coverage.svg +[🔑codecov]: https://codecov.io/gh/oauth-xx/oauth2 +[🔑codecovi♻️]: https://codecov.io/gh/oauth-xx/oauth2/branch/main/graph/badge.svg?token=bNqSzNiuo2 +[🔑coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=main +[🔑coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth2/badge.svg?branch=main +[🔑depfu]: https://depfu.com/github/oauth-xx/oauth2?project_id=5884 +[🔑depfui♻️]: https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg +[🖐codeQL]: https://github.com/oauth-xx/oauth2/security/code-scanning +[🖐codeQL-img]: https://github.com/oauth-xx/oauth2/actions/workflows/codeql-analysis.yml/badge.svg +[🚎1-an-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/ancient.yml +[🚎1-an-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/ancient.yml/badge.svg +[🚎2-cov-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml +[🚎2-cov-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml/badge.svg +[🚎3-hd-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/heads.yml +[🚎3-hd-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/heads.yml/badge.svg +[🚎4-lg-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/legacy.yml +[🚎4-lg-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/legacy.yml/badge.svg +[🚎5-st-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/style.yml +[🚎5-st-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/style.yml/badge.svg +[🚎6-s-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml +[🚎6-s-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml/badge.svg +[🚎7-us-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml +[🚎7-us-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml/badge.svg +[🚎8-ho-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/hoary.yml +[🚎8-ho-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/hoary.yml/badge.svg +[🚎9-t-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/truffle.yml +[🚎9-t-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/truffle.yml/badge.svg +[🚎10-j-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/jruby.yml +[🚎10-j-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/jruby.yml/badge.svg +[🚎11-c-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/current.yml +[🚎11-c-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/current.yml/badge.svg +[⛳liberapay-img]: https://img.shields.io/liberapay/goal/pboling.svg?logo=liberapay +[⛳liberapay]: https://liberapay.com/pboling/donate +[🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github +[🖇sponsor]: https://github.com/sponsors/pboling +[🖇polar-img]: https://img.shields.io/badge/polar-donate-yellow.svg +[🖇polar]: https://polar.sh/pboling +[🖇kofi-img]: https://img.shields.io/badge/a_more_different_coffee-✓-yellow.svg +[🖇kofi]: https://ko-fi.com/O5O86SNP4 +[🖇patreon-img]: https://img.shields.io/badge/patreon-donate-yellow.svg +[🖇patreon]: https://patreon.com/galtzo +[🖇buyme-img]: https://img.buymeacoffee.com/button-api/?text=Buy%20me%20a%20latte&emoji=&slug=pboling&button_colour=FFDD00&font_colour=000000&font_family=Cookie&outline_colour=000000&coffee_colour=ffffff +[🖇buyme]: https://www.buymeacoffee.com/pboling +[🖇buyme-small-img]: https://img.shields.io/badge/buy_me_a_coffee-✓-yellow.svg?style=flat +[💎ruby-2.3i]: https://img.shields.io/badge/Ruby-2.3-DF00CA?style=for-the-badge&logo=ruby&logoColor=white +[💎ruby-2.4i]: https://img.shields.io/badge/Ruby-2.4-DF00CA?style=for-the-badge&logo=ruby&logoColor=white +[💎ruby-2.5i]: https://img.shields.io/badge/Ruby-2.5-DF00CA?style=for-the-badge&logo=ruby&logoColor=white +[💎ruby-2.6i]: https://img.shields.io/badge/Ruby-2.6-DF00CA?style=for-the-badge&logo=ruby&logoColor=white +[💎ruby-2.7i]: https://img.shields.io/badge/Ruby-2.7-DF00CA?style=for-the-badge&logo=ruby&logoColor=white +[💎ruby-3.0i]: https://img.shields.io/badge/Ruby-3.0-CC342D?style=for-the-badge&logo=ruby&logoColor=white +[💎ruby-3.1i]: https://img.shields.io/badge/Ruby-3.1-CC342D?style=for-the-badge&logo=ruby&logoColor=white +[💎ruby-3.2i]: https://img.shields.io/badge/Ruby-3.2-CC342D?style=for-the-badge&logo=ruby&logoColor=white +[💎ruby-3.3i]: https://img.shields.io/badge/Ruby-3.3-CC342D?style=for-the-badge&logo=ruby&logoColor=white +[💎ruby-c-i]: https://img.shields.io/badge/Ruby-current-CC342D?style=for-the-badge&logo=ruby&logoColor=green +[💎ruby-headi]: https://img.shields.io/badge/Ruby-HEAD-CC342D?style=for-the-badge&logo=ruby&logoColor=blue +[💎truby-22.3i]: https://img.shields.io/badge/Truffle_Ruby-22.3-34BCB1?style=for-the-badge&logo=ruby&logoColor=pink +[💎truby-23.0i]: https://img.shields.io/badge/Truffle_Ruby-23.0-34BCB1?style=for-the-badge&logo=ruby&logoColor=pink +[💎truby-23.1i]: https://img.shields.io/badge/Truffle_Ruby-23.1-34BCB1?style=for-the-badge&logo=ruby&logoColor=pink +[💎truby-c-i]: https://img.shields.io/badge/Truffle_Ruby-current-34BCB1?style=for-the-badge&logo=ruby&logoColor=green +[💎truby-headi]: https://img.shields.io/badge/Truffle_Ruby-HEAD-34BCB1?style=for-the-badge&logo=ruby&logoColor=blue +[💎jruby-9.1i]: https://img.shields.io/badge/JRuby-9.1-FBE742?style=for-the-badge&logo=ruby&logoColor=red +[💎jruby-9.2i]: https://img.shields.io/badge/JRuby-9.2-FBE742?style=for-the-badge&logo=ruby&logoColor=red +[💎jruby-9.3i]: https://img.shields.io/badge/JRuby-9.3-FBE742?style=for-the-badge&logo=ruby&logoColor=red +[💎jruby-9.4i]: https://img.shields.io/badge/JRuby-9.4-FBE742?style=for-the-badge&logo=ruby&logoColor=red +[💎jruby-c-i]: https://img.shields.io/badge/JRuby-current-FBE742?style=for-the-badge&logo=ruby&logoColor=green +[💎jruby-headi]: https://img.shields.io/badge/JRuby-HEAD-FBE742?style=for-the-badge&logo=ruby&logoColor=blue +[🤝issues]: https://github.com/oauth-xx/oauth2/issues +[🤝pulls]: https://github.com/oauth-xx/oauth2/pulls +[🤝contributing]: CONTRIBUTING.md +[🔑codecov-g♻️]: https://codecov.io/gh/oauth-xx/oauth2/graphs/tree.svg?token=bNqSzNiuo2 +[🖐contrib-rocks]: https://contrib.rocks +[🖐contributors]: https://github.com/oauth-xx/oauth2/graphs/contributors +[🖐contributors-img]: https://contrib.rocks/image?repo=oauth-xx/oauth2 +[🚎contributors-gl]: https://gitlab.com/oauth-xx/oauth2/-/graphs/main +[🪇conduct]: CODE_OF_CONDUCT.md +[🪇conduct-img]: https://img.shields.io/badge/Contributor_Covenant-2.1-4baaaa.svg +[📌pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint +[📌semver]: https://semver.org/spec/v2.0.0.html +[📌semver-img]: https://img.shields.io/badge/semver-2.0.0-FFDD67.svg?style=flat +[📌semver-breaking]: https://github.com/semver/semver/issues/716#issuecomment-869336139 +[📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html +[📌changelog]: CHANGELOG.md +[📗keep-changelog]: https://keepachangelog.com/en/1.0.0/ +[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-FFDD67.svg?style=flat +[📌gitmoji]:https://gitmoji.dev +[📌gitmoji-img]:https://img.shields.io/badge/gitmoji-%20😜%20😍-FFDD67.svg?style=flat-square +[🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ +[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.073-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue +[🔐security]: SECURITY.md +[🔐security-img]: https://img.shields.io/badge/security-policy-brightgreen.svg?style=flat +[📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year +[📄license]: LICENSE.txt +[📄license-ref]: https://opensource.org/licenses/MIT +[📄license-img]: https://img.shields.io/badge/License-MIT-green.svg +[📄ilo-declaration]: https://www.ilo.org/declaration/lang--en/index.htm +[📄ilo-declaration-img]: https://img.shields.io/badge/ILO_Fundamental_Principles-✓-brightgreen.svg?style=flat +[🚎yard-current]: http://rubydoc.info/gems/oauth2 +[🚎yard-head]: https://rubydoc.info/github/oauth-xx/oauth2/main +[💎stone_checksums]: https://github.com/pboling/stone_checksums +[💎SHA_checksums]: https://gitlab.com/oauth-xx/oauth2/-/tree/main/checksums +[💎rlts]: https://github.com/rubocop-lts/rubocop-lts +[💎rlts-img]: https://img.shields.io/badge/code_style-rubocop--lts-brightgreen.svg?plastic&logo=ruby&logoColor=white +[🏘fossa]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_shield +[🏘fossa-img]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=shield -## Code of Conduct +
+ + rel="me" Social Proofs + -Everyone interacting in the OAuth2 project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://gitlab.com/oauth-xx/oauth2/-/blob/main/CODE_OF_CONDUCT.md). + + +
From ca24c14c2936233593182b983e05ff39c056c9c6 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 06:01:31 +0700 Subject: [PATCH 269/645] =?UTF-8?q?=F0=9F=91=B7=20GitLab=20CI=20updates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitlab-ci.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b864d3c4..0252268d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,8 +8,8 @@ variables: K_SOUP_COV_DEBUG: true K_SOUP_COV_DO: true K_SOUP_COV_HARD: true - K_SOUP_COV_MIN_BRANCH: 46 - K_SOUP_COV_MIN_LINE: 93 + K_SOUP_COV_MIN_BRANCH: 98 + K_SOUP_COV_MIN_LINE: 100 K_SOUP_COV_VERBOSE: true K_SOUP_COV_FORMATTERS: "html,xml,rcov,lcov,json,tty" K_SOUP_COV_MULTI_FORMATTERS: true @@ -41,7 +41,10 @@ workflow: image: ruby:${RUBY_VERSION} stage: test script: - - gem update --system > /dev/null 2>&1 + # Because we support EOL Ruby still... + - gem install rubygems-update -v 3.5.23 + # Actually updates both RubyGems and Bundler! + - update_rubygems - bundle config --local path vendor - bundle install - bundle exec rake test @@ -55,9 +58,9 @@ workflow: stage: test script: # Because we support EOL Ruby still... - - gem install rubygems-update -v 3.4.22 > /dev/null 2>&1 + - gem install rubygems-update -v 3.4.22 # Actually updates both RubyGems and Bundler! - - update_rubygems > /dev/null 2>&1 + - update_rubygems - bundle config --local path vendor - bundle install - bundle exec rake test From e4e88a1329b1226965fd55262897b5002dd6f2fd Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 06:11:00 +0700 Subject: [PATCH 270/645] =?UTF-8?q?=F0=9F=91=B7=20GitLab=20CI=20DRY=20yaml?= =?UTF-8?q?=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitlab-ci.yml | 37 +++++++++++++++---------------------- 1 file changed, 15 insertions(+), 22 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0252268d..5b05cda9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,7 +9,7 @@ variables: K_SOUP_COV_DO: true K_SOUP_COV_HARD: true K_SOUP_COV_MIN_BRANCH: 98 - K_SOUP_COV_MIN_LINE: 100 + K_SOUP_COV_MIN_LINE: 98 K_SOUP_COV_VERBOSE: true K_SOUP_COV_FORMATTERS: "html,xml,rcov,lcov,json,tty" K_SOUP_COV_MULTI_FORMATTERS: true @@ -37,28 +37,12 @@ workflow: paths: - vendor/ruby -.test_template-eol: &test_definition-eol - image: ruby:${RUBY_VERSION} - stage: test - script: - # Because we support EOL Ruby still... - - gem install rubygems-update -v 3.5.23 - # Actually updates both RubyGems and Bundler! - - update_rubygems - - bundle config --local path vendor - - bundle install - - bundle exec rake test - cache: - key: ${CI_JOB_IMAGE} - paths: - - vendor/ruby - .test_template-legacy: &test_definition-legacy image: ruby:${RUBY_VERSION} stage: test script: # Because we support EOL Ruby still... - - gem install rubygems-update -v 3.4.22 + - gem install rubygems-update -v ${RUBYGEMS_VERSION} # Actually updates both RubyGems and Bundler! - update_rubygems - bundle config --local path vendor @@ -73,16 +57,25 @@ ruby-current: <<: *test_definition-current parallel: matrix: - - RUBY_VERSION: ["3.1", "3.2", "3.3", "3.4"] + - RUBY_VERSION: ["3.2", "3.3", "3.4"] -ruby-eol: - <<: *test_definition-eol +ruby-eol3: + <<: *test_definition-legacy + parallel: + matrix: + - RUBY_VERSION: ["3.1"] + - RUBYGEMS_VERSION: ["3.6.9"] + +ruby-eol2: + <<: *test_definition-legacy parallel: matrix: - RUBY_VERSION: ["3.0"] + - RUBYGEMS_VERSION: ["3.5.23"] -ruby-legacy: +ruby-eol1: <<: *test_definition-legacy parallel: matrix: - RUBY_VERSION: ["2.7"] + - RUBYGEMS_VERSION: ["3.4.22"] From e9dc40da44d5f55fa03bdd65ac4ba2062796f145 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 06:14:03 +0700 Subject: [PATCH 271/645] =?UTF-8?q?=F0=9F=91=B7=20GitLab=20CI=20DRY=20yaml?= =?UTF-8?q?=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitlab-ci.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5b05cda9..44c4e601 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -62,20 +62,23 @@ ruby-current: ruby-eol3: <<: *test_definition-legacy parallel: + variables: + RUBYGEMS_VERSION: ["3.6.9"] matrix: - RUBY_VERSION: ["3.1"] - - RUBYGEMS_VERSION: ["3.6.9"] ruby-eol2: <<: *test_definition-legacy parallel: + variables: + RUBYGEMS_VERSION: ["3.5.23"] matrix: - RUBY_VERSION: ["3.0"] - - RUBYGEMS_VERSION: ["3.5.23"] ruby-eol1: <<: *test_definition-legacy parallel: + variables: + RUBYGEMS_VERSION: ["3.4.22"] matrix: - RUBY_VERSION: ["2.7"] - - RUBYGEMS_VERSION: ["3.4.22"] From 9c4fd98ef130a5b92ba784bf004a930fc766a872 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 06:16:27 +0700 Subject: [PATCH 272/645] =?UTF-8?q?=F0=9F=91=B7=20GitLab=20CI=20DRY=20yaml?= =?UTF-8?q?=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitlab-ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 44c4e601..814ac9f6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -60,25 +60,25 @@ ruby-current: - RUBY_VERSION: ["3.2", "3.3", "3.4"] ruby-eol3: + variables: + RUBYGEMS_VERSION: "3.6.9" <<: *test_definition-legacy parallel: - variables: - RUBYGEMS_VERSION: ["3.6.9"] matrix: - RUBY_VERSION: ["3.1"] ruby-eol2: + variables: + RUBYGEMS_VERSION: "3.5.23" <<: *test_definition-legacy parallel: - variables: - RUBYGEMS_VERSION: ["3.5.23"] matrix: - RUBY_VERSION: ["3.0"] ruby-eol1: + variables: + RUBYGEMS_VERSION: "3.4.22" <<: *test_definition-legacy parallel: - variables: - RUBYGEMS_VERSION: ["3.4.22"] matrix: - RUBY_VERSION: ["2.7"] From 155d83aa3fa318e45a0de87e0460e08784f00b28 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 06:19:23 +0700 Subject: [PATCH 273/645] =?UTF-8?q?=E2=9E=96=20github-markup,=20redcarpet?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitlab-ci.yml | 6 +++--- gemfiles/modular/documentation.gemfile | 2 -- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 814ac9f6..e74b4fdd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -59,7 +59,7 @@ ruby-current: matrix: - RUBY_VERSION: ["3.2", "3.3", "3.4"] -ruby-eol3: +ruby-ruby3_1: variables: RUBYGEMS_VERSION: "3.6.9" <<: *test_definition-legacy @@ -67,7 +67,7 @@ ruby-eol3: matrix: - RUBY_VERSION: ["3.1"] -ruby-eol2: +ruby-ruby3_0: variables: RUBYGEMS_VERSION: "3.5.23" <<: *test_definition-legacy @@ -75,7 +75,7 @@ ruby-eol2: matrix: - RUBY_VERSION: ["3.0"] -ruby-eol1: +ruby-ruby2_7: variables: RUBYGEMS_VERSION: "3.4.22" <<: *test_definition-legacy diff --git a/gemfiles/modular/documentation.gemfile b/gemfiles/modular/documentation.gemfile index fdfa2fba..5cccab2e 100644 --- a/gemfiles/modular/documentation.gemfile +++ b/gemfiles/modular/documentation.gemfile @@ -1,8 +1,6 @@ # frozen_string_literal: true # Documentation -gem "github-markup", "~> 5.0", ">= 5.0.1" -gem "redcarpet", "~> 3.6" gem "yard", "~> 0.9", ">= 0.9.37", require: false gem "yard-junk", "~> 0.0", ">= 0.0.10", github: "pboling/yard-junk", branch: "next" From e6bf1028d243184dd56fd334cac0ce1c2f79cc1e Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 06:25:18 +0700 Subject: [PATCH 274/645] =?UTF-8?q?=F0=9F=91=B7=20More=20GitLab=20CI=20upd?= =?UTF-8?q?ates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitlab-ci.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e74b4fdd..de040959 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,7 +4,6 @@ default: variables: BUNDLE_INSTALL_FLAGS: "--quiet --jobs=$(nproc) --retry=3" BUNDLE_FROZEN: "false" # No lockfile! - BUNDLE_GEMFILE: gemfiles/omnibus.gemfile K_SOUP_COV_DEBUG: true K_SOUP_COV_DO: true K_SOUP_COV_HARD: true @@ -31,7 +30,7 @@ workflow: - gem update --system > /dev/null 2>&1 - bundle config --local path vendor - bundle install - - bundle exec rake test + - bundle exec rake cache: key: ${CI_JOB_IMAGE} paths: @@ -54,6 +53,9 @@ workflow: - vendor/ruby ruby-current: + variables: + BUNDLE_GEMFILE: gemfiles/omnibus.gemfile + K_SOUP_COV_DO: true <<: *test_definition-current parallel: matrix: @@ -62,6 +64,8 @@ ruby-current: ruby-ruby3_1: variables: RUBYGEMS_VERSION: "3.6.9" + BUNDLE_GEMFILE: gemfiles/vanilla.gemfile + K_SOUP_COV_DO: false <<: *test_definition-legacy parallel: matrix: @@ -70,6 +74,8 @@ ruby-ruby3_1: ruby-ruby3_0: variables: RUBYGEMS_VERSION: "3.5.23" + BUNDLE_GEMFILE: gemfiles/vanilla.gemfile + K_SOUP_COV_DO: false <<: *test_definition-legacy parallel: matrix: @@ -78,6 +84,8 @@ ruby-ruby3_0: ruby-ruby2_7: variables: RUBYGEMS_VERSION: "3.4.22" + BUNDLE_GEMFILE: gemfiles/vanilla.gemfile + K_SOUP_COV_DO: false <<: *test_definition-legacy parallel: matrix: From 79b9fb11c85ea10be5da6c2e4a27298b24dde07e Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 06:26:05 +0700 Subject: [PATCH 275/645] =?UTF-8?q?=F0=9F=91=B7=20More=20GitLab=20CI=20upd?= =?UTF-8?q?ates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gemfiles/vanilla.gemfile | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 gemfiles/vanilla.gemfile diff --git a/gemfiles/vanilla.gemfile b/gemfiles/vanilla.gemfile new file mode 100644 index 00000000..78c20166 --- /dev/null +++ b/gemfiles/vanilla.gemfile @@ -0,0 +1,11 @@ +# This gemfile is used for GitLab CI, current ruby pipeline. +# This gemfile includes all dependencies necessary to run the naked `rake default` set of tasks + +source "https://rubygems.org/" + +# Root Gemfile is only for local development. +# On CI, we only need the gemspec dependencies (including development dependencies). +# Exceptions, if any, will be found in gemfiles/*.gemfile + +# The vanilla gemfile is intended to what we can with *only* gemspec dependencies. +gemspec path: "../" From 26eb30ddf2433382c3ce0765404fa4434e354fb1 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 06:36:42 +0700 Subject: [PATCH 276/645] =?UTF-8?q?=F0=9F=91=B7=20More=20GitLab=20CI=20upd?= =?UTF-8?q?ates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .envrc | 2 +- .rubocop.yml | 16 +--- .rubocop_gradual.lock | 139 ++++++++++++------------------ Gemfile.lock | 4 - README.md | 7 +- oauth2.gemspec | 67 +++++++------- spec/config/debug.rb | 2 +- spec/oauth2/access_token_spec.rb | 8 +- spec/oauth2/authenticator_spec.rb | 19 ++-- spec/oauth2/error_spec.rb | 34 ++++---- 10 files changed, 133 insertions(+), 165 deletions(-) diff --git a/.envrc b/.envrc index 83123050..db2e5864 100644 --- a/.envrc +++ b/.envrc @@ -19,7 +19,7 @@ export K_SOUP_COV_DO=true # Means you want code coverage # Available formats are html, xml, rcov, lcov, json, tty export K_SOUP_COV_COMMAND_NAME="RSpec Coverage" export K_SOUP_COV_FORMATTERS="html,tty" -export K_SOUP_COV_MIN_BRANCH=100 # Means you want to enforce X% branch coverage +export K_SOUP_COV_MIN_BRANCH=99 # Means you want to enforce X% branch coverage export K_SOUP_COV_MIN_LINE=100 # Means you want to enforce X% line coverage export K_SOUP_COV_MIN_HARD=true # Means you want the build to fail if the coverage thresholds are not met export K_SOUP_COV_MULTI_FORMATTERS=true diff --git a/.rubocop.yml b/.rubocop.yml index e28d34dd..32a249f3 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,9 +1,9 @@ -inherit_from: - - .rubocop_rspec.yml - inherit_gem: rubocop-lts: rubocop-lts.yml +inherit_from: + - .rubocop_rspec.yml + AllCops: DisplayCopNames: true # Display the name of the failing cops Exclude: @@ -12,15 +12,7 @@ AllCops: - '**/.irbrc' Metrics/BlockLength: - ExcludedMethods: - - context - - describe - - it - - shared_context - - shared_examples - - shared_examples_for - - namespace - - draw + Enabled: false Gemspec/RequiredRubyVersion: Enabled: false diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index de198d17..469a85d4 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -1,4 +1,7 @@ { + "README.md:620392337": [ + [305, 3, 1, "Layout/ClosingParenthesisIndentation: Indent `)` to column 0 (not 2)", 177548] + ], "bin/bundle:3976421676": [ [66, 5, 20, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2485198147], [78, 5, 74, "Style/InvertibleUnlessCondition: Prefer `if Gem.rubygems_version >= Gem::Version.new(\"2.7.0\")` over `unless Gem.rubygems_version < Gem::Version.new(\"2.7.0\")`.", 2453573257] @@ -18,52 +21,22 @@ "lib/oauth2/response.rb:877496664": [ [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] ], - "oauth2.gemspec:823817436": [ - [32, 31, 2, "Lint/Syntax: unexpected token tLSHFT\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 5859461], - [35, 64, 4, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2087698944], - [35, 78, 9, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2902117850], - [35, 94, 3, "Lint/Syntax: unexpected token kAND\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193409806], - [41, 7, 3, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193410195], - [41, 25, 2, "Lint/Syntax: no . floating literal anymore; put 0 before dot\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 5859035], - [41, 27, 3, "Lint/Syntax: no . floating literal anymore; put 0 before dot\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193348138], - [41, 38, 9, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2779422747], - [41, 116, 2, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 5861058], - [42, 5, 4, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2087699184], - [43, 6, 2, "Lint/Syntax: unexpected token tSYMBOL\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 5859664], - [46, 11, 5, "Lint/Syntax: unexpected token tCONSTANT\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 208130522], - [46, 29, 1, "Lint/Syntax: unexpected token tLPAREN2\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 177549], - [47, 11, 6, "Lint/Syntax: unknown regexp options: grp\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 1394395017], - [48, 19, 7, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 1917612522], - [48, 35, 1, "Lint/Syntax: unexpected token tINTEGER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 177559], - [48, 55, 2, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 5861086], - [48, 78, 4, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2087696263], - [49, 34, 3, "Lint/Syntax: unexpected token tFLOAT\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193360715], - [49, 137, 4, "Lint/Syntax: unexpected token kTHEN\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2087960114], - [50, 65, 4, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2087760165], - [50, 76, 9, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 3934292795], - [51, 1, 1, "Lint/Syntax: unexpected token tINTEGER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 177553], - [53, 29, 8, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2398562734], - [54, 3, 6, "Lint/Syntax: unexpected token tLABEL\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 1598486836], - [54, 11, 9, "Lint/Syntax: unknown regexp options: lbrapay\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 1036172892], - [55, 11, 2, "Lint/Syntax: unknown regexp options: k\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 5861345], - [56, 11, 3, "Lint/Syntax: unknown regexp options: www\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193428850], - [57, 11, 6, "Lint/Syntax: unknown regexp options: gthb\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 1391167104], - [59, 34, 8, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2398562734], - [59, 68, 3, "Lint/Syntax: unexpected token kAND\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193409806], - [59, 105, 1, "Lint/Syntax: unexpected token tIDENTIFIER\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 177604], - [60, 11, 8, "Lint/Syntax: unknown regexp options: tdlft\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 911676110], - [61, 34, 4, "Lint/Syntax: unexpected token tFID\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 2088000451], - [63, 23, 3, "Lint/Syntax: unexpected token kAND\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193409806], - [65, 9, 1, "Lint/Syntax: unexpected token tPIPE\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 177625], - [65, 18, 1, "Lint/Syntax: unexpected token tPIPE\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 177625], - [125, 1, 3, "Lint/Syntax: unexpected token kEND\n(Using Ruby 2.2 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 193405706] + "oauth2.gemspec:1672982387": [ + [5, 6, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028], + [117, 3, 54, "Gemspec/DependencyVersion: Dependency version specification is required.", 3677216839], + [118, 3, 47, "Gemspec/DependencyVersion: Dependency version specification is required.", 2440116108], + [120, 3, 46, "Gemspec/DependencyVersion: Dependency version specification is required.", 1075698341], + [130, 3, 58, "Gemspec/DependencyVersion: Dependency version specification is required.", 2795510341], + [131, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 804182931], + [132, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 3163430777], + [134, 3, 48, "Gemspec/DependencyVersion: Dependency version specification is required.", 425065368] ], "spec/examples/google_spec.rb:1491180421": [ [9, 3, 5115, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1014001606], [97, 5, 1016, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3156315524], [121, 5, 783, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 1916865261] ], - "spec/oauth2/access_token_spec.rb:656128421": [ + "spec/oauth2/access_token_spec.rb:1576666213": [ [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547], [25, 3, 1935, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1152039306], [42, 5, 915, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1914441490], @@ -72,13 +45,13 @@ [145, 7, 371, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 81675473], [156, 7, 269, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2703574041], [166, 7, 343, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 571450510], - [177, 7, 1669, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2358061917], + [177, 7, 1671, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2358061917], [185, 9, 218, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2937949503], - [193, 9, 1211, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3948450440], + [193, 9, 1213, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3948450440], [201, 11, 416, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3896472588], [206, 13, 238, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 669428729], - [215, 11, 249, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 962614116], - [223, 11, 248, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1923581233], + [215, 11, 250, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 962614116], + [223, 11, 249, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1923581233], [471, 5, 968, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 908014549], [500, 5, 1224, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [9/5]", 2179768666], [590, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088], @@ -92,14 +65,14 @@ [734, 5, 263, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 4224752268], [753, 3, 385, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 293530329] ], - "spec/oauth2/authenticator_spec.rb:3057923804": [ + "spec/oauth2/authenticator_spec.rb:853320290": [ [3, 1, 36, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/authenticator*_spec.rb`.", 819808017], [51, 15, 20, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 482779785], [60, 15, 33, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 297534737], [69, 15, 38, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1480816240], [79, 13, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2314399065] ], - "spec/oauth2/client_spec.rb:3227433278": [ + "spec/oauth2/client_spec.rb:4220405778": [ [6, 1, 29, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/client*_spec.rb`.", 439549885], [174, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224], [193, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205], @@ -109,38 +82,38 @@ [251, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3376202107], [472, 7, 241, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1113144453], [479, 7, 233, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2616254065], - [588, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], - [597, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], - [608, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], - [629, 5, 1711, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 821658737], - [641, 7, 564, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3188010848], - [648, 9, 314, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 2323166106], - [653, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], - [658, 7, 745, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2242274228], - [661, 9, 379, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3157074309], - [671, 9, 266, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 165934392], - [682, 5, 2992, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3212702825], - [698, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [702, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [710, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], - [714, 7, 812, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3531056573], - [722, 9, 505, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2126944993], - [738, 7, 571, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2450549440], - [741, 9, 209, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 1769133328], - [749, 9, 262, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 165934392], - [759, 7, 275, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 4192619324], - [767, 7, 377, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1634937780], - [782, 5, 1920, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3715188517], - [798, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [802, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [810, 7, 298, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2420524519], - [819, 7, 474, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2129407861], - [831, 7, 357, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1696484657], - [882, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325], - [907, 5, 459, "RSpec/NoExpectationExample: No expectation found in this example.", 2216851076], - [917, 7, 450, "RSpec/NoExpectationExample: No expectation found in this example.", 2619808549] - ], - "spec/oauth2/error_spec.rb:1869444751": [ + [585, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], + [594, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], + [605, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], + [626, 5, 1711, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 821658737], + [638, 7, 564, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3188010848], + [645, 9, 314, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 2323166106], + [650, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], + [655, 7, 745, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2242274228], + [658, 9, 379, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3157074309], + [668, 9, 266, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 165934392], + [679, 5, 2992, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3212702825], + [695, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [699, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [707, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], + [711, 7, 812, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3531056573], + [719, 9, 505, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2126944993], + [735, 7, 571, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2450549440], + [738, 9, 209, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 1769133328], + [746, 9, 262, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 165934392], + [756, 7, 275, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 4192619324], + [764, 7, 377, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1634937780], + [779, 5, 1920, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3715188517], + [795, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [799, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [807, 7, 298, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2420524519], + [816, 7, 474, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2129407861], + [828, 7, 357, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1696484657], + [879, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325], + [904, 5, 459, "RSpec/NoExpectationExample: No expectation found in this example.", 2216851076], + [914, 7, 450, "RSpec/NoExpectationExample: No expectation found in this example.", 2619808549] + ], + "spec/oauth2/error_spec.rb:1209122273": [ [23, 1, 28, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/error*_spec.rb`.", 3385870076], [93, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], [109, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233], @@ -154,17 +127,17 @@ [3, 1, 31, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/response*_spec.rb`.", 3190869319], [317, 33, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785] ], - "spec/oauth2/strategy/assertion_spec.rb:2689603075": [ + "spec/oauth2/strategy/assertion_spec.rb:1649395638": [ [6, 1, 42, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/assertion*_spec.rb`.", 3665690869], - [39, 3, 8004, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3790653154], - [59, 5, 3375, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 1213098407], + [39, 3, 8028, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3790653154], + [59, 5, 3399, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 1213098407], [68, 7, 475, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 3673049530], [83, 7, 511, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 1482428850], [94, 9, 174, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 509043384], [101, 7, 626, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 1073364157], [112, 9, 276, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [12/5]", 3402508104], - [121, 7, 1439, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 4214782678], - [124, 9, 407, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 2866741766], + [121, 7, 1463, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 631415582], + [124, 9, 431, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 1333000403], [134, 9, 268, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 4208916299], [142, 9, 312, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 4006695562], [152, 9, 300, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 504386954], diff --git a/Gemfile.lock b/Gemfile.lock index 8a781169..6ca4debd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -81,7 +81,6 @@ GEM gem_bench (2.0.5) bundler (>= 1.14) version_gem (~> 1.1, >= 1.1.4) - github-markup (5.0.1) hashie (5.0.0) io-console (0.8.0) irb (1.15.2) @@ -127,7 +126,6 @@ GEM rake (13.2.1) rdoc (6.13.1) psych (>= 4.0.0) - redcarpet (3.6.1) reek (6.5.0) dry-schema (~> 1.13) logger (~> 1.6) @@ -276,13 +274,11 @@ DEPENDENCIES bundler-audit (~> 0.9.2) debug (>= 1.0.0) gem_bench (~> 2.0, >= 2.0.5) - github-markup (~> 5.0, >= 5.0.1) kettle-soup-cover (~> 1.0, >= 1.0.6) nkf (~> 0.2) oauth2! rake (>= 12) rdoc (~> 6.11) - redcarpet (~> 3.6) reek (~> 6.4) rexml (>= 3) rspec (>= 3) diff --git a/README.md b/README.md index 0f3afb24..831cd55f 100644 --- a/README.md +++ b/README.md @@ -297,11 +297,12 @@ You can specify custom URLs for authorization and access token, and when using a ```ruby client = OAuth2::Client.new( -"client_id", -"client_secret", + "client_id", + "client_secret", site: "https://example.org/nested/directory/on/your/server", authorize_url: "/jaunty/authorize/", - token_url: "/stirrups/access_token") + token_url: "/stirrups/access_token", + ) # => # "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code" diff --git a/oauth2.gemspec b/oauth2.gemspec index 67b8006f..9c77ef34 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -13,7 +13,6 @@ gem_version = OAuth2::Version::VERSION end - Gem::Specification.new do |spec| # Linux distros may package ruby gems differently, # and securely certify them independently via alternate package management systems. @@ -31,14 +30,14 @@ Gem::Specification.new do |spec| end end - spec.authors = ['Peter Boling', 'Erik Michaels-Ober', 'Michael Bleigh'] - spec.summary = 'OAuth 2.0 Core Ruby implementation' - spec.description = 'A Ruby wrapper for the OAuth 2.0 protocol built with a similar style to the original OAuth spec.' - spec.email = ['peter.boling@gmail.com', 'oauth-ruby@googlegroups.com'] - spec.homepage = 'https://gitlab.com/oauth-xx/oauth2' - spec.licenses = 'MIT' - spec.name = 'oauth2' - spec.required_ruby_version = '>= 2.2.0' + spec.authors = ["Peter Boling", "Erik Michaels-Ober", "Michael Bleigh"] + spec.summary = "OAuth 2.0 Core Ruby implementation" + spec.description = "A Ruby wrapper for the OAuth 2.0 protocol built with a similar style to the original OAuth spec." + spec.email = ["peter.boling@gmail.com", "oauth-ruby@googlegroups.com"] + spec.homepage = "https://gitlab.com/oauth-xx/oauth2" + spec.licenses = "MIT" + spec.name = "oauth2" + spec.required_ruby_version = ">= 2.2.0" spec.version = gem_version spec.post_install_message = %{ You have installed oauth2 version #{gem_version}, congratulations! @@ -76,16 +75,16 @@ Please report issues, and star the project! Thanks, |7eter l-|. l3oling } - spec.metadata['homepage_uri'] = spec.homepage - spec.metadata['source_code_uri'] = "#{spec.homepage}/-/tree/v#{spec.version}" - spec.metadata['changelog_uri'] = "#{spec.homepage}/-/blob/v#{spec.version}/CHANGELOG.md" - spec.metadata['bug_tracker_uri'] = "#{spec.homepage}/-/issues" - spec.metadata['documentation_uri'] = "https://www.rubydoc.info/gems/#{spec.name}/#{spec.version}" - spec.metadata['wiki_uri'] = "#{spec.homepage}/-/wiki" - spec.metadata['mailing_list_uri'] = 'https://groups.google.com/g/oauth-ruby' + spec.metadata["homepage_uri"] = spec.homepage + spec.metadata["source_code_uri"] = "#{spec.homepage}/-/tree/v#{spec.version}" + spec.metadata["changelog_uri"] = "#{spec.homepage}/-/blob/v#{spec.version}/CHANGELOG.md" + spec.metadata["bug_tracker_uri"] = "#{spec.homepage}/-/issues" + spec.metadata["documentation_uri"] = "https://www.rubydoc.info/gems/#{spec.name}/#{spec.version}" + spec.metadata["wiki_uri"] = "#{spec.homepage}/-/wiki" + spec.metadata["mailing_list_uri"] = "https://groups.google.com/g/oauth-ruby" spec.metadata["news_uri"] = "https://www.railsbling.com/tags/#{spec.name}" - spec.metadata['funding_uri'] = 'https://liberapay.com/pboling' - spec.metadata['rubygems_mfa_required'] = 'true' + spec.metadata["funding_uri"] = "https://liberapay.com/pboling" + spec.metadata["rubygems_mfa_required"] = "true" # Specify which files should be added to the gem when it is released. spec.files = Dir[ @@ -115,22 +114,22 @@ Thanks, |7eter l-|. l3oling spec.bindir = "exe" spec.executables = [] - spec.add_dependency 'faraday', ['>= 0.17.3', '< 3.0'] - spec.add_dependency 'jwt', ['>= 1.0', '< 3.0'] - spec.add_dependency 'multi_xml', '~> 0.5' - spec.add_dependency 'rack', ['>= 1.2', '< 4'] - spec.add_dependency 'snaky_hash', '~> 2.0' + spec.add_dependency("faraday", [">= 0.17.3", "< 3.0"]) + spec.add_dependency("jwt", [">= 1.0", "< 3.0"]) + spec.add_dependency("multi_xml", "~> 0.5") + spec.add_dependency("rack", [">= 1.2", "< 4"]) + spec.add_dependency("snaky_hash", "~> 2.0") spec.add_dependency("version_gem", ">= 1.1.8", "< 3") # Ruby >= 2.2.0 - spec.add_development_dependency 'addressable', '>= 2' - spec.add_development_dependency 'backports', '>= 3' - spec.add_development_dependency 'nkf', '~> 0.2' - spec.add_development_dependency 'rake', '>= 12' - spec.add_development_dependency 'rexml', '>= 3' - spec.add_development_dependency 'rspec', '>= 3' - spec.add_development_dependency 'rspec-block_is_expected' - spec.add_development_dependency 'rspec-pending_for' - spec.add_development_dependency 'rspec-stubbed_env' - spec.add_development_dependency 'rubocop-lts', '~> 8.0' - spec.add_development_dependency 'silent_stream' + spec.add_development_dependency("addressable", ">= 2") + spec.add_development_dependency("backports", ">= 3") + spec.add_development_dependency("nkf", "~> 0.2") + spec.add_development_dependency("rake", ">= 12") + spec.add_development_dependency("rexml", ">= 3") + spec.add_development_dependency("rspec", ">= 3") + spec.add_development_dependency("rspec-block_is_expected") + spec.add_development_dependency("rspec-pending_for") + spec.add_development_dependency("rspec-stubbed_env") + spec.add_development_dependency("rubocop-lts", "~> 8.0") + spec.add_development_dependency("silent_stream") end diff --git a/spec/config/debug.rb b/spec/config/debug.rb index 82591a95..140b10e3 100644 --- a/spec/config/debug.rb +++ b/spec/config/debug.rb @@ -2,4 +2,4 @@ puts "LOADING DEBUGGER: #{load_debugger}" if load_debugger -require "debug" if load_debugger \ No newline at end of file +require "debug" if load_debugger diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index ba662a09..8c1ef0a5 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -216,7 +216,7 @@ def assert_initialized_token(target) let(:token) { "" } it "raises on initialize" do - block_is_expected.to raise_error(OAuth2::Error, {:mode=>:this_is_bad, :raise_errors=>true}.to_s) + block_is_expected.to raise_error(OAuth2::Error, {mode: :this_is_bad, raise_errors: true}.to_s) end end @@ -224,7 +224,7 @@ def assert_initialized_token(target) let(:token) { nil } it "raises on initialize" do - block_is_expected.to raise_error(OAuth2::Error, {:mode=>:this_is_bad, :raise_errors=>true}.to_s) + block_is_expected.to raise_error(OAuth2::Error, {mode: :this_is_bad, raise_errors: true}.to_s) end end end @@ -412,7 +412,7 @@ def assert_initialized_token(target) context "when there is no refresh_token" do it "raises on initialize" do - block_is_expected.to raise_error(OAuth2::Error, {:raise_errors=>true}.to_s) + block_is_expected.to raise_error(OAuth2::Error, {raise_errors: true}.to_s) end end @@ -438,7 +438,7 @@ def assert_initialized_token(target) context "when there is no refresh_token" do it "raises on initialize" do - block_is_expected.to raise_error(OAuth2::Error, {:raise_errors=>true}.to_s) + block_is_expected.to raise_error(OAuth2::Error, {raise_errors: true}.to_s) end end diff --git a/spec/oauth2/authenticator_spec.rb b/spec/oauth2/authenticator_spec.rb index da40428c..f7396c5e 100644 --- a/spec/oauth2/authenticator_spec.rb +++ b/spec/oauth2/authenticator_spec.rb @@ -128,6 +128,7 @@ it "filters secret by default" do expect(described_class.filtered_attribute_names).to include(:secret) end + it "filters out the @secret value" do expect(subject.inspect).to include("@secret=[FILTERED]") end @@ -137,15 +138,18 @@ @original_filter = described_class.filtered_attribute_names described_class.filtered_attributes :vanilla end + + after do + described_class.filtered_attributes(*@original_filter) + end + it "changes the filter" do expect(described_class.filtered_attribute_names).to eq([:vanilla]) end + it "does not filter out the @secret value" do expect(subject.inspect).to include("@secret=\"bar\"") end - after do - described_class.filtered_attributes(*@original_filter) - end end context "when filter is empty" do @@ -153,15 +157,18 @@ @original_filter = described_class.filtered_attribute_names described_class.filtered_attributes end + + after do + described_class.filtered_attributes(*@original_filter) + end + it "changes the filter" do expect(described_class.filtered_attribute_names).to eq([]) end + it "does not filter out the @secret value" do expect(subject.inspect).to include("@secret=\"bar\"") end - after do - described_class.filtered_attributes(*@original_filter) - end end end end diff --git a/spec/oauth2/error_spec.rb b/spec/oauth2/error_spec.rb index f006b163..893dce35 100644 --- a/spec/oauth2/error_spec.rb +++ b/spec/oauth2/error_spec.rb @@ -176,7 +176,7 @@ def to_str end it "just returns the thing if it can" do - expect(subject.message).to eq({:hello=>:world}.to_s) + expect(subject.message).to eq({hello: :world}.to_s) end end end @@ -451,7 +451,7 @@ def to_str expect(subject.message.each_line.to_a).to eq( [ "i_am_a_teapot: Short and stout\n", - {:text=>"Coffee brewing failed", "error_description"=>"Short and stout", "error"=>"i_am_a_teapot"}.to_s, + {:text => "Coffee brewing failed", "error_description" => "Short and stout", "error" => "i_am_a_teapot"}.to_s, ], ) end @@ -466,11 +466,11 @@ def to_str it "just returns whatever it can" do expect(subject.message.each_line.to_a).to eq( - [ - "i_am_a_teapot: Short and stout\n", - {:hello=>:world, "error_description"=>"Short and stout", "error"=>"i_am_a_teapot"}.to_s - ] - ) + [ + "i_am_a_teapot: Short and stout\n", + {:hello => :world, "error_description" => "Short and stout", "error" => "i_am_a_teapot"}.to_s, + ], + ) end end end @@ -484,7 +484,7 @@ def to_str end it "just returns the thing if it can" do - expect(subject.message).to eq({:hello=>:world}.to_s) + expect(subject.message).to eq({hello: :world}.to_s) end end @@ -496,7 +496,7 @@ def to_str it "does not prepend anything to the message" do expect(subject.message.lines.count).to eq(1) - expect(subject.message).to eq({:text=>"Coffee brewing failed"}.to_s) + expect(subject.message).to eq({text: "Coffee brewing failed"}.to_s) end it "does not set code" do @@ -519,7 +519,7 @@ def to_str expect(subject.message.each_line.to_a).to eq( [ "i_am_a_teapot: Short and stout\n", - {:text=>"Coffee brewing failed", "error_description"=>"Short and stout", "error"=>"i_am_a_teapot", "status"=>"418"}.to_s, + {:text => "Coffee brewing failed", "error_description" => "Short and stout", "error" => "i_am_a_teapot", "status" => "418"}.to_s, ], ) end @@ -552,7 +552,7 @@ def to_str expect(subject.message.each_line.to_a).to eq( [ "i_am_a_teapot: \n", - {:text=>"Coffee brewing failed", "error"=>"i_am_a_teapot", "status"=>"418"}.to_s, + {:text => "Coffee brewing failed", "error" => "i_am_a_teapot", "status" => "418"}.to_s, ], ) end @@ -568,7 +568,7 @@ def to_str expect(subject.message.each_line.to_a).to eq( [ "Short and stout\n", - {:text=>"Coffee brewing failed", "error_description"=>"Short and stout"}.to_s, + {:text => "Coffee brewing failed", "error_description" => "Short and stout"}.to_s, ], ) end @@ -584,11 +584,11 @@ def to_str it "does not try to encode the message string" do expect(subject.message.each_line.to_a).to eq( - [ - "Short and stout\n", - {:text=>"Coffee brewing failed", "error_description"=>"Short and stout"}.to_s - ] - ) + [ + "Short and stout\n", + {:text => "Coffee brewing failed", "error_description" => "Short and stout"}.to_s, + ], + ) end end From 066ac26ab01714ec8fe31d934815216152d41d9c Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 07:36:37 +0700 Subject: [PATCH 277/645] =?UTF-8?q?=F0=9F=91=B7=20Setup=20appraisals?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/ancient.yml | 78 ++++++++++ .github/workflows/coverage.yml | 118 ++++++++------- .github/workflows/current.yml | 86 +++++++++++ .github/workflows/danger.yml | 4 +- .github/workflows/dependency-review.yml | 20 +++ .github/workflows/heads.yml | 86 ++++++----- .github/workflows/jruby-head.yml | 68 --------- .github/workflows/jruby.yml | 92 ++++++++++++ .github/workflows/legacy.yml | 68 +++++++++ .github/workflows/macos-ancient.yml | 60 +++++--- .github/workflows/macos.yml | 80 +++++++---- .github/workflows/style.yml | 57 +++++--- .github/workflows/supported.yml | 84 ++++++----- .github/workflows/truffle.yml | 84 +++++++++++ .github/workflows/unsupported.yml | 80 ++++++----- .github/workflows/windows-jruby.yml | 55 ------- .github/workflows/windows.yml | 80 +++++++---- Appraisal.root.gemfile | 14 ++ Appraisal.root.gemfile.lock | 183 ++++++++++++++++++++++++ Appraisals | 125 ++++++++++++++++ Gemfile | 2 + Gemfile.lock | 13 +- gemfiles/README.md | 3 +- gemfiles/audit.gemfile | 12 ++ gemfiles/coverage.gemfile | 12 ++ gemfiles/current.gemfile | 10 ++ gemfiles/f1.gemfile | 9 -- gemfiles/f2.gemfile | 9 -- gemfiles/head.gemfile | 10 ++ gemfiles/jruby_9.1.gemfile | 5 - gemfiles/jruby_9.2.gemfile | 5 - gemfiles/jruby_head.gemfile | 5 - gemfiles/{ => modular}/f0.gemfile | 9 +- gemfiles/modular/f1.gemfile | 4 + gemfiles/modular/f2.gemfile | 4 + gemfiles/omnibus.gemfile | 21 ++- gemfiles/ruby_2_2.gemfile | 7 + gemfiles/ruby_2_3.gemfile | 7 + gemfiles/ruby_2_4.gemfile | 7 + gemfiles/ruby_2_5.gemfile | 7 + gemfiles/ruby_2_6.gemfile | 10 ++ gemfiles/ruby_2_7.gemfile | 10 ++ gemfiles/ruby_3_0.gemfile | 10 ++ gemfiles/ruby_3_1.gemfile | 10 ++ gemfiles/ruby_3_2.gemfile | 10 ++ gemfiles/ruby_3_3.gemfile | 10 ++ gemfiles/ruby_head.gemfile | 5 - gemfiles/style.gemfile | 12 ++ gemfiles/truffleruby.gemfile | 5 - gemfiles/vanilla.gemfile | 8 +- 50 files changed, 1325 insertions(+), 448 deletions(-) create mode 100644 .github/workflows/ancient.yml create mode 100644 .github/workflows/current.yml create mode 100644 .github/workflows/dependency-review.yml delete mode 100644 .github/workflows/jruby-head.yml create mode 100644 .github/workflows/jruby.yml create mode 100644 .github/workflows/legacy.yml create mode 100644 .github/workflows/truffle.yml delete mode 100644 .github/workflows/windows-jruby.yml create mode 100644 Appraisal.root.gemfile create mode 100644 Appraisal.root.gemfile.lock create mode 100644 Appraisals create mode 100644 gemfiles/audit.gemfile create mode 100644 gemfiles/coverage.gemfile create mode 100644 gemfiles/current.gemfile delete mode 100644 gemfiles/f1.gemfile delete mode 100644 gemfiles/f2.gemfile create mode 100644 gemfiles/head.gemfile delete mode 100644 gemfiles/jruby_9.1.gemfile delete mode 100644 gemfiles/jruby_9.2.gemfile delete mode 100644 gemfiles/jruby_head.gemfile rename gemfiles/{ => modular}/f0.gemfile (60%) create mode 100644 gemfiles/modular/f1.gemfile create mode 100644 gemfiles/modular/f2.gemfile create mode 100644 gemfiles/ruby_2_2.gemfile create mode 100644 gemfiles/ruby_2_3.gemfile create mode 100644 gemfiles/ruby_2_4.gemfile create mode 100644 gemfiles/ruby_2_5.gemfile create mode 100644 gemfiles/ruby_2_6.gemfile create mode 100644 gemfiles/ruby_2_7.gemfile create mode 100644 gemfiles/ruby_3_0.gemfile create mode 100644 gemfiles/ruby_3_1.gemfile create mode 100644 gemfiles/ruby_3_2.gemfile create mode 100644 gemfiles/ruby_3_3.gemfile delete mode 100644 gemfiles/ruby_head.gemfile create mode 100644 gemfiles/style.gemfile delete mode 100644 gemfiles/truffleruby.gemfile diff --git a/.github/workflows/ancient.yml b/.github/workflows/ancient.yml new file mode 100644 index 00000000..6fd1cd71 --- /dev/null +++ b/.github/workflows/ancient.yml @@ -0,0 +1,78 @@ +name: MRI 2.3, 2.4, 2.5 (EOL) + +on: + push: + branches: + - 'main' + - '*-stable' + tags: + - '!*' # Do not execute on tags + pull_request: + branches: + - '*' + # Allow manually triggering the workflow. + workflow_dispatch: + +# Cancels all previous workflow runs for the same branch that have not yet completed. +concurrency: + # The concurrency group contains the workflow name and the branch name. + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + test: + name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }} + if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + runs-on: ubuntu-22.04 + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile + strategy: + fail-fast: false + matrix: + include: + # Ruby 2.3 + - ruby: "ruby-2.3" + appraisal: "ruby-2-3" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: "3.3.27" + bundler: "2.3.27" + + # Ruby 2.4 + - ruby: "ruby-2.4" + appraisal: "ruby-2-4" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: "3.3.27" + bundler: "2.3.27" + + # Ruby 2.5 + - ruby: "ruby-2.5" + appraisal: "ruby-2-5" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: "3.3.27" + bundler: "2.3.27" + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Ruby & RubyGems + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + rubygems: ${{ matrix.rubygems }} + bundler: ${{ matrix.bundler }} + bundler-cache: false + + # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) + # We need to do this first to get appraisal installed. + # NOTE: This does not use the primary Gemfile at all. + - name: Install Root Appraisal + run: bundle + - name: Appraisal for ${{ matrix.appraisal }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle + - name: Tests for ${{ matrix.ruby }} via ${{ matrix.exec_cmd }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index a6f22b14..d59084e2 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -1,16 +1,18 @@ -name: Code Coverage +name: Test Coverage env: - CI_CODECOV: true - COVER_ALL: true + K_SOUP_COV_MIN_BRANCH: 98 + K_SOUP_COV_MIN_LINE: 98 + K_SOUP_COV_MIN_HARD: true + K_SOUP_COV_FORMATTERS: "html,rcov,lcov,json,tty" + K_SOUP_COV_DO: true + K_SOUP_COV_MULTI_FORMATTERS: true + K_SOUP_COV_COMMAND_NAME: "RSpec Coverage" on: push: branches: - - 'main' - - '*-maintenance' - - '*-dev' - - '*-stable' + - 'master' tags: - '!*' # Do not execute on tags pull_request: @@ -19,96 +21,102 @@ on: # Allow manually triggering the workflow. workflow_dispatch: +permissions: + contents: read + # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. - group: ${{ github.workflow }}-${{ github.ref }} + group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: true jobs: - test: - name: Specs with Coverage - Ruby ${{ matrix.ruby }} ${{ matrix.name_extra || '' }} + coverage: + name: Code Coverage on ${{ matrix.ruby }}@current if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + runs-on: ubuntu-latest + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile strategy: fail-fast: false matrix: - experimental: [false] - rubygems: - - latest - bundler: - - latest - ruby: - - "2.7" + include: + # Coverage + - ruby: "ruby" + appraisal: "coverage" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: latest + bundler: latest - runs-on: ubuntu-latest - continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - - uses: amancevice/setup-code-climate@v0 + - uses: amancevice/setup-code-climate@v2 name: CodeClimate Install - if: matrix.ruby == '2.7' && github.event_name != 'pull_request' && always() + if: ${{ github.event_name != 'pull_request' }} with: cc_test_reporter_id: ${{ secrets.CC_TEST_REPORTER_ID }} - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - - name: Setup Ruby & Bundle + - name: Setup Ruby & RubyGems uses: ruby/setup-ruby@v1 with: - ruby-version: ${{ matrix.ruby }} - rubygems: ${{ matrix.rubygems }} - bundler: ${{ matrix.bundler }} - bundler-cache: true - - - name: CodeClimate Pre-build Notification - run: cc-test-reporter before-build - if: matrix.ruby == '2.7' && github.event_name != 'pull_request' && always() - continue-on-error: ${{ matrix.experimental != 'false' }} + ruby-version: "${{ matrix.ruby }}" + rubygems: "${{ matrix.rubygems }}" + bundler: "${{ matrix.bundler }}" + bundler-cache: false - - name: Run tests - run: bundle exec rake test - - - name: CodeClimate Post-build Notification - run: cc-test-reporter after-build - if: matrix.ruby == '2.7' && github.event_name != 'pull_request' && always() - continue-on-error: ${{ matrix.experimental != 'false' }} + # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) + # We need to do this first to get appraisal installed. + # NOTE: This does not use the primary Gemfile at all. + - name: Install Root Appraisal + run: bundle + - name: Appraisal for ${{ matrix.appraisal }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle + - name: Tests for ${{ matrix.ruby }}@current via ${{ matrix.exec_cmd }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} - name: Code Coverage Summary Report - uses: irongut/CodeCoverageSummary@v1.2.0 + uses: irongut/CodeCoverageSummary@v1.3.0 + if: ${{ github.event_name == 'pull_request' }} with: filename: ./coverage/coverage.xml badge: true fail_below_min: true format: markdown - hide_branch_rate: true + hide_branch_rate: false hide_complexity: true indicators: true output: both - thresholds: '100 95' + thresholds: '100 100' continue-on-error: ${{ matrix.experimental != 'false' }} - name: Add Coverage PR Comment uses: marocchino/sticky-pull-request-comment@v2 - if: matrix.ruby == '2.7' && always() + if: ${{ github.event_name == 'pull_request' }} with: recreate: true path: code-coverage-results.md continue-on-error: ${{ matrix.experimental != 'false' }} - - name: Coveralls + - name: Upload coverage to Coveralls uses: coverallsapp/github-action@master - if: matrix.ruby == '2.7' && github.event_name != 'pull_request' && always() with: github-token: ${{ secrets.GITHUB_TOKEN }} continue-on-error: ${{ matrix.experimental != 'false' }} -# Using the codecov gem instead. -# - name: CodeCov -# uses: codecov/codecov-action@v2 -# if: matrix.ruby == '2.7' && github.event_name != 'pull_request' && always() -# with: -# files: ./coverage/coverage.xml -# flags: unittests -# name: codecov-upload -# fail_ci_if_error: true -# continue-on-error: ${{ matrix.experimental != 'false' }} + - name: Upload coverage to QLTY + uses: qltysh/qlty-action/coverage@main + with: + coverage-token: ${{secrets.QLTY_COVERAGE_TOKEN}} + files: coverage/.resultset.json + continue-on-error: ${{ matrix.experimental != 'false' }} + + - name: Upload coverage to CodeCov + uses: codecov/codecov-action@v5 + with: + fail_ci_if_error: true # optional (default = false) + token: ${{ secrets.CODECOV_TOKEN }} + verbose: true # optional (default = false) diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml new file mode 100644 index 00000000..8c9df56f --- /dev/null +++ b/.github/workflows/current.yml @@ -0,0 +1,86 @@ +# Targets the evergreen latest release of ruby, truffleruby, and jruby +name: Current + +env: + K_SOUP_COV_DO: false + +on: + push: + branches: + - 'main' + - '*-stable' + tags: + - '!*' # Do not execute on tags + pull_request: + branches: + - '*' + # Allow manually triggering the workflow. + workflow_dispatch: + +permissions: + contents: read + +# Cancels all previous workflow runs for the same branch that have not yet completed. +concurrency: + # The concurrency group contains the workflow name and the branch name. + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + test: + name: Specs ${{ matrix.ruby }}@${{ matrix.appraisal }} + if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + runs-on: ubuntu-latest + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile + strategy: + matrix: + include: + # Ruby 3.4 + - ruby: "ruby" + appraisal: "current" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: latest + bundler: latest + + # truffleruby-24.1 + # (according to documentation: targets Ruby 3.3 compatibility) + # (according to runtime: targets Ruby 3.2 compatibility) + - ruby: "truffleruby" + appraisal: "current" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default + + # jruby-10.0 (targets Ruby 3.4 compatibility) + - ruby: "jruby" + appraisal: "current" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Ruby & RubyGems + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + rubygems: ${{ matrix.rubygems }} + bundler: ${{ matrix.bundler }} + bundler-cache: false + + # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) + # We need to do this first to get appraisal installed. + # NOTE: This does not use the primary Gemfile at all. + - name: Install Root Appraisal + run: bundle + - name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle + - name: Tests for ${{ matrix.ruby }}@${{ matrix.appraisal }} via ${{ matrix.exec_cmd }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml index e31aca95..9b9f539c 100644 --- a/.github/workflows/danger.yml +++ b/.github/workflows/danger.yml @@ -17,13 +17,13 @@ jobs: fail-fast: false matrix: gemfile: - - f2 + - vanilla rubygems: - latest bundler: - latest ruby: - - "2.7" + - "ruby" steps: - name: Checkout uses: actions/checkout@v3 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 00000000..0d4a0136 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,20 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout Repository' + uses: actions/checkout@v4 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v4 diff --git a/.github/workflows/heads.yml b/.github/workflows/heads.yml index 3292009a..e47356ae 100644 --- a/.github/workflows/heads.yml +++ b/.github/workflows/heads.yml @@ -1,11 +1,12 @@ name: Heads +env: + K_SOUP_COV_DO: false + on: push: branches: - 'main' - - '*-maintenance' - - '*-dev' - '*-stable' tags: - '!*' # Do not execute on tags @@ -15,55 +16,70 @@ on: # Allow manually triggering the workflow. workflow_dispatch: +permissions: + contents: read + # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. - group: ${{ github.workflow }}-${{ github.ref }} + group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: true jobs: test: - name: Specs - Ruby ${{ matrix.ruby }} ${{matrix.gemfile}} ${{ matrix.name_extra || '' }} - env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps - BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile + name: Specs ${{ matrix.ruby }}@${{ matrix.appraisal }}${{ matrix.name_extra || '' }} if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + runs-on: ubuntu-latest + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile strategy: - fail-fast: false + fail-fast: true matrix: - experimental: [true] - gemfile: - - f0 - - f1 - - f2 - rubygems: - - default - bundler: - - default - ruby: - - truffleruby+graalvm-head - - truffleruby-head - - ruby-head include: - # Includes a new variable experimental with a value of false - # for the matrix legs matching rubygems: latest, which is all of them. - # This is here for parity with the unsupported.yml - # This is a hack. Combined with continue-on-error it should allow us - # to have a workflow with allowed failure. - # This is the "supported" build matrix, so only the "head" builds are experimental here. - - rubygems: latest - experimental: true + # NOTE: Heads use default rubygems / bundler; their defaults are custom, unreleased, and from the future! + # ruby-head + - ruby: "ruby-head" + appraisal: "head" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default + + # truffleruby-head + - ruby: "truffleruby-head" + appraisal: "head" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default + + # jruby-head + - ruby: "jruby-head" + appraisal: "head" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default - runs-on: ubuntu-latest - continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - name: Checkout - uses: actions/checkout@v3 - - name: Setup Ruby & Bundle + uses: actions/checkout@v4 + + - name: Setup Ruby & RubyGems uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} rubygems: ${{ matrix.rubygems }} bundler: ${{ matrix.bundler }} - bundler-cache: true - - name: Run tests - run: bundle exec rake test + bundler-cache: false + + # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) + # We need to do this first to get appraisal installed. + # NOTE: This does not use the primary Gemfile at all. + - name: Install Root Appraisal + run: bundle + - name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle + - name: Tests for ${{ matrix.ruby }}@${{ matrix.appraisal }} via ${{ matrix.exec_cmd }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} diff --git a/.github/workflows/jruby-head.yml b/.github/workflows/jruby-head.yml deleted file mode 100644 index 9c0498d9..00000000 --- a/.github/workflows/jruby-head.yml +++ /dev/null @@ -1,68 +0,0 @@ -name: JRuby Head - -on: - push: - branches: - - 'main' - - '*-maintenance' - - '*-dev' - - '*-stable' - tags: - - '!*' # Do not execute on tags - pull_request: - branches: - - '*' - # Allow manually triggering the workflow. - workflow_dispatch: - -# Cancels all previous workflow runs for the same branch that have not yet completed. -concurrency: - # The concurrency group contains the workflow name and the branch name. - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - test: - name: Specs - Ruby ${{ matrix.ruby }} ${{matrix.gemfile}} ${{ matrix.name_extra || '' }} - env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps - BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile - if: "false" - # if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" - strategy: - fail-fast: false - matrix: - experimental: [true] - gemfile: - - f0 - - f1 - - f2 - rubygems: - - default - bundler: - - default - ruby: - - jruby-head - include: - # Includes a new variable experimental with a value of false - # for the matrix legs matching rubygems: latest, which is all of them. - # This is here for parity with the unsupported.yml - # This is a hack. Combined with continue-on-error it should allow us - # to have a workflow with allowed failure. - # This is the "supported" build matrix, so only the "head" builds are experimental here. - - rubygems: latest - experimental: true - - runs-on: ubuntu-latest - continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Setup Ruby & Bundle - uses: ruby/setup-ruby@v1 - with: - ruby-version: ${{ matrix.ruby }} - rubygems: ${{ matrix.rubygems }} - bundler: ${{ matrix.bundler }} - bundler-cache: true - - name: Run tests - run: bundle exec rake test diff --git a/.github/workflows/jruby.yml b/.github/workflows/jruby.yml new file mode 100644 index 00000000..1de8d577 --- /dev/null +++ b/.github/workflows/jruby.yml @@ -0,0 +1,92 @@ +name: JRuby + +env: + K_SOUP_COV_DO: false + +on: + push: + branches: + - 'main' + - '*-stable' + tags: + - '!*' # Do not execute on tags + pull_request: + branches: + - '*' + # Allow manually triggering the workflow. + workflow_dispatch: + +permissions: + contents: read + +# Cancels all previous workflow runs for the same branch that have not yet completed. +concurrency: + # The concurrency group contains the workflow name and the branch name. + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + test: + name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }} + if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + runs-on: ubuntu-22.04 + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile + strategy: + matrix: + include: + # TODO: truffleruby does not support upgrading rubygems; VALIDATE ASSUMPTION that same applies to JRuby + # jruby-9.1 (targets Ruby 2.3 compatibility) + - ruby: "jruby-9.1" + appraisal: "ruby-2-3" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default + + # jruby-9.2 (targets Ruby 2.5 compatibility) + - ruby: "jruby-9.2" + appraisal: "ruby-2-5" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default + + # jruby-9.3 (targets Ruby 2.6 compatibility) + - ruby: "jruby-9.3" + appraisal: "ruby-2-6" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default + + # jruby-9.4 (targets Ruby 3.1 compatibility) + - ruby: "jruby-9.4" + appraisal: "ruby-3-1" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Ruby & RubyGems + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + rubygems: ${{ matrix.rubygems }} + bundler: ${{ matrix.bundler }} + bundler-cache: false + + # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) + # We need to do this first to get appraisal installed. + # NOTE: This does not use the primary Gemfile at all. + - name: Install Root Appraisal + run: bundle + - name: Appraisal for ${{ matrix.appraisal }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle + - name: Tests for ${{ matrix.ruby }} via ${{ matrix.exec_cmd }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} diff --git a/.github/workflows/legacy.yml b/.github/workflows/legacy.yml new file mode 100644 index 00000000..a76b6493 --- /dev/null +++ b/.github/workflows/legacy.yml @@ -0,0 +1,68 @@ +name: MRI 3.0 (EOL) + +env: + K_SOUP_COV_DO: false + +on: + push: + branches: + - 'main' + - '*-stable' + tags: + - '!*' # Do not execute on tags + pull_request: + branches: + - '*' + # Allow manually triggering the workflow. + workflow_dispatch: + +permissions: + contents: read + +# Cancels all previous workflow runs for the same branch that have not yet completed. +concurrency: + # The concurrency group contains the workflow name and the branch name. + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + test: + name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }} + if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + runs-on: ubuntu-22.04 + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile + strategy: + fail-fast: false + matrix: + include: + # Ruby 3.0 + - ruby: "ruby-3.0" + appraisal: "ruby-3-0" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: '3.5.23' + bundler: '2.5.23' + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Ruby & RubyGems + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + rubygems: ${{ matrix.rubygems }} + bundler: ${{ matrix.bundler }} + bundler-cache: false + + # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) + # We need to do this first to get appraisal installed. + # NOTE: This does not use the primary Gemfile at all. + - name: Install Root Appraisal + run: bundle + - name: Appraisal for ${{ matrix.appraisal }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle + - name: Tests for ${{ matrix.ruby }} via ${{ matrix.exec_cmd }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} diff --git a/.github/workflows/macos-ancient.yml b/.github/workflows/macos-ancient.yml index 11405d73..01afae7e 100644 --- a/.github/workflows/macos-ancient.yml +++ b/.github/workflows/macos-ancient.yml @@ -1,11 +1,12 @@ name: Old MacOS +env: + K_SOUP_COV_DO: false + on: push: branches: - 'main' - - '*-maintenance' - - '*-dev' - '*-stable' tags: - '!*' # Do not execute on tags @@ -15,43 +16,56 @@ on: # Allow manually triggering the workflow. workflow_dispatch: +permissions: + contents: read + # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. - group: ${{ github.workflow }}-${{ github.ref }} + group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: true jobs: test: - name: Specs - Ruby ${{ matrix.ruby }} ${{matrix.gemfile}} ${{ matrix.name_extra || '' }} - env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps - BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile - if: "false" - # if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }} + if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + runs-on: ubuntu-22.04 + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile strategy: fail-fast: false matrix: - experimental: [true] - gemfile: - - f0 - rubygems: - - "2.7.11" - ruby: - - "1.9" - - "2.0" - - "2.1" - - "2.2" + include: + # Ruby 2.2 + - ruby: "ruby-2.2" + appraisal: "ruby-2-2" + experimental: true + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: '2.7.11' + bundler: '1.17.3' runs-on: macos-10.15 continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - name: Checkout - uses: actions/checkout@v3 - - name: Setup Ruby & Bundle + uses: actions/checkout@v4 + + - name: Setup Ruby & RubyGems uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} rubygems: ${{ matrix.rubygems }} - bundler-cache: true - - name: Run tests - run: bundle exec rake test + bundler: ${{ matrix.bundler }} + bundler-cache: false + + # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) + # We need to do this first to get appraisal installed. + # NOTE: This does not use the primary Gemfile at all. + - name: Install Root Appraisal + run: bundle + - name: Appraisal for ${{ matrix.appraisal }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle + - name: Tests for ${{ matrix.ruby }} via ${{ matrix.exec_cmd }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index af6381d5..2961b7c2 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -1,11 +1,13 @@ +# Targets the evergreen latest release of ruby, truffleruby, and jruby name: MacOS +env: + K_SOUP_COV_DO: false + on: push: branches: - 'main' - - '*-maintenance' - - '*-dev' - '*-stable' tags: - '!*' # Do not execute on tags @@ -15,46 +17,70 @@ on: # Allow manually triggering the workflow. workflow_dispatch: +permissions: + contents: read + # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. - group: ${{ github.workflow }}-${{ github.ref }} + group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: true jobs: test: - name: Specs - Ruby ${{ matrix.ruby }} ${{matrix.gemfile}} ${{ matrix.name_extra || '' }} - env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps - BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile + name: Specs ${{ matrix.ruby }}@${{ matrix.appraisal }} if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + runs-on: macos-latest + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile strategy: - fail-fast: false matrix: - experimental: [true] - gemfile: - - f2 - rubygems: - - latest - bundler: - - latest - ruby: - - "2.7" - - "3.0" - - "3.1" - - truffleruby - - jruby + include: + # Ruby 3.4 + - ruby: "ruby" + appraisal: "current" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: latest + bundler: latest + + # truffleruby-24.1 + # (according to documentation: targets Ruby 3.3 compatibility) + # (according to runtime: targets Ruby 3.2 compatibility) + - ruby: "truffleruby" + appraisal: "current" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default + + # jruby-10.0 (targets Ruby 3.4 compatibility) + - ruby: "jruby" + appraisal: "current" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default - runs-on: macos-latest - continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - name: Checkout - uses: actions/checkout@v3 - - name: Setup Ruby & Bundle + uses: actions/checkout@v4 + + - name: Setup Ruby & RubyGems uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} rubygems: ${{ matrix.rubygems }} bundler: ${{ matrix.bundler }} - bundler-cache: true - - name: Run tests - run: bundle exec rake test + bundler-cache: false + + # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) + # We need to do this first to get appraisal installed. + # NOTE: This does not use the primary Gemfile at all. + - name: Install Root Appraisal + run: bundle + - name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle + - name: Tests for ${{ matrix.ruby }}@${{ matrix.appraisal }} via ${{ matrix.exec_cmd }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml index edb198fd..aeaf0cc8 100644 --- a/.github/workflows/style.yml +++ b/.github/workflows/style.yml @@ -1,42 +1,65 @@ -name: Code Style Checks +name: Style on: push: branches: - 'main' - - '*-maintenance' - - '*-dev' - '*-stable' tags: - '!*' # Do not execute on tags pull_request: branches: - '*' + # Allow manually triggering the workflow. + workflow_dispatch: + +permissions: + contents: read + +# Cancels all previous workflow runs for the same branch that have not yet completed. +concurrency: + # The concurrency group contains the workflow name and the branch name. + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true jobs: rubocop: - name: Rubocop + name: Style on ${{ matrix.ruby }}@current if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + runs-on: ubuntu-latest + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile strategy: fail-fast: false matrix: - experimental: [false] - rubygems: - - latest - bundler: - - latest - ruby: - - ruby - runs-on: ubuntu-latest + include: + # Style + - ruby: "ruby" + appraisal: "style" + exec_cmd: "rake rubocop_gradual:check" + gemfile: "Appraisal.root" + rubygems: latest + bundler: latest + steps: - name: Checkout - uses: actions/checkout@v3 - - name: Setup Ruby & Bundle + uses: actions/checkout@v4 + + - name: Setup Ruby & RubyGems uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} rubygems: ${{ matrix.rubygems }} bundler: ${{ matrix.bundler }} - bundler-cache: true - - name: Run Rubocop - run: bundle exec rubocop -DESP + bundler-cache: false + + # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) + # We need to do this first to get appraisal installed. + # NOTE: This does not use the primary Gemfile at all. + - name: Install Root Appraisal + run: bundle + - name: Appraisal for ${{ matrix.appraisal }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle + - name: Run ${{ matrix.appraisal }} checks via ${{ matrix.exec_cmd }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml index a62d1ef1..db015205 100644 --- a/.github/workflows/supported.yml +++ b/.github/workflows/supported.yml @@ -1,12 +1,12 @@ -name: Official Support +name: MRI Non-EOL + +env: + K_SOUP_COV_DO: false on: push: branches: - - 'main' - - '*-maintenance' - - '*-dev' - - '*-stable' + - 'master' tags: - '!*' # Do not execute on tags pull_request: @@ -15,48 +15,68 @@ on: # Allow manually triggering the workflow. workflow_dispatch: +permissions: + contents: read + # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. - group: ${{ github.workflow }}-${{ github.ref }} + group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: true jobs: test: - name: Specs - Ruby ${{ matrix.ruby }} ${{matrix.gemfile}} ${{ matrix.name_extra || '' }} - env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps - BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile + name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }} if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + runs-on: ubuntu-latest + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile strategy: - fail-fast: false matrix: - experimental: [false] - gemfile: - - f0 - - f1 - - f2 - rubygems: - - latest - bundler: - - latest - ruby: - - "2.7" - - "3.0" - - "3.1" - - truffleruby - - jruby + include: + # Ruby 3.1 + - ruby: "ruby-3.1" + appraisal: "ruby-3-1" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: latest + bundler: latest + + # Ruby 3.2 + - ruby: "ruby-3.2" + appraisal: "ruby-3-2" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: latest + bundler: latest + + # Ruby 3.3 + - ruby: "ruby-3.3" + appraisal: "ruby-3-3" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: latest + bundler: latest - runs-on: ubuntu-latest - continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - name: Checkout - uses: actions/checkout@v3 - - name: Setup Ruby & Bundle + uses: actions/checkout@v4 + + - name: Setup Ruby & RubyGems uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} rubygems: ${{ matrix.rubygems }} bundler: ${{ matrix.bundler }} - bundler-cache: true - - name: Run tests - run: bundle exec rake test + bundler-cache: false + + # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) + # We need to do this first to get appraisal installed. + # NOTE: This does not use the primary Gemfile at all. + - name: Install Root Appraisal + run: bundle + - name: Appraisal for ${{ matrix.ruby }} ${{ matrix.appraisal }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle + - name: Tests for ${{ matrix.ruby }} ${{ matrix.appraisal }} via ${{ matrix.exec_cmd }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} diff --git a/.github/workflows/truffle.yml b/.github/workflows/truffle.yml new file mode 100644 index 00000000..b614bdc2 --- /dev/null +++ b/.github/workflows/truffle.yml @@ -0,0 +1,84 @@ +name: Truffle + +env: + K_SOUP_COV_DO: false + +on: + push: + branches: + - 'main' + - '*-stable' + tags: + - '!*' # Do not execute on tags + pull_request: + branches: + - '*' + # Allow manually triggering the workflow. + workflow_dispatch: + +permissions: + contents: read + +# Cancels all previous workflow runs for the same branch that have not yet completed. +concurrency: + # The concurrency group contains the workflow name and the branch name. + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + test: + name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }} + if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + runs-on: ubuntu-22.04 + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile + strategy: + matrix: + include: + # NOTE: truffleruby does not support upgrading rubygems. + # truffleruby-22.3 (targets Ruby 3.0 compatibility) + - ruby: "truffleruby-22.3" + appraisal: "ruby-3-0" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default + + # truffleruby-23.0 (targets Ruby 3.1 compatibility) + - ruby: "truffleruby-23.0" + appraisal: "ruby-3-1" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default + + # truffleruby-23.1 (targets Ruby 3.2 compatibility) + - ruby: "truffleruby-23.1" + appraisal: "ruby-3-2" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Ruby & RubyGems + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + rubygems: ${{ matrix.rubygems }} + bundler: ${{ matrix.bundler }} + bundler-cache: false + + # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) + # We need to do this first to get appraisal installed. + # NOTE: This does not use the primary Gemfile at all. + - name: Install Root Appraisal + run: bundle + - name: Appraisal for ${{ matrix.appraisal }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle + - name: Tests for ${{ matrix.ruby }} via ${{ matrix.exec_cmd }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml index c22770af..6b54dc53 100644 --- a/.github/workflows/unsupported.yml +++ b/.github/workflows/unsupported.yml @@ -1,11 +1,12 @@ -name: Unofficial Support +name: MRI 2.6 & 2.7 (EOL) + +env: + K_SOUP_COV_DO: false on: push: branches: - 'main' - - '*-maintenance' - - '*-dev' - '*-stable' tags: - '!*' # Do not execute on tags @@ -15,56 +16,61 @@ on: # Allow manually triggering the workflow. workflow_dispatch: +permissions: + contents: read + # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. - group: ${{ github.workflow }}-${{ github.ref }} + group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: true jobs: test: - name: Specs - Ruby ${{ matrix.ruby }} ${{matrix.gemfile}} ${{ matrix.name_extra || '' }} - env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps - BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile + name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }} if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + runs-on: ubuntu-22.04 + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile strategy: fail-fast: false matrix: - experimental: [false] - gemfile: - - f0 - - f1 - - f2 - rubygems: - - latest - bundler: - - latest - ruby: - - "2.3" - - "2.4" - - "2.5" - - "2.6" - exclude: - - ruby: "2.3" - gemfile: "f1" - - ruby: "2.3" - gemfile: "f2" - - ruby: "2.4" - gemfile: "f2" - - ruby: "2.5" - gemfile: "f2" + include: + # Ruby 2.6 + - ruby: "ruby-2.6" + appraisal: "ruby-2-6" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: '3.4.22' + bundler: '2.4.22' + + # Ruby 2.7 + - ruby: "ruby-2.7" + appraisal: "ruby-2-7" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: '3.4.22' + bundler: '2.4.22' - runs-on: ubuntu-20.04 - continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - name: Checkout - uses: actions/checkout@v3 - - name: Setup Ruby & Bundle + uses: actions/checkout@v4 + + - name: Setup Ruby & RubyGems uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} rubygems: ${{ matrix.rubygems }} bundler: ${{ matrix.bundler }} - bundler-cache: true - - name: Run tests - run: bundle exec rake test + bundler-cache: false + + # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) + # We need to do this first to get appraisal installed. + # NOTE: This does not use the primary Gemfile at all. + - name: Install Root Appraisal + run: bundle + - name: Appraisal for ${{ matrix.appraisal }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle + - name: Tests for ${{ matrix.ruby }} via ${{ matrix.exec_cmd }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} diff --git a/.github/workflows/windows-jruby.yml b/.github/workflows/windows-jruby.yml deleted file mode 100644 index d214df19..00000000 --- a/.github/workflows/windows-jruby.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: Windows JRuby - -on: - push: - branches: - - 'main' - - '*-maintenance' - - '*-dev' - - '*-stable' - tags: - - '!*' # Do not execute on tags - pull_request: - branches: - - '*' - # Allow manually triggering the workflow. - workflow_dispatch: - -# Cancels all previous workflow runs for the same branch that have not yet completed. -concurrency: - # The concurrency group contains the workflow name and the branch name. - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - test: - name: Specs - Ruby ${{ matrix.ruby }} ${{matrix.gemfile}} ${{ matrix.name_extra || '' }} - env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps - BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile - if: "false" - # if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" - strategy: - fail-fast: false - matrix: - experimental: [true] - gemfile: - - f2 - bundler: - - none - ruby: - - jruby - - runs-on: windows-latest - continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Setup Ruby & Bundle - uses: ruby/setup-ruby@v1 - with: - ruby-version: ${{ matrix.ruby }} - rubygems: ${{ matrix.rubygems }} - bundler: ${{ matrix.bundler }} - bundler-cache: true - - name: Run tests - run: bundle exec rake test diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 8bf170c7..ea6866f7 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -1,11 +1,13 @@ -name: Windows +# Targets the evergreen latest release of ruby, truffleruby, and jruby +name: Current + +env: + K_SOUP_COV_DO: false on: push: branches: - 'main' - - '*-maintenance' - - '*-dev' - '*-stable' tags: - '!*' # Do not execute on tags @@ -15,44 +17,70 @@ on: # Allow manually triggering the workflow. workflow_dispatch: +permissions: + contents: read + # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. - group: ${{ github.workflow }}-${{ github.ref }} + group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: true jobs: test: - name: Specs - Ruby ${{ matrix.ruby }} ${{matrix.gemfile}} ${{ matrix.name_extra || '' }} - env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps - BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile + name: Specs ${{ matrix.ruby }}@${{ matrix.appraisal }} if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + runs-on: windows-latest + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile strategy: - fail-fast: false matrix: - experimental: [false] - gemfile: - - f2 - rubygems: - - latest - bundler: - - latest - ruby: - - "2.7" - - "3.0" - - "3.1" + include: + # Ruby 3.4 + - ruby: "ruby" + appraisal: "current" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: latest + bundler: latest + + # truffleruby-24.1 + # (according to documentation: targets Ruby 3.3 compatibility) + # (according to runtime: targets Ruby 3.2 compatibility) + - ruby: "truffleruby" + appraisal: "current" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default + + # jruby-10.0 (targets Ruby 3.4 compatibility) + - ruby: "jruby" + appraisal: "current" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default - runs-on: windows-latest - continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - name: Checkout - uses: actions/checkout@v3 - - name: Setup Ruby & Bundle + uses: actions/checkout@v4 + + - name: Setup Ruby & RubyGems uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} rubygems: ${{ matrix.rubygems }} bundler: ${{ matrix.bundler }} - bundler-cache: true - - name: Run tests - run: bundle exec rake test + bundler-cache: false + + # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) + # We need to do this first to get appraisal installed. + # NOTE: This does not use the primary Gemfile at all. + - name: Install Root Appraisal + run: bundle + - name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle + - name: Tests for ${{ matrix.ruby }}@${{ matrix.appraisal }} via ${{ matrix.exec_cmd }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} diff --git a/Appraisal.root.gemfile b/Appraisal.root.gemfile new file mode 100644 index 00000000..3d53a930 --- /dev/null +++ b/Appraisal.root.gemfile @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +git_source(:github) { |repo_name| "https://github.com/#{repo_name}" } + +source "https://rubygems.org/" + +# Appraisal Root Gemfile is for running appraisal to generate the Appraisal Gemfiles +# in gemfiles/*gemfile. +# On CI, we use it for the Appraisal-based builds. +# We do not load the standard Gemfile, as it is tailored for local development. + +gemspec + +gem "appraisal", github: "pboling/appraisal", branch: "galtzo" diff --git a/Appraisal.root.gemfile.lock b/Appraisal.root.gemfile.lock new file mode 100644 index 00000000..4129b87d --- /dev/null +++ b/Appraisal.root.gemfile.lock @@ -0,0 +1,183 @@ +GIT + remote: https://github.com/pboling/appraisal + revision: a3a3e4b7db67d9b085f96b2ffddd2b51bd8a1196 + branch: galtzo + specs: + appraisal (3.0.0.rc1) + bundler (>= 1.17.3) + rake (>= 10) + thor (>= 0.14) + +PATH + remote: . + specs: + oauth2 (2.0.10) + faraday (>= 0.17.3, < 3.0) + jwt (>= 1.0, < 3.0) + multi_xml (~> 0.5) + rack (>= 1.2, < 4) + snaky_hash (~> 2.0) + version_gem (>= 1.1.8, < 3) + +GEM + remote: https://rubygems.org/ + specs: + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) + ast (2.4.3) + backports (3.25.1) + base64 (0.2.0) + bigdecimal (3.1.9) + diff-lcs (1.6.2) + diffy (3.4.3) + faraday (2.13.1) + faraday-net_http (>= 2.0, < 3.5) + json + logger + faraday-net_http (3.4.0) + net-http (>= 0.5.0) + hashie (5.0.0) + json (2.12.0) + jwt (2.10.1) + base64 + language_server-protocol (3.17.0.5) + lint_roller (1.1.0) + logger (1.7.0) + multi_xml (0.7.2) + bigdecimal (~> 3.1) + net-http (0.6.0) + uri + nkf (0.2.0) + parallel (1.27.0) + parser (3.3.8.0) + ast (~> 2.4.1) + racc + prism (1.4.0) + public_suffix (6.0.2) + racc (1.8.1) + rack (3.1.14) + rainbow (3.1.1) + rake (13.2.1) + regexp_parser (2.10.0) + rexml (3.4.1) + rspec (3.13.0) + rspec-core (~> 3.13.0) + rspec-expectations (~> 3.13.0) + rspec-mocks (~> 3.13.0) + rspec-block_is_expected (1.0.6) + rspec-core (3.13.3) + rspec-support (~> 3.13.0) + rspec-expectations (3.13.4) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.13.0) + rspec-mocks (3.13.4) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.13.0) + rspec-pending_for (0.1.17) + rake (>= 10) + rspec-core (~> 3.0) + ruby_engine (~> 2.0) + ruby_version (~> 1.0) + rspec-stubbed_env (1.0.2) + rspec-support (3.13.3) + rubocop (1.75.5) + json (~> 2.3) + language_server-protocol (~> 3.17.0.2) + lint_roller (~> 1.1.0) + parallel (~> 1.10) + parser (>= 3.3.0.2) + rainbow (>= 2.2.2, < 4.0) + regexp_parser (>= 2.9.3, < 3.0) + rubocop-ast (>= 1.44.0, < 2.0) + ruby-progressbar (~> 1.7) + unicode-display_width (>= 2.4.0, < 4.0) + rubocop-ast (1.44.1) + parser (>= 3.3.7.2) + prism (~> 1.4) + rubocop-gradual (0.3.6) + diff-lcs (>= 1.2.0, < 2.0) + diffy (~> 3.0) + parallel (~> 1.10) + rainbow (>= 2.2.2, < 4.0) + rubocop (~> 1.0) + rubocop-lts (8.1.1) + rubocop-ruby2_2 (>= 2.0.3, < 3) + standard-rubocop-lts (>= 1.0.3, < 3) + version_gem (>= 1.1.2, < 3) + rubocop-md (1.2.4) + rubocop (>= 1.45) + rubocop-performance (1.25.0) + lint_roller (~> 1.1) + rubocop (>= 1.75.0, < 2.0) + rubocop-ast (>= 1.38.0, < 2.0) + rubocop-rake (0.7.1) + lint_roller (~> 1.1) + rubocop (>= 1.72.1) + rubocop-ruby2_2 (2.0.5) + rubocop-gradual (~> 0.3, >= 0.3.1) + rubocop-md (~> 1.2) + rubocop-rake (~> 0.6) + rubocop-shopify (~> 2.14) + rubocop-thread_safety (~> 0.5, >= 0.5.1) + standard-rubocop-lts (~> 1.0, >= 1.0.7) + version_gem (>= 1.1.3, < 3) + rubocop-shopify (2.17.0) + rubocop (~> 1.62) + rubocop-thread_safety (0.7.2) + lint_roller (~> 1.1) + rubocop (~> 1.72, >= 1.72.1) + ruby-progressbar (1.13.0) + ruby_engine (2.0.3) + ruby_version (1.0.3) + silent_stream (1.0.10) + logger (>= 1.4.4) + version_gem (~> 1.1, >= 1.1.7) + snaky_hash (2.0.1) + hashie + version_gem (~> 1.1, >= 1.1.1) + standard (1.50.0) + language_server-protocol (~> 3.17.0.2) + lint_roller (~> 1.0) + rubocop (~> 1.75.5) + standard-custom (~> 1.0.0) + standard-performance (~> 1.8) + standard-custom (1.0.2) + lint_roller (~> 1.0) + rubocop (~> 1.50) + standard-performance (1.8.0) + lint_roller (~> 1.1) + rubocop-performance (~> 1.25.0) + standard-rubocop-lts (1.0.10) + rspec-block_is_expected (~> 1.0, >= 1.0.5) + standard (>= 1.35.1, < 2) + standard-custom (>= 1.0.2, < 2) + standard-performance (>= 1.3.1, < 2) + version_gem (>= 1.1.4, < 3) + thor (1.3.2) + unicode-display_width (3.1.4) + unicode-emoji (~> 4.0, >= 4.0.4) + unicode-emoji (4.0.4) + uri (1.0.3) + version_gem (1.1.8) + +PLATFORMS + ruby + x86_64-linux + +DEPENDENCIES + addressable (>= 2) + appraisal! + backports (>= 3) + nkf (~> 0.2) + oauth2! + rake (>= 12) + rexml (>= 3) + rspec (>= 3) + rspec-block_is_expected + rspec-pending_for + rspec-stubbed_env + rubocop-lts (~> 8.0) + silent_stream + +BUNDLED WITH + 2.6.9 diff --git a/Appraisals b/Appraisals new file mode 100644 index 00000000..366123bb --- /dev/null +++ b/Appraisals @@ -0,0 +1,125 @@ +# frozen_string_literal: true + +# HOW TO UPDATE APPRAISALS: +# BUNDLE_GEMFILE=Appraisal.root.gemfile bundle +# BUNDLE_GEMFILE=Appraisal.root.gemfile bundle exec appraisal update + +# Used for head (nightly) releases of ruby, truffleruby, and jruby. +# Split into discrete appraisals if one of them needs a dependency locked discretely. +appraise "head" do + gem "mutex_m", ">= 0.2" + gem "stringio", ">= 3.0" + eval_gemfile "modular/f2.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +# Used for current releases of ruby, truffleruby, and jruby. +# Split into discrete appraisals if one of them needs a dependency locked discretely. +appraise "current" do + gem "mutex_m", ">= 0.2" + gem "stringio", ">= 3.0" + eval_gemfile "modular/f2.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +appraise "ruby-2-2" do + eval_gemfile "modular/f0.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +appraise "ruby-2-3" do + eval_gemfile "modular/f0.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +appraise "ruby-2-4" do + eval_gemfile "modular/f1.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +appraise "ruby-2-5" do + eval_gemfile "modular/f1.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +appraise "ruby-2-6" do + gem "mutex_m", "~> 0.2" + gem "stringio", "~> 3.0" + eval_gemfile "modular/f2.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +appraise "ruby-2-7" do + gem "mutex_m", "~> 0.2" + gem "stringio", "~> 3.0" + eval_gemfile "modular/f2.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +appraise "ruby-3-0" do + gem "mutex_m", "~> 0.2" + gem "stringio", "~> 3.0" + eval_gemfile "modular/f2.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +appraise "ruby-3-1" do + gem "mutex_m", "~> 0.2" + gem "stringio", "~> 3.0" + eval_gemfile "modular/f2.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +appraise "ruby-3-2" do + gem "mutex_m", "~> 0.2" + gem "stringio", "~> 3.0" + eval_gemfile "modular/f2.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +appraise "ruby-3-3" do + gem "mutex_m", "~> 0.2" + gem "stringio", "~> 3.0" + eval_gemfile "modular/f2.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +# Only run security audit on latest Ruby version +appraise "audit" do + gem "mutex_m", "~> 0.2" + gem "stringio", "~> 3.0" + eval_gemfile "modular/f2.gemfile" + eval_gemfile "modular/audit.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +# Only run coverage on latest Ruby version +appraise "coverage" do + gem "mutex_m", "~> 0.2" + gem "stringio", "~> 3.0" + eval_gemfile "modular/f2.gemfile" + eval_gemfile "modular/coverage.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +# Only run linter on latest Ruby version (but, in support of oldest supported Ruby version) +appraise "style" do + gem "mutex_m", "~> 0.2" + gem "stringio", "~> 3.0" + eval_gemfile "modular/f2.gemfile" + eval_gemfile "modular/style.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +appraise "omnibus" do + eval_gemfile "modular/audit.gemfile" + eval_gemfile "modular/coverage.gemfile" + eval_gemfile "modular/documentation.gemfile" + eval_gemfile "modular/f2.gemfile" + eval_gemfile "modular/style.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +appraise "vanilla" do + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end diff --git a/Gemfile b/Gemfile index b031a325..db87b175 100644 --- a/Gemfile +++ b/Gemfile @@ -29,3 +29,5 @@ eval_gemfile "gemfiles/modular/style.gemfile" # Documentation eval_gemfile "gemfiles/modular/documentation.gemfile" + +gem "appraisal", github: "pboling/appraisal", branch: "galtzo" diff --git a/Gemfile.lock b/Gemfile.lock index 6ca4debd..0d85a2a5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,13 @@ +GIT + remote: https://github.com/pboling/appraisal + revision: a3a3e4b7db67d9b085f96b2ffddd2b51bd8a1196 + branch: galtzo + specs: + appraisal (3.0.0.rc1) + bundler (>= 1.17.3) + rake (>= 10) + thor (>= 0.14) + GIT remote: https://github.com/pboling/yard-junk revision: 54ccebabbfa9a9cd44d0b991687ebbfd22c32b55 @@ -269,6 +279,7 @@ PLATFORMS DEPENDENCIES addressable (>= 2) + appraisal! backports (>= 3) benchmark (~> 0.4) bundler-audit (~> 0.9.2) @@ -295,4 +306,4 @@ DEPENDENCIES yard-junk (~> 0.0, >= 0.0.10)! BUNDLED WITH - 2.6.8 + 2.6.9 diff --git a/gemfiles/README.md b/gemfiles/README.md index b217d4cf..2f08c8e0 100644 --- a/gemfiles/README.md +++ b/gemfiles/README.md @@ -64,8 +64,9 @@ since that's what all Rubygems use for minimum version compatibility. We will run tests on as many of these as possible, in a matrix with each supported major version of `faraday`, which means 0.17.3+ (as `f0`), 1.10.x (as `f1`), 2.2.x (as `f2`). -Discrete versions of `faraday` to test against, as of 2022.02.19, with minimum version of Ruby for each: +Discrete versions of `faraday` to test against, as of 2025.05.14, with minimum version of Ruby for each: +* 2.9.0, Ruby >= 3.0 * 2.2.0, Ruby >= 2.6 * 1.10.0, Ruby >= 2.4 * 0.17.4, Ruby >= 1.9 diff --git a/gemfiles/audit.gemfile b/gemfiles/audit.gemfile new file mode 100644 index 00000000..e8bead50 --- /dev/null +++ b/gemfiles/audit.gemfile @@ -0,0 +1,12 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gem "mutex_m", "~> 0.2" +gem "stringio", "~> 3.0" + +gemspec path: "../" + +eval_gemfile("modular/f2.gemfile") + +eval_gemfile("modular/audit.gemfile") diff --git a/gemfiles/coverage.gemfile b/gemfiles/coverage.gemfile new file mode 100644 index 00000000..938138a0 --- /dev/null +++ b/gemfiles/coverage.gemfile @@ -0,0 +1,12 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gem "mutex_m", "~> 0.2" +gem "stringio", "~> 3.0" + +gemspec path: "../" + +eval_gemfile("modular/f2.gemfile") + +eval_gemfile("modular/coverage.gemfile") diff --git a/gemfiles/current.gemfile b/gemfiles/current.gemfile new file mode 100644 index 00000000..36b43d26 --- /dev/null +++ b/gemfiles/current.gemfile @@ -0,0 +1,10 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gem "mutex_m", ">= 0.2" +gem "stringio", ">= 3.0" + +gemspec path: "../" + +eval_gemfile("modular/f2.gemfile") diff --git a/gemfiles/f1.gemfile b/gemfiles/f1.gemfile deleted file mode 100644 index 40043bca..00000000 --- a/gemfiles/f1.gemfile +++ /dev/null @@ -1,9 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org/" - -# See README.md in this directory - -gem "faraday", "~> 1.10" - -gemspec path: "../" diff --git a/gemfiles/f2.gemfile b/gemfiles/f2.gemfile deleted file mode 100644 index 44081f52..00000000 --- a/gemfiles/f2.gemfile +++ /dev/null @@ -1,9 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org/" - -# See README.md in this directory - -gem "faraday", "~> 2.2" - -gemspec path: "../" diff --git a/gemfiles/head.gemfile b/gemfiles/head.gemfile new file mode 100644 index 00000000..36b43d26 --- /dev/null +++ b/gemfiles/head.gemfile @@ -0,0 +1,10 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gem "mutex_m", ">= 0.2" +gem "stringio", ">= 3.0" + +gemspec path: "../" + +eval_gemfile("modular/f2.gemfile") diff --git a/gemfiles/jruby_9.1.gemfile b/gemfiles/jruby_9.1.gemfile deleted file mode 100644 index 7573a1b5..00000000 --- a/gemfiles/jruby_9.1.gemfile +++ /dev/null @@ -1,5 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org/" - -gemspec path: "../" diff --git a/gemfiles/jruby_9.2.gemfile b/gemfiles/jruby_9.2.gemfile deleted file mode 100644 index 7573a1b5..00000000 --- a/gemfiles/jruby_9.2.gemfile +++ /dev/null @@ -1,5 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org/" - -gemspec path: "../" diff --git a/gemfiles/jruby_head.gemfile b/gemfiles/jruby_head.gemfile deleted file mode 100644 index 7573a1b5..00000000 --- a/gemfiles/jruby_head.gemfile +++ /dev/null @@ -1,5 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org/" - -gemspec path: "../" diff --git a/gemfiles/f0.gemfile b/gemfiles/modular/f0.gemfile similarity index 60% rename from gemfiles/f0.gemfile rename to gemfiles/modular/f0.gemfile index dc8d3f31..913ac2b4 100644 --- a/gemfiles/f0.gemfile +++ b/gemfiles/modular/f0.gemfile @@ -1,11 +1,6 @@ # frozen_string_literal: true -source "https://rubygems.org/" - -# See README.md in this directory - # 0.17.3 is the first version that stops using &Proc.new for block forwarding, # and thus is the oldest version oauth2 is compatible with. -gem "faraday", "~> 0.17.4" - -gemspec path: "../" +# Last version compatible with Ruby 1.9, 2.0, 2.1, 2.2, and 2.3 +gem "faraday", "~> 0.17.6" diff --git a/gemfiles/modular/f1.gemfile b/gemfiles/modular/f1.gemfile new file mode 100644 index 00000000..49bd282a --- /dev/null +++ b/gemfiles/modular/f1.gemfile @@ -0,0 +1,4 @@ +# frozen_string_literal: true + +# Last version compatible with Ruby 2.4, and 2.5 +gem "faraday", "~> 1.10", ">= 1.10.4" diff --git a/gemfiles/modular/f2.gemfile b/gemfiles/modular/f2.gemfile new file mode 100644 index 00000000..45130ada --- /dev/null +++ b/gemfiles/modular/f2.gemfile @@ -0,0 +1,4 @@ +# frozen_string_literal: true + +# last version that will install on Ruby 2.6 & 2.7 +gem "faraday", "~> 2.8", ">=2.8.1" diff --git a/gemfiles/omnibus.gemfile b/gemfiles/omnibus.gemfile index 553053f5..a7b63e97 100644 --- a/gemfiles/omnibus.gemfile +++ b/gemfiles/omnibus.gemfile @@ -1,18 +1,15 @@ -# This gemfile is used for GitLab CI, current ruby pipeline. -# This gemfile includes all dependencies necessary to run the naked `rake default` set of tasks +# This file was generated by Appraisal source "https://rubygems.org/" -git_source(:github) { |repo_name| "https://github.com/#{repo_name}" } -git_source(:gitlab) { |repo_name| "https://gitlab.com/#{repo_name}" } +gemspec path: "../" -eval_gemfile "modular/audit.gemfile" -eval_gemfile "modular/coverage.gemfile" -eval_gemfile "modular/documentation.gemfile" -eval_gemfile "modular/style.gemfile" +eval_gemfile("modular/audit.gemfile") -# Root Gemfile is only for local development. -# On CI, we only need the gemspec dependencies (including development dependencies). -# Exceptions, if any, will be found in gemfiles/*.gemfile +eval_gemfile("modular/coverage.gemfile") -gemspec path: "../" +eval_gemfile("modular/documentation.gemfile") + +eval_gemfile("modular/f2.gemfile") + +eval_gemfile("modular/style.gemfile") diff --git a/gemfiles/ruby_2_2.gemfile b/gemfiles/ruby_2_2.gemfile new file mode 100644 index 00000000..38fde197 --- /dev/null +++ b/gemfiles/ruby_2_2.gemfile @@ -0,0 +1,7 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gemspec path: "../" + +eval_gemfile("modular/f0.gemfile") diff --git a/gemfiles/ruby_2_3.gemfile b/gemfiles/ruby_2_3.gemfile new file mode 100644 index 00000000..38fde197 --- /dev/null +++ b/gemfiles/ruby_2_3.gemfile @@ -0,0 +1,7 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gemspec path: "../" + +eval_gemfile("modular/f0.gemfile") diff --git a/gemfiles/ruby_2_4.gemfile b/gemfiles/ruby_2_4.gemfile new file mode 100644 index 00000000..3ad1f7eb --- /dev/null +++ b/gemfiles/ruby_2_4.gemfile @@ -0,0 +1,7 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gemspec path: "../" + +eval_gemfile("modular/f1.gemfile") diff --git a/gemfiles/ruby_2_5.gemfile b/gemfiles/ruby_2_5.gemfile new file mode 100644 index 00000000..3ad1f7eb --- /dev/null +++ b/gemfiles/ruby_2_5.gemfile @@ -0,0 +1,7 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gemspec path: "../" + +eval_gemfile("modular/f1.gemfile") diff --git a/gemfiles/ruby_2_6.gemfile b/gemfiles/ruby_2_6.gemfile new file mode 100644 index 00000000..b9614aaa --- /dev/null +++ b/gemfiles/ruby_2_6.gemfile @@ -0,0 +1,10 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gem "mutex_m", "~> 0.2" +gem "stringio", "~> 3.0" + +gemspec path: "../" + +eval_gemfile("modular/f2.gemfile") diff --git a/gemfiles/ruby_2_7.gemfile b/gemfiles/ruby_2_7.gemfile new file mode 100644 index 00000000..b9614aaa --- /dev/null +++ b/gemfiles/ruby_2_7.gemfile @@ -0,0 +1,10 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gem "mutex_m", "~> 0.2" +gem "stringio", "~> 3.0" + +gemspec path: "../" + +eval_gemfile("modular/f2.gemfile") diff --git a/gemfiles/ruby_3_0.gemfile b/gemfiles/ruby_3_0.gemfile new file mode 100644 index 00000000..b9614aaa --- /dev/null +++ b/gemfiles/ruby_3_0.gemfile @@ -0,0 +1,10 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gem "mutex_m", "~> 0.2" +gem "stringio", "~> 3.0" + +gemspec path: "../" + +eval_gemfile("modular/f2.gemfile") diff --git a/gemfiles/ruby_3_1.gemfile b/gemfiles/ruby_3_1.gemfile new file mode 100644 index 00000000..b9614aaa --- /dev/null +++ b/gemfiles/ruby_3_1.gemfile @@ -0,0 +1,10 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gem "mutex_m", "~> 0.2" +gem "stringio", "~> 3.0" + +gemspec path: "../" + +eval_gemfile("modular/f2.gemfile") diff --git a/gemfiles/ruby_3_2.gemfile b/gemfiles/ruby_3_2.gemfile new file mode 100644 index 00000000..b9614aaa --- /dev/null +++ b/gemfiles/ruby_3_2.gemfile @@ -0,0 +1,10 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gem "mutex_m", "~> 0.2" +gem "stringio", "~> 3.0" + +gemspec path: "../" + +eval_gemfile("modular/f2.gemfile") diff --git a/gemfiles/ruby_3_3.gemfile b/gemfiles/ruby_3_3.gemfile new file mode 100644 index 00000000..b9614aaa --- /dev/null +++ b/gemfiles/ruby_3_3.gemfile @@ -0,0 +1,10 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gem "mutex_m", "~> 0.2" +gem "stringio", "~> 3.0" + +gemspec path: "../" + +eval_gemfile("modular/f2.gemfile") diff --git a/gemfiles/ruby_head.gemfile b/gemfiles/ruby_head.gemfile deleted file mode 100644 index 7573a1b5..00000000 --- a/gemfiles/ruby_head.gemfile +++ /dev/null @@ -1,5 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org/" - -gemspec path: "../" diff --git a/gemfiles/style.gemfile b/gemfiles/style.gemfile new file mode 100644 index 00000000..b8001616 --- /dev/null +++ b/gemfiles/style.gemfile @@ -0,0 +1,12 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gem "mutex_m", "~> 0.2" +gem "stringio", "~> 3.0" + +gemspec path: "../" + +eval_gemfile("modular/f2.gemfile") + +eval_gemfile("modular/style.gemfile") diff --git a/gemfiles/truffleruby.gemfile b/gemfiles/truffleruby.gemfile deleted file mode 100644 index 7573a1b5..00000000 --- a/gemfiles/truffleruby.gemfile +++ /dev/null @@ -1,5 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org/" - -gemspec path: "../" diff --git a/gemfiles/vanilla.gemfile b/gemfiles/vanilla.gemfile index 78c20166..095e6608 100644 --- a/gemfiles/vanilla.gemfile +++ b/gemfiles/vanilla.gemfile @@ -1,11 +1,5 @@ -# This gemfile is used for GitLab CI, current ruby pipeline. -# This gemfile includes all dependencies necessary to run the naked `rake default` set of tasks +# This file was generated by Appraisal source "https://rubygems.org/" -# Root Gemfile is only for local development. -# On CI, we only need the gemspec dependencies (including development dependencies). -# Exceptions, if any, will be found in gemfiles/*.gemfile - -# The vanilla gemfile is intended to what we can with *only* gemspec dependencies. gemspec path: "../" From 6b29b1fbf1fe7ccc8e93aec7fb2a68dfae6fe742 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 07:41:51 +0700 Subject: [PATCH 278/645] =?UTF-8?q?=F0=9F=91=B7=20Setup=20appraisals=20mor?= =?UTF-8?q?e?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/macos-ancient.yml | 4 +- .gitignore | 1 + Appraisal.root.gemfile.lock | 183 ---------------------------- 3 files changed, 2 insertions(+), 186 deletions(-) delete mode 100644 Appraisal.root.gemfile.lock diff --git a/.github/workflows/macos-ancient.yml b/.github/workflows/macos-ancient.yml index 01afae7e..07bafdd7 100644 --- a/.github/workflows/macos-ancient.yml +++ b/.github/workflows/macos-ancient.yml @@ -29,7 +29,7 @@ jobs: test: name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }} if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" - runs-on: ubuntu-22.04 + runs-on: macos-10.15 continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile @@ -46,8 +46,6 @@ jobs: rubygems: '2.7.11' bundler: '1.17.3' - runs-on: macos-10.15 - continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} steps: - name: Checkout uses: actions/checkout@v4 diff --git a/.gitignore b/.gitignore index aa5a7c14..fc2a2cd5 100644 --- a/.gitignore +++ b/.gitignore @@ -11,6 +11,7 @@ /gemfiles/.bundle/ /gemfiles/.bundle/config /gemfiles/vendor/ +Appraisal.*.gemfile.lock # Specs /coverage/ diff --git a/Appraisal.root.gemfile.lock b/Appraisal.root.gemfile.lock deleted file mode 100644 index 4129b87d..00000000 --- a/Appraisal.root.gemfile.lock +++ /dev/null @@ -1,183 +0,0 @@ -GIT - remote: https://github.com/pboling/appraisal - revision: a3a3e4b7db67d9b085f96b2ffddd2b51bd8a1196 - branch: galtzo - specs: - appraisal (3.0.0.rc1) - bundler (>= 1.17.3) - rake (>= 10) - thor (>= 0.14) - -PATH - remote: . - specs: - oauth2 (2.0.10) - faraday (>= 0.17.3, < 3.0) - jwt (>= 1.0, < 3.0) - multi_xml (~> 0.5) - rack (>= 1.2, < 4) - snaky_hash (~> 2.0) - version_gem (>= 1.1.8, < 3) - -GEM - remote: https://rubygems.org/ - specs: - addressable (2.8.7) - public_suffix (>= 2.0.2, < 7.0) - ast (2.4.3) - backports (3.25.1) - base64 (0.2.0) - bigdecimal (3.1.9) - diff-lcs (1.6.2) - diffy (3.4.3) - faraday (2.13.1) - faraday-net_http (>= 2.0, < 3.5) - json - logger - faraday-net_http (3.4.0) - net-http (>= 0.5.0) - hashie (5.0.0) - json (2.12.0) - jwt (2.10.1) - base64 - language_server-protocol (3.17.0.5) - lint_roller (1.1.0) - logger (1.7.0) - multi_xml (0.7.2) - bigdecimal (~> 3.1) - net-http (0.6.0) - uri - nkf (0.2.0) - parallel (1.27.0) - parser (3.3.8.0) - ast (~> 2.4.1) - racc - prism (1.4.0) - public_suffix (6.0.2) - racc (1.8.1) - rack (3.1.14) - rainbow (3.1.1) - rake (13.2.1) - regexp_parser (2.10.0) - rexml (3.4.1) - rspec (3.13.0) - rspec-core (~> 3.13.0) - rspec-expectations (~> 3.13.0) - rspec-mocks (~> 3.13.0) - rspec-block_is_expected (1.0.6) - rspec-core (3.13.3) - rspec-support (~> 3.13.0) - rspec-expectations (3.13.4) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.13.0) - rspec-mocks (3.13.4) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.13.0) - rspec-pending_for (0.1.17) - rake (>= 10) - rspec-core (~> 3.0) - ruby_engine (~> 2.0) - ruby_version (~> 1.0) - rspec-stubbed_env (1.0.2) - rspec-support (3.13.3) - rubocop (1.75.5) - json (~> 2.3) - language_server-protocol (~> 3.17.0.2) - lint_roller (~> 1.1.0) - parallel (~> 1.10) - parser (>= 3.3.0.2) - rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 2.9.3, < 3.0) - rubocop-ast (>= 1.44.0, < 2.0) - ruby-progressbar (~> 1.7) - unicode-display_width (>= 2.4.0, < 4.0) - rubocop-ast (1.44.1) - parser (>= 3.3.7.2) - prism (~> 1.4) - rubocop-gradual (0.3.6) - diff-lcs (>= 1.2.0, < 2.0) - diffy (~> 3.0) - parallel (~> 1.10) - rainbow (>= 2.2.2, < 4.0) - rubocop (~> 1.0) - rubocop-lts (8.1.1) - rubocop-ruby2_2 (>= 2.0.3, < 3) - standard-rubocop-lts (>= 1.0.3, < 3) - version_gem (>= 1.1.2, < 3) - rubocop-md (1.2.4) - rubocop (>= 1.45) - rubocop-performance (1.25.0) - lint_roller (~> 1.1) - rubocop (>= 1.75.0, < 2.0) - rubocop-ast (>= 1.38.0, < 2.0) - rubocop-rake (0.7.1) - lint_roller (~> 1.1) - rubocop (>= 1.72.1) - rubocop-ruby2_2 (2.0.5) - rubocop-gradual (~> 0.3, >= 0.3.1) - rubocop-md (~> 1.2) - rubocop-rake (~> 0.6) - rubocop-shopify (~> 2.14) - rubocop-thread_safety (~> 0.5, >= 0.5.1) - standard-rubocop-lts (~> 1.0, >= 1.0.7) - version_gem (>= 1.1.3, < 3) - rubocop-shopify (2.17.0) - rubocop (~> 1.62) - rubocop-thread_safety (0.7.2) - lint_roller (~> 1.1) - rubocop (~> 1.72, >= 1.72.1) - ruby-progressbar (1.13.0) - ruby_engine (2.0.3) - ruby_version (1.0.3) - silent_stream (1.0.10) - logger (>= 1.4.4) - version_gem (~> 1.1, >= 1.1.7) - snaky_hash (2.0.1) - hashie - version_gem (~> 1.1, >= 1.1.1) - standard (1.50.0) - language_server-protocol (~> 3.17.0.2) - lint_roller (~> 1.0) - rubocop (~> 1.75.5) - standard-custom (~> 1.0.0) - standard-performance (~> 1.8) - standard-custom (1.0.2) - lint_roller (~> 1.0) - rubocop (~> 1.50) - standard-performance (1.8.0) - lint_roller (~> 1.1) - rubocop-performance (~> 1.25.0) - standard-rubocop-lts (1.0.10) - rspec-block_is_expected (~> 1.0, >= 1.0.5) - standard (>= 1.35.1, < 2) - standard-custom (>= 1.0.2, < 2) - standard-performance (>= 1.3.1, < 2) - version_gem (>= 1.1.4, < 3) - thor (1.3.2) - unicode-display_width (3.1.4) - unicode-emoji (~> 4.0, >= 4.0.4) - unicode-emoji (4.0.4) - uri (1.0.3) - version_gem (1.1.8) - -PLATFORMS - ruby - x86_64-linux - -DEPENDENCIES - addressable (>= 2) - appraisal! - backports (>= 3) - nkf (~> 0.2) - oauth2! - rake (>= 12) - rexml (>= 3) - rspec (>= 3) - rspec-block_is_expected - rspec-pending_for - rspec-stubbed_env - rubocop-lts (~> 8.0) - silent_stream - -BUNDLED WITH - 2.6.9 From 581d2b15f76e531397a6da0a03af94f0dd2093de Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 07:43:38 +0700 Subject: [PATCH 279/645] =?UTF-8?q?=F0=9F=91=B7=20Update=20actions/checkou?= =?UTF-8?q?t@v4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/danger.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index acf3d2f6..91912667 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml index 9b9f539c..8d5d1398 100644 --- a/.github/workflows/danger.yml +++ b/.github/workflows/danger.yml @@ -26,7 +26,7 @@ jobs: - "ruby" steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Ruby & Bundle uses: ruby/setup-ruby@v1 with: From ae505bcc1a398007daca956025ab67452893c283 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 07:51:36 +0700 Subject: [PATCH 280/645] =?UTF-8?q?=F0=9F=91=B7=20Move=20rubocop-lts=20to?= =?UTF-8?q?=20style.gemfile?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Gemfile.lock | 2 +- gemfiles/modular/style.gemfile | 2 +- oauth2.gemspec | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 0d85a2a5..70d14049 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -297,7 +297,7 @@ DEPENDENCIES rspec-pending_for rspec-stubbed_env rubocop (~> 1.73, >= 1.73.2) - rubocop-lts (~> 8.0) + rubocop-lts (~> 8.1, >= 8.1.1) rubocop-packaging (~> 0.5, >= 0.5.2) rubocop-rspec (~> 3.2) silent_stream diff --git a/gemfiles/modular/style.gemfile b/gemfiles/modular/style.gemfile index 8966ca93..fff2231f 100644 --- a/gemfiles/modular/style.gemfile +++ b/gemfiles/modular/style.gemfile @@ -5,7 +5,7 @@ gem "reek", "~> 6.4" gem "rubocop", "~> 1.73", ">= 1.73.2" -# gem "rubocop-lts", "~> 0.1", ">= 0.1.1" # Linting for Ruby >= 1.8 +gem "rubocop-lts", "~> 8.1", ">= 8.1.1" # Linting for Ruby >= 2.2 gem "rubocop-packaging", "~> 0.5", ">= 0.5.2" gem "rubocop-rspec", "~> 3.2" gem "standard", "~> 1.47" diff --git a/oauth2.gemspec b/oauth2.gemspec index 9c77ef34..c76dfdb4 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -130,6 +130,5 @@ Thanks, |7eter l-|. l3oling spec.add_development_dependency("rspec-block_is_expected") spec.add_development_dependency("rspec-pending_for") spec.add_development_dependency("rspec-stubbed_env") - spec.add_development_dependency("rubocop-lts", "~> 8.0") spec.add_development_dependency("silent_stream") end From d80691c32dbf05372e5f9ea15a25b9a30b796f46 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 07:55:04 +0700 Subject: [PATCH 281/645] =?UTF-8?q?=F0=9F=91=B7=20Disable=20testing=20on?= =?UTF-8?q?=20truffleruby=20v22.3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/truffle.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/truffle.yml b/.github/workflows/truffle.yml index b614bdc2..84f3a111 100644 --- a/.github/workflows/truffle.yml +++ b/.github/workflows/truffle.yml @@ -37,14 +37,6 @@ jobs: matrix: include: # NOTE: truffleruby does not support upgrading rubygems. - # truffleruby-22.3 (targets Ruby 3.0 compatibility) - - ruby: "truffleruby-22.3" - appraisal: "ruby-3-0" - exec_cmd: "rake test" - gemfile: "Appraisal.root" - rubygems: default - bundler: default - # truffleruby-23.0 (targets Ruby 3.1 compatibility) - ruby: "truffleruby-23.0" appraisal: "ruby-3-1" From d4155cff9373384ba1268b4fd64ed4a5b8bce3a0 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 07:56:21 +0700 Subject: [PATCH 282/645] =?UTF-8?q?=F0=9F=91=B7=20Disable=20testing=20truf?= =?UTF-8?q?fleruby=20on=20Windows?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/windows.yml | 12 +----------- .rubocop_gradual.lock | 4 ++-- 2 files changed, 3 insertions(+), 13 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index ea6866f7..80d511a9 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -1,5 +1,5 @@ # Targets the evergreen latest release of ruby, truffleruby, and jruby -name: Current +name: Windows env: K_SOUP_COV_DO: false @@ -45,16 +45,6 @@ jobs: rubygems: latest bundler: latest - # truffleruby-24.1 - # (according to documentation: targets Ruby 3.3 compatibility) - # (according to runtime: targets Ruby 3.2 compatibility) - - ruby: "truffleruby" - appraisal: "current" - exec_cmd: "rake test" - gemfile: "Appraisal.root" - rubygems: default - bundler: default - # jruby-10.0 (targets Ruby 3.4 compatibility) - ruby: "jruby" appraisal: "current" diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 469a85d4..78e8e3e4 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -21,7 +21,7 @@ "lib/oauth2/response.rb:877496664": [ [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] ], - "oauth2.gemspec:1672982387": [ + "oauth2.gemspec:4045332820": [ [5, 6, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028], [117, 3, 54, "Gemspec/DependencyVersion: Dependency version specification is required.", 3677216839], [118, 3, 47, "Gemspec/DependencyVersion: Dependency version specification is required.", 2440116108], @@ -29,7 +29,7 @@ [130, 3, 58, "Gemspec/DependencyVersion: Dependency version specification is required.", 2795510341], [131, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 804182931], [132, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 3163430777], - [134, 3, 48, "Gemspec/DependencyVersion: Dependency version specification is required.", 425065368] + [133, 3, 48, "Gemspec/DependencyVersion: Dependency version specification is required.", 425065368] ], "spec/examples/google_spec.rb:1491180421": [ [9, 3, 5115, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1014001606], From 5519806e5746f46d471f0ba11b1e73b5655c9528 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 07:57:28 +0700 Subject: [PATCH 283/645] =?UTF-8?q?=F0=9F=91=B7=20Disable=20testing=20jrub?= =?UTF-8?q?y=209.1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/jruby.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.github/workflows/jruby.yml b/.github/workflows/jruby.yml index 1de8d577..29032084 100644 --- a/.github/workflows/jruby.yml +++ b/.github/workflows/jruby.yml @@ -36,15 +36,6 @@ jobs: strategy: matrix: include: - # TODO: truffleruby does not support upgrading rubygems; VALIDATE ASSUMPTION that same applies to JRuby - # jruby-9.1 (targets Ruby 2.3 compatibility) - - ruby: "jruby-9.1" - appraisal: "ruby-2-3" - exec_cmd: "rake test" - gemfile: "Appraisal.root" - rubygems: default - bundler: default - # jruby-9.2 (targets Ruby 2.5 compatibility) - ruby: "jruby-9.2" appraisal: "ruby-2-5" From da1466abae6b975abe7834b2950281f4831e6d7f Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 08:16:46 +0700 Subject: [PATCH 284/645] =?UTF-8?q?=F0=9F=91=B7=20Fixes=20for=20old=20vers?= =?UTF-8?q?ions=20of=20JWT=20and=20Faraday?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 109 ++++--------------------- .rubocop_rspec.yml | 2 + spec/oauth2/client_spec.rb | 7 +- spec/oauth2/strategy/assertion_spec.rb | 8 +- spec/oauth2/version_spec.rb | 36 +------- spec/spec_helper.rb | 2 + 6 files changed, 38 insertions(+), 126 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 78e8e3e4..8c05a78b 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -31,39 +31,11 @@ [132, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 3163430777], [133, 3, 48, "Gemspec/DependencyVersion: Dependency version specification is required.", 425065368] ], - "spec/examples/google_spec.rb:1491180421": [ - [9, 3, 5115, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1014001606], - [97, 5, 1016, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3156315524], - [121, 5, 783, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 1916865261] - ], "spec/oauth2/access_token_spec.rb:1576666213": [ [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547], - [25, 3, 1935, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1152039306], - [42, 5, 915, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1914441490], - [56, 7, 507, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3775341637], - [81, 5, 564, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 935902373], - [145, 7, 371, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 81675473], - [156, 7, 269, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2703574041], - [166, 7, 343, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 571450510], - [177, 7, 1671, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2358061917], - [185, 9, 218, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2937949503], - [193, 9, 1213, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3948450440], - [201, 11, 416, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3896472588], - [206, 13, 238, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 669428729], - [215, 11, 250, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 962614116], - [223, 11, 249, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1923581233], - [471, 5, 968, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 908014549], - [500, 5, 1224, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [9/5]", 2179768666], [590, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088], - [641, 3, 3135, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 2805647353], [660, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639], - [664, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967], - [672, 5, 472, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [9/5]", 1289485551], - [702, 5, 346, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 2554883613], - [712, 5, 398, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 2789987624], - [723, 5, 413, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 1645012911], - [734, 5, 263, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 4224752268], - [753, 3, 385, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 293530329] + [664, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967] ], "spec/oauth2/authenticator_spec.rb:853320290": [ [3, 1, 36, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/authenticator*_spec.rb`.", 819808017], @@ -72,7 +44,7 @@ [69, 15, 38, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1480816240], [79, 13, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2314399065] ], - "spec/oauth2/client_spec.rb:4220405778": [ + "spec/oauth2/client_spec.rb:3773709445": [ [6, 1, 29, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/client*_spec.rb`.", 439549885], [174, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224], [193, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205], @@ -80,38 +52,18 @@ [221, 15, 20, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1276531672], [236, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1383956904], [251, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3376202107], - [472, 7, 241, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1113144453], - [479, 7, 233, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2616254065], - [585, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], - [594, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], - [605, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], - [626, 5, 1711, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 821658737], - [638, 7, 564, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3188010848], - [645, 9, 314, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 2323166106], - [650, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], - [655, 7, 745, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2242274228], - [658, 9, 379, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3157074309], - [668, 9, 266, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 165934392], - [679, 5, 2992, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3212702825], - [695, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [699, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [707, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], - [711, 7, 812, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3531056573], - [719, 9, 505, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2126944993], - [735, 7, 571, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2450549440], - [738, 9, 209, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 1769133328], - [746, 9, 262, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [8/5]", 165934392], - [756, 7, 275, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 4192619324], - [764, 7, 377, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1634937780], - [779, 5, 1920, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 3715188517], - [795, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [799, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [807, 7, 298, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2420524519], - [816, 7, 474, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 2129407861], - [828, 7, 357, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [6/5]", 1696484657], - [879, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325], - [904, 5, 459, "RSpec/NoExpectationExample: No expectation found in this example.", 2216851076], - [914, 7, 450, "RSpec/NoExpectationExample: No expectation found in this example.", 2619808549] + [590, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], + [599, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], + [610, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], + [655, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], + [700, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [704, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [712, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], + [800, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [804, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [884, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325], + [909, 5, 459, "RSpec/NoExpectationExample: No expectation found in this example.", 2216851076], + [919, 7, 450, "RSpec/NoExpectationExample: No expectation found in this example.", 2619808549] ], "spec/oauth2/error_spec.rb:1209122273": [ [23, 1, 28, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/error*_spec.rb`.", 3385870076], @@ -127,36 +79,11 @@ [3, 1, 31, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/response*_spec.rb`.", 3190869319], [317, 33, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785] ], - "spec/oauth2/strategy/assertion_spec.rb:1649395638": [ - [6, 1, 42, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/assertion*_spec.rb`.", 3665690869], - [39, 3, 8028, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3790653154], - [59, 5, 3399, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 1213098407], - [68, 7, 475, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 3673049530], - [83, 7, 511, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 1482428850], - [94, 9, 174, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 509043384], - [101, 7, 626, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 1073364157], - [112, 9, 276, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [12/5]", 3402508104], - [121, 7, 1463, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 631415582], - [124, 9, 431, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 1333000403], - [134, 9, 268, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 4208916299], - [142, 9, 312, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 4006695562], - [152, 9, 300, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [11/5]", 504386954], - [164, 5, 2485, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3985973933], - [165, 7, 1368, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 975431363], - [190, 7, 1057, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2712213015], - [212, 5, 1639, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [9/5]", 325089515], - [217, 9, 1383, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [9/5]", 2493875547], - [246, 11, 260, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [9/5]", 3397767518], - [254, 11, 223, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [9/5]", 242220550] + "spec/oauth2/strategy/assertion_spec.rb:2269367634": [ + [6, 1, 42, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/assertion*_spec.rb`.", 3665690869] ], "spec/oauth2/strategy/auth_code_spec.rb:142083698": [ - [4, 1, 41, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/auth_code*_spec.rb`.", 1553708922], - [4, 1, 5753, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 833437399], - [48, 3, 919, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3083983110], - [75, 3, 522, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 1383502446], - [94, 3, 672, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3159970527], - [119, 3, 372, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 3139680688], - [131, 7, 986, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [7/5]", 2685471594] + [4, 1, 41, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/auth_code*_spec.rb`.", 1553708922] ], "spec/oauth2/strategy/base_spec.rb:2524881749": [ [3, 1, 37, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/base*_spec.rb`.", 1951594922] @@ -170,7 +97,7 @@ "spec/oauth2/strategy/password_spec.rb:331601826": [ [3, 1, 41, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/password*_spec.rb`.", 3463323840] ], - "spec/oauth2/version_spec.rb:2895330438": [ + "spec/oauth2/version_spec.rb:1001406821": [ [3, 1, 30, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/version*_spec.rb`.", 1099517182] ], "spec/oauth2_spec.rb:1511642301": [ diff --git a/.rubocop_rspec.yml b/.rubocop_rspec.yml index 461083ca..a5147665 100644 --- a/.rubocop_rspec.yml +++ b/.rubocop_rspec.yml @@ -26,3 +26,5 @@ RSpec/DescribeClass: Exclude: - 'spec/examples/*' +RSpec/MultipleMemoizedHelpers: + Enabled: false \ No newline at end of file diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 8855827f..59dedc4f 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -334,8 +334,13 @@ {scope: "email profile"} end + # This doesn't happen on Faraday v0, since it isn't an option until Faraday v1.0.0 it "encoded as %20" do - expect(subject).to include "email%20profile" + if Faraday::VERSION >= "1.0.0" + expect(subject).to include "email%20profile" + else + expect(subject).to include "email+profile" + end end end end diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index 64498d53..c99ac6c7 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -127,7 +127,13 @@ it "raises JWT::EncodeError" do # this behavior is handled by the JWT gem, but this should make sure it is consistent - expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(JWT::EncodeError, "Unsupported signing method") + # On old Ruby (versions 2.4 and below) the error raised was different because + # a very old version of the jwt gem gets installed. + if VersionGem::Ruby.gte_minimum_version?("2.5") + expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(JWT::EncodeError, "Unsupported signing method") + else + expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(NotImplementedError) + end end end diff --git a/spec/oauth2/version_spec.rb b/spec/oauth2/version_spec.rb index 1f2edbe1..b17c61bb 100644 --- a/spec/oauth2/version_spec.rb +++ b/spec/oauth2/version_spec.rb @@ -1,39 +1,9 @@ # frozen_string_literal: true RSpec.describe OAuth2::Version do - it "has a version number" do - expect(described_class).not_to be_nil - end - - it "can be a string" do - expect(described_class.to_s).to be_a(String) - end - - it "allows Constant access" do - expect(described_class::VERSION).to be_a(String) - end - - it "is greater than 0.1.0" do - expect(Gem::Version.new(described_class) > Gem::Version.new("0.1.0")).to be(true) - end - - it "major version is an integer" do - expect(described_class.major).to be_a(Integer) - end - - it "minor version is an integer" do - expect(described_class.minor).to be_a(Integer) - end - - it "patch version is an integer" do - expect(described_class.patch).to be_a(Integer) - end - - it "returns a Hash" do - expect(described_class.to_h.keys).to match_array(%i[major minor patch pre]) - end + it_behaves_like "a Version module", described_class - it "returns an Array" do - expect(described_class.to_a).to be_a(Array) + it "is greater than 1.0.0" do + expect(Gem::Version.new(described_class) >= Gem::Version.new("1.0.0")).to(be(true)) end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 4821f668..949225bd 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -9,6 +9,8 @@ require "addressable/uri" require "rspec/pending_for" require "rspec/block_is_expected" +require "version_gem/ruby" +require "version_gem/rspec" # Extensions require_relative "ext/backports" From e6a3de3fb1f12dbadd782d3eb16d4f242cf8c382 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 08:23:34 +0700 Subject: [PATCH 285/645] =?UTF-8?q?=F0=9F=91=B7=20Fixes=20for=20trufflerub?= =?UTF-8?q?y=20&=20jruby?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- spec/oauth2/strategy/assertion_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index c99ac6c7..d319c854 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -128,8 +128,8 @@ it "raises JWT::EncodeError" do # this behavior is handled by the JWT gem, but this should make sure it is consistent # On old Ruby (versions 2.4 and below) the error raised was different because - # a very old version of the jwt gem gets installed. - if VersionGem::Ruby.gte_minimum_version?("2.5") + # an old version (< v2.4) of the jwt gem gets installed. + if Gem::Version.new(JWT::VERSION) >= Gem::Version.new("2.4") expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(JWT::EncodeError, "Unsupported signing method") else expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(NotImplementedError) From cdd6a5f256045d0c9aae0ee445d995b3af8bd307 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 08:28:10 +0700 Subject: [PATCH 286/645] =?UTF-8?q?=F0=9F=91=B7=20Fixes=20for=20trufflerub?= =?UTF-8?q?y=20&=20jruby?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 2 +- spec/oauth2/strategy/assertion_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 8c05a78b..d854da24 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -79,7 +79,7 @@ [3, 1, 31, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/response*_spec.rb`.", 3190869319], [317, 33, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785] ], - "spec/oauth2/strategy/assertion_spec.rb:2269367634": [ + "spec/oauth2/strategy/assertion_spec.rb:2442437952": [ [6, 1, 42, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/assertion*_spec.rb`.", 3665690869] ], "spec/oauth2/strategy/auth_code_spec.rb:142083698": [ diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index d319c854..2c0ad13d 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -129,7 +129,7 @@ # this behavior is handled by the JWT gem, but this should make sure it is consistent # On old Ruby (versions 2.4 and below) the error raised was different because # an old version (< v2.4) of the jwt gem gets installed. - if Gem::Version.new(JWT::VERSION) >= Gem::Version.new("2.4") + if Gem::Version.create(JWT::VERSION::STRING) >= Gem::Version.create("2.4") expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(JWT::EncodeError, "Unsupported signing method") else expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(NotImplementedError) From fa546ea77d76161503fdaa2685cb0f19b1ef90be Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 08:29:58 +0700 Subject: [PATCH 287/645] =?UTF-8?q?=F0=9F=91=B7=20Fixes=20for=20trufflerub?= =?UTF-8?q?y=20&=20jruby?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- spec/oauth2/strategy/assertion_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index 2c0ad13d..3cde2842 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -129,7 +129,7 @@ # this behavior is handled by the JWT gem, but this should make sure it is consistent # On old Ruby (versions 2.4 and below) the error raised was different because # an old version (< v2.4) of the jwt gem gets installed. - if Gem::Version.create(JWT::VERSION::STRING) >= Gem::Version.create("2.4") + if defined?(JWT::VERSION::STRING) && Gem::Version.create(JWT::VERSION::STRING) >= Gem::Version.create("2.4") expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(JWT::EncodeError, "Unsupported signing method") else expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(NotImplementedError) From 2ea38657ea3bc191f13f2e475c872599e45f6b9c Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 08:32:21 +0700 Subject: [PATCH 288/645] =?UTF-8?q?=F0=9F=91=B7=20Disable=20truffleruby=20?= =?UTF-8?q?23.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/truffle.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/truffle.yml b/.github/workflows/truffle.yml index 84f3a111..611cfb84 100644 --- a/.github/workflows/truffle.yml +++ b/.github/workflows/truffle.yml @@ -37,14 +37,6 @@ jobs: matrix: include: # NOTE: truffleruby does not support upgrading rubygems. - # truffleruby-23.0 (targets Ruby 3.1 compatibility) - - ruby: "truffleruby-23.0" - appraisal: "ruby-3-1" - exec_cmd: "rake test" - gemfile: "Appraisal.root" - rubygems: default - bundler: default - # truffleruby-23.1 (targets Ruby 3.2 compatibility) - ruby: "truffleruby-23.1" appraisal: "ruby-3-2" From f84fad30d5b135463540b87c52a59fba969c67b9 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 08:33:07 +0700 Subject: [PATCH 289/645] =?UTF-8?q?=F0=9F=9A=A8=20lint=20lock=20update?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index d854da24..56c26231 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -79,7 +79,7 @@ [3, 1, 31, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/response*_spec.rb`.", 3190869319], [317, 33, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785] ], - "spec/oauth2/strategy/assertion_spec.rb:2442437952": [ + "spec/oauth2/strategy/assertion_spec.rb:3215095897": [ [6, 1, 42, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/assertion*_spec.rb`.", 3665690869] ], "spec/oauth2/strategy/auth_code_spec.rb:142083698": [ From eb221f48d7af62196e635e1ca77d076c685e4d7f Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 08:44:12 +0700 Subject: [PATCH 290/645] =?UTF-8?q?=F0=9F=91=B7=20turn=20off=20CodeClimate?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/coverage.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index d59084e2..e32e74c8 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -51,12 +51,6 @@ jobs: bundler: latest steps: - - uses: amancevice/setup-code-climate@v2 - name: CodeClimate Install - if: ${{ github.event_name != 'pull_request' }} - with: - cc_test_reporter_id: ${{ secrets.CC_TEST_REPORTER_ID }} - - name: Checkout uses: actions/checkout@v4 From f06c52a1d9ad820855d8d9ba52f8e4cd620ea6e3 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 08:45:19 +0700 Subject: [PATCH 291/645] =?UTF-8?q?=F0=9F=91=B7=20turn=20off=20MacOS=2010.?= =?UTF-8?q?15?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/macos-ancient.yml | 69 ----------------------------- 1 file changed, 69 deletions(-) delete mode 100644 .github/workflows/macos-ancient.yml diff --git a/.github/workflows/macos-ancient.yml b/.github/workflows/macos-ancient.yml deleted file mode 100644 index 07bafdd7..00000000 --- a/.github/workflows/macos-ancient.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: Old MacOS - -env: - K_SOUP_COV_DO: false - -on: - push: - branches: - - 'main' - - '*-stable' - tags: - - '!*' # Do not execute on tags - pull_request: - branches: - - '*' - # Allow manually triggering the workflow. - workflow_dispatch: - -permissions: - contents: read - -# Cancels all previous workflow runs for the same branch that have not yet completed. -concurrency: - # The concurrency group contains the workflow name and the branch name. - group: "${{ github.workflow }}-${{ github.ref }}" - cancel-in-progress: true - -jobs: - test: - name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }} - if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" - runs-on: macos-10.15 - continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} - env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps - BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile - strategy: - fail-fast: false - matrix: - include: - # Ruby 2.2 - - ruby: "ruby-2.2" - appraisal: "ruby-2-2" - experimental: true - exec_cmd: "rake test" - gemfile: "Appraisal.root" - rubygems: '2.7.11' - bundler: '1.17.3' - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Ruby & RubyGems - uses: ruby/setup-ruby@v1 - with: - ruby-version: ${{ matrix.ruby }} - rubygems: ${{ matrix.rubygems }} - bundler: ${{ matrix.bundler }} - bundler-cache: false - - # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) - # We need to do this first to get appraisal installed. - # NOTE: This does not use the primary Gemfile at all. - - name: Install Root Appraisal - run: bundle - - name: Appraisal for ${{ matrix.appraisal }} - run: bundle exec appraisal ${{ matrix.appraisal }} bundle - - name: Tests for ${{ matrix.ruby }} via ${{ matrix.exec_cmd }} - run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} From 0beef94ccf48043c6d40bfd88cb16ab5f1761f97 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 08:55:35 +0700 Subject: [PATCH 292/645] =?UTF-8?q?=F0=9F=91=B7=20turn=20off=20JRuby=20on?= =?UTF-8?q?=20Windows?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/windows.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 80d511a9..2d82972a 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -45,14 +45,6 @@ jobs: rubygems: latest bundler: latest - # jruby-10.0 (targets Ruby 3.4 compatibility) - - ruby: "jruby" - appraisal: "current" - exec_cmd: "rake test" - gemfile: "Appraisal.root" - rubygems: default - bundler: default - steps: - name: Checkout uses: actions/checkout@v4 From a1c99e55a9311d543a71033476e35866e185af34 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 08:58:37 +0700 Subject: [PATCH 293/645] =?UTF-8?q?=F0=9F=91=B7=20fix=20branches=20to=20tr?= =?UTF-8?q?igger=20build?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/coverage.yml | 3 ++- .github/workflows/supported.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index e32e74c8..796aa073 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -12,7 +12,8 @@ env: on: push: branches: - - 'master' + - 'main' + - '*-stable' tags: - '!*' # Do not execute on tags pull_request: diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml index db015205..832b2d1a 100644 --- a/.github/workflows/supported.yml +++ b/.github/workflows/supported.yml @@ -6,7 +6,8 @@ env: on: push: branches: - - 'master' + - 'main' + - '*-stable' tags: - '!*' # Do not execute on tags pull_request: From 71e4759989db3db859dd6abfebfb42962839b3be Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 16:31:29 +0700 Subject: [PATCH 294/645] =?UTF-8?q?=F0=9F=91=B7=20try=20to=20fix=20dependa?= =?UTF-8?q?bot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- oauth2.gemspec | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index c76dfdb4..d32b93ae 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -2,14 +2,12 @@ # frozen_string_literal: true gem_version = - if RUBY_VERSION >= "3.1" + if Gem::Version.new(RUBY_VERSION) >= "3.1" # Loading version into an anonymous module allows version.rb to get code coverage from SimpleCov! # See: https://github.com/simplecov-ruby/simplecov/issues/557#issuecomment-2630782358 Module.new.tap { |mod| Kernel.load("lib/oauth2/version.rb", mod) }::OAuth2::Version::VERSION else - lib = File.expand_path("lib", __dir__) - $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) - require "oauth2/version" + require_relative "lib/oauth2/version" OAuth2::Version::VERSION end From 1bb35811aabf76b1a7fe6c865bd573ff0774168c Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 16:51:44 +0700 Subject: [PATCH 295/645] =?UTF-8?q?=F0=9F=91=B7=20try=20to=20fix=20dependa?= =?UTF-8?q?bot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- oauth2.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index d32b93ae..b58053e0 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -2,7 +2,7 @@ # frozen_string_literal: true gem_version = - if Gem::Version.new(RUBY_VERSION) >= "3.1" + if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new("3.1") # Loading version into an anonymous module allows version.rb to get code coverage from SimpleCov! # See: https://github.com/simplecov-ruby/simplecov/issues/557#issuecomment-2630782358 Module.new.tap { |mod| Kernel.load("lib/oauth2/version.rb", mod) }::OAuth2::Version::VERSION From e220fdb3dffc0a3431effc6fee1bca63288f8ee5 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 17:25:30 +0700 Subject: [PATCH 296/645] =?UTF-8?q?=F0=9F=9A=A8=20lint=20lock=20update?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 56c26231..379f4317 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -21,15 +21,15 @@ "lib/oauth2/response.rb:877496664": [ [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] ], - "oauth2.gemspec:4045332820": [ - [5, 6, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028], - [117, 3, 54, "Gemspec/DependencyVersion: Dependency version specification is required.", 3677216839], - [118, 3, 47, "Gemspec/DependencyVersion: Dependency version specification is required.", 2440116108], - [120, 3, 46, "Gemspec/DependencyVersion: Dependency version specification is required.", 1075698341], - [130, 3, 58, "Gemspec/DependencyVersion: Dependency version specification is required.", 2795510341], - [131, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 804182931], - [132, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 3163430777], - [133, 3, 48, "Gemspec/DependencyVersion: Dependency version specification is required.", 425065368] + "oauth2.gemspec:290828046": [ + [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028], + [115, 3, 54, "Gemspec/DependencyVersion: Dependency version specification is required.", 3677216839], + [116, 3, 47, "Gemspec/DependencyVersion: Dependency version specification is required.", 2440116108], + [118, 3, 46, "Gemspec/DependencyVersion: Dependency version specification is required.", 1075698341], + [128, 3, 58, "Gemspec/DependencyVersion: Dependency version specification is required.", 2795510341], + [129, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 804182931], + [130, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 3163430777], + [131, 3, 48, "Gemspec/DependencyVersion: Dependency version specification is required.", 425065368] ], "spec/oauth2/access_token_spec.rb:1576666213": [ [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547], From 53e0e3318b860d3f0e87f091d06498cbc12cc1cf Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 18:41:49 +0700 Subject: [PATCH 297/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20OAuth2::Clien?= =?UTF-8?q?t?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/oauth2/client.rb | 141 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 114 insertions(+), 27 deletions(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 4176cc25..3ece0925 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -23,25 +23,22 @@ class Client # rubocop:disable Metrics/ClassLength attr_writer :connection filtered_attributes :secret - # Instantiate a new OAuth 2.0 client using the - # Client ID and Client Secret registered to your - # application. + # Initializes a new OAuth2::Client instance using the Client ID and Client Secret registered to your application. # # @param [String] client_id the client_id value # @param [String] client_secret the client_secret value - # @param [Hash] options the options to create the client with + # @param [Hash] options the options to configure the client # @option options [String] :site the OAuth2 provider site host - # @option options [String] :redirect_uri the absolute URI to the Redirection Endpoint for use in authorization grants and token exchange # @option options [String] :authorize_url ('/oauth/authorize') absolute or relative URL path to the Authorization endpoint # @option options [String] :token_url ('/oauth/token') absolute or relative URL path to the Token endpoint # @option options [Symbol] :token_method (:post) HTTP method to use to request token (:get, :post, :post_with_query_string) - # @option options [Symbol] :auth_scheme (:basic_auth) HTTP method to use to authorize request (:basic_auth or :request_body) - # @option options [Hash] :connection_opts ({}) Hash of connection options to pass to initialize Faraday with - # @option options [FixNum] :max_redirects (5) maximum number of redirects to follow - # @option options [Boolean] :raise_errors (true) whether or not to raise an OAuth2::Error on responses with 400+ status codes - # @option options [Logger] :logger (::Logger.new($stdout)) which logger to use when OAUTH_DEBUG is enabled - # @option options [Proc] :extract_access_token proc that takes the client and the response Hash and extracts the access token from the response (DEPRECATED) - # @option options [Class] :access_token_class [Class] class of access token for easier subclassing OAuth2::AccessToken, @version 2.0+ + # @option options [Symbol] :auth_scheme (:basic_auth) the authentication scheme (:basic_auth or :request_body) + # @option options [Hash] :connection_opts ({}) Hash of connection options to pass to initialize Faraday + # @option options [Boolean] :raise_errors (true) whether to raise an OAuth2::Error on responses with 400+ status codes + # @option options [Integer] :max_redirects (5) maximum number of redirects to follow + # @option options [Logger] :logger (::Logger.new($stdout)) Logger instance for HTTP request/response output; requires OAUTH_DEBUG to be true + # @option options [Class] :access_token_class (AccessToken) class to use for access tokens; you can subclass OAuth2::AccessToken, @version 2.0+ + # @option options [Hash] :ssl SSL options for Faraday # @yield [builder] The Faraday connection builder def initialize(client_id, client_secret, options = {}, &block) opts = options.dup @@ -113,8 +110,8 @@ def token_url(https://github.com/params%20=%20nil) # @option opts [Hash] :params additional query parameters for the URL of the request # @option opts [Hash, String] :body the body of the request # @option opts [Hash] :headers http request headers - # @option opts [Boolean] :raise_errors whether or not to raise an OAuth2::Error on 400+ status - # code response for this request. Will default to client option + # @option opts [Boolean] :raise_errors whether to raise an OAuth2::Error on 400+ status + # code response for this request. Overrides the client instance setting. # @option opts [Symbol] :parse @see Response::initialize # @option opts [true, false] :snaky (true) @see Response::initialize # @yield [req] @see Faraday::Connection#run_request @@ -155,15 +152,29 @@ def request(verb, url, opts = {}, &block) end end - # Initializes an AccessToken by making a request to the token endpoint + # Retrieves an access token from the token endpoint using the specified parameters # - # @param params [Hash] a Hash of params for the token endpoint, except: - # @option params [Symbol] :parse @see Response#initialize - # @option params [true, false] :snaky (true) @see Response#initialize - # @param access_token_opts [Hash] access token options, to pass to the AccessToken object - # @param extract_access_token [Proc] proc that extracts the access token from the response (DEPRECATED) - # @yield [req] @see Faraday::Connection#run_request - # @return [AccessToken] the initialized AccessToken + # @param [Hash] params a Hash of params for the token endpoint + # * params can include a 'headers' key with a Hash of request headers + # * params can include a 'parse' key with the Symbol name of response parsing strategy (default: :automatic) + # * params can include a 'snaky' key to control snake_case conversion (default: false) + # @param [Hash] access_token_opts options that will be passed to the AccessToken initialization + # @param [Proc] extract_access_token (deprecated) a proc that can extract the access token from the response + # @yield [opts] The block is passed the options being used to make the request + # @yieldparam [Hash] opts options being passed to the http library + # + # @return [AccessToken, nil] the initialized AccessToken instance, or nil if token extraction fails + # and raise_errors is false + # + # @note The extract_access_token parameter is deprecated and will be removed in oauth2 v3. + # Use access_token_class on initialization instead. + # + # @example + # client.get_token( + # 'grant_type' => 'authorization_code', + # 'code' => 'auth_code_value', + # 'headers' => {'Authorization' => 'Basic ...'} + # ) def get_token(params, access_token_opts = {}, extract_access_token = nil, &block) warn("OAuth2::Client#get_token argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class` on #initialize.") if extract_access_token extract_access_token ||= options[:extract_access_token] @@ -176,7 +187,7 @@ def get_token(params, access_token_opts = {}, extract_access_token = nil, &block } if options[:token_method] == :post - # NOTE: If proliferation of request types continues we should implement a parser solution for Request, + # NOTE: If proliferation of request types continues, we should implement a parser solution for Request, # just like we have with Response. request_opts[:body] = if headers["Content-Type"] == "application/json" params.to_json @@ -269,6 +280,20 @@ def redirection_params private + # Processes and transforms the input parameters for OAuth requests + # + # @param [Hash] params the input parameters to process + # @option params [Symbol, nil] :parse (:automatic) parsing strategy for the response + # @option params [Boolean] :snaky (true) whether to convert response keys to snake_case + # @option params [Hash] :headers HTTP headers for the request + # + # @return [Array<(Symbol, Boolean, Hash, Hash)>] Returns an array containing: + # - [Symbol, nil] parse strategy + # - [Boolean] snaky flag for response key transformation + # - [Hash] processed parameters + # - [Hash] HTTP headers + # + # @api private def parse_snaky_params_headers(params) params = params.map do |key, value| if RESERVED_PARAM_KEYS.include?(key) @@ -285,6 +310,26 @@ def parse_snaky_params_headers(params) [parse, snaky, params, headers] end + # Executes an HTTP request with error handling and response processing + # + # @param [Symbol] verb the HTTP method to use (:get, :post, :put, :delete) + # @param [String] url the URL for the request + # @param [Hash] opts the request options + # @option opts [Hash] :body the request body + # @option opts [Hash] :headers the request headers + # @option opts [Hash] :params the query parameters to append to the URL + # @option opts [Symbol, nil] :parse (:automatic) parsing strategy for the response + # @option opts [Boolean] :snaky (true) whether to convert response keys to snake_case + # + # @yield [req] gives access to the request object before sending + # @yieldparam [Faraday::Request] req the request object that can be modified + # + # @return [OAuth2::Response] the response wrapped in an OAuth2::Response object + # + # @raise [OAuth2::ConnectionError] when there's a network error + # @raise [OAuth2::TimeoutError] when the request times out + # + # @api private def execute_request(verb, url, opts = {}) url = connection.build_https://github.com/url(url).to_s @@ -312,6 +357,20 @@ def authenticator Authenticator.new(id, secret, options[:auth_scheme]) end + # Parses the OAuth response and builds an access token using legacy extraction method + # + # @deprecated Use {#parse_response} instead + # + # @param [OAuth2::Response] response the OAuth2::Response from the token endpoint + # @param [Hash] access_token_opts options to pass to the AccessToken initialization + # @param [Proc] extract_access_token proc to extract the access token from response + # + # @return [AccessToken, nil] the initialized AccessToken if successful, nil if extraction fails + # and raise_errors option is false + # + # @raise [OAuth2::Error] if response indicates an error and raise_errors option is true + # + # @api private def parse_response_legacy(response, access_token_opts, extract_access_token) access_token = build_access_token_legacy(response, access_token_opts, extract_access_token) @@ -325,6 +384,16 @@ def parse_response_legacy(response, access_token_opts, extract_access_token) nil end + # Parses the OAuth response and builds an access token using the configured access token class + # + # @param [OAuth2::Response] response the OAuth2::Response from the token endpoint + # @param [Hash] access_token_opts options to pass to the AccessToken initialization + # + # @return [AccessToken] the initialized AccessToken instance + # + # @raise [OAuth2::Error] if the response is empty/invalid and the raise_errors option is true + # + # @api private def parse_response(response, access_token_opts) access_token_class = options[:access_token_class] data = response.parsed @@ -339,18 +408,36 @@ def parse_response(response, access_token_opts) build_access_token(response, access_token_opts, access_token_class) end - # Builds the access token from the response of the HTTP call + # Creates an access token instance from response data using the specified token class # - # @return [AccessToken] the initialized AccessToken + # @param [OAuth2::Response] response the OAuth2::Response from the token endpoint + # @param [Hash] access_token_opts additional options to pass to the AccessToken initialization + # @param [Class] access_token_class the class that should be used to create access token instances + # + # @return [AccessToken] an initialized AccessToken instance with response data + # + # @note If the access token class responds to response=, the full response object will be set + # + # @api private def build_access_token(response, access_token_opts, access_token_class) access_token_class.from_hash(self, response.parsed.merge(access_token_opts)).tap do |access_token| access_token.response = response if access_token.respond_to?(:response=) end end - # Builds the access token from the response of the HTTP call with legacy extract_access_token + # Builds an access token using a legacy extraction proc + # + # @deprecated Use {#build_access_token} instead + # + # @param [OAuth2::Response] response the OAuth2::Response from the token endpoint + # @param [Hash] access_token_opts additional options to pass to the access token extraction + # @param [Proc] extract_access_token a proc that takes client and token hash as arguments + # and returns an access token instance + # + # @return [AccessToken, nil] the access token instance if extraction succeeds, + # nil if any error occurs during extraction # - # @return [AccessToken] the initialized AccessToken + # @api private def build_access_token_legacy(response, access_token_opts, extract_access_token) extract_access_token.call(self, response.parsed.merge(access_token_opts)) rescue StandardError From bb49c71ac17ffbfe4c2a35b892f1d76cbe2bdfe6 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 14 May 2025 19:15:16 +0700 Subject: [PATCH 298/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20OAuth2::Acces?= =?UTF-8?q?sToken?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/oauth2/access_token.rb | 35 +++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 04a2049d..a1c5616d 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -15,10 +15,27 @@ class AccessToken # rubocop:disable Metrics/ClassLength class << self # Initializes an AccessToken from a Hash # - # @param [Client] client the OAuth2::Client instance - # @param [Hash] hash a hash of AccessToken property values - # @option hash [String, Symbol] 'access_token', 'id_token', 'token', :access_token, :id_token, or :token the access token - # @return [AccessToken] the initialized AccessToken + # @param [OAuth2::Client] client the OAuth2::Client instance + # @param [Hash] hash a hash containing the token and other properties + # @option hash [String] 'access_token' the access token value + # @option hash [String] 'id_token' alternative key for the access token value + # @option hash [String] 'token' alternative key for the access token value + # @option hash [String] 'refresh_token' (optional) the refresh token value + # @option hash [Integer, String] 'expires_in' (optional) number of seconds until token expires + # @option hash [Integer, String] 'expires_at' (optional) epoch time in seconds when token expires + # @option hash [Integer, String] 'expires_latency' (optional) seconds to reduce token validity by + # + # @return [OAuth2::AccessToken] the initialized AccessToken + # + # @note The method will use the first found token key in the following order: + # 'access_token', 'id_token', 'token' (or their symbolic versions) + # @note If multiple token keys are present, a warning will be issued unless + # OAuth2.config.silence_extra_tokens_warning is true + # @note For "soon-to-expire"/"clock-skew" functionality see the `:expires_latency` option. + # + # @example + # hash = { 'access_token' => 'token_value', 'refresh_token' => 'refresh_value' } + # access_token = OAuth2::AccessToken.from_hash(client, hash) def from_hash(client, hash) fresh = hash.dup supported_keys = TOKEN_KEY_LOOKUP & fresh.keys @@ -50,6 +67,16 @@ def extra_tokens_warning(supported_keys, key) # Initialize an AccessToken # + # @note For "soon-to-expire"/"clock-skew" functionality see the `:expires_latency` option. + # @note If no token is provided, the AccessToken will be considered invalid. + # This is to prevent the possibility of a token being accidentally + # created with no token value. + # If you want to create an AccessToken with no token value, + # you can pass in an empty string or nil for the token value. + # If you want to create an AccessToken with no token value and + # no refresh token, you can pass in an empty string or nil for the + # token value and nil for the refresh token, and `raise_errors: false`. + # # @param [Client] client the OAuth2::Client instance # @param [String] token the Access Token value (optional, may not be used in refresh flows) # @param [Hash] opts the options to create the Access Token with From db91e40e58e1f831af1781163a7541e20d40e4d0 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 04:01:54 +0700 Subject: [PATCH 299/645] =?UTF-8?q?=E2=9C=A8=20token=5Fname?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Allow caller to specify name of parameter that identifies an access token - 100% line code coverage - 100% branch code coverage --- .envrc | 2 +- .github/workflows/coverage.yml | 4 +- .gitlab-ci.yml | 4 +- .rubocop_gradual.lock | 36 ++-- Rakefile | 3 +- lib/oauth2/access_token.rb | 41 +++- lib/oauth2/client.rb | 4 + lib/oauth2/response.rb | 5 +- spec/oauth2/access_token_spec.rb | 33 +++- spec/oauth2/client_spec.rb | 313 +++++++++++++++++++++++++++++-- 10 files changed, 395 insertions(+), 50 deletions(-) diff --git a/.envrc b/.envrc index db2e5864..83123050 100644 --- a/.envrc +++ b/.envrc @@ -19,7 +19,7 @@ export K_SOUP_COV_DO=true # Means you want code coverage # Available formats are html, xml, rcov, lcov, json, tty export K_SOUP_COV_COMMAND_NAME="RSpec Coverage" export K_SOUP_COV_FORMATTERS="html,tty" -export K_SOUP_COV_MIN_BRANCH=99 # Means you want to enforce X% branch coverage +export K_SOUP_COV_MIN_BRANCH=100 # Means you want to enforce X% branch coverage export K_SOUP_COV_MIN_LINE=100 # Means you want to enforce X% line coverage export K_SOUP_COV_MIN_HARD=true # Means you want the build to fail if the coverage thresholds are not met export K_SOUP_COV_MULTI_FORMATTERS=true diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 796aa073..b01c457f 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -1,8 +1,8 @@ name: Test Coverage env: - K_SOUP_COV_MIN_BRANCH: 98 - K_SOUP_COV_MIN_LINE: 98 + K_SOUP_COV_MIN_BRANCH: 100 + K_SOUP_COV_MIN_LINE: 100 K_SOUP_COV_MIN_HARD: true K_SOUP_COV_FORMATTERS: "html,rcov,lcov,json,tty" K_SOUP_COV_DO: true diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index de040959..c6a03113 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,8 +7,8 @@ variables: K_SOUP_COV_DEBUG: true K_SOUP_COV_DO: true K_SOUP_COV_HARD: true - K_SOUP_COV_MIN_BRANCH: 98 - K_SOUP_COV_MIN_LINE: 98 + K_SOUP_COV_MIN_BRANCH: 100 + K_SOUP_COV_MIN_LINE: 100 K_SOUP_COV_VERBOSE: true K_SOUP_COV_FORMATTERS: "html,xml,rcov,lcov,json,tty" K_SOUP_COV_MULTI_FORMATTERS: true diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 379f4317..79e448fb 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -18,7 +18,7 @@ [9, 9, 25, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2012823020], [13, 9, 25, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2012823020] ], - "lib/oauth2/response.rb:877496664": [ + "lib/oauth2/response.rb:355921218": [ [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] ], "oauth2.gemspec:290828046": [ @@ -31,11 +31,11 @@ [130, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 3163430777], [131, 3, 48, "Gemspec/DependencyVersion: Dependency version specification is required.", 425065368] ], - "spec/oauth2/access_token_spec.rb:1576666213": [ + "spec/oauth2/access_token_spec.rb:759866110": [ [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547], - [590, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088], - [660, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639], - [664, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967] + [594, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088], + [664, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639], + [668, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967] ], "spec/oauth2/authenticator_spec.rb:853320290": [ [3, 1, 36, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/authenticator*_spec.rb`.", 819808017], @@ -44,7 +44,7 @@ [69, 15, 38, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1480816240], [79, 13, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2314399065] ], - "spec/oauth2/client_spec.rb:3773709445": [ + "spec/oauth2/client_spec.rb:824695973": [ [6, 1, 29, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/client*_spec.rb`.", 439549885], [174, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224], [193, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205], @@ -52,18 +52,18 @@ [221, 15, 20, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1276531672], [236, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1383956904], [251, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3376202107], - [590, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], - [599, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], - [610, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], - [655, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], - [700, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [704, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [712, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], - [800, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [804, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [884, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325], - [909, 5, 459, "RSpec/NoExpectationExample: No expectation found in this example.", 2216851076], - [919, 7, 450, "RSpec/NoExpectationExample: No expectation found in this example.", 2619808549] + [869, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], + [878, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], + [889, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], + [934, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], + [979, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [983, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [991, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], + [1079, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [1083, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [1163, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325], + [1188, 5, 459, "RSpec/NoExpectationExample: No expectation found in this example.", 2216851076], + [1198, 7, 450, "RSpec/NoExpectationExample: No expectation found in this example.", 2619808549] ], "spec/oauth2/error_spec.rb:1209122273": [ [23, 1, 28, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/error*_spec.rb`.", 3385870076], diff --git a/Rakefile b/Rakefile index cdd18938..ac15c136 100644 --- a/Rakefile +++ b/Rakefile @@ -42,7 +42,8 @@ begin require "rubocop/lts" Rubocop::Lts.install_tasks - defaults << "rubocop_gradual" + # Make autocorrect the default rubocop task + defaults << "rubocop_gradual:autocorrect" rescue LoadError desc("(stub) rubocop_gradual is unavailable") task(:rubocop_gradual) do diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index a1c5616d..93f8c7ef 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -32,16 +32,30 @@ class << self # @note If multiple token keys are present, a warning will be issued unless # OAuth2.config.silence_extra_tokens_warning is true # @note For "soon-to-expire"/"clock-skew" functionality see the `:expires_latency` option. + # @mote If snaky key conversion is being used, token_name needs to match the converted key. # # @example # hash = { 'access_token' => 'token_value', 'refresh_token' => 'refresh_value' } # access_token = OAuth2::AccessToken.from_hash(client, hash) def from_hash(client, hash) fresh = hash.dup - supported_keys = TOKEN_KEY_LOOKUP & fresh.keys - key = supported_keys[0] - extra_tokens_warning(supported_keys, key) - token = fresh.delete(key) + # If token_name is present, then use that key name + if fresh.key?(:token_name) + key = fresh[:token_name] + if key.nil? || !fresh.key?(key) + warn(%[ +OAuth2::AccessToken#from_hash key mismatch. +Custom token_name (#{key}) does match any keys (#{fresh.keys}) +You may need to set `snaky: false`. See inline documentation for more info. + ]) + end + else + # Otherwise, if one of the supported default keys is present, use whichever has precedence + supported_keys = TOKEN_KEY_LOOKUP & fresh.keys + key = supported_keys[0] + extra_tokens_warning(supported_keys, key) + end + token = fresh.delete(key) || "" new(client, token, fresh) end @@ -89,10 +103,11 @@ def extra_tokens_warning(supported_keys, key) # @option opts [String] :header_format ('Bearer %s') the string format to use for the Authorization header # @option opts [String] :param_name ('access_token') the parameter name to use for transmission of the # Access Token value in :body or :query transmission mode + # @option opts [String] :token_name (nil) the name of the response parameter that identifies the access token + # When nil one of TOKEN_KEY_LOOKUP will be used def initialize(client, token, opts = {}) @client = client @token = token.to_s - opts = opts.dup %i[refresh_token expires_in expires_at expires_latency].each do |arg| instance_variable_set("@#{arg}", opts.delete(arg) || opts.delete(arg.to_s)) @@ -118,6 +133,8 @@ def initialize(client, token, opts = {}) header_format: opts.delete(:header_format) || "Bearer %s", param_name: opts.delete(:param_name) || "access_token", } + @options[:token_name] = opts.delete(:token_name) if opts.key?(:token_name) + @params = opts end @@ -166,9 +183,21 @@ def refresh(params = {}, access_token_opts = {}) # Convert AccessToken to a hash which can be used to rebuild itself with AccessToken.from_hash # + # @note Don't return expires_latency because it has already been deducted from expires_at + # # @return [Hash] a hash of AccessToken property values def to_hash - params.merge(access_token: token, refresh_token: refresh_token, expires_at: expires_at) + hsh = { + **params, + access_token: token, + refresh_token: refresh_token, + expires_at: expires_at, + mode: options[:mode], + header_format: options[:header_format], + param_name: options[:param_name], + } + hsh[:token_name] = options[:token_name] if options.key?(:token_name) + hsh end # Make a request with the Access Token diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 3ece0925..88fb97fe 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -3,10 +3,14 @@ require "faraday" require "logger" +# :nocov: since coverage tracking only runs on the builds with Faraday v2 +# We do run builds on Faraday v0 (and v1!), so this code is actually covered! +# This is the only nocov in the whole project! if Faraday::Utils.respond_to?(:default_space_encoding) # This setting doesn't exist in faraday 0.x Faraday::Utils.default_space_encoding = "%20" end +# :nocov: module OAuth2 ConnectionError = Class.new(Faraday::ConnectionFailed) diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index 7003bf20..ac8e11e6 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -90,7 +90,10 @@ def parsed end end - @parsed = SnakyHash::StringKeyed.new(@parsed) if options[:snaky] && @parsed.is_a?(Hash) + if options[:snaky] && @parsed.is_a?(Hash) + parsed = SnakyHash::StringKeyed.new(@parsed) + @parsed = parsed.to_h + end @parsed end diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 8c1ef0a5..d8d69238 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -1,9 +1,10 @@ # frozen_string_literal: true RSpec.describe OAuth2::AccessToken do - subject { described_class.new(client, token) } + subject { described_class.new(client, token, token_options) } let(:base_options) { {site: "https://api.example.com/"} } + let(:token_options) { {} } let(:options) { {} } let(:token) { "monkey" } let(:refresh_body) { JSON.dump(access_token: "refreshed_foo", expires_in: 600, refresh_token: "refresh_bar") } @@ -32,6 +33,9 @@ :refresh_token => "foobar", :expires_at => Time.now.to_i + 200, "foo" => "bar", + :header_format => "Bearer %", + :mode => :header, + :param_name => "access_token", } end @@ -744,10 +748,35 @@ def self.contains_token?(hash) describe "#to_hash" do it "return a hash equal to the hash used to initialize access token" do - hash = {:access_token => token, :refresh_token => "foobar", :expires_at => Time.now.to_i + 200, "foo" => "bar"} + hash = { + :access_token => token, + :refresh_token => "foobar", + :expires_at => Time.now.to_i + 200, + :header_format => "Bearer %", + :mode => :header, + :param_name => "access_token", + "foo" => "bar", + } access_token = described_class.from_hash(client, hash.clone) expect(access_token.to_hash).to eq(hash) end + + context "with token_name" do + it "return a hash equal to the hash used to initialize access token" do + hash = { + :access_token => "", + :refresh_token => "foobar", + :expires_at => Time.now.to_i + 200, + :header_format => "Bearer %", + :mode => :header, + :param_name => "access_token", + :token_name => "banana_face", + "foo" => "bar", + } + access_token = described_class.from_hash(client, hash.clone) + expect(access_token.to_hash).to eq(hash) + end + end end describe "#inspect" do diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 59dedc4f..3918dc3b 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -488,6 +488,33 @@ it_behaves_like "failed connection handler" end end + + context "when snaky: true" do + subject(:response_body) do + response = instance.request(:post, "/reflect", **req_options) + response.body + end + + let(:req_options) { + { + headers: {"Content-Type" => "application/json"}, + body: {foo: "bar"}, + snaky: true, + } + } + + it "body a body" do + expect(response_body).to eq({foo: "bar"}) + end + + it "body is a standard hash" do + expect(response_body).to be_a(Hash) + end + + it "body is not a SnakyHash" do + expect(response_body).not_to be_a(SnakyHash) + end + end end describe "#get_token" do @@ -557,33 +584,285 @@ end end - context "when snaky is falsy, but response is snaky" do - it "returns a configured AccessToken" do + context "when snaky" do + subject(:token) do client = stubbed_client do |stub| stub.post("/oauth/token") do - [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] + [200, {"Content-Type" => "application/json"}, response_body] end end - token = client.get_token(snaky: false) - expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq("the-token") - expect(token.response.parsed.to_h).to eq("access_token" => "the-token") + client.get_token(params, access_token_opts) end - end - context "when snaky is falsy, but response is not snaky" do - it "returns a configured AccessToken" do - client = stubbed_client do |stub| - stub.post("/oauth/token") do - [200, {"Content-Type" => "application/json"}, JSON.dump("accessToken" => "the-token")] + let(:access_token_opts) { {} } + let(:response_body) { JSON.dump("access_token" => "the-token") } + + context "when falsy" do + let(:params) { {snaky: false} } + + context "when response is underscored" do + context "without token_name" do + it "returns a configured AccessToken" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed.to_h).to eq("access_token" => "the-token") + end + + it "parsed is a Hash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).to be_a(Hash) + end + + it "parsed is not a SnakyHash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).not_to be_a(SnakyHash) + end + end + + context "with token_name" do + let(:access_token_opts) { {token_name: "access_token"} } + + it "returns a configured AccessToken" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed.to_h).to eq("access_token" => "the-token") + end + + it "parsed is a Hash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).to be_a(Hash) + end + + it "parsed is not a SnakyHash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).not_to be_a(SnakyHash) + end + + context "with alternate token named" do + let(:access_token_opts) { {token_name: "banana_face"} } + let(:response_body) { JSON.dump("banana_face" => "the-token") } + + it "parsed is a Hash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).to be_a(Hash) + end + + it "parsed is not a SnakyHash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).not_to be_a(SnakyHash) + end + + it "returns a snake-cased key" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed.to_h).to eq("banana_face" => "the-token") + end + end end end - token = client.get_token({snaky: false}, {param_name: "accessToken"}) - expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq("the-token") - expect(token.response.parsed.to_h).to eq("accessToken" => "the-token") + context "when response is camelcased" do + let(:access_token_opts) { {token_name: "accessToken"} } + let(:response_body) { JSON.dump("accessToken" => "the-token") } + + context "without token_name" do + it "parsed is a Hash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).to be_a(Hash) + end + + it "parsed is not a SnakyHash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).not_to be_a(SnakyHash) + end + + it "returns a configured AccessToken" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed.to_h).to eq("accessToken" => "the-token") + end + end + + context "with token_name" do + let(:access_token_opts) { {token_name: "accessToken"} } + + it "returns a configured AccessToken" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed.to_h).to eq("accessToken" => "the-token") + end + + it "parsed is a Hash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).to be_a(Hash) + end + + it "parsed is not a SnakyHash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).not_to be_a(SnakyHash) + end + + context "with alternate token named" do + let(:access_token_opts) { {token_name: "bananaFace"} } + let(:response_body) { JSON.dump("bananaFace" => "the-token") } + + it "parsed is a Hash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).to be_a(Hash) + end + + it "parsed is not a SnakyHash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).not_to be_a(SnakyHash) + end + + it "returns a snake-cased key" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed.to_h).to eq("bananaFace" => "the-token") + end + end + end + end + end + + context "when truthy" do + let(:params) { {snaky: true} } + + context "when response is snake-cased" do + context "with token_name" do + let(:access_token_opts) { {token_name: "access_token"} } + + it "parsed is a Hash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).to be_a(Hash) + end + + it "parsed is not a SnakyHash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).not_to be_a(SnakyHash) + end + + it "returns a snake-cased key" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed.to_h).to eq("access_token" => "the-token") + end + + context "with alternate token named" do + let(:access_token_opts) { {token_name: "banana_face"} } + let(:response_body) { JSON.dump("banana_face" => "the-token") } + + it "parsed is a Hash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).to be_a(Hash) + end + + it "parsed is not a SnakyHash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).not_to be_a(SnakyHash) + end + + it "returns a snake-cased key" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed.to_h).to eq("banana_face" => "the-token") + end + end + end + + context "without token_name" do + it "returns a configured AccessToken" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed.to_h).to eq("access_token" => "the-token") + end + + it "parsed is a Hash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).to be_a(Hash) + end + + it "parsed is not a SnakyHash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).not_to be_a(SnakyHash) + end + end + end + + context "when response is camel-cased" do + let(:response_body) { JSON.dump("accessToken" => "the-token") } + + context "with token_name" do + let(:access_token_opts) { {token_name: "accessToken"} } + + it "raises an Error because snaky has renamed the key" do + block_is_expected.to raise_error(OAuth2::Error) + end + + context "with alternate snaky token named" do + let(:access_token_opts) { {token_name: "banana_butter_cake"} } + let(:response_body) { JSON.dump("banana-butterCake" => "the-token") } + + it "parsed is a Hash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).to be_a(Hash) + end + + it "parsed is not a SnakyHash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).not_to be_a(SnakyHash) + end + + it "returns a snake-cased key" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed.to_h).to eq("banana_butter_cake" => "the-token") + end + end + end + + context "without token_name" do + it "parsed is a Hash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).to be_a(Hash) + end + + it "parsed is not a SnakyHash" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed).not_to be_a(SnakyHash) + end + + it "returns a snake-cased key" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + expect(token.response.parsed.to_h).to eq("access_token" => "the-token") + end + end + end end end From c4eebc64e24a207f3a62360fc5867b6a431e6c13 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 04:24:42 +0700 Subject: [PATCH 300/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- spec/oauth2/access_token_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index d8d69238..819e3986 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -144,7 +144,7 @@ def assert_initialized_token(target) end context "with options" do - subject(:target) { described_class.new(client, token, **options) } + subject(:target) { described_class.new(client, token, options) } context "with body mode" do let(:mode) { :body } From cfcc6301b2da4a972f71d1d8d2403ecf0569b5bc Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 04:35:30 +0700 Subject: [PATCH 301/645] =?UTF-8?q?=F0=9F=90=9B=20Fix=20handle=20non-symbo?= =?UTF-8?q?l=20keys=20for=20old=20Ruby?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 2 +- lib/oauth2/access_token.rb | 9 +++++-- spec/oauth2/access_token_spec.rb | 46 ++++++++++++++++---------------- 3 files changed, 31 insertions(+), 26 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 79e448fb..6c2fc8dd 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -31,7 +31,7 @@ [130, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 3163430777], [131, 3, 48, "Gemspec/DependencyVersion: Dependency version specification is required.", 425065368] ], - "spec/oauth2/access_token_spec.rb:759866110": [ + "spec/oauth2/access_token_spec.rb:388877639": [ [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547], [594, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088], [664, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639], diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 93f8c7ef..5cdd789b 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -188,7 +188,6 @@ def refresh(params = {}, access_token_opts = {}) # @return [Hash] a hash of AccessToken property values def to_hash hsh = { - **params, access_token: token, refresh_token: refresh_token, expires_at: expires_at, @@ -197,7 +196,13 @@ def to_hash param_name: options[:param_name], } hsh[:token_name] = options[:token_name] if options.key?(:token_name) - hsh + # TODO: Switch when dropping Ruby < 2.5 support + # params.transform_keys(&:to_sym) # Ruby 2.5 only + # Old Ruby transform_keys alternative: + sheesh = @params.each_with_object({}) { |(k, v), memo| + memo[k.to_sym] = v + } + sheesh.merge(hsh) end # Make a request with the Access Token diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 819e3986..30119944 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -28,14 +28,14 @@ let(:hash) do { - :access_token => token, - :id_token => "confusing bug here", - :refresh_token => "foobar", - :expires_at => Time.now.to_i + 200, - "foo" => "bar", - :header_format => "Bearer %", - :mode => :header, - :param_name => "access_token", + access_token: token, + id_token: "confusing bug here", + refresh_token: "foobar", + expires_at: Time.now.to_i + 200, + foo: "bar", + header_format: "Bearer %", + mode: :header, + param_name: "access_token", } end @@ -749,13 +749,13 @@ def self.contains_token?(hash) describe "#to_hash" do it "return a hash equal to the hash used to initialize access token" do hash = { - :access_token => token, - :refresh_token => "foobar", - :expires_at => Time.now.to_i + 200, - :header_format => "Bearer %", - :mode => :header, - :param_name => "access_token", - "foo" => "bar", + access_token: token, + refresh_token: "foobar", + expires_at: Time.now.to_i + 200, + header_format: "Bearer %", + mode: :header, + param_name: "access_token", + foo: "bar", } access_token = described_class.from_hash(client, hash.clone) expect(access_token.to_hash).to eq(hash) @@ -764,14 +764,14 @@ def self.contains_token?(hash) context "with token_name" do it "return a hash equal to the hash used to initialize access token" do hash = { - :access_token => "", - :refresh_token => "foobar", - :expires_at => Time.now.to_i + 200, - :header_format => "Bearer %", - :mode => :header, - :param_name => "access_token", - :token_name => "banana_face", - "foo" => "bar", + access_token: "", + refresh_token: "foobar", + expires_at: Time.now.to_i + 200, + header_format: "Bearer %", + mode: :header, + param_name: "access_token", + token_name: "banana_face", + foo: "bar", } access_token = described_class.from_hash(client, hash.clone) expect(access_token.to_hash).to eq(hash) From f66e795c580401c444facc531b28184d41467744 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 05:23:22 +0700 Subject: [PATCH 302/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - https://gitlab.com/oauth-xx/oauth2/-/issues/640 --- CHANGELOG.md | 19 ++++++++++++------- README.md | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cf322133..be7cf6d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,13 +12,16 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [2.0.10] - 2025-05-12 ([tag][2.0.10t]) ### Added -[!635](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/635) - `.gitlab-ci.yml` file (@jessieay) -- 20 year certificate for signing gem releases, expires 2045-04-29 (@pboling) -- Gemspec metadata (@pboling) - - funding_uri - - news_uri - - mailing_list_uri -- SHA256 and SHA512 Checksums for release (@pboling) +- [!635](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/635) - `.gitlab-ci.yml` file (@jessieay) +- [!643](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/643) - Add token_name option (@pboling) + - Specify the parameter name that identifies the access token +- [!642](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/642) - 20 year certificate for signing gem releases, expires 2045-04-29 (@pboling) + - Gemspec metadata (@pboling) + - funding_uri + - news_uri + - mailing_list_uri + - SHA256 and SHA512 Checksums for release (@pboling) +- [#638](https://gitlab.com/oauth-xx/oauth2/-/issues/638) - Documentation of support for ILO Fundamental Principles of Rights at Work ### Changed - Gem releases are now cryptographically signed, with a 20-year cert (@pboling) - Allow linux distros to build release without signing, as their package managers sign independently @@ -29,6 +32,8 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [!639](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/639) - Only instantiate `OAuth2::Error` if `raise_errors` option is `true` (@glytch2) [!640](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/640) - `README.md` documentation fix (@martinezcoder) [!641](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/641) - Do not include sensitive information in the `inspect` (@manuelvanrijn) +[#645](https://gitlab.com/oauth-xx/oauth2/-/issues/645) - Response no longer becomes a snaky hash (@pboling) +[#639](https://gitlab.com/oauth-xx/oauth2/-/issues/639) - AccessToken#to_hash is now serializable, just a regular Hash (@pboling) ## [2.0.9] - 2022-09-16 ([tag][2.0.9t]) ### Added diff --git a/README.md b/README.md index 831cd55f..9684854e 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,32 @@ OAuth 2.0 focuses on client developer simplicity while providing specific author desktop applications, mobile phones, and living room devices. This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications. +Quick example: Convert the following `curl` command into a token request using this gem... + +```shell +curl --request POST \ + --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \ + --header 'content-type: application/x-www-form-urlencoded' \ + --data grant_type=client_credentials \ + --data client_id=REDMOND_CLIENT_ID \ + --data client_secret=REDMOND_CLIENT_SECRET \ + --data resource=REDMOND_RESOURCE_UUID +``` + +NOTE: In the ruby version, certain params go in the get_token call, rather than in the client creation. + +```ruby +OAuth2::Client.new( + "REDMOND_CLIENT_ID", # client_id + "REDMOND_CLIENT_SECRET", # client_secret + token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path + site: "https://login.microsoftonline.com/REDMOND_REDACTED") # The base path for token_url when it is relative +.client_credentials # There are many other types to choose from! +.get_token(resource: "REDMOND_RESOURCE_UUID") +``` + +NOTE: `header` - The content type specified in the `curl` is already the default! + ## 💡 Info you can shake a stick at * [OAuth 2.0 Spec][oauth2-spec] @@ -265,6 +291,19 @@ OAuth2.configure do |config| end ``` +This comes from ambiguity in the spec about which token is the right token. +Some OAuth 2.0 standards legitimately have multiple tokens. +You may need to subclass `OAuth2::AccessToken`, or write your own custom alternative to it, and pass it in. +Specify your custom class with the `access_token_class` option. + +If you only need one token you can, as of v2.0.10, +specify the exact token name you want to extract via the `OAuth2::AccessToken` using +the `token_name` option. + +You'll likely need to do some source diving. +This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas. +If you have time and energy please contribute to the documentation! + ### `authorize_url` and `token_url` are on site root (Just Works!) ```ruby From 1c6cd17a09ab8e575bdb09103055784eb0ef57a0 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 05:49:13 +0700 Subject: [PATCH 303/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20of=20aut?= =?UTF-8?q?h=5Fscheme?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 1 + lib/oauth2/client.rb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9684854e..96c7932e 100644 --- a/README.md +++ b/README.md @@ -61,6 +61,7 @@ NOTE: In the ruby version, certain params go in the get_token call, rather than OAuth2::Client.new( "REDMOND_CLIENT_ID", # client_id "REDMOND_CLIENT_SECRET", # client_secret + auth_scheme: :request_body, # Other modes are supported: :basic_auth, :tls_client_auth, :private_key_jwt token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path site: "https://login.microsoftonline.com/REDMOND_REDACTED") # The base path for token_url when it is relative .client_credentials # There are many other types to choose from! diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 88fb97fe..c0f1f2a6 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -36,7 +36,7 @@ class Client # rubocop:disable Metrics/ClassLength # @option options [String] :authorize_url ('/oauth/authorize') absolute or relative URL path to the Authorization endpoint # @option options [String] :token_url ('/oauth/token') absolute or relative URL path to the Token endpoint # @option options [Symbol] :token_method (:post) HTTP method to use to request token (:get, :post, :post_with_query_string) - # @option options [Symbol] :auth_scheme (:basic_auth) the authentication scheme (:basic_auth or :request_body) + # @option options [Symbol] :auth_scheme (:basic_auth) the authentication scheme (:basic_auth, :request_body, :tls_client_auth, :private_key_jwt) # @option options [Hash] :connection_opts ({}) Hash of connection options to pass to initialize Faraday # @option options [Boolean] :raise_errors (true) whether to raise an OAuth2::Error on responses with 400+ status codes # @option options [Integer] :max_redirects (5) maximum number of redirects to follow From 52b1956bf165c6b62cf79ef9df6ef2550b97a9a7 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 05:50:15 +0700 Subject: [PATCH 304/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation:=20CHANGEL?= =?UTF-8?q?OG.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index be7cf6d5..1ca76b1a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,6 +34,8 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [!641](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/641) - Do not include sensitive information in the `inspect` (@manuelvanrijn) [#645](https://gitlab.com/oauth-xx/oauth2/-/issues/645) - Response no longer becomes a snaky hash (@pboling) [#639](https://gitlab.com/oauth-xx/oauth2/-/issues/639) - AccessToken#to_hash is now serializable, just a regular Hash (@pboling) +[#95](https://gitlab.com/oauth-xx/oauth2/-/issues/95) - restoring an access token via `AccessToken#from_hash` (@pboling) + - This was a 13 year old bug report. 😘 ## [2.0.9] - 2022-09-16 ([tag][2.0.9t]) ### Added From 5eb5fd7a94493b75ad412912eb855b9df5b7ff0e Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 05:54:09 +0700 Subject: [PATCH 305/645] =?UTF-8?q?=F0=9F=9A=A8=20lint=20update?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 3 --- README.md | 11 ++++++----- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 6c2fc8dd..81583536 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -1,7 +1,4 @@ { - "README.md:620392337": [ - [305, 3, 1, "Layout/ClosingParenthesisIndentation: Indent `)` to column 0 (not 2)", 177548] - ], "bin/bundle:3976421676": [ [66, 5, 20, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2485198147], [78, 5, 74, "Style/InvertibleUnlessCondition: Prefer `if Gem.rubygems_version >= Gem::Version.new(\"2.7.0\")` over `unless Gem.rubygems_version < Gem::Version.new(\"2.7.0\")`.", 2453573257] diff --git a/README.md b/README.md index 96c7932e..377b1ec1 100644 --- a/README.md +++ b/README.md @@ -62,10 +62,11 @@ OAuth2::Client.new( "REDMOND_CLIENT_ID", # client_id "REDMOND_CLIENT_SECRET", # client_secret auth_scheme: :request_body, # Other modes are supported: :basic_auth, :tls_client_auth, :private_key_jwt - token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path - site: "https://login.microsoftonline.com/REDMOND_REDACTED") # The base path for token_url when it is relative -.client_credentials # There are many other types to choose from! -.get_token(resource: "REDMOND_RESOURCE_UUID") + token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path + site: "https://login.microsoftonline.com/REDMOND_REDACTED", +). # The base path for token_url when it is relative + client_credentials. # There are many other types to choose from! + get_token(resource: "REDMOND_RESOURCE_UUID") ``` NOTE: `header` - The content type specified in the `curl` is already the default! @@ -342,7 +343,7 @@ client = OAuth2::Client.new( site: "https://example.org/nested/directory/on/your/server", authorize_url: "/jaunty/authorize/", token_url: "/stirrups/access_token", - ) +) # => # "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code" From 3e3e84dd5e2e7acc87517c770f3f0f30fff0b43e Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 06:19:38 +0700 Subject: [PATCH 306/645] =?UTF-8?q?=E2=9C=A8=20OAuth2::OAUTH=5FDEBUG?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 34 +++++++++++++++++----------------- lib/oauth2.rb | 5 ++++- lib/oauth2/client.rb | 2 +- spec/oauth2/client_spec.rb | 10 ++++------ spec/oauth2_spec.rb | 2 +- 5 files changed, 27 insertions(+), 26 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 81583536..1e476f58 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -3,9 +3,9 @@ [66, 5, 20, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2485198147], [78, 5, 74, "Style/InvertibleUnlessCondition: Prefer `if Gem.rubygems_version >= Gem::Version.new(\"2.7.0\")` over `unless Gem.rubygems_version < Gem::Version.new(\"2.7.0\")`.", 2453573257] ], - "lib/oauth2.rb:3930909031": [ - [31, 5, 21, "ThreadSafety/ClassAndModuleAttributes: Avoid mutating class and module attributes.", 622027168], - [34, 11, 7, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 651502127] + "lib/oauth2.rb:649414550": [ + [34, 5, 21, "ThreadSafety/ClassAndModuleAttributes: Avoid mutating class and module attributes.", 622027168], + [37, 11, 7, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 651502127] ], "lib/oauth2/authenticator.rb:3711266135": [ [42, 5, 113, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 734523108] @@ -41,7 +41,7 @@ [69, 15, 38, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1480816240], [79, 13, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2314399065] ], - "spec/oauth2/client_spec.rb:824695973": [ + "spec/oauth2/client_spec.rb:2242285093": [ [6, 1, 29, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/client*_spec.rb`.", 439549885], [174, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224], [193, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205], @@ -49,18 +49,18 @@ [221, 15, 20, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1276531672], [236, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1383956904], [251, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3376202107], - [869, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], - [878, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], - [889, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], - [934, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], - [979, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [983, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [991, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], - [1079, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [1083, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [1163, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325], - [1188, 5, 459, "RSpec/NoExpectationExample: No expectation found in this example.", 2216851076], - [1198, 7, 450, "RSpec/NoExpectationExample: No expectation found in this example.", 2619808549] + [867, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], + [876, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], + [887, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], + [932, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], + [977, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [981, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [989, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], + [1077, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [1081, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [1161, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325], + [1186, 5, 459, "RSpec/NoExpectationExample: No expectation found in this example.", 2216851076], + [1196, 7, 450, "RSpec/NoExpectationExample: No expectation found in this example.", 2619808549] ], "spec/oauth2/error_spec.rb:1209122273": [ [23, 1, 28, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/error*_spec.rb`.", 3385870076], @@ -97,7 +97,7 @@ "spec/oauth2/version_spec.rb:1001406821": [ [3, 1, 30, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/version*_spec.rb`.", 1099517182] ], - "spec/oauth2_spec.rb:1511642301": [ + "spec/oauth2_spec.rb:438638294": [ [3, 1, 21, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2*_spec.rb`.", 3359091140], [5, 68, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785] ] diff --git a/lib/oauth2.rb b/lib/oauth2.rb index 2f950419..738071d9 100644 --- a/lib/oauth2.rb +++ b/lib/oauth2.rb @@ -25,7 +25,10 @@ # The namespace of this library module OAuth2 - DEFAULT_CONFIG = SnakyHash::SymbolKeyed.new(silence_extra_tokens_warning: false) + OAUTH_DEBUG = ENV.fetch("https://github.com/OAUTH_DEBUG", "false").casecmp("true").zero? + DEFAULT_CONFIG = SnakyHash::SymbolKeyed.new( + silence_extra_tokens_warning: !OAUTH_DEBUG, + ) @config = DEFAULT_CONFIG.dup class << self attr_accessor :config diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index c0f1f2a6..b6f5a977 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -449,7 +449,7 @@ def build_access_token_legacy(response, access_token_opts, extract_access_token) end def oauth_debug_logging(builder) - builder.response(:logger, options[:logger], bodies: true) if ENV["OAUTH_DEBUG"] == "true" + builder.response(:logger, options[:logger], bodies: true) if OAUTH_DEBUG end end end diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 3918dc3b..283f2dd1 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -267,13 +267,12 @@ describe "#connection" do context "when debugging" do - include_context "with stubbed env" before do - stub_env("OAUTH_DEBUG" => debug_value) + stub_const("OAuth2::OAUTH_DEBUG", debug_value) end context "when OAUTH_DEBUG=true" do - let(:debug_value) { "true" } + let(:debug_value) { true } it "smoothly handles successive requests" do silence_all do @@ -301,7 +300,7 @@ end context "when OAUTH_DEBUG=false" do - let(:debug_value) { "false" } + let(:debug_value) { false } it "smoothly handles successive requests" do silence_all do @@ -358,10 +357,9 @@ end context "with ENV" do - include_context "with stubbed env" context "when OAUTH_DEBUG=true" do before do - stub_env("OAUTH_DEBUG" => "true") + stub_const("OAuth2::OAUTH_DEBUG", true) end it "outputs to $stdout when OAUTH_DEBUG=true" do diff --git a/spec/oauth2_spec.rb b/spec/oauth2_spec.rb index 51ed31fc..be0a220d 100644 --- a/spec/oauth2_spec.rb +++ b/spec/oauth2_spec.rb @@ -2,7 +2,7 @@ RSpec.describe OAuth2 do it "has a default config for silence_extra_tokens_warning" do - expect(described_class.config.silence_extra_tokens_warning).to eq(false) + expect(described_class.config.silence_extra_tokens_warning).to eq(true) end describe ".configure" do From f839c625a6b9b94bee09d72322b0e763a4ebaed9 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 06:58:34 +0700 Subject: [PATCH 307/645] =?UTF-8?q?=E2=9C=85=20Fix=20tests?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 8 ++++---- spec/oauth2/access_token_spec.rb | 8 ++++++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 1e476f58..f70393ef 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -28,11 +28,11 @@ [130, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 3163430777], [131, 3, 48, "Gemspec/DependencyVersion: Dependency version specification is required.", 425065368] ], - "spec/oauth2/access_token_spec.rb:388877639": [ + "spec/oauth2/access_token_spec.rb:536726727": [ [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547], - [594, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088], - [664, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639], - [668, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967] + [602, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088], + [672, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639], + [676, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967] ], "spec/oauth2/authenticator_spec.rb:853320290": [ [3, 1, 36, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/authenticator*_spec.rb`.", 819808017], diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 30119944..53281a69 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -50,6 +50,10 @@ end end + before do + stub_const("OAuth2::OAUTH_DEBUG", true) + end + it "warns on STDERR" do msg = <<-MSG.lstrip OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key ([:access_token, :id_token]); using :access_token. @@ -89,6 +93,10 @@ end end + before do + stub_const("OAuth2::OAUTH_DEBUG", true) + end + let(:hash) do { id_token: "confusing bug here", From 0f2aa627af80ff1c3189885b6d37a370ca04624a Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 07:16:22 +0700 Subject: [PATCH 308/645] =?UTF-8?q?=E2=9C=85=20Fix=20tests?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 5 ++--- lib/oauth2/client.rb | 2 +- spec/oauth2/access_token_spec.rb | 14 ++++++++++++-- spec/oauth2/client_spec.rb | 4 +--- spec/oauth2_spec.rb | 4 ++-- 5 files changed, 18 insertions(+), 11 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index f70393ef..b121aff3 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -97,8 +97,7 @@ "spec/oauth2/version_spec.rb:1001406821": [ [3, 1, 30, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/version*_spec.rb`.", 1099517182] ], - "spec/oauth2_spec.rb:438638294": [ - [3, 1, 21, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2*_spec.rb`.", 3359091140], - [5, 68, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785] + "spec/oauth2_spec.rb:245212644": [ + [3, 1, 21, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2*_spec.rb`.", 3359091140] ] } diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index b6f5a977..430200d0 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -449,7 +449,7 @@ def build_access_token_legacy(response, access_token_opts, extract_access_token) end def oauth_debug_logging(builder) - builder.response(:logger, options[:logger], bodies: true) if OAUTH_DEBUG + builder.response(:logger, options[:logger], bodies: true) if OAuth2::OAUTH_DEBUG end end end diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 53281a69..f5233898 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -51,7 +51,12 @@ end before do - stub_const("OAuth2::OAUTH_DEBUG", true) + @original_setw = OAuth2.config.silence_extra_tokens_warning + OAuth2.config.silence_extra_tokens_warning = false + end + + after do + OAuth2.config.silence_extra_tokens_warning = @original_setw end it "warns on STDERR" do @@ -94,7 +99,12 @@ end before do - stub_const("OAuth2::OAUTH_DEBUG", true) + @original_setw = OAuth2.config.silence_extra_tokens_warning + OAuth2.config.silence_extra_tokens_warning = false + end + + after do + OAuth2.config.silence_extra_tokens_warning = @original_setw end let(:hash) do diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 283f2dd1..b378f133 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -356,8 +356,7 @@ expect(response.headers).to eq("Content-Type" => "text/awesome") end - context "with ENV" do - context "when OAUTH_DEBUG=true" do + context "when silence_extra_tokens_warning=false" do before do stub_const("OAuth2::OAUTH_DEBUG", true) end @@ -374,7 +373,6 @@ expect(output).to include(*logs) end end - end it "posts a body" do response = subject.request(:post, "/reflect", body: "foo=bar") diff --git a/spec/oauth2_spec.rb b/spec/oauth2_spec.rb index be0a220d..c5fcdaee 100644 --- a/spec/oauth2_spec.rb +++ b/spec/oauth2_spec.rb @@ -1,8 +1,8 @@ # frozen_string_literal: true RSpec.describe OAuth2 do - it "has a default config for silence_extra_tokens_warning" do - expect(described_class.config.silence_extra_tokens_warning).to eq(true) + it "silence_extra_tokens_warning default is opposite of OAUTH_DEBUG" do + expect(described_class.config.silence_extra_tokens_warning).to eq(!OAuth2::OAUTH_DEBUG) end describe ".configure" do From 170ce27251c7b8eada7ccb8947d45910e6cbd8ef Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 07:22:30 +0700 Subject: [PATCH 309/645] =?UTF-8?q?=F0=9F=9A=A8=20lint=20update?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 36 ++++++++++++++++++------------------ spec/oauth2/client_spec.rb | 26 +++++++++++++------------- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index b121aff3..57729a51 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -28,11 +28,11 @@ [130, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 3163430777], [131, 3, 48, "Gemspec/DependencyVersion: Dependency version specification is required.", 425065368] ], - "spec/oauth2/access_token_spec.rb:536726727": [ + "spec/oauth2/access_token_spec.rb:2406469319": [ [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547], - [602, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088], - [672, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639], - [676, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967] + [612, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088], + [682, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639], + [686, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967] ], "spec/oauth2/authenticator_spec.rb:853320290": [ [3, 1, 36, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/authenticator*_spec.rb`.", 819808017], @@ -41,7 +41,7 @@ [69, 15, 38, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1480816240], [79, 13, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2314399065] ], - "spec/oauth2/client_spec.rb:2242285093": [ + "spec/oauth2/client_spec.rb:623759711": [ [6, 1, 29, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/client*_spec.rb`.", 439549885], [174, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224], [193, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205], @@ -49,18 +49,18 @@ [221, 15, 20, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1276531672], [236, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1383956904], [251, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3376202107], - [867, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], - [876, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], - [887, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], - [932, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], - [977, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [981, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [989, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], - [1077, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [1081, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [1161, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325], - [1186, 5, 459, "RSpec/NoExpectationExample: No expectation found in this example.", 2216851076], - [1196, 7, 450, "RSpec/NoExpectationExample: No expectation found in this example.", 2619808549] + [865, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], + [874, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], + [885, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], + [930, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], + [975, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [979, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [987, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], + [1075, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [1079, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [1159, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325], + [1184, 5, 459, "RSpec/NoExpectationExample: No expectation found in this example.", 2216851076], + [1194, 7, 450, "RSpec/NoExpectationExample: No expectation found in this example.", 2619808549] ], "spec/oauth2/error_spec.rb:1209122273": [ [23, 1, 28, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/error*_spec.rb`.", 3385870076], @@ -97,7 +97,7 @@ "spec/oauth2/version_spec.rb:1001406821": [ [3, 1, 30, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/version*_spec.rb`.", 1099517182] ], - "spec/oauth2_spec.rb:245212644": [ + "spec/oauth2_spec.rb:1758355750": [ [3, 1, 21, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2*_spec.rb`.", 3359091140] ] } diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index b378f133..59d6a71b 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -357,22 +357,22 @@ end context "when silence_extra_tokens_warning=false" do - before do - stub_const("OAuth2::OAUTH_DEBUG", true) - end + before do + stub_const("OAuth2::OAUTH_DEBUG", true) + end - it "outputs to $stdout when OAUTH_DEBUG=true" do - output = capture(:stdout) do - subject.request(:get, "/success") - end - logs = [ - "request: GET https://api.example.com/success", - "response: Status 200", - 'response: Content-Type: "text/awesome"', - ] - expect(output).to include(*logs) + it "outputs to $stdout when OAUTH_DEBUG=true" do + output = capture(:stdout) do + subject.request(:get, "/success") end + logs = [ + "request: GET https://api.example.com/success", + "response: Status 200", + 'response: Content-Type: "text/awesome"', + ] + expect(output).to include(*logs) end + end it "posts a body" do response = subject.request(:post, "/reflect", body: "foo=bar") From 53a817aef54be5bcdc6da65e4eed8b4ee6f6349a Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 07:26:00 +0700 Subject: [PATCH 310/645] =?UTF-8?q?=E2=9C=85=20Fix=20tests?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 4 ++-- lib/oauth2.rb | 2 +- spec/oauth2_spec.rb | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 57729a51..dfb5f80e 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -3,7 +3,7 @@ [66, 5, 20, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2485198147], [78, 5, 74, "Style/InvertibleUnlessCondition: Prefer `if Gem.rubygems_version >= Gem::Version.new(\"2.7.0\")` over `unless Gem.rubygems_version < Gem::Version.new(\"2.7.0\")`.", 2453573257] ], - "lib/oauth2.rb:649414550": [ + "lib/oauth2.rb:3563577000": [ [34, 5, 21, "ThreadSafety/ClassAndModuleAttributes: Avoid mutating class and module attributes.", 622027168], [37, 11, 7, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 651502127] ], @@ -97,7 +97,7 @@ "spec/oauth2/version_spec.rb:1001406821": [ [3, 1, 30, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/version*_spec.rb`.", 1099517182] ], - "spec/oauth2_spec.rb:1758355750": [ + "spec/oauth2_spec.rb:2292862590": [ [3, 1, 21, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2*_spec.rb`.", 3359091140] ] } diff --git a/lib/oauth2.rb b/lib/oauth2.rb index 738071d9..ec88b462 100644 --- a/lib/oauth2.rb +++ b/lib/oauth2.rb @@ -27,7 +27,7 @@ module OAuth2 OAUTH_DEBUG = ENV.fetch("https://github.com/OAUTH_DEBUG", "false").casecmp("true").zero? DEFAULT_CONFIG = SnakyHash::SymbolKeyed.new( - silence_extra_tokens_warning: !OAUTH_DEBUG, + silence_extra_tokens_warning: true, ) @config = DEFAULT_CONFIG.dup class << self diff --git a/spec/oauth2_spec.rb b/spec/oauth2_spec.rb index c5fcdaee..09240997 100644 --- a/spec/oauth2_spec.rb +++ b/spec/oauth2_spec.rb @@ -2,7 +2,7 @@ RSpec.describe OAuth2 do it "silence_extra_tokens_warning default is opposite of OAUTH_DEBUG" do - expect(described_class.config.silence_extra_tokens_warning).to eq(!OAuth2::OAUTH_DEBUG) + expect(described_class.config.silence_extra_tokens_warning).to be(true) end describe ".configure" do From 5231b9e484efdb178a078a8b842d42521990e9e8 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 07:52:58 +0700 Subject: [PATCH 311/645] =?UTF-8?q?=E2=9C=A8=20silence=5Fno=5Ftokens=5Fwar?= =?UTF-8?q?ning?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/oauth2.rb | 1 + lib/oauth2/access_token.rb | 39 +++++++++++++++---------- spec/oauth2/access_token_spec.rb | 49 ++++++++++++++++++++++++++++++++ spec/oauth2_spec.rb | 7 +++++ 4 files changed, 81 insertions(+), 15 deletions(-) diff --git a/lib/oauth2.rb b/lib/oauth2.rb index ec88b462..368e83ea 100644 --- a/lib/oauth2.rb +++ b/lib/oauth2.rb @@ -28,6 +28,7 @@ module OAuth2 OAUTH_DEBUG = ENV.fetch("https://github.com/OAUTH_DEBUG", "false").casecmp("true").zero? DEFAULT_CONFIG = SnakyHash::SymbolKeyed.new( silence_extra_tokens_warning: true, + silence_no_tokens_warning: true, ) @config = DEFAULT_CONFIG.dup class << self diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 5cdd789b..b3342281 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -31,6 +31,8 @@ class << self # 'access_token', 'id_token', 'token' (or their symbolic versions) # @note If multiple token keys are present, a warning will be issued unless # OAuth2.config.silence_extra_tokens_warning is true + # @note If no token keys are present, a warning will be issued unless + # OAuth2.config.silence_no_tokens_warning is true # @note For "soon-to-expire"/"clock-skew" functionality see the `:expires_latency` option. # @mote If snaky key conversion is being used, token_name needs to match the converted key. # @@ -40,21 +42,17 @@ class << self def from_hash(client, hash) fresh = hash.dup # If token_name is present, then use that key name - if fresh.key?(:token_name) - key = fresh[:token_name] - if key.nil? || !fresh.key?(key) - warn(%[ -OAuth2::AccessToken#from_hash key mismatch. -Custom token_name (#{key}) does match any keys (#{fresh.keys}) -You may need to set `snaky: false`. See inline documentation for more info. - ]) + key = + if fresh.key?(:token_name) + no_tokens_warning(fresh, key) + fresh[:token_name] + else + # Otherwise, if one of the supported default keys is present, use whichever has precedence + supported_keys = TOKEN_KEY_LOOKUP & fresh.keys + t_key = supported_keys[0] + extra_tokens_warning(supported_keys, t_key) + t_key end - else - # Otherwise, if one of the supported default keys is present, use whichever has precedence - supported_keys = TOKEN_KEY_LOOKUP & fresh.keys - key = supported_keys[0] - extra_tokens_warning(supported_keys, key) - end token = fresh.delete(key) || "" new(client, token, fresh) end @@ -77,6 +75,17 @@ def extra_tokens_warning(supported_keys, key) warn("OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (#{supported_keys}); using #{key.inspect}.") end + + def no_tokens_warning(hash, key) + return if OAuth2.config.silence_no_tokens_warning + return if key && hash.key?(key) + + warn(%[ +OAuth2::AccessToken#from_hash key mismatch. +Custom token_name (#{key}) is not found in (#{hash.keys}) +You may need to set `snaky: false`. See inline documentation for more info. + ]) + end end # Initialize an AccessToken @@ -117,7 +126,7 @@ def initialize(client, token, opts = {}) if @client.options[:raise_errors] error = Error.new(opts) raise(error) - else + elsif !OAuth2.config.silence_no_tokens_warning warn("OAuth2::AccessToken has no token") end end diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index f5233898..714cacb0 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -121,6 +121,37 @@ expect(printed).to eq(msg) end end + + context "with no token keys" do + subject(:printed) do + capture(:stderr) do + target + end + end + + before do + @original_sntw = OAuth2.config.silence_no_tokens_warning + OAuth2.config.silence_no_tokens_warning = false + end + + after do + OAuth2.config.silence_no_tokens_warning = @original_sntw + end + + let(:hash) do + { + blather: "confusing bug here", + rather: token, + } + end + + it "warns on STDERR and selects the correct key" do + msg = <<-MSG.lstrip + OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key ([:access_token, :id_token]); using :access_token. + MSG + block_is_expected.to raise_error(OAuth2::Error) + end + end end describe "#initialize" do @@ -314,6 +345,15 @@ def assert_initialized_token(target) end end + before do + @original_sntw = OAuth2.config.silence_no_tokens_warning + OAuth2.config.silence_no_tokens_warning = false + end + + after do + OAuth2.config.silence_no_tokens_warning = @original_sntw + end + it "warns on STDERR" do msg = <<-MSG.lstrip OAuth2::AccessToken has no token @@ -343,6 +383,15 @@ def assert_initialized_token(target) context "when there is nil token" do let(:token) { nil } + before do + @original_sntw = OAuth2.config.silence_no_tokens_warning + OAuth2.config.silence_no_tokens_warning = false + end + + after do + OAuth2.config.silence_no_tokens_warning = @original_sntw + end + context "when there is no refresh_token" do it "does not raise on initialize" do block_is_expected.not_to raise_error diff --git a/spec/oauth2_spec.rb b/spec/oauth2_spec.rb index 09240997..c8aee983 100644 --- a/spec/oauth2_spec.rb +++ b/spec/oauth2_spec.rb @@ -9,23 +9,30 @@ subject(:configure) do described_class.configure do |config| config.silence_extra_tokens_warning = true + config.silence_no_tokens_warning = true end end before do described_class.configure do |config| config.silence_extra_tokens_warning = false + config.silence_no_tokens_warning = false end end after do described_class.configure do |config| config.silence_extra_tokens_warning = false + config.silence_no_tokens_warning = false end end it "can change setting of silence_extra_tokens_warning" do block_is_expected.to change(described_class.config, :silence_extra_tokens_warning).from(false).to(true) end + + it "can change setting of silence_no_tokens_warning" do + block_is_expected.to change(described_class.config, :silence_no_tokens_warning).from(false).to(true) + end end end From 37aebbd3a21102d19a2ff3205475658942570ee9 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 08:15:21 +0700 Subject: [PATCH 312/645] =?UTF-8?q?=E2=9C=A8=20silence=5Fno=5Ftokens=5Fwar?= =?UTF-8?q?ning?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- spec/oauth2/access_token_spec.rb | 56 +++++++++++++++++++++++++------- spec/oauth2_spec.rb | 4 +-- 2 files changed, 47 insertions(+), 13 deletions(-) diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 714cacb0..8d9c0f5b 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -66,25 +66,49 @@ expect(printed).to eq(msg) end - context "when silenced" do + context "when one token" do subject(:printed) do capture(:stderr) do target end end + let(:hash) do + { + access_token: token, + } + end + before do - OAuth2.configure do |config| - config.silence_extra_tokens_warning = true - end + @original_setw = OAuth2.config.silence_extra_tokens_warning + OAuth2.config.silence_extra_tokens_warning = false end after do - OAuth2.configure do |config| - config.silence_extra_tokens_warning = false + OAuth2.config.silence_extra_tokens_warning = @original_setw + end + + it "does not warn on STDERR" do + expect(printed).to eq("") + end + end + + context "when silenced" do + subject(:printed) do + capture(:stderr) do + target end end + before do + @original_setw = OAuth2.config.silence_extra_tokens_warning + OAuth2.config.silence_extra_tokens_warning = true + end + + after do + OAuth2.config.silence_extra_tokens_warning = @original_setw + end + it "does not warn on STDERR" do expect(printed).to eq("") end @@ -122,7 +146,7 @@ end end - context "with no token keys" do + context "with warning for no token keys" do subject(:printed) do capture(:stderr) do target @@ -138,6 +162,8 @@ OAuth2.config.silence_no_tokens_warning = @original_sntw end + let(:options) { {raise_errors: true} } + let(:hash) do { blather: "confusing bug here", @@ -145,12 +171,20 @@ } end - it "warns on STDERR and selects the correct key" do - msg = <<-MSG.lstrip - OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key ([:access_token, :id_token]); using :access_token. - MSG + it "raises an error" do block_is_expected.to raise_error(OAuth2::Error) end + + context "when not raising errors" do + let(:options) { {raise_errors: false} } + + it "warns on STDERR and selects the correct key" do + msg = <<-MSG.lstrip + OAuth2::AccessToken has no token + MSG + expect(printed).to eq(msg) + end + end end end diff --git a/spec/oauth2_spec.rb b/spec/oauth2_spec.rb index c8aee983..8271c9b3 100644 --- a/spec/oauth2_spec.rb +++ b/spec/oauth2_spec.rb @@ -1,8 +1,8 @@ # frozen_string_literal: true RSpec.describe OAuth2 do - it "silence_extra_tokens_warning default is opposite of OAUTH_DEBUG" do - expect(described_class.config.silence_extra_tokens_warning).to be(true) + it "silence_extra_tokens_warning is a boolean" do + expect(described_class.config.silence_extra_tokens_warning).to be(true).or be(false) end describe ".configure" do From 18e01d7b17f2262f66a68be52455fbc41a6f304a Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 22:58:14 +0700 Subject: [PATCH 313/645] =?UTF-8?q?=E2=9C=85=20100%=20test=20coverage?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/oauth2/access_token.rb | 5 +- spec/oauth2/access_token_spec.rb | 26 ++++++- spec/oauth2/client_spec.rb | 112 +++++++++++-------------------- 3 files changed, 66 insertions(+), 77 deletions(-) diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index b3342281..658971e5 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -44,8 +44,9 @@ def from_hash(client, hash) # If token_name is present, then use that key name key = if fresh.key?(:token_name) - no_tokens_warning(fresh, key) - fresh[:token_name] + t_key = fresh[:token_name] + no_tokens_warning(fresh, t_key) + t_key else # Otherwise, if one of the supported default keys is present, use whichever has precedence supported_keys = TOKEN_KEY_LOOKUP & fresh.keys diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 8d9c0f5b..2fbd9c08 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -178,12 +178,36 @@ context "when not raising errors" do let(:options) { {raise_errors: false} } - it "warns on STDERR and selects the correct key" do + it "warns on STDERR" do msg = <<-MSG.lstrip OAuth2::AccessToken has no token MSG expect(printed).to eq(msg) end + + context "when custom token_name" do + let(:options) { {raise_errors: false} } + + let(:hash) do + { + "lollipop" => token, + expires_at: Time.now.to_i + 200, + foo: "bar", + header_format: "Bearer %", + mode: :header, + param_name: "lollipop", + token_name: "lollipop", + } + end + + it "finds token" do + expect(target.token).to eq("monkey") + end + + it "does not warn when token is found" do + expect(printed).to eq("") + end + end end end end diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 59d6a71b..f683e498 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -505,10 +505,8 @@ it "body is a standard hash" do expect(response_body).to be_a(Hash) - end - - it "body is not a SnakyHash" do - expect(response_body).not_to be_a(SnakyHash) + expect(response_body).not_to be_a(SnakyHash::StringKeyed) + expect(response_body).not_to be_a(SnakyHash::SymbolKeyed) end end end @@ -582,7 +580,7 @@ context "when snaky" do subject(:token) do - client = stubbed_client do |stub| + client = stubbed_client(options) do |stub| stub.post("/oauth/token") do [200, {"Content-Type" => "application/json"}, response_body] end @@ -591,6 +589,7 @@ client.get_token(params, access_token_opts) end + let(:options) { {raise_errors: false} } let(:access_token_opts) { {} } let(:response_body) { JSON.dump("access_token" => "the-token") } @@ -609,12 +608,8 @@ expect(token).to be_a OAuth2::AccessToken expect(token.token).to eq("the-token") expect(token.response.parsed).to be_a(Hash) - end - - it "parsed is not a SnakyHash" do - expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq("the-token") - expect(token.response.parsed).not_to be_a(SnakyHash) + expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed) + expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed) end end @@ -631,12 +626,8 @@ expect(token).to be_a OAuth2::AccessToken expect(token.token).to eq("the-token") expect(token.response.parsed).to be_a(Hash) - end - - it "parsed is not a SnakyHash" do - expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq("the-token") - expect(token.response.parsed).not_to be_a(SnakyHash) + expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed) + expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed) end context "with alternate token named" do @@ -647,12 +638,8 @@ expect(token).to be_a OAuth2::AccessToken expect(token.token).to eq("the-token") expect(token.response.parsed).to be_a(Hash) - end - - it "parsed is not a SnakyHash" do - expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq("the-token") - expect(token.response.parsed).not_to be_a(SnakyHash) + expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed) + expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed) end it "returns a snake-cased key" do @@ -673,12 +660,8 @@ expect(token).to be_a OAuth2::AccessToken expect(token.token).to eq("the-token") expect(token.response.parsed).to be_a(Hash) - end - - it "parsed is not a SnakyHash" do - expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq("the-token") - expect(token.response.parsed).not_to be_a(SnakyHash) + expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed) + expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed) end it "returns a configured AccessToken" do @@ -701,15 +684,11 @@ expect(token).to be_a OAuth2::AccessToken expect(token.token).to eq("the-token") expect(token.response.parsed).to be_a(Hash) + expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed) + expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed) end - it "parsed is not a SnakyHash" do - expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq("the-token") - expect(token.response.parsed).not_to be_a(SnakyHash) - end - - context "with alternate token named" do + context "with alternate token name" do let(:access_token_opts) { {token_name: "bananaFace"} } let(:response_body) { JSON.dump("bananaFace" => "the-token") } @@ -717,12 +696,8 @@ expect(token).to be_a OAuth2::AccessToken expect(token.token).to eq("the-token") expect(token.response.parsed).to be_a(Hash) - end - - it "parsed is not a SnakyHash" do - expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq("the-token") - expect(token.response.parsed).not_to be_a(SnakyHash) + expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed) + expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed) end it "returns a snake-cased key" do @@ -746,12 +721,8 @@ expect(token).to be_a OAuth2::AccessToken expect(token.token).to eq("the-token") expect(token.response.parsed).to be_a(Hash) - end - - it "parsed is not a SnakyHash" do - expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq("the-token") - expect(token.response.parsed).not_to be_a(SnakyHash) + expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed) + expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed) end it "returns a snake-cased key" do @@ -768,12 +739,8 @@ expect(token).to be_a OAuth2::AccessToken expect(token.token).to eq("the-token") expect(token.response.parsed).to be_a(Hash) - end - - it "parsed is not a SnakyHash" do - expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq("the-token") - expect(token.response.parsed).not_to be_a(SnakyHash) + expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed) + expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed) end it "returns a snake-cased key" do @@ -795,12 +762,8 @@ expect(token).to be_a OAuth2::AccessToken expect(token.token).to eq("the-token") expect(token.response.parsed).to be_a(Hash) - end - - it "parsed is not a SnakyHash" do - expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq("the-token") - expect(token.response.parsed).not_to be_a(SnakyHash) + expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed) + expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed) end end end @@ -811,8 +774,17 @@ context "with token_name" do let(:access_token_opts) { {token_name: "accessToken"} } - it "raises an Error because snaky has renamed the key" do - block_is_expected.to raise_error(OAuth2::Error) + it "parsed is a Hash, but no token since snaky changed key" do + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("") + expect(token.response.parsed).to be_a(Hash) + expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed) + expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed) + end + + it "returns a snake-cased key" do + expect(token).to be_a OAuth2::AccessToken + expect(token.response.parsed.to_h).to eq("access_token" => "the-token") end context "with alternate snaky token named" do @@ -823,12 +795,8 @@ expect(token).to be_a OAuth2::AccessToken expect(token.token).to eq("the-token") expect(token.response.parsed).to be_a(Hash) - end - - it "parsed is not a SnakyHash" do - expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq("the-token") - expect(token.response.parsed).not_to be_a(SnakyHash) + expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed) + expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed) end it "returns a snake-cased key" do @@ -844,12 +812,8 @@ expect(token).to be_a OAuth2::AccessToken expect(token.token).to eq("the-token") expect(token.response.parsed).to be_a(Hash) - end - - it "parsed is not a SnakyHash" do - expect(token).to be_a OAuth2::AccessToken - expect(token.token).to eq("the-token") - expect(token.response.parsed).not_to be_a(SnakyHash) + expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed) + expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed) end it "returns a snake-cased key" do From a62de004f0677a279f9f9752efbca21200277b89 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 23:11:46 +0700 Subject: [PATCH 314/645] =?UTF-8?q?=E2=9C=85=20100%=20branch=20coverage?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 46 +++++++++++--------- spec/oauth2/access_token_spec.rb | 75 +++++++++++++++++++++++++++++--- 2 files changed, 93 insertions(+), 28 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index dfb5f80e..408ea1dc 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -3,9 +3,13 @@ [66, 5, 20, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2485198147], [78, 5, 74, "Style/InvertibleUnlessCondition: Prefer `if Gem.rubygems_version >= Gem::Version.new(\"2.7.0\")` over `unless Gem.rubygems_version < Gem::Version.new(\"2.7.0\")`.", 2453573257] ], - "lib/oauth2.rb:3563577000": [ - [34, 5, 21, "ThreadSafety/ClassAndModuleAttributes: Avoid mutating class and module attributes.", 622027168], - [37, 11, 7, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 651502127] + "lib/oauth2.rb:1956148869": [ + [35, 5, 21, "ThreadSafety/ClassAndModuleAttributes: Avoid mutating class and module attributes.", 622027168], + [38, 11, 7, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 651502127] + ], + "lib/oauth2/access_token.rb:2233632404": [ + [49, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513], + [55, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513] ], "lib/oauth2/authenticator.rb:3711266135": [ [42, 5, 113, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 734523108] @@ -28,11 +32,11 @@ [130, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 3163430777], [131, 3, 48, "Gemspec/DependencyVersion: Dependency version specification is required.", 425065368] ], - "spec/oauth2/access_token_spec.rb:2406469319": [ + "spec/oauth2/access_token_spec.rb:3473606468": [ [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547], - [612, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088], - [682, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639], - [686, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967] + [780, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088], + [850, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639], + [854, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967] ], "spec/oauth2/authenticator_spec.rb:853320290": [ [3, 1, 36, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/authenticator*_spec.rb`.", 819808017], @@ -41,7 +45,7 @@ [69, 15, 38, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1480816240], [79, 13, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2314399065] ], - "spec/oauth2/client_spec.rb:623759711": [ + "spec/oauth2/client_spec.rb:2085440011": [ [6, 1, 29, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/client*_spec.rb`.", 439549885], [174, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224], [193, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205], @@ -49,18 +53,18 @@ [221, 15, 20, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1276531672], [236, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1383956904], [251, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3376202107], - [865, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], - [874, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], - [885, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], - [930, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], - [975, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [979, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [987, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], - [1075, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [1079, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [1159, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325], - [1184, 5, 459, "RSpec/NoExpectationExample: No expectation found in this example.", 2216851076], - [1194, 7, 450, "RSpec/NoExpectationExample: No expectation found in this example.", 2619808549] + [829, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], + [838, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], + [849, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], + [894, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], + [939, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [943, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [951, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], + [1039, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [1043, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [1123, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325], + [1148, 5, 459, "RSpec/NoExpectationExample: No expectation found in this example.", 2216851076], + [1158, 7, 450, "RSpec/NoExpectationExample: No expectation found in this example.", 2619808549] ], "spec/oauth2/error_spec.rb:1209122273": [ [23, 1, 28, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/error*_spec.rb`.", 3385870076], @@ -97,7 +101,7 @@ "spec/oauth2/version_spec.rb:1001406821": [ [3, 1, 30, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/version*_spec.rb`.", 1099517182] ], - "spec/oauth2_spec.rb:2292862590": [ + "spec/oauth2_spec.rb:4211477230": [ [3, 1, 21, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2*_spec.rb`.", 3359091140] ] } diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 2fbd9c08..59a44fb0 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -185,18 +185,18 @@ expect(printed).to eq(msg) end - context "when custom token_name" do + context "when custom token_name valid" do let(:options) { {raise_errors: false} } let(:hash) do { "lollipop" => token, - expires_at: Time.now.to_i + 200, - foo: "bar", - header_format: "Bearer %", - mode: :header, - param_name: "lollipop", - token_name: "lollipop", + :expires_at => Time.now.to_i + 200, + :foo => "bar", + :header_format => "Bearer %", + :mode => :header, + :param_name => "lollipop", + :token_name => "lollipop", } end @@ -208,6 +208,67 @@ expect(printed).to eq("") end end + + context "when custom token_name invalid" do + let(:options) { {raise_errors: false} } + + let(:hash) do + { + "babyshark" => token, + :expires_at => Time.now.to_i + 200, + :foo => "bar", + :header_format => "Bearer %", + :mode => :header, + :param_name => "lollipop", + :token_name => "lollipop", + } + end + + context "when silence_no_tokens_warning is false" do + before do + @original_sntw = OAuth2.config.silence_no_tokens_warning + OAuth2.config.silence_no_tokens_warning = false + end + + after do + OAuth2.config.silence_no_tokens_warning = @original_sntw + end + + it "finds no token" do + expect(target.token).to eq("") + end + + it "warns when no token is found" do + expect(printed.each_line.to_a).to eq([ + "\n", + "OAuth2::AccessToken#from_hash key mismatch.\n", + %{Custom token_name (lollipop) is not found in (["babyshark", :expires_at, :foo, :header_format, :mode, :param_name, :token_name])\n}, + "You may need to set `snaky: false`. See inline documentation for more info.\n", + " \n", + "OAuth2::AccessToken has no token\n", + ]) + end + end + + context "when silence_no_tokens_warning is true" do + before do + @original_sntw = OAuth2.config.silence_no_tokens_warning + OAuth2.config.silence_no_tokens_warning = true + end + + after do + OAuth2.config.silence_no_tokens_warning = @original_sntw + end + + it "finds no token" do + expect(target.token).to eq("") + end + + it "does not warn when no token is found" do + expect(printed.each_line.to_a).to eq([]) + end + end + end end end end From 5e5afbe96717d33d8ab84bbf6986b1b50e924134 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 15 May 2025 23:17:58 +0700 Subject: [PATCH 315/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation:=20CHANGEL?= =?UTF-8?q?OG.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ca76b1a..d883f69e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,19 +10,22 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ### Fixed ### Removed -## [2.0.10] - 2025-05-12 ([tag][2.0.10t]) +## [2.0.10] - 2025-05-XX ([tag][2.0.10t]) ### Added - [!635](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/635) - `.gitlab-ci.yml` file (@jessieay) -- [!643](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/643) - Add token_name option (@pboling) - - Specify the parameter name that identifies the access token -- [!642](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/642) - 20 year certificate for signing gem releases, expires 2045-04-29 (@pboling) - - Gemspec metadata (@pboling) - - funding_uri - - news_uri - - mailing_list_uri - - SHA256 and SHA512 Checksums for release (@pboling) - [#638](https://gitlab.com/oauth-xx/oauth2/-/issues/638) - Documentation of support for ILO Fundamental Principles of Rights at Work +- [!642](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/642) - 20 year certificate for signing gem releases, expires 2045-04-29 (@pboling) + - Gemspec metadata (@pboling) + - funding_uri + - news_uri + - mailing_list_uri + - SHA256 and SHA512 Checksums for release (@pboling) +- [!643](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/643) - Add `token_name` option (@pboling) + - Specify the parameter name that identifies the access token +- [!645](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/645) - Add `OAuth2::OAUTH_DEBUG` constant, based on `ENV["OAUTH_DEBUG"] (@pboling) +- [!646](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/646) - Add `OAuth2.config.silence_extra_tokens_warning`, default: false (@pboling) ### Changed +- Default value of `OAuth2.config.silence_extra_tokens_warning` was `false`, now `true` - Gem releases are now cryptographically signed, with a 20-year cert (@pboling) - Allow linux distros to build release without signing, as their package managers sign independently ### Fixed From 3c5fffc871ebff6b805071d7fb3160203bc55aed Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 06:04:01 +0700 Subject: [PATCH 316/645] =?UTF-8?q?=F0=9F=90=9B=20Make=20OAuth2.config=20a?= =?UTF-8?q?ttr=5Freader?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - the hash it contains can still be modified --- lib/oauth2.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/oauth2.rb b/lib/oauth2.rb index 368e83ea..86baef76 100644 --- a/lib/oauth2.rb +++ b/lib/oauth2.rb @@ -32,7 +32,7 @@ module OAuth2 ) @config = DEFAULT_CONFIG.dup class << self - attr_accessor :config + attr_reader :config end def configure yield @config From f5885de98edbebb90da24b1864483c4c8c3ac3ad Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 06:07:05 +0700 Subject: [PATCH 317/645] =?UTF-8?q?=F0=9F=90=9B=20OAuth2::AccessToken=20Er?= =?UTF-8?q?rors?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - All errors raised are now OAuth2::Error - Improved error metadata - Improved inline documentation --- lib/oauth2/access_token.rb | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 658971e5..da63e5e9 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -34,7 +34,7 @@ class << self # @note If no token keys are present, a warning will be issued unless # OAuth2.config.silence_no_tokens_warning is true # @note For "soon-to-expire"/"clock-skew" functionality see the `:expires_latency` option. - # @mote If snaky key conversion is being used, token_name needs to match the converted key. + # @note If snaky key conversion is being used, token_name needs to match the converted key. # # @example # hash = { 'access_token' => 'token_value', 'refresh_token' => 'refresh_value' } @@ -125,8 +125,10 @@ def initialize(client, token, opts = {}) no_tokens = (@token.nil? || @token.empty?) && (@refresh_token.nil? || @refresh_token.empty?) if no_tokens if @client.options[:raise_errors] - error = Error.new(opts) - raise(error) + raise Error.new({ + error: "OAuth2::AccessToken has no token", + error_description: "Options are: #{opts.inspect}", + }) elsif !OAuth2.config.silence_no_tokens_warning warn("OAuth2::AccessToken has no token") end @@ -155,14 +157,14 @@ def [](key) @params[key] end - # Whether or not the token expires + # Whether the token expires # # @return [Boolean] def expires? !!@expires_at end - # Whether or not the token is expired + # Whether the token is expired # # @return [Boolean] def expired? @@ -181,7 +183,7 @@ def refresh(params = {}, access_token_opts = {}) new_token = @client.get_token(params, access_token_opts) new_token.options = options if new_token.refresh_token - # Keep it, if there is one + # Keep it if there is one else new_token.refresh_token = refresh_token end From 16d415c9707df6879e6f1e1b6b3d1f7774360428 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 06:11:19 +0700 Subject: [PATCH 318/645] =?UTF-8?q?=E2=9C=A8=20OAuth2::AccessToken#refresh?= =?UTF-8?q?=20=20supports=20block=20param?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/oauth2/access_token.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index da63e5e9..3c8a3fbf 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -175,12 +175,12 @@ def expired? # # @return [AccessToken] a new AccessToken # @note options should be carried over to the new AccessToken - def refresh(params = {}, access_token_opts = {}) - raise("A refresh_token is not available") unless refresh_token + def refresh(params = {}, access_token_opts = {}, &block) + raise OAuth2::Error.new({error: "A refresh_token is not available"}) unless refresh_token params[:grant_type] = "refresh_token" params[:refresh_token] = refresh_token - new_token = @client.get_token(params, access_token_opts) + new_token = @client.get_token(params, access_token_opts, &block) new_token.options = options if new_token.refresh_token # Keep it if there is one From 0e5c824873e75d8283e4d99c8cb01cbb71e8c169 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 06:13:24 +0700 Subject: [PATCH 319/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20updates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/oauth2/authenticator.rb | 2 +- lib/oauth2/client.rb | 13 +++++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/lib/oauth2/authenticator.rb b/lib/oauth2/authenticator.rb index 512d1cd7..120553d3 100644 --- a/lib/oauth2/authenticator.rb +++ b/lib/oauth2/authenticator.rb @@ -17,7 +17,7 @@ def initialize(id, secret, mode) # Apply the request credentials used to authenticate to the Authorization Server # - # Depending on configuration, this might be as request params or as an + # Depending on the configuration, this might be as request params or as an # Authorization header. # # User-provided params and header take precedence. diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 430200d0..04c9fc60 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -43,6 +43,7 @@ class Client # rubocop:disable Metrics/ClassLength # @option options [Logger] :logger (::Logger.new($stdout)) Logger instance for HTTP request/response output; requires OAUTH_DEBUG to be true # @option options [Class] :access_token_class (AccessToken) class to use for access tokens; you can subclass OAuth2::AccessToken, @version 2.0+ # @option options [Hash] :ssl SSL options for Faraday + # # @yield [builder] The Faraday connection builder def initialize(client_id, client_secret, options = {}, &block) opts = options.dup @@ -106,6 +107,7 @@ def token_url(https://github.com/params%20=%20nil) # Makes a request relative to the specified site root. # Updated HTTP 1.1 specification (IETF RFC 7231) relaxed the original constraint (IETF RFC 2616), # allowing the use of relative URLs in Location headers. + # # @see https://datatracker.ietf.org/doc/html/rfc7231#section-7.1.2 # # @param [Symbol] verb one of :get, :post, :put, :delete @@ -141,7 +143,7 @@ def request(verb, url, opts = {}, &block) raise(error, "Got #{response.status} status code, but no Location header was present") end when 200..299, 300..399 - # on non-redirecting 3xx statuses, just return the response + # on non-redirecting 3xx statuses, return the response response when 400..599 if opts.fetch(:raise_errors, options[:raise_errors]) @@ -164,6 +166,7 @@ def request(verb, url, opts = {}, &block) # * params can include a 'snaky' key to control snake_case conversion (default: false) # @param [Hash] access_token_opts options that will be passed to the AccessToken initialization # @param [Proc] extract_access_token (deprecated) a proc that can extract the access token from the response + # # @yield [opts] The block is passed the options being used to make the request # @yieldparam [Hash] opts options being passed to the http library # @@ -218,7 +221,8 @@ def get_token(params, access_token_opts = {}, extract_access_token = nil, &block end # The HTTP Method of the request - # @return [Symbol] HTTP verb, one of :get, :post, :put, :delete + # + # @return [Symbol] HTTP verb, one of [:get, :post, :put, :delete] def http_method http_meth = options[:token_method].to_sym return :post if http_meth == :post_with_query_string @@ -264,7 +268,7 @@ def assertion # requesting authorization. If it is provided at authorization time it MUST # also be provided with the token exchange request. # - # Providing the :redirect_uri to the OAuth2::Client instantiation will take + # Providing :redirect_uri to the OAuth2::Client instantiation will take # care of managing this. # # @api semipublic @@ -273,6 +277,7 @@ def assertion # @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3 # @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.1 # @see https://datatracker.ietf.org/doc/html/rfc6749#section-10.6 + # # @return [Hash] the params to add to a request or URL def redirection_params if options[:redirect_uri] @@ -309,7 +314,7 @@ def parse_snaky_params_headers(params) parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse] snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky] params = authenticator.apply(params) - # authenticator may add :headers, and we remove them here + # authenticator may add :headers, and we separate them from params here headers = params.delete(:headers) || {} [parse, snaky, params, headers] end From 90aad81ec4b5bf8ef019c1d25f12cd091e3bda34 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 06:14:50 +0700 Subject: [PATCH 320/645] =?UTF-8?q?=E2=9C=A8=20IETF=20RFC=207009=20Token?= =?UTF-8?q?=20Revocation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - `OAuth2::AccessToken.revoke` - `OAuth2::Client.revoke_token` --- .rubocop_gradual.lock | 51 +++++----- CHANGELOG.md | 2 + lib/oauth2/access_token.rb | 60 ++++++++++++ lib/oauth2/client.rb | 162 ++++++++++++++++++++++--------- spec/oauth2/access_token_spec.rb | 138 +++++++++++++++++++++++++- spec/oauth2/client_spec.rb | 75 +++++++++++++- 6 files changed, 406 insertions(+), 82 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 408ea1dc..205c040c 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -3,15 +3,14 @@ [66, 5, 20, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2485198147], [78, 5, 74, "Style/InvertibleUnlessCondition: Prefer `if Gem.rubygems_version >= Gem::Version.new(\"2.7.0\")` over `unless Gem.rubygems_version < Gem::Version.new(\"2.7.0\")`.", 2453573257] ], - "lib/oauth2.rb:1956148869": [ - [35, 5, 21, "ThreadSafety/ClassAndModuleAttributes: Avoid mutating class and module attributes.", 622027168], + "lib/oauth2.rb:4176768025": [ [38, 11, 7, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 651502127] ], - "lib/oauth2/access_token.rb:2233632404": [ + "lib/oauth2/access_token.rb:569882683": [ [49, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513], [55, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513] ], - "lib/oauth2/authenticator.rb:3711266135": [ + "lib/oauth2/authenticator.rb:63639854": [ [42, 5, 113, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 734523108] ], "lib/oauth2/filtered_attributes.rb:1202323815": [ @@ -32,11 +31,11 @@ [130, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 3163430777], [131, 3, 48, "Gemspec/DependencyVersion: Dependency version specification is required.", 425065368] ], - "spec/oauth2/access_token_spec.rb:3473606468": [ + "spec/oauth2/access_token_spec.rb:3105694173": [ [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547], - [780, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088], - [850, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639], - [854, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967] + [781, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088], + [851, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639], + [855, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967] ], "spec/oauth2/authenticator_spec.rb:853320290": [ [3, 1, 36, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/authenticator*_spec.rb`.", 819808017], @@ -45,26 +44,24 @@ [69, 15, 38, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1480816240], [79, 13, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2314399065] ], - "spec/oauth2/client_spec.rb:2085440011": [ + "spec/oauth2/client_spec.rb:1326196445": [ [6, 1, 29, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/client*_spec.rb`.", 439549885], - [174, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224], - [193, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205], - [206, 15, 20, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2320605227], - [221, 15, 20, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1276531672], - [236, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1383956904], - [251, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3376202107], - [829, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], - [838, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], - [849, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], - [894, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], - [939, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [943, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [951, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], - [1039, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [1043, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [1123, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325], - [1148, 5, 459, "RSpec/NoExpectationExample: No expectation found in this example.", 2216851076], - [1158, 7, 450, "RSpec/NoExpectationExample: No expectation found in this example.", 2619808549] + [175, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224], + [194, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205], + [207, 15, 20, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2320605227], + [222, 15, 20, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1276531672], + [237, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1383956904], + [252, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3376202107], + [830, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], + [839, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], + [850, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], + [895, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], + [940, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [944, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [952, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], + [1040, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [1044, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [1124, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325] ], "spec/oauth2/error_spec.rb:1209122273": [ [23, 1, 28, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/error*_spec.rb`.", 3385870076], diff --git a/CHANGELOG.md b/CHANGELOG.md index d883f69e..eed9d95e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,8 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - Specify the parameter name that identifies the access token - [!645](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/645) - Add `OAuth2::OAUTH_DEBUG` constant, based on `ENV["OAUTH_DEBUG"] (@pboling) - [!646](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/646) - Add `OAuth2.config.silence_extra_tokens_warning`, default: false (@pboling) +- Added IETF RFC 7009 Token Revocation compliant `OAuth2::Client#revoke_token` and `OAuth2::AccessToken#revoke` + - See: https://datatracker.ietf.org/doc/html/rfc7009 ### Changed - Default value of `OAuth2.config.silence_extra_tokens_warning` was `false`, now `true` - Gem releases are now cryptographically signed, with a 20-year cert (@pboling) diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 3c8a3fbf..662e1a82 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -193,6 +193,66 @@ def refresh(params = {}, access_token_opts = {}, &block) # @note does not modify the receiver, so bang is not the default method alias_method :refresh!, :refresh + # Revokes the token at the authorization server + # + # @param [Hash] params additional parameters to be sent during revocation + # @option params [String, Symbol, nil] :token_type_hint ('access_token' or 'refresh_token') hint about which token to revoke + # @option params [Symbol] :token_method (:post_with_query_string) overrides OAuth2::Client#options[:token_method] + # + # @yield [req] The block is passed the request being made, allowing customization + # @yieldparam [Faraday::Request] req The request object that can be modified + # + # @return [OAuth2::Response] OAuth2::Response instance + # + # @api public + # + # @raise [OAuth2::Error] if token_type_hint is invalid or the specified token is not available + # + # @note If the token passed to the request + # is an access token, the server MAY revoke the respective refresh + # token as well. + # @note If the token passed to the request + # is a refresh token and the authorization server supports the + # revocation of access tokens, then the authorization server SHOULD + # also invalidate all access tokens based on the same authorization + # grant + # @note If the server responds with HTTP status code 503, your code must + # assume the token still exists and may retry after a reasonable delay. + # The server may include a "Retry-After" header in the response to + # indicate how long the service is expected to be unavailable to the + # requesting client. + # + # @see https://datatracker.ietf.org/doc/html/rfc7009 + # @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.1 + def revoke(params = {}, &block) + token_type_hint_orig = params.delete(:token_type_hint) + token_type_hint = nil + revoke_token = case token_type_hint_orig + when "access_token", :access_token + token_type_hint = "access_token" + token + when "refresh_token", :refresh_token + token_type_hint = "refresh_token" + refresh_token + when nil + if token + token_type_hint = "access_token" + token + elsif refresh_token + token_type_hint = "refresh_token" + refresh_token + end + else + raise OAuth2::Error.new({error: "token_type_hint must be one of [nil, :refresh_token, :access_token], so if you need something else consider using a subclass or entirely custom AccessToken class."}) + end + raise OAuth2::Error.new({error: "#{token_type_hint || "unknown token type"} is not available for revoking"}) unless revoke_token && !revoke_token.empty? + + @client.revoke_token(revoke_token, token_type_hint, params, &block) + end + # A compatibility alias + # @note does not modify the receiver, so bang is not the default method + alias_method :revoke!, :revoke + # Convert AccessToken to a hash which can be used to rebuild itself with AccessToken.from_hash # # @note Don't return expires_latency because it has already been deducted from expires_at diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 04c9fc60..16e877d3 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -18,7 +18,8 @@ module OAuth2 # The OAuth2::Client class class Client # rubocop:disable Metrics/ClassLength - RESERVED_PARAM_KEYS = %w[body headers params parse snaky].freeze + RESERVED_REQ_KEYS = %w[body headers params redirect_count].freeze + RESERVED_PARAM_KEYS = (RESERVED_REQ_KEYS + %w[parse snaky token_method]).freeze include FilteredAttributes @@ -34,6 +35,7 @@ class Client # rubocop:disable Metrics/ClassLength # @param [Hash] options the options to configure the client # @option options [String] :site the OAuth2 provider site host # @option options [String] :authorize_url ('/oauth/authorize') absolute or relative URL path to the Authorization endpoint + # @option options [String] :revoke_url ('/oauth/revoke') absolute or relative URL path to the Revoke endpoint # @option options [String] :token_url ('/oauth/token') absolute or relative URL path to the Token endpoint # @option options [Symbol] :token_method (:post) HTTP method to use to request token (:get, :post, :post_with_query_string) # @option options [Symbol] :auth_scheme (:basic_auth) the authentication scheme (:basic_auth, :request_body, :tls_client_auth, :private_key_jwt) @@ -54,6 +56,7 @@ def initialize(client_id, client_secret, options = {}, &block) warn("OAuth2::Client#initialize argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class`.") if opts[:extract_access_token] @options = { authorize_url: "oauth/authorize", + revoke_url: "oauth/revoke", token_url: "oauth/token", token_method: :post, auth_scheme: :basic_auth, @@ -104,6 +107,13 @@ def token_url(https://github.com/params%20=%20nil) connection.build_url(https://github.com/options[:token_url],%20params).to_s end + # The revoke endpoint URL of the OAuth2 provider + # + # @param [Hash] params additional query parameters + def revoke_url(https://github.com/params%20=%20nil) + connection.build_url(https://github.com/options[:revoke_url],%20params).to_s + end + # Makes a request relative to the specified site root. # Updated HTTP 1.1 specification (IETF RFC 7231) relaxed the original constraint (IETF RFC 2616), # allowing the use of relative URLs in Location headers. @@ -113,40 +123,42 @@ def token_url(https://github.com/params%20=%20nil) # @param [Symbol] verb one of :get, :post, :put, :delete # @param [String] url URL path of request # @param [Hash] opts the options to make the request with - # @option opts [Hash] :params additional query parameters for the URL of the request - # @option opts [Hash, String] :body the body of the request - # @option opts [Hash] :headers http request headers - # @option opts [Boolean] :raise_errors whether to raise an OAuth2::Error on 400+ status + # @option req_opts [Hash] :params additional query parameters for the URL of the request + # @option req_opts [Hash, String] :body the body of the request + # @option req_opts [Hash] :headers http request headers + # @option req_opts [Boolean] :raise_errors whether to raise an OAuth2::Error on 400+ status # code response for this request. Overrides the client instance setting. - # @option opts [Symbol] :parse @see Response::initialize - # @option opts [true, false] :snaky (true) @see Response::initialize + # @option req_opts [Symbol] :parse @see Response::initialize + # @option req_opts [true, false] :snaky (true) @see Response::initialize + # # @yield [req] @see Faraday::Connection#run_request - def request(verb, url, opts = {}, &block) - response = execute_request(verb, url, opts, &block) + def request(verb, url, req_opts = {}, &block) + response = execute_request(verb, url, req_opts, &block) + status = response.status - case response.status + case status when 301, 302, 303, 307 - opts[:redirect_count] ||= 0 - opts[:redirect_count] += 1 - return response if opts[:redirect_count] > options[:max_redirects] + req_opts[:redirect_count] ||= 0 + req_opts[:redirect_count] += 1 + return response if req_opts[:redirect_count] > options[:max_redirects] - if response.status == 303 + if status == 303 verb = :get - opts.delete(:body) + req_opts.delete(:body) end location = response.headers["location"] if location full_location = response.response.env.url.merge(location) - request(verb, full_location, opts) + request(verb, full_location, req_opts) else error = Error.new(response) - raise(error, "Got #{response.status} status code, but no Location header was present") + raise(error, "Got #{status} status code, but no Location header was present") end when 200..299, 300..399 # on non-redirecting 3xx statuses, return the response response when 400..599 - if opts.fetch(:raise_errors, options[:raise_errors]) + if req_opts.fetch(:raise_errors, options[:raise_errors]) error = Error.new(response) raise(error) end @@ -154,7 +166,7 @@ def request(verb, url, opts = {}, &block) response else error = Error.new(response) - raise(error, "Unhandled status code value of #{response.status}") + raise(error, "Unhandled status code value of #{status}") end end @@ -185,30 +197,8 @@ def request(verb, url, opts = {}, &block) def get_token(params, access_token_opts = {}, extract_access_token = nil, &block) warn("OAuth2::Client#get_token argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class` on #initialize.") if extract_access_token extract_access_token ||= options[:extract_access_token] - parse, snaky, params, headers = parse_snaky_params_headers(params) - - request_opts = { - raise_errors: options[:raise_errors], - parse: parse, - snaky: snaky, - } - if options[:token_method] == :post - - # NOTE: If proliferation of request types continues, we should implement a parser solution for Request, - # just like we have with Response. - request_opts[:body] = if headers["Content-Type"] == "application/json" - params.to_json - else - params - end - - request_opts[:headers] = {"Content-Type" => "application/x-www-form-urlencoded"} - else - request_opts[:params] = params - request_opts[:headers] = {} - end - request_opts[:headers].merge!(headers) - response = request(http_method, token_url, request_opts, &block) + req_opts = params_to_req_opts(params) + response = request(http_method, token_url, req_opts, &block) # In v1.4.x, the deprecated extract_access_token option retrieves the token from the response. # We preserve this behavior here, but a custom access_token_class that implements #from_hash @@ -220,6 +210,49 @@ def get_token(params, access_token_opts = {}, extract_access_token = nil, &block end end + # Makes a request to revoke a token at the authorization server + # + # @param [String] token The token to be revoked + # @param [String, nil] token_type_hint A hint about the type of the token being revoked (e.g., 'access_token' or 'refresh_token') + # @param [Hash] params additional parameters for the token revocation + # @option params [Symbol] :parse (:automatic) parsing strategy for the response + # @option params [Boolean] :snaky (true) whether to convert response keys to snake_case + # @option params [Symbol] :token_method (:post_with_query_string) overrides OAuth2::Client#options[:token_method] + # @option params [Hash] :headers Additional request headers + # + # @yield [req] The block is passed the request being made, allowing customization + # @yieldparam [Faraday::Request] req The request object that can be modified + # + # @return [OAuth2::Response] OAuth2::Response instance + # + # @api public + # + # @note If the token passed to the request + # is an access token, the server MAY revoke the respective refresh + # token as well. + # @note If the token passed to the request + # is a refresh token and the authorization server supports the + # revocation of access tokens, then the authorization server SHOULD + # also invalidate all access tokens based on the same authorization + # grant + # @note If the server responds with HTTP status code 503, your code must + # assume the token still exists and may retry after a reasonable delay. + # The server may include a "Retry-After" header in the response to + # indicate how long the service is expected to be unavailable to the + # requesting client. + # + # @see https://datatracker.ietf.org/doc/html/rfc7009 + # @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.1 + def revoke_token(token, token_type_hint = nil, params = {}, &block) + params[:token_method] ||= :post_with_query_string + req_opts = params_to_req_opts(params) + req_opts[:params] ||= {} + req_opts[:params][:token] = token + req_opts[:params][:token_type_hint] = token_type_hint if token_type_hint + + request(http_method, revoke_url, req_opts, &block) + end + # The HTTP Method of the request # # @return [Symbol] HTTP verb, one of [:get, :post, :put, :delete] @@ -289,6 +322,33 @@ def redirection_params private + # A generic token request options parser + def params_to_req_opts(params) + parse, snaky, token_method, params, headers = parse_snaky_params_headers(params) + req_opts = { + raise_errors: options[:raise_errors], + token_method: token_method || options[:token_method], + parse: parse, + snaky: snaky, + } + if req_opts[:token_method] == :post + # NOTE: If proliferation of request types continues, we should implement a parser solution for Request, + # just like we have with Response. + req_opts[:body] = if headers["Content-Type"] == "application/json" + params.to_json + else + params + end + + req_opts[:headers] = {"Content-Type" => "application/x-www-form-urlencoded"} + else + req_opts[:params] = params + req_opts[:headers] = {} + end + req_opts[:headers].merge!(headers) + req_opts + end + # Processes and transforms the input parameters for OAuth requests # # @param [Hash] params the input parameters to process @@ -299,6 +359,7 @@ def redirection_params # @return [Array<(Symbol, Boolean, Hash, Hash)>] Returns an array containing: # - [Symbol, nil] parse strategy # - [Boolean] snaky flag for response key transformation + # - [Symbol, nil] token_method overrides options[:token_method] for a request # - [Hash] processed parameters # - [Hash] HTTP headers # @@ -313,10 +374,11 @@ def parse_snaky_params_headers(params) end.to_h parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse] snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky] + token_method = params.delete(:token_method) if params.key?(:token_method) params = authenticator.apply(params) # authenticator may add :headers, and we separate them from params here headers = params.delete(:headers) || {} - [parse, snaky, params, headers] + [parse, snaky, token_method, params, headers] end # Executes an HTTP request with error handling and response processing @@ -341,10 +403,14 @@ def parse_snaky_params_headers(params) # @api private def execute_request(verb, url, opts = {}) url = connection.build_https://github.com/url(url).to_s + # See: Hash#partition https://bugs.ruby-lang.org/issues/16252 + req_opts, oauth_opts = opts. + partition { |k, _v| RESERVED_REQ_KEYS.include?(k.to_s) }. + map { |p| Hash[p] } begin - response = connection.run_request(verb, url, opts[:body], opts[:headers]) do |req| - req.params.update(opts[:params]) if opts[:params] + response = connection.run_request(verb, url, req_opts[:body], req_opts[:headers]) do |req| + req.params.update(req_opts[:params]) if req_opts[:params] yield(req) if block_given? end rescue Faraday::ConnectionFailed => e @@ -353,8 +419,8 @@ def execute_request(verb, url, opts = {}) raise TimeoutError, e end - parse = opts.key?(:parse) ? opts.delete(:parse) : Response::DEFAULT_OPTIONS[:parse] - snaky = opts.key?(:snaky) ? opts.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky] + parse = oauth_opts.key?(:parse) ? oauth_opts.delete(:parse) : Response::DEFAULT_OPTIONS[:parse] + snaky = oauth_opts.key?(:snaky) ? oauth_opts.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky] Response.new(response, parse: parse, snaky: snaky) end diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 59a44fb0..5603dba8 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -19,6 +19,7 @@ stub.send(verb, "/token/body") { |env| [200, {}, env[:body]] } end stub.post("/oauth/token") { |_env| [200, {"Content-Type" => "application/json"}, refresh_body] } + stub.post("/oauth/revoke") { |env| [200, {"Content-type" => "application/json"}, env[:body]] } end end end @@ -388,7 +389,7 @@ def assert_initialized_token(target) let(:token) { "" } it "raises on initialize" do - block_is_expected.to raise_error(OAuth2::Error, {mode: :this_is_bad, raise_errors: true}.to_s) + block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {mode: :this_is_bad, raise_errors: true}"}.to_s) end end @@ -396,7 +397,7 @@ def assert_initialized_token(target) let(:token) { nil } it "raises on initialize" do - block_is_expected.to raise_error(OAuth2::Error, {mode: :this_is_bad, raise_errors: true}.to_s) + block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {mode: :this_is_bad, raise_errors: true}"}.to_s) end end end @@ -602,7 +603,7 @@ def assert_initialized_token(target) context "when there is no refresh_token" do it "raises on initialize" do - block_is_expected.to raise_error(OAuth2::Error, {raise_errors: true}.to_s) + block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {raise_errors: true}"}.to_s) end end @@ -628,7 +629,7 @@ def assert_initialized_token(target) context "when there is no refresh_token" do it "raises on initialize" do - block_is_expected.to raise_error(OAuth2::Error, {raise_errors: true}.to_s) + block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {raise_errors: true}"}.to_s) end end @@ -874,7 +875,7 @@ def self.contains_token?(hash) end it "raises when no refresh_token" do - block_is_expected.to raise_error("A refresh_token is not available") + block_is_expected.to raise_error(OAuth2::Error, {error: "A refresh_token is not available"}.to_s) end end @@ -932,6 +933,133 @@ def self.contains_token?(hash) end end + describe "#revoke" do + let(:token) { "monkey123" } + let(:refresh_token) { "refreshmonkey123" } + let(:access_token) { described_class.new(client, token, refresh_token: refresh_token) } + + context "with no token_type_hint specified" do + it "revokes the access token by default" do + expect(access_token.revoke.status).to eq(200) + end + end + + context "with access_token token_type_hint" do + it "revokes the access token" do + expect { + access_token.revoke(token_type_hint: "access_token") + }.not_to raise_error + end + end + + context "with refresh_token token_type_hint" do + it "revokes the refresh token" do + expect { + access_token.revoke(token_type_hint: "refresh_token") + }.not_to raise_error + end + end + + context "with invalid token_type_hint" do + it "raises an OAuth2::Error" do + expect { + access_token.revoke(token_type_hint: "invalid_type") + }.to raise_error(OAuth2::Error, /token_type_hint must be one of/) + end + end + + context "when refresh_token is specified but not available" do + let(:access_token) { described_class.new(client, "abc", refresh_token: nil) } + + it "raises an OAuth2::Error" do + expect { + access_token.revoke(token_type_hint: "refresh_token") + }.to raise_error(OAuth2::Error, /refresh_token is not available for revoking/) + end + end + + context "when refresh_token is, but access_token is not, available" do + let(:access_token) { described_class.new(client, "abc", refresh_token: refresh_token) } + + before do + allow(client).to receive(:revoke_token). + with(refresh_token, "refresh_token", {}). + and_return(OAuth2::Response.new(double(status: 200))) + # The code path being tested shouldn't be reachable... so this is hacky. + # Testing it for anal level compliance. Revoking a refresh token without an access token is valid. + # In other words, the implementation of AccessToken doesn't allow instantiation without an access token. + # But in a revocation scenario it should theoretically work. + # It is intended that AccessToken be subclassed, so this is worth testing, as subclasses may change behavior. + allow(access_token).to receive(:token).and_return(nil) + end + + it "revokes refresh_token" do + expect { + access_token.revoke + }.not_to raise_error + end + end + + context "when no tokens are available" do + let(:access_token) { described_class.new(client, "abc", refresh_token: nil) } + + before do + # The code path being tested shouldn't be reachable... so this is hacky. + # Testing it for anal level compliance. Revoking a refresh token without an access token is valid. + # In other words, the implementation of AccessToken doesn't allow instantiation without an access token. + # But in a revocation scenario it should theoretically work. + # It is intended that AccessToken be subclassed, so this is worth testing, as subclasses may change behavior. + allow(access_token).to receive(:token).and_return(nil) + end + + it "raises an OAuth2::Error" do + expect { + access_token.revoke + }.to raise_error(OAuth2::Error, /unknown token type is not available for revoking/) + end + end + + context "with additional params" do + before do + allow(client).to receive(:revoke_token). + with(token, "access_token", {extra: "param"}). + and_return(OAuth2::Response.new(double(status: 200))) + end + + it "passes them to the client" do + expect { + access_token.revoke({extra: "param"}) + }.not_to raise_error + end + end + + context "with a block" do + it "passes the block to the client" do + expect { + access_token.revoke do |_req| + puts "Hello from the other side" + end + }.not_to raise_error + end + + it "has status 200" do + expect( + access_token.revoke do |_req| + puts "Hello again" + end.status, + ).to eq(200) + end + + it "executes the block" do + @apple = 0 + access_token.revoke do |_req| + @apple += 1 + end + expect(@apple).to eq(1) + end + end + end + describe "#to_hash" do it "return a hash equal to the hash used to initialize access token" do hash = { diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index f683e498..49163e0e 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -21,6 +21,7 @@ stub.get("/different_encoding") { |_env| [500, {"Content-Type" => "application/json"}, NKF.nkf("-We", JSON.dump(error: error_value, error_description: "∞"))] } stub.get("/ascii_8bit_encoding") { |_env| [500, {"Content-Type" => "application/json"}, JSON.dump(error: "invalid_request", error_description: "é").force_encoding("ASCII-8BIT")] } stub.get("/unhandled_status") { |_env| [600, {}, nil] } + stub.post("/oauth/revoke") { |env| [200, {"Content-type" => "application/json"}, env[:body]] } end end end @@ -1151,7 +1152,9 @@ def self.contains_token?(hash) [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] end end - client.get_token({"arbitrary" => "parameter"}) # rubocop:disable Style/BracesAroundHashParameters + expect { + client.get_token({"arbitrary" => "parameter"}) # rubocop:disable Style/BracesAroundHashParameters + }.not_to raise_error end context "when token_method is set to post_with_query_string" do @@ -1161,7 +1164,9 @@ def self.contains_token?(hash) [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] end end - client.get_token({"state" => "abc123"}) # rubocop:disable Style/BracesAroundHashParameters + expect { + client.get_token({"state" => "abc123"}) # rubocop:disable Style/BracesAroundHashParameters + }.not_to raise_error end end @@ -1173,6 +1178,72 @@ def stubbed_client(params = {}, &stubs) end end + describe "#revoke_token" do + let(:token) { "banana-foster" } + + context "with token string" do + it "makes request with token param" do + expect { + instance.revoke_token(token) + }.not_to raise_error + end + + it "has status 200" do + expect(instance.revoke_token(token).status).to eq(200) + end + end + + context "with token_type_hint" do + it "makes request with token_type_hint param" do + expect { + instance.revoke_token(token, "access_token") + }.not_to raise_error + end + + it "has status 200" do + expect(instance.revoke_token(token, "access_token").status).to eq(200) + end + end + + context "with additional params" do + it "merges additional params" do + expect { + instance.revoke_token(token, nil, extra: "param") + }.not_to raise_error + end + + it "has status 200" do + expect(instance.revoke_token(token, nil, extra: "param").status).to eq(200) + end + end + + context "with block" do + it "passes block to request" do + expect { + instance.revoke_token(token) do |_req| + puts "Hello from the other side" + end + }.not_to raise_error + end + + it "has status 200" do + expect( + instance.revoke_token(token) do |_req| + puts "Hello there" + end.status, + ).to eq(200) + end + + it "executes block" do + @apple = 0 + instance.revoke_token(token) do |_req| + @apple += 1 + end + expect(@apple).to eq(1) + end + end + end + it "instantiates an HTTP Method with this client" do expect(subject.http_method).to be_a(Symbol) end From ee5e044a90e93812c844e55d1e67ec6ab9a8ffe8 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 06:25:17 +0700 Subject: [PATCH 321/645] =?UTF-8?q?=F0=9F=92=9A=20Fix=20specs=20for=20old?= =?UTF-8?q?=20Ruby?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- spec/oauth2/access_token_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 5603dba8..b9186888 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -389,7 +389,7 @@ def assert_initialized_token(target) let(:token) { "" } it "raises on initialize" do - block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {mode: :this_is_bad, raise_errors: true}"}.to_s) + block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: #{{mode: :this_is_bad, raise_errors: true}}"}.to_s) end end @@ -397,7 +397,7 @@ def assert_initialized_token(target) let(:token) { nil } it "raises on initialize" do - block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {mode: :this_is_bad, raise_errors: true}"}.to_s) + block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: #{{mode: :this_is_bad, raise_errors: true}}"}.to_s) end end end @@ -603,7 +603,7 @@ def assert_initialized_token(target) context "when there is no refresh_token" do it "raises on initialize" do - block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {raise_errors: true}"}.to_s) + block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: #{{raise_errors: true}}"}.to_s) end end @@ -629,7 +629,7 @@ def assert_initialized_token(target) context "when there is no refresh_token" do it "raises on initialize" do - block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {raise_errors: true}"}.to_s) + block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: #{{raise_errors: true}}"}.to_s) end end From 19d4506fda4e4425b478a9ea8032ae59e862812d Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 06:33:17 +0700 Subject: [PATCH 322/645] =?UTF-8?q?=F0=9F=9A=A8=20lint=20lock=20update?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 205c040c..d1b2d34a 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -31,8 +31,12 @@ [130, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 3163430777], [131, 3, 48, "Gemspec/DependencyVersion: Dependency version specification is required.", 425065368] ], - "spec/oauth2/access_token_spec.rb:3105694173": [ + "spec/oauth2/access_token_spec.rb:443932125": [ [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547], + [392, 142, 40, "Lint/LiteralInInterpolation: Literal interpolation detected.", 4210228387], + [400, 142, 40, "Lint/LiteralInInterpolation: Literal interpolation detected.", 4210228387], + [606, 142, 20, "Lint/LiteralInInterpolation: Literal interpolation detected.", 304063511], + [632, 142, 20, "Lint/LiteralInInterpolation: Literal interpolation detected.", 304063511], [781, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088], [851, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639], [855, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967] From f204c7be92d27533f810fd0c806290e4ff3492ad Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 06:37:45 +0700 Subject: [PATCH 323/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20updates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/oauth2/client.rb | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 16e877d3..25cfada7 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -291,6 +291,15 @@ def client_credentials @client_credentials ||= OAuth2::Strategy::ClientCredentials.new(self) end + # The Assertion strategy + # + # This allows for assertion-based authentication where an identity provider + # asserts the identity of the user or client application seeking access. + # + # @see http://datatracker.ietf.org/doc/html/rfc7521 + # @see http://datatracker.ietf.org/doc/html/draft-ietf-oauth-assertions-01#section-4.1 + # + # @return [OAuth2::Strategy::Assertion] the initialized Assertion strategy def assertion @assertion ||= OAuth2::Strategy::Assertion.new(self) end @@ -523,4 +532,4 @@ def oauth_debug_logging(builder) builder.response(:logger, options[:logger], bodies: true) if OAuth2::OAUTH_DEBUG end end -end +end \ No newline at end of file From 20a5f2b59d7fc7cfbef6752bc69974c98d9bc702 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 06:54:55 +0700 Subject: [PATCH 324/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20updates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 2 +- lib/oauth2/access_token.rb | 26 +++++++++++++++++++++----- lib/oauth2/client.rb | 25 ++++++++++++++++++------- 3 files changed, 40 insertions(+), 13 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index d1b2d34a..db206cd4 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -6,7 +6,7 @@ "lib/oauth2.rb:4176768025": [ [38, 11, 7, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 651502127] ], - "lib/oauth2/access_token.rb:569882683": [ + "lib/oauth2/access_token.rb:3471244990": [ [49, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513], [55, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513] ], diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 662e1a82..da7e6987 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -164,17 +164,24 @@ def expires? !!@expires_at end - # Whether the token is expired + # Check if token is expired # - # @return [Boolean] + # @return [Boolean] true if the token is expired, false otherwise def expired? expires? && (expires_at <= Time.now.to_i) end # Refreshes the current Access Token # - # @return [AccessToken] a new AccessToken - # @note options should be carried over to the new AccessToken + # @param [Hash] params additional params to pass to the refresh token request + # @param [Hash] access_token_opts options that will be passed to the AccessToken initialization + # + # @yield [opts] The block to modify the refresh token request options + # @yieldparam [Hash] opts The options hash that can be modified + # + # @return [OAuth2::AccessToken] a new AccessToken instance + # + # @note current token's options are carried over to the new AccessToken def refresh(params = {}, access_token_opts = {}, &block) raise OAuth2::Error.new({error: "A refresh_token is not available"}) unless refresh_token @@ -282,7 +289,16 @@ def to_hash # @param [Symbol] verb the HTTP request method # @param [String] path the HTTP URL path of the request # @param [Hash] opts the options to make the request with - # @see Client#request + # @option opts [Hash] :params additional URL parameters + # @option opts [Hash, String] :body the request body + # @option opts [Hash] :headers request headers + # + # @yield [req] The block to modify the request + # @yieldparam [Faraday::Request] req The request object that can be modified + # + # @return [OAuth2::Response] the response from the request + # + # @see OAuth2::Client#request def request(verb, path, opts = {}, &block) configure_authentication!(opts) @client.request(verb, path, opts, &block) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 25cfada7..c2ea5814 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -72,13 +72,16 @@ def initialize(client_id, client_secret, options = {}, &block) # Set the site host # - # @param value [String] the OAuth2 provider site host + # @param [String] value the OAuth2 provider site host + # @return [String] the site host value def site=(value) @connection = nil @site = value end # The Faraday connection object + # + # @return [Faraday::Connection] the initialized Faraday connection def connection @connection ||= Faraday.new(site, options[:connection_opts]) do |builder| @@ -95,6 +98,7 @@ def connection # The authorize endpoint URL of the OAuth2 provider # # @param [Hash] params additional query parameters + # @return [String] the constructed authorize URL def authorize_url(https://github.com/params%20=%20%7B%7D) params = (params || {}).merge(redirection_params) connection.build_url(https://github.com/options[:authorize_url],%20params).to_s @@ -102,25 +106,28 @@ def authorize_url(https://github.com/params%20=%20%7B%7D) # The token endpoint URL of the OAuth2 provider # - # @param [Hash] params additional query parameters + # @param [Hash, nil] params additional query parameters + # @return [String] the constructed token URL def token_url(https://github.com/params%20=%20nil) connection.build_url(https://github.com/options[:token_url],%20params).to_s end # The revoke endpoint URL of the OAuth2 provider # - # @param [Hash] params additional query parameters + # @param [Hash, nil] params additional query parameters + # @return [String] the constructed revoke URL def revoke_url(https://github.com/params%20=%20nil) connection.build_url(https://github.com/options[:revoke_url],%20params).to_s end # Makes a request relative to the specified site root. + # # Updated HTTP 1.1 specification (IETF RFC 7231) relaxed the original constraint (IETF RFC 2616), # allowing the use of relative URLs in Location headers. # # @see https://datatracker.ietf.org/doc/html/rfc7231#section-7.1.2 # - # @param [Symbol] verb one of :get, :post, :put, :delete + # @param [Symbol] verb one of [:get, :post, :put, :delete] # @param [String] url URL path of request # @param [Hash] opts the options to make the request with # @option req_opts [Hash] :params additional query parameters for the URL of the request @@ -129,9 +136,13 @@ def revoke_url(https://github.com/params%20=%20nil) # @option req_opts [Boolean] :raise_errors whether to raise an OAuth2::Error on 400+ status # code response for this request. Overrides the client instance setting. # @option req_opts [Symbol] :parse @see Response::initialize - # @option req_opts [true, false] :snaky (true) @see Response::initialize + # @option req_opts [Boolean] :snaky (true) @see Response::initialize # - # @yield [req] @see Faraday::Connection#run_request + # @yield [req] The block is passed the request being made, allowing customization + # @yieldparam [Faraday::Request] req The request object that can be modified + # @see Faraday::Connection#run_request + # + # @return [OAuth2::Response] the response from the request def request(verb, url, req_opts = {}, &block) response = execute_request(verb, url, req_opts, &block) status = response.status @@ -532,4 +543,4 @@ def oauth_debug_logging(builder) builder.response(:logger, options[:logger], bodies: true) if OAuth2::OAUTH_DEBUG end end -end \ No newline at end of file +end From a7ed4b84629850d8b7a8effe1706ecc00ccc3935 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 16 May 2025 07:05:24 +0700 Subject: [PATCH 325/645] Bump MeilCli/danger-action from 5 to 6 (#634) Bumps [MeilCli/danger-action](https://github.com/meilcli/danger-action) from 5 to 6. - [Release notes](https://github.com/meilcli/danger-action/releases) - [Commits](https://github.com/meilcli/danger-action/compare/v5...v6) --- updated-dependencies: - dependency-name: MeilCli/danger-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/danger.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml index 8d5d1398..c018d38e 100644 --- a/.github/workflows/danger.yml +++ b/.github/workflows/danger.yml @@ -34,7 +34,7 @@ jobs: rubygems: ${{ matrix.rubygems }} bundler: ${{ matrix.bundler }} bundler-cache: true - - uses: MeilCli/danger-action@v5 + - uses: MeilCli/danger-action@v6 with: plugins_file: 'Gemfile' install_path: 'vendor/bundle' From e0757fded37603af6116a62c7b1c704f27a5f73c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 16 May 2025 07:05:35 +0700 Subject: [PATCH 326/645] Bump github/codeql-action from 1 to 3 (#638) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 91912667..502c2a0e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,7 +42,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -53,7 +53,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v3 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -67,4 +67,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v3 From b0076bce9def04125493b54b44dfa36cf9c0d593 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 07:33:51 +0700 Subject: [PATCH 327/645] =?UTF-8?q?=F0=9F=90=9B=20Improve=20default=20JSON?= =?UTF-8?q?=20response=20parser?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - https://gitlab.com/oauth-xx/oauth2/-/issues/641 --- CHANGELOG.md | 31 +++++++++++++++++++------------ lib/oauth2/response.rb | 2 ++ 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eed9d95e..9dfd6dc5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,23 +24,30 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - Specify the parameter name that identifies the access token - [!645](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/645) - Add `OAuth2::OAUTH_DEBUG` constant, based on `ENV["OAUTH_DEBUG"] (@pboling) - [!646](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/646) - Add `OAuth2.config.silence_extra_tokens_warning`, default: false (@pboling) -- Added IETF RFC 7009 Token Revocation compliant `OAuth2::Client#revoke_token` and `OAuth2::AccessToken#revoke` +- [!647](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/647) - Add IETF RFC 7009 Token Revocation compliant (@pboling) + - `OAuth2::Client#revoke_token` + - `OAuth2::AccessToken#revoke` - See: https://datatracker.ietf.org/doc/html/rfc7009 ### Changed - Default value of `OAuth2.config.silence_extra_tokens_warning` was `false`, now `true` - Gem releases are now cryptographically signed, with a 20-year cert (@pboling) - - Allow linux distros to build release without signing, as their package managers sign independently + - Allow linux distros to build release without signing, as their package managers sign independently +- [!647](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/647) - `OAuth2::AccessToken#refresh` now supports block param pass through (@pboling) +- [!647](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/647) - `OAuth2.config` is no longer writable (@pboling) +- [!647](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/647) - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling) ### Fixed -[!633](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/633) - Spaces will now be encoded as `%20` instead of `+` (@nov.matake) -[!634](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/634) - `CHANGELOG.md` documentation fix (@skuwa229) -[!638](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/638) - fix `expired?` when `expires_in` is `0` (@disep) -[!639](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/639) - Only instantiate `OAuth2::Error` if `raise_errors` option is `true` (@glytch2) -[!640](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/640) - `README.md` documentation fix (@martinezcoder) -[!641](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/641) - Do not include sensitive information in the `inspect` (@manuelvanrijn) -[#645](https://gitlab.com/oauth-xx/oauth2/-/issues/645) - Response no longer becomes a snaky hash (@pboling) -[#639](https://gitlab.com/oauth-xx/oauth2/-/issues/639) - AccessToken#to_hash is now serializable, just a regular Hash (@pboling) -[#95](https://gitlab.com/oauth-xx/oauth2/-/issues/95) - restoring an access token via `AccessToken#from_hash` (@pboling) - - This was a 13 year old bug report. 😘 +- [#95](https://gitlab.com/oauth-xx/oauth2/-/issues/95) - restoring an access token via `AccessToken#from_hash` (@pboling) + - This was a 13 year old bug report. 😘 +- [#619](https://gitlab.com/oauth-xx/oauth2/-/issues/619) - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling) +- [!633](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/633) - Spaces will now be encoded as `%20` instead of `+` (@nov.matake) +- [!634](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/634) - `CHANGELOG.md` documentation fix (@skuwa229) +- [!638](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/638) - fix `expired?` when `expires_in` is `0` (@disep) +- [!639](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/639) - Only instantiate `OAuth2::Error` if `raise_errors` option is `true` (@glytch2) +- [#639](https://gitlab.com/oauth-xx/oauth2/-/issues/639) - `AccessToken#to_hash` is now serializable, just a regular Hash (@pboling) +- [!640](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/640) - `README.md` documentation fix (@martinezcoder) +- [!641](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/641) - Do not include sensitive information in the `inspect` (@manuelvanrijn) +- [#641](https://gitlab.com/oauth-xx/oauth2/-/issues/641) - Made default JSON response parser more resilient (@pboling) +- [#645](https://gitlab.com/oauth-xx/oauth2/-/issues/645) - Response no longer becomes a snaky hash (@pboling) ## [2.0.9] - 2022-09-16 ([tag][2.0.9t]) ### Added diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index ac8e11e6..2a19a37d 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -143,9 +143,11 @@ def parser end OAuth2::Response.register_parser(:json, ["application/json", "text/javascript", "application/hal+json", "application/vnd.collection+json", "application/vnd.api+json", "application/problem+json"]) do |body| + next body if body.nil? next body unless body.respond_to?(:to_str) body = body.dup.force_encoding(Encoding::ASCII_8BIT) if body.respond_to?(:force_encoding) + next body if body.empty? JSON.parse(body) end From 17c3157199a8f1c0ccb5746a252ab30f0bcc7307 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 07:47:23 +0700 Subject: [PATCH 328/645] =?UTF-8?q?=E2=9C=A8=20Fixes=20handling=20of=20emp?= =?UTF-8?q?ty=20JSON=20responses=20that=20should=20not=20be=20parsed?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - https://gitlab.com/oauth-xx/oauth2/-/issues/641 --- .rubocop_gradual.lock | 17 +++++++-------- lib/oauth2/response.rb | 3 +-- spec/oauth2/client_spec.rb | 44 +++++++++++++++++++++++++++++++++++--- 3 files changed, 50 insertions(+), 14 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index db206cd4..9881f047 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -18,7 +18,7 @@ [9, 9, 25, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2012823020], [13, 9, 25, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2012823020] ], - "lib/oauth2/response.rb:355921218": [ + "lib/oauth2/response.rb:4048171841": [ [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] ], "oauth2.gemspec:290828046": [ @@ -48,7 +48,7 @@ [69, 15, 38, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1480816240], [79, 13, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2314399065] ], - "spec/oauth2/client_spec.rb:1326196445": [ + "spec/oauth2/client_spec.rb:348683155": [ [6, 1, 29, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/client*_spec.rb`.", 439549885], [175, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224], [194, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205], @@ -59,13 +59,12 @@ [830, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], [839, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], [850, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], - [895, 63, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785], - [940, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [944, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [952, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], - [1040, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [1044, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [1124, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325] + [978, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [982, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [990, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], + [1078, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [1082, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [1162, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325] ], "spec/oauth2/error_spec.rb:1209122273": [ [23, 1, 28, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/error*_spec.rb`.", 3385870076], diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index 2a19a37d..fb3cf7ce 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -143,11 +143,10 @@ def parser end OAuth2::Response.register_parser(:json, ["application/json", "text/javascript", "application/hal+json", "application/vnd.collection+json", "application/vnd.api+json", "application/problem+json"]) do |body| - next body if body.nil? next body unless body.respond_to?(:to_str) body = body.dup.force_encoding(Encoding::ASCII_8BIT) if body.respond_to?(:force_encoding) - next body if body.empty? + next body if body.respond_to?(:empty?) && body.empty? JSON.parse(body) end diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 49163e0e..3c01084c 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -883,8 +883,8 @@ context "when the request body is nil" do subject(:get_token) { client.get_token({}) } - it "raises error JSON::ParserError" do - block_is_expected { get_token }.to raise_error(JSON::ParserError) + it "does not raise error" do + block_is_expected { get_token }.not_to raise_error end context "when extract_access_token raises an exception" do @@ -892,7 +892,45 @@ let(:extract_proc) { proc { |client, hash| raise ArgumentError } } it "returns a nil :access_token" do - expect(client.get_token({}, {}, extract_proc)).to eq(nil) + expect(client.get_token({}, {}, extract_proc)).to be_nil + end + end + end + + context "when the request body is empty" do + subject(:get_token) { client.get_token({}) } + + let(:body) { "" } + + it "does not raise error" do + block_is_expected { get_token }.not_to raise_error + end + + context "when extract_access_token raises an exception" do + let(:status_code) { 200 } + let(:extract_proc) { proc { |client, hash| raise ArgumentError } } + + it "returns a nil :access_token" do + expect(client.get_token({}, {}, extract_proc)).to be_nil + end + end + end + + context "when the request body is not valid JSON" do + subject(:get_token) { client.get_token({}) } + + let(:body) { "BLOOP" } + + it "raises error" do + block_is_expected { get_token }.to raise_error(JSON::ParserError, /unexpected character: 'BLOOP'/) + end + + context "when extract_access_token raises an exception" do + let(:status_code) { 200 } + let(:extract_proc) { proc { |client, hash| raise ArgumentError } } + + it "returns a nil :access_token" do + expect(client.get_token({}, {}, extract_proc)).to be_nil end end end From 3ad1a948d37f7e4b8444545d66a323bdb2d2c73d Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 07:56:11 +0700 Subject: [PATCH 329/645] =?UTF-8?q?=F0=9F=92=9A=20Fix=20specs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - unstub spec for JRuby --- .rubocop_gradual.lock | 18 +++++++++--------- spec/oauth2/client_spec.rb | 2 +- spec/oauth2/error_spec.rb | 4 ---- 3 files changed, 10 insertions(+), 14 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 9881f047..cf3bed13 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -48,7 +48,7 @@ [69, 15, 38, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1480816240], [79, 13, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2314399065] ], - "spec/oauth2/client_spec.rb:348683155": [ + "spec/oauth2/client_spec.rb:2985507284": [ [6, 1, 29, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/client*_spec.rb`.", 439549885], [175, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224], [194, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205], @@ -66,15 +66,15 @@ [1082, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], [1162, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325] ], - "spec/oauth2/error_spec.rb:1209122273": [ + "spec/oauth2/error_spec.rb:1648148825": [ [23, 1, 28, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/error*_spec.rb`.", 3385870076], - [93, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], - [109, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233], - [241, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], - [257, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233], - [315, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], - [376, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], - [392, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233] + [93, 11, 332, "RSpec/NoExpectationExample: No expectation found in this example.", 970111147], + [105, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233], + [237, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], + [253, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233], + [311, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], + [372, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], + [388, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233] ], "spec/oauth2/response_spec.rb:3742350944": [ [3, 1, 31, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/response*_spec.rb`.", 3190869319], diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 3c01084c..3ecdd63f 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -922,7 +922,7 @@ let(:body) { "BLOOP" } it "raises error" do - block_is_expected { get_token }.to raise_error(JSON::ParserError, /unexpected character: 'BLOOP'/) + block_is_expected { get_token }.to raise_error(JSON::ParserError, /unexpected.*'BLOOP'/) end context "when extract_access_token raises an exception" do diff --git a/spec/oauth2/error_spec.rb b/spec/oauth2/error_spec.rb index 893dce35..c130bb11 100644 --- a/spec/oauth2/error_spec.rb +++ b/spec/oauth2/error_spec.rb @@ -91,11 +91,7 @@ def to_str end it "replaces them" do - # The skip can be removed once support for < 2.1 is dropped. - encoding = {reason: "encode/scrub only works as of Ruby 2.1"} - skip_for(encoding.merge(engine: "jruby")) # See https://bibwild.wordpress.com/2013/03/12/removing-illegal-bytes-for-encoding-in-ruby-1-9-strings/ - raise "Invalid characters not replaced" unless subject.message.include?("� invalid �") # This will fail if {:invalid => replace} is not passed into `encode` end From 78091b8b38724d91cb033bc8106a3f9027eda79c Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 08:01:52 +0700 Subject: [PATCH 330/645] =?UTF-8?q?=F0=9F=92=9A=20Fix=20specs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - restub spec for JRuby --- spec/oauth2/error_spec.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/spec/oauth2/error_spec.rb b/spec/oauth2/error_spec.rb index c130bb11..281d93f8 100644 --- a/spec/oauth2/error_spec.rb +++ b/spec/oauth2/error_spec.rb @@ -91,7 +91,10 @@ def to_str end it "replaces them" do + encoding = {reason: "encoding isn't working right on JRuby"} + skip_for(encoding.merge(engine: "jruby")) # See https://bibwild.wordpress.com/2013/03/12/removing-illegal-bytes-for-encoding-in-ruby-1-9-strings/ + raise "Invalid characters not replaced" unless subject.message.include?("� invalid �") # This will fail if {:invalid => replace} is not passed into `encode` end From e6ff3b70208e6f9397e0a5016523302ba2e6dca5 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 08:14:18 +0700 Subject: [PATCH 331/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20updates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 16 ++++++++-------- README.md | 24 +++++++++++++----------- 2 files changed, 21 insertions(+), 19 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index cf3bed13..ef53e624 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -66,15 +66,15 @@ [1082, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], [1162, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325] ], - "spec/oauth2/error_spec.rb:1648148825": [ + "spec/oauth2/error_spec.rb:1692696277": [ [23, 1, 28, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/error*_spec.rb`.", 3385870076], - [93, 11, 332, "RSpec/NoExpectationExample: No expectation found in this example.", 970111147], - [105, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233], - [237, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], - [253, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233], - [311, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], - [372, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], - [388, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233] + [93, 11, 460, "RSpec/NoExpectationExample: No expectation found in this example.", 3630511675], + [108, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233], + [240, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], + [256, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233], + [314, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], + [375, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], + [391, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233] ], "spec/oauth2/response_spec.rb:3742350944": [ [3, 1, 31, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/response*_spec.rb`.", 3190869319], diff --git a/README.md b/README.md index 377b1ec1..c000f368 100644 --- a/README.md +++ b/README.md @@ -83,8 +83,8 @@ NOTE: `header` - The content type specified in the `curl` is already the default | Tokens to Remember | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace] | |-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Works with JRuby | [![JRuby 9.1 Compat][💎jruby-9.1i]][🚎10-j-wf] [![JRuby 9.2 Compat][💎jruby-9.2i]][🚎10-j-wf] [![JRuby 9.3 Compat][💎jruby-9.3i]][🚎10-j-wf] [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf] | -| Works with Truffle Ruby | [![Truffle Ruby 22.3 Compat][💎truby-22.3i]][🚎9-t-wf] [![Truffle Ruby 23.0 Compat][💎truby-23.0i]][🚎9-t-wf] [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf] [![Truffle Ruby HEAD Compat][💎truby-headi]][🚎3-hd-wf] | +| Works with JRuby | [![JRuby 9.2 Compat][💎jruby-9.2i]][🚎10-j-wf] [![JRuby 9.3 Compat][💎jruby-9.3i]][🚎10-j-wf] [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf] | +| Works with Truffle Ruby | [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf] [![Truffle Ruby HEAD Compat][💎truby-headi]][🚎3-hd-wf] | | Works with MRI Ruby 3 | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf] | | Works with MRI Ruby 2 | [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf] | | Source | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc] | @@ -104,7 +104,7 @@ NOTE: `header` - The content type specified in the `curl` is already the default | Version | Release Date | Readme | |---------|--------------|-------------------------------------------------------------| -| 2.0.10 | 2022-09-27 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.10/README.md | +| 2.0.10 | 2025-05-16 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.10/README.md | | 2.0.9 | 2022-09-16 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.9/README.md | | 2.0.8 | 2022-09-01 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.8/README.md | | 2.0.7 | 2022-08-22 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.7/README.md | @@ -238,9 +238,10 @@ For more see [SECURITY.md][🔐security]. ## Compatibility -Targeted ruby compatibility is non-EOL versions of Ruby, currently 2.7, 3.0 and -3.1. Compatibility is further distinguished by supported and unsupported versions of Ruby. -Ruby is limited to 2.2+ for 2.x releases. See `1-4-stable` branch for older rubies. +Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4. +Compatibility is further distinguished as "Best Effort Support" or "Incidental Support" for older versions of Ruby. +This gem will install on Ruby versions >= v2.2 for 2.x releases. +See `1-4-stable` branch for older rubies.
Ruby Engine Compatibility Policy @@ -269,11 +270,11 @@ fashion. If critical issues for a particular implementation exist at the time of a major release, support for that Ruby version may be dropped.
-| | Ruby OAuth2 Version | Maintenance Branch | Supported Officially | Supported Unofficially | Supported Incidentally | -|:----|---------------------|--------------------|-------------------------|------------------------|------------------------| -| 1️⃣ | 2.0.x | `main` | 2.7, 3.0, 3.1 | 2.5, 2.6 | 2.2, 2.3, 2.4 | -| 2️⃣ | 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 1.9, 2.0 | -| 3️⃣ | older | N/A | Best of luck to you! | Please upgrade! | | +| | Ruby OAuth2 Version | Maintenance Branch | Targeted Support | Best Effort Support | Incidental Support | +|:----|---------------------|--------------------|----------------------|-------------------------|------------------------------| +| 1️⃣ | 2.0.x | `main` | 3.2, 3.3, 3.4 | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.2, 2.3, 2.4 | +| 2️⃣ | 1.4.x | `1-4-stable` | 3.2, 3.3, 3.4 | 2.5, 2.6, 2.7, 3.0, 3.1 | 1.9, 2.0, 2.1, 2.2, 2.3, 2.4 | +| 3️⃣ | older | N/A | Best of luck to you! | Please upgrade! | | NOTE: The 1.4 series will only receive critical security updates. See [SECURITY.md][🚎sec-pol] @@ -290,6 +291,7 @@ OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key ```ruby OAuth2.configure do |config| config.silence_extra_tokens_warning = true # default: false + config.silence_no_tokens_warning = true # default: false, if you want to also silence warnings about no tokens end ``` From 36c0f5b4708bdf0cf87da521e1b0dee50fda54ae Mon Sep 17 00:00:00 2001 From: Annibelle Boling Date: Fri, 16 May 2025 03:39:05 -0600 Subject: [PATCH 332/645] =?UTF-8?q?=F0=9F=93=9D=20Made=20CITATION.cff?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/CITATION.cff | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/CITATION.cff diff --git a/.github/CITATION.cff b/.github/CITATION.cff new file mode 100644 index 00000000..525d0064 --- /dev/null +++ b/.github/CITATION.cff @@ -0,0 +1,23 @@ +cff-version: 1.2.0 +title: oauth2 +message: >- + If you use this work and you want to cite it, + then you can use the metadata from this file. +type: software +authors: + - given-names: Peter Hurn + family-names: Boling + email: peter@railsbling.com + affiliation: railsbling.com + orcid: 'https://orcid.org/0009-0008-8519-441X' + - given-names: Aboling0 + email: aboling@railsbling.com + affiliation: railsbling.com +identifiers: + - type: url + value: 'https://github.com/oauth-xx/oauth2' + description: oath2 +repository-code: 'https://github.com/oauth-xx/oauth2' +abstract: >- + oauth2 +license: See license file \ No newline at end of file From 775205c5e5bfffbffffa6f55effcd041e9536392 Mon Sep 17 00:00:00 2001 From: Annibelle Boling Date: Fri, 16 May 2025 03:57:20 -0600 Subject: [PATCH 333/645] =?UTF-8?q?=F0=9F=9A=9A=20Moved=20CITATION.cff?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/CITATION.cff => CITATION.cff | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/CITATION.cff => CITATION.cff (100%) diff --git a/.github/CITATION.cff b/CITATION.cff similarity index 100% rename from .github/CITATION.cff rename to CITATION.cff From eaadc1f7cff665c74d9bebceb0de088f0d36df70 Mon Sep 17 00:00:00 2001 From: Annibelle Boling Date: Fri, 16 May 2025 04:19:59 -0600 Subject: [PATCH 334/645] =?UTF-8?q?=E2=9A=A1=EF=B8=8F=20Change=20require?= =?UTF-8?q?=20to=20require=5Frelative?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/oauth2.rb | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/lib/oauth2.rb b/lib/oauth2.rb index 86baef76..d8e4cfa3 100644 --- a/lib/oauth2.rb +++ b/lib/oauth2.rb @@ -9,19 +9,19 @@ require "version_gem" # includes gem files -require "oauth2/version" -require "oauth2/filtered_attributes" -require "oauth2/error" -require "oauth2/authenticator" -require "oauth2/client" -require "oauth2/strategy/base" -require "oauth2/strategy/auth_code" -require "oauth2/strategy/implicit" -require "oauth2/strategy/password" -require "oauth2/strategy/client_credentials" -require "oauth2/strategy/assertion" -require "oauth2/access_token" -require "oauth2/response" +require_relative "oauth2/version" +require_relative "oauth2/filtered_attributes" +require_relative "oauth2/error" +require_relative "oauth2/authenticator" +require_relative "oauth2/client" +require_relative "oauth2/strategy/base" +require_relative "oauth2/strategy/auth_code" +require_relative "oauth2/strategy/implicit" +require_relative "oauth2/strategy/password" +require_relative "oauth2/strategy/client_credentials" +require_relative "oauth2/strategy/assertion" +require_relative "oauth2/access_token" +require_relative "oauth2/response" # The namespace of this library module OAuth2 From d6902cfe6cc6b1209845d6786489e39d550bec8a Mon Sep 17 00:00:00 2001 From: Annibelle Boling Date: Fri, 16 May 2025 04:42:04 -0600 Subject: [PATCH 335/645] =?UTF-8?q?=F0=9F=92=84=20Lint=20lock=20update?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 2 +- Gemfile.lock | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index ef53e624..1e975eef 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -3,7 +3,7 @@ [66, 5, 20, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2485198147], [78, 5, 74, "Style/InvertibleUnlessCondition: Prefer `if Gem.rubygems_version >= Gem::Version.new(\"2.7.0\")` over `unless Gem.rubygems_version < Gem::Version.new(\"2.7.0\")`.", 2453573257] ], - "lib/oauth2.rb:4176768025": [ + "lib/oauth2.rb:65351186": [ [38, 11, 7, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 651502127] ], "lib/oauth2/access_token.rb:3471244990": [ diff --git a/Gemfile.lock b/Gemfile.lock index 70d14049..f8762a9b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -275,6 +275,7 @@ GEM PLATFORMS x86_64-darwin-21 + x86_64-darwin-23 x86_64-linux DEPENDENCIES From e86da637b2aed41554389c2f1a9b29bc6721d3ba Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 18:29:49 +0700 Subject: [PATCH 336/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20updates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 12 +++++++++--- README.md | 4 ++-- lib/oauth2/client.rb | 2 +- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9dfd6dc5..5d2cf419 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,8 +11,12 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ### Removed ## [2.0.10] - 2025-05-XX ([tag][2.0.10t]) +- COVERAGE: 100.00% -- 518/518 lines in 14 files +- BRANCH COVERAGE: 100.00% -- 170/170 branches in 14 files +- 79.05% documented ### Added -- [!635](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/635) - `.gitlab-ci.yml` file (@jessieay) +- [gh!632](https://github.com/oauth-xx/oauth2/pull/632) - Added `funding.yml` (@Aboling0) +- [!635](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/635) - Added `.gitlab-ci.yml` (@jessieay) - [#638](https://gitlab.com/oauth-xx/oauth2/-/issues/638) - Documentation of support for ILO Fundamental Principles of Rights at Work - [!642](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/642) - 20 year certificate for signing gem releases, expires 2045-04-29 (@pboling) - Gemspec metadata (@pboling) @@ -28,16 +32,17 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - `OAuth2::Client#revoke_token` - `OAuth2::AccessToken#revoke` - See: https://datatracker.ietf.org/doc/html/rfc7009 +- [gh!644](https://github.com/oauth-xx/oauth2/pull/644), [gh!645](https://github.com/oauth-xx/oauth2/pull/645) - Added CITATION.cff (@Aboling0) ### Changed - Default value of `OAuth2.config.silence_extra_tokens_warning` was `false`, now `true` - Gem releases are now cryptographically signed, with a 20-year cert (@pboling) - - Allow linux distros to build release without signing, as their package managers sign independently + - Allow linux distros to build release without signing, as their package managers sign independently - [!647](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/647) - `OAuth2::AccessToken#refresh` now supports block param pass through (@pboling) - [!647](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/647) - `OAuth2.config` is no longer writable (@pboling) - [!647](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/647) - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling) ### Fixed - [#95](https://gitlab.com/oauth-xx/oauth2/-/issues/95) - restoring an access token via `AccessToken#from_hash` (@pboling) - - This was a 13 year old bug report. 😘 + - This was a 13 year old bug report. 😘 - [#619](https://gitlab.com/oauth-xx/oauth2/-/issues/619) - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling) - [!633](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/633) - Spaces will now be encoded as `%20` instead of `+` (@nov.matake) - [!634](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/634) - `CHANGELOG.md` documentation fix (@skuwa229) @@ -48,6 +53,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [!641](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/641) - Do not include sensitive information in the `inspect` (@manuelvanrijn) - [#641](https://gitlab.com/oauth-xx/oauth2/-/issues/641) - Made default JSON response parser more resilient (@pboling) - [#645](https://gitlab.com/oauth-xx/oauth2/-/issues/645) - Response no longer becomes a snaky hash (@pboling) +- [gh!646](https://github.com/oauth-xx/oauth2/pull/646) - Change require to require_relative (improve performance) (@Aboling0) ## [2.0.9] - 2022-09-16 ([tag][2.0.9t]) ### Added diff --git a/README.md b/README.md index c000f368..4284b47f 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@

-## OAuth2 +## 🔐 OAuth2 [![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] @@ -753,7 +753,7 @@ or one of the others at the head of this README. [📌gitmoji]:https://gitmoji.dev [📌gitmoji-img]:https://img.shields.io/badge/gitmoji-%20😜%20😍-FFDD67.svg?style=flat-square [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ -[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.073-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue +[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.518-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue [🔐security]: SECURITY.md [🔐security-img]: https://img.shields.io/badge/security-policy-brightgreen.svg?style=flat [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index c2ea5814..d44fad70 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -129,7 +129,7 @@ def revoke_url(https://github.com/params%20=%20nil) # # @param [Symbol] verb one of [:get, :post, :put, :delete] # @param [String] url URL path of request - # @param [Hash] opts the options to make the request with + # @param [Hash] req_opts the options to make the request with # @option req_opts [Hash] :params additional query parameters for the URL of the request # @option req_opts [Hash, String] :body the body of the request # @option req_opts [Hash] :headers http request headers From 0517d7fa2e7ef5a8ad8695bed6468a8f1e7730a4 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 18:48:24 +0700 Subject: [PATCH 337/645] =?UTF-8?q?=F0=9F=91=B7=20Fix=20CodeCov=20integrat?= =?UTF-8?q?ion?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/coverage.yml | 48 ++++++++++++++++++---------------- README.md | 2 +- 2 files changed, 26 insertions(+), 24 deletions(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index b01c457f..1e874f58 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -4,9 +4,7 @@ env: K_SOUP_COV_MIN_BRANCH: 100 K_SOUP_COV_MIN_LINE: 100 K_SOUP_COV_MIN_HARD: true - K_SOUP_COV_FORMATTERS: "html,rcov,lcov,json,tty" - K_SOUP_COV_DO: true - K_SOUP_COV_MULTI_FORMATTERS: true + K_SOUP_COV_FORMATTERS: "html,xml,rcov,lcov,json,tty" K_SOUP_COV_COMMAND_NAME: "RSpec Coverage" on: @@ -73,6 +71,30 @@ jobs: - name: Tests for ${{ matrix.ruby }}@current via ${{ matrix.exec_cmd }} run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} + # Do SaaS coverage uploads first + - name: Upload coverage to Coveralls + uses: coverallsapp/github-action@master + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + continue-on-error: ${{ matrix.experimental != 'false' }} + + - name: Upload coverage to QLTY + uses: qltysh/qlty-action/coverage@main + with: + coverage-token: ${{secrets.QLTY_COVERAGE_TOKEN}} + files: coverage/.resultset.json + continue-on-error: ${{ matrix.experimental != 'false' }} + + # Build will fail here if coverage upload fails + # which will hopefully be noticed for the lack of code coverage comments + - name: Upload coverage to CodeCov + uses: codecov/codecov-action@v5 + with: + fail_ci_if_error: true # optional (default = false) + token: ${{ secrets.CODECOV_TOKEN }} + verbose: true # optional (default = false) + + # Then PR comments - name: Code Coverage Summary Report uses: irongut/CodeCoverageSummary@v1.3.0 if: ${{ github.event_name == 'pull_request' }} @@ -95,23 +117,3 @@ jobs: recreate: true path: code-coverage-results.md continue-on-error: ${{ matrix.experimental != 'false' }} - - - name: Upload coverage to Coveralls - uses: coverallsapp/github-action@master - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - continue-on-error: ${{ matrix.experimental != 'false' }} - - - name: Upload coverage to QLTY - uses: qltysh/qlty-action/coverage@main - with: - coverage-token: ${{secrets.QLTY_COVERAGE_TOKEN}} - files: coverage/.resultset.json - continue-on-error: ${{ matrix.experimental != 'false' }} - - - name: Upload coverage to CodeCov - uses: codecov/codecov-action@v5 - with: - fail_ci_if_error: true # optional (default = false) - token: ${{ secrets.CODECOV_TOKEN }} - verbose: true # optional (default = false) diff --git a/README.md b/README.md index 4284b47f..10f94b22 100644 --- a/README.md +++ b/README.md @@ -668,7 +668,7 @@ or one of the others at the head of this README. [🔑cc-cov]: https://qlty.sh/gh/oauth-xx/projects/oauth2 [🔑cc-covi♻️]: https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/test_coverage.svg [🔑codecov]: https://codecov.io/gh/oauth-xx/oauth2 -[🔑codecovi♻️]: https://codecov.io/gh/oauth-xx/oauth2/branch/main/graph/badge.svg?token=bNqSzNiuo2 +[🔑codecovi♻️]: https://codecov.io/gh/oauth-xx/oauth2/graph/badge.svg?token=bNqSzNiuo2 [🔑coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=main [🔑coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth2/badge.svg?branch=main [🔑depfu]: https://depfu.com/github/oauth-xx/oauth2?project_id=5884 From 260343c7e05406f1179a7d2cb349bc050104af56 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 19:56:45 +0700 Subject: [PATCH 338/645] =?UTF-8?q?=F0=9F=91=B7=20Coverage=20workflow=20ne?= =?UTF-8?q?eds=20write=20privilege=20on=20pull=5Frequests?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/coverage.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 1e874f58..87fa537c 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -22,6 +22,7 @@ on: permissions: contents: read + pull-requests: write # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: From cb0311fcd821683b494af9382dad950b059193b0 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 22:14:21 +0700 Subject: [PATCH 339/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20Allow=20jwt=20v3,?= =?UTF-8?q?=20and=20faraday=20head?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - fix specs for JWT v3 - add appraisal for current rubies with runtime dep heads - add workflow for current rubies with runtime dep heads --- .github/workflows/current-runtime-heads.yml | 87 +++++++++++++++++++ Appraisals | 53 +++++++---- Gemfile.lock | 21 +++-- gemfiles/README.md | 3 + gemfiles/audit.gemfile | 6 +- gemfiles/coverage.gemfile | 6 +- gemfiles/current.gemfile | 6 +- gemfiles/current_runtime_heads.gemfile | 10 +++ gemfiles/head.gemfile | 4 +- gemfiles/modular/f0.gemfile | 6 -- gemfiles/modular/faraday_v0.gemfile | 7 ++ .../{f1.gemfile => faraday_v1.gemfile} | 0 .../{f2.gemfile => faraday_v2.gemfile} | 0 gemfiles/modular/jwt_v1.gemfile | 5 ++ gemfiles/modular/jwt_v2.gemfile | 4 + gemfiles/modular/jwt_v3.gemfile | 4 + gemfiles/modular/runtime_heads.gemfile | 9 ++ gemfiles/omnibus.gemfile | 6 +- gemfiles/ruby_2_2.gemfile | 6 +- gemfiles/ruby_2_3.gemfile | 6 +- gemfiles/ruby_2_4.gemfile | 6 +- gemfiles/ruby_2_5.gemfile | 6 +- gemfiles/ruby_2_6.gemfile | 6 +- gemfiles/ruby_2_7.gemfile | 6 +- gemfiles/ruby_3_0.gemfile | 6 +- gemfiles/ruby_3_1.gemfile | 6 +- gemfiles/ruby_3_2.gemfile | 6 +- gemfiles/ruby_3_3.gemfile | 6 +- gemfiles/style.gemfile | 4 +- gemfiles/vanilla.gemfile | 2 +- oauth2.gemspec | 12 +-- spec/oauth2/strategy/assertion_spec.rb | 2 +- 32 files changed, 247 insertions(+), 70 deletions(-) create mode 100644 .github/workflows/current-runtime-heads.yml create mode 100644 gemfiles/current_runtime_heads.gemfile delete mode 100644 gemfiles/modular/f0.gemfile create mode 100644 gemfiles/modular/faraday_v0.gemfile rename gemfiles/modular/{f1.gemfile => faraday_v1.gemfile} (100%) rename gemfiles/modular/{f2.gemfile => faraday_v2.gemfile} (100%) create mode 100644 gemfiles/modular/jwt_v1.gemfile create mode 100644 gemfiles/modular/jwt_v2.gemfile create mode 100644 gemfiles/modular/jwt_v3.gemfile create mode 100644 gemfiles/modular/runtime_heads.gemfile diff --git a/.github/workflows/current-runtime-heads.yml b/.github/workflows/current-runtime-heads.yml new file mode 100644 index 00000000..048e683d --- /dev/null +++ b/.github/workflows/current-runtime-heads.yml @@ -0,0 +1,87 @@ +# Targets the evergreen latest release of ruby, truffleruby, and jruby +# and tests against the HEAD of runtime dependencies +name: Runtime Deps @ HEAD + +env: + K_SOUP_COV_DO: false + +on: + push: + branches: + - 'main' + - '*-stable' + tags: + - '!*' # Do not execute on tags + pull_request: + branches: + - '*' + # Allow manually triggering the workflow. + workflow_dispatch: + +permissions: + contents: read + +# Cancels all previous workflow runs for the same branch that have not yet completed. +concurrency: + # The concurrency group contains the workflow name and the branch name. + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + test: + name: Specs ${{ matrix.ruby }}@${{ matrix.appraisal }} + if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + runs-on: ubuntu-latest + continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} + env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile + strategy: + matrix: + include: + # Ruby 3.4 + - ruby: "ruby" + appraisal: "current-runtime-heads" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: latest + bundler: latest + + # truffleruby-24.1 + # (according to documentation: targets Ruby 3.3 compatibility) + # (according to runtime: targets Ruby 3.2 compatibility) + - ruby: "truffleruby" + appraisal: "current-runtime-heads" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default + + # jruby-10.0 (targets Ruby 3.4 compatibility) + - ruby: "jruby" + appraisal: "current-runtime-heads" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: default + bundler: default + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Ruby & RubyGems + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + rubygems: ${{ matrix.rubygems }} + bundler: ${{ matrix.bundler }} + bundler-cache: false + + # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) + # We need to do this first to get appraisal installed. + # NOTE: This does not use the primary Gemfile at all. + - name: Install Root Appraisal + run: bundle + - name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle + - name: Tests for ${{ matrix.ruby }}@${{ matrix.appraisal }} via ${{ matrix.exec_cmd }} + run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} diff --git a/Appraisals b/Appraisals index 366123bb..69537b18 100644 --- a/Appraisals +++ b/Appraisals @@ -9,7 +9,15 @@ appraise "head" do gem "mutex_m", ">= 0.2" gem "stringio", ">= 3.0" - eval_gemfile "modular/f2.gemfile" + eval_gemfile "modular/runtime_heads.gemfile" + remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch +end + +# Test current Rubies against head versions of runtime dependencies +appraise "current-runtime-heads" do + gem "mutex_m", ">= 0.2" + gem "stringio", ">= 3.0" + eval_gemfile "modular/runtime_heads.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -18,69 +26,80 @@ end appraise "current" do gem "mutex_m", ">= 0.2" gem "stringio", ">= 3.0" - eval_gemfile "modular/f2.gemfile" + eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/jwt_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-2-2" do - eval_gemfile "modular/f0.gemfile" + eval_gemfile "modular/faraday_v0.gemfile" + eval_gemfile "modular/jwt_v1.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-2-3" do - eval_gemfile "modular/f0.gemfile" + eval_gemfile "modular/faraday_v0.gemfile" + eval_gemfile "modular/jwt_v1.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-2-4" do - eval_gemfile "modular/f1.gemfile" + eval_gemfile "modular/faraday_v1.gemfile" + eval_gemfile "modular/jwt_v1.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-2-5" do - eval_gemfile "modular/f1.gemfile" + eval_gemfile "modular/faraday_v1.gemfile" + eval_gemfile "modular/jwt_v2.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-2-6" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" - eval_gemfile "modular/f2.gemfile" + eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/jwt_v2.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-2-7" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" - eval_gemfile "modular/f2.gemfile" + eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/jwt_v2.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-3-0" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" - eval_gemfile "modular/f2.gemfile" + eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/jwt_v2.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-3-1" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" - eval_gemfile "modular/f2.gemfile" + eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/jwt_v2.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-3-2" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" - eval_gemfile "modular/f2.gemfile" + eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/jwt_v2.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-3-3" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" - eval_gemfile "modular/f2.gemfile" + eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/jwt_v2.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -88,7 +107,8 @@ end appraise "audit" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" - eval_gemfile "modular/f2.gemfile" + eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/jwt_v2.gemfile" eval_gemfile "modular/audit.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -97,7 +117,8 @@ end appraise "coverage" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" - eval_gemfile "modular/f2.gemfile" + eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/jwt_v2.gemfile" eval_gemfile "modular/coverage.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -106,7 +127,6 @@ end appraise "style" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" - eval_gemfile "modular/f2.gemfile" eval_gemfile "modular/style.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -115,7 +135,8 @@ appraise "omnibus" do eval_gemfile "modular/audit.gemfile" eval_gemfile "modular/coverage.gemfile" eval_gemfile "modular/documentation.gemfile" - eval_gemfile "modular/f2.gemfile" + eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/jwt_v2.gemfile" eval_gemfile "modular/style.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end diff --git a/Gemfile.lock b/Gemfile.lock index f8762a9b..eac9d120 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,11 @@ +GIT + remote: https://github.com/jwt/ruby-jwt + revision: 6aac2d682b04ac62962989be18479040f806f34e + branch: main + specs: + jwt (3.0.0.beta1) + base64 + GIT remote: https://github.com/pboling/appraisal revision: a3a3e4b7db67d9b085f96b2ffddd2b51bd8a1196 @@ -25,7 +33,7 @@ PATH specs: oauth2 (2.0.10) faraday (>= 0.17.3, < 3.0) - jwt (>= 1.0, < 3.0) + jwt (>= 1.0, < 4.0) multi_xml (~> 0.5) rack (>= 1.2, < 4) snaky_hash (~> 2.0) @@ -98,8 +106,6 @@ GEM rdoc (>= 4.0.0) reline (>= 0.4.2) json (2.12.0) - jwt (2.10.1) - base64 kettle-soup-cover (1.0.6) simplecov (~> 0.22) simplecov-cobertura (~> 2.1) @@ -166,7 +172,7 @@ GEM ruby_version (~> 1.0) rspec-stubbed_env (1.0.2) rspec-support (3.13.3) - rubocop (1.75.5) + rubocop (1.75.6) json (~> 2.3) language_server-protocol (~> 3.17.0.2) lint_roller (~> 1.1.0) @@ -286,15 +292,16 @@ DEPENDENCIES bundler-audit (~> 0.9.2) debug (>= 1.0.0) gem_bench (~> 2.0, >= 2.0.5) + jwt! kettle-soup-cover (~> 1.0, >= 1.0.6) nkf (~> 0.2) oauth2! - rake (>= 12) + rake (~> 13.0) rdoc (~> 6.11) reek (~> 6.4) rexml (>= 3) - rspec (>= 3) - rspec-block_is_expected + rspec (~> 3.13) + rspec-block_is_expected (~> 1.0) rspec-pending_for rspec-stubbed_env rubocop (~> 1.73, >= 1.73.2) diff --git a/gemfiles/README.md b/gemfiles/README.md index 2f08c8e0..cd99cdab 100644 --- a/gemfiles/README.md +++ b/gemfiles/README.md @@ -1,5 +1,8 @@ # History +This document will become out-of-date quickly, but remains historically relevant until +such time as this gem is released with support for non-EOL Ruby only. + `faraday` v0.17.3 is the first version that stops using `&Proc.new` for block forwarding, and thus is the oldest version oauth2 is compatible with. diff --git a/gemfiles/audit.gemfile b/gemfiles/audit.gemfile index e8bead50..9e81354d 100644 --- a/gemfiles/audit.gemfile +++ b/gemfiles/audit.gemfile @@ -5,8 +5,10 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" -eval_gemfile("modular/f2.gemfile") +eval_gemfile("modular/faraday_v2.gemfile") + +eval_gemfile("modular/jwt_v2.gemfile") eval_gemfile("modular/audit.gemfile") diff --git a/gemfiles/coverage.gemfile b/gemfiles/coverage.gemfile index 938138a0..aa1f5a9f 100644 --- a/gemfiles/coverage.gemfile +++ b/gemfiles/coverage.gemfile @@ -5,8 +5,10 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" -eval_gemfile("modular/f2.gemfile") +eval_gemfile("modular/faraday_v2.gemfile") + +eval_gemfile("modular/jwt_v2.gemfile") eval_gemfile("modular/coverage.gemfile") diff --git a/gemfiles/current.gemfile b/gemfiles/current.gemfile index 36b43d26..59daf307 100644 --- a/gemfiles/current.gemfile +++ b/gemfiles/current.gemfile @@ -5,6 +5,8 @@ source "https://rubygems.org/" gem "mutex_m", ">= 0.2" gem "stringio", ">= 3.0" -gemspec path: "../" +gemspec :path => "../" -eval_gemfile("modular/f2.gemfile") +eval_gemfile("modular/faraday_v2.gemfile") + +eval_gemfile("modular/jwt_v3.gemfile") diff --git a/gemfiles/current_runtime_heads.gemfile b/gemfiles/current_runtime_heads.gemfile new file mode 100644 index 00000000..74ea868d --- /dev/null +++ b/gemfiles/current_runtime_heads.gemfile @@ -0,0 +1,10 @@ +# This file was generated by Appraisal + +source "https://rubygems.org/" + +gem "mutex_m", ">= 0.2" +gem "stringio", ">= 3.0" + +gemspec :path => "../" + +eval_gemfile("modular/runtime_heads.gemfile") diff --git a/gemfiles/head.gemfile b/gemfiles/head.gemfile index 36b43d26..74ea868d 100644 --- a/gemfiles/head.gemfile +++ b/gemfiles/head.gemfile @@ -5,6 +5,6 @@ source "https://rubygems.org/" gem "mutex_m", ">= 0.2" gem "stringio", ">= 3.0" -gemspec path: "../" +gemspec :path => "../" -eval_gemfile("modular/f2.gemfile") +eval_gemfile("modular/runtime_heads.gemfile") diff --git a/gemfiles/modular/f0.gemfile b/gemfiles/modular/f0.gemfile deleted file mode 100644 index 913ac2b4..00000000 --- a/gemfiles/modular/f0.gemfile +++ /dev/null @@ -1,6 +0,0 @@ -# frozen_string_literal: true - -# 0.17.3 is the first version that stops using &Proc.new for block forwarding, -# and thus is the oldest version oauth2 is compatible with. -# Last version compatible with Ruby 1.9, 2.0, 2.1, 2.2, and 2.3 -gem "faraday", "~> 0.17.6" diff --git a/gemfiles/modular/faraday_v0.gemfile b/gemfiles/modular/faraday_v0.gemfile new file mode 100644 index 00000000..caa833b9 --- /dev/null +++ b/gemfiles/modular/faraday_v0.gemfile @@ -0,0 +1,7 @@ +# frozen_string_literal: true + +# Ruby >= 1.9 +# 0.17.3 is the first version to not use &Proc.new when forwarding blocks. +# Thus, it is the oldest version oauth2 is compatible with. +# This version of faraday is the last compatible with Ruby 1.9, 2.0, 2.1, 2.2, and 2.3: +gem "faraday", "~> 0.17.6" diff --git a/gemfiles/modular/f1.gemfile b/gemfiles/modular/faraday_v1.gemfile similarity index 100% rename from gemfiles/modular/f1.gemfile rename to gemfiles/modular/faraday_v1.gemfile diff --git a/gemfiles/modular/f2.gemfile b/gemfiles/modular/faraday_v2.gemfile similarity index 100% rename from gemfiles/modular/f2.gemfile rename to gemfiles/modular/faraday_v2.gemfile diff --git a/gemfiles/modular/jwt_v1.gemfile b/gemfiles/modular/jwt_v1.gemfile new file mode 100644 index 00000000..a48aa406 --- /dev/null +++ b/gemfiles/modular/jwt_v1.gemfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +# Ruby >= 0 +# This version of jwt is the last compatible with Ruby 1.9, 2.0, 2.1, 2.2, 2.3, 2.4: +gem "jwt", "~> 1.5", ">= 1.5.6" diff --git a/gemfiles/modular/jwt_v2.gemfile b/gemfiles/modular/jwt_v2.gemfile new file mode 100644 index 00000000..589888ed --- /dev/null +++ b/gemfiles/modular/jwt_v2.gemfile @@ -0,0 +1,4 @@ +# frozen_string_literal: true + +# Ruby >= 2.5 +gem "jwt", "~> 2.10", ">= 2.10.1" diff --git a/gemfiles/modular/jwt_v3.gemfile b/gemfiles/modular/jwt_v3.gemfile new file mode 100644 index 00000000..0ff1d8b0 --- /dev/null +++ b/gemfiles/modular/jwt_v3.gemfile @@ -0,0 +1,4 @@ +# frozen_string_literal: true + +# Ruby >= 2.5 +gem "jwt", ">= 3.0.0.beta1", "< 4" diff --git a/gemfiles/modular/runtime_heads.gemfile b/gemfiles/modular/runtime_heads.gemfile new file mode 100644 index 00000000..b998f088 --- /dev/null +++ b/gemfiles/modular/runtime_heads.gemfile @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +# Test against HEAD of runtime dependencies so we can proactively file bugs + +# Ruby >= 2.5 +gem "jwt", github: "jwt/ruby-jwt", branch: "main" + +# Ruby >= 3.0 +gem "faraday", github: "lostisland/faraday", branch: "main" \ No newline at end of file diff --git a/gemfiles/omnibus.gemfile b/gemfiles/omnibus.gemfile index a7b63e97..40896104 100644 --- a/gemfiles/omnibus.gemfile +++ b/gemfiles/omnibus.gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org/" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/audit.gemfile") @@ -10,6 +10,8 @@ eval_gemfile("modular/coverage.gemfile") eval_gemfile("modular/documentation.gemfile") -eval_gemfile("modular/f2.gemfile") +eval_gemfile("modular/faraday_v2.gemfile") + +eval_gemfile("modular/jwt_v2.gemfile") eval_gemfile("modular/style.gemfile") diff --git a/gemfiles/ruby_2_2.gemfile b/gemfiles/ruby_2_2.gemfile index 38fde197..e2a3b246 100644 --- a/gemfiles/ruby_2_2.gemfile +++ b/gemfiles/ruby_2_2.gemfile @@ -2,6 +2,8 @@ source "https://rubygems.org/" -gemspec path: "../" +gemspec :path => "../" -eval_gemfile("modular/f0.gemfile") +eval_gemfile("modular/faraday_v0.gemfile") + +eval_gemfile("modular/jwt_v1.gemfile") diff --git a/gemfiles/ruby_2_3.gemfile b/gemfiles/ruby_2_3.gemfile index 38fde197..e2a3b246 100644 --- a/gemfiles/ruby_2_3.gemfile +++ b/gemfiles/ruby_2_3.gemfile @@ -2,6 +2,8 @@ source "https://rubygems.org/" -gemspec path: "../" +gemspec :path => "../" -eval_gemfile("modular/f0.gemfile") +eval_gemfile("modular/faraday_v0.gemfile") + +eval_gemfile("modular/jwt_v1.gemfile") diff --git a/gemfiles/ruby_2_4.gemfile b/gemfiles/ruby_2_4.gemfile index 3ad1f7eb..42e6a839 100644 --- a/gemfiles/ruby_2_4.gemfile +++ b/gemfiles/ruby_2_4.gemfile @@ -2,6 +2,8 @@ source "https://rubygems.org/" -gemspec path: "../" +gemspec :path => "../" -eval_gemfile("modular/f1.gemfile") +eval_gemfile("modular/faraday_v1.gemfile") + +eval_gemfile("modular/jwt_v1.gemfile") diff --git a/gemfiles/ruby_2_5.gemfile b/gemfiles/ruby_2_5.gemfile index 3ad1f7eb..710ffeeb 100644 --- a/gemfiles/ruby_2_5.gemfile +++ b/gemfiles/ruby_2_5.gemfile @@ -2,6 +2,8 @@ source "https://rubygems.org/" -gemspec path: "../" +gemspec :path => "../" -eval_gemfile("modular/f1.gemfile") +eval_gemfile("modular/faraday_v1.gemfile") + +eval_gemfile("modular/jwt_v2.gemfile") diff --git a/gemfiles/ruby_2_6.gemfile b/gemfiles/ruby_2_6.gemfile index b9614aaa..6d346779 100644 --- a/gemfiles/ruby_2_6.gemfile +++ b/gemfiles/ruby_2_6.gemfile @@ -5,6 +5,8 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" -eval_gemfile("modular/f2.gemfile") +eval_gemfile("modular/faraday_v2.gemfile") + +eval_gemfile("modular/jwt_v2.gemfile") diff --git a/gemfiles/ruby_2_7.gemfile b/gemfiles/ruby_2_7.gemfile index b9614aaa..6d346779 100644 --- a/gemfiles/ruby_2_7.gemfile +++ b/gemfiles/ruby_2_7.gemfile @@ -5,6 +5,8 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" -eval_gemfile("modular/f2.gemfile") +eval_gemfile("modular/faraday_v2.gemfile") + +eval_gemfile("modular/jwt_v2.gemfile") diff --git a/gemfiles/ruby_3_0.gemfile b/gemfiles/ruby_3_0.gemfile index b9614aaa..6d346779 100644 --- a/gemfiles/ruby_3_0.gemfile +++ b/gemfiles/ruby_3_0.gemfile @@ -5,6 +5,8 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" -eval_gemfile("modular/f2.gemfile") +eval_gemfile("modular/faraday_v2.gemfile") + +eval_gemfile("modular/jwt_v2.gemfile") diff --git a/gemfiles/ruby_3_1.gemfile b/gemfiles/ruby_3_1.gemfile index b9614aaa..6d346779 100644 --- a/gemfiles/ruby_3_1.gemfile +++ b/gemfiles/ruby_3_1.gemfile @@ -5,6 +5,8 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" -eval_gemfile("modular/f2.gemfile") +eval_gemfile("modular/faraday_v2.gemfile") + +eval_gemfile("modular/jwt_v2.gemfile") diff --git a/gemfiles/ruby_3_2.gemfile b/gemfiles/ruby_3_2.gemfile index b9614aaa..6d346779 100644 --- a/gemfiles/ruby_3_2.gemfile +++ b/gemfiles/ruby_3_2.gemfile @@ -5,6 +5,8 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" -eval_gemfile("modular/f2.gemfile") +eval_gemfile("modular/faraday_v2.gemfile") + +eval_gemfile("modular/jwt_v2.gemfile") diff --git a/gemfiles/ruby_3_3.gemfile b/gemfiles/ruby_3_3.gemfile index b9614aaa..6d346779 100644 --- a/gemfiles/ruby_3_3.gemfile +++ b/gemfiles/ruby_3_3.gemfile @@ -5,6 +5,8 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" -eval_gemfile("modular/f2.gemfile") +eval_gemfile("modular/faraday_v2.gemfile") + +eval_gemfile("modular/jwt_v2.gemfile") diff --git a/gemfiles/style.gemfile b/gemfiles/style.gemfile index b8001616..0b9591b7 100644 --- a/gemfiles/style.gemfile +++ b/gemfiles/style.gemfile @@ -5,8 +5,6 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" - -eval_gemfile("modular/f2.gemfile") +gemspec :path => "../" eval_gemfile("modular/style.gemfile") diff --git a/gemfiles/vanilla.gemfile b/gemfiles/vanilla.gemfile index 095e6608..a55548f2 100644 --- a/gemfiles/vanilla.gemfile +++ b/gemfiles/vanilla.gemfile @@ -2,4 +2,4 @@ source "https://rubygems.org/" -gemspec path: "../" +gemspec :path => "../" diff --git a/oauth2.gemspec b/oauth2.gemspec index b58053e0..c33c0d67 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -112,12 +112,12 @@ Thanks, |7eter l-|. l3oling spec.bindir = "exe" spec.executables = [] - spec.add_dependency("faraday", [">= 0.17.3", "< 3.0"]) - spec.add_dependency("jwt", [">= 1.0", "< 3.0"]) - spec.add_dependency("multi_xml", "~> 0.5") - spec.add_dependency("rack", [">= 1.2", "< 4"]) - spec.add_dependency("snaky_hash", "~> 2.0") - spec.add_dependency("version_gem", ">= 1.1.8", "< 3") # Ruby >= 2.2.0 + spec.add_dependency("faraday", [">= 0.17.3", "< 4.0"]) # Ruby >= 1.9 + spec.add_dependency("jwt", [">= 1.0", "< 4.0"]) # Ruby >= 0 + spec.add_dependency("multi_xml", "~> 0.5") # Ruby >= 0 + spec.add_dependency("rack", [">= 1.2", "< 4"]) # Ruby >= 0 + spec.add_dependency("snaky_hash", "~> 2.0") # Ruby >= 2.2 + spec.add_dependency("version_gem", ">= 1.1.8", "< 3") # Ruby >= 2.2 spec.add_development_dependency("addressable", ">= 2") spec.add_development_dependency("backports", ">= 3") diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index 3cde2842..38a35dd0 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -100,7 +100,7 @@ context "when encoding as RS256" do let(:algorithm) { "RS256" } - let(:key) { OpenSSL::PKey::RSA.new(1024) } + let(:key) { OpenSSL::PKey::RSA.new(2048) } before do client_assertion.get_token(claims, algorithm: algorithm, key: key) From 2cd83bdaf8effe3d8fca285f9e7dc650779f0537 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 22:15:03 +0700 Subject: [PATCH 340/645] =?UTF-8?q?=F0=9F=94=A8=20kettle-soup-cover=20rake?= =?UTF-8?q?=20task?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Rakefile | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/Rakefile b/Rakefile index ac15c136..861c7997 100644 --- a/Rakefile +++ b/Rakefile @@ -5,6 +5,22 @@ defaults = [] # See: https://docs.gitlab.com/ci/variables/predefined_variables/ is_gitlab = ENV.fetch("https://github.com/GITLAB_CI", "false").casecmp("true") == 0 +### DEVELOPMENT TASKS +# Setup Kettle Soup Cover +begin + require "kettle-soup-cover" + + Kettle::Soup::Cover.install_tasks + # NOTE: Coverage on CI is configured independent of this task. + # This task is for local development, as it opens results in browser + defaults << "coverage" unless Kettle::Soup::Cover::IS_CI +rescue LoadError + desc("(stub) coverage is unavailable") + task("coverage") do + warn("NOTE: kettle-soup-cover isn't installed, or is disabled for #{RUBY_VERSION} in the current environment") + end +end + # Setup Bundle Audit begin require "bundler/audit/task" From 514be0e977dbd784a0dc6ba579080057b931be47 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 22:15:16 +0700 Subject: [PATCH 341/645] =?UTF-8?q?=F0=9F=94=A8=20stone=5Fchecksums=20rake?= =?UTF-8?q?=20task?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Rakefile | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/Rakefile b/Rakefile index 861c7997..ddffe886 100644 --- a/Rakefile +++ b/Rakefile @@ -102,4 +102,17 @@ rescue LoadError end end +### RELEASE TASKS +# Setup stone_checksums +begin + require "stone_checksums" + + GemChecksums.install_tasks +rescue LoadError + desc("(stub) build:generate_checksums is unavailable") + task("build:generate_checksums") do + warn("NOTE: stone_checksums isn't installed, or is disabled for #{RUBY_VERSION} in the current environment") + end +end + task default: defaults From db7f1b468fcfb2aacf03115d2bc67172b7367837 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 22:17:28 +0700 Subject: [PATCH 342/645] =?UTF-8?q?=F0=9F=9A=A8=20Linting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Gemfile.lock | 19 ++++++------------- gemfiles/audit.gemfile | 2 +- gemfiles/coverage.gemfile | 2 +- gemfiles/current.gemfile | 2 +- gemfiles/current_runtime_heads.gemfile | 2 +- gemfiles/head.gemfile | 2 +- gemfiles/modular/runtime_heads.gemfile | 2 +- gemfiles/omnibus.gemfile | 2 +- gemfiles/ruby_2_2.gemfile | 2 +- gemfiles/ruby_2_3.gemfile | 2 +- gemfiles/ruby_2_4.gemfile | 2 +- gemfiles/ruby_2_5.gemfile | 2 +- gemfiles/ruby_2_6.gemfile | 2 +- gemfiles/ruby_2_7.gemfile | 2 +- gemfiles/ruby_3_0.gemfile | 2 +- gemfiles/ruby_3_1.gemfile | 2 +- gemfiles/ruby_3_2.gemfile | 2 +- gemfiles/ruby_3_3.gemfile | 2 +- gemfiles/style.gemfile | 2 +- gemfiles/vanilla.gemfile | 2 +- 20 files changed, 25 insertions(+), 32 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index eac9d120..bdf1a716 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,11 +1,3 @@ -GIT - remote: https://github.com/jwt/ruby-jwt - revision: 6aac2d682b04ac62962989be18479040f806f34e - branch: main - specs: - jwt (3.0.0.beta1) - base64 - GIT remote: https://github.com/pboling/appraisal revision: a3a3e4b7db67d9b085f96b2ffddd2b51bd8a1196 @@ -32,7 +24,7 @@ PATH remote: . specs: oauth2 (2.0.10) - faraday (>= 0.17.3, < 3.0) + faraday (>= 0.17.3, < 4.0) jwt (>= 1.0, < 4.0) multi_xml (~> 0.5) rack (>= 1.2, < 4) @@ -106,6 +98,8 @@ GEM rdoc (>= 4.0.0) reline (>= 0.4.2) json (2.12.0) + jwt (3.0.0.beta1) + base64 kettle-soup-cover (1.0.6) simplecov (~> 0.22) simplecov-cobertura (~> 2.1) @@ -292,16 +286,15 @@ DEPENDENCIES bundler-audit (~> 0.9.2) debug (>= 1.0.0) gem_bench (~> 2.0, >= 2.0.5) - jwt! kettle-soup-cover (~> 1.0, >= 1.0.6) nkf (~> 0.2) oauth2! - rake (~> 13.0) + rake (>= 12) rdoc (~> 6.11) reek (~> 6.4) rexml (>= 3) - rspec (~> 3.13) - rspec-block_is_expected (~> 1.0) + rspec (>= 3) + rspec-block_is_expected rspec-pending_for rspec-stubbed_env rubocop (~> 1.73, >= 1.73.2) diff --git a/gemfiles/audit.gemfile b/gemfiles/audit.gemfile index 9e81354d..60aacd84 100644 --- a/gemfiles/audit.gemfile +++ b/gemfiles/audit.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/coverage.gemfile b/gemfiles/coverage.gemfile index aa1f5a9f..c2b59b43 100644 --- a/gemfiles/coverage.gemfile +++ b/gemfiles/coverage.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/current.gemfile b/gemfiles/current.gemfile index 59daf307..0e435025 100644 --- a/gemfiles/current.gemfile +++ b/gemfiles/current.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", ">= 0.2" gem "stringio", ">= 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/current_runtime_heads.gemfile b/gemfiles/current_runtime_heads.gemfile index 74ea868d..fc9c120d 100644 --- a/gemfiles/current_runtime_heads.gemfile +++ b/gemfiles/current_runtime_heads.gemfile @@ -5,6 +5,6 @@ source "https://rubygems.org/" gem "mutex_m", ">= 0.2" gem "stringio", ">= 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/runtime_heads.gemfile") diff --git a/gemfiles/head.gemfile b/gemfiles/head.gemfile index 74ea868d..fc9c120d 100644 --- a/gemfiles/head.gemfile +++ b/gemfiles/head.gemfile @@ -5,6 +5,6 @@ source "https://rubygems.org/" gem "mutex_m", ">= 0.2" gem "stringio", ">= 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/runtime_heads.gemfile") diff --git a/gemfiles/modular/runtime_heads.gemfile b/gemfiles/modular/runtime_heads.gemfile index b998f088..dd718145 100644 --- a/gemfiles/modular/runtime_heads.gemfile +++ b/gemfiles/modular/runtime_heads.gemfile @@ -6,4 +6,4 @@ gem "jwt", github: "jwt/ruby-jwt", branch: "main" # Ruby >= 3.0 -gem "faraday", github: "lostisland/faraday", branch: "main" \ No newline at end of file +gem "faraday", github: "lostisland/faraday", branch: "main" diff --git a/gemfiles/omnibus.gemfile b/gemfiles/omnibus.gemfile index 40896104..7d6e2d0f 100644 --- a/gemfiles/omnibus.gemfile +++ b/gemfiles/omnibus.gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org/" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/audit.gemfile") diff --git a/gemfiles/ruby_2_2.gemfile b/gemfiles/ruby_2_2.gemfile index e2a3b246..2b81e6bb 100644 --- a/gemfiles/ruby_2_2.gemfile +++ b/gemfiles/ruby_2_2.gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org/" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v0.gemfile") diff --git a/gemfiles/ruby_2_3.gemfile b/gemfiles/ruby_2_3.gemfile index e2a3b246..2b81e6bb 100644 --- a/gemfiles/ruby_2_3.gemfile +++ b/gemfiles/ruby_2_3.gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org/" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v0.gemfile") diff --git a/gemfiles/ruby_2_4.gemfile b/gemfiles/ruby_2_4.gemfile index 42e6a839..77feabf3 100644 --- a/gemfiles/ruby_2_4.gemfile +++ b/gemfiles/ruby_2_4.gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org/" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v1.gemfile") diff --git a/gemfiles/ruby_2_5.gemfile b/gemfiles/ruby_2_5.gemfile index 710ffeeb..3d6a6935 100644 --- a/gemfiles/ruby_2_5.gemfile +++ b/gemfiles/ruby_2_5.gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org/" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v1.gemfile") diff --git a/gemfiles/ruby_2_6.gemfile b/gemfiles/ruby_2_6.gemfile index 6d346779..6f8b671a 100644 --- a/gemfiles/ruby_2_6.gemfile +++ b/gemfiles/ruby_2_6.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/ruby_2_7.gemfile b/gemfiles/ruby_2_7.gemfile index 6d346779..6f8b671a 100644 --- a/gemfiles/ruby_2_7.gemfile +++ b/gemfiles/ruby_2_7.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/ruby_3_0.gemfile b/gemfiles/ruby_3_0.gemfile index 6d346779..6f8b671a 100644 --- a/gemfiles/ruby_3_0.gemfile +++ b/gemfiles/ruby_3_0.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/ruby_3_1.gemfile b/gemfiles/ruby_3_1.gemfile index 6d346779..6f8b671a 100644 --- a/gemfiles/ruby_3_1.gemfile +++ b/gemfiles/ruby_3_1.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/ruby_3_2.gemfile b/gemfiles/ruby_3_2.gemfile index 6d346779..6f8b671a 100644 --- a/gemfiles/ruby_3_2.gemfile +++ b/gemfiles/ruby_3_2.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/ruby_3_3.gemfile b/gemfiles/ruby_3_3.gemfile index 6d346779..6f8b671a 100644 --- a/gemfiles/ruby_3_3.gemfile +++ b/gemfiles/ruby_3_3.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/style.gemfile b/gemfiles/style.gemfile index 0b9591b7..f75762cf 100644 --- a/gemfiles/style.gemfile +++ b/gemfiles/style.gemfile @@ -5,6 +5,6 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/style.gemfile") diff --git a/gemfiles/vanilla.gemfile b/gemfiles/vanilla.gemfile index a55548f2..095e6608 100644 --- a/gemfiles/vanilla.gemfile +++ b/gemfiles/vanilla.gemfile @@ -2,4 +2,4 @@ source "https://rubygems.org/" -gemspec :path => "../" +gemspec path: "../" From 208286db37d5758a454df0b3b732878e7b5245a0 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 22:17:51 +0700 Subject: [PATCH 343/645] =?UTF-8?q?=F0=9F=94=A8=20binstub=20for=20appraisa?= =?UTF-8?q?l?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bin/appraisal | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 bin/appraisal diff --git a/bin/appraisal b/bin/appraisal new file mode 100644 index 00000000..5038ce52 --- /dev/null +++ b/bin/appraisal @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'appraisal' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("appraisal", "appraisal") From 9b9882863ddf7135ae7e7714b443fc9715237cfc Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 22:21:09 +0700 Subject: [PATCH 344/645] =?UTF-8?q?=F0=9F=9A=A8=20Linting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop.yml | 3 +++ .rubocop_gradual.lock | 13 +++---------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/.rubocop.yml b/.rubocop.yml index 32a249f3..6653c82a 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -78,3 +78,6 @@ Style/TrailingCommaInArrayLiteral: Style/TrailingCommaInHashLiteral: EnforcedStyleForMultiline: comma + +Gemspec/DependencyVersion: + Enabled: false \ No newline at end of file diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 1e975eef..249a9a59 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -21,15 +21,8 @@ "lib/oauth2/response.rb:4048171841": [ [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] ], - "oauth2.gemspec:290828046": [ - [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028], - [115, 3, 54, "Gemspec/DependencyVersion: Dependency version specification is required.", 3677216839], - [116, 3, 47, "Gemspec/DependencyVersion: Dependency version specification is required.", 2440116108], - [118, 3, 46, "Gemspec/DependencyVersion: Dependency version specification is required.", 1075698341], - [128, 3, 58, "Gemspec/DependencyVersion: Dependency version specification is required.", 2795510341], - [129, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 804182931], - [130, 3, 52, "Gemspec/DependencyVersion: Dependency version specification is required.", 3163430777], - [131, 3, 48, "Gemspec/DependencyVersion: Dependency version specification is required.", 425065368] + "oauth2.gemspec:2343383348": [ + [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028] ], "spec/oauth2/access_token_spec.rb:443932125": [ [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547], @@ -80,7 +73,7 @@ [3, 1, 31, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/response*_spec.rb`.", 3190869319], [317, 33, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785] ], - "spec/oauth2/strategy/assertion_spec.rb:3215095897": [ + "spec/oauth2/strategy/assertion_spec.rb:793170256": [ [6, 1, 42, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/assertion*_spec.rb`.", 3665690869] ], "spec/oauth2/strategy/auth_code_spec.rb:142083698": [ From 9a940f116617e32ad2a3bb268954991f6ea95dec Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 22:25:02 +0700 Subject: [PATCH 345/645] =?UTF-8?q?=F0=9F=9A=9A=20Ruby=203.1=20to=20legacy?= =?UTF-8?q?=20workflow?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/legacy.yml | 10 +++++++++- .github/workflows/supported.yml | 8 -------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/legacy.yml b/.github/workflows/legacy.yml index a76b6493..4c7cc9a3 100644 --- a/.github/workflows/legacy.yml +++ b/.github/workflows/legacy.yml @@ -1,4 +1,4 @@ -name: MRI 3.0 (EOL) +name: MRI 3.0, 3.1 (EOL) env: K_SOUP_COV_DO: false @@ -37,6 +37,14 @@ jobs: fail-fast: false matrix: include: + # Ruby 3.1 + - ruby: "ruby-3.1" + appraisal: "ruby-3-1" + exec_cmd: "rake test" + gemfile: "Appraisal.root" + rubygems: latest + bundler: latest + # Ruby 3.0 - ruby: "ruby-3.0" appraisal: "ruby-3-0" diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml index 832b2d1a..c12cf984 100644 --- a/.github/workflows/supported.yml +++ b/.github/workflows/supported.yml @@ -36,14 +36,6 @@ jobs: strategy: matrix: include: - # Ruby 3.1 - - ruby: "ruby-3.1" - appraisal: "ruby-3-1" - exec_cmd: "rake test" - gemfile: "Appraisal.root" - rubygems: latest - bundler: latest - # Ruby 3.2 - ruby: "ruby-3.2" appraisal: "ruby-3-2" From 41463bc76ca9fe8f04490ab1927cad0f4707d63d Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 22:27:01 +0700 Subject: [PATCH 346/645] =?UTF-8?q?=F0=9F=92=9A=20JWT.encode=20requires=20?= =?UTF-8?q?minimum=20key=20length=20of=202048?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- spec/examples/google_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/examples/google_spec.rb b/spec/examples/google_spec.rb index 425abb07..34a7287c 100644 --- a/spec/examples/google_spec.rb +++ b/spec/examples/google_spec.rb @@ -59,7 +59,7 @@ rescue OpenSSL::PKCS12::PKCS12Error # JRuby CI builds are blowing up trying to extract a sample key for some reason. This simulates the end result # of actually figuring out the problem. - OpenSSL::PKey::RSA.new(1024) + OpenSSL::PKey::RSA.new(2048) end end # Per Google: From cbfefad5f0906d655334a4f6447190aa9cb8af84 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 22:28:53 +0700 Subject: [PATCH 347/645] =?UTF-8?q?=F0=9F=9A=9A=20Disable=20danger=20workf?= =?UTF-8?q?low?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Consider trying it again someday? --- .github/workflows/danger.yml | 44 ------------------------------------ 1 file changed, 44 deletions(-) delete mode 100644 .github/workflows/danger.yml diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml deleted file mode 100644 index c018d38e..00000000 --- a/.github/workflows/danger.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: What's up Danger? - -on: - pull_request: - branches: - - 'main' - - '*-stable' - -jobs: - danger: - runs-on: ubuntu-latest - env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps - BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile - if: false - # if: github.event_name == 'pull_request' # if only run pull request when multiple trigger workflow - strategy: - fail-fast: false - matrix: - gemfile: - - vanilla - rubygems: - - latest - bundler: - - latest - ruby: - - "ruby" - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Setup Ruby & Bundle - uses: ruby/setup-ruby@v1 - with: - ruby-version: ${{ matrix.ruby }} - rubygems: ${{ matrix.rubygems }} - bundler: ${{ matrix.bundler }} - bundler-cache: true - - uses: MeilCli/danger-action@v6 - with: - plugins_file: 'Gemfile' - install_path: 'vendor/bundle' - danger_file: 'Dangerfile' - danger_id: 'danger-pr' - env: - DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }} From f2030e489fece46b7e677ff67a1c3e28429022b5 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 22:46:02 +0700 Subject: [PATCH 348/645] =?UTF-8?q?=F0=9F=9A=9A=20Disable=20danger=20workf?= =?UTF-8?q?low?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Consider trying it again someday? --- .github/disabled-workflows/danger.yml | 44 +++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/disabled-workflows/danger.yml diff --git a/.github/disabled-workflows/danger.yml b/.github/disabled-workflows/danger.yml new file mode 100644 index 00000000..c018d38e --- /dev/null +++ b/.github/disabled-workflows/danger.yml @@ -0,0 +1,44 @@ +name: What's up Danger? + +on: + pull_request: + branches: + - 'main' + - '*-stable' + +jobs: + danger: + runs-on: ubuntu-latest + env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile + if: false + # if: github.event_name == 'pull_request' # if only run pull request when multiple trigger workflow + strategy: + fail-fast: false + matrix: + gemfile: + - vanilla + rubygems: + - latest + bundler: + - latest + ruby: + - "ruby" + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Setup Ruby & Bundle + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + rubygems: ${{ matrix.rubygems }} + bundler: ${{ matrix.bundler }} + bundler-cache: true + - uses: MeilCli/danger-action@v6 + with: + plugins_file: 'Gemfile' + install_path: 'vendor/bundle' + danger_file: 'Dangerfile' + danger_id: 'danger-pr' + env: + DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }} From bb471b2c43df478a474a9bf2fb499d627db7a986 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 22:48:14 +0700 Subject: [PATCH 349/645] =?UTF-8?q?=E2=9C=85=20test=20against=20rack=20v1.?= =?UTF-8?q?2,=20v1.6,=20v2,=20v3,=20and=20head?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Appraisals | 14 ++++++++++++++ gemfiles/audit.gemfile | 2 ++ gemfiles/coverage.gemfile | 2 ++ gemfiles/current.gemfile | 2 ++ gemfiles/modular/rack_v1_2.gemfile | 6 ++++++ gemfiles/modular/rack_v1_6.gemfile | 6 ++++++ gemfiles/modular/rack_v2.gemfile | 6 ++++++ gemfiles/modular/rack_v3.gemfile | 5 +++++ gemfiles/modular/runtime_heads.gemfile | 3 +++ gemfiles/omnibus.gemfile | 2 ++ gemfiles/ruby_2_2.gemfile | 2 ++ gemfiles/ruby_2_3.gemfile | 2 ++ gemfiles/ruby_2_4.gemfile | 2 ++ gemfiles/ruby_2_5.gemfile | 2 ++ gemfiles/ruby_2_6.gemfile | 2 ++ gemfiles/ruby_2_7.gemfile | 2 ++ gemfiles/ruby_3_0.gemfile | 2 ++ gemfiles/ruby_3_1.gemfile | 2 ++ gemfiles/ruby_3_2.gemfile | 2 ++ gemfiles/ruby_3_3.gemfile | 2 ++ 20 files changed, 68 insertions(+) create mode 100644 gemfiles/modular/rack_v1_2.gemfile create mode 100644 gemfiles/modular/rack_v1_6.gemfile create mode 100644 gemfiles/modular/rack_v2.gemfile create mode 100644 gemfiles/modular/rack_v3.gemfile diff --git a/Appraisals b/Appraisals index 69537b18..e66f2417 100644 --- a/Appraisals +++ b/Appraisals @@ -28,30 +28,35 @@ appraise "current" do gem "stringio", ">= 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v3.gemfile" + eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-2-2" do eval_gemfile "modular/faraday_v0.gemfile" eval_gemfile "modular/jwt_v1.gemfile" + eval_gemfile "modular/rack_v1_2.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-2-3" do eval_gemfile "modular/faraday_v0.gemfile" eval_gemfile "modular/jwt_v1.gemfile" + eval_gemfile "modular/rack_v1_6.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-2-4" do eval_gemfile "modular/faraday_v1.gemfile" eval_gemfile "modular/jwt_v1.gemfile" + eval_gemfile "modular/rack_v2.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-2-5" do eval_gemfile "modular/faraday_v1.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -60,6 +65,7 @@ appraise "ruby-2-6" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -68,6 +74,7 @@ appraise "ruby-2-7" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -76,6 +83,7 @@ appraise "ruby-3-0" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -84,6 +92,7 @@ appraise "ruby-3-1" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -92,6 +101,7 @@ appraise "ruby-3-2" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -100,6 +110,7 @@ appraise "ruby-3-3" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -109,6 +120,7 @@ appraise "audit" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/rack_v3.gemfile" eval_gemfile "modular/audit.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -119,6 +131,7 @@ appraise "coverage" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/rack_v3.gemfile" eval_gemfile "modular/coverage.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -137,6 +150,7 @@ appraise "omnibus" do eval_gemfile "modular/documentation.gemfile" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/rack_v3.gemfile" eval_gemfile "modular/style.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end diff --git a/gemfiles/audit.gemfile b/gemfiles/audit.gemfile index 60aacd84..506628c1 100644 --- a/gemfiles/audit.gemfile +++ b/gemfiles/audit.gemfile @@ -11,4 +11,6 @@ eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") +eval_gemfile("modular/rack_v3.gemfile") + eval_gemfile("modular/audit.gemfile") diff --git a/gemfiles/coverage.gemfile b/gemfiles/coverage.gemfile index c2b59b43..681175bb 100644 --- a/gemfiles/coverage.gemfile +++ b/gemfiles/coverage.gemfile @@ -11,4 +11,6 @@ eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") +eval_gemfile("modular/rack_v3.gemfile") + eval_gemfile("modular/coverage.gemfile") diff --git a/gemfiles/current.gemfile b/gemfiles/current.gemfile index 0e435025..c53141c8 100644 --- a/gemfiles/current.gemfile +++ b/gemfiles/current.gemfile @@ -10,3 +10,5 @@ gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v3.gemfile") + +eval_gemfile("modular/rack_v3.gemfile") diff --git a/gemfiles/modular/rack_v1_2.gemfile b/gemfiles/modular/rack_v1_2.gemfile new file mode 100644 index 00000000..c4a73cf4 --- /dev/null +++ b/gemfiles/modular/rack_v1_2.gemfile @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +# Ruby >= 0 +# This is the oldest minor version of rack this gem is compatible with +# We will test it against Ruby 2.2 +gem "rack", "~> 1.2", ">= 1.2.8" diff --git a/gemfiles/modular/rack_v1_6.gemfile b/gemfiles/modular/rack_v1_6.gemfile new file mode 100644 index 00000000..908cd1dc --- /dev/null +++ b/gemfiles/modular/rack_v1_6.gemfile @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +# Ruby >= 0 +# This is the newest version of rack that installs on Ruby < 2.2.2 +# We will test it against Ruby 2.3 +gem "rack", "~> 1.6", ">= 1.6.13" diff --git a/gemfiles/modular/rack_v2.gemfile b/gemfiles/modular/rack_v2.gemfile new file mode 100644 index 00000000..2849c0c4 --- /dev/null +++ b/gemfiles/modular/rack_v2.gemfile @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +# Ruby >= 2.3 +# This version of rack is the last compatible with Ruby 2.3 +# We will test it against Ruby 2.4 +gem "rack", "~> 2.2", ">= 2.2.14" diff --git a/gemfiles/modular/rack_v3.gemfile b/gemfiles/modular/rack_v3.gemfile new file mode 100644 index 00000000..39fc536b --- /dev/null +++ b/gemfiles/modular/rack_v3.gemfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +# Ruby >= 2.4 +# We will test it against Ruby 2.5+ +gem "rack", "~> 3.1", ">= 3.1.14" diff --git a/gemfiles/modular/runtime_heads.gemfile b/gemfiles/modular/runtime_heads.gemfile index dd718145..03e024a7 100644 --- a/gemfiles/modular/runtime_heads.gemfile +++ b/gemfiles/modular/runtime_heads.gemfile @@ -7,3 +7,6 @@ gem "jwt", github: "jwt/ruby-jwt", branch: "main" # Ruby >= 3.0 gem "faraday", github: "lostisland/faraday", branch: "main" + +# Ruby >= 2.4 +gem "rack", github: "rack/rack", branch: "main" diff --git a/gemfiles/omnibus.gemfile b/gemfiles/omnibus.gemfile index 7d6e2d0f..bdfa3c24 100644 --- a/gemfiles/omnibus.gemfile +++ b/gemfiles/omnibus.gemfile @@ -14,4 +14,6 @@ eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") +eval_gemfile("modular/rack_v3.gemfile") + eval_gemfile("modular/style.gemfile") diff --git a/gemfiles/ruby_2_2.gemfile b/gemfiles/ruby_2_2.gemfile index 2b81e6bb..8d03b507 100644 --- a/gemfiles/ruby_2_2.gemfile +++ b/gemfiles/ruby_2_2.gemfile @@ -7,3 +7,5 @@ gemspec path: "../" eval_gemfile("modular/faraday_v0.gemfile") eval_gemfile("modular/jwt_v1.gemfile") + +eval_gemfile("modular/rack_v1_2.gemfile") diff --git a/gemfiles/ruby_2_3.gemfile b/gemfiles/ruby_2_3.gemfile index 2b81e6bb..270129ae 100644 --- a/gemfiles/ruby_2_3.gemfile +++ b/gemfiles/ruby_2_3.gemfile @@ -7,3 +7,5 @@ gemspec path: "../" eval_gemfile("modular/faraday_v0.gemfile") eval_gemfile("modular/jwt_v1.gemfile") + +eval_gemfile("modular/rack_v1_6.gemfile") diff --git a/gemfiles/ruby_2_4.gemfile b/gemfiles/ruby_2_4.gemfile index 77feabf3..d7a75ce6 100644 --- a/gemfiles/ruby_2_4.gemfile +++ b/gemfiles/ruby_2_4.gemfile @@ -7,3 +7,5 @@ gemspec path: "../" eval_gemfile("modular/faraday_v1.gemfile") eval_gemfile("modular/jwt_v1.gemfile") + +eval_gemfile("modular/rack_v2.gemfile") diff --git a/gemfiles/ruby_2_5.gemfile b/gemfiles/ruby_2_5.gemfile index 3d6a6935..6bda8e27 100644 --- a/gemfiles/ruby_2_5.gemfile +++ b/gemfiles/ruby_2_5.gemfile @@ -7,3 +7,5 @@ gemspec path: "../" eval_gemfile("modular/faraday_v1.gemfile") eval_gemfile("modular/jwt_v2.gemfile") + +eval_gemfile("modular/rack_v3.gemfile") diff --git a/gemfiles/ruby_2_6.gemfile b/gemfiles/ruby_2_6.gemfile index 6f8b671a..72b6379a 100644 --- a/gemfiles/ruby_2_6.gemfile +++ b/gemfiles/ruby_2_6.gemfile @@ -10,3 +10,5 @@ gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") + +eval_gemfile("modular/rack_v3.gemfile") diff --git a/gemfiles/ruby_2_7.gemfile b/gemfiles/ruby_2_7.gemfile index 6f8b671a..72b6379a 100644 --- a/gemfiles/ruby_2_7.gemfile +++ b/gemfiles/ruby_2_7.gemfile @@ -10,3 +10,5 @@ gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") + +eval_gemfile("modular/rack_v3.gemfile") diff --git a/gemfiles/ruby_3_0.gemfile b/gemfiles/ruby_3_0.gemfile index 6f8b671a..72b6379a 100644 --- a/gemfiles/ruby_3_0.gemfile +++ b/gemfiles/ruby_3_0.gemfile @@ -10,3 +10,5 @@ gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") + +eval_gemfile("modular/rack_v3.gemfile") diff --git a/gemfiles/ruby_3_1.gemfile b/gemfiles/ruby_3_1.gemfile index 6f8b671a..72b6379a 100644 --- a/gemfiles/ruby_3_1.gemfile +++ b/gemfiles/ruby_3_1.gemfile @@ -10,3 +10,5 @@ gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") + +eval_gemfile("modular/rack_v3.gemfile") diff --git a/gemfiles/ruby_3_2.gemfile b/gemfiles/ruby_3_2.gemfile index 6f8b671a..72b6379a 100644 --- a/gemfiles/ruby_3_2.gemfile +++ b/gemfiles/ruby_3_2.gemfile @@ -10,3 +10,5 @@ gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") + +eval_gemfile("modular/rack_v3.gemfile") diff --git a/gemfiles/ruby_3_3.gemfile b/gemfiles/ruby_3_3.gemfile index 6f8b671a..72b6379a 100644 --- a/gemfiles/ruby_3_3.gemfile +++ b/gemfiles/ruby_3_3.gemfile @@ -10,3 +10,5 @@ gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") + +eval_gemfile("modular/rack_v3.gemfile") From 99e71dbbf0b62715db4a3f53828448e8825b6b36 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 23:09:39 +0700 Subject: [PATCH 350/645] =?UTF-8?q?=E2=9C=85=20Remove=20ruby=202.2=20test?= =?UTF-8?q?=20harness?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - No longer supported by GitHub --- Appraisals | 13 +++---------- gemfiles/modular/rack_v1_2.gemfile | 2 +- gemfiles/modular/rack_v1_6.gemfile | 2 +- gemfiles/modular/rack_v2.gemfile | 2 +- gemfiles/modular/rack_v3.gemfile | 2 +- gemfiles/ruby_2_2.gemfile | 11 ----------- 6 files changed, 7 insertions(+), 25 deletions(-) delete mode 100644 gemfiles/ruby_2_2.gemfile diff --git a/Appraisals b/Appraisals index e66f2417..0213ea91 100644 --- a/Appraisals +++ b/Appraisals @@ -32,31 +32,24 @@ appraise "current" do remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end -appraise "ruby-2-2" do - eval_gemfile "modular/faraday_v0.gemfile" - eval_gemfile "modular/jwt_v1.gemfile" - eval_gemfile "modular/rack_v1_2.gemfile" - remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch -end - appraise "ruby-2-3" do eval_gemfile "modular/faraday_v0.gemfile" eval_gemfile "modular/jwt_v1.gemfile" - eval_gemfile "modular/rack_v1_6.gemfile" + eval_gemfile "modular/rack_v1_2.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-2-4" do eval_gemfile "modular/faraday_v1.gemfile" eval_gemfile "modular/jwt_v1.gemfile" - eval_gemfile "modular/rack_v2.gemfile" + eval_gemfile "modular/rack_v1_6.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end appraise "ruby-2-5" do eval_gemfile "modular/faraday_v1.gemfile" eval_gemfile "modular/jwt_v2.gemfile" - eval_gemfile "modular/rack_v3.gemfile" + eval_gemfile "modular/rack_v2.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end diff --git a/gemfiles/modular/rack_v1_2.gemfile b/gemfiles/modular/rack_v1_2.gemfile index c4a73cf4..7bdc7e90 100644 --- a/gemfiles/modular/rack_v1_2.gemfile +++ b/gemfiles/modular/rack_v1_2.gemfile @@ -2,5 +2,5 @@ # Ruby >= 0 # This is the oldest minor version of rack this gem is compatible with -# We will test it against Ruby 2.2 +# We will test it against Ruby 2.3 gem "rack", "~> 1.2", ">= 1.2.8" diff --git a/gemfiles/modular/rack_v1_6.gemfile b/gemfiles/modular/rack_v1_6.gemfile index 908cd1dc..c7a37f6d 100644 --- a/gemfiles/modular/rack_v1_6.gemfile +++ b/gemfiles/modular/rack_v1_6.gemfile @@ -2,5 +2,5 @@ # Ruby >= 0 # This is the newest version of rack that installs on Ruby < 2.2.2 -# We will test it against Ruby 2.3 +# We will test it against Ruby 2.4 gem "rack", "~> 1.6", ">= 1.6.13" diff --git a/gemfiles/modular/rack_v2.gemfile b/gemfiles/modular/rack_v2.gemfile index 2849c0c4..6c9ce97a 100644 --- a/gemfiles/modular/rack_v2.gemfile +++ b/gemfiles/modular/rack_v2.gemfile @@ -2,5 +2,5 @@ # Ruby >= 2.3 # This version of rack is the last compatible with Ruby 2.3 -# We will test it against Ruby 2.4 +# We will test it against Ruby 2.5 gem "rack", "~> 2.2", ">= 2.2.14" diff --git a/gemfiles/modular/rack_v3.gemfile b/gemfiles/modular/rack_v3.gemfile index 39fc536b..6f32a41f 100644 --- a/gemfiles/modular/rack_v3.gemfile +++ b/gemfiles/modular/rack_v3.gemfile @@ -1,5 +1,5 @@ # frozen_string_literal: true # Ruby >= 2.4 -# We will test it against Ruby 2.5+ +# We will test it against Ruby 2.6+ gem "rack", "~> 3.1", ">= 3.1.14" diff --git a/gemfiles/ruby_2_2.gemfile b/gemfiles/ruby_2_2.gemfile deleted file mode 100644 index 8d03b507..00000000 --- a/gemfiles/ruby_2_2.gemfile +++ /dev/null @@ -1,11 +0,0 @@ -# This file was generated by Appraisal - -source "https://rubygems.org/" - -gemspec path: "../" - -eval_gemfile("modular/faraday_v0.gemfile") - -eval_gemfile("modular/jwt_v1.gemfile") - -eval_gemfile("modular/rack_v1_2.gemfile") From 1dbd44bb4f2bdc6c2953722023454b578aee97ec Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 16 May 2025 23:16:28 +0700 Subject: [PATCH 351/645] =?UTF-8?q?=E2=9C=85=20Test=20matrix=20for=20multi?= =?UTF-8?q?=5Fxml=20v0.5,=20v0.6,=20v0.7,=20and=20head?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Appraisals | 13 +++++++++++++ gemfiles/modular/multi_xml_v0_5.gemfile | 6 ++++++ gemfiles/modular/multi_xml_v0_6.gemfile | 6 ++++++ gemfiles/modular/multi_xml_v0_7.gemfile | 5 +++++ gemfiles/modular/runtime_heads.gemfile | 3 +++ 5 files changed, 33 insertions(+) create mode 100644 gemfiles/modular/multi_xml_v0_5.gemfile create mode 100644 gemfiles/modular/multi_xml_v0_6.gemfile create mode 100644 gemfiles/modular/multi_xml_v0_7.gemfile diff --git a/Appraisals b/Appraisals index 0213ea91..a8e56172 100644 --- a/Appraisals +++ b/Appraisals @@ -28,6 +28,7 @@ appraise "current" do gem "stringio", ">= 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v3.gemfile" + eval_gemfile "modular/multi_xml_v0_7.gemfile" eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -35,6 +36,7 @@ end appraise "ruby-2-3" do eval_gemfile "modular/faraday_v0.gemfile" eval_gemfile "modular/jwt_v1.gemfile" + eval_gemfile "modular/multi_xml_v0_5.gemfile" eval_gemfile "modular/rack_v1_2.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -42,6 +44,7 @@ end appraise "ruby-2-4" do eval_gemfile "modular/faraday_v1.gemfile" eval_gemfile "modular/jwt_v1.gemfile" + eval_gemfile "modular/multi_xml_v0_5.gemfile" eval_gemfile "modular/rack_v1_6.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -49,6 +52,7 @@ end appraise "ruby-2-5" do eval_gemfile "modular/faraday_v1.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/multi_xml_v0_6.gemfile" eval_gemfile "modular/rack_v2.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -58,6 +62,7 @@ appraise "ruby-2-6" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/multi_xml_v0_6.gemfile" eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -67,6 +72,7 @@ appraise "ruby-2-7" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/multi_xml_v0_6.gemfile" eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -76,6 +82,7 @@ appraise "ruby-3-0" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/multi_xml_v0_6.gemfile" eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -85,6 +92,7 @@ appraise "ruby-3-1" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/multi_xml_v0_6.gemfile" eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -94,6 +102,7 @@ appraise "ruby-3-2" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/multi_xml_v0_7.gemfile" eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -103,6 +112,7 @@ appraise "ruby-3-3" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/multi_xml_v0_7.gemfile" eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -114,6 +124,7 @@ appraise "audit" do eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" eval_gemfile "modular/rack_v3.gemfile" + eval_gemfile "modular/multi_xml_v0_7.gemfile" eval_gemfile "modular/audit.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -125,6 +136,7 @@ appraise "coverage" do eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" eval_gemfile "modular/rack_v3.gemfile" + eval_gemfile "modular/multi_xml_v0_7.gemfile" eval_gemfile "modular/coverage.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -143,6 +155,7 @@ appraise "omnibus" do eval_gemfile "modular/documentation.gemfile" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/multi_xml_v0_7.gemfile" eval_gemfile "modular/rack_v3.gemfile" eval_gemfile "modular/style.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch diff --git a/gemfiles/modular/multi_xml_v0_5.gemfile b/gemfiles/modular/multi_xml_v0_5.gemfile new file mode 100644 index 00000000..375e875b --- /dev/null +++ b/gemfiles/modular/multi_xml_v0_5.gemfile @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +# Ruby >= 0 +# This minor version of multi_xml is the oldest compatible with this gem: +# We will test it against Ruby 2.3, 2.4 +gem "multi_xml", "~> 0.5", ">= 0.5.5" diff --git a/gemfiles/modular/multi_xml_v0_6.gemfile b/gemfiles/modular/multi_xml_v0_6.gemfile new file mode 100644 index 00000000..1c4cb2b7 --- /dev/null +++ b/gemfiles/modular/multi_xml_v0_6.gemfile @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +# Ruby >= 0 +# This version of multi_xml is the last compatible with Ruby 1.8, 1.9, 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 3.0: +# We will test it against Ruby 2.5, 2.6, 2.7, 3.0, 3.1 +gem "multi_xml", "~> 0.6", ">= 0.6.0" diff --git a/gemfiles/modular/multi_xml_v0_7.gemfile b/gemfiles/modular/multi_xml_v0_7.gemfile new file mode 100644 index 00000000..46d83001 --- /dev/null +++ b/gemfiles/modular/multi_xml_v0_7.gemfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +# Ruby >= 0 +# We will test it against Ruby 3.2, 3.3, 3.4 +gem "multi_xml", "~> 0.7", ">= 0.7.2" diff --git a/gemfiles/modular/runtime_heads.gemfile b/gemfiles/modular/runtime_heads.gemfile index 03e024a7..dadd8291 100644 --- a/gemfiles/modular/runtime_heads.gemfile +++ b/gemfiles/modular/runtime_heads.gemfile @@ -10,3 +10,6 @@ gem "faraday", github: "lostisland/faraday", branch: "main" # Ruby >= 2.4 gem "rack", github: "rack/rack", branch: "main" + +# Ruby >= 3.2 +gem "multi_xml", github: "sferik/multi_xml", branch: "master" From d022da04b52d832f1ca0a1beb7193af032ec8647 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 00:06:22 +0700 Subject: [PATCH 352/645] =?UTF-8?q?=E2=9C=85=20Test=20matrix=20for=20logge?= =?UTF-8?q?r=20v1.2,=20v1.5,=20v1.7,=20and=20head?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Appraisals | 21 +++++++++++++++++---- gemfiles/modular/logger_v1_2.gemfile | 6 ++++++ gemfiles/modular/logger_v1_5.gemfile | 6 ++++++ gemfiles/modular/logger_v1_7.gemfile | 5 +++++ gemfiles/modular/multi_xml_v0_5.gemfile | 2 +- gemfiles/modular/multi_xml_v0_6.gemfile | 2 +- gemfiles/modular/multi_xml_v0_7.gemfile | 4 ++-- gemfiles/modular/rack_v1_2.gemfile | 4 ++-- gemfiles/modular/rack_v1_6.gemfile | 4 ++-- gemfiles/modular/rack_v2.gemfile | 4 ++-- gemfiles/modular/rack_v3.gemfile | 2 +- gemfiles/modular/runtime_heads.gemfile | 13 ++++++++----- oauth2.gemspec | 1 + 13 files changed, 54 insertions(+), 20 deletions(-) create mode 100644 gemfiles/modular/logger_v1_2.gemfile create mode 100644 gemfiles/modular/logger_v1_5.gemfile create mode 100644 gemfiles/modular/logger_v1_7.gemfile diff --git a/Appraisals b/Appraisals index a8e56172..e047d4fb 100644 --- a/Appraisals +++ b/Appraisals @@ -28,6 +28,7 @@ appraise "current" do gem "stringio", ">= 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v3.gemfile" + eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_7.gemfile" eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch @@ -36,6 +37,7 @@ end appraise "ruby-2-3" do eval_gemfile "modular/faraday_v0.gemfile" eval_gemfile "modular/jwt_v1.gemfile" + eval_gemfile "modular/logger_v1_2.gemfile" eval_gemfile "modular/multi_xml_v0_5.gemfile" eval_gemfile "modular/rack_v1_2.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch @@ -44,6 +46,7 @@ end appraise "ruby-2-4" do eval_gemfile "modular/faraday_v1.gemfile" eval_gemfile "modular/jwt_v1.gemfile" + eval_gemfile "modular/logger_v1_2.gemfile" eval_gemfile "modular/multi_xml_v0_5.gemfile" eval_gemfile "modular/rack_v1_6.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch @@ -52,6 +55,7 @@ end appraise "ruby-2-5" do eval_gemfile "modular/faraday_v1.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/logger_v1_5.gemfile" eval_gemfile "modular/multi_xml_v0_6.gemfile" eval_gemfile "modular/rack_v2.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch @@ -62,6 +66,7 @@ appraise "ruby-2-6" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/logger_v1_5.gemfile" eval_gemfile "modular/multi_xml_v0_6.gemfile" eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch @@ -72,6 +77,7 @@ appraise "ruby-2-7" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_6.gemfile" eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch @@ -82,6 +88,7 @@ appraise "ruby-3-0" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_6.gemfile" eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch @@ -92,6 +99,7 @@ appraise "ruby-3-1" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_6.gemfile" eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch @@ -102,6 +110,7 @@ appraise "ruby-3-2" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_7.gemfile" eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch @@ -112,6 +121,7 @@ appraise "ruby-3-3" do gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_7.gemfile" eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch @@ -121,11 +131,12 @@ end appraise "audit" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" + eval_gemfile "modular/audit.gemfile" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" - eval_gemfile "modular/rack_v3.gemfile" + eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_7.gemfile" - eval_gemfile "modular/audit.gemfile" + eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -133,11 +144,12 @@ end appraise "coverage" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" + eval_gemfile "modular/coverage.gemfile" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" - eval_gemfile "modular/rack_v3.gemfile" + eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_7.gemfile" - eval_gemfile "modular/coverage.gemfile" + eval_gemfile "modular/rack_v3.gemfile" remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch end @@ -155,6 +167,7 @@ appraise "omnibus" do eval_gemfile "modular/documentation.gemfile" eval_gemfile "modular/faraday_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" + eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_7.gemfile" eval_gemfile "modular/rack_v3.gemfile" eval_gemfile "modular/style.gemfile" diff --git a/gemfiles/modular/logger_v1_2.gemfile b/gemfiles/modular/logger_v1_2.gemfile new file mode 100644 index 00000000..7c56847a --- /dev/null +++ b/gemfiles/modular/logger_v1_2.gemfile @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +# Ruby >= 2.3 +# This version of logger is the last compatible with Ruby 1.8. 1.9, 2.0, 2.1, 2.2: +# We will test it against 2.3, and 2.4. +gem "logger", "~> 1.2.8", ">= 1.2.8.1" diff --git a/gemfiles/modular/logger_v1_5.gemfile b/gemfiles/modular/logger_v1_5.gemfile new file mode 100644 index 00000000..9986fcc9 --- /dev/null +++ b/gemfiles/modular/logger_v1_5.gemfile @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +# Ruby >= 2.3 +# This version of logger is the last compatible with Ruby 2.3, 2.4: +# We will test it against 2.5, and 2.6. +gem "logger", "~> 1.5.3" diff --git a/gemfiles/modular/logger_v1_7.gemfile b/gemfiles/modular/logger_v1_7.gemfile new file mode 100644 index 00000000..3ac3e049 --- /dev/null +++ b/gemfiles/modular/logger_v1_7.gemfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +# Ruby >= 2.5 +# We will test it against Ruby 2.7, 3.0, 3.1, 3.2, 3.3, 3.4. +gem "logger", "~> 1.7", ">= 1.7.0" diff --git a/gemfiles/modular/multi_xml_v0_5.gemfile b/gemfiles/modular/multi_xml_v0_5.gemfile index 375e875b..3f4c0eac 100644 --- a/gemfiles/modular/multi_xml_v0_5.gemfile +++ b/gemfiles/modular/multi_xml_v0_5.gemfile @@ -1,6 +1,6 @@ # frozen_string_literal: true # Ruby >= 0 -# This minor version of multi_xml is the oldest compatible with this gem: # We will test it against Ruby 2.3, 2.4 +# This minor version of multi_xml is the oldest compatible with this gem: gem "multi_xml", "~> 0.5", ">= 0.5.5" diff --git a/gemfiles/modular/multi_xml_v0_6.gemfile b/gemfiles/modular/multi_xml_v0_6.gemfile index 1c4cb2b7..6db93997 100644 --- a/gemfiles/modular/multi_xml_v0_6.gemfile +++ b/gemfiles/modular/multi_xml_v0_6.gemfile @@ -1,6 +1,6 @@ # frozen_string_literal: true # Ruby >= 0 +# We will test it against Ruby 2.5, 2.6, 2.7, 3.0, 3.1. # This version of multi_xml is the last compatible with Ruby 1.8, 1.9, 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 3.0: -# We will test it against Ruby 2.5, 2.6, 2.7, 3.0, 3.1 gem "multi_xml", "~> 0.6", ">= 0.6.0" diff --git a/gemfiles/modular/multi_xml_v0_7.gemfile b/gemfiles/modular/multi_xml_v0_7.gemfile index 46d83001..87dac9b8 100644 --- a/gemfiles/modular/multi_xml_v0_7.gemfile +++ b/gemfiles/modular/multi_xml_v0_7.gemfile @@ -1,5 +1,5 @@ # frozen_string_literal: true -# Ruby >= 0 -# We will test it against Ruby 3.2, 3.3, 3.4 +# Ruby >= 2.5 +# We will test it against Ruby 2.5, 2.6, 2.7, 3.0, 3.1, 3.2, 3.3, 3.4. gem "multi_xml", "~> 0.7", ">= 0.7.2" diff --git a/gemfiles/modular/rack_v1_2.gemfile b/gemfiles/modular/rack_v1_2.gemfile index 7bdc7e90..3456b97f 100644 --- a/gemfiles/modular/rack_v1_2.gemfile +++ b/gemfiles/modular/rack_v1_2.gemfile @@ -1,6 +1,6 @@ # frozen_string_literal: true # Ruby >= 0 -# This is the oldest minor version of rack this gem is compatible with -# We will test it against Ruby 2.3 +# We will test it against Ruby 2.3. +# This minor version of rack is the oldest compatible with this gem: gem "rack", "~> 1.2", ">= 1.2.8" diff --git a/gemfiles/modular/rack_v1_6.gemfile b/gemfiles/modular/rack_v1_6.gemfile index c7a37f6d..728aa09b 100644 --- a/gemfiles/modular/rack_v1_6.gemfile +++ b/gemfiles/modular/rack_v1_6.gemfile @@ -1,6 +1,6 @@ # frozen_string_literal: true # Ruby >= 0 -# This is the newest version of rack that installs on Ruby < 2.2.2 -# We will test it against Ruby 2.4 +# This is the newest version of rack that installs on Ruby < 2.2.2. +# We will test it against Ruby 2.4. gem "rack", "~> 1.6", ">= 1.6.13" diff --git a/gemfiles/modular/rack_v2.gemfile b/gemfiles/modular/rack_v2.gemfile index 6c9ce97a..f93b415c 100644 --- a/gemfiles/modular/rack_v2.gemfile +++ b/gemfiles/modular/rack_v2.gemfile @@ -1,6 +1,6 @@ # frozen_string_literal: true # Ruby >= 2.3 -# This version of rack is the last compatible with Ruby 2.3 -# We will test it against Ruby 2.5 +# This version of rack is the last compatible with Ruby 2.3. +# We will test it against Ruby 2.5. gem "rack", "~> 2.2", ">= 2.2.14" diff --git a/gemfiles/modular/rack_v3.gemfile b/gemfiles/modular/rack_v3.gemfile index 6f32a41f..02678e3a 100644 --- a/gemfiles/modular/rack_v3.gemfile +++ b/gemfiles/modular/rack_v3.gemfile @@ -1,5 +1,5 @@ # frozen_string_literal: true # Ruby >= 2.4 -# We will test it against Ruby 2.6+ +# We will test it against Ruby 2.6+. gem "rack", "~> 3.1", ">= 3.1.14" diff --git a/gemfiles/modular/runtime_heads.gemfile b/gemfiles/modular/runtime_heads.gemfile index dadd8291..248bde6d 100644 --- a/gemfiles/modular/runtime_heads.gemfile +++ b/gemfiles/modular/runtime_heads.gemfile @@ -2,14 +2,17 @@ # Test against HEAD of runtime dependencies so we can proactively file bugs -# Ruby >= 2.5 -gem "jwt", github: "jwt/ruby-jwt", branch: "main" - # Ruby >= 3.0 gem "faraday", github: "lostisland/faraday", branch: "main" -# Ruby >= 2.4 -gem "rack", github: "rack/rack", branch: "main" +# Ruby >= 2.5 +gem "jwt", github: "jwt/ruby-jwt", branch: "main" + +# Ruby >= 2.5 +gem "logger", github: "ruby/logger/", branch: "master" # Ruby >= 3.2 gem "multi_xml", github: "sferik/multi_xml", branch: "master" + +# Ruby >= 2.4 +gem "rack", github: "rack/rack", branch: "main" diff --git a/oauth2.gemspec b/oauth2.gemspec index c33c0d67..ddfa217e 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -114,6 +114,7 @@ Thanks, |7eter l-|. l3oling spec.add_dependency("faraday", [">= 0.17.3", "< 4.0"]) # Ruby >= 1.9 spec.add_dependency("jwt", [">= 1.0", "< 4.0"]) # Ruby >= 0 + spec.add_dependency("logger", "~> 0.5") # Ruby >= 0 spec.add_dependency("multi_xml", "~> 0.5") # Ruby >= 0 spec.add_dependency("rack", [">= 1.2", "< 4"]) # Ruby >= 0 spec.add_dependency("snaky_hash", "~> 2.0") # Ruby >= 2.2 From bfdbbcdbb277d2f3b40fed9a4c6bfdda26101989 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 00:18:55 +0700 Subject: [PATCH 353/645] =?UTF-8?q?=E2=9E=95=20logger?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 2 +- Gemfile.lock | 19 ++++++++++--------- oauth2.gemspec | 22 +++++++++++----------- 3 files changed, 22 insertions(+), 21 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 249a9a59..5996fcca 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -21,7 +21,7 @@ "lib/oauth2/response.rb:4048171841": [ [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] ], - "oauth2.gemspec:2343383348": [ + "oauth2.gemspec:4016497537": [ [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028] ], "spec/oauth2/access_token_spec.rb:443932125": [ diff --git a/Gemfile.lock b/Gemfile.lock index bdf1a716..b34faf67 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -26,6 +26,7 @@ PATH oauth2 (2.0.10) faraday (>= 0.17.3, < 4.0) jwt (>= 1.0, < 4.0) + logger (~> 1.2) multi_xml (~> 0.5) rack (>= 1.2, < 4) snaky_hash (~> 2.0) @@ -279,9 +280,9 @@ PLATFORMS x86_64-linux DEPENDENCIES - addressable (>= 2) + addressable (~> 2.8, >= 2.8.7) appraisal! - backports (>= 3) + backports (~> 3.25, >= 3.25.1) benchmark (~> 0.4) bundler-audit (~> 0.9.2) debug (>= 1.0.0) @@ -289,19 +290,19 @@ DEPENDENCIES kettle-soup-cover (~> 1.0, >= 1.0.6) nkf (~> 0.2) oauth2! - rake (>= 12) + rake (~> 13.0) rdoc (~> 6.11) reek (~> 6.4) - rexml (>= 3) - rspec (>= 3) - rspec-block_is_expected - rspec-pending_for - rspec-stubbed_env + rexml (~> 3.2, >= 3.2.5) + rspec (~> 3.13) + rspec-block_is_expected (~> 1.0, >= 1.0.6) + rspec-pending_for (~> 0.1, >= 0.1.17) + rspec-stubbed_env (~> 1.0, >= 1.0.2) rubocop (~> 1.73, >= 1.73.2) rubocop-lts (~> 8.1, >= 8.1.1) rubocop-packaging (~> 0.5, >= 0.5.2) rubocop-rspec (~> 3.2) - silent_stream + silent_stream (~> 1.0, >= 1.0.10) standard (~> 1.47) yard (~> 0.9, >= 0.9.37) yard-junk (~> 0.0, >= 0.0.10)! diff --git a/oauth2.gemspec b/oauth2.gemspec index ddfa217e..f519ccb5 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -114,20 +114,20 @@ Thanks, |7eter l-|. l3oling spec.add_dependency("faraday", [">= 0.17.3", "< 4.0"]) # Ruby >= 1.9 spec.add_dependency("jwt", [">= 1.0", "< 4.0"]) # Ruby >= 0 - spec.add_dependency("logger", "~> 0.5") # Ruby >= 0 + spec.add_dependency("logger", "~> 1.2") # Ruby >= 0 spec.add_dependency("multi_xml", "~> 0.5") # Ruby >= 0 spec.add_dependency("rack", [">= 1.2", "< 4"]) # Ruby >= 0 spec.add_dependency("snaky_hash", "~> 2.0") # Ruby >= 2.2 spec.add_dependency("version_gem", ">= 1.1.8", "< 3") # Ruby >= 2.2 - spec.add_development_dependency("addressable", ">= 2") - spec.add_development_dependency("backports", ">= 3") - spec.add_development_dependency("nkf", "~> 0.2") - spec.add_development_dependency("rake", ">= 12") - spec.add_development_dependency("rexml", ">= 3") - spec.add_development_dependency("rspec", ">= 3") - spec.add_development_dependency("rspec-block_is_expected") - spec.add_development_dependency("rspec-pending_for") - spec.add_development_dependency("rspec-stubbed_env") - spec.add_development_dependency("silent_stream") + spec.add_development_dependency("addressable", "~> 2.8", ">= 2.8.7") # ruby >= 2.2 + spec.add_development_dependency("backports", "~> 3.25", ">= 3.25.1") # ruby >= 0 + spec.add_development_dependency("nkf", "~> 0.2") # ruby >= 2.3 + spec.add_development_dependency("rake", "~> 13.0") # ruby >= 2.2 + spec.add_development_dependency("rexml", "~> 3.2", ">= 3.2.5") # ruby >= 0 + spec.add_development_dependency("rspec", "~> 3.13") # ruby >= 0 + spec.add_development_dependency("rspec-block_is_expected", "~> 1.0", ">= 1.0.6") # ruby >= 1.8.7 + spec.add_development_dependency("rspec-pending_for", "~> 0.1", ">= 0.1.17") # ruby >= 1.8.7 + spec.add_development_dependency("rspec-stubbed_env", "~> 1.0", ">= 1.0.2") # ruby >= 1.8.7 + spec.add_development_dependency("silent_stream", "~> 1.0", ">= 1.0.10") # ruby >= 2.3 end From 62c80bde5a86137caf0bf82676c0941c58536cc8 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 01:12:01 +0700 Subject: [PATCH 354/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20silent=5Fstream=20?= =?UTF-8?q?v1.0.11?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/coverage.yml | 4 +++- .rubocop_gradual.lock | 2 +- Gemfile.lock | 8 ++++---- gemfiles/audit.gemfile | 8 ++++++-- gemfiles/coverage.gemfile | 8 ++++++-- gemfiles/current.gemfile | 4 ++++ gemfiles/modular/runtime_heads.gemfile | 2 +- gemfiles/omnibus.gemfile | 4 ++++ gemfiles/ruby_2_3.gemfile | 6 +++++- gemfiles/ruby_2_4.gemfile | 6 +++++- gemfiles/ruby_2_5.gemfile | 6 +++++- gemfiles/ruby_2_6.gemfile | 4 ++++ gemfiles/ruby_2_7.gemfile | 4 ++++ gemfiles/ruby_3_0.gemfile | 4 ++++ gemfiles/ruby_3_1.gemfile | 4 ++++ gemfiles/ruby_3_2.gemfile | 4 ++++ gemfiles/ruby_3_3.gemfile | 4 ++++ oauth2.gemspec | 2 +- 18 files changed, 69 insertions(+), 15 deletions(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 87fa537c..dca3cd1a 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -4,7 +4,9 @@ env: K_SOUP_COV_MIN_BRANCH: 100 K_SOUP_COV_MIN_LINE: 100 K_SOUP_COV_MIN_HARD: true - K_SOUP_COV_FORMATTERS: "html,xml,rcov,lcov,json,tty" + K_SOUP_COV_FORMATTERS: "html,rcov,lcov,json,tty" + K_SOUP_COV_DO: true + K_SOUP_COV_MULTI_FORMATTERS: true K_SOUP_COV_COMMAND_NAME: "RSpec Coverage" on: diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 5996fcca..6544e6b6 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -21,7 +21,7 @@ "lib/oauth2/response.rb:4048171841": [ [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] ], - "oauth2.gemspec:4016497537": [ + "oauth2.gemspec:434615840": [ [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028] ], "spec/oauth2/access_token_spec.rb:443932125": [ diff --git a/Gemfile.lock b/Gemfile.lock index b34faf67..15e8a76c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -222,9 +222,9 @@ GEM ruby-progressbar (1.13.0) ruby_engine (2.0.3) ruby_version (1.0.3) - silent_stream (1.0.10) - logger (>= 1.4.4) - version_gem (~> 1.1, >= 1.1.7) + silent_stream (1.0.11) + logger (~> 1.2) + version_gem (>= 1.1.8, < 3) simplecov (0.22.0) docile (~> 1.1) simplecov-html (~> 0.11) @@ -302,7 +302,7 @@ DEPENDENCIES rubocop-lts (~> 8.1, >= 8.1.1) rubocop-packaging (~> 0.5, >= 0.5.2) rubocop-rspec (~> 3.2) - silent_stream (~> 1.0, >= 1.0.10) + silent_stream (~> 1.0, >= 1.0.11) standard (~> 1.47) yard (~> 0.9, >= 0.9.37) yard-junk (~> 0.0, >= 0.0.10)! diff --git a/gemfiles/audit.gemfile b/gemfiles/audit.gemfile index 506628c1..a0d24ab2 100644 --- a/gemfiles/audit.gemfile +++ b/gemfiles/audit.gemfile @@ -7,10 +7,14 @@ gem "stringio", "~> 3.0" gemspec path: "../" +eval_gemfile("modular/audit.gemfile") + eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") -eval_gemfile("modular/rack_v3.gemfile") +eval_gemfile("modular/logger_v1_7.gemfile") -eval_gemfile("modular/audit.gemfile") +eval_gemfile("modular/multi_xml_v0_7.gemfile") + +eval_gemfile("modular/rack_v3.gemfile") diff --git a/gemfiles/coverage.gemfile b/gemfiles/coverage.gemfile index 681175bb..4f3d07b6 100644 --- a/gemfiles/coverage.gemfile +++ b/gemfiles/coverage.gemfile @@ -7,10 +7,14 @@ gem "stringio", "~> 3.0" gemspec path: "../" +eval_gemfile("modular/coverage.gemfile") + eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") -eval_gemfile("modular/rack_v3.gemfile") +eval_gemfile("modular/logger_v1_7.gemfile") -eval_gemfile("modular/coverage.gemfile") +eval_gemfile("modular/multi_xml_v0_7.gemfile") + +eval_gemfile("modular/rack_v3.gemfile") diff --git a/gemfiles/current.gemfile b/gemfiles/current.gemfile index c53141c8..a8fc46a3 100644 --- a/gemfiles/current.gemfile +++ b/gemfiles/current.gemfile @@ -11,4 +11,8 @@ eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v3.gemfile") +eval_gemfile("modular/logger_v1_7.gemfile") + +eval_gemfile("modular/multi_xml_v0_7.gemfile") + eval_gemfile("modular/rack_v3.gemfile") diff --git a/gemfiles/modular/runtime_heads.gemfile b/gemfiles/modular/runtime_heads.gemfile index 248bde6d..375e47b6 100644 --- a/gemfiles/modular/runtime_heads.gemfile +++ b/gemfiles/modular/runtime_heads.gemfile @@ -9,7 +9,7 @@ gem "faraday", github: "lostisland/faraday", branch: "main" gem "jwt", github: "jwt/ruby-jwt", branch: "main" # Ruby >= 2.5 -gem "logger", github: "ruby/logger/", branch: "master" +gem "logger", github: "ruby/logger", branch: "master" # Ruby >= 3.2 gem "multi_xml", github: "sferik/multi_xml", branch: "master" diff --git a/gemfiles/omnibus.gemfile b/gemfiles/omnibus.gemfile index bdfa3c24..10a5c530 100644 --- a/gemfiles/omnibus.gemfile +++ b/gemfiles/omnibus.gemfile @@ -14,6 +14,10 @@ eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") +eval_gemfile("modular/logger_v1_7.gemfile") + +eval_gemfile("modular/multi_xml_v0_7.gemfile") + eval_gemfile("modular/rack_v3.gemfile") eval_gemfile("modular/style.gemfile") diff --git a/gemfiles/ruby_2_3.gemfile b/gemfiles/ruby_2_3.gemfile index 270129ae..c04bb1e8 100644 --- a/gemfiles/ruby_2_3.gemfile +++ b/gemfiles/ruby_2_3.gemfile @@ -8,4 +8,8 @@ eval_gemfile("modular/faraday_v0.gemfile") eval_gemfile("modular/jwt_v1.gemfile") -eval_gemfile("modular/rack_v1_6.gemfile") +eval_gemfile("modular/logger_v1_2.gemfile") + +eval_gemfile("modular/multi_xml_v0_5.gemfile") + +eval_gemfile("modular/rack_v1_2.gemfile") diff --git a/gemfiles/ruby_2_4.gemfile b/gemfiles/ruby_2_4.gemfile index d7a75ce6..9839ec20 100644 --- a/gemfiles/ruby_2_4.gemfile +++ b/gemfiles/ruby_2_4.gemfile @@ -8,4 +8,8 @@ eval_gemfile("modular/faraday_v1.gemfile") eval_gemfile("modular/jwt_v1.gemfile") -eval_gemfile("modular/rack_v2.gemfile") +eval_gemfile("modular/logger_v1_2.gemfile") + +eval_gemfile("modular/multi_xml_v0_5.gemfile") + +eval_gemfile("modular/rack_v1_6.gemfile") diff --git a/gemfiles/ruby_2_5.gemfile b/gemfiles/ruby_2_5.gemfile index 6bda8e27..078b001f 100644 --- a/gemfiles/ruby_2_5.gemfile +++ b/gemfiles/ruby_2_5.gemfile @@ -8,4 +8,8 @@ eval_gemfile("modular/faraday_v1.gemfile") eval_gemfile("modular/jwt_v2.gemfile") -eval_gemfile("modular/rack_v3.gemfile") +eval_gemfile("modular/logger_v1_5.gemfile") + +eval_gemfile("modular/multi_xml_v0_6.gemfile") + +eval_gemfile("modular/rack_v2.gemfile") diff --git a/gemfiles/ruby_2_6.gemfile b/gemfiles/ruby_2_6.gemfile index 72b6379a..3feef85e 100644 --- a/gemfiles/ruby_2_6.gemfile +++ b/gemfiles/ruby_2_6.gemfile @@ -11,4 +11,8 @@ eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") +eval_gemfile("modular/logger_v1_5.gemfile") + +eval_gemfile("modular/multi_xml_v0_6.gemfile") + eval_gemfile("modular/rack_v3.gemfile") diff --git a/gemfiles/ruby_2_7.gemfile b/gemfiles/ruby_2_7.gemfile index 72b6379a..dba445fd 100644 --- a/gemfiles/ruby_2_7.gemfile +++ b/gemfiles/ruby_2_7.gemfile @@ -11,4 +11,8 @@ eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") +eval_gemfile("modular/logger_v1_7.gemfile") + +eval_gemfile("modular/multi_xml_v0_6.gemfile") + eval_gemfile("modular/rack_v3.gemfile") diff --git a/gemfiles/ruby_3_0.gemfile b/gemfiles/ruby_3_0.gemfile index 72b6379a..dba445fd 100644 --- a/gemfiles/ruby_3_0.gemfile +++ b/gemfiles/ruby_3_0.gemfile @@ -11,4 +11,8 @@ eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") +eval_gemfile("modular/logger_v1_7.gemfile") + +eval_gemfile("modular/multi_xml_v0_6.gemfile") + eval_gemfile("modular/rack_v3.gemfile") diff --git a/gemfiles/ruby_3_1.gemfile b/gemfiles/ruby_3_1.gemfile index 72b6379a..dba445fd 100644 --- a/gemfiles/ruby_3_1.gemfile +++ b/gemfiles/ruby_3_1.gemfile @@ -11,4 +11,8 @@ eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") +eval_gemfile("modular/logger_v1_7.gemfile") + +eval_gemfile("modular/multi_xml_v0_6.gemfile") + eval_gemfile("modular/rack_v3.gemfile") diff --git a/gemfiles/ruby_3_2.gemfile b/gemfiles/ruby_3_2.gemfile index 72b6379a..616b2ece 100644 --- a/gemfiles/ruby_3_2.gemfile +++ b/gemfiles/ruby_3_2.gemfile @@ -11,4 +11,8 @@ eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") +eval_gemfile("modular/logger_v1_7.gemfile") + +eval_gemfile("modular/multi_xml_v0_7.gemfile") + eval_gemfile("modular/rack_v3.gemfile") diff --git a/gemfiles/ruby_3_3.gemfile b/gemfiles/ruby_3_3.gemfile index 72b6379a..616b2ece 100644 --- a/gemfiles/ruby_3_3.gemfile +++ b/gemfiles/ruby_3_3.gemfile @@ -11,4 +11,8 @@ eval_gemfile("modular/faraday_v2.gemfile") eval_gemfile("modular/jwt_v2.gemfile") +eval_gemfile("modular/logger_v1_7.gemfile") + +eval_gemfile("modular/multi_xml_v0_7.gemfile") + eval_gemfile("modular/rack_v3.gemfile") diff --git a/oauth2.gemspec b/oauth2.gemspec index f519ccb5..87c905c0 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -129,5 +129,5 @@ Thanks, |7eter l-|. l3oling spec.add_development_dependency("rspec-block_is_expected", "~> 1.0", ">= 1.0.6") # ruby >= 1.8.7 spec.add_development_dependency("rspec-pending_for", "~> 0.1", ">= 0.1.17") # ruby >= 1.8.7 spec.add_development_dependency("rspec-stubbed_env", "~> 1.0", ">= 1.0.2") # ruby >= 1.8.7 - spec.add_development_dependency("silent_stream", "~> 1.0", ">= 1.0.10") # ruby >= 2.3 + spec.add_development_dependency("silent_stream", "~> 1.0", ">= 1.0.11") # ruby >= 2.3 end From 9700efe3ab93494540a44ee9cf7fa005c163d3ae Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 02:00:36 +0700 Subject: [PATCH 355/645] =?UTF-8?q?=F0=9F=93=9D=20Improve=20Keep-a-Changel?= =?UTF-8?q?og=20formatting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 279 ++++++++++++++++++++++++++++----------------------- 1 file changed, 152 insertions(+), 127 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5d2cf419..ed6d37b8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,10 +7,13 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [Unreleased] ### Added ### Changed -### Fixed +### Deprecated ### Removed +### Fixed +### Security -## [2.0.10] - 2025-05-XX ([tag][2.0.10t]) +## [2.0.10] - 2025-05-16 +- TAG: [v2.0.10][2.0.10t] - COVERAGE: 100.00% -- 518/518 lines in 14 files - BRANCH COVERAGE: 100.00% -- 170/170 branches in 14 files - 79.05% documented @@ -55,143 +58,156 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [#645](https://gitlab.com/oauth-xx/oauth2/-/issues/645) - Response no longer becomes a snaky hash (@pboling) - [gh!646](https://github.com/oauth-xx/oauth2/pull/646) - Change require to require_relative (improve performance) (@Aboling0) -## [2.0.9] - 2022-09-16 ([tag][2.0.9t]) +## [2.0.9] - 2022-09-16 +- TAG: [v2.0.9][2.0.9t] ### Added - More specs (@pboling) ### Changed - Complete migration to main branch as default (@pboling) - Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling) -## [2.0.8] - 2022-09-01 ([tag][2.0.8t]) +## [2.0.8] - 2022-09-01 +- TAG: [v2.0.8][2.0.8t] ### Changed - [!630](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/630) - Extract snaky_hash to external dependency (@pboling) ### Added - [!631](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/631) - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes [#628](https://gitlab.com/oauth-xx/oauth2/-/issues/628) -## [2.0.7] - 2022-08-22 ([tag][2.0.7t]) +## [2.0.7] - 2022-08-22 +- TAG: [v2.0.7][2.0.7t] ### Added -[!629](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/629) - Allow POST of JSON to get token (@pboling, @terracatta) +- [!629](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/629) - Allow POST of JSON to get token (@pboling, @terracatta) ### Fixed -[!626](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby) +- [!626](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby) - Note: This fixes compatibility with `omniauth-oauth2` and AWS -[!625](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/625) - Fixes the printed version in the post install message (@hasghari) +- [!625](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/625) - Fixes the printed version in the post install message (@hasghari) -## [2.0.6] - 2022-07-13 ([tag][2.0.6t]) +## [2.0.6] - 2022-07-13 +- TAG: [v2.0.6][2.0.6t] ### Fixed -[!624](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/624) - Fixes a [regression](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling) +- [!624](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/624) - Fixes a [regression](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling) -## [2.0.5] - 2022-07-07 ([tag][2.0.5t]) +## [2.0.5] - 2022-07-07 +- TAG: [v2.0.5][2.0.5t] ### Fixed -[!620](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/620) - Documentation improvements, to help with upgrading (@swanson) -[!621](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/621) - Fixed [#528](https://gitlab.com/oauth-xx/oauth2/-/issues/528) and [#619](https://gitlab.com/oauth-xx/oauth2/-/issues/619) (@pboling) +- [!620](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/620) - Documentation improvements, to help with upgrading (@swanson) +- [!621](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/621) - Fixed [#528](https://gitlab.com/oauth-xx/oauth2/-/issues/528) and [#619](https://gitlab.com/oauth-xx/oauth2/-/issues/619) (@pboling) - All data in responses is now returned, with the access token removed and set as `token` - `refresh_token` is no longer dropped - **BREAKING**: Microsoft's `id_token` is no longer left as `access_token['id_token']`, but moved to the standard `access_token.token` that all other strategies use - Remove `parse` and `snaky` from options so they don't get included in response - There is now 100% test coverage, for lines _and_ branches, and it will stay that way. -## [2.0.4] - 2022-07-01 ([tag][2.0.4t]) +## [2.0.4] - 2022-07-01 +- TAG: [v2.0.4][2.0.4t] ### Fixed -[!618](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/618) - In some scenarios the `snaky` option default value was not applied (@pboling) +- [!618](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/618) - In some scenarios the `snaky` option default value was not applied (@pboling) -## [2.0.3] - 2022-06-28 ([tag][2.0.3t]) +## [2.0.3] - 2022-06-28 +- TAG: [v2.0.3][2.0.3t] ### Added -[!611](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling) -[!612](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling) +- [!611](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling) +- [!612](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling) ### Fixed -[!608](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler) -[!615](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling) +- [!608](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler) +- [!615](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling) -## [2.0.2] - 2022-06-24 ([tag][2.0.2t]) +## [2.0.2] - 2022-06-24 +- TAG: [v2.0.2][2.0.2t] ### Fixed -[!604](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu) -[!606](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu) -[!607](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan) +- [!604](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu) +- [!606](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu) +- [!607](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan) -## [2.0.1] - 2022-06-22 ([tag][2.0.1t]) +## [2.0.1] - 2022-06-22 +- TAG: [v2.0.1][2.0.1t] ### Added - Documentation improvements (@pboling) - Increased test coverage to 99% (@pboling) -## [2.0.0] - 2022-06-21 ([tag][2.0.0t]) +## [2.0.0] - 2022-06-21 +- TAG: [v2.0.0][2.0.0t] ### Added -[!158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [!344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Optionally pass raw response to parsers (@niels) -[!190](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/190), [!332](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/332), [!334](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/334), [!335](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/335), [!360](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/360), [!426](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/426), [!427](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/427), [!461](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm) -[!220](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore) -[!298](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig) -[!305](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/305) - Option: `OAuth2::Client#get_token` - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` (@styd) -[!346](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Modern gem structure (@pboling) -[!351](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/351) - Support Jruby 9k (@pboling) -[!362](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/362) - Support SemVer release version scheme (@pboling) -[!363](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/363) - New method `OAuth2::AccessToken#refresh!` same as old `refresh`, with backwards compatibility alias (@pboling) -[!364](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/364) - Support `application/hal+json` format (@pboling) -[!365](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/365) - Support `application/vnd.collection+json` format (@pboling) -[!376](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/376) - _Documentation_: Example / Test for Google 2-legged JWT (@jhmoore) -[!381](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/381) - Spec for extra header params on client credentials (@nikz) -[!394](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/394) - Option: `OAuth2::AccessToken#initialize` - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx) -[!412](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/412) - Support `application/vdn.api+json` format (from jsonapi.org) (@david-christensen) -[!413](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/413) - _Documentation_: License scan and report (@meganemura) -[!442](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound) -[!494](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork) -[!549](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionError` (@nikkypx) -[!550](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/550) - Raise error if location header not present when redirecting (@stanhu) -[!552](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/552) - Add missing `version.rb` require (@ahorek) -[!553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - Support `application/problem+json` format (@janz93) -[!560](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk) -[!571](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Support Ruby 3.1 (@pboling) -[!575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling) -[!581](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/581) - _Documentation_: of breaking changes (@pboling) +- [!158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [!344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Optionally pass raw response to parsers (@niels) +- [!190](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/190), [!332](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/332), [!334](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/334), [!335](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/335), [!360](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/360), [!426](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/426), [!427](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/427), [!461](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm) +- [!220](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore) +- [!298](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig) +- [!305](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/305) - Option: `OAuth2::Client#get_token` - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` (@styd) +- [!346](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Modern gem structure (@pboling) +- [!351](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/351) - Support Jruby 9k (@pboling) +- [!362](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/362) - Support SemVer release version scheme (@pboling) +- [!363](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/363) - New method `OAuth2::AccessToken#refresh!` same as old `refresh`, with backwards compatibility alias (@pboling) +- [!364](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/364) - Support `application/hal+json` format (@pboling) +- [!365](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/365) - Support `application/vnd.collection+json` format (@pboling) +- [!376](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/376) - _Documentation_: Example / Test for Google 2-legged JWT (@jhmoore) +- [!381](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/381) - Spec for extra header params on client credentials (@nikz) +- [!394](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/394) - Option: `OAuth2::AccessToken#initialize` - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx) +- [!412](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/412) - Support `application/vdn.api+json` format (from jsonapi.org) (@david-christensen) +- [!413](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/413) - _Documentation_: License scan and report (@meganemura) +- [!442](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound) +- [!494](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork) +- [!549](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionError` (@nikkypx) +- [!550](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/550) - Raise error if location header not present when redirecting (@stanhu) +- [!552](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/552) - Add missing `version.rb` require (@ahorek) +- [!553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - Support `application/problem+json` format (@janz93) +- [!560](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk) +- [!571](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Support Ruby 3.1 (@pboling) +- [!575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling) +- [!581](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/581) - _Documentation_: of breaking changes (@pboling) ### Changed -[!191](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens) -[!312](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777) -[!317](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth) -[!338](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/338) - _Dependency_: Switch from `Rack::Utils.escape` to `CGI.escape` (@josephpage) -[!339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [!368](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/368), [!424](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/424), [!479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479), [!493](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/493), [!539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539), [!542](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/542), [!553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek) -[!410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore) -[!414](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura) -[!469](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost) -[!469](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost) -[!507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507), [!575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - **BREAKING**: Transform keys to snake case, always, by default (ultimately via `rash_alt` gem) +- [!191](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens) +- [!312](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777) +- [!317](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth) +- [!338](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/338) - _Dependency_: Switch from `Rack::Utils.escape` to `CGI.escape` (@josephpage) +- [!339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [!368](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/368), [!424](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/424), [!479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479), [!493](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/493), [!539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539), [!542](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/542), [!553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek) +- [!410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore) +- [!414](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura) +- [!469](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost) +- [!469](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost) +- [!507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507), [!575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - **BREAKING**: Transform keys to snake case, always, by default (ultimately via `rash_alt` gem) - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem. - However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be snake case. - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option. -[!576](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - **BREAKING**: Stop rescuing parsing errors (@pboling) -[!591](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated +- [!576](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - **BREAKING**: Stop rescuing parsing errors (@pboling) +- [!591](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated ### Fixed -[!158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [!344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Handling of errors when using `omniauth-facebook` (@niels) -[!294](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom) -[!300](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare) -[!318](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/318), [!326](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/326), [!343](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/343), [!347](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/347), [!397](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/397), [!464](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/464), [!561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561), [!565](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/565) - _Dependency_: Support all versions of `faraday` (see [gemfiles/README.md][gemfiles/readme] for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother) -[!322](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/322), [!331](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/331), [!337](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/337), [!361](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/361), [!371](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/371), [!377](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/377), [!383](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/383), [!392](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/392), [!395](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/395), [!400](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/400), [!401](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/401), [!403](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/403), [!415](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/415), [!567](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/567) - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator) -[!328](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/328) - _Documentation_: Homepage URL is SSL (@amatsuda) -[!339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [!479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage) -[!366](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/366) - **Security**: Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling) -[!380](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/380) - Fix: Stop attempting to encode non-encodable objects in `Oauth2::Error` (@jhmoore) -[!399](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/399) - Fix: Stop duplicating `redirect_uri` in `get_token` (@markus) -[!410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - Fix: `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore) -[!460](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/460) - Fix: Stop throwing errors when `raise_errors` is set to `false`; analog of [!524](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/524) for `1-4-stable` branch (@joaolrpaulo) -[!472](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler) -[!482](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/482) - _Documentation_: Update last of `intridea` links to `oauth-xx` (@pboling) -[!536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [!535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) on `1-4-stable` branch (@pboling) -[!595](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/595) - Graceful handling of empty responses from `Client#get_token`, respecting `:raise_errors` config (@stanhu) -[!596](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu) -[!598](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu) +- [!158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [!344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Handling of errors when using `omniauth-facebook` (@niels) +- [!294](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom) +- [!300](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare) +- [!318](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/318), [!326](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/326), [!343](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/343), [!347](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/347), [!397](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/397), [!464](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/464), [!561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561), [!565](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/565) - _Dependency_: Support all versions of `faraday` (see [gemfiles/README.md][gemfiles/readme] for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother) +- [!322](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/322), [!331](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/331), [!337](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/337), [!361](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/361), [!371](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/371), [!377](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/377), [!383](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/383), [!392](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/392), [!395](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/395), [!400](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/400), [!401](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/401), [!403](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/403), [!415](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/415), [!567](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/567) - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator) +- [!328](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/328) - _Documentation_: Homepage URL is SSL (@amatsuda) +- [!339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [!479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage) +- [!366](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/366) - **Security**: Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling) +- [!380](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/380) - Fix: Stop attempting to encode non-encodable objects in `Oauth2::Error` (@jhmoore) +- [!399](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/399) - Fix: Stop duplicating `redirect_uri` in `get_token` (@markus) +- [!410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - Fix: `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore) +- [!460](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/460) - Fix: Stop throwing errors when `raise_errors` is set to `false`; analog of [!524](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/524) for `1-4-stable` branch (@joaolrpaulo) +- [!472](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler) +- [!482](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/482) - _Documentation_: Update last of `intridea` links to `oauth-xx` (@pboling) +- [!536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [!535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) on `1-4-stable` branch (@pboling) +- [!595](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/595) - Graceful handling of empty responses from `Client#get_token`, respecting `:raise_errors` config (@stanhu) +- [!596](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu) +- [!598](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu) ### Removed -[!341](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/341) - Remove Rdoc & Jeweler related files (@josephpage) -[!342](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage) -[!539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) - Remove reliance on globally included OAuth2 in tests, analog of [!538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) for 1-4-stable (@anderscarling) -[!566](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/566) - _Dependency_: Removed `wwtd` (@bquorning) -[!589](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/589), [!593](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/593) - Remove support for expired MAC token draft spec (@stanhu) -[!590](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/590) - _Dependency_: Removed `multi_json` (@stanhu) - -## [1.4.11] - 2022-09-16 ([tag][1.4.11t]) +- [!341](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/341) - Remove Rdoc & Jeweler related files (@josephpage) +- [!342](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage) +- [!539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) - Remove reliance on globally included OAuth2 in tests, analog of [!538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) for 1-4-stable (@anderscarling) +- [!566](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/566) - _Dependency_: Removed `wwtd` (@bquorning) +- [!589](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/589), [!593](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/593) - Remove support for expired MAC token draft spec (@stanhu) +- [!590](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/590) - _Dependency_: Removed `multi_json` (@stanhu) + +## [1.4.11] - 2022-09-16 +- TAG: [v1.4.11][1.4.11t] - Complete migration to main branch as default (@pboling) - Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling) -## [1.4.10] - 2022-07-01 ([tag][1.4.10t]) +## [1.4.10] - 2022-07-01 +- TAG: [v1.4.10][1.4.10t] - FIPS Compatibility [!587](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/587) (@akostadinov) -## [1.4.9] - 2022-02-20 ([tag][1.4.9t]) +## [1.4.9] - 2022-02-20 +- TAG: [v1.4.9][1.4.9t] - Fixes compatibility with Faraday v2 [572](https://gitlab.com/oauth-xx/oauth2/-/issues/572) - Includes supported versions of Faraday in test matrix: - Faraday ~> 2.2.0 with Ruby >= 2.6 @@ -199,50 +215,58 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - Faraday ~> 0.17.3 with Ruby >= 1.9 - Add Windows and MacOS to test matrix -## [1.4.8] - 2022-02-18 ([tag][1.4.8t]) +## [1.4.8] - 2022-02-18 +- TAG: [v1.4.8][1.4.8t] - MFA is now required to push new gem versions (@pboling) - README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling) -[!569](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/569) Backport fixes ([!561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind) +- [!569](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/569) Backport fixes ([!561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind) - Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling) - Add CodeQL, Security Policy, Funding info (@pboling) - Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling) -[!543](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/543) - Support for more modern Open SSL libraries (@pboling) - -## [1.4.7] - 2021-03-19 ([tag][1.4.7t]) -[!541](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/541) - Backport fix to expires_at handling [!533](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/533) to 1-4-stable branch. (@dobon) - -## [1.4.6] - 2021-03-19 ([tag][1.4.6t]) -[!540](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/540) - Add VERSION constant (@pboling) -[!537](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/537) - Fix crash in OAuth2::Client#get_token (@anderscarling) -[!538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) - Remove reliance on globally included OAuth2 in tests, analogous to [!539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) on main branch (@anderscarling) - -## [1.4.5] - 2021-03-18 ([tag][1.4.5t]) -[!535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [!536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) on main branch (@pboling) -[!518](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer) -[!507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507) - Fix camel case content type, response keys (@anvox) -[!500](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/500) - Fix YARD documentation formatting (@olleolleolle) - -## [1.4.4] - 2020-02-12 ([tag][1.4.4t]) -[!408](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/408) - Fixed expires_at for formatted time (@Lomey) - -## [1.4.3] - 2020-01-29 ([tag][1.4.3t]) -[!483](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/483) - add project metadata to gemspec (@orien) -[!495](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz) +- [!543](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/543) - Support for more modern Open SSL libraries (@pboling) + +## [1.4.7] - 2021-03-19 +- TAG: [v1.4.7][1.4.7t] +- [!541](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/541) - Backport fix to expires_at handling [!533](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/533) to 1-4-stable branch. (@dobon) + +## [1.4.6] - 2021-03-19 +- TAG: [v1.4.6][1.4.6t] +- [!540](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/540) - Add VERSION constant (@pboling) +- [!537](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/537) - Fix crash in OAuth2::Client#get_token (@anderscarling) +- [!538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) - Remove reliance on globally included OAuth2 in tests, analogous to [!539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) on main branch (@anderscarling) + +## [1.4.5] - 2021-03-18 +- TAG: [v1.4.5][1.4.5t] +- [!535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [!536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) on main branch (@pboling) +- [!518](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer) +- [!507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507) - Fix camel case content type, response keys (@anvox) +- [!500](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/500) - Fix YARD documentation formatting (@olleolleolle) + +## [1.4.4] - 2020-02-12 +- TAG: [v1.4.4][1.4.4t] +- [!408](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/408) - Fixed expires_at for formatted time (@Lomey) + +## [1.4.3] - 2020-01-29 +- TAG: [v1.4.3][1.4.3t] +- [!483](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/483) - add project metadata to gemspec (@orien) +- [!495](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz) - Adds support for private_key_jwt and tls_client_auth -[!433](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/433) - allow field names with square brackets and numbers in params (@asm256) +- [!433](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/433) - allow field names with square brackets and numbers in params (@asm256) -## [1.4.2] - 2019-10-01 ([tag][1.4.2t]) -[!478](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/478) - support latest version of faraday & fix build (@pboling) +## [1.4.2] - 2019-10-01 +- TAG: [v1.4.2][1.4.2t] +- [!478](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/478) - support latest version of faraday & fix build (@pboling) - Officially support Ruby 2.6 and truffleruby -## [1.4.1] - 2018-10-13 ([tag][1.4.1t]) -[!417](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/417) - update jwt dependency (@thewoolleyman) -[!419](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/419) - remove rubocop dependency (temporary, added back in [!423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423)) (@pboling) -[!418](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/418) - update faraday dependency (@pboling) -[!420](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/420) - update [oauth2.gemspec](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/oauth2.gemspec) (@pboling) -[!421](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/421) - fix [CHANGELOG.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/CHANGELOG.md) for previous releases (@pboling) -[!422](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/422) - update [LICENSE](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/LICENSE) and [README.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/README.md) (@pboling) -[!423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423) - update [builds](https://travis-ci.org/oauth-xx/oauth2/builds), [Rakefile](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/Rakefile) (@pboling) +## [1.4.1] - 2018-10-13 +- TAG: [v1.4.1][1.4.1t] +- [!417](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/417) - update jwt dependency (@thewoolleyman) +- [!419](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/419) - remove rubocop dependency (temporary, added back in [!423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423)) (@pboling) +- [!418](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/418) - update faraday dependency (@pboling) +- [!420](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/420) - update [oauth2.gemspec](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/oauth2.gemspec) (@pboling) +- [!421](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/421) - fix [CHANGELOG.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/CHANGELOG.md) for previous releases (@pboling) +- [!422](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/422) - update [LICENSE](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/LICENSE) and [README.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/README.md) (@pboling) +- [!423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423) - update [builds](https://travis-ci.org/oauth-xx/oauth2/builds), [Rakefile](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/Rakefile) (@pboling) - officially document supported Rubies * Ruby 1.9.3 * Ruby 2.0.0 @@ -262,6 +286,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [jruby-9.2]: https://www.jruby.org/2018/05/24/jruby-9-2-0-0.html ## [1.4.0] - 2017-06-09 ([tag][1.4.0t]) +- TAG: [v1.4.0][1.4.0t] - Drop Ruby 1.8.7 support (@sferik) - Fix some RuboCop offenses (@sferik) - _Dependency_: Remove Yardstick (@sferik) From 54ade7e7461d8a2709917c67cddc100fd43a5837 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 02:14:52 +0700 Subject: [PATCH 356/645] =?UTF-8?q?=F0=9F=93=9D=20Improve=20Keep-a-Changel?= =?UTF-8?q?og=20formatting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ed6d37b8..d1b8f55a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -285,7 +285,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [jruby-9.1]: https://www.jruby.org/2017/05/16/jruby-9-1-9-0.html [jruby-9.2]: https://www.jruby.org/2018/05/24/jruby-9-2-0-0.html -## [1.4.0] - 2017-06-09 ([tag][1.4.0t]) +## [1.4.0] - 2017-06-09 - TAG: [v1.4.0][1.4.0t] - Drop Ruby 1.8.7 support (@sferik) - Fix some RuboCop offenses (@sferik) From 830fb08efbda3c3b6afe2266b97adaa2f0512008 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 02:22:15 +0700 Subject: [PATCH 357/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20updates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 135 ++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 101 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index 10f94b22..9f004c37 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ [![CodeClimate Test Coverage][🔑cc-covi♻️]][🔑cc-cov] [![Maintainability][🔑cc-mnti♻️]][🔑cc-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] +[![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] @@ -71,7 +72,8 @@ OAuth2::Client.new( NOTE: `header` - The content type specified in the `curl` is already the default! -## 💡 Info you can shake a stick at +If any of the above makes you uncomfortable, you may be in the wrong place. +One of these might be what you are looking for: * [OAuth 2.0 Spec][oauth2-spec] * [doorkeeper gem][doorkeeper-gem] for OAuth 2.0 server/provider implementation. @@ -81,10 +83,12 @@ NOTE: `header` - The content type specified in the `curl` is already the default [sibling-gem]: https://gitlab.com/oauth-xx/oauth [doorkeeper-gem]: https://github.com/doorkeeper-gem/doorkeeper +## 💡 Info you can shake a stick at + | Tokens to Remember | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace] | |-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Works with JRuby | [![JRuby 9.2 Compat][💎jruby-9.2i]][🚎10-j-wf] [![JRuby 9.3 Compat][💎jruby-9.3i]][🚎10-j-wf] [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf] | -| Works with Truffle Ruby | [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf] [![Truffle Ruby HEAD Compat][💎truby-headi]][🚎3-hd-wf] | +| Works with JRuby | [![JRuby 9.2 Compat][💎jruby-9.2i]][🚎10-j-wf] [![JRuby 9.3 Compat][💎jruby-9.3i]][🚎10-j-wf] [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf] | +| Works with Truffle Ruby | [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf] [![Truffle Ruby HEAD Compat][💎truby-headi]][🚎3-hd-wf] | | Works with MRI Ruby 3 | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf] | | Works with MRI Ruby 2 | [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf] | | Source | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc] | @@ -97,47 +101,108 @@ NOTE: `header` - The content type specified in the `curl` is already the default ## 🚀 Release Documentation +
+ Standard Library Dependencies + +* base64 +* cgi +* json +* time +* logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10) + +
+ ### Version 2.0.x
- 2.0.x Readmes - -| Version | Release Date | Readme | -|---------|--------------|-------------------------------------------------------------| -| 2.0.10 | 2025-05-16 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.10/README.md | -| 2.0.9 | 2022-09-16 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.9/README.md | -| 2.0.8 | 2022-09-01 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.8/README.md | -| 2.0.7 | 2022-08-22 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.7/README.md | -| 2.0.6 | 2022-07-13 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.6/README.md | -| 2.0.5 | 2022-07-07 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.5/README.md | -| 2.0.4 | 2022-07-01 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.4/README.md | -| 2.0.3 | 2022-06-28 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.3/README.md | -| 2.0.2 | 2022-06-24 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.2/README.md | -| 2.0.1 | 2022-06-22 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.1/README.md | -| 2.0.0 | 2022-06-21 | https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.0/README.md | + 2.0.x CHANGELOGs and READMEs + +| Version | Release Date | CHANGELOG | README | +|---------|--------------|---------------------------------------|---------------------------------| +| 2.0.10 | 2025-05-16 | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] | +| 2.0.9 | 2022-09-16 | [v2.0.9 CHANGELOG][2.0.9-changelog] | [v2.0.9 README][2.0.9-readme] | +| 2.0.8 | 2022-09-01 | [v2.0.8 CHANGELOG][2.0.8-changelog] | [v2.0.8 README][2.0.8-readme] | +| 2.0.7 | 2022-08-22 | [v2.0.7 CHANGELOG][2.0.7-changelog] | [v2.0.7 README][2.0.7-readme] | +| 2.0.6 | 2022-07-13 | [v2.0.6 CHANGELOG][2.0.6-changelog] | [v2.0.6 README][2.0.6-readme] | +| 2.0.5 | 2022-07-07 | [v2.0.5 CHANGELOG][2.0.5-changelog] | [v2.0.5 README][2.0.5-readme] | +| 2.0.4 | 2022-07-01 | [v2.0.4 CHANGELOG][2.0.4-changelog] | [v2.0.4 README][2.0.4-readme] | +| 2.0.3 | 2022-06-28 | [v2.0.3 CHANGELOG][2.0.3-changelog] | [v2.0.3 README][2.0.3-readme] | +| 2.0.2 | 2022-06-24 | [v2.0.2 CHANGELOG][2.0.2-changelog] | [v2.0.2 README][2.0.2-readme] | +| 2.0.1 | 2022-06-22 | [v2.0.1 CHANGELOG][2.0.1-changelog] | [v2.0.1 README][2.0.1-readme] | +| 2.0.0 | 2022-06-21 | [v2.0.0 CHANGELOG][2.0.0-changelog] | [v2.0.0 README][2.0.0-readme] |
+[2.0.10-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2010---2025-05-16 +[2.0.9-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#209---2022-09-16 +[2.0.8-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#208---2022-09-01 +[2.0.7-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#207---2022-08-22 +[2.0.6-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#206---2022-07-13 +[2.0.5-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#205---2022-07-07 +[2.0.4-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#204---2022-07-01 +[2.0.3-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#203---2022-06-28 +[2.0.2-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#202---2022-06-24 +[2.0.1-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#201---2022-06-22 +[2.0.0-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#200---2022-06-21 + +[2.0.10-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.10/README.md +[2.0.9-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.9/README.md +[2.0.8-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.8/README.md +[2.0.7-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.7/README.md +[2.0.6-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.6/README.md +[2.0.5-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.5/README.md +[2.0.4-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.4/README.md +[2.0.3-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.3/README.md +[2.0.2-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.2/README.md +[2.0.1-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.1/README.md +[2.0.0-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.0/README.md + ### Older Releases
- 1.4.x Readmes - -| Version | Release Date | Readme | -|---------|--------------|-------------------------------------------------------------| -| 1.4.11 | Sep 16, 2022 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.11/README.md | -| 1.4.10 | Jul 1, 2022 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.10/README.md | -| 1.4.9 | Feb 20, 2022 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.9/README.md | -| 1.4.8 | Feb 18, 2022 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.8/README.md | -| 1.4.7 | Mar 19, 2021 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.7/README.md | -| 1.4.6 | Mar 19, 2021 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.6/README.md | -| 1.4.5 | Mar 18, 2021 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.5/README.md | -| 1.4.4 | Feb 12, 2020 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.4/README.md | -| 1.4.3 | Jan 29, 2020 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.3/README.md | -| 1.4.2 | Oct 1, 2019 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.2/README.md | -| 1.4.1 | Oct 13, 2018 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.1/README.md | -| 1.4.0 | Jun 9, 2017 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.0/README.md | + 1.4.x CHANGELOGs and READMEs + +| Version | Release Date | CHANGELOG | README | +|---------|--------------|---------------------------------------|---------------------------------| +| 1.4.11 | Sep 16, 2022 | [v1.4.11 CHANGELOG][1.4.11-changelog] | [v1.4.11 README][1.4.11-readme] | +| 1.4.10 | Jul 1, 2022 | [v1.4.10 CHANGELOG][1.4.10-changelog] | [v1.4.10 README][1.4.10-readme] | +| 1.4.9 | Feb 20, 2022 | [v1.4.9 CHANGELOG][1.4.9-changelog] | [v1.4.9 README][1.4.9-readme] | +| 1.4.8 | Feb 18, 2022 | [v1.4.8 CHANGELOG][1.4.8-changelog] | [v1.4.8 README][1.4.8-readme] | +| 1.4.7 | Mar 19, 2021 | [v1.4.7 CHANGELOG][1.4.7-changelog] | [v1.4.7 README][1.4.7-readme] | +| 1.4.6 | Mar 19, 2021 | [v1.4.6 CHANGELOG][1.4.6-changelog] | [v1.4.6 README][1.4.6-readme] | +| 1.4.5 | Mar 18, 2021 | [v1.4.5 CHANGELOG][1.4.5-changelog] | [v1.4.5 README][1.4.5-readme] | +| 1.4.4 | Feb 12, 2020 | [v1.4.4 CHANGELOG][1.4.4-changelog] | [v1.4.4 README][1.4.4-readme] | +| 1.4.3 | Jan 29, 2020 | [v1.4.3 CHANGELOG][1.4.3-changelog] | [v1.4.3 README][1.4.3-readme] | +| 1.4.2 | Oct 1, 2019 | [v1.4.2 CHANGELOG][1.4.2-changelog] | [v1.4.2 README][1.4.2-readme] | +| 1.4.1 | Oct 13, 2018 | [v1.4.1 CHANGELOG][1.4.1-changelog] | [v1.4.1 README][1.4.1-readme] | +| 1.4.0 | Jun 9, 2017 | [v1.4.0 CHANGELOG][1.4.0-changelog] | [v1.4.0 README][1.4.0-readme] |
+[1.4.11-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#1411---2022-09-16 +[1.4.10-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#1410---2022-07-01 +[1.4.9-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#149---2022-02-20 +[1.4.8-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#148---2022-02-18 +[1.4.7-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#147---2021-03-19 +[1.4.6-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#146---2021-03-19 +[1.4.5-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#145---2021-03-18 +[1.4.4-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#144---2020-02-12 +[1.4.3-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#143---2020-01-29 +[1.4.2-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#142---2019-10-01 +[1.4.1-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#141---2018-10-13 +[1.4.0-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#140---2017-06-09 + +[1.4.11-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.11/README.md +[1.4.10-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.10/README.md +[1.4.9-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.9/README.md +[1.4.8-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.8/README.md +[1.4.7-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.7/README.md +[1.4.6-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.6/README.md +[1.4.5-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.5/README.md +[1.4.4-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.4/README.md +[1.4.3-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.3/README.md +[1.4.2-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.2/README.md +[1.4.1-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.1/README.md +[1.4.0-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v1.4.0/README.md +
1.3.x Readmes @@ -697,6 +762,8 @@ or one of the others at the head of this README. [🚎10-j-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/jruby.yml/badge.svg [🚎11-c-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/current.yml [🚎11-c-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/current.yml/badge.svg +[🚎12-crh-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/current-runtime-heads.yml +[🚎12-crh-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/current-runtime-heads.yml/badge.svg [⛳liberapay-img]: https://img.shields.io/liberapay/goal/pboling.svg?logo=liberapay [⛳liberapay]: https://liberapay.com/pboling/donate [🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github From 20349af25079dd245047ef82fa09cbd4e8a7ae5f Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 03:14:37 +0700 Subject: [PATCH 358/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20updates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 95 +++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 78 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 9f004c37..d2b2a6ed 100644 --- a/README.md +++ b/README.md @@ -14,9 +14,8 @@ [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Depfu][🔑depfui♻️]][🔑depfu] -[![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] -[![CodeClimate Test Coverage][🔑cc-covi♻️]][🔑cc-cov] +[![QLTY Test Coverage][🔑cc-covi♻️]][🔑cc-cov] [![Maintainability][🔑cc-mnti♻️]][🔑cc-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] @@ -44,7 +43,68 @@ OAuth 2.0 focuses on client developer simplicity while providing specific author desktop applications, mobile phones, and living room devices. This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications. -Quick example: Convert the following `curl` command into a token request using this gem... +### Upgrading Runtime Gem Dependencies + +This project sits underneath a large portion of the authentication systems on the internet. +According to GitHub's project tracking, which I believe only reports on public projects, +[100,000+ projects](https://github.com/oauth-xx/oauth2/network/dependents), and +[500+ packages](https://github.com/oauth-xx/oauth2/network/dependents?dependent_type=PACKAGE) depend on this project. + +That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies. + +As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the +leading versions per each minor version of Ruby of all the runtime dependencies it can install with. + +What does that mean specifically for the runtime dependencies? + +We have 100% test coverage of lines and branches, and this test suite runs across a large matrix +covering the latest patch for each of the following minor versions: + +* MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD + * NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV. +* JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD +* TruffleRuby @ v23.1, v23.2, HEAD +* gem `faraday` @ v0, v1, v2, HEAD +* gem `jwt` @ v1, v2, v3, HEAD +* gem `logger` @ v1.2, v1.5, v1.7, HEAD +* gem `multi_xml` @ v0.5, v0.6, v0.7, HEAD +* gem `rack` @ v1.2, v1.6, v2, v3, HEAD + +- This gem follows a _strict & correct_ (according to the maintainer of SemVer; [more info][sv-pub-api]) interpretation of SemVer. + - Dropping support for **any** of the runtime dependency versions above will be a major version bump. + - If you aren't on one of the minor versions above, make getting there a priority. +- You should upgrade this gem with confidence\*. +- You should upgrade the dependencies of this gem with confidence\*. +- Please do upgrade, and then, when it goes smooth as butter [please sponsor me][🖇sponsor]. Thanks! + +[sv-pub-api]: #-is-platform-support-part-of-the-public-api + +\* MIT license; I am unable to make guarantees. + +| 🚚 Test matrix brought to you by | 🔎 appraisal++ | +|----------------------------------|-------------------------------------------------------------------------| +| Adds back support for old Rubies | ✨ [appraisal PR #250](https://github.com/thoughtbot/appraisal/pull/250) | +| Adds support for `eval_gemfile` | ✨ [appraisal PR #248](https://github.com/thoughtbot/appraisal/pull/248) | +| Please review | my PRs! | + +
+ Standard Library Dependencies + +The various versions of each are tested via the Ruby test matrix, along with whatever Ruby includes them. + +* base64 +* cgi +* json +* time +* logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10) + +If you use a gem version it should work fine! + +
+ +### Quick Usage Example for Anti-Scrollers + +Convert the following `curl` command into a token request using this gem... ```shell curl --request POST \ @@ -101,17 +161,6 @@ One of these might be what you are looking for: ## 🚀 Release Documentation -
- Standard Library Dependencies - -* base64 -* cgi -* json -* time -* logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10) - -
- ### Version 2.0.x
@@ -267,7 +316,7 @@ NOTE: Be prepared to track down certs for signed gems and add them the same way Available as part of the Tidelift Subscription. -The maintainers of OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref] +The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref] [tidelift-ref]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise @@ -569,7 +618,8 @@ See [CONTRIBUTING.md][🤝contributing] for more detailed instructions. ### Code Coverage -[![Coverage Graph][🔑codecov-g♻️]][🔑codecov] +[![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] +[![QLTY Test Coverage][🔑cc-covi♻️]][🔑cc-cov] ### 🪇 Code of Conduct @@ -626,7 +676,7 @@ the [Pessimistic Version Constraint][📌pvc] with two digits of precision. For example: ```ruby -spec.add_dependency("oauth2", "~> 1.0") +spec.add_dependency("oauth2", "~> 2.0") ``` See [CHANGELOG.md][📌changelog] for list of releases. @@ -846,3 +896,14 @@ or one of the others at the head of this README.
+ +
+ Deprecated Badges + +CodeCov currently fails to parse the coverage upload. + +[![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov] + +[![Coverage Graph][🔑codecov-g♻️]][🔑codecov] + +
\ No newline at end of file From 068e90bc5854c7a69d574fa004903f05bfe9ae5d Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 03:32:43 +0700 Subject: [PATCH 359/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20updates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- LICENSE.txt | 2 +- README.md | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/LICENSE.txt b/LICENSE.txt index 5fd4bd3c..4b47112d 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -1,7 +1,7 @@ MIT License Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc. -Copyright (c) 2017 - 2022 oauth-xx organization, https://gitlab.com/oauth-xx +Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index d2b2a6ed..915ae5c4 100644 --- a/README.md +++ b/README.md @@ -687,7 +687,6 @@ The gem is available as open source under the terms of the [MIT License][📄license] [![License: MIT][📄license-img]][📄license-ref]. See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright-notice-explainer]. - [![FOSSA Status][fossa2-img])][fossa2] [fossa2]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_large From 2411513cd5ecc49e79d2e06079045ee6fea93caf Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 03:39:44 +0700 Subject: [PATCH 360/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20updates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 11 +++++++++-- oauth2.gemspec | 4 ++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 915ae5c4..adfcf9b3 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,13 @@ covering the latest patch for each of the following minor versions: - You should upgrade the dependencies of this gem with confidence\*. - Please do upgrade, and then, when it goes smooth as butter [please sponsor me][🖇sponsor]. Thanks! +If you are thinking, "that list is missing two runtime dependencies", you are correct! +Both of them were extracted from this gem. They are part of the `oauth-xx` org, +and are developed in tight collaboration with this gem, so not much more needs to be said about them. + +* gem `snaky_hash` - https://gitlab.com/oauth-xx/snaky_hash +* gem `version_gem` - https://gitlab.com/oauth-xx/version_gem + [sv-pub-api]: #-is-platform-support-part-of-the-public-api \* MIT license; I am unable to make guarantees. @@ -102,7 +109,7 @@ If you use a gem version it should work fine!
-### Quick Usage Example for Anti-Scrollers +### Quick Usage Example for AI and Copy / Pasting Convert the following `curl` command into a token request using this gem... @@ -116,7 +123,7 @@ curl --request POST \ --data resource=REDMOND_RESOURCE_UUID ``` -NOTE: In the ruby version, certain params go in the get_token call, rather than in the client creation. +NOTE: In the ruby version below, certain params are passed to the `get_token` call, instead of the client creation. ```ruby OAuth2::Client.new( diff --git a/oauth2.gemspec b/oauth2.gemspec index 87c905c0..ee231475 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -30,7 +30,7 @@ Gem::Specification.new do |spec| spec.authors = ["Peter Boling", "Erik Michaels-Ober", "Michael Bleigh"] spec.summary = "OAuth 2.0 Core Ruby implementation" - spec.description = "A Ruby wrapper for the OAuth 2.0 protocol built with a similar style to the original OAuth spec." + spec.description = "Ruby wrapper for the OAuth 2.0 protocol" spec.email = ["peter.boling@gmail.com", "oauth-ruby@googlegroups.com"] spec.homepage = "https://gitlab.com/oauth-xx/oauth2" spec.licenses = "MIT" @@ -46,7 +46,7 @@ Please see: • #{spec.homepage}/-/blob/v#{spec.version}/CHANGELOG.md#200-2022-06-21-tag • Summary of most important breaking changes: #{spec.homepage}#what-is-new-for-v20 -There are BUGFIXES in v2.0.10, which depending on how you relied on them instead of reporting and fixing them, may be BREAKING for you. +There are BUGFIXES in v#{gem_version}, which depending on how you relied on them instead of reporting and fixing them, may be BREAKING for you. For more information please see: https://railsbling.com/tags/oauth2 From 5342967f9e2fbb39a000ececab88f507d75f5940 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 04:09:09 +0700 Subject: [PATCH 361/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20updates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 7 +++++++ oauth2.gemspec | 21 ++++++++++++--------- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index adfcf9b3..edb362d2 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,12 @@ OAuth 2.0 focuses on client developer simplicity while providing specific author desktop applications, mobile phones, and living room devices. This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications. +| Federated [DVCS][💎d-in-dvcs] Repository | Status | Issues | PRs | Wiki | CI | Discussions | +|-----------------------------------------------|----------------|--------|-----|------|----------------|-------------| +| 🧪 [oauth-xx/oauth2 on GitLab][📜src-gl] | The Truth | 💚 | 💚 | 💚 | 🏀 Tiny Matrix | ➖ | +| 🐙 [oauth-xx/oauth2 on GitHub][📜src-gh] | A Dirty Mirror | 💚 | 💚 | ➖ | 💯 Full Matrix | ➖ | +| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active" | ➖ | ➖ | ➖ | ➖ | 💚 | + ### Upgrading Runtime Gem Dependencies This project sits underneath a large portion of the authentication systems on the internet. @@ -893,6 +899,7 @@ or one of the others at the head of this README. [💎rlts-img]: https://img.shields.io/badge/code_style-rubocop--lts-brightgreen.svg?plastic&logo=ruby&logoColor=white [🏘fossa]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_shield [🏘fossa-img]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=shield +[💎d-in-dvcs]: https://railsbling.com/posts/dvcs/put_the_d_in_dvcs/
diff --git a/oauth2.gemspec b/oauth2.gemspec index ee231475..baf7f2e1 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -11,6 +11,9 @@ gem_version = OAuth2::Version::VERSION end +gl_homepage = "https://gitlab.com/oauth-xx/oauth2" +gh_mirror = "https://github.com/oauth-xx/oauth2" + Gem::Specification.new do |spec| # Linux distros may package ruby gems differently, # and securely certify them independently via alternate package management systems. @@ -32,7 +35,7 @@ Gem::Specification.new do |spec| spec.summary = "OAuth 2.0 Core Ruby implementation" spec.description = "Ruby wrapper for the OAuth 2.0 protocol" spec.email = ["peter.boling@gmail.com", "oauth-ruby@googlegroups.com"] - spec.homepage = "https://gitlab.com/oauth-xx/oauth2" + spec.homepage = gh_mirror # Yeah, it's gross, but stars have value :( spec.licenses = "MIT" spec.name = "oauth2" spec.required_ruby_version = ">= 2.2.0" @@ -42,9 +45,9 @@ You have installed oauth2 version #{gem_version}, congratulations! There are BREAKING changes if you are upgrading from < v2, but most will not encounter them, and updating your code should be easy! Please see: -• #{spec.homepage}/-/blob/main/SECURITY.md -• #{spec.homepage}/-/blob/v#{spec.version}/CHANGELOG.md#200-2022-06-21-tag -• Summary of most important breaking changes: #{spec.homepage}#what-is-new-for-v20 +• #{gl_homepage}/-/blob/main/SECURITY.md +• #{gl_homepage}/-/blob/v#{spec.version}/CHANGELOG.md#200-2022-06-21-tag +• Summary of most important breaking changes: #{gl_homepage}#what-is-new-for-v20 There are BUGFIXES in v#{gem_version}, which depending on how you relied on them instead of reporting and fixing them, may be BREAKING for you. For more information please see: @@ -73,12 +76,12 @@ Please report issues, and star the project! Thanks, |7eter l-|. l3oling } - spec.metadata["homepage_uri"] = spec.homepage - spec.metadata["source_code_uri"] = "#{spec.homepage}/-/tree/v#{spec.version}" - spec.metadata["changelog_uri"] = "#{spec.homepage}/-/blob/v#{spec.version}/CHANGELOG.md" - spec.metadata["bug_tracker_uri"] = "#{spec.homepage}/-/issues" + spec.metadata["homepage_uri"] = gl_homepage + spec.metadata["source_code_uri"] = "#{gl_homepage}/-/tree/v#{spec.version}" + spec.metadata["changelog_uri"] = "#{gl_homepage}/-/blob/v#{spec.version}/CHANGELOG.md" + spec.metadata["bug_tracker_uri"] = "#{gl_homepage}/-/issues" spec.metadata["documentation_uri"] = "https://www.rubydoc.info/gems/#{spec.name}/#{spec.version}" - spec.metadata["wiki_uri"] = "#{spec.homepage}/-/wiki" + spec.metadata["wiki_uri"] = "#{gl_homepage}/-/wiki" spec.metadata["mailing_list_uri"] = "https://groups.google.com/g/oauth-ruby" spec.metadata["news_uri"] = "https://www.railsbling.com/tags/#{spec.name}" spec.metadata["funding_uri"] = "https://liberapay.com/pboling" From b19c167197077234f5d56e3b305177a2393e3be8 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 04:20:47 +0700 Subject: [PATCH 362/645] =?UTF-8?q?=F0=9F=A7=91=E2=80=8D=F0=9F=92=BB=20dev?= =?UTF-8?q?container?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .devcontainer/devcontainer.json | 26 ++++++++++++++++++++++++++ .rubocop_gradual.lock | 2 +- 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 .devcontainer/devcontainer.json diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 00000000..c5fee1cc --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,26 @@ +// For format details, see https://aka.ms/devcontainer.json. For config options, see the +// README at: https://github.com/devcontainers/templates/tree/main/src/ruby +{ + "name": "Ruby", + // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile + "image": "mcr.microsoft.com/devcontainers/ruby:1-3-bookworm", + + // Features to add to the dev container. More info: https://containers.dev/features. + // "features": {}, + + // Use 'forwardPorts' to make a list of ports inside the container available locally. + // "forwardPorts": [], + + // Use 'postCreateCommand' to run commands after the container is created. + // "postCreateCommand": "ruby --version", + + // Configure tool-specific properties. + "customizations" : { + "jetbrains" : { + "backend" : "RubyMine" + } + }, + + // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root. + // "remoteUser": "root" +} diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 6544e6b6..19938afb 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -21,7 +21,7 @@ "lib/oauth2/response.rb:4048171841": [ [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] ], - "oauth2.gemspec:434615840": [ + "oauth2.gemspec:3193137965": [ [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028] ], "spec/oauth2/access_token_spec.rb:443932125": [ From bee66a13ae6a6591871c87de287db5a3acfedb80 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 05:00:02 +0700 Subject: [PATCH 363/645] =?UTF-8?q?=F0=9F=A7=91=E2=80=8D=F0=9F=92=BB=20hoi?= =?UTF-8?q?st=20permissions=20in=20GHA=20workflows?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/ancient.yml | 3 +++ .github/workflows/coverage.yml | 8 ++++---- .github/workflows/current-runtime-heads.yml | 6 +++--- .github/workflows/current.yml | 6 +++--- .github/workflows/heads.yml | 6 +++--- .github/workflows/jruby.yml | 6 +++--- .github/workflows/legacy.yml | 6 +++--- .github/workflows/macos.yml | 6 +++--- .github/workflows/style.yml | 6 +++--- .github/workflows/supported.yml | 6 +++--- .github/workflows/truffle.yml | 6 +++--- .github/workflows/unsupported.yml | 6 +++--- .github/workflows/windows.yml | 6 +++--- 13 files changed, 40 insertions(+), 37 deletions(-) diff --git a/.github/workflows/ancient.yml b/.github/workflows/ancient.yml index 6fd1cd71..8771e589 100644 --- a/.github/workflows/ancient.yml +++ b/.github/workflows/ancient.yml @@ -1,5 +1,8 @@ name: MRI 2.3, 2.4, 2.5 (EOL) +permissions: + contents: read + on: push: branches: diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index dca3cd1a..9d6b49b3 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -1,5 +1,9 @@ name: Test Coverage +permissions: + contents: read + pull-requests: write + env: K_SOUP_COV_MIN_BRANCH: 100 K_SOUP_COV_MIN_LINE: 100 @@ -22,10 +26,6 @@ on: # Allow manually triggering the workflow. workflow_dispatch: -permissions: - contents: read - pull-requests: write - # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. diff --git a/.github/workflows/current-runtime-heads.yml b/.github/workflows/current-runtime-heads.yml index 048e683d..8d59fd24 100644 --- a/.github/workflows/current-runtime-heads.yml +++ b/.github/workflows/current-runtime-heads.yml @@ -2,6 +2,9 @@ # and tests against the HEAD of runtime dependencies name: Runtime Deps @ HEAD +permissions: + contents: read + env: K_SOUP_COV_DO: false @@ -18,9 +21,6 @@ on: # Allow manually triggering the workflow. workflow_dispatch: -permissions: - contents: read - # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml index 8c9df56f..fa978124 100644 --- a/.github/workflows/current.yml +++ b/.github/workflows/current.yml @@ -1,6 +1,9 @@ # Targets the evergreen latest release of ruby, truffleruby, and jruby name: Current +permissions: + contents: read + env: K_SOUP_COV_DO: false @@ -17,9 +20,6 @@ on: # Allow manually triggering the workflow. workflow_dispatch: -permissions: - contents: read - # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. diff --git a/.github/workflows/heads.yml b/.github/workflows/heads.yml index e47356ae..f4e3870a 100644 --- a/.github/workflows/heads.yml +++ b/.github/workflows/heads.yml @@ -1,5 +1,8 @@ name: Heads +permissions: + contents: read + env: K_SOUP_COV_DO: false @@ -16,9 +19,6 @@ on: # Allow manually triggering the workflow. workflow_dispatch: -permissions: - contents: read - # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. diff --git a/.github/workflows/jruby.yml b/.github/workflows/jruby.yml index 29032084..697ec5fc 100644 --- a/.github/workflows/jruby.yml +++ b/.github/workflows/jruby.yml @@ -1,5 +1,8 @@ name: JRuby +permissions: + contents: read + env: K_SOUP_COV_DO: false @@ -16,9 +19,6 @@ on: # Allow manually triggering the workflow. workflow_dispatch: -permissions: - contents: read - # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. diff --git a/.github/workflows/legacy.yml b/.github/workflows/legacy.yml index 4c7cc9a3..4b60e371 100644 --- a/.github/workflows/legacy.yml +++ b/.github/workflows/legacy.yml @@ -1,5 +1,8 @@ name: MRI 3.0, 3.1 (EOL) +permissions: + contents: read + env: K_SOUP_COV_DO: false @@ -16,9 +19,6 @@ on: # Allow manually triggering the workflow. workflow_dispatch: -permissions: - contents: read - # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 2961b7c2..3e65abb0 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -1,6 +1,9 @@ # Targets the evergreen latest release of ruby, truffleruby, and jruby name: MacOS +permissions: + contents: read + env: K_SOUP_COV_DO: false @@ -17,9 +20,6 @@ on: # Allow manually triggering the workflow. workflow_dispatch: -permissions: - contents: read - # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml index aeaf0cc8..be162a96 100644 --- a/.github/workflows/style.yml +++ b/.github/workflows/style.yml @@ -1,5 +1,8 @@ name: Style +permissions: + contents: read + on: push: branches: @@ -13,9 +16,6 @@ on: # Allow manually triggering the workflow. workflow_dispatch: -permissions: - contents: read - # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml index c12cf984..ddf1ce55 100644 --- a/.github/workflows/supported.yml +++ b/.github/workflows/supported.yml @@ -1,5 +1,8 @@ name: MRI Non-EOL +permissions: + contents: read + env: K_SOUP_COV_DO: false @@ -16,9 +19,6 @@ on: # Allow manually triggering the workflow. workflow_dispatch: -permissions: - contents: read - # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. diff --git a/.github/workflows/truffle.yml b/.github/workflows/truffle.yml index 611cfb84..dafc1c36 100644 --- a/.github/workflows/truffle.yml +++ b/.github/workflows/truffle.yml @@ -1,5 +1,8 @@ name: Truffle +permissions: + contents: read + env: K_SOUP_COV_DO: false @@ -16,9 +19,6 @@ on: # Allow manually triggering the workflow. workflow_dispatch: -permissions: - contents: read - # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml index 6b54dc53..5768bb03 100644 --- a/.github/workflows/unsupported.yml +++ b/.github/workflows/unsupported.yml @@ -1,5 +1,8 @@ name: MRI 2.6 & 2.7 (EOL) +permissions: + contents: read + env: K_SOUP_COV_DO: false @@ -16,9 +19,6 @@ on: # Allow manually triggering the workflow. workflow_dispatch: -permissions: - contents: read - # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 2d82972a..8966b601 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -1,6 +1,9 @@ # Targets the evergreen latest release of ruby, truffleruby, and jruby name: Windows +permissions: + contents: read + env: K_SOUP_COV_DO: false @@ -17,9 +20,6 @@ on: # Allow manually triggering the workflow. workflow_dispatch: -permissions: - contents: read - # Cancels all previous workflow runs for the same branch that have not yet completed. concurrency: # The concurrency group contains the workflow name and the branch name. From 464ba4a10e8df79d7f35e4677734d5adc0abcace Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 05:08:31 +0700 Subject: [PATCH 364/645] =?UTF-8?q?=F0=9F=9A=A8=20Linting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dangerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dangerfile b/Dangerfile index a01a246d..01fed980 100644 --- a/Dangerfile +++ b/Dangerfile @@ -11,5 +11,5 @@ warn("PR is classed as Work in Progress") if github.pr_title.include?("[WIP]") warn("Big PR") if git.lines_of_code > 500 # Don't let testing shortcuts get into main by accident -raise("fdescribe left in tests") if %x(grep -r fdescribe specs/).length > 1 -raise("fit left in tests") if %x(grep -r fit specs/).length > 1 +raise("fdescribe left in tests") if `grep -r fdescribe specs/`.length > 1 +raise("fit left in tests") if `grep -r fit specs/`.length > 1 From 7449a1075becf6fb0095bc39895cc9068deb54be Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 05:08:59 +0700 Subject: [PATCH 365/645] =?UTF-8?q?=F0=9F=A7=91=E2=80=8D=F0=9F=92=BB=20All?= =?UTF-8?q?ow=20concurrent=20local=20development=20of=20rubocop-lts?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .envrc | 3 +++ gemfiles/modular/style.gemfile | 16 ++++++++++------ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/.envrc b/.envrc index 83123050..e049643d 100644 --- a/.envrc +++ b/.envrc @@ -29,6 +29,9 @@ export MAX_ROWS=1 # Setting for simplecov-console gem for tty output, limits to # Internal Debugging Controls export DEBUG=false # do not allow byebug statements (override in .env.local) +# Concurrently developing the rubocop-lts suite? +export RUBOCOP_LTS_LOCAL=false + # .env would override anything in this file, if `dotenv` is uncommented below. # .env is a DOCKER standard, and if we use it, it would be in deployed, or DOCKER, environments, # and that is why we generally want to leave it commented out. diff --git a/gemfiles/modular/style.gemfile b/gemfiles/modular/style.gemfile index fff2231f..a74b676c 100644 --- a/gemfiles/modular/style.gemfile +++ b/gemfiles/modular/style.gemfile @@ -5,15 +5,19 @@ gem "reek", "~> 6.4" gem "rubocop", "~> 1.73", ">= 1.73.2" -gem "rubocop-lts", "~> 8.1", ">= 8.1.1" # Linting for Ruby >= 2.2 gem "rubocop-packaging", "~> 0.5", ">= 0.5.2" -gem "rubocop-rspec", "~> 3.2" gem "standard", "~> 1.47" # Std Lib extractions gem "benchmark", "~> 0.4" # Removed from Std Lib in Ruby 3.5 -# gem "rubocop-lts", :path => "/home/pboling/src/rubocop-lts/rubocop-lts" -# gem "rubocop-lts-rspec", :path => "/home/pboling/src/rubocop-lts/rubocop-lts-rspec" -# gem "rubocop-ruby1_8", :path => "/home/pboling/src/rubocop-lts/rubocop-ruby1_8" -# gem "standard-rubocop-lts", :path => "/home/pboling/src/rubocop-lts/standard-rubocop-lts" +if ENV.fetch("https://github.com/RUBOCOP_LTS_LOCAL", "false").casecmp("true").zero? + home = ENV["HOME"] + gem "rubocop-lts", path: "#{home}/src/rubocop-lts/rubocop-lts" + gem "rubocop-lts-rspec", path: "#{home}/src/rubocop-lts/rubocop-lts-rspec" + gem "rubocop-ruby2_2", path: "#{home}/src/rubocop-lts/rubocop-ruby2_2" + gem "standard-rubocop-lts", path: "#{home}/src/rubocop-lts/standard-rubocop-lts" +else + gem "rubocop-lts", "~> 8.1", ">= 8.1.1" # Linting for Ruby >= 2.2 + gem "rubocop-rspec", "~> 3.2" +end From 780a0242a9c84bf8538d0aaf5b9fe44349c6552a Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 05:10:06 +0700 Subject: [PATCH 366/645] =?UTF-8?q?=F0=9F=9A=A8=20Linting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dangerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dangerfile b/Dangerfile index 01fed980..a01a246d 100644 --- a/Dangerfile +++ b/Dangerfile @@ -11,5 +11,5 @@ warn("PR is classed as Work in Progress") if github.pr_title.include?("[WIP]") warn("Big PR") if git.lines_of_code > 500 # Don't let testing shortcuts get into main by accident -raise("fdescribe left in tests") if `grep -r fdescribe specs/`.length > 1 -raise("fit left in tests") if `grep -r fit specs/`.length > 1 +raise("fdescribe left in tests") if %x(grep -r fdescribe specs/).length > 1 +raise("fit left in tests") if %x(grep -r fit specs/).length > 1 From ed0a26a6fc39bd67eac5a2aa538ddc697e8a881f Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 05:14:06 +0700 Subject: [PATCH 367/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/oauth2/client.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index d44fad70..b1496195 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -535,7 +535,10 @@ def build_access_token(response, access_token_opts, access_token_class) # @api private def build_access_token_legacy(response, access_token_opts, extract_access_token) extract_access_token.call(self, response.parsed.merge(access_token_opts)) - rescue StandardError + rescue + # An error will be raised by the called if nil is returned and options[:raise_errors] is truthy, so this rescue is but temporary. + # Unfortunately, it does hide the real error, but this is deprecated legacy code, + # and this was effectively the long-standing pre-existing behavior, so there is little point in changing it. nil end From b55bf50aa3096ab0be4b54f60ecf80335c322b0e Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 05:20:54 +0700 Subject: [PATCH 368/645] =?UTF-8?q?=F0=9F=A7=91=E2=80=8D=F0=9F=92=BB=20REE?= =?UTF-8?q?K=20HAS=20FOUND=20SMELLS?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- REEK | 128 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 REEK diff --git a/REEK b/REEK new file mode 100644 index 00000000..c95a8e4b --- /dev/null +++ b/REEK @@ -0,0 +1,128 @@ +spec/oauth2/access_token_spec.rb -- 1 warning: + [292, 293]:DuplicateMethodCall: assert_initialized_token calls 'target.params' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] +spec/oauth2/client_spec.rb -- 3 warnings: + [1075]:UnusedParameters: initialize has unused parameter 'client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Unused-Parameters.md] + [1075]:UnusedParameters: initialize has unused parameter 'hash' [https://github.com/troessner/reek/blob/v6.5.0/docs/Unused-Parameters.md] + [1211]:UtilityFunction: stubbed_client doesn't depend on instance state (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Utility-Function.md] +spec/oauth2/error_spec.rb -- 3 warnings: + [10]:IrresponsibleModule: XmledString has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md] + [4]:SubclassedFromCoreClass: StirredHash inherits from core class 'Hash' [https://github.com/troessner/reek/blob/v6.5.0/docs/Subclassed-From-Core-Class.md] + [10]:SubclassedFromCoreClass: XmledString inherits from core class 'String' [https://github.com/troessner/reek/blob/v6.5.0/docs/Subclassed-From-Core-Class.md] +lib/oauth2/access_token.rb -- 24 warnings: + [12]:Attribute: OAuth2::AccessToken#options is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md] + [12]:Attribute: OAuth2::AccessToken#refresh_token is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md] + [12]:Attribute: OAuth2::AccessToken#response is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md] + [302, 310, 317, 324, 331, 338]:DataClump: OAuth2::AccessToken takes parameters ['opts', 'path'] to 6 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Data-Clump.md] + [350, 366]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'options[:mode]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] + [356, 360, 362]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'options[:param_name]' 3 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] + [358, 359, 360, 362]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'opts[:body]' 4 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] + [352, 353]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'opts[:headers]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] + [355, 356]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'opts[:params]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] + [4]:InstanceVariableAssumption: OAuth2::AccessToken assumes too much for instance variable '@refresh_token' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md] + [4]:IrresponsibleModule: OAuth2::AccessToken has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md] + [349]:MissingSafeMethod: OAuth2::AccessToken has missing safe method 'configure_authentication!' [https://github.com/troessner/reek/blob/v6.5.0/docs/Missing-Safe-Method.md] + [125, 125]:NilCheck: OAuth2::AccessToken#initialize performs a nil-check [https://github.com/troessner/reek/blob/v6.5.0/docs/Nil-Check.md] + [244]:NilCheck: OAuth2::AccessToken#revoke performs a nil-check [https://github.com/troessner/reek/blob/v6.5.0/docs/Nil-Check.md] + [4]:TooManyInstanceVariables: OAuth2::AccessToken has at least 7 instance variables [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Instance-Variables.md] + [4]:TooManyMethods: OAuth2::AccessToken has at least 20 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Methods.md] + [349]:TooManyStatements: OAuth2::AccessToken#configure_authentication! has approx 8 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md] + [42]:TooManyStatements: OAuth2::AccessToken#from_hash has approx 10 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md] + [185]:TooManyStatements: OAuth2::AccessToken#refresh has approx 7 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md] + [234]:TooManyStatements: OAuth2::AccessToken#revoke has approx 13 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md] + [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md] + [281]:UncommunicativeVariableName: OAuth2::AccessToken#to_hash has the variable name 'k' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md] + [281]:UncommunicativeVariableName: OAuth2::AccessToken#to_hash has the variable name 'v' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md] + [370]:UtilityFunction: OAuth2::AccessToken#convert_expires_at doesn't depend on instance state (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Utility-Function.md] +lib/oauth2/authenticator.rb -- 5 warnings: + [68, 70]:FeatureEnvy: OAuth2::Authenticator#apply_basic_auth refers to 'params' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md] + [6]:IrresponsibleModule: OAuth2::Authenticator has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md] + [61]:NilCheck: OAuth2::Authenticator#apply_client_id performs a nil-check [https://github.com/troessner/reek/blob/v6.5.0/docs/Nil-Check.md] + [52, 53]:NilCheck: OAuth2::Authenticator#apply_params_auth performs a nil-check [https://github.com/troessner/reek/blob/v6.5.0/docs/Nil-Check.md] + [5]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md] +lib/oauth2/client.rb -- 28 warnings: + [28]:Attribute: OAuth2::Client#connection is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md] + [27]:Attribute: OAuth2::Client#options is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md] + [208, 469, 536]:DataClump: OAuth2::Client takes parameters ['access_token_opts', 'extract_access_token'] to 3 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Data-Clump.md] + [469, 492, 517, 536]:DataClump: OAuth2::Client takes parameters ['access_token_opts', 'response'] to 4 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Data-Clump.md] + [89, 90]:DuplicateMethodCall: OAuth2::Client#connection calls 'options[:connection_build]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] + [433, 433]:DuplicateMethodCall: OAuth2::Client#execute_request calls 'req_opts[:params]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] + [336, 337]:DuplicateMethodCall: OAuth2::Client#redirection_params calls 'options[:redirect_uri]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] + [152, 153, 154]:DuplicateMethodCall: OAuth2::Client#request calls 'req_opts[:redirect_count]' 3 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] + [260, 261, 262]:DuplicateMethodCall: OAuth2::Client#revoke_token calls 'req_opts[:params]' 3 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] + [519, 519]:FeatureEnvy: OAuth2::Client#build_access_token refers to 'access_token' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md] + [354, 357, 363, 365, 366, 368]:FeatureEnvy: OAuth2::Client#params_to_req_opts refers to 'req_opts' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md] + [388, 395, 395, 396, 396, 397, 397, 400]:FeatureEnvy: OAuth2::Client#parse_snaky_params_headers refers to 'params' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md] + [16]:IrresponsibleModule: OAuth2::ConnectionError has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md] + [17]:IrresponsibleModule: OAuth2::TimeoutError has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md] + [519]:ManualDispatch: OAuth2::Client#build_access_token manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md] + [20]:TooManyInstanceVariables: OAuth2::Client has at least 5 instance variables [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Instance-Variables.md] + [20]:TooManyMethods: OAuth2::Client has at least 25 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Methods.md] + [424]:TooManyStatements: OAuth2::Client#execute_request has approx 16 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md] + [208]:TooManyStatements: OAuth2::Client#get_token has approx 6 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md] + [346]:TooManyStatements: OAuth2::Client#params_to_req_opts has approx 9 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md] + [492]:TooManyStatements: OAuth2::Client#parse_response has approx 6 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md] + [387]:TooManyStatements: OAuth2::Client#parse_snaky_params_headers has approx 11 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md] + [146]:TooManyStatements: OAuth2::Client#request has approx 18 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md] + [257]:TooManyStatements: OAuth2::Client#revoke_token has approx 6 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md] + [15]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md] + [436, 438]:UncommunicativeVariableName: OAuth2::Client#execute_request has the variable name 'e' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md] + [428]:UncommunicativeVariableName: OAuth2::Client#execute_request has the variable name 'k' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md] + [429]:UncommunicativeVariableName: OAuth2::Client#execute_request has the variable name 'p' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md] +lib/oauth2/error.rb -- 8 warnings: + [35, 35, 37, 38]:DuplicateMethodCall: OAuth2::Error#error_message calls 'opts[:error_description]' 4 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] + [13, 14, 15]:DuplicateMethodCall: OAuth2::Error#initialize calls 'response.parsed' 3 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] + [4]:IrresponsibleModule: OAuth2::Error has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md] + [37, 37]:ManualDispatch: OAuth2::Error#error_message manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md] + [12, 21]:ManualDispatch: OAuth2::Error#initialize manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md] + [32]:TooManyStatements: OAuth2::Error#error_message has approx 7 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md] + [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md] + [32]:UtilityFunction: OAuth2::Error#error_message doesn't depend on instance state (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Utility-Function.md] +lib/oauth2/filtered_attributes.rb -- 6 warnings: + [18, 28]:DuplicateMethodCall: OAuth2::FilteredAttributes#inspect calls 'self.class' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] + [2]:IrresponsibleModule: OAuth2::FilteredAttributes has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md] + [7]:IrresponsibleModule: OAuth2::FilteredAttributes::ClassMethods has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md] + [22]:NestedIterators: OAuth2::FilteredAttributes#inspect contains iterators nested 2 deep [https://github.com/troessner/reek/blob/v6.5.0/docs/Nested-Iterators.md] + [17]:TooManyStatements: OAuth2::FilteredAttributes#inspect has approx 7 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md] + [1]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md] +lib/oauth2/response.rb -- 12 warnings: + [15]:Attribute: OAuth2::Response#options is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md] + [51]:BooleanParameter: OAuth2::Response#initialize has boolean parameter 'snaky' [https://github.com/troessner/reek/blob/v6.5.0/docs/Boolean-Parameter.md] + [25, 39, 134]:ClassVariable: OAuth2::Response declares the class variable '@@content_types' [https://github.com/troessner/reek/blob/v6.5.0/docs/Class-Variable.md] + [19, 37, 131, 134]:ClassVariable: OAuth2::Response declares the class variable '@@parsers' [https://github.com/troessner/reek/blob/v6.5.0/docs/Class-Variable.md] + [103, 105]:DuplicateMethodCall: OAuth2::Response#content_type calls 'response.headers' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] + [128, 129, 130, 131]:DuplicateMethodCall: OAuth2::Response#parser calls 'options[:parse]' 4 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] + [9]:InstanceVariableAssumption: OAuth2::Response assumes too much for instance variable '@parsed' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md] + [9]:InstanceVariableAssumption: OAuth2::Response assumes too much for instance variable '@parser' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md] + [82]:ManualDispatch: OAuth2::Response#parsed manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md] + [128]:ManualDispatch: OAuth2::Response#parser manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md] + [78]:TooManyStatements: OAuth2::Response#parsed has approx 7 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md] + [7]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md] +lib/oauth2/strategy/assertion.rb -- 5 warnings: + [96, 96, 98, 98]:FeatureEnvy: OAuth2::Strategy::Assertion#build_assertion refers to 'encoding_opts' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md] + [32]:InstanceVariableAssumption: OAuth2::Strategy::Assertion assumes too much for instance variable '@client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md] + [79]:LongParameterList: OAuth2::Strategy::Assertion#get_token has 4 parameters [https://github.com/troessner/reek/blob/v6.5.0/docs/Long-Parameter-List.md] + [5]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md] + [88]:UtilityFunction: OAuth2::Strategy::Assertion#build_request doesn't depend on instance state (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Utility-Function.md] +lib/oauth2/strategy/auth_code.rb -- 3 warnings: + [43, 43]:FeatureEnvy: OAuth2::Strategy::AuthCode#assert_valid_params refers to 'params' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md] + [8]:InstanceVariableAssumption: OAuth2::Strategy::AuthCode assumes too much for instance variable '@client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md] + [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md] +lib/oauth2/strategy/base.rb -- 2 warnings: + [5]:IrresponsibleModule: OAuth2::Strategy::Base has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md] + [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md] +lib/oauth2/strategy/client_credentials.rb -- 2 warnings: + [8]:InstanceVariableAssumption: OAuth2::Strategy::ClientCredentials assumes too much for instance variable '@client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md] + [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md] +lib/oauth2/strategy/implicit.rb -- 3 warnings: + [34, 34]:FeatureEnvy: OAuth2::Strategy::Implicit#assert_valid_params refers to 'params' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md] + [8]:InstanceVariableAssumption: OAuth2::Strategy::Implicit assumes too much for instance variable '@client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md] + [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md] +lib/oauth2/strategy/password.rb -- 3 warnings: + [8]:InstanceVariableAssumption: OAuth2::Strategy::Password assumes too much for instance variable '@client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md] + [21]:LongParameterList: OAuth2::Strategy::Password#get_token has 4 parameters [https://github.com/troessner/reek/blob/v6.5.0/docs/Long-Parameter-List.md] + [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md] +lib/oauth2/version.rb -- 1 warning: + [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md] +lib/oauth2.rb -- 1 warning: + [27]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md] +110 total warnings From 9dcd76c19f12125faf4be991767f0c91776eb78a Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 05:21:56 +0700 Subject: [PATCH 369/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=20v2.0?= =?UTF-8?q?.10?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d1b8f55a..9f12af1f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - `OAuth2::AccessToken#revoke` - See: https://datatracker.ietf.org/doc/html/rfc7009 - [gh!644](https://github.com/oauth-xx/oauth2/pull/644), [gh!645](https://github.com/oauth-xx/oauth2/pull/645) - Added CITATION.cff (@Aboling0) +- [!648](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/648) - Improved documentation (@pboling) ### Changed - Default value of `OAuth2.config.silence_extra_tokens_warning` was `false`, now `true` - Gem releases are now cryptographically signed, with a 20-year cert (@pboling) From e12649d89e80bfbf6fec7b90d77d56f07a7163cc Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 05:24:46 +0700 Subject: [PATCH 370/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f12af1f..a0cdbe74 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,13 +20,13 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ### Added - [gh!632](https://github.com/oauth-xx/oauth2/pull/632) - Added `funding.yml` (@Aboling0) - [!635](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/635) - Added `.gitlab-ci.yml` (@jessieay) -- [#638](https://gitlab.com/oauth-xx/oauth2/-/issues/638) - Documentation of support for ILO Fundamental Principles of Rights at Work -- [!642](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/642) - 20 year certificate for signing gem releases, expires 2045-04-29 (@pboling) - - Gemspec metadata (@pboling) +- [#638](https://gitlab.com/oauth-xx/oauth2/-/issues/638) - Documentation of support for **ILO Fundamental Principles of Rights at Work** (@pboling) +- [!642](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/642) - 20-year certificate for signing gem releases, expires 2045-04-29 (@pboling) + - Gemspec metadata - funding_uri - news_uri - mailing_list_uri - - SHA256 and SHA512 Checksums for release (@pboling) + - SHA256 and SHA512 Checksums for release - [!643](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/643) - Add `token_name` option (@pboling) - Specify the parameter name that identifies the access token - [!645](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/645) - Add `OAuth2::OAUTH_DEBUG` constant, based on `ENV["OAUTH_DEBUG"] (@pboling) @@ -38,16 +38,16 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [gh!644](https://github.com/oauth-xx/oauth2/pull/644), [gh!645](https://github.com/oauth-xx/oauth2/pull/645) - Added CITATION.cff (@Aboling0) - [!648](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/648) - Improved documentation (@pboling) ### Changed -- Default value of `OAuth2.config.silence_extra_tokens_warning` was `false`, now `true` +- Default value of `OAuth2.config.silence_extra_tokens_warning` was `false`, now `true` (@pboling) - Gem releases are now cryptographically signed, with a 20-year cert (@pboling) - Allow linux distros to build release without signing, as their package managers sign independently - [!647](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/647) - `OAuth2::AccessToken#refresh` now supports block param pass through (@pboling) - [!647](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/647) - `OAuth2.config` is no longer writable (@pboling) -- [!647](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/647) - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling) +- [!647](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/647) - Errors raised by `OAuth2::AccessToken` are now always `OAuth2::Error` and have better metadata (@pboling) ### Fixed - [#95](https://gitlab.com/oauth-xx/oauth2/-/issues/95) - restoring an access token via `AccessToken#from_hash` (@pboling) - This was a 13 year old bug report. 😘 -- [#619](https://gitlab.com/oauth-xx/oauth2/-/issues/619) - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling) +- [#619](https://gitlab.com/oauth-xx/oauth2/-/issues/619) - Internal options (like `snaky`, `raise_errors`, and `parse`) are no longer included in request (@pboling) - [!633](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/633) - Spaces will now be encoded as `%20` instead of `+` (@nov.matake) - [!634](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/634) - `CHANGELOG.md` documentation fix (@skuwa229) - [!638](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/638) - fix `expired?` when `expires_in` is `0` (@disep) @@ -57,7 +57,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - [!641](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/641) - Do not include sensitive information in the `inspect` (@manuelvanrijn) - [#641](https://gitlab.com/oauth-xx/oauth2/-/issues/641) - Made default JSON response parser more resilient (@pboling) - [#645](https://gitlab.com/oauth-xx/oauth2/-/issues/645) - Response no longer becomes a snaky hash (@pboling) -- [gh!646](https://github.com/oauth-xx/oauth2/pull/646) - Change require to require_relative (improve performance) (@Aboling0) +- [gh!646](https://github.com/oauth-xx/oauth2/pull/646) - Change `require` to `require_relative` (improve performance) (@Aboling0) ## [2.0.9] - 2022-09-16 - TAG: [v2.0.9][2.0.9t] From 364e6950bf54088299ecf44f2ba1c932359c514b Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 05:41:18 +0700 Subject: [PATCH 371/645] =?UTF-8?q?=F0=9F=91=B7=20Automatic=20GHA=20workfl?= =?UTF-8?q?ow=20step=20retry?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/heads.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/heads.yml b/.github/workflows/heads.yml index f4e3870a..97688fed 100644 --- a/.github/workflows/heads.yml +++ b/.github/workflows/heads.yml @@ -79,7 +79,19 @@ jobs: # NOTE: This does not use the primary Gemfile at all. - name: Install Root Appraisal run: bundle - - name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }} + + - name: [Attempt 1] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }} + id: bundleAttempt1 + run: bundle exec appraisal ${{ matrix.appraisal }} bundle + # Continue to the next step on failure + continue-on-error: true + + # Effectively an automatic retry of the previous step. + - name: [Attempt 2] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }} + id: bundleAttempt2 + # If bundleAttempt1 failed, try again here; Otherwise skip. + if: steps.bundleAttempt1.outcome == 'failure' run: bundle exec appraisal ${{ matrix.appraisal }} bundle + - name: Tests for ${{ matrix.ruby }}@${{ matrix.appraisal }} via ${{ matrix.exec_cmd }} run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }} From 64ff8363fce41984a3fe889b96c8ef8dac101950 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 05:54:40 +0700 Subject: [PATCH 372/645] =?UTF-8?q?=F0=9F=91=B7=20Attempt=20different=20va?= =?UTF-8?q?lue=20for=20filename?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - https://github.com/irongut/CodeCoverageSummary/issues/268 --- .github/workflows/coverage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 9d6b49b3..53400236 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -102,7 +102,7 @@ jobs: uses: irongut/CodeCoverageSummary@v1.3.0 if: ${{ github.event_name == 'pull_request' }} with: - filename: ./coverage/coverage.xml + filename: coverage/coverage.xml badge: true fail_below_min: true format: markdown From e00fe4f7f7b68e265f1e119e6be84deb9faf3680 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 05:57:17 +0700 Subject: [PATCH 373/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20syntax=20err?= =?UTF-8?q?or=20in=20heads.yml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/heads.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/heads.yml b/.github/workflows/heads.yml index 97688fed..2223e702 100644 --- a/.github/workflows/heads.yml +++ b/.github/workflows/heads.yml @@ -77,17 +77,17 @@ jobs: # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) # We need to do this first to get appraisal installed. # NOTE: This does not use the primary Gemfile at all. - - name: Install Root Appraisal + - name: "Install Root Appraisal" run: bundle - - name: [Attempt 1] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }} + - name: "[Attempt 1] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}" id: bundleAttempt1 run: bundle exec appraisal ${{ matrix.appraisal }} bundle # Continue to the next step on failure continue-on-error: true # Effectively an automatic retry of the previous step. - - name: [Attempt 2] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }} + - name: "[Attempt 2] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}" id: bundleAttempt2 # If bundleAttempt1 failed, try again here; Otherwise skip. if: steps.bundleAttempt1.outcome == 'failure' From 8bd1ab214e80641c4d05691dee6de32a19bb881f Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 06:14:30 +0700 Subject: [PATCH 374/645] =?UTF-8?q?=F0=9F=91=B7=20Add=20back=20XML=20expor?= =?UTF-8?q?t?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/coverage.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 53400236..74911354 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -8,7 +8,7 @@ env: K_SOUP_COV_MIN_BRANCH: 100 K_SOUP_COV_MIN_LINE: 100 K_SOUP_COV_MIN_HARD: true - K_SOUP_COV_FORMATTERS: "html,rcov,lcov,json,tty" + K_SOUP_COV_FORMATTERS: "html,xml,rcov,lcov,json,tty" K_SOUP_COV_DO: true K_SOUP_COV_MULTI_FORMATTERS: true K_SOUP_COV_COMMAND_NAME: "RSpec Coverage" @@ -102,7 +102,7 @@ jobs: uses: irongut/CodeCoverageSummary@v1.3.0 if: ${{ github.event_name == 'pull_request' }} with: - filename: coverage/coverage.xml + filename: ./coverage/coverage.xml badge: true fail_below_min: true format: markdown From 075cc1faac396162a4d8fe03976e7fa3f31d0fec Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 06:22:03 +0700 Subject: [PATCH 375/645] =?UTF-8?q?=F0=9F=91=B7=20Fix=20deprecation=20warn?= =?UTF-8?q?ing?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/coverage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 74911354..700c34e1 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -84,7 +84,7 @@ jobs: - name: Upload coverage to QLTY uses: qltysh/qlty-action/coverage@main with: - coverage-token: ${{secrets.QLTY_COVERAGE_TOKEN}} + token: ${{secrets.QLTY_COVERAGE_TOKEN}} files: coverage/.resultset.json continue-on-error: ${{ matrix.experimental != 'false' }} From a576fa4079435a85c01762166cb313b0c296e2f4 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 06:43:34 +0700 Subject: [PATCH 376/645] =?UTF-8?q?=E2=9C=A8=20Allow=20building=20gem=20wi?= =?UTF-8?q?thout=20signing?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - for linux distros - Set SKIP_GEM_SIGNING in ENV --- oauth2.gemspec | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index baf7f2e1..5640de01 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -18,16 +18,16 @@ Gem::Specification.new do |spec| # Linux distros may package ruby gems differently, # and securely certify them independently via alternate package management systems. # Ref: https://gitlab.com/oauth-xx/version_gem/-/issues/3 - # Hence, only enable signing if the cert_file is present. + # Hence, only enable signing if `SKIP_GEM_SIGNING` is not set in ENV. # See CONTRIBUTING.md - default_user_cert = "certs/#{ENV.fetch("https://github.com/GEM_CERT_USER", ENV["USER"])}.pem" - default_user_cert_path = File.join(__dir__, default_user_cert) - cert_file_path = ENV.fetch("https://github.com/GEM_CERT_PATH", default_user_cert_path) + user_cert = "certs/#{ENV.fetch("https://github.com/GEM_CERT_USER", ENV["USER"])}.pem" + cert_file_path = File.join(__dir__, user_cert) cert_chain = cert_file_path.split(",") - if cert_file_path && cert_chain.map { |fp| File.exist?(fp) } + cert_chain.select! { |fp| File.exist?(fp) } + if cert_file_path && cert_chain.any? spec.cert_chain = cert_chain - if $PROGRAM_NAME.end_with?("gem", "rake") && ARGV[0] == "build" - spec.signing_key = File.expand_path("~/.ssh/gem-private_key.pem") + if $PROGRAM_NAME.end_with?("gem") && ARGV[0] == "build" && !ENV.include?("SKIP_GEM_SIGNING") + spec.signing_key = File.join(Gem.user_home, ".ssh", "gem-private_key.pem") end end From 1f632db5f0aab9fa2bc2783c1a6f82d2222fd626 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 06:49:00 +0700 Subject: [PATCH 377/645] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20stone=5Fchecksu?= =?UTF-8?q?ms?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Gemfile.lock | 3 +++ bin/checksum | 19 ------------------- oauth2.gemspec | 1 + 3 files changed, 4 insertions(+), 19 deletions(-) delete mode 100755 bin/checksum diff --git a/Gemfile.lock b/Gemfile.lock index 15e8a76c..9efbef62 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -262,6 +262,8 @@ GEM standard-custom (>= 1.0.2, < 2) standard-performance (>= 1.3.1, < 2) version_gem (>= 1.1.4, < 3) + stone_checksums (1.0.0) + version_gem (>= 1.1.5, < 3) stringio (3.1.7) terminal-table (4.0.0) unicode-display_width (>= 1.1.1, < 4) @@ -304,6 +306,7 @@ DEPENDENCIES rubocop-rspec (~> 3.2) silent_stream (~> 1.0, >= 1.0.11) standard (~> 1.47) + stone_checksums (~> 1.0) yard (~> 0.9, >= 0.9.37) yard-junk (~> 0.0, >= 0.0.10)! diff --git a/bin/checksum b/bin/checksum deleted file mode 100755 index a3cd0f88..00000000 --- a/bin/checksum +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env ruby -# frozen_string_literal: true - -require "digest/sha2" -gems = Dir["*.gem"] -puts "Found: #{gems.inspect}" -raise "No Gems" if gems.length.zero? -raise "Too Many Gems" if gems.length > 1 - -built_gem_path = gems.first -checksum512 = Digest::SHA512.new.hexdigest(File.read(built_gem_path)) -checksum512_path = "checksums/#{built_gem_path}.sha512" -File.write(checksum512_path, checksum512) - -checksum256 = Digest::SHA256.new.hexdigest(File.read(built_gem_path)) -checksum256_path = "checksums/#{built_gem_path}.sha256" -File.write(checksum256_path, checksum256) - -puts "You must now git add and commit '#{checksum256_path}' and '#{checksum512_path}'" diff --git a/oauth2.gemspec b/oauth2.gemspec index 5640de01..5009da3d 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -133,4 +133,5 @@ Thanks, |7eter l-|. l3oling spec.add_development_dependency("rspec-pending_for", "~> 0.1", ">= 0.1.17") # ruby >= 1.8.7 spec.add_development_dependency("rspec-stubbed_env", "~> 1.0", ">= 1.0.2") # ruby >= 1.8.7 spec.add_development_dependency("silent_stream", "~> 1.0", ">= 1.0.11") # ruby >= 2.3 + spec.add_development_dependency("stone_checksums", "~> 1.0") # ruby >= 2.2 end From cde607178d29b6fba54a5f85d0e9ba966ae4cd2d Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 06:53:37 +0700 Subject: [PATCH 378/645] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20stone=5Fchecksu?= =?UTF-8?q?ms=20binstub?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bin/gem_checksums | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 bin/gem_checksums diff --git a/bin/gem_checksums b/bin/gem_checksums new file mode 100644 index 00000000..45a1d2ac --- /dev/null +++ b/bin/gem_checksums @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'gem_checksums' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("stone_checksums", "gem_checksums") From 7ee5fcf38a0c83a9e58dd541b3756d47f6a0f323 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 06:55:06 +0700 Subject: [PATCH 379/645] =?UTF-8?q?=F0=9F=9A=A8=20Lint=20lock=20update?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 19938afb..692142a7 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -21,7 +21,7 @@ "lib/oauth2/response.rb:4048171841": [ [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] ], - "oauth2.gemspec:3193137965": [ + "oauth2.gemspec:461003665": [ [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028] ], "spec/oauth2/access_token_spec.rb:443932125": [ From 97693b0a0cab3088ed31909bb15452f135494886 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 07:11:59 +0700 Subject: [PATCH 380/645] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20Checksums=20for?= =?UTF-8?q?=20v2.0.10?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- checksums/oauth2-2.0.10.gem.sha256 | 1 + checksums/oauth2-2.0.10.gem.sha512 | 1 + 2 files changed, 2 insertions(+) create mode 100644 checksums/oauth2-2.0.10.gem.sha256 create mode 100644 checksums/oauth2-2.0.10.gem.sha512 diff --git a/checksums/oauth2-2.0.10.gem.sha256 b/checksums/oauth2-2.0.10.gem.sha256 new file mode 100644 index 00000000..9518c3cf --- /dev/null +++ b/checksums/oauth2-2.0.10.gem.sha256 @@ -0,0 +1 @@ +8f132679598d21885d4bcc68d7e7e6ef0a29f9a782abca00d67d884280dc3a42 \ No newline at end of file diff --git a/checksums/oauth2-2.0.10.gem.sha512 b/checksums/oauth2-2.0.10.gem.sha512 new file mode 100644 index 00000000..e0ccb654 --- /dev/null +++ b/checksums/oauth2-2.0.10.gem.sha512 @@ -0,0 +1 @@ +e692f68ab79677ee7fa9300bbd5e0c41de08642d51659a49ca7fd742230445601ad3c2d271ee110718d58a27383aba0c25ddbdbef5b13f7c18585cdfda74850b \ No newline at end of file From e28d91eb90564ee0b9f0052023c5d8253d500547 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 17 May 2025 08:53:33 +0700 Subject: [PATCH 381/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index edb362d2..859f7e9d 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,7 @@ This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby appli ### Upgrading Runtime Gem Dependencies -This project sits underneath a large portion of the authentication systems on the internet. +This project sits underneath a large portion of the authorization systems on the internet. According to GitHub's project tracking, which I believe only reports on public projects, [100,000+ projects](https://github.com/oauth-xx/oauth2/network/dependents), and [500+ packages](https://github.com/oauth-xx/oauth2/network/dependents?dependent_type=PACKAGE) depend on this project. From 22bdccd1658c7cec065355714cbccb38bb8001b6 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sun, 18 May 2025 17:35:54 +0700 Subject: [PATCH 382/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20fixes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 859f7e9d..9d924afa 100644 --- a/README.md +++ b/README.md @@ -377,7 +377,7 @@ This gem is tested against MRI, JRuby, and Truffleruby. Each of those has varying versions that target a specific version of MRI Ruby. This gem should work in the just-listed Ruby engines according to the targeted MRI compatibility in the table below. If you would like to add support for additional engines, - see `gemfiles/README.md`, then submit a PR to the correct maintenance branch as according to the table below. + see [gemfiles/README.md](gemfiles/README.md), then submit a PR to the correct maintenance branch as according to the table below.
@@ -404,25 +404,25 @@ of a major release, support for that Ruby version may be dropped. | 3️⃣ | older | N/A | Best of luck to you! | Please upgrade! | | NOTE: The 1.4 series will only receive critical security updates. -See [SECURITY.md][🚎sec-pol] +See [SECURITY.md][🔐security]. ## Usage Examples ### Global Configuration -If you started seeing this warning, but everything is working fine, you can now silence it. -```log -OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key -``` +You can turn on additional warnings. ```ruby OAuth2.configure do |config| - config.silence_extra_tokens_warning = true # default: false - config.silence_no_tokens_warning = true # default: false, if you want to also silence warnings about no tokens + # Turn on a warning like: + # OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key + config.silence_extra_tokens_warning = false # default: true + # Set to true if you want to also show warnings about no tokens + config.silence_no_tokens_warning = false # default: true, end ``` -This comes from ambiguity in the spec about which token is the right token. +The "extra tokens" problem comes from ambiguity in the spec about which token is the right token. Some OAuth 2.0 standards legitimately have multiple tokens. You may need to subclass `OAuth2::AccessToken`, or write your own custom alternative to it, and pass it in. Specify your custom class with the `access_token_class` option. From 2e92bd89739bb3653926de7f518790097924157f Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sun, 18 May 2025 17:44:25 +0700 Subject: [PATCH 383/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20fixes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 4 ++-- README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a0cdbe74..9e953c54 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,7 +12,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ### Fixed ### Security -## [2.0.10] - 2025-05-16 +## [2.0.10] - 2025-05-17 - TAG: [v2.0.10][2.0.10t] - COVERAGE: 100.00% -- 518/518 lines in 14 files - BRANCH COVERAGE: 100.00% -- 170/170 branches in 14 files @@ -370,7 +370,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [gemfiles/readme]: gemfiles/README.md [Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.10...HEAD -[2.0.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.09....v2.0.10 +[2.0.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.9...v2.0.10 [2.0.10t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.10 [2.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.8...v2.0.9 [2.0.9t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.9 diff --git a/README.md b/README.md index 9d924afa..22505afd 100644 --- a/README.md +++ b/README.md @@ -356,7 +356,7 @@ For more see [SECURITY.md][🔐security]. - Adds new option to `OAuth2::AccessToken#initialize`: - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency - By default, keys are transformed to snake case. - - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem. + - Original keys will still work as previously, in most scenarios, thanks to [snaky_hash](https://gitlab.com/oauth-xx/snaky_hash) gem. - However, this is a _breaking_ change if you rely on `response.parsed.to_h` to retain the original case, and the original wasn't snake case, as the keys in the result will be snake case. - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option. - By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`) From 19fb728d7a1b87c56c29096a19d2988b21a9cc6b Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Mon, 19 May 2025 01:23:51 +0700 Subject: [PATCH 384/645] =?UTF-8?q?=F0=9F=93=9D=20Improved=20info=20table?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 44 +++++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 22505afd..8e7de03e 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,7 @@ [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] +[![CodeQL][🖐codeQL-img]][🖐codeQL] --- @@ -158,19 +159,20 @@ One of these might be what you are looking for: ## 💡 Info you can shake a stick at -| Tokens to Remember | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace] | -|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Works with JRuby | [![JRuby 9.2 Compat][💎jruby-9.2i]][🚎10-j-wf] [![JRuby 9.3 Compat][💎jruby-9.3i]][🚎10-j-wf] [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf] | -| Works with Truffle Ruby | [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf] [![Truffle Ruby HEAD Compat][💎truby-headi]][🚎3-hd-wf] | -| Works with MRI Ruby 3 | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf] | -| Works with MRI Ruby 2 | [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf] | -| Source | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc] | -| Documentation | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![HEAD on RubyDoc.info][📜docs-head-rd-img]][🚎yard-head] [![BDFL Blog][🚂bdfl-blog-img]][🚂bdfl-blog] [![Wiki][📜wiki-img]][📜wiki] | -| Compliance | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Enforced Code Style][💎rlts-img]][💎rlts] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![FOSSA][🏘fossa-img]][🏘fossa] | -| Expert 1:1 Support | [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] `or` [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor] | -| Enterprise Support | [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
💡Subscribe for support guarantees covering _all_ FLOSS dependencies!
💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]!
💡Tidelift pays maintainers to maintain the software you depend on!
📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers! | -| Comrade BDFL 🎖️ | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto] | -| `...` 💖 | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub] [🛖][💖🛖hut] [🧪][💖🧪lab] | +| Tokens to Remember | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace] | +|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Works with JRuby | [![JRuby 9.2 Compat][💎jruby-9.2i]][🚎10-j-wf] [![JRuby 9.3 Compat][💎jruby-9.3i]][🚎10-j-wf] [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf] | +| Works with Truffle Ruby | [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf] [![Truffle Ruby HEAD Compat][💎truby-headi]][🚎3-hd-wf] | +| Works with MRI Ruby 3 | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf] | +| Works with MRI Ruby 2 | [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf] | +| Source | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc] | +| Documentation | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![HEAD on RubyDoc.info][📜docs-head-rd-img]][🚎yard-head] [![BDFL Blog][🚂bdfl-blog-img]][🚂bdfl-blog] [![Wiki][📜wiki-img]][📜wiki] | +| Compliance | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] [![FOSSA][🏘fossa-img]][🏘fossa] | +| Style | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] | +| Expert 1:1 Support | [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] `or` [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor] | +| Enterprise Support | [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
💡Subscribe for support guarantees covering _all_ FLOSS dependencies!
💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]!
💡Tidelift pays maintainers to maintain the software you depend on!
📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers! | +| Comrade BDFL 🎖️ | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto] | +| `...` 💖 | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub] [🛖][💖🛖hut] [🧪][💖🧪lab] | ## 🚀 Release Documentation @@ -181,7 +183,7 @@ One of these might be what you are looking for: | Version | Release Date | CHANGELOG | README | |---------|--------------|---------------------------------------|---------------------------------| -| 2.0.10 | 2025-05-16 | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] | +| 2.0.10 | 2025-05-17 | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] | | 2.0.9 | 2022-09-16 | [v2.0.9 CHANGELOG][2.0.9-changelog] | [v2.0.9 README][2.0.9-readme] | | 2.0.8 | 2022-09-01 | [v2.0.8 CHANGELOG][2.0.8-changelog] | [v2.0.8 README][2.0.8-readme] | | 2.0.7 | 2022-08-22 | [v2.0.7 CHANGELOG][2.0.7-changelog] | [v2.0.7 README][2.0.7-readme] | @@ -194,7 +196,7 @@ One of these might be what you are looking for: | 2.0.0 | 2022-06-21 | [v2.0.0 CHANGELOG][2.0.0-changelog] | [v2.0.0 README][2.0.0-readme] |
-[2.0.10-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2010---2025-05-16 +[2.0.10-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2010---2025-05-17 [2.0.9-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#209---2022-09-16 [2.0.8-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#208---2022-09-01 [2.0.7-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#207---2022-08-22 @@ -734,7 +736,7 @@ or one of the others at the head of this README. [![Buy me a latte][🖇buyme-img]][🖇buyme] [⛳gg-discussions]: https://groups.google.com/g/oauth-ruby -[⛳gg-discussions-img]: https://img.shields.io/badge/google-group-purple.svg?style=flat +[⛳gg-discussions-img]: https://img.shields.io/badge/google-group-0093D0.svg?style=for-the-badge&logo=google&logoColor=orange [✇bundle-group-pattern]: https://gist.github.com/pboling/4564780 [⛳️gem-namespace]: https://github.com/oauth-xx/oauth2 @@ -870,10 +872,10 @@ or one of the others at the head of this README. [🖐contributors-img]: https://contrib.rocks/image?repo=oauth-xx/oauth2 [🚎contributors-gl]: https://gitlab.com/oauth-xx/oauth2/-/graphs/main [🪇conduct]: CODE_OF_CONDUCT.md -[🪇conduct-img]: https://img.shields.io/badge/Contributor_Covenant-2.1-4baaaa.svg +[🪇conduct-img]: https://img.shields.io/badge/Contributor_Covenant-2.1-259D6C.svg [📌pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint [📌semver]: https://semver.org/spec/v2.0.0.html -[📌semver-img]: https://img.shields.io/badge/semver-2.0.0-FFDD67.svg?style=flat +[📌semver-img]: https://img.shields.io/badge/semver-2.0.0-259D6C.svg?style=flat [📌semver-breaking]: https://github.com/semver/semver/issues/716#issuecomment-869336139 [📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html [📌changelog]: CHANGELOG.md @@ -884,13 +886,13 @@ or one of the others at the head of this README. [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ [🧮kloc-img]: https://img.shields.io/badge/KLOC-0.518-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue [🔐security]: SECURITY.md -[🔐security-img]: https://img.shields.io/badge/security-policy-brightgreen.svg?style=flat +[🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year [📄license]: LICENSE.txt [📄license-ref]: https://opensource.org/licenses/MIT -[📄license-img]: https://img.shields.io/badge/License-MIT-green.svg +[📄license-img]: https://img.shields.io/badge/License-MIT-259D6C.svg [📄ilo-declaration]: https://www.ilo.org/declaration/lang--en/index.htm -[📄ilo-declaration-img]: https://img.shields.io/badge/ILO_Fundamental_Principles-✓-brightgreen.svg?style=flat +[📄ilo-declaration-img]: https://img.shields.io/badge/ILO_Fundamental_Principles-✓-259D6C.svg?style=flat [🚎yard-current]: http://rubydoc.info/gems/oauth2 [🚎yard-head]: https://rubydoc.info/github/oauth-xx/oauth2/main [💎stone_checksums]: https://github.com/pboling/stone_checksums From cec361f1af7946967304dc1a1737eb7e6a2e7296 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Mon, 19 May 2025 01:48:27 +0700 Subject: [PATCH 385/645] =?UTF-8?q?=F0=9F=8E=A8=20Final=20empty=20line?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index fc2a2cd5..1af67adc 100644 --- a/.gitignore +++ b/.gitignore @@ -40,4 +40,4 @@ Appraisal.*.gemfile.lock .tool-versions # Local config -.env.local \ No newline at end of file +.env.local From 03c05ebe20beea23747e9b1395c11a6fc7ece015 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Mon, 19 May 2025 01:48:48 +0700 Subject: [PATCH 386/645] =?UTF-8?q?=F0=9F=91=B7=20All=20runtime=20deps=20n?= =?UTF-8?q?ow=20tested=20@=20HEAD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gemfiles/modular/runtime_heads.gemfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/gemfiles/modular/runtime_heads.gemfile b/gemfiles/modular/runtime_heads.gemfile index 375e47b6..167a0359 100644 --- a/gemfiles/modular/runtime_heads.gemfile +++ b/gemfiles/modular/runtime_heads.gemfile @@ -16,3 +16,9 @@ gem "multi_xml", github: "sferik/multi_xml", branch: "master" # Ruby >= 2.4 gem "rack", github: "rack/rack", branch: "main" + +# Ruby >= 2.2 +gem "version_gem", github: "oauth-xx/version_gem", branch: "main" + +# Ruby >= 2.2 +gem "snaky_hash", github: "oauth-xx/snaky_hash", branch: "main" From a985ea1eaaf7fc7c58f0397d8ee13c293855f1a0 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Mon, 19 May 2025 02:24:07 +0700 Subject: [PATCH 387/645] =?UTF-8?q?=E2=9A=A1=EF=B8=8F=20Don't=20check=20fo?= =?UTF-8?q?r=20cert=20if=20SKIP=5FGEM=5FSIGNING=20is=20set?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- oauth2.gemspec | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index 5009da3d..c9c3038c 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -15,19 +15,21 @@ gl_homepage = "https://gitlab.com/oauth-xx/oauth2" gh_mirror = "https://github.com/oauth-xx/oauth2" Gem::Specification.new do |spec| - # Linux distros may package ruby gems differently, - # and securely certify them independently via alternate package management systems. + # Linux distros often package gems and securely certify them independent + # of the official RubyGem certification process. Allowed via ENV["SKIP_GEM_SIGNING"] # Ref: https://gitlab.com/oauth-xx/version_gem/-/issues/3 # Hence, only enable signing if `SKIP_GEM_SIGNING` is not set in ENV. # See CONTRIBUTING.md - user_cert = "certs/#{ENV.fetch("https://github.com/GEM_CERT_USER", ENV["USER"])}.pem" - cert_file_path = File.join(__dir__, user_cert) - cert_chain = cert_file_path.split(",") - cert_chain.select! { |fp| File.exist?(fp) } - if cert_file_path && cert_chain.any? - spec.cert_chain = cert_chain - if $PROGRAM_NAME.end_with?("gem") && ARGV[0] == "build" && !ENV.include?("SKIP_GEM_SIGNING") - spec.signing_key = File.join(Gem.user_home, ".ssh", "gem-private_key.pem") + unless ENV.include?("SKIP_GEM_SIGNING") + user_cert = "certs/#{ENV.fetch("https://github.com/GEM_CERT_USER", ENV["USER"])}.pem" + cert_file_path = File.join(__dir__, user_cert) + cert_chain = cert_file_path.split(",") + cert_chain.select! { |fp| File.exist?(fp) } + if cert_file_path && cert_chain.any? + spec.cert_chain = cert_chain + if $PROGRAM_NAME.end_with?("gem") && ARGV[0] == "build" + spec.signing_key = File.join(Gem.user_home, ".ssh", "gem-private_key.pem") + end end end From 464468c63b47b8423554108ec7ec69eefdecdfd6 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Mon, 19 May 2025 02:25:10 +0700 Subject: [PATCH 388/645] =?UTF-8?q?=E2=9C=A8=20Add=20CodeBerg=20as=20an=20?= =?UTF-8?q?ethical=20mirror?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - https://codeberg.org/oauth-xx/oauth2 --- README.md | 47 ++++++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 8e7de03e..3599e838 100644 --- a/README.md +++ b/README.md @@ -44,11 +44,12 @@ OAuth 2.0 focuses on client developer simplicity while providing specific author desktop applications, mobile phones, and living room devices. This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications. -| Federated [DVCS][💎d-in-dvcs] Repository | Status | Issues | PRs | Wiki | CI | Discussions | -|-----------------------------------------------|----------------|--------|-----|------|----------------|-------------| -| 🧪 [oauth-xx/oauth2 on GitLab][📜src-gl] | The Truth | 💚 | 💚 | 💚 | 🏀 Tiny Matrix | ➖ | -| 🐙 [oauth-xx/oauth2 on GitHub][📜src-gh] | A Dirty Mirror | 💚 | 💚 | ➖ | 💯 Full Matrix | ➖ | -| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active" | ➖ | ➖ | ➖ | ➖ | 💚 | +| Federated [DVCS][💎d-in-dvcs] Repository | Status | Issues | PRs | Wiki | CI | Discussions | +|-----------------------------------------------|-------------------------------------------|-------------------|------------------|--------------|----------------|-----------------------| +| 🧪 [oauth-xx/oauth2 on GitLab][📜src-gl] | The Truth | [💚][🤝gl-issues] | [💚][🤝gl-pulls] | [💚][📜wiki] | 🏀 Tiny Matrix | ➖ | +| 🧊 [oauth-xx/oauth2 on CodeBerg][📜src-cb] | An Ethical Mirror ([Donate][🤝cb-donate]) | ➖ | [💚][🤝cb-pulls] | ➖ | ⭕️ No Matrix | ➖ | +| 🐙 [oauth-xx/oauth2 on GitHub][📜src-gh] | A Dirty Mirror | [💚][🤝gh-issues] | [💚][🤝gh-pulls] | ➖ | 💯 Full Matrix | ➖ | +| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active" | ➖ | ➖ | ➖ | ➖ | [💚][⛳gg-discussions] | ### Upgrading Runtime Gem Dependencies @@ -71,26 +72,25 @@ covering the latest patch for each of the following minor versions: * NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV. * JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD * TruffleRuby @ v23.1, v23.2, HEAD -* gem `faraday` @ v0, v1, v2, HEAD -* gem `jwt` @ v1, v2, v3, HEAD -* gem `logger` @ v1.2, v1.5, v1.7, HEAD -* gem `multi_xml` @ v0.5, v0.6, v0.7, HEAD -* gem `rack` @ v1.2, v1.6, v2, v3, HEAD +* gem `faraday` @ v0, v1, v2, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday) +* gem `jwt` @ v1, v2, v3, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday) +* gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt) +* gem `multi_xml` @ v0.5, v0.6, v0.7, HEAD ⏩️ [sferik/multi_xml](https://github.com/sferik/multi_xml) +* gem `rack` @ v1.2, v1.6, v2, v3, HEAD ⏩️ [rack/rack](https://github.com/rack/rack) +* gem `snaky_hash` @v2, HEAD ⏩️ [oauth-xx/snaky_hash](https://gitlab.com/oauth-xx/snaky_hash) +* gem `version_gem` - @v1, HEAD ⏩️ [oauth-xx/version_gem](https://gitlab.com/oauth-xx/version_gem) + +The last two were extracted from this gem. They are part of the `oauth-xx` org, +and are developed in tight collaboration with this gem. + +#### You should upgrade this gem with confidence\*. - This gem follows a _strict & correct_ (according to the maintainer of SemVer; [more info][sv-pub-api]) interpretation of SemVer. - Dropping support for **any** of the runtime dependency versions above will be a major version bump. - If you aren't on one of the minor versions above, make getting there a priority. -- You should upgrade this gem with confidence\*. - You should upgrade the dependencies of this gem with confidence\*. - Please do upgrade, and then, when it goes smooth as butter [please sponsor me][🖇sponsor]. Thanks! -If you are thinking, "that list is missing two runtime dependencies", you are correct! -Both of them were extracted from this gem. They are part of the `oauth-xx` org, -and are developed in tight collaboration with this gem, so not much more needs to be said about them. - -* gem `snaky_hash` - https://gitlab.com/oauth-xx/snaky_hash -* gem `version_gem` - https://gitlab.com/oauth-xx/version_gem - [sv-pub-api]: #-is-platform-support-part-of-the-public-api \* MIT license; I am unable to make guarantees. @@ -624,7 +624,7 @@ See [SECURITY.md][🔐security]. If you need some ideas of where to help, you could work on adding more code coverage, or if it is already 💯 (see [below](#code-coverage)) check TODOs (see [below](#todos)), -or check [issues][🤝issues], or [PRs][🤝pulls], +or check [issues][🤝gh-issues], or [PRs][🤝gh-pulls], or use the gem and think about how it could be better. We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you make changes, remember to update it. @@ -863,8 +863,13 @@ or one of the others at the head of this README. [💎jruby-9.4i]: https://img.shields.io/badge/JRuby-9.4-FBE742?style=for-the-badge&logo=ruby&logoColor=red [💎jruby-c-i]: https://img.shields.io/badge/JRuby-current-FBE742?style=for-the-badge&logo=ruby&logoColor=green [💎jruby-headi]: https://img.shields.io/badge/JRuby-HEAD-FBE742?style=for-the-badge&logo=ruby&logoColor=blue -[🤝issues]: https://github.com/oauth-xx/oauth2/issues -[🤝pulls]: https://github.com/oauth-xx/oauth2/pulls +[🤝gh-issues]: https://github.com/oauth-xx/oauth2/issues +[🤝gh-pulls]: https://github.com/oauth-xx/oauth2/pulls +[🤝gl-issues]: https://gitlab.com/oauth-xx/oauth2/-/issues +[🤝gl-pulls]: https://gitlab.com/oauth-xx/oauth2/-/merge_requests +[🤝cb-issues]: https://codeberg.org/oauth-xx/oauth2/issues +[🤝cb-pulls]: https://codeberg.org/oauth-xx/oauth2/pulls +[🤝cb-donate]: https://donate.codeberg.org/ [🤝contributing]: CONTRIBUTING.md [🔑codecov-g♻️]: https://codecov.io/gh/oauth-xx/oauth2/graphs/tree.svg?token=bNqSzNiuo2 [🖐contrib-rocks]: https://contrib.rocks From 4f015a8a9c05caa47de4b377d39ec15c05fe6721 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Mon, 19 May 2025 02:38:49 +0700 Subject: [PATCH 389/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20updates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 3599e838..c26623ae 100644 --- a/README.md +++ b/README.md @@ -15,8 +15,8 @@ [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Depfu][🔑depfui♻️]][🔑depfu] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] -[![QLTY Test Coverage][🔑cc-covi♻️]][🔑cc-cov] -[![Maintainability][🔑cc-mnti♻️]][🔑cc-mnt] +[![QLTY Test Coverage][🔑qlty-covi♻️]][🔑qlty-cov] +[![QLTY Maintainability][🔑qlty-mnti♻️]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] @@ -634,7 +634,7 @@ See [CONTRIBUTING.md][🤝contributing] for more detailed instructions. ### Code Coverage [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] -[![QLTY Test Coverage][🔑cc-covi♻️]][🔑cc-cov] +[![QLTY Test Coverage][🔑qlty-covi♻️]][🔑qlty-cov] ### 🪇 Code of Conduct @@ -792,10 +792,10 @@ or one of the others at the head of this README. [👽oss-helpi]: https://www.codetriage.com/oauth-xx/oauth2/badges/users.svg [👽version]: https://rubygems.org/gems/oauth2 [👽versioni]: https://img.shields.io/gem/v/oauth2.svg -[🔑cc-mnt]: https://qlty.sh/gh/oauth-xx/projects/oauth2 -[🔑cc-mnti♻️]: https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/maintainability.svg -[🔑cc-cov]: https://qlty.sh/gh/oauth-xx/projects/oauth2 -[🔑cc-covi♻️]: https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/test_coverage.svg +[🔑qlty-mnt]: https://qlty.sh/gh/oauth-xx/projects/oauth2 +[🔑qlty-mnti♻️]: https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/maintainability.svg +[🔑qlty-cov]: https://qlty.sh/gh/oauth-xx/projects/oauth2 +[🔑qlty-covi♻️]: https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/test_coverage.svg [🔑codecov]: https://codecov.io/gh/oauth-xx/oauth2 [🔑codecovi♻️]: https://codecov.io/gh/oauth-xx/oauth2/graph/badge.svg?token=bNqSzNiuo2 [🔑coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=main @@ -885,9 +885,9 @@ or one of the others at the head of this README. [📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html [📌changelog]: CHANGELOG.md [📗keep-changelog]: https://keepachangelog.com/en/1.0.0/ -[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-FFDD67.svg?style=flat +[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-34495e.svg?style=flat [📌gitmoji]:https://gitmoji.dev -[📌gitmoji-img]:https://img.shields.io/badge/gitmoji-%20😜%20😍-FFDD67.svg?style=flat-square +[📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20😜%20😍-34495e.svg?style=flat-square [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ [🧮kloc-img]: https://img.shields.io/badge/KLOC-0.518-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue [🔐security]: SECURITY.md @@ -903,7 +903,7 @@ or one of the others at the head of this README. [💎stone_checksums]: https://github.com/pboling/stone_checksums [💎SHA_checksums]: https://gitlab.com/oauth-xx/oauth2/-/tree/main/checksums [💎rlts]: https://github.com/rubocop-lts/rubocop-lts -[💎rlts-img]: https://img.shields.io/badge/code_style-rubocop--lts-brightgreen.svg?plastic&logo=ruby&logoColor=white +[💎rlts-img]: https://img.shields.io/badge/code_style_and_linting-rubocop--lts-34495e.svg?plastic&logo=ruby&logoColor=white [🏘fossa]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_shield [🏘fossa-img]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=shield [💎d-in-dvcs]: https://railsbling.com/posts/dvcs/put_the_d_in_dvcs/ From 8f0c4d082192ab85e07536749fe048d58a80b2e9 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Mon, 19 May 2025 02:42:17 +0700 Subject: [PATCH 390/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20CHANGELOG.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e953c54..c0b534c4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,10 +6,15 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [Unreleased] ### Added +- Codeberg as ethical mirror (@pboling) + - https://codeberg.org/oauth-xx/oauth2 +- Don't check for cert if SKIP_GEM_SIGNING is set (@pboling) +- All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling) ### Changed ### Deprecated ### Removed ### Fixed +- Incorrect documentation related to silencing warnings (@pboling) ### Security ## [2.0.10] - 2025-05-17 From 4a7236c333239a07185adf03f37c71d9bd1ebf73 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Mon, 19 May 2025 17:04:57 +0700 Subject: [PATCH 391/645] =?UTF-8?q?=F0=9F=93=9D=20Improve=20documentation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index c26623ae..c65cd90a 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ --- -[![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] +[![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] @@ -44,12 +44,13 @@ OAuth 2.0 focuses on client developer simplicity while providing specific author desktop applications, mobile phones, and living room devices. This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications. -| Federated [DVCS][💎d-in-dvcs] Repository | Status | Issues | PRs | Wiki | CI | Discussions | -|-----------------------------------------------|-------------------------------------------|-------------------|------------------|--------------|----------------|-----------------------| -| 🧪 [oauth-xx/oauth2 on GitLab][📜src-gl] | The Truth | [💚][🤝gl-issues] | [💚][🤝gl-pulls] | [💚][📜wiki] | 🏀 Tiny Matrix | ➖ | -| 🧊 [oauth-xx/oauth2 on CodeBerg][📜src-cb] | An Ethical Mirror ([Donate][🤝cb-donate]) | ➖ | [💚][🤝cb-pulls] | ➖ | ⭕️ No Matrix | ➖ | -| 🐙 [oauth-xx/oauth2 on GitHub][📜src-gh] | A Dirty Mirror | [💚][🤝gh-issues] | [💚][🤝gh-pulls] | ➖ | 💯 Full Matrix | ➖ | -| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active" | ➖ | ➖ | ➖ | ➖ | [💚][⛳gg-discussions] | +| Federated [DVCS][💎d-in-dvcs] Repository | Status | Issues | PRs | Wiki | CI | Discussions | +|-----------------------------------------------|-------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------| +| 🧪 [oauth-xx/oauth2 on GitLab][📜src-gl] | The Truth | [💚][🤝gl-issues] | [💚][🤝gl-pulls] | [💚][📜wiki] | 🏀 Tiny Matrix | ➖ | +| 🧊 [oauth-xx/oauth2 on CodeBerg][📜src-cb] | An Ethical Mirror ([Donate][🤝cb-donate]) | ➖ | [💚][🤝cb-pulls] | ➖ | ⭕️ No Matrix | ➖ | +| 🐙 [oauth-xx/oauth2 on GitHub][📜src-gh] | A Dirty Mirror | [💚][🤝gh-issues] | [💚][🤝gh-pulls] | ➖ | 💯 Full Matrix | ➖ | +| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active" | ➖ | ➖ | ➖ | ➖ | [💚][⛳gg-discussions] | +| 🎮️ [Discord Server][✉️discord-invite] | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] | ### Upgrading Runtime Gem Dependencies @@ -167,9 +168,9 @@ One of these might be what you are looking for: | Works with MRI Ruby 2 | [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf] | | Source | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc] | | Documentation | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![HEAD on RubyDoc.info][📜docs-head-rd-img]][🚎yard-head] [![BDFL Blog][🚂bdfl-blog-img]][🚂bdfl-blog] [![Wiki][📜wiki-img]][📜wiki] | -| Compliance | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] [![FOSSA][🏘fossa-img]][🏘fossa] | +| Compliance | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] [![FOSSA][🏘fossa-img]][🏘fossa] | | Style | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] | -| Expert 1:1 Support | [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] `or` [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor] | +| Support | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor] | | Enterprise Support | [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
💡Subscribe for support guarantees covering _all_ FLOSS dependencies!
💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]!
💡Tidelift pays maintainers to maintain the software you depend on!
📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers! | | Comrade BDFL 🎖️ | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto] | | `...` 💖 | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub] [🛖][💖🛖hut] [🧪][💖🧪lab] | @@ -351,6 +352,7 @@ For more see [SECURITY.md][🔐security]. - Support IETF rfc7523 JWT Bearer Tokens - Support IETF rfc7231 Relative Location in Redirect - Support IETF rfc6749 Don't set oauth params when nil +- Support IETF rfc7009 Token Revocation (since v2.0.10) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) - Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json` - Adds new option to `OAuth2::Client#get_token`: @@ -903,10 +905,12 @@ or one of the others at the head of this README. [💎stone_checksums]: https://github.com/pboling/stone_checksums [💎SHA_checksums]: https://gitlab.com/oauth-xx/oauth2/-/tree/main/checksums [💎rlts]: https://github.com/rubocop-lts/rubocop-lts -[💎rlts-img]: https://img.shields.io/badge/code_style_and_linting-rubocop--lts-34495e.svg?plastic&logo=ruby&logoColor=white +[💎rlts-img]: https://img.shields.io/badge/code_style_%26_linting-rubocop--lts-34495e.svg?plastic&logo=ruby&logoColor=white [🏘fossa]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_shield [🏘fossa-img]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=shield [💎d-in-dvcs]: https://railsbling.com/posts/dvcs/put_the_d_in_dvcs/ +[✉️discord-invite]: https://discord.gg/3qme4XHNKN +[✉️discord-invite-img]: https://img.shields.io/discord/1373797679469170758?style=for-the-badge
From 1b49b042022719f399732b8de99d7880c0fbb123 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Mon, 19 May 2025 17:08:22 +0700 Subject: [PATCH 392/645] =?UTF-8?q?=F0=9F=93=9D=20Improve=20documentation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index c65cd90a..a0cb760d 100644 --- a/README.md +++ b/README.md @@ -625,8 +625,7 @@ See [SECURITY.md][🔐security]. ## 🤝 Contributing If you need some ideas of where to help, you could work on adding more code coverage, -or if it is already 💯 (see [below](#code-coverage)) check TODOs (see [below](#todos)), -or check [issues][🤝gh-issues], or [PRs][🤝gh-pulls], +or if it is already 💯 (see [below](#code-coverage)) check [issues][🤝gh-issues], or [PRs][🤝gh-pulls], or use the gem and think about how it could be better. We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you make changes, remember to update it. From a99bb0ff64485a748176de0e40fc05f3514e8ff9 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 21 May 2025 04:02:00 +0700 Subject: [PATCH 393/645] =?UTF-8?q?=F0=9F=91=B7=20Improve=20GitLab=20build?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitlab-ci.yml | 4 ++-- .rubocop.yml | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c6a03113..1d4f5398 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -18,7 +18,7 @@ workflow: rules: # For merge requests, create a pipeline. - if: '$CI_MERGE_REQUEST_IID' - # For `master` branch, create a pipeline (this includes on schedules, pushes, merges, etc.). + # For default branch, create a pipeline (this includes on schedules, pushes, merges, etc.). - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' # For tags, create a pipeline. - if: '$CI_COMMIT_TAG' @@ -27,7 +27,7 @@ workflow: image: ruby:${RUBY_VERSION} stage: test script: - - gem update --system > /dev/null 2>&1 + - gem update --silent --system - bundle config --local path vendor - bundle install - bundle exec rake diff --git a/.rubocop.yml b/.rubocop.yml index 6653c82a..f56e4770 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -42,7 +42,6 @@ Lint/UnusedBlockArgument: - 'vendor/**/*' - '**/.irbrc' - Style/ClassVars: Enabled: false From 26519ffd3cebcd598bd7e1d323e15cec6d7e0e90 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 21 May 2025 04:27:50 +0700 Subject: [PATCH 394/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20on=20Git?= =?UTF-8?q?Hub=20Pages?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - https://oauth2.galtzo.com --- .gitignore | 1 - .rubocop_gradual.lock | 2 +- .yard_gfm_support.rb | 22 + .yardopts | 10 + Gemfile.lock | 13 + README.md | 40 +- Rakefile | 6 +- doc/OAuth2.html | 336 ++ doc/OAuth2/AccessToken.html | 3061 +++++++++++++++++ doc/OAuth2/Authenticator.html | 641 ++++ doc/OAuth2/Client.html | 2661 ++++++++++++++ doc/OAuth2/Error.html | 528 +++ doc/OAuth2/FilteredAttributes.html | 278 ++ .../FilteredAttributes/ClassMethods.html | 228 ++ doc/OAuth2/Response.html | 1146 ++++++ doc/OAuth2/Strategy.html | 117 + doc/OAuth2/Strategy/Assertion.html | 491 +++ doc/OAuth2/Strategy/AuthCode.html | 479 +++ doc/OAuth2/Strategy/Base.html | 205 ++ doc/OAuth2/Strategy/ClientCredentials.html | 353 ++ doc/OAuth2/Strategy/Implicit.html | 420 +++ doc/OAuth2/Strategy/Password.html | 374 ++ doc/OAuth2/Version.html | 121 + doc/_index.html | 310 ++ doc/class_list.html | 54 + doc/css/common.css | 1 + doc/css/full_list.css | 58 + doc/css/style.css | 503 +++ doc/file.CHANGELOG.html | 773 +++++ doc/file.CODE_OF_CONDUCT.html | 202 ++ doc/file.CONTRIBUTING.html | 205 ++ doc/file.LICENSE.html | 70 + doc/file.README.html | 960 ++++++ doc/file.SECURITY.html | 120 + doc/file_list.html | 84 + doc/frames.html | 22 + doc/index.html | 960 ++++++ doc/js/app.js | 344 ++ doc/js/full_list.js | 242 ++ doc/js/jquery.js | 4 + doc/method_list.html | 726 ++++ doc/top-level-namespace.html | 110 + gemfiles/modular/documentation.gemfile | 5 +- oauth2.gemspec | 31 +- 44 files changed, 17270 insertions(+), 47 deletions(-) create mode 100644 .yard_gfm_support.rb create mode 100644 .yardopts create mode 100644 doc/OAuth2.html create mode 100644 doc/OAuth2/AccessToken.html create mode 100644 doc/OAuth2/Authenticator.html create mode 100644 doc/OAuth2/Client.html create mode 100644 doc/OAuth2/Error.html create mode 100644 doc/OAuth2/FilteredAttributes.html create mode 100644 doc/OAuth2/FilteredAttributes/ClassMethods.html create mode 100644 doc/OAuth2/Response.html create mode 100644 doc/OAuth2/Strategy.html create mode 100644 doc/OAuth2/Strategy/Assertion.html create mode 100644 doc/OAuth2/Strategy/AuthCode.html create mode 100644 doc/OAuth2/Strategy/Base.html create mode 100644 doc/OAuth2/Strategy/ClientCredentials.html create mode 100644 doc/OAuth2/Strategy/Implicit.html create mode 100644 doc/OAuth2/Strategy/Password.html create mode 100644 doc/OAuth2/Version.html create mode 100644 doc/_index.html create mode 100644 doc/class_list.html create mode 100644 doc/css/common.css create mode 100644 doc/css/full_list.css create mode 100644 doc/css/style.css create mode 100644 doc/file.CHANGELOG.html create mode 100644 doc/file.CODE_OF_CONDUCT.html create mode 100644 doc/file.CONTRIBUTING.html create mode 100644 doc/file.LICENSE.html create mode 100644 doc/file.README.html create mode 100644 doc/file.SECURITY.html create mode 100644 doc/file_list.html create mode 100644 doc/frames.html create mode 100644 doc/index.html create mode 100644 doc/js/app.js create mode 100644 doc/js/full_list.js create mode 100644 doc/js/jquery.js create mode 100644 doc/method_list.html create mode 100644 doc/top-level-namespace.html diff --git a/.gitignore b/.gitignore index 1af67adc..1d4ec4b4 100644 --- a/.gitignore +++ b/.gitignore @@ -20,7 +20,6 @@ Appraisal.*.gemfile.lock # Documentation /.yardoc /_yardoc/ -/doc/ /rdoc/ # RVM diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 692142a7..1e923dcf 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -21,7 +21,7 @@ "lib/oauth2/response.rb:4048171841": [ [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] ], - "oauth2.gemspec:461003665": [ + "oauth2.gemspec:2957552385": [ [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028] ], "spec/oauth2/access_token_spec.rb:443932125": [ diff --git a/.yard_gfm_support.rb b/.yard_gfm_support.rb new file mode 100644 index 00000000..4f2f1403 --- /dev/null +++ b/.yard_gfm_support.rb @@ -0,0 +1,22 @@ +# Gratefully and liberally taken from the MIT-licensed https://github.com/bensheldon/good_job/pull/113/files +require "kramdown" +require "kramdown-parser-gfm" + +# Custom markup provider class that always renders Kramdown using GFM (Github Flavored Markdown). +# GFM is needed to render markdown tables and fenced code blocks in the README. +class KramdownGfmDocument < Kramdown::Document + def initialize(source, options = {}) + options[:input] = "GFM" unless options.key?(:input) + super(source, options) + end +end + +# Insert the new provider as the highest priority option for Markdown. +# See: +# - https://github.com/lsegal/yard/issues/1157 +# - https://github.com/lsegal/yard/issues/1017 +# - https://github.com/lsegal/yard/blob/main/lib/yard/templates/helpers/markup_helper.rb +YARD::Templates::Helpers::MarkupHelper::MARKUP_PROVIDERS[:markdown].insert( + 0, + {const: "KramdownGfmDocument"}, +) diff --git a/.yardopts b/.yardopts new file mode 100644 index 00000000..50081d3f --- /dev/null +++ b/.yardopts @@ -0,0 +1,10 @@ +--plugin junk +--plugin relative_markdown_links +--readme README.md +--charset utf-8 +--markup markdown +--load .yard_gfm_support.rb +'lib/**/*.rb' +- +'*.md' +'*.txt' \ No newline at end of file diff --git a/Gemfile.lock b/Gemfile.lock index 9efbef62..9e283cfe 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -110,6 +110,10 @@ GEM simplecov-rcov (~> 0.3, >= 0.3.3) simplecov_json_formatter (~> 0.1, >= 0.1.4) version_gem (~> 1.1, >= 1.1.7) + kramdown (2.5.1) + rexml (>= 3.3.9) + kramdown-parser-gfm (1.1.0) + kramdown (~> 2.0) language_server-protocol (3.17.0.5) lint_roller (1.1.0) logger (1.7.0) @@ -118,6 +122,10 @@ GEM net-http (0.6.0) uri nkf (0.2.0) + nokogiri (1.18.8-x86_64-darwin) + racc (~> 1.4) + nokogiri (1.18.8-x86_64-linux-gnu) + racc (~> 1.4) ostruct (0.6.1) parallel (1.27.0) parser (3.3.8.0) @@ -274,6 +282,8 @@ GEM uri (1.0.3) version_gem (1.1.8) yard (0.9.37) + yard-relative_markdown_links (0.5.0) + nokogiri (>= 1.14.3, < 2) zeitwerk (2.7.2) PLATFORMS @@ -290,6 +300,8 @@ DEPENDENCIES debug (>= 1.0.0) gem_bench (~> 2.0, >= 2.0.5) kettle-soup-cover (~> 1.0, >= 1.0.6) + kramdown (~> 2.5, >= 2.5.1) + kramdown-parser-gfm (~> 1.1) nkf (~> 0.2) oauth2! rake (~> 13.0) @@ -309,6 +321,7 @@ DEPENDENCIES stone_checksums (~> 1.0) yard (~> 0.9, >= 0.9.37) yard-junk (~> 0.0, >= 0.0.10)! + yard-relative_markdown_links (~> 0.5.0) BUNDLED WITH 2.6.9 diff --git a/README.md b/README.md index a0cb760d..0a7c2a6a 100644 --- a/README.md +++ b/README.md @@ -9,35 +9,11 @@ ## 🔐 OAuth2 -[![Version][👽versioni]][👽version] -[![License: MIT][📄license-img]][📄license-ref] -[![Downloads Rank][👽dl-ranki]][👽dl-rank] -[![Open Source Helpers][👽oss-helpi]][👽oss-help] -[![Depfu][🔑depfui♻️]][🔑depfu] -[![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] -[![QLTY Test Coverage][🔑qlty-covi♻️]][🔑qlty-cov] -[![QLTY Maintainability][🔑qlty-mnti♻️]][🔑qlty-mnt] -[![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] -[![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] -[![CI Current][🚎11-c-wfi]][🚎11-c-wf] -[![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] -[![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] -[![CI Supported][🚎6-s-wfi]][🚎6-s-wf] -[![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] -[![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] -[![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] -[![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] -[![CI Style][🚎5-st-wfi]][🚎5-st-wf] -[![CodeQL][🖐codeQL-img]][🖐codeQL] +[![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Depfu][🔑depfui♻️]][🔑depfu] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi♻️]][🔑qlty-cov] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] --- -[![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] -[![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] -[![Buy me a coffee][🖇buyme-small-img]][🖇buyme] -[![Donate on Polar][🖇polar-img]][🖇polar] -[![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] -[![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon] +[![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon] OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, @@ -410,7 +386,7 @@ of a major release, support for that Ruby version may be dropped. NOTE: The 1.4 series will only receive critical security updates. See [SECURITY.md][🔐security]. -## Usage Examples +## 🔧 Basic Usage ### Global Configuration @@ -533,7 +509,7 @@ client = OAuth2::Client.new( ```
-## OAuth2::Response +### OAuth2::Response The `AccessToken` methods `#get`, `#post`, `#put` and `#delete` and the generic `#request` will return an instance of the #OAuth2::Response class. @@ -546,14 +522,14 @@ array. Otherwise, it will return the original body string. The original response body, headers, and status can be accessed via their respective methods. -## OAuth2::AccessToken +### OAuth2::AccessToken If you have an existing Access Token for a user, you can initialize an instance using various class methods including the standard new, `from_hash` (if you have a hash of the values), or `from_kvform` (if you have an `application/x-www-form-urlencoded` encoded string of the values). -## OAuth2::Error +### OAuth2::Error On 400+ status code responses, an `OAuth2::Error` will be raised. If it is a standard OAuth2 error response, the body will be parsed and `#code` and `#description` will contain the values provided from the error and @@ -565,7 +541,7 @@ option on initialization of the client. In this case the `OAuth2::Response` instance will be returned as usual and on 400+ status code responses, the Response instance will contain the `OAuth2::Error` instance. -## Authorization Grants +### Authorization Grants Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion authentication grant types have helper strategy classes that simplify client @@ -784,7 +760,7 @@ or one of the others at the head of this README. [📜src-gh-img]: https://img.shields.io/badge/GitHub-238636?style=for-the-badge&logo=Github&logoColor=green [📜src-gh]: https://github.com/oauth-xx/oauth2 [📜docs-cr-rd-img]: https://img.shields.io/badge/RubyDoc-Current_Release-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white -[📜docs-head-rd-img]: https://img.shields.io/badge/RubyDoc-HEAD-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white +[📜docs-head-rd-img]: https://img.shields.io/badge/YARD_on_Galtzo.com-HEAD-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white [📜wiki]: https://gitlab.com/oauth-xx/oauth2/-/wikis/home [📜wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=Wiki&logoColor=white [👽dl-rank]: https://rubygems.org/gems/oauth2 diff --git a/Rakefile b/Rakefile index ddffe886..dd7dfbc9 100644 --- a/Rakefile +++ b/Rakefile @@ -73,8 +73,12 @@ begin YARD::Rake::YardocTask.new(:yard) do |t| t.files = [ - # Splats (alphabetical) + # Source Splats (alphabetical) "lib/**/*.rb", + "-", # source and extra docs are separated by "-" + # Extra Files (alphabetical) + "*.md", + "*.txt", ] end defaults << "yard" diff --git a/doc/OAuth2.html b/doc/OAuth2.html new file mode 100644 index 00000000..47069103 --- /dev/null +++ b/doc/OAuth2.html @@ -0,0 +1,336 @@ + + + + + + + Module: OAuth2 + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Module: OAuth2 + + + +

+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2.rb,
+ lib/oauth2/error.rb,
lib/oauth2/client.rb,
lib/oauth2/version.rb,
lib/oauth2/response.rb,
lib/oauth2/access_token.rb,
lib/oauth2/authenticator.rb,
lib/oauth2/strategy/base.rb,
lib/oauth2/strategy/implicit.rb,
lib/oauth2/strategy/password.rb,
lib/oauth2/strategy/assertion.rb,
lib/oauth2/strategy/auth_code.rb,
lib/oauth2/filtered_attributes.rb,
lib/oauth2/strategy/client_credentials.rb +
+
+ +
+ +

Overview

+
+

:nocov:

+ + +
+
+
+ + +

Defined Under Namespace

+

+ + + Modules: FilteredAttributes, Strategy, Version + + + + Classes: AccessToken, Authenticator, Client, Error, Response + + +

+ + +

+ Constant Summary + collapse +

+ +
+ +
OAUTH_DEBUG = + +
+ 
ENV.fetch("OAUTH_DEBUG", "false").casecmp("true").zero?
+ +
DEFAULT_CONFIG = + +
+ 
SnakyHash::SymbolKeyed.new(
+  silence_extra_tokens_warning: true,
+  silence_no_tokens_warning: true,
+)
+ +
ConnectionError = + +
+ 
Class.new(Faraday::ConnectionFailed)
+ +
TimeoutError = + +
+ 
Class.new(Faraday::TimeoutError)
+ +
+ + + + + +

Class Attribute Summary collapse

+
    + +
  • + + + .config ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute config.

    +
     + +
    • + + +
+ + + + + +

+ Class Method Summary + collapse +

+ + + + + +
+

Class Attribute Details

+ + + +
+

+ + .configObject (readonly) + + + + + +

+
+

Returns the value of attribute config.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+35
+36
+37
+ 		+ 
# File 'lib/oauth2.rb', line 35
+
+def config
+  @config
+end
+
+
+ +
+ + +
+

Class Method Details

+ + +
+

+ + .configure {|@config| ... } ⇒ Object + + + + + +

+
+ + + +
+
+
+ +

Yields:

+
    + +
  • + + + (@config) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+37
+38
+39
+ 		+ 
# File 'lib/oauth2.rb', line 37
+
+def configure
+  yield @config
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html new file mode 100644 index 00000000..4923e5eb --- /dev/null +++ b/doc/OAuth2/AccessToken.html @@ -0,0 +1,3061 @@ + + + + + + + Class: OAuth2::AccessToken + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::AccessToken + + + +

+
+ +
+
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+
+ + + + + + +
+
Includes:
+
FilteredAttributes
+
+ + + + + + +
+
Defined in:
+
lib/oauth2/access_token.rb
+
+ +
+ +

Overview

+
+

rubocop:disable Metrics/ClassLength

+ + +
+
+
+ + +
+ +

+ Constant Summary + collapse +

+ +
+ +
TOKEN_KEYS_STR = + +
+ 
%w[access_token id_token token accessToken idToken].freeze
+ +
TOKEN_KEYS_SYM = + +
+ 
%i[access_token id_token token accessToken idToken].freeze
+ +
TOKEN_KEY_LOOKUP = + +
+ 
TOKEN_KEYS_STR + TOKEN_KEYS_SYM
+ +
+ + + + + +

Instance Attribute Summary collapse

+
    + +
  • + + + #client ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute client.

    +
     + +
    • + + +
  • + + + #expires_at ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute expires_at.

    +
     + +
    • + + +
  • + + + #expires_in ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute expires_in.

    +
     + +
    • + + +
  • + + + #expires_latency ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute expires_latency.

    +
     + +
    • + + +
  • + + + #options ⇒ Object + + + + + + + + + + + + + + + + +

    Returns the value of attribute options.

    +
     + +
    • + + +
  • + + + #params ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute params.

    +
     + +
    • + + +
  • + + + #refresh_token ⇒ Object + + + + + + + + + + + + + + + + +

    Returns the value of attribute refresh_token.

    +
     + +
    • + + +
  • + + + #response ⇒ Object + + + + + + + + + + + + + + + + +

    Returns the value of attribute response.

    +
     + +
    • + + +
  • + + + #token ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute token.

    +
     + +
    • + + +
+ + + + + +

+ Class Method Summary + collapse +

+ + + +

+ Instance Method Summary + collapse +

+ + + + + + + + + + + + + +

Methods included from FilteredAttributes

+

included, #inspect

+
+

Constructor Details

+ +
+

+ + #initialize(client, token, opts = {}) ⇒ AccessToken + + + + + +

+
+ +
+ Note: +

For “soon-to-expire”/”clock-skew” functionality see the :expires_latency option.

+
+
+ +
+ Note: +

If no token is provided, the AccessToken will be considered invalid.
+This is to prevent the possibility of a token being accidentally
+created with no token value.
+If you want to create an AccessToken with no token value,
+you can pass in an empty string or nil for the token value.
+If you want to create an AccessToken with no token value and
+no refresh token, you can pass in an empty string or nil for the
+token value and nil for the refresh token, and raise_errors: false.

+
+
+ +

Initialize an AccessToken

+ + +
+
+
+

Parameters:

+
    + +
  • + + client + + + (Client) + + + + — +

    the OAuth2::Client instance

    +
    + +
    • + +
  • + + token + + + (String) + + + + — +

    the Access Token value (optional, may not be used in refresh flows)

    +
    + +
    • + +
  • + + opts + + + (Hash) + + + (defaults to: {}) + + + — +

    the options to create the Access Token with

    +
    + +
    • + +
+ + + + + + + + +

Options Hash (opts):

+
    + +
  • + :refresh_token + (String) + + + — default: + nil + + + + —

    the refresh_token value

    +
    + +
    • + +
  • + :expires_in + (FixNum, String) + + + — default: + nil + + + + —

    the number of seconds in which the AccessToken will expire

    +
    + +
    • + +
  • + :expires_at + (FixNum, String) + + + — default: + nil + + + + —

    the epoch time in seconds in which AccessToken will expire

    +
    + +
    • + +
  • + :expires_latency + (FixNum, String) + + + — default: + nil + + + + —

    the number of seconds by which AccessToken validity will be reduced to offset latency, @version 2.0+

    +
    + +
    • + +
  • + :mode + (Symbol) + + + — default: + :header + + + + —

    the transmission mode of the Access Token parameter value
    +one of :header, :body or :query

    +
    + +
    • + +
  • + :header_format + (String) + + + — default: + 'Bearer %s' + + + + —

    the string format to use for the Authorization header

    +
    + +
    • + +
  • + :param_name + (String) + + + — default: + 'access_token' + + + + —

    the parameter name to use for transmission of the
    +Access Token value in :body or :query transmission mode

    +
    + +
    • + +
  • + :token_name + (String) + + + — default: + nil + + + + —

    the name of the response parameter that identifies the access token
    +When nil one of TOKEN_KEY_LOOKUP will be used

    +
    + +
    • + +
+ + + +
+ + + + +
+ 
+
+
+118
+119
+120
+121
+122
+123
+124
+125
+126
+127
+128
+129
+130
+131
+132
+133
+134
+135
+136
+137
+138
+139
+140
+141
+142
+143
+144
+145
+146
+147
+148
+149
+150
+151
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 118
+
+def initialize(client, token, opts = {})
+  @client = client
+  @token = token.to_s
+  opts = opts.dup
+  %i[refresh_token expires_in expires_at expires_latency].each do |arg|
+    instance_variable_set("@#{arg}", opts.delete(arg) || opts.delete(arg.to_s))
+  end
+  no_tokens = (@token.nil? || @token.empty?) && (@refresh_token.nil? || @refresh_token.empty?)
+  if no_tokens
+    if @client.options[:raise_errors]
+      raise Error.new({
+        error: "OAuth2::AccessToken has no token",
+        error_description: "Options are: #{opts.inspect}",
+      })
+    elsif !OAuth2.config.silence_no_tokens_warning
+      warn("OAuth2::AccessToken has no token")
+    end
+  end
+  # @option opts [Fixnum, String] :expires is deprecated
+  @expires_in ||= opts.delete("expires")
+  @expires_in &&= @expires_in.to_i
+  @expires_at &&= convert_expires_at(@expires_at)
+  @expires_latency &&= @expires_latency.to_i
+  @expires_at ||= Time.now.to_i + @expires_in if @expires_in && !@expires_in.zero?
+  @expires_at -= @expires_latency if @expires_latency
+  @options = {
+    mode: opts.delete(:mode) || :header,
+    header_format: opts.delete(:header_format) || "Bearer %s",
+    param_name: opts.delete(:param_name) || "access_token",
+  }
+  @options[:token_name] = opts.delete(:token_name) if opts.key?(:token_name)
+
+  @params = opts
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + #clientObject (readonly) + + + + + +

+
+

Returns the value of attribute client.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+11
+12
+13
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 11
+
+def client
+  @client
+end
+
+
+ + + +
+

+ + #expires_atObject (readonly) + + + + + +

+
+

Returns the value of attribute expires_at.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+11
+12
+13
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 11
+
+def expires_at
+  @expires_at
+end
+
+
+ + + +
+

+ + #expires_inObject (readonly) + + + + + +

+
+

Returns the value of attribute expires_in.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+11
+12
+13
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 11
+
+def expires_in
+  @expires_in
+end
+
+
+ + + +
+

+ + #expires_latencyObject (readonly) + + + + + +

+
+

Returns the value of attribute expires_latency.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+11
+12
+13
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 11
+
+def expires_latency
+  @expires_latency
+end
+
+
+ + + +
+

+ + #optionsObject + + + + + +

+
+

Returns the value of attribute options.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+12
+13
+14
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 12
+
+def options
+  @options
+end
+
+
+ + + +
+

+ + #paramsObject (readonly) + + + + + +

+
+

Returns the value of attribute params.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+11
+12
+13
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 11
+
+def params
+  @params
+end
+
+
+ + + +
+

+ + #refresh_tokenObject + + + + + +

+
+

Returns the value of attribute refresh_token.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+12
+13
+14
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 12
+
+def refresh_token
+  @refresh_token
+end
+
+
+ + + +
+

+ + #responseObject + + + + + +

+
+

Returns the value of attribute response.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+12
+13
+14
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 12
+
+def response
+  @response
+end
+
+
+ + + +
+

+ + #tokenObject (readonly) + + + + + +

+
+

Returns the value of attribute token.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+11
+12
+13
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 11
+
+def token
+  @token
+end
+
+
+ +
+ + +
+

Class Method Details

+ + +
+

+ + .from_hash(client, hash) ⇒ OAuth2::AccessToken + + + + + +

+
+ +
+ Note: +

The method will use the first found token key in the following order:
+‘access_token’, ‘id_token’, ‘token’ (or their symbolic versions)

+
+
+ +
+ Note: +

If multiple token keys are present, a warning will be issued unless
+OAuth2.config.silence_extra_tokens_warning is true

+
+
+ +
+ Note: +

If no token keys are present, a warning will be issued unless
+OAuth2.config.silence_no_tokens_warning is true

+
+
+ +
+ Note: +

For “soon-to-expire”/”clock-skew” functionality see the :expires_latency option.

+
+
+ +
+ Note: +

If snaky key conversion is being used, token_name needs to match the converted key.

+
+
+ +

Initializes an AccessToken from a Hash

+ + +
+
+
+ +
+

Examples:

+ + + 
hash = { 'access_token' => 'token_value', 'refresh_token' => 'refresh_value' }
+access_token = OAuth2::AccessToken.from_hash(client, hash)
+ +
+

Parameters:

+
    + +
  • + + client + + + (OAuth2::Client) + + + + — +

    the OAuth2::Client instance

    +
    + +
    • + +
  • + + hash + + + (Hash) + + + + — +

    a hash containing the token and other properties

    +
    + +
    • + +
+ + + + + + +

Options Hash (hash):

+
    + +
  • + 'access_token' + (String) + + + + + —

    the access token value

    +
    + +
    • + +
  • + 'id_token' + (String) + + + + + —

    alternative key for the access token value

    +
    + +
    • + +
  • + 'token' + (String) + + + + + —

    alternative key for the access token value

    +
    + +
    • + +
  • + 'refresh_token' + (String) + + + — default: + optional + + + + —

    the refresh token value

    +
    + +
    • + +
  • + 'expires_in' + (Integer, String) + + + — default: + optional + + + + —

    number of seconds until token expires

    +
    + +
    • + +
  • + 'expires_at' + (Integer, String) + + + — default: + optional + + + + —

    epoch time in seconds when token expires

    +
    + +
    • + +
  • + 'expires_latency' + (Integer, String) + + + — default: + optional + + + + —

    seconds to reduce token validity by

    +
    + +
    • + +
+ + +

Returns:

+ + +
+ + + + +
+ 
+
+
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+57
+58
+59
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 42
+
+def from_hash(client, hash)
+  fresh = hash.dup
+  # If token_name is present, then use that key name
+  key =
+    if fresh.key?(:token_name)
+      t_key = fresh[:token_name]
+      no_tokens_warning(fresh, t_key)
+      t_key
+    else
+      # Otherwise, if one of the supported default keys is present, use whichever has precedence
+      supported_keys = TOKEN_KEY_LOOKUP & fresh.keys
+      t_key = supported_keys[0]
+      extra_tokens_warning(supported_keys, t_key)
+      t_key
+    end
+  token = fresh.delete(key) || ""
+  new(client, token, fresh)
+end
+
+
+ +
+

+ + .from_kvform(client, kvform) ⇒ AccessToken + + + + + +

+
+

Initializes an AccessToken from a key/value application/x-www-form-urlencoded string

+ + +
+
+
+

Parameters:

+
    + +
  • + + client + + + (Client) + + + + — +

    the OAuth2::Client instance

    +
    + +
    • + +
  • + + kvform + + + (String) + + + + — +

    the application/x-www-form-urlencoded string

    +
    + +
    • + +
+ +

Returns:

+
    + +
  • + + + (AccessToken) + + + + — +

    the initialized AccessToken

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+66
+67
+68
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 66
+
+def from_kvform(client, kvform)
+  from_hash(client, Rack::Utils.parse_query(kvform))
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + #[](key) ⇒ Object + + + + + +

+
+

Indexer to additional params present in token response

+ + +
+
+
+

Parameters:

+
    + +
  • + + key + + + (String) + + + + — +

    entry key to Hash

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+156
+157
+158
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 156
+
+def [](key)
+  @params[key]
+end
+
+
+ +
+

+ + #delete(path, opts = {}, &block) ⇒ Object + + + + + +

+
+

Make a DELETE request with the Access Token

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+338
+339
+340
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 338
+
+def delete(path, opts = {}, &block)
+  request(:delete, path, opts, &block)
+end
+
+
+ +
+

+ + #expired?Boolean + + + + + +

+
+

Check if token is expired

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + + — +

    true if the token is expired, false otherwise

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+170
+171
+172
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 170
+
+def expired?
+  expires? && (expires_at <= Time.now.to_i)
+end
+
+
+ +
+

+ + #expires?Boolean + + + + + +

+
+

Whether the token expires

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+163
+164
+165
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 163
+
+def expires?
+  !!@expires_at
+end
+
+
+ +
+

+ + #get(path, opts = {}, &block) ⇒ Object + + + + + +

+
+

Make a GET request with the Access Token

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+310
+311
+312
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 310
+
+def get(path, opts = {}, &block)
+  request(:get, path, opts, &block)
+end
+
+
+ +
+

+ + #headersObject + + + + + +

+
+

Get the headers hash (includes Authorization token)

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+343
+344
+345
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 343
+
+def headers
+  {"Authorization" => options[:header_format] % token}
+end
+
+
+ +
+

+ + #patch(path, opts = {}, &block) ⇒ Object + + + + + +

+
+

Make a PATCH request with the Access Token

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+331
+332
+333
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 331
+
+def patch(path, opts = {}, &block)
+  request(:patch, path, opts, &block)
+end
+
+
+ +
+

+ + #post(path, opts = {}, &block) ⇒ Object + + + + + +

+
+

Make a POST request with the Access Token

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+317
+318
+319
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 317
+
+def post(path, opts = {}, &block)
+  request(:post, path, opts, &block)
+end
+
+
+ +
+

+ + #put(path, opts = {}, &block) ⇒ Object + + + + + +

+
+

Make a PUT request with the Access Token

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+324
+325
+326
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 324
+
+def put(path, opts = {}, &block)
+  request(:put, path, opts, &block)
+end
+
+
+ +
+

+ + #refresh(params = {}, access_token_opts = {}) {|opts| ... } ⇒ OAuth2::AccessToken + + + + Also known as: + refresh! + + + + +

+
+ +
+ Note: +

current token’s options are carried over to the new AccessToken

+
+
+ +

Refreshes the current Access Token

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional params to pass to the refresh token request

    +
    + +
    • + +
  • + + access_token_opts + + + (Hash) + + + (defaults to: {}) + + + — +

    options that will be passed to the AccessToken initialization

    +
    + +
    • + +
+ +

Yields:

+
    + +
  • + + + (opts) + + + + — +

    The block to modify the refresh token request options

    +
    + +
    • + +
+

Yield Parameters:

+
    + +
  • + + opts + + + (Hash) + + + + — +

    The options hash that can be modified

    +
    + +
    • + +
+

Returns:

+ +

Raises:

+ + +
+ + + + +
+ 
+
+
+185
+186
+187
+188
+189
+190
+191
+192
+193
+194
+195
+196
+197
+198
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 185
+
+def refresh(params = {}, access_token_opts = {}, &block)
+  raise OAuth2::Error.new({error: "A refresh_token is not available"}) unless refresh_token
+
+  params[:grant_type] = "refresh_token"
+  params[:refresh_token] = refresh_token
+  new_token = @client.get_token(params, access_token_opts, &block)
+  new_token.options = options
+  if new_token.refresh_token
+    # Keep it if there is one
+  else
+    new_token.refresh_token = refresh_token
+  end
+  new_token
+end
+
+
+ +
+

+ + #request(verb, path, opts = {}) {|req| ... } ⇒ OAuth2::Response + + + + + +

+
+

Make a request with the Access Token

+ + +
+
+
+

Parameters:

+
    + +
  • + + verb + + + (Symbol) + + + + — +

    the HTTP request method

    +
    + +
    • + +
  • + + path + + + (String) + + + + — +

    the HTTP URL path of the request

    +
    + +
    • + +
  • + + opts + + + (Hash) + + + (defaults to: {}) + + + — +

    the options to make the request with

    +
    + +
    • + +
+ + + + + + + + +

Options Hash (opts):

+
    + +
  • + :params + (Hash) + + + + + —

    additional URL parameters

    +
    + +
    • + +
  • + :body + (Hash, String) + + + + + —

    the request body

    +
    + +
    • + +
  • + :headers + (Hash) + + + + + —

    request headers

    +
    + +
    • + +
+ + +

Yields:

+
    + +
  • + + + (req) + + + + — +

    The block to modify the request

    +
    + +
    • + +
+

Yield Parameters:

+
    + +
  • + + req + + + (Faraday::Request) + + + + — +

    The request object that can be modified

    +
    + +
    • + +
+

Returns:

+
    + +
  • + + + (OAuth2::Response) + + + + — +

    the response from the request

    +
    + +
    • + +
+ +

See Also:

+ + +
+ + + + +
+ 
+
+
+302
+303
+304
+305
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 302
+
+def request(verb, path, opts = {}, &block)
+  configure_authentication!(opts)
+  @client.request(verb, path, opts, &block)
+end
+
+
+ +
+

+ + #revoke(params = {}) {|req| ... } ⇒ OAuth2::Response + + + + Also known as: + revoke! + + + + +

+
+ +
+ Note: +

If the token passed to the request
+is an access token, the server MAY revoke the respective refresh
+token as well.

+
+
+ +
+ Note: +

If the token passed to the request
+is a refresh token and the authorization server supports the
+revocation of access tokens, then the authorization server SHOULD
+also invalidate all access tokens based on the same authorization
+grant

+
+
+ +
+ Note: +

If the server responds with HTTP status code 503, your code must
+assume the token still exists and may retry after a reasonable delay.
+The server may include a “Retry-After” header in the response to
+indicate how long the service is expected to be unavailable to the
+requesting client.

+
+
+ +

Revokes the token at the authorization server

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional parameters to be sent during revocation

    +
    + +
    • + +
+ + + + +

Options Hash (params):

+
    + +
  • + :token_type_hint + (String, Symbol, nil) + + + — default: + 'access_token' or 'refresh_token' + + + + —

    hint about which token to revoke

    +
    + +
    • + +
  • + :token_method + (Symbol) + + + — default: + :post_with_query_string + + + + —

    overrides OAuth2::Client#options[:token_method]

    +
    + +
    • + +
+ + +

Yields:

+
    + +
  • + + + (req) + + + + — +

    The block is passed the request being made, allowing customization

    +
    + +
    • + +
+

Yield Parameters:

+
    + +
  • + + req + + + (Faraday::Request) + + + + — +

    The request object that can be modified

    +
    + +
    • + +
+

Returns:

+ +

Raises:

+
    + +
  • + + + (OAuth2::Error) + + + + — +

    if token_type_hint is invalid or the specified token is not available

    +
    + +
    • + +
+ +

See Also:

+ + +
+ + + + +
+ 
+
+
+234
+235
+236
+237
+238
+239
+240
+241
+242
+243
+244
+245
+246
+247
+248
+249
+250
+251
+252
+253
+254
+255
+256
+257
+258
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 234
+
+def revoke(params = {}, &block)
+  token_type_hint_orig = params.delete(:token_type_hint)
+  token_type_hint = nil
+  revoke_token = case token_type_hint_orig
+  when "access_token", :access_token
+    token_type_hint = "access_token"
+    token
+  when "refresh_token", :refresh_token
+    token_type_hint = "refresh_token"
+    refresh_token
+  when nil
+    if token
+      token_type_hint = "access_token"
+      token
+    elsif refresh_token
+      token_type_hint = "refresh_token"
+      refresh_token
+    end
+  else
+    raise OAuth2::Error.new({error: "token_type_hint must be one of [nil, :refresh_token, :access_token], so if you need something else consider using a subclass or entirely custom AccessToken class."})
+  end
+  raise OAuth2::Error.new({error: "#{token_type_hint || "unknown token type"} is not available for revoking"}) unless revoke_token && !revoke_token.empty?
+
+  @client.revoke_token(revoke_token, token_type_hint, params, &block)
+end
+
+
+ +
+

+ + #to_hashHash + + + + + +

+
+ +
+ Note: +

Don’t return expires_latency because it has already been deducted from expires_at

+
+
+ +

Convert AccessToken to a hash which can be used to rebuild itself with AccessToken.from_hash

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Hash) + + + + — +

    a hash of AccessToken property values

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+268
+269
+270
+271
+272
+273
+274
+275
+276
+277
+278
+279
+280
+281
+282
+283
+284
+285
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 268
+
+def to_hash
+  hsh = {
+    access_token: token,
+    refresh_token: refresh_token,
+    expires_at: expires_at,
+    mode: options[:mode],
+    header_format: options[:header_format],
+    param_name: options[:param_name],
+  }
+  hsh[:token_name] = options[:token_name] if options.key?(:token_name)
+  # TODO: Switch when dropping Ruby < 2.5 support
+  # params.transform_keys(&:to_sym) # Ruby 2.5 only
+  # Old Ruby transform_keys alternative:
+  sheesh = @params.each_with_object({}) { |(k, v), memo|
+    memo[k.to_sym] = v
+  }
+  sheesh.merge(hsh)
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html new file mode 100644 index 00000000..6119de2a --- /dev/null +++ b/doc/OAuth2/Authenticator.html @@ -0,0 +1,641 @@ + + + + + + + Class: OAuth2::Authenticator + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Authenticator + + + +

+
+ +
+
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+
+ + + + + + +
+
Includes:
+
FilteredAttributes
+
+ + + + + + +
+
Defined in:
+
lib/oauth2/authenticator.rb
+
+ +
+ + + + + +

Instance Attribute Summary collapse

+
    + +
  • + + + #id ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute id.

    +
     + +
    • + + +
  • + + + #mode ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute mode.

    +
     + +
    • + + +
  • + + + #secret ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute secret.

    +
     + +
    • + + +
+ + + + + +

+ Class Method Summary + collapse +

+ + + +

+ Instance Method Summary + collapse +

+ + + + + + + + + + + + + +

Methods included from FilteredAttributes

+

included, #inspect

+
+

Constructor Details

+ +
+

+ + #initialize(id, secret, mode) ⇒ Authenticator + + + + + +

+
+

Returns a new instance of Authenticator.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+12
+13
+14
+15
+16
+ 		+ 
# File 'lib/oauth2/authenticator.rb', line 12
+
+def initialize(id, secret, mode)
+  @id = id
+  @secret = secret
+  @mode = mode
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + #idObject (readonly) + + + + + +

+
+

Returns the value of attribute id.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+9
+10
+11
+ 		+ 
# File 'lib/oauth2/authenticator.rb', line 9
+
+def id
+  @id
+end
+
+
+ + + +
+

+ + #modeObject (readonly) + + + + + +

+
+

Returns the value of attribute mode.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+9
+10
+11
+ 		+ 
# File 'lib/oauth2/authenticator.rb', line 9
+
+def mode
+  @mode
+end
+
+
+ + + +
+

+ + #secretObject (readonly) + + + + + +

+
+

Returns the value of attribute secret.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+9
+10
+11
+ 		+ 
# File 'lib/oauth2/authenticator.rb', line 9
+
+def secret
+  @secret
+end
+
+
+ +
+ + +
+

Class Method Details

+ + +
+

+ + .encode_basic_auth(user, password) ⇒ Object + + + + + +

+ + + + +
+ 
+
+
+42
+43
+44
+ 		+ 
# File 'lib/oauth2/authenticator.rb', line 42
+
+def self.encode_basic_auth(user, password)
+  "Basic #{Base64.strict_encode64("#{user}:#{password}")}"
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + #apply(params) ⇒ Hash + + + + + +

+
+

Apply the request credentials used to authenticate to the Authorization Server

+ +

Depending on the configuration, this might be as request params or as an
+Authorization header.

+ +

User-provided params and header take precedence.

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + + — +

    a Hash of params for the token endpoint

    +
    + +
    • + +
+ +

Returns:

+
    + +
  • + + + (Hash) + + + + — +

    params amended with appropriate authentication details

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+ 		+ 
# File 'lib/oauth2/authenticator.rb', line 27
+
+def apply(params)
+  case mode.to_sym
+  when :basic_auth
+    apply_basic_auth(params)
+  when :request_body
+    apply_params_auth(params)
+  when :tls_client_auth
+    apply_client_id(params)
+  when :private_key_jwt
+    params
+  else
+    raise NotImplementedError
+  end
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html new file mode 100644 index 00000000..4bf3acd3 --- /dev/null +++ b/doc/OAuth2/Client.html @@ -0,0 +1,2661 @@ + + + + + + + Class: OAuth2::Client + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Client + + + +

+
+ +
+
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+
+ + + + + + +
+
Includes:
+
FilteredAttributes
+
+ + + + + + +
+
Defined in:
+
lib/oauth2/client.rb
+
+ +
+ +

Overview

+
+

The OAuth2::Client class

+ + +
+
+
+ + +
+ +

+ Constant Summary + collapse +

+ +
+ +
RESERVED_REQ_KEYS = +
+
+

rubocop:disable Metrics/ClassLength

+ + +
+
+
+ + +
+
+ 
%w[body headers params redirect_count].freeze
+ +
RESERVED_PARAM_KEYS = + +
+ 
(RESERVED_REQ_KEYS + %w[parse snaky token_method]).freeze
+ +
+ + + + + +

Instance Attribute Summary collapse

+
    + +
  • + + + #connection ⇒ Faraday::Connection + + + + + + + + + + + + + + + + +

    The Faraday connection object.

    +
     + +
    • + + +
  • + + + #id ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute id.

    +
     + +
    • + + +
  • + + + #options ⇒ Object + + + + + + + + + + + + + + + + +

    Returns the value of attribute options.

    +
     + +
    • + + +
  • + + + #secret ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute secret.

    +
     + +
    • + + +
  • + + + #site ⇒ Object + + + + + + + + + + + + + + + + +

    Returns the value of attribute site.

    +
     + +
    • + + +
+ + + + + +

+ Instance Method Summary + collapse +

+ + + + + + + + + + + + + +

Methods included from FilteredAttributes

+

included, #inspect

+
+

Constructor Details

+ +
+

+ + #initialize(client_id, client_secret, options = {}) {|builder| ... } ⇒ Client + + + + + +

+
+

Initializes a new OAuth2::Client instance using the Client ID and Client Secret registered to your application.

+ + +
+
+
+

Parameters:

+
    + +
  • + + client_id + + + (String) + + + + — +

    the client_id value

    +
    + +
    • + +
  • + + client_secret + + + (String) + + + + — +

    the client_secret value

    +
    + +
    • + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + + — +

    the options to configure the client

    +
    + +
    • + +
+ + + + + + + + +

Options Hash (options):

+
    + +
  • + :site + (String) + + + + + —

    the OAuth2 provider site host

    +
    + +
    • + +
  • + :authorize_url + (String) + + + — default: + '/oauth/authorize' + + + + —

    absolute or relative URL path to the Authorization endpoint

    +
    + +
    • + +
  • + :revoke_url + (String) + + + — default: + '/oauth/revoke' + + + + —

    absolute or relative URL path to the Revoke endpoint

    +
    + +
    • + +
  • + :token_url + (String) + + + — default: + '/oauth/token' + + + + —

    absolute or relative URL path to the Token endpoint

    +
    + +
    • + +
  • + :token_method + (Symbol) + + + — default: + :post + + + + —

    HTTP method to use to request token (:get, :post, :post_with_query_string)

    +
    + +
    • + +
  • + :auth_scheme + (Symbol) + + + — default: + :basic_auth + + + + —

    the authentication scheme (:basic_auth, :request_body, :tls_client_auth, :private_key_jwt)

    +
    + +
    • + +
  • + :connection_opts + (Hash) + + + — default: + {} + + + + —

    Hash of connection options to pass to initialize Faraday

    +
    + +
    • + +
  • + :raise_errors + (Boolean) + + + — default: + true + + + + —

    whether to raise an OAuth2::Error on responses with 400+ status codes

    +
    + +
    • + +
  • + :max_redirects + (Integer) + + + — default: + 5 + + + + —

    maximum number of redirects to follow

    +
    + +
    • + +
  • + :logger + (Logger) + + + — default: + ::Logger.new($stdout) + + + + —

    Logger instance for HTTP request/response output; requires OAUTH_DEBUG to be true

    +
    + +
    • + +
  • + :access_token_class + (Class) + + + — default: + AccessToken + + + + —

    class to use for access tokens; you can subclass OAuth2::AccessToken, @version 2.0+

    +
    + +
    • + +
  • + :ssl + (Hash) + + + + + —

    SSL options for Faraday

    +
    + +
    • + +
+ + +

Yields:

+
    + +
  • + + + (builder) + + + + — +

    The Faraday connection builder

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+50
+51
+52
+53
+54
+55
+56
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+ 		+ 
# File 'lib/oauth2/client.rb', line 50
+
+def initialize(client_id, client_secret, options = {}, &block)
+  opts = options.dup
+  @id = client_id
+  @secret = client_secret
+  @site = opts.delete(:site)
+  ssl = opts.delete(:ssl)
+  warn("OAuth2::Client#initialize argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class`.") if opts[:extract_access_token]
+  @options = {
+    authorize_url: "oauth/authorize",
+    revoke_url: "oauth/revoke",
+    token_url: "oauth/token",
+    token_method: :post,
+    auth_scheme: :basic_auth,
+    connection_opts: {},
+    connection_build: block,
+    max_redirects: 5,
+    raise_errors: true,
+    logger: ::Logger.new($stdout),
+    access_token_class: AccessToken,
+  }.merge(opts)
+  @options[:connection_opts][:ssl] = ssl if ssl
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + #connectionFaraday::Connection + + + + + +

+
+

The Faraday connection object

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Faraday::Connection) + + + + — +

    the initialized Faraday connection

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+96
+ 		+ 
# File 'lib/oauth2/client.rb', line 85
+
+def connection
+  @connection ||=
+    Faraday.new(site, options[:connection_opts]) do |builder|
+      oauth_debug_logging(builder)
+      if options[:connection_build]
+        options[:connection_build].call(builder)
+      else
+        builder.request(:url_encoded)             # form-encode POST params
+        builder.adapter(Faraday.default_adapter)  # make requests with Net::HTTP
+      end
+    end
+end
+
+
+ + + +
+

+ + #idObject (readonly) + + + + + +

+
+

Returns the value of attribute id.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+26
+27
+28
+ 		+ 
# File 'lib/oauth2/client.rb', line 26
+
+def id
+  @id
+end
+
+
+ + + +
+

+ + #optionsObject + + + + + +

+
+

Returns the value of attribute options.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+27
+28
+29
+ 		+ 
# File 'lib/oauth2/client.rb', line 27
+
+def options
+  @options
+end
+
+
+ + + +
+

+ + #secretObject (readonly) + + + + + +

+
+

Returns the value of attribute secret.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+26
+27
+28
+ 		+ 
# File 'lib/oauth2/client.rb', line 26
+
+def secret
+  @secret
+end
+
+
+ + + +
+

+ + #siteObject + + + + + +

+
+

Returns the value of attribute site.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+26
+27
+28
+ 		+ 
# File 'lib/oauth2/client.rb', line 26
+
+def site
+  @site
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + #assertionOAuth2::Strategy::Assertion + + + + + +

+
+

The Assertion strategy

+ +

This allows for assertion-based authentication where an identity provider
+asserts the identity of the user or client application seeking access.

+ + +
+
+
+ +

Returns:

+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+314
+315
+316
+ 		+ 
# File 'lib/oauth2/client.rb', line 314
+
+def assertion
+  @assertion ||= OAuth2::Strategy::Assertion.new(self)
+end
+
+
+ +
+

+ + #auth_codeObject + + + + + +

+
+

The Authorization Code strategy

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+280
+281
+282
+ 		+ 
# File 'lib/oauth2/client.rb', line 280
+
+def auth_code
+  @auth_code ||= OAuth2::Strategy::AuthCode.new(self)
+end
+
+
+ +
+

+ + #authorize_url(params = {}) ⇒ String + + + + + +

+
+

The authorize endpoint URL of the OAuth2 provider

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional query parameters

    +
    + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +

    the constructed authorize URL

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+102
+103
+104
+105
+ 		+ 
# File 'lib/oauth2/client.rb', line 102
+
+def authorize_url(params = {})
+  params = (params || {}).merge(redirection_params)
+  connection.build_url(options[:authorize_url], params).to_s
+end
+
+
+ +
+

+ + #client_credentialsObject + + + + + +

+
+

The Client Credentials strategy

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+301
+302
+303
+ 		+ 
# File 'lib/oauth2/client.rb', line 301
+
+def client_credentials
+  @client_credentials ||= OAuth2::Strategy::ClientCredentials.new(self)
+end
+
+
+ +
+

+ + #get_token(params, access_token_opts = {}, extract_access_token = nil) {|opts| ... } ⇒ AccessToken? + + + + + +

+
+ +
+ Note: +

The extract_access_token parameter is deprecated and will be removed in oauth2 v3.
+Use access_token_class on initialization instead.

+
+
+ +

Retrieves an access token from the token endpoint using the specified parameters

+ + +
+
+
+ +
+

Examples:

+ + + 
client.get_token(
+  'grant_type' => 'authorization_code',
+  'code' => 'auth_code_value',
+  'headers' => {'Authorization' => 'Basic ...'}
+)
+ +
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + + — +

    a Hash of params for the token endpoint

    +
      +
    • params can include a ‘headers’ key with a Hash of request headers
      • +
    • params can include a ‘parse’ key with the Symbol name of response parsing strategy (default: :automatic)
      • +
    • params can include a ‘snaky’ key to control snake_case conversion (default: false)
      • +
    +
    + +
    • + +
  • + + access_token_opts + + + (Hash) + + + (defaults to: {}) + + + — +

    options that will be passed to the AccessToken initialization

    +
    + +
    • + +
  • + + extract_access_token + + + (Proc) + + + (defaults to: nil) + + + — +

    (deprecated) a proc that can extract the access token from the response

    +
    + +
    • + +
+ +

Yields:

+
    + +
  • + + + (opts) + + + + — +

    The block is passed the options being used to make the request

    +
    + +
    • + +
+

Yield Parameters:

+
    + +
  • + + opts + + + (Hash) + + + + — +

    options being passed to the http library

    +
    + +
    • + +
+

Returns:

+
    + +
  • + + + (AccessToken, nil) + + + + — +

    the initialized AccessToken instance, or nil if token extraction fails
    +and raise_errors is false

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+208
+209
+210
+211
+212
+213
+214
+215
+216
+217
+218
+219
+220
+221
+222
+ 		+ 
# File 'lib/oauth2/client.rb', line 208
+
+def get_token(params, access_token_opts = {}, extract_access_token = nil, &block)
+  warn("OAuth2::Client#get_token argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class` on #initialize.") if extract_access_token
+  extract_access_token ||= options[:extract_access_token]
+  req_opts = params_to_req_opts(params)
+  response = request(http_method, token_url, req_opts, &block)
+
+  # In v1.4.x, the deprecated extract_access_token option retrieves the token from the response.
+  # We preserve this behavior here, but a custom access_token_class that implements #from_hash
+  # should be used instead.
+  if extract_access_token
+    parse_response_legacy(response, access_token_opts, extract_access_token)
+  else
+    parse_response(response, access_token_opts)
+  end
+end
+
+
+ +
+

+ + #http_methodSymbol + + + + + +

+
+

The HTTP Method of the request

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Symbol) + + + + — +

    HTTP verb, one of [:get, :post, :put, :delete]

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+270
+271
+272
+273
+274
+275
+ 		+ 
# File 'lib/oauth2/client.rb', line 270
+
+def http_method
+  http_meth = options[:token_method].to_sym
+  return :post if http_meth == :post_with_query_string
+
+  http_meth
+end
+
+
+ +
+

+ + #implicitObject + + + + + +

+
+

The Implicit strategy

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+287
+288
+289
+ 		+ 
# File 'lib/oauth2/client.rb', line 287
+
+def implicit
+  @implicit ||= OAuth2::Strategy::Implicit.new(self)
+end
+
+
+ +
+

+ + #passwordObject + + + + + +

+
+

The Resource Owner Password Credentials strategy

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+294
+295
+296
+ 		+ 
# File 'lib/oauth2/client.rb', line 294
+
+def password
+  @password ||= OAuth2::Strategy::Password.new(self)
+end
+
+
+ +
+

+ + #redirection_paramsHash + + + + + +

+
+

The redirect_uri parameters, if configured

+ +

The redirect_uri query parameter is OPTIONAL (though encouraged) when
+requesting authorization. If it is provided at authorization time it MUST
+also be provided with the token exchange request.

+ +

Providing :redirect_uri to the OAuth2::Client instantiation will take
+care of managing this.

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Hash) + + + + — +

    the params to add to a request or URL

    +
    + +
    • + +
+ +

See Also:

+ + +
+ + + + +
+ 
+
+
+335
+336
+337
+338
+339
+340
+341
+ 		+ 
# File 'lib/oauth2/client.rb', line 335
+
+def redirection_params
+  if options[:redirect_uri]
+    {"redirect_uri" => options[:redirect_uri]}
+  else
+    {}
+  end
+end
+
+
+ +
+

+ + #request(verb, url, req_opts = {}) {|req| ... } ⇒ OAuth2::Response + + + + + +

+
+

Makes a request relative to the specified site root.

+ +

Updated HTTP 1.1 specification (IETF RFC 7231) relaxed the original constraint (IETF RFC 2616),
+ allowing the use of relative URLs in Location headers.

+ + +
+
+
+

Parameters:

+
    + +
  • + + verb + + + (Symbol) + + + + — +

    one of [:get, :post, :put, :delete]

    +
    + +
    • + +
  • + + url + + + (String) + + + + — +

    URL path of request

    +
    + +
    • + +
  • + + req_opts + + + (Hash) + + + (defaults to: {}) + + + — +

    the options to make the request with

    +
    + +
    • + +
+ + + + + + + + +

Options Hash (req_opts):

+
    + +
  • + :params + (Hash) + + + + + —

    additional query parameters for the URL of the request

    +
    + +
    • + +
  • + :body + (Hash, String) + + + + + —

    the body of the request

    +
    + +
    • + +
  • + :headers + (Hash) + + + + + —

    http request headers

    +
    + +
    • + +
  • + :raise_errors + (Boolean) + + + + + —

    whether to raise an OAuth2::Error on 400+ status
    +code response for this request. Overrides the client instance setting.

    +
    + +
    • + +
  • + :parse + (Symbol) + + + + + —

    @see Response::initialize

    +
    + +
    • + +
  • + :snaky + (Boolean) + + + — default: + true + + + + —

    @see Response::initialize

    +
    + +
    • + +
+ + +

Yields:

+
    + +
  • + + + (req) + + + + — +

    The block is passed the request being made, allowing customization

    +
    + +
    • + +
+

Yield Parameters:

+
    + +
  • + + req + + + (Faraday::Request) + + + + — +

    The request object that can be modified

    +
    + +
    • + +
+

Returns:

+
    + +
  • + + + (OAuth2::Response) + + + + — +

    the response from the request

    +
    + +
    • + +
+ +

See Also:

+ + +
+ + + + +
+ 
+
+
+146
+147
+148
+149
+150
+151
+152
+153
+154
+155
+156
+157
+158
+159
+160
+161
+162
+163
+164
+165
+166
+167
+168
+169
+170
+171
+172
+173
+174
+175
+176
+177
+178
+179
+180
+181
+182
+ 		+ 
# File 'lib/oauth2/client.rb', line 146
+
+def request(verb, url, req_opts = {}, &block)
+  response = execute_request(verb, url, req_opts, &block)
+  status = response.status
+
+  case status
+  when 301, 302, 303, 307
+    req_opts[:redirect_count] ||= 0
+    req_opts[:redirect_count] += 1
+    return response if req_opts[:redirect_count] > options[:max_redirects]
+
+    if status == 303
+      verb = :get
+      req_opts.delete(:body)
+    end
+    location = response.headers["location"]
+    if location
+      full_location = response.response.env.url.merge(location)
+      request(verb, full_location, req_opts)
+    else
+      error = Error.new(response)
+      raise(error, "Got #{status} status code, but no Location header was present")
+    end
+  when 200..299, 300..399
+    # on non-redirecting 3xx statuses, return the response
+    response
+  when 400..599
+    if req_opts.fetch(:raise_errors, options[:raise_errors])
+      error = Error.new(response)
+      raise(error)
+    end
+
+    response
+  else
+    error = Error.new(response)
+    raise(error, "Unhandled status code value of #{status}")
+  end
+end
+
+
+ +
+

+ + #revoke_token(token, token_type_hint = nil, params = {}) {|req| ... } ⇒ OAuth2::Response + + + + + +

+
+ +
+ Note: +

If the token passed to the request
+is an access token, the server MAY revoke the respective refresh
+token as well.

+
+
+ +
+ Note: +

If the token passed to the request
+is a refresh token and the authorization server supports the
+revocation of access tokens, then the authorization server SHOULD
+also invalidate all access tokens based on the same authorization
+grant

+
+
+ +
+ Note: +

If the server responds with HTTP status code 503, your code must
+assume the token still exists and may retry after a reasonable delay.
+The server may include a “Retry-After” header in the response to
+indicate how long the service is expected to be unavailable to the
+requesting client.

+
+
+ +

Makes a request to revoke a token at the authorization server

+ + +
+
+
+

Parameters:

+
    + +
  • + + token + + + (String) + + + + — +

    The token to be revoked

    +
    + +
    • + +
  • + + token_type_hint + + + (String, nil) + + + (defaults to: nil) + + + — +

    A hint about the type of the token being revoked (e.g., ‘access_token’ or ‘refresh_token’)

    +
    + +
    • + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional parameters for the token revocation

    +
    + +
    • + +
+ + + + + + + + +

Options Hash (params):

+
    + +
  • + :parse + (Symbol) + + + — default: + :automatic + + + + —

    parsing strategy for the response

    +
    + +
    • + +
  • + :snaky + (Boolean) + + + — default: + true + + + + —

    whether to convert response keys to snake_case

    +
    + +
    • + +
  • + :token_method + (Symbol) + + + — default: + :post_with_query_string + + + + —

    overrides OAuth2::Client#options[:token_method]

    +
    + +
    • + +
  • + :headers + (Hash) + + + + + —

    Additional request headers

    +
    + +
    • + +
+ + +

Yields:

+
    + +
  • + + + (req) + + + + — +

    The block is passed the request being made, allowing customization

    +
    + +
    • + +
+

Yield Parameters:

+
    + +
  • + + req + + + (Faraday::Request) + + + + — +

    The request object that can be modified

    +
    + +
    • + +
+

Returns:

+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+257
+258
+259
+260
+261
+262
+263
+264
+265
+ 		+ 
# File 'lib/oauth2/client.rb', line 257
+
+def revoke_token(token, token_type_hint = nil, params = {}, &block)
+  params[:token_method] ||= :post_with_query_string
+  req_opts = params_to_req_opts(params)
+  req_opts[:params] ||= {}
+  req_opts[:params][:token] = token
+  req_opts[:params][:token_type_hint] = token_type_hint if token_type_hint
+
+  request(http_method, revoke_url, req_opts, &block)
+end
+
+
+ +
+

+ + #revoke_url(params = nil) ⇒ String + + + + + +

+
+

The revoke endpoint URL of the OAuth2 provider

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash, nil) + + + (defaults to: nil) + + + — +

    additional query parameters

    +
    + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +

    the constructed revoke URL

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+119
+120
+121
+ 		+ 
# File 'lib/oauth2/client.rb', line 119
+
+def revoke_url(params = nil)
+  connection.build_url(options[:revoke_url], params).to_s
+end
+
+
+ +
+

+ + #token_url(params = nil) ⇒ String + + + + + +

+
+

The token endpoint URL of the OAuth2 provider

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash, nil) + + + (defaults to: nil) + + + — +

    additional query parameters

    +
    + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +

    the constructed token URL

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+111
+112
+113
+ 		+ 
# File 'lib/oauth2/client.rb', line 111
+
+def token_url(params = nil)
+  connection.build_url(options[:token_url], params).to_s
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html new file mode 100644 index 00000000..20fa39da --- /dev/null +++ b/doc/OAuth2/Error.html @@ -0,0 +1,528 @@ + + + + + + + Exception: OAuth2::Error + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Exception: OAuth2::Error + + + +

+
+ +
+
Inherits:
+
+ StandardError + +
    +
  • Object
    • + + + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/error.rb
+
+ +
+ + + + + +

Instance Attribute Summary collapse

+
    + +
  • + + + #body ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute body.

    +
     + +
    • + + +
  • + + + #code ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute code.

    +
     + +
    • + + +
  • + + + #description ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute description.

    +
     + +
    • + + +
  • + + + #response ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute response.

    +
     + +
    • + + +
+ + + + + +

+ Instance Method Summary + collapse +

+ +
    + +
  • + + + #initialize(response) ⇒ Error + + + + + + + constructor + + + + + + + + +

    standard error codes include: ‘invalid_request’, ‘invalid_client’, ‘invalid_token’, ‘invalid_grant’, ‘unsupported_grant_type’, ‘invalid_scope’ response might be a Response object, or the response.parsed hash.

    +
     + +
    • + + +
+ + + +
+

Constructor Details

+ +
+

+ + #initialize(response) ⇒ Error + + + + + +

+
+

standard error codes include:
+‘invalid_request’, ‘invalid_client’, ‘invalid_token’, ‘invalid_grant’, ‘unsupported_grant_type’, ‘invalid_scope’
+response might be a Response object, or the response.parsed hash

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+ 		+ 
# File 'lib/oauth2/error.rb', line 10
+
+def initialize(response)
+  @response = response
+  if response.respond_to?(:parsed)
+    if response.parsed.is_a?(Hash)
+      @code = response.parsed["error"]
+      @description = response.parsed["error_description"]
+    end
+  elsif response.is_a?(Hash)
+    @code = response["error"]
+    @description = response["error_description"]
+  end
+  @body = if response.respond_to?(:body)
+    response.body
+  else
+    @response
+  end
+  message_opts = parse_error_description(@code, @description)
+  super(error_message(@body, message_opts))
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + #bodyObject (readonly) + + + + + +

+
+

Returns the value of attribute body.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+5
+6
+7
+ 		+ 
# File 'lib/oauth2/error.rb', line 5
+
+def body
+  @body
+end
+
+
+ + + +
+

+ + #codeObject (readonly) + + + + + +

+
+

Returns the value of attribute code.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+5
+6
+7
+ 		+ 
# File 'lib/oauth2/error.rb', line 5
+
+def code
+  @code
+end
+
+
+ + + +
+

+ + #descriptionObject (readonly) + + + + + +

+
+

Returns the value of attribute description.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+5
+6
+7
+ 		+ 
# File 'lib/oauth2/error.rb', line 5
+
+def description
+  @description
+end
+
+
+ + + +
+

+ + #responseObject (readonly) + + + + + +

+
+

Returns the value of attribute response.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+5
+6
+7
+ 		+ 
# File 'lib/oauth2/error.rb', line 5
+
+def response
+  @response
+end
+
+
+ +
+ + +
+ + + +
+ + \ No newline at end of file diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html new file mode 100644 index 00000000..df18761e --- /dev/null +++ b/doc/OAuth2/FilteredAttributes.html @@ -0,0 +1,278 @@ + + + + + + + Module: OAuth2::FilteredAttributes + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Module: OAuth2::FilteredAttributes + + + +

+
+ + + + + + + + + +
+
Included in:
+
AccessToken, Authenticator, Client
+
+ + + +
+
Defined in:
+
lib/oauth2/filtered_attributes.rb
+
+ +
+ +

Defined Under Namespace

+

+ + + Modules: ClassMethods + + + + +

+ + + + + + + + +

+ Class Method Summary + collapse +

+ + + +

+ Instance Method Summary + collapse +

+ + + + + + +
+

Class Method Details

+ + +
+

+ + .included(base) ⇒ Object + + + + + +

+ + + + +
+ 
+
+
+3
+4
+5
+ 		+ 
# File 'lib/oauth2/filtered_attributes.rb', line 3
+
+def self.included(base)
+  base.extend(ClassMethods)
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + #inspectObject + + + + + +

+ + + + +
+ 
+
+
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+ 		+ 
# File 'lib/oauth2/filtered_attributes.rb', line 17
+
+def inspect
+  filtered_attribute_names = self.class.filtered_attribute_names
+  return super if filtered_attribute_names.empty?
+
+  inspected_vars = instance_variables.map do |var|
+    if filtered_attribute_names.any? { |filtered_var| var.to_s.include?(filtered_var.to_s) }
+      "#{var}=[FILTERED]"
+    else
+      "#{var}=#{instance_variable_get(var).inspect}"
+    end
+  end
+  "#<#{self.class}:#{object_id} #{inspected_vars.join(", ")}>"
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html new file mode 100644 index 00000000..327d2f77 --- /dev/null +++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html @@ -0,0 +1,228 @@ + + + + + + + Module: OAuth2::FilteredAttributes::ClassMethods + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Module: OAuth2::FilteredAttributes::ClassMethods + + + +

+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/filtered_attributes.rb
+
+ +
+ + + + + + + + + +

+ Instance Method Summary + collapse +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + #filtered_attribute_namesObject + + + + + +

+ + + + +
+ 
+
+
+12
+13
+14
+ 		+ 
# File 'lib/oauth2/filtered_attributes.rb', line 12
+
+def filtered_attribute_names
+  @filtered_attribute_names || []
+end
+
+
+ +
+

+ + #filtered_attributes(*attributes) ⇒ Object + + + + + +

+ + + + +
+ 
+
+
+8
+9
+10
+ 		+ 
# File 'lib/oauth2/filtered_attributes.rb', line 8
+
+def filtered_attributes(*attributes)
+  @filtered_attribute_names = attributes.map(&:to_sym)
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html new file mode 100644 index 00000000..1bacce58 --- /dev/null +++ b/doc/OAuth2/Response.html @@ -0,0 +1,1146 @@ + + + + + + + Class: OAuth2::Response + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Response + + + +

+
+ +
+
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/response.rb
+
+ +
+ +

Overview

+
+

OAuth2::Response class

+ + +
+
+
+ + +
+ +

+ Constant Summary + collapse +

+ +
+ +
DEFAULT_OPTIONS = + +
+ 
{
+  parse: :automatic,
+  snaky: true,
+}.freeze
+ +
@@parsers = +
+
+

Procs that, when called, will parse a response body according
+to the specified format.

+ + +
+
+
+ + +
+
+ 
{
+  query: ->(body) { Rack::Utils.parse_query(body) },
+  text: ->(body) { body },
+}
+ +
@@content_types = +
+
+

Content type assignments for various potential HTTP content types.

+ + +
+
+
+ + +
+
+ 
{
+  "application/x-www-form-urlencoded" => :query,
+  "text/plain" => :text,
+}
+ +
+ + + + + +

Instance Attribute Summary collapse

+
    + +
  • + + + #options ⇒ Object + + + + + + + + + + + + + + + + +

    Returns the value of attribute options.

    +
     + +
    • + + +
  • + + + #response ⇒ Object + + + + + + + + + readonly + + + + + + + + + +

    Returns the value of attribute response.

    +
     + +
    • + + +
+ + + + + +

+ Class Method Summary + collapse +

+ + + +

+ Instance Method Summary + collapse +

+ + + + +
+

Constructor Details

+ +
+

+ + #initialize(response, parse: :automatic, snaky: true, **options) ⇒ Response + + + + + +

+
+

Initializes a Response instance

+ + +
+
+
+

Parameters:

+
    + +
  • + + response + + + (Faraday::Response) + + + + — +

    The Faraday response instance

    +
    + +
    • + +
  • + + parse + + + (Symbol) + + + (defaults to: :automatic) + + + — +

    (:automatic) how to parse the response body. one of :query (for x-www-form-urlencoded),
    +:json, or :automatic (determined by Content-Type response header)

    +
    + +
    • + +
  • + + snaky + + + (true, false) + + + (defaults to: true) + + + — +

    (true) Convert @parsed to a snake-case,
    +indifferent-access SnakyHash::StringKeyed, which is a subclass of Hashie::Mash (from hashie gem)?

    +
    + +
    • + +
  • + + options + + + (Hash) + + + + — +

    all other options for initializing the instance

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+51
+52
+53
+54
+55
+56
+57
+ 		+ 
# File 'lib/oauth2/response.rb', line 51
+
+def initialize(response, parse: :automatic, snaky: true, **options)
+  @response = response
+  @options = {
+    parse: parse,
+    snaky: snaky,
+  }.merge(options)
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + #optionsObject + + + + + +

+
+

Returns the value of attribute options.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+15
+16
+17
+ 		+ 
# File 'lib/oauth2/response.rb', line 15
+
+def options
+  @options
+end
+
+
+ + + +
+

+ + #responseObject (readonly) + + + + + +

+
+

Returns the value of attribute response.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+14
+15
+16
+ 		+ 
# File 'lib/oauth2/response.rb', line 14
+
+def response
+  @response
+end
+
+
+ +
+ + +
+

Class Method Details

+ + +
+

+ + .register_parser(key, mime_types) {|String| ... } ⇒ Object + + + + + +

+
+

Adds a new content type parser.

+ + +
+
+
+

Parameters:

+
    + +
  • + + key + + + (Symbol) + + + + — +

    A descriptive symbol key such as :json or :query.

    +
    + +
    • + +
  • + + mime_types + + + (Array) + + + + — +

    One or more mime types to which this parser applies.

    +
    + +
    • + +
+ +

Yields:

+
    + +
  • + + + (String) + + + + — +

    A block returning parsed content.

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+35
+36
+37
+38
+39
+40
+41
+ 		+ 
# File 'lib/oauth2/response.rb', line 35
+
+def self.register_parser(key, mime_types, &block)
+  key = key.to_sym
+  @@parsers[key] = block
+  Array(mime_types).each do |mime_type|
+    @@content_types[mime_type] = key
+  end
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + #bodyObject + + + + + +

+
+

The HTTP response body

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+70
+71
+72
+ 		+ 
# File 'lib/oauth2/response.rb', line 70
+
+def body
+  response.body || ""
+end
+
+
+ +
+

+ + #content_typeObject + + + + + +

+
+

Attempts to determine the content type of the response.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+102
+103
+104
+105
+106
+ 		+ 
# File 'lib/oauth2/response.rb', line 102
+
+def content_type
+  return unless response.headers
+
+  ((response.headers.values_at("content-type", "Content-Type").compact.first || "").split(";").first || "").strip.downcase
+end
+
+
+ +
+

+ + #headersObject + + + + + +

+
+

The HTTP response headers

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+60
+61
+62
+ 		+ 
# File 'lib/oauth2/response.rb', line 60
+
+def headers
+  response.headers
+end
+
+
+ +
+

+ + #parsedObject? + + + + + +

+
+

The #response #body as parsed by #parser.

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Object) + + + + — +

    As returned by #parser if it is #call-able.

    +
    + +
    • + +
  • + + + (nil) + + + + — +

    If the #parser is not #call-able.

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+96
+97
+98
+99
+ 		+ 
# File 'lib/oauth2/response.rb', line 78
+
+def parsed
+  return @parsed if defined?(@parsed)
+
+  @parsed =
+    if parser.respond_to?(:call)
+      case parser.arity
+      when 0
+        parser.call
+      when 1
+        parser.call(body)
+      else
+        parser.call(body, response)
+      end
+    end
+
+  if options[:snaky] && @parsed.is_a?(Hash)
+    parsed = SnakyHash::StringKeyed.new(@parsed)
+    @parsed = parsed.to_h
+  end
+
+  @parsed
+end
+
+
+ +
+

+ + #parserProc, ... + + + + + +

+
+

Determines the parser (a Proc or other Object which responds to #call)
+that will be passed the #body (and optional #response) to supply
+#parsed.

+ +

The parser can be supplied as the +:parse+ option in the form of a Proc
+(or other Object responding to #call) or a Symbol. In the latter case,
+the actual parser will be looked up in @@parsers by the supplied Symbol.

+ +

If no +:parse+ option is supplied, the lookup Symbol will be determined
+by looking up #content_type in @@content_types.

+ +

If #parser is a Proc, it will be called with no arguments, just
+#body, or #body and #response, depending on the Proc’s arity.

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Proc, #call) + + + + — +

    If a parser was found.

    +
    + +
    • + +
  • + + + (nil) + + + + — +

    If no parser was found.

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+124
+125
+126
+127
+128
+129
+130
+131
+132
+133
+134
+135
+ 		+ 
# File 'lib/oauth2/response.rb', line 124
+
+def parser
+  return @parser if defined?(@parser)
+
+  @parser =
+    if options[:parse].respond_to?(:call)
+      options[:parse]
+    elsif options[:parse]
+      @@parsers[options[:parse].to_sym]
+    end
+
+  @parser ||= @@parsers[@@content_types[content_type]]
+end
+
+
+ +
+

+ + #statusObject + + + + + +

+
+

The HTTP response status code

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+65
+66
+67
+ 		+ 
# File 'lib/oauth2/response.rb', line 65
+
+def status
+  response.status
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html new file mode 100644 index 00000000..71c3a598 --- /dev/null +++ b/doc/OAuth2/Strategy.html @@ -0,0 +1,117 @@ + + + + + + + Module: OAuth2::Strategy + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Module: OAuth2::Strategy + + + +

+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/strategy/base.rb,
+ lib/oauth2/strategy/implicit.rb,
lib/oauth2/strategy/password.rb,
lib/oauth2/strategy/assertion.rb,
lib/oauth2/strategy/auth_code.rb,
lib/oauth2/strategy/client_credentials.rb +
+
+ +
+ +

Defined Under Namespace

+

+ + + + + Classes: Assertion, AuthCode, Base, ClientCredentials, Implicit, Password + + +

+ + + + + + + + + +
+ + + +
+ + \ No newline at end of file diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html new file mode 100644 index 00000000..3aa4de62 --- /dev/null +++ b/doc/OAuth2/Strategy/Assertion.html @@ -0,0 +1,491 @@ + + + + + + + Class: OAuth2::Strategy::Assertion + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Strategy::Assertion + + + +

+
+ +
+
Inherits:
+
+ Base + +
    +
  • Object
    • + + + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/strategy/assertion.rb
+
+ +
+ +

Overview

+
+

The Client Assertion Strategy

+ +

Sample usage:
+ client = OAuth2::Client.new(client_id, client_secret,
+ :site => ‘http://localhost:8080’,
+ :auth_scheme => :request_body)

+ +

claim_set = {
+ :iss => “http://localhost:3001”,
+ :aud => “http://localhost:8080/oauth2/token”,
+ :sub => “me@example.com”,
+ :exp => Time.now.utc.to_i + 3600,
+ }

+ +

encoding = {
+ :algorithm => ‘HS256’,
+ :key => ‘secret_key’,
+ }

+ +

access = client.assertion.get_token(claim_set, encoding)
+ access.token # actual access_token string
+ access.get(“/api/stuff”) # making api calls with access token in header

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + + + + +

+ Instance Method Summary + collapse +

+ + + + + + + + + + + + + +

Methods inherited from Base

+

#initialize

+
+

Constructor Details

+ +

This class inherits a constructor from OAuth2::Strategy::Base

+ +
+ + +
+

Instance Method Details

+ + +
+

+ + #authorize_urlObject + + + + + +

+
+

Not used for this strategy

+ + +
+
+
+ +

Raises:

+
    + +
  • + + + (NotImplementedError) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+36
+37
+38
+ 		+ 
# File 'lib/oauth2/strategy/assertion.rb', line 36
+
+def authorize_url
+  raise(NotImplementedError, "The authorization endpoint is not used in this strategy")
+end
+
+
+ +
+

+ + #get_token(claims, encoding_opts, request_opts = {}, response_opts = {}) ⇒ Object + + + + + +

+
+

Retrieve an access token given the specified client.

+ +

For reading on JWT and claim keys:
+ @see https://github.com/jwt/ruby-jwt
+ @see https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
+ @see https://datatracker.ietf.org/doc/html/rfc7523#section-3
+ @see https://www.iana.org/assignments/jwt/jwt.xhtml

+ +

There are many possible claim keys, and applications may ask for their own custom keys.
+Some typically required ones:
+ :iss (issuer)
+ :aud (audience)
+ :sub (subject) – formerly :prn https://datatracker.ietf.org/doc/html/draft-ietf-oauth-json-web-token-06#appendix-F
+ :exp, (expiration time) – in seconds, e.g. Time.now.utc.to_i + 3600

+ +

Note that this method does not validate presence of those four claim keys indicated as required by RFC 7523.
+There are endpoints that may not conform with this RFC, and this gem should still work for those use cases.

+ +

These two options are passed directly to JWT.encode. For supported encoding arguments:
+ @see https://github.com/jwt/ruby-jwt#algorithms-and-usage
+ @see https://datatracker.ietf.org/doc/html/rfc7518#section-3.1

+ +

The object type of :key may depend on the value of :algorithm. Sample arguments:
+ get_token(claim_set, => ‘HS256’, :key => ‘secret_key’)
+ get_token(claim_set, => ‘RS256’, :key => OpenSSL::PKCS12.new(File.read(‘my_key.p12’), ‘not_secret’))

+ + +
+
+
+

Parameters:

+
    + +
  • + + claims + + + (Hash) + + + + — +

    the hash representation of the claims that should be encoded as a JWT (JSON Web Token)

    +
    + +
    • + +
  • + + encoding_opts + + + (Hash) + + + + — +

    a hash containing instructions on how the JWT should be encoded

    +
    + +
    • + +
  • + + request_opts + + + (Hash) + + + (defaults to: {}) + + + — +

    options that will be used to assemble the request

    +
    + +
    • + +
  • + + response_opts + + + (Hash) + + + (defaults to: {}) + + + — +

    this will be merged with the token response to create the AccessToken object
    +@see the access_token_opts argument to Client#get_token

    +
    + +
    • + +
  • + + algorithm + + + (Hash) + + + + — +

    a customizable set of options

    +
    + +
    • + +
  • + + key + + + (Hash) + + + + — +

    a customizable set of options

    +
    + +
    • + +
+ + + + + + + + +

Options Hash (request_opts):

+
    + +
  • + :scope + (String) + + + + + —

    the url parameter scope that may be required by some endpoints
    +@see https://datatracker.ietf.org/doc/html/rfc7521#section-4.1

    +
    + +
    • + +
+ + + + + +
+ + + + +
+ 
+
+
+79
+80
+81
+82
+83
+84
+ 		+ 
# File 'lib/oauth2/strategy/assertion.rb', line 79
+
+def get_token(claims, encoding_opts, request_opts = {}, response_opts = {})
+  assertion = build_assertion(claims, encoding_opts)
+  params = build_request(assertion, request_opts)
+
+  @client.get_token(params, response_opts)
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html new file mode 100644 index 00000000..5cbb8faa --- /dev/null +++ b/doc/OAuth2/Strategy/AuthCode.html @@ -0,0 +1,479 @@ + + + + + + + Class: OAuth2::Strategy::AuthCode + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Strategy::AuthCode + + + +

+
+ +
+
Inherits:
+
+ Base + +
    +
  • Object
    • + + + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/strategy/auth_code.rb
+
+ +
+ +

Overview

+
+

The Authorization Code Strategy

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + + + + +

+ Instance Method Summary + collapse +

+ + + + + + + + + + + + + +

Methods inherited from Base

+

#initialize

+
+

Constructor Details

+ +

This class inherits a constructor from OAuth2::Strategy::Base

+ +
+ + +
+

Instance Method Details

+ + +
+

+ + #authorize_params(params = {}) ⇒ Object + + + + + +

+
+

The required query parameters for the authorize URL

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional query parameters

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+12
+13
+14
+ 		+ 
# File 'lib/oauth2/strategy/auth_code.rb', line 12
+
+def authorize_params(params = {})
+  params.merge("response_type" => "code", "client_id" => @client.id)
+end
+
+
+ +
+

+ + #authorize_url(params = {}) ⇒ Object + + + + + +

+
+

The authorization URL endpoint of the provider

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional query parameters for the URL

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+19
+20
+21
+22
+ 		+ 
# File 'lib/oauth2/strategy/auth_code.rb', line 19
+
+def authorize_url(params = {})
+  assert_valid_params(params)
+  @client.authorize_url(authorize_params.merge(params))
+end
+
+
+ +
+

+ + #get_token(code, params = {}, opts = {}) ⇒ Object + + + + + +

+
+ +
+ Note: +

that you must also provide a :redirect_uri with most OAuth 2.0 providers

+
+
+ +

Retrieve an access token given the specified validation code.

+ + +
+
+
+

Parameters:

+
    + +
  • + + code + + + (String) + + + + — +

    The Authorization Code value

    +
    + +
    • + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional params

    +
    + +
    • + +
  • + + opts + + + (Hash) + + + (defaults to: {}) + + + — +

    access_token_opts, @see Client#get_token

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+30
+31
+32
+33
+34
+35
+36
+37
+38
+ 		+ 
# File 'lib/oauth2/strategy/auth_code.rb', line 30
+
+def get_token(code, params = {}, opts = {})
+  params = {"grant_type" => "authorization_code", "code" => code}.merge(@client.redirection_params).merge(params)
+  params_dup = params.dup
+  params.each_key do |key|
+    params_dup[key.to_s] = params_dup.delete(key) if key.is_a?(Symbol)
+  end
+
+  @client.get_token(params_dup, opts)
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html new file mode 100644 index 00000000..231a3e19 --- /dev/null +++ b/doc/OAuth2/Strategy/Base.html @@ -0,0 +1,205 @@ + + + + + + + Class: OAuth2::Strategy::Base + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Strategy::Base + + + +

+
+ +
+
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/strategy/base.rb
+
+ +
+ +
+

Direct Known Subclasses

+

Assertion, AuthCode, ClientCredentials, Implicit, Password

+
+ + + + + + + + +

+ Instance Method Summary + collapse +

+ + + + +
+

Constructor Details

+ +
+

+ + #initialize(client) ⇒ Base + + + + + +

+
+

Returns a new instance of Base.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+6
+7
+8
+ 		+ 
# File 'lib/oauth2/strategy/base.rb', line 6
+
+def initialize(client)
+  @client = client
+end
+
+
+ +
+ + +
+ + + +
+ + \ No newline at end of file diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html new file mode 100644 index 00000000..b99509b6 --- /dev/null +++ b/doc/OAuth2/Strategy/ClientCredentials.html @@ -0,0 +1,353 @@ + + + + + + + Class: OAuth2::Strategy::ClientCredentials + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Strategy::ClientCredentials + + + +

+
+ +
+
Inherits:
+
+ Base + +
    +
  • Object
    • + + + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/strategy/client_credentials.rb
+
+ +
+ +

Overview

+
+

The Client Credentials Strategy

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + + + + +

+ Instance Method Summary + collapse +

+ + + + + + + + + + + + + +

Methods inherited from Base

+

#initialize

+
+

Constructor Details

+ +

This class inherits a constructor from OAuth2::Strategy::Base

+ +
+ + +
+

Instance Method Details

+ + +
+

+ + #authorize_urlObject + + + + + +

+
+

Not used for this strategy

+ + +
+
+
+ +

Raises:

+
    + +
  • + + + (NotImplementedError) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+12
+13
+14
+ 		+ 
# File 'lib/oauth2/strategy/client_credentials.rb', line 12
+
+def authorize_url
+  raise(NotImplementedError, "The authorization endpoint is not used in this strategy")
+end
+
+
+ +
+

+ + #get_token(params = {}, opts = {}) ⇒ Object + + + + + +

+
+

Retrieve an access token given the specified client.

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional params

    +
    + +
    • + +
  • + + opts + + + (Hash) + + + (defaults to: {}) + + + — +

    options

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+20
+21
+22
+23
+ 		+ 
# File 'lib/oauth2/strategy/client_credentials.rb', line 20
+
+def get_token(params = {}, opts = {})
+  params = params.merge("grant_type" => "client_credentials")
+  @client.get_token(params, opts)
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html new file mode 100644 index 00000000..92a36630 --- /dev/null +++ b/doc/OAuth2/Strategy/Implicit.html @@ -0,0 +1,420 @@ + + + + + + + Class: OAuth2::Strategy::Implicit + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Strategy::Implicit + + + +

+
+ +
+
Inherits:
+
+ Base + +
    +
  • Object
    • + + + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/strategy/implicit.rb
+
+ +
+ +

Overview

+
+

The Implicit Strategy

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + + + + +

+ Instance Method Summary + collapse +

+ + + + + + + + + + + + + +

Methods inherited from Base

+

#initialize

+
+

Constructor Details

+ +

This class inherits a constructor from OAuth2::Strategy::Base

+ +
+ + +
+

Instance Method Details

+ + +
+

+ + #authorize_params(params = {}) ⇒ Object + + + + + +

+
+

The required query parameters for the authorize URL

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional query parameters

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+12
+13
+14
+ 		+ 
# File 'lib/oauth2/strategy/implicit.rb', line 12
+
+def authorize_params(params = {})
+  params.merge("response_type" => "token", "client_id" => @client.id)
+end
+
+
+ +
+

+ + #authorize_url(params = {}) ⇒ Object + + + + + +

+
+

The authorization URL endpoint of the provider

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional query parameters for the URL

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+19
+20
+21
+22
+ 		+ 
# File 'lib/oauth2/strategy/implicit.rb', line 19
+
+def authorize_url(params = {})
+  assert_valid_params(params)
+  @client.authorize_url(authorize_params.merge(params))
+end
+
+
+ +
+

+ + #get_tokenObject + + + + + +

+
+

Not used for this strategy

+ + +
+
+
+ +

Raises:

+
    + +
  • + + + (NotImplementedError) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+27
+28
+29
+ 		+ 
# File 'lib/oauth2/strategy/implicit.rb', line 27
+
+def get_token(*)
+  raise(NotImplementedError, "The token is accessed differently in this strategy")
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html new file mode 100644 index 00000000..ad687c1a --- /dev/null +++ b/doc/OAuth2/Strategy/Password.html @@ -0,0 +1,374 @@ + + + + + + + Class: OAuth2::Strategy::Password + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Strategy::Password + + + +

+
+ +
+
Inherits:
+
+ Base + +
    +
  • Object
    • + + + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/strategy/password.rb
+
+ +
+ +

Overview

+
+

The Resource Owner Password Credentials Authorization Strategy

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + + + + +

+ Instance Method Summary + collapse +

+ + + + + + + + + + + + + +

Methods inherited from Base

+

#initialize

+
+

Constructor Details

+ +

This class inherits a constructor from OAuth2::Strategy::Base

+ +
+ + +
+

Instance Method Details

+ + +
+

+ + #authorize_urlObject + + + + + +

+
+

Not used for this strategy

+ + +
+
+
+ +

Raises:

+
    + +
  • + + + (NotImplementedError) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+12
+13
+14
+ 		+ 
# File 'lib/oauth2/strategy/password.rb', line 12
+
+def authorize_url
+  raise(NotImplementedError, "The authorization endpoint is not used in this strategy")
+end
+
+
+ +
+

+ + #get_token(username, password, params = {}, opts = {}) ⇒ Object + + + + + +

+
+

Retrieve an access token given the specified End User username and password.

+ + +
+
+
+

Parameters:

+
    + +
  • + + username + + + (String) + + + + — +

    the End User username

    +
    + +
    • + +
  • + + password + + + (String) + + + + — +

    the End User password

    +
    + +
    • + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional params

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+21
+22
+23
+24
+25
+26
+27
+28
+ 		+ 
# File 'lib/oauth2/strategy/password.rb', line 21
+
+def get_token(username, password, params = {}, opts = {})
+  params = {
+    "grant_type" => "password",
+    "username" => username,
+    "password" => password,
+  }.merge(params)
+  @client.get_token(params, opts)
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html new file mode 100644 index 00000000..9191f24b --- /dev/null +++ b/doc/OAuth2/Version.html @@ -0,0 +1,121 @@ + + + + + + + Module: OAuth2::Version + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Module: OAuth2::Version + + + +

+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/version.rb
+
+ +
+ + + +

+ Constant Summary + collapse +

+ +
+ +
VERSION = + +
+ 
"2.0.10"
+ +
+ + + + + + + + + + +
+ + + +
+ + \ No newline at end of file diff --git a/doc/_index.html b/doc/_index.html new file mode 100644 index 00000000..53cfdb8d --- /dev/null +++ b/doc/_index.html @@ -0,0 +1,310 @@ + + + + + + + Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Documentation by YARD 0.9.37

+
+

Alphabetic Index

+ +

File Listing

+ + +
+

Namespace Listing A-Z

+ + + + + + + + +
+ + + + + +
    +
  • B
    • +
      + +
    • + Base + + (OAuth2::Strategy) + +
      • + +
    +
+ + + + + +
    +
  • E
    • +
      + +
    • + Error + + (OAuth2) + +
      • + +
    +
+ + + + + +
    +
  • I
    • +
      + +
    • + Implicit + + (OAuth2::Strategy) + +
      • + +
    +
+ + +
    +
  • O
    • + +
+ + + 		+ + +
    +
  • P
    • +
      + +
    • + Password + + (OAuth2::Strategy) + +
      • + +
    +
+ + +
    +
  • R
    • + +
+ + +
    +
  • S
    • + +
+ + +
    +
  • V
    • +
      + +
    • + Version + + (OAuth2) + +
      • + +
    +
+ +
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/doc/class_list.html b/doc/class_list.html new file mode 100644 index 00000000..df1ca243 --- /dev/null +++ b/doc/class_list.html @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + Class List + + + +
+
+

Class List

+ + + +
+ + +
+ + diff --git a/doc/css/common.css b/doc/css/common.css new file mode 100644 index 00000000..cf25c452 --- /dev/null +++ b/doc/css/common.css @@ -0,0 +1 @@ +/* Override this file with custom rules */ \ No newline at end of file diff --git a/doc/css/full_list.css b/doc/css/full_list.css new file mode 100644 index 00000000..6eef5e4a --- /dev/null +++ b/doc/css/full_list.css @@ -0,0 +1,58 @@ +body { + margin: 0; + font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif; + font-size: 13px; + height: 101%; + overflow-x: hidden; + background: #fafafa; +} + +h1 { padding: 12px 10px; padding-bottom: 0; margin: 0; font-size: 1.4em; } +.clear { clear: both; } +.fixed_header { position: fixed; background: #fff; width: 100%; padding-bottom: 10px; margin-top: 0; top: 0; z-index: 9999; height: 70px; } +#search { position: absolute; right: 5px; top: 9px; padding-left: 24px; } +#content.insearch #search, #content.insearch #noresults { background: url(data:image/gif;base64,R0lGODlhEAAQAPYAAP///wAAAPr6+pKSkoiIiO7u7sjIyNjY2J6engAAAI6OjsbGxjIyMlJSUuzs7KamppSUlPLy8oKCghwcHLKysqSkpJqamvT09Pj4+KioqM7OzkRERAwMDGBgYN7e3ujo6Ly8vCoqKjY2NkZGRtTU1MTExDw8PE5OTj4+PkhISNDQ0MrKylpaWrS0tOrq6nBwcKysrLi4uLq6ul5eXlxcXGJiYoaGhuDg4H5+fvz8/KKiohgYGCwsLFZWVgQEBFBQUMzMzDg4OFhYWBoaGvDw8NbW1pycnOLi4ubm5kBAQKqqqiQkJCAgIK6urnJyckpKSjQ0NGpqatLS0sDAwCYmJnx8fEJCQlRUVAoKCggICLCwsOTk5ExMTPb29ra2tmZmZmhoaNzc3KCgoBISEiIiIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/hpDcmVhdGVkIHdpdGggYWpheGxvYWQuaW5mbwAh+QQJCAAAACwAAAAAEAAQAAAHaIAAgoMgIiYlg4kACxIaACEJCSiKggYMCRselwkpghGJBJEcFgsjJyoAGBmfggcNEx0flBiKDhQFlIoCCA+5lAORFb4AJIihCRbDxQAFChAXw9HSqb60iREZ1omqrIPdJCTe0SWI09GBACH5BAkIAAAALAAAAAAQABAAAAdrgACCgwc0NTeDiYozCQkvOTo9GTmDKy8aFy+NOBA7CTswgywJDTIuEjYFIY0JNYMtKTEFiRU8Pjwygy4ws4owPyCKwsMAJSTEgiQlgsbIAMrO0dKDGMTViREZ14kYGRGK38nHguHEJcvTyIEAIfkECQgAAAAsAAAAABAAEAAAB2iAAIKDAggPg4iJAAMJCRUAJRIqiRGCBI0WQEEJJkWDERkYAAUKEBc4Po1GiKKJHkJDNEeKig4URLS0ICImJZAkuQAhjSi/wQyNKcGDCyMnk8u5rYrTgqDVghgZlYjcACTA1sslvtHRgQAh+QQJCAAAACwAAAAAEAAQAAAHZ4AAgoOEhYaCJSWHgxGDJCQARAtOUoQRGRiFD0kJUYWZhUhKT1OLhR8wBaaFBzQ1NwAlkIszCQkvsbOHL7Y4q4IuEjaqq0ZQD5+GEEsJTDCMmIUhtgk1lo6QFUwJVDKLiYJNUd6/hoEAIfkECQgAAAAsAAAAABAAEAAAB2iAAIKDhIWGgiUlh4MRgyQkjIURGRiGGBmNhJWHm4uen4ICCA+IkIsDCQkVACWmhwSpFqAABQoQF6ALTkWFnYMrVlhWvIKTlSAiJiVVPqlGhJkhqShHV1lCW4cMqSkAR1ofiwsjJyqGgQAh+QQJCAAAACwAAAAAEAAQAAAHZ4AAgoOEhYaCJSWHgxGDJCSMhREZGIYYGY2ElYebi56fhyWQniSKAKKfpaCLFlAPhl0gXYNGEwkhGYREUywag1wJwSkHNDU3D0kJYIMZQwk8MjPBLx9eXwuETVEyAC/BOKsuEjYFhoEAIfkECQgAAAAsAAAAABAAEAAAB2eAAIKDhIWGgiUlh4MRgyQkjIURGRiGGBmNhJWHm4ueICImip6CIQkJKJ4kigynKaqKCyMnKqSEK05StgAGQRxPYZaENqccFgIID4KXmQBhXFkzDgOnFYLNgltaSAAEpxa7BQoQF4aBACH5BAkIAAAALAAAAAAQABAAAAdogACCg4SFggJiPUqCJSWGgkZjCUwZACQkgxGEXAmdT4UYGZqCGWQ+IjKGGIUwPzGPhAc0NTewhDOdL7Ykji+dOLuOLhI2BbaFETICx4MlQitdqoUsCQ2vhKGjglNfU0SWmILaj43M5oEAOwAAAAAAAAAAAA==) no-repeat center left; } +#full_list { padding: 0; list-style: none; margin-left: 0; margin-top: 80px; font-size: 1.1em; } +#full_list ul { padding: 0; } +#full_list li { padding: 0; margin: 0; list-style: none; } +#full_list li .item { padding: 5px 5px 5px 12px; } +#noresults { padding: 7px 12px; background: #fff; } +#content.insearch #noresults { margin-left: 7px; } +li.collapsed ul { display: none; } +li a.toggle { cursor: default; position: relative; left: -5px; top: 4px; text-indent: -999px; width: 10px; height: 9px; margin-left: -10px; display: block; float: left; background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAASCAYAAABb0P4QAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAK8AAACvABQqw0mAAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTM5jWRgMAAAAVdEVYdENyZWF0aW9uIFRpbWUAMy8xNC8wOeNZPpQAAAE2SURBVDiNrZTBccIwEEXfelIAHUA6CZ24BGaWO+FuzZAK4k6gg5QAdGAq+Bxs2Yqx7BzyL7Llp/VfzZeQhCTc/ezuGzKKnKSzpCxXJM8fwNXda3df5RZETlIt6YUzSQDs93sl8w3wBZxCCE10GM1OcWbWjB2mWgEH4Mfdyxm3PSepBHibgQE2wLe7r4HjEidpnXMYdQPKEMJcsZ4zs2POYQOcaPfwMVOo58zsAdMt18BuoVDPxUJRacELbXv3hUIX2vYmOUvi8C8ydz/ThjXrqKqqLbDIAdsCKBd+Wo7GWa7o9qzOQHVVVXeAbs+yHHCH4aTsaCOQqunmUy1yBUAXkdMIfMlgF5EXLo2OpV/c/Up7jG4hhHcYLgWzAZXUc2b2ixsfvc/RmNNfOXD3Q/oeL9axJE1yT9IOoUu6MGUkAAAAAElFTkSuQmCC) no-repeat bottom left; } +li.collapsed a.toggle { cursor: default; background-position: top left; } +li { color: #666; cursor: pointer; } +li.deprecated { text-decoration: line-through; font-style: italic; } +li.odd { background: #f0f0f0; } +li.even { background: #fafafa; } +.item:hover { background: #ddd; } +li small:before { content: "("; } +li small:after { content: ")"; } +li small.search_info { display: none; } +a, a:visited { text-decoration: none; color: #05a; } +li.clicked > .item { background: #05a; color: #ccc; } +li.clicked > .item a, li.clicked > .item a:visited { color: #eee; } +li.clicked > .item a.toggle { opacity: 0.5; background-position: bottom right; } +li.collapsed.clicked a.toggle { background-position: top right; } +#search input { border: 1px solid #bbb; border-radius: 3px; } +#full_list_nav { margin-left: 10px; font-size: 0.9em; display: block; color: #aaa; } +#full_list_nav a, #nav a:visited { color: #358; } +#full_list_nav a:hover { background: transparent; color: #5af; } +#full_list_nav span:after { content: ' | '; } +#full_list_nav span:last-child:after { content: ''; } + +#content h1 { margin-top: 0; } +li { white-space: nowrap; cursor: normal; } +li small { display: block; font-size: 0.8em; } +li small:before { content: ""; } +li small:after { content: ""; } +li small.search_info { display: none; } +#search { width: 170px; position: static; margin: 3px; margin-left: 10px; font-size: 0.9em; color: #666; padding-left: 0; padding-right: 24px; } +#content.insearch #search { background-position: center right; } +#search input { width: 110px; } + +#full_list.insearch ul { display: block; } +#full_list.insearch .item { display: none; } +#full_list.insearch .found { display: block; padding-left: 11px !important; } +#full_list.insearch li a.toggle { display: none; } +#full_list.insearch li small.search_info { display: block; } diff --git a/doc/css/style.css b/doc/css/style.css new file mode 100644 index 00000000..f169a651 --- /dev/null +++ b/doc/css/style.css @@ -0,0 +1,503 @@ +html { + width: 100%; + height: 100%; +} +body { + font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif; + font-size: 13px; + width: 100%; + margin: 0; + padding: 0; + display: flex; + display: -webkit-flex; + display: -ms-flexbox; +} + +#nav { + position: relative; + width: 100%; + height: 100%; + border: 0; + border-right: 1px dotted #eee; + overflow: auto; +} +.nav_wrap { + margin: 0; + padding: 0; + width: 20%; + height: 100%; + position: relative; + display: flex; + display: -webkit-flex; + display: -ms-flexbox; + flex-shrink: 0; + -webkit-flex-shrink: 0; + -ms-flex: 1 0; +} +#resizer { + position: absolute; + right: -5px; + top: 0; + width: 10px; + height: 100%; + cursor: col-resize; + z-index: 9999; +} +#main { + flex: 5 1; + -webkit-flex: 5 1; + -ms-flex: 5 1; + outline: none; + position: relative; + background: #fff; + padding: 1.2em; + padding-top: 0.2em; + box-sizing: border-box; +} + +@media (max-width: 920px) { + .nav_wrap { width: 100%; top: 0; right: 0; overflow: visible; position: absolute; } + #resizer { display: none; } + #nav { + z-index: 9999; + background: #fff; + display: none; + position: absolute; + top: 40px; + right: 12px; + width: 500px; + max-width: 80%; + height: 80%; + overflow-y: scroll; + border: 1px solid #999; + border-collapse: collapse; + box-shadow: -7px 5px 25px #aaa; + border-radius: 2px; + } +} + +@media (min-width: 920px) { + body { height: 100%; overflow: hidden; } + #main { height: 100%; overflow: auto; } + #search { display: none; } +} + +@media (max-width: 320px) { + body { height: 100%; overflow: hidden; overflow-wrap: break-word; } + #main { height: 100%; overflow: auto; } +} + +#main img { max-width: 100%; } +h1 { font-size: 25px; margin: 1em 0 0.5em; padding-top: 4px; border-top: 1px dotted #d5d5d5; } +h1.noborder { border-top: 0px; margin-top: 0; padding-top: 4px; } +h1.title { margin-bottom: 10px; } +h1.alphaindex { margin-top: 0; font-size: 22px; } +h2 { + padding: 0; + padding-bottom: 3px; + border-bottom: 1px #aaa solid; + font-size: 1.4em; + margin: 1.8em 0 0.5em; + position: relative; +} +h2 small { font-weight: normal; font-size: 0.7em; display: inline; position: absolute; right: 0; } +h2 small a { + display: block; + height: 20px; + border: 1px solid #aaa; + border-bottom: 0; + border-top-left-radius: 5px; + background: #f8f8f8; + position: relative; + padding: 2px 7px; +} +a { font-weight: 550; } +.clear { clear: both; } +.inline { display: inline; } +.inline p:first-child { display: inline; } +.docstring, .tags, #filecontents { font-size: 15px; line-height: 1.5145em; } +.docstring p > code, .docstring p > tt, .tags p > code, .tags p > tt { + color: #c7254e; background: #f9f2f4; padding: 2px 4px; font-size: 1em; + border-radius: 4px; +} +.docstring h1, .docstring h2, .docstring h3, .docstring h4 { padding: 0; border: 0; border-bottom: 1px dotted #bbb; } +.docstring h1 { font-size: 1.2em; } +.docstring h2 { font-size: 1.1em; } +.docstring h3, .docstring h4 { font-size: 1em; border-bottom: 0; padding-top: 10px; } +.summary_desc .object_link a, .docstring .object_link a { + font-family: monospace; font-size: 1.05em; + color: #05a; background: #EDF4FA; padding: 2px 4px; font-size: 1em; + border-radius: 4px; +} +.rdoc-term { padding-right: 25px; font-weight: bold; } +.rdoc-list p { margin: 0; padding: 0; margin-bottom: 4px; } +.summary_desc pre.code .object_link a, .docstring pre.code .object_link a { + padding: 0px; background: inherit; color: inherit; border-radius: inherit; +} + +/* style for */ +#filecontents table, .docstring table { border-collapse: collapse; } +#filecontents table th, #filecontents table td, +.docstring table th, .docstring table td { border: 1px solid #ccc; padding: 8px; padding-right: 17px; } +#filecontents table tr:nth-child(odd), +.docstring table tr:nth-child(odd) { background: #eee; } +#filecontents table tr:nth-child(even), +.docstring table tr:nth-child(even) { background: #fff; } +#filecontents table th, .docstring table th { background: #fff; } + +/* style for
    */ +#filecontents li > p, .docstring li > p { margin: 0px; } +#filecontents ul, .docstring ul { padding-left: 20px; } +/* style for
    */ +#filecontents dl, .docstring dl { border: 1px solid #ccc; } +#filecontents dt, .docstring dt { background: #ddd; font-weight: bold; padding: 3px 5px; } +#filecontents dd, .docstring dd { padding: 5px 0px; margin-left: 18px; } +#filecontents dd > p, .docstring dd > p { margin: 0px; } + +.note { + color: #222; + margin: 20px 0; + padding: 10px; + border: 1px solid #eee; + border-radius: 3px; + display: block; +} +.docstring .note { + border-left-color: #ccc; + border-left-width: 5px; +} +.note.todo { background: #ffffc5; border-color: #ececaa; } +.note.returns_void { background: #efefef; } +.note.deprecated { background: #ffe5e5; border-color: #e9dada; } +.note.title.deprecated { background: #ffe5e5; border-color: #e9dada; } +.note.private { background: #ffffc5; border-color: #ececaa; } +.note.title { padding: 3px 6px; font-size: 0.9em; font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif; display: inline; } +.summary_signature + .note.title { margin-left: 7px; } +h1 .note.title { font-size: 0.5em; font-weight: normal; padding: 3px 5px; position: relative; top: -3px; text-transform: capitalize; } +.note.title { background: #efefef; } +.note.title.constructor { color: #fff; background: #6a98d6; border-color: #6689d6; } +.note.title.writeonly { color: #fff; background: #45a638; border-color: #2da31d; } +.note.title.readonly { color: #fff; background: #6a98d6; border-color: #6689d6; } +.note.title.private { background: #d5d5d5; border-color: #c5c5c5; } +.note.title.not_defined_here { background: transparent; border: none; font-style: italic; } +.discussion .note { margin-top: 6px; } +.discussion .note:first-child { margin-top: 0; } + +h3.inherited { + font-style: italic; + font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif; + font-weight: normal; + padding: 0; + margin: 0; + margin-top: 12px; + margin-bottom: 3px; + font-size: 13px; +} +p.inherited { + padding: 0; + margin: 0; + margin-left: 25px; +} + +.box_info dl { + margin: 0; + border: 0; + width: 100%; + font-size: 1em; + display: flex; + display: -webkit-flex; + display: -ms-flexbox; +} +.box_info dl dt { + flex-shrink: 0; + -webkit-flex-shrink: 1; + -ms-flex-shrink: 1; + width: 100px; + text-align: right; + font-weight: bold; + border: 1px solid #aaa; + border-width: 1px 0px 0px 1px; + padding: 6px 0; + padding-right: 10px; +} +.box_info dl dd { + flex-grow: 1; + -webkit-flex-grow: 1; + -ms-flex: 1; + max-width: 420px; + padding: 6px 0; + padding-right: 20px; + border: 1px solid #aaa; + border-width: 1px 1px 0 0; + overflow: hidden; + position: relative; +} +.box_info dl:last-child > * { + border-bottom: 1px solid #aaa; +} +.box_info dl:nth-child(odd) > * { background: #eee; } +.box_info dl:nth-child(even) > * { background: #fff; } +.box_info dl > * { margin: 0; } + +ul.toplevel { list-style: none; padding-left: 0; font-size: 1.1em; } +.index_inline_list { padding-left: 0; font-size: 1.1em; } + +.index_inline_list li { + list-style: none; + display: inline-block; + padding: 0 12px; + line-height: 30px; + margin-bottom: 5px; +} + +dl.constants { margin-left: 10px; } +dl.constants dt { font-weight: bold; font-size: 1.1em; margin-bottom: 5px; } +dl.constants.compact dt { display: inline-block; font-weight: normal } +dl.constants dd { width: 75%; white-space: pre; font-family: monospace; margin-bottom: 18px; } +dl.constants .docstring .note:first-child { margin-top: 5px; } + +.summary_desc { + margin-left: 32px; + display: block; + font-family: sans-serif; + font-size: 1.1em; + margin-top: 8px; + line-height: 1.5145em; + margin-bottom: 0.8em; +} +.summary_desc tt { font-size: 0.9em; } +dl.constants .note { padding: 2px 6px; padding-right: 12px; margin-top: 6px; } +dl.constants .docstring { margin-left: 32px; font-size: 0.9em; font-weight: normal; } +dl.constants .tags { padding-left: 32px; font-size: 0.9em; line-height: 0.8em; } +dl.constants .discussion *:first-child { margin-top: 0; } +dl.constants .discussion *:last-child { margin-bottom: 0; } + +.method_details { border-top: 1px dotted #ccc; margin-top: 25px; padding-top: 0; } +.method_details.first { border: 0; margin-top: 5px; } +.method_details.first h3.signature { margin-top: 1em; } +p.signature, h3.signature { + font-size: 1.1em; font-weight: normal; font-family: Monaco, Consolas, Courier, monospace; + padding: 6px 10px; margin-top: 1em; + background: #E8F4FF; border: 1px solid #d8d8e5; border-radius: 5px; +} +p.signature tt, +h3.signature tt { font-family: Monaco, Consolas, Courier, monospace; } +p.signature .overload, +h3.signature .overload { display: block; } +p.signature .extras, +h3.signature .extras { font-weight: normal; font-family: sans-serif; color: #444; font-size: 1em; } +p.signature .not_defined_here, +h3.signature .not_defined_here, +p.signature .aliases, +h3.signature .aliases { display: block; font-weight: normal; font-size: 0.9em; font-family: sans-serif; margin-top: 0px; color: #555; } +p.signature .aliases .names, +h3.signature .aliases .names { font-family: Monaco, Consolas, Courier, monospace; font-weight: bold; color: #000; font-size: 1.2em; } + +.tags .tag_title { font-size: 1.05em; margin-bottom: 0; font-weight: bold; } +.tags .tag_title tt { color: initial; padding: initial; background: initial; } +.tags ul { margin-top: 5px; padding-left: 30px; list-style: square; } +.tags ul li { margin-bottom: 3px; } +.tags ul .name { font-family: monospace; font-weight: bold; } +.tags ul .note { padding: 3px 6px; } +.tags { margin-bottom: 12px; } + +.tags .examples .tag_title { margin-bottom: 10px; font-weight: bold; } +.tags .examples .inline p { padding: 0; margin: 0; font-weight: bold; font-size: 1em; } +.tags .examples .inline p:before { content: "▸"; font-size: 1em; margin-right: 5px; } + +.tags .overload .overload_item { list-style: none; margin-bottom: 25px; } +.tags .overload .overload_item .signature { + padding: 2px 8px; + background: #F1F8FF; border: 1px solid #d8d8e5; border-radius: 3px; +} +.tags .overload .signature { margin-left: -15px; font-family: monospace; display: block; font-size: 1.1em; } +.tags .overload .docstring { margin-top: 15px; } + +.defines { display: none; } + +#method_missing_details .notice.this { position: relative; top: -8px; color: #888; padding: 0; margin: 0; } + +.showSource { font-size: 0.9em; } +.showSource a, .showSource a:visited { text-decoration: none; color: #666; } + +#content a, #content a:visited { text-decoration: none; color: #05a; } +#content a:hover { background: #ffffa5; } + +ul.summary { + list-style: none; + font-family: monospace; + font-size: 1em; + line-height: 1.5em; + padding-left: 0px; +} +ul.summary a, ul.summary a:visited { + text-decoration: none; font-size: 1.1em; +} +ul.summary li { margin-bottom: 5px; } +.summary_signature { padding: 4px 8px; background: #f8f8f8; border: 1px solid #f0f0f0; border-radius: 5px; } +.summary_signature:hover { background: #CFEBFF; border-color: #A4CCDA; cursor: pointer; } +.summary_signature.deprecated { background: #ffe5e5; border-color: #e9dada; } +ul.summary.compact li { display: inline-block; margin: 0px 5px 0px 0px; line-height: 2.6em;} +ul.summary.compact .summary_signature { padding: 5px 7px; padding-right: 4px; } +#content .summary_signature:hover a, +#content .summary_signature:hover a:visited { + background: transparent; + color: #049; +} + +p.inherited a { font-family: monospace; font-size: 0.9em; } +p.inherited { word-spacing: 5px; font-size: 1.2em; } + +p.children { font-size: 1.2em; } +p.children a { font-size: 0.9em; } +p.children strong { font-size: 0.8em; } +p.children strong.modules { padding-left: 5px; } + +ul.fullTree { display: none; padding-left: 0; list-style: none; margin-left: 0; margin-bottom: 10px; } +ul.fullTree ul { margin-left: 0; padding-left: 0; list-style: none; } +ul.fullTree li { text-align: center; padding-top: 18px; padding-bottom: 12px; background: url(data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAHtJREFUeNqMzrEJAkEURdGzuhgZbSoYWcAWoBVsB4JgZAGmphsZCZYzTQgWNCYrDN9RvMmHx+X916SUBFbo8CzD1idXrLErw1mQttgXtyrOcQ/Ny5p4Qh+2XqLYYazsPWNTiuMkRxa4vcV+evuNAUOLIx5+c2hyzv7hNQC67Q+/HHmlEwAAAABJRU5ErkJggg==) no-repeat top center; } +ul.fullTree li:first-child { padding-top: 0; background: transparent; } +ul.fullTree li:last-child { padding-bottom: 0; } +.showAll ul.fullTree { display: block; } +.showAll .inheritName { display: none; } + +#search { position: absolute; right: 12px; top: 0px; z-index: 9000; } +#search a { + display: block; float: left; + padding: 4px 8px; text-decoration: none; color: #05a; fill: #05a; + border: 1px solid #d8d8e5; + border-bottom-left-radius: 3px; border-bottom-right-radius: 3px; + background: #F1F8FF; + box-shadow: -1px 1px 3px #ddd; +} +#search a:hover { background: #f5faff; color: #06b; fill: #06b; } +#search a.active { + background: #568; padding-bottom: 20px; color: #fff; fill: #fff; + border: 1px solid #457; + border-top-left-radius: 5px; border-top-right-radius: 5px; +} +#search a.inactive { color: #999; fill: #999; } +.inheritanceTree, .toggleDefines { + float: right; + border-left: 1px solid #aaa; + position: absolute; top: 0; right: 0; + height: 100%; + background: #f6f6f6; + padding: 5px; + min-width: 55px; + text-align: center; +} + +#menu { font-size: 1.3em; color: #bbb; } +#menu .title, #menu a { font-size: 0.7em; } +#menu .title a { font-size: 1em; } +#menu .title { color: #555; } +#menu a, #menu a:visited { color: #333; text-decoration: none; border-bottom: 1px dotted #bbd; } +#menu a:hover { color: #05a; } + +#footer { margin-top: 15px; border-top: 1px solid #ccc; text-align: center; padding: 7px 0; color: #999; } +#footer a, #footer a:visited { color: #444; text-decoration: none; border-bottom: 1px dotted #bbd; } +#footer a:hover { color: #05a; } + +#listing ul.alpha { font-size: 1.1em; } +#listing ul.alpha { margin: 0; padding: 0; padding-bottom: 10px; list-style: none; } +#listing ul.alpha li.letter { font-size: 1.4em; padding-bottom: 10px; } +#listing ul.alpha ul { margin: 0; padding-left: 15px; } +#listing ul small { color: #666; font-size: 0.7em; } + +li.r1 { background: #f0f0f0; } +li.r2 { background: #fafafa; } + +#content ul.summary li.deprecated .summary_signature a, +#content ul.summary li.deprecated .summary_signature a:visited { text-decoration: line-through; font-style: italic; } + +#toc { + position: relative; + float: right; + overflow-x: auto; + right: -3px; + margin-left: 20px; + margin-bottom: 20px; + padding: 20px; padding-right: 30px; + max-width: 300px; + z-index: 5000; + background: #fefefe; + border: 1px solid #ddd; + box-shadow: -2px 2px 6px #bbb; +} +#toc .title { margin: 0; } +#toc ol { padding-left: 1.8em; } +#toc li { font-size: 1.1em; line-height: 1.7em; } +#toc > ol > li { font-size: 1.1em; font-weight: bold; } +#toc ol > li > ol { font-size: 0.9em; } +#toc ol ol > li > ol { padding-left: 2.3em; } +#toc ol + li { margin-top: 0.3em; } +#toc.hidden { padding: 10px; background: #fefefe; box-shadow: none; } +#toc.hidden:hover { background: #fafafa; } +#filecontents h1 + #toc.nofloat { margin-top: 0; } +@media (max-width: 560px) { + #toc { + margin-left: 0; + margin-top: 16px; + float: none; + max-width: none; + } +} + +/* syntax highlighting */ +.source_code { display: none; padding: 3px 8px; border-left: 8px solid #ddd; margin-top: 5px; } +#filecontents pre.code, .docstring pre.code, .source_code pre { font-family: monospace; } +#filecontents pre.code, .docstring pre.code { display: block; } +.source_code .lines { padding-right: 12px; color: #555; text-align: right; } +#filecontents pre.code, .docstring pre.code, +.tags pre.example { + padding: 9px 14px; + margin-top: 4px; + border: 1px solid #e1e1e8; + background: #f7f7f9; + border-radius: 4px; + font-size: 1em; + overflow-x: auto; + line-height: 1.2em; +} +pre.code { color: #000; tab-size: 2; } +pre.code .info.file { color: #555; } +pre.code .val { color: #036A07; } +pre.code .tstring_content, +pre.code .heredoc_beg, pre.code .heredoc_end, +pre.code .qwords_beg, pre.code .qwords_end, pre.code .qwords_sep, +pre.code .words_beg, pre.code .words_end, pre.code .words_sep, +pre.code .qsymbols_beg, pre.code .qsymbols_end, pre.code .qsymbols_sep, +pre.code .symbols_beg, pre.code .symbols_end, pre.code .symbols_sep, +pre.code .tstring, pre.code .dstring { color: #036A07; } +pre.code .fid, pre.code .rubyid_new, pre.code .rubyid_to_s, +pre.code .rubyid_to_sym, pre.code .rubyid_to_f, +pre.code .dot + pre.code .id, +pre.code .rubyid_to_i pre.code .rubyid_each { color: #0085FF; } +pre.code .comment { color: #0066FF; } +pre.code .const, pre.code .constant { color: #585CF6; } +pre.code .label, +pre.code .symbol { color: #C5060B; } +pre.code .kw, +pre.code .rubyid_require, +pre.code .rubyid_extend, +pre.code .rubyid_include { color: #0000FF; } +pre.code .ivar { color: #318495; } +pre.code .gvar, +pre.code .rubyid_backref, +pre.code .rubyid_nth_ref { color: #6D79DE; } +pre.code .regexp, .dregexp { color: #036A07; } +pre.code a { border-bottom: 1px dotted #bbf; } +/* inline code */ +*:not(pre) > code { + padding: 1px 3px 1px 3px; + border: 1px solid #E1E1E8; + background: #F7F7F9; + border-radius: 4px; +} + +/* Color fix for links */ +#content .summary_desc pre.code .id > .object_link a, /* identifier */ +#content .docstring pre.code .id > .object_link a { color: #0085FF; } +#content .summary_desc pre.code .const > .object_link a, /* constant */ +#content .docstring pre.code .const > .object_link a { color: #585CF6; } diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html new file mode 100644 index 00000000..8da82e9a --- /dev/null +++ b/doc/file.CHANGELOG.html @@ -0,0 +1,773 @@ + + + + + + + File: CHANGELOG + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
    + +
    +
    + +
    + + +

    Changelog

    +

    All notable changes to this project will be documented in this file.

    + +

    The format (since v2) is based on Keep a Changelog v1,
    +and this project adheres to Semantic Versioning v2.

    + +

    Unreleased

    +

    Added

    +
      +
    • Codeberg as ethical mirror (@pboling) +
        +
      • https://codeberg.org/oauth-xx/oauth2
        • +
      +
      • +
    • Don’t check for cert if SKIP_GEM_SIGNING is set (@pboling)
      • +
    • All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling) +

      Changed

      +

      Deprecated

      +

      Removed

      +

      Fixed

      +
      • +
    • Incorrect documentation related to silencing warnings (@pboling) +

      Security

      +
      • +
    + +

    +2.0.10 - 2025-05-17

    +
      +
    • TAG: v2.0.10 +
      • +
    • COVERAGE: 100.00% – 518/518 lines in 14 files
      • +
    • BRANCH COVERAGE: 100.00% – 170/170 branches in 14 files
      • +
    • 79.05% documented +

      Added

      +
      • +
    • +gh!632 - Added funding.yml (@Aboling0)
      • +
    • +!635 - Added .gitlab-ci.yml (@jessieay)
      • +
    • +#638 - Documentation of support for ILO Fundamental Principles of Rights at Work (@pboling)
      • +
    • +!642 - 20-year certificate for signing gem releases, expires 2045-04-29 (@pboling) +
        +
      • Gemspec metadata +
          +
        • funding_uri
          • +
        • news_uri
          • +
        • mailing_list_uri
          • +
        +
        • +
      • SHA256 and SHA512 Checksums for release
        • +
      +
      • +
    • +!643 - Add token_name option (@pboling) +
        +
      • Specify the parameter name that identifies the access token
        • +
      +
      • +
    • +!645 - Add OAuth2::OAUTH_DEBUG constant, based on `ENV[“OAUTH_DEBUG”] (@pboling)
      • +
    • +!646 - Add OAuth2.config.silence_extra_tokens_warning, default: false (@pboling)
      • +
    • +!647 - Add IETF RFC 7009 Token Revocation compliant (@pboling) +
        +
      • OAuth2::Client#revoke_token
        • +
      • OAuth2::AccessToken#revoke
        • +
      • See: https://datatracker.ietf.org/doc/html/rfc7009
        • +
      +
      • +
    • +gh!644, gh!645 - Added CITATION.cff (@Aboling0)
      • +
    • +!648 - Improved documentation (@pboling) +

      Changed

      +
      • +
    • Default value of OAuth2.config.silence_extra_tokens_warning was false, now true (@pboling)
      • +
    • Gem releases are now cryptographically signed, with a 20-year cert (@pboling) +
        +
      • Allow linux distros to build release without signing, as their package managers sign independently
        • +
      +
      • +
    • +!647 - OAuth2::AccessToken#refresh now supports block param pass through (@pboling)
      • +
    • +!647 - OAuth2.config is no longer writable (@pboling)
      • +
    • +!647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling) +

      Fixed

      +
      • +
    • +#95 - restoring an access token via AccessToken#from_hash (@pboling) +
        +
      • This was a 13 year old bug report. 😘
        • +
      +
      • +
    • +#619 - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling)
      • +
    • +!633 - Spaces will now be encoded as %20 instead of + (@nov.matake)
      • +
    • +!634 - CHANGELOG.md documentation fix (@skuwa229)
      • +
    • +!638 - fix expired? when expires_in is 0 (@disep)
      • +
    • +!639 - Only instantiate OAuth2::Error if raise_errors option is true (@glytch2)
      • +
    • +#639 - AccessToken#to_hash is now serializable, just a regular Hash (@pboling)
      • +
    • +!640 - README.md documentation fix (@martinezcoder)
      • +
    • +!641 - Do not include sensitive information in the inspect (@manuelvanrijn)
      • +
    • +#641 - Made default JSON response parser more resilient (@pboling)
      • +
    • +#645 - Response no longer becomes a snaky hash (@pboling)
      • +
    • +gh!646 - Change require to require_relative (improve performance) (@Aboling0)
      • +
    + +

    +2.0.9 - 2022-09-16

    +
      +
    • TAG: v2.0.9 +

      Added

      +
      • +
    • More specs (@pboling) +

      Changed

      +
      • +
    • Complete migration to main branch as default (@pboling)
      • +
    • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
      • +
    + +

    +2.0.8 - 2022-09-01

    +
      +
    • TAG: v2.0.8 +

      Changed

      +
      • +
    • +!630 - Extract snaky_hash to external dependency (@pboling) +

      Added

      +
      • +
    • +!631 - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes #628 +
      • +
    + +

    +2.0.7 - 2022-08-22

    +
      +
    • TAG: v2.0.7 +

      Added

      +
      • +
    • +!629 - Allow POST of JSON to get token (@pboling, @terracatta) +

      Fixed

      +
      • +
    • +!626 - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby) +
        +
      • Note: This fixes compatibility with omniauth-oauth2 and AWS
        • +
      +
      • +
    • +!625 - Fixes the printed version in the post install message (@hasghari)
      • +
    + +

    +2.0.6 - 2022-07-13

    +
      +
    • TAG: v2.0.6 +

      Fixed

      +
      • +
    • +!624 - Fixes a regression in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
      • +
    + +

    +2.0.5 - 2022-07-07

    +
      +
    • TAG: v2.0.5 +

      Fixed

      +
      • +
    • +!620 - Documentation improvements, to help with upgrading (@swanson)
      • +
    • +!621 - Fixed #528 and #619 (@pboling) +
        +
      • All data in responses is now returned, with the access token removed and set as token +
          +
        • +refresh_token is no longer dropped
          • +
        • +BREAKING: Microsoft’s id_token is no longer left as access_token['id_token'], but moved to the standard access_token.token that all other strategies use
          • +
        +
        • +
      • Remove parse and snaky from options so they don’t get included in response
        • +
      • There is now 100% test coverage, for lines and branches, and it will stay that way.
        • +
      +
      • +
    + +

    +2.0.4 - 2022-07-01

    +
      +
    • TAG: v2.0.4 +

      Fixed

      +
      • +
    • +!618 - In some scenarios the snaky option default value was not applied (@pboling)
      • +
    + +

    +2.0.3 - 2022-06-28

    +
      +
    • TAG: v2.0.3 +

      Added

      +
      • +
    • +!611 - Proper deprecation warnings for extract_access_token argument (@pboling)
      • +
    • +!612 - Add snaky: false option to skip conversion to OAuth2::SnakyHash (default: true) (@pboling) +

      Fixed

      +
      • +
    • +!608 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@nbibler)
      • +
    • +!615 - Fix support for requests with blocks, see Faraday::Connection#run_request (@pboling)
      • +
    + +

    +2.0.2 - 2022-06-24

    +
      +
    • TAG: v2.0.2 +

      Fixed

      +
      • +
    • +!604 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@stanhu)
      • +
    • +!606 - Ruby 2.7 deprecation warning fix: Move access_token_class parameter into Client constructor (@stanhu)
      • +
    • +!607 - CHANGELOG correction, reference to OAuth2::ConnectionError (@zavan)
      • +
    + +

    +2.0.1 - 2022-06-22

    +
      +
    • TAG: v2.0.1 +

      Added

      +
      • +
    • Documentation improvements (@pboling)
      • +
    • Increased test coverage to 99% (@pboling)
      • +
    + +

    +2.0.0 - 2022-06-21

    +
      +
    • TAG: v2.0.0 +

      Added

      +
      • +
    • +!158, !344 - Optionally pass raw response to parsers (@niels)
      • +
    • +!190, !332, !334, !335, !360, !426, !427, !461 - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
      • +
    • +!220 - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
      • +
    • +!298 - Set the response object on the access token on Client#get_token for debugging (@cpetschnig)
      • +
    • +!305 - Option: OAuth2::Client#get_token - :access_token_class (AccessToken); user specified class to use for all calls to get_token (@styd)
      • +
    • +!346 - Modern gem structure (@pboling)
      • +
    • +!351 - Support Jruby 9k (@pboling)
      • +
    • +!362 - Support SemVer release version scheme (@pboling)
      • +
    • +!363 - New method OAuth2::AccessToken#refresh! same as old refresh, with backwards compatibility alias (@pboling)
      • +
    • +!364 - Support application/hal+json format (@pboling)
      • +
    • +!365 - Support application/vnd.collection+json format (@pboling)
      • +
    • +!376 - Documentation: Example / Test for Google 2-legged JWT (@jhmoore)
      • +
    • +!381 - Spec for extra header params on client credentials (@nikz)
      • +
    • +!394 - Option: OAuth2::AccessToken#initialize - :expires_latency (nil); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx)
      • +
    • +!412 - Support application/vdn.api+json format (from jsonapi.org) (@david-christensen)
      • +
    • +!413 - Documentation: License scan and report (@meganemura)
      • +
    • +!442 - Option: OAuth2::Client#initialize - :logger (::Logger.new($stdout)) logger to use when OAUTH_DEBUG is enabled (for parity with 1-4-stable branch) (@rthbound)
      • +
    • +!494 - Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523) (@SteveyblamWork)
      • +
    • +!549 - Wrap Faraday::ConnectionFailed in OAuth2::ConnectionError (@nikkypx)
      • +
    • +!550 - Raise error if location header not present when redirecting (@stanhu)
      • +
    • +!552 - Add missing version.rb require (@ahorek)
      • +
    • +!553 - Support application/problem+json format (@janz93)
      • +
    • +!560 - Support IETF rfc6749, section 2.3.1 - don’t set auth params when nil (@bouk)
      • +
    • +!571 - Support Ruby 3.1 (@pboling)
      • +
    • +!575 - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
      • +
    • +!581 - Documentation: of breaking changes (@pboling) +

      Changed

      +
      • +
    • +!191 - BREAKING: Token is expired if expired_at time is now (@davestevens)
      • +
    • +!312 - BREAKING: Set :basic_auth as default for :auth_scheme instead of :request_body. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
      • +
    • +!317 - Dependency: Upgrade jwt to 2.x.x (@travisofthenorth)
      • +
    • +!338 - Dependency: Switch from Rack::Utils.escape to CGI.escape (@josephpage)
      • +
    • +!339, !368, !424, !479, !493, !539, !542, !553 - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek)
      • +
    • +!410 - BREAKING: Removed the ability to call .error from an OAuth2::Response object (@jhmoore)
      • +
    • +!414 - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
      • +
    • +!469 - BREAKING: Default value for option OAuth2::Client - :authorize_url removed leading slash to work with relative paths by default ('oauth/authorize') (@ghost)
      • +
    • +!469 - BREAKING: Default value for option OAuth2::Client - :token_url removed leading slash to work with relative paths by default ('oauth/token') (@ghost)
      • +
    • +!507, !575 - BREAKING: Transform keys to snake case, always, by default (ultimately via rash_alt gem) +
        +
      • Original keys will still work as previously, in most scenarios, thanks to rash_alt gem.
        • +
      • However, this is a breaking change if you rely on response.parsed.to_h, as the keys in the result will be snake case.
        • +
      • As of version 2.0.4 you can turn key transformation off with the snaky: false option.
        • +
      +
      • +
    • +!576 - BREAKING: Stop rescuing parsing errors (@pboling)
      • +
    • +!591 - DEPRECATION: OAuth2::Client - :extract_access_token option is deprecated +

      Fixed

      +
      • +
    • +!158, !344 - Handling of errors when using omniauth-facebook (@niels)
      • +
    • +!294 - Fix: “Unexpected middleware set” issue with Faraday when OAUTH_DEBUG=true (@spectator, @gafrom)
      • +
    • +!300 - Documentation: Oauth2::Error - Error codes are strings, not symbols (@NobodysNightmare)
      • +
    • +!318, !326, !343, !347, !397, !464, !561, !565 - Dependency: Support all versions of faraday (see gemfiles/README.md for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother)
      • +
    • +!322, !331, !337, !361, !371, !377, !383, !392, !395, !400, !401, !403, !415, !567 - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator)
      • +
    • +!328 - Documentation: Homepage URL is SSL (@amatsuda)
      • +
    • +!339, !479 - Update testing infrastructure for all supported Rubies (@pboling and @josephpage)
      • +
    • +!366 - Security: Fix logging to $stdout of request and response bodies via Faraday’s logger and ENV["OAUTH_DEBUG"] == 'true' (@pboling)
      • +
    • +!380 - Fix: Stop attempting to encode non-encodable objects in Oauth2::Error (@jhmoore)
      • +
    • +!399 - Fix: Stop duplicating redirect_uri in get_token (@markus)
      • +
    • +!410 - Fix: SystemStackError caused by circular reference between Error and Response classes (@jhmoore)
      • +
    • +!460 - Fix: Stop throwing errors when raise_errors is set to false; analog of !524 for 1-4-stable branch (@joaolrpaulo)
      • +
    • +!472 - Security: Add checks to enforce client_secret is never passed in authorize_url query params for implicit and auth_code grant types (@dfockler)
      • +
    • +!482 - Documentation: Update last of intridea links to oauth-xx (@pboling)
      • +
    • +!536 - Security: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to !535 on 1-4-stable branch (@pboling)
      • +
    • +!595 - Graceful handling of empty responses from Client#get_token, respecting :raise_errors config (@stanhu)
      • +
    • +!596 - Consistency between AccessToken#refresh and Client#get_token named arguments (@stanhu)
      • +
    • +!598 - Fix unparseable data not raised as error in Client#get_token, respecting :raise_errors config (@stanhu) +

      Removed

      +
      • +
    • +!341 - Remove Rdoc & Jeweler related files (@josephpage)
      • +
    • +!342 - BREAKING: Dropped support for Ruby 1.8 (@josephpage)
      • +
    • +!539 - Remove reliance on globally included OAuth2 in tests, analog of !538 for 1-4-stable (@anderscarling)
      • +
    • +!566 - Dependency: Removed wwtd (@bquorning)
      • +
    • +!589, !593 - Remove support for expired MAC token draft spec (@stanhu)
      • +
    • +!590 - Dependency: Removed multi_json (@stanhu)
      • +
    + +

    +1.4.11 - 2022-09-16

    +
      +
    • TAG: v1.4.11 +
      • +
    • Complete migration to main branch as default (@pboling)
      • +
    • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
      • +
    + +

    +1.4.10 - 2022-07-01

    +
      +
    • TAG: v1.4.10 +
      • +
    • FIPS Compatibility !587 (@akostadinov)
      • +
    + +

    +1.4.9 - 2022-02-20

    +
      +
    • TAG: v1.4.9 +
      • +
    • Fixes compatibility with Faraday v2 572 +
      • +
    • Includes supported versions of Faraday in test matrix: +
        +
      • Faraday ~> 2.2.0 with Ruby >= 2.6
        • +
      • Faraday ~> 1.10 with Ruby >= 2.4
        • +
      • Faraday ~> 0.17.3 with Ruby >= 1.9
        • +
      +
      • +
    • Add Windows and MacOS to test matrix
      • +
    + +

    +1.4.8 - 2022-02-18

    +
      +
    • TAG: v1.4.8 +
      • +
    • MFA is now required to push new gem versions (@pboling)
      • +
    • README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling)
      • +
    • +!569 Backport fixes (!561 by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
      • +
    • Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
      • +
    • Add CodeQL, Security Policy, Funding info (@pboling)
      • +
    • Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
      • +
    • +!543 - Support for more modern Open SSL libraries (@pboling)
      • +
    + +

    +1.4.7 - 2021-03-19

    +
      +
    • TAG: v1.4.7 +
      • +
    • +!541 - Backport fix to expires_at handling !533 to 1-4-stable branch. (@dobon)
      • +
    + +

    +1.4.6 - 2021-03-19

    +
      +
    • TAG: v1.4.6 +
      • +
    • +!540 - Add VERSION constant (@pboling)
      • +
    • +!537 - Fix crash in OAuth2::Client#get_token (@anderscarling)
      • +
    • +!538 - Remove reliance on globally included OAuth2 in tests, analogous to !539 on main branch (@anderscarling)
      • +
    + +

    +1.4.5 - 2021-03-18

    +
      +
    • TAG: v1.4.5 +
      • +
    • +!535 - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to !536 on main branch (@pboling)
      • +
    • +!518 - Add extract_access_token option to OAuth2::Client (@jonspalmer)
      • +
    • +!507 - Fix camel case content type, response keys (@anvox)
      • +
    • +!500 - Fix YARD documentation formatting (@olleolleolle)
      • +
    + +

    +1.4.4 - 2020-02-12

    +
      +
    • TAG: v1.4.4 +
      • +
    • +!408 - Fixed expires_at for formatted time (@Lomey)
      • +
    + +

    +1.4.3 - 2020-01-29

    +
      +
    • TAG: v1.4.3 +
      • +
    • +!483 - add project metadata to gemspec (@orien)
      • +
    • +!495 - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz) +
        +
      • Adds support for private_key_jwt and tls_client_auth
        • +
      +
      • +
    • +!433 - allow field names with square brackets and numbers in params (@asm256)
      • +
    + +

    +1.4.2 - 2019-10-01

    +
      +
    • TAG: v1.4.2 +
      • +
    • +!478 - support latest version of faraday & fix build (@pboling) +
        +
      • Officially support Ruby 2.6 and truffleruby
        • +
      +
      • +
    + +

    +1.4.1 - 2018-10-13

    +
      +
    • TAG: v1.4.1 +
      • +
    • +!417 - update jwt dependency (@thewoolleyman)
      • +
    • +!419 - remove rubocop dependency (temporary, added back in !423) (@pboling)
      • +
    • +!418 - update faraday dependency (@pboling)
      • +
    • +!420 - update oauth2.gemspec (@pboling)
      • +
    • +!421 - fix CHANGELOG.md for previous releases (@pboling)
      • +
    • +!422 - update LICENSE and README.md (@pboling)
      • +
    • +!423 - update builds, Rakefile (@pboling) +
        +
      • officially document supported Rubies +
          +
        • Ruby 1.9.3
          • +
        • Ruby 2.0.0
          • +
        • Ruby 2.1
          • +
        • Ruby 2.2
          • +
        • +JRuby 1.7 (targets MRI v1.9)
          • +
        • +JRuby 9.0 (targets MRI v2.0)
          • +
        • Ruby 2.3
          • +
        • Ruby 2.4
          • +
        • Ruby 2.5
          • +
        • +JRuby 9.1 (targets MRI v2.3)
          • +
        • +JRuby 9.2 (targets MRI v2.5)
          • +
        +
        • +
      +
      • +
    + +

    +1.4.0 - 2017-06-09

    +
      +
    • TAG: v1.4.0 +
      • +
    • Drop Ruby 1.8.7 support (@sferik)
      • +
    • Fix some RuboCop offenses (@sferik)
      • +
    • +Dependency: Remove Yardstick (@sferik)
      • +
    • +Dependency: Upgrade Faraday to 0.12 (@sferik)
      • +
    + +

    +1.3.1 - 2017-03-03 (tag)

    +
      +
    • Add support for Ruby 2.4.0 (@pschambacher)
      • +
    • +Dependency: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher)
      • +
    + +

    +1.3.0 - 2016-12-28 (tag)

    +
      +
    • Add support for header-based authentication to the Client so it can be used across the library (@bjeanes)
      • +
    • Default to header-based authentication when getting a token from an authorisation code (@maletor)
      • +
    • +Breaking: Allow an auth_scheme (:basic_auth or :request_body) to be set on the client, defaulting to :request_body to maintain backwards compatibility (@maletor, @bjeanes)
      • +
    • Handle redirect_uri according to the OAuth 2 spec, so it is passed on redirect and at the point of token exchange (@bjeanes)
      • +
    • Refactor handling of encoding of error responses (@urkle)
      • +
    • Avoid instantiating an Error if there is no error to raise (@urkle)
      • +
    • Add support for Faraday 0.10 (@rhymes)
      • +
    + +

    +1.2.0 - 2016-07-01 (tag)

    +
      +
    • Properly handle encoding of error responses (so we don’t blow up, for example, when Google’s response includes a ∞) (@Motoshi-Nishihira)
      • +
    • Make a copy of the options hash in AccessToken#from_hash to avoid accidental mutations (@Linuus)
      • +
    • Use raise rather than fail to throw exceptions (@sferik)
      • +
    + +

    +1.1.0 - 2016-01-30 (tag)

    +
      +
    • Various refactors (eliminating Hash#merge! usage in AccessToken#refresh!, use yield instead of #call, freezing mutable objects in constants, replacing constants with class variables) (@sferik)
      • +
    • Add support for Rack 2, and bump various other dependencies (@sferik)
      • +
    + +

    +1.0.0 - 2014-07-09 (tag)

    +

    Added

    +
      +
    • Add an implementation of the MAC token spec. +

      Fixed

      +
      • +
    • Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
      • +
    + +

    +0.5.0 - 2011-07-29 (tag)

    +

    Changed

    +
      +
    • +breaking oauth_token renamed to oauth_bearer.
      • +
    • +breaking authorize_path Client option renamed to authorize_url.
      • +
    • +breaking access_token_path Client option renamed to token_url.
      • +
    • +breaking access_token_method Client option renamed to token_method.
      • +
    • +breaking web_server renamed to auth_code.
      • +
    + +

    +0.4.1 - 2011-04-20 (tag)

    + +

    +0.4.0 - 2011-04-20 (tag)

    + +

    +0.3.0 - 2011-04-08 (tag)

    + +

    +0.2.0 - 2011-04-01 (tag)

    + +

    +0.1.1 - 2011-01-12 (tag)

    + +

    +0.1.0 - 2010-10-13 (tag)

    + +

    +0.0.13 - 2010-08-17 (tag)

    + +

    +0.0.12 - 2010-08-17 (tag)

    + +

    +0.0.11 - 2010-08-17 (tag)

    + +

    +0.0.10 - 2010-06-19 (tag)

    + +

    +0.0.9 - 2010-06-18 (tag)

    + +

    +0.0.8 - 2010-04-27 (tag)

    + +

    +0.0.7 - 2010-04-27 (tag)

    + +

    +0.0.6 - 2010-04-25 (tag)

    + +

    +0.0.5 - 2010-04-23 (tag)

    + +

    +0.0.4 - 2010-04-22 (tag)

    + +

    +0.0.3 - 2010-04-22 (tag)

    + +

    +0.0.2 - 2010-04-22 (tag)

    + +

    +0.0.1 - 2010-04-22 (tag)

    + +
    + + + +
    + + \ No newline at end of file diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html new file mode 100644 index 00000000..a8fbac95 --- /dev/null +++ b/doc/file.CODE_OF_CONDUCT.html @@ -0,0 +1,202 @@ + + + + + + + File: CODE_OF_CONDUCT + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
    + +
    +
    + +
    + + +
    +

    Contributor Covenant Code of Conduct

    + +

    Our Pledge

    + +

    We as members, contributors, and leaders pledge to make participation in our
    +community a harassment-free experience for everyone, regardless of age, body
    +size, visible or invisible disability, ethnicity, sex characteristics, gender
    +identity and expression, level of experience, education, socio-economic status,
    +nationality, personal appearance, race, religion, or sexual identity
    +and orientation.

    + +

    We pledge to act and interact in ways that contribute to an open, welcoming,
    +diverse, inclusive, and healthy community.

    + +

    Our Standards

    + +

    Examples of behavior that contributes to a positive environment for our
    +community include:

    + +
      +
    • Demonstrating empathy and kindness toward other people
      • +
    • Being respectful of differing opinions, viewpoints, and experiences
      • +
    • Giving and gracefully accepting constructive feedback
      • +
    • Accepting responsibility and apologizing to those affected by our mistakes,
      +and learning from the experience
      • +
    • Focusing on what is best not just for us as individuals, but for the
      +overall community
      • +
    + +

    Examples of unacceptable behavior include:

    + +
      +
    • The use of sexualized language or imagery, and sexual attention or
      +advances of any kind
      • +
    • Trolling, insulting or derogatory comments, and personal or political attacks
      • +
    • Public or private harassment
      • +
    • Publishing others’ private information, such as a physical or email
      +address, without their explicit permission
      • +
    • Other conduct which could reasonably be considered inappropriate in a
      +professional setting
      • +
    + +

    Enforcement Responsibilities

    + +

    Community leaders are responsible for clarifying and enforcing our standards of
    +acceptable behavior and will take appropriate and fair corrective action in
    +response to any behavior that they deem inappropriate, threatening, offensive,
    +or harmful.

    + +

    Community leaders have the right and responsibility to remove, edit, or reject
    +comments, commits, code, wiki edits, issues, and other contributions that are
    +not aligned to this Code of Conduct, and will communicate reasons for moderation
    +decisions when appropriate.

    + +

    Scope

    + +

    This Code of Conduct applies within all community spaces, and also applies when
    +an individual is officially representing the community in public spaces.
    +Examples of representing our community include using an official e-mail address,
    +posting via an official social media account, or acting as an appointed
    +representative at an online or offline event.

    + +

    Enforcement

    + +

    Instances of abusive, harassing, or otherwise unacceptable behavior may be
    +reported to the community leaders responsible for enforcement at
    +[INSERT CONTACT METHOD].
    +All complaints will be reviewed and investigated promptly and fairly.

    + +

    All community leaders are obligated to respect the privacy and security of the
    +reporter of any incident.

    + +

    Enforcement Guidelines

    + +

    Community leaders will follow these Community Impact Guidelines in determining
    +the consequences for any action they deem in violation of this Code of Conduct:

    + +

    1. Correction

    + +

    Community Impact: Use of inappropriate language or other behavior deemed
    +unprofessional or unwelcome in the community.

    + +

    Consequence: A private, written warning from community leaders, providing
    +clarity around the nature of the violation and an explanation of why the
    +behavior was inappropriate. A public apology may be requested.

    + +

    2. Warning

    + +

    Community Impact: A violation through a single incident or series
    +of actions.

    + +

    Consequence: A warning with consequences for continued behavior. No
    +interaction with the people involved, including unsolicited interaction with
    +those enforcing the Code of Conduct, for a specified period of time. This
    +includes avoiding interactions in community spaces as well as external channels
    +like social media. Violating these terms may lead to a temporary or
    +permanent ban.

    + +

    3. Temporary Ban

    + +

    Community Impact: A serious violation of community standards, including
    +sustained inappropriate behavior.

    + +

    Consequence: A temporary ban from any sort of interaction or public
    +communication with the community for a specified period of time. No public or
    +private interaction with the people involved, including unsolicited interaction
    +with those enforcing the Code of Conduct, is allowed during this period.
    +Violating these terms may lead to a permanent ban.

    + +

    4. Permanent Ban

    + +

    Community Impact: Demonstrating a pattern of violation of community
    +standards, including sustained inappropriate behavior, harassment of an
    +individual, or aggression toward or disparagement of classes of individuals.

    + +

    Consequence: A permanent ban from any sort of public interaction within
    +the community.

    + +

    Attribution

    + +

    This Code of Conduct is adapted from the Contributor Covenant,
    +version 2.0, available at
    +https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.

    + +

    Community Impact Guidelines were inspired by
    +Mozilla’s code of conduct enforcement ladder.

    + +

    For answers to common questions about this code of conduct, see the FAQ at
    +https://www.contributor-covenant.org/faq. Translations are available
    +at https://www.contributor-covenant.org/translations.

    + +
    + + + +
    + + \ No newline at end of file diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html new file mode 100644 index 00000000..24a89342 --- /dev/null +++ b/doc/file.CONTRIBUTING.html @@ -0,0 +1,205 @@ + + + + + + + File: CONTRIBUTING + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
    + +
    +
    + +
    + + +

    Contributing

    + +

    Bug reports and pull requests are welcome on GitLab at https://gitlab.com/oauth-xx/oauth2
    +. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to
    +the code of conduct.

    + +

    To submit a patch, please fork the project and create a patch with tests.
    +Once you’re happy with it send a pull request.

    + +

    We Keep A Changelog so if you make changes, remember to update it.

    + +

    You can help!

    + +

    Take a look at the reek list which is the file called REEK and find something to improve.

    + +

    Simply follow these instructions:

    + +
      +
    1. Fork the repository
      2. +
    2. Create your feature branch (git checkout -b my-new-feature)
      3. +
    3. Make some fixes.
      4. +
    4. Commit your changes (git commit -am 'Added some feature')
      5. +
    5. Push to the branch (git push origin my-new-feature)
      6. +
    6. Make sure to add tests for it. This is important, so it doesn’t break in a future release.
      7. +
    7. Create new Pull Request.
      8. +
    + +

    Appraisals

    + +

    From time to time the appraisal gemfiles in gemfiles/ will need to be updated.
    +They are created and updated with the commands:

    + +

    NOTE: We run on a fork of Appraisal.

    + +

    Please upvote the PR for eval_gemfile support

    + +
    BUNDLE_GEMFILE=Appraisal.root.gemfile bundle
+BUNDLE_GEMFILE=Appraisal.root.gemfile bundle exec appraisal update
+bundle exec rake rubocop_gradual:autocorrect
+
    + +

    When adding an appraisal to CI check the runner tool cache to see which runner to use.

    + +

    The Reek List

    + +

    Take a look at the reek list which is the file called REEK and find something to improve.

    + +

    To refresh the reek list:

    + +
    bundle exec reek > REEK
+
    + +

    Run Tests

    + +

    To run all tests

    + +
    bundle exec rake test
+
    + +

    Lint It

    + +

    Run all the default tasks, which includes running the gradually autocorrecting linter, rubocop-gradual.

    + +
    bundle exec rake
+
    + +

    Or just run the linter.

    + +
    bundle exec rake rubocop_gradual:autocorrect
+
    + +

    Contributors

    + +

    Your picture could be here!

    + +

    Contributors

    + +

    Made with contributors-img.

    + +

    Also see GitLab Contributors: https://gitlab.com/oauth-xx/oauth2/-/graphs/main

    + +

    For Maintainers

    + +

    One-time, Per-maintainer, Setup

    + +

    IMPORTANT: If you want to sign the build you create,
    +your public key for signing gems will need to be picked up by the line in the
    +gemspec defining the spec.cert_chain (check the relevant ENV variables there).
    +All releases to RubyGems.org will be signed.
    +See: RubyGems Security Guide

    + +

    NOTE: To build without signing the gem you must set SKIP_GEM_SIGNING to some value in your environment.

    + +

    To release a new version:

    + +
      +
    1. Run bin/setup && bin/rake as a tests, coverage, & linting sanity check
      2. +
    2. Update the version number in version.rb, and ensure CHANGELOG.md reflects changes
      3. +
    3. Run bin/setup && bin/rake again as a secondary check, and to update Gemfile.lock +
      4. +
    4. Run git commit -am "🔖 Prepare release v<VERSION>" to commit the changes
      5. +
    5. Run git push to trigger the final CI pipeline before release, & merge PRs + +
      6. +
    6. Run export GIT_TRUNK_BRANCH_NAME="$(git remote show origin | grep 'HEAD branch' | cut -d ' ' -f5)" && echo $GIT_TRUNK_BRANCH_NAME +
      7. +
    7. Run git checkout $GIT_TRUNK_BRANCH_NAME +
      8. +
    8. Run git pull origin $GIT_TRUNK_BRANCH_NAME to ensure you will release the latest trunk code
      9. +
    9. Set SOURCE_DATE_EPOCH so rake build and rake release use same timestamp, and generate same checksums +
        +
      • Run export SOURCE_DATE_EPOCH=$EPOCHSECONDS && echo $SOURCE_DATE_EPOCH +
        • +
      • If the echo above has no output, then it didn’t work.
        • +
      • Note that you’ll need the zsh/datetime module, if running zsh.
        • +
      • In older versions of bash you can use date +%s instead, i.e. export SOURCE_DATE_EPOCH=$(date +%s) && echo $SOURCE_DATE_EPOCH +
        • +
      +
      10. +
    10. Run bundle exec rake build +
      11. +
    11. Run bin/gem_checksums (more context 1, 2)
      +to create SHA-256 and SHA-512 checksums. This functionality is provided by the stone_checksums
      +gem. +
        +
      • Checksums will be committed automatically by the script, but not pushed
        • +
      +
      12. +
    12. Run bundle exec rake release which will create a git tag for the version,
      +push git commits and tags, and push the .gem file to rubygems.org +
      13. +
    + +
    + + + +
    + + \ No newline at end of file diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html new file mode 100644 index 00000000..bb868c29 --- /dev/null +++ b/doc/file.LICENSE.html @@ -0,0 +1,70 @@ + + + + + + + File: LICENSE + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
    + +
    +
    + +
    + + +
    MIT License

    Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
    Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
    in the Software without restriction, including without limitation the rights
    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    copies of the Software, and to permit persons to whom the Software is
    furnished to do so, subject to the following conditions:

    The above copyright notice and this permission notice shall be included in all
    copies or substantial portions of the Software.

    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
    SOFTWARE.
    + + + +
    + + \ No newline at end of file diff --git a/doc/file.README.html b/doc/file.README.html new file mode 100644 index 00000000..594ad4b2 --- /dev/null +++ b/doc/file.README.html @@ -0,0 +1,960 @@ + + + + + + + File: README + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
    + +
    +
    + +
    + + +

    + + OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0 + + + Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 + +

    + +

    🔐 OAuth2

    + +

    Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL

    + +
    + +

    Liberapay Goal Progress Sponsor Me on Github Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon

    + +

    OAuth 2.0 is the industry-standard protocol for authorization.
    +OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
    + desktop applications, mobile phones, and living room devices.
    +This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications.

    + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Federated DVCS RepositoryStatusIssuesPRsWikiCIDiscussions
🧪 oauth-xx/oauth2 on GitLab +The Truth💚💚💚🏀 Tiny Matrix
🧊 oauth-xx/oauth2 on CodeBerg +An Ethical Mirror (Donate)💚⭕️ No Matrix
🐙 oauth-xx/oauth2 on GitHub +A Dirty Mirror💚💚💯 Full Matrix
🤼 OAuth Ruby Google Group +“Active”💚
🎮️ Discord Server +Live Chat on DiscordLet’stalkaboutthislibrary!
+ +

Upgrading Runtime Gem Dependencies

+ +

This project sits underneath a large portion of the authorization systems on the internet.
+According to GitHub’s project tracking, which I believe only reports on public projects,
+100,000+ projects, and
+500+ packages depend on this project.

+ +

That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.

+ +

As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
+leading versions per each minor version of Ruby of all the runtime dependencies it can install with.

+ +

What does that mean specifically for the runtime dependencies?

+ +

We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
+covering the latest patch for each of the following minor versions:

+ +
    +
  • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD +
      +
    • NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
      • +
    +
    • +
  • JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
    • +
  • TruffleRuby @ v23.1, v23.2, HEAD
    • +
  • gem faraday @ v0, v1, v2, HEAD ⏩️ lostisland/faraday +
    • +
  • gem jwt @ v1, v2, v3, HEAD ⏩️ lostisland/faraday +
    • +
  • gem logger @ v1.2, v1.5, v1.7, HEAD ⏩️ jwt/ruby-jwt +
    • +
  • gem multi_xml @ v0.5, v0.6, v0.7, HEAD ⏩️ sferik/multi_xml +
    • +
  • gem rack @ v1.2, v1.6, v2, v3, HEAD ⏩️ rack/rack +
    • +
  • gem snaky_hash @v2, HEAD ⏩️ oauth-xx/snaky_hash +
    • +
  • gem version_gem - @v1, HEAD ⏩️ oauth-xx/version_gem +
    • +
+ +

The last two were extracted from this gem. They are part of the oauth-xx org,
+and are developed in tight collaboration with this gem.

+ +

You should upgrade this gem with confidence*.

+ +
    +
  • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer. +
      +
    • Dropping support for any of the runtime dependency versions above will be a major version bump.
      • +
    • If you aren’t on one of the minor versions above, make getting there a priority.
      • +
    +
    • +
  • You should upgrade the dependencies of this gem with confidence*.
    • +
  • Please do upgrade, and then, when it goes smooth as butter please sponsor me. Thanks!
    • +
+ +

* MIT license; I am unable to make guarantees.

+ + + + + + + + + + + + + + + + + + + + + + +
🚚 Test matrix brought to you by🔎 appraisal++
Adds back support for old Rubiesappraisal PR #250 +
Adds support for eval_gemfile +appraisal PR #248 +
Please reviewmy PRs!
+ +
+ Standard Library Dependencies + +The various versions of each are tested via the Ruby test matrix, along with whatever Ruby includes them. + +* base64 +* cgi +* json +* time +* logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10) + +If you use a gem version it should work fine! + +
+ +

Quick Usage Example for AI and Copy / Pasting

+ +

Convert the following curl command into a token request using this gem…

+ +
curl --request POST \
+  --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \
+  --header 'content-type: application/x-www-form-urlencoded' \
+  --data grant_type=client_credentials \
+  --data client_id=REDMOND_CLIENT_ID \
+  --data client_secret=REDMOND_CLIENT_SECRET \
+  --data resource=REDMOND_RESOURCE_UUID
+
+ +

NOTE: In the ruby version below, certain params are passed to the get_token call, instead of the client creation.

+ +
OAuth2::Client.new(
+  "REDMOND_CLIENT_ID", # client_id
+  "REDMOND_CLIENT_SECRET", # client_secret
+  auth_scheme: :request_body, # Other modes are supported: :basic_auth, :tls_client_auth, :private_key_jwt
+  token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path
+  site: "https://login.microsoftonline.com/REDMOND_REDACTED",
+). # The base path for token_url when it is relative
+  client_credentials. # There are many other types to choose from!
+  get_token(resource: "REDMOND_RESOURCE_UUID")
+
+ +

NOTE: header - The content type specified in the curl is already the default!

+ +

If any of the above makes you uncomfortable, you may be in the wrong place.
+One of these might be what you are looking for:

+ + + +

💡 Info you can shake a stick at

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Tokens to Remember +Gem name Gem namespace +
Works with JRuby +JRuby 9.2 Compat JRuby 9.3 Compat JRuby 9.4 Compat JRuby 10.0 Compat JRuby HEAD Compat +
Works with Truffle Ruby +Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat Truffle Ruby HEAD Compat +
Works with MRI Ruby 3 +Ruby 3.0 Compat Ruby 3.1 Compat Ruby 3.2 Compat Ruby 3.3 Compat Ruby 3.4 Compat Ruby HEAD Compat +
Works with MRI Ruby 2 +Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat +
Source +Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ! +
Documentation +Discussion Current release on RubyDoc.info HEAD on RubyDoc.info BDFL Blog Wiki +
Compliance +License: MIT 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0 FOSSA +
Style +Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits +
Support +Live Chat on Discord Get help from me on Upwork Get help from me on Codementor +
Enterprise Support +Get help from me on Tidelift
💡Subscribe for support guarantees covering all FLOSS dependencies!
💡Tidelift is part of Sonar!
💡Tidelift pays maintainers to maintain the software you depend on!
📊@Pointy Haired Boss: An enterprise support subscription is “never gonna let you down”, and supports open source maintainers!
Comrade BDFL 🎖️ +Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact BDFL My technical writing +
+... 💖 +Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙 🛖 🧪 +
+ +

🚀 Release Documentation

+ +

Version 2.0.x

+ +
+ 2.0.x CHANGELOGs and READMEs + +| Version | Release Date | CHANGELOG | README | +|---------|--------------|---------------------------------------|---------------------------------| +| 2.0.10 | 2025-05-17 | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] | +| 2.0.9 | 2022-09-16 | [v2.0.9 CHANGELOG][2.0.9-changelog] | [v2.0.9 README][2.0.9-readme] | +| 2.0.8 | 2022-09-01 | [v2.0.8 CHANGELOG][2.0.8-changelog] | [v2.0.8 README][2.0.8-readme] | +| 2.0.7 | 2022-08-22 | [v2.0.7 CHANGELOG][2.0.7-changelog] | [v2.0.7 README][2.0.7-readme] | +| 2.0.6 | 2022-07-13 | [v2.0.6 CHANGELOG][2.0.6-changelog] | [v2.0.6 README][2.0.6-readme] | +| 2.0.5 | 2022-07-07 | [v2.0.5 CHANGELOG][2.0.5-changelog] | [v2.0.5 README][2.0.5-readme] | +| 2.0.4 | 2022-07-01 | [v2.0.4 CHANGELOG][2.0.4-changelog] | [v2.0.4 README][2.0.4-readme] | +| 2.0.3 | 2022-06-28 | [v2.0.3 CHANGELOG][2.0.3-changelog] | [v2.0.3 README][2.0.3-readme] | +| 2.0.2 | 2022-06-24 | [v2.0.2 CHANGELOG][2.0.2-changelog] | [v2.0.2 README][2.0.2-readme] | +| 2.0.1 | 2022-06-22 | [v2.0.1 CHANGELOG][2.0.1-changelog] | [v2.0.1 README][2.0.1-readme] | +| 2.0.0 | 2022-06-21 | [v2.0.0 CHANGELOG][2.0.0-changelog] | [v2.0.0 README][2.0.0-readme] | +
+ +

Older Releases

+ +
+ 1.4.x CHANGELOGs and READMEs + +| Version | Release Date | CHANGELOG | README | +|---------|--------------|---------------------------------------|---------------------------------| +| 1.4.11 | Sep 16, 2022 | [v1.4.11 CHANGELOG][1.4.11-changelog] | [v1.4.11 README][1.4.11-readme] | +| 1.4.10 | Jul 1, 2022 | [v1.4.10 CHANGELOG][1.4.10-changelog] | [v1.4.10 README][1.4.10-readme] | +| 1.4.9 | Feb 20, 2022 | [v1.4.9 CHANGELOG][1.4.9-changelog] | [v1.4.9 README][1.4.9-readme] | +| 1.4.8 | Feb 18, 2022 | [v1.4.8 CHANGELOG][1.4.8-changelog] | [v1.4.8 README][1.4.8-readme] | +| 1.4.7 | Mar 19, 2021 | [v1.4.7 CHANGELOG][1.4.7-changelog] | [v1.4.7 README][1.4.7-readme] | +| 1.4.6 | Mar 19, 2021 | [v1.4.6 CHANGELOG][1.4.6-changelog] | [v1.4.6 README][1.4.6-readme] | +| 1.4.5 | Mar 18, 2021 | [v1.4.5 CHANGELOG][1.4.5-changelog] | [v1.4.5 README][1.4.5-readme] | +| 1.4.4 | Feb 12, 2020 | [v1.4.4 CHANGELOG][1.4.4-changelog] | [v1.4.4 README][1.4.4-readme] | +| 1.4.3 | Jan 29, 2020 | [v1.4.3 CHANGELOG][1.4.3-changelog] | [v1.4.3 README][1.4.3-readme] | +| 1.4.2 | Oct 1, 2019 | [v1.4.2 CHANGELOG][1.4.2-changelog] | [v1.4.2 README][1.4.2-readme] | +| 1.4.1 | Oct 13, 2018 | [v1.4.1 CHANGELOG][1.4.1-changelog] | [v1.4.1 README][1.4.1-readme] | +| 1.4.0 | Jun 9, 2017 | [v1.4.0 CHANGELOG][1.4.0-changelog] | [v1.4.0 README][1.4.0-readme] | +
+ +
+ 1.3.x Readmes + +| Version | Release Date | Readme | +|----------|--------------|----------------------------------------------------------| +| 1.3.1 | Mar 3, 2017 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.3.1/README.md | +| 1.3.0 | Dec 27, 2016 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.3.0/README.md | +
+ +
+ ≤= 1.2.x Readmes (2016 and before) + +| Version | Release Date | Readme | +|----------|--------------|----------------------------------------------------------| +| 1.2.0 | Jun 30, 2016 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.2.0/README.md | +| 1.1.0 | Jan 30, 2016 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.1.0/README.md | +| 1.0.0 | May 23, 2014 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.0.0/README.md | +| < 1.0.0 | Find here | https://gitlab.com/oauth-xx/oauth2/-/tags | +
+ +

✨ Installation

+ +

Install the gem and add to the application’s Gemfile by executing:

+ +
$ bundle add oauth2
+
+ +

If bundler is not being used to manage dependencies, install the gem by executing:

+ +
$ gem install oauth2
+
+ +

🔒 Secure Installation

+ +

oauth2 is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by
+stone_checksums. Be sure the gem you install hasn’t been tampered with
+by following the instructions below.

+ +

Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:

+ +
gem cert --add <(curl -Ls https://raw.github.com/kettle-rb/oauth2/main/certs/pboling.pem)
+
+ +

You only need to do that once. Then proceed to install with:

+ +
gem install oauth2 -P MediumSecurity
+
+ +

The MediumSecurity trust profile will verify signed gems, but allow the installation of unsigned dependencies.

+ +

This is necessary because not all of oauth2’s dependencies are signed, so we cannot use HighSecurity.

+ +

If you want to up your security game full-time:

+ +
bundle config set --global trust-policy MediumSecurity
+
+ +

NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.

+ +

OAuth2 for Enterprise

+ +

Available as part of the Tidelift Subscription.

+ +

The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.

+ +

Security contact information

+ +

To report a security vulnerability, please use the Tidelift security contact.
+Tidelift will coordinate the fix and disclosure.

+ +

For more see SECURITY.md.

+ +

What is new for v2.0?

+ +
    +
  • Officially support Ruby versions >= 2.7
    • +
  • Unofficially support Ruby versions >= 2.5
    • +
  • Incidentally support Ruby versions >= 2.2
    • +
  • Drop support for the expired MAC Draft (all versions)
    • +
  • Support IETF rfc7523 JWT Bearer Tokens
    • +
  • Support IETF rfc7231 Relative Location in Redirect
    • +
  • Support IETF rfc6749 Don’t set oauth params when nil
    • +
  • Support IETF rfc7009 Token Revocation (since v2.0.10)
    • +
  • Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523) +
    • +
  • Support new formats, including from jsonapi.org: application/vdn.api+json, application/vnd.collection+json, application/hal+json, application/problem+json +
    • +
  • Adds new option to OAuth2::Client#get_token: +
      +
    • +:access_token_class (AccessToken); user specified class to use for all calls to get_token +
      • +
    +
    • +
  • Adds new option to OAuth2::AccessToken#initialize: +
      +
    • +:expires_latency (nil); number of seconds by which AccessToken validity will be reduced to offset latency
      • +
    +
    • +
  • By default, keys are transformed to snake case. +
      +
    • Original keys will still work as previously, in most scenarios, thanks to snaky_hash gem.
      • +
    • However, this is a breaking change if you rely on response.parsed.to_h to retain the original case, and the original wasn’t snake case, as the keys in the result will be snake case.
      • +
    • As of version 2.0.4 you can turn key transformation off with the snaky: false option.
      • +
    +
    • +
  • By default, the :auth_scheme is now :basic_auth (instead of :request_body) +
      +
    • Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
      • +
    +
    • +
  • … A lot more
    • +
+ +

Compatibility

+ +

Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
+Compatibility is further distinguished as “Best Effort Support” or “Incidental Support” for older versions of Ruby.
+This gem will install on Ruby versions >= v2.2 for 2.x releases.
+See 1-4-stable branch for older rubies.

+ +
+ Ruby Engine Compatibility Policy + +This gem is tested against MRI, JRuby, and Truffleruby. +Each of those has varying versions that target a specific version of MRI Ruby. +This gem should work in the just-listed Ruby engines according to the targeted MRI compatibility in the table below. +If you would like to add support for additional engines, + see [gemfiles/README.md](gemfiles/README.md), then submit a PR to the correct maintenance branch as according to the table below. +
+ +
+ Ruby Version Compatibility Policy + +If something doesn't work on one of these interpreters, it's a bug. + +This library may inadvertently work (or seem to work) on other Ruby +implementations, however support will only be provided for the versions listed +above. + +If you would like this library to support another Ruby version, you may +volunteer to be a maintainer. Being a maintainer entails making sure all tests +run and pass on that implementation. When something breaks on your +implementation, you will be responsible for providing patches in a timely +fashion. If critical issues for a particular implementation exist at the time +of a major release, support for that Ruby version may be dropped. +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
 Ruby OAuth2 VersionMaintenance BranchTargeted SupportBest Effort SupportIncidental Support
1️⃣2.0.xmain3.2, 3.3, 3.42.5, 2.6, 2.7, 3.0, 3.12.2, 2.3, 2.4
2️⃣1.4.x1-4-stable3.2, 3.3, 3.42.5, 2.6, 2.7, 3.0, 3.11.9, 2.0, 2.1, 2.2, 2.3, 2.4
3️⃣olderN/ABest of luck to you!Please upgrade! 
+ +

NOTE: The 1.4 series will only receive critical security updates.
+See SECURITY.md.

+ +

🔧 Basic Usage

+ +

Global Configuration

+ +

You can turn on additional warnings.

+ +
OAuth2.configure do |config|
+  # Turn on a warning like:
+  #   OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key
+  config.silence_extra_tokens_warning = false # default: true
+  # Set to true if you want to also show warnings about no tokens
+  config.silence_no_tokens_warning = false # default: true,
+end
+
+ +

The “extra tokens” problem comes from ambiguity in the spec about which token is the right token.
+Some OAuth 2.0 standards legitimately have multiple tokens.
+You may need to subclass OAuth2::AccessToken, or write your own custom alternative to it, and pass it in.
+Specify your custom class with the access_token_class option.

+ +

If you only need one token you can, as of v2.0.10,
+specify the exact token name you want to extract via the OAuth2::AccessToken using
+the token_name option.

+ +

You’ll likely need to do some source diving.
+This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
+If you have time and energy please contribute to the documentation!

+ +

+authorize_url and token_url are on site root (Just Works!)

+ +
require "oauth2"
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org")
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
+# => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+
+access = client.auth_code.get_token("authorization_code_value", redirect_uri: "http://localhost:8080/oauth2/callback", headers: {"Authorization" => "Basic some_password"})
+response = access.get("/api/resource", params: {"query_foo" => "bar"})
+response.class.name
+# => OAuth2::Response
+
+ +

Relative authorize_url and token_url (Not on site root, Just Works!)

+ +

In above example, the default Authorization URL is oauth/authorize and default Access Token URL is oauth/token, and, as they are missing a leading /, both are relative.

+ +
client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
+# => "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+
+ +

Customize authorize_url and token_url +

+ +

You can specify custom URLs for authorization and access token, and when using a leading / they will not be relative, as shown below:

+ +
client = OAuth2::Client.new(
+  "client_id",
+  "client_secret",
+  site: "https://example.org/nested/directory/on/your/server",
+  authorize_url: "/jaunty/authorize/",
+  token_url: "/stirrups/access_token",
+)
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
+# => "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+client.class.name
+# => OAuth2::Client
+
+ +

snake_case and indifferent access in Response#parsed

+ +
response = access.get("/api/resource", params: {"query_foo" => "bar"})
+# Even if the actual response is CamelCase. it will be made available as snaky:
+JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed                   # => {"access_token"=>"aaaaaaaa", "additional_data"=>"additional"}
+response.parsed.access_token      # => "aaaaaaaa"
+response.parsed[:access_token]    # => "aaaaaaaa"
+response.parsed.additional_data   # => "additional"
+response.parsed[:additional_data] # => "additional"
+response.parsed.class.name        # => OAuth2::SnakyHash (subclass of Hashie::Mash::Rash, from `rash_alt` gem)
+
+ +

What if I hate snakes and/or indifference?

+ +
response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
+JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed                   # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed["accessToken"]    # => "aaaaaaaa"
+response.parsed["additionalData"] # => "additional"
+response.parsed.class.name        # => Hash (just, regular old Hash)
+
+ +
+ Debugging + +Set an environment variable, however you would [normally do that](https://github.com/bkeepers/dotenv). + +```ruby +# will log both request and response, including bodies +ENV["OAUTH_DEBUG"] = "true" +``` + +By default, debug output will go to `$stdout`. This can be overridden when +initializing your OAuth2::Client. + +```ruby +require "oauth2" +client = OAuth2::Client.new( + "client_id", + "client_secret", + site: "https://example.org/", + logger: Logger.new("example.log", "weekly"), +) +``` +
+ +

OAuth2::Response

+ +

The AccessToken methods #get, #post, #put and #delete and the generic #request
+will return an instance of the #OAuth2::Response class.

+ +

This instance contains a #parsed method that will parse the response body and
+return a Hash-like OAuth2::SnakyHash if the Content-Type is application/x-www-form-urlencoded or if
+the body is a JSON object. It will return an Array if the body is a JSON
+array. Otherwise, it will return the original body string.

+ +

The original response body, headers, and status can be accessed via their
+respective methods.

+ +

OAuth2::AccessToken

+ +

If you have an existing Access Token for a user, you can initialize an instance
+using various class methods including the standard new, from_hash (if you have
+a hash of the values), or from_kvform (if you have an
+application/x-www-form-urlencoded encoded string of the values).

+ +

OAuth2::Error

+ +

On 400+ status code responses, an OAuth2::Error will be raised. If it is a
+standard OAuth2 error response, the body will be parsed and #code and #description will contain the values provided from the error and
+error_description parameters. The #response property of OAuth2::Error will
+always contain the OAuth2::Response instance.

+ +

If you do not want an error to be raised, you may use :raise_errors => false
+option on initialization of the client. In this case the OAuth2::Response
+instance will be returned as usual and on 400+ status code responses, the
+Response instance will contain the OAuth2::Error instance.

+ +

Authorization Grants

+ +

Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
+authentication grant types have helper strategy classes that simplify client
+use. They are available via the #auth_code,
+#implicit,
+#password,
+#client_credentials, and
+#assertion methods respectively.

+ +

These aren’t full examples, but demonstrative of the differences between usage for each strategy.

+
auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth/callback")
+access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback")
+
+auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth/callback")
+# get the token params in the callback and
+access = OAuth2::AccessToken.from_kvform(client, query_string)
+
+access = client.password.get_token("username", "password")
+
+access = client.client_credentials.get_token
+
+# Client Assertion Strategy
+# see: https://tools.ietf.org/html/rfc7523
+claimset = {
+  iss: "http://localhost:3001",
+  aud: "http://localhost:8080/oauth2/token",
+  sub: "me@example.com",
+  exp: Time.now.utc.to_i + 3600,
+}
+assertion_params = [claimset, "HS256", "secret_key"]
+access = client.assertion.get_token(assertion_params)
+
+# The `access` (i.e. access token) is then used like so:
+access.token # actual access_token string, if you need it somewhere
+access.get("/api/stuff") # making api calls with access token
+
+ +

If you want to specify additional headers to be sent out with the
+request, add a ‘headers’ hash under ‘params’:

+ +
access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: {"Some" => "Header"})
+
+ +

You can always use the #request method on the OAuth2::Client instance to make
+requests for tokens for any Authentication grant type.

+ +

🚀 Release Instructions

+ +

See CONTRIBUTING.md.

+ +

🔐 Security

+ +

See SECURITY.md.

+ +

🤝 Contributing

+ +

If you need some ideas of where to help, you could work on adding more code coverage,
+or if it is already 💯 (see below) check issues, or PRs,
+or use the gem and think about how it could be better.

+ +

We Keep A Changelog so if you make changes, remember to update it.

+ +

See CONTRIBUTING.md for more detailed instructions.

+ +

Code Coverage

+ +

Coveralls Test Coverage
+QLTY Test Coverage

+ +

🪇 Code of Conduct

+ +

Everyone interacting in this project’s codebases, issue trackers,
+chat rooms and mailing lists is expected to follow the Contributor Covenant 2.1.

+ +

🌈 Contributors

+ +

Contributors

+ +

Made with contributors-img.

+ +

Also see GitLab Contributors: https://gitlab.com/oauth-xx/oauth2/-/graphs/main

+ +

⭐️ Star History

+ +

+ + + + Star History Chart + +

</a>

+ +

📌 Versioning

+ +

This Library adheres to Semantic Versioning 2.0.0.
+Violations of this scheme should be reported as bugs.
+Specifically, if a minor or patch version is released that breaks backward compatibility,
+a new version should be immediately released that restores compatibility.
+Breaking changes to the public API will only be introduced with new major versions.

+ +

📌 Is “Platform Support” part of the public API?

+ +

Yes. But I’m obligated to include notes…

+ +

SemVer should, but doesn’t explicitly, say that dropping support for specific Platforms
+is a breaking change to an API.
+It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless.

+ +
+

dropping support for a platform is both obviously and objectively a breaking change

+
+ + + +

To get a better understanding of how SemVer is intended to work over a project’s lifetime,
+read this article from the creator of SemVer:

+ + + +

As a result of this policy, and the interpretive lens used by the maintainer,
+you can (and should) specify a dependency on these libraries using
+the Pessimistic Version Constraint with two digits of precision.

+ +

For example:

+ +
spec.add_dependency("oauth2", "~> 2.0")
+
+ +

See CHANGELOG.md for list of releases.

+ +

📄 License

+ +

The gem is available as open source under the terms of
+the MIT License License: MIT.
+See LICENSE.txt for the official Copyright Notice.

+ +

FOSSA Status)

+ +

© Copyright

+ +
    +
  • + 2017 - 2025 Peter H. Boling, of + + RailsBling.com + + Rails Bling + + , and oauth2 contributors +
    • +
  • + Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc. +
    • +
+ +

🤑 One more thing

+ +

You made it to the bottom of the page,
+so perhaps you’ll indulge me for another 20 seconds.
+I maintain many dozens of gems, including this one,
+because I want Ruby to be a great place for people to solve problems, big and small.
+Please consider supporting my efforts via the giant yellow link below,
+or one of the others at the head of this README.

+ +

Buy me a latte

+ +
+ + rel="me" Social Proofs + + + + +
+ +
+ Deprecated Badges + +CodeCov currently fails to parse the coverage upload. + +[![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov] + +[![Coverage Graph][🔑codecov-g♻️]][🔑codecov] + +
+ + + + + + + \ No newline at end of file diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html new file mode 100644 index 00000000..089fcab0 --- /dev/null +++ b/doc/file.SECURITY.html @@ -0,0 +1,120 @@ + + + + + + + File: SECURITY + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Security Policy

+ +

Supported Versions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
VersionSupportedEOLPost-EOL / Enterprise
2.latest04/2026Tidelift Subscription
1.latest10/2025Tidelift Subscription
<= 1
+ +

EOL Policy

+ +

Non-commercial support for the oldest version of Ruby (which itself is going EOL) will be dropped each year in April.

+ +

Reporting a Vulnerability

+ +

To report a security vulnerability, please use the Tidelift security contact.
+Tidelift will coordinate the fix and disclosure.

+ +

OAuth2 for Enterprise

+ +

Available as part of the Tidelift Subscription.

+ +

The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.

+ +
+ + + +
+ + \ No newline at end of file diff --git a/doc/file_list.html b/doc/file_list.html new file mode 100644 index 00000000..3b2259f0 --- /dev/null +++ b/doc/file_list.html @@ -0,0 +1,84 @@ + + + + + + + + + + + + + + + + + + File List + + + +
+
+

File List

+ + + +
+ + +
+ + diff --git a/doc/frames.html b/doc/frames.html new file mode 100644 index 00000000..6586005f --- /dev/null +++ b/doc/frames.html @@ -0,0 +1,22 @@ + + + + + Documentation by YARD 0.9.37 + + + + diff --git a/doc/index.html b/doc/index.html new file mode 100644 index 00000000..d5e6d3c9 --- /dev/null +++ b/doc/index.html @@ -0,0 +1,960 @@ + + + + + + + File: README + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

+ + OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0 + + + Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 + +

+ +

🔐 OAuth2

+ +

Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL

+ +
+ +

Liberapay Goal Progress Sponsor Me on Github Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon

+ +

OAuth 2.0 is the industry-standard protocol for authorization.
+OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
+ desktop applications, mobile phones, and living room devices.
+This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Federated DVCS RepositoryStatusIssuesPRsWikiCIDiscussions
🧪 oauth-xx/oauth2 on GitLab +The Truth💚💚💚🏀 Tiny Matrix
🧊 oauth-xx/oauth2 on CodeBerg +An Ethical Mirror (Donate)💚⭕️ No Matrix
🐙 oauth-xx/oauth2 on GitHub +A Dirty Mirror💚💚💯 Full Matrix
🤼 OAuth Ruby Google Group +“Active”💚
🎮️ Discord Server +Live Chat on DiscordLet’stalkaboutthislibrary!
+ +

Upgrading Runtime Gem Dependencies

+ +

This project sits underneath a large portion of the authorization systems on the internet.
+According to GitHub’s project tracking, which I believe only reports on public projects,
+100,000+ projects, and
+500+ packages depend on this project.

+ +

That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.

+ +

As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
+leading versions per each minor version of Ruby of all the runtime dependencies it can install with.

+ +

What does that mean specifically for the runtime dependencies?

+ +

We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
+covering the latest patch for each of the following minor versions:

+ +
    +
  • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD +
      +
    • NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
      • +
    +
    • +
  • JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
    • +
  • TruffleRuby @ v23.1, v23.2, HEAD
    • +
  • gem faraday @ v0, v1, v2, HEAD ⏩️ lostisland/faraday +
    • +
  • gem jwt @ v1, v2, v3, HEAD ⏩️ lostisland/faraday +
    • +
  • gem logger @ v1.2, v1.5, v1.7, HEAD ⏩️ jwt/ruby-jwt +
    • +
  • gem multi_xml @ v0.5, v0.6, v0.7, HEAD ⏩️ sferik/multi_xml +
    • +
  • gem rack @ v1.2, v1.6, v2, v3, HEAD ⏩️ rack/rack +
    • +
  • gem snaky_hash @v2, HEAD ⏩️ oauth-xx/snaky_hash +
    • +
  • gem version_gem - @v1, HEAD ⏩️ oauth-xx/version_gem +
    • +
+ +

The last two were extracted from this gem. They are part of the oauth-xx org,
+and are developed in tight collaboration with this gem.

+ +

You should upgrade this gem with confidence*.

+ +
    +
  • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer. +
      +
    • Dropping support for any of the runtime dependency versions above will be a major version bump.
      • +
    • If you aren’t on one of the minor versions above, make getting there a priority.
      • +
    +
    • +
  • You should upgrade the dependencies of this gem with confidence*.
    • +
  • Please do upgrade, and then, when it goes smooth as butter please sponsor me. Thanks!
    • +
+ +

* MIT license; I am unable to make guarantees.

+ + + + + + + + + + + + + + + + + + + + + + +
🚚 Test matrix brought to you by🔎 appraisal++
Adds back support for old Rubiesappraisal PR #250 +
Adds support for eval_gemfile +appraisal PR #248 +
Please reviewmy PRs!
+ +
+ Standard Library Dependencies + +The various versions of each are tested via the Ruby test matrix, along with whatever Ruby includes them. + +* base64 +* cgi +* json +* time +* logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10) + +If you use a gem version it should work fine! + +
+ +

Quick Usage Example for AI and Copy / Pasting

+ +

Convert the following curl command into a token request using this gem…

+ +
curl --request POST \
+  --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \
+  --header 'content-type: application/x-www-form-urlencoded' \
+  --data grant_type=client_credentials \
+  --data client_id=REDMOND_CLIENT_ID \
+  --data client_secret=REDMOND_CLIENT_SECRET \
+  --data resource=REDMOND_RESOURCE_UUID
+
+ +

NOTE: In the ruby version below, certain params are passed to the get_token call, instead of the client creation.

+ +
OAuth2::Client.new(
+  "REDMOND_CLIENT_ID", # client_id
+  "REDMOND_CLIENT_SECRET", # client_secret
+  auth_scheme: :request_body, # Other modes are supported: :basic_auth, :tls_client_auth, :private_key_jwt
+  token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path
+  site: "https://login.microsoftonline.com/REDMOND_REDACTED",
+). # The base path for token_url when it is relative
+  client_credentials. # There are many other types to choose from!
+  get_token(resource: "REDMOND_RESOURCE_UUID")
+
+ +

NOTE: header - The content type specified in the curl is already the default!

+ +

If any of the above makes you uncomfortable, you may be in the wrong place.
+One of these might be what you are looking for:

+ + + +

💡 Info you can shake a stick at

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Tokens to Remember +Gem name Gem namespace +
Works with JRuby +JRuby 9.2 Compat JRuby 9.3 Compat JRuby 9.4 Compat JRuby 10.0 Compat JRuby HEAD Compat +
Works with Truffle Ruby +Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat Truffle Ruby HEAD Compat +
Works with MRI Ruby 3 +Ruby 3.0 Compat Ruby 3.1 Compat Ruby 3.2 Compat Ruby 3.3 Compat Ruby 3.4 Compat Ruby HEAD Compat +
Works with MRI Ruby 2 +Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat +
Source +Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ! +
Documentation +Discussion Current release on RubyDoc.info HEAD on RubyDoc.info BDFL Blog Wiki +
Compliance +License: MIT 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0 FOSSA +
Style +Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits +
Support +Live Chat on Discord Get help from me on Upwork Get help from me on Codementor +
Enterprise Support +Get help from me on Tidelift
💡Subscribe for support guarantees covering all FLOSS dependencies!
💡Tidelift is part of Sonar!
💡Tidelift pays maintainers to maintain the software you depend on!
📊@Pointy Haired Boss: An enterprise support subscription is “never gonna let you down”, and supports open source maintainers!
Comrade BDFL 🎖️ +Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact BDFL My technical writing +
+... 💖 +Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙 🛖 🧪 +
+ +

🚀 Release Documentation

+ +

Version 2.0.x

+ +
+ 2.0.x CHANGELOGs and READMEs + +| Version | Release Date | CHANGELOG | README | +|---------|--------------|---------------------------------------|---------------------------------| +| 2.0.10 | 2025-05-17 | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] | +| 2.0.9 | 2022-09-16 | [v2.0.9 CHANGELOG][2.0.9-changelog] | [v2.0.9 README][2.0.9-readme] | +| 2.0.8 | 2022-09-01 | [v2.0.8 CHANGELOG][2.0.8-changelog] | [v2.0.8 README][2.0.8-readme] | +| 2.0.7 | 2022-08-22 | [v2.0.7 CHANGELOG][2.0.7-changelog] | [v2.0.7 README][2.0.7-readme] | +| 2.0.6 | 2022-07-13 | [v2.0.6 CHANGELOG][2.0.6-changelog] | [v2.0.6 README][2.0.6-readme] | +| 2.0.5 | 2022-07-07 | [v2.0.5 CHANGELOG][2.0.5-changelog] | [v2.0.5 README][2.0.5-readme] | +| 2.0.4 | 2022-07-01 | [v2.0.4 CHANGELOG][2.0.4-changelog] | [v2.0.4 README][2.0.4-readme] | +| 2.0.3 | 2022-06-28 | [v2.0.3 CHANGELOG][2.0.3-changelog] | [v2.0.3 README][2.0.3-readme] | +| 2.0.2 | 2022-06-24 | [v2.0.2 CHANGELOG][2.0.2-changelog] | [v2.0.2 README][2.0.2-readme] | +| 2.0.1 | 2022-06-22 | [v2.0.1 CHANGELOG][2.0.1-changelog] | [v2.0.1 README][2.0.1-readme] | +| 2.0.0 | 2022-06-21 | [v2.0.0 CHANGELOG][2.0.0-changelog] | [v2.0.0 README][2.0.0-readme] | +
+ +

Older Releases

+ +
+ 1.4.x CHANGELOGs and READMEs + +| Version | Release Date | CHANGELOG | README | +|---------|--------------|---------------------------------------|---------------------------------| +| 1.4.11 | Sep 16, 2022 | [v1.4.11 CHANGELOG][1.4.11-changelog] | [v1.4.11 README][1.4.11-readme] | +| 1.4.10 | Jul 1, 2022 | [v1.4.10 CHANGELOG][1.4.10-changelog] | [v1.4.10 README][1.4.10-readme] | +| 1.4.9 | Feb 20, 2022 | [v1.4.9 CHANGELOG][1.4.9-changelog] | [v1.4.9 README][1.4.9-readme] | +| 1.4.8 | Feb 18, 2022 | [v1.4.8 CHANGELOG][1.4.8-changelog] | [v1.4.8 README][1.4.8-readme] | +| 1.4.7 | Mar 19, 2021 | [v1.4.7 CHANGELOG][1.4.7-changelog] | [v1.4.7 README][1.4.7-readme] | +| 1.4.6 | Mar 19, 2021 | [v1.4.6 CHANGELOG][1.4.6-changelog] | [v1.4.6 README][1.4.6-readme] | +| 1.4.5 | Mar 18, 2021 | [v1.4.5 CHANGELOG][1.4.5-changelog] | [v1.4.5 README][1.4.5-readme] | +| 1.4.4 | Feb 12, 2020 | [v1.4.4 CHANGELOG][1.4.4-changelog] | [v1.4.4 README][1.4.4-readme] | +| 1.4.3 | Jan 29, 2020 | [v1.4.3 CHANGELOG][1.4.3-changelog] | [v1.4.3 README][1.4.3-readme] | +| 1.4.2 | Oct 1, 2019 | [v1.4.2 CHANGELOG][1.4.2-changelog] | [v1.4.2 README][1.4.2-readme] | +| 1.4.1 | Oct 13, 2018 | [v1.4.1 CHANGELOG][1.4.1-changelog] | [v1.4.1 README][1.4.1-readme] | +| 1.4.0 | Jun 9, 2017 | [v1.4.0 CHANGELOG][1.4.0-changelog] | [v1.4.0 README][1.4.0-readme] | +
+ +
+ 1.3.x Readmes + +| Version | Release Date | Readme | +|----------|--------------|----------------------------------------------------------| +| 1.3.1 | Mar 3, 2017 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.3.1/README.md | +| 1.3.0 | Dec 27, 2016 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.3.0/README.md | +
+ +
+ ≤= 1.2.x Readmes (2016 and before) + +| Version | Release Date | Readme | +|----------|--------------|----------------------------------------------------------| +| 1.2.0 | Jun 30, 2016 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.2.0/README.md | +| 1.1.0 | Jan 30, 2016 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.1.0/README.md | +| 1.0.0 | May 23, 2014 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.0.0/README.md | +| < 1.0.0 | Find here | https://gitlab.com/oauth-xx/oauth2/-/tags | +
+ +

✨ Installation

+ +

Install the gem and add to the application’s Gemfile by executing:

+ +
$ bundle add oauth2
+
+ +

If bundler is not being used to manage dependencies, install the gem by executing:

+ +
$ gem install oauth2
+
+ +

🔒 Secure Installation

+ +

oauth2 is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by
+stone_checksums. Be sure the gem you install hasn’t been tampered with
+by following the instructions below.

+ +

Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:

+ +
gem cert --add <(curl -Ls https://raw.github.com/kettle-rb/oauth2/main/certs/pboling.pem)
+
+ +

You only need to do that once. Then proceed to install with:

+ +
gem install oauth2 -P MediumSecurity
+
+ +

The MediumSecurity trust profile will verify signed gems, but allow the installation of unsigned dependencies.

+ +

This is necessary because not all of oauth2’s dependencies are signed, so we cannot use HighSecurity.

+ +

If you want to up your security game full-time:

+ +
bundle config set --global trust-policy MediumSecurity
+
+ +

NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.

+ +

OAuth2 for Enterprise

+ +

Available as part of the Tidelift Subscription.

+ +

The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.

+ +

Security contact information

+ +

To report a security vulnerability, please use the Tidelift security contact.
+Tidelift will coordinate the fix and disclosure.

+ +

For more see SECURITY.md.

+ +

What is new for v2.0?

+ +
    +
  • Officially support Ruby versions >= 2.7
    • +
  • Unofficially support Ruby versions >= 2.5
    • +
  • Incidentally support Ruby versions >= 2.2
    • +
  • Drop support for the expired MAC Draft (all versions)
    • +
  • Support IETF rfc7523 JWT Bearer Tokens
    • +
  • Support IETF rfc7231 Relative Location in Redirect
    • +
  • Support IETF rfc6749 Don’t set oauth params when nil
    • +
  • Support IETF rfc7009 Token Revocation (since v2.0.10)
    • +
  • Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523) +
    • +
  • Support new formats, including from jsonapi.org: application/vdn.api+json, application/vnd.collection+json, application/hal+json, application/problem+json +
    • +
  • Adds new option to OAuth2::Client#get_token: +
      +
    • +:access_token_class (AccessToken); user specified class to use for all calls to get_token +
      • +
    +
    • +
  • Adds new option to OAuth2::AccessToken#initialize: +
      +
    • +:expires_latency (nil); number of seconds by which AccessToken validity will be reduced to offset latency
      • +
    +
    • +
  • By default, keys are transformed to snake case. +
      +
    • Original keys will still work as previously, in most scenarios, thanks to snaky_hash gem.
      • +
    • However, this is a breaking change if you rely on response.parsed.to_h to retain the original case, and the original wasn’t snake case, as the keys in the result will be snake case.
      • +
    • As of version 2.0.4 you can turn key transformation off with the snaky: false option.
      • +
    +
    • +
  • By default, the :auth_scheme is now :basic_auth (instead of :request_body) +
      +
    • Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
      • +
    +
    • +
  • … A lot more
    • +
+ +

Compatibility

+ +

Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
+Compatibility is further distinguished as “Best Effort Support” or “Incidental Support” for older versions of Ruby.
+This gem will install on Ruby versions >= v2.2 for 2.x releases.
+See 1-4-stable branch for older rubies.

+ +
+ Ruby Engine Compatibility Policy + +This gem is tested against MRI, JRuby, and Truffleruby. +Each of those has varying versions that target a specific version of MRI Ruby. +This gem should work in the just-listed Ruby engines according to the targeted MRI compatibility in the table below. +If you would like to add support for additional engines, + see [gemfiles/README.md](gemfiles/README.md), then submit a PR to the correct maintenance branch as according to the table below. +
+ +
+ Ruby Version Compatibility Policy + +If something doesn't work on one of these interpreters, it's a bug. + +This library may inadvertently work (or seem to work) on other Ruby +implementations, however support will only be provided for the versions listed +above. + +If you would like this library to support another Ruby version, you may +volunteer to be a maintainer. Being a maintainer entails making sure all tests +run and pass on that implementation. When something breaks on your +implementation, you will be responsible for providing patches in a timely +fashion. If critical issues for a particular implementation exist at the time +of a major release, support for that Ruby version may be dropped. +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
 Ruby OAuth2 VersionMaintenance BranchTargeted SupportBest Effort SupportIncidental Support
1️⃣2.0.xmain3.2, 3.3, 3.42.5, 2.6, 2.7, 3.0, 3.12.2, 2.3, 2.4
2️⃣1.4.x1-4-stable3.2, 3.3, 3.42.5, 2.6, 2.7, 3.0, 3.11.9, 2.0, 2.1, 2.2, 2.3, 2.4
3️⃣olderN/ABest of luck to you!Please upgrade! 
+ +

NOTE: The 1.4 series will only receive critical security updates.
+See SECURITY.md.

+ +

🔧 Basic Usage

+ +

Global Configuration

+ +

You can turn on additional warnings.

+ +
OAuth2.configure do |config|
+  # Turn on a warning like:
+  #   OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key
+  config.silence_extra_tokens_warning = false # default: true
+  # Set to true if you want to also show warnings about no tokens
+  config.silence_no_tokens_warning = false # default: true,
+end
+
+ +

The “extra tokens” problem comes from ambiguity in the spec about which token is the right token.
+Some OAuth 2.0 standards legitimately have multiple tokens.
+You may need to subclass OAuth2::AccessToken, or write your own custom alternative to it, and pass it in.
+Specify your custom class with the access_token_class option.

+ +

If you only need one token you can, as of v2.0.10,
+specify the exact token name you want to extract via the OAuth2::AccessToken using
+the token_name option.

+ +

You’ll likely need to do some source diving.
+This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
+If you have time and energy please contribute to the documentation!

+ +

+authorize_url and token_url are on site root (Just Works!)

+ +
require "oauth2"
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org")
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
+# => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+
+access = client.auth_code.get_token("authorization_code_value", redirect_uri: "http://localhost:8080/oauth2/callback", headers: {"Authorization" => "Basic some_password"})
+response = access.get("/api/resource", params: {"query_foo" => "bar"})
+response.class.name
+# => OAuth2::Response
+
+ +

Relative authorize_url and token_url (Not on site root, Just Works!)

+ +

In above example, the default Authorization URL is oauth/authorize and default Access Token URL is oauth/token, and, as they are missing a leading /, both are relative.

+ +
client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
+# => "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+
+ +

Customize authorize_url and token_url +

+ +

You can specify custom URLs for authorization and access token, and when using a leading / they will not be relative, as shown below:

+ +
client = OAuth2::Client.new(
+  "client_id",
+  "client_secret",
+  site: "https://example.org/nested/directory/on/your/server",
+  authorize_url: "/jaunty/authorize/",
+  token_url: "/stirrups/access_token",
+)
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
+# => "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+client.class.name
+# => OAuth2::Client
+
+ +

snake_case and indifferent access in Response#parsed

+ +
response = access.get("/api/resource", params: {"query_foo" => "bar"})
+# Even if the actual response is CamelCase. it will be made available as snaky:
+JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed                   # => {"access_token"=>"aaaaaaaa", "additional_data"=>"additional"}
+response.parsed.access_token      # => "aaaaaaaa"
+response.parsed[:access_token]    # => "aaaaaaaa"
+response.parsed.additional_data   # => "additional"
+response.parsed[:additional_data] # => "additional"
+response.parsed.class.name        # => OAuth2::SnakyHash (subclass of Hashie::Mash::Rash, from `rash_alt` gem)
+
+ +

What if I hate snakes and/or indifference?

+ +
response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
+JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed                   # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed["accessToken"]    # => "aaaaaaaa"
+response.parsed["additionalData"] # => "additional"
+response.parsed.class.name        # => Hash (just, regular old Hash)
+
+ +
+ Debugging + +Set an environment variable, however you would [normally do that](https://github.com/bkeepers/dotenv). + +```ruby +# will log both request and response, including bodies +ENV["OAUTH_DEBUG"] = "true" +``` + +By default, debug output will go to `$stdout`. This can be overridden when +initializing your OAuth2::Client. + +```ruby +require "oauth2" +client = OAuth2::Client.new( + "client_id", + "client_secret", + site: "https://example.org/", + logger: Logger.new("example.log", "weekly"), +) +``` +
+ +

OAuth2::Response

+ +

The AccessToken methods #get, #post, #put and #delete and the generic #request
+will return an instance of the #OAuth2::Response class.

+ +

This instance contains a #parsed method that will parse the response body and
+return a Hash-like OAuth2::SnakyHash if the Content-Type is application/x-www-form-urlencoded or if
+the body is a JSON object. It will return an Array if the body is a JSON
+array. Otherwise, it will return the original body string.

+ +

The original response body, headers, and status can be accessed via their
+respective methods.

+ +

OAuth2::AccessToken

+ +

If you have an existing Access Token for a user, you can initialize an instance
+using various class methods including the standard new, from_hash (if you have
+a hash of the values), or from_kvform (if you have an
+application/x-www-form-urlencoded encoded string of the values).

+ +

OAuth2::Error

+ +

On 400+ status code responses, an OAuth2::Error will be raised. If it is a
+standard OAuth2 error response, the body will be parsed and #code and #description will contain the values provided from the error and
+error_description parameters. The #response property of OAuth2::Error will
+always contain the OAuth2::Response instance.

+ +

If you do not want an error to be raised, you may use :raise_errors => false
+option on initialization of the client. In this case the OAuth2::Response
+instance will be returned as usual and on 400+ status code responses, the
+Response instance will contain the OAuth2::Error instance.

+ +

Authorization Grants

+ +

Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
+authentication grant types have helper strategy classes that simplify client
+use. They are available via the #auth_code,
+#implicit,
+#password,
+#client_credentials, and
+#assertion methods respectively.

+ +

These aren’t full examples, but demonstrative of the differences between usage for each strategy.

+
auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth/callback")
+access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback")
+
+auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth/callback")
+# get the token params in the callback and
+access = OAuth2::AccessToken.from_kvform(client, query_string)
+
+access = client.password.get_token("username", "password")
+
+access = client.client_credentials.get_token
+
+# Client Assertion Strategy
+# see: https://tools.ietf.org/html/rfc7523
+claimset = {
+  iss: "http://localhost:3001",
+  aud: "http://localhost:8080/oauth2/token",
+  sub: "me@example.com",
+  exp: Time.now.utc.to_i + 3600,
+}
+assertion_params = [claimset, "HS256", "secret_key"]
+access = client.assertion.get_token(assertion_params)
+
+# The `access` (i.e. access token) is then used like so:
+access.token # actual access_token string, if you need it somewhere
+access.get("/api/stuff") # making api calls with access token
+
+ +

If you want to specify additional headers to be sent out with the
+request, add a ‘headers’ hash under ‘params’:

+ +
access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: {"Some" => "Header"})
+
+ +

You can always use the #request method on the OAuth2::Client instance to make
+requests for tokens for any Authentication grant type.

+ +

🚀 Release Instructions

+ +

See CONTRIBUTING.md.

+ +

🔐 Security

+ +

See SECURITY.md.

+ +

🤝 Contributing

+ +

If you need some ideas of where to help, you could work on adding more code coverage,
+or if it is already 💯 (see below) check issues, or PRs,
+or use the gem and think about how it could be better.

+ +

We Keep A Changelog so if you make changes, remember to update it.

+ +

See CONTRIBUTING.md for more detailed instructions.

+ +

Code Coverage

+ +

Coveralls Test Coverage
+QLTY Test Coverage

+ +

🪇 Code of Conduct

+ +

Everyone interacting in this project’s codebases, issue trackers,
+chat rooms and mailing lists is expected to follow the Contributor Covenant 2.1.

+ +

🌈 Contributors

+ +

Contributors

+ +

Made with contributors-img.

+ +

Also see GitLab Contributors: https://gitlab.com/oauth-xx/oauth2/-/graphs/main

+ +

⭐️ Star History

+ +

+ + + + Star History Chart + +

</a>

+ +

📌 Versioning

+ +

This Library adheres to Semantic Versioning 2.0.0.
+Violations of this scheme should be reported as bugs.
+Specifically, if a minor or patch version is released that breaks backward compatibility,
+a new version should be immediately released that restores compatibility.
+Breaking changes to the public API will only be introduced with new major versions.

+ +

📌 Is “Platform Support” part of the public API?

+ +

Yes. But I’m obligated to include notes…

+ +

SemVer should, but doesn’t explicitly, say that dropping support for specific Platforms
+is a breaking change to an API.
+It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless.

+ +
+

dropping support for a platform is both obviously and objectively a breaking change

+
+ + + +

To get a better understanding of how SemVer is intended to work over a project’s lifetime,
+read this article from the creator of SemVer:

+ + + +

As a result of this policy, and the interpretive lens used by the maintainer,
+you can (and should) specify a dependency on these libraries using
+the Pessimistic Version Constraint with two digits of precision.

+ +

For example:

+ +
spec.add_dependency("oauth2", "~> 2.0")
+
+ +

See CHANGELOG.md for list of releases.

+ +

📄 License

+ +

The gem is available as open source under the terms of
+the MIT License License: MIT.
+See LICENSE.txt for the official Copyright Notice.

+ +

FOSSA Status)

+ +

© Copyright

+ +
    +
  • + 2017 - 2025 Peter H. Boling, of + + RailsBling.com + + Rails Bling + + , and oauth2 contributors +
    • +
  • + Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc. +
    • +
+ +

🤑 One more thing

+ +

You made it to the bottom of the page,
+so perhaps you’ll indulge me for another 20 seconds.
+I maintain many dozens of gems, including this one,
+because I want Ruby to be a great place for people to solve problems, big and small.
+Please consider supporting my efforts via the giant yellow link below,
+or one of the others at the head of this README.

+ +

Buy me a latte

+ +
+ + rel="me" Social Proofs + + + + +
+ +
+ Deprecated Badges + +CodeCov currently fails to parse the coverage upload. + +[![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov] + +[![Coverage Graph][🔑codecov-g♻️]][🔑codecov] + +
+
+ + + +
+ + \ No newline at end of file diff --git a/doc/js/app.js b/doc/js/app.js new file mode 100644 index 00000000..b5610eff --- /dev/null +++ b/doc/js/app.js @@ -0,0 +1,344 @@ +(function () { + var localStorage = {}, + sessionStorage = {}; + try { + localStorage = window.localStorage; + } catch (e) {} + try { + sessionStorage = window.sessionStorage; + } catch (e) {} + + function createSourceLinks() { + $(".method_details_list .source_code").before( + "[View source]" + ); + $(".toggleSource").toggle( + function () { + $(this).parent().nextAll(".source_code").slideDown(100); + $(this).text("Hide source"); + }, + function () { + $(this).parent().nextAll(".source_code").slideUp(100); + $(this).text("View source"); + } + ); + } + + function createDefineLinks() { + var tHeight = 0; + $(".defines").after(" more..."); + $(".toggleDefines").toggle( + function () { + tHeight = $(this).parent().prev().height(); + $(this).prev().css("display", "inline"); + $(this).parent().prev().height($(this).parent().height()); + $(this).text("(less)"); + }, + function () { + $(this).prev().hide(); + $(this).parent().prev().height(tHeight); + $(this).text("more..."); + } + ); + } + + function createFullTreeLinks() { + var tHeight = 0; + $(".inheritanceTree").toggle( + function () { + tHeight = $(this).parent().prev().height(); + $(this).parent().toggleClass("showAll"); + $(this).text("(hide)"); + $(this).parent().prev().height($(this).parent().height()); + }, + function () { + $(this).parent().toggleClass("showAll"); + $(this).parent().prev().height(tHeight); + $(this).text("show all"); + } + ); + } + + function searchFrameButtons() { + $(".full_list_link").click(function () { + toggleSearchFrame(this, $(this).attr("href")); + return false; + }); + window.addEventListener("message", function (e) { + if (e.data === "navEscape") { + $("#nav").slideUp(100); + $("#search a").removeClass("active inactive"); + $(window).focus(); + } + }); + + $(window).resize(function () { + if ($("#search:visible").length === 0) { + $("#nav").removeAttr("style"); + $("#search a").removeClass("active inactive"); + $(window).focus(); + } + }); + } + + function toggleSearchFrame(id, link) { + var frame = $("#nav"); + $("#search a").removeClass("active").addClass("inactive"); + if (frame.attr("src") === link && frame.css("display") !== "none") { + frame.slideUp(100); + $("#search a").removeClass("active inactive"); + } else { + $(id).addClass("active").removeClass("inactive"); + if (frame.attr("src") !== link) frame.attr("src", link); + frame.slideDown(100); + } + } + + function linkSummaries() { + $(".summary_signature").click(function () { + document.location = $(this).find("a").attr("href"); + }); + } + + function summaryToggle() { + $(".summary_toggle").click(function (e) { + e.preventDefault(); + localStorage.summaryCollapsed = $(this).text(); + $(".summary_toggle").each(function () { + $(this).text($(this).text() == "collapse" ? "expand" : "collapse"); + var next = $(this).parent().parent().nextAll("ul.summary").first(); + if (next.hasClass("compact")) { + next.toggle(); + next.nextAll("ul.summary").first().toggle(); + } else if (next.hasClass("summary")) { + var list = $('
    '); + list.html(next.html()); + list.find(".summary_desc, .note").remove(); + list.find("a").each(function () { + $(this).html($(this).find("strong").html()); + $(this).parent().html($(this)[0].outerHTML); + }); + next.before(list); + next.toggle(); + } + }); + return false; + }); + if (localStorage.summaryCollapsed == "collapse") { + $(".summary_toggle").first().click(); + } else { + localStorage.summaryCollapsed = "expand"; + } + } + + function constantSummaryToggle() { + $(".constants_summary_toggle").click(function (e) { + e.preventDefault(); + localStorage.summaryCollapsed = $(this).text(); + $(".constants_summary_toggle").each(function () { + $(this).text($(this).text() == "collapse" ? "expand" : "collapse"); + var next = $(this).parent().parent().nextAll("dl.constants").first(); + if (next.hasClass("compact")) { + next.toggle(); + next.nextAll("dl.constants").first().toggle(); + } else if (next.hasClass("constants")) { + var list = $('
    '); + list.html(next.html()); + list.find("dt").each(function () { + $(this).addClass("summary_signature"); + $(this).text($(this).text().split("=")[0]); + if ($(this).has(".deprecated").length) { + $(this).addClass("deprecated"); + } + }); + // Add the value of the constant as "Tooltip" to the summary object + list.find("pre.code").each(function () { + console.log($(this).parent()); + var dt_element = $(this).parent().prev(); + var tooltip = $(this).text(); + if (dt_element.hasClass("deprecated")) { + tooltip = "Deprecated. " + tooltip; + } + dt_element.attr("title", tooltip); + }); + list.find(".docstring, .tags, dd").remove(); + next.before(list); + next.toggle(); + } + }); + return false; + }); + if (localStorage.summaryCollapsed == "collapse") { + $(".constants_summary_toggle").first().click(); + } else { + localStorage.summaryCollapsed = "expand"; + } + } + + function generateTOC() { + if ($("#filecontents").length === 0) return; + var _toc = $('
      '); + var show = false; + var toc = _toc; + var counter = 0; + var tags = ["h2", "h3", "h4", "h5", "h6"]; + var i; + var curli; + if ($("#filecontents h1").length > 1) tags.unshift("h1"); + for (i = 0; i < tags.length; i++) { + tags[i] = "#filecontents " + tags[i]; + } + var lastTag = parseInt(tags[0][1], 10); + $(tags.join(", ")).each(function () { + if ($(this).parents(".method_details .docstring").length != 0) return; + if (this.id == "filecontents") return; + show = true; + var thisTag = parseInt(this.tagName[1], 10); + if (this.id.length === 0) { + var proposedId = $(this).attr("toc-id"); + if (typeof proposedId != "undefined") this.id = proposedId; + else { + var proposedId = $(this) + .text() + .replace(/[^a-z0-9-]/gi, "_"); + if ($("#" + proposedId).length > 0) { + proposedId += counter; + counter++; + } + this.id = proposedId; + } + } + if (thisTag > lastTag) { + for (i = 0; i < thisTag - lastTag; i++) { + if (typeof curli == "undefined") { + curli = $("
    1. "); + toc.append(curli); + } + toc = $("
        "); + curli.append(toc); + curli = undefined; + } + } + if (thisTag < lastTag) { + for (i = 0; i < lastTag - thisTag; i++) { + toc = toc.parent(); + toc = toc.parent(); + } + } + var title = $(this).attr("toc-title"); + if (typeof title == "undefined") title = $(this).text(); + curli = $('
      1. ' + title + "
        2. "); + toc.append(curli); + lastTag = thisTag; + }); + if (!show) return; + html = + ''; + $("#content").prepend(html); + $("#toc").append(_toc); + $("#toc .hide_toc").toggle( + function () { + $("#toc .top").slideUp("fast"); + $("#toc").toggleClass("hidden"); + $("#toc .title small").toggle(); + }, + function () { + $("#toc .top").slideDown("fast"); + $("#toc").toggleClass("hidden"); + $("#toc .title small").toggle(); + } + ); + } + + function navResizeFn(e) { + if (e.which !== 1) { + navResizeFnStop(); + return; + } + + sessionStorage.navWidth = e.pageX.toString(); + $(".nav_wrap").css("width", e.pageX); + $(".nav_wrap").css("-ms-flex", "inherit"); + } + + function navResizeFnStop() { + $(window).unbind("mousemove", navResizeFn); + window.removeEventListener("message", navMessageFn, false); + } + + function navMessageFn(e) { + if (e.data.action === "mousemove") navResizeFn(e.data.event); + if (e.data.action === "mouseup") navResizeFnStop(); + } + + function navResizer() { + $("#resizer").mousedown(function (e) { + e.preventDefault(); + $(window).mousemove(navResizeFn); + window.addEventListener("message", navMessageFn, false); + }); + $(window).mouseup(navResizeFnStop); + + if (sessionStorage.navWidth) { + navResizeFn({ which: 1, pageX: parseInt(sessionStorage.navWidth, 10) }); + } + } + + function navExpander() { + if (typeof pathId === "undefined") return; + var done = false, + timer = setTimeout(postMessage, 500); + function postMessage() { + if (done) return; + clearTimeout(timer); + var opts = { action: "expand", path: pathId }; + document.getElementById("nav").contentWindow.postMessage(opts, "*"); + done = true; + } + + window.addEventListener( + "message", + function (event) { + if (event.data === "navReady") postMessage(); + return false; + }, + false + ); + } + + function mainFocus() { + var hash = window.location.hash; + if (hash !== "" && $(hash)[0]) { + $(hash)[0].scrollIntoView(); + } + + setTimeout(function () { + $("#main").focus(); + }, 10); + } + + function navigationChange() { + // This works around the broken anchor navigation with the YARD template. + window.onpopstate = function () { + var hash = window.location.hash; + if (hash !== "" && $(hash)[0]) { + $(hash)[0].scrollIntoView(); + } + }; + } + + $(document).ready(function () { + navResizer(); + navExpander(); + createSourceLinks(); + createDefineLinks(); + createFullTreeLinks(); + searchFrameButtons(); + linkSummaries(); + summaryToggle(); + constantSummaryToggle(); + generateTOC(); + mainFocus(); + navigationChange(); + }); +})(); diff --git a/doc/js/full_list.js b/doc/js/full_list.js new file mode 100644 index 00000000..12bba48d --- /dev/null +++ b/doc/js/full_list.js @@ -0,0 +1,242 @@ +(function() { + +var $clicked = $(null); +var searchTimeout = null; +var searchCache = []; +var caseSensitiveMatch = false; +var ignoreKeyCodeMin = 8; +var ignoreKeyCodeMax = 46; +var commandKey = 91; + +RegExp.escape = function(text) { + return text.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&"); +} + +function escapeShortcut() { + $(document).keydown(function(evt) { + if (evt.which == 27) { + window.parent.postMessage('navEscape', '*'); + } + }); +} + +function navResizer() { + $(window).mousemove(function(e) { + window.parent.postMessage({ + action: 'mousemove', event: {pageX: e.pageX, which: e.which} + }, '*'); + }).mouseup(function(e) { + window.parent.postMessage({action: 'mouseup'}, '*'); + }); + window.parent.postMessage("navReady", "*"); +} + +function clearSearchTimeout() { + clearTimeout(searchTimeout); + searchTimeout = null; +} + +function enableLinks() { + // load the target page in the parent window + $('#full_list li').on('click', function(evt) { + $('#full_list li').removeClass('clicked'); + $clicked = $(this); + $clicked.addClass('clicked'); + evt.stopPropagation(); + + if (evt.target.tagName === 'A') return true; + + var elem = $clicked.find('> .item .object_link a')[0]; + var e = evt.originalEvent; + var newEvent = new MouseEvent(evt.originalEvent.type); + newEvent.initMouseEvent(e.type, e.canBubble, e.cancelable, e.view, e.detail, e.screenX, e.screenY, e.clientX, e.clientY, e.ctrlKey, e.altKey, e.shiftKey, e.metaKey, e.button, e.relatedTarget); + elem.dispatchEvent(newEvent); + evt.preventDefault(); + return false; + }); +} + +function enableToggles() { + // show/hide nested classes on toggle click + $('#full_list a.toggle').on('click', function(evt) { + evt.stopPropagation(); + evt.preventDefault(); + $(this).parent().parent().toggleClass('collapsed'); + $(this).attr('aria-expanded', function (i, attr) { + return attr == 'true' ? 'false' : 'true' + }); + highlight(); + }); + + // navigation of nested classes using keyboard + $('#full_list a.toggle').on('keypress',function(evt) { + // enter key is pressed + if (evt.which == 13) { + evt.stopPropagation(); + evt.preventDefault(); + $(this).parent().parent().toggleClass('collapsed'); + $(this).attr('aria-expanded', function (i, attr) { + return attr == 'true' ? 'false' : 'true' + }); + highlight(); + } + }); +} + +function populateSearchCache() { + $('#full_list li .item').each(function() { + var $node = $(this); + var $link = $node.find('.object_link a'); + if ($link.length > 0) { + searchCache.push({ + node: $node, + link: $link, + name: $link.text(), + fullName: $link.attr('title').split(' ')[0] + }); + } + }); +} + +function enableSearch() { + $('#search input').keyup(function(event) { + if (ignoredKeyPress(event)) return; + if (this.value === "") { + clearSearch(); + } else { + performSearch(this.value); + } + }); + + $('#full_list').after(""); +} + +function ignoredKeyPress(event) { + if ( + (event.keyCode > ignoreKeyCodeMin && event.keyCode < ignoreKeyCodeMax) || + (event.keyCode == commandKey) + ) { + return true; + } else { + return false; + } +} + +function clearSearch() { + clearSearchTimeout(); + $('#full_list .found').removeClass('found').each(function() { + var $link = $(this).find('.object_link a'); + $link.text($link.text()); + }); + $('#full_list, #content').removeClass('insearch'); + $clicked.parents().removeClass('collapsed'); + highlight(); +} + +function performSearch(searchString) { + clearSearchTimeout(); + $('#full_list, #content').addClass('insearch'); + $('#noresults').text('').hide(); + partialSearch(searchString, 0); +} + +function partialSearch(searchString, offset) { + var lastRowClass = ''; + var i = null; + for (i = offset; i < Math.min(offset + 50, searchCache.length); i++) { + var item = searchCache[i]; + var searchName = (searchString.indexOf('::') != -1 ? item.fullName : item.name); + var matchString = buildMatchString(searchString); + var matchRegexp = new RegExp(matchString, caseSensitiveMatch ? "" : "i"); + if (searchName.match(matchRegexp) == null) { + item.node.removeClass('found'); + item.link.text(item.link.text()); + } + else { + item.node.addClass('found'); + item.node.removeClass(lastRowClass).addClass(lastRowClass == 'r1' ? 'r2' : 'r1'); + lastRowClass = item.node.hasClass('r1') ? 'r1' : 'r2'; + item.link.html(item.name.replace(matchRegexp, "$&")); + } + } + if(i == searchCache.length) { + searchDone(); + } else { + searchTimeout = setTimeout(function() { + partialSearch(searchString, i); + }, 0); + } +} + +function searchDone() { + searchTimeout = null; + highlight(); + var found = $('#full_list li:visible').size(); + if (found === 0) { + $('#noresults').text('No results were found.'); + } else { + // This is read out to screen readers + $('#noresults').text('There are ' + found + ' results.'); + } + $('#noresults').show(); + $('#content').removeClass('insearch'); +} + +function buildMatchString(searchString, event) { + caseSensitiveMatch = searchString.match(/[A-Z]/) != null; + var regexSearchString = RegExp.escape(searchString); + if (caseSensitiveMatch) { + regexSearchString += "|" + + $.map(searchString.split(''), function(e) { return RegExp.escape(e); }). + join('.+?'); + } + return regexSearchString; +} + +function highlight() { + $('#full_list li:visible').each(function(n) { + $(this).removeClass('even odd').addClass(n % 2 == 0 ? 'odd' : 'even'); + }); +} + +/** + * Expands the tree to the target element and its immediate + * children. + */ +function expandTo(path) { + var $target = $(document.getElementById('object_' + path)); + $target.addClass('clicked'); + $target.removeClass('collapsed'); + $target.parentsUntil('#full_list', 'li').removeClass('collapsed'); + + $target.find('a.toggle').attr('aria-expanded', 'true') + $target.parentsUntil('#full_list', 'li').each(function(i, el) { + $(el).find('> div > a.toggle').attr('aria-expanded', 'true'); + }); + + if($target[0]) { + window.scrollTo(window.scrollX, $target.offset().top - 250); + highlight(); + } +} + +function windowEvents(event) { + var msg = event.data; + if (msg.action === "expand") { + expandTo(msg.path); + } + return false; +} + +window.addEventListener("message", windowEvents, false); + +$(document).ready(function() { + escapeShortcut(); + navResizer(); + enableLinks(); + enableToggles(); + populateSearchCache(); + enableSearch(); +}); + +})(); diff --git a/doc/js/jquery.js b/doc/js/jquery.js new file mode 100644 index 00000000..198b3ff0 --- /dev/null +++ b/doc/js/jquery.js @@ -0,0 +1,4 @@ +/*! jQuery v1.7.1 jquery.com | jquery.org/license */ +(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cl||(cl=c.createElement("iframe"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl.createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.write((c.compatMode==="CSS1Compat"?"":"")+""),cm.close();d=cm.createElement(a),cm.body.appendChild(d),e=f.css(d,"display"),b.removeChild(cl)}ck[a]=e}return ck[a]}function cu(a,b){var c={};f.each(cq.concat.apply([],cq.slice(0,b)),function(){c[this]=a});return c}function ct(){cr=b}function cs(){setTimeout(ct,0);return cr=f.now()}function cj(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ci(){try{return new a.XMLHttpRequest}catch(b){}}function cc(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g0){if(c!=="border")for(;g=0===c})}function S(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function K(){return!0}function J(){return!1}function n(a,b,c){var d=b+"defer",e=b+"queue",g=b+"mark",h=f._data(a,d);h&&(c==="queue"||!f._data(a,e))&&(c==="mark"||!f._data(a,g))&&setTimeout(function(){!f._data(a,e)&&!f._data(a,g)&&(f.removeData(a,d,!0),h.fire())},0)}function m(a){for(var b in a){if(b==="data"&&f.isEmptyObject(a[b]))continue;if(b!=="toJSON")return!1}return!0}function l(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(k,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNumeric(d)?parseFloat(d):j.test(d)?f.parseJSON(d):d}catch(g){}f.data(a,c,d)}else d=b}return d}function h(a){var b=g[a]={},c,d;a=a.split(/\s+/);for(c=0,d=a.length;c)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,n=/^[\],:{}\s]*$/,o=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,p=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,q=/(?:^|:|,)(?:\s*\[)+/g,r=/(webkit)[ \/]([\w.]+)/,s=/(opera)(?:.*version)?[ \/]([\w.]+)/,t=/(msie) ([\w.]+)/,u=/(mozilla)(?:.*? rv:([\w.]+))?/,v=/-([a-z]|[0-9])/ig,w=/^-ms-/,x=function(a,b){return(b+"").toUpperCase()},y=d.userAgent,z,A,B,C=Object.prototype.toString,D=Object.prototype.hasOwnProperty,E=Array.prototype.push,F=Array.prototype.slice,G=String.prototype.trim,H=Array.prototype.indexOf,I={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=m.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.7.1",length:0,size:function(){return this.length},toArray:function(){return F.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?E.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),A.add(a);return this},eq:function(a){a=+a;return a===-1?this.slice(a):this.slice(a,a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(F.apply(this,arguments),"slice",F.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:E,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j0)return;A.fireWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").off("ready")}},bindReady:function(){if(!A){A=e.Callbacks("once memory");if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",B,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",B),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&J()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a&&typeof a=="object"&&"setInterval"in a},isNumeric:function(a){return!isNaN(parseFloat(a))&&isFinite(a)},type:function(a){return a==null?String(a):I[C.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!D.call(a,"constructor")&&!D.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||D.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw new Error(a)},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(n.test(b.replace(o,"@").replace(p,"]").replace(q,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(w,"ms-").replace(v,x)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i1?i.call(arguments,0):b,j.notifyWith(k,e)}}function l(a){return function(c){b[a]=arguments.length>1?i.call(arguments,0):c,--g||j.resolveWith(j,b)}}var b=i.call(arguments,0),c=0,d=b.length,e=Array(d),g=d,h=d,j=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred(),k=j.promise();if(d>1){for(;c
        a",d=q.getElementsByTagName("*"),e=q.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=q.getElementsByTagName("input")[0],b={leadingWhitespace:q.firstChild.nodeType===3,tbody:!q.getElementsByTagName("tbody").length,htmlSerialize:!!q.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:q.className!=="t",enctype:!!c.createElement("form").enctype,html5Clone:c.createElement("nav").cloneNode(!0).outerHTML!=="<:nav>",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,b.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,b.optDisabled=!h.disabled;try{delete q.test}catch(s){b.deleteExpando=!1}!q.addEventListener&&q.attachEvent&&q.fireEvent&&(q.attachEvent("onclick",function(){b.noCloneEvent=!1}),q.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),b.radioValue=i.value==="t",i.setAttribute("checked","checked"),q.appendChild(i),k=c.createDocumentFragment(),k.appendChild(q.lastChild),b.checkClone=k.cloneNode(!0).cloneNode(!0).lastChild.checked,b.appendChecked=i.checked,k.removeChild(i),k.appendChild(q),q.innerHTML="",a.getComputedStyle&&(j=c.createElement("div"),j.style.width="0",j.style.marginRight="0",q.style.width="2px",q.appendChild(j),b.reliableMarginRight=(parseInt((a.getComputedStyle(j,null)||{marginRight:0}).marginRight,10)||0)===0);if(q.attachEvent)for(o in{submit:1,change:1,focusin:1})n="on"+o,p=n in q,p||(q.setAttribute(n,"return;"),p=typeof q[n]=="function"),b[o+"Bubbles"]=p;k.removeChild(q),k=g=h=j=q=i=null,f(function(){var a,d,e,g,h,i,j,k,m,n,o,r=c.getElementsByTagName("body")[0];!r||(j=1,k="position:absolute;top:0;left:0;width:1px;height:1px;margin:0;",m="visibility:hidden;border:0;",n="style='"+k+"border:5px solid #000;padding:0;'",o="
        "+""+"
        ",a=c.createElement("div"),a.style.cssText=m+"width:0;height:0;position:static;top:0;margin-top:"+j+"px",r.insertBefore(a,r.firstChild),q=c.createElement("div"),a.appendChild(q),q.innerHTML="
        t
        ",l=q.getElementsByTagName("td"),p=l[0].offsetHeight===0,l[0].style.display="",l[1].style.display="none",b.reliableHiddenOffsets=p&&l[0].offsetHeight===0,q.innerHTML="",q.style.width=q.style.paddingLeft="1px",f.boxModel=b.boxModel=q.offsetWidth===2,typeof q.style.zoom!="undefined"&&(q.style.display="inline",q.style.zoom=1,b.inlineBlockNeedsLayout=q.offsetWidth===2,q.style.display="",q.innerHTML="
        ",b.shrinkWrapBlocks=q.offsetWidth!==2),q.style.cssText=k+m,q.innerHTML=o,d=q.firstChild,e=d.firstChild,h=d.nextSibling.firstChild.firstChild,i={doesNotAddBorder:e.offsetTop!==5,doesAddBorderForTableAndCells:h.offsetTop===5},e.style.position="fixed",e.style.top="20px",i.fixedPosition=e.offsetTop===20||e.offsetTop===15,e.style.position=e.style.top="",d.style.overflow="hidden",d.style.position="relative",i.subtractsBorderForOverflowNotVisible=e.offsetTop===-5,i.doesNotIncludeMarginInBodyOffset=r.offsetTop!==j,r.removeChild(a),q=a=null,f.extend(b,i))});return b}();var j=/^(?:\{.*\}|\[.*\])$/,k=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!m(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i,j=f.expando,k=typeof c=="string",l=a.nodeType,m=l?f.cache:a,n=l?a[j]:a[j]&&j,o=c==="events";if((!n||!m[n]||!o&&!e&&!m[n].data)&&k&&d===b)return;n||(l?a[j]=n=++f.uuid:n=j),m[n]||(m[n]={},l||(m[n].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?m[n]=f.extend(m[n],c):m[n].data=f.extend(m[n].data,c);g=h=m[n],e||(h.data||(h.data={}),h=h.data),d!==b&&(h[f.camelCase(c)]=d);if(o&&!h[c])return g.events;k?(i=h[c],i==null&&(i=h[f.camelCase(c)])):i=h;return i}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e,g,h=f.expando,i=a.nodeType,j=i?f.cache:a,k=i?a[h]:h;if(!j[k])return;if(b){d=c?j[k]:j[k].data;if(d){f.isArray(b)||(b in d?b=[b]:(b=f.camelCase(b),b in d?b=[b]:b=b.split(" ")));for(e=0,g=b.length;e-1)return!0;return!1},val:function(a){var c,d,e,g=this[0];{if(!!arguments.length){e=f.isFunction(a);return this.each(function(d){var g=f(this),h;if(this.nodeType===1){e?h=a.call(this,d,g.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.nodeName.toLowerCase()]||f.valHooks[this.type];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}if(g){c=f.valHooks[g.nodeName.toLowerCase()]||f.valHooks[g.type];if(c&&"get"in c&&(d=c.get(g,"value"))!==b)return d;d=g.value;return typeof d=="string"?d.replace(q,""):d==null?"":d}}}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c,d,e,g=a.selectedIndex,h=[],i=a.options,j=a.type==="select-one";if(g<0)return null;c=j?g:0,d=j?g+1:i.length;for(;c=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attr:function(a,c,d,e){var g,h,i,j=a.nodeType;if(!!a&&j!==3&&j!==8&&j!==2){if(e&&c in f.attrFn)return f(a)[c](d);if(typeof a.getAttribute=="undefined")return f.prop(a,c,d);i=j!==1||!f.isXMLDoc(a),i&&(c=c.toLowerCase(),h=f.attrHooks[c]||(u.test(c)?x:w));if(d!==b){if(d===null){f.removeAttr(a,c);return}if(h&&"set"in h&&i&&(g=h.set(a,d,c))!==b)return g;a.setAttribute(c,""+d);return d}if(h&&"get"in h&&i&&(g=h.get(a,c))!==null)return g;g=a.getAttribute(c);return g===null?b:g}},removeAttr:function(a,b){var c,d,e,g,h=0;if(b&&a.nodeType===1){d=b.toLowerCase().split(p),g=d.length;for(;h=0}})});var z=/^(?:textarea|input|select)$/i,A=/^([^\.]*)?(?:\.(.+))?$/,B=/\bhover(\.\S+)?\b/,C=/^key/,D=/^(?:mouse|contextmenu)|click/,E=/^(?:focusinfocus|focusoutblur)$/,F=/^(\w*)(?:#([\w\-]+))?(?:\.([\w\-]+))?$/,G=function(a){var b=F.exec(a);b&&(b[1]=(b[1]||"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^|\\s)"+b[3]+"(?:\\s|$)"));return b},H=function(a,b){var c=a.attributes||{};return(!b[1]||a.nodeName.toLowerCase()===b[1])&&(!b[2]||(c.id||{}).value===b[2])&&(!b[3]||b[3].test((c["class"]||{}).value))},I=function(a){return f.event.special.hover?a:a.replace(B,"mouseenter$1 mouseleave$1")}; +f.event={add:function(a,c,d,e,g){var h,i,j,k,l,m,n,o,p,q,r,s;if(!(a.nodeType===3||a.nodeType===8||!c||!d||!(h=f._data(a)))){d.handler&&(p=d,d=p.handler),d.guid||(d.guid=f.guid++),j=h.events,j||(h.events=j={}),i=h.handle,i||(h.handle=i=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.dispatch.apply(i.elem,arguments):b},i.elem=a),c=f.trim(I(c)).split(" ");for(k=0;k=0&&(h=h.slice(0,-1),k=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.shift(),i.sort());if((!e||f.event.customEvent[h])&&!f.event.global[h])return;c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.isTrigger=!0,c.exclusive=k,c.namespace=i.join("."),c.namespace_re=c.namespace?new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)"):null,o=h.indexOf(":")<0?"on"+h:"";if(!e){j=f.cache;for(l in j)j[l].events&&j[l].events[h]&&f.event.trigger(c,d,j[l].handle.elem,!0);return}c.result=b,c.target||(c.target=e),d=d!=null?f.makeArray(d):[],d.unshift(c),p=f.event.special[h]||{};if(p.trigger&&p.trigger.apply(e,d)===!1)return;r=[[e,p.bindType||h]];if(!g&&!p.noBubble&&!f.isWindow(e)){s=p.delegateType||h,m=E.test(s+h)?e:e.parentNode,n=null;for(;m;m=m.parentNode)r.push([m,s]),n=m;n&&n===e.ownerDocument&&r.push([n.defaultView||n.parentWindow||a,s])}for(l=0;le&&i.push({elem:this,matches:d.slice(e)});for(j=0;j0?this.on(b,null,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0),C.test(b)&&(f.event.fixHooks[b]=f.event.keyHooks),D.test(b)&&(f.event.fixHooks[b]=f.event.mouseHooks)}),function(){function x(a,b,c,e,f,g){for(var h=0,i=e.length;h0){k=j;break}}j=j[a]}e[h]=k}}}function w(a,b,c,e,f,g){for(var h=0,i=e.length;h+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d="sizcache"+(Math.random()+"").replace(".",""),e=0,g=Object.prototype.toString,h=!1,i=!0,j=/\\/g,k=/\r\n/g,l=/\W/;[0,0].sort(function(){i=!1;return 0});var m=function(b,d,e,f){e=e||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return e;var i,j,k,l,n,q,r,t,u=!0,v=m.isXML(d),w=[],x=b;do{a.exec(""),i=a.exec(x);if(i){x=i[3],w.push(i[1]);if(i[2]){l=i[3];break}}}while(i);if(w.length>1&&p.exec(b))if(w.length===2&&o.relative[w[0]])j=y(w[0]+w[1],d,f);else{j=o.relative[w[0]]?[d]:m(w.shift(),d);while(w.length)b=w.shift(),o.relative[b]&&(b+=w.shift()),j=y(b,j,f)}else{!f&&w.length>1&&d.nodeType===9&&!v&&o.match.ID.test(w[0])&&!o.match.ID.test(w[w.length-1])&&(n=m.find(w.shift(),d,v),d=n.expr?m.filter(n.expr,n.set)[0]:n.set[0]);if(d){n=f?{expr:w.pop(),set:s(f)}:m.find(w.pop(),w.length===1&&(w[0]==="~"||w[0]==="+")&&d.parentNode?d.parentNode:d,v),j=n.expr?m.filter(n.expr,n.set):n.set,w.length>0?k=s(j):u=!1;while(w.length)q=w.pop(),r=q,o.relative[q]?r=w.pop():q="",r==null&&(r=d),o.relative[q](k,r,v)}else k=w=[]}k||(k=j),k||m.error(q||b);if(g.call(k)==="[object Array]")if(!u)e.push.apply(e,k);else if(d&&d.nodeType===1)for(t=0;k[t]!=null;t++)k[t]&&(k[t]===!0||k[t].nodeType===1&&m.contains(d,k[t]))&&e.push(j[t]);else for(t=0;k[t]!=null;t++)k[t]&&k[t].nodeType===1&&e.push(j[t]);else s(k,e);l&&(m(l,h,e,f),m.uniqueSort(e));return e};m.uniqueSort=function(a){if(u){h=i,a.sort(u);if(h)for(var b=1;b0},m.find=function(a,b,c){var d,e,f,g,h,i;if(!a)return[];for(e=0,f=o.order.length;e":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!l.test(b)){b=b.toLowerCase();for(;e=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(j,"")},TAG:function(a,b){return a[1].replace(j,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||m.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&m.error(a[0]);a[0]=e++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(j,"");!f&&o.attrMap[g]&&(a[1]=o.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(j,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=m(b[3],null,null,c);else{var g=m.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(o.match.POS.test(b[0])||o.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!m(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return bc[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=o.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||n([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||!!a.nodeName&&a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=m.attr?m.attr(a,c):o.attrHandle[c]?o.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":!f&&m.attr?d!=null:f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=o.setFilters[e];if(f)return f(a,c,b,d)}}},p=o.match.POS,q=function(a,b){return"\\"+(b-0+1)};for(var r in o.match)o.match[r]=new RegExp(o.match[r].source+/(?![^\[]*\])(?![^\(]*\))/.source),o.leftMatch[r]=new RegExp(/(^(?:.|\r|\n)*?)/.source+o.match[r].source.replace(/\\(\d+)/g,q));var s=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(t){s=function(a,b){var c=0,d=b||[];if(g.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var e=a.length;c",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(o.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},o.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(o.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(o.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=m,b=c.createElement("div"),d="__sizzle__";b.innerHTML="

        ";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){m=function(b,e,f,g){e=e||c;if(!g&&!m.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return s(e.getElementsByTagName(b),f);if(h[2]&&o.find.CLASS&&e.getElementsByClassName)return s(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return s([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return s([],f);if(i.id===h[3])return s([i],f)}try{return s(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var k=e,l=e.getAttribute("id"),n=l||d,p=e.parentNode,q=/^\s*[+~]/.test(b);l?n=n.replace(/'/g,"\\$&"):e.setAttribute("id",n),q&&p&&(e=e.parentNode);try{if(!q||p)return s(e.querySelectorAll("[id='"+n+"'] "+b),f)}catch(r){}finally{l||k.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)m[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}m.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!m.isXML(a))try{if(e||!o.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return m(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="
        ";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;o.order.splice(1,0,"CLASS"),o.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?m.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?m.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:m.contains=function(){return!1},m.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var y=function(a,b,c){var d,e=[],f="",g=b.nodeType?[b]:b;while(d=o.match.PSEUDO.exec(a))f+=d[0],a=a.replace(o.match.PSEUDO,"");a=o.relative[a]?a+"*":a;for(var h=0,i=g.length;h0)for(h=g;h=0:f.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h=1;while(g&&g.ownerDocument&&g!==b){for(d=0;d-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a=="string")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(S(c[0])||S(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling(a.parentNode.firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c);L.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!R[a]?f.unique(e):e,(this.length>1||N.test(d))&&M.test(a)&&(e=e.reverse());return this.pushStack(e,a,P.call(arguments).join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var V="abbr|article|aside|audio|canvas|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",W=/ jQuery\d+="(?:\d+|null)"/g,X=/^\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,Z=/<([\w:]+)/,$=/",""],legend:[1,"
        ","
        "],thead:[1,"","
        "],tr:[2,"","
        "],td:[3,"","
        "],col:[2,"","
        "],area:[1,"",""],_default:[0,"",""]},bh=U(c);bg.optgroup=bg.option,bg.tbody=bg.tfoot=bg.colgroup=bg.caption=bg.thead,bg.th=bg.td,f.support.htmlSerialize||(bg._default=[1,"div
        ","
        "]),f.fn.extend({text:function(a){if(f.isFunction(a))return this.each(function(b){var c=f(this);c.text(a.call(this,b,c.text()))});if(typeof a!="object"&&a!==b)return this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a));return f.text(this)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=f.isFunction(a);return this.each(function(c){f(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f.clean(arguments);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f.clean(arguments));return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function() +{for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){if(a===b)return this[0]&&this[0].nodeType===1?this[0].innerHTML.replace(W,""):null;if(typeof a=="string"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!bg[(Z.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Y,"<$1>");try{for(var c=0,d=this.length;c1&&l0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d,e,g,h=f.support.html5Clone||!bc.test("<"+a.nodeName)?a.cloneNode(!0):bo(a);if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bk(a,h),d=bl(a),e=bl(h);for(g=0;d[g];++g)e[g]&&bk(d[g],e[g])}if(b){bj(a,h);if(c){d=bl(a),e=bl(h);for(g=0;d[g];++g)bj(d[g],e[g])}}d=e=null;return h},clean:function(a,b,d,e){var g;b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);var h=[],i;for(var j=0,k;(k=a[j])!=null;j++){typeof k=="number"&&(k+="");if(!k)continue;if(typeof k=="string")if(!_.test(k))k=b.createTextNode(k);else{k=k.replace(Y,"<$1>");var l=(Z.exec(k)||["",""])[1].toLowerCase(),m=bg[l]||bg._default,n=m[0],o=b.createElement("div");b===c?bh.appendChild(o):U(b).appendChild(o),o.innerHTML=m[1]+k+m[2];while(n--)o=o.lastChild;if(!f.support.tbody){var p=$.test(k),q=l==="table"&&!p?o.firstChild&&o.firstChild.childNodes:m[1]===""&&!p?o.childNodes:[];for(i=q.length-1;i>=0;--i)f.nodeName(q[i],"tbody")&&!q[i].childNodes.length&&q[i].parentNode.removeChild(q[i])}!f.support.leadingWhitespace&&X.test(k)&&o.insertBefore(b.createTextNode(X.exec(k)[0]),o.firstChild),k=o.childNodes}var r;if(!f.support.appendChecked)if(k[0]&&typeof (r=k.length)=="number")for(i=0;i=0)return b+"px"}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return br.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNumeric(b)?"alpha(opacity="+b*100+")":"",g=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&f.trim(g.replace(bq,""))===""){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bq.test(g)?g.replace(bq,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){var c;f.swap(a,{display:"inline-block"},function(){b?c=bz(a,"margin-right","marginRight"):c=a.style.marginRight});return c}})}),c.defaultView&&c.defaultView.getComputedStyle&&(bA=function(a,b){var c,d,e;b=b.replace(bs,"-$1").toLowerCase(),(d=a.ownerDocument.defaultView)&&(e=d.getComputedStyle(a,null))&&(c=e.getPropertyValue(b),c===""&&!f.contains(a.ownerDocument.documentElement,a)&&(c=f.style(a,b)));return c}),c.documentElement.currentStyle&&(bB=function(a,b){var c,d,e,f=a.currentStyle&&a.currentStyle[b],g=a.style;f===null&&g&&(e=g[b])&&(f=e),!bt.test(f)&&bu.test(f)&&(c=g.left,d=a.runtimeStyle&&a.runtimeStyle.left,d&&(a.runtimeStyle.left=a.currentStyle.left),g.left=b==="fontSize"?"1em":f||0,f=g.pixelLeft+"px",g.left=c,d&&(a.runtimeStyle.left=d));return f===""?"auto":f}),bz=bA||bB,f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style&&a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)});var bD=/%20/g,bE=/\[\]$/,bF=/\r?\n/g,bG=/#.*$/,bH=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bI=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bJ=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,bK=/^(?:GET|HEAD)$/,bL=/^\/\//,bM=/\?/,bN=/)<[^<]*)*<\/script>/gi,bO=/^(?:select|textarea)/i,bP=/\s+/,bQ=/([?&])_=[^&]*/,bR=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bS=f.fn.load,bT={},bU={},bV,bW,bX=["*/"]+["*"];try{bV=e.href}catch(bY){bV=c.createElement("a"),bV.href="",bV=bV.href}bW=bR.exec(bV.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bS)return bS.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("
        ").append(c.replace(bN,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bO.test(this.nodeName)||bI.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bF,"\r\n")}}):{name:b.name,value:c.replace(bF,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.on(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?b_(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),b_(a,b);return a},ajaxSettings:{url:bV,isLocal:bJ.test(bW[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bX},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bZ(bT),ajaxTransport:bZ(bU),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?cb(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=cc(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.fireWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f.Callbacks("once memory"),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bH.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.add,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bG,"").replace(bL,bW[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bP),d.crossDomain==null&&(r=bR.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bW[1]&&r[2]==bW[2]&&(r[3]||(r[1]==="http:"?80:443))==(bW[3]||(bW[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),b$(bT,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bK.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bM.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bQ,"$1_="+x);d.url=y+(y===d.url?(bM.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bX+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=b$(bU,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){if(s<2)w(-1,z);else throw z}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)ca(g,a[g],c,e);return d.join("&").replace(bD,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var cd=f.now(),ce=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+cd++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=b.contentType==="application/x-www-form-urlencoded"&&typeof b.data=="string";if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(ce.test(b.url)||e&&ce.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(ce,l),b.url===j&&(e&&(k=k.replace(ce,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var cf=a.ActiveXObject?function(){for(var a in ch)ch[a](0,1)}:!1,cg=0,ch;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ci()||cj()}:ci,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,cf&&delete ch[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n),m.text=h.responseText;try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cg,cf&&(ch||(ch={},f(a).unload(cf)),ch[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var ck={},cl,cm,cn=/^(?:toggle|show|hide)$/,co=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,cp,cq=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cr;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(cu("show",3),a,b,c);for(var g=0,h=this.length;g=i.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),i.animatedProperties[this.prop]=!0;for(b in i.animatedProperties)i.animatedProperties[b]!==!0&&(g=!1);if(g){i.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){h.style["overflow"+b]=i.overflow[a]}),i.hide&&f(h).hide();if(i.hide||i.show)for(b in i.animatedProperties)f.style(h,b,i.orig[b]),f.removeData(h,"fxshow"+b,!0),f.removeData(h,"toggle"+b,!0);d=i.complete,d&&(i.complete=!1,d.call(h))}return!1}i.duration==Infinity?this.now=e:(c=e-this.startTime,this.state=c/i.duration,this.pos=f.easing[i.animatedProperties[this.prop]](this.state,c,0,1,i.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){var a,b=f.timers,c=0;for(;c-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=cx.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!cx.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each(["Left","Top"],function(a,c){var d="scroll"+c;f.fn[d]=function(c){var e,g;if(c===b){e=this[0];if(!e)return null;g=cy(e);return g?"pageXOffset"in g?g[a?"pageYOffset":"pageXOffset"]:f.support.boxModel&&g.document.documentElement[d]||g.document.body[d]:e[d]}return this.each(function(){g=cy(this),g?g.scrollTo(a?f(g).scrollLeft():c,a?c:f(g).scrollTop()):this[d]=c})}}),f.each(["Height","Width"],function(a,c){var d=c.toLowerCase();f.fn["inner"+c]=function(){var a=this[0];return a?a.style?parseFloat(f.css(a,d,"padding")):this[d]():null},f.fn["outer"+c]=function(a){var b=this[0];return b?b.style?parseFloat(f.css(b,d,a?"margin":"border")):this[d]():null},f.fn[d]=function(a){var e=this[0];if(!e)return a==null?null:this;if(f.isFunction(a))return this.each(function(b){var c=f(this);c[d](a.call(this,b,c[d]()))});if(f.isWindow(e)){var g=e.document.documentElement["client"+c],h=e.document.body;return e.document.compatMode==="CSS1Compat"&&g||h&&h["client"+c]||g}if(e.nodeType===9)return Math.max(e.documentElement["client"+c],e.body["scroll"+c],e.documentElement["scroll"+c],e.body["offset"+c],e.documentElement["offset"+c]);if(a===b){var i=f.css(e,d),j=parseFloat(i);return f.isNumeric(j)?j:i}return this.css(d,typeof a=="string"?a:a+"px")}}),a.jQuery=a.$=f,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return f})})(window); \ No newline at end of file diff --git a/doc/method_list.html b/doc/method_list.html new file mode 100644 index 00000000..18aa7298 --- /dev/null +++ b/doc/method_list.html @@ -0,0 +1,726 @@ + + + + + + + + + + + + + + + + + + Method List + + + +
        +
        +

        Method List

        + + + +
        + + +
        + + diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html new file mode 100644 index 00000000..4777b3e1 --- /dev/null +++ b/doc/top-level-namespace.html @@ -0,0 +1,110 @@ + + + + + + + Top Level Namespace + + — Documentation by YARD 0.9.37 + + + + + + + + + + + + + + + + + +
        + +
        +
        + +
        + + +

        Top Level Namespace + + + +

        +
        + + + + + + + + + + + +
        + +

        Defined Under Namespace

        +

        + + + Modules: OAuth2 + + + + +

        + + + + + + + + + +
        + + + +
        + + \ No newline at end of file diff --git a/gemfiles/modular/documentation.gemfile b/gemfiles/modular/documentation.gemfile index 5cccab2e..78533908 100644 --- a/gemfiles/modular/documentation.gemfile +++ b/gemfiles/modular/documentation.gemfile @@ -1,8 +1,11 @@ # frozen_string_literal: true # Documentation +gem "kramdown", "~> 2.5", ">= 2.5.1" # Ruby >= 2.5 +gem "kramdown-parser-gfm", "~> 1.1" # Ruby >= 2.3 gem "yard", "~> 0.9", ">= 0.9.37", require: false -gem "yard-junk", "~> 0.0", ">= 0.0.10", github: "pboling/yard-junk", branch: "next" +gem "yard-junk", "~> 0.0", ">= 0.0.10", github: "pboling/yard-junk", branch: "next", require: false +gem "yard-relative_markdown_links", "~> 0.5.0" # Std Lib extractions gem "rdoc", "~> 6.11" diff --git a/oauth2.gemspec b/oauth2.gemspec index c9c3038c..872225e2 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -11,10 +11,12 @@ gem_version = OAuth2::Version::VERSION end -gl_homepage = "https://gitlab.com/oauth-xx/oauth2" -gh_mirror = "https://github.com/oauth-xx/oauth2" - Gem::Specification.new do |spec| + spec.name = "oauth2" + spec.version = gem_version + spec.authors = ["Peter Boling", "Erik Michaels-Ober", "Michael Bleigh"] + spec.email = ["peter.boling@gmail.com", "oauth-ruby@googlegroups.com"] + # Linux distros often package gems and securely certify them independent # of the official RubyGem certification process. Allowed via ENV["SKIP_GEM_SIGNING"] # Ref: https://gitlab.com/oauth-xx/version_gem/-/issues/3 @@ -33,15 +35,15 @@ Gem::Specification.new do |spec| end end - spec.authors = ["Peter Boling", "Erik Michaels-Ober", "Michael Bleigh"] + gl_homepage = "https://gitlab.com/oauth-xx/oauth2" + gh_mirror = "https://github.com/oauth-xx/oauth2" + spec.summary = "OAuth 2.0 Core Ruby implementation" spec.description = "Ruby wrapper for the OAuth 2.0 protocol" - spec.email = ["peter.boling@gmail.com", "oauth-ruby@googlegroups.com"] - spec.homepage = gh_mirror # Yeah, it's gross, but stars have value :( + spec.homepage = gh_mirror spec.licenses = "MIT" - spec.name = "oauth2" spec.required_ruby_version = ">= 2.2.0" - spec.version = gem_version + spec.post_install_message = %{ You have installed oauth2 version #{gem_version}, congratulations! @@ -78,15 +80,17 @@ Please report issues, and star the project! Thanks, |7eter l-|. l3oling } - spec.metadata["homepage_uri"] = gl_homepage - spec.metadata["source_code_uri"] = "#{gl_homepage}/-/tree/v#{spec.version}" + spec.metadata["homepage_uri"] = "https://#{spec.name}.galtzo.com/" + # Yes, GitHub/Microsoft is a disgusting monopoly, but GH stars have value :( + spec.metadata["source_code_uri"] = "#{gh_mirror}/releases/tag//v#{spec.version}" spec.metadata["changelog_uri"] = "#{gl_homepage}/-/blob/v#{spec.version}/CHANGELOG.md" spec.metadata["bug_tracker_uri"] = "#{gl_homepage}/-/issues" spec.metadata["documentation_uri"] = "https://www.rubydoc.info/gems/#{spec.name}/#{spec.version}" spec.metadata["wiki_uri"] = "#{gl_homepage}/-/wiki" + # Yes, Google is a disgusting monopoly, but the historical value of the mailing list archive is high. spec.metadata["mailing_list_uri"] = "https://groups.google.com/g/oauth-ruby" - spec.metadata["news_uri"] = "https://www.railsbling.com/tags/#{spec.name}" spec.metadata["funding_uri"] = "https://liberapay.com/pboling" + spec.metadata["news_uri"] = "https://www.railsbling.com/tags/#{spec.name}" spec.metadata["rubygems_mfa_required"] = "true" # Specify which files should be added to the gem when it is released. @@ -108,7 +112,12 @@ Thanks, |7eter l-|. l3oling "--title", "#{spec.name} - #{spec.summary}", "--main", + "CHANGELOG.md", + "CODE_OF_CONDUCT.md", + "CONTRIBUTING.md", + "LICENSE.txt", "README.md", + "SECURITY.md", "--line-numbers", "--inline-source", "--quiet", From 83aca0d9b67a9523cb13cb6009e7c99e7123984a Mon Sep 17 00:00:00 2001 From: "|7eter l-|. l3oling" Date: Wed, 21 May 2025 04:31:06 +0700 Subject: [PATCH 395/645] Create CNAME --- CNAME | 1 + 1 file changed, 1 insertion(+) create mode 100644 CNAME diff --git a/CNAME b/CNAME new file mode 100644 index 00000000..9e32e7bf --- /dev/null +++ b/CNAME @@ -0,0 +1 @@ +oauth2.galtzo.com \ No newline at end of file From baa2cfcb64529938cc677bf3f284e3b88feaa946 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 21 May 2025 04:35:14 +0700 Subject: [PATCH 396/645] =?UTF-8?q?=F0=9F=93=9D=20CHANGELOG.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0b534c4..ad5444cc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,11 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - https://codeberg.org/oauth-xx/oauth2 - Don't check for cert if SKIP_GEM_SIGNING is set (@pboling) - All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling) +- YARD config, GFM compatible with relative file links +- Documentation site on GitHub Pages + - [oauth2.galtzo.com](https://oauth2.galtzo.com) ### Changed +- Updated `spec.homepage_uri` in gemspec to GitHub Pages YARD documentation site ### Deprecated ### Removed ### Fixed From b49bfc58bf52d6496aabb0ef5d8bd47a3a1050d9 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 21 May 2025 04:52:09 +0700 Subject: [PATCH 397/645] =?UTF-8?q?=F0=9F=93=9D=20link=20to=20oauth2.galtz?= =?UTF-8?q?o.com=20for=20HEAD=20docs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0a7c2a6a..94096151 100644 --- a/README.md +++ b/README.md @@ -876,7 +876,7 @@ or one of the others at the head of this README. [📄ilo-declaration]: https://www.ilo.org/declaration/lang--en/index.htm [📄ilo-declaration-img]: https://img.shields.io/badge/ILO_Fundamental_Principles-✓-259D6C.svg?style=flat [🚎yard-current]: http://rubydoc.info/gems/oauth2 -[🚎yard-head]: https://rubydoc.info/github/oauth-xx/oauth2/main +[🚎yard-head]: https://oauth2.galtzo.com [💎stone_checksums]: https://github.com/pboling/stone_checksums [💎SHA_checksums]: https://gitlab.com/oauth-xx/oauth2/-/tree/main/checksums [💎rlts]: https://github.com/rubocop-lts/rubocop-lts From 12a681c5ebdecc9fd2a44edfe7b08405a713fec0 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 21 May 2025 06:46:48 +0700 Subject: [PATCH 398/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fixing=20typos?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CITATION.cff | 2 +- README.md | 10 ++++++---- oauth2.gemspec | 2 +- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/CITATION.cff b/CITATION.cff index 525d0064..fffbadd4 100644 --- a/CITATION.cff +++ b/CITATION.cff @@ -16,7 +16,7 @@ authors: identifiers: - type: url value: 'https://github.com/oauth-xx/oauth2' - description: oath2 + description: oauth2 repository-code: 'https://github.com/oauth-xx/oauth2' abstract: >- oauth2 diff --git a/README.md b/README.md index 94096151..08c14ef6 100644 --- a/README.md +++ b/README.md @@ -336,13 +336,15 @@ For more see [SECURITY.md][🔐security]. - Adds new option to `OAuth2::AccessToken#initialize`: - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency - By default, keys are transformed to snake case. - - Original keys will still work as previously, in most scenarios, thanks to [snaky_hash](https://gitlab.com/oauth-xx/snaky_hash) gem. + - Original keys will still work as previously, in most scenarios, thanks to [snaky_hash][snaky_hash] gem. - However, this is a _breaking_ change if you rely on `response.parsed.to_h` to retain the original case, and the original wasn't snake case, as the keys in the result will be snake case. - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option. - By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`) - Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body - [... A lot more](https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md#200-2022-06-21-tag) +[snaky_hash]: https://gitlab.com/oauth-xx/snaky_hash + ## Compatibility Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4. @@ -488,7 +490,7 @@ response.parsed.class.name # => Hash (just, regular old Hash)
        Debugging -Set an environment variable, however you would [normally do that](https://github.com/bkeepers/dotenv). +Set an environment variable as per usual (e.g. with [dotenv](https://github.com/bkeepers/dotenv)). ```ruby # will log both request and response, including bodies @@ -515,7 +517,7 @@ The `AccessToken` methods `#get`, `#post`, `#put` and `#delete` and the generic will return an instance of the #OAuth2::Response class. This instance contains a `#parsed` method that will parse the response body and -return a Hash-like [`OAuth2::SnakyHash`](https://gitlab.com/oauth-xx/oauth2/-/blob/main/lib/oauth2/snaky_hash.rb) if the `Content-Type` is `application/x-www-form-urlencoded` or if +return a Hash-like [`SnakyHash::StringKeyed`](https://gitlab.com/oauth-xx/snaky_hash/-/blob/main/lib/snaky_hash/string_keyed.rb) if the `Content-Type` is `application/x-www-form-urlencoded` or if the body is a JSON object. It will return an Array if the body is a JSON array. Otherwise, it will return the original body string. @@ -543,7 +545,7 @@ Response instance will contain the `OAuth2::Error` instance. ### Authorization Grants -Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion +Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion authentication grant types have helper strategy classes that simplify client use. They are available via the [`#auth_code`](https://gitlab.com/oauth-xx/oauth2/-/blob/main/lib/oauth2/strategy/auth_code.rb), [`#implicit`](https://gitlab.com/oauth-xx/oauth2/-/blob/main/lib/oauth2/strategy/implicit.rb), diff --git a/oauth2.gemspec b/oauth2.gemspec index 872225e2..f3e13c7f 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -3,7 +3,7 @@ gem_version = if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new("3.1") - # Loading version into an anonymous module allows version.rb to get code coverage from SimpleCov! + # Loading Version into an anonymous module allows version.rb to get code coverage from SimpleCov! # See: https://github.com/simplecov-ruby/simplecov/issues/557#issuecomment-2630782358 Module.new.tap { |mod| Kernel.load("lib/oauth2/version.rb", mod) }::OAuth2::Version::VERSION else From f06238ee54e415a46e9410562db75f2aeb6c91c4 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 21 May 2025 06:50:19 +0700 Subject: [PATCH 399/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fixing=20typos?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 08c14ef6..69ee4b91 100644 --- a/README.md +++ b/README.md @@ -283,7 +283,7 @@ by following the instructions below. Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate: ```shell -gem cert --add <(curl -Ls https://raw.github.com/kettle-rb/oauth2/main/certs/pboling.pem) +gem cert --add <(curl -Ls https://raw.github.com/oauth-xx/oauth2/main/certs/pboling.pem) ``` You only need to do that once. Then proceed to install with: From 29442628ff7173a36bbb57ea810e48d16ac88a31 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 21 May 2025 08:09:11 +0700 Subject: [PATCH 400/645] =?UTF-8?q?=F0=9F=91=B7=20Ensure=20compatibility?= =?UTF-8?q?=20with=20all=20versions=20of=20Hashie?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Appraisals | 13 +++++++++++++ Gemfile.lock | 2 +- README.md | 4 ++++ gemfiles/audit.gemfile | 4 +++- gemfiles/coverage.gemfile | 4 +++- gemfiles/current.gemfile | 4 +++- gemfiles/current_runtime_heads.gemfile | 2 +- gemfiles/head.gemfile | 2 +- gemfiles/modular/hashie_v0.gemfile | 5 +++++ gemfiles/modular/hashie_v1.gemfile | 5 +++++ gemfiles/modular/hashie_v2.gemfile | 5 +++++ gemfiles/modular/hashie_v3.gemfile | 5 +++++ gemfiles/modular/hashie_v4.gemfile | 5 +++++ gemfiles/modular/hashie_v5.gemfile | 5 +++++ gemfiles/modular/runtime_heads.gemfile | 3 +++ gemfiles/omnibus.gemfile | 4 +++- gemfiles/ruby_2_3.gemfile | 4 +++- gemfiles/ruby_2_4.gemfile | 4 +++- gemfiles/ruby_2_5.gemfile | 4 +++- gemfiles/ruby_2_6.gemfile | 4 +++- gemfiles/ruby_2_7.gemfile | 4 +++- gemfiles/ruby_3_0.gemfile | 4 +++- gemfiles/ruby_3_1.gemfile | 4 +++- gemfiles/ruby_3_2.gemfile | 4 +++- gemfiles/ruby_3_3.gemfile | 4 +++- gemfiles/style.gemfile | 2 +- gemfiles/vanilla.gemfile | 2 +- 27 files changed, 94 insertions(+), 18 deletions(-) create mode 100644 gemfiles/modular/hashie_v0.gemfile create mode 100644 gemfiles/modular/hashie_v1.gemfile create mode 100644 gemfiles/modular/hashie_v2.gemfile create mode 100644 gemfiles/modular/hashie_v3.gemfile create mode 100644 gemfiles/modular/hashie_v4.gemfile create mode 100644 gemfiles/modular/hashie_v5.gemfile diff --git a/Appraisals b/Appraisals index e047d4fb..9adc4170 100644 --- a/Appraisals +++ b/Appraisals @@ -27,6 +27,7 @@ appraise "current" do gem "mutex_m", ">= 0.2" gem "stringio", ">= 3.0" eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/hashie_v5.gemfile" eval_gemfile "modular/jwt_v3.gemfile" eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_7.gemfile" @@ -36,6 +37,7 @@ end appraise "ruby-2-3" do eval_gemfile "modular/faraday_v0.gemfile" + eval_gemfile "modular/hashie_v0.gemfile" eval_gemfile "modular/jwt_v1.gemfile" eval_gemfile "modular/logger_v1_2.gemfile" eval_gemfile "modular/multi_xml_v0_5.gemfile" @@ -45,6 +47,7 @@ end appraise "ruby-2-4" do eval_gemfile "modular/faraday_v1.gemfile" + eval_gemfile "modular/hashie_v1.gemfile" eval_gemfile "modular/jwt_v1.gemfile" eval_gemfile "modular/logger_v1_2.gemfile" eval_gemfile "modular/multi_xml_v0_5.gemfile" @@ -54,6 +57,7 @@ end appraise "ruby-2-5" do eval_gemfile "modular/faraday_v1.gemfile" + eval_gemfile "modular/hashie_v2.gemfile" eval_gemfile "modular/jwt_v2.gemfile" eval_gemfile "modular/logger_v1_5.gemfile" eval_gemfile "modular/multi_xml_v0_6.gemfile" @@ -65,6 +69,7 @@ appraise "ruby-2-6" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/hashie_v3.gemfile" eval_gemfile "modular/jwt_v2.gemfile" eval_gemfile "modular/logger_v1_5.gemfile" eval_gemfile "modular/multi_xml_v0_6.gemfile" @@ -76,6 +81,7 @@ appraise "ruby-2-7" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/hashie_v4.gemfile" eval_gemfile "modular/jwt_v2.gemfile" eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_6.gemfile" @@ -87,6 +93,7 @@ appraise "ruby-3-0" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/hashie_v5.gemfile" eval_gemfile "modular/jwt_v2.gemfile" eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_6.gemfile" @@ -98,6 +105,7 @@ appraise "ruby-3-1" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/hashie_v5.gemfile" eval_gemfile "modular/jwt_v2.gemfile" eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_6.gemfile" @@ -109,6 +117,7 @@ appraise "ruby-3-2" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/hashie_v5.gemfile" eval_gemfile "modular/jwt_v2.gemfile" eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_7.gemfile" @@ -120,6 +129,7 @@ appraise "ruby-3-3" do gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/hashie_v5.gemfile" eval_gemfile "modular/jwt_v2.gemfile" eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_7.gemfile" @@ -133,6 +143,7 @@ appraise "audit" do gem "stringio", "~> 3.0" eval_gemfile "modular/audit.gemfile" eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/hashie_v5.gemfile" eval_gemfile "modular/jwt_v2.gemfile" eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_7.gemfile" @@ -146,6 +157,7 @@ appraise "coverage" do gem "stringio", "~> 3.0" eval_gemfile "modular/coverage.gemfile" eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/hashie_v5.gemfile" eval_gemfile "modular/jwt_v2.gemfile" eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_7.gemfile" @@ -166,6 +178,7 @@ appraise "omnibus" do eval_gemfile "modular/coverage.gemfile" eval_gemfile "modular/documentation.gemfile" eval_gemfile "modular/faraday_v2.gemfile" + eval_gemfile "modular/hashie_v5.gemfile" eval_gemfile "modular/jwt_v2.gemfile" eval_gemfile "modular/logger_v1_7.gemfile" eval_gemfile "modular/multi_xml_v0_7.gemfile" diff --git a/Gemfile.lock b/Gemfile.lock index 9e283cfe..efb19018 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -92,7 +92,7 @@ GEM gem_bench (2.0.5) bundler (>= 1.14) version_gem (~> 1.1, >= 1.1.4) - hashie (5.0.0) + hashie (0.4.0) io-console (0.8.0) irb (1.15.2) pp (>= 0.6.0) diff --git a/README.md b/README.md index 69ee4b91..2428116a 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,10 @@ covering the latest patch for each of the following minor versions: The last two were extracted from this gem. They are part of the `oauth-xx` org, and are developed in tight collaboration with this gem. +Also, where reasonable, tested against the runtime dependencies of those dependencies: + +* gem `hashie` @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ [hashie/hashie](https://github.com/hashie/hashie) + #### You should upgrade this gem with confidence\*. - This gem follows a _strict & correct_ (according to the maintainer of SemVer; [more info][sv-pub-api]) interpretation of SemVer. diff --git a/gemfiles/audit.gemfile b/gemfiles/audit.gemfile index a0d24ab2..51d2169c 100644 --- a/gemfiles/audit.gemfile +++ b/gemfiles/audit.gemfile @@ -5,12 +5,14 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/audit.gemfile") eval_gemfile("modular/faraday_v2.gemfile") +eval_gemfile("modular/hashie_v5.gemfile") + eval_gemfile("modular/jwt_v2.gemfile") eval_gemfile("modular/logger_v1_7.gemfile") diff --git a/gemfiles/coverage.gemfile b/gemfiles/coverage.gemfile index 4f3d07b6..89a57ce0 100644 --- a/gemfiles/coverage.gemfile +++ b/gemfiles/coverage.gemfile @@ -5,12 +5,14 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/coverage.gemfile") eval_gemfile("modular/faraday_v2.gemfile") +eval_gemfile("modular/hashie_v5.gemfile") + eval_gemfile("modular/jwt_v2.gemfile") eval_gemfile("modular/logger_v1_7.gemfile") diff --git a/gemfiles/current.gemfile b/gemfiles/current.gemfile index a8fc46a3..05f8012c 100644 --- a/gemfiles/current.gemfile +++ b/gemfiles/current.gemfile @@ -5,10 +5,12 @@ source "https://rubygems.org/" gem "mutex_m", ">= 0.2" gem "stringio", ">= 3.0" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/faraday_v2.gemfile") +eval_gemfile("modular/hashie_v5.gemfile") + eval_gemfile("modular/jwt_v3.gemfile") eval_gemfile("modular/logger_v1_7.gemfile") diff --git a/gemfiles/current_runtime_heads.gemfile b/gemfiles/current_runtime_heads.gemfile index fc9c120d..74ea868d 100644 --- a/gemfiles/current_runtime_heads.gemfile +++ b/gemfiles/current_runtime_heads.gemfile @@ -5,6 +5,6 @@ source "https://rubygems.org/" gem "mutex_m", ">= 0.2" gem "stringio", ">= 3.0" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/runtime_heads.gemfile") diff --git a/gemfiles/head.gemfile b/gemfiles/head.gemfile index fc9c120d..74ea868d 100644 --- a/gemfiles/head.gemfile +++ b/gemfiles/head.gemfile @@ -5,6 +5,6 @@ source "https://rubygems.org/" gem "mutex_m", ">= 0.2" gem "stringio", ">= 3.0" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/runtime_heads.gemfile") diff --git a/gemfiles/modular/hashie_v0.gemfile b/gemfiles/modular/hashie_v0.gemfile new file mode 100644 index 00000000..78a4bef5 --- /dev/null +++ b/gemfiles/modular/hashie_v0.gemfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +# Ruby >= 0 +# We will test it against Ruby 2.3. +gem "hashie", "~> 0.4", ">= 0.4.0" diff --git a/gemfiles/modular/hashie_v1.gemfile b/gemfiles/modular/hashie_v1.gemfile new file mode 100644 index 00000000..6cd97b2e --- /dev/null +++ b/gemfiles/modular/hashie_v1.gemfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +# Ruby >= 0 +# We will test it against Ruby 2.4. +gem "hashie", "~> 1.2", ">= 1.2.0" diff --git a/gemfiles/modular/hashie_v2.gemfile b/gemfiles/modular/hashie_v2.gemfile new file mode 100644 index 00000000..ca62311c --- /dev/null +++ b/gemfiles/modular/hashie_v2.gemfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +# Ruby >= 0 +# We will test it against Ruby 2.5. +gem "hashie", "~> 2.1", ">= 2.1.2" diff --git a/gemfiles/modular/hashie_v3.gemfile b/gemfiles/modular/hashie_v3.gemfile new file mode 100644 index 00000000..aeff95b3 --- /dev/null +++ b/gemfiles/modular/hashie_v3.gemfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +# Ruby >= 0 +# We will test it against Ruby 2.6. +gem "hashie", "~> 3.6", ">= 3.6.0" diff --git a/gemfiles/modular/hashie_v4.gemfile b/gemfiles/modular/hashie_v4.gemfile new file mode 100644 index 00000000..c18d3cb9 --- /dev/null +++ b/gemfiles/modular/hashie_v4.gemfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +# Ruby >= 0 +# We will test it against Ruby 2.7. +gem "hashie", "~> 4.1", ">= 4.1.0" diff --git a/gemfiles/modular/hashie_v5.gemfile b/gemfiles/modular/hashie_v5.gemfile new file mode 100644 index 00000000..0c6cd403 --- /dev/null +++ b/gemfiles/modular/hashie_v5.gemfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +# Ruby >= 0 +# We will test it against Ruby 3.0+. +gem "hashie", "~> 5.0", ">= 5.0.0" diff --git a/gemfiles/modular/runtime_heads.gemfile b/gemfiles/modular/runtime_heads.gemfile index 167a0359..ca10f1dd 100644 --- a/gemfiles/modular/runtime_heads.gemfile +++ b/gemfiles/modular/runtime_heads.gemfile @@ -5,6 +5,9 @@ # Ruby >= 3.0 gem "faraday", github: "lostisland/faraday", branch: "main" +# Ruby >= 0 +gem "hashie", github: "hashie/hashie", branch: "master" + # Ruby >= 2.5 gem "jwt", github: "jwt/ruby-jwt", branch: "main" diff --git a/gemfiles/omnibus.gemfile b/gemfiles/omnibus.gemfile index 10a5c530..168d34cc 100644 --- a/gemfiles/omnibus.gemfile +++ b/gemfiles/omnibus.gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org/" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/audit.gemfile") @@ -12,6 +12,8 @@ eval_gemfile("modular/documentation.gemfile") eval_gemfile("modular/faraday_v2.gemfile") +eval_gemfile("modular/hashie_v5.gemfile") + eval_gemfile("modular/jwt_v2.gemfile") eval_gemfile("modular/logger_v1_7.gemfile") diff --git a/gemfiles/ruby_2_3.gemfile b/gemfiles/ruby_2_3.gemfile index c04bb1e8..088d2f1d 100644 --- a/gemfiles/ruby_2_3.gemfile +++ b/gemfiles/ruby_2_3.gemfile @@ -2,10 +2,12 @@ source "https://rubygems.org/" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/faraday_v0.gemfile") +eval_gemfile("modular/hashie_v0.gemfile") + eval_gemfile("modular/jwt_v1.gemfile") eval_gemfile("modular/logger_v1_2.gemfile") diff --git a/gemfiles/ruby_2_4.gemfile b/gemfiles/ruby_2_4.gemfile index 9839ec20..c15b04f9 100644 --- a/gemfiles/ruby_2_4.gemfile +++ b/gemfiles/ruby_2_4.gemfile @@ -2,10 +2,12 @@ source "https://rubygems.org/" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/faraday_v1.gemfile") +eval_gemfile("modular/hashie_v1.gemfile") + eval_gemfile("modular/jwt_v1.gemfile") eval_gemfile("modular/logger_v1_2.gemfile") diff --git a/gemfiles/ruby_2_5.gemfile b/gemfiles/ruby_2_5.gemfile index 078b001f..cca5f0e8 100644 --- a/gemfiles/ruby_2_5.gemfile +++ b/gemfiles/ruby_2_5.gemfile @@ -2,10 +2,12 @@ source "https://rubygems.org/" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/faraday_v1.gemfile") +eval_gemfile("modular/hashie_v2.gemfile") + eval_gemfile("modular/jwt_v2.gemfile") eval_gemfile("modular/logger_v1_5.gemfile") diff --git a/gemfiles/ruby_2_6.gemfile b/gemfiles/ruby_2_6.gemfile index 3feef85e..6e332186 100644 --- a/gemfiles/ruby_2_6.gemfile +++ b/gemfiles/ruby_2_6.gemfile @@ -5,10 +5,12 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/faraday_v2.gemfile") +eval_gemfile("modular/hashie_v3.gemfile") + eval_gemfile("modular/jwt_v2.gemfile") eval_gemfile("modular/logger_v1_5.gemfile") diff --git a/gemfiles/ruby_2_7.gemfile b/gemfiles/ruby_2_7.gemfile index dba445fd..b38394a3 100644 --- a/gemfiles/ruby_2_7.gemfile +++ b/gemfiles/ruby_2_7.gemfile @@ -5,10 +5,12 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/faraday_v2.gemfile") +eval_gemfile("modular/hashie_v4.gemfile") + eval_gemfile("modular/jwt_v2.gemfile") eval_gemfile("modular/logger_v1_7.gemfile") diff --git a/gemfiles/ruby_3_0.gemfile b/gemfiles/ruby_3_0.gemfile index dba445fd..6c46b863 100644 --- a/gemfiles/ruby_3_0.gemfile +++ b/gemfiles/ruby_3_0.gemfile @@ -5,10 +5,12 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/faraday_v2.gemfile") +eval_gemfile("modular/hashie_v5.gemfile") + eval_gemfile("modular/jwt_v2.gemfile") eval_gemfile("modular/logger_v1_7.gemfile") diff --git a/gemfiles/ruby_3_1.gemfile b/gemfiles/ruby_3_1.gemfile index dba445fd..6c46b863 100644 --- a/gemfiles/ruby_3_1.gemfile +++ b/gemfiles/ruby_3_1.gemfile @@ -5,10 +5,12 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/faraday_v2.gemfile") +eval_gemfile("modular/hashie_v5.gemfile") + eval_gemfile("modular/jwt_v2.gemfile") eval_gemfile("modular/logger_v1_7.gemfile") diff --git a/gemfiles/ruby_3_2.gemfile b/gemfiles/ruby_3_2.gemfile index 616b2ece..a173c574 100644 --- a/gemfiles/ruby_3_2.gemfile +++ b/gemfiles/ruby_3_2.gemfile @@ -5,10 +5,12 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/faraday_v2.gemfile") +eval_gemfile("modular/hashie_v5.gemfile") + eval_gemfile("modular/jwt_v2.gemfile") eval_gemfile("modular/logger_v1_7.gemfile") diff --git a/gemfiles/ruby_3_3.gemfile b/gemfiles/ruby_3_3.gemfile index 616b2ece..a173c574 100644 --- a/gemfiles/ruby_3_3.gemfile +++ b/gemfiles/ruby_3_3.gemfile @@ -5,10 +5,12 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/faraday_v2.gemfile") +eval_gemfile("modular/hashie_v5.gemfile") + eval_gemfile("modular/jwt_v2.gemfile") eval_gemfile("modular/logger_v1_7.gemfile") diff --git a/gemfiles/style.gemfile b/gemfiles/style.gemfile index f75762cf..0b9591b7 100644 --- a/gemfiles/style.gemfile +++ b/gemfiles/style.gemfile @@ -5,6 +5,6 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec path: "../" +gemspec :path => "../" eval_gemfile("modular/style.gemfile") diff --git a/gemfiles/vanilla.gemfile b/gemfiles/vanilla.gemfile index 095e6608..a55548f2 100644 --- a/gemfiles/vanilla.gemfile +++ b/gemfiles/vanilla.gemfile @@ -2,4 +2,4 @@ source "https://rubygems.org/" -gemspec path: "../" +gemspec :path => "../" From d58b990a93a840d27829ad7a78ec7b45c7f35d46 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 21 May 2025 08:20:24 +0700 Subject: [PATCH 401/645] =?UTF-8?q?=F0=9F=9A=A8=20Linting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 2 +- gemfiles/audit.gemfile | 2 +- gemfiles/coverage.gemfile | 2 +- gemfiles/current.gemfile | 2 +- gemfiles/current_runtime_heads.gemfile | 2 +- gemfiles/head.gemfile | 2 +- gemfiles/omnibus.gemfile | 2 +- gemfiles/ruby_2_3.gemfile | 2 +- gemfiles/ruby_2_4.gemfile | 2 +- gemfiles/ruby_2_5.gemfile | 2 +- gemfiles/ruby_2_6.gemfile | 2 +- gemfiles/ruby_2_7.gemfile | 2 +- gemfiles/ruby_3_0.gemfile | 2 +- gemfiles/ruby_3_1.gemfile | 2 +- gemfiles/ruby_3_2.gemfile | 2 +- gemfiles/ruby_3_3.gemfile | 2 +- gemfiles/style.gemfile | 2 +- gemfiles/vanilla.gemfile | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 1e923dcf..02e508b5 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -21,7 +21,7 @@ "lib/oauth2/response.rb:4048171841": [ [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] ], - "oauth2.gemspec:2957552385": [ + "oauth2.gemspec:3929706977": [ [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028] ], "spec/oauth2/access_token_spec.rb:443932125": [ diff --git a/gemfiles/audit.gemfile b/gemfiles/audit.gemfile index 51d2169c..173a1e36 100644 --- a/gemfiles/audit.gemfile +++ b/gemfiles/audit.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/audit.gemfile") diff --git a/gemfiles/coverage.gemfile b/gemfiles/coverage.gemfile index 89a57ce0..6b348995 100644 --- a/gemfiles/coverage.gemfile +++ b/gemfiles/coverage.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/coverage.gemfile") diff --git a/gemfiles/current.gemfile b/gemfiles/current.gemfile index 05f8012c..c4f47527 100644 --- a/gemfiles/current.gemfile +++ b/gemfiles/current.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", ">= 0.2" gem "stringio", ">= 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/current_runtime_heads.gemfile b/gemfiles/current_runtime_heads.gemfile index 74ea868d..fc9c120d 100644 --- a/gemfiles/current_runtime_heads.gemfile +++ b/gemfiles/current_runtime_heads.gemfile @@ -5,6 +5,6 @@ source "https://rubygems.org/" gem "mutex_m", ">= 0.2" gem "stringio", ">= 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/runtime_heads.gemfile") diff --git a/gemfiles/head.gemfile b/gemfiles/head.gemfile index 74ea868d..fc9c120d 100644 --- a/gemfiles/head.gemfile +++ b/gemfiles/head.gemfile @@ -5,6 +5,6 @@ source "https://rubygems.org/" gem "mutex_m", ">= 0.2" gem "stringio", ">= 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/runtime_heads.gemfile") diff --git a/gemfiles/omnibus.gemfile b/gemfiles/omnibus.gemfile index 168d34cc..57cc634c 100644 --- a/gemfiles/omnibus.gemfile +++ b/gemfiles/omnibus.gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org/" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/audit.gemfile") diff --git a/gemfiles/ruby_2_3.gemfile b/gemfiles/ruby_2_3.gemfile index 088d2f1d..00bcdb3e 100644 --- a/gemfiles/ruby_2_3.gemfile +++ b/gemfiles/ruby_2_3.gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org/" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v0.gemfile") diff --git a/gemfiles/ruby_2_4.gemfile b/gemfiles/ruby_2_4.gemfile index c15b04f9..e8c2f7b6 100644 --- a/gemfiles/ruby_2_4.gemfile +++ b/gemfiles/ruby_2_4.gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org/" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v1.gemfile") diff --git a/gemfiles/ruby_2_5.gemfile b/gemfiles/ruby_2_5.gemfile index cca5f0e8..039fdb5a 100644 --- a/gemfiles/ruby_2_5.gemfile +++ b/gemfiles/ruby_2_5.gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org/" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v1.gemfile") diff --git a/gemfiles/ruby_2_6.gemfile b/gemfiles/ruby_2_6.gemfile index 6e332186..77a7e508 100644 --- a/gemfiles/ruby_2_6.gemfile +++ b/gemfiles/ruby_2_6.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/ruby_2_7.gemfile b/gemfiles/ruby_2_7.gemfile index b38394a3..5d304af5 100644 --- a/gemfiles/ruby_2_7.gemfile +++ b/gemfiles/ruby_2_7.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/ruby_3_0.gemfile b/gemfiles/ruby_3_0.gemfile index 6c46b863..36974019 100644 --- a/gemfiles/ruby_3_0.gemfile +++ b/gemfiles/ruby_3_0.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/ruby_3_1.gemfile b/gemfiles/ruby_3_1.gemfile index 6c46b863..36974019 100644 --- a/gemfiles/ruby_3_1.gemfile +++ b/gemfiles/ruby_3_1.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/ruby_3_2.gemfile b/gemfiles/ruby_3_2.gemfile index a173c574..f5b6f53d 100644 --- a/gemfiles/ruby_3_2.gemfile +++ b/gemfiles/ruby_3_2.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/ruby_3_3.gemfile b/gemfiles/ruby_3_3.gemfile index a173c574..f5b6f53d 100644 --- a/gemfiles/ruby_3_3.gemfile +++ b/gemfiles/ruby_3_3.gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/faraday_v2.gemfile") diff --git a/gemfiles/style.gemfile b/gemfiles/style.gemfile index 0b9591b7..f75762cf 100644 --- a/gemfiles/style.gemfile +++ b/gemfiles/style.gemfile @@ -5,6 +5,6 @@ source "https://rubygems.org/" gem "mutex_m", "~> 0.2" gem "stringio", "~> 3.0" -gemspec :path => "../" +gemspec path: "../" eval_gemfile("modular/style.gemfile") diff --git a/gemfiles/vanilla.gemfile b/gemfiles/vanilla.gemfile index a55548f2..095e6608 100644 --- a/gemfiles/vanilla.gemfile +++ b/gemfiles/vanilla.gemfile @@ -2,4 +2,4 @@ source "https://rubygems.org/" -gemspec :path => "../" +gemspec path: "../" From dca5133d7037ffefc0375604f60ae57d9d6110c0 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Wed, 21 May 2025 08:24:19 +0700 Subject: [PATCH 402/645] =?UTF-8?q?=F0=9F=93=9D=20CHANGELOG.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 1 + doc/OAuth2.html | 2 +- doc/OAuth2/AccessToken.html | 2 +- doc/OAuth2/Authenticator.html | 2 +- doc/OAuth2/Client.html | 2 +- doc/OAuth2/Error.html | 2 +- doc/OAuth2/FilteredAttributes.html | 2 +- .../FilteredAttributes/ClassMethods.html | 2 +- doc/OAuth2/Response.html | 2 +- doc/OAuth2/Strategy.html | 2 +- doc/OAuth2/Strategy/Assertion.html | 2 +- doc/OAuth2/Strategy/AuthCode.html | 2 +- doc/OAuth2/Strategy/Base.html | 2 +- doc/OAuth2/Strategy/ClientCredentials.html | 2 +- doc/OAuth2/Strategy/Implicit.html | 2 +- doc/OAuth2/Strategy/Password.html | 2 +- doc/OAuth2/Version.html | 2 +- doc/_index.html | 2 +- doc/file.CHANGELOG.html | 15 ++++++++++++--- doc/file.CODE_OF_CONDUCT.html | 2 +- doc/file.CONTRIBUTING.html | 2 +- doc/file.LICENSE.html | 2 +- doc/file.README.html | 19 +++++++++++++------ doc/file.SECURITY.html | 2 +- doc/index.html | 19 +++++++++++++------ doc/top-level-namespace.html | 2 +- 26 files changed, 61 insertions(+), 37 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ad5444cc..3465797e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - YARD config, GFM compatible with relative file links - Documentation site on GitHub Pages - [oauth2.galtzo.com](https://oauth2.galtzo.com) +- [!649](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/649) - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD ### Changed - Updated `spec.homepage_uri` in gemspec to GitHub Pages YARD documentation site ### Deprecated diff --git a/doc/OAuth2.html b/doc/OAuth2.html index 47069103..8a46ca83 100644 --- a/doc/OAuth2.html +++ b/doc/OAuth2.html @@ -326,7 +326,7 @@

        diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html index 4923e5eb..74b42914 100644 --- a/doc/OAuth2/AccessToken.html +++ b/doc/OAuth2/AccessToken.html @@ -3051,7 +3051,7 @@

        diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html index 6119de2a..4e741994 100644 --- a/doc/OAuth2/Authenticator.html +++ b/doc/OAuth2/Authenticator.html @@ -631,7 +631,7 @@

        diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html index 4bf3acd3..f765f0f4 100644 --- a/doc/OAuth2/Client.html +++ b/doc/OAuth2/Client.html @@ -2651,7 +2651,7 @@

        diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html index 20fa39da..80d4ce78 100644 --- a/doc/OAuth2/Error.html +++ b/doc/OAuth2/Error.html @@ -518,7 +518,7 @@

        diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html index df18761e..f392c9f0 100644 --- a/doc/OAuth2/FilteredAttributes.html +++ b/doc/OAuth2/FilteredAttributes.html @@ -268,7 +268,7 @@

        diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html index 327d2f77..0c7505d7 100644 --- a/doc/OAuth2/FilteredAttributes/ClassMethods.html +++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html @@ -218,7 +218,7 @@

        diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html index 1bacce58..f45d33c9 100644 --- a/doc/OAuth2/Response.html +++ b/doc/OAuth2/Response.html @@ -1136,7 +1136,7 @@

        diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html index 71c3a598..1d8acf90 100644 --- a/doc/OAuth2/Strategy.html +++ b/doc/OAuth2/Strategy.html @@ -107,7 +107,7 @@

        Defined Under Namespace

        diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html index 3aa4de62..d8f7fec1 100644 --- a/doc/OAuth2/Strategy/Assertion.html +++ b/doc/OAuth2/Strategy/Assertion.html @@ -481,7 +481,7 @@

        diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html index 5cbb8faa..3cbacd7c 100644 --- a/doc/OAuth2/Strategy/AuthCode.html +++ b/doc/OAuth2/Strategy/AuthCode.html @@ -469,7 +469,7 @@

        diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html index 231a3e19..a1cd6db5 100644 --- a/doc/OAuth2/Strategy/Base.html +++ b/doc/OAuth2/Strategy/Base.html @@ -195,7 +195,7 @@

        diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html index b99509b6..b2d7b7b7 100644 --- a/doc/OAuth2/Strategy/ClientCredentials.html +++ b/doc/OAuth2/Strategy/ClientCredentials.html @@ -343,7 +343,7 @@

        diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html index 92a36630..4b299aad 100644 --- a/doc/OAuth2/Strategy/Implicit.html +++ b/doc/OAuth2/Strategy/Implicit.html @@ -410,7 +410,7 @@

        diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html index ad687c1a..8da740e8 100644 --- a/doc/OAuth2/Strategy/Password.html +++ b/doc/OAuth2/Strategy/Password.html @@ -364,7 +364,7 @@

        diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html index 9191f24b..64c13919 100644 --- a/doc/OAuth2/Version.html +++ b/doc/OAuth2/Version.html @@ -111,7 +111,7 @@

        diff --git a/doc/_index.html b/doc/_index.html index 53cfdb8d..838f4b8b 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -300,7 +300,7 @@

        Namespace Listing A-Z

        diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html index 8da82e9a..f58fbc69 100644 --- a/doc/file.CHANGELOG.html +++ b/doc/file.CHANGELOG.html @@ -72,8 +72,17 @@

        Added

      2. Don’t check for cert if SKIP_GEM_SIGNING is set (@pboling)
        3. -
      3. All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling) -

        Changed

        +
      4. All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling)
        5. +
      5. YARD config, GFM compatible with relative file links
        6. +
      6. Documentation site on GitHub Pages + +
        7. +
      7. Updated spec.homepage_uri in gemspec to GitHub Pages YARD documentation site

        Deprecated

        Removed

        Fixed

        @@ -763,7 +772,7 @@

        diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html index a8fbac95..7106f3c9 100644 --- a/doc/file.CODE_OF_CONDUCT.html +++ b/doc/file.CODE_OF_CONDUCT.html @@ -192,7 +192,7 @@

        Attribution

        diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html index 24a89342..858079a6 100644 --- a/doc/file.CONTRIBUTING.html +++ b/doc/file.CONTRIBUTING.html @@ -195,7 +195,7 @@

        To release a new version:

        diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html index bb868c29..7e1ae2a8 100644 --- a/doc/file.LICENSE.html +++ b/doc/file.LICENSE.html @@ -60,7 +60,7 @@
        MIT License

        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
        Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:

        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.

        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        diff --git a/doc/file.README.html b/doc/file.README.html index 594ad4b2..3137f878 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -189,6 +189,13 @@

        Upgrading Runtime Gem DependenciesThe last two were extracted from this gem. They are part of the oauth-xx org,
        and are developed in tight collaboration with this gem.

        +

        Also, where reasonable, tested against the runtime dependencies of those dependencies:

        + +
          +
        • gem hashie @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ hashie/hashie +
          • +
        +

        You should upgrade this gem with confidence*.

          @@ -329,7 +336,7 @@

          💡 Info you can shake a stick at

        8.  @@ -454,7 +461,7 @@

        🔒 Secure Installation

        Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:

        -
        gem cert --add <(curl -Ls https://raw.github.com/kettle-rb/oauth2/main/certs/pboling.pem)
+
        gem cert --add <(curl -Ls https://raw.github.com/oauth-xx/oauth2/main/certs/pboling.pem)
 
        
 
 
        You only need to do that once.  Then proceed to install with:
        
@@ -703,7 +710,7 @@ 
        What if I hate snakes and/or i
 
        
   Debugging
 
-Set an environment variable, however you would [normally do that](https://github.com/bkeepers/dotenv).
+Set an environment variable as per usual (e.g. with [dotenv](https://github.com/bkeepers/dotenv)).
 
 ```ruby
 # will log both request and response, including bodies
@@ -730,7 +737,7 @@ 
        OAuth2::Response
        
 will return an instance of the #OAuth2::Response class.
        
 
 
        This instance contains a #parsed method that will parse the response body and
        
-return a Hash-like OAuth2::SnakyHash if the Content-Type is application/x-www-form-urlencoded or if
        
+return a Hash-like SnakyHash::StringKeyed if the Content-Type is application/x-www-form-urlencoded or if
        
 the body is a JSON object.  It will return an Array if the body is a JSON
        
 array.  Otherwise, it will return the original body string.
        
 
@@ -758,7 +765,7 @@ 
        OAuth2::Error
        
 
 
        Authorization Grants
        
 
-
        Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
        
+
        Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
        
 authentication grant types have helper strategy classes that simplify client
        
 use. They are available via the #auth_code,
        
 #implicit,
        
@@ -950,7 +957,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html
index 089fcab0..d09f7b4d 100644
--- a/doc/file.SECURITY.html
+++ b/doc/file.SECURITY.html
@@ -110,7 +110,7 @@ 
        OAuth2 for Enterprise
        
 
 
       
diff --git a/doc/index.html b/doc/index.html
index d5e6d3c9..89779182 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -189,6 +189,13 @@ 
        Upgrading Runtime Gem DependenciesThe last two were extracted from this gem. They are part of the oauth-xx org,
        
 and are developed in tight collaboration with this gem.
        
 
+
        Also, where reasonable, tested against the runtime dependencies of those dependencies:
        
+
+
          
+  
        • gem hashie @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ hashie/hashie
+
          • 
+
        
+
 
        You should upgrade this gem with confidence*.
        
 
 
          
@@ -329,7 +336,7 @@ 
          💡 Info you can shake a stick at
        @@ -454,7 +461,7 @@

        🔒 Secure Installation

        Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:

        -
        gem cert --add <(curl -Ls https://raw.github.com/kettle-rb/oauth2/main/certs/pboling.pem)
+
        gem cert --add <(curl -Ls https://raw.github.com/oauth-xx/oauth2/main/certs/pboling.pem)
 
        
 
 
        You only need to do that once.  Then proceed to install with:
        
@@ -703,7 +710,7 @@ 
        What if I hate snakes and/or i
 
        
   Debugging
 
-Set an environment variable, however you would [normally do that](https://github.com/bkeepers/dotenv).
+Set an environment variable as per usual (e.g. with [dotenv](https://github.com/bkeepers/dotenv)).
 
 ```ruby
 # will log both request and response, including bodies
@@ -730,7 +737,7 @@ 
        OAuth2::Response
        
 will return an instance of the #OAuth2::Response class.
        
 
 
        This instance contains a #parsed method that will parse the response body and
        
-return a Hash-like OAuth2::SnakyHash if the Content-Type is application/x-www-form-urlencoded or if
        
+return a Hash-like SnakyHash::StringKeyed if the Content-Type is application/x-www-form-urlencoded or if
        
 the body is a JSON object.  It will return an Array if the body is a JSON
        
 array.  Otherwise, it will return the original body string.
        
 
@@ -758,7 +765,7 @@ 
        OAuth2::Error
        
 
 
        Authorization Grants
        
 
-
        Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
        
+
        Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
        
 authentication grant types have helper strategy classes that simplify client
        
 use. They are available via the #auth_code,
        
 #implicit,
        
@@ -950,7 +957,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index 4777b3e1..a151535c 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
 
 
       

From 805b49e67cf3e1b7e66ef6e253f22812de0a9380 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Wed, 21 May 2025 08:43:54 +0700
Subject: [PATCH 403/645] =?UTF-8?q?=F0=9F=91=B7=20Automatic=20retry=20for?=
 =?UTF-8?q?=20Truffleruby?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/truffle.yml | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/truffle.yml b/.github/workflows/truffle.yml
index dafc1c36..40f99ec5 100644
--- a/.github/workflows/truffle.yml
+++ b/.github/workflows/truffle.yml
@@ -62,7 +62,32 @@ jobs:
       # NOTE: This does not use the primary Gemfile at all.
       - name: Install Root Appraisal
         run: bundle
-      - name: Appraisal for ${{ matrix.appraisal }}
+
+      - name: "[Attempt 1] Install Root Appraisal"
+        id: bundleAttempt1
+        run: bundle
+        # Continue to the next step on failure
+        continue-on-error: true
+
+      # Effectively an automatic retry of the previous step.
+      - name: "[Attempt 2] Install Root Appraisal"
+        id: bundleAttempt2
+        # If bundleAttempt1 failed, try again here; Otherwise skip.
+        if: steps.bundleAttempt1.outcome == 'failure'
+        run: bundle
+
+      - name: "[Attempt 1] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
+        id: bundleAppraisalAttempt1
+        run: bundle exec appraisal ${{ matrix.appraisal }} bundle
+        # Continue to the next step on failure
+        continue-on-error: true
+
+      # Effectively an automatic retry of the previous step.
+      - name: "[Attempt 2] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
+        id: bundleAppraisalAttempt2
+        # If bundleAttempt1 failed, try again here; Otherwise skip.
+        if: steps.bundleAppraisalAttempt1.outcome == 'failure'
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle
+
       - name: Tests for ${{ matrix.ruby }} via ${{ matrix.exec_cmd }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }}

From 2e3da41e4bfd03cf276cc467d9bd86c8b4a0f704 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Wed, 21 May 2025 09:02:25 +0700
Subject: [PATCH 404/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typo=20in=20?=
 =?UTF-8?q?anchor=20tag?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                       |  2 +-
 doc/OAuth2.html                                 |  2 +-
 doc/OAuth2/AccessToken.html                     |  2 +-
 doc/OAuth2/Authenticator.html                   |  2 +-
 doc/OAuth2/Client.html                          |  2 +-
 doc/OAuth2/Error.html                           |  2 +-
 doc/OAuth2/FilteredAttributes.html              |  2 +-
 doc/OAuth2/FilteredAttributes/ClassMethods.html |  2 +-
 doc/OAuth2/Response.html                        |  2 +-
 doc/OAuth2/Strategy.html                        |  2 +-
 doc/OAuth2/Strategy/Assertion.html              |  2 +-
 doc/OAuth2/Strategy/AuthCode.html               |  2 +-
 doc/OAuth2/Strategy/Base.html                   |  2 +-
 doc/OAuth2/Strategy/ClientCredentials.html      |  2 +-
 doc/OAuth2/Strategy/Implicit.html               |  2 +-
 doc/OAuth2/Strategy/Password.html               |  2 +-
 doc/OAuth2/Version.html                         |  2 +-
 doc/_index.html                                 |  2 +-
 doc/file.CHANGELOG.html                         | 11 ++++++-----
 doc/file.CODE_OF_CONDUCT.html                   |  2 +-
 doc/file.CONTRIBUTING.html                      |  2 +-
 doc/file.LICENSE.html                           |  2 +-
 doc/file.README.html                            |  4 ++--
 doc/file.SECURITY.html                          |  2 +-
 doc/index.html                                  |  4 ++--
 doc/top-level-namespace.html                    |  2 +-
 26 files changed, 33 insertions(+), 32 deletions(-)

diff --git a/README.md b/README.md
index 2428116a..5c030302 100644
--- a/README.md
+++ b/README.md
@@ -685,7 +685,7 @@ The gem is available as open source under the terms of
 the [MIT License][📄license] [![License: MIT][📄license-img]][📄license-ref].
 See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright-notice-explainer].
 
-[![FOSSA Status][fossa2-img])][fossa2]
+[![FOSSA Status][fossa2-img]][fossa2]
 
 [fossa2]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_large
 [fossa2-img]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=large
diff --git a/doc/OAuth2.html b/doc/OAuth2.html
index 8a46ca83..0a7f446d 100644
--- a/doc/OAuth2.html
+++ b/doc/OAuth2.html
@@ -326,7 +326,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html
index 74b42914..48b039f9 100644
--- a/doc/OAuth2/AccessToken.html
+++ b/doc/OAuth2/AccessToken.html
@@ -3051,7 +3051,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html
index 4e741994..5ffdae85 100644
--- a/doc/OAuth2/Authenticator.html
+++ b/doc/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html
index f765f0f4..14f5f2f9 100644
--- a/doc/OAuth2/Client.html
+++ b/doc/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html
index 80d4ce78..cd22f78e 100644
--- a/doc/OAuth2/Error.html
+++ b/doc/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html
index f392c9f0..5753ef70 100644
--- a/doc/OAuth2/FilteredAttributes.html
+++ b/doc/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html
index 0c7505d7..9fec7deb 100644
--- a/doc/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html
index f45d33c9..8a550ee3 100644
--- a/doc/OAuth2/Response.html
+++ b/doc/OAuth2/Response.html
@@ -1136,7 +1136,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html
index 1d8acf90..e929d487 100644
--- a/doc/OAuth2/Strategy.html
+++ b/doc/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html
index d8f7fec1..f1a244d3 100644
--- a/doc/OAuth2/Strategy/Assertion.html
+++ b/doc/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html
index 3cbacd7c..6ee434df 100644
--- a/doc/OAuth2/Strategy/AuthCode.html
+++ b/doc/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html
index a1cd6db5..77ac32f7 100644
--- a/doc/OAuth2/Strategy/Base.html
+++ b/doc/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html
index b2d7b7b7..31abd6f7 100644
--- a/doc/OAuth2/Strategy/ClientCredentials.html
+++ b/doc/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html
index 4b299aad..a51602e2 100644
--- a/doc/OAuth2/Strategy/Implicit.html
+++ b/doc/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html
index 8da740e8..5fce714a 100644
--- a/doc/OAuth2/Strategy/Password.html
+++ b/doc/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html
index 64c13919..24d4cf30 100644
--- a/doc/OAuth2/Version.html
+++ b/doc/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/doc/_index.html b/doc/_index.html
index 838f4b8b..81769448 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -300,7 +300,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html
index f58fbc69..5fe2746f 100644
--- a/doc/file.CHANGELOG.html
+++ b/doc/file.CHANGELOG.html
@@ -76,12 +76,13 @@ 
        Added
        
   
      8. YARD config, GFM compatible with relative file links
        9. 
   
      9. Documentation site on GitHub Pages
     
   
        10. 
+  
      10. 
+!649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD
+    
        Changed
        
+  
        11. 
   
      11. Updated spec.homepage_uri in gemspec to GitHub Pages YARD documentation site
     
        Deprecated
        
     
        Removed
        
@@ -772,7 +773,7 @@ 
        
 
 
       
diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html
index 7106f3c9..712b78e4 100644
--- a/doc/file.CODE_OF_CONDUCT.html
+++ b/doc/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
        Attribution
        
 
 
       
diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html
index 858079a6..62395fa3 100644
--- a/doc/file.CONTRIBUTING.html
+++ b/doc/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
        To release a new version:
        
 
 
       
diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html
index 7e1ae2a8..0e0118bc 100644
--- a/doc/file.LICENSE.html
+++ b/doc/file.LICENSE.html
@@ -60,7 +60,7 @@
       
        MIT License

        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
        Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:

        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.

        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
 
       
diff --git a/doc/file.README.html b/doc/file.README.html
index 3137f878..6a28b213 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -905,7 +905,7 @@ 
        📄 License
        
 the MIT License License: MIT.
        
 See LICENSE.txt for the official Copyright Notice.
        
 
-
        FOSSA Status)
        
+
        FOSSA Status
        
 
 
        © Copyright
        
 
@@ -957,7 +957,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html
index d09f7b4d..76df6ca8 100644
--- a/doc/file.SECURITY.html
+++ b/doc/file.SECURITY.html
@@ -110,7 +110,7 @@ 
        OAuth2 for Enterprise
        
 
 
       
diff --git a/doc/index.html b/doc/index.html
index 89779182..f3453b28 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -905,7 +905,7 @@ 
        📄 License
        
 the MIT License License: MIT.
        
 See LICENSE.txt for the official Copyright Notice.
        
 
-
        FOSSA Status)
        
+
        FOSSA Status
        
 
 
        © Copyright
        
 
@@ -957,7 +957,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index a151535c..9a66113c 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
 
 
       

From eedb25acbfc2b8881210934aee7bf9da7da4c36b Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Wed, 21 May 2025 09:40:25 +0700
Subject: [PATCH 405/645] =?UTF-8?q?=F0=9F=8E=A8=20Alphabetize=20requires?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 spec/spec_helper.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 949225bd..0a242d73 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -4,13 +4,13 @@
 ENV["RACK_ENV"] = "test"
 
 # Third Party Libraries
-require "rspec/stubbed_env"
-require "silent_stream"
 require "addressable/uri"
-require "rspec/pending_for"
 require "rspec/block_is_expected"
-require "version_gem/ruby"
+require "rspec/pending_for"
+require "rspec/stubbed_env"
+require "silent_stream"
 require "version_gem/rspec"
+require "version_gem/ruby"
 
 # Extensions
 require_relative "ext/backports"

From bee827049d4a7a8ca70a8b2ea0cabbfed4a1711c Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 22 May 2025 05:08:42 +0700
Subject: [PATCH 406/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20snaky=5Fhash=20v2.?=
 =?UTF-8?q?0.2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Gemfile.lock   | 22 ++++++++++++----------
 oauth2.gemspec |  2 +-
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index efb19018..f08b86d4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -29,7 +29,7 @@ PATH
       logger (~> 1.2)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 4)
-      snaky_hash (~> 2.0)
+      snaky_hash (~> 2.0, >= 2.0.2)
       version_gem (>= 1.1.8, < 3)
 
 GEM
@@ -83,6 +83,7 @@ GEM
       dry-inflector (~> 1.0)
       dry-logic (~> 1.4)
       zeitwerk (~> 2.6)
+    erb (5.0.1)
     faraday (2.13.1)
       faraday-net_http (>= 2.0, < 3.5)
       json
@@ -92,7 +93,7 @@ GEM
     gem_bench (2.0.5)
       bundler (>= 1.14)
       version_gem (~> 1.1, >= 1.1.4)
-    hashie (0.4.0)
+    hashie (5.0.0)
     io-console (0.8.0)
     irb (1.15.2)
       pp (>= 0.6.0)
@@ -101,7 +102,7 @@ GEM
     json (2.12.0)
     jwt (3.0.0.beta1)
       base64
-    kettle-soup-cover (1.0.6)
+    kettle-soup-cover (1.0.9)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 2.1)
       simplecov-console (~> 0.9, >= 0.9.1)
@@ -140,10 +141,11 @@ GEM
       stringio
     public_suffix (6.0.2)
     racc (1.8.1)
-    rack (3.1.14)
+    rack (3.1.15)
     rainbow (3.1.1)
     rake (13.2.1)
-    rdoc (6.13.1)
+    rdoc (6.14.0)
+      erb
       psych (>= 4.0.0)
     reek (6.5.0)
       dry-schema (~> 1.13)
@@ -175,7 +177,7 @@ GEM
       ruby_version (~> 1.0)
     rspec-stubbed_env (1.0.2)
     rspec-support (3.13.3)
-    rubocop (1.75.6)
+    rubocop (1.75.7)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -249,9 +251,9 @@ GEM
     simplecov-rcov (0.3.7)
       simplecov (>= 0.4.1)
     simplecov_json_formatter (0.1.4)
-    snaky_hash (2.0.1)
-      hashie
-      version_gem (~> 1.1, >= 1.1.1)
+    snaky_hash (2.0.2)
+      hashie (>= 0.1.0, < 6)
+      version_gem (>= 1.1.8, < 3)
     standard (1.50.0)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)
@@ -284,7 +286,7 @@ GEM
     yard (0.9.37)
     yard-relative_markdown_links (0.5.0)
       nokogiri (>= 1.14.3, < 2)
-    zeitwerk (2.7.2)
+    zeitwerk (2.7.3)
 
 PLATFORMS
   x86_64-darwin-21
diff --git a/oauth2.gemspec b/oauth2.gemspec
index f3e13c7f..6b8d7ec4 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -131,7 +131,7 @@ Thanks, |7eter l-|. l3oling
   spec.add_dependency("logger", "~> 1.2")                 # Ruby >= 0
   spec.add_dependency("multi_xml", "~> 0.5")              # Ruby >= 0
   spec.add_dependency("rack", [">= 1.2", "< 4"])          # Ruby >= 0
-  spec.add_dependency("snaky_hash", "~> 2.0")             # Ruby >= 2.2
+  spec.add_dependency("snaky_hash", "~> 2.0", ">= 2.0.2") # Ruby >= 2.2
   spec.add_dependency("version_gem", ">= 1.1.8", "< 3")   # Ruby >= 2.2
 
   spec.add_development_dependency("addressable", "~> 2.8", ">= 2.8.7")  # ruby >= 2.2

From 79ada49dc9d57edf95c170492082f0e8fb513e35 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 22 May 2025 05:38:21 +0700
Subject: [PATCH 407/645] =?UTF-8?q?=F0=9F=90=9B=20Fix=20regression=20in=20?=
 =?UTF-8?q?parsed=20return=20type?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .rubocop_gradual.lock                         | 24 ++++-----
 README.md                                     |  2 +-
 REEK                                          | 22 ++++----
 doc/OAuth2.html                               |  2 +-
 doc/OAuth2/AccessToken.html                   |  2 +-
 doc/OAuth2/Authenticator.html                 |  2 +-
 doc/OAuth2/Client.html                        |  2 +-
 doc/OAuth2/Error.html                         |  2 +-
 doc/OAuth2/FilteredAttributes.html            |  2 +-
 .../FilteredAttributes/ClassMethods.html      |  2 +-
 doc/OAuth2/Response.html                      | 20 ++++---
 doc/OAuth2/Strategy.html                      |  2 +-
 doc/OAuth2/Strategy/Assertion.html            |  2 +-
 doc/OAuth2/Strategy/AuthCode.html             |  2 +-
 doc/OAuth2/Strategy/Base.html                 |  2 +-
 doc/OAuth2/Strategy/ClientCredentials.html    |  2 +-
 doc/OAuth2/Strategy/Implicit.html             |  2 +-
 doc/OAuth2/Strategy/Password.html             |  2 +-
 doc/OAuth2/Version.html                       |  2 +-
 doc/_index.html                               |  2 +-
 doc/file.CHANGELOG.html                       |  2 +-
 doc/file.CODE_OF_CONDUCT.html                 |  2 +-
 doc/file.CONTRIBUTING.html                    |  2 +-
 doc/file.LICENSE.html                         |  2 +-
 doc/file.README.html                          |  2 +-
 doc/file.SECURITY.html                        |  2 +-
 doc/index.html                                |  2 +-
 doc/top-level-namespace.html                  |  2 +-
 lib/oauth2/response.rb                        |  5 +-
 spec/oauth2/client_spec.rb                    | 53 +++++++++----------
 30 files changed, 85 insertions(+), 89 deletions(-)

diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index 02e508b5..e557c814 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -18,10 +18,10 @@
     [9, 9, 25, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2012823020],
     [13, 9, 25, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2012823020]
   ],
-  "lib/oauth2/response.rb:4048171841": [
+  "lib/oauth2/response.rb:1516229748": [
     [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427]
   ],
-  "oauth2.gemspec:3929706977": [
+  "oauth2.gemspec:1301437182": [
     [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028]
   ],
   "spec/oauth2/access_token_spec.rb:443932125": [
@@ -41,7 +41,7 @@
     [69, 15, 38, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1480816240],
     [79, 13, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2314399065]
   ],
-  "spec/oauth2/client_spec.rb:2985507284": [
+  "spec/oauth2/client_spec.rb:1455422151": [
     [6, 1, 29, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/client*_spec.rb`.", 439549885],
     [175, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224],
     [194, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205],
@@ -49,15 +49,15 @@
     [222, 15, 20, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1276531672],
     [237, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1383956904],
     [252, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3376202107],
-    [830, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463],
-    [839, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621],
-    [850, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251],
-    [978, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886],
-    [982, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529],
-    [990, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419],
-    [1078, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886],
-    [1082, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529],
-    [1162, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325]
+    [827, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463],
+    [836, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621],
+    [847, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251],
+    [975, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886],
+    [979, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529],
+    [987, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419],
+    [1075, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886],
+    [1079, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529],
+    [1159, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325]
   ],
   "spec/oauth2/error_spec.rb:1692696277": [
     [23, 1, 28, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/error*_spec.rb`.", 3385870076],
diff --git a/README.md b/README.md
index 5c030302..c58df99e 100644
--- a/README.md
+++ b/README.md
@@ -477,7 +477,7 @@ response.parsed.access_token      # => "aaaaaaaa"
 response.parsed[:access_token]    # => "aaaaaaaa"
 response.parsed.additional_data   # => "additional"
 response.parsed[:additional_data] # => "additional"
-response.parsed.class.name        # => OAuth2::SnakyHash (subclass of Hashie::Mash::Rash, from `rash_alt` gem)
+response.parsed.class.name        # => SnakyHash::StringKeyed (from snaky_hash gem)
 ```
 
 #### What if I hate snakes and/or indifference?
diff --git a/REEK b/REEK
index c95a8e4b..5238fe76 100644
--- a/REEK
+++ b/REEK
@@ -1,9 +1,9 @@
 spec/oauth2/access_token_spec.rb -- 1 warning:
   [292, 293]:DuplicateMethodCall: assert_initialized_token calls 'target.params' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
 spec/oauth2/client_spec.rb -- 3 warnings:
-  [1075]:UnusedParameters: initialize has unused parameter 'client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Unused-Parameters.md]
-  [1075]:UnusedParameters: initialize has unused parameter 'hash' [https://github.com/troessner/reek/blob/v6.5.0/docs/Unused-Parameters.md]
-  [1211]:UtilityFunction: stubbed_client doesn't depend on instance state (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Utility-Function.md]
+  [1072]:UnusedParameters: initialize has unused parameter 'client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Unused-Parameters.md]
+  [1072]:UnusedParameters: initialize has unused parameter 'hash' [https://github.com/troessner/reek/blob/v6.5.0/docs/Unused-Parameters.md]
+  [1208]:UtilityFunction: stubbed_client doesn't depend on instance state (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Utility-Function.md]
 spec/oauth2/error_spec.rb -- 3 warnings:
   [10]:IrresponsibleModule: XmledString has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
   [4]:SubclassedFromCoreClass: StirredHash inherits from core class 'Hash' [https://github.com/troessner/reek/blob/v6.5.0/docs/Subclassed-From-Core-Class.md]
@@ -87,15 +87,15 @@ lib/oauth2/filtered_attributes.rb -- 6 warnings:
 lib/oauth2/response.rb -- 12 warnings:
   [15]:Attribute: OAuth2::Response#options is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
   [51]:BooleanParameter: OAuth2::Response#initialize has boolean parameter 'snaky' [https://github.com/troessner/reek/blob/v6.5.0/docs/Boolean-Parameter.md]
-  [25, 39, 134]:ClassVariable: OAuth2::Response declares the class variable '@@content_types' [https://github.com/troessner/reek/blob/v6.5.0/docs/Class-Variable.md]
-  [19, 37, 131, 134]:ClassVariable: OAuth2::Response declares the class variable '@@parsers' [https://github.com/troessner/reek/blob/v6.5.0/docs/Class-Variable.md]
-  [103, 105]:DuplicateMethodCall: OAuth2::Response#content_type calls 'response.headers' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [128, 129, 130, 131]:DuplicateMethodCall: OAuth2::Response#parser calls 'options[:parse]' 4 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
+  [25, 39, 133]:ClassVariable: OAuth2::Response declares the class variable '@@content_types' [https://github.com/troessner/reek/blob/v6.5.0/docs/Class-Variable.md]
+  [19, 37, 130, 133]:ClassVariable: OAuth2::Response declares the class variable '@@parsers' [https://github.com/troessner/reek/blob/v6.5.0/docs/Class-Variable.md]
+  [102, 104]:DuplicateMethodCall: OAuth2::Response#content_type calls 'response.headers' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
+  [127, 128, 129, 130]:DuplicateMethodCall: OAuth2::Response#parser calls 'options[:parse]' 4 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
   [9]:InstanceVariableAssumption: OAuth2::Response assumes too much for instance variable '@parsed' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
   [9]:InstanceVariableAssumption: OAuth2::Response assumes too much for instance variable '@parser' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
   [82]:ManualDispatch: OAuth2::Response#parsed manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md]
-  [128]:ManualDispatch: OAuth2::Response#parser manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md]
-  [78]:TooManyStatements: OAuth2::Response#parsed has approx 7 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
+  [127]:ManualDispatch: OAuth2::Response#parser manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md]
+  [78]:TooManyStatements: OAuth2::Response#parsed has approx 6 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
   [7]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
 lib/oauth2/strategy/assertion.rb -- 5 warnings:
   [96, 96, 98, 98]:FeatureEnvy: OAuth2::Strategy::Assertion#build_assertion refers to 'encoding_opts' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
@@ -125,4 +125,6 @@ lib/oauth2/version.rb -- 1 warning:
   [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
 lib/oauth2.rb -- 1 warning:
   [27]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-110 total warnings
+.yard_gfm_support.rb -- 1 warning:
+  [9, 9]:FeatureEnvy: KramdownGfmDocument#initialize refers to 'options' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
+111 total warnings
diff --git a/doc/OAuth2.html b/doc/OAuth2.html
index 0a7f446d..435f29eb 100644
--- a/doc/OAuth2.html
+++ b/doc/OAuth2.html
@@ -326,7 +326,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html
index 48b039f9..8afe3a11 100644
--- a/doc/OAuth2/AccessToken.html
+++ b/doc/OAuth2/AccessToken.html
@@ -3051,7 +3051,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html
index 5ffdae85..203f83c5 100644
--- a/doc/OAuth2/Authenticator.html
+++ b/doc/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html
index 14f5f2f9..d2362bf7 100644
--- a/doc/OAuth2/Client.html
+++ b/doc/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html
index cd22f78e..7c8c82a3 100644
--- a/doc/OAuth2/Error.html
+++ b/doc/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html
index 5753ef70..5bae1109 100644
--- a/doc/OAuth2/FilteredAttributes.html
+++ b/doc/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html
index 9fec7deb..1f6d746b 100644
--- a/doc/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html
index 8a550ee3..ebe35500 100644
--- a/doc/OAuth2/Response.html
+++ b/doc/OAuth2/Response.html
@@ -824,14 +824,14 @@ 
        
       
         
 
+101
 102
 103
 104
-105
-106
        
+105
        12.  @@ -1852,12 +1870,12 @@ 

         
 
-66
-67
-68
        +90 +91 +92

        @@ -923,8 +923,6 @@

        📄 License

        the MIT License License: MIT.
        See LICENSE.txt for the official Copyright Notice.

        -

        FOSSA Status

        -

        © Copyright

          @@ -975,7 +973,7 @@

          🤑 One more thing

          diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html index 5e9ccefd..a3f453b4 100644 --- a/doc/file.SECURITY.html +++ b/doc/file.SECURITY.html @@ -110,7 +110,7 @@

          OAuth2 for Enterprise

          diff --git a/doc/index.html b/doc/index.html index d1b46494..fe06b210 100644 --- a/doc/index.html +++ b/doc/index.html @@ -342,7 +342,7 @@

          💡 Info you can shake a stick at

         @@ -923,8 +923,6 @@

        📄 License

        the MIT License License: MIT.
        See LICENSE.txt for the official Copyright Notice.

        -

        FOSSA Status

        -

        © Copyright

          @@ -975,7 +973,7 @@

          🤑 One more thing

          diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html index a89f9e6f..eb9808e4 100644 --- a/doc/top-level-namespace.html +++ b/doc/top-level-namespace.html @@ -100,7 +100,7 @@

          Defined Under Namespace

          From bfcdd89337e132bbecec6e5aa334738606b770c2 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 22 May 2025 10:18:52 +0700 Subject: [PATCH 415/645] =?UTF-8?q?=F0=9F=94=A5=20FOSSA=20is=20a=20trash?= =?UTF-8?q?=20service,=20still?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 3b1607ca..b19cd064 100644 --- a/README.md +++ b/README.md @@ -902,8 +902,6 @@ or one of the others at the head of this README. [💎SHA_checksums]: https://gitlab.com/oauth-xx/oauth2/-/tree/main/checksums [💎rlts]: https://github.com/rubocop-lts/rubocop-lts [💎rlts-img]: https://img.shields.io/badge/code_style_%26_linting-rubocop--lts-34495e.svg?plastic&logo=ruby&logoColor=white -[🏘fossa]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_shield -[🏘fossa-img]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=shield [💎d-in-dvcs]: https://railsbling.com/posts/dvcs/put_the_d_in_dvcs/ [✉️discord-invite]: https://discord.gg/3qme4XHNKN [✉️discord-invite-img]: https://img.shields.io/discord/1373797679469170758?style=for-the-badge From e2b4e80b26bf741557614c08e02b135477400586 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 22 May 2025 23:03:07 +0700 Subject: [PATCH 416/645] =?UTF-8?q?=F0=9F=A4=A1=20Mock=20OAuth2=20server?= =?UTF-8?q?=20for=20testing?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - https://github.com/navikt/mock-oauth2-server --- config-ssl.json | 7 +++++++ docker-compose-ssl.yml | 12 ++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 config-ssl.json create mode 100644 docker-compose-ssl.yml diff --git a/config-ssl.json b/config-ssl.json new file mode 100644 index 00000000..f0a8da2e --- /dev/null +++ b/config-ssl.json @@ -0,0 +1,7 @@ +{ + "interactiveLogin": true, + "httpServer": { + "type": "NettyWrapper", + "ssl": {} + } +} \ No newline at end of file diff --git a/docker-compose-ssl.yml b/docker-compose-ssl.yml new file mode 100644 index 00000000..9a17fbba --- /dev/null +++ b/docker-compose-ssl.yml @@ -0,0 +1,12 @@ +services: + mock-oauth2-server: + image: ghcr.io/navikt/mock-oauth2-server:2.1.11 + ports: + - "8080:8080" + hostname: host.docker.internal + volumes: + - ./config-ssl.json:/app/config.json:Z + environment: + LOG_LEVEL: "debug" + SERVER_PORT: 8080 + JSON_CONFIG_PATH: /app/config.json From b1433e4e6a2e38016d19a5563524781a0f2ee70c Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Thu, 22 May 2025 23:53:46 +0700 Subject: [PATCH 417/645] =?UTF-8?q?=E2=9C=A8=20snaky=5Fhash=5Fklass?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 13 ++++ README.md | 22 +++--- doc/OAuth2.html | 2 +- doc/OAuth2/AccessToken.html | 2 +- doc/OAuth2/Authenticator.html | 2 +- doc/OAuth2/Client.html | 2 +- doc/OAuth2/Error.html | 2 +- doc/OAuth2/FilteredAttributes.html | 2 +- .../FilteredAttributes/ClassMethods.html | 2 +- doc/OAuth2/Response.html | 2 +- doc/OAuth2/Strategy.html | 2 +- doc/OAuth2/Strategy/Assertion.html | 2 +- doc/OAuth2/Strategy/AuthCode.html | 2 +- doc/OAuth2/Strategy/Base.html | 2 +- doc/OAuth2/Strategy/ClientCredentials.html | 2 +- doc/OAuth2/Strategy/Implicit.html | 2 +- doc/OAuth2/Strategy/Password.html | 2 +- doc/OAuth2/Version.html | 2 +- doc/_index.html | 2 +- doc/file.CHANGELOG.html | 69 +++++++++++++------ doc/file.CODE_OF_CONDUCT.html | 2 +- doc/file.CONTRIBUTING.html | 2 +- doc/file.LICENSE.html | 2 +- doc/file.README.html | 2 +- doc/file.SECURITY.html | 2 +- doc/index.html | 2 +- doc/top-level-namespace.html | 2 +- lib/oauth2/response.rb | 6 +- 28 files changed, 98 insertions(+), 60 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3465797e..12a4a2bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,19 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. - Incorrect documentation related to silencing warnings (@pboling) ### Security +## [2.0.11] - 2025-05-22 +- TAG: [v2.0.11][2.0.11t] +- COVERAGE: 100.00% -- 516/516 lines in 14 files +- BRANCH COVERAGE: 100.00% -- 170/170 branches in 14 files +- 79.05% documented +### Added +- More documentation +### Changed +- Upgraded to snaky_hash v2.0.2 + - Provides solution for serialization issues +### Fixed +- [gh650](https://github.com/oauth-xx/oauth2/pull/650) - Regression in return type of `OAuth2::Response#parsed` + ## [2.0.10] - 2025-05-17 - TAG: [v2.0.10][2.0.10t] - COVERAGE: 100.00% -- 518/518 lines in 14 files diff --git a/README.md b/README.md index b19cd064..5fe80b54 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ ## 🔐 OAuth2 -[![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Depfu][🔑depfui♻️]][🔑depfu] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi♻️]][🔑qlty-cov] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Caboose is an absolute WAGON][🚎13-cbs-wfi]][🚎13-cbs-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] +[![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Depfu][🔑depfui♻️]][🔑depfu] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi♻️]][🔑qlty-cov] [![QLTY Maintainability][🔑-mnti♻️]][🔑cc-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Caboose is an absolute WAGON][🚎13-cbs-wfi]][🚎13-cbs-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] --- @@ -145,7 +145,7 @@ One of these might be what you are looking for: | Works with JRuby | [![JRuby 9.2 Compat][💎jruby-9.2i]][🚎10-j-wf] [![JRuby 9.3 Compat][💎jruby-9.3i]][🚎10-j-wf] [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf] | | Works with Truffle Ruby | [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf] [![Truffle Ruby HEAD Compat][💎truby-headi]][🚎3-hd-wf] | | Works with MRI Ruby 3 | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf] | -| Works with MRI Ruby 2 | [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf] | +| Works with MRI Ruby 2 | [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎13-cbs-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf] | | Source | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc] | | Documentation | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![HEAD on RubyDoc.info][📜docs-head-rd-img]][🚎yard-head] [![BDFL Blog][🚂bdfl-blog-img]][🚂bdfl-blog] [![Wiki][📜wiki-img]][📜wiki] | | Compliance | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] | @@ -328,9 +328,7 @@ For more see [SECURITY.md][🔐security]. ## What is new for v2.0? -- Officially support Ruby versions >= 2.7 -- Unofficially support Ruby versions >= 2.5 -- Incidentally support Ruby versions >= 2.2 +- Works with Ruby versions >= 2.2 - Drop support for the expired MAC Draft (all versions) - Support IETF rfc7523 JWT Bearer Tokens - Support IETF rfc7231 Relative Location in Redirect @@ -338,9 +336,9 @@ For more see [SECURITY.md][🔐security]. - Support IETF rfc7009 Token Revocation (since v2.0.10) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) - Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json` -- Adds new option to `OAuth2::Client#get_token`: +- Adds option to `OAuth2::Client#get_token`: - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` -- Adds new option to `OAuth2::AccessToken#initialize`: +- Adds option to `OAuth2::AccessToken#initialize`: - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency - By default, keys are transformed to snake case. - Original keys will still work as previously, in most scenarios, thanks to [snaky_hash][snaky_hash] gem. @@ -487,16 +485,16 @@ response.parsed.class.name # => SnakyHash::StringKeyed (from snaky_hash g As of v2.0.11, if you need to serialize the parsed result, you can! -There are two ways to do this. +There are two ways to do this, and the second option recommended. + +1. Globally configure `SnakyHash::StringKeyed` to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails): -1. Global: put this in your code somewhere reasonable (like an initializer for Rails): ```ruby SnakyHash::StringKeyed.class_eval do extend SnakyHash::Serializer end ``` -2. #### What if I hate snakes and/or indifference? @@ -510,7 +508,7 @@ response.parsed.class.name # => Hash (just, regular old Hash) ```
          - Debugging + Debugging & Logging Set an environment variable as per usual (e.g. with [dotenv](https://github.com/bkeepers/dotenv)). @@ -887,7 +885,7 @@ or one of the others at the head of this README. [📌gitmoji]:https://gitmoji.dev [📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20😜%20😍-34495e.svg?style=flat-square [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ -[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.518-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue +[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.516-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue [🔐security]: SECURITY.md [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year diff --git a/doc/OAuth2.html b/doc/OAuth2.html index 269f3588..d2405bde 100644 --- a/doc/OAuth2.html +++ b/doc/OAuth2.html @@ -326,7 +326,7 @@

          diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html index 5648430b..b58c0105 100644 --- a/doc/OAuth2/AccessToken.html +++ b/doc/OAuth2/AccessToken.html @@ -3069,7 +3069,7 @@

          diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html index 53d768b8..950c6a64 100644 --- a/doc/OAuth2/Authenticator.html +++ b/doc/OAuth2/Authenticator.html @@ -631,7 +631,7 @@

          diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html index c94105f6..f654643b 100644 --- a/doc/OAuth2/Client.html +++ b/doc/OAuth2/Client.html @@ -2651,7 +2651,7 @@

          diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html index bb717c6a..ed512415 100644 --- a/doc/OAuth2/Error.html +++ b/doc/OAuth2/Error.html @@ -518,7 +518,7 @@

          diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html index 71336486..c70f9a81 100644 --- a/doc/OAuth2/FilteredAttributes.html +++ b/doc/OAuth2/FilteredAttributes.html @@ -268,7 +268,7 @@

          diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html index fbb49460..c3e7671f 100644 --- a/doc/OAuth2/FilteredAttributes/ClassMethods.html +++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html @@ -218,7 +218,7 @@

          diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html index fe27e27d..3de03f55 100644 --- a/doc/OAuth2/Response.html +++ b/doc/OAuth2/Response.html @@ -1134,7 +1134,7 @@

          diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html index e81809eb..232b7055 100644 --- a/doc/OAuth2/Strategy.html +++ b/doc/OAuth2/Strategy.html @@ -107,7 +107,7 @@

          Defined Under Namespace

          diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html index 19d57804..f3c1171c 100644 --- a/doc/OAuth2/Strategy/Assertion.html +++ b/doc/OAuth2/Strategy/Assertion.html @@ -481,7 +481,7 @@

          diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html index dfa7cc0a..223de18e 100644 --- a/doc/OAuth2/Strategy/AuthCode.html +++ b/doc/OAuth2/Strategy/AuthCode.html @@ -469,7 +469,7 @@

          diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html index c8516ebe..939beee7 100644 --- a/doc/OAuth2/Strategy/Base.html +++ b/doc/OAuth2/Strategy/Base.html @@ -195,7 +195,7 @@

          diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html index 9c19ce0c..f0bdc27c 100644 --- a/doc/OAuth2/Strategy/ClientCredentials.html +++ b/doc/OAuth2/Strategy/ClientCredentials.html @@ -343,7 +343,7 @@

          diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html index fd85df31..02e5cdcf 100644 --- a/doc/OAuth2/Strategy/Implicit.html +++ b/doc/OAuth2/Strategy/Implicit.html @@ -410,7 +410,7 @@

          diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html index 41751289..55b6efde 100644 --- a/doc/OAuth2/Strategy/Password.html +++ b/doc/OAuth2/Strategy/Password.html @@ -364,7 +364,7 @@

          diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html index 7f0f9662..6effbbf5 100644 --- a/doc/OAuth2/Version.html +++ b/doc/OAuth2/Version.html @@ -111,7 +111,7 @@

          diff --git a/doc/_index.html b/doc/_index.html index 6dc6d351..00b5b060 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -300,7 +300,7 @@

          Namespace Listing A-Z

          diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html index 59a898cd..fcaf62a3 100644 --- a/doc/file.CHANGELOG.html +++ b/doc/file.CHANGELOG.html @@ -103,6 +103,31 @@

        • 79.05% documented

          Added

          • +
        • More documentation +

          Changed

          +
          • +
        • Upgraded to snaky_hash v2.0.2 +
            +
          • Provides solution for serialization issues +

            Fixed

            +
            • +
          +
          • +
        • +gh650 - Regression in return type of OAuth2::Response#parsed +
          • +

        + +

        +2.0.10 - 2025-05-17

        +
          +
        • TAG: v2.0.10 +
          • +
        • COVERAGE: 100.00% – 518/518 lines in 14 files
          • +
        • BRANCH COVERAGE: 100.00% – 170/170 branches in 14 files
          • +
        • 79.05% documented +

          Added

          +
        • gh!632 - Added funding.yml (@Aboling0)
        • @@ -144,7 +169,7 @@

          Added

          gh!644, gh!645 - Added CITATION.cff (@Aboling0)
        • !648 - Improved documentation (@pboling) -

          Changed

          +

          Changed

        • Default value of OAuth2.config.silence_extra_tokens_warning was false, now true (@pboling)
        • Gem releases are now cryptographically signed, with a 20-year cert (@pboling) @@ -158,7 +183,7 @@

          Changed

          !647 - OAuth2.config is no longer writable (@pboling)
        • !647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling) -

          Fixed

          +

          Fixed

        • #95 - restoring an access token via AccessToken#from_hash (@pboling) @@ -194,10 +219,10 @@

          2.0.9 - 2022-09-16

          • TAG: v2.0.9 -

            Added

            +

            Added

          • More specs (@pboling) -

            Changed

            +

            Changed

          • Complete migration to main branch as default (@pboling)
          • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
            • @@ -207,11 +232,11 @@

            2.0.8 - 2022-09-01

            • TAG: v2.0.8 -

              Changed

              +

              Changed

            • !630 - Extract snaky_hash to external dependency (@pboling) -

              Added

              +

              Added

            • !631 - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes #628 @@ -222,11 +247,11 @@

              2.0.7 - 2022-08-22

              • TAG: v2.0.7 -

                Added

                +

                Added

              • !629 - Allow POST of JSON to get token (@pboling, @terracatta) -

                Fixed

                +

                Fixed

              • !626 - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby) @@ -242,7 +267,7 @@

                2.0.6 - 2022-07-13

                • TAG: v2.0.6 -

                  Fixed

                  +

                  Fixed

                • !624 - Fixes a regression in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
                  • @@ -252,7 +277,7 @@

                  2.0.5 - 2022-07-07

                  • TAG: v2.0.5 -

                    Fixed

                    +

                    Fixed

                  • !620 - Documentation improvements, to help with upgrading (@swanson)
                    • @@ -277,7 +302,7 @@

                    2.0.4 - 2022-07-01

                    • TAG: v2.0.4 -

                      Fixed

                      +

                      Fixed

                    • !618 - In some scenarios the snaky option default value was not applied (@pboling)
                      • @@ -287,13 +312,13 @@

                      2.0.3 - 2022-06-28

                      • TAG: v2.0.3 -

                        Added

                        +

                        Added

                      • !611 - Proper deprecation warnings for extract_access_token argument (@pboling)
                      • !612 - Add snaky: false option to skip conversion to OAuth2::SnakyHash (default: true) (@pboling) -

                        Fixed

                        +

                        Fixed

                      • !608 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@nbibler)
                        • @@ -305,7 +330,7 @@

                        2.0.2 - 2022-06-24

                        • TAG: v2.0.2 -

                          Fixed

                          +

                          Fixed

                        • !604 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@stanhu)
                          • @@ -319,7 +344,7 @@

                          2.0.1 - 2022-06-22

                          • TAG: v2.0.1 -

                            Added

                            +

                            Added

                          • Documentation improvements (@pboling)
                          • Increased test coverage to 99% (@pboling)
                            • @@ -329,7 +354,7 @@

                            2.0.0 - 2022-06-21

                            • TAG: v2.0.0 -

                              Added

                              +

                              Added

                            • !158, !344 - Optionally pass raw response to parsers (@niels)
                              • @@ -383,7 +408,7 @@

                              Added

                              !575 - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
                            • !581 - Documentation: of breaking changes (@pboling) -

                              Changed

                              +

                              Changed

                            • !191 - BREAKING: Token is expired if expired_at time is now (@davestevens)
                              • @@ -415,7 +440,7 @@

                              Changed

                              !576 - BREAKING: Stop rescuing parsing errors (@pboling)
                            • !591 - DEPRECATION: OAuth2::Client - :extract_access_token option is deprecated -

                              Fixed

                              +

                              Fixed

                            • !158, !344 - Handling of errors when using omniauth-facebook (@niels)
                              • @@ -689,17 +714,17 @@

                              1.0.0 - 2014-07-09 (tag)

                              -

                              Added

                              +

                              Added

                              • Add an implementation of the MAC token spec. -

                                Fixed

                                +

                                Fixed

                              • Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.

                              0.5.0 - 2011-07-29 (tag)

                              -

                              Changed

                              +

                              Changed

                              • breaking oauth_token renamed to oauth_bearer.
                                • @@ -773,7 +798,7 @@

                                diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html index 5f7374ba..ecc805ec 100644 --- a/doc/file.CODE_OF_CONDUCT.html +++ b/doc/file.CODE_OF_CONDUCT.html @@ -192,7 +192,7 @@

                                Attribution

                                diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html index 6e6dd4a3..a9eed030 100644 --- a/doc/file.CONTRIBUTING.html +++ b/doc/file.CONTRIBUTING.html @@ -195,7 +195,7 @@

                                To release a new version:

                                diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html index 0567285a..9c5a96df 100644 --- a/doc/file.LICENSE.html +++ b/doc/file.LICENSE.html @@ -60,7 +60,7 @@
                                MIT License

                                Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
                                Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

                                Permission is hereby granted, free of charge, to any person obtaining a copy
                                of this software and associated documentation files (the "Software"), to deal
                                in the Software without restriction, including without limitation the rights
                                to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                                copies of the Software, and to permit persons to whom the Software is
                                furnished to do so, subject to the following conditions:

                                The above copyright notice and this permission notice shall be included in all
                                copies or substantial portions of the Software.

                                THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                                IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                                FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                                AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                                LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                                OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                                SOFTWARE.
                                diff --git a/doc/file.README.html b/doc/file.README.html index 2259f860..40c2138e 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -973,7 +973,7 @@

                                🤑 One more thing

                                diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html index a3f453b4..e258530b 100644 --- a/doc/file.SECURITY.html +++ b/doc/file.SECURITY.html @@ -110,7 +110,7 @@

                                OAuth2 for Enterprise

                                diff --git a/doc/index.html b/doc/index.html index fe06b210..cc53e841 100644 --- a/doc/index.html +++ b/doc/index.html @@ -973,7 +973,7 @@

                                🤑 One more thing

                                diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html index eb9808e4..6ac2f333 100644 --- a/doc/top-level-namespace.html +++ b/doc/top-level-namespace.html @@ -100,7 +100,7 @@

                                Defined Under Namespace

                                diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index fe03cd43..6855a982 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -10,6 +10,7 @@ class Response DEFAULT_OPTIONS = { parse: :automatic, snaky: true, + snaky_hash_klass: SnakyHash::StringKeyed, }.freeze attr_reader :response attr_accessor :options @@ -48,11 +49,12 @@ def self.register_parser(key, mime_types, &block) # @param [true, false] snaky (true) Convert @parsed to a snake-case, # indifferent-access SnakyHash::StringKeyed, which is a subclass of Hashie::Mash (from hashie gem)? # @param [Hash] options all other options for initializing the instance - def initialize(response, parse: :automatic, snaky: true, **options) + def initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil, **options) @response = response @options = { parse: parse, snaky: snaky, + snaky_hash_klass: snaky_hash_klass, }.merge(options) end @@ -91,7 +93,7 @@ def parsed end if options[:snaky] && @parsed.is_a?(Hash) - @parsed = SnakyHash::StringKeyed.new(@parsed) + @parsed = options[:snaky_hash_klass].new(@parsed) end @parsed From b9b2a879d8468d95a6edc9c519e6a008bc3985a9 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 23 May 2025 10:28:47 +0700 Subject: [PATCH 418/645] =?UTF-8?q?=F0=9F=91=B7=20qlty.toml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .qlty/qlty.toml | 78 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 .qlty/qlty.toml diff --git a/.qlty/qlty.toml b/.qlty/qlty.toml new file mode 100644 index 00000000..e69ec730 --- /dev/null +++ b/.qlty/qlty.toml @@ -0,0 +1,78 @@ +# For a guide to configuration, visit https://qlty.sh/d/config +# Or for a full reference, visit https://qlty.sh/d/qlty-toml +config_version = "0" + +exclude_patterns = [ + "*_min.*", + "*-min.*", + "*.min.*", + "**/.yarn/**", + "**/*.d.ts", + "**/assets/**", + "**/bin/**", + "**/bower_components/**", + "**/build/**", + "**/cache/**", + "**/config/**", + "**/.devcontainer", + "**/db/**", + "**/deps/**", + "**/dist/**", + "**/doc/**", + "**/extern/**", + "**/external/**", + "**/generated/**", + "**/Godeps/**", + "**/gradlew/**", + "**/mvnw/**", + "**/node_modules/**", + "**/protos/**", + "**/seed/**", + "**/target/**", + "**/templates/**", + "**/testdata/**", + "**/vendor/**", +] + + +test_patterns = [ + "**/test/**", + "**/spec/**", + "**/*.test.*", + "**/*.spec.*", + "**/*_test.*", + "**/*_spec.*", + "**/test_*.*", + "**/spec_*.*", +] + +[smells] +mode = "comment" + +[smells.boolean_logic] +threshold = 4 +enabled = true + +[smells.file_complexity] +threshold = 55 +enabled = false + +[smells.return_statements] +threshold = 4 +enabled = true + +[smells.nested_control_flow] +threshold = 4 +enabled = true + +[smells.function_parameters] +threshold = 4 +enabled = true + +[smells.function_complexity] +threshold = 5 +enabled = true + +[smells.duplication] +enabled = true +threshold = 20 \ No newline at end of file From 067fbad7be0868fa956361822dad63e2a3a98726 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 23 May 2025 10:52:12 +0700 Subject: [PATCH 419/645] =?UTF-8?q?=E2=9C=A8=20snaky=5Fhash=5Fklass=20(ii)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 31 +- Gemfile.lock | 4 +- README.md | 2 +- doc/OAuth2.html | 2 +- doc/OAuth2/AccessToken.html | 2 +- doc/OAuth2/Authenticator.html | 2 +- doc/OAuth2/Client.html | 4 +- doc/OAuth2/Error.html | 2 +- doc/OAuth2/FilteredAttributes.html | 2 +- .../FilteredAttributes/ClassMethods.html | 2 +- doc/OAuth2/Response.html | 91 ++--- doc/OAuth2/Strategy.html | 2 +- doc/OAuth2/Strategy/Assertion.html | 2 +- doc/OAuth2/Strategy/AuthCode.html | 2 +- doc/OAuth2/Strategy/Base.html | 2 +- doc/OAuth2/Strategy/ClientCredentials.html | 2 +- doc/OAuth2/Strategy/Implicit.html | 2 +- doc/OAuth2/Strategy/Password.html | 2 +- doc/OAuth2/Version.html | 2 +- doc/_index.html | 2 +- doc/file.CHANGELOG.html | 12 +- doc/file.CODE_OF_CONDUCT.html | 2 +- doc/file.CONTRIBUTING.html | 2 +- doc/file.LICENSE.html | 2 +- doc/file.README.html | 30 +- doc/file.SECURITY.html | 2 +- doc/index.html | 30 +- doc/top-level-namespace.html | 2 +- lib/oauth2/client.rb | 9 +- lib/oauth2/response.rb | 3 +- oauth2.gemspec | 2 +- spec/oauth2/client_spec.rb | 12 + spec/oauth2/response_spec.rb | 357 +++++++++++++++++- 33 files changed, 495 insertions(+), 132 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 43be1b50..81d4dd3c 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -18,10 +18,10 @@ [9, 9, 25, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2012823020], [13, 9, 25, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2012823020] ], - "lib/oauth2/response.rb:2808363818": [ - [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] + "lib/oauth2/response.rb:3727627041": [ + [36, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] ], - "oauth2.gemspec:1301437182": [ + "oauth2.gemspec:3059367295": [ [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028] ], "spec/oauth2/access_token_spec.rb:1202129469": [ @@ -37,7 +37,7 @@ [69, 15, 38, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1480816240], [79, 13, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2314399065] ], - "spec/oauth2/client_spec.rb:1455422151": [ + "spec/oauth2/client_spec.rb:3334307042": [ [6, 1, 29, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/client*_spec.rb`.", 439549885], [175, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224], [194, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205], @@ -45,15 +45,15 @@ [222, 15, 20, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1276531672], [237, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1383956904], [252, 15, 43, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3376202107], - [827, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], - [836, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], - [847, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], - [975, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [979, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [987, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], - [1075, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], - [1079, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], - [1159, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325] + [839, 5, 360, "RSpec/NoExpectationExample: No expectation found in this example.", 536201463], + [848, 5, 461, "RSpec/NoExpectationExample: No expectation found in this example.", 3392600621], + [859, 5, 340, "RSpec/NoExpectationExample: No expectation found in this example.", 244592251], + [987, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [991, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [999, 7, 89, "RSpec/NoExpectationExample: No expectation found in this example.", 4609419], + [1087, 11, 99, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3084776886], + [1091, 11, 82, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 1524553529], + [1171, 17, 12, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 664794325] ], "spec/oauth2/error_spec.rb:1692696277": [ [23, 1, 28, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/error*_spec.rb`.", 3385870076], @@ -65,9 +65,8 @@ [375, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910], [391, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233] ], - "spec/oauth2/response_spec.rb:3742350944": [ - [3, 1, 31, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/response*_spec.rb`.", 3190869319], - [317, 33, 2, "RSpec/BeEq: Prefer `be` over `eq`.", 5860785] + "spec/oauth2/response_spec.rb:1229128056": [ + [3, 1, 31, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/response*_spec.rb`.", 3190869319] ], "spec/oauth2/strategy/assertion_spec.rb:793170256": [ [6, 1, 42, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/assertion*_spec.rb`.", 3665690869] diff --git a/Gemfile.lock b/Gemfile.lock index f08b86d4..9ee95ce6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -29,7 +29,7 @@ PATH logger (~> 1.2) multi_xml (~> 0.5) rack (>= 1.2, < 4) - snaky_hash (~> 2.0, >= 2.0.2) + snaky_hash (~> 2.0, >= 2.0.3) version_gem (>= 1.1.8, < 3) GEM @@ -251,7 +251,7 @@ GEM simplecov-rcov (0.3.7) simplecov (>= 0.4.1) simplecov_json_formatter (0.1.4) - snaky_hash (2.0.2) + snaky_hash (2.0.3) hashie (>= 0.1.0, < 6) version_gem (>= 1.1.8, < 3) standard (1.50.0) diff --git a/README.md b/README.md index 5fe80b54..f40f966e 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ ## 🔐 OAuth2 -[![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Depfu][🔑depfui♻️]][🔑depfu] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi♻️]][🔑qlty-cov] [![QLTY Maintainability][🔑-mnti♻️]][🔑cc-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Caboose is an absolute WAGON][🚎13-cbs-wfi]][🚎13-cbs-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] +[![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Depfu][🔑depfui♻️]][🔑depfu] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi♻️]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti♻️]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Caboose is an absolute WAGON][🚎13-cbs-wfi]][🚎13-cbs-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] --- diff --git a/doc/OAuth2.html b/doc/OAuth2.html index d2405bde..23ee2b56 100644 --- a/doc/OAuth2.html +++ b/doc/OAuth2.html @@ -326,7 +326,7 @@

                                diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html index b58c0105..96e52d08 100644 --- a/doc/OAuth2/AccessToken.html +++ b/doc/OAuth2/AccessToken.html @@ -3069,7 +3069,7 @@

                                diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html index 950c6a64..af33e404 100644 --- a/doc/OAuth2/Authenticator.html +++ b/doc/OAuth2/Authenticator.html @@ -631,7 +631,7 @@

                                diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html index f654643b..5e071715 100644 --- a/doc/OAuth2/Client.html +++ b/doc/OAuth2/Client.html @@ -141,7 +141,7 @@

                                RESERVED_PARAM_KEYS =
                                - 
                                (RESERVED_REQ_KEYS + %w[parse snaky token_method]).freeze
                                + 
                                (RESERVED_REQ_KEYS + %w[parse snaky snaky_hash_klass token_method]).freeze
                                @@ -2651,7 +2651,7 @@

                                diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html index ed512415..8b9433b9 100644 --- a/doc/OAuth2/Error.html +++ b/doc/OAuth2/Error.html @@ -518,7 +518,7 @@

                                diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html index c70f9a81..c3564ee8 100644 --- a/doc/OAuth2/FilteredAttributes.html +++ b/doc/OAuth2/FilteredAttributes.html @@ -268,7 +268,7 @@

                                diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html index c3e7671f..f6dddd24 100644 --- a/doc/OAuth2/FilteredAttributes/ClassMethods.html +++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html @@ -218,7 +218,7 @@

                                diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html index 3de03f55..aec2bdae 100644 --- a/doc/OAuth2/Response.html +++ b/doc/OAuth2/Response.html @@ -124,6 +124,7 @@ 

                                {
   parse: :automatic,
   snaky: true,
+  snaky_hash_klass: SnakyHash::StringKeyed,
 }.freeze
                                @@parsers = @@ -343,7 +344,7 @@

                              • - #initialize(response, parse: :automatic, snaky: true, **options) ⇒ Response + #initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil, **options) ⇒ Response @@ -443,7 +444,7 @@

                                Constructor Details

                                - #initialize(response, parse: :automatic, snaky: true, **options) ⇒ Response + #initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil, **options) ⇒ Response @@ -535,22 +536,24 @@ 

                                 
 
-51
 52
 53
 54
 55
 56
-57
                                +57 +58 +59

        @@ -590,12 +593,12 @@ 

         
 
-15
 16
-17
        +17 +18

        @@ -497,9 +497,7 @@

        Security contact information

        What is new for v2.0?

          -
        • Officially support Ruby versions >= 2.7
          • -
        • Unofficially support Ruby versions >= 2.5
          • -
        • Incidentally support Ruby versions >= 2.2
          • +
        • Works with Ruby versions >= 2.2
        • Drop support for the expired MAC Draft (all versions)
        • Support IETF rfc7523 JWT Bearer Tokens
        • Support IETF rfc7231 Relative Location in Redirect
          • @@ -509,14 +507,14 @@

          What is new for v2.0?

        • Support new formats, including from jsonapi.org: application/vdn.api+json, application/vnd.collection+json, application/hal+json, application/problem+json
          • -
        • Adds new option to OAuth2::Client#get_token: +
        • Adds option to OAuth2::Client#get_token:
          • :access_token_class (AccessToken); user specified class to use for all calls to get_token
          • -
        • Adds new option to OAuth2::AccessToken#initialize: +
        • Adds option to OAuth2::AccessToken#initialize:
          • :expires_latency (nil); number of seconds by which AccessToken validity will be reduced to offset latency
            • @@ -702,18 +700,16 @@

            Serialization

            As of v2.0.11, if you need to serialize the parsed result, you can!

            -

            There are two ways to do this.

            +

            There are two ways to do this, and the second option recommended.

              -
            1. Global: put this in your code somewhere reasonable (like an initializer for Rails): - 
              SnakyHash::StringKeyed.class_eval do
+  
            2. Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails):
              3. 
+
            + +
            SnakyHash::StringKeyed.class_eval do
   extend SnakyHash::Serializer
 end
            - - - -

            2.

            What if I hate snakes and/or indifference?

            @@ -726,7 +722,7 @@

            What if I hate snakes and/or i
            - Debugging + Debugging & Logging Set an environment variable as per usual (e.g. with [dotenv](https://github.com/bkeepers/dotenv)). @@ -973,7 +969,7 @@

            🤑 One more thing

            diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html index e258530b..5f4601b5 100644 --- a/doc/file.SECURITY.html +++ b/doc/file.SECURITY.html @@ -110,7 +110,7 @@

            OAuth2 for Enterprise

            diff --git a/doc/index.html b/doc/index.html index cc53e841..eb2bacab 100644 --- a/doc/index.html +++ b/doc/index.html @@ -68,7 +68,7 @@

            🔐 OAuth2

            -

            Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL

            +

            Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL

            @@ -324,13 +324,13 @@

            💡 Info you can shake a stick at

         @@ -497,9 +497,7 @@

        Security contact information

        What is new for v2.0?

          -
        • Officially support Ruby versions >= 2.7
          • -
        • Unofficially support Ruby versions >= 2.5
          • -
        • Incidentally support Ruby versions >= 2.2
          • +
        • Works with Ruby versions >= 2.2
        • Drop support for the expired MAC Draft (all versions)
        • Support IETF rfc7523 JWT Bearer Tokens
        • Support IETF rfc7231 Relative Location in Redirect
          • @@ -509,14 +507,14 @@

          What is new for v2.0?

        • Support new formats, including from jsonapi.org: application/vdn.api+json, application/vnd.collection+json, application/hal+json, application/problem+json
          • -
        • Adds new option to OAuth2::Client#get_token: +
        • Adds option to OAuth2::Client#get_token:
          • :access_token_class (AccessToken); user specified class to use for all calls to get_token
          • -
        • Adds new option to OAuth2::AccessToken#initialize: +
        • Adds option to OAuth2::AccessToken#initialize:
          • :expires_latency (nil); number of seconds by which AccessToken validity will be reduced to offset latency
            • @@ -702,18 +700,16 @@

            Serialization

            As of v2.0.11, if you need to serialize the parsed result, you can!

            -

            There are two ways to do this.

            +

            There are two ways to do this, and the second option recommended.

              -
            1. Global: put this in your code somewhere reasonable (like an initializer for Rails): - 
              SnakyHash::StringKeyed.class_eval do
+  
            2. Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails):
              3. 
+
            + +
            SnakyHash::StringKeyed.class_eval do
   extend SnakyHash::Serializer
 end
            - - - -

            2.

            What if I hate snakes and/or indifference?

            @@ -726,7 +722,7 @@

            What if I hate snakes and/or i
            - Debugging + Debugging & Logging Set an environment variable as per usual (e.g. with [dotenv](https://github.com/bkeepers/dotenv)). @@ -973,7 +969,7 @@

            🤑 One more thing

            diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html index 6ac2f333..e5f77ac8 100644 --- a/doc/top-level-namespace.html +++ b/doc/top-level-namespace.html @@ -100,7 +100,7 @@

            Defined Under Namespace

            diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index b1496195..20a06277 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -19,7 +19,7 @@ module OAuth2 # The OAuth2::Client class class Client # rubocop:disable Metrics/ClassLength RESERVED_REQ_KEYS = %w[body headers params redirect_count].freeze - RESERVED_PARAM_KEYS = (RESERVED_REQ_KEYS + %w[parse snaky token_method]).freeze + RESERVED_PARAM_KEYS = (RESERVED_REQ_KEYS + %w[parse snaky snaky_hash_klass token_method]).freeze include FilteredAttributes @@ -342,14 +342,14 @@ def redirection_params private - # A generic token request options parser def params_to_req_opts(params) - parse, snaky, token_method, params, headers = parse_snaky_params_headers(params) + parse, snaky, snaky_hash_klass, token_method, params, headers = parse_snaky_params_headers(params) req_opts = { raise_errors: options[:raise_errors], token_method: token_method || options[:token_method], parse: parse, snaky: snaky, + snaky_hash_klass: snaky_hash_klass, } if req_opts[:token_method] == :post # NOTE: If proliferation of request types continues, we should implement a parser solution for Request, @@ -394,11 +394,12 @@ def parse_snaky_params_headers(params) end.to_h parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse] snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky] + snaky_hash_klass = params.key?(:snaky_hash_klass) ? params.delete(:snaky_hash_klass) : Response::DEFAULT_OPTIONS[:snaky_hash_klass] token_method = params.delete(:token_method) if params.key?(:token_method) params = authenticator.apply(params) # authenticator may add :headers, and we separate them from params here headers = params.delete(:headers) || {} - [parse, snaky, token_method, params, headers] + [parse, snaky, snaky_hash_klass, token_method, params, headers] end # Executes an HTTP request with error handling and response processing diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index 6855a982..dec1e8c4 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -93,7 +93,8 @@ def parsed end if options[:snaky] && @parsed.is_a?(Hash) - @parsed = options[:snaky_hash_klass].new(@parsed) + hash_klass = options[:snaky_hash_klass] || DEFAULT_OPTIONS[:snaky_hash_klass] + @parsed = hash_klass[@parsed] end @parsed diff --git a/oauth2.gemspec b/oauth2.gemspec index 6b8d7ec4..a461461e 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -131,7 +131,7 @@ Thanks, |7eter l-|. l3oling spec.add_dependency("logger", "~> 1.2") # Ruby >= 0 spec.add_dependency("multi_xml", "~> 0.5") # Ruby >= 0 spec.add_dependency("rack", [">= 1.2", "< 4"]) # Ruby >= 0 - spec.add_dependency("snaky_hash", "~> 2.0", ">= 2.0.2") # Ruby >= 2.2 + spec.add_dependency("snaky_hash", "~> 2.0", ">= 2.0.3") # Ruby >= 2.2 spec.add_dependency("version_gem", ">= 1.1.8", "< 3") # Ruby >= 2.2 spec.add_development_dependency("addressable", "~> 2.8", ">= 2.8.7") # ruby >= 2.2 diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index abe17787..545e5259 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -525,6 +525,18 @@ expect(token.token).to eq("the-token") end + it "works with a standard Hash if keys are correct" do + client = stubbed_client do |stub| + stub.post("/oauth/token") do + [200, {"Content-Type" => "application/json"}, JSON.dump("access_token" => "the-token")] + end + end + + token = client.get_token({snaky_hash_klass: Hash}) + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq("the-token") + end + context "when parse: :automatic" do it "returns a configured AccessToken" do client = stubbed_client do |stub| diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb index 5a0689f2..ce6c27de 100644 --- a/spec/oauth2/response_spec.rb +++ b/spec/oauth2/response_spec.rb @@ -314,7 +314,7 @@ subject = described_class.new(response, parse: false) - expect(subject.parsed).to eq(nil) + expect(subject.parsed).to be_nil end end @@ -345,4 +345,359 @@ expect { subject.to_json }.not_to raise_error end end + + describe "with custom vanilla snaky_hash_klass" do + let(:parsed_response) { {"some_key" => "some_value"} } + let(:custom_hash_class) do + Class.new(Hash) + end + + before do + @response = double( + "response", + headers: {"Content-Type" => "application/json"}, + status: 200, + body: parsed_response.to_json, + ) + end + + it "uses the specified hash class when snaky is true" do + response = described_class.new(@response, parse: :automatic, snaky: true, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(custom_hash_class) + expect(response.parsed).not_to be_a(OAuth2::Response::DEFAULT_OPTIONS[:snaky_hash_klass]) + expect(response.parsed).to eq({"some_key" => "some_value"}) + expect(response.parsed["some_key"]).to eq("some_value") + end + + it "uses the default hash class when snaky_hash_klass is not specified" do + response = described_class.new(@response, parse: :automatic, snaky: true) + expect(response.parsed).not_to be_a(custom_hash_class) + expect(response.parsed).to be_a(OAuth2::Response::DEFAULT_OPTIONS[:snaky_hash_klass]) + end + + it "doesn't convert to any special hash class when snaky is false" do + response = described_class.new(@response, parse: :automatic, snaky: false, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(Hash) + expect(response.parsed).not_to be_a(custom_hash_class) + end + end + + describe "with dump_value & load_value extensions" do + let(:custom_hash_class) do + klass = Class.new(SnakyHash::StringKeyed) do + # Give this class has `dump` and `load` abilities! + extend SnakyHash::Serializer + + unless instance_methods.include?(:transform_keys) + # Patch our custom Hash to support Ruby < 2.4.2 + def transform_keys! + keys.each do |key| + ref = delete(key) + self[key] = yield(ref) + end + end + + def transform_keys + dup.transform_keys! { |key| yield(key) } + end + end + end + + # Act on the non-hash values as they are dumped to JSON + klass.dump_value_extensions.add(:to_fruit) do |value| + "banana" + end + + # Act on the non-hash values as they are loaded from the JSON dump + klass.load_value_extensions.add(:to_stars) do |value| + "asdf***qwer" + end + + klass + end + + before do + @response = double( + "response", + headers: {"Content-Type" => "application/json"}, + status: 200, + body: parsed_response.to_json, + ) + end + + context "when hash with top-level hashes" do + let(:parsed_response) { {"a-b_c-d_e-F_G-H" => "i-j_k-l_m-n_o-P_Q-R", "arr" => [1, 2, 3]} } + + it "uses the specified hash class when snaky is true" do + response = described_class.new(@response, parse: :automatic, snaky: true, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(custom_hash_class) + expect(response.parsed).to eq("a_b_c_d_e_f_g_h" => "i-j_k-l_m-n_o-P_Q-R", "arr" => [1, 2, 3]) + expect(response.parsed["a_b_c_d_e_f_g_h"]).to eq("i-j_k-l_m-n_o-P_Q-R") + expect(response.parsed[:a_b_c_d_e_f_g_h]).to eq("i-j_k-l_m-n_o-P_Q-R") + expect(response.parsed.a_b_c_d_e_f_g_h).to eq("i-j_k-l_m-n_o-P_Q-R") + expect(response.parsed["arr"]).to eq([1, 2, 3]) + expect(response.parsed[:arr]).to eq([1, 2, 3]) + expect(response.parsed.arr).to eq([1, 2, 3]) + end + + it "can dump the hash" do + response = described_class.new(@response, parse: :automatic, snaky: true, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(custom_hash_class) + expect(response.parsed.class.dump_value_extensions.has?(:to_fruit)).to be(true) + dump = custom_hash_class.dump(response.parsed) + expect(dump).to eq("{\"a_b_c_d_e_f_g_h\":\"banana\",\"arr\":[\"banana\",\"banana\",\"banana\"]}") + end + + it "can load the dump, and run extensions on values" do + response = described_class.new(@response, parse: :automatic, snaky: true, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(custom_hash_class) + expect(response.parsed.class.load_value_extensions.has?(:to_stars)).to be(true) + dump = custom_hash_class.dump(response.parsed) + hydrated = custom_hash_class.load(dump) + expect(hydrated).not_to eq(response.parsed.to_hash) + expect(hydrated).to eq({ + "a_b_c_d_e_f_g_h" => "asdf***qwer", + "arr" => %w[asdf***qwer asdf***qwer asdf***qwer], + }) + expect(hydrated["a_b_c_d_e_f_g_h"]).to eq("asdf***qwer") + expect(hydrated[:a_b_c_d_e_f_g_h]).to eq("asdf***qwer") + expect(hydrated.a_b_c_d_e_f_g_h).to eq("asdf***qwer") + expect(hydrated["arr"]).to eq(%w[asdf***qwer asdf***qwer asdf***qwer]) + expect(hydrated[:arr]).to eq(%w[asdf***qwer asdf***qwer asdf***qwer]) + expect(hydrated.arr).to eq(%w[asdf***qwer asdf***qwer asdf***qwer]) + end + + it "doesn't convert to any special hash class when snaky is false" do + response = described_class.new(@response, parse: :automatic, snaky: false, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(Hash) + expect(response.parsed).not_to be_a(custom_hash_class) + expect(response.parsed).to eq("a-b_c-d_e-F_G-H" => "i-j_k-l_m-n_o-P_Q-R", "arr" => [1, 2, 3]) + expect(response.parsed["a-b_c-d_e-F_G-H"]).to eq("i-j_k-l_m-n_o-P_Q-R") + expect(response.parsed["arr"]).to eq([1, 2, 3]) + end + end + + context "when hash with nested hashes" do + let(:parsed_response) { {"a-b_c-d_e-F_G-H" => {"i-j_k-l_m-n_o-P_Q-R" => "s-t_u-v_w-X_Y-Z"}, "arr" => [1, 2, 3]} } + + it "uses the specified hash class when snaky is true" do + response = described_class.new(@response, parse: :automatic, snaky: true, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(custom_hash_class) + expect(response.parsed).to eq("a_b_c_d_e_f_g_h" => {"i_j_k_l_m_n_o_p_q_r" => "s-t_u-v_w-X_Y-Z"}, "arr" => [1, 2, 3]) + expect(response.parsed["a_b_c_d_e_f_g_h"]).to eq({"i_j_k_l_m_n_o_p_q_r" => "s-t_u-v_w-X_Y-Z"}) + expect(response.parsed[:a_b_c_d_e_f_g_h]).to eq({"i_j_k_l_m_n_o_p_q_r" => "s-t_u-v_w-X_Y-Z"}) + expect(response.parsed.a_b_c_d_e_f_g_h).to eq({"i_j_k_l_m_n_o_p_q_r" => "s-t_u-v_w-X_Y-Z"}) + expect(response.parsed["arr"]).to eq([1, 2, 3]) + expect(response.parsed[:arr]).to eq([1, 2, 3]) + expect(response.parsed.arr).to eq([1, 2, 3]) + end + + it "can dump the hash" do + response = described_class.new(@response, parse: :automatic, snaky: true, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(custom_hash_class) + expect(response.parsed.class.dump_value_extensions.has?(:to_fruit)).to be(true) + dump = custom_hash_class.dump(response.parsed) + expect(dump).to eq("{\"a_b_c_d_e_f_g_h\":{\"i_j_k_l_m_n_o_p_q_r\":\"banana\"},\"arr\":[\"banana\",\"banana\",\"banana\"]}") + end + + it "can load the dump, and run extensions on values" do + response = described_class.new(@response, parse: :automatic, snaky: true, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(custom_hash_class) + expect(response.parsed.class.load_value_extensions.has?(:to_stars)).to be(true) + dump = custom_hash_class.dump(response.parsed) + hydrated = custom_hash_class.load(dump) + expect(hydrated).not_to eq(response.parsed.to_hash) + expect(hydrated).to eq({ + "a_b_c_d_e_f_g_h" => + { + "i_j_k_l_m_n_o_p_q_r" => "asdf***qwer", + }, + "arr" => %w[asdf***qwer asdf***qwer asdf***qwer], + }) + expect(hydrated["a_b_c_d_e_f_g_h"]).to eq({"i_j_k_l_m_n_o_p_q_r" => "asdf***qwer"}) + expect(hydrated[:a_b_c_d_e_f_g_h]).to eq({"i_j_k_l_m_n_o_p_q_r" => "asdf***qwer"}) + expect(hydrated.a_b_c_d_e_f_g_h).to eq({"i_j_k_l_m_n_o_p_q_r" => "asdf***qwer"}) + expect(hydrated["arr"]).to eq(%w[asdf***qwer asdf***qwer asdf***qwer]) + expect(hydrated[:arr]).to eq(%w[asdf***qwer asdf***qwer asdf***qwer]) + expect(hydrated.arr).to eq(%w[asdf***qwer asdf***qwer asdf***qwer]) + end + + it "doesn't convert to any special hash class when snaky is false" do + response = described_class.new(@response, parse: :automatic, snaky: false, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(Hash) + expect(response.parsed).not_to be_a(custom_hash_class) + expect(response.parsed).to eq("a-b_c-d_e-F_G-H" => {"i-j_k-l_m-n_o-P_Q-R" => "s-t_u-v_w-X_Y-Z"}, "arr" => [1, 2, 3]) + expect(response.parsed["a-b_c-d_e-F_G-H"]).to eq({"i-j_k-l_m-n_o-P_Q-R" => "s-t_u-v_w-X_Y-Z"}) + expect(response.parsed["arr"]).to eq([1, 2, 3]) + end + end + end + + describe "with dump_hash & load_hash extensions" do + let(:custom_hash_class) do + klass = Class.new(SnakyHash::StringKeyed) do + # Give this class has `dump` and `load` abilities! + extend SnakyHash::Serializer + + unless instance_methods.include?(:transform_keys) + # Patch our custom Hash to support Ruby < 2.4.2 + def transform_keys! + keys.each do |key| + ref = delete(key) + self[key] = yield(ref) + end + end + + def transform_keys + dup.transform_keys! { |key| yield(key) } + end + end + end + + # Act on the entire hash as it is prepared for dumping to JSON + klass.dump_hash_extensions.add(:to_cheese) do |value| + if value.is_a?(Hash) + value.transform_keys do |key| + # This is an example tailored to this specific test! + # It is not a generalized solution for anything! + split = key.split("_") + first_word = split[0] + key.sub(first_word, "cheese") + end + else + value + end + end + + # Act on the entire hash as it is loaded from the JSON dump + klass.load_hash_extensions.add(:to_pizza) do |value| + if value.is_a?(Hash) + value.transform_keys do |key| + # This is an example tailored to this specific test! + # It is not a generalized solution for anything! + split = key.split("_") + last_word = split[-1] + key.sub(last_word, "pizza") + end + else + value + end + end + + klass + end + + before do + @response = double( + "response", + headers: {"Content-Type" => "application/json"}, + status: 200, + body: parsed_response.to_json, + ) + end + + context "when hash with top-level hashes" do + let(:parsed_response) { {"a-b_c-d_e-F_G-H" => "i-j_k-l_m-n_o-P_Q-R", "arr" => [1, 2, 3]} } + + it "uses the specified hash class when snaky is true" do + response = described_class.new(@response, parse: :automatic, snaky: true, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(custom_hash_class) + expect(response.parsed).to eq("a_b_c_d_e_f_g_h" => "i-j_k-l_m-n_o-P_Q-R", "arr" => [1, 2, 3]) + expect(response.parsed["a_b_c_d_e_f_g_h"]).to eq("i-j_k-l_m-n_o-P_Q-R") + expect(response.parsed[:a_b_c_d_e_f_g_h]).to eq("i-j_k-l_m-n_o-P_Q-R") + expect(response.parsed.a_b_c_d_e_f_g_h).to eq("i-j_k-l_m-n_o-P_Q-R") + expect(response.parsed["arr"]).to eq([1, 2, 3]) + expect(response.parsed[:arr]).to eq([1, 2, 3]) + expect(response.parsed.arr).to eq([1, 2, 3]) + end + + it "can dump the hash" do + response = described_class.new(@response, parse: :automatic, snaky: true, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(custom_hash_class) + expect(response.parsed.class.dump_hash_extensions.has?(:to_cheese)).to be(true) + dump = custom_hash_class.dump(response.parsed) + expect(dump).to eq("{\"cheese_b_c_d_e_f_g_h\":\"i-j_k-l_m-n_o-P_Q-R\",\"cheese\":[1,2,3]}") + end + + it "can load the dump, and run extensions on values" do + response = described_class.new(@response, parse: :automatic, snaky: true, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(custom_hash_class) + expect(response.parsed.class.load_hash_extensions.has?(:to_pizza)).to be(true) + dump = custom_hash_class.dump(response.parsed) + hydrated = custom_hash_class.load(dump) + expect(hydrated).not_to eq(response.parsed.to_hash) + expect(hydrated).to eq({ + "cpizzaeese_b_c_d_e_f_g_h" => "i-j_k-l_m-n_o-P_Q-R", + "pizza" => [1, 2, 3], + }) + expect(hydrated["cpizzaeese_b_c_d_e_f_g_h"]).to eq("i-j_k-l_m-n_o-P_Q-R") + expect(hydrated[:cpizzaeese_b_c_d_e_f_g_h]).to eq("i-j_k-l_m-n_o-P_Q-R") + expect(hydrated.cpizzaeese_b_c_d_e_f_g_h).to eq("i-j_k-l_m-n_o-P_Q-R") + expect(hydrated["pizza"]).to eq([1, 2, 3]) + expect(hydrated[:pizza]).to eq([1, 2, 3]) + expect(hydrated.pizza).to eq([1, 2, 3]) + end + + it "doesn't convert to any special hash class when snaky is false" do + response = described_class.new(@response, parse: :automatic, snaky: false, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(Hash) + expect(response.parsed).not_to be_a(custom_hash_class) + expect(response.parsed).to eq("a-b_c-d_e-F_G-H" => "i-j_k-l_m-n_o-P_Q-R", "arr" => [1, 2, 3]) + expect(response.parsed["a-b_c-d_e-F_G-H"]).to eq("i-j_k-l_m-n_o-P_Q-R") + expect(response.parsed["arr"]).to eq([1, 2, 3]) + end + end + + context "when hash with nested hashes" do + let(:parsed_response) { {"a-b_c-d_e-F_G-H" => {"i-j_k-l_m-n_o-P_Q-R" => "s-t_u-v_w-X_Y-Z"}, "arr" => [1, 2, 3]} } + + it "uses the specified hash class when snaky is true" do + response = described_class.new(@response, parse: :automatic, snaky: true, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(custom_hash_class) + expect(response.parsed).to eq("a_b_c_d_e_f_g_h" => {"i_j_k_l_m_n_o_p_q_r" => "s-t_u-v_w-X_Y-Z"}, "arr" => [1, 2, 3]) + expect(response.parsed["a_b_c_d_e_f_g_h"]).to eq({"i_j_k_l_m_n_o_p_q_r" => "s-t_u-v_w-X_Y-Z"}) + expect(response.parsed[:a_b_c_d_e_f_g_h]).to eq({"i_j_k_l_m_n_o_p_q_r" => "s-t_u-v_w-X_Y-Z"}) + expect(response.parsed.a_b_c_d_e_f_g_h).to eq({"i_j_k_l_m_n_o_p_q_r" => "s-t_u-v_w-X_Y-Z"}) + expect(response.parsed["arr"]).to eq([1, 2, 3]) + expect(response.parsed[:arr]).to eq([1, 2, 3]) + expect(response.parsed.arr).to eq([1, 2, 3]) + end + + it "can dump the hash" do + response = described_class.new(@response, parse: :automatic, snaky: true, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(custom_hash_class) + expect(response.parsed.class.dump_hash_extensions.has?(:to_cheese)).to be(true) + dump = custom_hash_class.dump(response.parsed) + expect(dump).to eq("{\"cheese_b_c_d_e_f_g_h\":{\"cheese_j_k_l_m_n_o_p_q_r\":\"s-t_u-v_w-X_Y-Z\"},\"cheese\":[1,2,3]}") + end + + it "can load the dump, and run extensions on values" do + response = described_class.new(@response, parse: :automatic, snaky: true, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(custom_hash_class) + expect(response.parsed.class.load_hash_extensions.has?(:to_pizza)).to be(true) + dump = custom_hash_class.dump(response.parsed) + hydrated = custom_hash_class.load(dump) + expect(hydrated).not_to eq(response.parsed.to_hash) + expect(hydrated).to eq({ + "cpizzaeese_b_c_d_e_f_g_h" => {"cheese_j_k_l_m_n_o_p_q_pizza" => "s-t_u-v_w-X_Y-Z"}, + "pizza" => [1, 2, 3], + }) + expect(hydrated["cpizzaeese_b_c_d_e_f_g_h"]).to eq({"cheese_j_k_l_m_n_o_p_q_pizza" => "s-t_u-v_w-X_Y-Z"}) + expect(hydrated[:cpizzaeese_b_c_d_e_f_g_h]).to eq({"cheese_j_k_l_m_n_o_p_q_pizza" => "s-t_u-v_w-X_Y-Z"}) + expect(hydrated.cpizzaeese_b_c_d_e_f_g_h).to eq({"cheese_j_k_l_m_n_o_p_q_pizza" => "s-t_u-v_w-X_Y-Z"}) + expect(hydrated["pizza"]).to eq([1, 2, 3]) + expect(hydrated[:pizza]).to eq([1, 2, 3]) + expect(hydrated.pizza).to eq([1, 2, 3]) + end + + it "doesn't convert to any special hash class when snaky is false" do + response = described_class.new(@response, parse: :automatic, snaky: false, snaky_hash_klass: custom_hash_class) + expect(response.parsed).to be_a(Hash) + expect(response.parsed).not_to be_a(custom_hash_class) + expect(response.parsed).to eq("a-b_c-d_e-F_G-H" => {"i-j_k-l_m-n_o-P_Q-R" => "s-t_u-v_w-X_Y-Z"}, "arr" => [1, 2, 3]) + expect(response.parsed["a-b_c-d_e-F_G-H"]).to eq({"i-j_k-l_m-n_o-P_Q-R" => "s-t_u-v_w-X_Y-Z"}) + expect(response.parsed["arr"]).to eq([1, 2, 3]) + end + end + end end From e9074da80262cab3b281b0a42d6ce2166da961ca Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 23 May 2025 11:14:22 +0700 Subject: [PATCH 420/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20updates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .rubocop_gradual.lock | 4 +- CHANGELOG.md | 36 +- README.md | 2 +- doc/OAuth2.html | 2 +- doc/OAuth2/AccessToken.html | 2 +- doc/OAuth2/Authenticator.html | 2 +- doc/OAuth2/Client.html | 2 +- doc/OAuth2/Error.html | 2 +- doc/OAuth2/FilteredAttributes.html | 2 +- .../FilteredAttributes/ClassMethods.html | 2 +- doc/OAuth2/Response.html | 744 ++++++++++++++---- doc/OAuth2/Strategy.html | 2 +- doc/OAuth2/Strategy/Assertion.html | 2 +- doc/OAuth2/Strategy/AuthCode.html | 2 +- doc/OAuth2/Strategy/Base.html | 2 +- doc/OAuth2/Strategy/ClientCredentials.html | 2 +- doc/OAuth2/Strategy/Implicit.html | 2 +- doc/OAuth2/Strategy/Password.html | 2 +- doc/OAuth2/Version.html | 2 +- doc/_index.html | 2 +- doc/file.CHANGELOG.html | 60 +- doc/file.CODE_OF_CONDUCT.html | 2 +- doc/file.CONTRIBUTING.html | 2 +- doc/file.LICENSE.html | 2 +- doc/file.README.html | 4 +- doc/file.SECURITY.html | 2 +- doc/index.html | 4 +- doc/top-level-namespace.html | 2 +- lib/oauth2/client.rb | 31 +- lib/oauth2/response.rb | 86 +- 30 files changed, 768 insertions(+), 245 deletions(-) diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock index 81d4dd3c..df4b303e 100644 --- a/.rubocop_gradual.lock +++ b/.rubocop_gradual.lock @@ -18,8 +18,8 @@ [9, 9, 25, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2012823020], [13, 9, 25, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2012823020] ], - "lib/oauth2/response.rb:3727627041": [ - [36, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] + "lib/oauth2/response.rb:2054901929": [ + [53, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427] ], "oauth2.gemspec:3059367295": [ [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028] diff --git a/CHANGELOG.md b/CHANGELOG.md index 12a4a2bd..3b03f4da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,34 +6,34 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. ## [Unreleased] ### Added -- Codeberg as ethical mirror (@pboling) - - https://codeberg.org/oauth-xx/oauth2 -- Don't check for cert if SKIP_GEM_SIGNING is set (@pboling) -- All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling) -- YARD config, GFM compatible with relative file links -- Documentation site on GitHub Pages - - [oauth2.galtzo.com](https://oauth2.galtzo.com) -- [!649](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/649) - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD ### Changed -- Updated `spec.homepage_uri` in gemspec to GitHub Pages YARD documentation site ### Deprecated ### Removed ### Fixed -- Incorrect documentation related to silencing warnings (@pboling) ### Security -## [2.0.11] - 2025-05-22 +## [2.0.11] - 2025-05-23 - TAG: [v2.0.11][2.0.11t] -- COVERAGE: 100.00% -- 516/516 lines in 14 files -- BRANCH COVERAGE: 100.00% -- 170/170 branches in 14 files -- 79.05% documented +- COVERAGE: 100.00% -- 518/518 lines in 14 files +- BRANCH COVERAGE: 100.00% -- 172/172 branches in 14 files +- 80.00% documented ### Added - More documentation +- Codeberg as ethical mirror (@pboling) + - https://codeberg.org/oauth-xx/oauth2 +- Don't check for cert if SKIP_GEM_SIGNING is set (@pboling) +- All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling) +- YARD config, GFM compatible with relative file links (@pboling) +- Documentation site on GitHub Pages (@pboling) + - [oauth2.galtzo.com](https://oauth2.galtzo.com) +- [!649](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/649) - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling) ### Changed -- Upgraded to snaky_hash v2.0.2 +- Upgraded to snaky_hash v2.0.2 (@pboling) - Provides solution for serialization issues +- Updated `spec.homepage_uri` in gemspec to GitHub Pages YARD documentation site (@pboling) ### Fixed -- [gh650](https://github.com/oauth-xx/oauth2/pull/650) - Regression in return type of `OAuth2::Response#parsed` +- [gh650](https://github.com/oauth-xx/oauth2/pull/650) - Regression in return type of `OAuth2::Response#parsed` (@pboling) +- Incorrect documentation related to silencing warnings (@pboling) ## [2.0.10] - 2025-05-17 - TAG: [v2.0.10][2.0.10t] @@ -392,7 +392,9 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2. [gemfiles/readme]: gemfiles/README.md -[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.10...HEAD +[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.11...HEAD +[2.0.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.10...v2.0.11 +[2.0.11t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.11 [2.0.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.9...v2.0.10 [2.0.10t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.10 [2.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.8...v2.0.9 diff --git a/README.md b/README.md index f40f966e..31f61ded 100644 --- a/README.md +++ b/README.md @@ -885,7 +885,7 @@ or one of the others at the head of this README. [📌gitmoji]:https://gitmoji.dev [📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20😜%20😍-34495e.svg?style=flat-square [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ -[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.516-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue +[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.518-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue [🔐security]: SECURITY.md [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year diff --git a/doc/OAuth2.html b/doc/OAuth2.html index 23ee2b56..231e2600 100644 --- a/doc/OAuth2.html +++ b/doc/OAuth2.html @@ -326,7 +326,7 @@

            diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html index 96e52d08..e6223ec0 100644 --- a/doc/OAuth2/AccessToken.html +++ b/doc/OAuth2/AccessToken.html @@ -3069,7 +3069,7 @@

            diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html index af33e404..e683a3e8 100644 --- a/doc/OAuth2/Authenticator.html +++ b/doc/OAuth2/Authenticator.html @@ -631,7 +631,7 @@

            diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html index 5e071715..f974f54b 100644 --- a/doc/OAuth2/Client.html +++ b/doc/OAuth2/Client.html @@ -2651,7 +2651,7 @@

            diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html index 8b9433b9..289959ee 100644 --- a/doc/OAuth2/Error.html +++ b/doc/OAuth2/Error.html @@ -518,7 +518,7 @@

            diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html index c3564ee8..85b36890 100644 --- a/doc/OAuth2/FilteredAttributes.html +++ b/doc/OAuth2/FilteredAttributes.html @@ -268,7 +268,7 @@

            diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html index f6dddd24..6c4e8bec 100644 --- a/doc/OAuth2/FilteredAttributes/ClassMethods.html +++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html @@ -218,7 +218,7 @@

            diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html index aec2bdae..0ffa2f5b 100644 --- a/doc/OAuth2/Response.html +++ b/doc/OAuth2/Response.html @@ -101,13 +101,29 @@

            Overview

            -

            OAuth2::Response class

            +

            The Response class handles HTTP responses in the OAuth2 gem, providing methods
            +to access and parse response data in various formats.

            +

            Since:

            +
              + +
            • + + + + + +

              1.0.0

              +
              + +
              • + +
            @@ -119,7 +135,49 @@

            DEFAULT_OPTIONS = - +
            +
            +

            Default configuration options for Response instances

            + + +
            +
            +
            + +

            Returns:

            +
              + +
            • + + + (Hash) + + + + — +

              The default options hash

              +
              + +
              • + +
            +

            Since:

            +
              + +
            • + + + + + +

              1.0.0

              +
              + +
              • + +
            + +
            {
   parse: :automatic,
@@ -130,14 +188,45 @@ 
            
         
            @@parsers =
           
            
   
            
-    
            Procs that, when called, will parse a response body according
            
-to the specified format.
            
+    
            Storage for response body parser procedures
            
 
 
   
            
 
            
 
            
   
+
            Returns:
            
+
              
+  
+    
            • 
+      
+      
+        (Hash<Symbol, Proc>)
+      
+      
+      
+        —
+        
              Hash of parser procs keyed by format symbol
              
+
              
+      
+    
              • 
+  
+
            
+
            Since:
            
+
              
+  
+    
            • 
+      
+      
+      
+      
+        
+        
              1.0.0
              
+
              
+      
+    
              • 
+  
+
            
 
 
            
         
            
@@ -149,13 +238,45 @@ 
            
         
            @@content_types =
           
            
   
            
-    
            Content type assignments for various potential HTTP content types.
            
+    
            Maps content types to parser symbols
            
 
 
   
            
 
            
 
            
   
+
            Returns:
            
+
              
+  
+    
            • 
+      
+      
+        (Hash<String, Symbol>)
+      
+      
+      
+        —
+        
              Hash of content types mapped to parser symbols
              
+
              
+      
+    
              • 
+  
+
            
+
            Since:
            
+
              
+  
+    
            • 
+      
+      
+      
+      
+        
+        
              1.0.0
              
+
              
+      
+    
              • 
+  
+
            
 
 
            
         
            
@@ -176,7 +297,7 @@ 
            Instance Attribute Summary collaps
       
          • 
   
     
-      #options  ⇒ Object 
+      #options  ⇒ Hash 
     
 
     
@@ -193,7 +314,7 @@ 
            Instance Attribute Summary collaps
   
 
   
-    
            Returns the value of attribute options.
            
+    
            The options hash for this instance.
            
 
            
   
 
            • 
@@ -202,7 +323,7 @@ 
            Instance Attribute Summary collaps
       
          • 
   
     
-      #response  ⇒ Object 
+      #response  ⇒ Faraday::Response 
     
 
     
@@ -221,7 +342,7 @@ 
            Instance Attribute Summary collaps
   
 
   
-    
            Returns the value of attribute response.
            
+    
            The raw Faraday response object.
            
 
            
   
 
            • 
@@ -243,7 +364,7 @@ 
            
         
          • 
   
     
-      .register_parser(key, mime_types) {|String| ... } ⇒ Object 
+      .register_parser(key, mime_types) {|String| ... } ⇒ void 
     
 
     
@@ -275,7 +396,7 @@ 
            
         
          • 
   
     
-      #body  ⇒ Object 
+      #body  ⇒ String 
     
 
     
@@ -298,7 +419,7 @@ 
            
         
          • 
   
     
-      #content_type  ⇒ Object 
+      #content_type  ⇒ String? 
     
 
     
@@ -312,7 +433,7 @@ 
            
   
 
   
-    
            Attempts to determine the content type of the response.
            
+    
            Determines the content type of the response.
            
 
            
   
 
            • 
@@ -321,7 +442,7 @@ 
            
         
          • 
   
     
-      #headers  ⇒ Object 
+      #headers  ⇒ Hash 
     
 
     
@@ -344,7 +465,7 @@ 
            
         
          • 
   
     
-      #initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil, **options)  ⇒ Response 
+      #initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil, **options)  ⇒ OAuth2::Response 
     
 
     
@@ -383,7 +504,7 @@ 
            
   
 
   
-    
            The #response #body as parsed by #parser.
            
+    
            The parsed response body.
            
 
            
   
 
            • 
@@ -406,7 +527,7 @@ 
            
   
 
   
-    
            Determines the parser (a Proc or other Object which responds to #call) that will be passed the #body (and optional #response) to supply #parsed.
            
+    
            Determines the parser to be used for the response body.
            
 
            
   
 
            • 
@@ -415,7 +536,7 @@ 
            
         
          • 
   
     
-      #status  ⇒ Object 
+      #status  ⇒ Integer 
     
 
     
@@ -444,7 +565,7 @@ 
            Constructor Details
            
     
            
   
            
   
-    #initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil, **options)  ⇒ Response 
+    #initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil, **options)  ⇒ OAuth2::Response 
   
 
   
@@ -488,8 +609,7 @@ 
            
       
       
         —
-        
            (:automatic) how to parse the response body.  one of :query (for x-www-form-urlencoded),
            
-:json, or :automatic (determined by Content-Type response header)
            
+        
            (:automatic) How to parse the response body
            
 
            
       
     
            • 
@@ -499,15 +619,31 @@ 
            
         snaky
       
       
-        (true, false)
+        (Boolean)
       
       
         (defaults to: true)
       
       
         —
-        
            (true) Convert @parsed to a snake-case,
            
-indifferent-access SnakyHash::StringKeyed, which is a subclass of Hashie::Mash (from hashie gem)?
            
+        
            (true) Whether to convert parsed response to snake_case using SnakyHash
            
+
            
+      
+    
            • 
+  
+    
          • 
+      
+        snaky_hash_klass
+      
+      
+        (Class, nil)
+      
+      
+        (defaults to: nil)
+      
+      
+        —
+        
            (nil) Custom class for snake_case hash conversion
            
 
            
       
     
            • 
@@ -522,13 +658,90 @@ 
            
       
       
         —
-        
            all other options for initializing the instance
            
+        
            Additional options for the response
            
 
            
       
     
            •

          + + + + + + + + + + + +

          Options Hash (**options):

          +
            + +
          • + :parse + (Symbol) + + + — default: + :automatic + + + + —

            Parse strategy (:query, :json, or :automatic)

            +
            + +
            • + +
          • + :snaky + (Boolean) + + + — default: + true + + + + —

            Enable/disable snake_case conversion

            +
            + +
            • + +
          • + :snaky_hash_klass + (Class) + + + — default: + SnakyHash::StringKeyed + + + + —

            Class to use for hash conversion

            +
            + +
            • + +
          + + +

          Since:

          +
            + +
          • + + + + + +

            1.0.0

            +
            + +
            • + +
        Documentation -Discussion Current release on RubyDoc.info HEAD on RubyDoc.info BDFL Blog Wiki +Discussion Current release on RubyDoc.info HEAD on RubyDoc.info BDFL Blog Wiki
        Documentation -Discussion Current release on RubyDoc.info HEAD on RubyDoc.info BDFL Blog Wiki +Discussion Current release on RubyDoc.info HEAD on RubyDoc.info BDFL Blog Wiki
        - 
        # File 'lib/oauth2/response.rb', line 102
+      
        # File 'lib/oauth2/response.rb', line 101
 
 def content_type
   return unless response.headers
@@ -958,8 +958,7 @@ 
        
 95
 96
 97
-98
-99
        
+98
        		 
        # File 'lib/oauth2/response.rb', line 78
@@ -980,8 +979,7 @@ 
        
     end
 
   if options[:snaky] && @parsed.is_a?(Hash)
-    parsed = SnakyHash::StringKeyed.new(@parsed)
-    @parsed = parsed.to_h
+    @parsed = SnakyHash::StringKeyed.new(@parsed)
   end
 
   @parsed
@@ -1058,6 +1056,7 @@ 
        
       
         
 
+123
 124
 125
 126
@@ -1068,11 +1067,10 @@ 
        
 131
 132
 133
-134
-135
        
+134
        		 - 
        # File 'lib/oauth2/response.rb', line 124
+      
        # File 'lib/oauth2/response.rb', line 123
 
 def parser
   return @parser if defined?(@parser)
@@ -1136,7 +1134,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html
index e929d487..afe51801 100644
--- a/doc/OAuth2/Strategy.html
+++ b/doc/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html
index f1a244d3..fa3e86f2 100644
--- a/doc/OAuth2/Strategy/Assertion.html
+++ b/doc/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html
index 6ee434df..f9f72043 100644
--- a/doc/OAuth2/Strategy/AuthCode.html
+++ b/doc/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html
index 77ac32f7..58b54f46 100644
--- a/doc/OAuth2/Strategy/Base.html
+++ b/doc/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html
index 31abd6f7..61c7a5ba 100644
--- a/doc/OAuth2/Strategy/ClientCredentials.html
+++ b/doc/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html
index a51602e2..b600ad4b 100644
--- a/doc/OAuth2/Strategy/Implicit.html
+++ b/doc/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html
index 5fce714a..c3e30d22 100644
--- a/doc/OAuth2/Strategy/Password.html
+++ b/doc/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html
index 24d4cf30..6f553a88 100644
--- a/doc/OAuth2/Version.html
+++ b/doc/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/doc/_index.html b/doc/_index.html
index 81769448..541c36bc 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -300,7 +300,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html
index 5fe2746f..1113489c 100644
--- a/doc/file.CHANGELOG.html
+++ b/doc/file.CHANGELOG.html
@@ -773,7 +773,7 @@ 
        
 
 
       
diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html
index 712b78e4..5781bf53 100644
--- a/doc/file.CODE_OF_CONDUCT.html
+++ b/doc/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
        Attribution
        
 
 
       
diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html
index 62395fa3..8ac909f4 100644
--- a/doc/file.CONTRIBUTING.html
+++ b/doc/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
        To release a new version:
        
 
 
       
diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html
index 0e0118bc..6e9936f3 100644
--- a/doc/file.LICENSE.html
+++ b/doc/file.LICENSE.html
@@ -60,7 +60,7 @@
       
        MIT License

        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
        Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:

        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.

        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
 
       
diff --git a/doc/file.README.html b/doc/file.README.html
index 6a28b213..deb4dc97 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -957,7 +957,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html
index 76df6ca8..c879d7c3 100644
--- a/doc/file.SECURITY.html
+++ b/doc/file.SECURITY.html
@@ -110,7 +110,7 @@ 
        OAuth2 for Enterprise
        
 
 
       
diff --git a/doc/index.html b/doc/index.html
index f3453b28..b8e40e78 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -957,7 +957,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index 9a66113c..f7c1afe8 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb
index fb3cf7ce..fe03cd43 100644
--- a/lib/oauth2/response.rb
+++ b/lib/oauth2/response.rb
@@ -73,7 +73,7 @@ def body
 
     # The {#response} {#body} as parsed by {#parser}.
     #
-    # @return [Object] As returned by {#parser} if it is #call-able.
+    # @return [Object, SnakyHash::StringKeyed] As returned by {#parser} if #call-able; snaky hash if options[:snaky].
     # @return [nil] If the {#parser} is not #call-able.
     def parsed
       return @parsed if defined?(@parsed)
@@ -91,8 +91,7 @@ def parsed
         end
 
       if options[:snaky] && @parsed.is_a?(Hash)
-        parsed = SnakyHash::StringKeyed.new(@parsed)
-        @parsed = parsed.to_h
+        @parsed = SnakyHash::StringKeyed.new(@parsed)
       end
 
       @parsed
diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb
index 3ecdd63f..abe17787 100644
--- a/spec/oauth2/client_spec.rb
+++ b/spec/oauth2/client_spec.rb
@@ -610,7 +610,6 @@
               expect(token.token).to eq("the-token")
               expect(token.response.parsed).to be_a(Hash)
               expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed)
-              expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed)
             end
           end
 
@@ -628,7 +627,6 @@
               expect(token.token).to eq("the-token")
               expect(token.response.parsed).to be_a(Hash)
               expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed)
-              expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed)
             end
 
             context "with alternate token named" do
@@ -640,7 +638,6 @@
                 expect(token.token).to eq("the-token")
                 expect(token.response.parsed).to be_a(Hash)
                 expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed)
-                expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed)
               end
 
               it "returns a snake-cased key" do
@@ -662,13 +659,15 @@
               expect(token.token).to eq("the-token")
               expect(token.response.parsed).to be_a(Hash)
               expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed)
-              expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed)
             end
 
             it "returns a configured AccessToken" do
               expect(token).to be_a OAuth2::AccessToken
               expect(token.token).to eq("the-token")
-              expect(token.response.parsed.to_h).to eq("accessToken" => "the-token")
+              parsed_h = token.response.parsed.to_h
+              expect(parsed_h).to eq("accessToken" => "the-token")
+              expect(parsed_h).to be_a(Hash)
+              expect(parsed_h).not_to be_a(SnakyHash::StringKeyed)
             end
           end
 
@@ -678,7 +677,10 @@
             it "returns a configured AccessToken" do
               expect(token).to be_a OAuth2::AccessToken
               expect(token.token).to eq("the-token")
-              expect(token.response.parsed.to_h).to eq("accessToken" => "the-token")
+              parsed_h = token.response.parsed.to_h
+              expect(parsed_h).to eq("accessToken" => "the-token")
+              expect(parsed_h).to be_a(Hash)
+              expect(parsed_h).not_to be_a(SnakyHash::StringKeyed)
             end
 
             it "parsed is a Hash" do
@@ -686,7 +688,6 @@
               expect(token.token).to eq("the-token")
               expect(token.response.parsed).to be_a(Hash)
               expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed)
-              expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed)
             end
 
             context "with alternate token name" do
@@ -698,13 +699,15 @@
                 expect(token.token).to eq("the-token")
                 expect(token.response.parsed).to be_a(Hash)
                 expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed)
-                expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed)
               end
 
               it "returns a snake-cased key" do
                 expect(token).to be_a OAuth2::AccessToken
                 expect(token.token).to eq("the-token")
-                expect(token.response.parsed.to_h).to eq("bananaFace" => "the-token")
+                parsed_h = token.response.parsed.to_h
+                expect(parsed_h).to eq("bananaFace" => "the-token")
+                expect(parsed_h).to be_a(Hash)
+                expect(parsed_h).not_to be_a(SnakyHash::StringKeyed)
               end
             end
           end
@@ -718,12 +721,11 @@
           context "with token_name" do
             let(:access_token_opts) { {token_name: "access_token"} }
 
-            it "parsed is a Hash" do
+            it "parsed is a SnakyHash::StringKeyed" do
               expect(token).to be_a OAuth2::AccessToken
               expect(token.token).to eq("the-token")
               expect(token.response.parsed).to be_a(Hash)
-              expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed)
-              expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed)
+              expect(token.response.parsed).to be_a(SnakyHash::StringKeyed)
             end
 
             it "returns a snake-cased key" do
@@ -736,12 +738,11 @@
               let(:access_token_opts) { {token_name: "banana_face"} }
               let(:response_body) { JSON.dump("banana_face" => "the-token") }
 
-              it "parsed is a Hash" do
+              it "parsed is a SnakyHash::StringKeyed" do
                 expect(token).to be_a OAuth2::AccessToken
                 expect(token.token).to eq("the-token")
                 expect(token.response.parsed).to be_a(Hash)
-                expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed)
-                expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed)
+                expect(token.response.parsed).to be_a(SnakyHash::StringKeyed)
               end
 
               it "returns a snake-cased key" do
@@ -759,12 +760,11 @@
               expect(token.response.parsed.to_h).to eq("access_token" => "the-token")
             end
 
-            it "parsed is a Hash" do
+            it "parsed is a SnakyHash::StringKeyed" do
               expect(token).to be_a OAuth2::AccessToken
               expect(token.token).to eq("the-token")
               expect(token.response.parsed).to be_a(Hash)
-              expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed)
-              expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed)
+              expect(token.response.parsed).to be_a(SnakyHash::StringKeyed)
             end
           end
         end
@@ -775,12 +775,11 @@
           context "with token_name" do
             let(:access_token_opts) { {token_name: "accessToken"} }
 
-            it "parsed is a Hash, but no token since snaky changed key" do
+            it "parsed is a SnakyHash::StringKeyed, and token is found" do
               expect(token).to be_a OAuth2::AccessToken
-              expect(token.token).to eq("")
+              expect(token.token).to eq("the-token")
               expect(token.response.parsed).to be_a(Hash)
-              expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed)
-              expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed)
+              expect(token.response.parsed).to be_a(SnakyHash::StringKeyed)
             end
 
             it "returns a snake-cased key" do
@@ -792,12 +791,11 @@
               let(:access_token_opts) { {token_name: "banana_butter_cake"} }
               let(:response_body) { JSON.dump("banana-butterCake" => "the-token") }
 
-              it "parsed is a Hash" do
+              it "parsed is a SnakyHash::StringKeyed" do
                 expect(token).to be_a OAuth2::AccessToken
                 expect(token.token).to eq("the-token")
                 expect(token.response.parsed).to be_a(Hash)
-                expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed)
-                expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed)
+                expect(token.response.parsed).to be_a(SnakyHash::StringKeyed)
               end
 
               it "returns a snake-cased key" do
@@ -809,12 +807,11 @@
           end
 
           context "without token_name" do
-            it "parsed is a Hash" do
+            it "parsed is a SnakyHash::StringKeyed" do
               expect(token).to be_a OAuth2::AccessToken
               expect(token.token).to eq("the-token")
               expect(token.response.parsed).to be_a(Hash)
-              expect(token.response.parsed).not_to be_a(SnakyHash::StringKeyed)
-              expect(token.response.parsed).not_to be_a(SnakyHash::SymbolKeyed)
+              expect(token.response.parsed).to be_a(SnakyHash::StringKeyed)
             end
 
             it "returns a snake-cased key" do

From 86c8d5ea9d99f470b16f870473988cf2d4c06642 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 22 May 2025 08:07:49 +0700
Subject: [PATCH 408/645] =?UTF-8?q?=F0=9F=90=9B=20Fix=20bug=20when=20runni?=
 =?UTF-8?q?ng=20Hashie=20v0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- New caboose workflow is an absolute wagon
---
 .github/workflows/ancient.yml                 |  10 +-
 .github/workflows/caboose.yml                 | 106 ++++++++++++++++++
 Appraisals                                    |  52 ++++++++-
 README.md                                     |  22 +++-
 gemfiles/audit.gemfile                        |   2 +-
 gemfiles/coverage.gemfile                     |   2 +-
 gemfiles/current.gemfile                      |   2 +-
 gemfiles/current_runtime_heads.gemfile        |   2 +-
 gemfiles/head.gemfile                         |   2 +-
 gemfiles/omnibus.gemfile                      |   2 +-
 ...2_3.gemfile => ruby_2_3_hashie_v0.gemfile} |   2 +-
 gemfiles/ruby_2_3_hashie_v1.gemfile           |  17 +++
 gemfiles/ruby_2_3_hashie_v2.gemfile           |  17 +++
 gemfiles/ruby_2_3_hashie_v3.gemfile           |  17 +++
 gemfiles/ruby_2_3_hashie_v4.gemfile           |  17 +++
 gemfiles/ruby_2_3_hashie_v5.gemfile           |  17 +++
 gemfiles/ruby_2_4.gemfile                     |   2 +-
 gemfiles/ruby_2_5.gemfile                     |   2 +-
 gemfiles/ruby_2_6.gemfile                     |   2 +-
 gemfiles/ruby_2_7.gemfile                     |   2 +-
 gemfiles/ruby_3_0.gemfile                     |   2 +-
 gemfiles/ruby_3_1.gemfile                     |   2 +-
 gemfiles/ruby_3_2.gemfile                     |   2 +-
 gemfiles/ruby_3_3.gemfile                     |   2 +-
 gemfiles/style.gemfile                        |   2 +-
 gemfiles/vanilla.gemfile                      |   2 +-
 lib/oauth2/access_token.rb                    |   8 +-
 27 files changed, 288 insertions(+), 29 deletions(-)
 create mode 100644 .github/workflows/caboose.yml
 rename gemfiles/{ruby_2_3.gemfile => ruby_2_3_hashie_v0.gemfile} (93%)
 create mode 100644 gemfiles/ruby_2_3_hashie_v1.gemfile
 create mode 100644 gemfiles/ruby_2_3_hashie_v2.gemfile
 create mode 100644 gemfiles/ruby_2_3_hashie_v3.gemfile
 create mode 100644 gemfiles/ruby_2_3_hashie_v4.gemfile
 create mode 100644 gemfiles/ruby_2_3_hashie_v5.gemfile

diff --git a/.github/workflows/ancient.yml b/.github/workflows/ancient.yml
index 8771e589..1ee86098 100644
--- a/.github/workflows/ancient.yml
+++ b/.github/workflows/ancient.yml
@@ -1,4 +1,4 @@
-name: MRI 2.3, 2.4, 2.5 (EOL)
+name: MRI 2.4, 2.5 (EOL)
 
 permissions:
   contents: read
@@ -34,14 +34,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          # Ruby 2.3
-          - ruby: "ruby-2.3"
-            appraisal: "ruby-2-3"
-            exec_cmd: "rake test"
-            gemfile: "Appraisal.root"
-            rubygems: "3.3.27"
-            bundler: "2.3.27"
-
           # Ruby 2.4
           - ruby: "ruby-2.4"
             appraisal: "ruby-2-4"
diff --git a/.github/workflows/caboose.yml b/.github/workflows/caboose.yml
new file mode 100644
index 00000000..02a381d2
--- /dev/null
+++ b/.github/workflows/caboose.yml
@@ -0,0 +1,106 @@
+# THE CABOOSE IS AN ABSOLUTE WAGON
+name: MRI 2.3 X Hashie WAGON (EOL)
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches:
+      - 'main'
+      - '*-stable'
+    tags:
+      - '!*' # Do not execute on tags
+  pull_request:
+    branches:
+      - '*'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  # The concurrency group contains the workflow name and the branch name.
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  test:
+    name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
+    if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    runs-on: ubuntu-22.04
+    continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
+    env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
+      BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # Ruby 2.3
+          - ruby: "ruby-2.3"
+            appraisal: "ruby-2-3-hashie_v0"
+            exec_cmd: "rake test"
+            gemfile: "Appraisal.root"
+            rubygems: "3.3.27"
+            bundler: "2.3.27"
+
+          # Ruby 2.3
+          - ruby: "ruby-2.3"
+            appraisal: "ruby-2-3-hashie_v1"
+            exec_cmd: "rake test"
+            gemfile: "Appraisal.root"
+            rubygems: "3.3.27"
+            bundler: "2.3.27"
+
+          # Ruby 2.3
+          - ruby: "ruby-2.3"
+            appraisal: "ruby-2-3-hashie_v2"
+            exec_cmd: "rake test"
+            gemfile: "Appraisal.root"
+            rubygems: "3.3.27"
+            bundler: "2.3.27"
+
+          # Ruby 2.3
+          - ruby: "ruby-2.3"
+            appraisal: "ruby-2-3-hashie_v3"
+            exec_cmd: "rake test"
+            gemfile: "Appraisal.root"
+            rubygems: "3.3.27"
+            bundler: "2.3.27"
+
+          # Ruby 2.3
+          - ruby: "ruby-2.3"
+            appraisal: "ruby-2-3-hashie_v4"
+            exec_cmd: "rake test"
+            gemfile: "Appraisal.root"
+            rubygems: "3.3.27"
+            bundler: "2.3.27"
+
+          # Ruby 2.3
+          - ruby: "ruby-2.3"
+            appraisal: "ruby-2-3-hashie_v5"
+            exec_cmd: "rake test"
+            gemfile: "Appraisal.root"
+            rubygems: "3.3.27"
+            bundler: "2.3.27"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby & RubyGems
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          rubygems: ${{ matrix.rubygems }}
+          bundler: ${{ matrix.bundler }}
+          bundler-cache: false
+
+      # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root)
+      # We need to do this first to get appraisal installed.
+      # NOTE: This does not use the primary Gemfile at all.
+      - name: Install Root Appraisal
+        run: bundle > /dev/null 2>&1
+      - name: Appraisal for ${{ matrix.appraisal }}
+        run: bundle exec appraisal ${{ matrix.appraisal }} bundle > /dev/null 2>&1
+      - name: Tests for ${{ matrix.ruby }} via ${{ matrix.exec_cmd }}
+        run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }}
diff --git a/Appraisals b/Appraisals
index 9adc4170..adbae164 100644
--- a/Appraisals
+++ b/Appraisals
@@ -35,7 +35,7 @@ appraise "current" do
   remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch
 end
 
-appraise "ruby-2-3" do
+appraise "ruby-2-3-hashie_v0" do
   eval_gemfile "modular/faraday_v0.gemfile"
   eval_gemfile "modular/hashie_v0.gemfile"
   eval_gemfile "modular/jwt_v1.gemfile"
@@ -45,6 +45,56 @@ appraise "ruby-2-3" do
   remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch
 end
 
+appraise "ruby-2-3-hashie_v1" do
+  eval_gemfile "modular/faraday_v0.gemfile"
+  eval_gemfile "modular/hashie_v1.gemfile"
+  eval_gemfile "modular/jwt_v1.gemfile"
+  eval_gemfile "modular/logger_v1_2.gemfile"
+  eval_gemfile "modular/multi_xml_v0_5.gemfile"
+  eval_gemfile "modular/rack_v1_2.gemfile"
+  remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch
+end
+
+appraise "ruby-2-3-hashie_v2" do
+  eval_gemfile "modular/faraday_v0.gemfile"
+  eval_gemfile "modular/hashie_v2.gemfile"
+  eval_gemfile "modular/jwt_v1.gemfile"
+  eval_gemfile "modular/logger_v1_2.gemfile"
+  eval_gemfile "modular/multi_xml_v0_5.gemfile"
+  eval_gemfile "modular/rack_v1_2.gemfile"
+  remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch
+end
+
+appraise "ruby-2-3-hashie_v3" do
+  eval_gemfile "modular/faraday_v0.gemfile"
+  eval_gemfile "modular/hashie_v3.gemfile"
+  eval_gemfile "modular/jwt_v1.gemfile"
+  eval_gemfile "modular/logger_v1_2.gemfile"
+  eval_gemfile "modular/multi_xml_v0_5.gemfile"
+  eval_gemfile "modular/rack_v1_2.gemfile"
+  remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch
+end
+
+appraise "ruby-2-3-hashie_v4" do
+  eval_gemfile "modular/faraday_v0.gemfile"
+  eval_gemfile "modular/hashie_v4.gemfile"
+  eval_gemfile "modular/jwt_v1.gemfile"
+  eval_gemfile "modular/logger_v1_2.gemfile"
+  eval_gemfile "modular/multi_xml_v0_5.gemfile"
+  eval_gemfile "modular/rack_v1_2.gemfile"
+  remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch
+end
+
+appraise "ruby-2-3-hashie_v5" do
+  eval_gemfile "modular/faraday_v0.gemfile"
+  eval_gemfile "modular/hashie_v5.gemfile"
+  eval_gemfile "modular/jwt_v1.gemfile"
+  eval_gemfile "modular/logger_v1_2.gemfile"
+  eval_gemfile "modular/multi_xml_v0_5.gemfile"
+  eval_gemfile "modular/rack_v1_2.gemfile"
+  remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch
+end
+
 appraise "ruby-2-4" do
   eval_gemfile "modular/faraday_v1.gemfile"
   eval_gemfile "modular/hashie_v1.gemfile"
diff --git a/README.md b/README.md
index c58df99e..058cf303 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@
 
 ## 🔐 OAuth2
 
-[![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Depfu][🔑depfui♻️]][🔑depfu] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi♻️]][🔑qlty-cov] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL]
+[![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Depfu][🔑depfui♻️]][🔑depfu] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi♻️]][🔑qlty-cov] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Caboose is an absolute WAGON][🚎13-cbs-wfi]][🚎13-cbs-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL]
 
 ---
 
@@ -164,6 +164,7 @@ One of these might be what you are looking for:
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
+| 2.0.11  | 2025-05-21    | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.10 README][2.0.11-readme] |
 | 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
 | 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
 | 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
@@ -177,6 +178,7 @@ One of these might be what you are looking for:
 | 2.0.0   | 2022-06-21   | [v2.0.0 CHANGELOG][2.0.0-changelog]   | [v2.0.0 README][2.0.0-readme]   |
 
 
+[2.0.11-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2011---2025-05-21
 [2.0.10-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2010---2025-05-17
 [2.0.9-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#209---2022-09-16
 [2.0.8-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#208---2022-09-01
@@ -189,6 +191,7 @@ One of these might be what you are looking for:
 [2.0.1-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#201---2022-06-22
 [2.0.0-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#200---2022-06-21
 
+[2.0.10-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.11/README.md
 [2.0.10-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.10/README.md
 [2.0.9-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.9/README.md
 [2.0.8-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.8/README.md
@@ -480,6 +483,21 @@ response.parsed[:additional_data] # => "additional"
 response.parsed.class.name        # => SnakyHash::StringKeyed (from snaky_hash gem)
 ```
 
+#### Serialization
+
+As of v2.0.11, if you need to serialize the parsed result, you can!
+
+There are two ways to do this.
+
+1. Global: put this in your code somewhere reasonable (like an initializer for Rails):
+```ruby
+SnakyHash::StringKeyed.class_eval do
+  extend SnakyHash::Serializer
+end
+```
+
+2. 
+
 #### What if I hate snakes and/or indifference?
 
 ```ruby
@@ -811,6 +829,8 @@ or one of the others at the head of this README.
 [🚎11-c-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/current.yml/badge.svg
 [🚎12-crh-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/current-runtime-heads.yml
 [🚎12-crh-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/current-runtime-heads.yml/badge.svg
+[🚎13-cbs-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/caboose.yml
+[🚎13-cbs-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/caboose.yml/badge.svg
 [⛳liberapay-img]: https://img.shields.io/liberapay/goal/pboling.svg?logo=liberapay
 [⛳liberapay]: https://liberapay.com/pboling/donate
 [🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github
diff --git a/gemfiles/audit.gemfile b/gemfiles/audit.gemfile
index 173a1e36..51d2169c 100644
--- a/gemfiles/audit.gemfile
+++ b/gemfiles/audit.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/audit.gemfile")
 
diff --git a/gemfiles/coverage.gemfile b/gemfiles/coverage.gemfile
index 6b348995..89a57ce0 100644
--- a/gemfiles/coverage.gemfile
+++ b/gemfiles/coverage.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/coverage.gemfile")
 
diff --git a/gemfiles/current.gemfile b/gemfiles/current.gemfile
index c4f47527..05f8012c 100644
--- a/gemfiles/current.gemfile
+++ b/gemfiles/current.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", ">= 0.2"
 gem "stringio", ">= 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/current_runtime_heads.gemfile b/gemfiles/current_runtime_heads.gemfile
index fc9c120d..74ea868d 100644
--- a/gemfiles/current_runtime_heads.gemfile
+++ b/gemfiles/current_runtime_heads.gemfile
@@ -5,6 +5,6 @@ source "https://rubygems.org/"
 gem "mutex_m", ">= 0.2"
 gem "stringio", ">= 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/runtime_heads.gemfile")
diff --git a/gemfiles/head.gemfile b/gemfiles/head.gemfile
index fc9c120d..74ea868d 100644
--- a/gemfiles/head.gemfile
+++ b/gemfiles/head.gemfile
@@ -5,6 +5,6 @@ source "https://rubygems.org/"
 gem "mutex_m", ">= 0.2"
 gem "stringio", ">= 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/runtime_heads.gemfile")
diff --git a/gemfiles/omnibus.gemfile b/gemfiles/omnibus.gemfile
index 57cc634c..168d34cc 100644
--- a/gemfiles/omnibus.gemfile
+++ b/gemfiles/omnibus.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/audit.gemfile")
 
diff --git a/gemfiles/ruby_2_3.gemfile b/gemfiles/ruby_2_3_hashie_v0.gemfile
similarity index 93%
rename from gemfiles/ruby_2_3.gemfile
rename to gemfiles/ruby_2_3_hashie_v0.gemfile
index 00bcdb3e..088d2f1d 100644
--- a/gemfiles/ruby_2_3.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v0.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v1.gemfile b/gemfiles/ruby_2_3_hashie_v1.gemfile
new file mode 100644
index 00000000..7a4ef09a
--- /dev/null
+++ b/gemfiles/ruby_2_3_hashie_v1.gemfile
@@ -0,0 +1,17 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org/"
+
+gemspec :path => "../"
+
+eval_gemfile("modular/faraday_v0.gemfile")
+
+eval_gemfile("modular/hashie_v1.gemfile")
+
+eval_gemfile("modular/jwt_v1.gemfile")
+
+eval_gemfile("modular/logger_v1_2.gemfile")
+
+eval_gemfile("modular/multi_xml_v0_5.gemfile")
+
+eval_gemfile("modular/rack_v1_2.gemfile")
diff --git a/gemfiles/ruby_2_3_hashie_v2.gemfile b/gemfiles/ruby_2_3_hashie_v2.gemfile
new file mode 100644
index 00000000..ce43494c
--- /dev/null
+++ b/gemfiles/ruby_2_3_hashie_v2.gemfile
@@ -0,0 +1,17 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org/"
+
+gemspec :path => "../"
+
+eval_gemfile("modular/faraday_v0.gemfile")
+
+eval_gemfile("modular/hashie_v2.gemfile")
+
+eval_gemfile("modular/jwt_v1.gemfile")
+
+eval_gemfile("modular/logger_v1_2.gemfile")
+
+eval_gemfile("modular/multi_xml_v0_5.gemfile")
+
+eval_gemfile("modular/rack_v1_2.gemfile")
diff --git a/gemfiles/ruby_2_3_hashie_v3.gemfile b/gemfiles/ruby_2_3_hashie_v3.gemfile
new file mode 100644
index 00000000..3e4f6152
--- /dev/null
+++ b/gemfiles/ruby_2_3_hashie_v3.gemfile
@@ -0,0 +1,17 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org/"
+
+gemspec :path => "../"
+
+eval_gemfile("modular/faraday_v0.gemfile")
+
+eval_gemfile("modular/hashie_v3.gemfile")
+
+eval_gemfile("modular/jwt_v1.gemfile")
+
+eval_gemfile("modular/logger_v1_2.gemfile")
+
+eval_gemfile("modular/multi_xml_v0_5.gemfile")
+
+eval_gemfile("modular/rack_v1_2.gemfile")
diff --git a/gemfiles/ruby_2_3_hashie_v4.gemfile b/gemfiles/ruby_2_3_hashie_v4.gemfile
new file mode 100644
index 00000000..a3f2c430
--- /dev/null
+++ b/gemfiles/ruby_2_3_hashie_v4.gemfile
@@ -0,0 +1,17 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org/"
+
+gemspec :path => "../"
+
+eval_gemfile("modular/faraday_v0.gemfile")
+
+eval_gemfile("modular/hashie_v4.gemfile")
+
+eval_gemfile("modular/jwt_v1.gemfile")
+
+eval_gemfile("modular/logger_v1_2.gemfile")
+
+eval_gemfile("modular/multi_xml_v0_5.gemfile")
+
+eval_gemfile("modular/rack_v1_2.gemfile")
diff --git a/gemfiles/ruby_2_3_hashie_v5.gemfile b/gemfiles/ruby_2_3_hashie_v5.gemfile
new file mode 100644
index 00000000..db80674b
--- /dev/null
+++ b/gemfiles/ruby_2_3_hashie_v5.gemfile
@@ -0,0 +1,17 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org/"
+
+gemspec :path => "../"
+
+eval_gemfile("modular/faraday_v0.gemfile")
+
+eval_gemfile("modular/hashie_v5.gemfile")
+
+eval_gemfile("modular/jwt_v1.gemfile")
+
+eval_gemfile("modular/logger_v1_2.gemfile")
+
+eval_gemfile("modular/multi_xml_v0_5.gemfile")
+
+eval_gemfile("modular/rack_v1_2.gemfile")
diff --git a/gemfiles/ruby_2_4.gemfile b/gemfiles/ruby_2_4.gemfile
index e8c2f7b6..c15b04f9 100644
--- a/gemfiles/ruby_2_4.gemfile
+++ b/gemfiles/ruby_2_4.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v1.gemfile")
 
diff --git a/gemfiles/ruby_2_5.gemfile b/gemfiles/ruby_2_5.gemfile
index 039fdb5a..cca5f0e8 100644
--- a/gemfiles/ruby_2_5.gemfile
+++ b/gemfiles/ruby_2_5.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v1.gemfile")
 
diff --git a/gemfiles/ruby_2_6.gemfile b/gemfiles/ruby_2_6.gemfile
index 77a7e508..6e332186 100644
--- a/gemfiles/ruby_2_6.gemfile
+++ b/gemfiles/ruby_2_6.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_2_7.gemfile b/gemfiles/ruby_2_7.gemfile
index 5d304af5..b38394a3 100644
--- a/gemfiles/ruby_2_7.gemfile
+++ b/gemfiles/ruby_2_7.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_0.gemfile b/gemfiles/ruby_3_0.gemfile
index 36974019..6c46b863 100644
--- a/gemfiles/ruby_3_0.gemfile
+++ b/gemfiles/ruby_3_0.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_1.gemfile b/gemfiles/ruby_3_1.gemfile
index 36974019..6c46b863 100644
--- a/gemfiles/ruby_3_1.gemfile
+++ b/gemfiles/ruby_3_1.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_2.gemfile b/gemfiles/ruby_3_2.gemfile
index f5b6f53d..a173c574 100644
--- a/gemfiles/ruby_3_2.gemfile
+++ b/gemfiles/ruby_3_2.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_3.gemfile b/gemfiles/ruby_3_3.gemfile
index f5b6f53d..a173c574 100644
--- a/gemfiles/ruby_3_3.gemfile
+++ b/gemfiles/ruby_3_3.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/style.gemfile b/gemfiles/style.gemfile
index f75762cf..0b9591b7 100644
--- a/gemfiles/style.gemfile
+++ b/gemfiles/style.gemfile
@@ -5,6 +5,6 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/style.gemfile")
diff --git a/gemfiles/vanilla.gemfile b/gemfiles/vanilla.gemfile
index 095e6608..a55548f2 100644
--- a/gemfiles/vanilla.gemfile
+++ b/gemfiles/vanilla.gemfile
@@ -2,4 +2,4 @@
 
 source "https://rubygems.org/"
 
-gemspec path: "../"
+gemspec :path => "../"
diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb
index da7e6987..c55228b1 100644
--- a/lib/oauth2/access_token.rb
+++ b/lib/oauth2/access_token.rb
@@ -54,7 +54,13 @@ def from_hash(client, hash)
             extra_tokens_warning(supported_keys, t_key)
             t_key
           end
-        token = fresh.delete(key) || ""
+        token = if !defined?(Hashie::VERSION) # i.e. < "1.0"
+                  warn("snaky_hash and oauth2 will drop support for Hashie v0 in the next major version. Please upgrade to a modern Hashie.")
+                  # There is a bug in Hashie v0, which is accounts for.
+                  fresh.delete(key) || fresh[key] || ""
+                else
+                  fresh.delete(key) || ""
+                end
         new(client, token, fresh)
       end
 

From 72cbdee2cab1d72e5e2360f865e4a4041590c467 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 22 May 2025 08:31:13 +0700
Subject: [PATCH 409/645] =?UTF-8?q?=F0=9F=90=9B=20Hashie=20<=203.2=20did?=
 =?UTF-8?q?=20not=20require=20hashie/version?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Hashie < 1.1.0 didn't have a version.rb to require at all
---
 .rubocop_gradual.lock                         |   8 +-
 README.md                                     |   2 +-
 REEK                                          |  53 +--
 doc/OAuth2.html                               |   2 +-
 doc/OAuth2/AccessToken.html                   | 392 +++++++++---------
 doc/OAuth2/Authenticator.html                 |   2 +-
 doc/OAuth2/Client.html                        |   2 +-
 doc/OAuth2/Error.html                         |   2 +-
 doc/OAuth2/FilteredAttributes.html            |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 doc/OAuth2/Response.html                      |  10 +-
 doc/OAuth2/Strategy.html                      |   2 +-
 doc/OAuth2/Strategy/Assertion.html            |   2 +-
 doc/OAuth2/Strategy/AuthCode.html             |   2 +-
 doc/OAuth2/Strategy/Base.html                 |   2 +-
 doc/OAuth2/Strategy/ClientCredentials.html    |   2 +-
 doc/OAuth2/Strategy/Implicit.html             |   2 +-
 doc/OAuth2/Strategy/Password.html             |   2 +-
 doc/OAuth2/Version.html                       |   2 +-
 doc/_index.html                               |   2 +-
 doc/file.CHANGELOG.html                       |   2 +-
 doc/file.CODE_OF_CONDUCT.html                 |   2 +-
 doc/file.CONTRIBUTING.html                    |   2 +-
 doc/file.LICENSE.html                         |   2 +-
 doc/file.README.html                          |  24 +-
 doc/file.SECURITY.html                        |   2 +-
 doc/index.html                                |  24 +-
 doc/top-level-namespace.html                  |   2 +-
 gemfiles/audit.gemfile                        |   2 +-
 gemfiles/coverage.gemfile                     |   2 +-
 gemfiles/current.gemfile                      |   2 +-
 gemfiles/current_runtime_heads.gemfile        |   2 +-
 gemfiles/head.gemfile                         |   2 +-
 gemfiles/omnibus.gemfile                      |   2 +-
 gemfiles/ruby_2_3_hashie_v0.gemfile           |   2 +-
 gemfiles/ruby_2_3_hashie_v1.gemfile           |   2 +-
 gemfiles/ruby_2_3_hashie_v2.gemfile           |   2 +-
 gemfiles/ruby_2_3_hashie_v3.gemfile           |   2 +-
 gemfiles/ruby_2_3_hashie_v4.gemfile           |   2 +-
 gemfiles/ruby_2_3_hashie_v5.gemfile           |   2 +-
 gemfiles/ruby_2_4.gemfile                     |   2 +-
 gemfiles/ruby_2_5.gemfile                     |   2 +-
 gemfiles/ruby_2_6.gemfile                     |   2 +-
 gemfiles/ruby_2_7.gemfile                     |   2 +-
 gemfiles/ruby_3_0.gemfile                     |   2 +-
 gemfiles/ruby_3_1.gemfile                     |   2 +-
 gemfiles/ruby_3_2.gemfile                     |   2 +-
 gemfiles/ruby_3_3.gemfile                     |   2 +-
 gemfiles/style.gemfile                        |   2 +-
 gemfiles/vanilla.gemfile                      |   2 +-
 lib/oauth2/access_token.rb                    |  32 +-
 51 files changed, 352 insertions(+), 279 deletions(-)

diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index e557c814..71c67acf 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -6,9 +6,9 @@
   "lib/oauth2.rb:65351186": [
     [38, 11, 7, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 651502127]
   ],
-  "lib/oauth2/access_token.rb:3471244990": [
-    [49, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513],
-    [55, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513]
+  "lib/oauth2/access_token.rb:558937598": [
+    [64, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513],
+    [70, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513]
   ],
   "lib/oauth2/authenticator.rb:63639854": [
     [42, 5, 113, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 734523108]
@@ -18,7 +18,7 @@
     [9, 9, 25, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2012823020],
     [13, 9, 25, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 2012823020]
   ],
-  "lib/oauth2/response.rb:1516229748": [
+  "lib/oauth2/response.rb:2808363818": [
     [35, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427]
   ],
   "oauth2.gemspec:1301437182": [
diff --git a/README.md b/README.md
index 058cf303..02f38290 100644
--- a/README.md
+++ b/README.md
@@ -496,7 +496,7 @@ SnakyHash::StringKeyed.class_eval do
 end
 ```
 
-2. 
+2.
 
 #### What if I hate snakes and/or indifference?
 
diff --git a/REEK b/REEK
index 5238fe76..f96c5ee9 100644
--- a/REEK
+++ b/REEK
@@ -8,31 +8,32 @@ spec/oauth2/error_spec.rb -- 3 warnings:
   [10]:IrresponsibleModule: XmledString has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
   [4]:SubclassedFromCoreClass: StirredHash inherits from core class 'Hash' [https://github.com/troessner/reek/blob/v6.5.0/docs/Subclassed-From-Core-Class.md]
   [10]:SubclassedFromCoreClass: XmledString inherits from core class 'String' [https://github.com/troessner/reek/blob/v6.5.0/docs/Subclassed-From-Core-Class.md]
-lib/oauth2/access_token.rb -- 24 warnings:
-  [12]:Attribute: OAuth2::AccessToken#options is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
-  [12]:Attribute: OAuth2::AccessToken#refresh_token is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
-  [12]:Attribute: OAuth2::AccessToken#response is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
-  [302, 310, 317, 324, 331, 338]:DataClump: OAuth2::AccessToken takes parameters ['opts', 'path'] to 6 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Data-Clump.md]
-  [350, 366]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'options[:mode]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [356, 360, 362]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'options[:param_name]' 3 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [358, 359, 360, 362]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'opts[:body]' 4 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [352, 353]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'opts[:headers]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [355, 356]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'opts[:params]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [4]:InstanceVariableAssumption: OAuth2::AccessToken assumes too much for instance variable '@refresh_token' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
-  [4]:IrresponsibleModule: OAuth2::AccessToken has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
-  [349]:MissingSafeMethod: OAuth2::AccessToken has missing safe method 'configure_authentication!' [https://github.com/troessner/reek/blob/v6.5.0/docs/Missing-Safe-Method.md]
-  [125, 125]:NilCheck: OAuth2::AccessToken#initialize performs a nil-check [https://github.com/troessner/reek/blob/v6.5.0/docs/Nil-Check.md]
-  [244]:NilCheck: OAuth2::AccessToken#revoke performs a nil-check [https://github.com/troessner/reek/blob/v6.5.0/docs/Nil-Check.md]
-  [4]:TooManyInstanceVariables: OAuth2::AccessToken has at least 7 instance variables [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Instance-Variables.md]
-  [4]:TooManyMethods: OAuth2::AccessToken has at least 20 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Methods.md]
-  [349]:TooManyStatements: OAuth2::AccessToken#configure_authentication! has approx 8 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [42]:TooManyStatements: OAuth2::AccessToken#from_hash has approx 10 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [185]:TooManyStatements: OAuth2::AccessToken#refresh has approx 7 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [234]:TooManyStatements: OAuth2::AccessToken#revoke has approx 13 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-  [281]:UncommunicativeVariableName: OAuth2::AccessToken#to_hash has the variable name 'k' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
-  [281]:UncommunicativeVariableName: OAuth2::AccessToken#to_hash has the variable name 'v' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
-  [370]:UtilityFunction: OAuth2::AccessToken#convert_expires_at doesn't depend on instance state (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Utility-Function.md]
+lib/oauth2/access_token.rb -- 25 warnings:
+  [27]:Attribute: OAuth2::AccessToken#options is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
+  [27]:Attribute: OAuth2::AccessToken#refresh_token is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
+  [27]:Attribute: OAuth2::AccessToken#response is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
+  [326, 334, 341, 348, 355, 362]:DataClump: OAuth2::AccessToken takes parameters ['opts', 'path'] to 6 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Data-Clump.md]
+  [374, 390]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'options[:mode]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
+  [380, 384, 386]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'options[:param_name]' 3 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
+  [382, 383, 384, 386]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'opts[:body]' 4 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
+  [376, 377]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'opts[:headers]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
+  [379, 380]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'opts[:params]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
+  [77, 79]:DuplicateMethodCall: OAuth2::AccessToken#from_hash calls 'fresh.delete(key)' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
+  [19]:InstanceVariableAssumption: OAuth2::AccessToken assumes too much for instance variable '@refresh_token' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
+  [19]:IrresponsibleModule: OAuth2::AccessToken has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
+  [373]:MissingSafeMethod: OAuth2::AccessToken has missing safe method 'configure_authentication!' [https://github.com/troessner/reek/blob/v6.5.0/docs/Missing-Safe-Method.md]
+  [149, 149]:NilCheck: OAuth2::AccessToken#initialize performs a nil-check [https://github.com/troessner/reek/blob/v6.5.0/docs/Nil-Check.md]
+  [268]:NilCheck: OAuth2::AccessToken#revoke performs a nil-check [https://github.com/troessner/reek/blob/v6.5.0/docs/Nil-Check.md]
+  [19]:TooManyInstanceVariables: OAuth2::AccessToken has at least 7 instance variables [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Instance-Variables.md]
+  [19]:TooManyMethods: OAuth2::AccessToken has at least 20 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Methods.md]
+  [373]:TooManyStatements: OAuth2::AccessToken#configure_authentication! has approx 8 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
+  [57]:TooManyStatements: OAuth2::AccessToken#from_hash has approx 12 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
+  [209]:TooManyStatements: OAuth2::AccessToken#refresh has approx 7 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
+  [258]:TooManyStatements: OAuth2::AccessToken#revoke has approx 13 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
+  [18]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
+  [305]:UncommunicativeVariableName: OAuth2::AccessToken#to_hash has the variable name 'k' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
+  [305]:UncommunicativeVariableName: OAuth2::AccessToken#to_hash has the variable name 'v' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
+  [394]:UtilityFunction: OAuth2::AccessToken#convert_expires_at doesn't depend on instance state (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Utility-Function.md]
 lib/oauth2/authenticator.rb -- 5 warnings:
   [68, 70]:FeatureEnvy: OAuth2::Authenticator#apply_basic_auth refers to 'params' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
   [6]:IrresponsibleModule: OAuth2::Authenticator has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
@@ -127,4 +128,4 @@ lib/oauth2.rb -- 1 warning:
   [27]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
 .yard_gfm_support.rb -- 1 warning:
   [9, 9]:FeatureEnvy: KramdownGfmDocument#initialize refers to 'options' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
-111 total warnings
+112 total warnings
diff --git a/doc/OAuth2.html b/doc/OAuth2.html
index 435f29eb..0394030e 100644
--- a/doc/OAuth2.html
+++ b/doc/OAuth2.html
@@ -326,7 +326,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html
index 8afe3a11..e72f9842 100644
--- a/doc/OAuth2/AccessToken.html
+++ b/doc/OAuth2/AccessToken.html
@@ -1038,30 +1038,6 @@ 
        
       
         
 
-118
-119
-120
-121
-122
-123
-124
-125
-126
-127
-128
-129
-130
-131
-132
-133
-134
-135
-136
-137
-138
-139
-140
-141
 142
 143
 144
@@ -1071,10 +1047,34 @@ 
        
 148
 149
 150
-151
        
+151
+152
+153
+154
+155
+156
+157
+158
+159
+160
+161
+162
+163
+164
+165
+166
+167
+168
+169
+170
+171
+172
+173
+174
+175
        		- 
        # File 'lib/oauth2/access_token.rb', line 118
+      
        # File 'lib/oauth2/access_token.rb', line 142
 
 def initialize(client, token, opts = {})
   @client = client
@@ -1147,12 +1147,12 @@ 
        
       
         
 
-11
-12
-13
        
+26
+27
+28
        		- 
        # File 'lib/oauth2/access_token.rb', line 11
+      
        # File 'lib/oauth2/access_token.rb', line 26
 
 def client
   @client
@@ -1189,12 +1189,12 @@ 
        
       
         
 
-11
-12
-13
        
+26
+27
+28
        		- 
        # File 'lib/oauth2/access_token.rb', line 11
+      
        # File 'lib/oauth2/access_token.rb', line 26
 
 def expires_at
   @expires_at
@@ -1231,12 +1231,12 @@ 
        
       
         
 
-11
-12
-13
        
+26
+27
+28
        		- 
        # File 'lib/oauth2/access_token.rb', line 11
+      
        # File 'lib/oauth2/access_token.rb', line 26
 
 def expires_in
   @expires_in
@@ -1273,12 +1273,12 @@ 
        
       
         
 
-11
-12
-13
        
+26
+27
+28
        		- 
        # File 'lib/oauth2/access_token.rb', line 11
+      
        # File 'lib/oauth2/access_token.rb', line 26
 
 def expires_latency
   @expires_latency
@@ -1315,12 +1315,12 @@ 
        
       
         
 
-12
-13
-14
        
+27
+28
+29
        		- 
        # File 'lib/oauth2/access_token.rb', line 12
+      
        # File 'lib/oauth2/access_token.rb', line 27
 
 def options
   @options
@@ -1357,12 +1357,12 @@ 
        
       
         
 
-11
-12
-13
        
+26
+27
+28
        		- 
        # File 'lib/oauth2/access_token.rb', line 11
+      
        # File 'lib/oauth2/access_token.rb', line 26
 
 def params
   @params
@@ -1399,12 +1399,12 @@ 
        
       
         
 
-12
-13
-14
        
+27
+28
+29
        		- 
        # File 'lib/oauth2/access_token.rb', line 12
+      
        # File 'lib/oauth2/access_token.rb', line 27
 
 def refresh_token
   @refresh_token
@@ -1441,12 +1441,12 @@ 
        
       
         
 
-12
-13
-14
        
+27
+28
+29
        		- 
        # File 'lib/oauth2/access_token.rb', line 12
+      
        # File 'lib/oauth2/access_token.rb', line 27
 
 def response
   @response
@@ -1483,12 +1483,12 @@ 
        
       
         
 
-11
-12
-13
        
+26
+27
+28
        		- 
        # File 'lib/oauth2/access_token.rb', line 11
+      
        # File 'lib/oauth2/access_token.rb', line 26
 
 def token
   @token
@@ -1731,27 +1731,36 @@ 
        Examples:
        
       
         
 
-42
-43
-44
-45
-46
-47
-48
-49
-50
-51
-52
-53
-54
-55
-56
 57
 58
-59
        
+59
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+82
+83
        		- 
        # File 'lib/oauth2/access_token.rb', line 42
+      
        # File 'lib/oauth2/access_token.rb', line 57
 
 def from_hash(client, hash)
   fresh = hash.dup
@@ -1768,8 +1777,17 @@ 
        Examples:
        
       extra_tokens_warning(supported_keys, t_key)
       t_key
     end
-  token = fresh.delete(key) || ""
-  new(client, token, fresh)
+  # :nocov:
+  # TODO: Get rid of this branching logic when dropping Hashie < v3.2
+  token = if !defined?(Hashie::VERSION) # i.e. <= "1.1.0"; the first Hashie to ship with a VERSION constant
+    warn("snaky_hash and oauth2 will drop support for Hashie v0 in the next major version. Please upgrade to a modern Hashie.")
+    # There is a bug in Hashie v0, which is accounts for.
+    fresh.delete(key) || fresh[key] || ""
+  else
+    fresh.delete(key) || ""
+  end
+  # :nocov:
+  new(client, token, fresh)
 end
        - 
        # File 'lib/oauth2/access_token.rb', line 66
+      
        # File 'lib/oauth2/access_token.rb', line 90
 
 def from_kvform(client, kvform)
   from_hash(client, Rack::Utils.parse_query(kvform))
@@ -1917,12 +1935,12 @@ 
        
       
         
 
-156
-157
-158
        
+180
+181
+182
        		- 
        # File 'lib/oauth2/access_token.rb', line 156
+      
        # File 'lib/oauth2/access_token.rb', line 180
 
 def [](key)
   @params[key]
@@ -1964,12 +1982,12 @@ 
        
       
         
 
-338
-339
-340
        
+362
+363
+364
        		- 
        # File 'lib/oauth2/access_token.rb', line 338
+      
        # File 'lib/oauth2/access_token.rb', line 362
 
 def delete(path, opts = {}, &block)
   request(:delete, path, opts, &block)
@@ -2021,12 +2039,12 @@ 
        
       
         
 
-170
-171
-172
        
+194
+195
+196
        		- 
        # File 'lib/oauth2/access_token.rb', line 170
+      
        # File 'lib/oauth2/access_token.rb', line 194
 
 def expired?
   expires? && (expires_at <= Time.now.to_i)
@@ -2074,12 +2092,12 @@ 
        
       
         
 
-163
-164
-165
        
+187
+188
+189
        		- 
        # File 'lib/oauth2/access_token.rb', line 163
+      
        # File 'lib/oauth2/access_token.rb', line 187
 
 def expires?
   !!@expires_at
@@ -2121,12 +2139,12 @@ 
        
       
         
 
-310
-311
-312
        
+334
+335
+336
        		- 
        # File 'lib/oauth2/access_token.rb', line 310
+      
        # File 'lib/oauth2/access_token.rb', line 334
 
 def get(path, opts = {}, &block)
   request(:get, path, opts, &block)
@@ -2161,12 +2179,12 @@ 
        
       
         
 
-343
-344
-345
        
+367
+368
+369
        		- 
        # File 'lib/oauth2/access_token.rb', line 343
+      
        # File 'lib/oauth2/access_token.rb', line 367
 
 def headers
   {"Authorization" => options[:header_format] % token}
@@ -2208,12 +2226,12 @@ 
        
       
         
 
-331
-332
-333
        
+355
+356
+357
        		- 
        # File 'lib/oauth2/access_token.rb', line 331
+      
        # File 'lib/oauth2/access_token.rb', line 355
 
 def patch(path, opts = {}, &block)
   request(:patch, path, opts, &block)
@@ -2255,12 +2273,12 @@ 
        
       
         
 
-317
-318
-319
        
+341
+342
+343
        		- 
        # File 'lib/oauth2/access_token.rb', line 317
+      
        # File 'lib/oauth2/access_token.rb', line 341
 
 def post(path, opts = {}, &block)
   request(:post, path, opts, &block)
@@ -2302,12 +2320,12 @@ 
        
       
         
 
-324
-325
-326
        
+348
+349
+350
        		- 
        # File 'lib/oauth2/access_token.rb', line 324
+      
        # File 'lib/oauth2/access_token.rb', line 348
 
 def put(path, opts = {}, &block)
   request(:put, path, opts, &block)
@@ -2457,23 +2475,23 @@ 
        
       
         
 
-185
-186
-187
-188
-189
-190
-191
-192
-193
-194
-195
-196
-197
-198
        
+209
+210
+211
+212
+213
+214
+215
+216
+217
+218
+219
+220
+221
+222
        		- 
        # File 'lib/oauth2/access_token.rb', line 185
+      
        # File 'lib/oauth2/access_token.rb', line 209
 
 def refresh(params = {}, access_token_opts = {}, &block)
   raise OAuth2::Error.new({error: "A refresh_token is not available"}) unless refresh_token
@@ -2679,13 +2697,13 @@ 
        
       
         
 
-302
-303
-304
-305
        
+326
+327
+328
+329
        		- 
        # File 'lib/oauth2/access_token.rb', line 302
+      
        # File 'lib/oauth2/access_token.rb', line 326
 
 def request(verb, path, opts = {}, &block)
   configure_authentication!(opts)
@@ -2893,34 +2911,34 @@ 
        
       
         
 
-234
-235
-236
-237
-238
-239
-240
-241
-242
-243
-244
-245
-246
-247
-248
-249
-250
-251
-252
-253
-254
-255
-256
-257
-258
        
+258
+259
+260
+261
+262
+263
+264
+265
+266
+267
+268
+269
+270
+271
+272
+273
+274
+275
+276
+277
+278
+279
+280
+281
+282
        		- 
        # File 'lib/oauth2/access_token.rb', line 234
+      
        # File 'lib/oauth2/access_token.rb', line 258
 
 def revoke(params = {}, &block)
   token_type_hint_orig = params.delete(:token_type_hint)
@@ -3001,27 +3019,27 @@ 
        
       
         
 
-268
-269
-270
-271
-272
-273
-274
-275
-276
-277
-278
-279
-280
-281
-282
-283
-284
-285
        
+292
+293
+294
+295
+296
+297
+298
+299
+300
+301
+302
+303
+304
+305
+306
+307
+308
+309
        		- 
        # File 'lib/oauth2/access_token.rb', line 268
+      
        # File 'lib/oauth2/access_token.rb', line 292
 
 def to_hash
   hsh = {
@@ -3051,7 +3069,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html
index 203f83c5..5c4bffc7 100644
--- a/doc/OAuth2/Authenticator.html
+++ b/doc/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html
index d2362bf7..0c583c84 100644
--- a/doc/OAuth2/Client.html
+++ b/doc/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html
index 7c8c82a3..71f633f0 100644
--- a/doc/OAuth2/Error.html
+++ b/doc/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html
index 5bae1109..c97721e3 100644
--- a/doc/OAuth2/FilteredAttributes.html
+++ b/doc/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html
index 1f6d746b..cd4a0dd1 100644
--- a/doc/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html
index ebe35500..b4d52104 100644
--- a/doc/OAuth2/Response.html
+++ b/doc/OAuth2/Response.html
@@ -368,7 +368,7 @@ 
        
         
      12. 
   
     
-      #parsed  ⇒ Object? 
+      #parsed  ⇒ Object, ... 
     
 
     
@@ -886,7 +886,7 @@ 
        
       
        
   
        
   
-    #parsedObject? 
+    #parsedObject, ... 
   
 
   
@@ -907,12 +907,12 @@ 
        
     
      13. 
       
       
-        (Object)
+        (Object, SnakyHash::StringKeyed)
       
       
       
         —
-        
        As returned by #parser if it is #call-able.
        
+        
        As returned by #parser if #call-able; snaky hash if options[:snaky].
        
 
        
       
     
        14. 
@@ -1134,7 +1134,7 @@ 
        
 
        
 
       
diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html
index afe51801..3fc25e14 100644
--- a/doc/OAuth2/Strategy.html
+++ b/doc/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html
index fa3e86f2..a1d2ab0e 100644
--- a/doc/OAuth2/Strategy/Assertion.html
+++ b/doc/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html
index f9f72043..cd3b0882 100644
--- a/doc/OAuth2/Strategy/AuthCode.html
+++ b/doc/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html
index 58b54f46..b9f4dd9e 100644
--- a/doc/OAuth2/Strategy/Base.html
+++ b/doc/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html
index 61c7a5ba..a6a50c9c 100644
--- a/doc/OAuth2/Strategy/ClientCredentials.html
+++ b/doc/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html
index b600ad4b..4a952299 100644
--- a/doc/OAuth2/Strategy/Implicit.html
+++ b/doc/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html
index c3e30d22..fbc36d12 100644
--- a/doc/OAuth2/Strategy/Password.html
+++ b/doc/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html
index 6f553a88..35ae85bb 100644
--- a/doc/OAuth2/Version.html
+++ b/doc/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/doc/_index.html b/doc/_index.html
index 541c36bc..bf789e33 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -300,7 +300,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html
index 1113489c..25507420 100644
--- a/doc/file.CHANGELOG.html
+++ b/doc/file.CHANGELOG.html
@@ -773,7 +773,7 @@ 
        
 
 
       
diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html
index 5781bf53..7fc0d9e3 100644
--- a/doc/file.CODE_OF_CONDUCT.html
+++ b/doc/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
        Attribution
        
 
 
       
diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html
index 8ac909f4..fcb606bc 100644
--- a/doc/file.CONTRIBUTING.html
+++ b/doc/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
        To release a new version:
        
 
 
       
diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html
index 6e9936f3..8b4d1df0 100644
--- a/doc/file.LICENSE.html
+++ b/doc/file.LICENSE.html
@@ -60,7 +60,7 @@
       
        MIT License

        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
        Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:

        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.

        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
 
       
diff --git a/doc/file.README.html b/doc/file.README.html
index deb4dc97..3a15e387 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -68,7 +68,7 @@
 
 
        🔐 OAuth2
        
 
-
        Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL
        
+
        Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
        
 
 
        
 
@@ -387,6 +387,7 @@ 
        Version 2.0.x
        
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
+| 2.0.11  | 2025-05-21    | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.10 README][2.0.11-readme] |
 | 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
 | 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
 | 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
@@ -694,9 +695,26 @@ 
        snake_case and indi
 response.parsed[:access_token]    # => "aaaaaaaa"
 response.parsed.additional_data   # => "additional"
 response.parsed[:additional_data] # => "additional"
-response.parsed.class.name        # => OAuth2::SnakyHash (subclass of Hashie::Mash::Rash, from `rash_alt` gem)
+response.parsed.class.name        # => SnakyHash::StringKeyed (from snaky_hash gem)
 
        14. 
 
+
        Serialization
        
+
+
        As of v2.0.11, if you need to serialize the parsed result, you can!
        
+
+
        There are two ways to do this.
        
+
+
          
+  
        1. Global: put this in your code somewhere reasonable (like an initializer for Rails):
+    
          SnakyHash::StringKeyed.class_eval do
+  extend SnakyHash::Serializer
+end
+
          
+  
          2. 
+
        
+
+
        2.
        
+
 
        What if I hate snakes and/or indifference?
        
 
 
        response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
@@ -957,7 +975,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html
index c879d7c3..1e399d4d 100644
--- a/doc/file.SECURITY.html
+++ b/doc/file.SECURITY.html
@@ -110,7 +110,7 @@ 
        OAuth2 for Enterprise
        
 
 
       
diff --git a/doc/index.html b/doc/index.html
index b8e40e78..c7e2e70c 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -68,7 +68,7 @@
 
 
        🔐 OAuth2
        
 
-
        Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL
        
+
        Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
        
 
 
        
 
@@ -387,6 +387,7 @@ 
        Version 2.0.x
        
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
+| 2.0.11  | 2025-05-21    | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.10 README][2.0.11-readme] |
 | 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
 | 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
 | 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
@@ -694,9 +695,26 @@ 
        snake_case and indi
 response.parsed[:access_token]    # => "aaaaaaaa"
 response.parsed.additional_data   # => "additional"
 response.parsed[:additional_data] # => "additional"
-response.parsed.class.name        # => OAuth2::SnakyHash (subclass of Hashie::Mash::Rash, from `rash_alt` gem)
+response.parsed.class.name        # => SnakyHash::StringKeyed (from snaky_hash gem)
 
        
 
+
        Serialization
        
+
+
        As of v2.0.11, if you need to serialize the parsed result, you can!
        
+
+
        There are two ways to do this.
        
+
+
          
+  
        1. Global: put this in your code somewhere reasonable (like an initializer for Rails):
+    
          SnakyHash::StringKeyed.class_eval do
+  extend SnakyHash::Serializer
+end
+
          
+  
          2. 
+
        
+
+
        2.
        
+
 
        What if I hate snakes and/or indifference?
        
 
 
        response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
@@ -957,7 +975,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index f7c1afe8..2665d63d 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/gemfiles/audit.gemfile b/gemfiles/audit.gemfile
index 51d2169c..173a1e36 100644
--- a/gemfiles/audit.gemfile
+++ b/gemfiles/audit.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/audit.gemfile")
 
diff --git a/gemfiles/coverage.gemfile b/gemfiles/coverage.gemfile
index 89a57ce0..6b348995 100644
--- a/gemfiles/coverage.gemfile
+++ b/gemfiles/coverage.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/coverage.gemfile")
 
diff --git a/gemfiles/current.gemfile b/gemfiles/current.gemfile
index 05f8012c..c4f47527 100644
--- a/gemfiles/current.gemfile
+++ b/gemfiles/current.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", ">= 0.2"
 gem "stringio", ">= 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/current_runtime_heads.gemfile b/gemfiles/current_runtime_heads.gemfile
index 74ea868d..fc9c120d 100644
--- a/gemfiles/current_runtime_heads.gemfile
+++ b/gemfiles/current_runtime_heads.gemfile
@@ -5,6 +5,6 @@ source "https://rubygems.org/"
 gem "mutex_m", ">= 0.2"
 gem "stringio", ">= 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/runtime_heads.gemfile")
diff --git a/gemfiles/head.gemfile b/gemfiles/head.gemfile
index 74ea868d..fc9c120d 100644
--- a/gemfiles/head.gemfile
+++ b/gemfiles/head.gemfile
@@ -5,6 +5,6 @@ source "https://rubygems.org/"
 gem "mutex_m", ">= 0.2"
 gem "stringio", ">= 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/runtime_heads.gemfile")
diff --git a/gemfiles/omnibus.gemfile b/gemfiles/omnibus.gemfile
index 168d34cc..57cc634c 100644
--- a/gemfiles/omnibus.gemfile
+++ b/gemfiles/omnibus.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/audit.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v0.gemfile b/gemfiles/ruby_2_3_hashie_v0.gemfile
index 088d2f1d..00bcdb3e 100644
--- a/gemfiles/ruby_2_3_hashie_v0.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v0.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v1.gemfile b/gemfiles/ruby_2_3_hashie_v1.gemfile
index 7a4ef09a..ecfeea8d 100644
--- a/gemfiles/ruby_2_3_hashie_v1.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v1.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v2.gemfile b/gemfiles/ruby_2_3_hashie_v2.gemfile
index ce43494c..4fe61c42 100644
--- a/gemfiles/ruby_2_3_hashie_v2.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v2.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v3.gemfile b/gemfiles/ruby_2_3_hashie_v3.gemfile
index 3e4f6152..25e9dd99 100644
--- a/gemfiles/ruby_2_3_hashie_v3.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v3.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v4.gemfile b/gemfiles/ruby_2_3_hashie_v4.gemfile
index a3f2c430..e6890a6e 100644
--- a/gemfiles/ruby_2_3_hashie_v4.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v4.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v5.gemfile b/gemfiles/ruby_2_3_hashie_v5.gemfile
index db80674b..ca626232 100644
--- a/gemfiles/ruby_2_3_hashie_v5.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v5.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_4.gemfile b/gemfiles/ruby_2_4.gemfile
index c15b04f9..e8c2f7b6 100644
--- a/gemfiles/ruby_2_4.gemfile
+++ b/gemfiles/ruby_2_4.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v1.gemfile")
 
diff --git a/gemfiles/ruby_2_5.gemfile b/gemfiles/ruby_2_5.gemfile
index cca5f0e8..039fdb5a 100644
--- a/gemfiles/ruby_2_5.gemfile
+++ b/gemfiles/ruby_2_5.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v1.gemfile")
 
diff --git a/gemfiles/ruby_2_6.gemfile b/gemfiles/ruby_2_6.gemfile
index 6e332186..77a7e508 100644
--- a/gemfiles/ruby_2_6.gemfile
+++ b/gemfiles/ruby_2_6.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_2_7.gemfile b/gemfiles/ruby_2_7.gemfile
index b38394a3..5d304af5 100644
--- a/gemfiles/ruby_2_7.gemfile
+++ b/gemfiles/ruby_2_7.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_0.gemfile b/gemfiles/ruby_3_0.gemfile
index 6c46b863..36974019 100644
--- a/gemfiles/ruby_3_0.gemfile
+++ b/gemfiles/ruby_3_0.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_1.gemfile b/gemfiles/ruby_3_1.gemfile
index 6c46b863..36974019 100644
--- a/gemfiles/ruby_3_1.gemfile
+++ b/gemfiles/ruby_3_1.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_2.gemfile b/gemfiles/ruby_3_2.gemfile
index a173c574..f5b6f53d 100644
--- a/gemfiles/ruby_3_2.gemfile
+++ b/gemfiles/ruby_3_2.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_3.gemfile b/gemfiles/ruby_3_3.gemfile
index a173c574..f5b6f53d 100644
--- a/gemfiles/ruby_3_3.gemfile
+++ b/gemfiles/ruby_3_3.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/style.gemfile b/gemfiles/style.gemfile
index 0b9591b7..f75762cf 100644
--- a/gemfiles/style.gemfile
+++ b/gemfiles/style.gemfile
@@ -5,6 +5,6 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/style.gemfile")
diff --git a/gemfiles/vanilla.gemfile b/gemfiles/vanilla.gemfile
index a55548f2..095e6608 100644
--- a/gemfiles/vanilla.gemfile
+++ b/gemfiles/vanilla.gemfile
@@ -2,4 +2,4 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb
index c55228b1..c5607392 100644
--- a/lib/oauth2/access_token.rb
+++ b/lib/oauth2/access_token.rb
@@ -1,5 +1,20 @@
 # frozen_string_literal: true
 
+# :nocov:
+begin
+  # The first version of hashie that has a version file was 1.1.0
+  # The first version of hashie that required the version file at runtime was 3.2.0
+  # If it has already been loaded then this is very low cost, as Kernel.require uses maintains a cache
+  # If this it hasn't this will work to get it loaded, and then we will be able to use
+  #   defined?(Hashie::Version)
+  # as a test.
+  # TODO: get rid this mess when we drop Hashie < 3.2, as Hashie will self-load its version then
+  require "hashie/version"
+rescue LoadError
+  nil
+end
+# :nocov:
+
 module OAuth2
   class AccessToken # rubocop:disable Metrics/ClassLength
     TOKEN_KEYS_STR = %w[access_token id_token token accessToken idToken].freeze
@@ -54,13 +69,16 @@ def from_hash(client, hash)
             extra_tokens_warning(supported_keys, t_key)
             t_key
           end
-        token = if !defined?(Hashie::VERSION) # i.e. < "1.0"
-                  warn("snaky_hash and oauth2 will drop support for Hashie v0 in the next major version. Please upgrade to a modern Hashie.")
-                  # There is a bug in Hashie v0, which is accounts for.
-                  fresh.delete(key) || fresh[key] || ""
-                else
-                  fresh.delete(key) || ""
-                end
+        # :nocov:
+        # TODO: Get rid of this branching logic when dropping Hashie < v3.2
+        token = if !defined?(Hashie::VERSION) # i.e. <= "1.1.0"; the first Hashie to ship with a VERSION constant
+          warn("snaky_hash and oauth2 will drop support for Hashie v0 in the next major version. Please upgrade to a modern Hashie.")
+          # There is a bug in Hashie v0, which is accounts for.
+          fresh.delete(key) || fresh[key] || ""
+        else
+          fresh.delete(key) || ""
+        end
+        # :nocov:
         new(client, token, fresh)
       end
 

From 493edf3e43b5e950f4f33ac65b60a5aa1359dd71 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 22 May 2025 09:18:00 +0700
Subject: [PATCH 410/645] =?UTF-8?q?=F0=9F=92=9A=20skip=20output=20tests=20?=
 =?UTF-8?q?when=20Hashie::VERSION=20not=20defined?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- because our warning output will mess up the test
---
 .rubocop_gradual.lock                           | 12 ++++--------
 doc/OAuth2.html                                 |  2 +-
 doc/OAuth2/AccessToken.html                     |  2 +-
 doc/OAuth2/Authenticator.html                   |  2 +-
 doc/OAuth2/Client.html                          |  2 +-
 doc/OAuth2/Error.html                           |  2 +-
 doc/OAuth2/FilteredAttributes.html              |  2 +-
 doc/OAuth2/FilteredAttributes/ClassMethods.html |  2 +-
 doc/OAuth2/Response.html                        |  2 +-
 doc/OAuth2/Strategy.html                        |  2 +-
 doc/OAuth2/Strategy/Assertion.html              |  2 +-
 doc/OAuth2/Strategy/AuthCode.html               |  2 +-
 doc/OAuth2/Strategy/Base.html                   |  2 +-
 doc/OAuth2/Strategy/ClientCredentials.html      |  2 +-
 doc/OAuth2/Strategy/Implicit.html               |  2 +-
 doc/OAuth2/Strategy/Password.html               |  2 +-
 doc/OAuth2/Version.html                         |  2 +-
 doc/_index.html                                 |  2 +-
 doc/file.CHANGELOG.html                         |  2 +-
 doc/file.CODE_OF_CONDUCT.html                   |  2 +-
 doc/file.CONTRIBUTING.html                      |  2 +-
 doc/file.LICENSE.html                           |  2 +-
 doc/file.README.html                            |  2 +-
 doc/file.SECURITY.html                          |  2 +-
 doc/index.html                                  |  2 +-
 doc/top-level-namespace.html                    |  2 +-
 spec/oauth2/access_token_spec.rb                | 16 ++++++++++++----
 27 files changed, 41 insertions(+), 37 deletions(-)

diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index 71c67acf..00b8732b 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -24,15 +24,11 @@
   "oauth2.gemspec:1301437182": [
     [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028]
   ],
-  "spec/oauth2/access_token_spec.rb:443932125": [
+  "spec/oauth2/access_token_spec.rb:1552001085": [
     [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547],
-    [392, 142, 40, "Lint/LiteralInInterpolation: Literal interpolation detected.", 4210228387],
-    [400, 142, 40, "Lint/LiteralInInterpolation: Literal interpolation detected.", 4210228387],
-    [606, 142, 20, "Lint/LiteralInInterpolation: Literal interpolation detected.", 304063511],
-    [632, 142, 20, "Lint/LiteralInInterpolation: Literal interpolation detected.", 304063511],
-    [781, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088],
-    [851, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639],
-    [855, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967]
+    [789, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088],
+    [859, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639],
+    [863, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967]
   ],
   "spec/oauth2/authenticator_spec.rb:853320290": [
     [3, 1, 36, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/authenticator*_spec.rb`.", 819808017],
diff --git a/doc/OAuth2.html b/doc/OAuth2.html
index 0394030e..e867e791 100644
--- a/doc/OAuth2.html
+++ b/doc/OAuth2.html
@@ -326,7 +326,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html
index e72f9842..7d6f5266 100644
--- a/doc/OAuth2/AccessToken.html
+++ b/doc/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html
index 5c4bffc7..a8b75fb5 100644
--- a/doc/OAuth2/Authenticator.html
+++ b/doc/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html
index 0c583c84..75bdfebe 100644
--- a/doc/OAuth2/Client.html
+++ b/doc/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html
index 71f633f0..21044bae 100644
--- a/doc/OAuth2/Error.html
+++ b/doc/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html
index c97721e3..f1707ed1 100644
--- a/doc/OAuth2/FilteredAttributes.html
+++ b/doc/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html
index cd4a0dd1..2dcc1449 100644
--- a/doc/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html
index b4d52104..9e117187 100644
--- a/doc/OAuth2/Response.html
+++ b/doc/OAuth2/Response.html
@@ -1134,7 +1134,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html
index 3fc25e14..d1428e53 100644
--- a/doc/OAuth2/Strategy.html
+++ b/doc/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html
index a1d2ab0e..f109af6f 100644
--- a/doc/OAuth2/Strategy/Assertion.html
+++ b/doc/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html
index cd3b0882..9d095fc2 100644
--- a/doc/OAuth2/Strategy/AuthCode.html
+++ b/doc/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html
index b9f4dd9e..8aef699b 100644
--- a/doc/OAuth2/Strategy/Base.html
+++ b/doc/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html
index a6a50c9c..b6f736a5 100644
--- a/doc/OAuth2/Strategy/ClientCredentials.html
+++ b/doc/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html
index 4a952299..3baacc91 100644
--- a/doc/OAuth2/Strategy/Implicit.html
+++ b/doc/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html
index fbc36d12..b753ad13 100644
--- a/doc/OAuth2/Strategy/Password.html
+++ b/doc/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html
index 35ae85bb..0dd5a428 100644
--- a/doc/OAuth2/Version.html
+++ b/doc/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/doc/_index.html b/doc/_index.html
index bf789e33..5438fc9f 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -300,7 +300,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html
index 25507420..f56f1373 100644
--- a/doc/file.CHANGELOG.html
+++ b/doc/file.CHANGELOG.html
@@ -773,7 +773,7 @@ 
        
 
 
       
diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html
index 7fc0d9e3..52bf98f9 100644
--- a/doc/file.CODE_OF_CONDUCT.html
+++ b/doc/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
        Attribution
        
 
 
       
diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html
index fcb606bc..7ab33c84 100644
--- a/doc/file.CONTRIBUTING.html
+++ b/doc/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
        To release a new version:
        
 
 
       
diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html
index 8b4d1df0..2a8c0474 100644
--- a/doc/file.LICENSE.html
+++ b/doc/file.LICENSE.html
@@ -60,7 +60,7 @@
       
        MIT License

        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
        Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:

        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.

        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
 
       
diff --git a/doc/file.README.html b/doc/file.README.html
index 3a15e387..7fffadef 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -975,7 +975,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html
index 1e399d4d..473880ad 100644
--- a/doc/file.SECURITY.html
+++ b/doc/file.SECURITY.html
@@ -110,7 +110,7 @@ 
        OAuth2 for Enterprise
        
 
 
       
diff --git a/doc/index.html b/doc/index.html
index c7e2e70c..6f576a4d 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -975,7 +975,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index 2665d63d..a42cfe32 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb
index b9186888..87da6494 100644
--- a/spec/oauth2/access_token_spec.rb
+++ b/spec/oauth2/access_token_spec.rb
@@ -61,6 +61,7 @@
       end
 
       it "warns on STDERR" do
+        skip("Warning output we spit on Hashie without VERSION constant makes this test invalid") unless defined?(Hashie::VERSION)
         msg = <<-MSG.lstrip
             OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key ([:access_token, :id_token]); using :access_token.
         MSG
@@ -90,6 +91,7 @@
         end
 
         it "does not warn on STDERR" do
+          skip("Warning output we spit on Hashie without VERSION constant makes this test invalid") unless defined?(Hashie::VERSION)
           expect(printed).to eq("")
         end
       end
@@ -111,6 +113,7 @@
         end
 
         it "does not warn on STDERR" do
+          skip("Warning output we spit on Hashie without VERSION constant makes this test invalid") unless defined?(Hashie::VERSION)
           expect(printed).to eq("")
         end
       end
@@ -140,6 +143,7 @@
       end
 
       it "warns on STDERR and selects the correct key" do
+        skip("Warning output we spit on Hashie without VERSION constant makes this test invalid") unless defined?(Hashie::VERSION)
         msg = <<-MSG.lstrip
             OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key ([:access_token, :id_token]); using :access_token.
         MSG
@@ -180,6 +184,7 @@
         let(:options) { {raise_errors: false} }
 
         it "warns on STDERR" do
+          skip("Warning output we spit on Hashie without VERSION constant makes this test invalid") unless defined?(Hashie::VERSION)
           msg = <<-MSG.lstrip
             OAuth2::AccessToken has no token
           MSG
@@ -206,6 +211,7 @@
           end
 
           it "does not warn when token is found" do
+            skip("Warning output we spit on Hashie without VERSION constant makes this test invalid") unless defined?(Hashie::VERSION)
             expect(printed).to eq("")
           end
         end
@@ -240,6 +246,7 @@
             end
 
             it "warns when no token is found" do
+              skip("Warning output we spit on Hashie without VERSION constant makes this test invalid") unless defined?(Hashie::VERSION)
               expect(printed.each_line.to_a).to eq([
                 "\n",
                 "OAuth2::AccessToken#from_hash key mismatch.\n",
@@ -266,6 +273,7 @@
             end
 
             it "does not warn when no token is found" do
+              skip("Warning output we spit on Hashie without VERSION constant makes this test invalid") unless defined?(Hashie::VERSION)
               expect(printed.each_line.to_a).to eq([])
             end
           end
@@ -389,7 +397,7 @@ def assert_initialized_token(target)
             let(:token) { "" }
 
             it "raises on initialize" do
-              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: #{{mode: :this_is_bad, raise_errors: true}}"}.to_s)
+              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {:mode=>:this_is_bad, :raise_errors=>true}"}.to_s)
             end
           end
 
@@ -397,7 +405,7 @@ def assert_initialized_token(target)
             let(:token) { nil }
 
             it "raises on initialize" do
-              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: #{{mode: :this_is_bad, raise_errors: true}}"}.to_s)
+              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {:mode=>:this_is_bad, :raise_errors=>true}"}.to_s)
             end
           end
         end
@@ -603,7 +611,7 @@ def assert_initialized_token(target)
 
           context "when there is no refresh_token" do
             it "raises on initialize" do
-              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: #{{raise_errors: true}}"}.to_s)
+              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {:raise_errors=>true}"}.to_s)
             end
           end
 
@@ -629,7 +637,7 @@ def assert_initialized_token(target)
 
           context "when there is no refresh_token" do
             it "raises on initialize" do
-              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: #{{raise_errors: true}}"}.to_s)
+              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {:raise_errors=>true}"}.to_s)
             end
           end
 

From 4490fd85e0e688c2ca2105ca19173d9ebc4b7575 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 22 May 2025 09:24:52 +0700
Subject: [PATCH 411/645] =?UTF-8?q?=F0=9F=92=9A=20Make=20tests=20more=20de?=
 =?UTF-8?q?terministic?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 doc/OAuth2.html                                 | 2 +-
 doc/OAuth2/AccessToken.html                     | 2 +-
 doc/OAuth2/Authenticator.html                   | 2 +-
 doc/OAuth2/Client.html                          | 2 +-
 doc/OAuth2/Error.html                           | 2 +-
 doc/OAuth2/FilteredAttributes.html              | 2 +-
 doc/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 doc/OAuth2/Response.html                        | 2 +-
 doc/OAuth2/Strategy.html                        | 2 +-
 doc/OAuth2/Strategy/Assertion.html              | 2 +-
 doc/OAuth2/Strategy/AuthCode.html               | 2 +-
 doc/OAuth2/Strategy/Base.html                   | 2 +-
 doc/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 doc/OAuth2/Strategy/Implicit.html               | 2 +-
 doc/OAuth2/Strategy/Password.html               | 2 +-
 doc/OAuth2/Version.html                         | 2 +-
 doc/_index.html                                 | 2 +-
 doc/file.CHANGELOG.html                         | 2 +-
 doc/file.CODE_OF_CONDUCT.html                   | 2 +-
 doc/file.CONTRIBUTING.html                      | 2 +-
 doc/file.LICENSE.html                           | 2 +-
 doc/file.README.html                            | 2 +-
 doc/file.SECURITY.html                          | 2 +-
 doc/index.html                                  | 2 +-
 doc/top-level-namespace.html                    | 2 +-
 25 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/doc/OAuth2.html b/doc/OAuth2.html
index e867e791..957b5f49 100644
--- a/doc/OAuth2.html
+++ b/doc/OAuth2.html
@@ -326,7 +326,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html
index 7d6f5266..cb45818e 100644
--- a/doc/OAuth2/AccessToken.html
+++ b/doc/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html
index a8b75fb5..824f45e6 100644
--- a/doc/OAuth2/Authenticator.html
+++ b/doc/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html
index 75bdfebe..cbabd727 100644
--- a/doc/OAuth2/Client.html
+++ b/doc/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html
index 21044bae..c0668efc 100644
--- a/doc/OAuth2/Error.html
+++ b/doc/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html
index f1707ed1..1f1b3307 100644
--- a/doc/OAuth2/FilteredAttributes.html
+++ b/doc/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html
index 2dcc1449..7c7630ee 100644
--- a/doc/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html
index 9e117187..167efe03 100644
--- a/doc/OAuth2/Response.html
+++ b/doc/OAuth2/Response.html
@@ -1134,7 +1134,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html
index d1428e53..e438c17d 100644
--- a/doc/OAuth2/Strategy.html
+++ b/doc/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html
index f109af6f..0403be21 100644
--- a/doc/OAuth2/Strategy/Assertion.html
+++ b/doc/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html
index 9d095fc2..0361c3fa 100644
--- a/doc/OAuth2/Strategy/AuthCode.html
+++ b/doc/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html
index 8aef699b..8b67fd81 100644
--- a/doc/OAuth2/Strategy/Base.html
+++ b/doc/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html
index b6f736a5..da8d7540 100644
--- a/doc/OAuth2/Strategy/ClientCredentials.html
+++ b/doc/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html
index 3baacc91..2803ee4c 100644
--- a/doc/OAuth2/Strategy/Implicit.html
+++ b/doc/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html
index b753ad13..f180e9f2 100644
--- a/doc/OAuth2/Strategy/Password.html
+++ b/doc/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html
index 0dd5a428..f5d06fcb 100644
--- a/doc/OAuth2/Version.html
+++ b/doc/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/doc/_index.html b/doc/_index.html
index 5438fc9f..22168e3c 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -300,7 +300,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html
index f56f1373..9977e471 100644
--- a/doc/file.CHANGELOG.html
+++ b/doc/file.CHANGELOG.html
@@ -773,7 +773,7 @@ 
        
 
 
       
diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html
index 52bf98f9..8137c2fb 100644
--- a/doc/file.CODE_OF_CONDUCT.html
+++ b/doc/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
        Attribution
        
 
 
       
diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html
index 7ab33c84..2ce1c019 100644
--- a/doc/file.CONTRIBUTING.html
+++ b/doc/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
        To release a new version:
        
 
 
       
diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html
index 2a8c0474..3c014ff3 100644
--- a/doc/file.LICENSE.html
+++ b/doc/file.LICENSE.html
@@ -60,7 +60,7 @@
       
        MIT License

        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
        Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:

        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.

        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
 
       
diff --git a/doc/file.README.html b/doc/file.README.html
index 7fffadef..039d3648 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -975,7 +975,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html
index 473880ad..99da3627 100644
--- a/doc/file.SECURITY.html
+++ b/doc/file.SECURITY.html
@@ -110,7 +110,7 @@ 
        OAuth2 for Enterprise
        
 
 
       
diff --git a/doc/index.html b/doc/index.html
index 6f576a4d..8f6569be 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -975,7 +975,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index a42cfe32..fde8836d 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
 
 
       

From fbd5b182ec7f1d7edf2d2dfad3a8336698ed787d Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 22 May 2025 09:33:57 +0700
Subject: [PATCH 412/645] =?UTF-8?q?=F0=9F=92=9A=20Fixes=20for=20discrepanc?=
 =?UTF-8?q?ies=20in=20Hash=20printing=20between=20variant=20versions=20of?=
 =?UTF-8?q?=20Ruby?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 doc/OAuth2.html                                 | 2 +-
 doc/OAuth2/AccessToken.html                     | 2 +-
 doc/OAuth2/Authenticator.html                   | 2 +-
 doc/OAuth2/Client.html                          | 2 +-
 doc/OAuth2/Error.html                           | 2 +-
 doc/OAuth2/FilteredAttributes.html              | 2 +-
 doc/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 doc/OAuth2/Response.html                        | 2 +-
 doc/OAuth2/Strategy.html                        | 2 +-
 doc/OAuth2/Strategy/Assertion.html              | 2 +-
 doc/OAuth2/Strategy/AuthCode.html               | 2 +-
 doc/OAuth2/Strategy/Base.html                   | 2 +-
 doc/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 doc/OAuth2/Strategy/Implicit.html               | 2 +-
 doc/OAuth2/Strategy/Password.html               | 2 +-
 doc/OAuth2/Version.html                         | 2 +-
 doc/_index.html                                 | 2 +-
 doc/file.CHANGELOG.html                         | 2 +-
 doc/file.CODE_OF_CONDUCT.html                   | 2 +-
 doc/file.CONTRIBUTING.html                      | 2 +-
 doc/file.LICENSE.html                           | 2 +-
 doc/file.README.html                            | 2 +-
 doc/file.SECURITY.html                          | 2 +-
 doc/index.html                                  | 2 +-
 doc/top-level-namespace.html                    | 2 +-
 25 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/doc/OAuth2.html b/doc/OAuth2.html
index 957b5f49..3c9a581f 100644
--- a/doc/OAuth2.html
+++ b/doc/OAuth2.html
@@ -326,7 +326,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html
index cb45818e..315ae851 100644
--- a/doc/OAuth2/AccessToken.html
+++ b/doc/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html
index 824f45e6..56ca667c 100644
--- a/doc/OAuth2/Authenticator.html
+++ b/doc/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html
index cbabd727..6d770c81 100644
--- a/doc/OAuth2/Client.html
+++ b/doc/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html
index c0668efc..fe5df15d 100644
--- a/doc/OAuth2/Error.html
+++ b/doc/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html
index 1f1b3307..1a7ac88a 100644
--- a/doc/OAuth2/FilteredAttributes.html
+++ b/doc/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html
index 7c7630ee..e27f46b6 100644
--- a/doc/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html
index 167efe03..3afa84e5 100644
--- a/doc/OAuth2/Response.html
+++ b/doc/OAuth2/Response.html
@@ -1134,7 +1134,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html
index e438c17d..c543ea3e 100644
--- a/doc/OAuth2/Strategy.html
+++ b/doc/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html
index 0403be21..cce5b918 100644
--- a/doc/OAuth2/Strategy/Assertion.html
+++ b/doc/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html
index 0361c3fa..d56ca793 100644
--- a/doc/OAuth2/Strategy/AuthCode.html
+++ b/doc/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html
index 8b67fd81..6805feff 100644
--- a/doc/OAuth2/Strategy/Base.html
+++ b/doc/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html
index da8d7540..c798e767 100644
--- a/doc/OAuth2/Strategy/ClientCredentials.html
+++ b/doc/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html
index 2803ee4c..22344427 100644
--- a/doc/OAuth2/Strategy/Implicit.html
+++ b/doc/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html
index f180e9f2..fd4b8385 100644
--- a/doc/OAuth2/Strategy/Password.html
+++ b/doc/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html
index f5d06fcb..49a28767 100644
--- a/doc/OAuth2/Version.html
+++ b/doc/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/doc/_index.html b/doc/_index.html
index 22168e3c..24e69d61 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -300,7 +300,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html
index 9977e471..77c345fc 100644
--- a/doc/file.CHANGELOG.html
+++ b/doc/file.CHANGELOG.html
@@ -773,7 +773,7 @@ 
        
 
 
       
diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html
index 8137c2fb..2123bd2c 100644
--- a/doc/file.CODE_OF_CONDUCT.html
+++ b/doc/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
        Attribution
        
 
 
       
diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html
index 2ce1c019..255e1e20 100644
--- a/doc/file.CONTRIBUTING.html
+++ b/doc/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
        To release a new version:
        
 
 
       
diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html
index 3c014ff3..83220f61 100644
--- a/doc/file.LICENSE.html
+++ b/doc/file.LICENSE.html
@@ -60,7 +60,7 @@
       
        MIT License

        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
        Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:

        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.

        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
 
       
diff --git a/doc/file.README.html b/doc/file.README.html
index 039d3648..e25c3c79 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -975,7 +975,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html
index 99da3627..ca8a2d5a 100644
--- a/doc/file.SECURITY.html
+++ b/doc/file.SECURITY.html
@@ -110,7 +110,7 @@ 
        OAuth2 for Enterprise
        
 
 
       
diff --git a/doc/index.html b/doc/index.html
index 8f6569be..872265fd 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -975,7 +975,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index fde8836d..818d859d 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
 
 
       

From 361050e45d77e84def3afe2282336cfc97e13cbb Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 22 May 2025 09:57:13 +0700
Subject: [PATCH 413/645] =?UTF-8?q?=F0=9F=92=9A=20Fixes=20for=20discrepanc?=
 =?UTF-8?q?ies=20in=20Hash=20printing=20between=20variant=20versions=20of?=
 =?UTF-8?q?=20Ruby?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Prevent RuboCop Lint/LiteralInInterpolation from breaking specs
---
 .rubocop.yml                                    | 6 +++++-
 .rubocop_gradual.lock                           | 2 +-
 .rubocop_rspec.yml                              | 2 +-
 REEK                                            | 2 +-
 doc/OAuth2.html                                 | 2 +-
 doc/OAuth2/AccessToken.html                     | 2 +-
 doc/OAuth2/Authenticator.html                   | 2 +-
 doc/OAuth2/Client.html                          | 2 +-
 doc/OAuth2/Error.html                           | 2 +-
 doc/OAuth2/FilteredAttributes.html              | 2 +-
 doc/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 doc/OAuth2/Response.html                        | 2 +-
 doc/OAuth2/Strategy.html                        | 2 +-
 doc/OAuth2/Strategy/Assertion.html              | 2 +-
 doc/OAuth2/Strategy/AuthCode.html               | 2 +-
 doc/OAuth2/Strategy/Base.html                   | 2 +-
 doc/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 doc/OAuth2/Strategy/Implicit.html               | 2 +-
 doc/OAuth2/Strategy/Password.html               | 2 +-
 doc/OAuth2/Version.html                         | 2 +-
 doc/_index.html                                 | 2 +-
 doc/file.CHANGELOG.html                         | 2 +-
 doc/file.CODE_OF_CONDUCT.html                   | 2 +-
 doc/file.CONTRIBUTING.html                      | 2 +-
 doc/file.LICENSE.html                           | 2 +-
 doc/file.README.html                            | 2 +-
 doc/file.SECURITY.html                          | 2 +-
 doc/index.html                                  | 2 +-
 doc/top-level-namespace.html                    | 2 +-
 spec/oauth2/access_token_spec.rb                | 8 ++++----
 30 files changed, 37 insertions(+), 33 deletions(-)

diff --git a/.rubocop.yml b/.rubocop.yml
index f56e4770..87b58541 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -79,4 +79,8 @@ Style/TrailingCommaInHashLiteral:
   EnforcedStyleForMultiline: comma
 
 Gemspec/DependencyVersion:
-  Enabled: false
\ No newline at end of file
+  Enabled: false
+
+Lint/LiteralInInterpolation:
+  Exclude:
+    - 'spec/**/*.rb'
\ No newline at end of file
diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index 00b8732b..43be1b50 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -24,7 +24,7 @@
   "oauth2.gemspec:1301437182": [
     [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028]
   ],
-  "spec/oauth2/access_token_spec.rb:1552001085": [
+  "spec/oauth2/access_token_spec.rb:1202129469": [
     [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547],
     [789, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088],
     [859, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639],
diff --git a/.rubocop_rspec.yml b/.rubocop_rspec.yml
index a5147665..df5911b2 100644
--- a/.rubocop_rspec.yml
+++ b/.rubocop_rspec.yml
@@ -27,4 +27,4 @@ RSpec/DescribeClass:
     - 'spec/examples/*'
 
 RSpec/MultipleMemoizedHelpers:
-  Enabled: false
\ No newline at end of file
+  Enabled: false
diff --git a/REEK b/REEK
index f96c5ee9..b6f33d5c 100644
--- a/REEK
+++ b/REEK
@@ -1,5 +1,5 @@
 spec/oauth2/access_token_spec.rb -- 1 warning:
-  [292, 293]:DuplicateMethodCall: assert_initialized_token calls 'target.params' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
+  [300, 301]:DuplicateMethodCall: assert_initialized_token calls 'target.params' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
 spec/oauth2/client_spec.rb -- 3 warnings:
   [1072]:UnusedParameters: initialize has unused parameter 'client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Unused-Parameters.md]
   [1072]:UnusedParameters: initialize has unused parameter 'hash' [https://github.com/troessner/reek/blob/v6.5.0/docs/Unused-Parameters.md]
diff --git a/doc/OAuth2.html b/doc/OAuth2.html
index 3c9a581f..9d5886d8 100644
--- a/doc/OAuth2.html
+++ b/doc/OAuth2.html
@@ -326,7 +326,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html
index 315ae851..b559b747 100644
--- a/doc/OAuth2/AccessToken.html
+++ b/doc/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html
index 56ca667c..8bc6e7cc 100644
--- a/doc/OAuth2/Authenticator.html
+++ b/doc/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html
index 6d770c81..94243584 100644
--- a/doc/OAuth2/Client.html
+++ b/doc/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html
index fe5df15d..0d89222e 100644
--- a/doc/OAuth2/Error.html
+++ b/doc/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html
index 1a7ac88a..6696cf47 100644
--- a/doc/OAuth2/FilteredAttributes.html
+++ b/doc/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html
index e27f46b6..0817d533 100644
--- a/doc/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html
index 3afa84e5..2e7c0a1a 100644
--- a/doc/OAuth2/Response.html
+++ b/doc/OAuth2/Response.html
@@ -1134,7 +1134,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html
index c543ea3e..6b636c69 100644
--- a/doc/OAuth2/Strategy.html
+++ b/doc/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html
index cce5b918..df9fa5d7 100644
--- a/doc/OAuth2/Strategy/Assertion.html
+++ b/doc/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html
index d56ca793..f0dfcc46 100644
--- a/doc/OAuth2/Strategy/AuthCode.html
+++ b/doc/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html
index 6805feff..e759fac1 100644
--- a/doc/OAuth2/Strategy/Base.html
+++ b/doc/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html
index c798e767..524e9393 100644
--- a/doc/OAuth2/Strategy/ClientCredentials.html
+++ b/doc/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html
index 22344427..027b9c25 100644
--- a/doc/OAuth2/Strategy/Implicit.html
+++ b/doc/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html
index fd4b8385..d505b8be 100644
--- a/doc/OAuth2/Strategy/Password.html
+++ b/doc/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html
index 49a28767..b5524122 100644
--- a/doc/OAuth2/Version.html
+++ b/doc/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/doc/_index.html b/doc/_index.html
index 24e69d61..06458ffd 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -300,7 +300,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html
index 77c345fc..539d9e4d 100644
--- a/doc/file.CHANGELOG.html
+++ b/doc/file.CHANGELOG.html
@@ -773,7 +773,7 @@ 
        
 
 
       
diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html
index 2123bd2c..21dd5a26 100644
--- a/doc/file.CODE_OF_CONDUCT.html
+++ b/doc/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
        Attribution
        
 
 
       
diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html
index 255e1e20..4ce77f6d 100644
--- a/doc/file.CONTRIBUTING.html
+++ b/doc/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
        To release a new version:
        
 
 
       
diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html
index 83220f61..ac4aeb8a 100644
--- a/doc/file.LICENSE.html
+++ b/doc/file.LICENSE.html
@@ -60,7 +60,7 @@
       
        MIT License

        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
        Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:

        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.

        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
 
       
diff --git a/doc/file.README.html b/doc/file.README.html
index e25c3c79..80064422 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -975,7 +975,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html
index ca8a2d5a..5e9ccefd 100644
--- a/doc/file.SECURITY.html
+++ b/doc/file.SECURITY.html
@@ -110,7 +110,7 @@ 
        OAuth2 for Enterprise
        
 
 
       
diff --git a/doc/index.html b/doc/index.html
index 872265fd..d1b46494 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -975,7 +975,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index 818d859d..a89f9e6f 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb
index 87da6494..2c032e4d 100644
--- a/spec/oauth2/access_token_spec.rb
+++ b/spec/oauth2/access_token_spec.rb
@@ -397,7 +397,7 @@ def assert_initialized_token(target)
             let(:token) { "" }
 
             it "raises on initialize" do
-              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {:mode=>:this_is_bad, :raise_errors=>true}"}.to_s)
+              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: #{{mode: :this_is_bad, raise_errors: true}}"}.to_s)
             end
           end
 
@@ -405,7 +405,7 @@ def assert_initialized_token(target)
             let(:token) { nil }
 
             it "raises on initialize" do
-              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {:mode=>:this_is_bad, :raise_errors=>true}"}.to_s)
+              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: #{{mode: :this_is_bad, raise_errors: true}}"}.to_s)
             end
           end
         end
@@ -611,7 +611,7 @@ def assert_initialized_token(target)
 
           context "when there is no refresh_token" do
             it "raises on initialize" do
-              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {:raise_errors=>true}"}.to_s)
+              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: #{{raise_errors: true}}"}.to_s)
             end
           end
 
@@ -637,7 +637,7 @@ def assert_initialized_token(target)
 
           context "when there is no refresh_token" do
             it "raises on initialize" do
-              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: {:raise_errors=>true}"}.to_s)
+              block_is_expected.to raise_error(OAuth2::Error, {error: "OAuth2::AccessToken has no token", error_description: "Options are: #{{raise_errors: true}}"}.to_s)
             end
           end
 

From ab42b7877462a12e6b6759b93c5c2112ed6ae0dd Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 22 May 2025 10:14:10 +0700
Subject: [PATCH 414/645] =?UTF-8?q?=F0=9F=94=A5=20FOSSA=20is=20a=20trash?=
 =?UTF-8?q?=20service?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                       | 9 ++-------
 doc/OAuth2.html                                 | 2 +-
 doc/OAuth2/AccessToken.html                     | 2 +-
 doc/OAuth2/Authenticator.html                   | 2 +-
 doc/OAuth2/Client.html                          | 2 +-
 doc/OAuth2/Error.html                           | 2 +-
 doc/OAuth2/FilteredAttributes.html              | 2 +-
 doc/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 doc/OAuth2/Response.html                        | 2 +-
 doc/OAuth2/Strategy.html                        | 2 +-
 doc/OAuth2/Strategy/Assertion.html              | 2 +-
 doc/OAuth2/Strategy/AuthCode.html               | 2 +-
 doc/OAuth2/Strategy/Base.html                   | 2 +-
 doc/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 doc/OAuth2/Strategy/Implicit.html               | 2 +-
 doc/OAuth2/Strategy/Password.html               | 2 +-
 doc/OAuth2/Version.html                         | 2 +-
 doc/_index.html                                 | 2 +-
 doc/file.CHANGELOG.html                         | 2 +-
 doc/file.CODE_OF_CONDUCT.html                   | 2 +-
 doc/file.CONTRIBUTING.html                      | 2 +-
 doc/file.LICENSE.html                           | 2 +-
 doc/file.README.html                            | 6 ++----
 doc/file.SECURITY.html                          | 2 +-
 doc/index.html                                  | 6 ++----
 doc/top-level-namespace.html                    | 2 +-
 26 files changed, 29 insertions(+), 38 deletions(-)

diff --git a/README.md b/README.md
index 02f38290..3b1607ca 100644
--- a/README.md
+++ b/README.md
@@ -148,9 +148,9 @@ One of these might be what you are looking for:
 | Works with MRI Ruby 2   | [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                                                                                                                    |
 | Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                                                                         |
 | Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![HEAD on RubyDoc.info][📜docs-head-rd-img]][🚎yard-head] [![BDFL Blog][🚂bdfl-blog-img]][🚂bdfl-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                                                                                                                                  |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]  [![FOSSA][🏘fossa-img]][🏘fossa]                                                                                                                                                                                  |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                                                                                                                                                                                                                    |
 | Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji]                                                                                                                                                                                                                                                                                              |
-| Support      | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                                                                                                       |
+| Support                 | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                                                                                                       |
 | Enterprise Support      | [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
        💡Subscribe for support guarantees covering _all_ FLOSS dependencies!
        💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]!
        💡Tidelift pays maintainers to maintain the software you depend on!
        📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers! |
 | Comrade BDFL 🎖️        | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                              |
 | `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                   |
@@ -703,11 +703,6 @@ The gem is available as open source under the terms of
 the [MIT License][📄license] [![License: MIT][📄license-img]][📄license-ref].
 See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright-notice-explainer].
 
-[![FOSSA Status][fossa2-img]][fossa2]
-
-[fossa2]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_large
-[fossa2-img]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=large
-
 ### © Copyright
 
 
          
diff --git a/doc/OAuth2.html b/doc/OAuth2.html
index 9d5886d8..269f3588 100644
--- a/doc/OAuth2.html
+++ b/doc/OAuth2.html
@@ -326,7 +326,7 @@ 
          
 
 
       
diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html
index b559b747..5648430b 100644
--- a/doc/OAuth2/AccessToken.html
+++ b/doc/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
          
 
 
       
diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html
index 8bc6e7cc..53d768b8 100644
--- a/doc/OAuth2/Authenticator.html
+++ b/doc/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
          
 
 
       
diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html
index 94243584..c94105f6 100644
--- a/doc/OAuth2/Client.html
+++ b/doc/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
          
 
 
       
diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html
index 0d89222e..bb717c6a 100644
--- a/doc/OAuth2/Error.html
+++ b/doc/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
          
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html
index 6696cf47..71336486 100644
--- a/doc/OAuth2/FilteredAttributes.html
+++ b/doc/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
          
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html
index 0817d533..fbb49460 100644
--- a/doc/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
          
 
 
       
diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html
index 2e7c0a1a..fe27e27d 100644
--- a/doc/OAuth2/Response.html
+++ b/doc/OAuth2/Response.html
@@ -1134,7 +1134,7 @@ 
          
 
 
       
diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html
index 6b636c69..e81809eb 100644
--- a/doc/OAuth2/Strategy.html
+++ b/doc/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
          Defined Under Namespace
          
 
 
       
diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html
index df9fa5d7..19d57804 100644
--- a/doc/OAuth2/Strategy/Assertion.html
+++ b/doc/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
          
 
 
       
diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html
index f0dfcc46..dfa7cc0a 100644
--- a/doc/OAuth2/Strategy/AuthCode.html
+++ b/doc/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
          
 
 
       
diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html
index e759fac1..c8516ebe 100644
--- a/doc/OAuth2/Strategy/Base.html
+++ b/doc/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
          
 
 
       
diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html
index 524e9393..9c19ce0c 100644
--- a/doc/OAuth2/Strategy/ClientCredentials.html
+++ b/doc/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
          
 
 
       
diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html
index 027b9c25..fd85df31 100644
--- a/doc/OAuth2/Strategy/Implicit.html
+++ b/doc/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
          
 
 
       
diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html
index d505b8be..41751289 100644
--- a/doc/OAuth2/Strategy/Password.html
+++ b/doc/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
          
 
 
       
diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html
index b5524122..7f0f9662 100644
--- a/doc/OAuth2/Version.html
+++ b/doc/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
          
 
 
       
diff --git a/doc/_index.html b/doc/_index.html
index 06458ffd..6dc6d351 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -300,7 +300,7 @@ 
          Namespace Listing A-Z
          
 
 
       
diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html
index 539d9e4d..59a898cd 100644
--- a/doc/file.CHANGELOG.html
+++ b/doc/file.CHANGELOG.html
@@ -773,7 +773,7 @@ 
          
 
 
       
diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html
index 21dd5a26..5f7374ba 100644
--- a/doc/file.CODE_OF_CONDUCT.html
+++ b/doc/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
          Attribution
          
 
 
       
diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html
index 4ce77f6d..6e6dd4a3 100644
--- a/doc/file.CONTRIBUTING.html
+++ b/doc/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
          To release a new version:
          
 
 
       
diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html
index ac4aeb8a..0567285a 100644
--- a/doc/file.LICENSE.html
+++ b/doc/file.LICENSE.html
@@ -60,7 +60,7 @@
       
          MIT License

          Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
          Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

          Permission is hereby granted, free of charge, to any person obtaining a copy
          of this software and associated documentation files (the "Software"), to deal
          in the Software without restriction, including without limitation the rights
          to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
          copies of the Software, and to permit persons to whom the Software is
          furnished to do so, subject to the following conditions:

          The above copyright notice and this permission notice shall be included in all
          copies or substantial portions of the Software.

          THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
          IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
          FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
          AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
          LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
          OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
          SOFTWARE.
          
 
       
diff --git a/doc/file.README.html b/doc/file.README.html
index 80064422..2259f860 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -342,7 +342,7 @@ 
          💡 Info you can shake a stick at
        Compliance -License: MIT 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0 FOSSA +License: MIT 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
        Compliance -License: MIT 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0 FOSSA +License: MIT 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
        - 
        # File 'lib/oauth2/response.rb', line 51
+      
        # File 'lib/oauth2/response.rb', line 52
 
-def initialize(response, parse: :automatic, snaky: true, **options)
+def initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil, **options)
   @response = response
   @options = {
     parse: parse,
     snaky: snaky,
+    snaky_hash_klass: snaky_hash_klass,
   }.merge(options)
 end
        		- 
        # File 'lib/oauth2/response.rb', line 15
+      
        # File 'lib/oauth2/response.rb', line 16
 
 def options
   @options
@@ -632,12 +635,12 @@ 
        
       
         
 
-14
 15
-16
        
+16
+17
        		- 
        # File 'lib/oauth2/response.rb', line 14
+      
        # File 'lib/oauth2/response.rb', line 15
 
 def response
   @response
@@ -730,16 +733,16 @@ 
        
       
         
 
-35
 36
 37
 38
 39
 40
-41
        
+41
+42
        		- 
        # File 'lib/oauth2/response.rb', line 35
+      
        # File 'lib/oauth2/response.rb', line 36
 
 def self.register_parser(key, mime_types, &block)
   key = key.to_sym
@@ -784,12 +787,12 @@ 
        
       
         
 
-70
-71
-72
        
+72
+73
+74
        		- 
        # File 'lib/oauth2/response.rb', line 70
+      
        # File 'lib/oauth2/response.rb', line 72
 
 def body
   response.body || ""
@@ -824,14 +827,14 @@ 
        
       
         
 
-101
-102
-103
 104
-105
        
+105
+106
+107
+108
        		- 
        # File 'lib/oauth2/response.rb', line 101
+      
        # File 'lib/oauth2/response.rb', line 104
 
 def content_type
   return unless response.headers
@@ -868,12 +871,12 @@ 
        
       
         
 
-60
-61
-62
        
+62
+63
+64
        		- 
        # File 'lib/oauth2/response.rb', line 60
+      
        # File 'lib/oauth2/response.rb', line 62
 
 def headers
   response.headers
@@ -938,8 +941,6 @@ 
        
       
         
 
-78
-79
 80
 81
 82
@@ -958,10 +959,13 @@ 
        
 95
 96
 97
-98
        
+98
+99
+100
+101
        		- 
        # File 'lib/oauth2/response.rb', line 78
+      
        # File 'lib/oauth2/response.rb', line 80
 
 def parsed
   return @parsed if defined?(@parsed)
@@ -979,7 +983,8 @@ 
        
     end
 
   if options[:snaky] && @parsed.is_a?(Hash)
-    @parsed = SnakyHash::StringKeyed.new(@parsed)
+    hash_klass = options[:snaky_hash_klass] || DEFAULT_OPTIONS[:snaky_hash_klass]
+    @parsed = hash_klass[@parsed]
   end
 
   @parsed
@@ -1056,9 +1061,6 @@ 
        
       
         
 
-123
-124
-125
 126
 127
 128
@@ -1067,10 +1069,13 @@ 
        
 131
 132
 133
-134
        
+134
+135
+136
+137
        		- 
        # File 'lib/oauth2/response.rb', line 123
+      
        # File 'lib/oauth2/response.rb', line 126
 
 def parser
   return @parser if defined?(@parser)
@@ -1114,12 +1119,12 @@ 
        
       
         
 
-65
-66
-67
        
+67
+68
+69
        		- 
        # File 'lib/oauth2/response.rb', line 65
+      
        # File 'lib/oauth2/response.rb', line 67
 
 def status
   response.status
@@ -1134,7 +1139,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html
index 232b7055..f842d3f3 100644
--- a/doc/OAuth2/Strategy.html
+++ b/doc/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html
index f3c1171c..198ad1a1 100644
--- a/doc/OAuth2/Strategy/Assertion.html
+++ b/doc/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html
index 223de18e..872bc862 100644
--- a/doc/OAuth2/Strategy/AuthCode.html
+++ b/doc/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html
index 939beee7..adc56622 100644
--- a/doc/OAuth2/Strategy/Base.html
+++ b/doc/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html
index f0bdc27c..72452ee5 100644
--- a/doc/OAuth2/Strategy/ClientCredentials.html
+++ b/doc/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html
index 02e5cdcf..e69b9c73 100644
--- a/doc/OAuth2/Strategy/Implicit.html
+++ b/doc/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html
index 55b6efde..9300765e 100644
--- a/doc/OAuth2/Strategy/Password.html
+++ b/doc/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html
index 6effbbf5..1cd983e3 100644
--- a/doc/OAuth2/Version.html
+++ b/doc/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/doc/_index.html b/doc/_index.html
index 00b5b060..211cb84a 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -300,7 +300,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html
index fcaf62a3..8d4fbf5b 100644
--- a/doc/file.CHANGELOG.html
+++ b/doc/file.CHANGELOG.html
@@ -93,12 +93,10 @@ 
        Security
        
   
 
 
-
        
-2.0.10 - 2025-05-17
        
+
        [2.0.11] - 2025-05-22
        
 
          
-  
        • TAG: v2.0.10
-
          • 
-  
        • COVERAGE: 100.00% – 518/518 lines in 14 files
          • 
+  
        • TAG: [v2.0.11][2.0.11t]
          • 
+  
        • COVERAGE: 100.00% – 516/516 lines in 14 files
          • 
   
        • BRANCH COVERAGE: 100.00% – 170/170 branches in 14 files
          • 
   
        • 79.05% documented
     
          Added
          
@@ -118,7 +116,7 @@ 
          Fixed
          
 
          • 
 
        
 
-
        
+
        
 2.0.10 - 2025-05-17
        
 
          
   
        • TAG: v2.0.10
@@ -798,7 +796,7 @@ 
          
 
 
       
diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html
index ecc805ec..afbc0138 100644
--- a/doc/file.CODE_OF_CONDUCT.html
+++ b/doc/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
          Attribution
          
 
 
       
diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html
index a9eed030..0c797371 100644
--- a/doc/file.CONTRIBUTING.html
+++ b/doc/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
          To release a new version:
          
 
 
       
diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html
index 9c5a96df..86c92a68 100644
--- a/doc/file.LICENSE.html
+++ b/doc/file.LICENSE.html
@@ -60,7 +60,7 @@
       
          MIT License

          Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
          Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

          Permission is hereby granted, free of charge, to any person obtaining a copy
          of this software and associated documentation files (the "Software"), to deal
          in the Software without restriction, including without limitation the rights
          to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
          copies of the Software, and to permit persons to whom the Software is
          furnished to do so, subject to the following conditions:

          The above copyright notice and this permission notice shall be included in all
          copies or substantial portions of the Software.

          THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
          IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
          FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
          AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
          LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
          OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
          SOFTWARE.
          
 
       
diff --git a/doc/file.README.html b/doc/file.README.html
index 40c2138e..99da5d38 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -68,7 +68,7 @@
 
 
          🔐 OAuth2
          
 
-
          Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
          
+
          Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
          
 
 
          
 
@@ -324,13 +324,13 @@ 
          💡 Info you can shake a stick at
        Works with MRI Ruby 2 -Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat +Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
        Source -Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ! +Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
        Works with MRI Ruby 2 -Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat +Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
        Source -Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ! +Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
        @@ -536,17 +749,17 @@ 

         
 
-52
-53
-54
-55
-56
-57
-58
-59
        +72 +73 +74 +75 +76 +77 +78 +79

        - 
        # File 'lib/oauth2/response.rb', line 52
+      
        # File 'lib/oauth2/response.rb', line 72
 
 def initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil, **options)
   @response = response
@@ -571,7 +784,7 @@ 
        Instance Attribute Details
        
       
        
   
        
   
-    #optionsObject 
+    #optionsHash 
   
 
   
@@ -579,13 +792,45 @@ 
        
   
 
        
   
        
-    
        Returns the value of attribute options.
        
+    
        Returns The options hash for this instance.
        
 
 
   
        
 
        
 
        
   
+
        Returns:
        
+
          
+  
+    
        • 
+      
+      
+        (Hash)
+      
+      
+      
+        —
+        
          The options hash for this instance
          
+
          
+      
+    
          • 
+  
+
        
+
        Since:
        
+
          
+  
+    
        • 
+      
+      
+      
+      
+        
+        
          1.0.0
          
+
          
+      
+    
          • 
+  
+
        
 
 
        
@@ -593,12 +838,12 @@ 
        
       
         
 
-16
-17
-18
        
+26
+27
+28
     
     
        
   
        
-      
        # File 'lib/oauth2/response.rb', line 16
+      
        # File 'lib/oauth2/response.rb', line 26
 
 def options
   @options
@@ -613,7 +858,7 @@ 
        
       
        
   
        
   
-    #responseObject  (readonly)
+    #responseFaraday::Response  (readonly)
   
 
   
@@ -621,13 +866,45 @@ 
        
   
 
        
   
        
-    
        Returns the value of attribute response.
        
+    
        Returns The raw Faraday response object.
        
 
 
   
        
 
        
 
        
   
+
        Returns:
        
+
          
+  
+    
        • 
+      
+      
+        (Faraday::Response)
+      
+      
+      
+        —
+        
          The raw Faraday response object
          
+
          
+      
+    
          • 
+  
+
        
+
        Since:
        
+
          
+  
+    
        • 
+      
+      
+      
+      
+        
+        
          1.0.0
          
+
          
+      
+    
          • 
+  
+
        
 
 
        
@@ -635,12 +912,12 @@ 
        
       
         
 
-15
-16
-17
        
+23
+24
+25
     
     
        
   
        
-      
        # File 'lib/oauth2/response.rb', line 15
+      
        # File 'lib/oauth2/response.rb', line 23
 
 def response
   @response
@@ -660,7 +937,7 @@ 
        Class Method Details
        
       
        
   
        
   
-    .register_parser(key, mime_types) {|String| ... } ⇒ Object 
+    .register_parser(key, mime_types) {|String| ... } ⇒ void 
   
 
   
@@ -668,7 +945,7 @@ 
        
   
 
        
   
        
-    
        Adds a new content type parser.
        
+    
        This method returns an undefined value.
        Adds a new content type parser.
        
 
 
   
        
@@ -687,7 +964,7 @@ 
        
       
       
         —
-        
        A descriptive symbol key such as :json or :query.
        
+        
        A descriptive symbol key such as :json or :query
        
 
        
       
     
@@ -697,12 +974,12 @@ 
        
         mime_types
       
       
-        (Array)
+        (Array<String>, String)
       
       
       
         —
-        
        One or more mime types to which this parser applies.
        
+        
        One or more mime types to which this parser applies
        
 
        
       
     
@@ -720,7 +997,41 @@ 
        
       
       
         —
-        
        A block returning parsed content.
        
+        
        Block that will be called to parse the response body
        
+
        
+      
+    
+  
+
+
        Yield Parameters:
        
+
          
+  
+    
        • 
+      
+        body
+      
+      
+        (String)
+      
+      
+      
+        —
+        
          The response body to parse
          
+
          
+      
+    
          • 
+  
+
        
+
        Since:
        
+
          
+  
+    
        • 
+      
+      
+      
+      
+        
+        
          1.0.0
          
 
          
       
     
          • 
@@ -733,16 +1044,16 @@ 
          
       
           
 
-36
-37
-38
-39
-40
-41
-42
          
+53
+54
+55
+56
+57
+58
+59
        
     
        		
     
-      
        # File 'lib/oauth2/response.rb', line 36
+      
        # File 'lib/oauth2/response.rb', line 53
 
 def self.register_parser(key, mime_types, &block)
   key = key.to_sym
@@ -765,7 +1076,7 @@ 
        Instance Method Details
        
       
        
   
        
   
-    #bodyObject 
+    #bodyString 
   
 
   
@@ -780,6 +1091,38 @@ 
        
 
        
 
        
   
+
        Returns:
        
+
          
+  
+    
        • 
+      
+      
+        (String)
+      
+      
+      
+        —
+        
          The response body or empty string if nil
          
+
          
+      
+    
          • 
+  
+
        
+
        Since:
        
+
          
+  
+    
        • 
+      
+      
+      
+      
+        
+        
          1.0.0
          
+
          
+      
+    
          • 
+  
+
        
 
 
        
@@ -787,12 +1130,12 @@ 
        
       
         
 
-72
-73
-74
        
+98
+99
+100
     
     
        
   
        
-      
        # File 'lib/oauth2/response.rb', line 72
+      
        # File 'lib/oauth2/response.rb', line 98
 
 def body
   response.body || ""
@@ -805,7 +1148,7 @@ 
        
       
        
   
        
   
-    #content_typeObject 
+    #content_typeString? 
   
 
   
@@ -813,13 +1156,45 @@ 
        
   
 
        
   
        
-    
        Attempts to determine the content type of the response.
        
+    
        Determines the content type of the response
        
 
 
   
        
 
        
 
        
   
+
        Returns:
        
+
          
+  
+    
        • 
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
          The content type or nil if headers are not present
          
+
          
+      
+    
          • 
+  
+
        
+
        Since:
        
+
          
+  
+    
        • 
+      
+      
+      
+      
+        
+        
          1.0.0
          
+
          
+      
+    
          • 
+  
+
        
 
 
        
@@ -827,14 +1202,14 @@ 
        
       
         
 
-104
-105
-106
-107
-108
        
+132
+133
+134
+135
+136
     
     
        
   
        
-      
        # File 'lib/oauth2/response.rb', line 104
+      
        # File 'lib/oauth2/response.rb', line 132
 
 def content_type
   return unless response.headers
@@ -849,7 +1224,7 @@ 
        
       
        
   
        
   
-    #headersObject 
+    #headersHash 
   
 
   
@@ -864,6 +1239,38 @@ 
        
 
        
 
        
   
+
        Returns:
        
+
          
+  
+    
        • 
+      
+      
+        (Hash)
+      
+      
+      
+        —
+        
          The response headers
          
+
          
+      
+    
          • 
+  
+
        
+
        Since:
        
+
          
+  
+    
        • 
+      
+      
+      
+      
+        
+        
          1.0.0
          
+
          
+      
+    
          • 
+  
+
        
 
 
        
@@ -871,12 +1278,12 @@ 
        
       
         
 
-62
-63
-64
        
+84
+85
+86
     
     
        
@@ -740,7 +740,7 @@ 
        Serialization Extensions
        There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
        
 They are likely not needed if you are on a newer Ruby.
        
-See response_spec.rb if you need to study the hacks for older Rubies.
        
+See response_spec.rb if you need to study the hacks for older Rubies.
        class MySnakyHash < SnakyHash::StringKeyed
   # Give this hash class `dump` and `load` abilities!
@@ -795,7 +795,7 @@ 
        Serialization Extensions
        
 end
 
        
 
-
        See response_spec.rb, or the oauth-xx/snaky_hash gem for more ideas.
        
+
        See response_spec.rb, or the oauth-xx/snaky_hash gem for more ideas.
        What if I hate snakes and/or indifference?
        
 
@@ -1044,7 +1044,7 @@ 
        🤑 One more thing
        
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 7fdc79e8..0e7950e2 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
        Enterprise Support
        
diff --git a/docs/index.html b/docs/index.html
index 3df504fa..3b417d16 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -333,7 +333,7 @@ 
        💡 Info you can shake a stick at
        
@@ -740,7 +740,7 @@ 
        Serialization Extensions
        There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
        
 They are likely not needed if you are on a newer Ruby.
        
-See response_spec.rb if you need to study the hacks for older Rubies.
        
+See response_spec.rb if you need to study the hacks for older Rubies.
        class MySnakyHash < SnakyHash::StringKeyed
   # Give this hash class `dump` and `load` abilities!
@@ -795,7 +795,7 @@ 
        Serialization Extensions
        
 end
 
        
 
-
        See response_spec.rb, or the oauth-xx/snaky_hash gem for more ideas.
        
+
        See response_spec.rb, or the oauth-xx/snaky_hash gem for more ideas.
        What if I hate snakes and/or indifference?
        
 
@@ -1044,7 +1044,7 @@ 
        🤑 One more thing
        
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 3483426d..bb36408e 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
diff --git a/oauth2.gemspec b/oauth2.gemspec
index d004d64f..1c310905 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -41,7 +41,7 @@ Gem::Specification.new do |spec|
   spec.summary = "OAuth 2.0 Core Ruby implementation"
   spec.description = "Ruby wrapper for the OAuth 2.0 protocol"
   spec.homepage = gh_mirror
-  spec.licenses = "MIT"
+  spec.license = "MIT"
   spec.required_ruby_version = ">= 2.2.0"
 
   spec.post_install_message = %{

From e5047ff24709af72ffdfffdc675c962e15faf4b6 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 2 Jun 2025 09:31:09 +0700
Subject: [PATCH 467/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20attend=20to=20gram?=
 =?UTF-8?q?mar?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Appraisals | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Appraisals b/Appraisals
index adbae164..45d59d36 100644
--- a/Appraisals
+++ b/Appraisals
@@ -187,7 +187,7 @@ appraise "ruby-3-3" do
   remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch
 end
 
-# Only run security audit on latest Ruby version
+# Only run security audit on the latest version of Ruby
 appraise "audit" do
   gem "mutex_m", "~> 0.2"
   gem "stringio", "~> 3.0"
@@ -201,7 +201,7 @@ appraise "audit" do
   remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch
 end
 
-# Only run coverage on latest Ruby version
+# Only run coverage on the latest version of Ruby
 appraise "coverage" do
   gem "mutex_m", "~> 0.2"
   gem "stringio", "~> 3.0"
@@ -215,7 +215,7 @@ appraise "coverage" do
   remove_gem "appraisal" # only present because it must be in the gemfile because we target a git branch
 end
 
-# Only run linter on latest Ruby version (but, in support of oldest supported Ruby version)
+# Only run linter on the latest version of Ruby (but, in support of oldest supported Ruby version)
 appraise "style" do
   gem "mutex_m", "~> 0.2"
   gem "stringio", "~> 3.0"

From 3b31884680090dad589355eb41b9f3a311a4f483 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 7 Jun 2025 07:39:18 +0700
Subject: [PATCH 468/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20attend=20to=20gram?=
 =?UTF-8?q?mar?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Appraisals | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Appraisals b/Appraisals
index 45d59d36..bd33e321 100644
--- a/Appraisals
+++ b/Appraisals
@@ -4,7 +4,7 @@
 #   BUNDLE_GEMFILE=Appraisal.root.gemfile bundle
 #   BUNDLE_GEMFILE=Appraisal.root.gemfile bundle exec appraisal update
 
-# Used for head (nightly) releases of ruby, truffleruby, and jruby.
+# Used for HEAD (nightly) releases of ruby, truffleruby, and jruby.
 # Split into discrete appraisals if one of them needs a dependency locked discretely.
 appraise "head" do
   gem "mutex_m", ">= 0.2"

From 49551319eb3920ca64fb326fb77e8add52a0b248 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 7 Jun 2025 07:39:46 +0700
Subject: [PATCH 469/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20img=20attribute=20?=
 =?UTF-8?q?width=20works=20better=20on=20RubyToolbox?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 21b89c62..6a81acce 100644
--- a/README.md
+++ b/README.md
@@ -811,7 +811,7 @@ See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright
         
             Galtzo.com
             
-              Galtzo.com Logo by Aboling0, CC BY-SA 4.0
+              Galtzo.com Logo by Aboling0, CC BY-SA 4.0
             
         , and oauth2 contributors
     

From a726b43bea52375140211d29d9fa988a58e0afec Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 7 Jun 2025 07:42:12 +0700
Subject: [PATCH 470/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20Upgrade=20rack?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 3e872cfe..bc4eb5b2 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -141,7 +141,7 @@ GEM
       stringio
     public_suffix (6.0.2)
     racc (1.8.1)
-    rack (3.1.15)
+    rack (3.1.16)
     rainbow (3.1.1)
     rake (13.2.1)
     rdoc (6.14.0)

From c5c6e81b25faf62ed4c8fb2e927269ec1f28d8a8 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 7 Jun 2025 07:42:23 +0700
Subject: [PATCH 471/645] =?UTF-8?q?=F0=9F=93=9D=20Upgrade=20docs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/oauth2.iml                              | 107 ------------------
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              |   2 +-
 docs/file.CHANGELOG.html                      |   2 +-
 docs/file.CITATION.html                       |   2 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.README.html                         |   4 +-
 docs/file.SECURITY.html                       |   2 +-
 docs/index.html                               |   4 +-
 docs/top-level-namespace.html                 |   2 +-
 27 files changed, 28 insertions(+), 135 deletions(-)

diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index 29105d13..684575f8 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -11,113 +11,6 @@
     
     
     
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
   
   
     
@@ -935,8 +935,8 @@ 
        Code Coverage
        🪇 Code of Conduct
        
 
-
        Everyone interacting in this project’s codebases, issue trackers,
        
-chat rooms and mailing lists is expected to follow the Contributor Covenant 2.1.
        
+
        Everyone interacting with this project’s codebases, issue trackers,
        
+chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
        🌈 Contributors
        
 
@@ -1018,7 +1018,7 @@ 
        © Copyright
        , and oauth2 contributors
     
      14. 
-        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
+        Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.
     
        15. 
 
@@ -1044,7 +1044,7 @@ 
        🤑 One more thing
        
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 78bbc019..f00546a6 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
        Enterprise Support
        
diff --git a/docs/index.html b/docs/index.html
index 518aabe0..f2eeaa93 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -339,7 +339,7 @@ 
        💡 Info you can shake a stick at
        
@@ -935,8 +935,8 @@ 
        Code Coverage
        🪇 Code of Conduct
        
 
-
        Everyone interacting in this project’s codebases, issue trackers,
        
-chat rooms and mailing lists is expected to follow the Contributor Covenant 2.1.
        
+
        Everyone interacting with this project’s codebases, issue trackers,
        
+chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
        🌈 Contributors
        
 
@@ -1018,7 +1018,7 @@ 
        © Copyright
        , and oauth2 contributors
     
      15. 
-        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
+        Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.
     
        16. 
 
@@ -1044,7 +1044,7 @@ 
        🤑 One more thing
        
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index f300de65..64341a3b 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
diff --git a/oauth2.gemspec b/oauth2.gemspec
index 1c310905..e17cf40a 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -35,8 +35,8 @@ Gem::Specification.new do |spec|
     end
   end
 
-  gl_homepage = "https://gitlab.com/oauth-xx/oauth2"
-  gh_mirror = "https://github.com/oauth-xx/oauth2"
+  gl_homepage = "https://gitlab.com/oauth-xx/#{spec.name}"
+  gh_mirror = "https://github.com/oauth-xx/#{spec.name}"
 
   spec.summary = "OAuth 2.0 Core Ruby implementation"
   spec.description = "Ruby wrapper for the OAuth 2.0 protocol"

From 75bae598fc513b2ef8f0d47abab9a8eb877036ec Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 7 Jun 2025 16:16:25 +0700
Subject: [PATCH 474/645] =?UTF-8?q?=F0=9F=A5=85=20Better=20error=20handlin?=
 =?UTF-8?q?g=20in=20test=20suite?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/oauth2.iml                              | 107 ++++++++++++++++++
 .rubocop_gradual.lock                         |   2 +-
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              |   2 +-
 docs/file.CHANGELOG.html                      |   2 +-
 docs/file.CITATION.html                       |   2 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.README.html                         |   2 +-
 docs/file.SECURITY.html                       |   2 +-
 docs/index.html                               |   2 +-
 docs/top-level-namespace.html                 |   2 +-
 oauth2.gemspec                                |   2 -
 spec/spec_helper.rb                           |   2 +-
 30 files changed, 135 insertions(+), 30 deletions(-)

diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index 684575f8..5a722b49 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -11,6 +11,113 @@
     
     
     
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
   
   
     
-      
-      
-      
-      
+      
+      
+      
-      
-      
+      
-      
-      
-      
+      
+      
@@ -154,8 +154,8 @@ 
        Upgrading Runtime Gem DependenciesThis project sits underneath a large portion of the authorization systems on the internet.
        
 According to GitHub’s project tracking, which I believe only reports on public projects,
        
-100,000+ projects, and
        
-500+ packages depend on this project.
        
+100,000+ projects, and
        
+500+ packages depend on this project.
        
 
 
        That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
        
 
@@ -185,13 +185,13 @@ 
        Upgrading Runtime Gem Dependencies
   
      16. gem rack @ v1.2, v1.6, v2, v3, HEAD ⏩️ rack/rack
 
        17. 
-  
      17. gem snaky_hash @ v2, HEAD ⏩️ oauth-xx/snaky_hash
+  
      18. gem snaky_hash @ v2, HEAD ⏩️ ruby-oauth/snaky_hash
 
        19. 
-  
      19. gem version_gem @ v1, HEAD ⏩️ oauth-xx/version_gem
+  
      20. gem version_gem @ v1, HEAD ⏩️ ruby-oauth/version_gem
 
        21. 
 
 
-
        The last two were extracted from this gem. They are part of the oauth-xx org,
        
+
        The last two were extracted from this gem. They are part of the ruby-oauth org,
        
 and are developed in tight collaboration with this gem.
        
 
 
        Also, where reasonable, tested against the runtime dependencies of those dependencies:
        
@@ -293,7 +293,7 @@ 
        Quick Usage Example for AI
   
      21. 
 doorkeeper gem for OAuth 2.0 server/provider implementation.
        22. 
   
      22. 
-oauth sibling gem for OAuth 1.0 implementations in Ruby.
        23. 
+oauth sibling gem for OAuth 1.0 implementations in Ruby.
 
 
 
        💡 Info you can shake a stick at
        
@@ -303,7 +303,7 @@ 
        💡 Info you can shake a stick at
        
@@ -311,37 +311,37 @@ 
        💡 Info you can shake a stick at
        
@@ -433,8 +433,8 @@ 
        Older Releases
        
 
 | Version  | Release Date | Readme                                                   |
 |----------|--------------|----------------------------------------------------------|
-| 1.3.1    | Mar 3, 2017  | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.3.1/README.md |
-| 1.3.0    | Dec 27, 2016 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.3.0/README.md |
+| 1.3.1    | Mar 3, 2017  | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.1/README.md |
+| 1.3.0    | Dec 27, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.0/README.md |
 
        
@@ -442,10 +442,10 @@ 
        Older Releases
        
 
 | Version  | Release Date | Readme                                                   |
 |----------|--------------|----------------------------------------------------------|
-| 1.2.0    | Jun 30, 2016 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.2.0/README.md |
-| 1.1.0    | Jan 30, 2016 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.1.0/README.md |
-| 1.0.0    | May 23, 2014 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.0.0/README.md |
-| < 1.0.0  | Find here    | https://gitlab.com/oauth-xx/oauth2/-/tags                  |
+| 1.2.0    | Jun 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.2.0/README.md |
+| 1.1.0    | Jan 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.1.0/README.md |
+| 1.0.0    | May 23, 2014 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.0.0/README.md |
+| < 1.0.0  | Find here    | https://gitlab.com/ruby-oauth/oauth2/-/tags                  |
 
        ✨ Installation
        
@@ -462,13 +462,13 @@ 
        ✨ Installation
        🔒 Secure Installation
        
 
-
        oauth2 is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by
        
+
        oauth2 is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by
        
 stone_checksums. Be sure the gem you install hasn’t been tampered with
        
 by following the instructions below.
        Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
        
 
-
        gem cert --add <(curl -Ls https://raw.github.com/oauth-xx/oauth2/main/certs/pboling.pem)
+
        gem cert --add <(curl -Ls https://raw.github.com/ruby-oauth/oauth2/main/certs/pboling.pem)
 
        
 
 
        You only need to do that once.  Then proceed to install with:
        
@@ -533,7 +533,7 @@ 
        What is new for v2.0?
        
   
   
      23. By default, keys are transformed to snake case.
     
          
-      
        • Original keys will still work as previously, in most scenarios, thanks to snaky_hash gem.
          • 
+      
        • Original keys will still work as previously, in most scenarios, thanks to snaky_hash gem.
          • 
       
        • However, this is a breaking change if you rely on response.parsed.to_h to retain the original case, and the original wasn’t snake case, as the keys in the result will be snake case.
          • 
       
        • As of version 2.0.4 you can turn key transformation off with the snaky: false option.
          • 
     
        
@@ -543,7 +543,7 @@ 
        What is new for v2.0?
        
       
      24. Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
        25. 
     
   
-  
      25. … A lot more
        26. 
+  
      26. … A lot more
        27. 
 
 
 
        Compatibility
        
@@ -742,7 +742,7 @@ 
        Serialization Extensions
        
 
 
        There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
        
 They are likely not needed if you are on a newer Ruby.
        
-See response_spec.rb if you need to study the hacks for older Rubies.
        
+See response_spec.rb if you need to study the hacks for older Rubies.
        
 
 
        class MySnakyHash < SnakyHash::StringKeyed
   # Give this hash class `dump` and `load` abilities!
@@ -797,7 +797,7 @@ 
        Serialization Extensions
        
 end
 
        
 
-
        See response_spec.rb, or the oauth-xx/snaky_hash gem for more ideas.
        
+
        See response_spec.rb, or the ruby-oauth/snaky_hash gem for more ideas.
        
 
 
        What if I hate snakes and/or indifference?
        
 
@@ -839,7 +839,7 @@ 
        OAuth2::Response
        
 will return an instance of the #OAuth2::Response class.
        
 
 
        This instance contains a #parsed method that will parse the response body and
        
-return a Hash-like SnakyHash::StringKeyed if the Content-Type is application/x-www-form-urlencoded or if
        
+return a Hash-like SnakyHash::StringKeyed if the Content-Type is application/x-www-form-urlencoded or if
        
 the body is a JSON object.  It will return an Array if the body is a JSON
        
 array.  Otherwise, it will return the original body string.
        
 
@@ -869,11 +869,11 @@ 
        Authorization Grants
        
 
 
        Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
        
 authentication grant types have helper strategy classes that simplify client
        
-use. They are available via the #auth_code,
        
-#implicit,
        
-#password,
        
-#client_credentials, and
        
-#assertion methods respectively.
        
+use. They are available via the #auth_code,
        
+#implicit,
        
+#password,
        
+#client_credentials, and
        
+#assertion methods respectively.
        
 
 
        These aren’t full examples, but demonstrative of the differences between usage for each strategy.
        
 
        auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth/callback")
@@ -919,7 +919,7 @@ 
        🔐 Security
        
 
        🤝 Contributing
        
 
 
        If you need some ideas of where to help, you could work on adding more code coverage,
        
-or if it is already 💯 (see below) check issues, or PRs,
        
+or if it is already 💯 (see below) check issues, or PRs,
        
 or use the gem and think about how it could be better.
        
 
 
        We Keep A Changelog so if you make changes, remember to update it.
        
@@ -932,8 +932,8 @@ 
        🚀 Release Instructions
        
 
 
        Code Coverage
        
 
-
        Coveralls Test Coverage
        
-QLTY Test Coverage
        
+
        Coveralls Test Coverage
        
+QLTY Test Coverage
        
 
 
        🪇 Code of Conduct
        
 
@@ -942,19 +942,19 @@ 
        🪇 Code of Conduct
        
 
 
        🌈 Contributors
        
 
-
        Contributors
        
+
        Contributors
        
 
 
        Made with contributors-img.
        
 
-
        Also see GitLab Contributors: https://gitlab.com/oauth-xx/oauth2/-/graphs/main
        
+
        Also see GitLab Contributors: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main
        
 
 
        ⭐️ Star History
        
 
-
        
+
        
 
-     
-     
-   Star History Chart
+     
+     
+   Star History Chart
  
 
        </a>
        
 
@@ -1015,7 +1015,7 @@ 
        © Copyright
        
         
             Galtzo.com
             
-              Galtzo.com Logo by Aboling0, CC BY-SA 4.0
+              Galtzo.com Logo by Aboling0, CC BY-SA 4.0
             
         , and oauth2 contributors
     
diff --git a/docs/index.html b/docs/index.html
index 42fec640..466be55e 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -59,19 +59,19 @@
 
       
        
     
-      Galtzo.com Logo by Aboling0, CC BY-SA 4.0
+      Galtzo.com Logo by Aboling0, CC BY-SA 4.0
     
     
-      OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0
+      OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0
     
     
-      Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5
+      Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5
     
 
        
 
 
        🔐 OAuth2
        
 
-
        Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
        
+
        Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
        
 
 
        
 
@@ -98,31 +98,31 @@ 
        🔐 OAuth2
        
   
   
        
-      
-      
-      
-      
+      
+      
+      
-      
-      
+      
-      
-      
-      
+      
+      
@@ -154,8 +154,8 @@ 
        Upgrading Runtime Gem DependenciesThis project sits underneath a large portion of the authorization systems on the internet.
        
 According to GitHub’s project tracking, which I believe only reports on public projects,
        
-100,000+ projects, and
        
-500+ packages depend on this project.
        
+100,000+ projects, and
        
+500+ packages depend on this project.
        
 
 
        That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
        
 
@@ -185,13 +185,13 @@ 
        Upgrading Runtime Gem Dependencies
   
      27. gem rack @ v1.2, v1.6, v2, v3, HEAD ⏩️ rack/rack
 
        28. 
-  
      28. gem snaky_hash @ v2, HEAD ⏩️ oauth-xx/snaky_hash
+  
      29. gem snaky_hash @ v2, HEAD ⏩️ ruby-oauth/snaky_hash
 
        30. 
-  
      30. gem version_gem @ v1, HEAD ⏩️ oauth-xx/version_gem
+  
      31. gem version_gem @ v1, HEAD ⏩️ ruby-oauth/version_gem
 
        32. 
 
 
-
        The last two were extracted from this gem. They are part of the oauth-xx org,
        
+
        The last two were extracted from this gem. They are part of the ruby-oauth org,
        
 and are developed in tight collaboration with this gem.
        
 
 
        Also, where reasonable, tested against the runtime dependencies of those dependencies:
        
@@ -293,7 +293,7 @@ 
        Quick Usage Example for AI
   
      32. 
 doorkeeper gem for OAuth 2.0 server/provider implementation.
        33. 
   
      33. 
-oauth sibling gem for OAuth 1.0 implementations in Ruby.
        34. 
+oauth sibling gem for OAuth 1.0 implementations in Ruby.
 
 
 
        💡 Info you can shake a stick at
        
@@ -303,7 +303,7 @@ 
        💡 Info you can shake a stick at
        
             
@@ -311,37 +311,37 @@ 
        💡 Info you can shake a stick at
        
             
@@ -433,8 +433,8 @@ 
        Older Releases
        
 
 | Version  | Release Date | Readme                                                   |
 |----------|--------------|----------------------------------------------------------|
-| 1.3.1    | Mar 3, 2017  | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.3.1/README.md |
-| 1.3.0    | Dec 27, 2016 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.3.0/README.md |
+| 1.3.1    | Mar 3, 2017  | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.1/README.md |
+| 1.3.0    | Dec 27, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.0/README.md |
 
 
 
        
@@ -442,10 +442,10 @@ 
        Older Releases
        
 
 | Version  | Release Date | Readme                                                   |
 |----------|--------------|----------------------------------------------------------|
-| 1.2.0    | Jun 30, 2016 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.2.0/README.md |
-| 1.1.0    | Jan 30, 2016 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.1.0/README.md |
-| 1.0.0    | May 23, 2014 | https://gitlab.com/oauth-xx/oauth2/-/blob/v1.0.0/README.md |
-| < 1.0.0  | Find here    | https://gitlab.com/oauth-xx/oauth2/-/tags                  |
+| 1.2.0    | Jun 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.2.0/README.md |
+| 1.1.0    | Jan 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.1.0/README.md |
+| 1.0.0    | May 23, 2014 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.0.0/README.md |
+| < 1.0.0  | Find here    | https://gitlab.com/ruby-oauth/oauth2/-/tags                  |
 
        
 
 
        ✨ Installation
        
@@ -462,13 +462,13 @@ 
        ✨ Installation
        
 
 
        🔒 Secure Installation
        
 
-
        oauth2 is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by
        
+
        oauth2 is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by
        
 stone_checksums. Be sure the gem you install hasn’t been tampered with
        
 by following the instructions below.
        
 
 
        Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
        
 
-
        gem cert --add <(curl -Ls https://raw.github.com/oauth-xx/oauth2/main/certs/pboling.pem)
+
        gem cert --add <(curl -Ls https://raw.github.com/ruby-oauth/oauth2/main/certs/pboling.pem)
 
        
 
 
        You only need to do that once.  Then proceed to install with:
        
@@ -533,7 +533,7 @@ 
        What is new for v2.0?
        
   
   
      34. By default, keys are transformed to snake case.
     
          
-      
        • Original keys will still work as previously, in most scenarios, thanks to snaky_hash gem.
          • 
+      
        • Original keys will still work as previously, in most scenarios, thanks to snaky_hash gem.
          • 
       
        • However, this is a breaking change if you rely on response.parsed.to_h to retain the original case, and the original wasn’t snake case, as the keys in the result will be snake case.
          • 
       
        • As of version 2.0.4 you can turn key transformation off with the snaky: false option.
          • 
     
        
@@ -543,7 +543,7 @@ 
        What is new for v2.0?
        
       
      35. Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
        36. 
     
   
-  
      36. … A lot more
        37. 
+  
      37. … A lot more
        38. 
 
 
 
        Compatibility
        
@@ -742,7 +742,7 @@ 
        Serialization Extensions
        
 
 
        There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
        
 They are likely not needed if you are on a newer Ruby.
        
-See response_spec.rb if you need to study the hacks for older Rubies.
        
+See response_spec.rb if you need to study the hacks for older Rubies.
        
 
 
        class MySnakyHash < SnakyHash::StringKeyed
   # Give this hash class `dump` and `load` abilities!
@@ -797,7 +797,7 @@ 
        Serialization Extensions
        
 end
 
        
 
-
        See response_spec.rb, or the oauth-xx/snaky_hash gem for more ideas.
        
+
        See response_spec.rb, or the ruby-oauth/snaky_hash gem for more ideas.
        
 
 
        What if I hate snakes and/or indifference?
        
 
@@ -839,7 +839,7 @@ 
        OAuth2::Response
        
 will return an instance of the #OAuth2::Response class.
        
 
 
        This instance contains a #parsed method that will parse the response body and
        
-return a Hash-like SnakyHash::StringKeyed if the Content-Type is application/x-www-form-urlencoded or if
        
+return a Hash-like SnakyHash::StringKeyed if the Content-Type is application/x-www-form-urlencoded or if
        
 the body is a JSON object.  It will return an Array if the body is a JSON
        
 array.  Otherwise, it will return the original body string.
        
 
@@ -869,11 +869,11 @@ 
        Authorization Grants
        
 
 
        Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
        
 authentication grant types have helper strategy classes that simplify client
        
-use. They are available via the #auth_code,
        
-#implicit,
        
-#password,
        
-#client_credentials, and
        
-#assertion methods respectively.
        
+use. They are available via the #auth_code,
        
+#implicit,
        
+#password,
        
+#client_credentials, and
        
+#assertion methods respectively.
        
 
 
        These aren’t full examples, but demonstrative of the differences between usage for each strategy.
        
 
        auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth/callback")
@@ -919,7 +919,7 @@ 
        🔐 Security
        
 
        🤝 Contributing
        
 
 
        If you need some ideas of where to help, you could work on adding more code coverage,
        
-or if it is already 💯 (see below) check issues, or PRs,
        
+or if it is already 💯 (see below) check issues, or PRs,
        
 or use the gem and think about how it could be better.
        
 
 
        We Keep A Changelog so if you make changes, remember to update it.
        
@@ -932,8 +932,8 @@ 
        🚀 Release Instructions
        
 
 
        Code Coverage
        
 
-
        Coveralls Test Coverage
        
-QLTY Test Coverage
        
+
        Coveralls Test Coverage
        
+QLTY Test Coverage
        
 
 
        🪇 Code of Conduct
        
 
@@ -942,19 +942,19 @@ 
        🪇 Code of Conduct
        
 
 
        🌈 Contributors
        
 
-
        Contributors
        
+
        Contributors
        
 
 
        Made with contributors-img.
        
 
-
        Also see GitLab Contributors: https://gitlab.com/oauth-xx/oauth2/-/graphs/main
        
+
        Also see GitLab Contributors: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main
        
 
 
        ⭐️ Star History
        
 
-
        
+
        
 
-     
-     
-   Star History Chart
+     
+     
+   Star History Chart
  
 
        </a>
        
 
@@ -1015,7 +1015,7 @@ 
        © Copyright
        
         
             Galtzo.com
             
-              Galtzo.com Logo by Aboling0, CC BY-SA 4.0
+              Galtzo.com Logo by Aboling0, CC BY-SA 4.0
             
         , and oauth2 contributors
     
diff --git a/gemfiles/modular/runtime_heads.gemfile b/gemfiles/modular/runtime_heads.gemfile
index ca10f1dd..a3c5115c 100644
--- a/gemfiles/modular/runtime_heads.gemfile
+++ b/gemfiles/modular/runtime_heads.gemfile
@@ -21,7 +21,7 @@ gem "multi_xml", github: "sferik/multi_xml", branch: "master"
 gem "rack", github: "rack/rack", branch: "main"
 
 # Ruby >= 2.2
-gem "version_gem", github: "oauth-xx/version_gem", branch: "main"
+gem "version_gem", github: "ruby-oauth/version_gem", branch: "main"
 
 # Ruby >= 2.2
-gem "snaky_hash", github: "oauth-xx/snaky_hash", branch: "main"
+gem "snaky_hash", github: "ruby-oauth/snaky_hash", branch: "main"
diff --git a/oauth2.gemspec b/oauth2.gemspec
index 8a84af31..2140e8e7 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
 
   # Linux distros often package gems and securely certify them independent
   #   of the official RubyGem certification process. Allowed via ENV["SKIP_GEM_SIGNING"]
-  # Ref: https://gitlab.com/oauth-xx/version_gem/-/issues/3
+  # Ref: https://gitlab.com/ruby-oauth/version_gem/-/issues/3
   # Hence, only enable signing if `SKIP_GEM_SIGNING` is not set in ENV.
   # See CONTRIBUTING.md
   unless ENV.include?("SKIP_GEM_SIGNING")
@@ -35,8 +35,8 @@ Gem::Specification.new do |spec|
     end
   end
 
-  gl_homepage = "https://gitlab.com/oauth-xx/#{spec.name}"
-  gh_mirror = "https://github.com/oauth-xx/#{spec.name}"
+  gl_homepage = "https://gitlab.com/ruby-oauth/#{spec.name}"
+  gh_mirror = "https://github.com/ruby-oauth/#{spec.name}"
 
   spec.summary = "OAuth 2.0 Core Ruby implementation"
   spec.description = "Ruby wrapper for the OAuth 2.0 protocol"

From d3bb6c71190a511fbe39fa5aca36037dee75a561 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Wed, 6 Aug 2025 13:33:06 -0600
Subject: [PATCH 487/645] =?UTF-8?q?=F0=9F=9A=A8=20Update=20lint=20lock?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .rubocop_gradual.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index e13c27da..187d1bef 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -21,7 +21,7 @@
   "lib/oauth2/response.rb:2054901929": [
     [53, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427]
   ],
-  "oauth2.gemspec:1143666092": [
+  "oauth2.gemspec:2662087024": [
     [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028]
   ],
   "spec/oauth2/access_token_spec.rb:1202129469": [

From b265f0573de4a7c240931febf597ce0801e37bd7 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Wed, 6 Aug 2025 20:20:01 -0600
Subject: [PATCH 488/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20logos?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Improve documentation
- Update references to appraisal2
---
 README.md                                     | 43 +++++------
 docs/OAuth2.html                              |  4 +-
 docs/OAuth2/AccessToken.html                  |  4 +-
 docs/OAuth2/Authenticator.html                |  4 +-
 docs/OAuth2/Client.html                       | 10 +--
 docs/OAuth2/Error.html                        |  4 +-
 docs/OAuth2/FilteredAttributes.html           |  4 +-
 .../FilteredAttributes/ClassMethods.html      |  4 +-
 docs/OAuth2/Response.html                     |  4 +-
 docs/OAuth2/Strategy.html                     |  4 +-
 docs/OAuth2/Strategy/Assertion.html           |  4 +-
 docs/OAuth2/Strategy/AuthCode.html            |  4 +-
 docs/OAuth2/Strategy/Base.html                |  4 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |  4 +-
 docs/OAuth2/Strategy/Implicit.html            |  4 +-
 docs/OAuth2/Strategy/Password.html            |  4 +-
 docs/OAuth2/Version.html                      |  4 +-
 docs/_index.html                              |  4 +-
 docs/file.CHANGELOG.html                      |  4 +-
 docs/file.CITATION.html                       |  4 +-
 docs/file.CODE_OF_CONDUCT.html                |  4 +-
 docs/file.CONTRIBUTING.html                   | 12 +--
 docs/file.LICENSE.html                        |  4 +-
 docs/file.README.html                         | 76 ++++++++-----------
 docs/file.SECURITY.html                       |  4 +-
 docs/index.html                               | 76 ++++++++-----------
 docs/top-level-namespace.html                 |  4 +-
 27 files changed, 140 insertions(+), 165 deletions(-)

diff --git a/README.md b/README.md
index c45af75f..2f99ca3e 100644
--- a/README.md
+++ b/README.md
@@ -1,14 +1,11 @@
-
        
-    
-      Galtzo.com Logo by Aboling0, CC BY-SA 4.0
-    
-    
-      OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0
-    
-    
-      Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5
-    
-
        
+[![Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0][🖼️galtzo-i]][🖼️galtzo-discord] [![oauth2 Logo by Chris Messina, CC BY-SA 3.0][🖼️oauth2-i]][🖼️oauth2] [![ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5][🖼️ruby-lang-i]][🖼️ruby-lang]
+
+[🖼️galtzo-i]: https://logos.galtzo.com/assets/images/galtzo-floss/avatar-192px.svg
+[🖼️galtzo-discord]: https://discord.gg/3qme4XHNKN
+[🖼️oauth2-i]: https://logos.galtzo.com/assets/images/oauth/oauth2/avatar-192px.svg
+[🖼️oauth2]: https://oauth.net/
+[🖼️ruby-lang-i]: https://logos.galtzo.com/assets/images/ruby-lang/avatar-192px.svg
+[🖼️ruby-lang]: https://github.com/ruby-lang
 
 ## 🔐 OAuth2
 
@@ -50,6 +47,10 @@ What does that mean specifically for the runtime dependencies?
 We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
 covering the latest patch for each of the following minor versions:
 
+| 🚚 _Amazing_ test matrix was brought to you by | 🔎 appraisal2 🔎                                                                     |
+|------------------------------------------------|--------------------------------------------------------------------------------------|
+| 👟 Check it out!                               | ✨ [github.com/appraisal-rb/appraisal2](https://github.com/appraisal-rb/appraisal2) ✨ |
+
 * MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
   * NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
 * JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
@@ -81,12 +82,6 @@ Also, where reasonable, tested against the runtime dependencies of those depende
 
 \* MIT license; I am unable to make guarantees.
 
-| 🚚 Test matrix brought to you by | 🔎 appraisal++                                                          |
-|----------------------------------|-------------------------------------------------------------------------|
-| Adds back support for old Rubies | ✨ [appraisal PR #250](https://github.com/thoughtbot/appraisal/pull/250) |
-| Adds support for `eval_gemfile`  | ✨ [appraisal PR #248](https://github.com/thoughtbot/appraisal/pull/248) |
-| Please review                    | my PRs!                                                                 |
-
 
        
   Standard Library Dependencies
 
@@ -98,7 +93,7 @@ The various versions of each are tested via the Ruby test matrix, along with wha
 * time
 * logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10)
 
-If you use a gem version it should work fine!
+If you use a gem version of a core Ruby library it should work fine!
 
 
        
 
@@ -785,7 +780,7 @@ For example:
 spec.add_dependency("oauth2", "~> 2.0")
 ```
 
-See [CHANGELOG.md][📌changelog] for a list of releases.
+See [CHANGELOG.md][📌changelog] for list of releases.
 
 ## 📄 License
 
@@ -801,7 +796,7 @@ See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright
         
             Galtzo.com
             
-              Galtzo.com Logo by Aboling0, CC BY-SA 4.0
+              Galtzo.com Logo (Wordless) by Aboling0, CC BY-SA 4.0
             
         , and oauth2 contributors
     
@@ -822,7 +817,7 @@ or one of smaller ones, depending on button size preference.
 
 [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
 
-P.S. Use the gem => Discord for help
+P.S. If you need help️, or want to say thanks, 👇 Join the Discord.
 
 [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite]
 
@@ -937,6 +932,10 @@ P.S. Use the gem => Discord for help
 [🚎12-crh-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/current-runtime-heads.yml/badge.svg
 [🚎13-cbs-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/caboose.yml
 [🚎13-cbs-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/caboose.yml/badge.svg
+[🚎13-🔒️-wf]: https://github.com/galtzo-floss/rspec-stubbed_env/actions/workflows/deps_locked.yml
+[🚎13-🔒️-wfi]: https://github.com/galtzo-floss/rspec-stubbed_env/actions/workflows/deps_locked.yml/badge.svg
+[🚎14-🔓️-wf]: https://github.com/galtzo-floss/rspec-stubbed_env/actions/workflows/deps_unlocked.yml
+[🚎14-🔓️-wfi]: https://github.com/galtzo-floss/rspec-stubbed_env/actions/workflows/deps_unlocked.yml/badge.svg
 [💎ruby-2.3i]: https://img.shields.io/badge/Ruby-2.3-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
 [💎ruby-2.4i]: https://img.shields.io/badge/Ruby-2.4-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
 [💎ruby-2.5i]: https://img.shields.io/badge/Ruby-2.5-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
@@ -996,7 +995,7 @@ P.S. Use the gem => Discord for help
 [📄ilo-declaration-img]: https://img.shields.io/badge/ILO_Fundamental_Principles-✓-259D6C.svg?style=flat
 [🚎yard-current]: http://rubydoc.info/gems/oauth2
 [🚎yard-head]: https://oauth2.galtzo.com
-[💎stone_checksums]: https://github.com/pboling/stone_checksums
+[💎stone_checksums]: https://github.com/galtzo-floss/stone_checksums
 [💎SHA_checksums]: https://gitlab.com/ruby-oauth/oauth2/-/tree/main/checksums
 [💎rlts]: https://github.com/rubocop-lts/rubocop-lts
 [💎rlts-img]: https://img.shields.io/badge/code_style_%26_linting-rubocop--lts-34495e.svg?plastic&logo=ruby&logoColor=white
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 8965ec1b..30651721 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,9 +326,9 @@ 
        
 
 
       
 
     
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 2ef8586b..364f79bf 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,9 +3069,9 @@ 
        
 
 
       
 
     
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 3c19d083..98ecd6f1 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,9 +631,9 @@ 
        
 
 
       
 
     
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 90b3bce6..2502c156 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2478,10 +2478,10 @@ 
        
 
 def revoke_token(token, token_type_hint = nil, params = {}, &block)
   params[:token_method] ||= :post_with_query_string
+  params[:token] = token
+  params[:token_type_hint] = token_type_hint if token_type_hint
+
   req_opts = params_to_req_opts(params)
-  req_opts[:params] ||= {}
-  req_opts[:params][:token] = token
-  req_opts[:params][:token_type_hint] = token_type_hint if token_type_hint
 
   request(http_method, revoke_url, req_opts, &block)
 end
        
@@ -2651,9 +2651,9 @@ 
        
 
 
       
 
     
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 3596ee51..81740c8e 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,9 +518,9 @@ 
        
 
 
       
 
     
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 8d9cb80d..c9daa3e8 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,9 +268,9 @@ 
        
 
 
       
 
     
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index af512245..ff5413b1 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,9 +218,9 @@ 
        
 
 
       
 
     
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 627a6364..eaf76049 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,9 +1619,9 @@ 
        
 
 
       
 
     
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index b9db6e00..f981b2b0 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,9 +107,9 @@ 
        Defined Under Namespace
        
 
 
       
 
     
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 9c3c19d0..688e659d 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,9 +481,9 @@ 
        
 
 
       
 
     
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 3d31c3a4..4bde6671 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,9 +469,9 @@ 
        
 
 
       
 
     
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index af912a8f..24715d21 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,9 +195,9 @@ 
        
 
 
       
 
     
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 0865f7d3..9a3e829d 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,9 +343,9 @@ 
        
 
 
       
 
     
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 5eb18e43..0f940078 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,9 +410,9 @@ 
        
 
 
       
 
     
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index a9c531c9..4e07f01e 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,9 +364,9 @@ 
        
 
 
       
 
     
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 8526fa53..e2e2353d 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,9 +111,9 @@ 
        
 
 
       
 
     
diff --git a/docs/_index.html b/docs/_index.html
index 054614ff..552d8087 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -303,9 +303,9 @@ 
        Namespace Listing A-Z
        
 
 
       
 
     
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index fd9288b7..d25e0561 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -840,9 +840,9 @@ 
        
 
 
       
 
     
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 846b2d02..c4495d09 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -85,9 +85,9 @@
 
 
       
 
     
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 617e886c..f78d722f 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -192,9 +192,9 @@ 
        Attribution
        
 
 
       
 
     
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 59a3b495..f4836143 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -106,26 +106,26 @@ 
        The Reek List
        
 
 
        To refresh the reek list:
        
 
-
        bundle exec reek > REEK
+
        bundle exec reek > REEK
 
        
 
 
        Run Tests
        
 
 
        To run all tests
        
 
-
        bundle exec rake test
+
        bundle exec rake test
 
        
 
 
        Lint It
        
 
 
        Run all the default tasks, which includes running the gradually autocorrecting linter, rubocop-gradual.
        
 
-
        bundle exec rake
+
        bundle exec rake
 
        
 
 
        Or just run the linter.
        
 
-
        bundle exec rake rubocop_gradual:autocorrect
+
        bundle exec rake rubocop_gradual:autocorrect
 
        
 
 
        Contributors
        
@@ -193,9 +193,9 @@ 
        To release a new version:
        
 
 
       
 
     
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 97690926..a62a9896 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,9 +60,9 @@
       
        MIT License

        Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
        Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:

        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.

        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
 
       
 
     
diff --git a/docs/file.README.html b/docs/file.README.html
index f76e10dd..92b1b27a 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -57,17 +57,7 @@
         
        
       
 
-      
        
-    
-      Galtzo.com Logo by Aboling0, CC BY-SA 4.0
-    
-    
-      OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0
-    
-    
-      Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5
-    
-
        
+      
        Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 oauth2 Logo by Chris Messina, CC BY-SA 3.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5
        
 
 
        🔐 OAuth2
        
 
@@ -167,6 +157,21 @@ 
        Upgrading Runtime Gem DependenciesWe have 100% test coverage of lines and branches, and this test suite runs across a large matrix
        
 covering the latest patch for each of the following minor versions:
        
 
+
        
   
        
-      
        # File 'lib/oauth2/response.rb', line 62
+      
        # File 'lib/oauth2/response.rb', line 84
 
 def headers
   response.headers
@@ -897,7 +1304,7 @@ 
        
   
 
        
   
        
-    
        The #response #body as parsed by #parser.
        
+    
        The parsed response body
        
 
 
   
        
@@ -915,7 +1322,7 @@ 
        
       
       
         —
-        
        As returned by #parser if #call-able; snaky hash if options[:snaky].
        
+        
        The parsed response body
        
 
        
       
     
@@ -928,7 +1335,22 @@ 
        
       
       
         —
-        
        If the #parser is not #call-able.
        
+        
        If no parser is available
        
+
        
+      
+    
+  
+
+
        Since:
        
+
          
+  
+    
        • 
+      
+      
+      
+      
+        
+        
          1.0.0
          
 
          
       
     
          • 
@@ -941,31 +1363,31 @@ 
          
       
           
 
-80
-81
-82
-83
-84
-85
-86
-87
-88
-89
-90
-91
-92
-93
-94
-95
-96
-97
-98
-99
-100
-101
          
+106
+107
+108
+109
+110
+111
+112
+113
+114
+115
+116
+117
+118
+119
+120
+121
+122
+123
+124
+125
+126
+127
        
     
        		
     
-      
        # File 'lib/oauth2/response.rb', line 80
+      
        # File 'lib/oauth2/response.rb', line 106
 
 def parsed
   return @parsed if defined?(@parsed)
@@ -1005,19 +1427,30 @@ 
        
   
 
        
   
        
-    
        Determines the parser (a Proc or other Object which responds to #call)
        
-that will be passed the #body (and optional #response) to supply
        
-#parsed.
        
-
-
        The parser can be supplied as the +:parse+ option in the form of a Proc
        
+    
+  
        
+    Note:
+    
        The parser can be supplied as the +:parse+ option in the form of a Proc
        
 (or other Object responding to #call) or a Symbol. In the latter case,
        
 the actual parser will be looked up in @@parsers by the supplied Symbol.
        
+
        
+  
        
 
-
        If no +:parse+ option is supplied, the lookup Symbol will be determined
        
+  
        
+    Note:
+    
        If no +:parse+ option is supplied, the lookup Symbol will be determined
        
 by looking up #content_type in @@content_types.
        
+
        
+  
        
 
-
        If #parser is a Proc, it will be called with no arguments, just
        
+  
        
+    Note:
+    
        If #parser is a Proc, it will be called with no arguments, just
        
 #body, or #body and #response, depending on the Proc’s arity.
        
+
        
+  
        
+
+
        Determines the parser to be used for the response body
        
 
 
   
        
@@ -1035,7 +1468,7 @@ 
        
       
       
         —
-        
        If a parser was found.
        
+        
        The parser proc or callable object
        
 
        
       
     
@@ -1048,7 +1481,22 @@ 
        
       
       
         —
-        
        If no parser was found.
        
+        
        If no suitable parser is found
        
+
        
+      
+    
+  
+
+
        Since:
        
+
          
+  
+    
        • 
+      
+      
+      
+      
+        
+        
          1.0.0
          
 
          
       
     
          • 
@@ -1061,21 +1509,21 @@ 
          
       
           
 
-126
-127
-128
-129
-130
-131
-132
-133
-134
-135
-136
-137
          
+152
+153
+154
+155
+156
+157
+158
+159
+160
+161
+162
+163
        
     
        		
     
-      
        # File 'lib/oauth2/response.rb', line 126
+      
        # File 'lib/oauth2/response.rb', line 152
 
 def parser
   return @parser if defined?(@parser)
@@ -1097,7 +1545,7 @@ 
        
       
        
   
        
   
-    #statusObject 
+    #statusInteger 
   
 
   
@@ -1112,6 +1560,38 @@ 
        
 
        
 
        
   
+
        Returns:
        
+
          
+  
+    
        • 
+      
+      
+        (Integer)
+      
+      
+      
+        —
+        
          The response status code
          
+
          
+      
+    
          • 
+  
+
        
+
        Since:
        
+
          
+  
+    
        • 
+      
+      
+      
+      
+        
+        
          1.0.0
          
+
          
+      
+    
          • 
+  
+
        
 
 
        
@@ -1119,12 +1599,12 @@ 
        
       
         
 
-67
-68
-69
        
+91
+92
+93
     
     
        
@@ -969,7 +969,7 @@ 
        🤑 One more thing
        
diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html
index 5f4601b5..db919210 100644
--- a/doc/file.SECURITY.html
+++ b/doc/file.SECURITY.html
@@ -110,7 +110,7 @@ 
        OAuth2 for Enterprise
        
diff --git a/doc/index.html b/doc/index.html
index eb2bacab..00058e1f 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -330,7 +330,7 @@ 
        💡 Info you can shake a stick at
        
@@ -969,7 +969,7 @@ 
        🤑 One more thing
        
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index e5f77ac8..ea52016c 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb
index 20a06277..41d97338 100644
--- a/lib/oauth2/client.rb
+++ b/lib/oauth2/client.rb
@@ -342,6 +342,18 @@ def redirection_params
 
   private
 
+    # Processes request parameters and transforms them into request options
+    #
+    # @param [Hash] params the request parameters to process
+    # @option params [Symbol] :parse (:automatic) parsing strategy for the response
+    # @option params [Boolean] :snaky (true) whether to convert response keys to snake_case
+    # @option params [Class] :snaky_hash_klass (SnakyHash::StringKeyed) class to use for snake_case hash conversion
+    # @option params [Symbol] :token_method (:post) HTTP method to use for token request
+    # @option params [Hash] :headers Additional HTTP headers for the request
+    #
+    # @return [Hash] the processed request options
+    #
+    # @api private
     def params_to_req_opts(params)
       parse, snaky, snaky_hash_klass, token_method, params, headers = parse_snaky_params_headers(params)
       req_opts = {
@@ -369,19 +381,22 @@ def params_to_req_opts(params)
       req_opts
     end
 
-    # Processes and transforms the input parameters for OAuth requests
+    # Processes and transforms parameters for OAuth requests
     #
     # @param [Hash] params the input parameters to process
-    # @option params [Symbol, nil] :parse (:automatic) parsing strategy for the response
+    # @option params [Symbol] :parse (:automatic) parsing strategy for the response
     # @option params [Boolean] :snaky (true) whether to convert response keys to snake_case
+    # @option params [Class] :snaky_hash_klass (SnakyHash::StringKeyed) class to use for snake_case hash conversion
+    # @option params [Symbol] :token_method overrides the default token method for this request
     # @option params [Hash] :headers HTTP headers for the request
     #
-    # @return [Array<(Symbol, Boolean, Hash, Hash)>] Returns an array containing:
-    #   - [Symbol, nil] parse strategy
-    #   - [Boolean] snaky flag for response key transformation
-    #   - [Symbol, nil] token_method overrides options[:token_method] for a request
-    #   - [Hash] processed parameters
-    #   - [Hash] HTTP headers
+    # @return [Array<(Symbol, Boolean, Class, Symbol, Hash, Hash)>] Returns an array containing:
+    #   - parse strategy (Symbol)
+    #   - snaky flag for response key transformation (Boolean)
+    #   - hash class for snake_case conversion (Class)
+    #   - token method override (Symbol, nil)
+    #   - processed parameters (Hash)
+    #   - HTTP headers (Hash)
     #
     # @api private
     def parse_snaky_params_headers(params)
diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb
index dec1e8c4..fb47c381 100644
--- a/lib/oauth2/response.rb
+++ b/lib/oauth2/response.rb
@@ -5,24 +5,39 @@
 require "rack"
 
 module OAuth2
-  # OAuth2::Response class
+  # The Response class handles HTTP responses in the OAuth2 gem, providing methods
+  # to access and parse response data in various formats.
+  #
+  # @since 1.0.0
   class Response
+    # Default configuration options for Response instances
+    #
+    # @return [Hash] The default options hash
     DEFAULT_OPTIONS = {
       parse: :automatic,
       snaky: true,
       snaky_hash_klass: SnakyHash::StringKeyed,
     }.freeze
+
+    # @return [Faraday::Response] The raw Faraday response object
     attr_reader :response
+
+    # @return [Hash] The options hash for this instance
     attr_accessor :options
 
-    # Procs that, when called, will parse a response body according
-    # to the specified format.
+    # @private
+    # Storage for response body parser procedures
+    #
+    # @return [Hash] Hash of parser procs keyed by format symbol
     @@parsers = {
       query: ->(body) { Rack::Utils.parse_query(body) },
       text: ->(body) { body },
     }
 
-    # Content type assignments for various potential HTTP content types.
+    # @private
+    # Maps content types to parser symbols
+    #
+    # @return [Hash] Hash of content types mapped to parser symbols
     @@content_types = {
       "application/x-www-form-urlencoded" => :query,
       "text/plain" => :text,
@@ -30,9 +45,11 @@ class Response
 
     # Adds a new content type parser.
     #
-    # @param [Symbol] key A descriptive symbol key such as :json or :query.
-    # @param [Array] mime_types One or more mime types to which this parser applies.
-    # @yield [String] A block returning parsed content.
+    # @param [Symbol] key A descriptive symbol key such as :json or :query
+    # @param [Array, String] mime_types One or more mime types to which this parser applies
+    # @yield [String] Block that will be called to parse the response body
+    # @yieldparam [String] body The response body to parse
+    # @return [void]
     def self.register_parser(key, mime_types, &block)
       key = key.to_sym
       @@parsers[key] = block
@@ -44,11 +61,14 @@ def self.register_parser(key, mime_types, &block)
     # Initializes a Response instance
     #
     # @param [Faraday::Response] response The Faraday response instance
-    # @param [Symbol] parse (:automatic) how to parse the response body.  one of :query (for x-www-form-urlencoded),
-    #   :json, or :automatic (determined by Content-Type response header)
-    # @param [true, false] snaky (true) Convert @parsed to a snake-case,
-    #   indifferent-access SnakyHash::StringKeyed, which is a subclass of Hashie::Mash (from hashie gem)?
-    # @param [Hash] options all other options for initializing the instance
+    # @param [Symbol] parse (:automatic) How to parse the response body
+    # @param [Boolean] snaky (true) Whether to convert parsed response to snake_case using SnakyHash
+    # @param [Class, nil] snaky_hash_klass (nil) Custom class for snake_case hash conversion
+    # @param [Hash] options Additional options for the response
+    # @option options [Symbol] :parse (:automatic) Parse strategy (:query, :json, or :automatic)
+    # @option options [Boolean] :snaky (true) Enable/disable snake_case conversion
+    # @option options [Class] :snaky_hash_klass (SnakyHash::StringKeyed) Class to use for hash conversion
+    # @return [OAuth2::Response] The new Response instance
     def initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil, **options)
       @response = response
       @options = {
@@ -59,24 +79,30 @@ def initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil,
     end
 
     # The HTTP response headers
+    #
+    # @return [Hash] The response headers
     def headers
       response.headers
     end
 
     # The HTTP response status code
+    #
+    # @return [Integer] The response status code
     def status
       response.status
     end
 
     # The HTTP response body
+    #
+    # @return [String] The response body or empty string if nil
     def body
       response.body || ""
     end
 
-    # The {#response} {#body} as parsed by {#parser}.
+    # The parsed response body
     #
-    # @return [Object, SnakyHash::StringKeyed] As returned by {#parser} if #call-able; snaky hash if options[:snaky].
-    # @return [nil] If the {#parser} is not #call-able.
+    # @return [Object, SnakyHash::StringKeyed] The parsed response body
+    # @return [nil] If no parser is available
     def parsed
       return @parsed if defined?(@parsed)
 
@@ -100,29 +126,29 @@ def parsed
       @parsed
     end
 
-    # Attempts to determine the content type of the response.
+    # Determines the content type of the response
+    #
+    # @return [String, nil] The content type or nil if headers are not present
     def content_type
       return unless response.headers
 
       ((response.headers.values_at("content-type", "Content-Type").compact.first || "").split(";").first || "").strip.downcase
     end
 
-    # Determines the parser (a Proc or other Object which responds to #call)
-    # that will be passed the {#body} (and optional {#response}) to supply
-    # {#parsed}.
+    # Determines the parser to be used for the response body
     #
-    # The parser can be supplied as the +:parse+ option in the form of a Proc
-    # (or other Object responding to #call) or a Symbol. In the latter case,
-    # the actual parser will be looked up in {@@parsers} by the supplied Symbol.
+    # @note The parser can be supplied as the +:parse+ option in the form of a Proc
+    #       (or other Object responding to #call) or a Symbol. In the latter case,
+    #       the actual parser will be looked up in {@@parsers} by the supplied Symbol.
     #
-    # If no +:parse+ option is supplied, the lookup Symbol will be determined
-    # by looking up {#content_type} in {@@content_types}.
+    # @note If no +:parse+ option is supplied, the lookup Symbol will be determined
+    #       by looking up {#content_type} in {@@content_types}.
     #
-    # If {#parser} is a Proc, it will be called with no arguments, just
-    # {#body}, or {#body} and {#response}, depending on the Proc's arity.
+    # @note If {#parser} is a Proc, it will be called with no arguments, just
+    #       {#body}, or {#body} and {#response}, depending on the Proc's arity.
     #
-    # @return [Proc, #call] If a parser was found.
-    # @return [nil] If no parser was found.
+    # @return [Proc, #call] The parser proc or callable object
+    # @return [nil] If no suitable parser is found
     def parser
       return @parser if defined?(@parser)
 
@@ -138,12 +164,16 @@ def parser
   end
 end
 
+# Register XML parser
+# @api private
 OAuth2::Response.register_parser(:xml, ["text/xml", "application/rss+xml", "application/rdf+xml", "application/atom+xml", "application/xml"]) do |body|
   next body unless body.respond_to?(:to_str)
 
   MultiXml.parse(body)
 end
 
+# Register JSON parser
+# @api private
 OAuth2::Response.register_parser(:json, ["application/json", "text/javascript", "application/hal+json", "application/vnd.collection+json", "application/vnd.api+json", "application/problem+json"]) do |body|
   next body unless body.respond_to?(:to_str)
 

From 5f5bf7f03fa701e499cdbb47744a9dbad62f2e3a Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 23 May 2025 11:59:03 +0700
Subject: [PATCH 421/645] =?UTF-8?q?=F0=9F=92=9A=20Fix=20CI=20for=20Ruby=20?=
 =?UTF-8?q?<=202.4.2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .rubocop_gradual.lock                         |  2 +-
 CHANGELOG.md                                  |  5 +-
 REEK                                          | 56 +++++++++----------
 doc/OAuth2.html                               |  2 +-
 doc/OAuth2/AccessToken.html                   |  2 +-
 doc/OAuth2/Authenticator.html                 |  2 +-
 doc/OAuth2/Client.html                        |  2 +-
 doc/OAuth2/Error.html                         |  2 +-
 doc/OAuth2/FilteredAttributes.html            |  2 +-
 .../FilteredAttributes/ClassMethods.html      |  2 +-
 doc/OAuth2/Response.html                      |  2 +-
 doc/OAuth2/Strategy.html                      |  2 +-
 doc/OAuth2/Strategy/Assertion.html            |  2 +-
 doc/OAuth2/Strategy/AuthCode.html             |  2 +-
 doc/OAuth2/Strategy/Base.html                 |  2 +-
 doc/OAuth2/Strategy/ClientCredentials.html    |  2 +-
 doc/OAuth2/Strategy/Implicit.html             |  2 +-
 doc/OAuth2/Strategy/Password.html             |  2 +-
 doc/OAuth2/Version.html                       |  2 +-
 doc/_index.html                               |  2 +-
 doc/file.CHANGELOG.html                       | 17 ++++--
 doc/file.CODE_OF_CONDUCT.html                 |  2 +-
 doc/file.CONTRIBUTING.html                    |  2 +-
 doc/file.LICENSE.html                         |  2 +-
 doc/file.README.html                          |  2 +-
 doc/file.SECURITY.html                        |  2 +-
 doc/index.html                                |  2 +-
 doc/top-level-namespace.html                  |  2 +-
 spec/oauth2/response_spec.rb                  | 35 +++++++++---
 29 files changed, 98 insertions(+), 65 deletions(-)

diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index df4b303e..eaf00efa 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -65,7 +65,7 @@
     [375, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910],
     [391, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233]
   ],
-  "spec/oauth2/response_spec.rb:1229128056": [
+  "spec/oauth2/response_spec.rb:2248532534": [
     [3, 1, 31, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/response*_spec.rb`.", 3190869319]
   ],
   "spec/oauth2/strategy/assertion_spec.rb:793170256": [
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3b03f4da..b55b576c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 - BRANCH COVERAGE: 100.00% -- 172/172 branches in 14 files
 - 80.00% documented
 ### Added
+- [gh651](https://github.com/oauth-xx/oauth2/pull/651) - `:snaky_hash_klass` option (@pboling)
 - More documentation
 - Codeberg as ethical mirror (@pboling)
   - https://codeberg.org/oauth-xx/oauth2
@@ -27,8 +28,10 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 - Documentation site on GitHub Pages (@pboling)
   - [oauth2.galtzo.com](https://oauth2.galtzo.com)
 - [!649](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/649) - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
+- [gh651](https://github.com/oauth-xx/oauth2/pull/651) - Mock OAuth2 server for testing (@pboling)
+  - https://github.com/navikt/mock-oauth2-server
 ### Changed
-- Upgraded to snaky_hash v2.0.2 (@pboling)
+- [gh651](https://github.com/oauth-xx/oauth2/pull/651) - Upgraded to snaky_hash v2.0.3 (@pboling)
   - Provides solution for serialization issues
 - Updated `spec.homepage_uri` in gemspec to GitHub Pages YARD documentation site (@pboling)
 ### Fixed
diff --git a/REEK b/REEK
index b6f33d5c..5f8ba210 100644
--- a/REEK
+++ b/REEK
@@ -1,9 +1,9 @@
 spec/oauth2/access_token_spec.rb -- 1 warning:
   [300, 301]:DuplicateMethodCall: assert_initialized_token calls 'target.params' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
 spec/oauth2/client_spec.rb -- 3 warnings:
-  [1072]:UnusedParameters: initialize has unused parameter 'client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Unused-Parameters.md]
-  [1072]:UnusedParameters: initialize has unused parameter 'hash' [https://github.com/troessner/reek/blob/v6.5.0/docs/Unused-Parameters.md]
-  [1208]:UtilityFunction: stubbed_client doesn't depend on instance state (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Utility-Function.md]
+  [1084]:UnusedParameters: initialize has unused parameter 'client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Unused-Parameters.md]
+  [1084]:UnusedParameters: initialize has unused parameter 'hash' [https://github.com/troessner/reek/blob/v6.5.0/docs/Unused-Parameters.md]
+  [1220]:UtilityFunction: stubbed_client doesn't depend on instance state (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Utility-Function.md]
 spec/oauth2/error_spec.rb -- 3 warnings:
   [10]:IrresponsibleModule: XmledString has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
   [4]:SubclassedFromCoreClass: StirredHash inherits from core class 'Hash' [https://github.com/troessner/reek/blob/v6.5.0/docs/Subclassed-From-Core-Class.md]
@@ -43,32 +43,32 @@ lib/oauth2/authenticator.rb -- 5 warnings:
 lib/oauth2/client.rb -- 28 warnings:
   [28]:Attribute: OAuth2::Client#connection is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
   [27]:Attribute: OAuth2::Client#options is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
-  [208, 469, 536]:DataClump: OAuth2::Client takes parameters ['access_token_opts', 'extract_access_token'] to 3 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Data-Clump.md]
-  [469, 492, 517, 536]:DataClump: OAuth2::Client takes parameters ['access_token_opts', 'response'] to 4 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Data-Clump.md]
+  [208, 485, 552]:DataClump: OAuth2::Client takes parameters ['access_token_opts', 'extract_access_token'] to 3 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Data-Clump.md]
+  [485, 508, 533, 552]:DataClump: OAuth2::Client takes parameters ['access_token_opts', 'response'] to 4 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Data-Clump.md]
   [89, 90]:DuplicateMethodCall: OAuth2::Client#connection calls 'options[:connection_build]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [433, 433]:DuplicateMethodCall: OAuth2::Client#execute_request calls 'req_opts[:params]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
+  [449, 449]:DuplicateMethodCall: OAuth2::Client#execute_request calls 'req_opts[:params]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
   [336, 337]:DuplicateMethodCall: OAuth2::Client#redirection_params calls 'options[:redirect_uri]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
   [152, 153, 154]:DuplicateMethodCall: OAuth2::Client#request calls 'req_opts[:redirect_count]' 3 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
   [260, 261, 262]:DuplicateMethodCall: OAuth2::Client#revoke_token calls 'req_opts[:params]' 3 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [519, 519]:FeatureEnvy: OAuth2::Client#build_access_token refers to 'access_token' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
-  [354, 357, 363, 365, 366, 368]:FeatureEnvy: OAuth2::Client#params_to_req_opts refers to 'req_opts' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
-  [388, 395, 395, 396, 396, 397, 397, 400]:FeatureEnvy: OAuth2::Client#parse_snaky_params_headers refers to 'params' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
+  [535, 535]:FeatureEnvy: OAuth2::Client#build_access_token refers to 'access_token' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
+  [366, 369, 375, 377, 378, 380]:FeatureEnvy: OAuth2::Client#params_to_req_opts refers to 'req_opts' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
+  [403, 410, 410, 411, 411, 412, 412, 413, 413, 416]:FeatureEnvy: OAuth2::Client#parse_snaky_params_headers refers to 'params' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
   [16]:IrresponsibleModule: OAuth2::ConnectionError has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
   [17]:IrresponsibleModule: OAuth2::TimeoutError has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
-  [519]:ManualDispatch: OAuth2::Client#build_access_token manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md]
+  [535]:ManualDispatch: OAuth2::Client#build_access_token manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md]
   [20]:TooManyInstanceVariables: OAuth2::Client has at least 5 instance variables [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Instance-Variables.md]
   [20]:TooManyMethods: OAuth2::Client has at least 25 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Methods.md]
-  [424]:TooManyStatements: OAuth2::Client#execute_request has approx 16 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
+  [440]:TooManyStatements: OAuth2::Client#execute_request has approx 16 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
   [208]:TooManyStatements: OAuth2::Client#get_token has approx 6 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [346]:TooManyStatements: OAuth2::Client#params_to_req_opts has approx 9 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [492]:TooManyStatements: OAuth2::Client#parse_response has approx 6 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [387]:TooManyStatements: OAuth2::Client#parse_snaky_params_headers has approx 11 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
+  [357]:TooManyStatements: OAuth2::Client#params_to_req_opts has approx 9 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
+  [508]:TooManyStatements: OAuth2::Client#parse_response has approx 6 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
+  [402]:TooManyStatements: OAuth2::Client#parse_snaky_params_headers has approx 13 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
   [146]:TooManyStatements: OAuth2::Client#request has approx 18 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
   [257]:TooManyStatements: OAuth2::Client#revoke_token has approx 6 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
   [15]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-  [436, 438]:UncommunicativeVariableName: OAuth2::Client#execute_request has the variable name 'e' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
-  [428]:UncommunicativeVariableName: OAuth2::Client#execute_request has the variable name 'k' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
-  [429]:UncommunicativeVariableName: OAuth2::Client#execute_request has the variable name 'p' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
+  [452, 454]:UncommunicativeVariableName: OAuth2::Client#execute_request has the variable name 'e' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
+  [444]:UncommunicativeVariableName: OAuth2::Client#execute_request has the variable name 'k' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
+  [445]:UncommunicativeVariableName: OAuth2::Client#execute_request has the variable name 'p' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
 lib/oauth2/error.rb -- 8 warnings:
   [35, 35, 37, 38]:DuplicateMethodCall: OAuth2::Error#error_message calls 'opts[:error_description]' 4 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
   [13, 14, 15]:DuplicateMethodCall: OAuth2::Error#initialize calls 'response.parsed' 3 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
@@ -86,17 +86,17 @@ lib/oauth2/filtered_attributes.rb -- 6 warnings:
   [17]:TooManyStatements: OAuth2::FilteredAttributes#inspect has approx 7 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
   [1]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
 lib/oauth2/response.rb -- 12 warnings:
-  [15]:Attribute: OAuth2::Response#options is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
-  [51]:BooleanParameter: OAuth2::Response#initialize has boolean parameter 'snaky' [https://github.com/troessner/reek/blob/v6.5.0/docs/Boolean-Parameter.md]
-  [25, 39, 133]:ClassVariable: OAuth2::Response declares the class variable '@@content_types' [https://github.com/troessner/reek/blob/v6.5.0/docs/Class-Variable.md]
-  [19, 37, 130, 133]:ClassVariable: OAuth2::Response declares the class variable '@@parsers' [https://github.com/troessner/reek/blob/v6.5.0/docs/Class-Variable.md]
-  [102, 104]:DuplicateMethodCall: OAuth2::Response#content_type calls 'response.headers' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [127, 128, 129, 130]:DuplicateMethodCall: OAuth2::Response#parser calls 'options[:parse]' 4 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [9]:InstanceVariableAssumption: OAuth2::Response assumes too much for instance variable '@parsed' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
-  [9]:InstanceVariableAssumption: OAuth2::Response assumes too much for instance variable '@parser' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
-  [82]:ManualDispatch: OAuth2::Response#parsed manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md]
-  [127]:ManualDispatch: OAuth2::Response#parser manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md]
-  [78]:TooManyStatements: OAuth2::Response#parsed has approx 6 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
+  [26]:Attribute: OAuth2::Response#options is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
+  [72]:BooleanParameter: OAuth2::Response#initialize has boolean parameter 'snaky' [https://github.com/troessner/reek/blob/v6.5.0/docs/Boolean-Parameter.md]
+  [41, 57, 162]:ClassVariable: OAuth2::Response declares the class variable '@@content_types' [https://github.com/troessner/reek/blob/v6.5.0/docs/Class-Variable.md]
+  [32, 55, 159, 162]:ClassVariable: OAuth2::Response declares the class variable '@@parsers' [https://github.com/troessner/reek/blob/v6.5.0/docs/Class-Variable.md]
+  [133, 135]:DuplicateMethodCall: OAuth2::Response#content_type calls 'response.headers' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
+  [156, 157, 158, 159]:DuplicateMethodCall: OAuth2::Response#parser calls 'options[:parse]' 4 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
+  [12]:InstanceVariableAssumption: OAuth2::Response assumes too much for instance variable '@parsed' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
+  [12]:InstanceVariableAssumption: OAuth2::Response assumes too much for instance variable '@parser' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
+  [110]:ManualDispatch: OAuth2::Response#parsed manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md]
+  [156]:ManualDispatch: OAuth2::Response#parser manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md]
+  [106]:TooManyStatements: OAuth2::Response#parsed has approx 7 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
   [7]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
 lib/oauth2/strategy/assertion.rb -- 5 warnings:
   [96, 96, 98, 98]:FeatureEnvy: OAuth2::Strategy::Assertion#build_assertion refers to 'encoding_opts' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
diff --git a/doc/OAuth2.html b/doc/OAuth2.html
index 231e2600..0c3e3f79 100644
--- a/doc/OAuth2.html
+++ b/doc/OAuth2.html
@@ -326,7 +326,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html
index e6223ec0..765bbf46 100644
--- a/doc/OAuth2/AccessToken.html
+++ b/doc/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html
index e683a3e8..0844d158 100644
--- a/doc/OAuth2/Authenticator.html
+++ b/doc/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html
index f974f54b..1384c1da 100644
--- a/doc/OAuth2/Client.html
+++ b/doc/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html
index 289959ee..30225de2 100644
--- a/doc/OAuth2/Error.html
+++ b/doc/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html
index 85b36890..532f77d5 100644
--- a/doc/OAuth2/FilteredAttributes.html
+++ b/doc/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html
index 6c4e8bec..e9e8ec40 100644
--- a/doc/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html
index 0ffa2f5b..0aa63bc8 100644
--- a/doc/OAuth2/Response.html
+++ b/doc/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html
index d61b7bcb..400b5280 100644
--- a/doc/OAuth2/Strategy.html
+++ b/doc/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html
index 3ac40621..f8f59d2e 100644
--- a/doc/OAuth2/Strategy/Assertion.html
+++ b/doc/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html
index fb49bfbc..256d88ed 100644
--- a/doc/OAuth2/Strategy/AuthCode.html
+++ b/doc/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html
index a7074b1d..e45898e4 100644
--- a/doc/OAuth2/Strategy/Base.html
+++ b/doc/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html
index 08598953..73b0663f 100644
--- a/doc/OAuth2/Strategy/ClientCredentials.html
+++ b/doc/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html
index bf3f1bf1..42f01a78 100644
--- a/doc/OAuth2/Strategy/Implicit.html
+++ b/doc/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html
index e94e7834..78c93172 100644
--- a/doc/OAuth2/Strategy/Password.html
+++ b/doc/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html
index 290774e2..92d084b0 100644
--- a/doc/OAuth2/Version.html
+++ b/doc/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/doc/_index.html b/doc/_index.html
index 4b4c95fd..419587ff 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -300,7 +300,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html
index ad9e1dca..db9bb0d5 100644
--- a/doc/file.CHANGELOG.html
+++ b/doc/file.CHANGELOG.html
@@ -81,6 +81,8 @@ 
        
   
      38. 80.00% documented
     
        Added
        
   
        39. 
+  
      39. 
+gh651 - :snaky_hash_klass option (@pboling)
        40. 
   
      40. More documentation
        41. 
   
      41. Codeberg as ethical mirror (@pboling)
     
          
@@ -96,10 +98,17 @@ 
          Added
          
     
        
   
        42. 
   
      42. 
-!649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
-    
        Changed
        
+!649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
        43. 
+  
      43. 
+gh651 - Mock OAuth2 server for testing (@pboling)
+    
          
+      
        • https://github.com/navikt/mock-oauth2-server
+        
          Changed
          
+      
          • 
+    
        
   
        44. 
-  
      44. Upgraded to snaky_hash v2.0.2 (@pboling)
+  
      45. 
+gh651 - Upgraded to snaky_hash v2.0.3 (@pboling)
     
          
       
        • Provides solution for serialization issues
          • 
     
        
@@ -792,7 +801,7 @@ 
        
 
 
       
diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html
index b76458d9..42f141f7 100644
--- a/doc/file.CODE_OF_CONDUCT.html
+++ b/doc/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
        Attribution
        
 
 
       
diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html
index c83a668f..86e56a75 100644
--- a/doc/file.CONTRIBUTING.html
+++ b/doc/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
        To release a new version:
        
 
 
       
diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html
index 534443ce..dd0b38aa 100644
--- a/doc/file.LICENSE.html
+++ b/doc/file.LICENSE.html
@@ -60,7 +60,7 @@
       
        MIT License

        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
        Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:

        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.

        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
 
       
diff --git a/doc/file.README.html b/doc/file.README.html
index f0093683..67868294 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -969,7 +969,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html
index db919210..e66d5b80 100644
--- a/doc/file.SECURITY.html
+++ b/doc/file.SECURITY.html
@@ -110,7 +110,7 @@ 
        OAuth2 for Enterprise
        
 
 
       
diff --git a/doc/index.html b/doc/index.html
index 00058e1f..79a2d6a0 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -969,7 +969,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index ea52016c..38f05b28 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb
index ce6c27de..68112a42 100644
--- a/spec/oauth2/response_spec.rb
+++ b/spec/oauth2/response_spec.rb
@@ -557,13 +557,21 @@ def transform_keys
       # Act on the entire hash as it is prepared for dumping to JSON
       klass.dump_hash_extensions.add(:to_cheese) do |value|
         if value.is_a?(Hash)
-          value.transform_keys do |key|
+          # TODO: Drop this hack when dropping support for Ruby 2.6
+          ref = value.transform_keys do |key|
             # This is an example tailored to this specific test!
             # It is not a generalized solution for anything!
             split = key.split("_")
             first_word = split[0]
             key.sub(first_word, "cheese")
           end
+          # TODO: Drop this hack when dropping support for Ruby <= 2.4
+          if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new("2.4.2")
+            ref
+          else
+            puts
+            klass[ref]
+          end
         else
           value
         end
@@ -572,12 +580,24 @@ def transform_keys
       # Act on the entire hash as it is loaded from the JSON dump
       klass.load_hash_extensions.add(:to_pizza) do |value|
         if value.is_a?(Hash)
-          value.transform_keys do |key|
-            # This is an example tailored to this specific test!
-            # It is not a generalized solution for anything!
-            split = key.split("_")
-            last_word = split[-1]
-            key.sub(last_word, "pizza")
+          # TODO: Drop this hack when dropping support for Ruby <= 2.4
+          if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new("2.4.2")
+            value.transform_keys do |key|
+              # This is an example tailored to this specific test!
+              # It is not a generalized solution for anything!
+              split = key.split("_")
+              last_word = split[-1]
+              key.sub(last_word, "pizza")
+            end
+          else
+            res = klass.new
+            value.keys.each_with_object(res) do |key, result|
+              split = key.split("_")
+              last_word = split[-1]
+              new_key = key.sub(last_word, "pizza")
+              result[new_key] = value[key]
+            end
+            res
           end
         else
           value
@@ -615,6 +635,7 @@ def transform_keys
         response = described_class.new(@response, parse: :automatic, snaky: true, snaky_hash_klass: custom_hash_class)
         expect(response.parsed).to be_a(custom_hash_class)
         expect(response.parsed.class.dump_hash_extensions.has?(:to_cheese)).to be(true)
+        puts "response.parsed: #{response.parsed.inspect} (#{response.parsed})"
         dump = custom_hash_class.dump(response.parsed)
         expect(dump).to eq("{\"cheese_b_c_d_e_f_g_h\":\"i-j_k-l_m-n_o-P_Q-R\",\"cheese\":[1,2,3]}")
       end

From 07efc2b925d2208de591590f321bafff83d82b4e Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 23 May 2025 12:06:02 +0700
Subject: [PATCH 422/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=20v2.0?=
 =?UTF-8?q?.11?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Gemfile.lock                                    | 2 +-
 doc/OAuth2.html                                 | 2 +-
 doc/OAuth2/AccessToken.html                     | 2 +-
 doc/OAuth2/Authenticator.html                   | 2 +-
 doc/OAuth2/Client.html                          | 2 +-
 doc/OAuth2/Error.html                           | 2 +-
 doc/OAuth2/FilteredAttributes.html              | 2 +-
 doc/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 doc/OAuth2/Response.html                        | 2 +-
 doc/OAuth2/Strategy.html                        | 2 +-
 doc/OAuth2/Strategy/Assertion.html              | 2 +-
 doc/OAuth2/Strategy/AuthCode.html               | 2 +-
 doc/OAuth2/Strategy/Base.html                   | 2 +-
 doc/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 doc/OAuth2/Strategy/Implicit.html               | 2 +-
 doc/OAuth2/Strategy/Password.html               | 2 +-
 doc/OAuth2/Version.html                         | 4 ++--
 doc/_index.html                                 | 2 +-
 doc/file.CHANGELOG.html                         | 2 +-
 doc/file.CODE_OF_CONDUCT.html                   | 2 +-
 doc/file.CONTRIBUTING.html                      | 2 +-
 doc/file.LICENSE.html                           | 2 +-
 doc/file.README.html                            | 2 +-
 doc/file.SECURITY.html                          | 2 +-
 doc/index.html                                  | 2 +-
 doc/top-level-namespace.html                    | 2 +-
 lib/oauth2/version.rb                           | 2 +-
 27 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 9ee95ce6..97ec5ac4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -23,7 +23,7 @@ GIT
 PATH
   remote: .
   specs:
-    oauth2 (2.0.10)
+    oauth2 (2.0.11)
       faraday (>= 0.17.3, < 4.0)
       jwt (>= 1.0, < 4.0)
       logger (~> 1.2)
diff --git a/doc/OAuth2.html b/doc/OAuth2.html
index 0c3e3f79..322a2374 100644
--- a/doc/OAuth2.html
+++ b/doc/OAuth2.html
@@ -326,7 +326,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html
index 765bbf46..330192f2 100644
--- a/doc/OAuth2/AccessToken.html
+++ b/doc/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html
index 0844d158..65220ce2 100644
--- a/doc/OAuth2/Authenticator.html
+++ b/doc/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html
index 1384c1da..168d06bb 100644
--- a/doc/OAuth2/Client.html
+++ b/doc/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html
index 30225de2..25969726 100644
--- a/doc/OAuth2/Error.html
+++ b/doc/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html
index 532f77d5..a1091784 100644
--- a/doc/OAuth2/FilteredAttributes.html
+++ b/doc/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html
index e9e8ec40..103e2ee2 100644
--- a/doc/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html
index 0aa63bc8..3c037338 100644
--- a/doc/OAuth2/Response.html
+++ b/doc/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html
index 400b5280..89c18b0c 100644
--- a/doc/OAuth2/Strategy.html
+++ b/doc/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html
index f8f59d2e..92fb4706 100644
--- a/doc/OAuth2/Strategy/Assertion.html
+++ b/doc/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html
index 256d88ed..6ee779cb 100644
--- a/doc/OAuth2/Strategy/AuthCode.html
+++ b/doc/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html
index e45898e4..0a6f58ec 100644
--- a/doc/OAuth2/Strategy/Base.html
+++ b/doc/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html
index 73b0663f..4f30bca4 100644
--- a/doc/OAuth2/Strategy/ClientCredentials.html
+++ b/doc/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html
index 42f01a78..6d9cd21a 100644
--- a/doc/OAuth2/Strategy/Implicit.html
+++ b/doc/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html
index 78c93172..37d2d38a 100644
--- a/doc/OAuth2/Strategy/Password.html
+++ b/doc/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html
index 92d084b0..c6cfe405 100644
--- a/doc/OAuth2/Version.html
+++ b/doc/OAuth2/Version.html
@@ -95,7 +95,7 @@ 
        
         
        VERSION =
           
         
        
-        
        "2.0.10"
        
+        
        "2.0.11"
        
       
     
   
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/doc/_index.html b/doc/_index.html
index 419587ff..403b6253 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -300,7 +300,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html
index db9bb0d5..a0c87c0d 100644
--- a/doc/file.CHANGELOG.html
+++ b/doc/file.CHANGELOG.html
@@ -801,7 +801,7 @@ 
        
 
 
       
diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html
index 42f141f7..e6db8c07 100644
--- a/doc/file.CODE_OF_CONDUCT.html
+++ b/doc/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
        Attribution
        
 
 
       
diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html
index 86e56a75..b8a09a3f 100644
--- a/doc/file.CONTRIBUTING.html
+++ b/doc/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
        To release a new version:
        
 
 
       
diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html
index dd0b38aa..dbe4983f 100644
--- a/doc/file.LICENSE.html
+++ b/doc/file.LICENSE.html
@@ -60,7 +60,7 @@
       
        MIT License

        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
        Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:

        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.

        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
 
       
diff --git a/doc/file.README.html b/doc/file.README.html
index 67868294..2354948e 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -969,7 +969,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html
index e66d5b80..53052274 100644
--- a/doc/file.SECURITY.html
+++ b/doc/file.SECURITY.html
@@ -110,7 +110,7 @@ 
        OAuth2 for Enterprise
        
 
 
       
diff --git a/doc/index.html b/doc/index.html
index 79a2d6a0..c4f78d7e 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -969,7 +969,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index 38f05b28..6aa75086 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb
index 42e2e99c..14e7ed0f 100644
--- a/lib/oauth2/version.rb
+++ b/lib/oauth2/version.rb
@@ -2,6 +2,6 @@
 
 module OAuth2
   module Version
-    VERSION = "2.0.10"
+    VERSION = "2.0.11"
   end
 end

From a928e7cfed65750895ba1bddfbd2343f8788cff4 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 23 May 2025 12:12:22 +0700
Subject: [PATCH 423/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Release=20date?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                       | 4 ++--
 doc/OAuth2.html                                 | 2 +-
 doc/OAuth2/AccessToken.html                     | 2 +-
 doc/OAuth2/Authenticator.html                   | 2 +-
 doc/OAuth2/Client.html                          | 2 +-
 doc/OAuth2/Error.html                           | 2 +-
 doc/OAuth2/FilteredAttributes.html              | 2 +-
 doc/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 doc/OAuth2/Response.html                        | 2 +-
 doc/OAuth2/Strategy.html                        | 2 +-
 doc/OAuth2/Strategy/Assertion.html              | 2 +-
 doc/OAuth2/Strategy/AuthCode.html               | 2 +-
 doc/OAuth2/Strategy/Base.html                   | 2 +-
 doc/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 doc/OAuth2/Strategy/Implicit.html               | 2 +-
 doc/OAuth2/Strategy/Password.html               | 2 +-
 doc/OAuth2/Version.html                         | 2 +-
 doc/_index.html                                 | 2 +-
 doc/file.CHANGELOG.html                         | 2 +-
 doc/file.CODE_OF_CONDUCT.html                   | 2 +-
 doc/file.CONTRIBUTING.html                      | 2 +-
 doc/file.LICENSE.html                           | 2 +-
 doc/file.README.html                            | 4 ++--
 doc/file.SECURITY.html                          | 2 +-
 doc/index.html                                  | 4 ++--
 doc/top-level-namespace.html                    | 2 +-
 26 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/README.md b/README.md
index 31f61ded..4f5be9a8 100644
--- a/README.md
+++ b/README.md
@@ -164,7 +164,7 @@ One of these might be what you are looking for:
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
-| 2.0.11  | 2025-05-21    | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.10 README][2.0.11-readme] |
+| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.10 README][2.0.11-readme] |
 | 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
 | 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
 | 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
@@ -178,7 +178,7 @@ One of these might be what you are looking for:
 | 2.0.0   | 2022-06-21   | [v2.0.0 CHANGELOG][2.0.0-changelog]   | [v2.0.0 README][2.0.0-readme]   |
 
 
-[2.0.11-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2011---2025-05-21
+[2.0.11-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2011---2025-05-23
 [2.0.10-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2010---2025-05-17
 [2.0.9-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#209---2022-09-16
 [2.0.8-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#208---2022-09-01
diff --git a/doc/OAuth2.html b/doc/OAuth2.html
index 322a2374..a9a71724 100644
--- a/doc/OAuth2.html
+++ b/doc/OAuth2.html
@@ -326,7 +326,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/AccessToken.html b/doc/OAuth2/AccessToken.html
index 330192f2..07a3f41e 100644
--- a/doc/OAuth2/AccessToken.html
+++ b/doc/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Authenticator.html b/doc/OAuth2/Authenticator.html
index 65220ce2..ba736d22 100644
--- a/doc/OAuth2/Authenticator.html
+++ b/doc/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Client.html b/doc/OAuth2/Client.html
index 168d06bb..61320a02 100644
--- a/doc/OAuth2/Client.html
+++ b/doc/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Error.html b/doc/OAuth2/Error.html
index 25969726..bf0047d5 100644
--- a/doc/OAuth2/Error.html
+++ b/doc/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes.html b/doc/OAuth2/FilteredAttributes.html
index a1091784..a54fe51a 100644
--- a/doc/OAuth2/FilteredAttributes.html
+++ b/doc/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/doc/OAuth2/FilteredAttributes/ClassMethods.html
index 103e2ee2..8d85657b 100644
--- a/doc/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/doc/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Response.html b/doc/OAuth2/Response.html
index 3c037338..8983513f 100644
--- a/doc/OAuth2/Response.html
+++ b/doc/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html
index 89c18b0c..b0554952 100644
--- a/doc/OAuth2/Strategy.html
+++ b/doc/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html
index 92fb4706..0af4aa5d 100644
--- a/doc/OAuth2/Strategy/Assertion.html
+++ b/doc/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html
index 6ee779cb..cec41ec5 100644
--- a/doc/OAuth2/Strategy/AuthCode.html
+++ b/doc/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html
index 0a6f58ec..cdf63a5f 100644
--- a/doc/OAuth2/Strategy/Base.html
+++ b/doc/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html
index 4f30bca4..81c060b6 100644
--- a/doc/OAuth2/Strategy/ClientCredentials.html
+++ b/doc/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html
index 6d9cd21a..fbb9f966 100644
--- a/doc/OAuth2/Strategy/Implicit.html
+++ b/doc/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html
index 37d2d38a..93970993 100644
--- a/doc/OAuth2/Strategy/Password.html
+++ b/doc/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html
index c6cfe405..31a2e787 100644
--- a/doc/OAuth2/Version.html
+++ b/doc/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/doc/_index.html b/doc/_index.html
index 403b6253..ceac4900 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -300,7 +300,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html
index a0c87c0d..cdcd9f4c 100644
--- a/doc/file.CHANGELOG.html
+++ b/doc/file.CHANGELOG.html
@@ -801,7 +801,7 @@ 
        
 
 
       
diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html
index e6db8c07..965bf868 100644
--- a/doc/file.CODE_OF_CONDUCT.html
+++ b/doc/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
        Attribution
        
 
 
       
diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html
index b8a09a3f..4212f771 100644
--- a/doc/file.CONTRIBUTING.html
+++ b/doc/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
        To release a new version:
        
 
 
       
diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html
index dbe4983f..9343dc3e 100644
--- a/doc/file.LICENSE.html
+++ b/doc/file.LICENSE.html
@@ -60,7 +60,7 @@
       
        MIT License

        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
        Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:

        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.

        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
 
       
diff --git a/doc/file.README.html b/doc/file.README.html
index 2354948e..1ef41713 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -387,7 +387,7 @@ 
        Version 2.0.x
        
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
-| 2.0.11  | 2025-05-21    | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.10 README][2.0.11-readme] |
+| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.10 README][2.0.11-readme] |
 | 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
 | 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
 | 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
@@ -969,7 +969,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html
index 53052274..f1db0b7d 100644
--- a/doc/file.SECURITY.html
+++ b/doc/file.SECURITY.html
@@ -110,7 +110,7 @@ 
        OAuth2 for Enterprise
        
 
 
       
diff --git a/doc/index.html b/doc/index.html
index c4f78d7e..0dea9a3b 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -387,7 +387,7 @@ 
        Version 2.0.x
        
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
-| 2.0.11  | 2025-05-21    | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.10 README][2.0.11-readme] |
+| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.10 README][2.0.11-readme] |
 | 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
 | 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
 | 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
@@ -969,7 +969,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index 6aa75086..97c2bb7d 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
 
 
       

From 5def4b9892200bd23b2476c8cfe03935babf6499 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 23 May 2025 12:18:00 +0700
Subject: [PATCH 424/645] =?UTF-8?q?=F0=9F=94=A8=20binstubs=20+x?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bin/appraisal         | 0
 bin/bundle-audit      | 0
 bin/bundler-audit     | 0
 bin/code_climate_reek | 0
 bin/coderay           | 0
 bin/gem_checksums     | 0
 bin/github-markup     | 0
 bin/htmldiff          | 0
 bin/irb               | 0
 bin/ldiff             | 0
 bin/racc              | 0
 bin/rdbg              | 0
 bin/rdoc              | 0
 bin/redcarpet         | 0
 bin/reek              | 0
 bin/ri                | 0
 bin/rubocop-gradual   | 0
 bin/ruby-parse        | 0
 bin/ruby-rewrite      | 0
 bin/standardrb        | 0
 bin/thor              | 0
 bin/yard              | 0
 bin/yard-junk         | 0
 bin/yardoc            | 0
 bin/yri               | 0
 25 files changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 bin/appraisal
 mode change 100644 => 100755 bin/bundle-audit
 mode change 100644 => 100755 bin/bundler-audit
 mode change 100644 => 100755 bin/code_climate_reek
 mode change 100644 => 100755 bin/coderay
 mode change 100644 => 100755 bin/gem_checksums
 mode change 100644 => 100755 bin/github-markup
 mode change 100644 => 100755 bin/htmldiff
 mode change 100644 => 100755 bin/irb
 mode change 100644 => 100755 bin/ldiff
 mode change 100644 => 100755 bin/racc
 mode change 100644 => 100755 bin/rdbg
 mode change 100644 => 100755 bin/rdoc
 mode change 100644 => 100755 bin/redcarpet
 mode change 100644 => 100755 bin/reek
 mode change 100644 => 100755 bin/ri
 mode change 100644 => 100755 bin/rubocop-gradual
 mode change 100644 => 100755 bin/ruby-parse
 mode change 100644 => 100755 bin/ruby-rewrite
 mode change 100644 => 100755 bin/standardrb
 mode change 100644 => 100755 bin/thor
 mode change 100644 => 100755 bin/yard
 mode change 100644 => 100755 bin/yard-junk
 mode change 100644 => 100755 bin/yardoc
 mode change 100644 => 100755 bin/yri

diff --git a/bin/appraisal b/bin/appraisal
old mode 100644
new mode 100755
diff --git a/bin/bundle-audit b/bin/bundle-audit
old mode 100644
new mode 100755
diff --git a/bin/bundler-audit b/bin/bundler-audit
old mode 100644
new mode 100755
diff --git a/bin/code_climate_reek b/bin/code_climate_reek
old mode 100644
new mode 100755
diff --git a/bin/coderay b/bin/coderay
old mode 100644
new mode 100755
diff --git a/bin/gem_checksums b/bin/gem_checksums
old mode 100644
new mode 100755
diff --git a/bin/github-markup b/bin/github-markup
old mode 100644
new mode 100755
diff --git a/bin/htmldiff b/bin/htmldiff
old mode 100644
new mode 100755
diff --git a/bin/irb b/bin/irb
old mode 100644
new mode 100755
diff --git a/bin/ldiff b/bin/ldiff
old mode 100644
new mode 100755
diff --git a/bin/racc b/bin/racc
old mode 100644
new mode 100755
diff --git a/bin/rdbg b/bin/rdbg
old mode 100644
new mode 100755
diff --git a/bin/rdoc b/bin/rdoc
old mode 100644
new mode 100755
diff --git a/bin/redcarpet b/bin/redcarpet
old mode 100644
new mode 100755
diff --git a/bin/reek b/bin/reek
old mode 100644
new mode 100755
diff --git a/bin/ri b/bin/ri
old mode 100644
new mode 100755
diff --git a/bin/rubocop-gradual b/bin/rubocop-gradual
old mode 100644
new mode 100755
diff --git a/bin/ruby-parse b/bin/ruby-parse
old mode 100644
new mode 100755
diff --git a/bin/ruby-rewrite b/bin/ruby-rewrite
old mode 100644
new mode 100755
diff --git a/bin/standardrb b/bin/standardrb
old mode 100644
new mode 100755
diff --git a/bin/thor b/bin/thor
old mode 100644
new mode 100755
diff --git a/bin/yard b/bin/yard
old mode 100644
new mode 100755
diff --git a/bin/yard-junk b/bin/yard-junk
old mode 100644
new mode 100755
diff --git a/bin/yardoc b/bin/yardoc
old mode 100644
new mode 100755
diff --git a/bin/yri b/bin/yri
old mode 100644
new mode 100755

From 2dba5144429b3eec6e117fd12f7f3eed3f911b09 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 23 May 2025 12:19:09 +0700
Subject: [PATCH 425/645] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20Checksums=20for?=
 =?UTF-8?q?=20v2.0.11?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 checksums/oauth2-2.0.11.gem.sha256 | 1 +
 checksums/oauth2-2.0.11.gem.sha512 | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 checksums/oauth2-2.0.11.gem.sha256
 create mode 100644 checksums/oauth2-2.0.11.gem.sha512

diff --git a/checksums/oauth2-2.0.11.gem.sha256 b/checksums/oauth2-2.0.11.gem.sha256
new file mode 100644
index 00000000..3c55aeeb
--- /dev/null
+++ b/checksums/oauth2-2.0.11.gem.sha256
@@ -0,0 +1 @@
+29e0505c2a39bc78dfb655dbf85a826b4408e55e7c3d02ce07b3dfd9b40da16c
\ No newline at end of file
diff --git a/checksums/oauth2-2.0.11.gem.sha512 b/checksums/oauth2-2.0.11.gem.sha512
new file mode 100644
index 00000000..04fb46aa
--- /dev/null
+++ b/checksums/oauth2-2.0.11.gem.sha512
@@ -0,0 +1 @@
+048743f9efd89460231738885c9c0de7b36433055eefc66331b91eee343885cd9145bbac239c6121d13b716633fb8385fa886ce854bf14142f9894e6c8f19ba2
\ No newline at end of file

From a5de787323107c945a6bd156c0eb1e4c6364c3cf Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 24 May 2025 08:19:43 +0700
Subject: [PATCH 426/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typos?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 4f5be9a8..13cb3ed3 100644
--- a/README.md
+++ b/README.md
@@ -50,8 +50,8 @@ covering the latest patch for each of the following minor versions:
 * JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
 * TruffleRuby @ v23.1, v23.2, HEAD
 * gem `faraday` @ v0, v1, v2, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
-* gem `jwt` @ v1, v2, v3, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
-* gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt)
+* gem `jwt` @ v1, v2, v3, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt)
+* gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [ruby/logger](https://github.com/ruby/logger)
 * gem `multi_xml` @ v0.5, v0.6, v0.7, HEAD ⏩️ [sferik/multi_xml](https://github.com/sferik/multi_xml)
 * gem `rack` @ v1.2, v1.6, v2, v3, HEAD ⏩️ [rack/rack](https://github.com/rack/rack)
 * gem `snaky_hash` @v2, HEAD ⏩️ [oauth-xx/snaky_hash](https://gitlab.com/oauth-xx/snaky_hash)

From a713d4a81c5501f5fc9410e6530542e8d1377a4b Mon Sep 17 00:00:00 2001
From: Mridang Agarwalla 
Date: Tue, 27 May 2025 13:00:07 +0300
Subject: [PATCH 427/645] feat: Add Key ID (kid) support to JWT assertions

Adds support for the 'kid' (Key ID) header parameter in JWT assertions,
allowing clients to specify the key identifier used for signing. This
improves key management and verification in systems consuming JWTs.

Updates `OAuth2::Strategy::Assertion#build_assertion` to accept
`kid` in `encoding_opts` and include it in the JWT header.
Also adds a test case to verify the functionality.
---
 lib/oauth2/strategy/assertion.rb       |  6 +++++-
 spec/oauth2/strategy/assertion_spec.rb | 18 ++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/lib/oauth2/strategy/assertion.rb b/lib/oauth2/strategy/assertion.rb
index 800a4a78..5449932e 100644
--- a/lib/oauth2/strategy/assertion.rb
+++ b/lib/oauth2/strategy/assertion.rb
@@ -95,8 +95,12 @@ def build_request(assertion, request_opts = {})
       def build_assertion(claims, encoding_opts)
         raise ArgumentError.new(message: "Please provide an encoding_opts hash with :algorithm and :key") if !encoding_opts.is_a?(Hash) || (%i[algorithm key] - encoding_opts.keys).any?
 
-        JWT.encode(claims, encoding_opts[:key], encoding_opts[:algorithm])
+        headers = {}
+        headers[:kid] = encoding_opts[:kid] if encoding_opts.key?(:kid)
+
+        JWT.encode(claims, encoding_opts[:key], encoding_opts[:algorithm], headers)
       end
+
     end
   end
 end
diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb
index 38a35dd0..d8d3af46 100644
--- a/spec/oauth2/strategy/assertion_spec.rb
+++ b/spec/oauth2/strategy/assertion_spec.rb
@@ -164,6 +164,24 @@
             expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(ArgumentError, /encoding_opts/)
           end
         end
+
+        context "when including a Key ID (kid)" do
+          let(:algorithm) { "HS256" }
+          let(:key) { "new_secret_key" }
+          let(:kid) { "my_super_secure_key_id_123" }
+
+          before do
+            client_assertion.get_token(claims, algorithm: algorithm, key: key, kid: kid)
+            raise "No request made!" if @request_body.nil?
+          end
+
+          it_behaves_like "encodes the JWT"
+
+          it "includes the kid in the JWT header" do
+            expect(header).not_to be_nil
+            expect(header["kid"]).to eq(kid)
+          end
+        end
       end
     end
 

From e0732768a59c6a3eeaa129f0e4f2b560baa7edec Mon Sep 17 00:00:00 2001
From: Mridang Agarwalla 
Date: Tue, 27 May 2025 13:04:19 +0300
Subject: [PATCH 428/645] refactor(assertion): Remove empty line in
 build_assertion

Removes an unnecessary empty line within the `build_assertion` method for
improved code style and consistency.
---
 lib/oauth2/strategy/assertion.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/oauth2/strategy/assertion.rb b/lib/oauth2/strategy/assertion.rb
index 5449932e..6396fd6d 100644
--- a/lib/oauth2/strategy/assertion.rb
+++ b/lib/oauth2/strategy/assertion.rb
@@ -100,7 +100,6 @@ def build_assertion(claims, encoding_opts)
 
         JWT.encode(claims, encoding_opts[:key], encoding_opts[:algorithm], headers)
       end
-
     end
   end
 end

From 5f4251e074fd9947a17e578ec416b1bbef8be3fa Mon Sep 17 00:00:00 2001
From: Mridang Agarwalla 
Date: Tue, 27 May 2025 13:08:45 +0300
Subject: [PATCH 429/645] chore(rubocop): Update gradual lock file

Updates `.rubocop_gradual.lock` due to changes in `spec/oauth2/strategy/assertion_spec.rb`.
This reflects the introduction of the new `kid` test context.
---
 .rubocop_gradual.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index eaf00efa..d22e4a36 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -68,7 +68,7 @@
   "spec/oauth2/response_spec.rb:2248532534": [
     [3, 1, 31, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/response*_spec.rb`.", 3190869319]
   ],
-  "spec/oauth2/strategy/assertion_spec.rb:793170256": [
+  "spec/oauth2/strategy/assertion_spec.rb:3524328522": [
     [6, 1, 42, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/assertion*_spec.rb`.", 3665690869]
   ],
   "spec/oauth2/strategy/auth_code_spec.rb:142083698": [

From fdbce3d3021c37174e48a04cbec4049e1c2fcdf0 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 29 May 2025 22:34:00 +0700
Subject: [PATCH 430/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typos?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 13cb3ed3..162c5f1d 100644
--- a/README.md
+++ b/README.md
@@ -54,8 +54,8 @@ covering the latest patch for each of the following minor versions:
 * gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [ruby/logger](https://github.com/ruby/logger)
 * gem `multi_xml` @ v0.5, v0.6, v0.7, HEAD ⏩️ [sferik/multi_xml](https://github.com/sferik/multi_xml)
 * gem `rack` @ v1.2, v1.6, v2, v3, HEAD ⏩️ [rack/rack](https://github.com/rack/rack)
-* gem `snaky_hash` @v2, HEAD ⏩️ [oauth-xx/snaky_hash](https://gitlab.com/oauth-xx/snaky_hash)
-* gem `version_gem` - @v1, HEAD ⏩️ [oauth-xx/version_gem](https://gitlab.com/oauth-xx/version_gem)
+* gem `snaky_hash` @ v2, HEAD ⏩️ [oauth-xx/snaky_hash](https://gitlab.com/oauth-xx/snaky_hash)
+* gem `version_gem` @ v1, HEAD ⏩️ [oauth-xx/version_gem](https://gitlab.com/oauth-xx/version_gem)
 
 The last two were extracted from this gem. They are part of the `oauth-xx` org,
 and are developed in tight collaboration with this gem.

From 02989c334cb454483845c8beb6ac1db89e7a6852 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 29 May 2025 22:39:25 +0700
Subject: [PATCH 431/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typos?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 162c5f1d..09d4e1b9 100644
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@ covering the latest patch for each of the following minor versions:
 * MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
   * NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
 * JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
-* TruffleRuby @ v23.1, v23.2, HEAD
+* TruffleRuby @ v23.1, v23.2, v24.1, HEAD
 * gem `faraday` @ v0, v1, v2, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
 * gem `jwt` @ v1, v2, v3, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt)
 * gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [ruby/logger](https://github.com/ruby/logger)

From c29bbb20802b9628bef3fa7106a8c6a91bf8f046 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 29 May 2025 22:57:14 +0700
Subject: [PATCH 432/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typos?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 09d4e1b9..0e7f7a6e 100644
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@ covering the latest patch for each of the following minor versions:
 * MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
   * NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
 * JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
-* TruffleRuby @ v23.1, v23.2, v24.1, HEAD
+* TruffleRuby @ v23.1, v24.1, HEAD
 * gem `faraday` @ v0, v1, v2, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
 * gem `jwt` @ v1, v2, v3, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt)
 * gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [ruby/logger](https://github.com/ruby/logger)

From ca7b13bbf4957351d33c4c7a12b564b9ef5ad12d Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 29 May 2025 23:08:24 +0700
Subject: [PATCH 433/645] =?UTF-8?q?=F0=9F=93=9D=20Organize=20documentation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 0e7f7a6e..5641660e 100644
--- a/README.md
+++ b/README.md
@@ -612,10 +612,6 @@ access = client.auth_code.get_token("code_value", redirect_uri: "http://localhos
 You can always use the `#request` method on the `OAuth2::Client` instance to make
 requests for tokens for any Authentication grant type.
 
-### 🚀 Release Instructions
-
-See [CONTRIBUTING.md][🤝contributing].
-
 ## 🔐 Security
 
 See [SECURITY.md][🔐security].
@@ -630,6 +626,10 @@ We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you m
 
 See [CONTRIBUTING.md][🤝contributing] for more detailed instructions.
 
+### 🚀 Release Instructions
+
+See [CONTRIBUTING.md][🤝contributing].
+
 ### Code Coverage
 
 [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]

From 2a2b17d033f860f533cfd6cc8c7a1d2c2fe2dd74 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 30 May 2025 01:23:11 +0700
Subject: [PATCH 434/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20docs=20site?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 doc/OAuth2.html               |  2 +-
 doc/_index.html               |  2 +-
 doc/file.CHANGELOG.html       |  2 +-
 doc/file.CODE_OF_CONDUCT.html |  2 +-
 doc/file.CONTRIBUTING.html    |  2 +-
 doc/file.LICENSE.html         |  2 +-
 doc/file.README.html          | 20 ++++++++++----------
 doc/file.SECURITY.html        |  2 +-
 doc/index.html                | 20 ++++++++++----------
 doc/top-level-namespace.html  |  2 +-
 10 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/doc/OAuth2.html b/doc/OAuth2.html
index a9a71724..946179c7 100644
--- a/doc/OAuth2.html
+++ b/doc/OAuth2.html
@@ -326,7 +326,7 @@ 
        
 
 
       
diff --git a/doc/_index.html b/doc/_index.html
index ceac4900..607b26a4 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -300,7 +300,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html
index cdcd9f4c..79d93313 100644
--- a/doc/file.CHANGELOG.html
+++ b/doc/file.CHANGELOG.html
@@ -801,7 +801,7 @@ 
        
 
 
       
diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html
index 965bf868..d4f2f05a 100644
--- a/doc/file.CODE_OF_CONDUCT.html
+++ b/doc/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
        Attribution
        
 
 
       
diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html
index 4212f771..75ae1661 100644
--- a/doc/file.CONTRIBUTING.html
+++ b/doc/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
        To release a new version:
        
 
 
       
diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html
index 9343dc3e..715e1493 100644
--- a/doc/file.LICENSE.html
+++ b/doc/file.LICENSE.html
@@ -60,7 +60,7 @@
       
        MIT License

        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
        Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:

        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.

        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
 
       
diff --git a/doc/file.README.html b/doc/file.README.html
index 1ef41713..2fd9b5cb 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -169,20 +169,20 @@ 
        Upgrading Runtime Gem Dependencies
   
        46. 
   
      46. JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
        47. 
-  
      47. TruffleRuby @ v23.1, v23.2, HEAD
        48. 
+  
      48. TruffleRuby @ v23.1, v24.1, HEAD
        49. 
   
      49. gem faraday @ v0, v1, v2, HEAD ⏩️ lostisland/faraday
 
        50. 
-  
      50. gem jwt @ v1, v2, v3, HEAD ⏩️ lostisland/faraday
+  
      51. gem jwt @ v1, v2, v3, HEAD ⏩️ jwt/ruby-jwt
 
        52. 
-  
      52. gem logger @ v1.2, v1.5, v1.7, HEAD ⏩️ jwt/ruby-jwt
+  
      53. gem logger @ v1.2, v1.5, v1.7, HEAD ⏩️ ruby/logger
 
        54. 
   
      54. gem multi_xml @ v0.5, v0.6, v0.7, HEAD ⏩️ sferik/multi_xml
 
        55. 
   
      55. gem rack @ v1.2, v1.6, v2, v3, HEAD ⏩️ rack/rack
 
        56. 
-  
      56. gem snaky_hash @v2, HEAD ⏩️ oauth-xx/snaky_hash
+  
      57. gem snaky_hash @ v2, HEAD ⏩️ oauth-xx/snaky_hash
 
        58. 
-  
      58. gem version_gem - @v1, HEAD ⏩️ oauth-xx/version_gem
+  
      59. gem version_gem @ v1, HEAD ⏩️ oauth-xx/version_gem
 
        60. 
 
 
@@ -824,10 +824,6 @@ 
        Authorization Grants
        
 
        You can always use the #request method on the OAuth2::Client instance to make
        
 requests for tokens for any Authentication grant type.
        
 
-
        🚀 Release Instructions
        
-
-
        See CONTRIBUTING.md.
        
-
 
        🔐 Security
        
 
 
        See SECURITY.md.
        
@@ -842,6 +838,10 @@ 
        🤝 Contributing
        
 
 
        See CONTRIBUTING.md for more detailed instructions.
        
 
+
        🚀 Release Instructions
        
+
+
        See CONTRIBUTING.md.
        
+
 
        Code Coverage
        
 
 
        Coveralls Test Coverage
        
@@ -969,7 +969,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/file.SECURITY.html b/doc/file.SECURITY.html
index f1db0b7d..bdf908e8 100644
--- a/doc/file.SECURITY.html
+++ b/doc/file.SECURITY.html
@@ -110,7 +110,7 @@ 
        OAuth2 for Enterprise
        
 
 
       
diff --git a/doc/index.html b/doc/index.html
index 0dea9a3b..98be1ed3 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -169,20 +169,20 @@ 
        Upgrading Runtime Gem Dependencies
   
   
      60. JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
        61. 
-  
      61. TruffleRuby @ v23.1, v23.2, HEAD
        62. 
+  
      62. TruffleRuby @ v23.1, v24.1, HEAD
        63. 
   
      63. gem faraday @ v0, v1, v2, HEAD ⏩️ lostisland/faraday
 
        64. 
-  
      64. gem jwt @ v1, v2, v3, HEAD ⏩️ lostisland/faraday
+  
      65. gem jwt @ v1, v2, v3, HEAD ⏩️ jwt/ruby-jwt
 
        66. 
-  
      66. gem logger @ v1.2, v1.5, v1.7, HEAD ⏩️ jwt/ruby-jwt
+  
      67. gem logger @ v1.2, v1.5, v1.7, HEAD ⏩️ ruby/logger
 
        68. 
   
      68. gem multi_xml @ v0.5, v0.6, v0.7, HEAD ⏩️ sferik/multi_xml
 
        69. 
   
      69. gem rack @ v1.2, v1.6, v2, v3, HEAD ⏩️ rack/rack
 
        70. 
-  
      70. gem snaky_hash @v2, HEAD ⏩️ oauth-xx/snaky_hash
+  
      71. gem snaky_hash @ v2, HEAD ⏩️ oauth-xx/snaky_hash
 
        72. 
-  
      72. gem version_gem - @v1, HEAD ⏩️ oauth-xx/version_gem
+  
      73. gem version_gem @ v1, HEAD ⏩️ oauth-xx/version_gem
 
        74. 
 
 
@@ -824,10 +824,6 @@ 
        Authorization Grants
        
 
        You can always use the #request method on the OAuth2::Client instance to make
        
 requests for tokens for any Authentication grant type.
        
 
-
        🚀 Release Instructions
        
-
-
        See CONTRIBUTING.md.
        
-
 
        🔐 Security
        
 
 
        See SECURITY.md.
        
@@ -842,6 +838,10 @@ 
        🤝 Contributing
        
 
 
        See CONTRIBUTING.md for more detailed instructions.
        
 
+
        🚀 Release Instructions
        
+
+
        See CONTRIBUTING.md.
        
+
 
        Code Coverage
        
 
 
        Coveralls Test Coverage
        
@@ -969,7 +969,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index 97c2bb7d..98bfd604 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
 
 
       

From 1225eabd4e6b37d8223be504755972aedd9059d4 Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Fri, 30 May 2025 01:33:30 +0700
Subject: [PATCH 435/645] Create CNAME

---
 docs/CNAME | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 docs/CNAME

diff --git a/docs/CNAME b/docs/CNAME
new file mode 100644
index 00000000..9e32e7bf
--- /dev/null
+++ b/docs/CNAME
@@ -0,0 +1 @@
+oauth2.galtzo.com
\ No newline at end of file

From f4449dc3f7635cd4c1961c582169e2d7846aecad Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 30 May 2025 01:47:34 +0700
Subject: [PATCH 436/645] =?UTF-8?q?=F0=9F=9A=9A=20Move=20yard=20output=20d?=
 =?UTF-8?q?oc=20=3D>=20docs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .yardopts                                                 | 1 +
 {doc => docs}/OAuth2.html                                 | 2 +-
 {doc => docs}/OAuth2/AccessToken.html                     | 2 +-
 {doc => docs}/OAuth2/Authenticator.html                   | 2 +-
 {doc => docs}/OAuth2/Client.html                          | 2 +-
 {doc => docs}/OAuth2/Error.html                           | 2 +-
 {doc => docs}/OAuth2/FilteredAttributes.html              | 2 +-
 {doc => docs}/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 {doc => docs}/OAuth2/Response.html                        | 2 +-
 {doc => docs}/OAuth2/Strategy.html                        | 2 +-
 {doc => docs}/OAuth2/Strategy/Assertion.html              | 2 +-
 {doc => docs}/OAuth2/Strategy/AuthCode.html               | 2 +-
 {doc => docs}/OAuth2/Strategy/Base.html                   | 2 +-
 {doc => docs}/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 {doc => docs}/OAuth2/Strategy/Implicit.html               | 2 +-
 {doc => docs}/OAuth2/Strategy/Password.html               | 2 +-
 {doc => docs}/OAuth2/Version.html                         | 2 +-
 {doc => docs}/_index.html                                 | 2 +-
 {doc => docs}/class_list.html                             | 0
 {doc => docs}/css/common.css                              | 0
 {doc => docs}/css/full_list.css                           | 0
 {doc => docs}/css/style.css                               | 0
 {doc => docs}/file.CHANGELOG.html                         | 2 +-
 {doc => docs}/file.CODE_OF_CONDUCT.html                   | 2 +-
 {doc => docs}/file.CONTRIBUTING.html                      | 2 +-
 {doc => docs}/file.LICENSE.html                           | 2 +-
 {doc => docs}/file.README.html                            | 2 +-
 {doc => docs}/file.SECURITY.html                          | 2 +-
 {doc => docs}/file_list.html                              | 0
 {doc => docs}/frames.html                                 | 0
 {doc => docs}/index.html                                  | 2 +-
 {doc => docs}/js/app.js                                   | 0
 {doc => docs}/js/full_list.js                             | 0
 {doc => docs}/js/jquery.js                                | 0
 {doc => docs}/method_list.html                            | 0
 {doc => docs}/top-level-namespace.html                    | 2 +-
 36 files changed, 26 insertions(+), 25 deletions(-)
 rename {doc => docs}/OAuth2.html (99%)
 rename {doc => docs}/OAuth2/AccessToken.html (99%)
 rename {doc => docs}/OAuth2/Authenticator.html (99%)
 rename {doc => docs}/OAuth2/Client.html (99%)
 rename {doc => docs}/OAuth2/Error.html (99%)
 rename {doc => docs}/OAuth2/FilteredAttributes.html (99%)
 rename {doc => docs}/OAuth2/FilteredAttributes/ClassMethods.html (99%)
 rename {doc => docs}/OAuth2/Response.html (99%)
 rename {doc => docs}/OAuth2/Strategy.html (98%)
 rename {doc => docs}/OAuth2/Strategy/Assertion.html (99%)
 rename {doc => docs}/OAuth2/Strategy/AuthCode.html (99%)
 rename {doc => docs}/OAuth2/Strategy/Base.html (99%)
 rename {doc => docs}/OAuth2/Strategy/ClientCredentials.html (99%)
 rename {doc => docs}/OAuth2/Strategy/Implicit.html (99%)
 rename {doc => docs}/OAuth2/Strategy/Password.html (99%)
 rename {doc => docs}/OAuth2/Version.html (98%)
 rename {doc => docs}/_index.html (99%)
 rename {doc => docs}/class_list.html (100%)
 rename {doc => docs}/css/common.css (100%)
 rename {doc => docs}/css/full_list.css (100%)
 rename {doc => docs}/css/style.css (100%)
 rename {doc => docs}/file.CHANGELOG.html (99%)
 rename {doc => docs}/file.CODE_OF_CONDUCT.html (99%)
 rename {doc => docs}/file.CONTRIBUTING.html (99%)
 rename {doc => docs}/file.LICENSE.html (98%)
 rename {doc => docs}/file.README.html (99%)
 rename {doc => docs}/file.SECURITY.html (98%)
 rename {doc => docs}/file_list.html (100%)
 rename {doc => docs}/frames.html (100%)
 rename {doc => docs}/index.html (99%)
 rename {doc => docs}/js/app.js (100%)
 rename {doc => docs}/js/full_list.js (100%)
 rename {doc => docs}/js/jquery.js (100%)
 rename {doc => docs}/method_list.html (100%)
 rename {doc => docs}/top-level-namespace.html (97%)

diff --git a/.yardopts b/.yardopts
index 50081d3f..479134df 100644
--- a/.yardopts
+++ b/.yardopts
@@ -3,6 +3,7 @@
 --readme README.md
 --charset utf-8
 --markup markdown
+--output docs
 --load .yard_gfm_support.rb
 'lib/**/*.rb'
 -
diff --git a/doc/OAuth2.html b/docs/OAuth2.html
similarity index 99%
rename from doc/OAuth2.html
rename to docs/OAuth2.html
index 946179c7..40978b0e 100644
--- a/doc/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,7 +326,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
similarity index 99%
rename from doc/OAuth2/AccessToken.html
rename to docs/OAuth2/AccessToken.html
index 07a3f41e..53a7118e 100644
--- a/doc/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
similarity index 99%
rename from doc/OAuth2/Authenticator.html
rename to docs/OAuth2/Authenticator.html
index ba736d22..5e5185c0 100644
--- a/doc/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Client.html b/docs/OAuth2/Client.html
similarity index 99%
rename from doc/OAuth2/Client.html
rename to docs/OAuth2/Client.html
index 61320a02..988f5755 100644
--- a/doc/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Error.html b/docs/OAuth2/Error.html
similarity index 99%
rename from doc/OAuth2/Error.html
rename to docs/OAuth2/Error.html
index bf0047d5..ed4b90a3 100644
--- a/doc/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
similarity index 99%
rename from doc/OAuth2/FilteredAttributes.html
rename to docs/OAuth2/FilteredAttributes.html
index a54fe51a..e3c8aec6 100644
--- a/doc/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
similarity index 99%
rename from doc/OAuth2/FilteredAttributes/ClassMethods.html
rename to docs/OAuth2/FilteredAttributes/ClassMethods.html
index 8d85657b..2b9dccf0 100644
--- a/doc/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Response.html b/docs/OAuth2/Response.html
similarity index 99%
rename from doc/OAuth2/Response.html
rename to docs/OAuth2/Response.html
index 8983513f..3520bdbc 100644
--- a/doc/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
similarity index 98%
rename from doc/OAuth2/Strategy.html
rename to docs/OAuth2/Strategy.html
index b0554952..00f67442 100644
--- a/doc/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
similarity index 99%
rename from doc/OAuth2/Strategy/Assertion.html
rename to docs/OAuth2/Strategy/Assertion.html
index 0af4aa5d..25043647 100644
--- a/doc/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
similarity index 99%
rename from doc/OAuth2/Strategy/AuthCode.html
rename to docs/OAuth2/Strategy/AuthCode.html
index cec41ec5..23a65009 100644
--- a/doc/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
similarity index 99%
rename from doc/OAuth2/Strategy/Base.html
rename to docs/OAuth2/Strategy/Base.html
index cdf63a5f..da254c4a 100644
--- a/doc/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
similarity index 99%
rename from doc/OAuth2/Strategy/ClientCredentials.html
rename to docs/OAuth2/Strategy/ClientCredentials.html
index 81c060b6..8c8689e4 100644
--- a/doc/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
similarity index 99%
rename from doc/OAuth2/Strategy/Implicit.html
rename to docs/OAuth2/Strategy/Implicit.html
index fbb9f966..20508a44 100644
--- a/doc/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
similarity index 99%
rename from doc/OAuth2/Strategy/Password.html
rename to docs/OAuth2/Strategy/Password.html
index 93970993..6ff4c1fc 100644
--- a/doc/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Version.html b/docs/OAuth2/Version.html
similarity index 98%
rename from doc/OAuth2/Version.html
rename to docs/OAuth2/Version.html
index 31a2e787..ae4e9e48 100644
--- a/doc/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/doc/_index.html b/docs/_index.html
similarity index 99%
rename from doc/_index.html
rename to docs/_index.html
index 607b26a4..63806e1b 100644
--- a/doc/_index.html
+++ b/docs/_index.html
@@ -300,7 +300,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/doc/class_list.html b/docs/class_list.html
similarity index 100%
rename from doc/class_list.html
rename to docs/class_list.html
diff --git a/doc/css/common.css b/docs/css/common.css
similarity index 100%
rename from doc/css/common.css
rename to docs/css/common.css
diff --git a/doc/css/full_list.css b/docs/css/full_list.css
similarity index 100%
rename from doc/css/full_list.css
rename to docs/css/full_list.css
diff --git a/doc/css/style.css b/docs/css/style.css
similarity index 100%
rename from doc/css/style.css
rename to docs/css/style.css
diff --git a/doc/file.CHANGELOG.html b/docs/file.CHANGELOG.html
similarity index 99%
rename from doc/file.CHANGELOG.html
rename to docs/file.CHANGELOG.html
index 79d93313..4fcc76f9 100644
--- a/doc/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -801,7 +801,7 @@ 
        
 
 
       
diff --git a/doc/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
similarity index 99%
rename from doc/file.CODE_OF_CONDUCT.html
rename to docs/file.CODE_OF_CONDUCT.html
index d4f2f05a..55056c83 100644
--- a/doc/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
        Attribution
        
 
 
       
diff --git a/doc/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
similarity index 99%
rename from doc/file.CONTRIBUTING.html
rename to docs/file.CONTRIBUTING.html
index 75ae1661..b76cbce0 100644
--- a/doc/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
        To release a new version:
        
 
 
       
diff --git a/doc/file.LICENSE.html b/docs/file.LICENSE.html
similarity index 98%
rename from doc/file.LICENSE.html
rename to docs/file.LICENSE.html
index 715e1493..39312242 100644
--- a/doc/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
        MIT License

        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
        Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:

        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.

        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
 
       
diff --git a/doc/file.README.html b/docs/file.README.html
similarity index 99%
rename from doc/file.README.html
rename to docs/file.README.html
index 2fd9b5cb..55e5132a 100644
--- a/doc/file.README.html
+++ b/docs/file.README.html
@@ -969,7 +969,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/file.SECURITY.html b/docs/file.SECURITY.html
similarity index 98%
rename from doc/file.SECURITY.html
rename to docs/file.SECURITY.html
index bdf908e8..0cc7c02a 100644
--- a/doc/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -110,7 +110,7 @@ 
        OAuth2 for Enterprise
        
 
 
       
diff --git a/doc/file_list.html b/docs/file_list.html
similarity index 100%
rename from doc/file_list.html
rename to docs/file_list.html
diff --git a/doc/frames.html b/docs/frames.html
similarity index 100%
rename from doc/frames.html
rename to docs/frames.html
diff --git a/doc/index.html b/docs/index.html
similarity index 99%
rename from doc/index.html
rename to docs/index.html
index 98be1ed3..299a35bf 100644
--- a/doc/index.html
+++ b/docs/index.html
@@ -969,7 +969,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/doc/js/app.js b/docs/js/app.js
similarity index 100%
rename from doc/js/app.js
rename to docs/js/app.js
diff --git a/doc/js/full_list.js b/docs/js/full_list.js
similarity index 100%
rename from doc/js/full_list.js
rename to docs/js/full_list.js
diff --git a/doc/js/jquery.js b/docs/js/jquery.js
similarity index 100%
rename from doc/js/jquery.js
rename to docs/js/jquery.js
diff --git a/doc/method_list.html b/docs/method_list.html
similarity index 100%
rename from doc/method_list.html
rename to docs/method_list.html
diff --git a/doc/top-level-namespace.html b/docs/top-level-namespace.html
similarity index 97%
rename from doc/top-level-namespace.html
rename to docs/top-level-namespace.html
index 98bfd604..3b5b35a4 100644
--- a/doc/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
 
 
       

From 522b8ab4eacf77834b4727e62704bb4ea48ad103 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 31 May 2025 09:46:47 +0700
Subject: [PATCH 437/645] =?UTF-8?q?=F0=9F=99=88=20Ignore=20.github/workflo?=
 =?UTF-8?q?ws/codeql-analysis.yml?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- in QLTY.sh analysis
---
 .qlty/qlty.toml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.qlty/qlty.toml b/.qlty/qlty.toml
index e69ec730..7d4a315c 100644
--- a/.qlty/qlty.toml
+++ b/.qlty/qlty.toml
@@ -32,6 +32,7 @@ exclude_patterns = [
   "**/templates/**",
   "**/testdata/**",
   "**/vendor/**",
+  ".github/workflows/codeql-analysis.yml"
 ]
 
 

From cf1372046b6aeccd3f2bb1fb14e7c39a5167963e Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 31 May 2025 09:47:08 +0700
Subject: [PATCH 438/645] =?UTF-8?q?=F0=9F=93=9D=20Add=20*.cff=20to=20docs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Rakefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Rakefile b/Rakefile
index dd7dfbc9..a6705554 100644
--- a/Rakefile
+++ b/Rakefile
@@ -77,6 +77,7 @@ begin
       "lib/**/*.rb",
       "-", # source and extra docs are separated by "-"
       # Extra Files (alphabetical)
+      "*.cff",
       "*.md",
       "*.txt",
     ]

From 4520d569ef449d64dd372b497ce7fc9ac613d55e Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 31 May 2025 09:47:21 +0700
Subject: [PATCH 439/645] =?UTF-8?q?=F0=9F=A7=91=E2=80=8D=F0=9F=92=BB=20.to?=
 =?UTF-8?q?ol-versions?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .tool-versions | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100755 .tool-versions

diff --git a/.tool-versions b/.tool-versions
new file mode 100755
index 00000000..8655ff00
--- /dev/null
+++ b/.tool-versions
@@ -0,0 +1,2 @@
+direnv 2.32.2
+ruby 3.4.3

From ec21313507a7f43886270cbaa9155c4f32583fe9 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 31 May 2025 09:47:32 +0700
Subject: [PATCH 440/645] =?UTF-8?q?=F0=9F=A7=91=E2=80=8D=F0=9F=92=BB=20try?=
 =?UTF-8?q?=20committing=20.idea?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/.gitignore                 |   8 +
 .idea/GitLink.xml                |   6 +
 .idea/GitlabSettingsPlugin.xml   |  10 +
 .idea/active-tab-highlighter.xml |  13 +
 .idea/codestream.xml             |   6 +
 .idea/dbnavigator.xml            | 430 +++++++++++++++++++++++++++++++
 .idea/git_toolbox_blame.xml      |  11 +
 .idea/git_toolbox_prj.xml        |  15 ++
 .idea/kubernetes-settings.xml    |   6 +
 .idea/misc.xml                   |   4 +
 .idea/modules.xml                |   8 +
 .idea/oauth2.iml                 | 127 +++++++++
 .idea/vcs.xml                    |   7 +
 13 files changed, 651 insertions(+)
 create mode 100755 .idea/.gitignore
 create mode 100755 .idea/GitLink.xml
 create mode 100644 .idea/GitlabSettingsPlugin.xml
 create mode 100755 .idea/active-tab-highlighter.xml
 create mode 100755 .idea/codestream.xml
 create mode 100644 .idea/dbnavigator.xml
 create mode 100755 .idea/git_toolbox_blame.xml
 create mode 100755 .idea/git_toolbox_prj.xml
 create mode 100755 .idea/kubernetes-settings.xml
 create mode 100755 .idea/misc.xml
 create mode 100755 .idea/modules.xml
 create mode 100755 .idea/oauth2.iml
 create mode 100755 .idea/vcs.xml

diff --git a/.idea/.gitignore b/.idea/.gitignore
new file mode 100755
index 00000000..13566b81
--- /dev/null
+++ b/.idea/.gitignore
@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
diff --git a/.idea/GitLink.xml b/.idea/GitLink.xml
new file mode 100755
index 00000000..000fa355
--- /dev/null
+++ b/.idea/GitLink.xml
@@ -0,0 +1,6 @@
+
+
+  
+    
+
\ No newline at end of file
diff --git a/.idea/GitlabSettingsPlugin.xml b/.idea/GitlabSettingsPlugin.xml
new file mode 100644
index 00000000..5ff494ba
--- /dev/null
+++ b/.idea/GitlabSettingsPlugin.xml
@@ -0,0 +1,10 @@
+
+
+  
+    
+  
+
\ No newline at end of file
diff --git a/.idea/active-tab-highlighter.xml b/.idea/active-tab-highlighter.xml
new file mode 100755
index 00000000..409aba97
--- /dev/null
+++ b/.idea/active-tab-highlighter.xml
@@ -0,0 +1,13 @@
+
+
+  
+    
+  
+
\ No newline at end of file
diff --git a/.idea/codestream.xml b/.idea/codestream.xml
new file mode 100755
index 00000000..3ec0bd41
--- /dev/null
+++ b/.idea/codestream.xml
@@ -0,0 +1,6 @@
+
+
+  
+    
+
\ No newline at end of file
diff --git a/.idea/dbnavigator.xml b/.idea/dbnavigator.xml
new file mode 100644
index 00000000..0910bc64
--- /dev/null
+++ b/.idea/dbnavigator.xml
@@ -0,0 +1,430 @@
+
+
+  
+    
+    
+  
+  
+    
+  
+  
+    
+  
+  
+    
+  
+  
+    
+    
+      
+        
+        
+        
+        
+      
+      
+        
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+        
+      
+      
+        
+        
+        
+        
+        
+      
+      
+        
+        
+        
+      
+    
+    
+      
+        
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+        
+        
+        
+        
+      
+    
+    
+      
+        
+        
+      
+      
+        
+        
+      
+      
+        
+        
+        
+      
+    
+    
+      
+        
+        
+        
+        
+      
+      
+        
+        
+        
+      
+      
+        
+        
+        
+        
+        
+        
+      
+      
+        
+        
+      
+      
+        
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+        
+      
+      
+        
+      
+    
+    
+      
+        
+        
+        
+        
+      
+      
+        
+        
+        
+      
+    
+    
+      
+        
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+          
+          
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+          
+          
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+          
+        
+        
+          
+          
+          
+          
+          
+          
+          
+          
+          
+          
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+          
+          
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+          
+          
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+            
+          
+        
+      
+      
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+      
+      
+        
+      
+    
+    
+      
+        
+        
+        
+        
+        
+      
+      
+        
+        
+      
+      
+        
+        
+        
+      
+    
+    
+      
+        
+          
+          
+          
+        
+        
+          
+          
+        
+      
+      
+        
+        
+        
+      
+      
+        
+        
+        
+      
+    
+    
+      
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+        
+      
+      
+        
+        
+        
+        
+        
+      
+    
+    
+      
+        
+      
+    
+    
+      
+        
+        
+        
+        
+      
+      
+        
+          
+          
+          
+          
+        
+        
+          
+          
+          
+          
+          
+        
+      
+    
+  
+
\ No newline at end of file
diff --git a/.idea/git_toolbox_blame.xml b/.idea/git_toolbox_blame.xml
new file mode 100755
index 00000000..75202252
--- /dev/null
+++ b/.idea/git_toolbox_blame.xml
@@ -0,0 +1,11 @@
+
+
+  
+    
+  
+
\ No newline at end of file
diff --git a/.idea/git_toolbox_prj.xml b/.idea/git_toolbox_prj.xml
new file mode 100755
index 00000000..02b915b8
--- /dev/null
+++ b/.idea/git_toolbox_prj.xml
@@ -0,0 +1,15 @@
+
+
+  
+    
+    
+  
+
\ No newline at end of file
diff --git a/.idea/kubernetes-settings.xml b/.idea/kubernetes-settings.xml
new file mode 100755
index 00000000..7d8bbbaf
--- /dev/null
+++ b/.idea/kubernetes-settings.xml
@@ -0,0 +1,6 @@
+
+
+  
+    
+
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100755
index 00000000..9f467935
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,4 @@
+
+
+  
+
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100755
index 00000000..74441e45
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+
+
+  
+    
+      
+    
+  
+
\ No newline at end of file
diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
new file mode 100755
index 00000000..29105d13
--- /dev/null
+++ b/.idea/oauth2.iml
@@ -0,0 +1,127 @@
+
+
+  
+    
+  
+  
+    
+      
+      
+      
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+  
+  
+    
+  
+
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100755
index 00000000..3a95484e
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,7 @@
+
+
+  
+    
+    
+  
+
\ No newline at end of file

From 46e42707630d9067dbdaa6b96179f673ca2f1c70 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 31 May 2025 09:48:30 +0700
Subject: [PATCH 441/645] =?UTF-8?q?=F0=9F=99=88=20Organize=20.gitignore?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitignore | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/.gitignore b/.gitignore
index 1d4ec4b4..159a4bd6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,9 +1,7 @@
 # Build Artifacts
 /pkg/
 /tmp/
-
-# rspec failure tracking
-.rspec_status
+*.gem
 
 # Bundler
 /.bundle/
@@ -14,29 +12,33 @@
 Appraisal.*.gemfile.lock
 
 # Specs
+.rspec_status
 /coverage/
 /spec/reports/
 
 # Documentation
-/.yardoc
+/.yardoc/
 /_yardoc/
 /rdoc/
+/doc/
 
-# RVM
+# Ruby Version Managers (RVM, rbenv, etc)
+# Ignored because we currently use .tool-versions
 .rvmrc
+.ruby-version
+.ruby-gemset
 
-# Editors
-.idea
-*~
-
-# Other
+# Benchmarking
 /measurement/
-/.byebug_history
-.DS_Store
 
-# Version Managers
-.ruby-version
-.tool-versions
+# Debugger detritus
+.byebug_history
 
-# Local config
+# direnv - brew install direnv
 .env.local
+
+# OS Detritus
+.DS_Store
+
+# Editors
+*~

From 064d627a35e13960c850bebb04d2ad4fcbb2804e Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 00:42:08 +0700
Subject: [PATCH 442/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20gemspec?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- New email
- New funding URL
- Improved post_install_message
---
 oauth2.gemspec | 27 +++++++++++----------------
 1 file changed, 11 insertions(+), 16 deletions(-)

diff --git a/oauth2.gemspec b/oauth2.gemspec
index a461461e..d004d64f 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -15,7 +15,7 @@ Gem::Specification.new do |spec|
   spec.name = "oauth2"
   spec.version = gem_version
   spec.authors = ["Peter Boling", "Erik Michaels-Ober", "Michael Bleigh"]
-  spec.email = ["peter.boling@gmail.com", "oauth-ruby@googlegroups.com"]
+  spec.email = ["floss@galtzo.com"]
 
   # Linux distros often package gems and securely certify them independent
   #   of the official RubyGem certification process. Allowed via ENV["SKIP_GEM_SIGNING"]
@@ -45,27 +45,22 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = ">= 2.2.0"
 
   spec.post_install_message = %{
-You have installed oauth2 version #{gem_version}, congratulations!
+---+++ oauth2 v#{gem_version} +++---
 
-There are BREAKING changes if you are upgrading from < v2, but most will not encounter them, and updating your code should be easy!
+There are BREAKING CHANGES when upgrading from < v2
+Most will not encounter them, and updating your code should be easy!
 Please see:
 • #{gl_homepage}/-/blob/main/SECURITY.md
 • #{gl_homepage}/-/blob/v#{spec.version}/CHANGELOG.md#200-2022-06-21-tag
 • Summary of most important breaking changes: #{gl_homepage}#what-is-new-for-v20
 
-There are BUGFIXES in v#{gem_version}, which depending on how you relied on them instead of reporting and fixing them, may be BREAKING for you.
-For more information please see:
-https://railsbling.com/tags/oauth2
-
-Important News:
-1. Google Group is "active" (again)!
-• https://groups.google.com/g/oauth-ruby/c/QA_dtrXWXaE
-2. Non-commercial support for the 2.x series will end by April, 2026. Please make a plan to upgrade to the next version prior to that date.
+News:
+1. New documentation website: https://oauth2.galtzo.com
+2. Discord for discussion and support: https://discord.gg/3qme4XHNKN
+3. Non-commercial support for the 2.x series will end by April, 2026. Please make a plan to upgrade to the next version prior to that date.
 Support will be dropped for Ruby 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 3.0, 3.1 and any other Ruby versions which will also have reached EOL by then.
-3. Gem releases are now cryptographically signed with a 20-year cert, with checksums by stone_checksums.
-4. I need your support.
-
-If you are sentient, please consider a donation as I move toward supporting myself with Open Source work:
+4. Gem releases are now cryptographically signed with a 20-year cert, with checksums by stone_checksums.
+5. Please consider supporting this project, and my other open source work, with one of the following methods:
 • https://liberapay.com/pboling
 • https://ko-fi.com/pboling
 • https://www.buymeacoffee.com/pboling
@@ -89,7 +84,7 @@ Thanks, |7eter l-|. l3oling
   spec.metadata["wiki_uri"] = "#{gl_homepage}/-/wiki"
   # Yes, Google is a disgusting monopoly, but the historical value of the mailing list archive is high.
   spec.metadata["mailing_list_uri"] = "https://groups.google.com/g/oauth-ruby"
-  spec.metadata["funding_uri"] = "https://liberapay.com/pboling"
+  spec.metadata["funding_uri"] = "https://github.com/sponsors/pboling"
   spec.metadata["news_uri"] = "https://www.railsbling.com/tags/#{spec.name}"
   spec.metadata["rubygems_mfa_required"] = "true"
 

From 0b499963e59d27dac9e40201c258c63cc092f2e7 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 00:43:12 +0700
Subject: [PATCH 443/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20documentation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .rubocop_gradual.lock                         |  2 +-
 REEK                                          |  2 +-
 docs/OAuth2.html                              |  2 +-
 docs/OAuth2/AccessToken.html                  |  2 +-
 docs/OAuth2/Authenticator.html                |  2 +-
 docs/OAuth2/Client.html                       |  2 +-
 docs/OAuth2/Error.html                        |  2 +-
 docs/OAuth2/FilteredAttributes.html           |  2 +-
 .../FilteredAttributes/ClassMethods.html      |  2 +-
 docs/OAuth2/Response.html                     |  2 +-
 docs/OAuth2/Strategy.html                     |  2 +-
 docs/OAuth2/Strategy/Assertion.html           |  2 +-
 docs/OAuth2/Strategy/AuthCode.html            |  2 +-
 docs/OAuth2/Strategy/Base.html                |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |  2 +-
 docs/OAuth2/Strategy/Implicit.html            |  2 +-
 docs/OAuth2/Strategy/Password.html            |  2 +-
 docs/OAuth2/Version.html                      |  2 +-
 docs/_index.html                              |  5 +-
 docs/file.CHANGELOG.html                      |  2 +-
 docs/file.CITATION.html                       | 95 +++++++++++++++++++
 docs/file.CODE_OF_CONDUCT.html                |  2 +-
 docs/file.CONTRIBUTING.html                   |  2 +-
 docs/file.LICENSE.html                        |  2 +-
 docs/file.README.html                         |  2 +-
 docs/file.SECURITY.html                       |  2 +-
 docs/file_list.html                           |  5 +
 docs/index.html                               |  2 +-
 docs/top-level-namespace.html                 |  2 +-
 29 files changed, 130 insertions(+), 27 deletions(-)
 create mode 100644 docs/file.CITATION.html

diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index d22e4a36..5baad939 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -21,7 +21,7 @@
   "lib/oauth2/response.rb:2054901929": [
     [53, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427]
   ],
-  "oauth2.gemspec:3059367295": [
+  "oauth2.gemspec:232642695": [
     [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028]
   ],
   "spec/oauth2/access_token_spec.rb:1202129469": [
diff --git a/REEK b/REEK
index 5f8ba210..ac5a98b4 100644
--- a/REEK
+++ b/REEK
@@ -99,7 +99,7 @@ lib/oauth2/response.rb -- 12 warnings:
   [106]:TooManyStatements: OAuth2::Response#parsed has approx 7 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
   [7]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
 lib/oauth2/strategy/assertion.rb -- 5 warnings:
-  [96, 96, 98, 98]:FeatureEnvy: OAuth2::Strategy::Assertion#build_assertion refers to 'encoding_opts' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
+  [96, 96, 99, 99, 101, 101]:FeatureEnvy: OAuth2::Strategy::Assertion#build_assertion refers to 'encoding_opts' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
   [32]:InstanceVariableAssumption: OAuth2::Strategy::Assertion assumes too much for instance variable '@client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
   [79]:LongParameterList: OAuth2::Strategy::Assertion#get_token has 4 parameters [https://github.com/troessner/reek/blob/v6.5.0/docs/Long-Parameter-List.md]
   [5]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 40978b0e..5835b81a 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,7 +326,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 53a7118e..9cb12bb0 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 5e5185c0..bd09ae64 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 988f5755..fcb14a52 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index ed4b90a3..94e6069e 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index e3c8aec6..60394889 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 2b9dccf0..4a063f3c 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 3520bdbc..15d44cf9 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 00f67442..d3456121 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 25043647..e6eeb9bc 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 23a65009..47dc6d31 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index da254c4a..12595441 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 8c8689e4..4441ec11 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 20508a44..ab67cbe6 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 6ff4c1fc..edb1f118 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index ae4e9e48..40583868 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 63806e1b..639bb259 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -78,6 +78,9 @@ 
        File Listing
        
     
      74. LICENSE
        75. 
     
   
+    
      75. CITATION
        76. 
+    
+  
   
 
 
        
@@ -300,7 +303,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 4fcc76f9..99007f75 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -801,7 +801,7 @@ 
        
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
new file mode 100644
index 00000000..9a637f78
--- /dev/null
+++ b/docs/file.CITATION.html
@@ -0,0 +1,95 @@
+
+
+  
+    
+
+
+  File: CITATION
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
        
+      
+      
        
+    
        
+
+    
        
+      
+
+      
        cff-version: 1.2.0
        
+title: oauth2
        
+message: >-
        
+  If you use this work and you want to cite it,
        
+  then you can use the metadata from this file.
        
+type: software
        
+authors:
        
+
          
+  
        • given-names: Peter Hurn
          
+family-names: Boling
          
+email: peter@railsbling.com
          
+affiliation: railsbling.com
          
+orcid: ‘https://orcid.org/0009-0008-8519-441X’
          • 
+  
        • given-names: Aboling0
          
+email: aboling@railsbling.com
          
+affiliation: railsbling.com
          
+identifiers:
          • 
+  
        • type: url
          
+value: ‘https://github.com/oauth-xx/oauth2’
          
+description: oauth2
          
+repository-code: ‘https://github.com/oauth-xx/oauth2’
          
+abstract: >-
          
+  oauth2
          
+license: See license file
          • 
+
        
+
        
+
+      
+
+    
        
+  
+
\ No newline at end of file
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 55056c83..129c8e37 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
        Attribution
        
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index b76cbce0..8f768b47 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
        To release a new version:
        
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 39312242..e02260a7 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
        MIT License

        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
        Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:

        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.

        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 55e5132a..c3f2999c 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -969,7 +969,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 0cc7c02a..bd482e84 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -110,7 +110,7 @@ 
        OAuth2 for Enterprise
        
 
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index 3b2259f0..321a6791 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -77,6 +77,11 @@ 
        File List
        
   
   
 
+  
      76. 
+    
        CITATION
        
+  
        77. 
+  
+
 
       
     
diff --git a/docs/index.html b/docs/index.html
index 299a35bf..139c162e 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -969,7 +969,7 @@ 
        🤑 One more thing
        
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 3b5b35a4..db14f8e5 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
 
 
       

From 8c97296d9cbb2c8fc42f4b4dd8aa4978d01444ae Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 03:18:52 +0700
Subject: [PATCH 444/645] =?UTF-8?q?=F0=9F=9A=80=20Prevent=20Jekyll=20proce?=
 =?UTF-8?q?ssing=20so=20all=20YARD=20docs=20are=20included?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .nojekyll | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 .nojekyll

diff --git a/.nojekyll b/.nojekyll
new file mode 100644
index 00000000..e69de29b

From 1dd78ee24d755ea0bfa7bb45a3b6d7ee4b44bc66 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 03:19:42 +0700
Subject: [PATCH 445/645] =?UTF-8?q?=F0=9F=93=9D=20Documentation=20for=20v2?=
 =?UTF-8?q?.0.12?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 16 ++++++++++++++++
 README.md    |  8 ++++----
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b55b576c..7f3cd35f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,22 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 ### Fixed
 ### Security
 
+## [2.0.11] - 2025-05-31
+### Added
+- [gh652][gh652] - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
+  - Support JWT `kid` for key discovery and management
+- More Documentation by @pboling
+- Documentation site @ https://oauth2.galtzo.com now complete
+### Changed
+- Updates to gemspec (email, funding url, post install message)
+### Deprecated
+### Removed
+### Fixed
+- Documentation Typos by @pboling
+### Security
+
+[gh652]: https://github.com/oauth-xx/oauth2/pull/652
+
 ## [2.0.11] - 2025-05-23
 - TAG: [v2.0.11][2.0.11t]
 - COVERAGE: 100.00% -- 518/518 lines in 14 files
diff --git a/README.md b/README.md
index 5641660e..69b452dc 100644
--- a/README.md
+++ b/README.md
@@ -330,9 +330,10 @@ For more see [SECURITY.md][🔐security].
 
 - Works with Ruby versions >= 2.2
 - Drop support for the expired MAC Draft (all versions)
-- Support IETF rfc7523 JWT Bearer Tokens
-- Support IETF rfc7231 Relative Location in Redirect
-- Support IETF rfc6749 Don't set oauth params when nil
+- Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
+- Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
+- Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
+- Support IETF rfc6749 Don't set oauth params when nil (since v2.0.0)
 - Support IETF rfc7009 Token Revocation (since v2.0.10)
 - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523)
 - Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json`
@@ -495,7 +496,6 @@ SnakyHash::StringKeyed.class_eval do
 end
 ```
 
-
 #### What if I hate snakes and/or indifference?
 
 ```ruby

From f54d506bff3757421ff7641f8647a5808d85407e Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 03:27:03 +0700
Subject: [PATCH 446/645] =?UTF-8?q?=F0=9F=94=A5=20CodeCov=20is=20broken?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

https://github.com/codecov/feedback/discussions/726
---
 .github/workflows/coverage.yml |  9 ---------
 README.md                      | 11 -----------
 2 files changed, 20 deletions(-)

diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 700c34e1..a1f2ab00 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -88,15 +88,6 @@ jobs:
           files: coverage/.resultset.json
         continue-on-error: ${{ matrix.experimental != 'false' }}
 
-      # Build will fail here if coverage upload fails
-      #   which will hopefully be noticed for the lack of code coverage comments
-      - name: Upload coverage to CodeCov
-        uses: codecov/codecov-action@v5
-        with:
-          fail_ci_if_error: true # optional (default = false)
-          token: ${{ secrets.CODECOV_TOKEN }}
-          verbose: true # optional (default = false)
-
       # Then PR comments
       - name: Code Coverage Summary Report
         uses: irongut/CodeCoverageSummary@v1.3.0
diff --git a/README.md b/README.md
index 69b452dc..bad56c39 100644
--- a/README.md
+++ b/README.md
@@ -912,14 +912,3 @@ or one of the others at the head of this README.
 
 
 
-
-
        
-  Deprecated Badges
-
-CodeCov currently fails to parse the coverage upload.
-
-[![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov]
-
-[![Coverage Graph][🔑codecov-g♻️]][🔑codecov]
-
-
        
\ No newline at end of file

From dd74c5461382aab90b0ee7c64ceea317cee1c257 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 03:27:49 +0700
Subject: [PATCH 447/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20documentation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/OAuth2.html                              |  2 +-
 docs/OAuth2/AccessToken.html                  |  2 +-
 docs/OAuth2/Authenticator.html                |  2 +-
 docs/OAuth2/Client.html                       |  2 +-
 docs/OAuth2/Error.html                        |  2 +-
 docs/OAuth2/FilteredAttributes.html           |  2 +-
 .../FilteredAttributes/ClassMethods.html      |  2 +-
 docs/OAuth2/Response.html                     |  2 +-
 docs/OAuth2/Strategy.html                     |  2 +-
 docs/OAuth2/Strategy/Assertion.html           |  2 +-
 docs/OAuth2/Strategy/AuthCode.html            |  2 +-
 docs/OAuth2/Strategy/Base.html                |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |  2 +-
 docs/OAuth2/Strategy/Implicit.html            |  2 +-
 docs/OAuth2/Strategy/Password.html            |  2 +-
 docs/OAuth2/Version.html                      |  2 +-
 docs/_index.html                              |  2 +-
 docs/file.CHANGELOG.html                      | 78 ++++++++++++-------
 docs/file.CITATION.html                       |  2 +-
 docs/file.CODE_OF_CONDUCT.html                |  2 +-
 docs/file.CONTRIBUTING.html                   |  2 +-
 docs/file.LICENSE.html                        |  2 +-
 docs/file.README.html                         | 20 ++---
 docs/file.SECURITY.html                       |  2 +-
 docs/index.html                               | 20 ++---
 docs/top-level-namespace.html                 |  2 +-
 26 files changed, 84 insertions(+), 80 deletions(-)

diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 5835b81a..e69c04d2 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,7 +326,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 9cb12bb0..227b26cc 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index bd09ae64..0626462a 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index fcb14a52..603c8a22 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 94e6069e..714debcb 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 60394889..4a1ba528 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 4a063f3c..519a3713 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 15d44cf9..8cddb9dc 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index d3456121..9749ef9c 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index e6eeb9bc..30eaff6f 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 47dc6d31..ce776e3e 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 12595441..7cc7b877 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 4441ec11..4e0524e4 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index ab67cbe6..e11fc7e7 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index edb1f118..1c9709df 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 40583868..b5d6fb10 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 639bb259..d0a63540 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -303,7 +303,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 99007f75..efeb09ee 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -71,6 +71,30 @@ 
        Removed
        
 
        Fixed
        
 
        Security
        
 
+
        
+2.0.11 - 2025-05-31
        
+
        Added
        
+
          
+  
        • 
+gh652 - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
+    
            
+      
          • Support JWT kid for key discovery and management
            • 
+    
          
+  
          • 
+  
        • More Documentation by @pboling
          • 
+  
        • Documentation site @ https://oauth2.galtzo.com now complete
+    
          Changed
          
+  
          • 
+  
        • Updates to gemspec (email, funding url, post install message)
+    
          Deprecated
          
+    
          Removed
          
+    
          Fixed
          
+  
          • 
+  
        • Documentation Typos by @pboling
+    
          Security
          
+  
          • 
+
        
+
 
        
 2.0.11 - 2025-05-23
        
 
          
@@ -79,7 +103,7 @@ 
          
   
        • COVERAGE: 100.00% – 518/518 lines in 14 files
          • 
   
        • BRANCH COVERAGE: 100.00% – 172/172 branches in 14 files
          • 
   
        • 80.00% documented
-    
          Added
          
+    
          Added
          
   
          • 
   
        • 
 gh651 - :snaky_hash_klass option (@pboling)
          • 
@@ -103,7 +127,7 @@ 
          Added
          
 gh651 - Mock OAuth2 server for testing (@pboling)
     
            
       
          • https://github.com/navikt/mock-oauth2-server
-        
            Changed
            
+        
            Changed
            
       
            • 
     
          
   
@@ -114,7 +138,7 @@ 
          Changed
          
     
        
   
   
      77. Updated spec.homepage_uri in gemspec to GitHub Pages YARD documentation site (@pboling)
-    
        Fixed
        
+    
        Fixed
        
   
        78. 
   
      78. 
 gh650 - Regression in return type of OAuth2::Response#parsed (@pboling)
        79. 
@@ -129,7 +153,7 @@ 
        
   
      79. COVERAGE: 100.00% – 518/518 lines in 14 files
        80. 
   
      80. BRANCH COVERAGE: 100.00% – 170/170 branches in 14 files
        81. 
   
      81. 79.05% documented
-    
        Added
        
+    
        Added
        
   
        82. 
   
      82. 
 gh!632 - Added funding.yml (@Aboling0)
        83. 
@@ -172,7 +196,7 @@ 
        Added
        
 gh!644, gh!645 - Added CITATION.cff (@Aboling0)
   
      83. 
 !648 - Improved documentation (@pboling)
-    
        Changed
        
+    
        Changed
        
   
        84. 
   
      84. Default value of OAuth2.config.silence_extra_tokens_warning was false, now true (@pboling)
        85. 
   
      85. Gem releases are now cryptographically signed, with a 20-year cert (@pboling)
@@ -186,7 +210,7 @@ 
        Changed
        
 !647 - OAuth2.config is no longer writable (@pboling)
        86. 
   
      86. 
 !647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling)
-    
        Fixed
        
+    
        Fixed
        
   
        87. 
   
      87. 
 #95 - restoring an access token via AccessToken#from_hash (@pboling)
@@ -222,10 +246,10 @@ 
        
 2.0.9 - 2022-09-16
        
 
          
   
        • TAG: v2.0.9
-    
          Added
          
+    
          Added
          
   
          • 
   
        • More specs (@pboling)
-    
          Changed
          
+    
          Changed
          
   
          • 
   
        • Complete migration to main branch as default (@pboling)
          • 
   
        • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
          • 
@@ -235,11 +259,11 @@ 
          
 2.0.8 - 2022-09-01
          
 
            
   
          • TAG: v2.0.8
-    
            Changed
            
+    
            Changed
            
   
            • 
   
          • 
 !630 - Extract snaky_hash to external dependency (@pboling)
-    
            Added
            
+    
            Added
            
   
            • 
   
          • 
 !631 - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes #628
@@ -250,11 +274,11 @@ 
            
 2.0.7 - 2022-08-22
            
 
              
   
            • TAG: v2.0.7
-    
              Added
              
+    
              Added
              
   
              • 
   
            • 
 !629 - Allow POST of JSON to get token (@pboling, @terracatta)
-    
              Fixed
              
+    
              Fixed
              
   
              • 
   
            • 
 !626 - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
@@ -270,7 +294,7 @@ 
              
 2.0.6 - 2022-07-13
              
 
                
   
              • TAG: v2.0.6
-    
                Fixed
                
+    
                Fixed
                
   
                • 
   
              • 
 !624 - Fixes a regression in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
                • 
@@ -280,7 +304,7 @@ 
                
 2.0.5 - 2022-07-07
                
 
                  
   
                • TAG: v2.0.5
-    
                  Fixed
                  
+    
                  Fixed
                  
   
                  • 
   
                • 
 !620 - Documentation improvements, to help with upgrading (@swanson)
                  • 
@@ -305,7 +329,7 @@ 
                  
 2.0.4 - 2022-07-01
                  
 
                    
   
                  • TAG: v2.0.4
-    
                    Fixed
                    
+    
                    Fixed
                    
   
                    • 
   
                  • 
 !618 - In some scenarios the snaky option default value was not applied (@pboling)
                    • 
@@ -315,13 +339,13 @@ 
                    
 2.0.3 - 2022-06-28
                    
 
                      
   
                    • TAG: v2.0.3
-    
                      Added
                      
+    
                      Added
                      
   
                      • 
   
                    • 
 !611 - Proper deprecation warnings for extract_access_token argument (@pboling)
                      • 
   
                    • 
 !612 - Add snaky: false option to skip conversion to OAuth2::SnakyHash (default: true) (@pboling)
-    
                      Fixed
                      
+    
                      Fixed
                      
   
                      • 
   
                    • 
 !608 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@nbibler)
                      • 
@@ -333,7 +357,7 @@ 
                      
 2.0.2 - 2022-06-24
                      
 
                        
   
                      • TAG: v2.0.2
-    
                        Fixed
                        
+    
                        Fixed
                        
   
                        • 
   
                      • 
 !604 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@stanhu)
                        • 
@@ -347,7 +371,7 @@ 
                        
 2.0.1 - 2022-06-22
                        
 
                          
   
                        • TAG: v2.0.1
-    
                          Added
                          
+    
                          Added
                          
   
                          • 
   
                        • Documentation improvements (@pboling)
                          • 
   
                        • Increased test coverage to 99% (@pboling)
                          • 
@@ -357,7 +381,7 @@ 
                          
 2.0.0 - 2022-06-21
                          
 
                            
   
                          • TAG: v2.0.0
-    
                            Added
                            
+    
                            Added
                            
   
                            • 
   
                          • 
 !158, !344 - Optionally pass raw response to parsers (@niels)
                            • 
@@ -411,7 +435,7 @@ 
                            Added
                            
 !575 - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
   
                          • 
 !581 - Documentation: of breaking changes (@pboling)
-    
                            Changed
                            
+    
                            Changed
                            
   
                            • 
   
                          • 
 !191 - BREAKING: Token is expired if expired_at time is now (@davestevens)
                            • 
@@ -443,7 +467,7 @@ 
                            Changed
                            
 !576 - BREAKING: Stop rescuing parsing errors (@pboling)
   
                          • 
 !591 - DEPRECATION: OAuth2::Client - :extract_access_token option is deprecated
-    
                            Fixed
                            
+    
                            Fixed
                            
   
                            • 
   
                          • 
 !158, !344 - Handling of errors when using omniauth-facebook (@niels)
                            • 
@@ -481,7 +505,7 @@ 
                            Fixed
                            
 !596 - Consistency between AccessToken#refresh and Client#get_token named arguments (@stanhu)
   
                          • 
 !598 - Fix unparseable data not raised as error in Client#get_token, respecting :raise_errors config (@stanhu)
-    
                            Removed
                            
+    
                            Removed
                            
   
                            • 
   
                          • 
 !341 - Remove Rdoc & Jeweler related files (@josephpage)
                            • 
@@ -717,17 +741,17 @@ 
                            
 
 
                            
 1.0.0 - 2014-07-09 (tag)
                            
-
                            Added
                            
+
                            Added
                            
 
                              
   
                            • Add an implementation of the MAC token spec.
-    
                              Fixed
                              
+    
                              Fixed
                              
   
                              • 
   
                            • Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
                              • 
 
                            
 
 
                            
 0.5.0 - 2011-07-29 (tag)
                            
-
                            Changed
                            
+
                            Changed
                            
 
                              
   
                            • 
 breaking oauth_token renamed to oauth_bearer.
                              • 
@@ -801,7 +825,7 @@ 
                              
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 9a637f78..f320d0bb 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -85,7 +85,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 129c8e37..a06eefa6 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
                              Attribution
                              
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 8f768b47..666856fb 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
                              To release a new version:
                              
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index e02260a7..0f3cdd2d 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                              MIT License

                              Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
                              Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

                              Permission is hereby granted, free of charge, to any person obtaining a copy
                              of this software and associated documentation files (the "Software"), to deal
                              in the Software without restriction, including without limitation the rights
                              to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                              copies of the Software, and to permit persons to whom the Software is
                              furnished to do so, subject to the following conditions:

                              The above copyright notice and this permission notice shall be included in all
                              copies or substantial portions of the Software.

                              THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                              IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                              FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                              AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                              LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                              OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                              SOFTWARE.
                              
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index c3f2999c..b92aba86 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -499,9 +499,10 @@ 
                              What is new for v2.0?
                              
 
                                
   
                              • Works with Ruby versions >= 2.2
                                • 
   
                              • Drop support for the expired MAC Draft (all versions)
                                • 
-  
                              • Support IETF rfc7523 JWT Bearer Tokens
                                • 
-  
                              • Support IETF rfc7231 Relative Location in Redirect
                                • 
-  
                              • Support IETF rfc6749 Don’t set oauth params when nil
                                • 
+  
                              • Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
                                • 
+  
                              • Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
                                • 
+  
                              • Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
                                • 
+  
                              • Support IETF rfc6749 Don’t set oauth params when nil (since v2.0.0)
                                • 
   
                              • Support IETF rfc7009 Token Revocation (since v2.0.10)
                                • 
   
                              • Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523)
 
                                • 
@@ -954,22 +955,11 @@ 
                                🤑 One more thing
                                
 
 
 
-
-
-
                                
-  Deprecated Badges
-
-CodeCov currently fails to parse the coverage upload.
-
-[![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov]
-
-[![Coverage Graph][🔑codecov-g♻️]][🔑codecov]
-
 
                                
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index bd482e84..0c4a588b 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -110,7 +110,7 @@ 
                                OAuth2 for Enterprise
                                
 
 
       
diff --git a/docs/index.html b/docs/index.html
index 139c162e..4890f9eb 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -499,9 +499,10 @@ 
                                What is new for v2.0?
                                
 
                                  
   
                                • Works with Ruby versions >= 2.2
                                  • 
   
                                • Drop support for the expired MAC Draft (all versions)
                                  • 
-  
                                • Support IETF rfc7523 JWT Bearer Tokens
                                  • 
-  
                                • Support IETF rfc7231 Relative Location in Redirect
                                  • 
-  
                                • Support IETF rfc6749 Don’t set oauth params when nil
                                  • 
+  
                                • Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
                                  • 
+  
                                • Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
                                  • 
+  
                                • Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
                                  • 
+  
                                • Support IETF rfc6749 Don’t set oauth params when nil (since v2.0.0)
                                  • 
   
                                • Support IETF rfc7009 Token Revocation (since v2.0.10)
                                  • 
   
                                • Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523)
 
                                  • 
@@ -954,22 +955,11 @@ 
                                  🤑 One more thing
                                  
 
 
 
-
-
-
                                  
-  Deprecated Badges
-
-CodeCov currently fails to parse the coverage upload.
-
-[![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov]
-
-[![Coverage Graph][🔑codecov-g♻️]][🔑codecov]
-
 
                                  
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index db14f8e5..6cb146a4 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                                  Defined Under Namespace
                                  
 
 
       

From bcca2be75aa4fbf80f49e0c091034927857f1634 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 03:34:42 +0700
Subject: [PATCH 448/645] =?UTF-8?q?=F0=9F=9A=9A=20Move=20.nojekyll=20to=20?=
 =?UTF-8?q?docs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .nojekyll => docs/.nojekyll | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .nojekyll => docs/.nojekyll (100%)

diff --git a/.nojekyll b/docs/.nojekyll
similarity index 100%
rename from .nojekyll
rename to docs/.nojekyll

From b882921081ff5201a8737c885e6d6ddecafdc189 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 03:52:40 +0700
Subject: [PATCH 449/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=20v2.0?=
 =?UTF-8?q?.12?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                                     | 2 +-
 CONTRIBUTING.md                                  | 2 +-
 Gemfile.lock                                     | 2 +-
 docs/OAuth2.html                                 | 2 +-
 docs/OAuth2/AccessToken.html                     | 2 +-
 docs/OAuth2/Authenticator.html                   | 2 +-
 docs/OAuth2/Client.html                          | 2 +-
 docs/OAuth2/Error.html                           | 2 +-
 docs/OAuth2/FilteredAttributes.html              | 2 +-
 docs/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 docs/OAuth2/Response.html                        | 2 +-
 docs/OAuth2/Strategy.html                        | 2 +-
 docs/OAuth2/Strategy/Assertion.html              | 2 +-
 docs/OAuth2/Strategy/AuthCode.html               | 2 +-
 docs/OAuth2/Strategy/Base.html                   | 2 +-
 docs/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 docs/OAuth2/Strategy/Implicit.html               | 2 +-
 docs/OAuth2/Strategy/Password.html               | 2 +-
 docs/OAuth2/Version.html                         | 4 ++--
 docs/_index.html                                 | 2 +-
 docs/file.CHANGELOG.html                         | 5 ++---
 docs/file.CITATION.html                          | 2 +-
 docs/file.CODE_OF_CONDUCT.html                   | 2 +-
 docs/file.CONTRIBUTING.html                      | 4 ++--
 docs/file.LICENSE.html                           | 2 +-
 docs/file.README.html                            | 2 +-
 docs/file.SECURITY.html                          | 2 +-
 docs/index.html                                  | 2 +-
 docs/top-level-namespace.html                    | 2 +-
 lib/oauth2/version.rb                            | 2 +-
 30 files changed, 33 insertions(+), 34 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7f3cd35f..cdaeb6b5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,7 +12,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 ### Fixed
 ### Security
 
-## [2.0.11] - 2025-05-31
+## [2.0.12] - 2025-05-31
 ### Added
 - [gh652][gh652] - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
   - Support JWT `kid` for key discovery and management
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index b4401666..d9efe7df 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -96,7 +96,7 @@ NOTE: To build without signing the gem you must set `SKIP_GEM_SIGNING` to some v
 
 ### To release a new version:
 
-1. Run `bin/setup && bin/rake` as a tests, coverage, & linting sanity check
+1. Run `bin/setup && bin/rake` as a "test, coverage, & linting" sanity check
 2. Update the version number in `version.rb`, and ensure `CHANGELOG.md` reflects changes
 3. Run `bin/setup && bin/rake` again as a secondary check, and to update `Gemfile.lock`
 4. Run `git commit -am "🔖 Prepare release v"` to commit the changes
diff --git a/Gemfile.lock b/Gemfile.lock
index 97ec5ac4..3e872cfe 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -23,7 +23,7 @@ GIT
 PATH
   remote: .
   specs:
-    oauth2 (2.0.11)
+    oauth2 (2.0.12)
       faraday (>= 0.17.3, < 4.0)
       jwt (>= 1.0, < 4.0)
       logger (~> 1.2)
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index e69c04d2..c057b102 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,7 +326,7 @@ 
                                  
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 227b26cc..d2678e87 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                                  
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 0626462a..43e2562b 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
                                  
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 603c8a22..709d12b1 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
                                  
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 714debcb..9575462f 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
                                  
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 4a1ba528..8645403e 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
                                  
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 519a3713..081853e3 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
                                  
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 8cddb9dc..3ba78c31 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                                  
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 9749ef9c..9c654385 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                                  Defined Under Namespace
                                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 30eaff6f..c571222d 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                                  
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index ce776e3e..0d1ed26b 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
                                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 7cc7b877..3a260a76 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                                  
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 4e0524e4..958dabec 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index e11fc7e7..cfd2afca 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
                                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 1c9709df..c8c73d46 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
                                  
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index b5d6fb10..cbb636ea 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -95,7 +95,7 @@ 
                                  
         
                                  VERSION =
           
         
                                  
-        
                                  "2.0.11"
                                  
+        
                                  "2.0.12"
                                  
       
     
   
@@ -111,7 +111,7 @@ 
                                  
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index d0a63540..f698e1b5 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -303,7 +303,7 @@ 
                                  Namespace Listing A-Z
                                  
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index efeb09ee..43fea70a 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -71,8 +71,7 @@ 
                                  Removed
                                  
 
                                  Fixed
                                  
 
                                  Security
                                  
 
-
                                  
-2.0.11 - 2025-05-31
                                  
+
                                  [2.0.12] - 2025-05-31
                                  
 
                                  Added
                                  
 
                                    
   
                                  • 
@@ -825,7 +824,7 @@ 
                                    
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index f320d0bb..7a3f905f 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -85,7 +85,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index a06eefa6..f2281724 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
                                    Attribution
                                    
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 666856fb..ea820263 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -153,7 +153,7 @@ 
                                    One-time, Per-maintainer, Setup
                                    
 
                                    To release a new version:
                                    
 
 
                                      
-  
                                    1. Run bin/setup && bin/rake as a tests, coverage, & linting sanity check
                                      2. 
+  
                                    2. Run bin/setup && bin/rake as a “test, coverage, & linting” sanity check
                                      3. 
   
                                    3. Update the version number in version.rb, and ensure CHANGELOG.md reflects changes
                                      4. 
   
                                    4. Run bin/setup && bin/rake again as a secondary check, and to update Gemfile.lock
 
                                      5. 
@@ -195,7 +195,7 @@ 
                                      To release a new version:
                                      
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 0f3cdd2d..9dc3b38d 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                                      MIT License

                                      Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
                                      Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

                                      Permission is hereby granted, free of charge, to any person obtaining a copy
                                      of this software and associated documentation files (the "Software"), to deal
                                      in the Software without restriction, including without limitation the rights
                                      to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                                      copies of the Software, and to permit persons to whom the Software is
                                      furnished to do so, subject to the following conditions:

                                      The above copyright notice and this permission notice shall be included in all
                                      copies or substantial portions of the Software.

                                      THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                                      IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                                      FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                                      AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                                      LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                                      OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                                      SOFTWARE.
                                      
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index b92aba86..ada06cae 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -959,7 +959,7 @@ 
                                      🤑 One more thing
                                      
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 0c4a588b..3a20f018 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -110,7 +110,7 @@ 
                                      OAuth2 for Enterprise
                                      
 
 
       
diff --git a/docs/index.html b/docs/index.html
index 4890f9eb..abf2fbe1 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -959,7 +959,7 @@ 
                                      🤑 One more thing
                                      
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 6cb146a4..385e60c9 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                                      Defined Under Namespace
                                      
 
 
       
diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb
index 14e7ed0f..57c10e53 100644
--- a/lib/oauth2/version.rb
+++ b/lib/oauth2/version.rb
@@ -2,6 +2,6 @@
 
 module OAuth2
   module Version
-    VERSION = "2.0.11"
+    VERSION = "2.0.12"
   end
 end

From 79ebd20426c00c6de84854604a6d3d3092172865 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 04:00:33 +0700
Subject: [PATCH 450/645] =?UTF-8?q?=F0=9F=8D=B1=20Galtzo.com=20FLOSS?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Logo by @Aboling0, CC BY-SA 4.0
---
 README.md                   |  9 ++++++---
 docs/images/logo/README.txt | 12 ++++++++++++
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index bad56c39..95b0f0e7 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,7 @@
 
                                      
+    
+      Galtzo.com Logo by Aboling0, CC BY-SA 4.0
+    
     
       OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0
     
@@ -706,10 +709,10 @@ See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright
 
                                        
     
                                      • 
         2017 - 2025 Peter H. Boling, of
-        
-            RailsBling.com
+        
+            Galtzo.com
             
-                Rails Bling
+              Galtzo.com Logo by Aboling0, CC BY-SA 4.0
             
         , and oauth2 contributors
     
                                        • 
diff --git a/docs/images/logo/README.txt b/docs/images/logo/README.txt
index bb405554..f6e75f9d 100644
--- a/docs/images/logo/README.txt
+++ b/docs/images/logo/README.txt
@@ -1,3 +1,15 @@
+Galtzo.com Logos
+- galtzo-floss-logos-original.svg
+- galtzo-floss-logos-wordless.svg
+
+© 2025 by Aboling0 (https://github.com/Aboling0)
+
+Licensed under CC BY-SA 4.0
+
+https://creativecommons.org/licenses/by-sa/4.0/
+
+---
+
 The OAuth 2.0 Logo - oauth2-logo-124px.png (resized)
 
 https://oauth.net/about/credits/

From a085c8d46be086cf2815e1c31c384d080f2c2861 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 04:05:41 +0700
Subject: [PATCH 451/645] =?UTF-8?q?=F0=9F=8D=B1=20Galtzo.com=20FLOSS?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Logo by @Aboling0, CC BY-SA 4.0
---
 docs/images/logo/galtzo-floss-logos-original.svg | 1 +
 docs/images/logo/galtzo-floss-logos-wordless.svg | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 docs/images/logo/galtzo-floss-logos-original.svg
 create mode 100644 docs/images/logo/galtzo-floss-logos-wordless.svg

diff --git a/docs/images/logo/galtzo-floss-logos-original.svg b/docs/images/logo/galtzo-floss-logos-original.svg
new file mode 100644
index 00000000..40358dec
--- /dev/null
+++ b/docs/images/logo/galtzo-floss-logos-original.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/docs/images/logo/galtzo-floss-logos-wordless.svg b/docs/images/logo/galtzo-floss-logos-wordless.svg
new file mode 100644
index 00000000..45620af7
--- /dev/null
+++ b/docs/images/logo/galtzo-floss-logos-wordless.svg
@@ -0,0 +1 @@
+
\ No newline at end of file

From 105fd8e2d4da1c526f6fe7fc1475311d592b3613 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 04:16:02 +0700
Subject: [PATCH 452/645] =?UTF-8?q?=F0=9F=8D=B1=20Galtzo.com=20FLOSS?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Logo by @Aboling0, CC BY-SA 4.0
---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cdaeb6b5..dae8c91f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 - [gh652][gh652] - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
   - Support JWT `kid` for key discovery and management
 - More Documentation by @pboling
+  - Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
 - Documentation site @ https://oauth2.galtzo.com now complete
 ### Changed
 - Updates to gemspec (email, funding url, post install message)

From f69c197b3c747584319b5a1678730516c6257ea8 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 04:18:38 +0700
Subject: [PATCH 453/645] =?UTF-8?q?=F0=9F=93=9D=20Improve=20documentation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 SECURITY.md                                   | 27 ++++++++++++-------
 docs/OAuth2.html                              |  2 +-
 docs/OAuth2/AccessToken.html                  |  2 +-
 docs/OAuth2/Authenticator.html                |  2 +-
 docs/OAuth2/Client.html                       |  2 +-
 docs/OAuth2/Error.html                        |  2 +-
 docs/OAuth2/FilteredAttributes.html           |  2 +-
 .../FilteredAttributes/ClassMethods.html      |  2 +-
 docs/OAuth2/Response.html                     |  2 +-
 docs/OAuth2/Strategy.html                     |  2 +-
 docs/OAuth2/Strategy/Assertion.html           |  2 +-
 docs/OAuth2/Strategy/AuthCode.html            |  2 +-
 docs/OAuth2/Strategy/Base.html                |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |  2 +-
 docs/OAuth2/Strategy/Implicit.html            |  2 +-
 docs/OAuth2/Strategy/Password.html            |  2 +-
 docs/OAuth2/Version.html                      |  2 +-
 docs/_index.html                              |  2 +-
 docs/file.CHANGELOG.html                      |  8 ++++--
 docs/file.CITATION.html                       |  2 +-
 docs/file.CODE_OF_CONDUCT.html                |  2 +-
 docs/file.CONTRIBUTING.html                   |  2 +-
 docs/file.LICENSE.html                        |  2 +-
 docs/file.README.html                         | 11 +++++---
 docs/file.SECURITY.html                       | 21 ++++++++-------
 docs/index.html                               | 11 +++++---
 docs/top-level-namespace.html                 |  2 +-
 27 files changed, 72 insertions(+), 50 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index f41dda1f..1fc2f483 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,25 +2,34 @@
 
 ## Supported Versions
 
-| Version  | Supported | EOL     | Post-EOL / Enterprise                 |
-|----------|-----------|---------|---------------------------------------|
-| 2.latest | ✅         | 04/2026 | [Tidelift Subscription][tidelift-ref] |
-| 1.latest | ✅         | 10/2025 | [Tidelift Subscription][tidelift-ref] |
-| <= 1     | ⛔         | ⛔       | ⛔                                     |
+| Version  | Supported | Post-EOL / Enterprise                 |
+|----------|-----------|---------------------------------------|
+| 2.latest | ✅         | [Tidelift Subscription][tidelift-ref] |
+| 1.latest | ✅         | [Tidelift Subscription][tidelift-ref] |
+| <= 1     | ⛔         | ⛔                                     |
 
 ### EOL Policy
 
 Non-commercial support for the oldest version of Ruby (which itself is going EOL) will be dropped each year in April.
 
-## Reporting a Vulnerability
+## Security contact information
 
-To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
+To report a security vulnerability, please use the
+[Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 
-## OAuth2 for Enterprise
+## Additional Support
+
+If you are interested in support for versions older than the latest release,
+please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
+or find other sponsorship links in the [README].
+
+[README]: README.md
+
+## Enterprise Support
 
 Available as part of the Tidelift Subscription.
 
-The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref]
+The maintainers of this library and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref]
 
 [tidelift-ref]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise&utm_term=repo
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index c057b102..06a8213f 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,7 +326,7 @@ 
                                        
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index d2678e87..c54547de 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                                        
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 43e2562b..ee8bff09 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
                                        
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 709d12b1..c5e56516 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
                                        
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 9575462f..cf7af765 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
                                        
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 8645403e..69cc26b7 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
                                        
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 081853e3..f06691ea 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
                                        
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 3ba78c31..304a89f5 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                                        
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 9c654385..c1725ab4 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                                        Defined Under Namespace
                                        
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index c571222d..8a9cc9f2 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                                        
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 0d1ed26b..e3b227ec 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
                                        
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 3a260a76..8ff35844 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                                        
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 958dabec..1be433c0 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                                        
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index cfd2afca..f1ca9312 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
                                        
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index c8c73d46..a12c595e 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
                                        
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index cbb636ea..1de20740 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                                        
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index f698e1b5..af069a6c 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -303,7 +303,7 @@ 
                                        Namespace Listing A-Z
                                        
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 43fea70a..320b6090 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -80,7 +80,11 @@ 
                                        Added
                                        
       
                                      • Support JWT kid for key discovery and management
                                        • 
     
                                      
   
-  
                                    5. More Documentation by @pboling
                                      6. 
+  
                                    6. More Documentation by @pboling
+    
                                        
+      
                                      • Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
                                        • 
+    
                                      
+  
                                      7. 
   
                                    7. Documentation site @ https://oauth2.galtzo.com now complete
     
                                      Changed
                                      
   
                                      8. 
@@ -824,7 +828,7 @@ 
                                      
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 7a3f905f..856a3145 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -85,7 +85,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index f2281724..03a42755 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
                                      Attribution
                                      
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index ea820263..e98dea58 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
                                      To release a new version:
                                      
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 9dc3b38d..c6f63358 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                                      MIT License

                                      Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
                                      Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

                                      Permission is hereby granted, free of charge, to any person obtaining a copy
                                      of this software and associated documentation files (the "Software"), to deal
                                      in the Software without restriction, including without limitation the rights
                                      to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                                      copies of the Software, and to permit persons to whom the Software is
                                      furnished to do so, subject to the following conditions:

                                      The above copyright notice and this permission notice shall be included in all
                                      copies or substantial portions of the Software.

                                      THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                                      IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                                      FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                                      AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                                      LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                                      OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                                      SOFTWARE.
                                      
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index ada06cae..8d99f7e2 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -58,6 +58,9 @@
       
 
       
                                      
+    
+      Galtzo.com Logo by Aboling0, CC BY-SA 4.0
+    
     
       OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0
     
@@ -925,10 +928,10 @@ 
                                      © Copyright
                                      
 
                                      
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 3a20f018..7dfa22a9 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -66,7 +66,6 @@ 
                                      Supported Versions
                                      
     
        88. 
-      
@@ -74,20 +73,17 @@ 
        Supported Versions
        
-      
-      
-      
        
   
        
-      
        # File 'lib/oauth2/response.rb', line 67
+      
        # File 'lib/oauth2/response.rb', line 91
 
 def status
   response.status
@@ -1139,7 +1619,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy.html b/doc/OAuth2/Strategy.html
index f842d3f3..d61b7bcb 100644
--- a/doc/OAuth2/Strategy.html
+++ b/doc/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Assertion.html b/doc/OAuth2/Strategy/Assertion.html
index 198ad1a1..3ac40621 100644
--- a/doc/OAuth2/Strategy/Assertion.html
+++ b/doc/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/AuthCode.html b/doc/OAuth2/Strategy/AuthCode.html
index 872bc862..fb49bfbc 100644
--- a/doc/OAuth2/Strategy/AuthCode.html
+++ b/doc/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Base.html b/doc/OAuth2/Strategy/Base.html
index adc56622..a7074b1d 100644
--- a/doc/OAuth2/Strategy/Base.html
+++ b/doc/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/ClientCredentials.html b/doc/OAuth2/Strategy/ClientCredentials.html
index 72452ee5..08598953 100644
--- a/doc/OAuth2/Strategy/ClientCredentials.html
+++ b/doc/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Implicit.html b/doc/OAuth2/Strategy/Implicit.html
index e69b9c73..bf3f1bf1 100644
--- a/doc/OAuth2/Strategy/Implicit.html
+++ b/doc/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Strategy/Password.html b/doc/OAuth2/Strategy/Password.html
index 9300765e..e94e7834 100644
--- a/doc/OAuth2/Strategy/Password.html
+++ b/doc/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/doc/OAuth2/Version.html b/doc/OAuth2/Version.html
index 1cd983e3..290774e2 100644
--- a/doc/OAuth2/Version.html
+++ b/doc/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/doc/_index.html b/doc/_index.html
index 211cb84a..4b4c95fd 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -300,7 +300,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/doc/file.CHANGELOG.html b/doc/file.CHANGELOG.html
index 8d4fbf5b..ad9e1dca 100644
--- a/doc/file.CHANGELOG.html
+++ b/doc/file.CHANGELOG.html
@@ -63,9 +63,25 @@
 
        The format (since v2) is based on Keep a Changelog v1,
        
 and this project adheres to Semantic Versioning v2.
        
 
-
        Unreleased
        
+
        Unreleased
        
 
        Added
        
+
        Changed
        
+
        Deprecated
        
+
        Removed
        
+
        Fixed
        
+
        Security
        
+
+
        
+2.0.11 - 2025-05-23
        
 
          
+  
        • TAG: v2.0.11
+
          • 
+  
        • COVERAGE: 100.00% – 518/518 lines in 14 files
          • 
+  
        • BRANCH COVERAGE: 100.00% – 172/172 branches in 14 files
          • 
+  
        • 80.00% documented
+    
          Added
          
+  
          • 
+  
        • More documentation
          • 
   
        • Codeberg as ethical mirror (@pboling)
     
            
       
          • https://codeberg.org/oauth-xx/oauth2
            • 
@@ -73,47 +89,27 @@ 
            Added
            
   
   
          • Don’t check for cert if SKIP_GEM_SIGNING is set (@pboling)
            • 
   
          • All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling)
            • 
-  
          • YARD config, GFM compatible with relative file links
            • 
-  
          • Documentation site on GitHub Pages
+  
          • YARD config, GFM compatible with relative file links (@pboling)
            • 
+  
          • Documentation site on GitHub Pages (@pboling)
     
   
            • 
   
          • 
-!649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD
-    
            Changed
            
-  
            • 
-  
          • Updated spec.homepage_uri in gemspec to GitHub Pages YARD documentation site
-    
            Deprecated
            
-    
            Removed
            
-    
            Fixed
            
-  
            • 
-  
          • Incorrect documentation related to silencing warnings (@pboling)
-    
            Security
            
-  
            • 
-
          
-
-
          [2.0.11] - 2025-05-22
          
-
            
-  
          • TAG: [v2.0.11][2.0.11t]
            • 
-  
          • COVERAGE: 100.00% – 516/516 lines in 14 files
            • 
-  
          • BRANCH COVERAGE: 100.00% – 170/170 branches in 14 files
            • 
-  
          • 79.05% documented
-    
            Added
            
-  
            • 
-  
          • More documentation
+!649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
     
            Changed
            
   
            • 
-  
          • Upgraded to snaky_hash v2.0.2
+  
          • Upgraded to snaky_hash v2.0.2 (@pboling)
     
              
-      
            • Provides solution for serialization issues
-        
              Fixed
              
-      
              • 
+      
            • Provides solution for serialization issues
              • 
     
            
   
            • 
+  
          • Updated spec.homepage_uri in gemspec to GitHub Pages YARD documentation site (@pboling)
+    
            Fixed
            
+  
            • 
   
          • 
-gh650 - Regression in return type of OAuth2::Response#parsed
-
            • 
+gh650 - Regression in return type of OAuth2::Response#parsed (@pboling)
+  
          • Incorrect documentation related to silencing warnings (@pboling)
            • 
 
          
 
 
          
@@ -796,7 +792,7 @@ 
          
 
 
       
diff --git a/doc/file.CODE_OF_CONDUCT.html b/doc/file.CODE_OF_CONDUCT.html
index afbc0138..b76458d9 100644
--- a/doc/file.CODE_OF_CONDUCT.html
+++ b/doc/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
          Attribution
          
 
 
       
diff --git a/doc/file.CONTRIBUTING.html b/doc/file.CONTRIBUTING.html
index 0c797371..c83a668f 100644
--- a/doc/file.CONTRIBUTING.html
+++ b/doc/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
          To release a new version:
          
 
 
       
diff --git a/doc/file.LICENSE.html b/doc/file.LICENSE.html
index 86c92a68..534443ce 100644
--- a/doc/file.LICENSE.html
+++ b/doc/file.LICENSE.html
@@ -60,7 +60,7 @@
       
          MIT License

          Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
          Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

          Permission is hereby granted, free of charge, to any person obtaining a copy
          of this software and associated documentation files (the "Software"), to deal
          in the Software without restriction, including without limitation the rights
          to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
          copies of the Software, and to permit persons to whom the Software is
          furnished to do so, subject to the following conditions:

          The above copyright notice and this permission notice shall be included in all
          copies or substantial portions of the Software.

          THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
          IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
          FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
          AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
          LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
          OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
          SOFTWARE.
          
 
       
diff --git a/doc/file.README.html b/doc/file.README.html
index 99da5d38..f0093683 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -330,7 +330,7 @@ 
          💡 Info you can shake a stick at
          
     
        
       Source
       
-Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
+Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
 
     
        
     
        
 
 
       
 
 
       
     
        
       Source
       
-Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
+Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
 
     
        
     
        
 
 
       
 
 
       
        
       Version
       SupportedEOL
       Post-EOL / Enterprise
     
        
   
     
        
       2.latest
       04/2026
       Tidelift Subscription
     
        
     
        
       1.latest
       10/2025
       Tidelift Subscription
     
        
     
        
       <= 1
       
       
     
        
           
 
        
@@ -96,21 +92,28 @@ 
        EOL Policy
        
 
 
        Non-commercial support for the oldest version of Ruby (which itself is going EOL) will be dropped each year in April.
        
 
-
        Reporting a Vulnerability
        
+
        Security contact information
        
 
-
        To report a security vulnerability, please use the Tidelift security contact.
        
+
        To report a security vulnerability, please use the
        
+Tidelift security contact.
        
 Tidelift will coordinate the fix and disclosure.
        
 
-
        OAuth2 for Enterprise
        
+
        Additional Support
        
+
+
        If you are interested in support for versions older than the latest release,
        
+please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
        
+or find other sponsorship links in the README.
        
+
+
        Enterprise Support
        
 
 
        Available as part of the Tidelift Subscription.
        
 
-
        The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.
        
+
        The maintainers of this library and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.
        
 
 
 
       
diff --git a/docs/index.html b/docs/index.html
index abf2fbe1..ae9c7c0b 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -58,6 +58,9 @@
       
 
       
        
+    
+      Galtzo.com Logo by Aboling0, CC BY-SA 4.0
+    
     
       OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0
     
@@ -925,10 +928,10 @@ 
        © Copyright
        
 
        
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 385e60c9..88df43e7 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
        Defined Under Namespace
        
 
 
       

From 6de46f5350dcbc2b8ac0096835d568ef23c059d6 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 04:22:50 +0700
Subject: [PATCH 454/645] =?UTF-8?q?=F0=9F=93=9D=20Improve=20documentation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 95b0f0e7..635c8a8b 100644
--- a/README.md
+++ b/README.md
@@ -334,6 +334,7 @@ For more see [SECURITY.md][🔐security].
 - Works with Ruby versions >= 2.2
 - Drop support for the expired MAC Draft (all versions)
 - Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
+  - Support JWT `kid` for key discovery and management
 - Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
 - Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
 - Support IETF rfc6749 Don't set oauth params when nil (since v2.0.0)

From edbd75c0be132051a380e8775502fc5307c8aace Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 04:25:37 +0700
Subject: [PATCH 455/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20documentation?=
 =?UTF-8?q?=20for=20release=20v2.0.12?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                                     |  8 +++++++-
 README.md                                        |  4 +++-
 docs/OAuth2.html                                 |  2 +-
 docs/OAuth2/AccessToken.html                     |  2 +-
 docs/OAuth2/Authenticator.html                   |  2 +-
 docs/OAuth2/Client.html                          |  2 +-
 docs/OAuth2/Error.html                           |  2 +-
 docs/OAuth2/FilteredAttributes.html              |  2 +-
 docs/OAuth2/FilteredAttributes/ClassMethods.html |  2 +-
 docs/OAuth2/Response.html                        |  2 +-
 docs/OAuth2/Strategy.html                        |  2 +-
 docs/OAuth2/Strategy/Assertion.html              |  2 +-
 docs/OAuth2/Strategy/AuthCode.html               |  2 +-
 docs/OAuth2/Strategy/Base.html                   |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html      |  2 +-
 docs/OAuth2/Strategy/Implicit.html               |  2 +-
 docs/OAuth2/Strategy/Password.html               |  2 +-
 docs/OAuth2/Version.html                         |  2 +-
 docs/_index.html                                 |  5 +----
 docs/file.CHANGELOG.html                         | 15 +++++++++++----
 docs/file.CODE_OF_CONDUCT.html                   |  2 +-
 docs/file.CONTRIBUTING.html                      |  2 +-
 docs/file.LICENSE.html                           |  2 +-
 docs/file.README.html                            | 11 ++++++++---
 docs/file.SECURITY.html                          |  2 +-
 docs/file_list.html                              |  5 -----
 docs/index.html                                  | 11 ++++++++---
 docs/top-level-namespace.html                    |  2 +-
 28 files changed, 59 insertions(+), 42 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dae8c91f..01b06b44 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,10 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 ### Security
 
 ## [2.0.12] - 2025-05-31
+- TAG: [v2.0.12][2.0.12t]
+- Line Coverage: 100.0% (520 / 520)
+- Branch Coverage: 100.0% (174 / 174)
+- 80.00% documented
 ### Added
 - [gh652][gh652] - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
   - Support JWT `kid` for key discovery and management
@@ -412,7 +416,9 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 
 [gemfiles/readme]: gemfiles/README.md
 
-[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.11...HEAD
+[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.12...HEAD
+[2.0.12]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.11...v2.0.12
+[2.0.12t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.12
 [2.0.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.10...v2.0.11
 [2.0.11t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.11
 [2.0.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.9...v2.0.10
diff --git a/README.md b/README.md
index 635c8a8b..1fd4f956 100644
--- a/README.md
+++ b/README.md
@@ -167,7 +167,8 @@ One of these might be what you are looking for:
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
-| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.10 README][2.0.11-readme] |
+| 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
+| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
 | 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
 | 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
 | 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
@@ -181,6 +182,7 @@ One of these might be what you are looking for:
 | 2.0.0   | 2022-06-21   | [v2.0.0 CHANGELOG][2.0.0-changelog]   | [v2.0.0 README][2.0.0-readme]   |
 
 
+[2.0.12-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2012---2025-05-31
 [2.0.11-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2011---2025-05-23
 [2.0.10-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2010---2025-05-17
 [2.0.9-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#209---2022-09-16
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 06a8213f..a89c45db 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,7 +326,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index c54547de..7576db3f 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index ee8bff09..0ebf03af 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index c5e56516..4baa8d7d 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index cf7af765..55bc2e18 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 69cc26b7..e3141bbd 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index f06691ea..282ca108 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 304a89f5..d0152b07 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index c1725ab4..5e9297a7 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
        Defined Under Namespace
        
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 8a9cc9f2..5742b3a9 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index e3b227ec..d6b81b10 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 8ff35844..9b387260 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 1be433c0..e4bc894f 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index f1ca9312..6bb9ba38 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index a12c595e..6b1df677 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
        
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 1de20740..5fd2de23 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
        
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index af069a6c..498fcb0a 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -78,9 +78,6 @@ 
        File Listing
        
     
      88. LICENSE
        89. 
     
   
-    
      89. CITATION
        90. 
-    
-  
   
 
 
        
@@ -303,7 +300,7 @@ 
        Namespace Listing A-Z
        
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 320b6090..e87db74e 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -63,7 +63,7 @@
 
        The format (since v2) is based on Keep a Changelog v1,
        
 and this project adheres to Semantic Versioning v2.
        
 
-
        Unreleased
        
+
        Unreleased
        
 
        Added
        
 
        Changed
        
 
        Deprecated
        
@@ -71,9 +71,16 @@ 
        Removed
        
 
        Fixed
        
 
        Security
        
 
-
        [2.0.12] - 2025-05-31
        
-
        Added
        
+
        
+2.0.12 - 2025-05-31
        
 
          
+  
        • TAG: v2.0.12
+
          • 
+  
        • Line Coverage: 100.0% (520 / 520)
          • 
+  
        • Branch Coverage: 100.0% (174 / 174)
          • 
+  
        • 80.00% documented
+    
          Added
          
+  
          • 
   
        • 
 gh652 - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
     
            
@@ -828,7 +835,7 @@ 
            
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 03a42755..8a2ff070 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
            Attribution
            
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index e98dea58..bb7f2d07 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
            To release a new version:
            
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index c6f63358..41081a21 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
            MIT License

            Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
            Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

            Permission is hereby granted, free of charge, to any person obtaining a copy
            of this software and associated documentation files (the "Software"), to deal
            in the Software without restriction, including without limitation the rights
            to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
            copies of the Software, and to permit persons to whom the Software is
            furnished to do so, subject to the following conditions:

            The above copyright notice and this permission notice shall be included in all
            copies or substantial portions of the Software.

            THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
            IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
            FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
            AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
            LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
            OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
            SOFTWARE.
            
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 8d99f7e2..66d74c91 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -390,7 +390,8 @@ 
            Version 2.0.x
            
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
-| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.10 README][2.0.11-readme] |
+| 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
+| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
 | 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
 | 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
 | 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
@@ -502,7 +503,11 @@ 
            What is new for v2.0?
            
 
              
   
            • Works with Ruby versions >= 2.2
              • 
   
            • Drop support for the expired MAC Draft (all versions)
              • 
-  
            • Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
              • 
+  
            • Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
+    
                
+      
              • Support JWT kid for key discovery and management
                • 
+    
              
+  
              • 
   
            • Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
              • 
   
            • Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
              • 
   
            • Support IETF rfc6749 Don’t set oauth params when nil (since v2.0.0)
              • 
@@ -962,7 +967,7 @@ 
              🤑 One more thing
              
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 7dfa22a9..ee4252d5 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
              Enterprise Support
              
 
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index 321a6791..3b2259f0 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -77,11 +77,6 @@ 
              File List
              
   
   
 
-  
            • 
-    
              CITATION
              
-  
              • 
-  
-
 
       
            
     
diff --git a/docs/index.html b/docs/index.html
index ae9c7c0b..c509cb18 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -390,7 +390,8 @@ 
            Version 2.0.x
            
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
-| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.10 README][2.0.11-readme] |
+| 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
+| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
 | 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
 | 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
 | 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
@@ -502,7 +503,11 @@ 
            What is new for v2.0?
            
 
              
   
            • Works with Ruby versions >= 2.2
              • 
   
            • Drop support for the expired MAC Draft (all versions)
              • 
-  
            • Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
              • 
+  
            • Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
+    
                
+      
              • Support JWT kid for key discovery and management
                • 
+    
              
+  
              • 
   
            • Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
              • 
   
            • Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
              • 
   
            • Support IETF rfc6749 Don’t set oauth params when nil (since v2.0.0)
              • 
@@ -962,7 +967,7 @@ 
              🤑 One more thing
              
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 88df43e7..995028d3 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
              Defined Under Namespace
              
 
 
       

From f855c9cb70e1211f85e22e2532ecacddd0102d60 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 05:10:37 +0700
Subject: [PATCH 456/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20serialization?=
 =?UTF-8?q?=20extensions:?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- dump_value_extensions
- load_value_extensions
- dump_hash_extensions
- load_hash_extensions
---
 .rubocop_gradual.lock                         |  2 +-
 CHANGELOG.md                                  |  1 +
 CONTRIBUTING.md                               |  2 +-
 README.md                                     | 84 +++++++++++++++++-
 docs/OAuth2.html                              |  2 +-
 docs/OAuth2/AccessToken.html                  |  2 +-
 docs/OAuth2/Authenticator.html                |  2 +-
 docs/OAuth2/Client.html                       |  2 +-
 docs/OAuth2/Error.html                        |  2 +-
 docs/OAuth2/FilteredAttributes.html           |  2 +-
 .../FilteredAttributes/ClassMethods.html      |  2 +-
 docs/OAuth2/Response.html                     |  2 +-
 docs/OAuth2/Strategy.html                     |  2 +-
 docs/OAuth2/Strategy/Assertion.html           |  2 +-
 docs/OAuth2/Strategy/AuthCode.html            |  2 +-
 docs/OAuth2/Strategy/Base.html                |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |  2 +-
 docs/OAuth2/Strategy/Implicit.html            |  2 +-
 docs/OAuth2/Strategy/Password.html            |  2 +-
 docs/OAuth2/Version.html                      |  2 +-
 docs/_index.html                              |  5 +-
 docs/file.CHANGELOG.html                      |  3 +-
 docs/file.CITATION.html                       |  2 +-
 docs/file.CODE_OF_CONDUCT.html                |  2 +-
 docs/file.CONTRIBUTING.html                   |  4 +-
 docs/file.LICENSE.html                        |  2 +-
 docs/file.README.html                         | 86 +++++++++++++++++--
 docs/file.SECURITY.html                       |  2 +-
 docs/file_list.html                           |  5 ++
 docs/index.html                               | 86 +++++++++++++++++--
 docs/top-level-namespace.html                 |  2 +-
 spec/oauth2/response_spec.rb                  |  4 +-
 32 files changed, 281 insertions(+), 43 deletions(-)

diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index 5baad939..99817d39 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -65,7 +65,7 @@
     [375, 11, 534, "RSpec/NoExpectationExample: No expectation found in this example.", 3347340910],
     [391, 11, 210, "RSpec/NoExpectationExample: No expectation found in this example.", 3948582233]
   ],
-  "spec/oauth2/response_spec.rb:2248532534": [
+  "spec/oauth2/response_spec.rb:4032173622": [
     [3, 1, 31, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/response*_spec.rb`.", 3190869319]
   ],
   "spec/oauth2/strategy/assertion_spec.rb:3524328522": [
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 01b06b44..92efa74e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 - [gh652][gh652] - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
   - Support JWT `kid` for key discovery and management
 - More Documentation by @pboling
+  - Documented Serialization Extensions
   - Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
 - Documentation site @ https://oauth2.galtzo.com now complete
 ### Changed
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index d9efe7df..fe57f77f 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -114,7 +114,7 @@ NOTE: To build without signing the gem you must set `SKIP_GEM_SIGNING` to some v
 11. Run `bin/gem_checksums` (more context [1][🔒️rubygems-checksums-pr], [2][🔒️rubygems-guides-pr])
     to create SHA-256 and SHA-512 checksums. This functionality is provided by the `stone_checksums`
     [gem][💎stone_checksums].
-    - Checksums will be committed automatically by the script, but not pushed
+    - Checksums will be committed automatically by the script but not pushed
 12. Run `bundle exec rake release` which will create a git tag for the version,
     push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems]
 
diff --git a/README.md b/README.md
index 1fd4f956..3e8523bc 100644
--- a/README.md
+++ b/README.md
@@ -163,7 +163,7 @@ One of these might be what you are looking for:
 ### Version 2.0.x
 
 
              
-  2.0.x CHANGELOGs and READMEs
+  2.0.x CHANGELOG and README
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
@@ -196,7 +196,8 @@ One of these might be what you are looking for:
 [2.0.1-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#201---2022-06-22
 [2.0.0-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#200---2022-06-21
 
-[2.0.10-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.11/README.md
+[2.0.12-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.12/README.md
+[2.0.11-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.11/README.md
 [2.0.10-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.10/README.md
 [2.0.9-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.9/README.md
 [2.0.8-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.8/README.md
@@ -492,16 +493,91 @@ response.parsed.class.name        # => SnakyHash::StringKeyed (from snaky_hash g
 
 As of v2.0.11, if you need to serialize the parsed result, you can!
 
-There are two ways to do this, and the second option recommended.
+There are two ways to do this, globally, or discretely.  The discrete way is recommended.
 
 1. Globally configure `SnakyHash::StringKeyed` to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails):
 
-```ruby
+    ```ruby
 SnakyHash::StringKeyed.class_eval do
   extend SnakyHash::Serializer
+end
+    ```
+
+2. Discretely configure a custom Snaky Hash class to use the serializer:
+
+    ```ruby
+class MySnakyHash < SnakyHash::StringKeyed
+  # Give this hash class `dump` and `load` abilities!
+  extend SnakyHash::Serializer
+end
+
+    # And tell your client to use the custom class in each call:
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
+token = client.get_token({snaky_hash_klass: MySnakyHash})
+    ```
+
+##### Serialization Extensions
+
+There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
+They are likely not needed if you are on a newer Ruby.
+See `response_spec.rb` if you need to study the hacks for older Rubies.
+
+```ruby
+class MySnakyHash < SnakyHash::StringKeyed
+  # Give this hash class `dump` and `load` abilities!
+  extend SnakyHash::Serializer
+
+  #### Serialization Extentions
+  #
+  # Act on the non-hash values (including the values of hashes) as they are dumped to JSON
+  # In other words, this retains nested hashes, and only the deepest leaf nodes become bananas.
+  # WARNING: This is a silly example!
+  dump_value_extensions.add(:to_fruit) do |value|
+    "banana" # => Make values "banana" on dump
+  end
+
+  # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
+  # In other words, this retains nested hashes, and only the deepest leaf nodes become ***.
+  # WARNING: This is a silly example!
+  load_value_extensions.add(:to_stars) do |value|
+    "***" # Turn dumped bananas into *** when they are loaded
+  end
+
+  # Act on the entire hash as it is prepared for dumping to JSON
+  # WARNING: This is a silly example!
+  dump_hash_extensions.add(:to_cheese) do |value|
+    if value.is_a?(Hash)
+      value.transform_keys do |key|
+        split = key.split("_")
+        first_word = split[0]
+        key.sub(first_word, "cheese")
+      end
+    else
+      value
+    end
+  end
+
+  # Act on the entire hash as it is loaded from the JSON dump
+  # WARNING: This is a silly example!
+  load_hash_extensions.add(:to_pizza) do |value|
+    if value.is_a?(Hash)
+      res = klass.new
+      value.keys.each_with_object(res) do |key, result|
+        split = key.split("_")
+        last_word = split[-1]
+        new_key = key.sub(last_word, "pizza")
+        result[new_key] = value[key]
+      end
+      res
+    else
+      value
+    end
+  end
 end
 ```
 
+See `response_spec.rb`, or the [oauth-xx/snaky_hash](https://gitlab.com/oauth-xx/snaky_hash) gem for more ideas.
+
 #### What if I hate snakes and/or indifference?
 
 ```ruby
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index a89c45db..d0404878 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,7 +326,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 7576db3f..e99e9e72 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 0ebf03af..8b27c0a3 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 4baa8d7d..d4d1aa9b 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 55bc2e18..e729a747 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index e3141bbd..831e337c 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 282ca108..6131a696 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index d0152b07..ed74fc23 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 5e9297a7..e0cad5bb 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
              Defined Under Namespace
              
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 5742b3a9..401ea06a 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index d6b81b10..f4a7d13a 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 9b387260..4114b19c 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index e4bc894f..3a49f0f2 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 6bb9ba38..1616888c 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 6b1df677..635a403a 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 5fd2de23..44541da4 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
              
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 498fcb0a..72be5299 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -78,6 +78,9 @@ 
              File Listing
              
     
            • LICENSE
              • 
     
   
+    
            • CITATION
              • 
+    
+  
   
            
 
 
            
@@ -300,7 +303,7 @@ 
            Namespace Listing A-Z
            
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index e87db74e..c7402237 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -89,6 +89,7 @@ 
            Added
            
   
   
          • More Documentation by @pboling
     
              
+      
            • Documented Serialization Extensions
              • 
       
            • Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
              • 
     
            
   
            • 
@@ -835,7 +836,7 @@ 
            
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 856a3145..679e2194 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -85,7 +85,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 8a2ff070..e9582759 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
            Attribution
            
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index bb7f2d07..30b9c4a9 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -184,7 +184,7 @@ 
            To release a new version:
            
 to create SHA-256 and SHA-512 checksums. This functionality is provided by the stone_checksums
            
 gem.
     
              
-      
            • Checksums will be committed automatically by the script, but not pushed
              • 
+      
            • Checksums will be committed automatically by the script but not pushed
              • 
     
            
   
   
          • Run bundle exec rake release which will create a git tag for the version,
            
@@ -195,7 +195,7 @@ 
            To release a new version:
            
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 41081a21..09761e90 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
            MIT License

            Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
            Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

            Permission is hereby granted, free of charge, to any person obtaining a copy
            of this software and associated documentation files (the "Software"), to deal
            in the Software without restriction, including without limitation the rights
            to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
            copies of the Software, and to permit persons to whom the Software is
            furnished to do so, subject to the following conditions:

            The above copyright notice and this permission notice shall be included in all
            copies or substantial portions of the Software.

            THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
            IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
            FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
            AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
            LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
            OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
            SOFTWARE.
            
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 66d74c91..fedcdbda 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -386,7 +386,7 @@ 
            🚀 Release Documentation
            
 
            Version 2.0.x
            
 
 
            
-  2.0.x CHANGELOGs and READMEs
+  2.0.x CHANGELOG and README
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
@@ -709,17 +709,93 @@ 
            Serialization
            
 
 
            As of v2.0.11, if you need to serialize the parsed result, you can!
            
 
-
            There are two ways to do this, and the second option recommended.
            
+
            There are two ways to do this, globally, or discretely.  The discrete way is recommended.
            
 
 
              
-  
            1. Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails):
              2. 
+  
            2. 
+    
              Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails):
              
+
+    
              SnakyHash::StringKeyed.class_eval do
+  extend SnakyHash::Serializer
+end
+
              
+  
              3. 
+  
            3. 
+    
              Discretely configure a custom Snaky Hash class to use the serializer:
              
+
+    
              class MySnakyHash < SnakyHash::StringKeyed
+  # Give this hash class `dump` and `load` abilities!
+  extend SnakyHash::Serializer
+end
+
+ # And tell your client to use the custom class in each call:
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
+token = client.get_token({snaky_hash_klass: MySnakyHash})
+
              
+  
              4. 
 
            
 
-
            SnakyHash::StringKeyed.class_eval do
+
            Serialization Extensions
            
+
+
            There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
            
+They are likely not needed if you are on a newer Ruby.
            
+See response_spec.rb if you need to study the hacks for older Rubies.
            
+
+
            class MySnakyHash < SnakyHash::StringKeyed
+  # Give this hash class `dump` and `load` abilities!
   extend SnakyHash::Serializer
+
+  #### Serialization Extentions
+  #
+  # Act on the non-hash values (including the values of hashes) as they are dumped to JSON
+  # In other words, this retains nested hashes, and only the deepest leaf nodes become bananas.
+  # WARNING: This is a silly example!
+  dump_value_extensions.add(:to_fruit) do |value|
+    "banana" # => Make values "banana" on dump
+  end
+
+  # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
+  # In other words, this retains nested hashes, and only the deepest leaf nodes become ***.
+  # WARNING: This is a silly example!
+  load_value_extensions.add(:to_stars) do |value|
+    "***" # Turn dumped bananas into *** when they are loaded
+  end
+
+  # Act on the entire hash as it is prepared for dumping to JSON
+  # WARNING: This is a silly example!
+  dump_hash_extensions.add(:to_cheese) do |value|
+    if value.is_a?(Hash)
+      value.transform_keys do |key|
+        split = key.split("_")
+        first_word = split[0]
+        key.sub(first_word, "cheese")
+      end
+    else
+      value
+    end
+  end
+
+  # Act on the entire hash as it is loaded from the JSON dump
+  # WARNING: This is a silly example!
+  load_hash_extensions.add(:to_pizza) do |value|
+    if value.is_a?(Hash)
+      res = klass.new
+      value.keys.each_with_object(res) do |key, result|
+        split = key.split("_")
+        last_word = split[-1]
+        new_key = key.sub(last_word, "pizza")
+        result[new_key] = value[key]
+      end
+      res
+    else
+      value
+    end
+  end
 end
 
            
 
+
            See response_spec.rb, or the oauth-xx/snaky_hash gem for more ideas.
            
+
 
            What if I hate snakes and/or indifference?
            
 
 
            response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
@@ -967,7 +1043,7 @@ 
            🤑 One more thing
            
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index ee4252d5..5ca90d6e 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
            Enterprise Support
            
 
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index 3b2259f0..321a6791 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -77,6 +77,11 @@ 
            File List
            
   
            • 
   
 
+  
          • 
+    
            CITATION
            
+  
            • 
+  
+
 
       
          
     
diff --git a/docs/index.html b/docs/index.html
index c509cb18..56333b91 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -386,7 +386,7 @@ 
          🚀 Release Documentation
          
 
          Version 2.0.x
          
 
 
          
-  2.0.x CHANGELOGs and READMEs
+  2.0.x CHANGELOG and README
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
@@ -709,17 +709,93 @@ 
          Serialization
          
 
 
          As of v2.0.11, if you need to serialize the parsed result, you can!
          
 
-
          There are two ways to do this, and the second option recommended.
          
+
          There are two ways to do this, globally, or discretely.  The discrete way is recommended.
          
 
 
            
-  
          1. Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails):
            2. 
+  
          2. 
+    
            Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails):
            
+
+    
            SnakyHash::StringKeyed.class_eval do
+  extend SnakyHash::Serializer
+end
+
            
+  
            3. 
+  
          3. 
+    
            Discretely configure a custom Snaky Hash class to use the serializer:
            
+
+    
            class MySnakyHash < SnakyHash::StringKeyed
+  # Give this hash class `dump` and `load` abilities!
+  extend SnakyHash::Serializer
+end
+
+ # And tell your client to use the custom class in each call:
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
+token = client.get_token({snaky_hash_klass: MySnakyHash})
+
            
+  
            4. 
 
          
 
-
          SnakyHash::StringKeyed.class_eval do
+
          Serialization Extensions
          
+
+
          There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
          
+They are likely not needed if you are on a newer Ruby.
          
+See response_spec.rb if you need to study the hacks for older Rubies.
          
+
+
          class MySnakyHash < SnakyHash::StringKeyed
+  # Give this hash class `dump` and `load` abilities!
   extend SnakyHash::Serializer
+
+  #### Serialization Extentions
+  #
+  # Act on the non-hash values (including the values of hashes) as they are dumped to JSON
+  # In other words, this retains nested hashes, and only the deepest leaf nodes become bananas.
+  # WARNING: This is a silly example!
+  dump_value_extensions.add(:to_fruit) do |value|
+    "banana" # => Make values "banana" on dump
+  end
+
+  # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
+  # In other words, this retains nested hashes, and only the deepest leaf nodes become ***.
+  # WARNING: This is a silly example!
+  load_value_extensions.add(:to_stars) do |value|
+    "***" # Turn dumped bananas into *** when they are loaded
+  end
+
+  # Act on the entire hash as it is prepared for dumping to JSON
+  # WARNING: This is a silly example!
+  dump_hash_extensions.add(:to_cheese) do |value|
+    if value.is_a?(Hash)
+      value.transform_keys do |key|
+        split = key.split("_")
+        first_word = split[0]
+        key.sub(first_word, "cheese")
+      end
+    else
+      value
+    end
+  end
+
+  # Act on the entire hash as it is loaded from the JSON dump
+  # WARNING: This is a silly example!
+  load_hash_extensions.add(:to_pizza) do |value|
+    if value.is_a?(Hash)
+      res = klass.new
+      value.keys.each_with_object(res) do |key, result|
+        split = key.split("_")
+        last_word = split[-1]
+        new_key = key.sub(last_word, "pizza")
+        result[new_key] = value[key]
+      end
+      res
+    else
+      value
+    end
+  end
 end
 
          
 
+
          See response_spec.rb, or the oauth-xx/snaky_hash gem for more ideas.
          
+
 
          What if I hate snakes and/or indifference?
          
 
 
          response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
@@ -967,7 +1043,7 @@ 
          🤑 One more thing
          
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 995028d3..9cb96501 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
          Defined Under Namespace
          
 
 
       
diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb
index 68112a42..2a1c42be 100644
--- a/spec/oauth2/response_spec.rb
+++ b/spec/oauth2/response_spec.rb
@@ -385,7 +385,7 @@
   describe "with dump_value & load_value extensions" do
     let(:custom_hash_class) do
       klass = Class.new(SnakyHash::StringKeyed) do
-        # Give this class has `dump` and `load` abilities!
+        # Give this hash class `dump` and `load` abilities!
         extend SnakyHash::Serializer
 
         unless instance_methods.include?(:transform_keys)
@@ -536,7 +536,7 @@ def transform_keys
   describe "with dump_hash & load_hash extensions" do
     let(:custom_hash_class) do
       klass = Class.new(SnakyHash::StringKeyed) do
-        # Give this class has `dump` and `load` abilities!
+        # Give this hash class `dump` and `load` abilities!
         extend SnakyHash::Serializer
 
         unless instance_methods.include?(:transform_keys)

From 1b1f2bbe054e88310dd7b679b76c3745038693da Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 05:17:15 +0700
Subject: [PATCH 457/645] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20Checksums=20for?=
 =?UTF-8?q?=20v2.0.12?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 checksums/oauth2-2.0.12.gem.sha256 | 1 +
 checksums/oauth2-2.0.12.gem.sha512 | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 checksums/oauth2-2.0.12.gem.sha256
 create mode 100644 checksums/oauth2-2.0.12.gem.sha512

diff --git a/checksums/oauth2-2.0.12.gem.sha256 b/checksums/oauth2-2.0.12.gem.sha256
new file mode 100644
index 00000000..2703132b
--- /dev/null
+++ b/checksums/oauth2-2.0.12.gem.sha256
@@ -0,0 +1 @@
+f7edb8549c7912724d07087d808c3fa6756298fd64d55d4968324df69c64ab3f
\ No newline at end of file
diff --git a/checksums/oauth2-2.0.12.gem.sha512 b/checksums/oauth2-2.0.12.gem.sha512
new file mode 100644
index 00000000..072f0b2d
--- /dev/null
+++ b/checksums/oauth2-2.0.12.gem.sha512
@@ -0,0 +1 @@
+a209c7a0c4b9d46ccb00e750af8899c01d52648ca77a0d40b934593de53edc4f2774440fc50733c0e5098672c6c5a4a20f8709046be427fcf032f45922dff2d2
\ No newline at end of file

From f0a80bff972b9ad2a962dc8ca03c8c7dfda1ddcd Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 05:20:44 +0700
Subject: [PATCH 458/645] =?UTF-8?q?=F0=9F=9A=A8=20HTML=20cleanup?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 3e8523bc..9228c908 100644
--- a/README.md
+++ b/README.md
@@ -734,8 +734,10 @@ Also see GitLab Contributors: [https://gitlab.com/oauth-xx/oauth2/-/graphs/main]
 
 
  
-   
-   
+     
+     
    Star History Chart
  
 
@@ -787,7 +789,7 @@ See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright
 
 
            
     
          • 
-        2017 - 2025 Peter H. Boling, of
+        Copyright (c) 2017–2025 Peter H. Boling, of
         
             Galtzo.com
             

From b36d74b7b8054c9cd9e0987e35671ed7371362ed Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 05:31:11 +0700
Subject: [PATCH 459/645] =?UTF-8?q?=F0=9F=9A=A8=20Markdown=20organization?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 9228c908..17355908 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,20 @@
 
 [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
 
+[⛳liberapay-img]: https://img.shields.io/liberapay/goal/pboling.svg?logo=liberapay
+[⛳liberapay]: https://liberapay.com/pboling/donate
+[🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github
+[🖇sponsor]: https://github.com/sponsors/pboling
+[🖇polar-img]: https://img.shields.io/badge/polar-donate-yellow.svg
+[🖇polar]: https://polar.sh/pboling
+[🖇kofi-img]: https://img.shields.io/badge/a_more_different_coffee-✓-yellow.svg
+[🖇kofi]: https://ko-fi.com/O5O86SNP4
+[🖇patreon-img]: https://img.shields.io/badge/patreon-donate-yellow.svg
+[🖇patreon]: https://patreon.com/galtzo
+[🖇buyme-img]: https://img.buymeacoffee.com/button-api/?text=Buy%20me%20a%20latte&emoji=&slug=pboling&button_colour=FFDD00&font_colour=000000&font_family=Cookie&outline_colour=000000&coffee_colour=ffffff
+[🖇buyme]: https://www.buymeacoffee.com/pboling
+[🖇buyme-small-img]: https://img.shields.io/badge/buy_me_a_coffee-✓-yellow.svg?style=flat
+
 OAuth 2.0 is the industry-standard protocol for authorization.
 OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
     desktop applications, mobile phones, and living room devices.
@@ -908,19 +922,6 @@ or one of the others at the head of this README.
 [🚎12-crh-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/current-runtime-heads.yml/badge.svg
 [🚎13-cbs-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/caboose.yml
 [🚎13-cbs-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/caboose.yml/badge.svg
-[⛳liberapay-img]: https://img.shields.io/liberapay/goal/pboling.svg?logo=liberapay
-[⛳liberapay]: https://liberapay.com/pboling/donate
-[🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github
-[🖇sponsor]: https://github.com/sponsors/pboling
-[🖇polar-img]: https://img.shields.io/badge/polar-donate-yellow.svg
-[🖇polar]: https://polar.sh/pboling
-[🖇kofi-img]: https://img.shields.io/badge/a_more_different_coffee-✓-yellow.svg
-[🖇kofi]: https://ko-fi.com/O5O86SNP4
-[🖇patreon-img]: https://img.shields.io/badge/patreon-donate-yellow.svg
-[🖇patreon]: https://patreon.com/galtzo
-[🖇buyme-img]: https://img.buymeacoffee.com/button-api/?text=Buy%20me%20a%20latte&emoji=&slug=pboling&button_colour=FFDD00&font_colour=000000&font_family=Cookie&outline_colour=000000&coffee_colour=ffffff
-[🖇buyme]: https://www.buymeacoffee.com/pboling
-[🖇buyme-small-img]: https://img.shields.io/badge/buy_me_a_coffee-✓-yellow.svg?style=flat
 [💎ruby-2.3i]: https://img.shields.io/badge/Ruby-2.3-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
 [💎ruby-2.4i]: https://img.shields.io/badge/Ruby-2.4-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
 [💎ruby-2.5i]: https://img.shields.io/badge/Ruby-2.5-DF00CA?style=for-the-badge&logo=ruby&logoColor=white

From 2e8899c8125a3f5a8b68dce4943efc3d19f6fc25 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 05:31:53 +0700
Subject: [PATCH 460/645] =?UTF-8?q?=F0=9F=9A=A8=20Latest=20docs=20site?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/OAuth2.html                                 | 2 +-
 docs/OAuth2/AccessToken.html                     | 2 +-
 docs/OAuth2/Authenticator.html                   | 2 +-
 docs/OAuth2/Client.html                          | 2 +-
 docs/OAuth2/Error.html                           | 2 +-
 docs/OAuth2/FilteredAttributes.html              | 2 +-
 docs/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 docs/OAuth2/Response.html                        | 2 +-
 docs/OAuth2/Strategy.html                        | 2 +-
 docs/OAuth2/Strategy/Assertion.html              | 2 +-
 docs/OAuth2/Strategy/AuthCode.html               | 2 +-
 docs/OAuth2/Strategy/Base.html                   | 2 +-
 docs/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 docs/OAuth2/Strategy/Implicit.html               | 2 +-
 docs/OAuth2/Strategy/Password.html               | 2 +-
 docs/OAuth2/Version.html                         | 2 +-
 docs/_index.html                                 | 2 +-
 docs/file.CHANGELOG.html                         | 2 +-
 docs/file.CITATION.html                          | 2 +-
 docs/file.CODE_OF_CONDUCT.html                   | 2 +-
 docs/file.CONTRIBUTING.html                      | 2 +-
 docs/file.LICENSE.html                           | 2 +-
 docs/file.README.html                            | 8 ++++----
 docs/file.SECURITY.html                          | 2 +-
 docs/index.html                                  | 8 ++++----
 docs/top-level-namespace.html                    | 2 +-
 26 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index d0404878..a8de2837 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,7 +326,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index e99e9e72..65fcb348 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 8b27c0a3..af217148 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index d4d1aa9b..be407558 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index e729a747..a281c141 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 831e337c..7a6855a4 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 6131a696..4fd4ede2 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index ed74fc23..5cf388f2 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index e0cad5bb..f6bb8acd 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
            Defined Under Namespace
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 401ea06a..13bbdaa0 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index f4a7d13a..182858df 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 4114b19c..6fe65c84 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 3a49f0f2..976cfb0f 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 1616888c..abc9c9eb 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 635a403a..3bde8b23 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 44541da4..4d2c0590 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
            
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 72be5299..6f640872 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -303,7 +303,7 @@ 
            Namespace Listing A-Z
            
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index c7402237..8860ddf5 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -836,7 +836,7 @@ 
            
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 679e2194..f6f4f99c 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -85,7 +85,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index e9582759..f3cf25e7 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
            Attribution
            
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 30b9c4a9..5b8071b8 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
            To release a new version:
            
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 09761e90..d69017b4 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
            MIT License

            Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
            Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

            Permission is hereby granted, free of charge, to any person obtaining a copy
            of this software and associated documentation files (the "Software"), to deal
            in the Software without restriction, including without limitation the rights
            to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
            copies of the Software, and to permit persons to whom the Software is
            furnished to do so, subject to the following conditions:

            The above copyright notice and this permission notice shall be included in all
            copies or substantial portions of the Software.

            THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
            IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
            FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
            AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
            LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
            OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
            SOFTWARE.
            
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index fedcdbda..8e99bfcf 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -949,8 +949,8 @@ 
            ⭐️ Star History
            
 
 
            
 
-   
-   
+     
+     
    Star History Chart
  
 
            </a>
            
@@ -1008,7 +1008,7 @@ 
            © Copyright
            
 
 
              
     
            • 
-        2017 - 2025 Peter H. Boling, of
+        Copyright (c) 2017–2025 Peter H. Boling, of
         
             Galtzo.com
             
@@ -1043,7 +1043,7 @@ 
              🤑 One more thing
              
 
 
                     
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 5ca90d6e..b9799f8e 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
              Enterprise Support
              
 
 
       
diff --git a/docs/index.html b/docs/index.html
index 56333b91..0a5b5c79 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -949,8 +949,8 @@ 
              ⭐️ Star History
              
 
 
              
 
-   
-   
+     
+     
    Star History Chart
  
 
              </a>
              
@@ -1008,7 +1008,7 @@ 
              © Copyright
              
 
 
                
     
              • 
-        2017 - 2025 Peter H. Boling, of
+        Copyright (c) 2017–2025 Peter H. Boling, of
         
             Galtzo.com
             
@@ -1043,7 +1043,7 @@ 
                🤑 One more thing
                
 
 
                       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 9cb96501..ce8f1607 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                Defined Under Namespace
                
 
 
       

From a32db678d32c2fc152585e7513a6b5775e0630f2 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 06:11:05 +0700
Subject: [PATCH 461/645] =?UTF-8?q?=F0=9F=9A=A8=20Change=20documentation?=
 =?UTF-8?q?=20to=20work=20around=20rubocop-md=20bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- https://github.com/rubocop/rubocop-md/issues/28
---
 .rubocop.yml                                  |  6 +++++
 README.md                                     | 22 +++++++++------
 docs/OAuth2.html                              |  2 +-
 docs/OAuth2/AccessToken.html                  |  2 +-
 docs/OAuth2/Authenticator.html                |  2 +-
 docs/OAuth2/Client.html                       |  2 +-
 docs/OAuth2/Error.html                        |  2 +-
 docs/OAuth2/FilteredAttributes.html           |  2 +-
 .../FilteredAttributes/ClassMethods.html      |  2 +-
 docs/OAuth2/Response.html                     |  2 +-
 docs/OAuth2/Strategy.html                     |  2 +-
 docs/OAuth2/Strategy/Assertion.html           |  2 +-
 docs/OAuth2/Strategy/AuthCode.html            |  2 +-
 docs/OAuth2/Strategy/Base.html                |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |  2 +-
 docs/OAuth2/Strategy/Implicit.html            |  2 +-
 docs/OAuth2/Strategy/Password.html            |  2 +-
 docs/OAuth2/Version.html                      |  2 +-
 docs/_index.html                              |  2 +-
 docs/file.CHANGELOG.html                      |  2 +-
 docs/file.CITATION.html                       |  2 +-
 docs/file.CODE_OF_CONDUCT.html                |  2 +-
 docs/file.CONTRIBUTING.html                   |  2 +-
 docs/file.LICENSE.html                        |  2 +-
 docs/file.README.html                         | 27 ++++++++++---------
 docs/file.SECURITY.html                       |  2 +-
 docs/index.html                               | 27 ++++++++++---------
 docs/top-level-namespace.html                 |  2 +-
 28 files changed, 72 insertions(+), 58 deletions(-)

diff --git a/.rubocop.yml b/.rubocop.yml
index 87b58541..13006d3a 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -42,6 +42,12 @@ Lint/UnusedBlockArgument:
     - 'vendor/**/*'
     - '**/.irbrc'
 
+# Test if we can turn this back on after upgrading rubocop-md.
+# It is still an open issue, so not expecting it to be fixed.
+# See: https://github.com/rubocop/rubocop-md/issues/28
+Layout/InitialIndentation:
+  Enabled: false
+
 Style/ClassVars:
   Enabled: false
 
diff --git a/README.md b/README.md
index 17355908..6f78f699 100644
--- a/README.md
+++ b/README.md
@@ -509,29 +509,35 @@ As of v2.0.11, if you need to serialize the parsed result, you can!
 
 There are two ways to do this, globally, or discretely.  The discrete way is recommended.
 
-1. Globally configure `SnakyHash::StringKeyed` to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails):
+##### Global Serialization Config
 
-    ```ruby
+Globally configure `SnakyHash::StringKeyed` to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails).
+
+```ruby
 SnakyHash::StringKeyed.class_eval do
   extend SnakyHash::Serializer
 end
-    ```
+```
+
+##### Discrete Serialization Config
 
-2. Discretely configure a custom Snaky Hash class to use the serializer:
+Discretely configure a custom Snaky Hash class to use the serializer.
 
-    ```ruby
+```ruby
 class MySnakyHash < SnakyHash::StringKeyed
   # Give this hash class `dump` and `load` abilities!
   extend SnakyHash::Serializer
 end
 
-    # And tell your client to use the custom class in each call:
+# And tell your client to use the custom class in each call:
 client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
 token = client.get_token({snaky_hash_klass: MySnakyHash})
-    ```
+```
 
 ##### Serialization Extensions
 
+These extensions work regardless of whether you used the global or discrete config above.
+
 There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
 They are likely not needed if you are on a newer Ruby.
 See `response_spec.rb` if you need to study the hacks for older Rubies.
@@ -791,7 +797,7 @@ For example:
 spec.add_dependency("oauth2", "~> 2.0")
 ```
 
-See [CHANGELOG.md][📌changelog] for list of releases.
+See [CHANGELOG.md][📌changelog] for a list of releases.
 
 ## 📄 License
 
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index a8de2837..68207c99 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,7 +326,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 65fcb348..1a5cb552 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index af217148..0be6ac86 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index be407558..3a83b56e 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index a281c141..91ceed42 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 7a6855a4..55de7999 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 4fd4ede2..db399218 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 5cf388f2..31599ac7 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index f6bb8acd..51f0cd5d 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                Defined Under Namespace
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 13bbdaa0..5c5626c5 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 182858df..31fba2c8 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 6fe65c84..d07dd322 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 976cfb0f..9b57d033 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index abc9c9eb..a583ba5d 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 3bde8b23..9b5483fe 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 4d2c0590..d7cf175e 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 6f640872..73f287ec 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -303,7 +303,7 @@ 
                Namespace Listing A-Z
                
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 8860ddf5..bbc612f6 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -836,7 +836,7 @@ 
                
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index f6f4f99c..a89dd394 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -85,7 +85,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index f3cf25e7..8f59d590 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
                Attribution
                
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 5b8071b8..f8cad464 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
                To release a new version:
                
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index d69017b4..2c0b2853 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                MIT License

                Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
                Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

                Permission is hereby granted, free of charge, to any person obtaining a copy
                of this software and associated documentation files (the "Software"), to deal
                in the Software without restriction, including without limitation the rights
                to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                copies of the Software, and to permit persons to whom the Software is
                furnished to do so, subject to the following conditions:

                The above copyright notice and this permission notice shall be included in all
                copies or substantial portions of the Software.

                THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                SOFTWARE.
                
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 8e99bfcf..ee6d9240 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -711,32 +711,33 @@ 
                Serialization
                
 
 
                There are two ways to do this, globally, or discretely.  The discrete way is recommended.
                
 
-
                  
-  
                1. 
-    
                  Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails):
                  
+
                  Global Serialization Config
                  
+
+
                  Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails).
                  
 
-    
                  SnakyHash::StringKeyed.class_eval do
+
                  SnakyHash::StringKeyed.class_eval do
   extend SnakyHash::Serializer
 end
 
                  
-  
                  2. 
-  
                2. 
-    
                  Discretely configure a custom Snaky Hash class to use the serializer:
                  
 
-    
                  class MySnakyHash < SnakyHash::StringKeyed
+
                  Discrete Serialization Config
                  
+
+
                  Discretely configure a custom Snaky Hash class to use the serializer.
                  
+
+
                  class MySnakyHash < SnakyHash::StringKeyed
   # Give this hash class `dump` and `load` abilities!
   extend SnakyHash::Serializer
 end
 
- # And tell your client to use the custom class in each call:
+# And tell your client to use the custom class in each call:
 client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
 token = client.get_token({snaky_hash_klass: MySnakyHash})
 
                  
-  
                  3. 
-
                
 
 
                Serialization Extensions
                
 
+
                These extensions work regardless of whether you used the global or discrete config above.
                
+
 
                There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
                
 They are likely not needed if you are on a newer Ruby.
                
 See response_spec.rb if you need to study the hacks for older Rubies.
                
@@ -996,7 +997,7 @@ 
                📌 Is “Platform Support
 
                spec.add_dependency("oauth2", "~> 2.0")
 
                
 
-
                See CHANGELOG.md for list of releases.
                
+
                See CHANGELOG.md for a list of releases.
                
 
 
                📄 License
                
 
@@ -1043,7 +1044,7 @@ 
                🤑 One more thing
                
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index b9799f8e..7fdc79e8 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                Enterprise Support
                
 
 
       
diff --git a/docs/index.html b/docs/index.html
index 0a5b5c79..3df504fa 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -711,32 +711,33 @@ 
                Serialization
                
 
 
                There are two ways to do this, globally, or discretely.  The discrete way is recommended.
                
 
-
                  
-  
                1. 
-    
                  Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails):
                  
+
                  Global Serialization Config
                  
+
+
                  Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails).
                  
 
-    
                  SnakyHash::StringKeyed.class_eval do
+
                  SnakyHash::StringKeyed.class_eval do
   extend SnakyHash::Serializer
 end
 
                  
-  
                  2. 
-  
                2. 
-    
                  Discretely configure a custom Snaky Hash class to use the serializer:
                  
 
-    
                  class MySnakyHash < SnakyHash::StringKeyed
+
                  Discrete Serialization Config
                  
+
+
                  Discretely configure a custom Snaky Hash class to use the serializer.
                  
+
+
                  class MySnakyHash < SnakyHash::StringKeyed
   # Give this hash class `dump` and `load` abilities!
   extend SnakyHash::Serializer
 end
 
- # And tell your client to use the custom class in each call:
+# And tell your client to use the custom class in each call:
 client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
 token = client.get_token({snaky_hash_klass: MySnakyHash})
 
                  
-  
                  3. 
-
                
 
 
                Serialization Extensions
                
 
+
                These extensions work regardless of whether you used the global or discrete config above.
                
+
 
                There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
                
 They are likely not needed if you are on a newer Ruby.
                
 See response_spec.rb if you need to study the hacks for older Rubies.
                
@@ -996,7 +997,7 @@ 
                📌 Is “Platform Support
 
                spec.add_dependency("oauth2", "~> 2.0")
 
                
 
-
                See CHANGELOG.md for list of releases.
                
+
                See CHANGELOG.md for a list of releases.
                
 
 
                📄 License
                
 
@@ -1043,7 +1044,7 @@ 
                🤑 One more thing
                
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index ce8f1607..3483426d 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                Defined Under Namespace
                
 
 
       

From 914da26cbe8285627a18d668539cf39b67bc3230 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 06:16:24 +0700
Subject: [PATCH 462/645] =?UTF-8?q?=F0=9F=93=9D=20Fix=20typo?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6f78f699..70d95e01 100644
--- a/README.md
+++ b/README.md
@@ -976,7 +976,7 @@ or one of the others at the head of this README.
 [📌gitmoji]:https://gitmoji.dev
 [📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20😜%20😍-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.518-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.520-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year

From f92af0053b7cf8863070b61989872578aff40e9b Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 06:24:59 +0700
Subject: [PATCH 463/645] =?UTF-8?q?=F0=9F=93=9D=20Improve=20documentation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 70d95e01..77fe2191 100644
--- a/README.md
+++ b/README.md
@@ -540,7 +540,7 @@ These extensions work regardless of whether you used the global or discrete conf
 
 There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
 They are likely not needed if you are on a newer Ruby.
-See `response_spec.rb` if you need to study the hacks for older Rubies.
+See [response_spec.rb](https://github.com/oauth-xx/oauth2/blob/main/spec/oauth2/response_spec.rb) if you need to study the hacks for older Rubies.
 
 ```ruby
 class MySnakyHash < SnakyHash::StringKeyed
@@ -596,7 +596,7 @@ class MySnakyHash < SnakyHash::StringKeyed
 end
 ```
 
-See `response_spec.rb`, or the [oauth-xx/snaky_hash](https://gitlab.com/oauth-xx/snaky_hash) gem for more ideas.
+See [response_spec.rb](https://github.com/oauth-xx/oauth2/blob/main/spec/oauth2/response_spec.rb), or the [oauth-xx/snaky_hash](https://gitlab.com/oauth-xx/snaky_hash) gem for more ideas.
 
 #### What if I hate snakes and/or indifference?
 

From 84b3d24853f02845081a3e58e2768f555e16a474 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 07:21:30 +0700
Subject: [PATCH 464/645] =?UTF-8?q?=F0=9F=93=9D=20Organize=20documentation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 77fe2191..21b89c62 100644
--- a/README.md
+++ b/README.md
@@ -28,8 +28,6 @@
 [🖇kofi]: https://ko-fi.com/O5O86SNP4
 [🖇patreon-img]: https://img.shields.io/badge/patreon-donate-yellow.svg
 [🖇patreon]: https://patreon.com/galtzo
-[🖇buyme-img]: https://img.buymeacoffee.com/button-api/?text=Buy%20me%20a%20latte&emoji=&slug=pboling&button_colour=FFDD00&font_colour=000000&font_family=Cookie&outline_colour=000000&coffee_colour=ffffff
-[🖇buyme]: https://www.buymeacoffee.com/pboling
 [🖇buyme-small-img]: https://img.shields.io/badge/buy_me_a_coffee-✓-yellow.svg?style=flat
 
 OAuth 2.0 is the industry-standard protocol for authorization.
@@ -833,6 +831,9 @@ or one of the others at the head of this README.
 
 [![Buy me a latte][🖇buyme-img]][🖇buyme]
 
+[🖇buyme-img]: https://img.buymeacoffee.com/button-api/?text=Buy%20me%20a%20latte&emoji=&slug=pboling&button_colour=FFDD00&font_colour=000000&font_family=Cookie&outline_colour=000000&coffee_colour=ffffff
+[🖇buyme]: https://www.buymeacoffee.com/pboling
+
 [⛳gg-discussions]: https://groups.google.com/g/oauth-ruby
 [⛳gg-discussions-img]: https://img.shields.io/badge/google-group-0093D0.svg?style=for-the-badge&logo=google&logoColor=orange
 

From 34213be92aa06aaa9fe065b24b341d89e9d8fdba Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 08:41:33 +0700
Subject: [PATCH 465/645] =?UTF-8?q?=F0=9F=92=9A=20qlty.toml=20doesn't=20se?=
 =?UTF-8?q?em=20to=20work?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .qlty/qlty.toml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.qlty/qlty.toml b/.qlty/qlty.toml
index 7d4a315c..5f1b6200 100644
--- a/.qlty/qlty.toml
+++ b/.qlty/qlty.toml
@@ -35,7 +35,6 @@ exclude_patterns = [
   ".github/workflows/codeql-analysis.yml"
 ]
 
-
 test_patterns = [
   "**/test/**",
   "**/spec/**",

From ac31555a1e8c0bc333fea05b4cf3dd1a17f71e6f Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 1 Jun 2025 09:26:04 +0700
Subject: [PATCH 466/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20attend=20to=20gram?=
 =?UTF-8?q?mar?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .rubocop_gradual.lock                            | 2 +-
 docs/OAuth2.html                                 | 2 +-
 docs/OAuth2/AccessToken.html                     | 2 +-
 docs/OAuth2/Authenticator.html                   | 2 +-
 docs/OAuth2/Client.html                          | 2 +-
 docs/OAuth2/Error.html                           | 2 +-
 docs/OAuth2/FilteredAttributes.html              | 2 +-
 docs/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 docs/OAuth2/Response.html                        | 2 +-
 docs/OAuth2/Strategy.html                        | 2 +-
 docs/OAuth2/Strategy/Assertion.html              | 2 +-
 docs/OAuth2/Strategy/AuthCode.html               | 2 +-
 docs/OAuth2/Strategy/Base.html                   | 2 +-
 docs/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 docs/OAuth2/Strategy/Implicit.html               | 2 +-
 docs/OAuth2/Strategy/Password.html               | 2 +-
 docs/OAuth2/Version.html                         | 2 +-
 docs/_index.html                                 | 2 +-
 docs/file.CHANGELOG.html                         | 2 +-
 docs/file.CITATION.html                          | 2 +-
 docs/file.CODE_OF_CONDUCT.html                   | 2 +-
 docs/file.CONTRIBUTING.html                      | 2 +-
 docs/file.LICENSE.html                           | 2 +-
 docs/file.README.html                            | 8 ++++----
 docs/file.SECURITY.html                          | 2 +-
 docs/index.html                                  | 8 ++++----
 docs/top-level-namespace.html                    | 2 +-
 oauth2.gemspec                                   | 2 +-
 28 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index 99817d39..ef123ef9 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -21,7 +21,7 @@
   "lib/oauth2/response.rb:2054901929": [
     [53, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427]
   ],
-  "oauth2.gemspec:232642695": [
+  "oauth2.gemspec:854862132": [
     [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028]
   ],
   "spec/oauth2/access_token_spec.rb:1202129469": [
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 68207c99..79adfeb8 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,7 +326,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 1a5cb552..f10bde36 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 0be6ac86..d7adf374 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 3a83b56e..e5ef717e 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 91ceed42..d25aeffb 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 55de7999..00a210a2 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index db399218..2407e92e 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 31599ac7..5b43feb8 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 51f0cd5d..b8575e09 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                Defined Under Namespace
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 5c5626c5..4fb319ac 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 31fba2c8..beaef9ad 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index d07dd322..8777705d 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 9b57d033..0cbbc304 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index a583ba5d..bcbf3e8b 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 9b5483fe..db758832 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index d7cf175e..ce58cabd 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 73f287ec..e1e3c989 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -303,7 +303,7 @@ 
                Namespace Listing A-Z
                
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index bbc612f6..28763f8b 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -836,7 +836,7 @@ 
                
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index a89dd394..c1d68ade 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -85,7 +85,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 8f59d590..17332936 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
                Attribution
                
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index f8cad464..120814ec 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -195,7 +195,7 @@ 
                To release a new version:
                
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 2c0b2853..5aa19450 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                MIT License

                Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
                Copyright (c) 2017 - 2025 Peter H. Boling, of RailsBling.com, and OAuth2 contributors

                Permission is hereby granted, free of charge, to any person obtaining a copy
                of this software and associated documentation files (the "Software"), to deal
                in the Software without restriction, including without limitation the rights
                to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                copies of the Software, and to permit persons to whom the Software is
                furnished to do so, subject to the following conditions:

                The above copyright notice and this permission notice shall be included in all
                copies or substantial portions of the Software.

                THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                SOFTWARE.
                
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index ee6d9240..18e5d931 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -333,7 +333,7 @@ 
                💡 Info you can shake a stick at
                
     
        
       Source
       
-Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
+Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
 
     
        
     
        
 
 
 
 
 
 
 
 
       
 
 
       
     
        
       Source
       
-Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
+Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
 
     
        
     
        
 
 
 
 
 
 
 
 
       
 
 
       
        
       Documentation
       
-Discussion Current release on RubyDoc.info HEAD on RubyDoc.info BDFL Blog Wiki
+Discussion Current release on RubyDoc.info YARD on Galtzo.com BDFL Blog Wiki
 
     
        
     
        
 
 
 
 
         
     
 
 
 
       
 
 
       
     
        
       Documentation
       
-Discussion Current release on RubyDoc.info HEAD on RubyDoc.info BDFL Blog Wiki
+Discussion Current release on RubyDoc.info YARD on Galtzo.com BDFL Blog Wiki
 
     
        
     
        
 
 
 
 
         
     
 
 
 
       
 
 
       
        
     
        🧪 oauth-xx/oauth2 on GitLab
+      🧪 ruby-oauth/oauth2 on GitLab
 
       The Truth💚💚💚💚💚💚
       🏀 Tiny Matrix
       
     
        
     
        🧊 oauth-xx/oauth2 on CodeBerg
+      🧊 ruby-oauth/oauth2 on CodeBerg
 
       An Ethical Mirror (Donate)
       💚💚
       
       ⭕️ No Matrix
       
     
        
     
        🐙 oauth-xx/oauth2 on GitHub
+      🐙 ruby-oauth/oauth2 on GitHub
 
       A Dirty Mirror💚💚💚💚
       
       💯 Full Matrix
       
     
        
       Tokens to Remember
       
-Gem name Gem namespace
+Gem name Gem namespace
 
     
        
   
     
        
       Works with JRuby
       
-JRuby 9.2 Compat JRuby 9.3 Compat JRuby 9.4 Compat JRuby 10.0 Compat JRuby HEAD Compat
+JRuby 9.2 Compat JRuby 9.3 Compat JRuby 9.4 Compat JRuby 10.0 Compat JRuby HEAD Compat
 
     
        
     
        
       Works with Truffle Ruby
       
-Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat Truffle Ruby HEAD Compat
+Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat Truffle Ruby HEAD Compat
 
     
        
     
        
       Works with MRI Ruby 3
       
-Ruby 3.0 Compat Ruby 3.1 Compat Ruby 3.2 Compat Ruby 3.3 Compat Ruby 3.4 Compat Ruby HEAD Compat
+Ruby 3.0 Compat Ruby 3.1 Compat Ruby 3.2 Compat Ruby 3.3 Compat Ruby 3.4 Compat Ruby HEAD Compat
 
     
        
     
        
       Works with MRI Ruby 2
       
-Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
+Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
 
     
        
     
        
       Source
       
-Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
+Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
 
     
        
     
        
       Documentation
       
-Discussion Current release on RubyDoc.info YARD on Galtzo.com BDFL Blog Wiki
+Discussion Current release on RubyDoc.info YARD on Galtzo.com BDFL Blog Wiki
 
     
        
     
        
 
 
 
 
 
 
 
 
        
     
        🧪 oauth-xx/oauth2 on GitLab
+      🧪 ruby-oauth/oauth2 on GitLab
 
       The Truth💚💚💚💚💚💚
       🏀 Tiny Matrix
       
     
        
     
        🧊 oauth-xx/oauth2 on CodeBerg
+      🧊 ruby-oauth/oauth2 on CodeBerg
 
       An Ethical Mirror (Donate)
       💚💚
       
       ⭕️ No Matrix
       
     
        
     
        🐙 oauth-xx/oauth2 on GitHub
+      🐙 ruby-oauth/oauth2 on GitHub
 
       A Dirty Mirror💚💚💚💚
       
       💯 Full Matrix
       
        
       Tokens to Remember
       
-Gem name Gem namespace
+Gem name Gem namespace
 
     
        
   
        
       Works with JRuby
       
-JRuby 9.2 Compat JRuby 9.3 Compat JRuby 9.4 Compat JRuby 10.0 Compat JRuby HEAD Compat
+JRuby 9.2 Compat JRuby 9.3 Compat JRuby 9.4 Compat JRuby 10.0 Compat JRuby HEAD Compat
 
     
        
     
        
       Works with Truffle Ruby
       
-Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat Truffle Ruby HEAD Compat
+Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat Truffle Ruby HEAD Compat
 
     
        
     
        
       Works with MRI Ruby 3
       
-Ruby 3.0 Compat Ruby 3.1 Compat Ruby 3.2 Compat Ruby 3.3 Compat Ruby 3.4 Compat Ruby HEAD Compat
+Ruby 3.0 Compat Ruby 3.1 Compat Ruby 3.2 Compat Ruby 3.3 Compat Ruby 3.4 Compat Ruby HEAD Compat
 
     
        
     
        
       Works with MRI Ruby 2
       
-Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
+Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
 
     
        
     
        
       Source
       
-Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
+Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
 
     
        
     
        
       Documentation
       
-Discussion Current release on RubyDoc.info YARD on Galtzo.com BDFL Blog Wiki
+Discussion Current release on RubyDoc.info YARD on Galtzo.com BDFL Blog Wiki
 
     
        
     
        
+  
+    
+      
+      
+    
+  
+  
+    
+      
+      
+    
+  
+
        🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎
        👟 Check it out!github.com/appraisal-rb/appraisal2
        
+
 
          
   
        • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
     
            
@@ -216,32 +221,6 @@ 
            You should upgrade this gem
 
 
            * MIT license; I am unable to make guarantees.
            
 
-
-  
-    
-      
-      
-    
-  
-  
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-  
-
            🚚 Test matrix brought to you by🔎 appraisal++
            Adds back support for old Rubiesappraisal PR #250
-
            Adds support for eval_gemfile
-appraisal PR #248
-
            Please reviewmy PRs!
            
-
 
            
   Standard Library Dependencies
 
@@ -253,7 +232,7 @@ 
            You should upgrade this gem
 * time
 * logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10)
 
-If you use a gem version it should work fine!
+If you use a gem version of a core Ruby library it should work fine!
 
 
            
 
@@ -463,7 +442,7 @@ 
            ✨ Installation
            
 
            🔒 Secure Installation
            
 
 
            oauth2 is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by
            
-stone_checksums. Be sure the gem you install hasn’t been tampered with
            
+stone_checksums. Be sure the gem you install hasn’t been tampered with
            
 by following the instructions below.
            
 
 
            Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
            
@@ -999,7 +978,7 @@ 
            📌 Is “Platform Support
 
            spec.add_dependency("oauth2", "~> 2.0")
 
            
 
-
            See CHANGELOG.md for a list of releases.
            
+
            See CHANGELOG.md for list of releases.
            
 
 
            📄 License
            
 
@@ -1015,7 +994,7 @@ 
            © Copyright
            
         
             Galtzo.com
             
-              Galtzo.com Logo by Aboling0, CC BY-SA 4.0
+              Galtzo.com Logo (Wordless) by Aboling0, CC BY-SA 4.0
             
         , and oauth2 contributors
     
@@ -1036,7 +1015,7 @@ 
            🤑 One more thing
            
 
 
            Liberapay Goal Progress Sponsor Me on Github Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
            
 
-
            P.S. Use the gem => Discord for help
            
+
            P.S. If you need help️, or want to say thanks, 👇 Join the Discord.
            
 
 
            Live Chat on Discord
            
 
@@ -1047,13 +1026,22 @@ 
            🤑 One more thing
            
 
 
 
+
+
+
+
            
+  Broken badges
+
+[![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov]
+[![Coverage Graph][🔑codecov-g♻️]][🔑codecov]
+
 
            
 
 
       
 
     
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index df63dc3d..e907042f 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,9 +113,9 @@ 
            Enterprise Support
            
 
 
       
 
     
diff --git a/docs/index.html b/docs/index.html
index 466be55e..59b620b1 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -57,17 +57,7 @@
         
            
       
 
-      
            
-    
-      Galtzo.com Logo by Aboling0, CC BY-SA 4.0
-    
-    
-      OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0
-    
-    
-      Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5
-    
-
            
+      
            Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 oauth2 Logo by Chris Messina, CC BY-SA 3.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5
            
 
 
            🔐 OAuth2
            
 
@@ -167,6 +157,21 @@ 
            Upgrading Runtime Gem DependenciesWe have 100% test coverage of lines and branches, and this test suite runs across a large matrix
            
 covering the latest patch for each of the following minor versions:
            
 
+
+  
+    
+      
+      
+    
+  
+  
+    
+      
+      
+    
+  
+
            🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎
            👟 Check it out!github.com/appraisal-rb/appraisal2
            
+
 
              
   
            • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
     
                
@@ -216,32 +221,6 @@ 
                You should upgrade this gem
 
 
                * MIT license; I am unable to make guarantees.
                
 
-
-  
-    
-      
-      
-    
-  
-  
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-  
-
                🚚 Test matrix brought to you by🔎 appraisal++
                Adds back support for old Rubiesappraisal PR #250
-
                Adds support for eval_gemfile
-appraisal PR #248
-
                Please reviewmy PRs!
                
-
 
                
   Standard Library Dependencies
 
@@ -253,7 +232,7 @@ 
                You should upgrade this gem
 * time
 * logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10)
 
-If you use a gem version it should work fine!
+If you use a gem version of a core Ruby library it should work fine!
 
 
                
 
@@ -463,7 +442,7 @@ 
                ✨ Installation
                
 
                🔒 Secure Installation
                
 
 
                oauth2 is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by
                
-stone_checksums. Be sure the gem you install hasn’t been tampered with
                
+stone_checksums. Be sure the gem you install hasn’t been tampered with
                
 by following the instructions below.
                
 
 
                Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
                
@@ -999,7 +978,7 @@ 
                📌 Is “Platform Support
 
                spec.add_dependency("oauth2", "~> 2.0")
 
                
 
-
                See CHANGELOG.md for a list of releases.
                
+
                See CHANGELOG.md for list of releases.
                
 
 
                📄 License
                
 
@@ -1015,7 +994,7 @@ 
                © Copyright
                
         
             Galtzo.com
             
-              Galtzo.com Logo by Aboling0, CC BY-SA 4.0
+              Galtzo.com Logo (Wordless) by Aboling0, CC BY-SA 4.0
             
         , and oauth2 contributors
     
@@ -1036,7 +1015,7 @@ 
                🤑 One more thing
                
 
 
                Liberapay Goal Progress Sponsor Me on Github Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                
 
-
                P.S. Use the gem => Discord for help
                
+
                P.S. If you need help️, or want to say thanks, 👇 Join the Discord.
                
 
 
                Live Chat on Discord
                
 
@@ -1047,13 +1026,22 @@ 
                🤑 One more thing
                
 
 
 
+
+
+
+
                
+  Broken badges
+
+[![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov]
+[![Coverage Graph][🔑codecov-g♻️]][🔑codecov]
+
 
                
 
            
 
       
 
     
            
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index ea9cdf4c..c388036c 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,9 +100,9 @@ 
            Defined Under Namespace
            
 
            
 
       
 
     

From d1f65ea05a882b43ad245cb9bc53629a0456346d Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Wed, 6 Aug 2025 20:51:48 -0600
Subject: [PATCH 489/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20docs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                     | 148 +--
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              |   2 +-
 docs/file.CHANGELOG.html                      |   2 +-
 docs/file.CITATION.html                       |   2 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.README.html                         | 223 ++--
 docs/file.SECURITY.html                       |   2 +-
 docs/images/logo/README.txt                   |  27 -
 .../logo/galtzo-floss-logos-original.svg      |   1 -
 .../logo/galtzo-floss-logos-wordless.svg      |   1 -
 docs/images/logo/oauth2-logo-124px.png        | Bin 13391 -> 0 bytes
 docs/images/logo/ruby-logo-198px.svg          | 948 ------------------
 docs/index.html                               | 223 ++--
 docs/top-level-namespace.html                 |   2 +-
 32 files changed, 313 insertions(+), 1306 deletions(-)
 delete mode 100644 docs/images/logo/README.txt
 delete mode 100644 docs/images/logo/galtzo-floss-logos-original.svg
 delete mode 100644 docs/images/logo/galtzo-floss-logos-wordless.svg
 delete mode 100644 docs/images/logo/oauth2-logo-124px.png
 delete mode 100644 docs/images/logo/ruby-logo-198px.svg

diff --git a/README.md b/README.md
index 2f99ca3e..6d08fa92 100644
--- a/README.md
+++ b/README.md
@@ -9,26 +9,51 @@
 
 ## 🔐 OAuth2
 
-[![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Depfu][🔑depfui♻️]][🔑depfu] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi♻️]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti♻️]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Caboose is an absolute WAGON][🚎13-cbs-wfi]][🚎13-cbs-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL]
+[![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Depfu][🔑depfui♻️]][🔑depfu] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Caboose is an absolute WAGON][🚎13-cbs-wfi]][🚎13-cbs-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL]
 
 ---
 
 [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
 
----
+## 🌻 Synopsis
 
 OAuth 2.0 is the industry-standard protocol for authorization.
 OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
     desktop applications, mobile phones, and living room devices.
 This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications.
 
-| Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                            | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
-|-----------------------------------------------|-------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
-| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]      | The Truth                                                         | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
-| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb]    | An Ethical Mirror ([Donate][🤝cb-donate])                         | ➖                         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
-| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]      | A Dirty Mirror                                                    | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | ➖                            |
-| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                          | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
-| 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
+### Quick Example
+
+
            
+  Convert the following `curl` command into a token request using this gem...
+
+```shell
+curl --request POST \
+  --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \
+  --header 'content-type: application/x-www-form-urlencoded' \
+  --data grant_type=client_credentials \
+  --data client_id=REDMOND_CLIENT_ID \
+  --data client_secret=REDMOND_CLIENT_SECRET \
+  --data resource=REDMOND_RESOURCE_UUID
+```
+
+NOTE: In the ruby version below, certain params are passed to the `get_token` call, instead of the client creation.
+
+```ruby
+OAuth2::Client.new(
+  "REDMOND_CLIENT_ID", # client_id
+  "REDMOND_CLIENT_SECRET", # client_secret
+  auth_scheme: :request_body, # Other modes are supported: :basic_auth, :tls_client_auth, :private_key_jwt
+  token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path
+  site: "https://login.microsoftonline.com/REDMOND_REDACTED",
+). # The base path for token_url when it is relative
+  client_credentials. # There are many other types to choose from!
+  get_token(resource: "REDMOND_RESOURCE_UUID")
+```
+
+NOTE: `header` - The content type specified in the `curl` is already the default!
+
+
            
 
 ### Upgrading Runtime Gem Dependencies
 
@@ -80,7 +105,7 @@ Also, where reasonable, tested against the runtime dependencies of those depende
 
 [sv-pub-api]: #-is-platform-support-part-of-the-public-api
 
-\* MIT license; I am unable to make guarantees.
+\* MIT license; The only guarantees I make are for enterprise support.
 
 
            
   Standard Library Dependencies
@@ -97,38 +122,7 @@ If you use a gem version of a core Ruby library it should work fine!
 
 
            
 
-### Quick Usage Example for AI and Copy / Pasting
-
-Convert the following `curl` command into a token request using this gem...
-
-```shell
-curl --request POST \
-  --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \
-  --header 'content-type: application/x-www-form-urlencoded' \
-  --data grant_type=client_credentials \
-  --data client_id=REDMOND_CLIENT_ID \
-  --data client_secret=REDMOND_CLIENT_SECRET \
-  --data resource=REDMOND_RESOURCE_UUID
-```
-
-NOTE: In the ruby version below, certain params are passed to the `get_token` call, instead of the client creation.
-
-```ruby
-OAuth2::Client.new(
-  "REDMOND_CLIENT_ID", # client_id
-  "REDMOND_CLIENT_SECRET", # client_secret
-  auth_scheme: :request_body, # Other modes are supported: :basic_auth, :tls_client_auth, :private_key_jwt
-  token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path
-  site: "https://login.microsoftonline.com/REDMOND_REDACTED",
-). # The base path for token_url when it is relative
-  client_credentials. # There are many other types to choose from!
-  get_token(resource: "REDMOND_RESOURCE_UUID")
-```
-
-NOTE: `header` - The content type specified in the `curl` is already the default!
-
-If any of the above makes you uncomfortable, you may be in the wrong place.
-One of these might be what you are looking for:
+If it seems like you are in the wrong place, you might try one of these:
 
 * [OAuth 2.0 Spec][oauth2-spec]
 * [doorkeeper gem][doorkeeper-gem] for OAuth 2.0 server/provider implementation.
@@ -140,6 +134,42 @@ One of these might be what you are looking for:
 
 ## 💡 Info you can shake a stick at
 
+### Federated DVCS
+
+
            
+  Find this repo on other forges
+
+| Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                            | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
+|-----------------------------------------------|-------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
+| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]      | The Truth                                                         | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
+| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb]    | An Ethical Mirror ([Donate][🤝cb-donate])                         | ➖                         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
+| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]      | A Dirty Mirror                                                    | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | ➖                            |
+| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                          | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
+| 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
+
+
            
+
+[gh-discussions]: https://github.com/ruby-oauth/oauth2/discussions
+
+### Enterprise Support
+
+
            
+  Need enterprise-level guarantees?
+
+[![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
+
+- 💡Subscribe for support guarantees covering _all_ FLOSS dependencies
+- 💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]
+- 💡Tidelift pays maintainers to maintain the software you depend on!
            📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers
+
+Alternatively:
+
+- [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite]
+- [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork]
+- [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]
+
+
            
+
 | Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                                                                          |
 |-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Works with JRuby        | [![JRuby 9.2 Compat][💎jruby-9.2i]][🚎10-j-wf] [![JRuby 9.3 Compat][💎jruby-9.3i]][🚎10-j-wf] [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                                                                                        |
@@ -151,8 +181,7 @@ One of these might be what you are looking for:
 | Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                                                                                                                                                                                                                    |
 | Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji]                                                                                                                                                                                                                                                                                              |
 | Support                 | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                                                                                                       |
-| Enterprise Support      | [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
            💡Subscribe for support guarantees covering _all_ FLOSS dependencies!
            💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]!
            💡Tidelift pays maintainers to maintain the software you depend on!
            📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers! |
-| Comrade BDFL 🎖️        | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                              |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                              |
 | `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                   |
 
 ## 🚀 Release Documentation
@@ -286,19 +315,22 @@ If bundler is not being used to manage dependencies, install the gem by executin
 
 ### 🔒 Secure Installation
 
+
            
+  For Medium or High Security Installations
+
 `oauth2` is cryptographically signed, and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
 [stone_checksums][💎stone_checksums]. Be sure the gem you install hasn’t been tampered with
 by following the instructions below.
 
 Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
 
-```shell
+```console
 gem cert --add <(curl -Ls https://raw.github.com/ruby-oauth/oauth2/main/certs/pboling.pem)
 ```
 
 You only need to do that once.  Then proceed to install with:
 
-```shell
+```console
 gem install oauth2 -P MediumSecurity
 ```
 
@@ -308,12 +340,14 @@ This is necessary because not all of `oauth2`’s dependencies are signed, so we
 
 If you want to up your security game full-time:
 
-```shell
+```console
 bundle config set --global trust-policy MediumSecurity
 ```
 
 NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.
 
+
            
+
 ## OAuth2 for Enterprise
 
 Available as part of the Tidelift Subscription.
@@ -338,7 +372,7 @@ For more see [SECURITY.md][🔐security].
 - Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
 - Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
 - Support IETF rfc6749 Don't set oauth params when nil (since v2.0.0)
-- Support IETF rfc7009 Token Revocation (since v2.0.10)
+- Support IETF rfc7009 Token Revocation (since v2.0.10, updated in v2.0.13)
 - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523)
 - Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json`
 - Adds option to `OAuth2::Client#get_token`:
@@ -780,7 +814,7 @@ For example:
 spec.add_dependency("oauth2", "~> 2.0")
 ```
 
-See [CHANGELOG.md][📌changelog] for list of releases.
+See [CHANGELOG.md][📌changelog] for a list of releases.
 
 ## 📄 License
 
@@ -811,7 +845,7 @@ Having arrived at the bottom of the page, please endure a final supplication.
 The primary maintainer of this gem, Peter Boling, wants
 Ruby to be a great place for people to solve problems, big and small.
 Please consider supporting his efforts via the giant yellow link below,
-or one of smaller ones, depending on button size preference.
+or one of the smaller ones, depending on button size preference.
 
 [![Buy me a latte][🖇buyme-img]][🖇buyme]
 
@@ -895,9 +929,9 @@ P.S. If you need help️, or want to say thanks, 👇 Join the Discord.
 [👽version]: https://rubygems.org/gems/oauth2
 [👽versioni]: https://img.shields.io/gem/v/oauth2.svg
 [🔑qlty-mnt]: https://qlty.sh/gh/ruby-oauth/projects/oauth2
-[🔑qlty-mnti♻️]: https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/maintainability.svg
-[🔑qlty-cov]: https://qlty.sh/gh/ruby-oauth/projects/oauth2
-[🔑qlty-covi♻️]: https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/test_coverage.svg
+[🔑qlty-mnti]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/maintainability.svg
+[🔑qlty-cov]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/metrics/code?sort=coverageRating
+[🔑qlty-covi]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/coverage.svg
 [🔑codecov]: https://codecov.io/gh/ruby-oauth/oauth2
 [🔑codecovi♻️]: https://codecov.io/gh/ruby-oauth/oauth2/graph/badge.svg?token=bNqSzNiuo2
 [🔑coveralls]: https://coveralls.io/github/ruby-oauth/oauth2?branch=main
@@ -932,10 +966,10 @@ P.S. If you need help️, or want to say thanks, 👇 Join the Discord.
 [🚎12-crh-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/current-runtime-heads.yml/badge.svg
 [🚎13-cbs-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/caboose.yml
 [🚎13-cbs-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/caboose.yml/badge.svg
-[🚎13-🔒️-wf]: https://github.com/galtzo-floss/rspec-stubbed_env/actions/workflows/deps_locked.yml
-[🚎13-🔒️-wfi]: https://github.com/galtzo-floss/rspec-stubbed_env/actions/workflows/deps_locked.yml/badge.svg
-[🚎14-🔓️-wf]: https://github.com/galtzo-floss/rspec-stubbed_env/actions/workflows/deps_unlocked.yml
-[🚎14-🔓️-wfi]: https://github.com/galtzo-floss/rspec-stubbed_env/actions/workflows/deps_unlocked.yml/badge.svg
+[🚎13-🔒️-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/deps_locked.yml
+[🚎13-🔒️-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/deps_locked.yml/badge.svg
+[🚎14-🔓️-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/deps_unlocked.yml
+[🚎14-🔓️-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/deps_unlocked.yml/badge.svg
 [💎ruby-2.3i]: https://img.shields.io/badge/Ruby-2.3-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
 [💎ruby-2.4i]: https://img.shields.io/badge/Ruby-2.4-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
 [💎ruby-2.5i]: https://img.shields.io/badge/Ruby-2.5-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 30651721..b7205edd 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,7 +326,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 364f79bf..383e28ed 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 98ecd6f1..26301fc6 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 2502c156..2f644e36 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 81740c8e..031fd364 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index c9daa3e8..82708504 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index ff5413b1..4ff1c95d 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index eaf76049..bed8bfa6 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index f981b2b0..f554ce80 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
            Defined Under Namespace
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 688e659d..ab0050d0 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 4bde6671..a4682127 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 24715d21..ac95a78b 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 9a3e829d..9d6a1340 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 0f940078..d855cde9 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 4e07f01e..46c48377 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index e2e2353d..1962a9f1 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
            
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 552d8087..b12bfd85 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -303,7 +303,7 @@ 
            Namespace Listing A-Z
            
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index d25e0561..3a28504f 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -840,7 +840,7 @@ 
            
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index c4495d09..75a7f5d7 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -85,7 +85,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index f78d722f..c5471d99 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
            Attribution
            
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index f4836143..ebc47138 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -193,7 +193,7 @@ 
            To release a new version:
            
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index a62a9896..14250b1d 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
            MIT License

            Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
            Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

            Permission is hereby granted, free of charge, to any person obtaining a copy
            of this software and associated documentation files (the "Software"), to deal
            in the Software without restriction, including without limitation the rights
            to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
            copies of the Software, and to permit persons to whom the Software is
            furnished to do so, subject to the following conditions:

            The above copyright notice and this permission notice shall be included in all
            copies or substantial portions of the Software.

            THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
            IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
            FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
            AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
            LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
            OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
            SOFTWARE.
            
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 92b1b27a..cb52e976 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -61,84 +61,51 @@
 
 
            🔐 OAuth2
            
 
-
            Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
            
+
            Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
            
 
 
            
 
 
            Liberapay Goal Progress Sponsor Me on Github Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
            
 
-
            
+
            🌻 Synopsis
            
 
 
            OAuth 2.0 is the industry-standard protocol for authorization.
            
 OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
            
     desktop applications, mobile phones, and living room devices.
            
 This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications.
            
 
-
-  
-    
-      
-      
-      
-      
-      
-      
-      
-    
-  
-  
-    
-      
-      
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-      
-      
-    
-  
-
            Federated DVCS RepositoryStatusIssuesPRsWikiCIDiscussions
            🧪 ruby-oauth/oauth2 on GitLab
-The Truth💚💚💚🏀 Tiny Matrix
            🧊 ruby-oauth/oauth2 on CodeBerg
-An Ethical Mirror (Donate)💚⭕️ No Matrix
            🐙 ruby-oauth/oauth2 on GitHub
-A Dirty Mirror💚💚💯 Full Matrix
            🤼 OAuth Ruby Google Group
-“Active”💚
            🎮️ Discord Server
-Live Chat on DiscordLet’stalkaboutthislibrary!
            
+
            Quick Example
            
+
+
            
+  Convert the following `curl` command into a token request using this gem...
+
+```shell
+curl --request POST \
+  --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \
+  --header 'content-type: application/x-www-form-urlencoded' \
+  --data grant_type=client_credentials \
+  --data client_id=REDMOND_CLIENT_ID \
+  --data client_secret=REDMOND_CLIENT_SECRET \
+  --data resource=REDMOND_RESOURCE_UUID
+```
+
+NOTE: In the ruby version below, certain params are passed to the `get_token` call, instead of the client creation.
+
+```ruby
+OAuth2::Client.new(
+  "REDMOND_CLIENT_ID", # client_id
+  "REDMOND_CLIENT_SECRET", # client_secret
+  auth_scheme: :request_body, # Other modes are supported: :basic_auth, :tls_client_auth, :private_key_jwt
+  token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path
+  site: "https://login.microsoftonline.com/REDMOND_REDACTED",
+). # The base path for token_url when it is relative
+  client_credentials. # There are many other types to choose from!
+  get_token(resource: "REDMOND_RESOURCE_UUID")
+```
+
+NOTE: `header` - The content type specified in the `curl` is already the default!
+
+
            
 
 
            Upgrading Runtime Gem Dependencies
            
 
@@ -219,7 +186,7 @@ 
            You should upgrade this gem
   
          • Please do upgrade, and then, when it goes smooth as butter please sponsor me.  Thanks!
            • 
 
          
 
-
          * MIT license; I am unable to make guarantees.
          
+
          * MIT license; The only guarantees I make are for enterprise support.
          
 
 
          
   Standard Library Dependencies
@@ -236,36 +203,7 @@ 
          You should upgrade this gem
 
 
          
 
-
          Quick Usage Example for AI and Copy / Pasting
          
-
-
          Convert the following curl command into a token request using this gem…
          
-
-
          curl --request POST \
-  --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \
-  --header 'content-type: application/x-www-form-urlencoded' \
-  --data grant_type=client_credentials \
-  --data client_id=REDMOND_CLIENT_ID \
-  --data client_secret=REDMOND_CLIENT_SECRET \
-  --data resource=REDMOND_RESOURCE_UUID
-
          
-
-
          NOTE: In the ruby version below, certain params are passed to the get_token call, instead of the client creation.
          
-
-
          OAuth2::Client.new(
-  "REDMOND_CLIENT_ID", # client_id
-  "REDMOND_CLIENT_SECRET", # client_secret
-  auth_scheme: :request_body, # Other modes are supported: :basic_auth, :tls_client_auth, :private_key_jwt
-  token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path
-  site: "https://login.microsoftonline.com/REDMOND_REDACTED",
-). # The base path for token_url when it is relative
-  client_credentials. # There are many other types to choose from!
-  get_token(resource: "REDMOND_RESOURCE_UUID")
-
          
-
-
          NOTE: header - The content type specified in the curl is already the default!
          
-
-
          If any of the above makes you uncomfortable, you may be in the wrong place.
          
-One of these might be what you are looking for:
          
+
          If it seems like you are in the wrong place, you might try one of these:
          
 
 
            
   
          • OAuth 2.0 Spec
            • 
@@ -277,6 +215,40 @@ 
            Quick Usage Example for AI
 
 
            💡 Info you can shake a stick at
            
 
+
            Federated DVCS
            
+
+
            
+  Find this repo on other forges
+
+| Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                            | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
+|-----------------------------------------------|-------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
+| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]      | The Truth                                                         | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
+| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb]    | An Ethical Mirror ([Donate][🤝cb-donate])                         | ➖                         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
+| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]      | A Dirty Mirror                                                    | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | ➖                            |
+| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                          | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
+| 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
+
+
            
+
+
            Enterprise Support
            
+
+
            
+  Need enterprise-level guarantees?
+
+[![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
+
+- 💡Subscribe for support guarantees covering _all_ FLOSS dependencies
+- 💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]
+- 💡Tidelift pays maintainers to maintain the software you depend on!
            📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers
+
+Alternatively:
+
+- [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite]
+- [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork]
+- [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]
+
+
            
+
 
@@ -342,12 +314,7 @@ 
            💡 Info you can shake a stick at
            
-      
-      
-    
-    
-      
+      
@@ -441,30 +408,38 @@ 
            ✨ Installation
            🔒 Secure Installation
            
 
-
            oauth2 is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by
            
-stone_checksums. Be sure the gem you install hasn’t been tampered with
            
-by following the instructions below.
            
+
            
+  For Medium or High Security Installations
 
-
            Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
            
+`oauth2` is cryptographically signed, and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
+[stone_checksums][💎stone_checksums]. Be sure the gem you install hasn’t been tampered with
+by following the instructions below.
 
-
            gem cert --add <(curl -Ls https://raw.github.com/ruby-oauth/oauth2/main/certs/pboling.pem)
-
            
+Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
 
-
            You only need to do that once.  Then proceed to install with:
            
+```console
+gem cert --add <(curl -Ls https://raw.github.com/ruby-oauth/oauth2/main/certs/pboling.pem)
+```
 
-
            gem install oauth2 -P MediumSecurity
-
            
+You only need to do that once.  Then proceed to install with:
+
+```console
+gem install oauth2 -P MediumSecurity
+```
 
-
            The MediumSecurity trust profile will verify signed gems, but allow the installation of unsigned dependencies.
            
+The `MediumSecurity` trust profile will verify signed gems, but allow the installation of unsigned dependencies.
 
-
            This is necessary because not all of oauth2’s dependencies are signed, so we cannot use HighSecurity.
            
+This is necessary because not all of `oauth2`’s dependencies are signed, so we cannot use `HighSecurity`.
 
-
            If you want to up your security game full-time:
            
+If you want to up your security game full-time:
 
-
            bundle config set --global trust-policy MediumSecurity
-
            
+```console
+bundle config set --global trust-policy MediumSecurity
+```
 
-
            NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.
            
+NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.
+
+
            OAuth2 for Enterprise
            
 
@@ -492,7 +467,7 @@ 
            What is new for v2.0?
          • Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
          • Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
          • Support IETF rfc6749 Don’t set oauth params when nil (since v2.0.0)
            • 
-  
          • Support IETF rfc7009 Token Revocation (since v2.0.10)
            • 
+  
          • Support IETF rfc7009 Token Revocation (since v2.0.10, updated in v2.0.13)
          • Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523)
 
          • Support new formats, including from jsonapi.org: application/vdn.api+json, application/vnd.collection+json, application/hal+json, application/problem+json
@@ -912,7 +887,7 @@ 
            🚀 Release Instructions
            
 
            Code Coverage
            
 
 
            Coveralls Test Coverage
            
-QLTY Test Coverage
            
+![QLTY Test Coverage][🔑qlty-covi♻️]
            
 
 
            🪇 Code of Conduct
            
 
@@ -978,7 +953,7 @@ 
            📌 Is “Platform Support
 
            spec.add_dependency("oauth2", "~> 2.0")
 
            
 
-
            See CHANGELOG.md for list of releases.
            
+
            See CHANGELOG.md for a list of releases.
            
 
 
            📄 License
            
 
@@ -1009,7 +984,7 @@ 
            🤑 One more thing
            
 The primary maintainer of this gem, Peter Boling, wants
            
 Ruby to be a great place for people to solve problems, big and small.
            
 Please consider supporting his efforts via the giant yellow link below,
            
-or one of smaller ones, depending on button size preference.
            
+or one of the smaller ones, depending on button size preference.
            
 
 
            Buy me a latte
            
 
@@ -1039,7 +1014,7 @@ 
            🤑 One more thing
            
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index e907042f..fd142d2d 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
            Enterprise Support
            
 
 
       
diff --git a/docs/images/logo/README.txt b/docs/images/logo/README.txt
deleted file mode 100644
index f65be35e..00000000
--- a/docs/images/logo/README.txt
+++ /dev/null
@@ -1,27 +0,0 @@
-Galtzo.com Logos
-- galtzo-floss-logos-original.svg
-- galtzo-floss-logos-wordless.svg
-
-© 2025 by Aboling0 (https://github.com/Aboling0)
-
-Licensed under CC BY-SA 4.0
-
-https://creativecommons.org/licenses/by-sa/4.0/
-
----
-
-The OAuth 2.0 Logo - oauth2-logo-124px.png (resized)
-
-https://oauth.net/about/credits/
-
-The OAuth logo was designed by Chris Messina.
-
----
-
-The Ruby Logo - ruby-logo-198px.svg
-
-https://www.ruby-lang.org/en/about/logo/
-
-Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5
-
-https://creativecommons.org/licenses/by-sa/2.5
diff --git a/docs/images/logo/galtzo-floss-logos-original.svg b/docs/images/logo/galtzo-floss-logos-original.svg
deleted file mode 100644
index 40358dec..00000000
--- a/docs/images/logo/galtzo-floss-logos-original.svg
+++ /dev/null
@@ -1 +0,0 @@
-
\ No newline at end of file
diff --git a/docs/images/logo/galtzo-floss-logos-wordless.svg b/docs/images/logo/galtzo-floss-logos-wordless.svg
deleted file mode 100644
index 45620af7..00000000
--- a/docs/images/logo/galtzo-floss-logos-wordless.svg
+++ /dev/null
@@ -1 +0,0 @@
-
\ No newline at end of file
diff --git a/docs/images/logo/oauth2-logo-124px.png b/docs/images/logo/oauth2-logo-124px.png
deleted file mode 100644
index 41a8d35aa834108cdfb86d5b9d8eef369367c324..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 13391
zcmV-VG_cEwP);*gahA3bM0|@pO
zijgSR5H$hG`#ry%`Olp1&F;Osmk@&7GxN;uzWqG^r=N4)9n81+Hs9vkRi`anxNwta
zKJ%H|9B{w^dp-HdPu~BDPkiFS$3FJ4$3Nl`k666le*0bc;0Hf=<^Aq=zt#7-&wW*Brk+Uxk;ci(;CuDkBK{~hjdhrMon>sxQL_uhMNGMI1cS3BZ}BQ|@}
zo8GkhYhU}?1uuX3%a4B1i(Yi{^Pm6xCC`5LvsWB+&_P`R-z`|MpnJj-p3pt|(U0yP
z{_ux)1$cM=``^DSz`K3+*{8ev-S6HN=v@Ka?Xkxm-5u|E$8N_RcU-ak_S-MH?QL&+
z@-1(9%cF00vzslr@r`f1d);!g!F*eH?USGUD>s!0mz3z40%U<@ft^n^2IpmP;S$XYgS)3c
z{pmwt*nj{1yL;dJ-b2t!!@F&_-L|{ct!~wAv&}YLK5u%{o36geO>T1D7F%p_!VPbD
z!$UUSc;g-Gkv1I6x3%9+Ipvg{zy9^FFZ$vazj)ebKJ%HCpZ@fxyAOZ(!`-{z{qFAV
zZ-0CDwzs{lJL;&Tx(|Hd1KkNHoX~yiTi@z_{No>Yzx?GdyYtUKzgxC!S@+k!{|~1`q#g@fB*a6
zq2cfU{O3Pi`+eogl|x#!YE^g1C6{!UUV3Tw-~ax%TfKU9*KY*lH^2E!_oXj=se9F{
zUNsbet+v{#E0DYET<1DnX?l0d4?FkV
zb1(Sa?|wJbx&pl`(7PZ0@Q2;mXP@0IS+ZmZ@IU|g&k*hP*%ASu(Jin6f4J?k%PtG~
z9U2}NA?P>zfANc7bnkoL`@{r8ZLi1f3hbc}Y_P!w7u4^=inblhxACpa?hb$Z+ux2Y
z;FbfaKp$%EuYdjP?zg}FZTE*i`~k>J^BPp=G0kg$?mB<^)1QXs{w;5LOLz3qN4w4t
z{IVd-_RuAis~`xrj|81SjBB*tH7e2vJOaAU3k1;Awm
z)F1!&NB(yRbm*dsF6#dBm%oe!9R+aa_`LJZ>mK;P2Mz(_Op?upNsg$H@+bopzQz;U0ifz(biXYpf~=}kA8G$ndoIq
zH!UtRPP2gw?0g4)fVJIcfS*y*1Gp&sUiZ3J_mGD?q+7grai@LlYhUZ`agTd+`|i7M
z_ktI^z_~zPg911cUVd7{F0vQc4WD6DbC0Jz?P<~U(6XXKi#ER6fnChr_vDjLKAmqy
zXP$W`(=AeFa%mG_qv6Bf-}%mWhEe%TUhR80d~FLj6Ws#-!WX_U
zfG3!1{r*s+4?p~HDcUe#tDJo3yQ^5!En2il9~?gl_|o{t1n|)5Mf+YYfPVk`-@jQ!
z*@u@oz4Y7P{`N4+KJB#A_(4FUH2~*>&pGFuVFBeyPkK`Kl&3s}3C2vIj@5J|XcOQC
z@P|J1p`!X(0Y?G6jp7MURq%#@Z@u-_-HmQ^BdOXD{HhCd7!fBow_*5w(`c!uA@@@kc5Mf6G8MuM(Y%%S3jm~)ng1!66R_nV;Ux2j$M
zPc(nf{{+y79d_8pRrWll0PoN-#~d>>P4Fc7LzYWIp)ykZDq
z4UW*7RMJM8c7B|o-TBUU#%LNnH02S12Rz^b00T0x5#ZMVUE{BrZzf&2Rw1WteElSi
zrFi2T-`Mx<$CQh>>IQT*pt04P-~8qi0aCyZ1Fj$Z;0Jta2-vfNPJ_4s{u|(OX@cWB
zZ6^pKXaM&?k9oJvd4e_?je!5CM?I?h;0HhGxK!dsf({@VgEWr$7O8tCErlCkhbC==
zKZP4~jcZ)v#QNOoDhGCH!uGFu&1=qPDhv4TxZ{rN&N}O?01e1|r^S8;^fk=7l&l6!
z01n{za5Mxx!Q96`{&B#r0eD+O7aX2+(n-p)L!bMrU;WBwt
z8*THfz~$Q~2K^JC_ymj9Zqjd~buH*;U+Y@e+Wx9E9=&S~RW2#OnO*}L{FbVj&PicZ
zy@uxaagTdkSI2ghq5-}IJ-`pm^|8kuOOpZ4_X@IXW6u3{AAqn9(Q?G3w?&v#(*h99
zrNOqxe~$#+aq9S@eQDVn-tdNKKENjeT@(*cfua<&X?4F9c+rBsq&|0D@4+s=wnqWJ
z^rbI-=@68P%4reJ8fx>Gzx-u>bC}Q8SaX+Q$eMW2Rmuk7nD&6ql&WwM5L(SzDALdr
z$4j#a%BWz?e)ncwjDpc_{#q&3v-nQf2q6&Mi^c;Icz~qgK=+#fI97JxcOv+)fFtb-
zU-*LPT&*3ThG_c&;ar(V3;NRf++)23yCxg#Qh+a2wKDb$Y)r&(0Euw-rfBPB5XcXdL(cHIzeC+lB$LL
zmX^^_*8yzGu7rWRsPXd77&+}{4Y&-k14{#Nu7Jr@Vtvqq9%QzQXgz?7;DJu)Jd2=A
zB+g&kXTk)(?|uPt4Y1=XqU{-2sp(QmtcFrub0`35haP(9&^7g2BKVm1^6A^HH(;0M
zY*};;Un+FreV?^xZn`O^Vcv}77@*Kbg%zM9-vw*MbZ&?Mu_DYoYycd<+aXof$AFFN
zIyV|F4$uebW$x{nbDowIuzj|3>T}EWL9;i0%wryN5-@4dJKph*08R4{V1Nh&Ge>BU
z;mQPLB3EGBCjcWHN!9vk8YUw99B1ST*n%ikG#Z3KYnAw2LX#OU8UAD?SQS1$z{ji$
z`j~FV0$Wv%r2sx6I1wVhxg6*8nq0qqmXogZJiVm#7(hSrk&onij4=aw4N_=f(rMgI
zJMF}jGQa#he@X}ta}3O+Yymu}oPdmG5fmCt$bf+v>x^njlUXkL%@ruqrZ^M-E`u;k
zI8G>8Wl4xEFIJ0iH
zia?1b^W#3F@jeAh22xUi^T{%p;o=&!+;%xRbA5S02)iqK5q=1a`+k7Z+08Y>*Ja;_N)^@@JOJ|fWEdd-Wr>~CZ5_~5h
z6EwUdByH_|_jLw#N#&+RXPL|=jiGS>WzG#IpqW6I6RT|tRQTSSdQ6K`YIPkEv5AUi
zkPHK{yWQ<>lQ6$O;XnY^{^ojso!_P;%N$y*?Vp3DzPHF&
z{mv}fbe#Zxm%H5Mhyq*?0yN<29MI4>(A%h8)eXg0lYYOYS1MAfb5c9SmT1p7N))UD
z*5Bt`R>XI{FkrVNV013OOaLYUbt0mXOnRDFq}-tGVwafxX=?A%*7hDpT;X7sFWIM3
zjY||wm~ws@*tB*W=%^2RfKOq@ry$INf_J^^U2ug`Uqjgqz3KI00TBUh32LefQ}Ui{)01644EfISoFeSaPeCk&aV
zMymyMVV2L9Fghl+1v@4`k$=l@RXh>7@6tEfgyGFx!*|<~+6m<10&)$rW#rtx%fq>{
z7W5QU`p?@p|16B09k40T%oTL}YOlR;t%F^Rym{r%7Xh397CqB!QP-nN#xa(rgD4|euDk2d>6O2IzcV?@vT>AM_RVA|}L
zRuMG634mwveH`^cr|Esr{hkJNuEBkC-HVEDzP5e$QKX;QR8Rn@oDu*%XtTPD2sTnQ4H
zcv1f(&)qlgsk>huO_v?D*F9>jfn7d(`=S;68-J+y4`?~0PbPf~=p&^ZjNRp3_
zB>Vb-oCa_-%BTB2z8So^w4FGyqG;_*nkb)joD1{c%Ar67c8FOAdJp)Kz8u)cAAh`v
z*FcHEg)plnOaxZeYXL_sTLp17pLOC|@`8-pcWCGk#NG>d3RQ5H3
z$I<}1UqeA}l!=tBBm
z%c%{*V21f{Q#9Hpb5PY&2F|?#I7#r(?Y584_JFR*uLfY+*eCliSa1edVCUHE
z&-`!z&}<6|0Jb(7hASD18B!q=!4t$-l?W%$OFlDRT;PvQ7)o*-xY8
z&`c}s|L%9c+g$+-0E$7h+%qJ&i{J%7c|PBq*)8^sqZV|tc%tQf&;xkBqfyJ3@wJ^H
zv-z9=uaxG1OzX9-3aCsvz@z1(Ku4{n({6LfSP7<2q_4vmhx$=+G?{6p-M)*Kji+N|
zz@|ySHbg2-xq_RruV0WeOBOm&HMmGq{Kw0)-^Yn3h)AY
zrwXiAiEvfb0(K~7J=Bld13K+C8&wrdL8HxkTe1y+G6BZ|m-e>D(g?m^j*RJ;Y^-=4
zx6D9AES3S81a=6>Ko^uoVD)1ZwV<0s5iJh|@KH2wb_`)$Ri8Ue1$fn-7s)Z@-O?7I
znnXyuL*qbi&AQ*}*eTisz)_T`K>Q#}5G`s+z(kT=OI&azHS^#xH(K8I3&^xxpvkXK
z0=jES2?cPYv>eT5-lds%mZ?*VCI-9w=0;V?I-PIK>{4JO+C3ZS0bD9ZyZLTJE5i_!
z?_mfaX$3#2BuYy#B*!{mUd^P-sjtjtf&-zXu_2~wH&wl96b&&(Nf
zAy^$db&!PNfzd`&!HK!&wvVxlT=Y(Ei}*v
zzX`BsCa3|}IX+u*Eh%eWI26!lTkPO>J6@im)vD`V?|PHHTc(C54_5Ll;B|^tn->oB
zv6>#RL(IA9$9dx+?bRuM83Eijc{ULFYz#^D%6{e>=mZ19_;%Y&ah|40*HR5@^Z4Y@
zz%n6W+GceNixXdtJfn$0TR*TXfh^wgCZauV|ys)SUplgNI>|-X`*t^kNK&_
zWvMR!Fx@tc2HITQgweLt;nm*7I|MgcoIWJ}u$0KWyzCF9@26c2!`E5Uh-m
zF(Y6AA{>)8K^-9p$ow0C-6yL`lx}?n7%Aj5&5|Y{dA8!6nt=Eva(h*uiw&E1e
z)EDsZg$1zSA`2ZSHSa04dItUUOy}3zB4?iWR=#Jq8W^|?;D$i~3cMLWkA{c%Ze~|>
zE{AvHkzh0R(J+-F+H0R~CrdKm-h(PK0WhKzN%?Nnaq8D)d
zOqEH5fCczWpvSZaa2l?Rs@Rh1lLtWYVJdi-oP9bT&~;crg}|gB18`vJ^d!wNtm`w~
z$UOqSXR^;k3Bgs~(c;-y0r!}+8Jux_8r_b$2XuX*JixYHe;osK`Fmd(GMTcJE-P32
zfX|qxYnCswU`1B{yPO3ukVNM*dd_I3(lijIptFIVRja8H
z5Hf;?^_&bl0fS1YKyGY(^xDCMGGSq?|lOD6q
zXUlbs=}NKO1XH;L!BGHD02Ru_1?drFps}wcAb+oX~6awKkazmftY_X
zuw5|d8eEC(fJF(O92e_j&}S;Z#W~yrpa`9QXFgr}oWKlttS7MbBbFx=#n7j`m;gWZ
zmy2?*Omm(=(^CcH#|5OWwf9KCOFQ?o@`K;8_A9T(MA7hQIr9x@9bg7Mln3OOXt$EA
z?K%Yn8q_BmAYE}R2Iz41MfzP+0H(H{C^i(J1$e9h^9@i$I{@h#w!4O^Un*Jvk7lNP
zOYo*_`YIK3T|!AwJhNxj56|h7Fk!w~Llh%@8AYC*ptDFoLxkIQiUA8i1AZjv)x=SN
z&i}aVHxlsj84Km!S>V^#ZeTOtd?zb_$sR%nJrvDKNX5Z6`b!WqWGsuE9()m%ydP3GjdpOwYhf+wa-j2e>JFx?kc1Yrm#x0x1H{OlM><
zvsv9YGjd!Xc-D%;t
z*JB>fck{z4NI(wg{I&UAEP#9%(9BKyFn%j22sQxjceE8b$L|0oA`eq^5*Yb!k)&q;
zjH%<#-8)gOECARUGIcJd=NdGM24YZ3xtZcj%VS3EqY=}#uYUEbz}6qYB=~ZF_jUgS
zpupDu+>_mt
zL9kIKgrGj~`pTL)&Zr-YlU6Hx@PPsfTo;dfwe>Rd&b@!d95ex%)eX`sAjf=%n
z@nZmYyax(lMBajoN!cC(jLv%op9$;`M);(;CLds?@3w`}G2_lP>5zswFC$YZK07gl
z^m7i){Pq-Ekn06Z&y)odR*Dk7et#Y3JeH7^A`IE5AB2+d>jPj%@!NKkV3v!_Sb(=@
zaB)B<5X(jaUitG%sf`8rYT@!kel(gh3jvts%EOJ6<^R5r4$^L##kXKaKtdR1UreD$
zSEnNJiE0IT7?c;~Mr$Ha?m?hvjI@uSIxiJA&*Z+M=DC9HeJmN@r-6i+u(pC5Gp;Wz
z4I#{6O`cU$uMUvcg#~N`Y=AkB<(!G{_9N%x84C?~$|u+rtgajhc+Iw04d?>hK{2x~
zHW7JHQpO!9jQAbG=sZ;NW1z=WV~h$Pzl1S>;*Xgy#|La?Jb_(C+8iGyON-(PJUhX0
z&jds6=URf(IWz%MM#GXj6F`NI#2RrY`fD5Ekj(%ukvOoWX|ZCCX%&RKkbMw_q@c4=
zUZa8^c$1e9;=$^XfY;=_mB6B*0)~J+4d4PP=^8)oe4U{AeZqJT#gAp-9&2KII-VfR
z@xW$1q9rID6U?~=H$vmGKY^lSa!=dzZ;s7##&5@!1axBugf3vGF9DP*0=o1K*b%}$
zrQkxiMfWY>69Z3iXt?Xt?BmfIUO+7qt%}ew3DbZ!A?cuCO0dU|$IOpCo^&%?{H+JX
zm{ura{$vd_$n}$thB+9|EDF3Z)pc{<42mRpw4YC%YvTf>bMe{n+wR3h0FuJEXRj|Y
zxAx1W6Pb@9eM~tP;OWDpRoeSV@q5{V?(AeaSJ#wr(
zlQ!@(xnEx(SPX80VDQiJTQOa(A%Nqr1t_i^z$5LhBXBWfI#)AJJAoabe4+$}tc+-!
z6;i;7bqN4|GvffzU#=<{PfICaQ5-_fq|XI#E|S0qxLKdYsLg^Ub^0$$+E}Dis1f~RRQrMbcfB_vyv_!t{nqdU9
z&nICN$rt2dPVS#MZ?>i53PmbVb7&SNdL9ve%y)u8_hvSc8hxv=v2;Mw7ugQ538KC_
z#(DaZluLi25ctGe7}ab0hbFkm_-_8TP%We+bR^zU}fgo#4Gd>Gg@pP?RS00
zV4zol&7qkQ3&e~~yJj2Vqm1IE0OWg~qs@tF7d~43iZA`X>ZAQKk!ZR;vrKKR
zfp$rYTtlCj*YF~hGy;=BC;dp=;at^D+MnXoOw`B4IfAwPdH#w5ee`&E)n7L$%~;|+
zry}*7tn(viq!3_;YMGfJMr>%Z4y9xH1X6-9*8;X^Jf<1Q%o6FhKSdSSYlmW;Pb>H=
zQ?lmJ3^*9JbZ-J1OO^icwX{^~l?qx?J%D;vefA7~TZj+~6yGi$p>6i-m%iXZ6d-(|
z6ozss94(E~%|?A(+>3?vtV_ybZZa6x>RqR&culq7ZHD2^v4VhMw1i1TOgO1cr$PbU
zu^2=PFtHsV@LN4V0fJ`p`za~_8*}^?jT+jVLo>t(oYcC3olGLk(&+z~AZ=gb7W9J!(w9Ei$Zwi&wy-sMGJ&LilTa&wz&6b7UMCM`YBfjfXekUWXEHHj
zQm|1vZ{P(8n2-p&Pnlol!7{_6?R?C**Lz_i!Eqd|4(J#oPoAC9a2i
zVI^cJgmlJPtNi$a{N04qKxcKPM`N`o
zm1ZZ$P9DzO@wszpX6w+{6j6W^H$ubQBdK75AST^5rQnRh#Ui+lG)%ClZz62qIzD|h
zHetKp?!j^a+i#XC8gF>oL=%=GL%&lH1(o9y80Br%!I|f!*PQ0v$`oG)bn~Jz&#Xs4
zA4|?*qNQeXavjt;9g7*3ql(CNQfDy{=rkIG_(Nc0zWpL$8tpsNYAWuuO`ilxF~d!6
z3%G1={bDpM{m#&8pC9@ZpY54}OGsTOVC!SFneghX{;(cC9dGV|*at5%O==pVYyvfw
z&tHFDR)a({uRN)xJeyXeettCtm_*(>+9w?yNl9na)azQ(1KI=Z{G(C8woQk90+e(r
zb_i;sX*3^U$ed=TWHp8W&@~AYVnIUr%^ZdVXh3Nx&q4r^ZJs@YI)Kx6$MDtqN^m2r
zjt%8+yb%6~s>{NfS>zg-4Koc9PA*U!z{;LqF~jWdRIfnh1m?J+c1$K|6N4S1<@|`C
z$ZQOt>KKLtRflXtZKs(+e$aj63Nk^_WDISNCDQ!mwR;5ku>^3z
zN#?AJP<2{o0Vp6O<>@TV=hv7%+9o)nVJ+YoyB;=gmIM%!o*AaBl)mVLLJEyDw!7&9b>%0nnQvqK6*q|itRI5SrufR-n
zPlNm4`xNkLF|#hfVa{|oDGs0mI_B60Y?ej9!yK{(>#K$nN}8Eft^haS63~Io%o7ZP
zn|`xulnLMhtiHP(rRnW4t?Lvw(!F-kC(KXIo)7`8r|bmiLA%L8fv
zH?pS6sEDK=Ot^ir5=ALIFh3q&=8}dXR@eG6L%fPWg1^HCm#0-J^EL(0#UjYkcoiht
zI}O+&)N4R{I&X`(xGIXb
z8C>306AO-$+nJbX_GOmYPD=d>oKYphQ`a?}D2!^EVp~9`>G>yr-xI}SX7b#2@jJ>0
zR0v}-HjVlV^D^IkjX88E11wqg)DE~H$7f}0z|Q}t*pBl2c^#U0^sHG@*EtYttH9&s
zKfq?vj~lFwR=#ul^1UmhRc69q6zQ50?2t|x2R9JHhe=le9L9ubzCeza8UZ2*EkywG
z$`6*nIibV`gaQDB$M<9iZH^2q&*b=4pz;Yw8ZEfW2p6(1X4;UeK_B;Wea{o}ysU%Z
zmpK>1goksXte@v<`E9OcMU`f^AFQob_1UAcPTUY<#>pq3u|nWFK(A{vb9s?Z%P0U~
zH1jx0C@`Iw$7sO2Mk^Ev1kEtbN{+tZ#NVoz0WL9xeMun+o{5F5li&Sk1-$-vj>H|I
zj1Ab&qIr(+BK(<@kL?gN;gO1o%#C}jwf`-PFTZ&KbCIDtTB(zn4Ko4tA3p28F&XH2
zeF$c`cFQo#6~qBP`w`7FxWi{Vh7XpH<`}>z-(s@g^5xX$BQUN(*a(#KT!Y{MJNtp{
z8h(o-XlFppeE{tm&daMrkz+*UER=%}8U-i;8~}4Xb1M3$*?gpTy9Ge!
z5gf&wTthBQU=kc+q-ziy*I=ey1Bjj>&*2)bnd!;`Lf3SDp4oTz>T4ejT2on0vh?$imr_T1l76G@uNnu7c
zjzGy#X*1?VTaf#)2m&A91451g7=X<_$pIDR>Y|6b}QYrI223K^e66X4sQB1qE
z37`NX05S2jN{3vViKnGZbTkjeRPwE@Fyy<@DCf`w0b2`L)}+yF8pvW~ziYD?wsS4c
z1(<7Pe~8H!A2_!KI{Q2u(7A>1=JHTdLeHfDCGL^h9x+%Kt)|axTH1Z4KnpMerwP}g
zd2o3zu$g2;Lo#_V{{}>mXu5cT04T5o)G!thEwk+xm<1q=XKrb!^D@sY_XHMS%E*BR&gIO0fB7B}1$xIRX&?m=`lT
zj)1~7m_mioec|xj1dm^54FYzKBQ!qyK(Ja$5a_%dKZ+;;%j7K>
zO0lAIz#kY4t_;wRkx~KO;z6Kg&UZt3@gA_5=Kziwj>j}0(zd)gD$?yc-!6y}m8vdT
zk}PNhBI^S5Xgx3jRKTJkd~SbVdrW}#d(?5RK_GG+_snDl<~#jt`%DM|aOUQvz8)gv
zqu%n6Y0un{ax6DzUcoU}8rVtI3iOkbN1Mi!WkgLa8iN9M$Zt_DCaXRX0_9DD;ry0y
zd2=#<%cRkE|61&A#_~~P<+MNw1e64KKKt4_j_hxN2CQe{!$sVP+4noqJ3!LMK47-d
z&eRoJzujs*)82nIiasl0b3rP6Duvw5N%dU{cBMA8_ASe&pCgY3y4furHd0IanM^ZS
zfSln%U<28#46@!!u)_*CM}7~;(C~Nu
zUzNLINeGp5nvplwNFQVeo*zi<081aR{HE0j=&~(q?OMS5uSLN#_vVT$7cxiSoT}z+
zIaps>MULB*A78?!105K7_gGd^3f3?{$V1yU#ue;$qST
zb^+aU2k@L5u#?3o>Ubt@Ye~^|gY~UddN~u%T5n8_^=>F$|oQ
zTJTf7$}Ctu&r%zKUj9Un)(iM-6K?>&o>vg0NFx;kx>75U#S$z)7C7c!Eikl{X(w<5
zBEzdK0Xcvp0)P^<<<;YOlV#QJE!8D-`m(fWm%;klYLem}K$lJd9Yb}h_pTS3-cDu^
z_#{uAgn$sY(SqQ21i&_$#D8b-g=uE4X;4zJ6i|Rm=$tpoFWcVU$9V(khC#DY-V;ucq-umI%$|t?
zXeLkk48S?24;b>?v>327k8jU!-+?X)2V7>=^vU)JV&6&;1i_+Mfol`2om~Oq_JgZh
zD=@Yypicz4v<>hW1+a7&2qTz-W_l;P;)?)G1RF-rcAiwr=$8P``e~nj+n(nc^(?d#
z5CIs`aK1L%642?}G{jYa<@O$qfc4n&(yj%jV5#%Vx{$2a3BVljk0vuJq50W
zCu8i#ln<9@U-ert_Mj?`ET`oLMO4W!FcS>NFeXf7_8do(RGet25+lUW~snaFh&VN8z(uwIdXDf{wxt~7?gk8
zxAv;s1M`~^Bb6`aHi9yWvT9TH58&$knC-f9Xx9a}h~IT)1I#f5G++}tnMUq2jrp4SJFA4l#Xs?Hzk($ox(_K(l%(OfU@g*m3~pEGyh7qXvL6gyCWU
zk-2heG*X1jhudy6DjL|QfZL~R&u1nwW(+>_WzbN?NEOG*z)Vk
z^MB;ExE=UF0WLF~_o5)$H4c!F$ld^ii4=eZMAoF!e9^jrifCu*-Og)2Tgq{nP?1qL
z*Ax_rz(wNA>t4s!=MIDUHY4!cTD4l*enEk4-nIGH#=cE{F!rrrB5xJ(CbCWx+y^I1
zbXz|f5L>_7KW`M+w3yZk__z|!fHGDtr?&5ciaQP~(6=4Tx2dK?Z&7}ILCtbGC9fax
zc1Q1zGw$s*-z)*MEXp@90*GeXQR{yr3}eaukl&dXU*IXS7}#)+tVs1e)iI#2D!@;v
z;}(=gZ!wr}m#-DDI~VAS%EX^m+P>1bcfBUmnD=loT`htq1T26wPe3R47WHSWJ(D1q
zUM3i2IaKQy;zgRQP4P+c#N!Q92RW*^h)J`p3)lOi@w~N#jVASU`
zAwovLzY`pQuP(sPt3t~OB}9i5*gKY>Y&e*2>#o)NXErNf_b8ATc=dNpb2_;MV2OWr
z065AY_f*br@`D(F8<3(UpBK;tc!10ASD0y1vtLdwu#c|N>;hxcrQMqi=G*$!{Ii3<
z^C%y`SG|R5fB)80fFEDc|6)0RX}W)4TwR*JvNU~JY5L+y+m0`=7uK-r{-x=A70}xh
l@S6
-
-
-image/svg+xml
-
-	
-	
-	
-	
-	
-
-
-
-	
-	
-	
-	
-
-
-
-	
-	
-	
-	
-
-
-
-	
-	
-	
-	
-	
-	
-
-
-
-	
-	
-	
-	
-	
-	
-
-
-
-	
-	
-	
-	
-	
-	
-
-
-
-	
-	
-	
-	
-	
-
-
-
-	
-	
-	
-	
-	
-
-
-
-
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-
-
-
-	
-	
-	
-	
-	
-
-
-
-	
-	
-	
-	
-
-
-
-	
-	
-	
-	
-
-
-
-
-	
-	
-	
-	
-
-
-
-	
-	
-	
-	
-
-
-
-	
-	
-	
-	
-	
-
-
-
-	
-	
-	
-	
-	
-
-
-
\ No newline at end of file
diff --git a/docs/index.html b/docs/index.html
index 59b620b1..8ca23d31 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -61,84 +61,51 @@
 
 
            🔐 OAuth2
            
 
-
            Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
            
+
            Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
            
 
 
            
 
 
            Liberapay Goal Progress Sponsor Me on Github Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
            
 
-
            
+
            🌻 Synopsis
            
 
 
            OAuth 2.0 is the industry-standard protocol for authorization.
            
 OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
            
     desktop applications, mobile phones, and living room devices.
            
 This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications.
            
 
-
            • 
   
     
            
 
     
            
     
            Enterprise Support
-Get help from me on Tidelift
            💡Subscribe for support guarantees covering all FLOSS dependencies!
            💡Tidelift is part of Sonar!
            💡Tidelift pays maintainers to maintain the software you depend on!
            📊@Pointy Haired Boss: An enterprise support subscription is “never gonna let you down”, and supports open source maintainers!
            Comrade BDFL 🎖️Maintainer 🎖️
       
 Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact BDFL My technical writing
 
 
 
 
 
   
   
   
   
   
            
-  
-    
-      
-      
-      
-      
-      
-      
-      
-    
-  
-  
-    
-      
-      
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-      
-      
-    
-  
-
            Federated DVCS RepositoryStatusIssuesPRsWikiCIDiscussions
            🧪 ruby-oauth/oauth2 on GitLab
-The Truth💚💚💚🏀 Tiny Matrix
            🧊 ruby-oauth/oauth2 on CodeBerg
-An Ethical Mirror (Donate)💚⭕️ No Matrix
            🐙 ruby-oauth/oauth2 on GitHub
-A Dirty Mirror💚💚💯 Full Matrix
            🤼 OAuth Ruby Google Group
-“Active”💚
            🎮️ Discord Server
-Live Chat on DiscordLet’stalkaboutthislibrary!
            
+
            Quick Example
            
+
+
            
+  Convert the following `curl` command into a token request using this gem...
+
+```shell
+curl --request POST \
+  --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \
+  --header 'content-type: application/x-www-form-urlencoded' \
+  --data grant_type=client_credentials \
+  --data client_id=REDMOND_CLIENT_ID \
+  --data client_secret=REDMOND_CLIENT_SECRET \
+  --data resource=REDMOND_RESOURCE_UUID
+```
+
+NOTE: In the ruby version below, certain params are passed to the `get_token` call, instead of the client creation.
+
+```ruby
+OAuth2::Client.new(
+  "REDMOND_CLIENT_ID", # client_id
+  "REDMOND_CLIENT_SECRET", # client_secret
+  auth_scheme: :request_body, # Other modes are supported: :basic_auth, :tls_client_auth, :private_key_jwt
+  token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path
+  site: "https://login.microsoftonline.com/REDMOND_REDACTED",
+). # The base path for token_url when it is relative
+  client_credentials. # There are many other types to choose from!
+  get_token(resource: "REDMOND_RESOURCE_UUID")
+```
+
+NOTE: `header` - The content type specified in the `curl` is already the default!
+
+
            
 
 
            Upgrading Runtime Gem Dependencies
            
 
@@ -219,7 +186,7 @@ 
            You should upgrade this gem
   
          • Please do upgrade, and then, when it goes smooth as butter please sponsor me.  Thanks!
            • 
 
          
 
-
          * MIT license; I am unable to make guarantees.
          
+
          * MIT license; The only guarantees I make are for enterprise support.
          
 
 
          
   Standard Library Dependencies
@@ -236,36 +203,7 @@ 
          You should upgrade this gem
 
 
          
 
-
          Quick Usage Example for AI and Copy / Pasting
          
-
-
          Convert the following curl command into a token request using this gem…
          
-
-
          curl --request POST \
-  --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \
-  --header 'content-type: application/x-www-form-urlencoded' \
-  --data grant_type=client_credentials \
-  --data client_id=REDMOND_CLIENT_ID \
-  --data client_secret=REDMOND_CLIENT_SECRET \
-  --data resource=REDMOND_RESOURCE_UUID
-
          
-
-
          NOTE: In the ruby version below, certain params are passed to the get_token call, instead of the client creation.
          
-
-
          OAuth2::Client.new(
-  "REDMOND_CLIENT_ID", # client_id
-  "REDMOND_CLIENT_SECRET", # client_secret
-  auth_scheme: :request_body, # Other modes are supported: :basic_auth, :tls_client_auth, :private_key_jwt
-  token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path
-  site: "https://login.microsoftonline.com/REDMOND_REDACTED",
-). # The base path for token_url when it is relative
-  client_credentials. # There are many other types to choose from!
-  get_token(resource: "REDMOND_RESOURCE_UUID")
-
          
-
-
          NOTE: header - The content type specified in the curl is already the default!
          
-
-
          If any of the above makes you uncomfortable, you may be in the wrong place.
          
-One of these might be what you are looking for:
          
+
          If it seems like you are in the wrong place, you might try one of these:
          
 
 
            
   
          • OAuth 2.0 Spec
            • 
@@ -277,6 +215,40 @@ 
            Quick Usage Example for AI
 
 
            💡 Info you can shake a stick at
            
 
+
            Federated DVCS
            
+
+
            
+  Find this repo on other forges
+
+| Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                            | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
+|-----------------------------------------------|-------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
+| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]      | The Truth                                                         | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
+| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb]    | An Ethical Mirror ([Donate][🤝cb-donate])                         | ➖                         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
+| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]      | A Dirty Mirror                                                    | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | ➖                            |
+| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                          | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
+| 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
+
+
            
+
+
            Enterprise Support
            
+
+
            
+  Need enterprise-level guarantees?
+
+[![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
+
+- 💡Subscribe for support guarantees covering _all_ FLOSS dependencies
+- 💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]
+- 💡Tidelift pays maintainers to maintain the software you depend on!
            📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers
+
+Alternatively:
+
+- [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite]
+- [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork]
+- [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]
+
+
            
+
 
@@ -342,12 +314,7 @@ 
            💡 Info you can shake a stick at
            
-      
-      
-    
-    
-      
+      
@@ -441,30 +408,38 @@ 
            ✨ Installation
            🔒 Secure Installation
            
 
-
            oauth2 is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by
            
-stone_checksums. Be sure the gem you install hasn’t been tampered with
            
-by following the instructions below.
            
+
            
+  For Medium or High Security Installations
 
-
            Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
            
+`oauth2` is cryptographically signed, and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
+[stone_checksums][💎stone_checksums]. Be sure the gem you install hasn’t been tampered with
+by following the instructions below.
 
-
            gem cert --add <(curl -Ls https://raw.github.com/ruby-oauth/oauth2/main/certs/pboling.pem)
-
            
+Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
 
-
            You only need to do that once.  Then proceed to install with:
            
+```console
+gem cert --add <(curl -Ls https://raw.github.com/ruby-oauth/oauth2/main/certs/pboling.pem)
+```
 
-
            gem install oauth2 -P MediumSecurity
-
            
+You only need to do that once.  Then proceed to install with:
+
+```console
+gem install oauth2 -P MediumSecurity
+```
 
-
            The MediumSecurity trust profile will verify signed gems, but allow the installation of unsigned dependencies.
            
+The `MediumSecurity` trust profile will verify signed gems, but allow the installation of unsigned dependencies.
 
-
            This is necessary because not all of oauth2’s dependencies are signed, so we cannot use HighSecurity.
            
+This is necessary because not all of `oauth2`’s dependencies are signed, so we cannot use `HighSecurity`.
 
-
            If you want to up your security game full-time:
            
+If you want to up your security game full-time:
 
-
            bundle config set --global trust-policy MediumSecurity
-
            
+```console
+bundle config set --global trust-policy MediumSecurity
+```
 
-
            NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.
            
+NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.
+
+
            OAuth2 for Enterprise
            
 
@@ -492,7 +467,7 @@ 
            What is new for v2.0?
          • Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
          • Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
          • Support IETF rfc6749 Don’t set oauth params when nil (since v2.0.0)
            • 
-  
          • Support IETF rfc7009 Token Revocation (since v2.0.10)
            • 
+  
          • Support IETF rfc7009 Token Revocation (since v2.0.10, updated in v2.0.13)
          • Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523)
 
          • Support new formats, including from jsonapi.org: application/vdn.api+json, application/vnd.collection+json, application/hal+json, application/problem+json
@@ -912,7 +887,7 @@ 
            🚀 Release Instructions
            
 
            Code Coverage
            
 
 
            Coveralls Test Coverage
            
-QLTY Test Coverage
            
+![QLTY Test Coverage][🔑qlty-covi♻️]
            
 
 
            🪇 Code of Conduct
            
 
@@ -978,7 +953,7 @@ 
            📌 Is “Platform Support
 
            spec.add_dependency("oauth2", "~> 2.0")
 
            
 
-
            See CHANGELOG.md for list of releases.
            
+
            See CHANGELOG.md for a list of releases.
            
 
 
            📄 License
            
 
@@ -1009,7 +984,7 @@ 
            🤑 One more thing
            
 The primary maintainer of this gem, Peter Boling, wants
            
 Ruby to be a great place for people to solve problems, big and small.
            
 Please consider supporting his efforts via the giant yellow link below,
            
-or one of smaller ones, depending on button size preference.
            
+or one of the smaller ones, depending on button size preference.
            
 
 
            Buy me a latte
            
 
@@ -1039,7 +1014,7 @@ 
            🤑 One more thing
            
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index c388036c..1e36e73c 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
            Defined Under Namespace
            
 
 
       

From e26026623742fc7994fc3db681ba4f483f3ff2d1 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Wed, 6 Aug 2025 21:10:34 -0600
Subject: [PATCH 490/645] =?UTF-8?q?=F0=9F=94=A8=20binstubs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bin/appraisal | 13 +------------
 bin/erb       | 16 ++++++++++++++++
 bin/kramdown  | 16 ++++++++++++++++
 bin/nokogiri  | 16 ++++++++++++++++
 4 files changed, 49 insertions(+), 12 deletions(-)
 create mode 100755 bin/erb
 create mode 100755 bin/kramdown
 create mode 100755 bin/nokogiri

diff --git a/bin/appraisal b/bin/appraisal
index 5038ce52..bc7d25bd 100755
--- a/bin/appraisal
+++ b/bin/appraisal
@@ -10,18 +10,7 @@
 
 ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
 
-bundle_binstub = File.expand_path("bundle", __dir__)
-
-if File.file?(bundle_binstub)
-  if File.read(bundle_binstub, 300).include?("This file was generated by Bundler")
-    load(bundle_binstub)
-  else
-    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
-Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
-  end
-end
-
 require "rubygems"
 require "bundler/setup"
 
-load Gem.bin_path("appraisal", "appraisal")
+load Gem.bin_path("appraisal2", "appraisal")
diff --git a/bin/erb b/bin/erb
new file mode 100755
index 00000000..58e756ae
--- /dev/null
+++ b/bin/erb
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'erb' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("erb", "erb")
diff --git a/bin/kramdown b/bin/kramdown
new file mode 100755
index 00000000..547fd063
--- /dev/null
+++ b/bin/kramdown
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'kramdown' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("kramdown", "kramdown")
diff --git a/bin/nokogiri b/bin/nokogiri
new file mode 100755
index 00000000..8b72331f
--- /dev/null
+++ b/bin/nokogiri
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'nokogiri' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("nokogiri", "nokogiri")

From cea571c4c5ff85dcf09e64c984cdbdccc17e21f6 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Wed, 6 Aug 2025 21:13:27 -0600
Subject: [PATCH 491/645] =?UTF-8?q?=F0=9F=91=B7=20deps=20locked=20&=20unlo?=
 =?UTF-8?q?cked=20pattern?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- https://github.com/rubygems/bundler-site/pull/501
---
 .github/workflows/deps_locked.yml      | 75 +++++++++++++++++++++++
 .github/workflows/deps_unlocked.yml    | 84 ++++++++++++++++++++++++++
 .idea/oauth2.iml                       |  1 +
 Appraisals                             | 32 +++++++---
 README.md                              |  2 +-
 gemfiles/audit.gemfile                 |  2 +-
 gemfiles/coverage.gemfile              |  2 +-
 gemfiles/current.gemfile               | 17 +-----
 gemfiles/current_runtime_heads.gemfile |  2 +-
 gemfiles/deps_unlocked.gemfile         | 13 ++++
 gemfiles/head.gemfile                  |  2 +-
 gemfiles/modular/latest.gemfile        |  8 +++
 gemfiles/omnibus.gemfile               |  2 +-
 gemfiles/ruby_2_3_hashie_v0.gemfile    |  2 +-
 gemfiles/ruby_2_3_hashie_v1.gemfile    |  2 +-
 gemfiles/ruby_2_3_hashie_v2.gemfile    |  2 +-
 gemfiles/ruby_2_3_hashie_v3.gemfile    |  2 +-
 gemfiles/ruby_2_3_hashie_v4.gemfile    |  2 +-
 gemfiles/ruby_2_3_hashie_v5.gemfile    |  2 +-
 gemfiles/ruby_2_4.gemfile              |  2 +-
 gemfiles/ruby_2_5.gemfile              |  2 +-
 gemfiles/ruby_2_6.gemfile              |  2 +-
 gemfiles/ruby_2_7.gemfile              |  2 +-
 gemfiles/ruby_3_0.gemfile              |  2 +-
 gemfiles/ruby_3_1.gemfile              |  2 +-
 gemfiles/ruby_3_2.gemfile              |  2 +-
 gemfiles/ruby_3_3.gemfile              |  2 +-
 gemfiles/style.gemfile                 |  2 +-
 gemfiles/vanilla.gemfile               |  2 +-
 29 files changed, 229 insertions(+), 45 deletions(-)
 create mode 100644 .github/workflows/deps_locked.yml
 create mode 100644 .github/workflows/deps_unlocked.yml
 create mode 100644 gemfiles/deps_unlocked.gemfile
 create mode 100644 gemfiles/modular/latest.gemfile

diff --git a/.github/workflows/deps_locked.yml b/.github/workflows/deps_locked.yml
new file mode 100644
index 00000000..5178a8c0
--- /dev/null
+++ b/.github/workflows/deps_locked.yml
@@ -0,0 +1,75 @@
+---
+# Lock/Unlock Deps Pattern
+#
+# Two often conflicting goals resolved!
+#
+#  - deps_unlocked.yml
+#    - All runtime & dev dependencies, but does not have a `gemfiles/*.gemfile.lock` committed
+#    - Uses an Appraisal2 "deps_unlocked" gemfile, and the current MRI Ruby release
+#    - Know when new dependency releases will break local dev with unlocked dependencies
+#    - Broken workflow indicates that new releases of dependencies may not work
+#
+#  - deps_locked.yml
+#    - All runtime & dev dependencies, and has a `Gemfile.lock` committed
+#    - Uses the project's main Gemfile, and the current MRI Ruby release
+#    - Matches what contributors and maintainers use locally for development
+#    - Broken workflow indicates that a new contributor will have a bad time
+#
+name: Deps Locked
+
+permissions:
+  contents: read
+
+env:
+  KITCHEN_SINK: true
+
+on:
+  push:
+    branches:
+      - 'main'
+      - '*-stable'
+    tags:
+      - '!*' # Do not execute on tags
+  pull_request:
+    branches:
+      - '*'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  # The concurrency group contains the workflow name and the branch name.
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  test:
+    name: Default rake task w/ main Gemfile.lock ${{ matrix.name_extra || '' }}
+    if: ${{ !contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]') }}
+    runs-on: ubuntu-latest
+    continue-on-error: ${{ matrix.experimental }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # Ruby 
+          - ruby: "ruby"
+            exec_cmd: "rake"
+            rubygems: latest
+            bundler: latest
+            experimental: false
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby & RubyGems
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          rubygems: ${{ matrix.rubygems }}
+          bundler: ${{ matrix.bundler }}
+          bundler-cache: true
+
+      - name: Checks the kitchen sink via ${{ matrix.exec_cmd }}
+        run: bundle exec ${{ matrix.exec_cmd }}
diff --git a/.github/workflows/deps_unlocked.yml b/.github/workflows/deps_unlocked.yml
new file mode 100644
index 00000000..a14fc695
--- /dev/null
+++ b/.github/workflows/deps_unlocked.yml
@@ -0,0 +1,84 @@
+---
+# Lock/Unlock Deps Pattern
+#
+# Two often conflicting goals resolved!
+#
+#  - deps_unlocked.yml
+#    - All runtime & dev dependencies, but does not have a `gemfiles/*.gemfile.lock` committed
+#    - Uses an Appraisal2 "deps_unlocked" gemfile, and the current MRI Ruby release
+#    - Know when new dependency releases will break local dev with unlocked dependencies
+#    - Broken workflow indicates that new releases of dependencies may not work
+#
+#  - deps_locked.yml
+#    - All runtime & dev dependencies, and has a `Gemfile.lock` committed
+#    - Uses the project's main Gemfile, and the current MRI Ruby release
+#    - Matches what contributors and maintainers use locally for development
+#    - Broken workflow indicates that a new contributor will have a bad time
+#
+name: Deps Unlocked
+
+permissions:
+  contents: read
+
+env:
+  K_SOUP_COV_DO: false
+
+on:
+  push:
+    branches:
+      - 'main'
+      - "*-stable"
+    tags:
+      - '!*' # Do not execute on tags
+  pull_request:
+    branches:
+      - '*'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  # The concurrency group contains the workflow name and the branch name.
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  test:
+    name: Default rake task w/ unlocked deps ${{ matrix.name_extra || '' }}
+    if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    runs-on: ubuntu-latest
+    continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
+    env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
+      BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile
+    strategy:
+      matrix:
+        include:
+          # Ruby 
+          - ruby: "ruby"
+            appraisal_name: "deps_unlocked"
+            exec_cmd: "rake"
+            gemfile: "Appraisal.root"
+            rubygems: latest
+            bundler: latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby & RubyGems
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          rubygems: ${{ matrix.rubygems }}
+          bundler: ${{ matrix.bundler }}
+          bundler-cache: false
+
+      # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root)
+      # We need to do this first to get appraisal installed.
+      # NOTE: This does not use the main Gemfile at all.
+      - name: Install Root Appraisal
+        run: bundle
+      - name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal_name }}
+        run: bundle exec appraisal ${{ matrix.appraisal_name }} bundle
+      - name: Run ${{ matrix.exec_cmd }} on ${{ matrix.ruby }}@${{ matrix.appraisal_name }}
+        run: bundle exec appraisal ${{ matrix.appraisal_name }} bundle exec ${{ matrix.exec_cmd }}
diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index 7e084038..d98c93e6 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -11,6 +11,7 @@
       
       
       
+      
     
     
     
diff --git a/Appraisals b/Appraisals
index ff12ec1c..7c900a2a 100644
--- a/Appraisals
+++ b/Appraisals
@@ -4,6 +4,29 @@
 #   BUNDLE_GEMFILE=Appraisal.root.gemfile bundle
 #   BUNDLE_GEMFILE=Appraisal.root.gemfile bundle exec appraisal update
 
+# Lock/Unlock Deps Pattern
+#
+# Two often conflicting goals resolved!
+#
+#  - deps_unlocked.yml
+#    - All runtime & dev dependencies, but does not have a `gemfiles/*.gemfile.lock` committed
+#    - Uses an Appraisal2 "deps_unlocked" gemfile, and the current MRI Ruby release
+#    - Know when new dependency releases will break local dev with unlocked dependencies
+#    - Broken workflow indicates that new releases of dependencies may not work
+#
+#  - deps_locked.yml
+#    - All runtime & dev dependencies, and has a `Gemfile.lock` committed
+#    - Uses the project's main Gemfile, and the current MRI Ruby release
+#    - Matches what contributors and maintainers use locally for development
+#    - Broken workflow indicates that a new contributor will have a bad time
+#
+appraise "deps_unlocked" do
+  eval_gemfile "modular/audit.gemfile"
+  eval_gemfile "modular/coverage.gemfile"
+  eval_gemfile "modular/documentation.gemfile"
+  eval_gemfile "modular/style.gemfile"
+end
+
 # Used for HEAD (nightly) releases of ruby, truffleruby, and jruby.
 # Split into discrete appraisals if one of them needs a dependency locked discretely.
 appraise "head" do
@@ -22,14 +45,7 @@ end
 # Used for current releases of ruby, truffleruby, and jruby.
 # Split into discrete appraisals if one of them needs a dependency locked discretely.
 appraise "current" do
-  gem "mutex_m", ">= 0.2"
-  gem "stringio", ">= 3.0"
-  eval_gemfile "modular/faraday_v2.gemfile"
-  eval_gemfile "modular/hashie_v5.gemfile"
-  eval_gemfile "modular/jwt_v3.gemfile"
-  eval_gemfile "modular/logger_v1_7.gemfile"
-  eval_gemfile "modular/multi_xml_v0_7.gemfile"
-  eval_gemfile "modular/rack_v3.gemfile"
+  eval_gemfile "modular/latest.gemfile"
 end
 
 appraise "ruby-2-3-hashie_v0" do
diff --git a/README.md b/README.md
index 6d08fa92..0b1908e7 100644
--- a/README.md
+++ b/README.md
@@ -105,7 +105,7 @@ Also, where reasonable, tested against the runtime dependencies of those depende
 
 [sv-pub-api]: #-is-platform-support-part-of-the-public-api
 
-\* MIT license; The only guarantees I make are for enterprise support.
+\* MIT license; The only guarantees I make are for [enterprise support](#enterprise-support).
 
 
            
   Standard Library Dependencies
diff --git a/gemfiles/audit.gemfile b/gemfiles/audit.gemfile
index 5a3af548..4c8ce41a 100644
--- a/gemfiles/audit.gemfile
+++ b/gemfiles/audit.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/audit.gemfile")
 
diff --git a/gemfiles/coverage.gemfile b/gemfiles/coverage.gemfile
index da32bbe4..65a982b8 100644
--- a/gemfiles/coverage.gemfile
+++ b/gemfiles/coverage.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/coverage.gemfile")
 
diff --git a/gemfiles/current.gemfile b/gemfiles/current.gemfile
index 19abccb2..6b8062f8 100644
--- a/gemfiles/current.gemfile
+++ b/gemfiles/current.gemfile
@@ -2,19 +2,6 @@
 
 source "https://rubygems.org/"
 
-gem "mutex_m", ">= 0.2"
-gem "stringio", ">= 3.0"
+gemspec :path => "../"
 
-gemspec path: "../"
-
-eval_gemfile("modular/faraday_v2.gemfile")
-
-eval_gemfile("modular/hashie_v5.gemfile")
-
-eval_gemfile("modular/jwt_v3.gemfile")
-
-eval_gemfile("modular/logger_v1_7.gemfile")
-
-eval_gemfile("modular/multi_xml_v0_7.gemfile")
-
-eval_gemfile("modular/rack_v3.gemfile")
+eval_gemfile("modular/latest.gemfile")
diff --git a/gemfiles/current_runtime_heads.gemfile b/gemfiles/current_runtime_heads.gemfile
index d76bab3f..c9c6d6b0 100644
--- a/gemfiles/current_runtime_heads.gemfile
+++ b/gemfiles/current_runtime_heads.gemfile
@@ -5,6 +5,6 @@ source "https://rubygems.org/"
 gem "mutex_m", ">= 0.2"
 gem "stringio", ">= 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/runtime_heads.gemfile")
diff --git a/gemfiles/deps_unlocked.gemfile b/gemfiles/deps_unlocked.gemfile
new file mode 100644
index 00000000..5c5a6a82
--- /dev/null
+++ b/gemfiles/deps_unlocked.gemfile
@@ -0,0 +1,13 @@
+# This file was generated by Appraisal2
+
+source "https://rubygems.org/"
+
+gemspec :path => "../"
+
+eval_gemfile("modular/audit.gemfile")
+
+eval_gemfile("modular/coverage.gemfile")
+
+eval_gemfile("modular/documentation.gemfile")
+
+eval_gemfile("modular/style.gemfile")
diff --git a/gemfiles/head.gemfile b/gemfiles/head.gemfile
index d76bab3f..c9c6d6b0 100644
--- a/gemfiles/head.gemfile
+++ b/gemfiles/head.gemfile
@@ -5,6 +5,6 @@ source "https://rubygems.org/"
 gem "mutex_m", ">= 0.2"
 gem "stringio", ">= 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/runtime_heads.gemfile")
diff --git a/gemfiles/modular/latest.gemfile b/gemfiles/modular/latest.gemfile
new file mode 100644
index 00000000..1a592057
--- /dev/null
+++ b/gemfiles/modular/latest.gemfile
@@ -0,0 +1,8 @@
+gem "mutex_m", ">= 0.2"
+gem "stringio", ">= 3.0"
+eval_gemfile "faraday_v2.gemfile"
+eval_gemfile "hashie_v5.gemfile"
+eval_gemfile "jwt_v3.gemfile"
+eval_gemfile "logger_v1_7.gemfile"
+eval_gemfile "multi_xml_v0_7.gemfile"
+eval_gemfile "rack_v3.gemfile"
diff --git a/gemfiles/omnibus.gemfile b/gemfiles/omnibus.gemfile
index a900a8ed..95284516 100644
--- a/gemfiles/omnibus.gemfile
+++ b/gemfiles/omnibus.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/audit.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v0.gemfile b/gemfiles/ruby_2_3_hashie_v0.gemfile
index fe08e312..1477575b 100644
--- a/gemfiles/ruby_2_3_hashie_v0.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v0.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v1.gemfile b/gemfiles/ruby_2_3_hashie_v1.gemfile
index 0cbdaec1..dffceba6 100644
--- a/gemfiles/ruby_2_3_hashie_v1.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v1.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v2.gemfile b/gemfiles/ruby_2_3_hashie_v2.gemfile
index 3d0484d0..fa7dd0eb 100644
--- a/gemfiles/ruby_2_3_hashie_v2.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v2.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v3.gemfile b/gemfiles/ruby_2_3_hashie_v3.gemfile
index 452620e9..604cd646 100644
--- a/gemfiles/ruby_2_3_hashie_v3.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v3.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v4.gemfile b/gemfiles/ruby_2_3_hashie_v4.gemfile
index aba8c483..746a9de7 100644
--- a/gemfiles/ruby_2_3_hashie_v4.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v4.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v5.gemfile b/gemfiles/ruby_2_3_hashie_v5.gemfile
index 19515c83..dcba24c7 100644
--- a/gemfiles/ruby_2_3_hashie_v5.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v5.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_4.gemfile b/gemfiles/ruby_2_4.gemfile
index ebbc746d..1e7e03b4 100644
--- a/gemfiles/ruby_2_4.gemfile
+++ b/gemfiles/ruby_2_4.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v1.gemfile")
 
diff --git a/gemfiles/ruby_2_5.gemfile b/gemfiles/ruby_2_5.gemfile
index 9c78b4de..64be8b27 100644
--- a/gemfiles/ruby_2_5.gemfile
+++ b/gemfiles/ruby_2_5.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v1.gemfile")
 
diff --git a/gemfiles/ruby_2_6.gemfile b/gemfiles/ruby_2_6.gemfile
index c90a047f..4e7bbade 100644
--- a/gemfiles/ruby_2_6.gemfile
+++ b/gemfiles/ruby_2_6.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_2_7.gemfile b/gemfiles/ruby_2_7.gemfile
index 2da4dda0..627d338c 100644
--- a/gemfiles/ruby_2_7.gemfile
+++ b/gemfiles/ruby_2_7.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_0.gemfile b/gemfiles/ruby_3_0.gemfile
index 7fed3524..eef5f9f0 100644
--- a/gemfiles/ruby_3_0.gemfile
+++ b/gemfiles/ruby_3_0.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_1.gemfile b/gemfiles/ruby_3_1.gemfile
index 7fed3524..eef5f9f0 100644
--- a/gemfiles/ruby_3_1.gemfile
+++ b/gemfiles/ruby_3_1.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_2.gemfile b/gemfiles/ruby_3_2.gemfile
index 562e0116..e8ee86f8 100644
--- a/gemfiles/ruby_3_2.gemfile
+++ b/gemfiles/ruby_3_2.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_3.gemfile b/gemfiles/ruby_3_3.gemfile
index 562e0116..e8ee86f8 100644
--- a/gemfiles/ruby_3_3.gemfile
+++ b/gemfiles/ruby_3_3.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/style.gemfile b/gemfiles/style.gemfile
index bd9f436e..261f3680 100644
--- a/gemfiles/style.gemfile
+++ b/gemfiles/style.gemfile
@@ -5,6 +5,6 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec path: "../"
+gemspec :path => "../"
 
 eval_gemfile("modular/style.gemfile")
diff --git a/gemfiles/vanilla.gemfile b/gemfiles/vanilla.gemfile
index 0ac28b98..8a6e6acc 100644
--- a/gemfiles/vanilla.gemfile
+++ b/gemfiles/vanilla.gemfile
@@ -2,4 +2,4 @@
 
 source "https://rubygems.org/"
 
-gemspec path: "../"
+gemspec :path => "../"

From d1936e2858d7e2f39e98e7b52dc0a99f21fc1a05 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Wed, 6 Aug 2025 21:41:35 -0600
Subject: [PATCH 492/645] =?UTF-8?q?=F0=9F=91=B7=20Update=20default=20rake?=
 =?UTF-8?q?=20task?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                        |  3 ++-
 Rakefile                                         | 10 ++++++----
 docs/OAuth2.html                                 |  2 +-
 docs/OAuth2/AccessToken.html                     |  2 +-
 docs/OAuth2/Authenticator.html                   |  2 +-
 docs/OAuth2/Client.html                          |  2 +-
 docs/OAuth2/Error.html                           |  2 +-
 docs/OAuth2/FilteredAttributes.html              |  2 +-
 docs/OAuth2/FilteredAttributes/ClassMethods.html |  2 +-
 docs/OAuth2/Response.html                        |  2 +-
 docs/OAuth2/Strategy.html                        |  2 +-
 docs/OAuth2/Strategy/Assertion.html              |  2 +-
 docs/OAuth2/Strategy/AuthCode.html               |  2 +-
 docs/OAuth2/Strategy/Base.html                   |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html      |  2 +-
 docs/OAuth2/Strategy/Implicit.html               |  2 +-
 docs/OAuth2/Strategy/Password.html               |  2 +-
 docs/OAuth2/Version.html                         |  2 +-
 docs/_index.html                                 |  2 +-
 docs/file.CHANGELOG.html                         |  2 +-
 docs/file.CITATION.html                          |  2 +-
 docs/file.CODE_OF_CONDUCT.html                   |  2 +-
 docs/file.CONTRIBUTING.html                      |  2 +-
 docs/file.LICENSE.html                           |  2 +-
 docs/file.README.html                            |  7 ++++---
 docs/file.SECURITY.html                          |  2 +-
 docs/index.html                                  |  7 ++++---
 docs/top-level-namespace.html                    |  2 +-
 gemfiles/audit.gemfile                           |  2 +-
 gemfiles/coverage.gemfile                        |  2 +-
 gemfiles/current.gemfile                         |  2 +-
 gemfiles/current_runtime_heads.gemfile           |  2 +-
 gemfiles/deps_unlocked.gemfile                   |  2 +-
 gemfiles/head.gemfile                            |  2 +-
 gemfiles/omnibus.gemfile                         |  2 +-
 gemfiles/ruby_2_3_hashie_v0.gemfile              |  2 +-
 gemfiles/ruby_2_3_hashie_v1.gemfile              |  2 +-
 gemfiles/ruby_2_3_hashie_v2.gemfile              |  2 +-
 gemfiles/ruby_2_3_hashie_v3.gemfile              |  2 +-
 gemfiles/ruby_2_3_hashie_v4.gemfile              |  2 +-
 gemfiles/ruby_2_3_hashie_v5.gemfile              |  2 +-
 gemfiles/ruby_2_4.gemfile                        |  2 +-
 gemfiles/ruby_2_5.gemfile                        |  2 +-
 gemfiles/ruby_2_6.gemfile                        |  2 +-
 gemfiles/ruby_2_7.gemfile                        |  2 +-
 gemfiles/ruby_3_0.gemfile                        |  2 +-
 gemfiles/ruby_3_1.gemfile                        |  2 +-
 gemfiles/ruby_3_2.gemfile                        |  2 +-
 gemfiles/ruby_3_3.gemfile                        |  2 +-
 gemfiles/style.gemfile                           |  2 +-
 gemfiles/vanilla.gemfile                         |  2 +-
 51 files changed, 63 insertions(+), 58 deletions(-)

diff --git a/README.md b/README.md
index 0b1908e7..f7ad0421 100644
--- a/README.md
+++ b/README.md
@@ -76,6 +76,7 @@ covering the latest patch for each of the following minor versions:
 |------------------------------------------------|--------------------------------------------------------------------------------------|
 | 👟 Check it out!                               | ✨ [github.com/appraisal-rb/appraisal2](https://github.com/appraisal-rb/appraisal2) ✨ |
 
+* Operating Systems: Linux, MacOS, Windows
 * MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
   * NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
 * JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
@@ -851,7 +852,7 @@ or one of the smaller ones, depending on button size preference.
 
 [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
 
-P.S. If you need help️, or want to say thanks, 👇 Join the Discord.
+P.S. If you need help️ or want to say thanks, 👇 Join the Discord.
 
 [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite]
 
diff --git a/Rakefile b/Rakefile
index a6705554..21e9debd 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1,9 +1,10 @@
+# frozen_string_literal: true
+
 require "bundler/gem_tasks"
 
 defaults = []
 
-# See: https://docs.gitlab.com/ci/variables/predefined_variables/
-is_gitlab = ENV.fetch("https://github.com/GITLAB_CI", "false").casecmp("true") == 0
+is_ci = ENV.fetch("https://github.com/CI", "false").casecmp("true") == 0
 
 ### DEVELOPMENT TASKS
 # Setup Kettle Soup Cover
@@ -42,7 +43,8 @@ begin
   require "rspec/core/rake_task"
 
   RSpec::Core::RakeTask.new(:spec)
-  defaults << "spec"
+  # This takes the place of `coverage` task when running as CI=true
+  defaults << "spec" if !defined?(Kettle::Soup::Cover) || Kettle::Soup::Cover::IS_CI
 rescue LoadError
   desc("spec task stub")
   task(:spec) do
@@ -99,7 +101,7 @@ begin
     t.verbose = false
     t.source_files = "{lib,spec}/**/*.rb"
   end
-  defaults << "reek" unless is_gitlab
+  defaults << "reek" unless is_ci
 rescue LoadError
   desc("(stub) reek is unavailable")
   task(:reek) do
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index b7205edd..aee186bc 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,7 +326,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 383e28ed..f31549e1 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 26301fc6..b0d1420c 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 2f644e36..ca490e58 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 031fd364..8060adb7 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 82708504..bd133104 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 4ff1c95d..e8c3a0aa 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index bed8bfa6..e463bd7e 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index f554ce80..fe6ba276 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
            Defined Under Namespace
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index ab0050d0..3c7d5f1c 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index a4682127..86bf7194 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index ac95a78b..e34f3ec3 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 9d6a1340..6e302aff 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index d855cde9..dcf47409 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 46c48377..c68217f9 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 1962a9f1..b2f89527 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
            
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index b12bfd85..76e3b7c2 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -303,7 +303,7 @@ 
            Namespace Listing A-Z
            
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 3a28504f..94e13988 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -840,7 +840,7 @@ 
            
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 75a7f5d7..bc2f43b9 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -85,7 +85,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index c5471d99..1ff3c8f6 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
            Attribution
            
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index ebc47138..e7c15b59 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -193,7 +193,7 @@ 
            To release a new version:
            
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 14250b1d..95a28640 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
            MIT License

            Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
            Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

            Permission is hereby granted, free of charge, to any person obtaining a copy
            of this software and associated documentation files (the "Software"), to deal
            in the Software without restriction, including without limitation the rights
            to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
            copies of the Software, and to permit persons to whom the Software is
            furnished to do so, subject to the following conditions:

            The above copyright notice and this permission notice shall be included in all
            copies or substantial portions of the Software.

            THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
            IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
            FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
            AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
            LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
            OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
            SOFTWARE.
            
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index cb52e976..91264c70 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -140,6 +140,7 @@ 
            Upgrading Runtime Gem Dependencies
 
 
              
+  
            • Operating Systems: Linux, MacOS, Windows
              • 
   
            • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
     
                
       
              • NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
                • 
@@ -186,7 +187,7 @@ 
                You should upgrade this gem
   
              • Please do upgrade, and then, when it goes smooth as butter please sponsor me.  Thanks!
                • 
 
              
 
-
              * MIT license; The only guarantees I make are for enterprise support.
              
+
              * MIT license; The only guarantees I make are for enterprise support.
              
 
 
              
   Standard Library Dependencies
@@ -990,7 +991,7 @@ 
              🤑 One more thing
              
 
 
              Liberapay Goal Progress Sponsor Me on Github Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
              
 
-
              P.S. If you need help️, or want to say thanks, 👇 Join the Discord.
              
+
              P.S. If you need help️ or want to say thanks, 👇 Join the Discord.
              
 
 
              Live Chat on Discord
              
 
@@ -1014,7 +1015,7 @@ 
              🤑 One more thing
              
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index fd142d2d..35ed5d8e 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
              Enterprise Support
              
 
 
       
diff --git a/docs/index.html b/docs/index.html
index 8ca23d31..2d50e1b7 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -140,6 +140,7 @@ 
              Upgrading Runtime Gem Dependencies
 
 
                
+  
              • Operating Systems: Linux, MacOS, Windows
                • 
   
              • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
     
                  
       
                • NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
                  • 
@@ -186,7 +187,7 @@ 
                  You should upgrade this gem
   
                • Please do upgrade, and then, when it goes smooth as butter please sponsor me.  Thanks!
                  • 
 
                
 
-
                * MIT license; The only guarantees I make are for enterprise support.
                
+
                * MIT license; The only guarantees I make are for enterprise support.
                
 
 
                
   Standard Library Dependencies
@@ -990,7 +991,7 @@ 
                🤑 One more thing
                
 
 
                Liberapay Goal Progress Sponsor Me on Github Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                
 
-
                P.S. If you need help️, or want to say thanks, 👇 Join the Discord.
                
+
                P.S. If you need help️ or want to say thanks, 👇 Join the Discord.
                
 
 
                Live Chat on Discord
                
 
@@ -1014,7 +1015,7 @@ 
                🤑 One more thing
                
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 1e36e73c..b45579ea 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                Defined Under Namespace
                
 
 
       
diff --git a/gemfiles/audit.gemfile b/gemfiles/audit.gemfile
index 4c8ce41a..5a3af548 100644
--- a/gemfiles/audit.gemfile
+++ b/gemfiles/audit.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/audit.gemfile")
 
diff --git a/gemfiles/coverage.gemfile b/gemfiles/coverage.gemfile
index 65a982b8..da32bbe4 100644
--- a/gemfiles/coverage.gemfile
+++ b/gemfiles/coverage.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/coverage.gemfile")
 
diff --git a/gemfiles/current.gemfile b/gemfiles/current.gemfile
index 6b8062f8..770c6643 100644
--- a/gemfiles/current.gemfile
+++ b/gemfiles/current.gemfile
@@ -2,6 +2,6 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/latest.gemfile")
diff --git a/gemfiles/current_runtime_heads.gemfile b/gemfiles/current_runtime_heads.gemfile
index c9c6d6b0..d76bab3f 100644
--- a/gemfiles/current_runtime_heads.gemfile
+++ b/gemfiles/current_runtime_heads.gemfile
@@ -5,6 +5,6 @@ source "https://rubygems.org/"
 gem "mutex_m", ">= 0.2"
 gem "stringio", ">= 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/runtime_heads.gemfile")
diff --git a/gemfiles/deps_unlocked.gemfile b/gemfiles/deps_unlocked.gemfile
index 5c5a6a82..789a4f03 100644
--- a/gemfiles/deps_unlocked.gemfile
+++ b/gemfiles/deps_unlocked.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/audit.gemfile")
 
diff --git a/gemfiles/head.gemfile b/gemfiles/head.gemfile
index c9c6d6b0..d76bab3f 100644
--- a/gemfiles/head.gemfile
+++ b/gemfiles/head.gemfile
@@ -5,6 +5,6 @@ source "https://rubygems.org/"
 gem "mutex_m", ">= 0.2"
 gem "stringio", ">= 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/runtime_heads.gemfile")
diff --git a/gemfiles/omnibus.gemfile b/gemfiles/omnibus.gemfile
index 95284516..a900a8ed 100644
--- a/gemfiles/omnibus.gemfile
+++ b/gemfiles/omnibus.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/audit.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v0.gemfile b/gemfiles/ruby_2_3_hashie_v0.gemfile
index 1477575b..fe08e312 100644
--- a/gemfiles/ruby_2_3_hashie_v0.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v0.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v1.gemfile b/gemfiles/ruby_2_3_hashie_v1.gemfile
index dffceba6..0cbdaec1 100644
--- a/gemfiles/ruby_2_3_hashie_v1.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v1.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v2.gemfile b/gemfiles/ruby_2_3_hashie_v2.gemfile
index fa7dd0eb..3d0484d0 100644
--- a/gemfiles/ruby_2_3_hashie_v2.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v2.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v3.gemfile b/gemfiles/ruby_2_3_hashie_v3.gemfile
index 604cd646..452620e9 100644
--- a/gemfiles/ruby_2_3_hashie_v3.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v3.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v4.gemfile b/gemfiles/ruby_2_3_hashie_v4.gemfile
index 746a9de7..aba8c483 100644
--- a/gemfiles/ruby_2_3_hashie_v4.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v4.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_3_hashie_v5.gemfile b/gemfiles/ruby_2_3_hashie_v5.gemfile
index dcba24c7..19515c83 100644
--- a/gemfiles/ruby_2_3_hashie_v5.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v5.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v0.gemfile")
 
diff --git a/gemfiles/ruby_2_4.gemfile b/gemfiles/ruby_2_4.gemfile
index 1e7e03b4..ebbc746d 100644
--- a/gemfiles/ruby_2_4.gemfile
+++ b/gemfiles/ruby_2_4.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v1.gemfile")
 
diff --git a/gemfiles/ruby_2_5.gemfile b/gemfiles/ruby_2_5.gemfile
index 64be8b27..9c78b4de 100644
--- a/gemfiles/ruby_2_5.gemfile
+++ b/gemfiles/ruby_2_5.gemfile
@@ -2,7 +2,7 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v1.gemfile")
 
diff --git a/gemfiles/ruby_2_6.gemfile b/gemfiles/ruby_2_6.gemfile
index 4e7bbade..c90a047f 100644
--- a/gemfiles/ruby_2_6.gemfile
+++ b/gemfiles/ruby_2_6.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_2_7.gemfile b/gemfiles/ruby_2_7.gemfile
index 627d338c..2da4dda0 100644
--- a/gemfiles/ruby_2_7.gemfile
+++ b/gemfiles/ruby_2_7.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_0.gemfile b/gemfiles/ruby_3_0.gemfile
index eef5f9f0..7fed3524 100644
--- a/gemfiles/ruby_3_0.gemfile
+++ b/gemfiles/ruby_3_0.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_1.gemfile b/gemfiles/ruby_3_1.gemfile
index eef5f9f0..7fed3524 100644
--- a/gemfiles/ruby_3_1.gemfile
+++ b/gemfiles/ruby_3_1.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_2.gemfile b/gemfiles/ruby_3_2.gemfile
index e8ee86f8..562e0116 100644
--- a/gemfiles/ruby_3_2.gemfile
+++ b/gemfiles/ruby_3_2.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/ruby_3_3.gemfile b/gemfiles/ruby_3_3.gemfile
index e8ee86f8..562e0116 100644
--- a/gemfiles/ruby_3_3.gemfile
+++ b/gemfiles/ruby_3_3.gemfile
@@ -5,7 +5,7 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
 
diff --git a/gemfiles/style.gemfile b/gemfiles/style.gemfile
index 261f3680..bd9f436e 100644
--- a/gemfiles/style.gemfile
+++ b/gemfiles/style.gemfile
@@ -5,6 +5,6 @@ source "https://rubygems.org/"
 gem "mutex_m", "~> 0.2"
 gem "stringio", "~> 3.0"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/style.gemfile")
diff --git a/gemfiles/vanilla.gemfile b/gemfiles/vanilla.gemfile
index 8a6e6acc..0ac28b98 100644
--- a/gemfiles/vanilla.gemfile
+++ b/gemfiles/vanilla.gemfile
@@ -2,4 +2,4 @@
 
 source "https://rubygems.org/"
 
-gemspec :path => "../"
+gemspec path: "../"

From 9ccb6b2800f3dc2947038f129fa9215aa18bfd8b Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Wed, 6 Aug 2025 21:44:47 -0600
Subject: [PATCH 493/645] =?UTF-8?q?=F0=9F=91=B7=20Update=20docs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                        | 3 ++-
 docs/OAuth2.html                                 | 2 +-
 docs/OAuth2/AccessToken.html                     | 2 +-
 docs/OAuth2/Authenticator.html                   | 2 +-
 docs/OAuth2/Client.html                          | 2 +-
 docs/OAuth2/Error.html                           | 2 +-
 docs/OAuth2/FilteredAttributes.html              | 2 +-
 docs/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 docs/OAuth2/Response.html                        | 2 +-
 docs/OAuth2/Strategy.html                        | 2 +-
 docs/OAuth2/Strategy/Assertion.html              | 2 +-
 docs/OAuth2/Strategy/AuthCode.html               | 2 +-
 docs/OAuth2/Strategy/Base.html                   | 2 +-
 docs/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 docs/OAuth2/Strategy/Implicit.html               | 2 +-
 docs/OAuth2/Strategy/Password.html               | 2 +-
 docs/OAuth2/Version.html                         | 2 +-
 docs/_index.html                                 | 2 +-
 docs/file.CHANGELOG.html                         | 2 +-
 docs/file.CITATION.html                          | 2 +-
 docs/file.CODE_OF_CONDUCT.html                   | 2 +-
 docs/file.CONTRIBUTING.html                      | 2 +-
 docs/file.LICENSE.html                           | 2 +-
 docs/file.README.html                            | 7 ++++---
 docs/file.SECURITY.html                          | 2 +-
 docs/index.html                                  | 7 ++++---
 docs/top-level-namespace.html                    | 2 +-
 27 files changed, 34 insertions(+), 31 deletions(-)

diff --git a/README.md b/README.md
index f7ad0421..ae04c6d0 100644
--- a/README.md
+++ b/README.md
@@ -753,7 +753,8 @@ See [CONTRIBUTING.md][🤝contributing].
 ### Code Coverage
 
 [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]
-[![QLTY Test Coverage][🔑qlty-covi♻️]][🔑qlty-cov]
+
+[![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov]
 
 ### 🪇 Code of Conduct
 
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index aee186bc..20ef2f69 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,7 +326,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index f31549e1..5fa2ea1b 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index b0d1420c..f4351a83 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index ca490e58..ff19621a 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 8060adb7..668cf30e 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index bd133104..29c39b71 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index e8c3a0aa..a0c283e1 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index e463bd7e..4c0a54d3 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index fe6ba276..500111c8 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                Defined Under Namespace
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 3c7d5f1c..6fe24882 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 86bf7194..3a2e319c 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index e34f3ec3..e60c703a 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 6e302aff..f4e46ba6 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index dcf47409..e3eb176a 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index c68217f9..17847908 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index b2f89527..b838405a 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 76e3b7c2..02414c4b 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -303,7 +303,7 @@ 
                Namespace Listing A-Z
                
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 94e13988..30d503df 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -840,7 +840,7 @@ 
                
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index bc2f43b9..be318f3a 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -85,7 +85,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 1ff3c8f6..3d13b5be 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
                Attribution
                
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index e7c15b59..d740c715 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -193,7 +193,7 @@ 
                To release a new version:
                
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 95a28640..87b71d2c 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                MIT License

                Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                Permission is hereby granted, free of charge, to any person obtaining a copy
                of this software and associated documentation files (the "Software"), to deal
                in the Software without restriction, including without limitation the rights
                to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                copies of the Software, and to permit persons to whom the Software is
                furnished to do so, subject to the following conditions:

                The above copyright notice and this permission notice shall be included in all
                copies or substantial portions of the Software.

                THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                SOFTWARE.
                
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 91264c70..2912f06d 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -887,8 +887,9 @@ 
                🚀 Release Instructions
                
 
 
                Code Coverage
                
 
-
                Coveralls Test Coverage
                
-![QLTY Test Coverage][🔑qlty-covi♻️]
                
+
                Coveralls Test Coverage
                
+
+
                QLTY Test Coverage
                
 
 
                🪇 Code of Conduct
                
 
@@ -1015,7 +1016,7 @@ 
                🤑 One more thing
                
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 35ed5d8e..65c10ced 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                Enterprise Support
                
 
 
       
diff --git a/docs/index.html b/docs/index.html
index 2d50e1b7..df5471fb 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -887,8 +887,9 @@ 
                🚀 Release Instructions
                
 
 
                Code Coverage
                
 
-
                Coveralls Test Coverage
                
-![QLTY Test Coverage][🔑qlty-covi♻️]
                
+
                Coveralls Test Coverage
                
+
+
                QLTY Test Coverage
                
 
 
                🪇 Code of Conduct
                
 
@@ -1015,7 +1016,7 @@ 
                🤑 One more thing
                
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index b45579ea..d1217773 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                Defined Under Namespace
                
 
 
       

From 9fb2763e6e849990ec9e2d073496e70aec188c3c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Aug 2025 05:28:42 +0000
Subject: [PATCH 494/645] Bump qltysh/qlty-action from 1 to 2

Bumps [qltysh/qlty-action](https://github.com/qltysh/qlty-action) from 1 to 2.
- [Release notes](https://github.com/qltysh/qlty-action/releases)
- [Changelog](https://github.com/qltysh/qlty-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/qltysh/qlty-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: qltysh/qlty-action
  dependency-version: '2'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] 
---
 .github/workflows/coverage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 00f20f72..e9c04e97 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -85,7 +85,7 @@ jobs:
 
       - name: Upload coverage to QLTY
         if: ${{ !env.ACT }}
-        uses: qltysh/qlty-action/coverage@v1
+        uses: qltysh/qlty-action/coverage@v2
         with:
           token: ${{secrets.QLTY_COVERAGE_TOKEN}}
           files: coverage/.resultset.json

From 854d0171054ba3e7a20f4951da4e79a52c878701 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 7 Aug 2025 12:38:45 -0600
Subject: [PATCH 495/645] =?UTF-8?q?=F0=9F=91=B7=20Update=20docs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CODE_OF_CONDUCT.md                               |  6 +++---
 README.md                                        | 12 ++++++------
 docs/OAuth2.html                                 |  2 +-
 docs/OAuth2/AccessToken.html                     |  2 +-
 docs/OAuth2/Authenticator.html                   |  2 +-
 docs/OAuth2/Client.html                          |  2 +-
 docs/OAuth2/Error.html                           |  2 +-
 docs/OAuth2/FilteredAttributes.html              |  2 +-
 docs/OAuth2/FilteredAttributes/ClassMethods.html |  2 +-
 docs/OAuth2/Response.html                        |  2 +-
 docs/OAuth2/Strategy.html                        |  2 +-
 docs/OAuth2/Strategy/Assertion.html              |  2 +-
 docs/OAuth2/Strategy/AuthCode.html               |  2 +-
 docs/OAuth2/Strategy/Base.html                   |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html      |  2 +-
 docs/OAuth2/Strategy/Implicit.html               |  2 +-
 docs/OAuth2/Strategy/Password.html               |  2 +-
 docs/OAuth2/Version.html                         |  2 +-
 docs/_index.html                                 |  2 +-
 docs/file.CHANGELOG.html                         |  2 +-
 docs/file.CITATION.html                          |  2 +-
 docs/file.CODE_OF_CONDUCT.html                   |  4 ++--
 docs/file.CONTRIBUTING.html                      |  2 +-
 docs/file.LICENSE.html                           |  2 +-
 docs/file.README.html                            |  6 +++---
 docs/file.SECURITY.html                          |  2 +-
 docs/index.html                                  |  6 +++---
 docs/top-level-namespace.html                    |  2 +-
 28 files changed, 40 insertions(+), 40 deletions(-)

diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
index 6be4700a..366ed75e 100644
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -61,7 +61,7 @@ representative at an online or offline event.
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported to the community leaders responsible for enforcement at
-[![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact].
+[![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact].
 All complaints will be reviewed and investigated promptly and fairly.
 
 All community leaders are obligated to respect the privacy and security of the
@@ -131,5 +131,5 @@ For answers to common questions about this code of conduct, see the FAQ at
 [Mozilla CoC]: https://github.com/mozilla/diversity
 [FAQ]: https://www.contributor-covenant.org/faq
 [translations]: https://www.contributor-covenant.org/translations
-[🚂bdfl-contact]: http://www.railsbling.com/contact
-[🚂bdfl-contact-img]: https://img.shields.io/badge/Contact-BDFL-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red
+[🚂maint-contact]: http://www.railsbling.com/contact
+[🚂maint-contact-img]: https://img.shields.io/badge/Contact-Maintainer-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red
diff --git a/README.md b/README.md
index ae04c6d0..e87fa208 100644
--- a/README.md
+++ b/README.md
@@ -178,11 +178,11 @@ Alternatively:
 | Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                                                                         |
 | Works with MRI Ruby 2   | [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎13-cbs-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                                                                                                                  |
 | Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                                                                         |
-| Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![BDFL Blog][🚂bdfl-blog-img]][🚂bdfl-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                                                                                                                                    |
+| Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                                                                                                                                    |
 | Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                                                                                                                                                                                                                    |
 | Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji]                                                                                                                                                                                                                                                                                              |
 | Support                 | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                                                                                                       |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                              |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                              |
 | `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                   |
 
 ## 🚀 Release Documentation
@@ -881,10 +881,10 @@ P.S. If you need help️ or want to say thanks, 👇 Join the Discord.
 [⛳️namespace-img]: https://img.shields.io/badge/namespace-OAuth2-brightgreen.svg?style=flat&logo=ruby&logoColor=white
 [⛳️gem-name]: https://rubygems.org/gems/oauth2
 [⛳️name-img]: https://img.shields.io/badge/name-oauth2-brightgreen.svg?style=flat&logo=rubygems&logoColor=red
-[🚂bdfl-blog]: http://www.railsbling.com/tags/oauth2
-[🚂bdfl-blog-img]: https://img.shields.io/badge/blog-railsbling-0093D0.svg?style=for-the-badge&logo=rubyonrails&logoColor=orange
-[🚂bdfl-contact]: http://www.railsbling.com/contact
-[🚂bdfl-contact-img]: https://img.shields.io/badge/Contact-BDFL-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red
+[🚂maint-blog]: http://www.railsbling.com/tags/oauth2
+[🚂maint-blog-img]: https://img.shields.io/badge/blog-railsbling-0093D0.svg?style=for-the-badge&logo=rubyonrails&logoColor=orange
+[🚂maint-contact]: http://www.railsbling.com/contact
+[🚂maint-contact-img]: https://img.shields.io/badge/Contact-Maintainer-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red
 [💖🖇linkedin]: http://www.linkedin.com/in/peterboling
 [💖🖇linkedin-img]: https://img.shields.io/badge/PeterBoling-LinkedIn-0B66C2?style=flat&logo=newjapanprowrestling
 [💖✌️wellfound]: https://angel.co/u/peter-boling
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 20ef2f69..56c71f47 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,7 +326,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 5fa2ea1b..5d54fa59 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index f4351a83..3be6563a 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index ff19621a..4d722ec8 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 668cf30e..69d4935f 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 29c39b71..258ca1cb 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index a0c283e1..16f7b9eb 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 4c0a54d3..b9527692 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 500111c8..e9d00479 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                Defined Under Namespace
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 6fe24882..e98e8b6e 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 3a2e319c..a25e1084 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index e60c703a..137bd6c0 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index f4e46ba6..bba783fa 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index e3eb176a..254a5273 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 17847908..0ed179c4 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index b838405a..c54b86af 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 02414c4b..63841e13 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -303,7 +303,7 @@ 
                Namespace Listing A-Z
                
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 30d503df..6079b1fa 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -840,7 +840,7 @@ 
                
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index be318f3a..da07ec44 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -85,7 +85,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 3d13b5be..a2f345d5 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -124,7 +124,7 @@ 
                Enforcement
                
 
 
                Instances of abusive, harassing, or otherwise unacceptable behavior may be
                
 reported to the community leaders responsible for enforcement at
                
-Contact BDFL.
                
+Contact Maintainer.
                
 All complaints will be reviewed and investigated promptly and fairly.
                
 
 
                All community leaders are obligated to respect the privacy and security of the
                
@@ -192,7 +192,7 @@ 
                Attribution
                
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index d740c715..5b8f1c71 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -193,7 +193,7 @@ 
                To release a new version:
                
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 87b71d2c..15729216 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                MIT License

                Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                Permission is hereby granted, free of charge, to any person obtaining a copy
                of this software and associated documentation files (the "Software"), to deal
                in the Software without restriction, including without limitation the rights
                to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                copies of the Software, and to permit persons to whom the Software is
                furnished to do so, subject to the following conditions:

                The above copyright notice and this permission notice shall be included in all
                copies or substantial portions of the Software.

                THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                SOFTWARE.
                
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 2912f06d..751c386d 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -293,7 +293,7 @@ 
                Enterprise Support
                
     
            • 
@@ -317,7 +317,7 @@ 
            Enterprise Support
            
@@ -1016,7 +1016,7 @@ 
            🤑 One more thing
            
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 65c10ced..d814f5b7 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
            Enterprise Support
            
diff --git a/docs/index.html b/docs/index.html
index df5471fb..02cb5b0b 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -293,7 +293,7 @@ 
            Enterprise Support
            
@@ -317,7 +317,7 @@ 
            Enterprise Support
            
@@ -1016,7 +1016,7 @@ 
            🤑 One more thing
            
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index d1217773..bce01919 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
            Defined Under Namespace
            

From 04756b8792eabb5748902e12ad74f80fd60c5092 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 7 Aug 2025 14:10:36 -0600
Subject: [PATCH 496/645] =?UTF-8?q?=F0=9F=91=B7=20Update=20wellfound=20lin?=
 =?UTF-8?q?k?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                        | 2 +-
 docs/OAuth2.html                                 | 2 +-
 docs/OAuth2/AccessToken.html                     | 2 +-
 docs/OAuth2/Authenticator.html                   | 2 +-
 docs/OAuth2/Client.html                          | 2 +-
 docs/OAuth2/Error.html                           | 2 +-
 docs/OAuth2/FilteredAttributes.html              | 2 +-
 docs/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 docs/OAuth2/Response.html                        | 2 +-
 docs/OAuth2/Strategy.html                        | 2 +-
 docs/OAuth2/Strategy/Assertion.html              | 2 +-
 docs/OAuth2/Strategy/AuthCode.html               | 2 +-
 docs/OAuth2/Strategy/Base.html                   | 2 +-
 docs/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 docs/OAuth2/Strategy/Implicit.html               | 2 +-
 docs/OAuth2/Strategy/Password.html               | 2 +-
 docs/OAuth2/Version.html                         | 2 +-
 docs/_index.html                                 | 2 +-
 docs/file.CHANGELOG.html                         | 2 +-
 docs/file.CITATION.html                          | 2 +-
 docs/file.CODE_OF_CONDUCT.html                   | 2 +-
 docs/file.CONTRIBUTING.html                      | 2 +-
 docs/file.LICENSE.html                           | 2 +-
 docs/file.README.html                            | 4 ++--
 docs/file.SECURITY.html                          | 2 +-
 docs/index.html                                  | 4 ++--
 docs/top-level-namespace.html                    | 2 +-
 27 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/README.md b/README.md
index e87fa208..609da5c1 100644
--- a/README.md
+++ b/README.md
@@ -887,7 +887,7 @@ P.S. If you need help️ or want to say thanks, 👇 Join the Discord.
 [🚂maint-contact-img]: https://img.shields.io/badge/Contact-Maintainer-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red
 [💖🖇linkedin]: http://www.linkedin.com/in/peterboling
 [💖🖇linkedin-img]: https://img.shields.io/badge/PeterBoling-LinkedIn-0B66C2?style=flat&logo=newjapanprowrestling
-[💖✌️wellfound]: https://angel.co/u/peter-boling
+[💖✌️wellfound]: https://wellfound.com/u/peter-boling
 [💖✌️wellfound-img]: https://img.shields.io/badge/peter--boling-orange?style=flat&logo=wellfound
 [💖💲crunchbase]: https://www.crunchbase.com/person/peter-boling
 [💖💲crunchbase-img]: https://img.shields.io/badge/peter--boling-purple?style=flat&logo=crunchbase
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 56c71f47..23fef47b 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -326,7 +326,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 5d54fa59..88cb1e6d 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 3be6563a..7fd6d375 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -631,7 +631,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 4d722ec8..c201e3f7 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 69d4935f..4953dffd 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -518,7 +518,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 258ca1cb..fb8f30af 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -268,7 +268,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 16f7b9eb..9fe25d59 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -218,7 +218,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index b9527692..13f3cca3 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index e9d00479..a1561172 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
            Defined Under Namespace
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index e98e8b6e..95111397 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index a25e1084..3c866e11 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 137bd6c0..c118241f 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index bba783fa..cb84d155 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 254a5273..1ca7451d 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 0ed179c4..2d0df925 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index c54b86af..a14fd162 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
            
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 63841e13..4bc56363 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -303,7 +303,7 @@ 
            Namespace Listing A-Z
            
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 6079b1fa..0899df67 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -840,7 +840,7 @@ 
            
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index da07ec44..c729aa44 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -85,7 +85,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index a2f345d5..f80422f8 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -192,7 +192,7 @@ 
            Attribution
            
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 5b8f1c71..edaea476 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -193,7 +193,7 @@ 
            To release a new version:
            
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 15729216..e60bb778 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
            MIT License

            Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
            Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

            Permission is hereby granted, free of charge, to any person obtaining a copy
            of this software and associated documentation files (the "Software"), to deal
            in the Software without restriction, including without limitation the rights
            to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
            copies of the Software, and to permit persons to whom the Software is
            furnished to do so, subject to the following conditions:

            The above copyright notice and this permission notice shall be included in all
            copies or substantial portions of the Software.

            THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
            IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
            FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
            AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
            LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
            OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
            SOFTWARE.
            
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 751c386d..e056ca9c 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -324,7 +324,7 @@ 
            Enterprise Support
            
                   
@@ -1016,7 +1016,7 @@ 
            🤑 One more thing
            
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index d814f5b7..1444c794 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
            Enterprise Support
            
diff --git a/docs/index.html b/docs/index.html
index 02cb5b0b..2f9ce9cf 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -324,7 +324,7 @@ 
            Enterprise Support
            
@@ -1016,7 +1016,7 @@ 
            🤑 One more thing
            
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index bce01919..9c5faf89 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
            Defined Under Namespace
            

From 24d929f913672dd2b636ba65481c7afe1463f218 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 7 Aug 2025 17:53:53 -0600
Subject: [PATCH 497/645] =?UTF-8?q?=F0=9F=93=9D=20Add=20Ruby=202.2=20compa?=
 =?UTF-8?q?t=20badge?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 609da5c1..3f19389b 100644
--- a/README.md
+++ b/README.md
@@ -171,19 +171,19 @@ Alternatively:
 
 
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                                                                          |
-|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | [![JRuby 9.2 Compat][💎jruby-9.2i]][🚎10-j-wf] [![JRuby 9.3 Compat][💎jruby-9.3i]][🚎10-j-wf] [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                                                                                        |
-| Works with Truffle Ruby | [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf] [![Truffle Ruby HEAD Compat][💎truby-headi]][🚎3-hd-wf]                                                                                                                                                                                                                                                                                                |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                                                                         |
-| Works with MRI Ruby 2   | [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎13-cbs-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                                                                                                                  |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                                                                         |
-| Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                                                                                                                                    |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                                                                                                                                                                                                                    |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji]                                                                                                                                                                                                                                                                                              |
-| Support                 | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                                                                                                       |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                              |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                   |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                     |
+|-------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | [![JRuby 9.2 Compat][💎jruby-9.2i]][🚎10-j-wf] [![JRuby 9.3 Compat][💎jruby-9.3i]][🚎10-j-wf] [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                   |
+| Works with Truffle Ruby | [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf] [![Truffle Ruby HEAD Compat][💎truby-headi]][🚎3-hd-wf]                                                                                                                                           |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                    |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎13-cbs-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                             |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                    |
+| Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                       |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                                                               |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji]                                                                                                                                         |
+| Support                 | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                  |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto] |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]              |
 
 ## 🚀 Release Documentation
 
@@ -972,6 +972,7 @@ P.S. If you need help️ or want to say thanks, 👇 Join the Discord.
 [🚎13-🔒️-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/deps_locked.yml/badge.svg
 [🚎14-🔓️-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/deps_unlocked.yml
 [🚎14-🔓️-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/deps_unlocked.yml/badge.svg
+[💎ruby-2.2i]: https://img.shields.io/badge/Ruby-2.2-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
 [💎ruby-2.3i]: https://img.shields.io/badge/Ruby-2.3-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
 [💎ruby-2.4i]: https://img.shields.io/badge/Ruby-2.4-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
 [💎ruby-2.5i]: https://img.shields.io/badge/Ruby-2.5-DF00CA?style=for-the-badge&logo=ruby&logoColor=white

From 7f37eac34fde0a799473ba74264b7afcab423a04 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 7 Aug 2025 17:54:37 -0600
Subject: [PATCH 498/645] =?UTF-8?q?=F0=9F=94=A5=20Remove=20Depfu=20-=20doe?=
 =?UTF-8?q?sn't=20support=20eval=5Fgemfile?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 3f19389b..2d3ab680 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@
 
 ## 🔐 OAuth2
 
-[![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Depfu][🔑depfui♻️]][🔑depfu] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Caboose is an absolute WAGON][🚎13-cbs-wfi]][🚎13-cbs-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL]
+[![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Caboose is an absolute WAGON][🚎13-cbs-wfi]][🚎13-cbs-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL]
 
 ---
 
@@ -938,8 +938,6 @@ P.S. If you need help️ or want to say thanks, 👇 Join the Discord.
 [🔑codecovi♻️]: https://codecov.io/gh/ruby-oauth/oauth2/graph/badge.svg?token=bNqSzNiuo2
 [🔑coveralls]: https://coveralls.io/github/ruby-oauth/oauth2?branch=main
 [🔑coveralls-img]: https://coveralls.io/repos/github/ruby-oauth/oauth2/badge.svg?branch=main
-[🔑depfu]: https://depfu.com/github/ruby-oauth/oauth2?project_id=5884
-[🔑depfui♻️]: https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg
 [🖐codeQL]: https://github.com/ruby-oauth/oauth2/security/code-scanning
 [🖐codeQL-img]: https://github.com/ruby-oauth/oauth2/actions/workflows/codeql-analysis.yml/badge.svg
 [🚎1-an-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/ancient.yml

From 152492ea2cf29c739a124ea47ddae62bf4b625b9 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 7 Aug 2025 17:58:35 -0600
Subject: [PATCH 499/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20gemspec=20metad?=
 =?UTF-8?q?ata=20and=20documentation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .rubocop_gradual.lock |  2 +-
 oauth2.gemspec        | 17 ++++++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index 187d1bef..236b8353 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -21,7 +21,7 @@
   "lib/oauth2/response.rb:2054901929": [
     [53, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427]
   ],
-  "oauth2.gemspec:2662087024": [
+  "oauth2.gemspec:1312558048": [
     [5, 23, 12, "Gemspec/RubyVersionGlobalsUsage: Do not use `RUBY_VERSION` in gemspec file.", 31296028]
   ],
   "spec/oauth2/access_token_spec.rb:1202129469": [
diff --git a/oauth2.gemspec b/oauth2.gemspec
index 2140e8e7..5a73c868 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -80,10 +80,11 @@ Thanks, |7eter l-|. l3oling
   spec.metadata["changelog_uri"] = "#{gl_homepage}/-/blob/v#{spec.version}/CHANGELOG.md"
   spec.metadata["bug_tracker_uri"] = "#{gl_homepage}/-/issues"
   spec.metadata["documentation_uri"] = "https://www.rubydoc.info/gems/#{spec.name}/#{spec.version}"
-  spec.metadata["wiki_uri"] = "#{gl_homepage}/-/wiki"
   spec.metadata["mailing_list_uri"] = "https://groups.google.com/g/oauth-ruby"
   spec.metadata["funding_uri"] = "https://github.com/sponsors/pboling"
+  spec.metadata["wiki_uri"] = "#{gl_homepage}/-/wiki"
   spec.metadata["news_uri"] = "https://www.railsbling.com/tags/#{spec.name}"
+  spec.metadata["discord_uri"] = "https://discord.gg/3qme4XHNKN"
   spec.metadata["rubygems_mfa_required"] = "true"
 
   # Specify which files should be added to the gem when it is released.
@@ -127,6 +128,20 @@ Thanks, |7eter l-|. l3oling
   spec.add_dependency("snaky_hash", "~> 2.0", ">= 2.0.3") # Ruby >= 2.2
   spec.add_dependency("version_gem", ">= 1.1.8", "< 3")   # Ruby >= 2.2
 
+  # NOTE: It is preferable to list development dependencies in the gemspec due to increased
+  #       visibility and discoverability on RubyGems.org.
+  #       However, development dependencies in gemspec will install on
+  #       all versions of Ruby that will run in CI.
+  #       This gem, and its runtime dependencies, will install on Ruby down to 2.2.
+  #       This gem, and its development dependencies, will install on Ruby down to 2.3.
+  #       This is because in CI easy installation of Ruby, via setup-ruby, is for >= 2.3.
+  #       Thus, dev dependencies in gemspec must have
+  #
+  #       required_ruby_version ">= 2.3" (or lower)
+  #
+  #       Development dependencies that require strictly newer Ruby versions should be in a "gemfile",
+  #       and preferably a modular one (see gemfiles/modular/*.gemfile).
+
   spec.add_development_dependency("addressable", "~> 2.8", ">= 2.8.7")  # ruby >= 2.2
   spec.add_development_dependency("appraisal2", "~> 3.0")               # ruby >= 1.8.7
   spec.add_development_dependency("backports", "~> 3.25", ">= 3.25.1")  # ruby >= 0

From ecf09a41a3dff7a4deb86642c10163629b48fda5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Aug 2025 14:53:18 +0000
Subject: [PATCH 500/645] Bump actions/checkout from 4 to 5

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] 
---
 .github/workflows/ancient.yml               | 2 +-
 .github/workflows/caboose.yml               | 2 +-
 .github/workflows/codeql-analysis.yml       | 2 +-
 .github/workflows/coverage.yml              | 2 +-
 .github/workflows/current-runtime-heads.yml | 2 +-
 .github/workflows/current.yml               | 2 +-
 .github/workflows/dependency-review.yml     | 2 +-
 .github/workflows/deps_locked.yml           | 2 +-
 .github/workflows/deps_unlocked.yml         | 2 +-
 .github/workflows/heads.yml                 | 2 +-
 .github/workflows/jruby.yml                 | 2 +-
 .github/workflows/legacy.yml                | 2 +-
 .github/workflows/macos.yml                 | 2 +-
 .github/workflows/style.yml                 | 2 +-
 .github/workflows/supported.yml             | 2 +-
 .github/workflows/truffle.yml               | 2 +-
 .github/workflows/unsupported.yml           | 2 +-
 .github/workflows/windows.yml               | 2 +-
 18 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/ancient.yml b/.github/workflows/ancient.yml
index 1ee86098..2055a73e 100644
--- a/.github/workflows/ancient.yml
+++ b/.github/workflows/ancient.yml
@@ -52,7 +52,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/caboose.yml b/.github/workflows/caboose.yml
index 02a381d2..f69cafd2 100644
--- a/.github/workflows/caboose.yml
+++ b/.github/workflows/caboose.yml
@@ -85,7 +85,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 502c2a0e..a03c20f2 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -38,7 +38,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index e9c04e97..40e7f9ab 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -55,7 +55,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/current-runtime-heads.yml b/.github/workflows/current-runtime-heads.yml
index 8d59fd24..eb769656 100644
--- a/.github/workflows/current-runtime-heads.yml
+++ b/.github/workflows/current-runtime-heads.yml
@@ -66,7 +66,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml
index fa978124..1096ce9b 100644
--- a/.github/workflows/current.yml
+++ b/.github/workflows/current.yml
@@ -65,7 +65,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 0d4a0136..046e9c88 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -15,6 +15,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@v4
diff --git a/.github/workflows/deps_locked.yml b/.github/workflows/deps_locked.yml
index 5178a8c0..96dc9767 100644
--- a/.github/workflows/deps_locked.yml
+++ b/.github/workflows/deps_locked.yml
@@ -61,7 +61,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/deps_unlocked.yml b/.github/workflows/deps_unlocked.yml
index a14fc695..cfa42543 100644
--- a/.github/workflows/deps_unlocked.yml
+++ b/.github/workflows/deps_unlocked.yml
@@ -63,7 +63,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/heads.yml b/.github/workflows/heads.yml
index 2223e702..a1f1f0a7 100644
--- a/.github/workflows/heads.yml
+++ b/.github/workflows/heads.yml
@@ -64,7 +64,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/jruby.yml b/.github/workflows/jruby.yml
index 697ec5fc..06f1eb99 100644
--- a/.github/workflows/jruby.yml
+++ b/.github/workflows/jruby.yml
@@ -62,7 +62,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/legacy.yml b/.github/workflows/legacy.yml
index 4b60e371..dc59e4ac 100644
--- a/.github/workflows/legacy.yml
+++ b/.github/workflows/legacy.yml
@@ -55,7 +55,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index 3e65abb0..cf0189ee 100644
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -65,7 +65,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index be162a96..dfee1fac 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -44,7 +44,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml
index ddf1ce55..d20a3e84 100644
--- a/.github/workflows/supported.yml
+++ b/.github/workflows/supported.yml
@@ -54,7 +54,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/truffle.yml b/.github/workflows/truffle.yml
index 40f99ec5..bf51aaca 100644
--- a/.github/workflows/truffle.yml
+++ b/.github/workflows/truffle.yml
@@ -47,7 +47,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml
index 5768bb03..0bfc0d3b 100644
--- a/.github/workflows/unsupported.yml
+++ b/.github/workflows/unsupported.yml
@@ -55,7 +55,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index 8966b601..16e3f07f 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -47,7 +47,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
         uses: ruby/setup-ruby@v1

From 2a3fc77cffb5eec69ed23d0719e76ff1d3ac212f Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Thu, 21 Aug 2025 23:48:15 +0700
Subject: [PATCH 501/645] =?UTF-8?q?=F0=9F=93=84=20Update=20summary=20&=20d?=
 =?UTF-8?q?escription?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: |7eter l-|. l3oling 
---
 oauth2.gemspec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/oauth2.gemspec b/oauth2.gemspec
index 5a73c868..48564e5e 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -38,8 +38,8 @@ Gem::Specification.new do |spec|
   gl_homepage = "https://gitlab.com/ruby-oauth/#{spec.name}"
   gh_mirror = "https://github.com/ruby-oauth/#{spec.name}"
 
-  spec.summary = "OAuth 2.0 Core Ruby implementation"
-  spec.description = "Ruby wrapper for the OAuth 2.0 protocol"
+  spec.summary = "🔐 OAuth 2.0 & OIDC"
+  spec.description = "🔐 Ruby wrapper for the OAuth 2.0 protocol, including OIDC"
   spec.homepage = gh_mirror
   spec.license = "MIT"
   spec.required_ruby_version = ">= 2.2.0"

From 3b5cfe085e4d64268d48d08fdccbd37572c7ef82 Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Mon, 25 Aug 2025 23:00:38 +0700
Subject: [PATCH 502/645] =?UTF-8?q?=F0=9F=93=84=20Update=20Headline?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: |7eter l-|. l3oling 
---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 2d3ab680..f0945c11 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,8 @@
 [🖼️ruby-lang-i]: https://logos.galtzo.com/assets/images/ruby-lang/avatar-192px.svg
 [🖼️ruby-lang]: https://github.com/ruby-lang
 
-## 🔐 OAuth2
+## 🔐 oauth2 - OAuth 2.0 Authorization Framework, including OpenID Connect (OIDC)
+
 
 [![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Caboose is an absolute WAGON][🚎13-cbs-wfi]][🚎13-cbs-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL]
 

From 1875e2137ffeb99c55302300eaa24de237ab9b44 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 29 Aug 2025 19:35:17 -0600
Subject: [PATCH 503/645] =?UTF-8?q?=E2=9E=95=20kettle-dev=20v1.0.18?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/oauth2.iml | 11 +++++++--
 Gemfile.lock     | 60 +++++++++++++++++++++++++++++++++---------------
 oauth2.gemspec   |  9 +-------
 3 files changed, 51 insertions(+), 29 deletions(-)

diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index d98c93e6..c235df2a 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -28,6 +28,7 @@
     
     
     
+    
     
     
     
@@ -42,12 +43,15 @@
     
     
     
+    
     
     
     
     
     
+    
     
+    
     
     
     
@@ -83,6 +87,7 @@
     
     
     
+    
     
     
     
@@ -98,7 +103,7 @@
     
     
     
-    
+    
     
     
     
@@ -111,10 +116,12 @@
     
     
     
-    
+    
     
     
     
+    
+    
     
     
     
diff --git a/Gemfile.lock b/Gemfile.lock
index 6ce5bba6..6fb2b2d5 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -45,6 +45,7 @@ GEM
     debug (1.11.0)
       irb (~> 1.10)
       reline (>= 0.3.8)
+    delegate (0.4.0)
     diff-lcs (1.6.2)
     diffy (3.4.4)
     docile (1.4.1)
@@ -87,6 +88,8 @@ GEM
     gem_bench (2.0.5)
       bundler (>= 1.14)
       version_gem (~> 1.1, >= 1.1.4)
+    gitmoji-regex (1.0.3)
+      version_gem (~> 1.1, >= 1.1.8)
     hashie (5.0.0)
     io-console (0.8.1)
     irb (1.15.2)
@@ -96,6 +99,17 @@ GEM
     json (2.13.2)
     jwt (3.1.2)
       base64
+    kettle-dev (1.0.18)
+      appraisal2 (~> 3.0)
+      bundler-audit (~> 0.9.2)
+      gitmoji-regex (~> 1.0, >= 1.0.3)
+      kettle-test (~> 1.0)
+      rake (~> 13.0)
+      require_bench (~> 1.0, >= 1.0.4)
+      rspec-pending_for
+      ruby-progressbar (~> 1.13)
+      stone_checksums (~> 1.0, >= 1.0.2)
+      version_gem (~> 1.1, >= 1.1.8)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)
@@ -105,6 +119,15 @@ GEM
       simplecov-rcov (~> 0.3, >= 0.3.7)
       simplecov_json_formatter (~> 0.1, >= 0.1.4)
       version_gem (~> 1.1, >= 1.1.8)
+    kettle-test (1.0.3)
+      appraisal2 (~> 3.0)
+      rspec (~> 3.0)
+      rspec-block_is_expected (~> 1.0, >= 1.0.6)
+      rspec-stubbed_env (~> 1.0, >= 1.0.4)
+      rspec_junit_formatter (~> 0.6)
+      silent_stream (~> 1.0, >= 1.0.12)
+      timecop-rspec (~> 1.0, >= 1.0.3)
+      version_gem (~> 1.1, >= 1.1.8)
     kramdown (2.5.1)
       rexml (>= 3.3.9)
     kramdown-parser-gfm (1.1.0)
@@ -147,12 +170,12 @@ GEM
       parser (~> 3.3.0)
       rainbow (>= 2.0, < 4.0)
       rexml (~> 3.1)
-    regexp_parser (2.11.0)
+    regexp_parser (2.11.2)
     reline (0.6.2)
       io-console (~> 0.5)
     require_bench (1.0.4)
       version_gem (>= 1.1.3, < 4)
-    rexml (3.4.1)
+    rexml (3.4.2)
     rspec (3.13.1)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
@@ -166,13 +189,14 @@ GEM
     rspec-mocks (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-pending_for (0.1.17)
-      rake (>= 10)
+    rspec-pending_for (0.1.18)
       rspec-core (~> 3.0)
       ruby_engine (~> 2.0)
       ruby_version (~> 1.0)
     rspec-stubbed_env (1.0.4)
-    rspec-support (3.13.4)
+    rspec-support (3.13.5)
+    rspec_junit_formatter (0.6.0)
+      rspec-core (>= 2, < 4, != 2.12.0)
     rubocop (1.75.8)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
@@ -229,14 +253,14 @@ GEM
     ruby-progressbar (1.13.0)
     ruby_engine (2.0.3)
     ruby_version (1.0.3)
-    silent_stream (1.0.11)
+    silent_stream (1.0.12)
       logger (~> 1.2)
       version_gem (>= 1.1.8, < 3)
     simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
       simplecov_json_formatter (~> 0.1)
-    simplecov-cobertura (3.0.0)
+    simplecov-cobertura (3.1.0)
       rexml
       simplecov (~> 0.19)
     simplecov-console (0.9.4)
@@ -244,7 +268,7 @@ GEM
       simplecov
       terminal-table
     simplecov-html (0.13.2)
-    simplecov-lcov (0.8.0)
+    simplecov-lcov (0.9.0)
     simplecov-rcov (0.3.7)
       simplecov (>= 0.4.1)
     simplecov_json_formatter (0.1.4)
@@ -269,13 +293,18 @@ GEM
       standard-custom (>= 1.0.2, < 2)
       standard-performance (>= 1.3.1, < 2)
       version_gem (>= 1.1.4, < 3)
-    stone_checksums (1.0.0)
-      version_gem (>= 1.1.5, < 3)
+    stone_checksums (1.0.2)
+      version_gem (~> 1.1, >= 1.1.8)
     stringio (3.1.7)
     terminal-table (4.0.0)
       unicode-display_width (>= 1.1.1, < 4)
     thor (1.4.0)
-    unicode-display_width (3.1.4)
+    timecop (0.9.10)
+    timecop-rspec (1.0.3)
+      delegate (~> 0.1)
+      rspec (~> 3.0)
+      timecop (>= 0.7, < 1)
+    unicode-display_width (3.1.5)
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
     uri (1.0.3)
@@ -292,34 +321,27 @@ PLATFORMS
 
 DEPENDENCIES
   addressable (~> 2.8, >= 2.8.7)
-  appraisal2 (~> 3.0)
   backports (~> 3.25, >= 3.25.1)
   benchmark (~> 0.4)
   bundler-audit (~> 0.9.2)
   debug (>= 1.1)
   gem_bench (~> 2.0, >= 2.0.5)
   irb (~> 1.15, >= 1.15.2)
+  kettle-dev (~> 1.0, >= 1.0.18)
   kettle-soup-cover (~> 1.0, >= 1.0.6)
   kramdown (~> 2.5, >= 2.5.1)
   kramdown-parser-gfm (~> 1.1)
   nkf (~> 0.2)
   oauth2!
-  rake (~> 13.0)
   rdoc (~> 6.11)
   reek (~> 6.4)
   require_bench (~> 1.0, >= 1.0.4)
   rexml (~> 3.2, >= 3.2.5)
-  rspec (~> 3.13)
-  rspec-block_is_expected (~> 1.0, >= 1.0.6)
-  rspec-pending_for (~> 0.1, >= 0.1.17)
-  rspec-stubbed_env (~> 1.0, >= 1.0.2)
   rubocop (~> 1.73, >= 1.73.2)
   rubocop-lts (~> 8.1, >= 8.1.1)
   rubocop-packaging (~> 0.5, >= 0.5.2)
   rubocop-rspec (~> 3.2)
-  silent_stream (~> 1.0, >= 1.0.11)
   standard (~> 1.47)
-  stone_checksums (~> 1.0)
   yard (~> 0.9, >= 0.9.37)
   yard-junk (~> 0.0, >= 0.0.10)!
   yard-relative_markdown_links (~> 0.5.0)
diff --git a/oauth2.gemspec b/oauth2.gemspec
index 48564e5e..41ab332f 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -143,15 +143,8 @@ Thanks, |7eter l-|. l3oling
   #       and preferably a modular one (see gemfiles/modular/*.gemfile).
 
   spec.add_development_dependency("addressable", "~> 2.8", ">= 2.8.7")  # ruby >= 2.2
-  spec.add_development_dependency("appraisal2", "~> 3.0")               # ruby >= 1.8.7
   spec.add_development_dependency("backports", "~> 3.25", ">= 3.25.1")  # ruby >= 0
+  spec.add_development_dependency("kettle-dev", "~> 1.0", ">= 1.0.18")  # ruby >= 2.3
   spec.add_development_dependency("nkf", "~> 0.2")                      # ruby >= 2.3
-  spec.add_development_dependency("rake", "~> 13.0")                    # ruby >= 2.2
   spec.add_development_dependency("rexml", "~> 3.2", ">= 3.2.5")        # ruby >= 0
-  spec.add_development_dependency("rspec", "~> 3.13")                   # ruby >= 0
-  spec.add_development_dependency("rspec-block_is_expected", "~> 1.0", ">= 1.0.6")  # ruby >= 1.8.7
-  spec.add_development_dependency("rspec-pending_for", "~> 0.1", ">= 0.1.17")       # ruby >= 1.8.7
-  spec.add_development_dependency("rspec-stubbed_env", "~> 1.0", ">= 1.0.2")        # ruby >= 1.8.7
-  spec.add_development_dependency("silent_stream", "~> 1.0", ">= 1.0.11")           # ruby >= 2.3
-  spec.add_development_dependency("stone_checksums", "~> 1.0")                      # ruby >= 2.2
 end

From 4c2b67100cb75c8b78720c8e831a0b678e33480a Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 29 Aug 2025 19:40:02 -0600
Subject: [PATCH 504/645] =?UTF-8?q?=F0=9F=94=A8=20kettle-dev=20binstubs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bin/kettle-changelog      | 16 ++++++++++++++++
 bin/kettle-commit-msg     | 16 ++++++++++++++++
 bin/kettle-readme-backers | 16 ++++++++++++++++
 bin/kettle-release        | 16 ++++++++++++++++
 4 files changed, 64 insertions(+)
 create mode 100755 bin/kettle-changelog
 create mode 100755 bin/kettle-commit-msg
 create mode 100755 bin/kettle-readme-backers
 create mode 100755 bin/kettle-release

diff --git a/bin/kettle-changelog b/bin/kettle-changelog
new file mode 100755
index 00000000..0e7fcc4d
--- /dev/null
+++ b/bin/kettle-changelog
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'kettle-changelog' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("kettle-dev", "kettle-changelog")
diff --git a/bin/kettle-commit-msg b/bin/kettle-commit-msg
new file mode 100755
index 00000000..b228ad67
--- /dev/null
+++ b/bin/kettle-commit-msg
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'kettle-commit-msg' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("kettle-dev", "kettle-commit-msg")
diff --git a/bin/kettle-readme-backers b/bin/kettle-readme-backers
new file mode 100755
index 00000000..fec80bd5
--- /dev/null
+++ b/bin/kettle-readme-backers
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'kettle-readme-backers' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("kettle-dev", "kettle-readme-backers")
diff --git a/bin/kettle-release b/bin/kettle-release
new file mode 100755
index 00000000..1f5758a8
--- /dev/null
+++ b/bin/kettle-release
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'kettle-release' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("kettle-dev", "kettle-release")

From 2b60a29a5f4cf05fe316695d3cb30465efa28da6 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 29 Aug 2025 19:43:51 -0600
Subject: [PATCH 505/645] =?UTF-8?q?=F0=9F=94=A8=20kettle-dev=20Rakefile=20?=
 =?UTF-8?q?v1.0.18?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Rakefile | 161 ++++++++++++++++++-------------------------------------
 1 file changed, 53 insertions(+), 108 deletions(-)

diff --git a/Rakefile b/Rakefile
index 21e9debd..d5901285 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1,125 +1,70 @@
 # frozen_string_literal: true
 
-require "bundler/gem_tasks"
-
-defaults = []
-
-is_ci = ENV.fetch("https://github.com/CI", "false").casecmp("true") == 0
-
-### DEVELOPMENT TASKS
-# Setup Kettle Soup Cover
-begin
-  require "kettle-soup-cover"
-
-  Kettle::Soup::Cover.install_tasks
-  # NOTE: Coverage on CI is configured independent of this task.
-  #       This task is for local development, as it opens results in browser
-  defaults << "coverage" unless Kettle::Soup::Cover::IS_CI
-rescue LoadError
-  desc("(stub) coverage is unavailable")
-  task("coverage") do
-    warn("NOTE: kettle-soup-cover isn't installed, or is disabled for #{RUBY_VERSION} in the current environment")
-  end
-end
-
-# Setup Bundle Audit
-begin
-  require "bundler/audit/task"
-
-  Bundler::Audit::Task.new
-  defaults.push("bundle:audit:update", "bundle:audit")
-rescue LoadError
-  desc("(stub) bundle:audit is unavailable")
-  task("bundle:audit") do
-    warn("NOTE: bundler-audit isn't installed, or is disabled for #{RUBY_VERSION} in the current environment")
-  end
-  desc("(stub) bundle:audit:update is unavailable")
-  task("bundle:audit:update") do
-    warn("NOTE: bundler-audit isn't installed, or is disabled for #{RUBY_VERSION} in the current environment")
-  end
-end
-
-begin
-  require "rspec/core/rake_task"
-
-  RSpec::Core::RakeTask.new(:spec)
-  # This takes the place of `coverage` task when running as CI=true
-  defaults << "spec" if !defined?(Kettle::Soup::Cover) || Kettle::Soup::Cover::IS_CI
-rescue LoadError
-  desc("spec task stub")
-  task(:spec) do
-    warn("NOTE: rspec isn't installed, or is disabled for #{RUBY_VERSION} in the current environment")
-  end
-end
-
-desc "run spec task with test task"
-task test: :spec
+# kettle-dev Rakefile v1.0.18 - 2025-08-29
+# Ruby 2.3 (Safe Navigation) or higher required
+#
+# MIT License (see License.txt)
+#
+# Copyright (c) 2025 Peter H. Boling (galtzo.com)
+#
+# Expected to work in any project that uses Bundler.
+#
+# Sets up tasks for appraisal, floss_funding, rspec, minitest, rubocop, reek, yard, and stone_checksums.
+#
+# rake appraisal:update                       # Update Appraisal gemfiles and run RuboCop...
+# rake bench                                  # Run all benchmarks (alias for bench:run)
+# rake bench:list                             # List available benchmark scripts
+# rake bench:run                              # Run all benchmark scripts (skips on CI)
+# rake build                                  # Build kettle-dev-1.0.0.gem into the pkg d...
+# rake build:checksum                         # Generate SHA512 checksum of kettle-dev-1....
+# rake build:generate_checksums               # Generate both SHA256 & SHA512 checksums i...
+# rake bundle:audit:check                     # Checks the Gemfile.lock for insecure depe...
+# rake bundle:audit:update                    # Updates the bundler-audit vulnerability d...
+# rake ci:act[opt]                            # Run 'act' with a selected workflow
+# rake clean                                  # Remove any temporary products
+# rake clobber                                # Remove any generated files
+# rake coverage                               # Run specs w/ coverage and open results in...
+# rake default                                # Default tasks aggregator
+# rake install                                # Build and install kettle-dev-1.0.0.gem in...
+# rake install:local                          # Build and install kettle-dev-1.0.0.gem in...
+# rake kettle:dev:install                     # Install kettle-dev GitHub automation and ...
+# rake kettle:dev:template                    # Template kettle-dev files into the curren...
+# rake reek                                   # Check for code smells
+# rake reek:update                            # Run reek and store the output into the RE...
+# rake release[remote]                        # Create tag v1.0.0 and build and push kett...
+# rake rubocop_gradual                        # Run RuboCop Gradual
+# rake rubocop_gradual:autocorrect            # Run RuboCop Gradual with autocorrect (onl...
+# rake rubocop_gradual:autocorrect_all        # Run RuboCop Gradual with autocorrect (saf...
+# rake rubocop_gradual:check                  # Run RuboCop Gradual to check the lock file
+# rake rubocop_gradual:force_update           # Run RuboCop Gradual to force update the l...
+# rake rubocop_gradual_debug                  # Run RuboCop Gradual
+# rake rubocop_gradual_debug:autocorrect      # Run RuboCop Gradual with autocorrect (onl...
+# rake rubocop_gradual_debug:autocorrect_all  # Run RuboCop Gradual with autocorrect (saf...
+# rake rubocop_gradual_debug:check            # Run RuboCop Gradual to check the lock file
+# rake rubocop_gradual_debug:force_update     # Run RuboCop Gradual to force update the l...
+# rake spec                                   # Run RSpec code examples
+# rake test                                   # Run tests
+# rake yard                                   # Generate YARD Documentation
+#
 
-# Setup RuboCop-LTS
-begin
-  require "rubocop/lts"
+require "bundler/gem_tasks"
 
-  Rubocop::Lts.install_tasks
-  # Make autocorrect the default rubocop task
-  defaults << "rubocop_gradual:autocorrect"
-rescue LoadError
-  desc("(stub) rubocop_gradual is unavailable")
-  task(:rubocop_gradual) do
-    warn("NOTE: rubocop-lts isn't installed, or is disabled for #{RUBY_VERSION} in the current environment")
-  end
+# Define a base default task early so other files can enhance it.
+desc "Default tasks aggregator"
+task :default do
+  puts "Default task complete."
 end
 
-# Setup Yard
-begin
-  require "yard"
-
-  YARD::Rake::YardocTask.new(:yard) do |t|
-    t.files = [
-      # Source Splats (alphabetical)
-      "lib/**/*.rb",
-      "-", # source and extra docs are separated by "-"
-      # Extra Files (alphabetical)
-      "*.cff",
-      "*.md",
-      "*.txt",
-    ]
-  end
-  defaults << "yard"
-rescue LoadError
-  desc("(stub) yard is unavailable")
-  task(:yard) do
-    warn("NOTE: yard isn't installed, or is disabled for #{RUBY_VERSION} in the current environment")
-  end
-end
-
-# Setup Reek
-begin
-  require "reek/rake/task"
-
-  Reek::Rake::Task.new do |t|
-    t.fail_on_error = true
-    t.verbose = false
-    t.source_files = "{lib,spec}/**/*.rb"
-  end
-  defaults << "reek" unless is_ci
-rescue LoadError
-  desc("(stub) reek is unavailable")
-  task(:reek) do
-    warn("NOTE: reek isn't installed, or is disabled for #{RUBY_VERSION} in the current environment")
-  end
-end
+# External gems that define tasks - add here!
+require "kettle/dev"
 
 ### RELEASE TASKS
 # Setup stone_checksums
 begin
   require "stone_checksums"
-
-  GemChecksums.install_tasks
 rescue LoadError
   desc("(stub) build:generate_checksums is unavailable")
   task("build:generate_checksums") do
     warn("NOTE: stone_checksums isn't installed, or is disabled for #{RUBY_VERSION} in the current environment")
   end
 end
-
-task default: defaults

From 7cd5372a8da950d894214f741f12a5c36664d936 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 30 Aug 2025 01:03:53 -0600
Subject: [PATCH 506/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20kettle-dev=20v1.0.?=
 =?UTF-8?q?23?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/oauth2.iml | 18 +++++++++---------
 Gemfile.lock     |  4 ++--
 oauth2.gemspec   |  2 +-
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index c235df2a..fcb82615 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -49,9 +49,9 @@
     
     
     
-    
+    
     
-    
+    
     
     
     
@@ -75,18 +75,18 @@
     
     
     
-    
+    
     
     
-    
+    
     
     
     
     
     
-    
+    
     
-    
+    
     
     
     
@@ -105,10 +105,10 @@
     
     
     
-    
+    
     
     
-    
+    
     
     
     
@@ -122,7 +122,7 @@
     
     
     
-    
+    
     
     
     
diff --git a/Gemfile.lock b/Gemfile.lock
index 6fb2b2d5..b9b166fe 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -99,7 +99,7 @@ GEM
     json (2.13.2)
     jwt (3.1.2)
       base64
-    kettle-dev (1.0.18)
+    kettle-dev (1.0.23)
       appraisal2 (~> 3.0)
       bundler-audit (~> 0.9.2)
       gitmoji-regex (~> 1.0, >= 1.0.3)
@@ -327,7 +327,7 @@ DEPENDENCIES
   debug (>= 1.1)
   gem_bench (~> 2.0, >= 2.0.5)
   irb (~> 1.15, >= 1.15.2)
-  kettle-dev (~> 1.0, >= 1.0.18)
+  kettle-dev (~> 1.0, >= 1.0.23)
   kettle-soup-cover (~> 1.0, >= 1.0.6)
   kramdown (~> 2.5, >= 2.5.1)
   kramdown-parser-gfm (~> 1.1)
diff --git a/oauth2.gemspec b/oauth2.gemspec
index 41ab332f..f2c2aa4d 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -144,7 +144,7 @@ Thanks, |7eter l-|. l3oling
 
   spec.add_development_dependency("addressable", "~> 2.8", ">= 2.8.7")  # ruby >= 2.2
   spec.add_development_dependency("backports", "~> 3.25", ">= 3.25.1")  # ruby >= 0
-  spec.add_development_dependency("kettle-dev", "~> 1.0", ">= 1.0.18")  # ruby >= 2.3
+  spec.add_development_dependency("kettle-dev", "~> 1.0", ">= 1.0.23")  # ruby >= 2.3
   spec.add_development_dependency("nkf", "~> 0.2")                      # ruby >= 2.3
   spec.add_development_dependency("rexml", "~> 3.2", ">= 3.2.5")        # ruby >= 0
 end

From 49b8857f1f5c9a04be5cbd0168d8d4969294401b Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 30 Aug 2025 04:58:43 -0600
Subject: [PATCH 507/645] =?UTF-8?q?=F0=9F=8E=A8=20kettle-dev=20v1.0.23=20t?=
 =?UTF-8?q?emplate?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .envrc                                 |  13 +-
 .git-hooks/commit-msg                  |  41 ++
 .git-hooks/commit-subjects-goalie.txt  |   8 +
 .git-hooks/footer-template.erb.txt     |  16 +
 .git-hooks/prepare-commit-msg          |  20 +
 .github/FUNDING.yml                    |   4 +-
 .github/dependabot.yml                 |   7 +-
 .github/workflows/ancient.yml          |  12 +-
 .github/workflows/auto-assign.yml      |  21 +
 .github/workflows/codeql-analysis.yml  |   4 +-
 .github/workflows/coverage.yml         |  27 +-
 .github/workflows/current.yml          |   2 +-
 .github/workflows/discord-notifier.yml |  39 ++
 .github/workflows/heads.yml            |   2 +-
 .github/workflows/jruby.yml            |  18 +-
 .github/workflows/legacy.yml           |  18 +-
 .github/workflows/locked_deps.yml      |  85 ++++
 .github/workflows/opencollective.yml   |  40 ++
 .github/workflows/style.yml            |   2 +-
 .github/workflows/supported.yml        |   2 +-
 .github/workflows/truffle.yml          |   2 +-
 .github/workflows/unlocked_deps.yml    |  84 ++++
 .github/workflows/unsupported.yml      |   2 +-
 .gitignore                             |   4 +
 .idea/oauth2.iml                       |   6 +
 .junie/guidelines-rbs.md               |  49 +++
 .junie/guidelines.md                   | 135 +++++++
 .opencollective.yml                    |   3 +
 .qlty/qlty.toml                        |   1 +
 .rspec                                 |   9 +-
 .rubocop.yml                           |  12 +-
 .simplecov                             |   4 +
 .yardopts                              |   3 +-
 Appraisals                             | 156 +-------
 CHANGELOG.md                           | 534 ++-----------------------
 CITATION.cff                           |   5 +-
 CODE_OF_CONDUCT.md                     |   1 -
 CONTRIBUTING.md                        |  94 ++++-
 FUNDING.md                             |  77 ++++
 Gemfile                                |  15 +-
 Gemfile.lock                           |  42 +-
 README.md                              | 417 +++++++++----------
 RUBOCOP.md                             |  71 ++++
 Rakefile                               |   4 +-
 gemfiles/modular/coverage.gemfile      |   2 +-
 gemfiles/modular/optional.gemfile      |   1 +
 gemfiles/modular/style.gemfile         |  16 +-
 oauth2.gemspec                         |  72 ++--
 48 files changed, 1187 insertions(+), 1015 deletions(-)
 create mode 100755 .git-hooks/commit-msg
 create mode 100644 .git-hooks/commit-subjects-goalie.txt
 create mode 100644 .git-hooks/footer-template.erb.txt
 create mode 100755 .git-hooks/prepare-commit-msg
 create mode 100644 .github/workflows/auto-assign.yml
 create mode 100644 .github/workflows/discord-notifier.yml
 create mode 100644 .github/workflows/locked_deps.yml
 create mode 100644 .github/workflows/opencollective.yml
 create mode 100644 .github/workflows/unlocked_deps.yml
 create mode 100644 .junie/guidelines-rbs.md
 create mode 100644 .junie/guidelines.md
 create mode 100644 .opencollective.yml
 create mode 100644 FUNDING.md
 create mode 100644 RUBOCOP.md
 create mode 100644 gemfiles/modular/optional.gemfile

diff --git a/.envrc b/.envrc
index e049643d..6b06e0ae 100644
--- a/.envrc
+++ b/.envrc
@@ -1,4 +1,6 @@
 # Run any command in this library's bin/ without the bin/ prefix!
+# Prefer exe version over binstub
+PATH_add exe
 PATH_add bin
 
 # Only add things to this file that should be shared with the team.
@@ -16,18 +18,21 @@ PATH_add bin
 
 ### External Testing Controls
 export K_SOUP_COV_DO=true # Means you want code coverage
+export K_SOUP_COV_COMMAND_NAME="Test Coverage"
 # Available formats are html, xml, rcov, lcov, json, tty
-export K_SOUP_COV_COMMAND_NAME="RSpec Coverage"
-export K_SOUP_COV_FORMATTERS="html,tty"
-export K_SOUP_COV_MIN_BRANCH=100 # Means you want to enforce X% branch coverage
-export K_SOUP_COV_MIN_LINE=100 # Means you want to enforce X% line coverage
+export K_SOUP_COV_FORMATTERS="html,xml,rcov,lcov,json,tty"
+export K_SOUP_COV_MIN_BRANCH=78 # Means you want to enforce X% branch coverage
+export K_SOUP_COV_MIN_LINE=97 # Means you want to enforce X% line coverage
 export K_SOUP_COV_MIN_HARD=true # Means you want the build to fail if the coverage thresholds are not met
 export K_SOUP_COV_MULTI_FORMATTERS=true
 export K_SOUP_COV_OPEN_BIN= # Means don't try to open coverage results in browser
 export MAX_ROWS=1 # Setting for simplecov-console gem for tty output, limits to the worst N rows of bad coverage
+export KETTLE_TEST_SILENT=true
 
 # Internal Debugging Controls
 export DEBUG=false # do not allow byebug statements (override in .env.local)
+export FLOSS_CFG_FUND_DEBUG=false # extra logging to help diagnose issues (override in .env.local)
+export FLOSS_CFG_FUND_LOGFILE=tmp/log/debug.log
 
 # Concurrently developing the rubocop-lts suite?
 export RUBOCOP_LTS_LOCAL=false
diff --git a/.git-hooks/commit-msg b/.git-hooks/commit-msg
new file mode 100755
index 00000000..cd918f6b
--- /dev/null
+++ b/.git-hooks/commit-msg
@@ -0,0 +1,41 @@
+#!/usr/bin/env ruby
+# vim: set syntax=ruby
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+# External gems
+require "gitmoji/regex"
+
+full_text = File.read(ARGV[0])
+# Is the first character a GitMoji?
+gitmoji_index = full_text =~ Gitmoji::Regex::REGEX
+if gitmoji_index == 0
+  exit 0
+else
+  denied = < (& many more) are a full-time endeavor.
+- [❤️] Though I adore my work, it lacks financial sustainability.
+- [❤️] Please, help me continue enhancing your tools by becoming a sponsor:
+  - [💲] https://liberapay.com/pboling/donate
+  - [💲] https://github.com/sponsors/pboling
+
+<% if ENV["GIT_HOOK_FOOTER_APPEND_DEBUG"] == "true" %>
+    @pwd = <%= @pwd %>
+    @gemspecs = <%= @gemspecs %>
+    @spec = <%= @spec %>
+    @gemspec_path = <%= @gemspec_path %>
+    @gem_name <%= @gem_name %>
+    @spec_name <%= @spec_name %>
+    @content <%= @content %>
+<% end %>
diff --git a/.git-hooks/prepare-commit-msg b/.git-hooks/prepare-commit-msg
new file mode 100755
index 00000000..48c75470
--- /dev/null
+++ b/.git-hooks/prepare-commit-msg
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# Fail on error and unset variables
+set -eu
+
+# Determine project root as the parent directory of this hook script
+PROJECT_ROOT="$(CDPATH= cd -- "$(dirname -- "$0")"/.. && pwd)"
+
+# Run the Ruby hook within the direnv context (if available),
+# so ENV from .envrc/.env.local at project root is loaded.
+# One of the things .envrc needs to do is add $PROJECT_ROOT/bin/ to the path.
+# You should have this line at the top of .envrc
+#   PATH_add bin
+# NOTE: this project needs to also add exe as well,
+#       but other libraries won't generally need to do that.
+if command -v direnv >/dev/null 2>&1; then
+  exec direnv exec "$PROJECT_ROOT" "kettle-commit-msg" "$@"
+else
+  raise "direnv not found. Local development of this project ($PROJECT_ROOT) with tools from the kettle-dev gem may not work properly. Please run 'brew install direnv'."
+fi
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
index 056a9722..5ee55773 100644
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -6,8 +6,8 @@ github: [pboling] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g.,
 issuehunt: pboling # Replace with a single IssueHunt username
 ko_fi: pboling # Replace with a single Ko-fi username
 liberapay: pboling # Replace with a single Liberapay username
-open_collective: ruby-oauth # Replace with a single Open Collective username
+open_collective: ruby-oauth
 patreon: galtzo # Replace with a single Patreon username
 polar: pboling
 thanks_dev: u/gh/pboling
-tidelift: rubygems/oauth2 # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+tidelift: rubygems/oauth2
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index dc043b45..956aa5a3 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,12 +3,11 @@ updates:
   - package-ecosystem: bundler
     directory: "/"
     schedule:
-      interval: daily
-      time: "04:28"
-    open-pull-requests-limit: 10
+      interval: "weekly"
+    open-pull-requests-limit: 5
     ignore:
       - dependency-name: "rubocop-lts"
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
diff --git a/.github/workflows/ancient.yml b/.github/workflows/ancient.yml
index 2055a73e..3cc6e37e 100644
--- a/.github/workflows/ancient.yml
+++ b/.github/workflows/ancient.yml
@@ -1,4 +1,4 @@
-name: MRI 2.4, 2.5 (EOL)
+name: MRI 2.3, 2.4, 2.5 (EOL)
 
 permissions:
   contents: read
@@ -24,8 +24,8 @@ concurrency:
 
 jobs:
   test:
-    name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
     if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
     runs-on: ubuntu-22.04
     continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
     env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
@@ -34,6 +34,14 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          # Ruby 2.3
+          - ruby: "ruby-2.3"
+            appraisal: "ruby-2-3"
+            exec_cmd: "rake test"
+            gemfile: "Appraisal.root"
+            rubygems: "3.3.27"
+            bundler: "2.3.27"
+
           # Ruby 2.4
           - ruby: "ruby-2.4"
             appraisal: "ruby-2-4"
diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml
new file mode 100644
index 00000000..96975f22
--- /dev/null
+++ b/.github/workflows/auto-assign.yml
@@ -0,0 +1,21 @@
+name: Auto Assign
+on:
+  issues:
+    types: [opened]
+  pull_request:
+    types: [opened]
+jobs:
+  run:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+    - name: 'Auto-assign issue'
+      uses: pozil/auto-assign-issue@v2
+      with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          assignees: pboling
+          abortIfPreviousAssignees: true
+          allowSelfAssign: true
+          numOfAssignee: 1
\ No newline at end of file
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index a03c20f2..45a8ec2c 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -13,10 +13,10 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ main, "*-stable" ]
+    branches: [ main, '*-stable' ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ main, "*-stable" ]
+    branches: [ main, '*-stable' ]
   schedule:
     - cron: '35 1 * * 5'
 
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 40e7f9ab..c9d6a2e1 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -9,7 +9,7 @@ env:
   K_SOUP_COV_MIN_BRANCH: 100
   K_SOUP_COV_MIN_LINE: 100
   K_SOUP_COV_MIN_HARD: true
-  K_SOUP_COV_FORMATTERS: "html,xml,rcov,lcov,tty"
+  K_SOUP_COV_FORMATTERS: "xml,rcov,lcov,tty"
   K_SOUP_COV_DO: true
   K_SOUP_COV_MULTI_FORMATTERS: true
   K_SOUP_COV_COMMAND_NAME: "Test Coverage"
@@ -35,8 +35,8 @@ concurrency:
 
 jobs:
   coverage:
-    name: Code Coverage on ${{ matrix.ruby }}@current
     if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    name: Code Coverage on ${{ matrix.ruby }}@current
     runs-on: ubuntu-latest
     continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
     env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
@@ -67,7 +67,7 @@ jobs:
 
       # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root)
       # We need to do this first to get appraisal installed.
-      # NOTE: This does not use the main Gemfile at all.
+      # NOTE: This does not use the primary Gemfile at all.
       - name: Install Root Appraisal
         run: bundle
       - name: Appraisal for ${{ matrix.appraisal }}
@@ -85,21 +85,22 @@ jobs:
 
       - name: Upload coverage to QLTY
         if: ${{ !env.ACT }}
-        uses: qltysh/qlty-action/coverage@v2
+        uses: qltysh/qlty-action/coverage@main
         with:
           token: ${{secrets.QLTY_COVERAGE_TOKEN}}
           files: coverage/.resultset.json
         continue-on-error: ${{ matrix.experimental != 'false' }}
 
-#      # Build will fail here if coverage upload fails
-#      #   which will hopefully be noticed for the lack of code coverage comments
-#      - name: Upload coverage to CodeCov
-#        uses: codecov/codecov-action@v5
-#        with:
-#          use_oidc: true
-#          fail_ci_if_error: true # optional (default = false)
-#          files: coverage/lcov.info,coverage/coverage.xml
-#          verbose: true # optional (default = false)
+      # Build will fail here if coverage upload fails
+      #   which will hopefully be noticed for the lack of code coverage comments
+      - name: Upload coverage to CodeCov
+        if: ${{ !env.ACT }}
+        uses: codecov/codecov-action@v5
+        with:
+          use_oidc: true
+          fail_ci_if_error: false # optional (default = false)
+          files: coverage/lcov.info,coverage/coverage.xml
+          verbose: true # optional (default = false)
 
       # Then PR comments
       - name: Code Coverage Summary Report
diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml
index 1096ce9b..aca52ba3 100644
--- a/.github/workflows/current.yml
+++ b/.github/workflows/current.yml
@@ -28,8 +28,8 @@ concurrency:
 
 jobs:
   test:
-    name: Specs ${{ matrix.ruby }}@${{ matrix.appraisal }}
     if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    name: Specs ${{ matrix.ruby }}@${{ matrix.appraisal }}
     runs-on: ubuntu-latest
     continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
     env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
diff --git a/.github/workflows/discord-notifier.yml b/.github/workflows/discord-notifier.yml
new file mode 100644
index 00000000..ad98367a
--- /dev/null
+++ b/.github/workflows/discord-notifier.yml
@@ -0,0 +1,39 @@
+name: Discord Notify
+
+on:
+  check_run:
+    types: [completed]
+  discussion:
+    types: [ created ]
+  discussion_comment:
+    types: [ created ]
+  fork:
+  gollum:
+  issues:
+    types: [ opened ]
+  issue_comment:
+    types: [ created ]
+  pull_request:
+    types: [ opened, reopened, closed ]
+  release:
+    types: [ published ]
+  watch:
+    types: [ started ]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  notify:
+    if: false
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - name: Actions Status Discord
+        uses: sarisia/actions-status-discord@v1
+        if: always()
+        with:
+          webhook: ${{ secrets.DISCORD_WEBHOOK }}
+          status: ${{ job.status }}
+          username: GitHub Actions
diff --git a/.github/workflows/heads.yml b/.github/workflows/heads.yml
index a1f1f0a7..e2046e66 100644
--- a/.github/workflows/heads.yml
+++ b/.github/workflows/heads.yml
@@ -27,8 +27,8 @@ concurrency:
 
 jobs:
   test:
-    name: Specs ${{ matrix.ruby }}@${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
     if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    name: Specs ${{ matrix.ruby }}@${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
     runs-on: ubuntu-latest
     continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
     env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
diff --git a/.github/workflows/jruby.yml b/.github/workflows/jruby.yml
index 06f1eb99..99ea13d9 100644
--- a/.github/workflows/jruby.yml
+++ b/.github/workflows/jruby.yml
@@ -27,8 +27,8 @@ concurrency:
 
 jobs:
   test:
-    name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
     if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
     runs-on: ubuntu-22.04
     continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
     env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
@@ -36,22 +36,6 @@ jobs:
     strategy:
       matrix:
         include:
-          # jruby-9.2 (targets Ruby 2.5 compatibility)
-          - ruby: "jruby-9.2"
-            appraisal: "ruby-2-5"
-            exec_cmd: "rake test"
-            gemfile: "Appraisal.root"
-            rubygems: default
-            bundler: default
-
-          # jruby-9.3 (targets Ruby 2.6 compatibility)
-          - ruby: "jruby-9.3"
-            appraisal: "ruby-2-6"
-            exec_cmd: "rake test"
-            gemfile: "Appraisal.root"
-            rubygems: default
-            bundler: default
-
           # jruby-9.4 (targets Ruby 3.1 compatibility)
           - ruby: "jruby-9.4"
             appraisal: "ruby-3-1"
diff --git a/.github/workflows/legacy.yml b/.github/workflows/legacy.yml
index dc59e4ac..7f1fc299 100644
--- a/.github/workflows/legacy.yml
+++ b/.github/workflows/legacy.yml
@@ -27,8 +27,8 @@ concurrency:
 
 jobs:
   test:
-    name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
     if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
     runs-on: ubuntu-22.04
     continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
     env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
@@ -37,14 +37,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          # Ruby 3.1
-          - ruby: "ruby-3.1"
-            appraisal: "ruby-3-1"
-            exec_cmd: "rake test"
-            gemfile: "Appraisal.root"
-            rubygems: latest
-            bundler: latest
-
           # Ruby 3.0
           - ruby: "ruby-3.0"
             appraisal: "ruby-3-0"
@@ -53,6 +45,14 @@ jobs:
             rubygems: '3.5.23'
             bundler: '2.5.23'
 
+          # Ruby 3.1
+          - ruby: "ruby-3.1"
+            appraisal: "ruby-3-1"
+            exec_cmd: "rake test"
+            gemfile: "Appraisal.root"
+            rubygems: latest
+            bundler: latest
+
     steps:
       - name: Checkout
         uses: actions/checkout@v5
diff --git a/.github/workflows/locked_deps.yml b/.github/workflows/locked_deps.yml
new file mode 100644
index 00000000..7d946ad6
--- /dev/null
+++ b/.github/workflows/locked_deps.yml
@@ -0,0 +1,85 @@
+---
+# Lock/Unlock Deps Pattern
+#
+# Two often conflicting goals resolved!
+#
+#  - unlocked_deps.yml
+#    - All runtime & dev dependencies, but does not have a `gemfiles/*.gemfile.lock` committed
+#    - Uses an Appraisal2 "unlocked_deps" gemfile, and the current MRI Ruby release
+#    - Know when new dependency releases will break local dev with unlocked dependencies
+#    - Broken workflow indicates that new releases of dependencies may not work
+#
+#  - locked_deps.yml
+#    - All runtime & dev dependencies, and has a `Gemfile.lock` committed
+#    - Uses the project's main Gemfile, and the current MRI Ruby release
+#    - Matches what contributors and maintainers use locally for development
+#    - Broken workflow indicates that a new contributor will have a bad time
+#
+name: Deps Locked
+
+permissions:
+  contents: read
+
+env:
+  # Running coverage, but not validating minimum coverage,
+  #   because it would be redundant with the coverage workflow.
+  # Also we can validate all output formats without breaking CodeCov,
+  #   since we aren't submitting these reports anywhere.
+  K_SOUP_COV_MIN_BRANCH: 71
+  K_SOUP_COV_MIN_LINE: 86
+  K_SOUP_COV_MIN_HARD: false
+  K_SOUP_COV_FORMATTERS: "html,xml,rcov,lcov,json,tty"
+  K_SOUP_COV_DO: true
+  K_SOUP_COV_MULTI_FORMATTERS: true
+  K_SOUP_COV_COMMAND_NAME: "Test Coverage"
+
+on:
+  push:
+    branches:
+      - 'main'
+      - '*-stable'
+    tags:
+      - '!*' # Do not execute on tags
+  pull_request:
+    branches:
+      - '*'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  # The concurrency group contains the workflow name and the branch name.
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  test:
+    if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    name: Default rake task w/ main Gemfile.lock ${{ matrix.name_extra || '' }}
+    runs-on: ubuntu-latest
+    continue-on-error: ${{ matrix.experimental }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # Ruby 
+          - ruby: "ruby"
+            exec_cmd: "rake"
+            rubygems: latest
+            bundler: latest
+            experimental: false
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Setup Ruby & RubyGems
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          rubygems: ${{ matrix.rubygems }}
+          bundler: ${{ matrix.bundler }}
+          bundler-cache: true
+
+      - name: Checks the kitchen sink via ${{ matrix.exec_cmd }}
+        run: bundle exec ${{ matrix.exec_cmd }}
diff --git a/.github/workflows/opencollective.yml b/.github/workflows/opencollective.yml
new file mode 100644
index 00000000..6122df47
--- /dev/null
+++ b/.github/workflows/opencollective.yml
@@ -0,0 +1,40 @@
+name: Open Collective Backers
+
+on:
+  schedule:
+    # Run once a week on Sunday at 12:00 AM UTC
+    - cron: '0 0 * * 0'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+jobs:
+  update-backers:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+      - name: Setup Ruby & RubyGems
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ruby
+          rubygems: default
+          bundler: default
+          bundler-cache: true
+
+      - name: README Update
+        env:
+          # Keep GITHUB_TOKEN for any tools/scripts expecting it, mapped to the same secret
+          GITHUB_TOKEN: ${{ secrets.README_UPDATER_TOKEN }}
+          README_UPDATER_TOKEN: ${{ secrets.README_UPDATER_TOKEN }}
+          REPO: ${{ github.repository }}
+        run: |
+          git config user.name 'autobolt'
+          git config user.email 'autobots@9thbit.net'
+          # Use the configured token for authenticated pushes
+          git remote set-url origin "https://x-access-token:$%7BREADME_UPDATER_TOKEN%7D@github.com/$%7BREPO%7D.git"
+          bin/kettle-readme-backers
+          # Push back to the same branch/ref that triggered the workflow (default branch for schedule)
+          git push origin HEAD
diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index dfee1fac..2fe1e03c 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -24,8 +24,8 @@ concurrency:
 
 jobs:
   rubocop:
-    name: Style on ${{ matrix.ruby }}@current
     if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    name: Style on ${{ matrix.ruby }}@current
     runs-on: ubuntu-latest
     continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
     env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
diff --git a/.github/workflows/supported.yml b/.github/workflows/supported.yml
index d20a3e84..887034b0 100644
--- a/.github/workflows/supported.yml
+++ b/.github/workflows/supported.yml
@@ -27,8 +27,8 @@ concurrency:
 
 jobs:
   test:
-    name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
     if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
     runs-on: ubuntu-latest
     continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
     env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
diff --git a/.github/workflows/truffle.yml b/.github/workflows/truffle.yml
index bf51aaca..db651885 100644
--- a/.github/workflows/truffle.yml
+++ b/.github/workflows/truffle.yml
@@ -27,8 +27,8 @@ concurrency:
 
 jobs:
   test:
-    name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
     if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
     runs-on: ubuntu-22.04
     continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
     env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
diff --git a/.github/workflows/unlocked_deps.yml b/.github/workflows/unlocked_deps.yml
new file mode 100644
index 00000000..7faffa13
--- /dev/null
+++ b/.github/workflows/unlocked_deps.yml
@@ -0,0 +1,84 @@
+---
+# Lock/Unlock Deps Pattern
+#
+# Two often conflicting goals resolved!
+#
+#  - unlocked_deps.yml
+#    - All runtime & dev dependencies, but does not have a `gemfiles/*.gemfile.lock` committed
+#    - Uses an Appraisal2 "unlocked_deps" gemfile, and the current MRI Ruby release
+#    - Know when new dependency releases will break local dev with unlocked dependencies
+#    - Broken workflow indicates that new releases of dependencies may not work
+#
+#  - locked_deps.yml
+#    - All runtime & dev dependencies, and has a `Gemfile.lock` committed
+#    - Uses the project's main Gemfile, and the current MRI Ruby release
+#    - Matches what contributors and maintainers use locally for development
+#    - Broken workflow indicates that a new contributor will have a bad time
+#
+name: Deps Unlocked
+
+permissions:
+  contents: read
+
+env:
+  K_SOUP_COV_DO: false
+
+on:
+  push:
+    branches:
+      - 'main'
+      - '*-stable'
+    tags:
+      - '!*' # Do not execute on tags
+  pull_request:
+    branches:
+      - '*'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  # The concurrency group contains the workflow name and the branch name.
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  test:
+    if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    name: Default rake task w/ unlocked deps ${{ matrix.name_extra || '' }}
+    runs-on: ubuntu-latest
+    continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
+    env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
+      BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile
+    strategy:
+      matrix:
+        include:
+          # Ruby 
+          - ruby: "ruby"
+            appraisal_name: "unlocked_deps"
+            exec_cmd: "rake"
+            gemfile: "Appraisal.root"
+            rubygems: latest
+            bundler: latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Setup Ruby & RubyGems
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          rubygems: ${{ matrix.rubygems }}
+          bundler: ${{ matrix.bundler }}
+          bundler-cache: false
+
+      # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root)
+      # We need to do this first to get appraisal installed.
+      # NOTE: This does not use the primary Gemfile at all.
+      - name: Install Root Appraisal
+        run: bundle
+      - name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal_name }}
+        run: bundle exec appraisal ${{ matrix.appraisal_name }} bundle
+      - name: Run ${{ matrix.exec_cmd }} on ${{ matrix.ruby }}@${{ matrix.appraisal_name }}
+        run: bundle exec appraisal ${{ matrix.appraisal_name }} bundle exec ${{ matrix.exec_cmd }}
diff --git a/.github/workflows/unsupported.yml b/.github/workflows/unsupported.yml
index 0bfc0d3b..98336994 100644
--- a/.github/workflows/unsupported.yml
+++ b/.github/workflows/unsupported.yml
@@ -27,8 +27,8 @@ concurrency:
 
 jobs:
   test:
-    name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
     if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
     runs-on: ubuntu-22.04
     continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
     env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
diff --git a/.gitignore b/.gitignore
index 159a4bd6..83000f2c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,6 +15,7 @@ Appraisal.*.gemfile.lock
 .rspec_status
 /coverage/
 /spec/reports/
+/results/
 
 # Documentation
 /.yardoc/
@@ -42,3 +43,6 @@ Appraisal.*.gemfile.lock
 
 # Editors
 *~
+
+# Sentinels
+.floss_funding.*.lock
diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index fcb82615..47346b34 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -25,6 +25,7 @@
     
     
     
+    
     
     
     
@@ -57,6 +58,7 @@
     
     
     
+    
     
     
     
@@ -67,12 +69,14 @@
     
     
     
+    
     
     
     
     
     
     
+    
     
     
     
@@ -93,6 +97,7 @@
     
     
     
+    
     
     
     
@@ -130,6 +135,7 @@
     
     
     
+    
   
   
     
            
   
     
            
 
     
            
     
            Enterprise Support
-Get help from me on Tidelift
            💡Subscribe for support guarantees covering all FLOSS dependencies!
            💡Tidelift is part of Sonar!
            💡Tidelift pays maintainers to maintain the software you depend on!
            📊@Pointy Haired Boss: An enterprise support subscription is “never gonna let you down”, and supports open source maintainers!
            Comrade BDFL 🎖️Maintainer 🎖️
       
 Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact BDFL My technical writing
 
 
 
 
 
   
   
   
   
   
            
       Documentation
       
-Discussion Current release on RubyDoc.info YARD on Galtzo.com BDFL Blog Wiki
+Discussion Current release on RubyDoc.info YARD on Galtzo.com Maintainer Blog Wiki
 
     
            
     
            
     
            
       Maintainer 🎖️
       
-Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact BDFL My technical writing
+Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact Maintainer My technical writing
 
     
            
     
            
 
 
       
 
 
       
     
            
       Documentation
       
-Discussion Current release on RubyDoc.info YARD on Galtzo.com BDFL Blog Wiki
+Discussion Current release on RubyDoc.info YARD on Galtzo.com Maintainer Blog Wiki
 
     
            
     
            
     
            
       Maintainer 🎖️
       
-Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact BDFL My technical writing
+Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact Maintainer My technical writing
 
     
            
     
            
 
 
       
 
 
       
 ... 💖
       
-Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
+Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
 
     
            
   
 
 
       
 
 
       
       
            
 ... 💖
       
-Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
+Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
 
     
            
   
 
 
       
 
 
       
            
@@ -246,12 +327,12 @@ 
            
       
             
 
-35
-36
-37
            
+63
+64
+65
     
     
            
   
            
-      
            # File 'lib/oauth2.rb', line 35
+      
            # File 'lib/oauth2.rb', line 63
 
 def config
   @config
@@ -271,7 +352,7 @@ 
            Class Method Details
            
       
            
   
            
   
-    .configure {|@config| ... } ⇒ Object 
+    .configure {|config| ... } ⇒ void 
   
 
   
@@ -279,23 +360,31 @@ 
            
   
 
            
   
            
-    
+    
            This method returns an undefined value.
            Configure global library behavior.
            
+
+
            Yields the mutable configuration object so callers can update settings.
            
 
 
   
            
 
            
 
            
   
-
            Yields:
            
-
              
+
              Yield Parameters:
              
+
                
   
     
              • 
       
+        config
+      
       
-        (@config)
+        (SnakyHash::SymbolKeyed)
       
       
       
+        —
+        
                the configuration object
                
+
                
+      
     
                • 
   
 
              
@@ -306,12 +395,12 @@ 
              
       
               
 
-37
-38
-39
              
+72
+73
+74
            
     
            		
     
-      
            # File 'lib/oauth2.rb', line 37
+      
            # File 'lib/oauth2.rb', line 72
 
 def configure
   yield @config
@@ -326,7 +415,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 88cb1e6d..6adefa10 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 7fd6d375..a7b3f5bf 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -104,8 +104,21 @@
   
 
 
+
            Overview
            
+  
            
+    
            Builds and applies client authentication to token and revoke requests.
            
+
+
            Depending on the selected mode, credentials are applied as Basic Auth
            
+headers, request body parameters, or only the client_id is sent (TLS).
            
 
 
+  
            
+
            
+
            
+  
+
+
            
+
 
 
   
            Instance Attribute Summary collapse
            
@@ -114,7 +127,7 @@ 
            Instance Attribute Summary collaps
       
          • 
   
     
-      #id  ⇒ Object 
+      #id  ⇒ Symbol, ... 
     
 
     
@@ -133,7 +146,7 @@ 
            Instance Attribute Summary collaps
   
 
   
-    
            Returns the value of attribute id.
            
+    
            
 
            
   
 
            • 
@@ -142,7 +155,7 @@ 
            Instance Attribute Summary collaps
       
          • 
   
     
-      #mode  ⇒ Object 
+      #mode  ⇒ Symbol, ... 
     
 
     
@@ -161,7 +174,7 @@ 
            Instance Attribute Summary collaps
   
 
   
-    
            Returns the value of attribute mode.
            
+    
            
 
            
   
 
            • 
@@ -170,7 +183,7 @@ 
            Instance Attribute Summary collaps
       
          • 
   
     
-      #secret  ⇒ Object 
+      #secret  ⇒ Symbol, ... 
     
 
     
@@ -189,7 +202,7 @@ 
            Instance Attribute Summary collaps
   
 
   
-    
            Returns the value of attribute secret.
            
+    
            
 
            
   
 
            • 
@@ -211,7 +224,7 @@ 
            
         
          • 
   
     
-      .encode_basic_auth(user, password)  ⇒ Object 
+      .encode_basic_auth(user, password)  ⇒ String 
     
 
     
@@ -225,7 +238,7 @@ 
            
   
 
   
-    
            
+    
            Encodes a Basic Authorization header value for the provided credentials.
            
 
            
   
 
            • 
@@ -282,7 +295,7 @@ 
            
   
 
   
-    
            A new instance of Authenticator.
            
+    
            Create a new Authenticator.
            
 
            
   
 
@@ -316,13 +329,62 @@ 
            
   
 
            
   
            
-    
            Returns a new instance of Authenticator.
            
+    
            Create a new Authenticator
            
 
 
   
            
 
            
 
            
+  
            Parameters:
            
+
              
   
+    
            • 
+      
+        id
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Client identifier
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+        secret
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Client secret
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+        mode
+      
+      
+        (Symbol, String)
+      
+      
+      
+        —
+        
              Authentication mode
              
+
              
+      
+    
              • 
+  
+
            
+
 
 
            
@@ -330,14 +392,14 @@ 
            
       
             
 
-12
-13
-14
-15
-16
            
+24
+25
+26
+27
+28
     
     
            
   
            
-      
            # File 'lib/oauth2/authenticator.rb', line 12
+      
            # File 'lib/oauth2/authenticator.rb', line 24
 
 def initialize(id, secret, mode)
   @id = id
@@ -359,7 +421,7 @@ 
            Instance Attribute Details
            
       
            
   
            
   
-    #idObject  (readonly)
+    #idSymbol, ...  (readonly)
   
 
   
@@ -367,13 +429,56 @@ 
            
   
 
            
   
            
-    
            Returns the value of attribute id.
            
+    
 
 
   
            
 
            
 
            
   
+
            Returns:
            
+
              
+  
+    
            • 
+      
+      
+        (Symbol, String)
+      
+      
+      
+        —
+        
              Authentication mode (e.g., :basic_auth, :request_body, :tls_client_auth, :private_key_jwt)
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Client identifier
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Client secret (filtered in inspected output)
              
+
              
+      
+    
              • 
+  
+
            
 
 
            
@@ -381,12 +486,12 @@ 
            
       
             
 
-9
-10
-11
            
+16
+17
+18
     
     
            
   
            
-      
            # File 'lib/oauth2/authenticator.rb', line 9
+      
            # File 'lib/oauth2/authenticator.rb', line 16
 
 def id
   @id
@@ -401,7 +506,7 @@ 
            
       
            
   
            
   
-    #modeObject  (readonly)
+    #modeSymbol, ...  (readonly)
   
 
   
@@ -409,13 +514,56 @@ 
            
   
 
            
   
            
-    
            Returns the value of attribute mode.
            
+    
 
 
   
            
 
            
 
            
   
+
            Returns:
            
+
              
+  
+    
            • 
+      
+      
+        (Symbol, String)
+      
+      
+      
+        —
+        
              Authentication mode (e.g., :basic_auth, :request_body, :tls_client_auth, :private_key_jwt)
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Client identifier
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Client secret (filtered in inspected output)
              
+
              
+      
+    
              • 
+  
+
            
 
 
            
@@ -423,12 +571,12 @@ 
            
       
             
 
-9
-10
-11
            
+16
+17
+18
     
     
            
@@ -609,7 +609,7 @@ 
            Compatibility
            
   
            
-      
            # File 'lib/oauth2/authenticator.rb', line 9
+      
            # File 'lib/oauth2/authenticator.rb', line 16
 
 def mode
   @mode
@@ -443,7 +591,7 @@ 
            
       
            
   
            
   
-    #secretObject  (readonly)
+    #secretSymbol, ...  (readonly)
   
 
   
@@ -451,13 +599,56 @@ 
            
   
 
            
   
            
-    
            Returns the value of attribute secret.
            
+    
 
 
   
            
 
            
 
            
   
+
            Returns:
            
+
              
+  
+    
            • 
+      
+      
+        (Symbol, String)
+      
+      
+      
+        —
+        
              Authentication mode (e.g., :basic_auth, :request_body, :tls_client_auth, :private_key_jwt)
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Client identifier
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Client secret (filtered in inspected output)
              
+
              
+      
+    
              • 
+  
+
            
 
 
            
@@ -465,12 +656,12 @@ 
            
       
             
 
-9
-10
-11
            
+16
+17
+18
     
     
            
@@ -609,7 +609,7 @@ 
            Compatibility
            
   
            
-      
            # File 'lib/oauth2/authenticator.rb', line 9
+      
            # File 'lib/oauth2/authenticator.rb', line 16
 
 def secret
   @secret
@@ -490,24 +681,85 @@ 
            Class Method Details
            
       
            
   
            
   
-    .encode_basic_auth(user, password)  ⇒ Object 
+    .encode_basic_auth(user, password)  ⇒ String 
   
 
   
 
   
-
            
+
            
+  
            
+    
            Encodes a Basic Authorization header value for the provided credentials.
            
+
+
+  
            
+
            
+
            
+  
            Parameters:
            
+
              
+  
+    
            • 
+      
+        user
+      
+      
+        (String)
+      
+      
+      
+        —
+        
              The client identifier
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+        password
+      
+      
+        (String)
+      
+      
+      
+        —
+        
              The client secret
              
+
              
+      
+    
              • 
+  
+
            
+
+
            Returns:
            
+
              
+  
+    
            • 
+      
+      
+        (String)
+      
+      
+      
+        —
+        
              The value to use for the Authorization header
              
+
              
+      
+    
              • 
+  
+
            
+
+
            
-  
-
            
   
            
     
       
             
 
-42
-43
-44
            
+59
+60
+61
                 		
     
-      
            # File 'lib/oauth2/authenticator.rb', line 42
+      
            # File 'lib/oauth2/authenticator.rb', line 59
 
 def self.encode_basic_auth(user, password)
   "Basic #{Base64.strict_encode64("#{user}:#{password}")}"
@@ -589,23 +841,23 @@ 
            
       
             
 
-27
-28
-29
-30
-31
-32
-33
-34
-35
-36
-37
-38
 39
-40
            
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
            
     
            		
     
-      
            # File 'lib/oauth2/authenticator.rb', line 27
+      
            # File 'lib/oauth2/authenticator.rb', line 39
 
 def apply(params)
   case mode.to_sym
@@ -631,7 +883,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index c201e3f7..9672b729 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 4953dffd..861bfdc4 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -101,7 +101,20 @@
   
 
 
+
            Overview
            
+  
            
+    
            Represents an OAuth2 error condition.
            
 
+
            Wraps details from an OAuth2::Response or Hash payload returned by an
            
+authorization server, exposing error code and description per RFC 6749.
            
+
+
+  
            
+
            
+
            
+  
+
+
            
 
 
 
@@ -111,7 +124,7 @@ 
            Instance Attribute Summary collaps
       
          • 
   
     
-      #body  ⇒ Object 
+      #body  ⇒ OAuth2::Response, ... 
     
 
     
@@ -130,7 +143,7 @@ 
            Instance Attribute Summary collaps
   
 
   
-    
            Returns the value of attribute body.
            
+    
            
 
            
   
 
            • 
@@ -139,7 +152,7 @@ 
            Instance Attribute Summary collaps
       
          • 
   
     
-      #code  ⇒ Object 
+      #code  ⇒ OAuth2::Response, ... 
     
 
     
@@ -158,7 +171,7 @@ 
            Instance Attribute Summary collaps
   
 
   
-    
            Returns the value of attribute code.
            
+    
            
 
            
   
 
            • 
@@ -167,7 +180,7 @@ 
            Instance Attribute Summary collaps
       
          • 
   
     
-      #description  ⇒ Object 
+      #description  ⇒ OAuth2::Response, ... 
     
 
     
@@ -186,7 +199,7 @@ 
            Instance Attribute Summary collaps
   
 
   
-    
            Returns the value of attribute description.
            
+    
            
 
            
   
 
            • 
@@ -195,7 +208,7 @@ 
            Instance Attribute Summary collaps
       
          • 
   
     
-      #response  ⇒ Object 
+      #response  ⇒ OAuth2::Response, ... 
     
 
     
@@ -214,7 +227,7 @@ 
            Instance Attribute Summary collaps
   
 
   
-    
            Returns the value of attribute response.
            
+    
            
 
            
   
 
            • 
@@ -252,7 +265,7 @@ 
            
   
 
   
-    
            standard error codes include: ‘invalid_request’, ‘invalid_client’, ‘invalid_token’, ‘invalid_grant’, ‘unsupported_grant_type’, ‘invalid_scope’ response might be a Response object, or the response.parsed hash.
            
+    
            Create a new OAuth2::Error.
            
 
            
   
 
@@ -276,15 +289,32 @@ 
            
   
 
            
   
            
-    
            standard error codes include:
            
-‘invalid_request’, ‘invalid_client’, ‘invalid_token’, ‘invalid_grant’, ‘unsupported_grant_type’, ‘invalid_scope’
            
-response might be a Response object, or the response.parsed hash
            
+    
            Create a new OAuth2::Error
            
 
 
   
            
 
            
 
            
+  
            Parameters:
            
+            
+
 
 
            
@@ -292,14 +322,6 @@ 
            
       
             
 
-10
-11
-12
-13
-14
-15
-16
-17
 18
 19
 20
@@ -310,10 +332,18 @@ 
            
 25
 26
 27
-28
            
+28
+29
+30
+31
+32
+33
+34
+35
+36
     
     
            
@@ -609,7 +609,7 @@ 
            Compatibility
            
   
            
-      
            # File 'lib/oauth2/error.rb', line 10
+      
            # File 'lib/oauth2/error.rb', line 18
 
 def initialize(response)
   @response = response
@@ -349,7 +379,7 @@ 
            Instance Attribute Details
            
       
            
   
            
   
-    #bodyObject  (readonly)
+    #bodyOAuth2::Response, ...  (readonly)
   
 
   
@@ -357,13 +387,69 @@ 
            
   
 
            
   
            
-    
            Returns the value of attribute body.
            
+    
 
 
   
            
 
            
 
            
   
+
            Returns:
            
+
              
+  
+    
            • 
+      
+      
+        (OAuth2::Response, Hash, Object)
+      
+      
+      
+        —
+        
              Original response or payload used to build the error
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String)
+      
+      
+      
+        —
+        
              Raw body content (if available)
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Error code (e.g., ‘invalid_grant’)
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Human-readable description for the error
              
+
              
+      
+    
              • 
+  
+
            
 
 
            
@@ -371,12 +457,12 @@ 
            
       
             
 
-5
-6
-7
            
+13
+14
+15
     
     
            
@@ -609,7 +609,7 @@ 
            Compatibility
            
   
            
-      
            # File 'lib/oauth2/error.rb', line 5
+      
            # File 'lib/oauth2/error.rb', line 13
 
 def body
   @body
@@ -391,7 +477,7 @@ 
            
       
            
   
            
   
-    #codeObject  (readonly)
+    #codeOAuth2::Response, ...  (readonly)
   
 
   
@@ -399,13 +485,69 @@ 
            
   
 
            
   
            
-    
            Returns the value of attribute code.
            
+    
 
 
   
            
 
            
 
            
   
+
            Returns:
            
+
              
+  
+    
            • 
+      
+      
+        (OAuth2::Response, Hash, Object)
+      
+      
+      
+        —
+        
              Original response or payload used to build the error
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String)
+      
+      
+      
+        —
+        
              Raw body content (if available)
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Error code (e.g., ‘invalid_grant’)
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Human-readable description for the error
              
+
              
+      
+    
              • 
+  
+
            
 
 
            
@@ -413,12 +555,12 @@ 
            
       
             
 
-5
-6
-7
            
+13
+14
+15
     
     
            
@@ -609,7 +609,7 @@ 
            Compatibility
            
   
            
-      
            # File 'lib/oauth2/error.rb', line 5
+      
            # File 'lib/oauth2/error.rb', line 13
 
 def code
   @code
@@ -433,7 +575,7 @@ 
            
       
            
   
            
   
-    #descriptionObject  (readonly)
+    #descriptionOAuth2::Response, ...  (readonly)
   
 
   
@@ -441,13 +583,69 @@ 
            
   
 
            
   
            
-    
            Returns the value of attribute description.
            
+    
 
 
   
            
 
            
 
            
   
+
            Returns:
            
+
              
+  
+    
            • 
+      
+      
+        (OAuth2::Response, Hash, Object)
+      
+      
+      
+        —
+        
              Original response or payload used to build the error
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String)
+      
+      
+      
+        —
+        
              Raw body content (if available)
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Error code (e.g., ‘invalid_grant’)
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Human-readable description for the error
              
+
              
+      
+    
              • 
+  
+
            
 
 
            
@@ -455,12 +653,12 @@ 
            
       
             
 
-5
-6
-7
            
+13
+14
+15
     
     
            
@@ -1183,8 +1183,8 @@ 
            4) Example POST
 
            Tips:
            
 
 
              
-  
            • Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
              • 
-  
            • If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
              • 
+  
            • Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET requests.
              • 
+  
            • If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
              • 
 
            
 
 
            Refresh Tokens
            
@@ -1344,9 +1344,9 @@ 
            Faraday conn
 end
 
            
 
-
            Using flat query params (Faraday::FlatParamsEncoder)
            
+
            Using flat query params (Faraday::FlatParamsEncoder)
            
 
-
            Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
            
+
            Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
            ```ruby
 require “faraday”
            
@@ -1677,7 +1677,7 @@ 
            Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
new file mode 100644
index 00000000..fa6fc2fc
--- /dev/null
+++ b/docs/file.REEK.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: REEK
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index d616dada..99b4a4b1 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -160,7 +160,7 @@ 
            Benefits of rubocop_gradual
            
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index d2d62611..b1a7d6ea 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -93,7 +93,7 @@ 
            Additional Support
            
diff --git a/docs/file.THREAT_MODEL.html b/docs/file.THREAT_MODEL.html
index e6487b53..d9568287 100644
--- a/docs/file.THREAT_MODEL.html
+++ b/docs/file.THREAT_MODEL.html
@@ -206,7 +206,7 @@ 
            8. References
            
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
new file mode 100644
index 00000000..1300c2b1
--- /dev/null
+++ b/docs/file.access_token.html
@@ -0,0 +1,94 @@
+
+
+  
+    
+
+
+  File: access_token
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            module OAuth2
+  class AccessToken
+    def self.from_hash: (OAuth2::Client, Hash[untyped, untyped]) -> OAuth2::AccessToken
+    def self.from_kvform: (OAuth2::Client, String) -> OAuth2::AccessToken
            
+
+
            def initialize: (OAuth2::Client, String, ?Hash[Symbol, untyped]) -> void
+def []: (String | Symbol) -> untyped
+def expires?: () -> bool
+def expired?: () -> bool
+def refresh: (?Hash[untyped, untyped], ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::AccessToken
+def revoke: (?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def to_hash: () -> Hash[Symbol, untyped]
+def request: (Symbol, String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def get: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def post: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def put: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def patch: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def delete: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def headers: () -> Hash[String, String]
+def configure_authentication!: (Hash[Symbol, untyped], Symbol) -> void
+def convert_expires_at: (untyped) -> (Time | Integer | nil)
+
+attr_accessor response: OAuth2::Response   end end
+
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
new file mode 100644
index 00000000..630200ca
--- /dev/null
+++ b/docs/file.authenticator.html
@@ -0,0 +1,91 @@
+
+
+  
+    
+
+
+  File: authenticator
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            module OAuth2
+  class Authenticator
+    include OAuth2::FilteredAttributes
            
+
+
            attr_reader mode: (Symbol | String)
+attr_reader id: String?
+attr_reader secret: String?
+
+def initialize: (String? id, String? secret, (Symbol | String) mode) -> void
+
+def apply: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
+
+def self.encode_basic_auth: (String, String) -> String
+
+private
+
+def apply_params_auth: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
+def apply_client_id: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
+def apply_basic_auth: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
+def basic_auth_header: () -> Hash[String, String]   end end
+
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.client.html b/docs/file.client.html
new file mode 100644
index 00000000..a21933aa
--- /dev/null
+++ b/docs/file.client.html
@@ -0,0 +1,121 @@
+
+
+  
+    
+
+
+  File: client
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            module OAuth2
+  class Client
+    RESERVED_REQ_KEYS: Array[String]
+    RESERVED_PARAM_KEYS: Array[String]
            
+
+
            include OAuth2::FilteredAttributes
+
+attr_reader id: String
+attr_reader secret: String
+attr_reader site: String?
+attr_accessor options: Hash[Symbol, untyped]
+attr_writer connection: untyped
+
+def initialize: (String client_id, String client_secret, ?Hash[Symbol, untyped]) { (untyped) -> void } -> void
+
+def site=: (String) -> String
+
+def connection: () -> untyped
+
+def authorize_url: (?Hash[untyped, untyped]) -> String
+def token_url: (?Hash[untyped, untyped]) -> String
+def revoke_url: (?Hash[untyped, untyped]) -> String
+
+def request: (Symbol verb, String url, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+
+def get_token: (Hash[untyped, untyped] params, ?Hash[Symbol, untyped] access_token_opts, ?Proc) { (Hash[Symbol, untyped]) -> void } -> (OAuth2::AccessToken | nil)
+
+def revoke_token: (String token, ?String token_type_hint, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+
+def http_method: () -> Symbol
+
+def auth_code: () -> OAuth2::Strategy::AuthCode
+def implicit: () -> OAuth2::Strategy::Implicit
+def password: () -> OAuth2::Strategy::Password
+def client_credentials: () -> OAuth2::Strategy::ClientCredentials
+def assertion: () -> OAuth2::Strategy::Assertion
+
+def redirection_params: () -> Hash[String, String]
+
+private
+
+def params_to_req_opts: (Hash[untyped, untyped]) -> Hash[Symbol, untyped]
+def parse_snaky_params_headers: (Hash[untyped, untyped]) -> [Symbol, bool, untyped, (Symbol | nil), Hash[untyped, untyped], Hash[String, String]]
+def execute_request: (Symbol verb, String url, ?Hash[Symbol, untyped]) { (Faraday::Request) -> void } -> OAuth2::Response
+def authenticator: () -> OAuth2::Authenticator
+def parse_response_legacy: (OAuth2::Response, Hash[Symbol, untyped], Proc) -> (OAuth2::AccessToken | nil)
+def parse_response: (OAuth2::Response, Hash[Symbol, untyped]) -> (OAuth2::AccessToken | nil)
+def build_access_token: (OAuth2::Response, Hash[Symbol, untyped], untyped) -> OAuth2::AccessToken
+def build_access_token_legacy: (OAuth2::Response, Hash[Symbol, untyped], Proc) -> (OAuth2::AccessToken | nil)
+def oauth_debug_logging: (untyped) -> void   end end
+
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.error.html b/docs/file.error.html
new file mode 100644
index 00000000..d6e43057
--- /dev/null
+++ b/docs/file.error.html
@@ -0,0 +1,78 @@
+
+
+  
+    
+
+
+  File: error
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            module OAuth2
+  class Error < StandardError
+    def initialize: (OAuth2::Response) -> void
+    def code: () -> (String | Integer | nil)
+    def description: () -> (String | nil)
+    def response: () -> OAuth2::Response
+  end
+end
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
new file mode 100644
index 00000000..95f557bb
--- /dev/null
+++ b/docs/file.filtered_attributes.html
@@ -0,0 +1,76 @@
+
+
+  
+    
+
+
+  File: filtered_attributes
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            module OAuth2
+  module FilteredAttributes
+    def self.included: (untyped) -> untyped
+    def filtered_attributes: (*String) -> void
+  end
+end
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
new file mode 100644
index 00000000..aaedb848
--- /dev/null
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.10.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            e692f68ab79677ee7fa9300bbd5e0c41de08642d51659a49ca7fd742230445601ad3c2d271ee110718d58a27383aba0c25ddbdbef5b13f7c18585cdfda74850b
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
new file mode 100644
index 00000000..299ada70
--- /dev/null
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.11.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            048743f9efd89460231738885c9c0de7b36433055eefc66331b91eee343885cd9145bbac239c6121d13b716633fb8385fa886ce854bf14142f9894e6c8f19ba2
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
new file mode 100644
index 00000000..f5efd44b
--- /dev/null
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.12.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            a209c7a0c4b9d46ccb00e750af8899c01d52648ca77a0d40b934593de53edc4f2774440fc50733c0e5098672c6c5a4a20f8709046be427fcf032f45922dff2d2
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
new file mode 100644
index 00000000..72e8abb0
--- /dev/null
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.13.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            3bfe481d98f859f37f3b90ced2b8856a843eef0f2e0263163cccc14430047bc3cd03d28597f48daa3d623b52d692c3b3e7c2dc26df5eb588dd82d28608fba639
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
new file mode 100644
index 00000000..ee25b93f
--- /dev/null
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.14.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            5ce561a6b103a123d9b96e1e4725c07094bd6e58c135cc775ae9d5a055c031169ca6d6de379c2569daf1dd8ab2727079db3c80aa8568d6947e94a0c06b4c6d2b
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.15.gem.html b/docs/file.oauth2-2.0.15.gem.html
new file mode 100644
index 00000000..c4d115e1
--- /dev/null
+++ b/docs/file.oauth2-2.0.15.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.15.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            287a5d2cff87b4f37dde7b97f0fc31ee4c79edcc451b33694d1ba6f13d218cd04848780a857b94b93b656d6d81de4f4fcb4e8345f432cee17a6d96bd3f313df2
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.16.gem.html b/docs/file.oauth2-2.0.16.gem.html
new file mode 100644
index 00000000..7abd2400
--- /dev/null
+++ b/docs/file.oauth2-2.0.16.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.16.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            49788bf25c3afcc08171f92c3c8a21b4bcd322aae0834f69ae77c08963f54be6c9155588ca66f82022af897ddd0bf28b0c5ee254bc9fe533d1a37b1d52f409be
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.17.gem.html b/docs/file.oauth2-2.0.17.gem.html
new file mode 100644
index 00000000..668d7dbd
--- /dev/null
+++ b/docs/file.oauth2-2.0.17.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.17.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            6385dfb2d4cb0309745de2d442d99c6148744abaca5599bd1e4f6038e99734d9cf90d1de83d1833e416e2682f0e3d6ae83e10a5a55d6e884b9cdc54e6070fb8b
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
new file mode 100644
index 00000000..af26ebe4
--- /dev/null
+++ b/docs/file.oauth2.html
@@ -0,0 +1,79 @@
+
+
+  
+    
+
+
+  File: oauth2
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            module OAuth2
+  OAUTH_DEBUG: bool
            
+
+
            DEFAULT_CONFIG: untyped
+  @config: untyped
            
+
+
            def self.config: () -> untyped
+  def self.configure: () { (untyped) -> void } -> void
+end
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.response.html b/docs/file.response.html
new file mode 100644
index 00000000..f9edaafd
--- /dev/null
+++ b/docs/file.response.html
@@ -0,0 +1,87 @@
+
+
+  
+    
+
+
+  File: response
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            module OAuth2
+  class Response
+    DEFAULT_OPTIONS: Hash[Symbol, untyped]
            
+
+
            def self.register_parser: (Symbol key, (Array[String] | String) mime_types) { (String) -> untyped } -> void
+
+def initialize: (untyped response, parse: Symbol?, snaky: bool?, snaky_hash_klass: untyped?, options: Hash[Symbol, untyped]?) -> void
+def headers: () -> Hash[untyped, untyped]
+def status: () -> Integer
+def body: () -> String
+def parsed: () -> untyped
+def content_type: () -> (String | nil)
+def parser: () -> (untyped | nil)
+
+attr_reader response: untyped
+attr_accessor options: Hash[Symbol, untyped]   end end
+
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
new file mode 100644
index 00000000..e1f679f3
--- /dev/null
+++ b/docs/file.strategy.html
@@ -0,0 +1,103 @@
+
+
+  
+    
+
+
+  File: strategy
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            module OAuth2
+  module Strategy
+    class Base
+      def initialize: (OAuth2::Client) -> void
+    end
            
+
+
            class AuthCode < Base
+  def authorize_params: (?Hash[untyped, untyped]) -> Hash[untyped, untyped]
+  def authorize_url: (?Hash[untyped, untyped]) -> String
+  def get_token: (String, ?Hash[untyped, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
+end
+
+class Implicit < Base
+  def authorize_params: (?Hash[untyped, untyped]) -> Hash[untyped, untyped]
+  def authorize_url: (?Hash[untyped, untyped]) -> String
+  def get_token: (*untyped) -> void
+end
+
+class Password < Base
+  def authorize_url: () -> void
+  def get_token: (String, String, ?Hash[untyped, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
+end
+
+class ClientCredentials < Base
+  def authorize_url: () -> void
+  def get_token: (?Hash[untyped, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
+end
+
+class Assertion < Base
+  def authorize_url: () -> void
+  def get_token: (Hash[untyped, untyped], Hash[Symbol, untyped], ?Hash[Symbol, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
+end   end end
+
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.version.html b/docs/file.version.html
new file mode 100644
index 00000000..db7a1599
--- /dev/null
+++ b/docs/file.version.html
@@ -0,0 +1,75 @@
+
+
+  
+    
+
+
+  File: version
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            module OAuth2
+  module Version
+    VERSION: String
+  end
+end
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/index.html b/docs/index.html
index b4641ae9..95578274 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -103,7 +103,7 @@ 
            🔐 OAuth 2.0 Authorization Framework
 
 
            ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
            
 
-
            Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers CodeCov Test Coverage Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL Apache SkyWalking Eyes License Compatibility Check
            
+
            Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers CodeCov Test Coverage Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL Apache SkyWalking Eyes License Compatibility Check
            
 
 
            if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
            
 
@@ -274,7 +274,7 @@ 
            💡 Info you can shake a stick at
            
@@ -1183,8 +1183,8 @@ 
            4) Example POST
 
            Tips:
            
 
 
              
-  
            • Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
              • 
-  
            • If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
              • 
+  
            • Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET requests.
              • 
+  
            • If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
              • 
 
            
 
 
            Refresh Tokens
            
@@ -1344,9 +1344,9 @@ 
            Faraday conn
 end
 
            
 
-
            Using flat query params (Faraday::FlatParamsEncoder)
            
+
            Using flat query params (Faraday::FlatParamsEncoder)
            
 
-
            Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
            
+
            Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
            ```ruby
 require “faraday”
            
@@ -1677,7 +1677,7 @@ 
            Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index a4e375cf..ba975a96 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
            Defined Under Namespace
            

From 6037dad9282feba4869c5a89ba77dc41597cab10 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 7 Nov 2025 20:55:20 -0700
Subject: [PATCH 637/645] =?UTF-8?q?=F0=9F=91=B7=20Update=20dep=20resolutio?=
 =?UTF-8?q?n=20for=20appraisals?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 gemfiles/modular/x_std_libs/r2.4/libs.gemfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gemfiles/modular/x_std_libs/r2.4/libs.gemfile b/gemfiles/modular/x_std_libs/r2.4/libs.gemfile
index c1bcbd8f..5a3c5b6c 100644
--- a/gemfiles/modular/x_std_libs/r2.4/libs.gemfile
+++ b/gemfiles/modular/x_std_libs/r2.4/libs.gemfile
@@ -1,3 +1,3 @@
-eval_gemfile "../../erb/r2.6/v2.2.gemfile"
+eval_gemfile "../../erb/r2.4/v2.2.gemfile"
 eval_gemfile "../../mutex_m/r2.4/v0.1.gemfile"
 eval_gemfile "../../stringio/r2.4/v0.0.2.gemfile"

From f24f1a8bfbf546595aa16cd6fa82119c8218c1d3 Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Sat, 8 Nov 2025 11:01:57 +0700
Subject: [PATCH 638/645] Create CNAME

---
 docs/CNAME | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 docs/CNAME

diff --git a/docs/CNAME b/docs/CNAME
new file mode 100644
index 00000000..9e32e7bf
--- /dev/null
+++ b/docs/CNAME
@@ -0,0 +1 @@
+oauth2.galtzo.com
\ No newline at end of file

From bcb0e40bfca989f164a04cbf46a4175822b7cb28 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 7 Nov 2025 21:16:06 -0700
Subject: [PATCH 639/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typos=20in?=
 =?UTF-8?q?=20docs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                     |   8 +-
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              |   2 +-
 docs/file.CHANGELOG.html                      |   2 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.IRP.html                            |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           |   2 +-
 docs/file.README.html                         | 160 +++++++++---------
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   2 +-
 docs/file.THREAT_MODEL.html                   |   2 +-
 docs/index.html                               | 160 +++++++++---------
 docs/top-level-namespace.html                 |   2 +-
 31 files changed, 192 insertions(+), 192 deletions(-)

diff --git a/README.md b/README.md
index 13ab7ba0..65e7d6bc 100644
--- a/README.md
+++ b/README.md
@@ -90,7 +90,7 @@ NOTE: `header` - The content type specified in the `curl` is already the default
 
 
 
-
            
 Complete E2E single file script against mock-oauth2-server
 
 - E2E example uses [navikt/mock-oauth2-server](https://github.com/navikt/mock-oauth2-server), which was added in v2.0.11
@@ -304,7 +304,7 @@ Compatibility is further distinguished as "Best Effort Support" or "Incidental S
 This gem will install on Ruby versions >= v2.2 for 2.x releases.
 See `1-4-stable` branch for older rubies.
 
-
            
   Ruby Engine Compatibility Policy
 
 This gem is tested against MRI, JRuby, and Truffleruby.
@@ -315,7 +315,7 @@ see [gemfiles/README.md](gemfiles/README.md), then submit a PR to the correct ma
 
 
            
 
-
            
   Ruby Version Compatibility Policy
 
 If something doesn't work on one of these interpreters, it's a bug.
@@ -470,7 +470,7 @@ They are likely not needed if you are on a newer Ruby.
 Expand the examples below, or the [ruby-oauth/snaky_hash](https://gitlab.com/ruby-oauth/snaky_hash) gem,
 or [response_spec.rb](https://github.com/ruby-oauth/oauth2/blob/main/spec/oauth2/response_spec.rb), for more ideas, especially if you need to study the hacks for older Rubies.
 
-
            
 See Examples
 
 ```ruby
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 1ffcdd17..8f5751f6 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 2d0ed1df..1db81ede 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3083,7 +3083,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 53736878..d1a2fe57 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 9ff6fc48..62bc3d6f 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2654,7 +2654,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 1401cd95..68262584 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 7c738657..13010514 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 75bb5568..2f746c4c 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index dccdc25b..79f4fe2f 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index c629c668..ba6f9096 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
            Defined Under Namespace
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 6153d6fa..24d17623 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index d5081e25..90253890 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -479,7 +479,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index dd410d38..7ad9e5bb 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index efa4fdb8..1c69124f 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 32f63999..b03f9047 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -418,7 +418,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 91d2fe7c..83b4d0be 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -372,7 +372,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 35c06cb4..a997000b 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
            
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index f023b32d..0535ab06 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -315,7 +315,7 @@ 
            Namespace Listing A-Z
            
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index b22f44a2..ce161097 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -1299,7 +1299,7 @@ 
            
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 818acbd7..732d3293 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
            Attribution
            
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 08f3438c..48eef79e 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -296,7 +296,7 @@ 
            Manual process
            
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 59b0b074..6d232159 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -99,7 +99,7 @@ 
            Another Way to Support Open
 
 
       
diff --git a/docs/file.IRP.html b/docs/file.IRP.html
index 6664d497..cd701065 100644
--- a/docs/file.IRP.html
+++ b/docs/file.IRP.html
@@ -203,7 +203,7 @@ 
            Appendix: Example checklist
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 428dfecc..ac83a495 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
            MIT License

            Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
            Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

            Permission is hereby granted, free of charge, to any person obtaining a copy
            of this software and associated documentation files (the "Software"), to deal
            in the Software without restriction, including without limitation the rights
            to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
            copies of the Software, and to permit persons to whom the Software is
            furnished to do so, subject to the following conditions:

            The above copyright notice and this permission notice shall be included in all
            copies or substantial portions of the Software.

            THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
            IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
            FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
            AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
            LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
            OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
            SOFTWARE.
            
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index e73faa29..b5ebfaf2 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -257,7 +257,7 @@ 
            Optionally: call UserInfo
            
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index f103d44c..40081e21 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -153,15 +153,15 @@ 
            Quick Examples
            
 
 
            
 
-
            <details markdown=”1>
            
-Complete E2E single file script against mock-oauth2-server
+
            
+  Complete E2E single file script against mock-oauth2-server
 
-
              
-  
            • E2E example uses navikt/mock-oauth2-server, which was added in v2.0.11
              • 
-  
            • E2E example does not ship with the released gem, so clone the source to play with it.
              • 
-
            
+  
              
+    
            • E2E example uses navikt/mock-oauth2-server, which was added in v2.0.11
              • 
+    
            • E2E example does not ship with the released gem, so clone the source to play with it.
              • 
+  
            
 
-
            console
+  
            console
 docker compose -f docker-compose-ssl.yml up -d --wait
 ruby examples/e2e.rb
 # If your machine is slow or Docker pulls are cold, increase the wait:
@@ -169,9 +169,9 @@ 
            Quick Examples
            
 # The mock server serves HTTP on 8080; the example points to http://localhost:8080 by default.
 
            
 
-
            The output should be something like this:
            
+  
            The output should be something like this:
            
 
-
            console
+  
            console
 ➜  ruby examples/e2e.rb
 Access token (truncated): eyJraWQiOiJkZWZhdWx0...
 userinfo status: 200
@@ -179,69 +179,69 @@ 
            Quick Examples
            
 E2E complete
 
            
 
-
            Make sure to shut down the mock server when you are done:
            
+  
            Make sure to shut down the mock server when you are done:
            
 
-
            console
+  
            console
 docker compose -f docker-compose-ssl.yml down
 
            
 
-
            Troubleshooting: validate connectivity to the mock server
            
+  
            Troubleshooting: validate connectivity to the mock server
            
 
-
              
-  
            • Check container status and port mapping:
-    
                
-      
              • docker compose -f docker-compose-ssl.yml ps
                • 
-    
              
-  
              • 
-  
            • From the host, try the discovery URL directly (this is what the example uses by default):
-    
                
-      
              • curl -v http://localhost:8080/default/.well-known/openid-configuration
                • 
-      
              • If that fails immediately, also try: curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration
+  
                  
+    
                • Check container status and port mapping:
+      
                    
+        
                  • docker compose -f docker-compose-ssl.yml ps
                    • 
+      
                  
+    
                  • 
+    
                • From the host, try the discovery URL directly (this is what the example uses by default):
+      
                    
+        
                  • curl -v http://localhost:8080/default/.well-known/openid-configuration
                    • 
+        
                  • If that fails immediately, also try: curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration
 
                    • 
-    
                  
-  
                  • 
-  
                • From inside the container (to distinguish container vs. host networking):
-    
                    
-      
                  • docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration
                    • 
-    
                  
-  
                  • 
-  
                • Simple TCP probe from the host:
-    
                    
-      
                  • nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'
                    • 
-    
                  
-  
                  • 
-  
                • Inspect which host port 8080 is bound to (should be 8080):
-    
                    
-      
                  • docker inspect -f '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' oauth2-mock-oauth2-server-1
                    • 
-    
                  
-  
                  • 
-  
                • Look at server logs for readiness/errors:
-    
                    
-      
                  • docker logs -n 200 oauth2-mock-oauth2-server-1
                    • 
-    
                  
-  
                  • 
-  
                • On Linux, ensure nothing else is bound to 8080 and that firewall/SELinux aren’t blocking:
-    
                    
-      
                  • ss -ltnp | grep :8080
                    • 
-    
                  
-  
                  • 
-
                
+      
              
+    
              • 
+    
            • From inside the container (to distinguish container vs. host networking):
+      
                
+        
              • docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration
                • 
+      
              
+    
              • 
+    
            • Simple TCP probe from the host:
+      
                
+        
              • nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'
                • 
+      
              
+    
              • 
+    
            • Inspect which host port 8080 is bound to (should be 8080):
+      
                
+        
              • docker inspect -f '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' oauth2-mock-oauth2-server-1
                • 
+      
              
+    
              • 
+    
            • Look at server logs for readiness/errors:
+      
                
+        
              • docker logs -n 200 oauth2-mock-oauth2-server-1
                • 
+      
              
+    
              • 
+    
            • On Linux, ensure nothing else is bound to 8080 and that firewall/SELinux aren’t blocking:
+      
                
+        
              • ss -ltnp | grep :8080
                • 
+      
              
+    
              • 
+  
            
 
-
            Notes
            
+  
            Notes
            
 
-
              
-  
            • Discovery URL pattern is: http://localhost:8080/<realm>/.well-known/openid-configuration, where <realm> defaults to default.
              • 
-  
            • You can change these with env vars when running the example:
-    
                
-      
              • 
+  
                  
+    
                • Discovery URL pattern is: http://localhost:8080/<realm>/.well-known/openid-configuration, where <realm> defaults to default.
                  • 
+    
                • You can change these with env vars when running the example:
+      
                    
+        
                  • 
 E2E_ISSUER_BASE (default: http://localhost:8080)
                    • 
-      
                  • 
+        
                  • 
 E2E_REALM (default: default)
                    • 
-    
                  
-  
                  • 
-
                
+      
              
+    
              • 
+  
            
 
-
            </details>
            
+
            
 
 
            If it seems like you are in the wrong place, you might try one of these:
            
 
@@ -550,34 +550,34 @@ 
            Compatibility
            
 This gem will install on Ruby versions >= v2.2 for 2.x releases.
 See 1-4-stable branch for older rubies.
            
 
-
            <details markdown=”1>
            
-Ruby Engine Compatibility Policy
+
            
+  Ruby Engine Compatibility Policy
 
-
            This gem is tested against MRI, JRuby, and Truffleruby.
+  
            This gem is tested against MRI, JRuby, and Truffleruby.
 Each of those has varying versions that target a specific version of MRI Ruby.
 This gem should work in the just-listed Ruby engines according to the targeted MRI compatibility in the table below.
 If you would like to add support for additional engines,
 see gemfiles/README.md, then submit a PR to the correct maintenance branch as according to the table below.
            
 
-
            </details>
            
+
            
 
-
            <details markdown=”1>
            
-Ruby Version Compatibility Policy
+
            
+  Ruby Version Compatibility Policy
 
-
            If something doesn’t work on one of these interpreters, it’s a bug.
            
+  
            If something doesn’t work on one of these interpreters, it’s a bug.
            
 
-
            This library may inadvertently work (or seem to work) on other Ruby
+  
            This library may inadvertently work (or seem to work) on other Ruby
 implementations; however, support will only be provided for the versions listed
 above.
            
 
-
            If you would like this library to support another Ruby version, you may
+  
            If you would like this library to support another Ruby version, you may
 volunteer to be a maintainer. Being a maintainer entails making sure all tests
 run and pass on that implementation. When something breaks on your
 implementation, you will be responsible for providing patches in a timely
 fashion. If critical issues for a particular implementation exist at the time
 of a major release, support for that Ruby version may be dropped.
            
 
-
            </details>
            
+
            
 
 
            
   
            
-      
            # File 'lib/oauth2/error.rb', line 5
+      
            # File 'lib/oauth2/error.rb', line 13
 
 def description
   @description
@@ -475,7 +673,7 @@ 
            
       
            
   
            
   
-    #responseObject  (readonly)
+    #responseOAuth2::Response, ...  (readonly)
   
 
   
@@ -483,13 +681,69 @@ 
            
   
 
            
   
            
-    
            Returns the value of attribute response.
            
+    
 
 
   
            
 
            
 
            
   
+
            Returns:
            
+
              
+  
+    
            • 
+      
+      
+        (OAuth2::Response, Hash, Object)
+      
+      
+      
+        —
+        
              Original response or payload used to build the error
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String)
+      
+      
+      
+        —
+        
              Raw body content (if available)
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Error code (e.g., ‘invalid_grant’)
              
+
              
+      
+    
              • 
+  
+    
            • 
+      
+      
+        (String, nil)
+      
+      
+      
+        —
+        
              Human-readable description for the error
              
+
              
+      
+    
              • 
+  
+
            
 
 
            
@@ -497,12 +751,12 @@ 
            
       
             
 
-5
-6
-7
            
+13
+14
+15
     
     
            
@@ -192,7 +192,7 @@ 
            💡 Info you can shake a stick at
            
@@ -264,14 +264,14 @@ 
            Upgrading Runtime Gem DependenciesWhat does that mean specifically for the runtime dependencies?
            
 
-
            We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
            
-covering the latest patch for each of the following minor versions:
            
+
            We have 100% test coverage of lines and branches, and this test suite runs across a very large matrix.
            
+It wouldn’t be possible without appraisal2.
            
 
 
            
   
            
-      
            # File 'lib/oauth2/error.rb', line 5
+      
            # File 'lib/oauth2/error.rb', line 13
 
 def response
   @response
@@ -518,7 +772,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index fb8f30af..3b319cdd 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -88,7 +88,21 @@
   
 
 
-
            Defined Under Namespace
            
+
            Overview
            
+  
            
+    
            Mixin that redacts sensitive instance variables in #inspect output.
            
+
+
            Classes include this module and declare which attributes should be filtered
            
+using filtered_attributes. Any instance variable name that includes one of
            
+those attribute names will be shown as [FILTERED] in the object’s inspect.
            
+
+
+  
            
+
            
+
            
+  
+
+
            Defined Under Namespace
            
 
            
   
     
@@ -116,7 +130,7 @@ 
            
         
          • 
   
     
-      .included(base)  ⇒ Object 
+      .included(base)  ⇒ void 
     
 
     
@@ -130,7 +144,7 @@ 
            
   
 
   
-    
            
+    
            Hook invoked when the module is included.
            
 
            
   
 
            • 
@@ -148,7 +162,7 @@ 
            
         
          • 
   
     
-      #inspect  ⇒ Object 
+      #inspect  ⇒ String 
     
 
     
@@ -162,7 +176,7 @@ 
            
   
 
   
-    
            
+    
            Custom inspect that redacts configured attributes.
            
 
            
   
 
            • 
@@ -180,24 +194,54 @@ 
            Class Method Details
            
       
            
   
            
   
-    .included(base)  ⇒ Object 
+    .included(base)  ⇒ void 
+  
+
   
 
   
+
            
+  
            
+    
            This method returns an undefined value.
            Hook invoked when the module is included. Extends the including class with
            
+class-level helpers.
            
 
+
+  
            
+
            
+
            
+  
            Parameters:
            
+
              
+  
+    
            • 
+      
+        base
+      
+      
+        (Class)
+      
+      
+      
+        —
+        
              The including class
              
+
              
+      
+    
              • 
   
-
+
+
+
+
              
-      
-    
-      
-      
-      
-    
-      
-    
-    
-      
-      
-      
              
   
              
     
       
               
 
-3
-4
-5
              
+13
+14
+15
                   		
     
-      
              # File 'lib/oauth2/filtered_attributes.rb', line 3
+      
              # File 'lib/oauth2/filtered_attributes.rb', line 13
 
 def self.included(base)
   base.extend(ClassMethods)
@@ -216,34 +260,57 @@ 
              Instance Method Details
              
       
              
   
              
   
-    #inspectObject 
+    #inspectString 
   
 
   
 
   
-
              
+
              
+  
              
+    
              Custom inspect that redacts configured attributes.
              
+
+
+  
              
+
              
+
              
+  
+
              Returns:
              
+
                
+  
+    
              • 
+      
+      
+        (String)
+      
+      
+      
+    
                • 
+  
+
              
+
+
              
@@ -304,7 +207,22 @@ 
              💡 Info you can shake a stick at
              Compatibility
              
 
-
              Compatible with Ruby 2.3+, and concordant releases of JRuby, and TruffleRuby.
              
+
              Upgrading Runtime Gem Dependencies
              
+
+
              This project sits underneath a large portion of the authorization systems on the internet.
              
+According to GitHub’s project tracking, which I believe only reports on public projects,
              
+100,000+ projects, and
              
+500+ packages depend on this project.
              
+
+
              That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
              
+
+
              As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
              
+leading versions per each minor version of Ruby of all the runtime dependencies it can install with.
              
+
+
              What does that mean specifically for the runtime dependencies?
              
+
+
              We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
              
+covering the latest patch for each of the following minor versions:
              
   
              
     
       
               
 
-17
-18
-19
-20
-21
-22
-23
-24
-25
-26
-27
-28
-29
              
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
                   		
     
-      
              # File 'lib/oauth2/filtered_attributes.rb', line 17
+      
              # File 'lib/oauth2/filtered_attributes.rb', line 38
 
 def inspect
   filtered_attribute_names = self.class.filtered_attribute_names
@@ -268,7 +335,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 9fe25d59..c355f60f 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -83,8 +83,18 @@
   
 
 
+
              Overview
              
+  
              
+    
              Class-level helpers for configuring filtered attributes.
              
 
 
+  
              
+
              
+
              
+  
+
+
              
+
 
 
 
@@ -101,7 +111,7 @@ 
              
         
            • 
   
     
-      #filtered_attribute_names  ⇒ Object 
+      #filtered_attribute_names  ⇒ Array<Symbol> 
     
 
     
@@ -115,7 +125,7 @@ 
              
   
 
   
-    
              
+    
              The configured attribute names to filter.
              
 
              
   
 
              • 
@@ -124,7 +134,7 @@ 
              
         
            • 
   
     
-      #filtered_attributes(*attributes)  ⇒ Object 
+      #filtered_attributes(*attributes)  ⇒ void 
     
 
     
@@ -138,7 +148,7 @@ 
              
   
 
   
-    
              
+    
              Declare attributes that should be redacted in inspect output.
              
 
              
   
 
              • 
@@ -156,24 +166,47 @@ 
              Instance Method Details
              
       
              
   
              
   
-    #filtered_attribute_namesObject 
+    #filtered_attribute_namesArray<Symbol> 
+  
+
   
 
   
+
              
+  
              
+    
              The configured attribute names to filter.
              
+
 
+  
              
+
              
+
              
+  
+
              Returns:
              
+
                
+  
+    
              • 
+      
+      
+        (Array<Symbol>)
+      
+      
+      
+    
                • 
   
-
+
+
+
                
@@ -304,7 +207,22 @@ 
                💡 Info you can shake a stick at
                Compatibility
                
 
-
                Compatible with Ruby 2.3+, and concordant releases of JRuby, and TruffleRuby.
                
+
                Upgrading Runtime Gem Dependencies
                
+
+
                This project sits underneath a large portion of the authorization systems on the internet.
                
+According to GitHub’s project tracking, which I believe only reports on public projects,
                
+100,000+ projects, and
                
+500+ packages depend on this project.
                
+
+
                That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
                
+
+
                As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
                
+leading versions per each minor version of Ruby of all the runtime dependencies it can install with.
                
+
+
                What does that mean specifically for the runtime dependencies?
                
+
+
                We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
                
+covering the latest patch for each of the following minor versions:
                
   
                
     
       
                 
 
-12
-13
-14
                
+30
+31
+32
                     		
     
-      
                # File 'lib/oauth2/filtered_attributes.rb', line 12
+      
                # File 'lib/oauth2/filtered_attributes.rb', line 30
 
 def filtered_attribute_names
   @filtered_attribute_names || []
@@ -186,24 +219,53 @@ 
                
       
                
   
                
   
-    #filtered_attributes(*attributes)  ⇒ Object 
+    #filtered_attributes(*attributes)  ⇒ void 
   
 
   
 
   
-
                
+
                
+  
                
+    
                This method returns an undefined value.
                Declare attributes that should be redacted in inspect output.
                
+
+
+  
                
+
                
+
                
+  
                Parameters:
                
+
                  
+  
+    
                • 
+      
+        attributes
+      
+      
+        (Array<Symbol, String>)
+      
+      
+      
+        —
+        
                  One or more attribute names
                  
+
                  
+      
+    
                  • 
+  
+
                
+
+
+
                
@@ -1114,7 +1114,7 @@ 
                🔐 Security
                🤝 Contributing
                If you need some ideas of where to help, you could work on adding more code coverage,
                
-or if it is already 💯 (see below) check reek, issues, or PRs,
                
+or if it is already 💯 (see below) check reek, issues, or PRs,
                
 or use the gem and think about how it could be better.
                We Keep A Changelog so if you make changes, remember to update it.
                
@@ -1260,7 +1260,7 @@ 
                Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
new file mode 100644
index 00000000..137dfca2
--- /dev/null
+++ b/docs/file.REEK.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: REEK
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                
+      
+      
                
+    
                
+
+    
                
+      
+
+      
                
+
                
+
+      
+
+    
                
+  
+
\ No newline at end of file
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 379ff874..51c8f8f8 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                Benefits of rubocop_gradual
                
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 25f35b40..b3e2756d 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                Enterprise Support
                
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
new file mode 100644
index 00000000..59dd96da
--- /dev/null
+++ b/docs/file.access_token.html
@@ -0,0 +1,94 @@
+
+
+  
+    
+
+
+  File: access_token
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                
+      
+      
                
+    
                
+
+    
                
+      
+
+      
                module OAuth2
                
+  class AccessToken
                
+    def self.from_hash: (OAuth2::Client, Hash[untyped, untyped]) -> OAuth2::AccessToken
                
+    def self.from_kvform: (OAuth2::Client, String) -> OAuth2::AccessToken
                
+
+
                def initialize: (OAuth2::Client, String, ?Hash[Symbol, untyped]) -> void
+def []: (String | Symbol) -> untyped
+def expires?: () -> bool
+def expired?: () -> bool
+def refresh: (?Hash[untyped, untyped], ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::AccessToken
+def revoke: (?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def to_hash: () -> Hash[Symbol, untyped]
+def request: (Symbol, String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def get: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def post: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def put: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def patch: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def delete: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def headers: () -> Hash[String, String]
+def configure_authentication!: (Hash[Symbol, untyped]) -> void
+def convert_expires_at: (untyped) -> (Time | Integer | nil)
+
+attr_accessor response: OAuth2::Response   end end
+
                
+
                
+
+      
+
+    
                
+  
+
\ No newline at end of file
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
new file mode 100644
index 00000000..e703185b
--- /dev/null
+++ b/docs/file.authenticator.html
@@ -0,0 +1,91 @@
+
+
+  
+    
+
+
+  File: authenticator
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                
+      
+      
                
+    
                
+
+    
                
+      
+
+      
                module OAuth2
                
+  class Authenticator
                
+    include OAuth2::FilteredAttributes
                
+
+
                attr_reader mode: (Symbol | String)
+attr_reader id: String?
+attr_reader secret: String?
+
+def initialize: (String? id, String? secret, (Symbol | String) mode) -> void
+
+def apply: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
+
+def self.encode_basic_auth: (String, String) -> String
+
+private
+
+def apply_params_auth: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
+def apply_client_id: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
+def apply_basic_auth: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
+def basic_auth_header: () -> Hash[String, String]   end end
+
                
+
                
+
+      
+
+    
                
+  
+
\ No newline at end of file
diff --git a/docs/file.client.html b/docs/file.client.html
new file mode 100644
index 00000000..a26f7a40
--- /dev/null
+++ b/docs/file.client.html
@@ -0,0 +1,121 @@
+
+
+  
+    
+
+
+  File: client
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                
+      
+      
                
+    
                
+
+    
                
+      
+
+      
                module OAuth2
                
+  class Client
                
+    RESERVED_REQ_KEYS: Array[String]
                
+    RESERVED_PARAM_KEYS: Array[String]
                
+
+
                include OAuth2::FilteredAttributes
+
+attr_reader id: String
+attr_reader secret: String
+attr_reader site: String?
+attr_accessor options: Hash[Symbol, untyped]
+attr_writer connection: untyped
+
+def initialize: (String client_id, String client_secret, ?Hash[Symbol, untyped]) { (untyped) -> void } -> void
+
+def site=: (String) -> String
+
+def connection: () -> untyped
+
+def authorize_url: (?Hash[untyped, untyped]) -> String
+def token_url: (?Hash[untyped, untyped]) -> String
+def revoke_url: (?Hash[untyped, untyped]) -> String
+
+def request: (Symbol verb, String url, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+
+def get_token: (Hash[untyped, untyped] params, ?Hash[Symbol, untyped] access_token_opts, ?Proc) { (Hash[Symbol, untyped]) -> void } -> (OAuth2::AccessToken | nil)
+
+def revoke_token: (String token, ?String token_type_hint, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+
+def http_method: () -> Symbol
+
+def auth_code: () -> OAuth2::Strategy::AuthCode
+def implicit: () -> OAuth2::Strategy::Implicit
+def password: () -> OAuth2::Strategy::Password
+def client_credentials: () -> OAuth2::Strategy::ClientCredentials
+def assertion: () -> OAuth2::Strategy::Assertion
+
+def redirection_params: () -> Hash[String, String]
+
+private
+
+def params_to_req_opts: (Hash[untyped, untyped]) -> Hash[Symbol, untyped]
+def parse_snaky_params_headers: (Hash[untyped, untyped]) -> [Symbol, bool, untyped, (Symbol | nil), Hash[untyped, untyped], Hash[String, String]]
+def execute_request: (Symbol verb, String url, ?Hash[Symbol, untyped]) { (Faraday::Request) -> void } -> OAuth2::Response
+def authenticator: () -> OAuth2::Authenticator
+def parse_response_legacy: (OAuth2::Response, Hash[Symbol, untyped], Proc) -> (OAuth2::AccessToken | nil)
+def parse_response: (OAuth2::Response, Hash[Symbol, untyped]) -> (OAuth2::AccessToken | nil)
+def build_access_token: (OAuth2::Response, Hash[Symbol, untyped], untyped) -> OAuth2::AccessToken
+def build_access_token_legacy: (OAuth2::Response, Hash[Symbol, untyped], Proc) -> (OAuth2::AccessToken | nil)
+def oauth_debug_logging: (untyped) -> void   end end
+
                
+
                
+
+      
+
+    
                
+  
+
\ No newline at end of file
diff --git a/docs/file.error.html b/docs/file.error.html
new file mode 100644
index 00000000..d36d31cb
--- /dev/null
+++ b/docs/file.error.html
@@ -0,0 +1,78 @@
+
+
+  
+    
+
+
+  File: error
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                
+      
+      
                
+    
                
+
+    
                
+      
+
+      
                module OAuth2
                
+  class Error < StandardError
                
+    def initialize: (OAuth2::Response) -> void
                
+    def code: () -> (String | Integer | nil)
                
+    def description: () -> (String | nil)
                
+    def response: () -> OAuth2::Response
                
+  end
                
+end
                
+
                
+
+      
+
+    
                
+  
+
\ No newline at end of file
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
new file mode 100644
index 00000000..b6be30c1
--- /dev/null
+++ b/docs/file.filtered_attributes.html
@@ -0,0 +1,76 @@
+
+
+  
+    
+
+
+  File: filtered_attributes
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                
+      
+      
                
+    
                
+
+    
                
+      
+
+      
                module OAuth2
                
+  module FilteredAttributes
                
+    def self.included: (untyped) -> untyped
                
+    def filtered_attributes: (*String) -> void
                
+  end
                
+end
                
+
                
+
+      
+
+    
                
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
new file mode 100644
index 00000000..74bd8adf
--- /dev/null
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.10.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                
+      
+      
                
+    
                
+
+    
                
+      
+
+      
                e692f68ab79677ee7fa9300bbd5e0c41de08642d51659a49ca7fd742230445601ad3c2d271ee110718d58a27383aba0c25ddbdbef5b13f7c18585cdfda74850b
                
+
                
+
+      
+
+    
                
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
new file mode 100644
index 00000000..b8260853
--- /dev/null
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.11.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                
+      
+      
                
+    
                
+
+    
                
+      
+
+      
                048743f9efd89460231738885c9c0de7b36433055eefc66331b91eee343885cd9145bbac239c6121d13b716633fb8385fa886ce854bf14142f9894e6c8f19ba2
                
+
                
+
+      
+
+    
                
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
new file mode 100644
index 00000000..dc9a40a6
--- /dev/null
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.12.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                
+      
+      
                
+    
                
+
+    
                
+      
+
+      
                a209c7a0c4b9d46ccb00e750af8899c01d52648ca77a0d40b934593de53edc4f2774440fc50733c0e5098672c6c5a4a20f8709046be427fcf032f45922dff2d2
                
+
                
+
+      
+
+    
                
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
new file mode 100644
index 00000000..575122d0
--- /dev/null
+++ b/docs/file.oauth2.html
@@ -0,0 +1,79 @@
+
+
+  
+    
+
+
+  File: oauth2
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                
+      
+      
                
+    
                
+
+    
                
+      
+
+      
                module OAuth2
                
+  OAUTH_DEBUG: bool
                
+
+
                DEFAULT_CONFIG: untyped
                
+  @config: untyped
                
+
+
                def self.config: () -> untyped
                
+  def self.configure: () { (untyped) -> void } -> void
                
+end
                
+
                
+
+      
+
+    
                
+  
+
\ No newline at end of file
diff --git a/docs/file.response.html b/docs/file.response.html
new file mode 100644
index 00000000..1208f24b
--- /dev/null
+++ b/docs/file.response.html
@@ -0,0 +1,87 @@
+
+
+  
+    
+
+
+  File: response
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                
+      
+      
                
+    
                
+
+    
                
+      
+
+      
                module OAuth2
                
+  class Response
                
+    DEFAULT_OPTIONS: Hash[Symbol, untyped]
                
+
+
                def self.register_parser: (Symbol key, (Array[String] | String) mime_types) { (String) -> untyped } -> void
+
+def initialize: (untyped response, parse: Symbol?, snaky: bool?, snaky_hash_klass: untyped?, options: Hash[Symbol, untyped]?) -> void
+def headers: () -> Hash[untyped, untyped]
+def status: () -> Integer
+def body: () -> String
+def parsed: () -> untyped
+def content_type: () -> (String | nil)
+def parser: () -> (untyped | nil)
+
+attr_reader response: untyped
+attr_accessor options: Hash[Symbol, untyped]   end end
+
                
+
                
+
+      
+
+    
                
+  
+
\ No newline at end of file
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
new file mode 100644
index 00000000..1d74d472
--- /dev/null
+++ b/docs/file.strategy.html
@@ -0,0 +1,103 @@
+
+
+  
+    
+
+
+  File: strategy
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                
+      
+      
                
+    
                
+
+    
                
+      
+
+      
                module OAuth2
                
+  module Strategy
                
+    class Base
                
+      def initialize: (OAuth2::Client) -> void
                
+    end
                
+
+
                class AuthCode < Base
+  def authorize_params: (?Hash[untyped, untyped]) -> Hash[untyped, untyped]
+  def authorize_url: (?Hash[untyped, untyped]) -> String
+  def get_token: (String, ?Hash[untyped, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
+end
+
+class Implicit < Base
+  def authorize_params: (?Hash[untyped, untyped]) -> Hash[untyped, untyped]
+  def authorize_url: (?Hash[untyped, untyped]) -> String
+  def get_token: (*untyped) -> void
+end
+
+class Password < Base
+  def authorize_url: () -> void
+  def get_token: (String, String, ?Hash[untyped, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
+end
+
+class ClientCredentials < Base
+  def authorize_url: () -> void
+  def get_token: (?Hash[untyped, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
+end
+
+class Assertion < Base
+  def authorize_url: () -> void
+  def get_token: (Hash[untyped, untyped], Hash[Symbol, untyped], ?Hash[Symbol, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
+end   end end
+
                
+
                
+
+      
+
+    
                
+  
+
\ No newline at end of file
diff --git a/docs/file.version.html b/docs/file.version.html
new file mode 100644
index 00000000..0d97cbcf
--- /dev/null
+++ b/docs/file.version.html
@@ -0,0 +1,75 @@
+
+
+  
+    
+
+
+  File: version
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                
+      
+      
                
+    
                
+
+    
                
+      
+
+      
                module OAuth2
                
+  module Version
                
+    VERSION: String
                
+  end
                
+end
                
+
                
+
+      
+
+    
                
+  
+
\ No newline at end of file
diff --git a/docs/file_list.html b/docs/file_list.html
index 95fe7792..642f6214 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -87,6 +87,91 @@ 
                File List
                
   
 
+  
              • 
+    
                CITATION
                
+  
                • 
+  
+
+  
              • 
+    
                oauth2-2.0.10.gem
                
+  
                • 
+  
+
+  
              • 
+    
                oauth2-2.0.11.gem
                
+  
                • 
+  
+
+  
              • 
+    
                oauth2-2.0.12.gem
                
+  
                • 
+  
+
+  
              • 
+    
                oauth2-2.0.10.gem
                
+  
                • 
+  
+
+  
              • 
+    
                oauth2-2.0.11.gem
                
+  
                • 
+  
+
+  
              • 
+    
                oauth2-2.0.12.gem
                
+  
                • 
+  
+
+  
              • 
+    
                REEK
                
+  
                • 
+  
+
+  
              • 
+    
                access_token
                
+  
                • 
+  
+
+  
              • 
+    
                authenticator
                
+  
                • 
+  
+
+  
              • 
+    
                client
                
+  
                • 
+  
+
+  
              • 
+    
                error
                
+  
                • 
+  
+
+  
              • 
+    
                filtered_attributes
                
+  
                • 
+  
+
+  
              • 
+    
                response
                
+  
                • 
+  
+
+  
              • 
+    
                strategy
                
+  
                • 
+  
+
+  
              • 
+    
                version
                
+  
                • 
+  
+
+  
              • 
+    
                oauth2
                
+  
                • 
+  
+
 
       
diff --git a/docs/index.html b/docs/index.html
index a752b5cc..0e4c4866 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -259,7 +259,7 @@ 
                💡 Info you can shake a stick at
                
@@ -1114,7 +1114,7 @@ 
                🔐 Security
                🤝 Contributing
                If you need some ideas of where to help, you could work on adding more code coverage,
                
-or if it is already 💯 (see below) check reek, issues, or PRs,
                
+or if it is already 💯 (see below) check reek, issues, or PRs,
                
 or use the gem and think about how it could be better.
                We Keep A Changelog so if you make changes, remember to update it.
                
@@ -1260,7 +1260,7 @@ 
                Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index d11c7398..79b8a88e 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                Defined Under Namespace
                
diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb
index 57c10e53..e1b505eb 100644
--- a/lib/oauth2/version.rb
+++ b/lib/oauth2/version.rb
@@ -2,6 +2,6 @@
 
 module OAuth2
   module Version
-    VERSION = "2.0.12"
+    VERSION = "2.0.13"
   end
 end

From 26b3dfe541642ad4004cbcf85900276cea27813a Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 30 Aug 2025 16:39:26 -0600
Subject: [PATCH 525/645] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20Checksums=20for?=
 =?UTF-8?q?=20v2.0.13?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 checksums/oauth2-2.0.13.gem.sha256 | 1 +
 checksums/oauth2-2.0.13.gem.sha512 | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 checksums/oauth2-2.0.13.gem.sha256
 create mode 100644 checksums/oauth2-2.0.13.gem.sha512

diff --git a/checksums/oauth2-2.0.13.gem.sha256 b/checksums/oauth2-2.0.13.gem.sha256
new file mode 100644
index 00000000..21424bc6
--- /dev/null
+++ b/checksums/oauth2-2.0.13.gem.sha256
@@ -0,0 +1 @@
+e6588fe5902c07bac542a4a1197f558c319cb479b7fbe53f43f883b1a211be25
\ No newline at end of file
diff --git a/checksums/oauth2-2.0.13.gem.sha512 b/checksums/oauth2-2.0.13.gem.sha512
new file mode 100644
index 00000000..d3cf1b62
--- /dev/null
+++ b/checksums/oauth2-2.0.13.gem.sha512
@@ -0,0 +1 @@
+3bfe481d98f859f37f3b90ced2b8856a843eef0f2e0263163cccc14430047bc3cd03d28597f48daa3d623b52d692c3b3e7c2dc26df5eb588dd82d28608fba639
\ No newline at end of file

From 3c010a84d97334bf068c8b8673b702dd51a7b1ec Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 30 Aug 2025 18:18:47 -0600
Subject: [PATCH 526/645] =?UTF-8?q?=F0=9F=93=9D=20Remove=20redundant=20Ent?=
 =?UTF-8?q?erprise=20support=20section?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md |  1 +
 README.md    | 98 +++++++++++++++++++++++-----------------------------
 2 files changed, 45 insertions(+), 54 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7825cc50..a6ebafb3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 
 ## [Unreleased]
 ### Added
+- improved documentation by @pboling
 ### Changed
 ### Deprecated
 ### Removed
diff --git a/README.md b/README.md
index 93564c6f..418064ff 100644
--- a/README.md
+++ b/README.md
@@ -61,7 +61,35 @@ NOTE: `header` - The content type specified in the `curl` is already the default
 
 
 
-### Upgrading Runtime Gem Dependencies
+If it seems like you are in the wrong place, you might try one of these:
+
+* [OAuth 2.0 Spec][oauth2-spec]
+* [doorkeeper gem][doorkeeper-gem] for OAuth 2.0 server/provider implementation.
+* [oauth sibling gem][sibling-gem] for OAuth 1.0a implementations in Ruby.
+
+[oauth2-spec]: https://oauth.net/2/
+[sibling-gem]: https://gitlab.com/ruby-oauth/oauth
+[doorkeeper-gem]: https://github.com/doorkeeper-gem/doorkeeper
+
+## 💡 Info you can shake a stick at
+
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                     |
+|-------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                 [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                     |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                 [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                       |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                    |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                 [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                         |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                    |
+| Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                       |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                                                               |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                             |
+| Support                 | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                              |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto] |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]              |
+
+### Compatibility
+
+#### Upgrading Runtime Gem Dependencies
 
 This project sits underneath a large portion of the authorization systems on the internet.
 According to GitHub's project tracking, which I believe only reports on public projects,
@@ -84,7 +112,7 @@ covering the latest patch for each of the following minor versions:
 
 * Operating Systems: Linux, MacOS, Windows
 * MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
-  * NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
+    * NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
 * JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
 * TruffleRuby @ v23.1, v24.1, HEAD
 * gem `faraday` @ v0, v1, v2, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
@@ -105,8 +133,8 @@ Also, where reasonable, tested against the runtime dependencies of those depende
 #### You should upgrade this gem with confidence\*.
 
 - This gem follows a _strict & correct_ (according to the maintainer of SemVer; [more info][sv-pub-api]) interpretation of SemVer.
-  - Dropping support for **any** of the runtime dependency versions above will be a major version bump.
-  - If you aren't on one of the minor versions above, make getting there a priority.
+    - Dropping support for **any** of the runtime dependency versions above will be a major version bump.
+    - If you aren't on one of the minor versions above, make getting there a priority.
 - You should upgrade the dependencies of this gem with confidence\*.
 - Please do upgrade, and then, when it goes smooth as butter [please sponsor me][🖇sponsor].  Thanks!
 
@@ -129,52 +157,18 @@ If you use a gem version of a core Ruby library it should work fine!
 
 
 
-If it seems like you are in the wrong place, you might try one of these:
-
-* [OAuth 2.0 Spec][oauth2-spec]
-* [doorkeeper gem][doorkeeper-gem] for OAuth 2.0 server/provider implementation.
-* [oauth sibling gem][sibling-gem] for OAuth 1.0 implementations in Ruby.
-
-[oauth2-spec]: https://oauth.net/2/
-[sibling-gem]: https://gitlab.com/ruby-oauth/oauth
-[doorkeeper-gem]: https://github.com/doorkeeper-gem/doorkeeper
-
-## 💡 Info you can shake a stick at
-
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                     |
-|-------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                 [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                     |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                 [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                       |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                    |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                 [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                         |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                    |
-| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                             |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                                                               |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                             |
-| Support                 | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                              |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto] |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]              |
-
-### Compatibility
-
-Compatible with Ruby 2.3+, and concordant releases of JRuby, and TruffleRuby.
-
-| 🚚 _Amazing_ test matrix was brought to you by | 🔎 appraisal2 🔎                                                                    |
-|------------------------------------------------|-------------------------------------------------------------------------------------|
-| 👟 Check it out!                               | ✨ [github.com/appraisal-rb/appraisal2][💎appraisal2] ✨ |
-
 ### Federated DVCS
 
 
                
   Find this repo on other forges (Coming soon!)
 
-| Federated [DVCS][💎d-in-dvcs] Repository        | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
-|-------------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
-| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]   | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
-| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb] | An Ethical Mirror ([Donate][🤝cb-donate])                             | [💚][🤝cb-issues]         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
-| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]   | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | [💚][gh-discussions]         |
-| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                          | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
-| 🎮️ [Discord Server][✉️discord-invite]          | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
+| Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
+|-----------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
+| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]    | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
+| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb]  | An Ethical Mirror ([Donate][🤝cb-donate])                             | [💚][🤝cb-issues]         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
+| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]    | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | [💚][gh-discussions]         |
+| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                              | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
+| 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
 
 
                
 
@@ -182,9 +176,13 @@ Compatible with Ruby 2.3+, and concordant releases of JRuby, and TruffleRuby.
 
 ### Enterprise Support [![Tidelift](https://tidelift.com/badges/package/rubygems/oauth2)](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=readme)
 
+Available as part of the Tidelift Subscription.
+
 
                
   Need enterprise-level guarantees?
 
+The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use.
+
 [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
 
 - 💡Subscribe for support guarantees covering _all_ your FLOSS dependencies
@@ -248,14 +246,6 @@ NOTE: Be prepared to track down certs for signed gems and add them the same way
 
 
                
 
-## OAuth2 for Enterprise
-
-Available as part of the Tidelift Subscription.
-
-The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref]
-
-[tidelift-ref]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise
-
 ## Security contact information
 
 To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
@@ -515,7 +505,7 @@ end
 
 See [response_spec.rb](https://github.com/ruby-oauth/oauth2/blob/main/spec/oauth2/response_spec.rb), or the [ruby-oauth/snaky_hash](https://gitlab.com/ruby-oauth/snaky_hash) gem for more ideas.
 
-#### What if I hate snakes and/or indifference?
+#### Prefer camelCase over snake_case? => snaky: false
 
 ```ruby
 response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)

From a1e18e0285598b00e1da51295f9a25cfa9c78ee9 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 30 Aug 2025 18:20:00 -0600
Subject: [PATCH 527/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20docs=20site?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              |  53 +----
 docs/file.CHANGELOG.html                      |  16 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.README.html                         | 213 ++++++++----------
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   2 +-
 docs/file_list.html                           |  85 -------
 docs/index.html                               | 213 ++++++++----------
 docs/top-level-namespace.html                 |   2 +-
 28 files changed, 228 insertions(+), 398 deletions(-)

diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index a60fa9c7..d8d443c2 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 2ca4709a..5ca4896a 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index d4faefe5..c9cd0296 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 3d722071..e714ee28 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index bfe8dd19..b14aecce 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 76703de3..a69573fe 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index bdf8e4dc..dfe941b7 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 8fdc5009..b54f9d05 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index eeb273b2..a2cc0ba8 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                Defined Under Namespace
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 5367ac5b..b90be1db 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 0b8f3073..822a64be 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 1d387d86..8303d37b 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 5cbf6890..3f0a053c 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index fdfe4c71..33cbd210 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 21b3dd85..2b182640 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 59920dfc..f7ec788b 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 69a10497..809db8cc 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -84,57 +84,6 @@ 
                File Listing
                
     
              • LICENSE
                • 
     
   
-    
              • CITATION
                • 
-    
-  
-    
              • oauth2-2.0.10.gem
                • 
-    
-  
-    
              • oauth2-2.0.11.gem
                • 
-    
-  
-    
              • oauth2-2.0.12.gem
                • 
-    
-  
-    
              • oauth2-2.0.10.gem
                • 
-    
-  
-    
              • oauth2-2.0.11.gem
                • 
-    
-  
-    
              • oauth2-2.0.12.gem
                • 
-    
-  
-    
              • REEK
                • 
-    
-  
-    
              • access_token
                • 
-    
-  
-    
              • authenticator
                • 
-    
-  
-    
              • client
                • 
-    
-  
-    
              • error
                • 
-    
-  
-    
              • filtered_attributes
                • 
-    
-  
-    
              • response
                • 
-    
-  
-    
              • strategy
                • 
-    
-  
-    
              • version
                • 
-    
-  
-    
              • oauth2
                • 
-    
-  
   
 
 
                
@@ -357,7 +306,7 @@ 
                Namespace Listing A-Z
                
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 97b53b5b..ea13a640 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -65,11 +65,15 @@
 
 
                Unreleased
                
 
                Added
                
-
                Changed
                
-
                Deprecated
                
-
                Removed
                
-
                Fixed
                
-
                Security
                
+
                  
+  
                • improved documentation by @pboling
+    
                  Changed
                  
+    
                  Deprecated
                  
+    
                  Removed
                  
+    
                  Fixed
                  
+    
                  Security
                  
+  
                  • 
+
                
 
 
                
 2.0.13 - 2025-08-30
                
@@ -1224,7 +1228,7 @@ 
                
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 8f630240..e8725c31 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                Attribution
                
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 8297a00a..48a64e22 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ 
                Manual process
                
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index aae8fd0c..998b3e9f 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index c427de52..c65f015d 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                MIT License

                Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                Permission is hereby granted, free of charge, to any person obtaining a copy
                of this software and associated documentation files (the "Software"), to deal
                in the Software without restriction, including without limitation the rights
                to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                copies of the Software, and to permit persons to whom the Software is
                furnished to do so, subject to the following conditions:

                The above copyright notice and this permission notice shall be included in all
                copies or substantial portions of the Software.

                THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                SOFTWARE.
                
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 18ac837e..cfa8528d 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -113,103 +113,6 @@ 
                Quick Example
                
 
 
 
-
                Upgrading Runtime Gem Dependencies
                
-
-
                This project sits underneath a large portion of the authorization systems on the internet.
                
-According to GitHub’s project tracking, which I believe only reports on public projects,
                
-100,000+ projects, and
                
-500+ packages depend on this project.
                
-
-
                That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
                
-
-
                As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
                
-leading versions per each minor version of Ruby of all the runtime dependencies it can install with.
                
-
-
                What does that mean specifically for the runtime dependencies?
                
-
-
                We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
                
-covering the latest patch for each of the following minor versions:
                
-
-
                
   
                
     
       
                 
 
-8
-9
-10
                
+23
+24
+25
                     		
     
-      
                # File 'lib/oauth2/filtered_attributes.rb', line 8
+      
                # File 'lib/oauth2/filtered_attributes.rb', line 23
 
 def filtered_attributes(*attributes)
   @filtered_attribute_names = attributes.map(&:to_sym)
@@ -218,7 +280,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 13f3cca3..8f90a705 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index a1561172..992bd3d7 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                Defined Under Namespace
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 95111397..4ebca5f9 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 3c866e11..165ad8e3 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index c118241f..da3f42a7 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index cb84d155..d41a29c8 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 1ca7451d..817f7461 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 2d0df925..62bdb4af 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
                
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index a14fd162..66f51584 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 4bc56363..80898b2c 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -72,13 +72,16 @@ 
                File Listing
                
     
              • CONTRIBUTING
                • 
     
   
-    
              • SECURITY
                • 
+    
              • FUNDING
                • 
     
   
-    
              • LICENSE
                • 
+    
              • RUBOCOP
                • 
+    
+  
+    
              • SECURITY
                • 
     
   
-    
              • CITATION
                • 
+    
              • LICENSE
                • 
     
   
   
@@ -303,7 +306,7 @@ 
                Namespace Listing A-Z
                
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 0899df67..4c0f212b 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -65,12 +65,29 @@
 
 
                Unreleased
                
 
                Added
                
-
                Changed
                
 
                  
-  
                • Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
+  
                • 
+gh656 - Support revocation with URL-encoded parameters
                  • 
+  
                • 
+gh660 - Inline yard documentation by @pboling
                  • 
+  
                • 
+gh660 - Complete RBS types documentation by @pboling
                  • 
+  
                • 
+gh660- (more) Comprehensive documentation / examples by @pboling
                  • 
+  
                • 
+gh657 - Updated documentation for org-rename by @pboling
                  • 
+  
                • More funding links by @Aboling0
+    
                  Changed
                  
+  
                  • 
+  
                • Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
                  • 
+  
                • 
+gh660 - Shrink post-install message by 4 lines by @pboling
     
                  Deprecated
                  
     
                  Removed
                  
     
                  Fixed
                  
+  
                  • 
+  
                • 
+gh660 - Links in README (including link to HEAD documentation) by @pboling
     
                  Security
                  
   
                  • 
 
                
@@ -121,14 +138,18 @@ 
                
     
                Added
                
   
   
              • 
+gh651 - :snaky_hash_klass option (@pboling)
                • 
+  
              • 
 gh651 - :snaky_hash_klass option (@pboling)
                • 
   
              • More documentation
                • 
   
              • Codeberg as ethical mirror (@pboling)
     
                  
+      
                • https://codeberg.org/oauth-xx/oauth2
                  • 
       
                • https://codeberg.org/ruby-oauth/oauth2
                  • 
     
                
   
                • 
   
              • Don’t check for cert if SKIP_GEM_SIGNING is set (@pboling)
                • 
+  
              • All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling)
                • 
   
              • All runtime deps, including ruby-oauth sibling gems, are now tested against HEAD (@pboling)
                • 
   
              • YARD config, GFM compatible with relative file links (@pboling)
                • 
   
              • Documentation site on GitHub Pages (@pboling)
@@ -137,6 +158,10 @@ 
                Added
                
     
   
                • 
   
              • 
+!649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
                • 
+  
              • 
+gh651 - Mock OAuth2 server for testing (@pboling)
                • 
+  
              • 
 !649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
                • 
   
              • 
 gh651 - Mock OAuth2 server for testing (@pboling)
@@ -147,6 +172,8 @@ 
                Changed
                
     
   
                • 
   
              • 
+gh651 - Upgraded to snaky_hash v2.0.3 (@pboling)
                • 
+  
              • 
 gh651 - Upgraded to snaky_hash v2.0.3 (@pboling)
     
                  
       
                • Provides solution for serialization issues
                  • 
@@ -156,6 +183,8 @@ 
                  Changed
                  
     
                  Fixed
                  
   
   
                • 
+gh650 - Regression in return type of OAuth2::Response#parsed (@pboling)
                  • 
+  
                • 
 gh650 - Regression in return type of OAuth2::Response#parsed (@pboling)
                  • 
   
                • Incorrect documentation related to silencing warnings (@pboling)
                  • 
 
                
@@ -171,6 +200,14 @@ 
                
     
                Added
                
   
                • 
   
              • 
+gh!632 - Added funding.yml (@Aboling0)
                • 
+  
              • 
+!635 - Added .gitlab-ci.yml (@jessieay)
                • 
+  
              • 
+#638 - Documentation of support for ILO Fundamental Principles of Rights at Work (@pboling)
                • 
+  
              • 
+!642 - 20-year certificate for signing gem releases, expires 2045-04-29 (@pboling)
                • 
+  
              • 
 gh!632 - Added funding.yml (@Aboling0)
                • 
   
              • 
 !635 - Added .gitlab-ci.yml (@jessieay)
                • 
@@ -190,12 +227,20 @@ 
                Added
                
     
   
   
              • 
+!643 - Add token_name option (@pboling)
                • 
+  
              • 
 !643 - Add token_name option (@pboling)
     
                  
       
                • Specify the parameter name that identifies the access token
                  • 
     
                
   
                • 
   
              • 
+!645 - Add OAuth2::OAUTH_DEBUG constant, based on `ENV[“OAUTH_DEBUG”] (@pboling)
                • 
+  
              • 
+!646 - Add OAuth2.config.silence_extra_tokens_warning, default: false (@pboling)
                • 
+  
              • 
+!647 - Add IETF RFC 7009 Token Revocation compliant (@pboling)
                • 
+  
              • 
 !645 - Add OAuth2::OAUTH_DEBUG constant, based on `ENV[“OAUTH_DEBUG”] (@pboling)
                • 
   
              • 
 !646 - Add OAuth2.config.silence_extra_tokens_warning, default: false (@pboling)
                • 
@@ -208,6 +253,10 @@ 
                Added
                
     
   
   
              • 
+gh!644, gh!645 - Added CITATION.cff (@Aboling0)
                • 
+  
              • 
+!648 - Improved documentation (@pboling)
                • 
+  
              • 
 gh!644, gh!645 - Added CITATION.cff (@Aboling0)
                • 
   
              • 
 !648 - Improved documentation (@pboling)
@@ -220,6 +269,12 @@ 
                Changed
                
     
   
                • 
   
              • 
+!647 - OAuth2::AccessToken#refresh now supports block param pass through (@pboling)
                • 
+  
              • 
+!647 - OAuth2.config is no longer writable (@pboling)
                • 
+  
              • 
+!647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling)
                • 
+  
              • 
 !647 - OAuth2::AccessToken#refresh now supports block param pass through (@pboling)
                • 
   
              • 
 !647 - OAuth2.config is no longer writable (@pboling)
                • 
@@ -228,12 +283,36 @@ 
                Changed
                
     
                Fixed
                
   
   
              • 
+#95 - restoring an access token via AccessToken#from_hash (@pboling)
                • 
+  
              • 
 #95 - restoring an access token via AccessToken#from_hash (@pboling)
     
                  
       
                • This was a 13 year old bug report. 😘
                  • 
     
                
   
                • 
   
              • 
+#619 - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling)
                • 
+  
              • 
+!633 - Spaces will now be encoded as %20 instead of + (@nov.matake)
                • 
+  
              • 
+!634 - CHANGELOG.md documentation fix (@skuwa229)
                • 
+  
              • 
+!638 - fix expired? when expires_in is 0 (@disep)
                • 
+  
              • 
+!639 - Only instantiate OAuth2::Error if raise_errors option is true (@glytch2)
                • 
+  
              • 
+#639 - AccessToken#to_hash is now serializable, just a regular Hash (@pboling)
                • 
+  
              • 
+!640 - README.md documentation fix (@martinezcoder)
                • 
+  
              • 
+!641 - Do not include sensitive information in the inspect (@manuelvanrijn)
                • 
+  
              • 
+#641 - Made default JSON response parser more resilient (@pboling)
                • 
+  
              • 
+#645 - Response no longer becomes a snaky hash (@pboling)
                • 
+  
              • 
+gh!646 - Change require to require_relative (improve performance) (@Aboling0)
                • 
+  
              • 
 #619 - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling)
                • 
   
              • 
 !633 - Spaces will now be encoded as %20 instead of + (@nov.matake)
                • 
@@ -277,10 +356,15 @@ 
                
     
                Changed
                
   
   
              • 
+!630 - Extract snaky_hash to external dependency (@pboling)
                • 
+  
              • 
 !630 - Extract snaky_hash to external dependency (@pboling)
     
                Added
                
   
                • 
   
              • 
+!631 - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes #628
+
                • 
+  
              • 
 !631 - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes #628
 
                • 
 
@@ -292,16 +376,22 @@ 
                
     
                Added
                
   
   
              • 
+!629 - Allow POST of JSON to get token (@pboling, @terracatta)
                • 
+  
              • 
 !629 - Allow POST of JSON to get token (@pboling, @terracatta)
     
                Fixed
                
   
                • 
   
              • 
+!626 - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
                • 
+  
              • 
 !626 - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
     
                  
       
                • Note: This fixes compatibility with omniauth-oauth2 and AWS
                  • 
     
                
   
                • 
   
              • 
+!625 - Fixes the printed version in the post install message (@hasghari)
                • 
+  
              • 
 !625 - Fixes the printed version in the post install message (@hasghari)
                • 
 
 
@@ -312,6 +402,8 @@ 
                
     
                Fixed
                
   
   
              • 
+!624 - Fixes a regression in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
                • 
+  
              • 
 !624 - Fixes a regression in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
                • 
 
 
@@ -322,6 +414,10 @@ 
                
     
                Fixed
                
   
   
              • 
+!620 - Documentation improvements, to help with upgrading (@swanson)
                • 
+  
              • 
+!621 - Fixed #528 and #619 (@pboling)
                • 
+  
              • 
 !620 - Documentation improvements, to help with upgrading (@swanson)
                • 
   
              • 
 !621 - Fixed #528 and #619 (@pboling)
@@ -347,6 +443,8 @@ 
                
     
                Fixed
                
   
                • 
   
              • 
+!618 - In some scenarios the snaky option default value was not applied (@pboling)
                • 
+  
              • 
 !618 - In some scenarios the snaky option default value was not applied (@pboling)
                • 
 
 
@@ -357,12 +455,20 @@ 
                
     
                Added
                
   
   
              • 
+!611 - Proper deprecation warnings for extract_access_token argument (@pboling)
                • 
+  
              • 
+!612 - Add snaky: false option to skip conversion to OAuth2::SnakyHash (default: true) (@pboling)
                • 
+  
              • 
 !611 - Proper deprecation warnings for extract_access_token argument (@pboling)
                • 
   
              • 
 !612 - Add snaky: false option to skip conversion to OAuth2::SnakyHash (default: true) (@pboling)
     
                Fixed
                
   
                • 
   
              • 
+!608 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@nbibler)
                • 
+  
              • 
+!615 - Fix support for requests with blocks, see Faraday::Connection#run_request (@pboling)
                • 
+  
              • 
 !608 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@nbibler)
                • 
   
              • 
 !615 - Fix support for requests with blocks, see Faraday::Connection#run_request (@pboling)
                • 
@@ -375,6 +481,12 @@ 
                
     
                Fixed
                
   
   
              • 
+!604 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@stanhu)
                • 
+  
              • 
+!606 - Ruby 2.7 deprecation warning fix: Move access_token_class parameter into Client constructor (@stanhu)
                • 
+  
              • 
+!607 - CHANGELOG correction, reference to OAuth2::ConnectionError (@zavan)
                • 
+  
              • 
 !604 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@stanhu)
                • 
   
              • 
 !606 - Ruby 2.7 deprecation warning fix: Move access_token_class parameter into Client constructor (@stanhu)
                • 
@@ -399,6 +511,58 @@ 
                
     
                Added
                
   
   
              • 
+!158, !344 - Optionally pass raw response to parsers (@niels)
                • 
+  
              • 
+!190, !332, !334, !335, !360, !426, !427, !461 - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
                • 
+  
              • 
+!220 - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
                • 
+  
              • 
+!298 - Set the response object on the access token on Client#get_token for debugging (@cpetschnig)
                • 
+  
              • 
+!305 - Option: OAuth2::Client#get_token - :access_token_class (AccessToken); user specified class to use for all calls to get_token (@styd)
                • 
+  
              • 
+!346 - Modern gem structure (@pboling)
                • 
+  
              • 
+!351 - Support Jruby 9k (@pboling)
                • 
+  
              • 
+!362 - Support SemVer release version scheme (@pboling)
                • 
+  
              • 
+!363 - New method OAuth2::AccessToken#refresh! same as old refresh, with backwards compatibility alias (@pboling)
                • 
+  
              • 
+!364 - Support application/hal+json format (@pboling)
                • 
+  
              • 
+!365 - Support application/vnd.collection+json format (@pboling)
                • 
+  
              • 
+!376 - Documentation: Example / Test for Google 2-legged JWT (@jhmoore)
                • 
+  
              • 
+!381 - Spec for extra header params on client credentials (@nikz)
                • 
+  
              • 
+!394 - Option: OAuth2::AccessToken#initialize - :expires_latency (nil); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx)
                • 
+  
              • 
+!412 - Support application/vdn.api+json format (from jsonapi.org) (@david-christensen)
                • 
+  
              • 
+!413 - Documentation: License scan and report (@meganemura)
                • 
+  
              • 
+!442 - Option: OAuth2::Client#initialize - :logger (::Logger.new($stdout)) logger to use when OAUTH_DEBUG is enabled (for parity with 1-4-stable branch) (@rthbound)
                • 
+  
              • 
+!494 - Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523) (@SteveyblamWork)
                • 
+  
              • 
+!549 - Wrap Faraday::ConnectionFailed in OAuth2::ConnectionError (@nikkypx)
                • 
+  
              • 
+!550 - Raise error if location header not present when redirecting (@stanhu)
                • 
+  
              • 
+!552 - Add missing version.rb require (@ahorek)
                • 
+  
              • 
+!553 - Support application/problem+json format (@janz93)
                • 
+  
              • 
+!560 - Support IETF rfc6749, section 2.3.1 - don’t set auth params when nil (@bouk)
                • 
+  
              • 
+!571 - Support Ruby 3.1 (@pboling)
                • 
+  
              • 
+!575 - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
                • 
+  
              • 
+!581 - Documentation: of breaking changes (@pboling)
                • 
+  
              • 
 !158, !344 - Optionally pass raw response to parsers (@niels)
                • 
   
              • 
 !190, !332, !334, !335, !360, !426, !427, !461 - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
                • 
@@ -453,6 +617,26 @@ 
                Added
                
     
                Changed
                
   
   
              • 
+!191 - BREAKING: Token is expired if expired_at time is now (@davestevens)
                • 
+  
              • 
+!312 - BREAKING: Set :basic_auth as default for :auth_scheme instead of :request_body. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
                • 
+  
              • 
+!317 - Dependency: Upgrade jwt to 2.x.x (@travisofthenorth)
                • 
+  
              • 
+!338 - Dependency: Switch from Rack::Utils.escape to CGI.escape (@josephpage)
                • 
+  
              • 
+!339, !368, !424, !479, !493, !539, !542, !553 - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek)
                • 
+  
              • 
+!410 - BREAKING: Removed the ability to call .error from an OAuth2::Response object (@jhmoore)
                • 
+  
              • 
+!414 - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
                • 
+  
              • 
+!469 - BREAKING: Default value for option OAuth2::Client - :authorize_url removed leading slash to work with relative paths by default ('oauth/authorize') (@ghost)
                • 
+  
              • 
+!469 - BREAKING: Default value for option OAuth2::Client - :token_url removed leading slash to work with relative paths by default ('oauth/token') (@ghost)
                • 
+  
              • 
+!507, !575 - BREAKING: Transform keys to snake case, always, by default (ultimately via rash_alt gem)
                • 
+  
              • 
 !191 - BREAKING: Token is expired if expired_at time is now (@davestevens)
                • 
   
              • 
 !312 - BREAKING: Set :basic_auth as default for :auth_scheme instead of :request_body. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
                • 
@@ -479,12 +663,52 @@ 
                Changed
                
     
   
   
              • 
+!576 - BREAKING: Stop rescuing parsing errors (@pboling)
                • 
+  
              • 
+!591 - DEPRECATION: OAuth2::Client - :extract_access_token option is deprecated
                • 
+  
              • 
 !576 - BREAKING: Stop rescuing parsing errors (@pboling)
                • 
   
              • 
 !591 - DEPRECATION: OAuth2::Client - :extract_access_token option is deprecated
     
                Fixed
                
   
                • 
   
              • 
+!158, !344 - Handling of errors when using omniauth-facebook (@niels)
                • 
+  
              • 
+!294 - Fix: “Unexpected middleware set” issue with Faraday when OAUTH_DEBUG=true (@spectator, @gafrom)
                • 
+  
              • 
+!300 - Documentation: Oauth2::Error - Error codes are strings, not symbols (@NobodysNightmare)
                • 
+  
              • 
+!318, !326, !343, !347, !397, !464, !561, !565 - Dependency: Support all versions of faraday (see gemfiles/README.md for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother)
                • 
+  
              • 
+!322, !331, !337, !361, !371, !377, !383, !392, !395, !400, !401, !403, !415, !567 - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator)
                • 
+  
              • 
+!328 - Documentation: Homepage URL is SSL (@amatsuda)
                • 
+  
              • 
+!339, !479 - Update testing infrastructure for all supported Rubies (@pboling and @josephpage)
                • 
+  
              • 
+!366 - Security: Fix logging to $stdout of request and response bodies via Faraday’s logger and ENV["OAUTH_DEBUG"] == 'true' (@pboling)
                • 
+  
              • 
+!380 - Fix: Stop attempting to encode non-encodable objects in Oauth2::Error (@jhmoore)
                • 
+  
              • 
+!399 - Fix: Stop duplicating redirect_uri in get_token (@markus)
                • 
+  
              • 
+!410 - Fix: SystemStackError caused by circular reference between Error and Response classes (@jhmoore)
                • 
+  
              • 
+!460 - Fix: Stop throwing errors when raise_errors is set to false; analog of !524 for 1-4-stable branch (@joaolrpaulo)
                • 
+  
              • 
+!472 - Security: Add checks to enforce client_secret is never passed in authorize_url query params for implicit and auth_code grant types (@dfockler)
                • 
+  
              • 
+!482 - Documentation: Update last of intridea links to oauth-xx (@pboling)
                • 
+  
              • 
+!536 - Security: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to !535 on 1-4-stable branch (@pboling)
                • 
+  
              • 
+!595 - Graceful handling of empty responses from Client#get_token, respecting :raise_errors config (@stanhu)
                • 
+  
              • 
+!596 - Consistency between AccessToken#refresh and Client#get_token named arguments (@stanhu)
                • 
+  
              • 
+!598 - Fix unparseable data not raised as error in Client#get_token, respecting :raise_errors config (@stanhu)
                • 
+  
              • 
 !158, !344 - Handling of errors when using omniauth-facebook (@niels)
                • 
   
              • 
 !294 - Fix: “Unexpected middleware set” issue with Faraday when OAUTH_DEBUG=true (@spectator, @gafrom)
                • 
@@ -523,6 +747,18 @@ 
                Fixed
                
     
                Removed
                
   
   
              • 
+!341 - Remove Rdoc & Jeweler related files (@josephpage)
                • 
+  
              • 
+!342 - BREAKING: Dropped support for Ruby 1.8 (@josephpage)
                • 
+  
              • 
+!539 - Remove reliance on globally included OAuth2 in tests, analog of !538 for 1-4-stable (@anderscarling)
                • 
+  
              • 
+!566 - Dependency: Removed wwtd (@bquorning)
                • 
+  
              • 
+!589, !593 - Remove support for expired MAC token draft spec (@stanhu)
                • 
+  
              • 
+!590 - Dependency: Removed multi_json (@stanhu)
                • 
+  
              • 
 !341 - Remove Rdoc & Jeweler related files (@josephpage)
                • 
   
              • 
 !342 - BREAKING: Dropped support for Ruby 1.8 (@josephpage)
                • 
@@ -550,6 +786,7 @@ 
                
 
                  
   
                • TAG: v1.4.10
 
                  • 
+  
                • FIPS Compatibility !587 (@akostadinov)
                  • 
   
                • FIPS Compatibility !587 (@akostadinov)
                  • 
 
                
 
@@ -557,6 +794,8 @@ 
                
 1.4.9 - 2022-02-20
                
 
                  
   
                • TAG: v1.4.9
+
                  • 
+  
                • Fixes compatibility with Faraday v2 572
 
                  • 
   
                • Fixes compatibility with Faraday v2 572
 
                  • 
@@ -578,11 +817,15 @@ 
                  
   
                • MFA is now required to push new gem versions (@pboling)
                  • 
   
                • README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling)
                  • 
   
                • 
+!569 Backport fixes (!561 by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
                  • 
+  
                • 
 !569 Backport fixes (!561 by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
                  • 
   
                • Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
                  • 
   
                • Add CodeQL, Security Policy, Funding info (@pboling)
                  • 
   
                • Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
                  • 
   
                • 
+!543 - Support for more modern Open SSL libraries (@pboling)
                  • 
+  
                • 
 !543 - Support for more modern Open SSL libraries (@pboling)
                  • 
 
                
 
@@ -592,6 +835,8 @@ 
                
   
              • TAG: v1.4.7
 
                • 
   
              • 
+!541 - Backport fix to expires_at handling !533 to 1-4-stable branch. (@dobon)
                • 
+  
              • 
 !541 - Backport fix to expires_at handling !533 to 1-4-stable branch. (@dobon)
                • 
 
 
@@ -601,6 +846,12 @@ 
                
   
              • TAG: v1.4.6
 
                • 
   
              • 
+!540 - Add VERSION constant (@pboling)
                • 
+  
              • 
+!537 - Fix crash in OAuth2::Client#get_token (@anderscarling)
                • 
+  
              • 
+!538 - Remove reliance on globally included OAuth2 in tests, analogous to !539 on main branch (@anderscarling)
                • 
+  
              • 
 !540 - Add VERSION constant (@pboling)
                • 
   
              • 
 !537 - Fix crash in OAuth2::Client#get_token (@anderscarling)
                • 
@@ -614,6 +865,14 @@ 
                
   
              • TAG: v1.4.5
 
                • 
   
              • 
+!535 - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to !536 on main branch (@pboling)
                • 
+  
              • 
+!518 - Add extract_access_token option to OAuth2::Client (@jonspalmer)
                • 
+  
              • 
+!507 - Fix camel case content type, response keys (@anvox)
                • 
+  
              • 
+!500 - Fix YARD documentation formatting (@olleolleolle)
                • 
+  
              • 
 !535 - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to !536 on main branch (@pboling)
                • 
   
              • 
 !518 - Add extract_access_token option to OAuth2::Client (@jonspalmer)
                • 
@@ -629,6 +888,8 @@ 
                
   
              • TAG: v1.4.4
 
                • 
   
              • 
+!408 - Fixed expires_at for formatted time (@Lomey)
                • 
+  
              • 
 !408 - Fixed expires_at for formatted time (@Lomey)
                • 
 
 
@@ -638,6 +899,10 @@ 
                
   
              • TAG: v1.4.3
 
                • 
   
              • 
+!483 - add project metadata to gemspec (@orien)
                • 
+  
              • 
+!495 - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
                • 
+  
              • 
 !483 - add project metadata to gemspec (@orien)
                • 
   
              • 
 !495 - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
@@ -646,6 +911,8 @@ 
                
     
   
                • 
   
              • 
+!433 - allow field names with square brackets and numbers in params (@asm256)
                • 
+  
              • 
 !433 - allow field names with square brackets and numbers in params (@asm256)
                • 
 
 
@@ -655,6 +922,8 @@ 
                
   
              • TAG: v1.4.2
 
                • 
   
              • 
+!478 - support latest version of faraday & fix build (@pboling)
                • 
+  
              • 
 !478 - support latest version of faraday & fix build (@pboling)
     
                  
       
                • Officially support Ruby 2.6 and truffleruby
                  • 
@@ -668,6 +937,20 @@ 
                  
   
                • TAG: v1.4.1
 
                  • 
   
                • 
+!417 - update jwt dependency (@thewoolleyman)
                  • 
+  
                • 
+!419 - remove rubocop dependency (temporary, added back in !423) (@pboling)
                  • 
+  
                • 
+!418 - update faraday dependency (@pboling)
                  • 
+  
                • 
+!420 - update oauth2.gemspec (@pboling)
                  • 
+  
                • 
+!421 - fix CHANGELOG.md for previous releases (@pboling)
                  • 
+  
                • 
+!422 - update LICENSE and README.md (@pboling)
                  • 
+  
                • 
+!423 - update builds, Rakefile (@pboling)
                  • 
+  
                • 
 !417 - update jwt dependency (@thewoolleyman)
                  • 
   
                • 
 !419 - remove rubocop dependency (temporary, added back in !423) (@pboling)
                  • 
@@ -718,17 +1001,21 @@ 
                  
 Dependency: Upgrade Faraday to 0.12 (@sferik)
 
                
 
-
                
-1.3.1 - 2017-03-03 (tag)
                
+
                
+1.3.1 - 2017-03-03
                
 
                  
+  
                • TAG: v1.3.1
+
                  • 
   
                • Add support for Ruby 2.4.0 (@pschambacher)
                  • 
   
                • 
 Dependency: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher)
                  • 
 
                
 
-
                
-1.3.0 - 2016-12-28 (tag)
                
+
                
+1.3.0 - 2016-12-28
                
 
                  
+  
                • TAG: v1.3.0
+
                  • 
   
                • Add support for header-based authentication to the Client so it can be used across the library (@bjeanes)
                  • 
   
                • Default to header-based authentication when getting a token from an authorisation code (@maletor)
                  • 
   
                • 
@@ -739,35 +1026,43 @@ 
                  
   
                • Add support for Faraday 0.10 (@rhymes)
                  • 
 
                
 
-
                
-1.2.0 - 2016-07-01 (tag)
                
+
                
+1.2.0 - 2016-07-01
                
 
                  
+  
                • TAG: v1.2.0
+
                  • 
   
                • Properly handle encoding of error responses (so we don’t blow up, for example, when Google’s response includes a ∞) (@Motoshi-Nishihira)
                  • 
   
                • Make a copy of the options hash in AccessToken#from_hash to avoid accidental mutations (@Linuus)
                  • 
   
                • Use raise rather than fail to throw exceptions (@sferik)
                  • 
 
                
 
-
                
-1.1.0 - 2016-01-30 (tag)
                
+
                
+1.1.0 - 2016-01-30
                
 
                  
+  
                • TAG: v1.1.0
+
                  • 
   
                • Various refactors (eliminating Hash#merge! usage in AccessToken#refresh!, use yield instead of #call, freezing mutable objects in constants, replacing constants with class variables) (@sferik)
                  • 
   
                • Add support for Rack 2, and bump various other dependencies (@sferik)
                  • 
 
                
 
-
                
-1.0.0 - 2014-07-09 (tag)
                
-
                Added
                
+
                
+1.0.0 - 2014-07-09
                
 
                  
+  
                • TAG: v1.0.0
+    
                  Added
                  
+  
                  • 
   
                • Add an implementation of the MAC token spec.
     
                  Fixed
                  
   
                  • 
   
                • Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
                  • 
 
                
 
-
                
-0.5.0 - 2011-07-29 (tag)
                
-
                Changed
                
+
                
+0.5.0 - 2011-07-29
                
 
                  
+  
                • TAG: v0.5.0
+    
                  Changed
                  
+  
                  • 
   
                • 
 breaking oauth_token renamed to oauth_bearer.
                  • 
   
                • 
@@ -780,67 +1075,143 @@ 
                  Changed
                  
 breaking web_server renamed to auth_code.
                  • 
 
                
 
-
                
-0.4.1 - 2011-04-20 (tag)
                
+
                
+0.4.1 - 2011-04-20
                
+
 
-
                
-0.4.0 - 2011-04-20 (tag)
                
+
                
+0.4.0 - 2011-04-20
                
+
 
-
                
-0.3.0 - 2011-04-08 (tag)
                
+
                
+0.3.0 - 2011-04-08
                
+
 
-
                
-0.2.0 - 2011-04-01 (tag)
                
+
                
+0.2.0 - 2011-04-01
                
+
 
-
                
-0.1.1 - 2011-01-12 (tag)
                
+
                
+0.1.1 - 2011-01-12
                
+
 
-
                
-0.1.0 - 2010-10-13 (tag)
                
+
                
+0.1.0 - 2010-10-13
                
+
 
-
                
-0.0.13 - 2010-08-17 (tag)
                
+
                
+0.0.13 - 2010-08-17
                
+
 
-
                
-0.0.12 - 2010-08-17 (tag)
                
+
                
+0.0.12 - 2010-08-17
                
+
 
-
                
-0.0.11 - 2010-08-17 (tag)
                
+
                
+0.0.11 - 2010-08-17
                
+
 
-
                
-0.0.10 - 2010-06-19 (tag)
                
+
                
+0.0.10 - 2010-06-19
                
+
 
-
                
-0.0.9 - 2010-06-18 (tag)
                
+
                
+0.0.9 - 2010-06-18
                
+
 
-
                
-0.0.8 - 2010-04-27 (tag)
                
+
                
+0.0.8 - 2010-04-27
                
+
 
-
                
-0.0.7 - 2010-04-27 (tag)
                
+
                
+0.0.7 - 2010-04-27
                
+
 
-
                
-0.0.6 - 2010-04-25 (tag)
                
+
                
+0.0.6 - 2010-04-25
                
+
 
-
                
-0.0.5 - 2010-04-23 (tag)
                
+
                
+0.0.5 - 2010-04-23
                
+
 
-
                
-0.0.4 - 2010-04-22 (tag)
                
+
                
+0.0.4 - 2010-04-22
                
+
 
-
                
-0.0.3 - 2010-04-22 (tag)
                
+
                
+0.0.3 - 2010-04-22
                
+
 
-
                
-0.0.2 - 2010-04-22 (tag)
                
+
                
+0.0.2 - 2010-04-22
                
+
 
-
                
-0.0.1 - 2010-04-22 (tag)
                
+
                
+0.0.1 - 2010-04-22
                
+
 
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index f80422f8..93defb8e 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -57,8 +57,7 @@
         
                
       
 
-      
                
-
                Contributor Covenant Code of Conduct
                
+      
                Contributor Covenant Code of Conduct
                
 
 
                Our Pledge
                
 
@@ -192,7 +191,7 @@ 
                Attribution
                
 
                
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index edaea476..da7ff9c3 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -57,9 +57,9 @@
         
                
       
                
 
-      
                Contributing
                
+      
                Contributing
                
 
-
                Bug reports and pull requests are welcome on GitLab at https://gitlab.com/ruby-oauth/oauth2.
                
+
                Bug reports and pull requests are welcome on CodeBerg, GitLab, or GitHub.
                
 This project should be a safe, welcoming space for collaboration, so contributors agree to adhere to
                
 the code of conduct.
                
 
@@ -83,19 +83,58 @@ 
                Help out!
                
   
              • Create new Pull Request.
                • 
 
 
-
                Appraisals
                
-
-
                From time to time the appraisal gemfiles in gemfiles/ will need to be updated.
                
-
-
                NOTE: We run on a fork of Appraisal.
                
+
                Environment Variables for Local Development
                
+
+
                Below are the primary environment variables recognized by stone_checksums (and its integrated tools). Unless otherwise noted, set boolean values to the string “true” to enable.
                
+
+
                General/runtime
                
+
                  
+  
                • DEBUG: Enable extra internal logging for this library (default: false)
                  • 
+  
                • REQUIRE_BENCH: Enable require_bench to profile requires (default: false)
                  • 
+  
                • CI: When set to true, adjusts default rake tasks toward CI behavior
                  • 
+
                
+
+
                Coverage (kettle-soup-cover / SimpleCov)
                
+
                  
+  
                • K_SOUP_COV_DO: Enable coverage collection (default: true in .envrc)
                  • 
+  
                • K_SOUP_COV_FORMATTERS: Comma-separated list of formatters (html, xml, rcov, lcov, json, tty)
                  • 
+  
                • K_SOUP_COV_MIN_LINE: Minimum line coverage threshold (integer, e.g., 100)
                  • 
+  
                • K_SOUP_COV_MIN_BRANCH: Minimum branch coverage threshold (integer, e.g., 100)
                  • 
+  
                • K_SOUP_COV_MIN_HARD: Fail the run if thresholds are not met (true/false)
                  • 
+  
                • K_SOUP_COV_MULTI_FORMATTERS: Enable multiple formatters at once (true/false)
                  • 
+  
                • K_SOUP_COV_OPEN_BIN: Path to browser opener for HTML (empty disables auto-open)
                  • 
+  
                • MAX_ROWS: Limit console output rows for simplecov-console (e.g., 1)
                  
+Tip: When running a single spec file locally, you may want K_SOUP_COV_MIN_HARD=false to avoid failing thresholds for a partial run.
                  • 
+
                
+
+
                GitHub API and CI helpers
                
+
                  
+  
                • GITHUB_TOKEN or GH_TOKEN: Token used by ci:act and release workflow checks to query GitHub Actions status at higher rate limits
                  • 
+
                
+
+
                Releasing and signing
                
+
                  
+  
                • SKIP_GEM_SIGNING: If set, skip gem signing during build/release
                  • 
+  
                • GEM_CERT_USER: Username for selecting your public cert in certs/<USER>.pem (defaults to $USER)
                  • 
+  
                • SOURCE_DATE_EPOCH: Reproducible build timestamp. kettle-release will set this automatically for the session.
                  • 
+
                
+
+
                Git hooks and commit message helpers (exe/kettle-commit-msg)
                
+
                  
+  
                • GIT_HOOK_BRANCH_VALIDATE: Branch name validation mode (e.g., jira) or false to disable
                  • 
+  
                • GIT_HOOK_FOOTER_APPEND: Append a footer to commit messages when goalie allows (true/false)
                  • 
+  
                • GIT_HOOK_FOOTER_SENTINEL: Required when footer append is enabled — a unique first-line sentinel to prevent duplicates
                  • 
+  
                • GIT_HOOK_FOOTER_APPEND_DEBUG: Extra debug output in the footer template (true/false)
                  • 
+
                
+
+
                For a quick starting point, this repository’s .envrc shows sane defaults, and .env.local can override them locally.
                
 
-
                Please upvote the PR for eval_gemfile support
                
+
                Appraisals
                
 
-
                Create or update them with the commands:
                
+
                From time to time the appraisal2 gemfiles in gemfiles/ will need to be updated.
                
+They are created and updated with the commands:
                
 
-
                BUNDLE_GEMFILE=Appraisal.root.gemfile bundle
-BUNDLE_GEMFILE=Appraisal.root.gemfile bundle exec appraisal update
-bundle exec rake rubocop_gradual:autocorrect
+
                bin/rake appraisal:update
 
                
 
 
                When adding an appraisal to CI, check the runner tool cache to see which runner to use.
                
@@ -116,6 +155,14 @@ 
                Run Tests
                
 
                bundle exec rake test
 
                
 
+
                Spec organization (required)
                
+
+
                  
+  
                • For each class or module under lib/, keep all of its unit tests in a single spec file under spec/ that mirrors the path and file name (e.g., specs for lib/oauth2/release_cli.rb live in spec/oauth2/release_cli_spec.rb).
                  • 
+  
                • Do not create ad-hoc “_more” or split spec files for the same class/module. Consolidate all unit tests into the main spec file for that class/module.
                  • 
+  
                • Only integration scenarios that intentionally span multiple classes belong in spec/integration/.
                  • 
+
                
+
 
                Lint It
                
 
 
                Run all the default tasks, which includes running the gradually autocorrecting linter, rubocop-gradual.
                
@@ -128,8 +175,30 @@ 
                Lint It
                
 
                bundle exec rake rubocop_gradual:autocorrect
 
                
 
+
                For more detailed information about using RuboCop in this project, please see the RUBOCOP.md guide. This project uses rubocop_gradual instead of vanilla RuboCop, which requires specific commands for checking violations.
                
+
+
                Important: Do not add inline RuboCop disables
                
+
+
                Never add # rubocop:disable ... / # rubocop:enable ... comments to code or specs (except when following the few existing rubocop:disable patterns for a rule already being disabled elsewhere in the code). Instead:
                
+
+
                  
+  
                • Prefer configuration-based exclusions when a rule should not apply to certain paths or files (e.g., via .rubocop.yml).
                  • 
+  
                • When a violation is temporary and you plan to fix it later, record it in .rubocop_gradual.lock using the gradual workflow:
+    
                    
+      
                  • 
+bundle exec rake rubocop_gradual:autocorrect (preferred)
                    • 
+      
                  • 
+bundle exec rake rubocop_gradual:force_update (only when you cannot fix the violations immediately)
                    • 
+    
                  
+  
                  • 
+
                
+
+
                As a general rule, fix style issues rather than ignoring them. For example, our specs should follow RSpec conventions like using described_class for the class under test.
                
+
 
                Contributors
                
 
+
                Your picture could be here!
                
+
 
                Contributors
                
 
 
                Made with contributors-img.
                
@@ -150,6 +219,12 @@ 
                One-time, Per-maintainer, Setup
                
 
 
                To release a new version:
                
 
+
                Automated process
                
+
+
                Run bundle exec kettle-release.
                
+
+
                Manual process
                
+
 
                  
   
                1. Run bin/setup && bin/rake as a “test, coverage, & linting” sanity check
                  2. 
   
                2. Update the version number in version.rb, and ensure CHANGELOG.md reflects changes
                  3. 
@@ -166,8 +241,9 @@ 
                  To release a new version:
                  
   
                3. Run git checkout $GIT_TRUNK_BRANCH_NAME
 
                  4. 
   
                4. Run git pull origin $GIT_TRUNK_BRANCH_NAME to ensure latest trunk code
                  5. 
-  
                5. Set SOURCE_DATE_EPOCH so rake build and rake release use same timestamp, and generate same checksums
+  
                6. Optional for older Bundler (< 2.7.0): Set SOURCE_DATE_EPOCH so rake build and rake release use the same timestamp and generate the same checksums
     
                    
+      
                  • If your Bundler is >= 2.7.0, you can skip this; builds are reproducible by default.
                    • 
       
                  • Run export SOURCE_DATE_EPOCH=$EPOCHSECONDS && echo $SOURCE_DATE_EPOCH
 
                    • 
       
                  • If the echo above has no output, then it didn’t work.
                    • 
@@ -180,11 +256,16 @@ 
                    To release a new version:
                    
 
   
                  • Run bin/gem_checksums (more context 1, 2)
                    
 to create SHA-256 and SHA-512 checksums. This functionality is provided by the stone_checksums
                    
-gem.
+gem.
     
                      
       
                    • The script automatically commits but does not push the checksums
                      • 
     
                    
   
                    • 
+  
                  • Sanity check the SHA256, comparing with the output from the bin/gem_checksums command:
+    
                      
+      
                    • sha256sum pkg/<gem name>-<version>.gem
                      • 
+    
                    
+  
                    • 
   
                  • Run bundle exec rake release which will create a git tag for the version,
                    
 push git commits and tags, and push the .gem file to rubygems.org
 
                    • 
@@ -193,7 +274,7 @@ 
                    To release a new version:
                    
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
new file mode 100644
index 00000000..d260c37b
--- /dev/null
+++ b/docs/file.FUNDING.html
@@ -0,0 +1,114 @@
+
+
+  
+    
+
+
+  File: FUNDING
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                    
+      
+      
                    
+    
                    
+
+    
                    
+      
+
+      
                    
+
+
                    Official Discord 👉️ Live Chat on Discord
                    
+
+
                    Many paths lead to being a sponsor or a backer of this project. Are you on such a path?
                    
+
+
                    OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal
                    
+
+
                    Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                    
+
+
+
+
                    🤑 Request for Help
                    
+
+
                    Maintainers have teeth and need to pay their dentists.
                    
+After getting laid off in an RIF in March and filled with many dozens of rejections,
                    
+I’m now spending ~60+ hours a week building open source tools.
                    
+I’m hoping to be able to pay for my kids’ health insurance this month,
                    
+so if you value the work I am doing, I need your support.
                    
+Please consider sponsoring me or the project.
                    
+
+
                    To join the community or get help 👇️ Join the Discord.
                    
+
+
                    Live Chat on Discord
                    
+
+
                    To say “thanks for maintaining such a great tool” ☝️ Join the Discord or 👇️ send money.
                    
+
+
                    Sponsor ruby-oauth/oauth2 on Open Source Collective 💌 Sponsor me on GitHub Sponsors 💌 Sponsor me on Liberapay 💌 Donate on PayPal
                    
+
+
                    Another Way to Support Open Source Software
                    
+
+
                    
+  
                    How wonderful it is that nobody need wait a single moment before starting to improve the world.

                    
+—Anne Frank
                    
+
                    
+
+
                    I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions — totaling 79 hours of FLOSS coding over just the past seven days, a pretty regular week for me.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
                    
+
+
                    If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.
                    
+
+
                    I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.
                    
+
+
                    Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags
                    
+
+
                    
+
+      
+
+    
                    
+  
+
\ No newline at end of file
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index e60bb778..d1e96d2c 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                    MIT License

                    Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                    Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                    Permission is hereby granted, free of charge, to any person obtaining a copy
                    of this software and associated documentation files (the "Software"), to deal
                    in the Software without restriction, including without limitation the rights
                    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                    copies of the Software, and to permit persons to whom the Software is
                    furnished to do so, subject to the following conditions:

                    The above copyright notice and this permission notice shall be included in all
                    copies or substantial portions of the Software.

                    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                    SOFTWARE.
                    
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index e056ca9c..f4c414f8 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -57,15 +57,21 @@
         
                    
       
 
-      
                    Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 oauth2 Logo by Chris Messina, CC BY-SA 3.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5
                    
+      
                    Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Aboling0, CC BY-SA 4.0
                    
 
-
                    🔐 OAuth2
                    
+
                    🔐 OAuth 2.0 Authorization Framework
                    
 
-
                    Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
                    
+
                    ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
                    
+
+
                    Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
                    
+
+
                    If ☝️ ci_badges.map(&:color).detect { it != "green"}  let me know, as I may have missed the discord notification.
                    
 
 
                    
 
-
                    Liberapay Goal Progress Sponsor Me on Github Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                    
+
                    OTOH, if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
                    
+
+
                    OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                    
 
 
                    🌻 Synopsis
                    
 
@@ -216,46 +222,12 @@ 
                    You should upgrade this gem
 
 
                    💡 Info you can shake a stick at
                    
 
-
                    Federated DVCS
                    
-
-
                    
-  Find this repo on other forges
-
-| Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                            | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
-|-----------------------------------------------|-------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
-| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]      | The Truth                                                         | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
-| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb]    | An Ethical Mirror ([Donate][🤝cb-donate])                         | ➖                         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
-| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]      | A Dirty Mirror                                                    | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | ➖                            |
-| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                          | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
-| 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
-
-
                    
-
-
                    Enterprise Support
                    
-
-
                    
-  Need enterprise-level guarantees?
-
-[![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
-
-- 💡Subscribe for support guarantees covering _all_ FLOSS dependencies
-- 💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]
-- 💡Tidelift pays maintainers to maintain the software you depend on!
                    📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers
-
-Alternatively:
-
-- [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite]
-- [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork]
-- [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]
-
-
                    
-
 
@@ -263,13 +235,13 @@ 
                    Enterprise Support
                    
@@ -281,7 +253,7 @@ 
                    Enterprise Support
                    
@@ -293,7 +265,7 @@ 
                    Enterprise Support
                    
@@ -305,7 +277,7 @@ 
                    Enterprise Support
                    
@@ -324,87 +296,76 @@ 
                    Enterprise Support
                    
   
     
                    
       Tokens to Remember
       
-Gem name Gem namespace
+Gem name Gem namespace
 
     
                    
                       
     
                    
       Works with JRuby
       
-JRuby 9.2 Compat JRuby 9.3 Compat JRuby 9.4 Compat JRuby 10.0 Compat JRuby HEAD Compat
+JRuby 9.1 Compat JRuby 9.2 Compat JRuby 9.3 Compat 
                     JRuby 9.4 Compat JRuby 10.0 Compat JRuby HEAD Compat
                     		
     
                    
     
                    
       Works with Truffle Ruby
       
-Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat Truffle Ruby HEAD Compat
+Truffle Ruby 22.3 Compat Truffle Ruby 23.0 Compat 
                     Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat
                     		
     
                    
     
                    
     
                    
       Works with MRI Ruby 2
       
-Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
+Ruby 2.2 Compat 
                     Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
                     		
     
                    
     
                    
     
                    
       Documentation
       
-Discussion Current release on RubyDoc.info YARD on Galtzo.com Maintainer Blog Wiki
+Current release on RubyDoc.info YARD on Galtzo.com Maintainer Blog Wiki
 
     
                    
     
                    
     
                    
       Style
       
-Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits
+Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits Compatibility appraised by: appraisal2
 
     
                    
     
                    
       
 ... 💖
       
-Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
+Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
 
     
                    
                       
 
                    
 
-
                    🚀 Release Documentation
                    
+
                    Compatibility
                    
 
-
                    Version 2.0.x
                    
+
                    Compatible with Ruby 2.3+, and concordant releases of JRuby, and TruffleRuby.
                    
 
-
                    
-  2.0.x CHANGELOG and README
-
-| Version | Release Date | CHANGELOG                             | README                          |
-|---------|--------------|---------------------------------------|---------------------------------|
-| 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
-| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
-| 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
-| 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
-| 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
-| 2.0.7   | 2022-08-22   | [v2.0.7 CHANGELOG][2.0.7-changelog]   | [v2.0.7 README][2.0.7-readme]   |
-| 2.0.6   | 2022-07-13   | [v2.0.6 CHANGELOG][2.0.6-changelog]   | [v2.0.6 README][2.0.6-readme]   |
-| 2.0.5   | 2022-07-07   | [v2.0.5 CHANGELOG][2.0.5-changelog]   | [v2.0.5 README][2.0.5-readme]   |
-| 2.0.4   | 2022-07-01   | [v2.0.4 CHANGELOG][2.0.4-changelog]   | [v2.0.4 README][2.0.4-readme]   |
-| 2.0.3   | 2022-06-28   | [v2.0.3 CHANGELOG][2.0.3-changelog]   | [v2.0.3 README][2.0.3-readme]   |
-| 2.0.2   | 2022-06-24   | [v2.0.2 CHANGELOG][2.0.2-changelog]   | [v2.0.2 README][2.0.2-readme]   |
-| 2.0.1   | 2022-06-22   | [v2.0.1 CHANGELOG][2.0.1-changelog]   | [v2.0.1 README][2.0.1-readme]   |
-| 2.0.0   | 2022-06-21   | [v2.0.0 CHANGELOG][2.0.0-changelog]   | [v2.0.0 README][2.0.0-readme]   |
-
                    
+
+  
+    
+      
+      
+    
+  
+  
+    
+      
+      
+    
+  
+
                    🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎
                    👟 Check it out!github.com/appraisal-rb/appraisal2
                    
 
-
                    Older Releases
                    
+
                    Federated DVCS
                    
 
 
                    
-  1.4.x CHANGELOGs and READMEs
-
-| Version | Release Date | CHANGELOG                             | README                          |
-|---------|--------------|---------------------------------------|---------------------------------|
-| 1.4.11  | Sep 16, 2022 | [v1.4.11 CHANGELOG][1.4.11-changelog] | [v1.4.11 README][1.4.11-readme] |
-| 1.4.10  | Jul 1, 2022  | [v1.4.10 CHANGELOG][1.4.10-changelog] | [v1.4.10 README][1.4.10-readme] |
-| 1.4.9   | Feb 20, 2022 | [v1.4.9 CHANGELOG][1.4.9-changelog]   | [v1.4.9 README][1.4.9-readme]   |
-| 1.4.8   | Feb 18, 2022 | [v1.4.8 CHANGELOG][1.4.8-changelog]   | [v1.4.8 README][1.4.8-readme]   |
-| 1.4.7   | Mar 19, 2021 | [v1.4.7 CHANGELOG][1.4.7-changelog]   | [v1.4.7 README][1.4.7-readme]   |
-| 1.4.6   | Mar 19, 2021 | [v1.4.6 CHANGELOG][1.4.6-changelog]   | [v1.4.6 README][1.4.6-readme]   |
-| 1.4.5   | Mar 18, 2021 | [v1.4.5 CHANGELOG][1.4.5-changelog]   | [v1.4.5 README][1.4.5-readme]   |
-| 1.4.4   | Feb 12, 2020 | [v1.4.4 CHANGELOG][1.4.4-changelog]   | [v1.4.4 README][1.4.4-readme]   |
-| 1.4.3   | Jan 29, 2020 | [v1.4.3 CHANGELOG][1.4.3-changelog]   | [v1.4.3 README][1.4.3-readme]   |
-| 1.4.2   | Oct 1, 2019  | [v1.4.2 CHANGELOG][1.4.2-changelog]   | [v1.4.2 README][1.4.2-readme]   |
-| 1.4.1   | Oct 13, 2018 | [v1.4.1 CHANGELOG][1.4.1-changelog]   | [v1.4.1 README][1.4.1-readme]   |
-| 1.4.0   | Jun 9, 2017  | [v1.4.0 CHANGELOG][1.4.0-changelog]   | [v1.4.0 README][1.4.0-readme]   |
-
                    
+  Find this repo on other forges (Coming soon!)
 
-
                    
-  1.3.x Readmes
+| Federated [DVCS][💎d-in-dvcs] Repository        | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
+|-------------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
+| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]   | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
+| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb] | An Ethical Mirror ([Donate][🤝cb-donate])                             | [💚][🤝cb-issues]         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
+| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]   | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | [💚][gh-discussions]         |
+| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                          | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
+| 🎮️ [Discord Server][✉️discord-invite]          | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
 
-| Version  | Release Date | Readme                                                   |
-|----------|--------------|----------------------------------------------------------|
-| 1.3.1    | Mar 3, 2017  | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.1/README.md |
-| 1.3.0    | Dec 27, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.0/README.md |
 
                    
 
+
                    Enterprise Support Tidelift
+
                    
+
 
                    
-  ≤= 1.2.x Readmes (2016 and before)
-
-| Version  | Release Date | Readme                                                   |
-|----------|--------------|----------------------------------------------------------|
-| 1.2.0    | Jun 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.2.0/README.md |
-| 1.1.0    | Jan 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.1.0/README.md |
-| 1.0.0    | May 23, 2014 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.0.0/README.md |
-| < 1.0.0  | Find here    | https://gitlab.com/ruby-oauth/oauth2/-/tags                  |
+  Need enterprise-level guarantees?
+
+[![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
+
+- 💡Subscribe for support guarantees covering _all_ your FLOSS dependencies
+- 💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]
+- 💡Tidelift pays maintainers to maintain the software you depend on!
                    📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers
+
+Alternatively:
+
+- [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite]
+- [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork]
+- [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]
+
 
                    
 
 
                    ✨ Installation
                    
 
 
                    Install the gem and add to the application’s Gemfile by executing:
                    
 
-
                    $ bundle add oauth2
+
                    bundle add oauth2
 
                    
 
 
                    If bundler is not being used to manage dependencies, install the gem by executing:
                    
 
-
                    $ gem install oauth2
+
                    gem install oauth2
 
                    
 
 
                    🔒 Secure Installation
                    
@@ -412,14 +373,14 @@ 
                    🔒 Secure Installation
                    
 
                    
   For Medium or High Security Installations
 
-`oauth2` is cryptographically signed, and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
+This gem is cryptographically signed, and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
 [stone_checksums][💎stone_checksums]. Be sure the gem you install hasn’t been tampered with
 by following the instructions below.
 
 Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
 
 ```console
-gem cert --add <(curl -Ls https://raw.github.com/ruby-oauth/oauth2/main/certs/pboling.pem)
+gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem)
 ```
 
 You only need to do that once.  Then proceed to install with:
@@ -501,7 +462,7 @@ 
                    What is new for v2.0?
                    
   
                  • … A lot more
                    • 
 
                  
 
-
                  Compatibility
                  
+
                  Compatibility
                  
 
 
                  Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
                  
 Compatibility is further distinguished as “Best Effort Support” or “Incidental Support” for older versions of Ruby.
                  
@@ -515,7 +476,7 @@ 
                  Compatibility
                  
 Each of those has varying versions that target a specific version of MRI Ruby.
 This gem should work in the just-listed Ruby engines according to the targeted MRI compatibility in the table below.
 If you would like to add support for additional engines,
-  see [gemfiles/README.md](gemfiles/README.md), then submit a PR to the correct maintenance branch as according to the table below.
+see [gemfiles/README.md](gemfiles/README.md), then submit a PR to the correct maintenance branch as according to the table below.
 
 
 
                  
@@ -577,9 +538,7 @@ 
                  Compatibility
                  
 
                  NOTE: The 1.4 series will only receive critical security updates.
                  
 See SECURITY.md.
                  
 
-
                  🔧 Basic Usage
                  
-
-
                  Global Configuration
                  
+
                  ⚙️ Configuration
                  
 
 
                  You can turn on additional warnings.
                  
 
@@ -605,6 +564,8 @@ 
                  Global Configuration
                  
 This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
                  
 If you have time and energy please contribute to the documentation!
                  
 
+
                  🔧 Basic Usage
                  
+
 
                  
 authorize_url and token_url are on site root (Just Works!)
                  
 
@@ -867,6 +828,285 @@ 
                  Authorization Grants
                  
 
                  You can always use the #request method on the OAuth2::Client instance to make
                  
 requests for tokens for any Authentication grant type.
                  
 
+
                  📘 Comprehensive Usage
                  
+
+
                  Common Flows (end-to-end)
                  
+
+
                    
+  
                  • Authorization Code (server-side web app):
                    • 
+
                  
+
+
                  require "oauth2"
+client = OAuth2::Client.new(
+  ENV["CLIENT_ID"],
+  ENV["CLIENT_SECRET"],
+  site: "https://provider.example.com",
+  redirect_uri: "https://my.app.example.com/oauth/callback",
+)
+
+# Step 1: redirect user to consent
+state = SecureRandom.hex(16)
+auth_url = client.auth_code.authorize_url(/service/scope: "openid profile email", state: state)
+# redirect_to auth_url
+
+# Step 2: handle the callback
+# params[:code], params[:state]
+raise "state mismatch" unless params[:state] == state
+access = client.auth_code.get_token(params[:code])
+
+# Step 3: call APIs
+profile = access.get("/api/v1/me").parsed
+
                  
+
+
                    
+  
                  • Client Credentials (machine-to-machine):
                    • 
+
                  
+
+
                  client = OAuth2::Client.new(ENV["CLIENT_ID"], ENV["CLIENT_SECRET"], site: "https://provider.example.com")
+access = client.client_credentials.get_token(audience: "https://api.example.com")
+resp = access.get("/v1/things")
+
                  
+
+
                    
+  
                  • Resource Owner Password (legacy; avoid when possible):
                    • 
+
                  
+
+
                  access = client.password.get_token("jdoe", "s3cret", scope: "read")
+
                  
+
+
                  Refresh Tokens
                  
+
+
                  When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
                  
+
+
                    
+  
                  • Manual refresh:
                    • 
+
                  
+
+
                  if access.expired?
+  access = access.refresh
+end
+
                  
+
+
                    
+  
                  • Auto-refresh wrapper pattern:
                    • 
+
                  
+
+
                  class AutoRefreshingToken
+  def initialize(token_provider, store: nil)
+    @token = token_provider
+    @store = store # e.g., something that responds to read/write for token data
+  end
+
+  def with(&blk)
+    tok = ensure_fresh!
+    blk ? blk.call(tok) : tok
+  rescue OAuth2::Error => e
+    # If a 401 suggests token invalidation, try one refresh and retry once
+    if e.response && e.response.status == 401 && @token.refresh_token
+      @token = @token.refresh
+      @store.write(@token.to_hash) if @store
+      retry
+    end
+    raise
+  end
+
+private
+
+  def ensure_fresh!
+    if @token.expired? && @token.refresh_token
+      @token = @token.refresh
+      @store.write(@token.to_hash) if @store
+    end
+    @token
+  end
+end
+
+# usage
+keeper = AutoRefreshingToken.new(access)
+keeper.with { |tok| tok.get("/v1/protected") }
+
                  
+
+
                  Persist the token across processes using AccessToken#to_hash and AccessToken.from_hash(client, hash).
                  
+
+
                  Token Revocation (RFC 7009)
                  
+
+
                  You can revoke either the access token or the refresh token.
                  
+
+
                  # Revoke the current access token
+access.revoke(token_type_hint: :access_token)
+
+# Or explicitly revoke the refresh token (often also invalidates associated access tokens)
+access.revoke(token_type_hint: :refresh_token)
+
                  
+
+
                  Client Configuration Tips
                  
+
+
                    
+  
                  • Authentication schemes for the token request:
                    • 
+
                  
+
+
                  OAuth2::Client.new(
+  id,
+  secret,
+  site: "https://provider.example.com",
+  auth_scheme: :basic_auth, # default. Alternatives: :request_body, :tls_client_auth, :private_key_jwt
+)
+
                  
+
+
                    
+  
                  • Faraday connection, timeouts, proxy, custom adapter/middleware:
                    • 
+
                  
+
+
                  client = OAuth2::Client.new(
+  id,
+  secret,
+  site: "https://provider.example.com",
+  connection_opts: {
+    request: {open_timeout: 5, timeout: 15},
+    proxy: ENV["HTTPS_PROXY"],
+    ssl: {verify: true},
+  },
+) do |faraday|
+  faraday.request(:url_encoded)
+  # faraday.response :logger, Logger.new($stdout) # see OAUTH_DEBUG below
+  faraday.adapter(:net_http_persistent) # or any Faraday adapter you need
+end
+
                  
+
+
                    
+  
                  • Redirection: The library follows up to max_redirects (default 5). You can override per-client via options[:max_redirects].
                    • 
+
                  
+
+
                  Handling Responses and Errors
                  
+
+
                    
+  
                  • Parsing:
                    • 
+
                  
+
+
                  resp = access.get("/v1/thing")
+resp.status     # Integer
+resp.headers    # Hash
+resp.body       # String
+resp.parsed     # SnakyHash::StringKeyed or Array when JSON array
+
                  
+
+
                    
+  
                  • Error handling:
                    • 
+
                  
+
+
                  begin
+  access.get("/v1/forbidden")
+rescue OAuth2::Error => e
+  e.code         # OAuth2 error code (when present)
+  e.description  # OAuth2 error description (when present)
+  e.response     # OAuth2::Response (full access to status/headers/body)
+end
+
                  
+
+
                    
+  
                  • Disable raising on 4xx/5xx to inspect the response yourself:
                    • 
+
                  
+
+
                  client = OAuth2::Client.new(id, secret, site: site, raise_errors: false)
+res = client.request(:get, "/v1/maybe-errors")
+if res.status == 429
+  sleep res.headers["retry-after"].to_i
+end
+
                  
+
+
                  Making Raw Token Requests
                  
+
+
                  If a provider requires non-standard parameters or headers, you can call client.get_token directly:
                  
+
+
                  access = client.get_token({
+  grant_type: "client_credentials",
+  audience: "https://api.example.com",
+  headers: {"X-Custom" => "value"},
+  parse: :json, # override parsing
+})
+
                  
+
+
                  OpenID Connect (OIDC) Notes
                  
+
+
                    
+  
                  • If the token response includes an id_token (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider’s JWKs to verify it.
                    • 
+  
                  • For private_key_jwt client authentication, provide auth_scheme: :private_key_jwt and ensure your key configuration matches the provider requirements.
                    • 
+
                  
+
+
                  Debugging
                  
+
+
                    
+  
                  • Set environment variable OAUTH_DEBUG=true to enable verbose Faraday logging (uses the client-provided logger).
                    • 
+  
                  • To mirror a working curl request, ensure you set the same auth scheme, params, and content type. The Quick Example at the top shows a curl-to-ruby translation.
                    • 
+
                  
+
+
                  
+
+
                  🦷 FLOSS Funding
                  
+
+
                  While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding.
                  
+Raising a monthly budget of… “dollars” would make the project more sustainable.
                  
+
+
                  We welcome both individual and corporate sponsors! We also offer a
                  
+wide array of funding channels to account for your preferences
                  
+(although currently Open Collective is our preferred funding platform).
                  
+
+
                  If you’re working in a company that’s making significant use of ruby-oauth tools we’d
                  
+appreciate it if you suggest to your company to become a ruby-oauth sponsor.
                  
+
+
                  You can support the development of ruby-oauth tools via
                  
+GitHub Sponsors,
                  
+Liberapay,
                  
+PayPal,
                  
+Open Collective
                  
+and Tidelift.
                  
+
+
+  
+    
+      
+    
+  
+  
+    
+      
+    
+  
+
                  📍 NOTE
                  If doing a sponsorship in the form of donation is problematic for your company 
                   from an accounting standpoint, we’d recommend the use of Tidelift, 
                   where you can get a support-like subscription instead.
                  
+
+
                  Open Collective for Individuals
                  
+
+
+
                  No backers yet. Be the first!
                  
+
                  
+
+
                  Support us with a monthly donation and help us continue our activities. [Become a backer]
                  
+
+
                  Open Collective for Organizations
                  
+
+
+
                  No sponsors yet. Be the first!
                  
+
                  
+
+
                  Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
                  
+
+
                  Another way to support open-source
                  
+
+
                  
+  
                  How wonderful it is that nobody need wait a single moment before starting to improve the world.

                  
+—Anne Frank
                  
+
                  
+
+
                  I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions — totaling 79 hours of FLOSS coding over just the past seven days, a pretty regular week for me.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
                  
+
+
                  If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.
                  
+
+
                  I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.
                  
+
+
                  Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags
                  
+
+
                  OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                  
+
 
                  🔐 Security
                  
 
 
                  See SECURITY.md.
                  
@@ -874,7 +1114,7 @@ 
                  🔐 Security
                  
 
                  🤝 Contributing
                  
 
 
                  If you need some ideas of where to help, you could work on adding more code coverage,
                  
-or if it is already 💯 (see below) check issues, or PRs,
                  
+or if it is already 💯 (see below) check reek, issues, or PRs,
                  
 or use the gem and think about how it could be better.
                  
 
 
                  We Keep A Changelog so if you make changes, remember to update it.
                  
@@ -904,15 +1144,18 @@ 
                  🌈 Contributors
                  
 
 
                  Also see GitLab Contributors: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main
                  
 
-
                  ⭐️ Star History
                  
+
                  
+    ⭐️ Star History
 
-
                  
-
-     
-     
+
+ 
+   
+   
    Star History Chart
  
-
                  </a>
                  
+                  
+
+
                  
 
 
                  📌 Versioning
                  
 
@@ -922,32 +1165,14 @@ 
                  📌 Versioning
                  
 a new version should be immediately released that restores compatibility.
                  
 Breaking changes to the public API will only be introduced with new major versions.
                  
 
-
                  📌 Is “Platform Support” part of the public API?
                  
-
-
                  Yes.  But I’m obligated to include notes…
                  
-
-
                  SemVer should, but doesn’t explicitly, say that dropping support for specific Platforms
                  
-is a breaking change to an API.
                  
-It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless.
                  
-
 
                  
-  
                  dropping support for a platform is both obviously and objectively a breaking change
                  
+  
                  dropping support for a platform is both obviously and objectively a breaking change 

                  
+—Jordan Harband (@ljharb, maintainer of SemVer) in SemVer issue 716
                  
 
                  
 
-
-
-
                  To get a better understanding of how SemVer is intended to work over a project’s lifetime,
                  
-read this article from the creator of SemVer:
                  
-
-
-
-
                  As a result of this policy, and the interpretive lens used by the maintainer,
                  
-you can (and should) specify a dependency on these libraries using
                  
+
                  I understand that policy doesn’t work universally (“exceptions to every rule!”),
                  
+but it is the policy here.
                  
+As such, in many cases it is good to specify a dependency on this library using
                  
 the Pessimistic Version Constraint with two digits of precision.
                  
 
 
                  For example:
                  
@@ -955,6 +1180,20 @@ 
                  📌 Is “Platform Support
 
                  spec.add_dependency("oauth2", "~> 2.0")
 
                  
 
+
                  
+📌 Is "Platform Support" part of the public API? More details inside.
+
+SemVer should, IMO, but doesn't explicitly, say that dropping support for specific Platforms
+is a *breaking change* to an API.
+It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless.
+
+To get a better understanding of how SemVer is intended to work over a project's lifetime,
+read this article from the creator of SemVer:
+
+- ["Major Version Numbers are Not Sacred"][📌major-versions-not-sacred]
+
+
                  
+
 
                  See CHANGELOG.md for a list of releases.
                  
 
 
                  📄 License
                  
@@ -973,28 +1212,33 @@ 
                  © Copyright
                  
             
               Galtzo.com Logo (Wordless) by Aboling0, CC BY-SA 4.0
             
-        , and oauth2 contributors
+        , and oauth2 contributors.
     
                  7. 
     
                7. 
         Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.
     
                  8. 
 
 
-
                  🤑 One more thing
                  
+
                  🤑 A request for help
                  
+
+
                  Maintainers have teeth and need to pay their dentists.
                  
+After getting laid off in an RIF in March and filled with many dozens of rejections,
                  
+I’m now spending ~60+ hours a week building open source tools.
                  
+I’m hoping to be able to pay for my kids’ health insurance this month,
                  
+so if you value the work I am doing, I need your support.
                  
+Please consider sponsoring me or the project.
                  
 
-
                  Having arrived at the bottom of the page, please endure a final supplication.
                  
-The primary maintainer of this gem, Peter Boling, wants
                  
-Ruby to be a great place for people to solve problems, big and small.
                  
-Please consider supporting his efforts via the giant yellow link below,
                  
-or one of the smaller ones, depending on button size preference.
                  
+
                  To join the community or get help 👇️ Join the Discord.
                  
 
-
                  Buy me a latte
                  
+
                  Live Chat on Discord
                  
 
-
                  Liberapay Goal Progress Sponsor Me on Github Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                  
+
                  To say “thanks for maintaining such a great tool” ☝️ Join the Discord or 👇️ send money.
                  
 
-
                  P.S. If you need help️ or want to say thanks, 👇 Join the Discord.
                  
+
                  Sponsor ruby-oauth/oauth2 on Open Source Collective 💌 Sponsor me on GitHub Sponsors 💌 Sponsor me on Liberapay 💌 Donate on PayPal
                  
 
-
                  Live Chat on Discord
                  
+
                  Please give the project a star ⭐ ♥.
                  
+
+
                  Thanks for RTFM. ☺️
                  
 
 
                  
   
@@ -1009,14 +1253,14 @@ 
                  🤑 One more thing
                  
 
                  
   Broken badges
 
-[![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov]
-[![Coverage Graph][🔑codecov-g♻️]][🔑codecov]
+[![Coverage Graph][🔑codecov-g]][🔑codecov]
+[![CodeCov Test Coverage][🔑codecovi]][🔑codecov]
 
 
                  
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
new file mode 100644
index 00000000..97853810
--- /dev/null
+++ b/docs/file.RUBOCOP.html
@@ -0,0 +1,171 @@
+
+
+  
+    
+
+
+  File: RUBOCOP
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                  
+      
+      
                  
+    
                  
+
+    
                  
+      
+
+      
                  RuboCop Usage Guide
                  
+
+
                  Overview
                  
+
+
                  A tale of two RuboCop plugin gems.
                  
+
+
                  RuboCop Gradual
                  
+
+
                  This project uses rubocop_gradual instead of vanilla RuboCop for code style checking. The rubocop_gradual tool allows for gradual adoption of RuboCop rules by tracking violations in a lock file.
                  
+
+
                  RuboCop LTS
                  
+
+
                  This project uses rubocop-lts to ensure, on a best-effort basis, compatibility with Ruby >= 1.9.2.
                  
+RuboCop rules are meticulously configured by the rubocop-lts family of gems to ensure that a project is compatible with a specific version of Ruby. See: https://rubocop-lts.gitlab.io for more.
                  
+
+
                  Checking RuboCop Violations
                  
+
+
                  To check for RuboCop violations in this project, always use:
                  
+
+
                  bundle exec rake rubocop_gradual:check
+
                  
+
+
                  Do not use the standard RuboCop commands like:
                  
+
                    
+  
                  • bundle exec rubocop
                    • 
+  
                  • rubocop
                    • 
+
                  
+
+
                  Understanding the Lock File
                  
+
+
                  The .rubocop_gradual.lock file tracks all current RuboCop violations in the project. This allows the team to:
                  
+
+
                    
+  
                  1. Prevent new violations while gradually fixing existing ones
                    2. 
+  
                  2. Track progress on code style improvements
                    3. 
+  
                  3. Ensure CI builds don’t fail due to pre-existing violations
                    4. 
+
                  
+
+
                  Common Commands
                  
+
+
                    
+  
                  • 
+Check violations
+    
                      
+      
                    • bundle exec rake rubocop_gradual
                      • 
+      
                    • bundle exec rake rubocop_gradual:check
                      • 
+    
                    
+  
                    • 
+  
                  • 
+(Safe) Autocorrect violations, and update lockfile if no new violations
+    
                      
+      
                    • bundle exec rake rubocop_gradual:autocorrect
                      • 
+    
                    
+  
                    • 
+  
                  • 
+Force update the lock file (w/o autocorrect) to match violations present in code
+    
                      
+      
                    • bundle exec rake rubocop_gradual:force_update
                      • 
+    
                    
+  
                    • 
+
                  
+
+
                  Workflow
                  
+
+
                    
+  
                  1. Before submitting a PR, run bundle exec rake rubocop_gradual:autocorrect
                    
+a. or just the default bundle exec rake, as autocorrection is a pre-requisite of the default task.
                    2. 
+  
                  2. If there are new violations, either:
+    
                      
+      
                    • Fix them in your code
                      • 
+      
                    • Run bundle exec rake rubocop_gradual:force_update to update the lock file (only for violations you can’t fix immediately)
                      • 
+    
                    
+  
                    3. 
+  
                  3. Commit the updated .rubocop_gradual.lock file along with your changes
                    4. 
+
                  
+
+
                  Never add inline RuboCop disables
                  
+
+
                  Do not add inline rubocop:disable / rubocop:enable comments anywhere in the codebase (including specs, except when following the few existing rubocop:disable patterns for a rule already being disabled elsewhere in the code). We handle exceptions in two supported ways:
                  
+
+
                    
+  
                  • Permanent/structural exceptions: prefer adjusting the RuboCop configuration (e.g., in .rubocop.yml) to exclude a rule for a path or file pattern when it makes sense project-wide.
                    • 
+  
                  • Temporary exceptions while improving code: record the current violations in .rubocop_gradual.lock via the gradual workflow:
+    
                      
+      
                    • 
+bundle exec rake rubocop_gradual:autocorrect (preferred; will autocorrect what it can and update the lock only if no new violations were introduced)
                      • 
+      
                    • If needed, bundle exec rake rubocop_gradual:force_update (as a last resort when you cannot fix the newly reported violations immediately)
                      • 
+    
                    
+  
                    • 
+
                  
+
+
                  In general, treat the rules as guidance to follow; fix violations rather than ignore them. For example, RSpec conventions in this project expect described_class to be used in specs that target a specific class under test.
                  
+
+
                  Benefits of rubocop_gradual
                  
+
+
                    
+  
                  • Allows incremental adoption of code style rules
                    • 
+  
                  • Prevents CI failures due to pre-existing violations
                    • 
+  
                  • Provides a clear record of code style debt
                    • 
+  
                  • Enables focused efforts on improving code quality over time
                    • 
+
                  
+
                  
+
+      
+
+    
                  
+  
+
\ No newline at end of file
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 1444c794..7145e9fa 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                  Enterprise Support
                  
 
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index 321a6791..95fe7792 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -67,6 +67,16 @@ 
                  File List
                  
   
   
 
+  
                8. 
+    
                  FUNDING
                  
+  
                  9. 
+  
+
+  
                9. 
+    
                  RUBOCOP
                  
+  
                  10. 
+  
+
   
                10. 
     
                  SECURITY
                  
   
                  11. 
@@ -77,11 +87,6 @@ 
                  File List
                  
   
   
 
-  
                11. 
-    
                  CITATION
                  
-  
                  12. 
-  
-
 
       
     
diff --git a/docs/index.html b/docs/index.html
index 2f9ce9cf..079da493 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -57,15 +57,21 @@
         
                  
       
 
-      
                  Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 oauth2 Logo by Chris Messina, CC BY-SA 3.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5
                  
+      
                  Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Aboling0, CC BY-SA 4.0
                  
 
-
                  🔐 OAuth2
                  
+
                  🔐 OAuth 2.0 Authorization Framework
                  
 
-
                  Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
                  
+
                  ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
                  
+
+
                  Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
                  
+
+
                  If ☝️ ci_badges.map(&:color).detect { it != "green"}  let me know, as I may have missed the discord notification.
                  
 
 
                  
 
-
                  Liberapay Goal Progress Sponsor Me on Github Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                  
+
                  OTOH, if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
                  
+
+
                  OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                  
 
 
                  🌻 Synopsis
                  
 
@@ -216,46 +222,12 @@ 
                  You should upgrade this gem
 
 
                  💡 Info you can shake a stick at
                  
 
-
                  Federated DVCS
                  
-
-
                  
-  Find this repo on other forges
-
-| Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                            | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
-|-----------------------------------------------|-------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
-| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]      | The Truth                                                         | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
-| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb]    | An Ethical Mirror ([Donate][🤝cb-donate])                         | ➖                         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
-| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]      | A Dirty Mirror                                                    | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | ➖                            |
-| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                          | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
-| 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
-
-
                  
-
-
                  Enterprise Support
                  
-
-
                  
-  Need enterprise-level guarantees?
-
-[![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
-
-- 💡Subscribe for support guarantees covering _all_ FLOSS dependencies
-- 💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]
-- 💡Tidelift pays maintainers to maintain the software you depend on!
                  📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers
-
-Alternatively:
-
-- [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite]
-- [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork]
-- [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]
-
-
                  
-
 
@@ -263,13 +235,13 @@ 
                  Enterprise Support
                  
@@ -281,7 +253,7 @@ 
                  Enterprise Support
                  
@@ -293,7 +265,7 @@ 
                  Enterprise Support
                  
@@ -305,7 +277,7 @@ 
                  Enterprise Support
                  
@@ -324,87 +296,76 @@ 
                  Enterprise Support
                  
   
     
                  
       Tokens to Remember
       
-Gem name Gem namespace
+Gem name Gem namespace
 
     
                  
                     
     
                  
       Works with JRuby
       
-JRuby 9.2 Compat JRuby 9.3 Compat JRuby 9.4 Compat JRuby 10.0 Compat JRuby HEAD Compat
+JRuby 9.1 Compat JRuby 9.2 Compat JRuby 9.3 Compat 
                   JRuby 9.4 Compat JRuby 10.0 Compat JRuby HEAD Compat
                   		
     
                  
     
                  
       Works with Truffle Ruby
       
-Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat Truffle Ruby HEAD Compat
+Truffle Ruby 22.3 Compat Truffle Ruby 23.0 Compat 
                   Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat
                   		
     
                  
     
                  
     
                  
       Works with MRI Ruby 2
       
-Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
+Ruby 2.2 Compat 
                   Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
                   		
     
                  
     
                  
     
                  
       Documentation
       
-Discussion Current release on RubyDoc.info YARD on Galtzo.com Maintainer Blog Wiki
+Current release on RubyDoc.info YARD on Galtzo.com Maintainer Blog Wiki
 
     
                  
     
                  
     
                  
       Style
       
-Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits
+Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits Compatibility appraised by: appraisal2
 
     
                  
     
                  
       
 ... 💖
       
-Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
+Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
 
     
                  
                     
 
                  
 
-
                  🚀 Release Documentation
                  
+
                  Compatibility
                  
 
-
                  Version 2.0.x
                  
+
                  Compatible with Ruby 2.3+, and concordant releases of JRuby, and TruffleRuby.
                  
 
-
                  
-  2.0.x CHANGELOG and README
-
-| Version | Release Date | CHANGELOG                             | README                          |
-|---------|--------------|---------------------------------------|---------------------------------|
-| 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
-| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
-| 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
-| 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
-| 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
-| 2.0.7   | 2022-08-22   | [v2.0.7 CHANGELOG][2.0.7-changelog]   | [v2.0.7 README][2.0.7-readme]   |
-| 2.0.6   | 2022-07-13   | [v2.0.6 CHANGELOG][2.0.6-changelog]   | [v2.0.6 README][2.0.6-readme]   |
-| 2.0.5   | 2022-07-07   | [v2.0.5 CHANGELOG][2.0.5-changelog]   | [v2.0.5 README][2.0.5-readme]   |
-| 2.0.4   | 2022-07-01   | [v2.0.4 CHANGELOG][2.0.4-changelog]   | [v2.0.4 README][2.0.4-readme]   |
-| 2.0.3   | 2022-06-28   | [v2.0.3 CHANGELOG][2.0.3-changelog]   | [v2.0.3 README][2.0.3-readme]   |
-| 2.0.2   | 2022-06-24   | [v2.0.2 CHANGELOG][2.0.2-changelog]   | [v2.0.2 README][2.0.2-readme]   |
-| 2.0.1   | 2022-06-22   | [v2.0.1 CHANGELOG][2.0.1-changelog]   | [v2.0.1 README][2.0.1-readme]   |
-| 2.0.0   | 2022-06-21   | [v2.0.0 CHANGELOG][2.0.0-changelog]   | [v2.0.0 README][2.0.0-readme]   |
-
                  
+
+  
+    
+      
+      
+    
+  
+  
+    
+      
+      
+    
+  
+
                  🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎
                  👟 Check it out!github.com/appraisal-rb/appraisal2
                  
 
-
                  Older Releases
                  
+
                  Federated DVCS
                  
 
 
                  
-  1.4.x CHANGELOGs and READMEs
-
-| Version | Release Date | CHANGELOG                             | README                          |
-|---------|--------------|---------------------------------------|---------------------------------|
-| 1.4.11  | Sep 16, 2022 | [v1.4.11 CHANGELOG][1.4.11-changelog] | [v1.4.11 README][1.4.11-readme] |
-| 1.4.10  | Jul 1, 2022  | [v1.4.10 CHANGELOG][1.4.10-changelog] | [v1.4.10 README][1.4.10-readme] |
-| 1.4.9   | Feb 20, 2022 | [v1.4.9 CHANGELOG][1.4.9-changelog]   | [v1.4.9 README][1.4.9-readme]   |
-| 1.4.8   | Feb 18, 2022 | [v1.4.8 CHANGELOG][1.4.8-changelog]   | [v1.4.8 README][1.4.8-readme]   |
-| 1.4.7   | Mar 19, 2021 | [v1.4.7 CHANGELOG][1.4.7-changelog]   | [v1.4.7 README][1.4.7-readme]   |
-| 1.4.6   | Mar 19, 2021 | [v1.4.6 CHANGELOG][1.4.6-changelog]   | [v1.4.6 README][1.4.6-readme]   |
-| 1.4.5   | Mar 18, 2021 | [v1.4.5 CHANGELOG][1.4.5-changelog]   | [v1.4.5 README][1.4.5-readme]   |
-| 1.4.4   | Feb 12, 2020 | [v1.4.4 CHANGELOG][1.4.4-changelog]   | [v1.4.4 README][1.4.4-readme]   |
-| 1.4.3   | Jan 29, 2020 | [v1.4.3 CHANGELOG][1.4.3-changelog]   | [v1.4.3 README][1.4.3-readme]   |
-| 1.4.2   | Oct 1, 2019  | [v1.4.2 CHANGELOG][1.4.2-changelog]   | [v1.4.2 README][1.4.2-readme]   |
-| 1.4.1   | Oct 13, 2018 | [v1.4.1 CHANGELOG][1.4.1-changelog]   | [v1.4.1 README][1.4.1-readme]   |
-| 1.4.0   | Jun 9, 2017  | [v1.4.0 CHANGELOG][1.4.0-changelog]   | [v1.4.0 README][1.4.0-readme]   |
-
                  
+  Find this repo on other forges (Coming soon!)
 
-
                  
-  1.3.x Readmes
+| Federated [DVCS][💎d-in-dvcs] Repository        | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
+|-------------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
+| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]   | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
+| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb] | An Ethical Mirror ([Donate][🤝cb-donate])                             | [💚][🤝cb-issues]         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
+| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]   | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | [💚][gh-discussions]         |
+| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                          | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
+| 🎮️ [Discord Server][✉️discord-invite]          | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
 
-| Version  | Release Date | Readme                                                   |
-|----------|--------------|----------------------------------------------------------|
-| 1.3.1    | Mar 3, 2017  | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.1/README.md |
-| 1.3.0    | Dec 27, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.0/README.md |
 
                  
 
+
                  Enterprise Support Tidelift
+
                  
+
 
                  
-  ≤= 1.2.x Readmes (2016 and before)
-
-| Version  | Release Date | Readme                                                   |
-|----------|--------------|----------------------------------------------------------|
-| 1.2.0    | Jun 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.2.0/README.md |
-| 1.1.0    | Jan 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.1.0/README.md |
-| 1.0.0    | May 23, 2014 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.0.0/README.md |
-| < 1.0.0  | Find here    | https://gitlab.com/ruby-oauth/oauth2/-/tags                  |
+  Need enterprise-level guarantees?
+
+[![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
+
+- 💡Subscribe for support guarantees covering _all_ your FLOSS dependencies
+- 💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]
+- 💡Tidelift pays maintainers to maintain the software you depend on!
                  📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers
+
+Alternatively:
+
+- [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite]
+- [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork]
+- [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]
+
 
                  
 
 
                  ✨ Installation
                  
 
 
                  Install the gem and add to the application’s Gemfile by executing:
                  
 
-
                  $ bundle add oauth2
+
                  bundle add oauth2
 
                  
 
 
                  If bundler is not being used to manage dependencies, install the gem by executing:
                  
 
-
                  $ gem install oauth2
+
                  gem install oauth2
 
                  
 
 
                  🔒 Secure Installation
                  
@@ -412,14 +373,14 @@ 
                  🔒 Secure Installation
                  
 
                  
   For Medium or High Security Installations
 
-`oauth2` is cryptographically signed, and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
+This gem is cryptographically signed, and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
 [stone_checksums][💎stone_checksums]. Be sure the gem you install hasn’t been tampered with
 by following the instructions below.
 
 Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
 
 ```console
-gem cert --add <(curl -Ls https://raw.github.com/ruby-oauth/oauth2/main/certs/pboling.pem)
+gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem)
 ```
 
 You only need to do that once.  Then proceed to install with:
@@ -501,7 +462,7 @@ 
                  What is new for v2.0?
                  
   
                12. … A lot more
                  13. 
 
 
-
                  Compatibility
                  
+
                  Compatibility
                  
 
 
                  Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
                  
 Compatibility is further distinguished as “Best Effort Support” or “Incidental Support” for older versions of Ruby.
                  
@@ -515,7 +476,7 @@ 
                  Compatibility
                  
 Each of those has varying versions that target a specific version of MRI Ruby.
 This gem should work in the just-listed Ruby engines according to the targeted MRI compatibility in the table below.
 If you would like to add support for additional engines,
-  see [gemfiles/README.md](gemfiles/README.md), then submit a PR to the correct maintenance branch as according to the table below.
+see [gemfiles/README.md](gemfiles/README.md), then submit a PR to the correct maintenance branch as according to the table below.
 
                  
 
 
                  
@@ -577,9 +538,7 @@ 
                  Compatibility
                  
 
                  NOTE: The 1.4 series will only receive critical security updates.
                  
 See SECURITY.md.
                  
 
-
                  🔧 Basic Usage
                  
-
-
                  Global Configuration
                  
+
                  ⚙️ Configuration
                  
 
 
                  You can turn on additional warnings.
                  
 
@@ -605,6 +564,8 @@ 
                  Global Configuration
                  
 This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
                  
 If you have time and energy please contribute to the documentation!
                  
 
+
                  🔧 Basic Usage
                  
+
 
                  
 authorize_url and token_url are on site root (Just Works!)
                  
 
@@ -867,6 +828,285 @@ 
                  Authorization Grants
                  
 
                  You can always use the #request method on the OAuth2::Client instance to make
                  
 requests for tokens for any Authentication grant type.
                  
 
+
                  📘 Comprehensive Usage
                  
+
+
                  Common Flows (end-to-end)
                  
+
+
                    
+  
                  • Authorization Code (server-side web app):
                    • 
+
                  
+
+
                  require "oauth2"
+client = OAuth2::Client.new(
+  ENV["CLIENT_ID"],
+  ENV["CLIENT_SECRET"],
+  site: "https://provider.example.com",
+  redirect_uri: "https://my.app.example.com/oauth/callback",
+)
+
+# Step 1: redirect user to consent
+state = SecureRandom.hex(16)
+auth_url = client.auth_code.authorize_url(/service/scope: "openid profile email", state: state)
+# redirect_to auth_url
+
+# Step 2: handle the callback
+# params[:code], params[:state]
+raise "state mismatch" unless params[:state] == state
+access = client.auth_code.get_token(params[:code])
+
+# Step 3: call APIs
+profile = access.get("/api/v1/me").parsed
+
                  
+
+
                    
+  
                  • Client Credentials (machine-to-machine):
                    • 
+
                  
+
+
                  client = OAuth2::Client.new(ENV["CLIENT_ID"], ENV["CLIENT_SECRET"], site: "https://provider.example.com")
+access = client.client_credentials.get_token(audience: "https://api.example.com")
+resp = access.get("/v1/things")
+
                  
+
+
                    
+  
                  • Resource Owner Password (legacy; avoid when possible):
                    • 
+
                  
+
+
                  access = client.password.get_token("jdoe", "s3cret", scope: "read")
+
                  
+
+
                  Refresh Tokens
                  
+
+
                  When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
                  
+
+
                    
+  
                  • Manual refresh:
                    • 
+
                  
+
+
                  if access.expired?
+  access = access.refresh
+end
+
                  
+
+
                    
+  
                  • Auto-refresh wrapper pattern:
                    • 
+
                  
+
+
                  class AutoRefreshingToken
+  def initialize(token_provider, store: nil)
+    @token = token_provider
+    @store = store # e.g., something that responds to read/write for token data
+  end
+
+  def with(&blk)
+    tok = ensure_fresh!
+    blk ? blk.call(tok) : tok
+  rescue OAuth2::Error => e
+    # If a 401 suggests token invalidation, try one refresh and retry once
+    if e.response && e.response.status == 401 && @token.refresh_token
+      @token = @token.refresh
+      @store.write(@token.to_hash) if @store
+      retry
+    end
+    raise
+  end
+
+private
+
+  def ensure_fresh!
+    if @token.expired? && @token.refresh_token
+      @token = @token.refresh
+      @store.write(@token.to_hash) if @store
+    end
+    @token
+  end
+end
+
+# usage
+keeper = AutoRefreshingToken.new(access)
+keeper.with { |tok| tok.get("/v1/protected") }
+
                  
+
+
                  Persist the token across processes using AccessToken#to_hash and AccessToken.from_hash(client, hash).
                  
+
+
                  Token Revocation (RFC 7009)
                  
+
+
                  You can revoke either the access token or the refresh token.
                  
+
+
                  # Revoke the current access token
+access.revoke(token_type_hint: :access_token)
+
+# Or explicitly revoke the refresh token (often also invalidates associated access tokens)
+access.revoke(token_type_hint: :refresh_token)
+
                  
+
+
                  Client Configuration Tips
                  
+
+
                    
+  
                  • Authentication schemes for the token request:
                    • 
+
                  
+
+
                  OAuth2::Client.new(
+  id,
+  secret,
+  site: "https://provider.example.com",
+  auth_scheme: :basic_auth, # default. Alternatives: :request_body, :tls_client_auth, :private_key_jwt
+)
+
                  
+
+
                    
+  
                  • Faraday connection, timeouts, proxy, custom adapter/middleware:
                    • 
+
                  
+
+
                  client = OAuth2::Client.new(
+  id,
+  secret,
+  site: "https://provider.example.com",
+  connection_opts: {
+    request: {open_timeout: 5, timeout: 15},
+    proxy: ENV["HTTPS_PROXY"],
+    ssl: {verify: true},
+  },
+) do |faraday|
+  faraday.request(:url_encoded)
+  # faraday.response :logger, Logger.new($stdout) # see OAUTH_DEBUG below
+  faraday.adapter(:net_http_persistent) # or any Faraday adapter you need
+end
+
                  
+
+
                    
+  
                  • Redirection: The library follows up to max_redirects (default 5). You can override per-client via options[:max_redirects].
                    • 
+
                  
+
+
                  Handling Responses and Errors
                  
+
+
                    
+  
                  • Parsing:
                    • 
+
                  
+
+
                  resp = access.get("/v1/thing")
+resp.status     # Integer
+resp.headers    # Hash
+resp.body       # String
+resp.parsed     # SnakyHash::StringKeyed or Array when JSON array
+
                  
+
+
                    
+  
                  • Error handling:
                    • 
+
                  
+
+
                  begin
+  access.get("/v1/forbidden")
+rescue OAuth2::Error => e
+  e.code         # OAuth2 error code (when present)
+  e.description  # OAuth2 error description (when present)
+  e.response     # OAuth2::Response (full access to status/headers/body)
+end
+
                  
+
+
                    
+  
                  • Disable raising on 4xx/5xx to inspect the response yourself:
                    • 
+
                  
+
+
                  client = OAuth2::Client.new(id, secret, site: site, raise_errors: false)
+res = client.request(:get, "/v1/maybe-errors")
+if res.status == 429
+  sleep res.headers["retry-after"].to_i
+end
+
                  
+
+
                  Making Raw Token Requests
                  
+
+
                  If a provider requires non-standard parameters or headers, you can call client.get_token directly:
                  
+
+
                  access = client.get_token({
+  grant_type: "client_credentials",
+  audience: "https://api.example.com",
+  headers: {"X-Custom" => "value"},
+  parse: :json, # override parsing
+})
+
                  
+
+
                  OpenID Connect (OIDC) Notes
                  
+
+
                    
+  
                  • If the token response includes an id_token (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider’s JWKs to verify it.
                    • 
+  
                  • For private_key_jwt client authentication, provide auth_scheme: :private_key_jwt and ensure your key configuration matches the provider requirements.
                    • 
+
                  
+
+
                  Debugging
                  
+
+
                    
+  
                  • Set environment variable OAUTH_DEBUG=true to enable verbose Faraday logging (uses the client-provided logger).
                    • 
+  
                  • To mirror a working curl request, ensure you set the same auth scheme, params, and content type. The Quick Example at the top shows a curl-to-ruby translation.
                    • 
+
                  
+
+
                  
+
+
                  🦷 FLOSS Funding
                  
+
+
                  While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding.
                  
+Raising a monthly budget of… “dollars” would make the project more sustainable.
                  
+
+
                  We welcome both individual and corporate sponsors! We also offer a
                  
+wide array of funding channels to account for your preferences
                  
+(although currently Open Collective is our preferred funding platform).
                  
+
+
                  If you’re working in a company that’s making significant use of ruby-oauth tools we’d
                  
+appreciate it if you suggest to your company to become a ruby-oauth sponsor.
                  
+
+
                  You can support the development of ruby-oauth tools via
                  
+GitHub Sponsors,
                  
+Liberapay,
                  
+PayPal,
                  
+Open Collective
                  
+and Tidelift.
                  
+
+
+  
+    
+      
+    
+  
+  
+    
+      
+    
+  
+
                  📍 NOTE
                  If doing a sponsorship in the form of donation is problematic for your company 
                   from an accounting standpoint, we’d recommend the use of Tidelift, 
                   where you can get a support-like subscription instead.
                  
+
+
                  Open Collective for Individuals
                  
+
+
+
                  No backers yet. Be the first!
                  
+
                  
+
+
                  Support us with a monthly donation and help us continue our activities. [Become a backer]
                  
+
+
                  Open Collective for Organizations
                  
+
+
+
                  No sponsors yet. Be the first!
                  
+
                  
+
+
                  Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
                  
+
+
                  Another way to support open-source
                  
+
+
                  
+  
                  How wonderful it is that nobody need wait a single moment before starting to improve the world.

                  
+—Anne Frank
                  
+
                  
+
+
                  I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions — totaling 79 hours of FLOSS coding over just the past seven days, a pretty regular week for me.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
                  
+
+
                  If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.
                  
+
+
                  I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.
                  
+
+
                  Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags
                  
+
+
                  OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                  
+
 
                  🔐 Security
                  
 
 
                  See SECURITY.md.
                  
@@ -874,7 +1114,7 @@ 
                  🔐 Security
                  
 
                  🤝 Contributing
                  
 
 
                  If you need some ideas of where to help, you could work on adding more code coverage,
                  
-or if it is already 💯 (see below) check issues, or PRs,
                  
+or if it is already 💯 (see below) check reek, issues, or PRs,
                  
 or use the gem and think about how it could be better.
                  
 
 
                  We Keep A Changelog so if you make changes, remember to update it.
                  
@@ -904,15 +1144,18 @@ 
                  🌈 Contributors
                  
 
 
                  Also see GitLab Contributors: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main
                  
 
-
                  ⭐️ Star History
                  
+
                  
+    ⭐️ Star History
 
-
                  
-
-     
-     
+
+ 
+   
+   
    Star History Chart
  
-
                  </a>
                  
+                  
+
+
                  
 
 
                  📌 Versioning
                  
 
@@ -922,32 +1165,14 @@ 
                  📌 Versioning
                  
 a new version should be immediately released that restores compatibility.
                  
 Breaking changes to the public API will only be introduced with new major versions.
                  
 
-
                  📌 Is “Platform Support” part of the public API?
                  
-
-
                  Yes.  But I’m obligated to include notes…
                  
-
-
                  SemVer should, but doesn’t explicitly, say that dropping support for specific Platforms
                  
-is a breaking change to an API.
                  
-It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless.
                  
-
 
                  
-  
                  dropping support for a platform is both obviously and objectively a breaking change
                  
+  
                  dropping support for a platform is both obviously and objectively a breaking change 

                  
+—Jordan Harband (@ljharb, maintainer of SemVer) in SemVer issue 716
                  
 
                  
 
-
-
-
                  To get a better understanding of how SemVer is intended to work over a project’s lifetime,
                  
-read this article from the creator of SemVer:
                  
-
-
-
-
                  As a result of this policy, and the interpretive lens used by the maintainer,
                  
-you can (and should) specify a dependency on these libraries using
                  
+
                  I understand that policy doesn’t work universally (“exceptions to every rule!”),
                  
+but it is the policy here.
                  
+As such, in many cases it is good to specify a dependency on this library using
                  
 the Pessimistic Version Constraint with two digits of precision.
                  
 
 
                  For example:
                  
@@ -955,6 +1180,20 @@ 
                  📌 Is “Platform Support
 
                  spec.add_dependency("oauth2", "~> 2.0")
 
                  
 
+
                  
+📌 Is "Platform Support" part of the public API? More details inside.
+
+SemVer should, IMO, but doesn't explicitly, say that dropping support for specific Platforms
+is a *breaking change* to an API.
+It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless.
+
+To get a better understanding of how SemVer is intended to work over a project's lifetime,
+read this article from the creator of SemVer:
+
+- ["Major Version Numbers are Not Sacred"][📌major-versions-not-sacred]
+
+
                  
+
 
                  See CHANGELOG.md for a list of releases.
                  
 
 
                  📄 License
                  
@@ -973,28 +1212,33 @@ 
                  © Copyright
                  
             
               Galtzo.com Logo (Wordless) by Aboling0, CC BY-SA 4.0
             
-        , and oauth2 contributors
+        , and oauth2 contributors.
     
     
                13. 
         Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.
     
                  14. 
 
 
-
                  🤑 One more thing
                  
+
                  🤑 A request for help
                  
+
+
                  Maintainers have teeth and need to pay their dentists.
                  
+After getting laid off in an RIF in March and filled with many dozens of rejections,
                  
+I’m now spending ~60+ hours a week building open source tools.
                  
+I’m hoping to be able to pay for my kids’ health insurance this month,
                  
+so if you value the work I am doing, I need your support.
                  
+Please consider sponsoring me or the project.
                  
 
-
                  Having arrived at the bottom of the page, please endure a final supplication.
                  
-The primary maintainer of this gem, Peter Boling, wants
                  
-Ruby to be a great place for people to solve problems, big and small.
                  
-Please consider supporting his efforts via the giant yellow link below,
                  
-or one of the smaller ones, depending on button size preference.
                  
+
                  To join the community or get help 👇️ Join the Discord.
                  
 
-
                  Buy me a latte
                  
+
                  Live Chat on Discord
                  
 
-
                  Liberapay Goal Progress Sponsor Me on Github Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                  
+
                  To say “thanks for maintaining such a great tool” ☝️ Join the Discord or 👇️ send money.
                  
 
-
                  P.S. If you need help️ or want to say thanks, 👇 Join the Discord.
                  
+
                  Sponsor ruby-oauth/oauth2 on Open Source Collective 💌 Sponsor me on GitHub Sponsors 💌 Sponsor me on Liberapay 💌 Donate on PayPal
                  
 
-
                  Live Chat on Discord
                  
+
                  Please give the project a star ⭐ ♥.
                  
+
+
                  Thanks for RTFM. ☺️
                  
 
 
                  
   
@@ -1009,14 +1253,14 @@ 
                  🤑 One more thing
                  
 
                  
   Broken badges
 
-[![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov]
-[![Coverage Graph][🔑codecov-g♻️]][🔑codecov]
+[![Coverage Graph][🔑codecov-g]][🔑codecov]
+[![CodeCov Test Coverage][🔑codecovi]][🔑codecov]
 
 
                  
 
                  
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 9c5faf89..2b1f5413 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                  Defined Under Namespace
                  
 
                  
 
       

From ffad2e727277f1fd9b7656e64fecfb60d09ef480 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 30 Aug 2025 16:21:28 -0600
Subject: [PATCH 522/645] =?UTF-8?q?=F0=9F=93=9D=20Fix=20oauth2=20logo?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                        | 6 +++---
 docs/OAuth2.html                                 | 2 +-
 docs/OAuth2/AccessToken.html                     | 2 +-
 docs/OAuth2/Authenticator.html                   | 2 +-
 docs/OAuth2/Client.html                          | 2 +-
 docs/OAuth2/Error.html                           | 2 +-
 docs/OAuth2/FilteredAttributes.html              | 2 +-
 docs/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 docs/OAuth2/Response.html                        | 2 +-
 docs/OAuth2/Strategy.html                        | 2 +-
 docs/OAuth2/Strategy/Assertion.html              | 2 +-
 docs/OAuth2/Strategy/AuthCode.html               | 2 +-
 docs/OAuth2/Strategy/Base.html                   | 2 +-
 docs/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 docs/OAuth2/Strategy/Implicit.html               | 2 +-
 docs/OAuth2/Strategy/Password.html               | 2 +-
 docs/OAuth2/Version.html                         | 2 +-
 docs/_index.html                                 | 2 +-
 docs/file.CHANGELOG.html                         | 2 +-
 docs/file.CODE_OF_CONDUCT.html                   | 2 +-
 docs/file.CONTRIBUTING.html                      | 2 +-
 docs/file.FUNDING.html                           | 2 +-
 docs/file.LICENSE.html                           | 2 +-
 docs/file.README.html                            | 6 +++---
 docs/file.RUBOCOP.html                           | 2 +-
 docs/file.SECURITY.html                          | 2 +-
 docs/index.html                                  | 6 +++---
 docs/top-level-namespace.html                    | 2 +-
 28 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/README.md b/README.md
index 2639e0ea..c73378f7 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,10 @@
-[![Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0][🖼️galtzo-i]][🖼️galtzo-discord] [![ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5][🖼️ruby-lang-i]][🖼️ruby-lang] [![oauth2 Logo by Aboling0, CC BY-SA 4.0][🖼️oauth2-i]][🖼️oauth2]
+[![Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0][🖼️galtzo-i]][🖼️galtzo-discord] [![ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5][🖼️ruby-lang-i]][🖼️ruby-lang] [![oauth2 Logo by Chris Messina, CC BY-SA 3.0][🖼️oauth2-i]][🖼️oauth2]
 
 [🖼️galtzo-i]: https://logos.galtzo.com/assets/images/galtzo-floss/avatar-192px.svg
 [🖼️galtzo-discord]: https://discord.gg/3qme4XHNKN
 [🖼️ruby-lang-i]: https://logos.galtzo.com/assets/images/ruby-lang/avatar-192px.svg
 [🖼️ruby-lang]: https://www.ruby-lang.org/
-[🖼️oauth2-i]: https://logos.galtzo.com/assets/images/ruby-oauth/oauth2/avatar-192px.svg
+[🖼️oauth2-i]: https://logos.galtzo.com/assets/images/oauth/oauth2/avatar-192px.svg
 [🖼️oauth2]: https://github.com/ruby-oauth/oauth2
 
 # 🔐 OAuth 2.0 Authorization Framework
@@ -272,7 +272,7 @@ For more see [SECURITY.md][🔐security].
 - Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
 - Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
 - Support IETF rfc6749 Don't set oauth params when nil (since v2.0.0)
-- Support IETF rfc7009 Token Revocation (since v2.0.10, updated in v2.0.13)
+- Support IETF rfc7009 Token Revocation (since v2.0.10, updated in v2.0.13 to support revocation via URL-encoded parameters)
 - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523)
 - Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json`
 - Adds option to `OAuth2::Client#get_token`:
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 878cbbca..f428eb68 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                  
 
                  
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 6adefa10..84f39691 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index a7b3f5bf..971b6027 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 9672b729..f84f3314 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 861bfdc4..1fcc0bbc 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 3b319cdd..c5c2a72a 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index c355f60f..96b7b0c8 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 8f90a705..81759737 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 992bd3d7..1c77125c 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                  Defined Under Namespace
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 4ebca5f9..88e113d8 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 165ad8e3..a0ea135b 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index da3f42a7..d8c5e27b 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index d41a29c8..149ed568 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 817f7461..f78a7aaa 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 62bdb4af..ae11f939 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 66f51584..6ac47cbc 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                  
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 80898b2c..3b36232a 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -306,7 +306,7 @@ 
                  Namespace Listing A-Z
                  
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 4c0f212b..079c871c 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -1211,7 +1211,7 @@ 
                  
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 93defb8e..c30d732f 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                  Attribution
                  
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index da7ff9c3..aab4be2c 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ 
                  Manual process
                  
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index d260c37b..e83646fb 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                  Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index d1e96d2c..06a28b31 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                  MIT License

                  Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                  Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                  Permission is hereby granted, free of charge, to any person obtaining a copy
                  of this software and associated documentation files (the "Software"), to deal
                  in the Software without restriction, including without limitation the rights
                  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                  copies of the Software, and to permit persons to whom the Software is
                  furnished to do so, subject to the following conditions:

                  The above copyright notice and this permission notice shall be included in all
                  copies or substantial portions of the Software.

                  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                  SOFTWARE.
                  
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index f4c414f8..8db57cd0 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -57,7 +57,7 @@
         
                  
       
 
-      
                  Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Aboling0, CC BY-SA 4.0
                  
+      
                  Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Chris Messina, CC BY-SA 3.0
                  
 
 
                  🔐 OAuth 2.0 Authorization Framework
                  
 
@@ -429,7 +429,7 @@ 
                  What is new for v2.0?
                  
   
                14. Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
                  15. 
   
                15. Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
                  16. 
   
                16. Support IETF rfc6749 Don’t set oauth params when nil (since v2.0.0)
                  17. 
-  
                17. Support IETF rfc7009 Token Revocation (since v2.0.10, updated in v2.0.13)
                  18. 
+  
                18. Support IETF rfc7009 Token Revocation (since v2.0.10, updated in v2.0.13 to support revocation via URL-encoded parameters)
                  19. 
   
                19. Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523)
 
                  20. 
   
                20. Support new formats, including from jsonapi.org: application/vdn.api+json, application/vnd.collection+json, application/hal+json, application/problem+json
@@ -1260,7 +1260,7 @@ 
                  Please give the project a star ⭐ ♥
 
                  21. 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 97853810..324d678d 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                  Benefits of rubocop_gradual
                  
 
                  
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 7145e9fa..4a91df72 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                  Enterprise Support
                  
 
 
       
diff --git a/docs/index.html b/docs/index.html
index 079da493..0509e704 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -57,7 +57,7 @@
         
                  
       
 
-      
                  Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Aboling0, CC BY-SA 4.0
                  
+      
                  Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Chris Messina, CC BY-SA 3.0
                  
 
 
                  🔐 OAuth 2.0 Authorization Framework
                  
 
@@ -429,7 +429,7 @@ 
                  What is new for v2.0?
                  
   
                21. Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
                  22. 
   
                22. Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
                  23. 
   
                23. Support IETF rfc6749 Don’t set oauth params when nil (since v2.0.0)
                  24. 
-  
                24. Support IETF rfc7009 Token Revocation (since v2.0.10, updated in v2.0.13)
                  25. 
+  
                25. Support IETF rfc7009 Token Revocation (since v2.0.10, updated in v2.0.13 to support revocation via URL-encoded parameters)
                  26. 
   
                26. Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523)
 
                  27. 
   
                27. Support new formats, including from jsonapi.org: application/vdn.api+json, application/vnd.collection+json, application/hal+json, application/problem+json
@@ -1260,7 +1260,7 @@ 
                  Please give the project a star ⭐ ♥
 
                  28. 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 2b1f5413..fc164e71 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                  Defined Under Namespace
                  
 
                  
 
       

From 5ffe9f6a938f9e36c6c600db2afbf2c47aaad74c Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 30 Aug 2025 16:26:14 -0600
Subject: [PATCH 523/645] =?UTF-8?q?=F0=9F=93=9D=20fix=20logo=20order?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                        | 8 ++++----
 docs/OAuth2.html                                 | 2 +-
 docs/OAuth2/AccessToken.html                     | 2 +-
 docs/OAuth2/Authenticator.html                   | 2 +-
 docs/OAuth2/Client.html                          | 2 +-
 docs/OAuth2/Error.html                           | 2 +-
 docs/OAuth2/FilteredAttributes.html              | 2 +-
 docs/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 docs/OAuth2/Response.html                        | 2 +-
 docs/OAuth2/Strategy.html                        | 2 +-
 docs/OAuth2/Strategy/Assertion.html              | 2 +-
 docs/OAuth2/Strategy/AuthCode.html               | 2 +-
 docs/OAuth2/Strategy/Base.html                   | 2 +-
 docs/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 docs/OAuth2/Strategy/Implicit.html               | 2 +-
 docs/OAuth2/Strategy/Password.html               | 2 +-
 docs/OAuth2/Version.html                         | 2 +-
 docs/_index.html                                 | 2 +-
 docs/file.CHANGELOG.html                         | 2 +-
 docs/file.CODE_OF_CONDUCT.html                   | 2 +-
 docs/file.CONTRIBUTING.html                      | 2 +-
 docs/file.FUNDING.html                           | 2 +-
 docs/file.LICENSE.html                           | 2 +-
 docs/file.README.html                            | 2 +-
 docs/file.RUBOCOP.html                           | 2 +-
 docs/file.SECURITY.html                          | 2 +-
 docs/index.html                                  | 2 +-
 docs/top-level-namespace.html                    | 2 +-
 28 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/README.md b/README.md
index c73378f7..e455b59c 100644
--- a/README.md
+++ b/README.md
@@ -1,11 +1,11 @@
 [![Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0][🖼️galtzo-i]][🖼️galtzo-discord] [![ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5][🖼️ruby-lang-i]][🖼️ruby-lang] [![oauth2 Logo by Chris Messina, CC BY-SA 3.0][🖼️oauth2-i]][🖼️oauth2]
 
-[🖼️galtzo-i]: https://logos.galtzo.com/assets/images/galtzo-floss/avatar-192px.svg
-[🖼️galtzo-discord]: https://discord.gg/3qme4XHNKN
-[🖼️ruby-lang-i]: https://logos.galtzo.com/assets/images/ruby-lang/avatar-192px.svg
-[🖼️ruby-lang]: https://www.ruby-lang.org/
 [🖼️oauth2-i]: https://logos.galtzo.com/assets/images/oauth/oauth2/avatar-192px.svg
 [🖼️oauth2]: https://github.com/ruby-oauth/oauth2
+[🖼️ruby-lang-i]: https://logos.galtzo.com/assets/images/ruby-lang/avatar-192px.svg
+[🖼️ruby-lang]: https://www.ruby-lang.org/
+[🖼️galtzo-i]: https://logos.galtzo.com/assets/images/galtzo-floss/avatar-192px.svg
+[🖼️galtzo-discord]: https://discord.gg/3qme4XHNKN
 
 # 🔐 OAuth 2.0 Authorization Framework
 
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index f428eb68..95a3a397 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                  
 
                  
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 84f39691..5919077f 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 971b6027..4d9d667a 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index f84f3314..3fca37e1 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 1fcc0bbc..1e4b93b4 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index c5c2a72a..915c8939 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 96b7b0c8..1c6b9a29 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 81759737..201e9a34 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 1c77125c..62aa1089 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                  Defined Under Namespace
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 88e113d8..9ade5bac 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index a0ea135b..03728d46 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index d8c5e27b..6c8e1133 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 149ed568..557cfb5d 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index f78a7aaa..c86d532b 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index ae11f939..daaf59d6 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 6ac47cbc..c5ced425 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                  
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 3b36232a..a1fb0f3a 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -306,7 +306,7 @@ 
                  Namespace Listing A-Z
                  
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 079c871c..deb31c1f 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -1211,7 +1211,7 @@ 
                  
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index c30d732f..97cb79bf 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                  Attribution
                  
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index aab4be2c..8d0b9608 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ 
                  Manual process
                  
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index e83646fb..f33accb0 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                  Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 06a28b31..e8fcaea0 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                  MIT License

                  Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                  Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                  Permission is hereby granted, free of charge, to any person obtaining a copy
                  of this software and associated documentation files (the "Software"), to deal
                  in the Software without restriction, including without limitation the rights
                  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                  copies of the Software, and to permit persons to whom the Software is
                  furnished to do so, subject to the following conditions:

                  The above copyright notice and this permission notice shall be included in all
                  copies or substantial portions of the Software.

                  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                  SOFTWARE.
                  
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 8db57cd0..eb1f6961 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -1260,7 +1260,7 @@ 
                  Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 324d678d..379ff874 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                  Benefits of rubocop_gradual
                  
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 4a91df72..25f35b40 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                  Enterprise Support
                  
 
 
       
diff --git a/docs/index.html b/docs/index.html
index 0509e704..a752b5cc 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1260,7 +1260,7 @@ 
                  Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index fc164e71..d11c7398 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                  Defined Under Namespace
                  
 
 
       

From 8c43117f52b94480d565ba0ca6811713030ede2c Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 30 Aug 2025 16:36:03 -0600
Subject: [PATCH 524/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=20v2.0?=
 =?UTF-8?q?.13?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                                  | 316 +++++++-----------
 Gemfile.lock                                  |   2 +-
 README.md                                     |   2 +-
 REEK                                          | 131 --------
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   4 +-
 docs/_index.html                              |  53 ++-
 docs/file.CHANGELOG.html                      | 185 +++++-----
 docs/file.CITATION.html                       |   7 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.README.html                         |   6 +-
 docs/file.REEK.html                           |  71 ++++
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   2 +-
 docs/file.access_token.html                   |  94 ++++++
 docs/file.authenticator.html                  |  91 +++++
 docs/file.client.html                         | 121 +++++++
 docs/file.error.html                          |  78 +++++
 docs/file.filtered_attributes.html            |  76 +++++
 docs/file.oauth2-2.0.10.gem.html              |  71 ++++
 docs/file.oauth2-2.0.11.gem.html              |  71 ++++
 docs/file.oauth2-2.0.12.gem.html              |  71 ++++
 docs/file.oauth2.html                         |  79 +++++
 docs/file.response.html                       |  87 +++++
 docs/file.strategy.html                       | 103 ++++++
 docs/file.version.html                        |  75 +++++
 docs/file_list.html                           |  85 +++++
 docs/index.html                               |   6 +-
 docs/top-level-namespace.html                 |   2 +-
 lib/oauth2/version.rb                         |   2 +-
 47 files changed, 1472 insertions(+), 459 deletions(-)
 create mode 100644 docs/file.REEK.html
 create mode 100644 docs/file.access_token.html
 create mode 100644 docs/file.authenticator.html
 create mode 100644 docs/file.client.html
 create mode 100644 docs/file.error.html
 create mode 100644 docs/file.filtered_attributes.html
 create mode 100644 docs/file.oauth2-2.0.10.gem.html
 create mode 100644 docs/file.oauth2-2.0.11.gem.html
 create mode 100644 docs/file.oauth2-2.0.12.gem.html
 create mode 100644 docs/file.oauth2.html
 create mode 100644 docs/file.response.html
 create mode 100644 docs/file.strategy.html
 create mode 100644 docs/file.version.html

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ab3f1205..7825cc50 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,18 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 
 ## [Unreleased]
 ### Added
+### Changed
+### Deprecated
+### Removed
+### Fixed
+### Security
+
+## [2.0.13] - 2025-08-30
+- TAG: [v2.0.13][2.0.13t]
+- COVERAGE: 100.00% -- 519/519 lines in 14 files
+- BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files
+- 90.48% documented
+### Added
 - [gh656][gh656] - Support revocation with URL-encoded parameters
 - [gh660][gh660] - Inline yard documentation by @pboling
 - [gh660][gh660] - Complete RBS types documentation by @pboling
@@ -15,8 +27,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 ### Changed
 - Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
 - [gh660][gh660] - Shrink post-install message by 4 lines by @pboling
-### Deprecated
-### Removed
 ### Fixed
 - [gh660][gh660] - Links in README (including link to HEAD documentation) by @pboling
 ### Security
@@ -590,206 +600,106 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 
 [gemfiles/readme]: gemfiles/README.md
 
-[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.12...HEAD
-[2.0.12]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.11...v2.0.12
-[2.0.12t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.12
-[2.0.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.10...v2.0.11
-[2.0.11t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.11
-[2.0.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.9...v2.0.10
-[2.0.10t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.10
-[2.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.8...v2.0.9
-[2.0.9t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.9
-[2.0.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.7...v2.0.8
-[2.0.8t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.8
-[2.0.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.6...v2.0.7
-[2.0.7t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.7
-[2.0.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.5...v2.0.6
-[2.0.6t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.6
-[2.0.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.4...v2.0.5
-[2.0.5t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.5
-[2.0.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.3...v2.0.4
-[2.0.4t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.4
-[2.0.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.2...v2.0.3
-[2.0.3t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.3
-[2.0.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.1...v2.0.2
-[2.0.2t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.2
-[2.0.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.0...v2.0.1
-[2.0.1t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.1
-[2.0.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.11...v2.0.0
-[2.0.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.0
-[1.4.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.10...v1.4.11
-[1.4.11t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.11
-[1.4.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.9...v1.4.10
-[1.4.10t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.10
-[1.4.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.8...v1.4.9
-[1.4.9t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.9
-[1.4.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.7...v1.4.8
-[1.4.8t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.8
-[1.4.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.6...v1.4.7
-[1.4.7t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.7
-[1.4.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.5...v1.4.6
-[1.4.6t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.6
-[1.4.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.4...v1.4.5
-[1.4.5t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.5
-[1.4.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.3...v1.4.4
-[1.4.4t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.4
-[1.4.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.2...v1.4.3
-[1.4.3t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.3
-[1.4.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.1...v1.4.2
-[1.4.2t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.2
-[1.4.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.0...v1.4.1
-[1.4.1t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.1
-[1.4.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.3.1...v1.4.0
-[1.4.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.4.0
-[1.3.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.3.0...v1.3.1
-[1.3.1t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.3.1
-[1.3.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.2.0...v1.3.0
-[1.3.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.3.0
-[1.2.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.1.0...v1.2.0
-[1.2.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.2.0
-[1.1.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.0.0...v1.1.0
-[1.1.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.1.0
-[1.0.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.9.4...v1.0.0
-[1.0.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.0.0
-[0.5.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.4.1...v0.5.0
-[0.5.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.5.0
-[0.4.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.4.0...v0.4.1
-[0.4.1t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.4.1
-[0.4.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.3.0...v0.4.0
-[0.4.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.4.0
-[0.3.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.2.0...v0.3.0
-[0.3.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.3.0
-[0.2.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.1.1...v0.2.0
-[0.2.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.2.0
-[0.1.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.1.0...v0.1.1
-[0.1.1t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.1.1
-[0.1.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.13...v0.1.0
-[0.1.0t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.1.0
-[0.0.13]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.12...v0.0.13
-[0.0.13t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.13
-[0.0.12]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.11...v0.0.12
-[0.0.12t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.12
-[0.0.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.10...v0.0.11
-[0.0.11t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.11
-[0.0.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.9...v0.0.10
-[0.0.10t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.10
-[0.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.8...v0.0.9
-[0.0.9t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.9
-[0.0.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.7...v0.0.8
-[0.0.8t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.8
-[0.0.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.6...v0.0.7
-[0.0.7t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.7
-[0.0.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.5...v0.0.6
-[0.0.6t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.6
-[0.0.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.4...v0.0.5
-[0.0.5t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.5
-[0.0.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.3...v0.0.4
-[0.0.4t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.4
-[0.0.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.2...v0.0.3
-[0.0.3t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.3
-[0.0.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.1...v0.0.2
-[0.0.2t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.2
-[0.0.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/311d9f4...v0.0.1
-[0.0.1t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v0.0.1
 [Unreleased]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.12...HEAD
-[2.0.12]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.11...v2.0.12
-[2.0.12t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v2.0.12
-[2.0.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.10...v2.0.11
-[2.0.11t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v2.0.11
-[2.0.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.9...v2.0.10
-[2.0.10t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v2.0.10
-[2.0.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.8...v2.0.9
-[2.0.9t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v2.0.9
-[2.0.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.7...v2.0.8
-[2.0.8t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v2.0.8
-[2.0.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.6...v2.0.7
-[2.0.7t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v2.0.7
-[2.0.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.5...v2.0.6
-[2.0.6t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v2.0.6
-[2.0.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.4...v2.0.5
-[2.0.5t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v2.0.5
-[2.0.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.3...v2.0.4
-[2.0.4t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v2.0.4
-[2.0.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.2...v2.0.3
-[2.0.3t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v2.0.3
-[2.0.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.1...v2.0.2
-[2.0.2t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v2.0.2
-[2.0.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.0...v2.0.1
-[2.0.1t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v2.0.1
-[2.0.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.11...v2.0.0
-[2.0.0t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v2.0.0
-[1.4.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.10...v1.4.11
-[1.4.11t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.4.11
-[1.4.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.9...v1.4.10
-[1.4.10t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.4.10
-[1.4.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.8...v1.4.9
-[1.4.9t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.4.9
-[1.4.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.7...v1.4.8
-[1.4.8t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.4.8
-[1.4.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.6...v1.4.7
-[1.4.7t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.4.7
-[1.4.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.5...v1.4.6
-[1.4.6t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.4.6
-[1.4.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.4...v1.4.5
-[1.4.5t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.4.5
-[1.4.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.3...v1.4.4
-[1.4.4t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.4.4
-[1.4.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.2...v1.4.3
-[1.4.3t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.4.3
-[1.4.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.1...v1.4.2
-[1.4.2t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.4.2
-[1.4.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.0...v1.4.1
-[1.4.1t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.4.1
-[1.4.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.3.1...v1.4.0
-[1.4.0t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.4.0
-[1.3.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.3.0...v1.3.1
-[1.3.1t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.3.1
-[1.3.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.2.0...v1.3.0
-[1.3.0t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.3.0
-[1.2.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.1.0...v1.2.0
-[1.2.0t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.2.0
-[1.1.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.0.0...v1.1.0
-[1.1.0t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.1.0
-[1.0.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.9.4...v1.0.0
-[1.0.0t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.0.0
-[0.5.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.4.1...v0.5.0
-[0.5.0t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.5.0
-[0.4.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.4.0...v0.4.1
-[0.4.1t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.4.1
-[0.4.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.3.0...v0.4.0
-[0.4.0t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.4.0
-[0.3.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.2.0...v0.3.0
-[0.3.0t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.3.0
-[0.2.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.1.1...v0.2.0
-[0.2.0t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.2.0
-[0.1.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.1.0...v0.1.1
-[0.1.1t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.1.1
-[0.1.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.13...v0.1.0
-[0.1.0t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.1.0
-[0.0.13]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.12...v0.0.13
-[0.0.13t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.0.13
-[0.0.12]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.11...v0.0.12
-[0.0.12t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.0.12
-[0.0.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.10...v0.0.11
-[0.0.11t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.0.11
-[0.0.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.9...v0.0.10
-[0.0.10t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.0.10
-[0.0.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.8...v0.0.9
-[0.0.9t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.0.9
-[0.0.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.7...v0.0.8
-[0.0.8t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.0.8
-[0.0.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.6...v0.0.7
-[0.0.7t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.0.7
-[0.0.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.5...v0.0.6
-[0.0.6t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.0.6
-[0.0.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.4...v0.0.5
-[0.0.5t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.0.5
-[0.0.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.3...v0.0.4
-[0.0.4t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.0.4
-[0.0.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.2...v0.0.3
-[0.0.3t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.0.3
+[0.0.1]: https://github.com/ruby-oauth/oauth2/compare/311d9f4...v0.0.1
+[0.0.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.1
 [0.0.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.1...v0.0.2
-[0.0.2t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.0.2
-[0.0.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/311d9f4...v0.0.1
-[0.0.1t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v0.0.1
-
+[0.0.2t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.2
+[0.0.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.2...v0.0.3
+[0.0.3t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.3
+[0.0.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.3...v0.0.4
+[0.0.4t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.4
+[0.0.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.4...v0.0.5
+[0.0.5t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.5
+[0.0.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.5...v0.0.6
+[0.0.6t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.6
+[0.0.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.6...v0.0.7
+[0.0.7t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.7
+[0.0.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.7...v0.0.8
+[0.0.8t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.8
+[0.0.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.8...v0.0.9
+[0.0.9t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.9
+[0.0.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.9...v0.0.10
+[0.0.10t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.10
+[0.0.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.10...v0.0.11
+[0.0.11t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.11
+[0.0.12]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.11...v0.0.12
+[0.0.12t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.12
+[0.0.13]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.12...v0.0.13
+[0.0.13t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.13
+[0.1.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.13...v0.1.0
+[0.1.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.1.0
+[0.1.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.1.0...v0.1.1
+[0.1.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.1.1
+[0.2.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.1.1...v0.2.0
+[0.2.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.2.0
+[0.3.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.2.0...v0.3.0
+[0.3.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.3.0
+[0.4.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.3.0...v0.4.0
+[0.4.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.4.0
+[0.4.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.4.0...v0.4.1
+[0.4.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.4.1
+[0.5.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.4.1...v0.5.0
+[0.5.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.5.0
+[1.0.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.9.4...v1.0.0
+[1.0.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.0.0
+[1.1.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.0.0...v1.1.0
+[1.1.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.1.0
+[1.2.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.1.0...v1.2.0
+[1.2.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.2.0
+[1.3.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.2.0...v1.3.0
+[1.3.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.3.0
+[1.3.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.3.0...v1.3.1
+[1.3.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.3.1
+[1.4.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.3.1...v1.4.0
+[1.4.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.0
+[1.4.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.0...v1.4.1
+[1.4.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.1
+[1.4.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.1...v1.4.2
+[1.4.2t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.2
+[1.4.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.2...v1.4.3
+[1.4.3t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.3
+[1.4.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.3...v1.4.4
+[1.4.4t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.4
+[1.4.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.4...v1.4.5
+[1.4.5t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.5
+[1.4.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.5...v1.4.6
+[1.4.6t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.6
+[1.4.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.6...v1.4.7
+[1.4.7t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.7
+[1.4.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.7...v1.4.8
+[1.4.8t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.8
+[1.4.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.8...v1.4.9
+[1.4.9t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.9
+[1.4.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.9...v1.4.10
+[1.4.10t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.10
+[1.4.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.10...v1.4.11
+[1.4.11t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.11
+[2.0.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.11...v2.0.0
+[2.0.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.0
+[2.0.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.0...v2.0.1
+[2.0.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.1
+[2.0.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.1...v2.0.2
+[2.0.2t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.2
+[2.0.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.2...v2.0.3
+[2.0.3t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.3
+[2.0.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.3...v2.0.4
+[2.0.4t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.4
+[2.0.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.4...v2.0.5
+[2.0.5t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.5
+[2.0.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.5...v2.0.6
+[2.0.6t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.6
+[2.0.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.6...v2.0.7
+[2.0.7t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.7
+[2.0.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.7...v2.0.8
+[2.0.8t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.8
+[2.0.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.8...v2.0.9
+[2.0.9t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.9
+[2.0.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.9...v2.0.10
+[2.0.10t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.10
+[2.0.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.10...v2.0.11
+[2.0.11t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.11
+[2.0.12]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.11...v2.0.12
+[2.0.12t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.12
+[2.0.13]: https://github.com/ruby-oauth/oauth2/compare/v2.0.12...v2.0.13
+[2.0.13t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.13
diff --git a/Gemfile.lock b/Gemfile.lock
index ffd130c2..b5941c10 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -13,7 +13,7 @@ GIT
 PATH
   remote: .
   specs:
-    oauth2 (2.0.12)
+    oauth2 (2.0.13)
       faraday (>= 0.17.3, < 4.0)
       jwt (>= 1.0, < 4.0)
       logger (~> 1.2)
diff --git a/README.md b/README.md
index e455b59c..93564c6f 100644
--- a/README.md
+++ b/README.md
@@ -1199,7 +1199,7 @@ Thanks for RTFM. ☺️
 [📌gitmoji]:https://gitmoji.dev
 [📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20😜%20😍-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.520-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.519-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
diff --git a/REEK b/REEK
index ac5a98b4..e69de29b 100644
--- a/REEK
+++ b/REEK
@@ -1,131 +0,0 @@
-spec/oauth2/access_token_spec.rb -- 1 warning:
-  [300, 301]:DuplicateMethodCall: assert_initialized_token calls 'target.params' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-spec/oauth2/client_spec.rb -- 3 warnings:
-  [1084]:UnusedParameters: initialize has unused parameter 'client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Unused-Parameters.md]
-  [1084]:UnusedParameters: initialize has unused parameter 'hash' [https://github.com/troessner/reek/blob/v6.5.0/docs/Unused-Parameters.md]
-  [1220]:UtilityFunction: stubbed_client doesn't depend on instance state (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Utility-Function.md]
-spec/oauth2/error_spec.rb -- 3 warnings:
-  [10]:IrresponsibleModule: XmledString has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
-  [4]:SubclassedFromCoreClass: StirredHash inherits from core class 'Hash' [https://github.com/troessner/reek/blob/v6.5.0/docs/Subclassed-From-Core-Class.md]
-  [10]:SubclassedFromCoreClass: XmledString inherits from core class 'String' [https://github.com/troessner/reek/blob/v6.5.0/docs/Subclassed-From-Core-Class.md]
-lib/oauth2/access_token.rb -- 25 warnings:
-  [27]:Attribute: OAuth2::AccessToken#options is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
-  [27]:Attribute: OAuth2::AccessToken#refresh_token is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
-  [27]:Attribute: OAuth2::AccessToken#response is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
-  [326, 334, 341, 348, 355, 362]:DataClump: OAuth2::AccessToken takes parameters ['opts', 'path'] to 6 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Data-Clump.md]
-  [374, 390]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'options[:mode]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [380, 384, 386]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'options[:param_name]' 3 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [382, 383, 384, 386]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'opts[:body]' 4 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [376, 377]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'opts[:headers]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [379, 380]:DuplicateMethodCall: OAuth2::AccessToken#configure_authentication! calls 'opts[:params]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [77, 79]:DuplicateMethodCall: OAuth2::AccessToken#from_hash calls 'fresh.delete(key)' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [19]:InstanceVariableAssumption: OAuth2::AccessToken assumes too much for instance variable '@refresh_token' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
-  [19]:IrresponsibleModule: OAuth2::AccessToken has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
-  [373]:MissingSafeMethod: OAuth2::AccessToken has missing safe method 'configure_authentication!' [https://github.com/troessner/reek/blob/v6.5.0/docs/Missing-Safe-Method.md]
-  [149, 149]:NilCheck: OAuth2::AccessToken#initialize performs a nil-check [https://github.com/troessner/reek/blob/v6.5.0/docs/Nil-Check.md]
-  [268]:NilCheck: OAuth2::AccessToken#revoke performs a nil-check [https://github.com/troessner/reek/blob/v6.5.0/docs/Nil-Check.md]
-  [19]:TooManyInstanceVariables: OAuth2::AccessToken has at least 7 instance variables [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Instance-Variables.md]
-  [19]:TooManyMethods: OAuth2::AccessToken has at least 20 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Methods.md]
-  [373]:TooManyStatements: OAuth2::AccessToken#configure_authentication! has approx 8 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [57]:TooManyStatements: OAuth2::AccessToken#from_hash has approx 12 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [209]:TooManyStatements: OAuth2::AccessToken#refresh has approx 7 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [258]:TooManyStatements: OAuth2::AccessToken#revoke has approx 13 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [18]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-  [305]:UncommunicativeVariableName: OAuth2::AccessToken#to_hash has the variable name 'k' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
-  [305]:UncommunicativeVariableName: OAuth2::AccessToken#to_hash has the variable name 'v' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
-  [394]:UtilityFunction: OAuth2::AccessToken#convert_expires_at doesn't depend on instance state (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Utility-Function.md]
-lib/oauth2/authenticator.rb -- 5 warnings:
-  [68, 70]:FeatureEnvy: OAuth2::Authenticator#apply_basic_auth refers to 'params' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
-  [6]:IrresponsibleModule: OAuth2::Authenticator has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
-  [61]:NilCheck: OAuth2::Authenticator#apply_client_id performs a nil-check [https://github.com/troessner/reek/blob/v6.5.0/docs/Nil-Check.md]
-  [52, 53]:NilCheck: OAuth2::Authenticator#apply_params_auth performs a nil-check [https://github.com/troessner/reek/blob/v6.5.0/docs/Nil-Check.md]
-  [5]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-lib/oauth2/client.rb -- 28 warnings:
-  [28]:Attribute: OAuth2::Client#connection is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
-  [27]:Attribute: OAuth2::Client#options is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
-  [208, 485, 552]:DataClump: OAuth2::Client takes parameters ['access_token_opts', 'extract_access_token'] to 3 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Data-Clump.md]
-  [485, 508, 533, 552]:DataClump: OAuth2::Client takes parameters ['access_token_opts', 'response'] to 4 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Data-Clump.md]
-  [89, 90]:DuplicateMethodCall: OAuth2::Client#connection calls 'options[:connection_build]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [449, 449]:DuplicateMethodCall: OAuth2::Client#execute_request calls 'req_opts[:params]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [336, 337]:DuplicateMethodCall: OAuth2::Client#redirection_params calls 'options[:redirect_uri]' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [152, 153, 154]:DuplicateMethodCall: OAuth2::Client#request calls 'req_opts[:redirect_count]' 3 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [260, 261, 262]:DuplicateMethodCall: OAuth2::Client#revoke_token calls 'req_opts[:params]' 3 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [535, 535]:FeatureEnvy: OAuth2::Client#build_access_token refers to 'access_token' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
-  [366, 369, 375, 377, 378, 380]:FeatureEnvy: OAuth2::Client#params_to_req_opts refers to 'req_opts' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
-  [403, 410, 410, 411, 411, 412, 412, 413, 413, 416]:FeatureEnvy: OAuth2::Client#parse_snaky_params_headers refers to 'params' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
-  [16]:IrresponsibleModule: OAuth2::ConnectionError has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
-  [17]:IrresponsibleModule: OAuth2::TimeoutError has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
-  [535]:ManualDispatch: OAuth2::Client#build_access_token manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md]
-  [20]:TooManyInstanceVariables: OAuth2::Client has at least 5 instance variables [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Instance-Variables.md]
-  [20]:TooManyMethods: OAuth2::Client has at least 25 methods [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Methods.md]
-  [440]:TooManyStatements: OAuth2::Client#execute_request has approx 16 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [208]:TooManyStatements: OAuth2::Client#get_token has approx 6 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [357]:TooManyStatements: OAuth2::Client#params_to_req_opts has approx 9 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [508]:TooManyStatements: OAuth2::Client#parse_response has approx 6 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [402]:TooManyStatements: OAuth2::Client#parse_snaky_params_headers has approx 13 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [146]:TooManyStatements: OAuth2::Client#request has approx 18 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [257]:TooManyStatements: OAuth2::Client#revoke_token has approx 6 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [15]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-  [452, 454]:UncommunicativeVariableName: OAuth2::Client#execute_request has the variable name 'e' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
-  [444]:UncommunicativeVariableName: OAuth2::Client#execute_request has the variable name 'k' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
-  [445]:UncommunicativeVariableName: OAuth2::Client#execute_request has the variable name 'p' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
-lib/oauth2/error.rb -- 8 warnings:
-  [35, 35, 37, 38]:DuplicateMethodCall: OAuth2::Error#error_message calls 'opts[:error_description]' 4 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [13, 14, 15]:DuplicateMethodCall: OAuth2::Error#initialize calls 'response.parsed' 3 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [4]:IrresponsibleModule: OAuth2::Error has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
-  [37, 37]:ManualDispatch: OAuth2::Error#error_message manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md]
-  [12, 21]:ManualDispatch: OAuth2::Error#initialize manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md]
-  [32]:TooManyStatements: OAuth2::Error#error_message has approx 7 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-  [32]:UtilityFunction: OAuth2::Error#error_message doesn't depend on instance state (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Utility-Function.md]
-lib/oauth2/filtered_attributes.rb -- 6 warnings:
-  [18, 28]:DuplicateMethodCall: OAuth2::FilteredAttributes#inspect calls 'self.class' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [2]:IrresponsibleModule: OAuth2::FilteredAttributes has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
-  [7]:IrresponsibleModule: OAuth2::FilteredAttributes::ClassMethods has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
-  [22]:NestedIterators: OAuth2::FilteredAttributes#inspect contains iterators nested 2 deep [https://github.com/troessner/reek/blob/v6.5.0/docs/Nested-Iterators.md]
-  [17]:TooManyStatements: OAuth2::FilteredAttributes#inspect has approx 7 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [1]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-lib/oauth2/response.rb -- 12 warnings:
-  [26]:Attribute: OAuth2::Response#options is a writable attribute [https://github.com/troessner/reek/blob/v6.5.0/docs/Attribute.md]
-  [72]:BooleanParameter: OAuth2::Response#initialize has boolean parameter 'snaky' [https://github.com/troessner/reek/blob/v6.5.0/docs/Boolean-Parameter.md]
-  [41, 57, 162]:ClassVariable: OAuth2::Response declares the class variable '@@content_types' [https://github.com/troessner/reek/blob/v6.5.0/docs/Class-Variable.md]
-  [32, 55, 159, 162]:ClassVariable: OAuth2::Response declares the class variable '@@parsers' [https://github.com/troessner/reek/blob/v6.5.0/docs/Class-Variable.md]
-  [133, 135]:DuplicateMethodCall: OAuth2::Response#content_type calls 'response.headers' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [156, 157, 158, 159]:DuplicateMethodCall: OAuth2::Response#parser calls 'options[:parse]' 4 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-  [12]:InstanceVariableAssumption: OAuth2::Response assumes too much for instance variable '@parsed' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
-  [12]:InstanceVariableAssumption: OAuth2::Response assumes too much for instance variable '@parser' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
-  [110]:ManualDispatch: OAuth2::Response#parsed manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md]
-  [156]:ManualDispatch: OAuth2::Response#parser manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md]
-  [106]:TooManyStatements: OAuth2::Response#parsed has approx 7 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
-  [7]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-lib/oauth2/strategy/assertion.rb -- 5 warnings:
-  [96, 96, 99, 99, 101, 101]:FeatureEnvy: OAuth2::Strategy::Assertion#build_assertion refers to 'encoding_opts' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
-  [32]:InstanceVariableAssumption: OAuth2::Strategy::Assertion assumes too much for instance variable '@client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
-  [79]:LongParameterList: OAuth2::Strategy::Assertion#get_token has 4 parameters [https://github.com/troessner/reek/blob/v6.5.0/docs/Long-Parameter-List.md]
-  [5]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-  [88]:UtilityFunction: OAuth2::Strategy::Assertion#build_request doesn't depend on instance state (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Utility-Function.md]
-lib/oauth2/strategy/auth_code.rb -- 3 warnings:
-  [43, 43]:FeatureEnvy: OAuth2::Strategy::AuthCode#assert_valid_params refers to 'params' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
-  [8]:InstanceVariableAssumption: OAuth2::Strategy::AuthCode assumes too much for instance variable '@client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
-  [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-lib/oauth2/strategy/base.rb -- 2 warnings:
-  [5]:IrresponsibleModule: OAuth2::Strategy::Base has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
-  [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-lib/oauth2/strategy/client_credentials.rb -- 2 warnings:
-  [8]:InstanceVariableAssumption: OAuth2::Strategy::ClientCredentials assumes too much for instance variable '@client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
-  [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-lib/oauth2/strategy/implicit.rb -- 3 warnings:
-  [34, 34]:FeatureEnvy: OAuth2::Strategy::Implicit#assert_valid_params refers to 'params' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
-  [8]:InstanceVariableAssumption: OAuth2::Strategy::Implicit assumes too much for instance variable '@client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
-  [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-lib/oauth2/strategy/password.rb -- 3 warnings:
-  [8]:InstanceVariableAssumption: OAuth2::Strategy::Password assumes too much for instance variable '@client' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
-  [21]:LongParameterList: OAuth2::Strategy::Password#get_token has 4 parameters [https://github.com/troessner/reek/blob/v6.5.0/docs/Long-Parameter-List.md]
-  [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-lib/oauth2/version.rb -- 1 warning:
-  [3]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-lib/oauth2.rb -- 1 warning:
-  [27]:UncommunicativeModuleName: OAuth2 has the name 'OAuth2' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Module-Name.md]
-.yard_gfm_support.rb -- 1 warning:
-  [9, 9]:FeatureEnvy: KramdownGfmDocument#initialize refers to 'options' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
-112 total warnings
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 95a3a397..a60fa9c7 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 5919077f..2ca4709a 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 4d9d667a..d4faefe5 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 3fca37e1..3d722071 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 1e4b93b4..bfe8dd19 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 915c8939..76703de3 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 1c6b9a29..bdf8e4dc 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 201e9a34..8fdc5009 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 62aa1089..eeb273b2 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                  Defined Under Namespace
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 9ade5bac..5367ac5b 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 03728d46..0b8f3073 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 6c8e1133..1d387d86 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 557cfb5d..5cbf6890 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index c86d532b..fdfe4c71 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index daaf59d6..21b3dd85 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
                  
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index c5ced425..59920dfc 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -95,7 +95,7 @@ 
                  
         
                  VERSION =
           
         
                  
-        
                  "2.0.12"
                  
+        
                  "2.0.13"
                  
       
     
   
@@ -111,7 +111,7 @@ 
                  
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index a1fb0f3a..69a10497 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -84,6 +84,57 @@ 
                  File Listing
                  
     
                28. LICENSE
                  29. 
     
   
+    
                29. CITATION
                  30. 
+    
+  
+    
                30. oauth2-2.0.10.gem
                  31. 
+    
+  
+    
                31. oauth2-2.0.11.gem
                  32. 
+    
+  
+    
                32. oauth2-2.0.12.gem
                  33. 
+    
+  
+    
                33. oauth2-2.0.10.gem
                  34. 
+    
+  
+    
                34. oauth2-2.0.11.gem
                  35. 
+    
+  
+    
                35. oauth2-2.0.12.gem
                  36. 
+    
+  
+    
                36. REEK
                  37. 
+    
+  
+    
                37. access_token
                  38. 
+    
+  
+    
                38. authenticator
                  39. 
+    
+  
+    
                39. client
                  40. 
+    
+  
+    
                40. error
                  41. 
+    
+  
+    
                41. filtered_attributes
                  42. 
+    
+  
+    
                42. response
                  43. 
+    
+  
+    
                43. strategy
                  44. 
+    
+  
+    
                44. version
                  45. 
+    
+  
+    
                45. oauth2
                  46. 
+    
+  
   
 
 
                  
@@ -306,7 +357,7 @@ 
                  Namespace Listing A-Z
                  
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index deb31c1f..97b53b5b 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -65,7 +65,22 @@
 
 
                  Unreleased
                  
 
                  Added
                  
+
                  Changed
                  
+
                  Deprecated
                  
+
                  Removed
                  
+
                  Fixed
                  
+
                  Security
                  
+
+
                  
+2.0.13 - 2025-08-30
                  
 
                    
+  
                  • TAG: v2.0.13
+
                    • 
+  
                  • COVERAGE: 100.00% – 519/519 lines in 14 files
                    • 
+  
                  • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
                    • 
+  
                  • 90.48% documented
+    
                    Added
                    
+  
                    • 
   
                  • 
 gh656 - Support revocation with URL-encoded parameters
                    • 
   
                  • 
@@ -77,30 +92,28 @@ 
                    Added
                    
   
                  • 
 gh657 - Updated documentation for org-rename by @pboling
                    • 
   
                  • More funding links by @Aboling0
-    
                    Changed
                    
+    
                    Changed
                    
   
                    • 
   
                  • Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
                    • 
   
                  • 
 gh660 - Shrink post-install message by 4 lines by @pboling
-    
                    Deprecated
                    
-    
                    Removed
                    
-    
                    Fixed
                    
+    
                    Fixed
                    
   
                    • 
   
                  • 
 gh660 - Links in README (including link to HEAD documentation) by @pboling
-    
                    Security
                    
+    
                    Security
                    
   
                    • 
 
                  
 
 
                  
 2.0.12 - 2025-05-31
                  
 
                    
-  
                  • TAG: v2.0.12
+  
                  • TAG: v2.0.12
 
                    • 
   
                  • Line Coverage: 100.0% (520 / 520)
                    • 
   
                  • Branch Coverage: 100.0% (174 / 174)
                    • 
   
                  • 80.00% documented
-    
                    Added
                    
+    
                    Added
                    
   
                    • 
   
                  • 
 gh652 - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
@@ -115,27 +128,27 @@ 
                    Added
                    
     
                  
   
   
                46. Documentation site @ https://oauth2.galtzo.com now complete
-    
                  Changed
                  
+    
                  Changed
                  
   
                  47. 
   
                47. Updates to gemspec (email, funding url, post install message)
     
                  Deprecated
                  
     
                  Removed
                  
-    
                  Fixed
                  
+    
                  Fixed
                  
   
                  48. 
   
                48. Documentation Typos by @pboling
-    
                  Security
                  
+    
                  Security
                  
   
                  49. 
 
 
 
                  
 2.0.11 - 2025-05-23
                  
 
                    
-  
                  • TAG: v2.0.11
+  
                  • TAG: v2.0.11
 
                    • 
   
                  • COVERAGE: 100.00% – 518/518 lines in 14 files
                    • 
   
                  • BRANCH COVERAGE: 100.00% – 172/172 branches in 14 files
                    • 
   
                  • 80.00% documented
-    
                    Added
                    
+    
                    Added
                    
   
                    • 
   
                  • 
 gh651 - :snaky_hash_klass option (@pboling)
                    • 
@@ -167,7 +180,7 @@ 
                    Added
                    
 gh651 - Mock OAuth2 server for testing (@pboling)
     
                      
       
                    • https://github.com/navikt/mock-oauth2-server
-        
                      Changed
                      
+        
                      Changed
                      
       
                      • 
     
                    
   
@@ -180,7 +193,7 @@ 
                    Changed
                    
     
                  
   
   
                49. Updated spec.homepage_uri in gemspec to GitHub Pages YARD documentation site (@pboling)
-    
                  Fixed
                  
+    
                  Fixed
                  
   
                  50. 
   
                50. 
 gh650 - Regression in return type of OAuth2::Response#parsed (@pboling)
                  51. 
@@ -192,12 +205,12 @@ 
                  Fixed
                  
 
                  
 2.0.10 - 2025-05-17
                  
 
                    
-  
                  • TAG: v2.0.10
+  
                  • TAG: v2.0.10
 
                    • 
   
                  • COVERAGE: 100.00% – 518/518 lines in 14 files
                    • 
   
                  • BRANCH COVERAGE: 100.00% – 170/170 branches in 14 files
                    • 
   
                  • 79.05% documented
-    
                    Added
                    
+    
                    Added
                    
   
                    • 
   
                  • 
 gh!632 - Added funding.yml (@Aboling0)
                    • 
@@ -260,7 +273,7 @@ 
                    Added
                    
 gh!644, gh!645 - Added CITATION.cff (@Aboling0)
   
                  • 
 !648 - Improved documentation (@pboling)
-    
                    Changed
                    
+    
                    Changed
                    
   
                    • 
   
                  • Default value of OAuth2.config.silence_extra_tokens_warning was false, now true (@pboling)
                    • 
   
                  • Gem releases are now cryptographically signed, with a 20-year cert (@pboling)
@@ -280,7 +293,7 @@ 
                    Changed
                    
 !647 - OAuth2.config is no longer writable (@pboling)
                    • 
   
                  • 
 !647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling)
-    
                    Fixed
                    
+    
                    Fixed
                    
   
                    • 
   
                  • 
 #95 - restoring an access token via AccessToken#from_hash (@pboling)
                    • 
@@ -339,11 +352,11 @@ 
                    Fixed
                    
 
                    
 2.0.9 - 2022-09-16
                    
 
                      
-  
                    • TAG: v2.0.9
-    
                      Added
                      
+  
                    • TAG: v2.0.9
+    
                      Added
                      
   
                      • 
   
                    • More specs (@pboling)
-    
                      Changed
                      
+    
                      Changed
                      
   
                      • 
   
                    • Complete migration to main branch as default (@pboling)
                      • 
   
                    • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
                      • 
@@ -352,14 +365,14 @@ 
                      Changed
                      
 
                      
 2.0.8 - 2022-09-01
                      
 
                        
-  
                      • TAG: v2.0.8
-    
                        Changed
                        
+  
                      • TAG: v2.0.8
+    
                        Changed
                        
   
                        • 
   
                      • 
 !630 - Extract snaky_hash to external dependency (@pboling)
                        • 
   
                      • 
 !630 - Extract snaky_hash to external dependency (@pboling)
-    
                        Added
                        
+    
                        Added
                        
   
                        • 
   
                      • 
 !631 - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes #628
@@ -372,14 +385,14 @@ 
                        Added
                        
 
                        
 2.0.7 - 2022-08-22
                        
 
                          
-  
                        • TAG: v2.0.7
-    
                          Added
                          
+  
                        • TAG: v2.0.7
+    
                          Added
                          
   
                          • 
   
                        • 
 !629 - Allow POST of JSON to get token (@pboling, @terracatta)
                          • 
   
                        • 
 !629 - Allow POST of JSON to get token (@pboling, @terracatta)
-    
                          Fixed
                          
+    
                          Fixed
                          
   
                          • 
   
                        • 
 !626 - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
                          • 
@@ -398,8 +411,8 @@ 
                          Fixed
                          
 
                          
 2.0.6 - 2022-07-13
                          
 
                            
-  
                          • TAG: v2.0.6
-    
                            Fixed
                            
+  
                          • TAG: v2.0.6
+    
                            Fixed
                            
   
                            • 
   
                          • 
 !624 - Fixes a regression in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
                            • 
@@ -410,8 +423,8 @@ 
                            Fixed
                            
 
                            
 2.0.5 - 2022-07-07
                            
 
                              
-  
                            • TAG: v2.0.5
-    
                              Fixed
                              
+  
                            • TAG: v2.0.5
+    
                              Fixed
                              
   
                              • 
   
                            • 
 !620 - Documentation improvements, to help with upgrading (@swanson)
                              • 
@@ -439,8 +452,8 @@ 
                              Fixed
                              
 
                              
 2.0.4 - 2022-07-01
                              
 
                                
-  
                              • TAG: v2.0.4
-    
                                Fixed
                                
+  
                              • TAG: v2.0.4
+    
                                Fixed
                                
   
                                • 
   
                              • 
 !618 - In some scenarios the snaky option default value was not applied (@pboling)
                                • 
@@ -451,8 +464,8 @@ 
                                Fixed
                                
 
                                
 2.0.3 - 2022-06-28
                                
 
                                  
-  
                                • TAG: v2.0.3
-    
                                  Added
                                  
+  
                                • TAG: v2.0.3
+    
                                  Added
                                  
   
                                  • 
   
                                • 
 !611 - Proper deprecation warnings for extract_access_token argument (@pboling)
                                  • 
@@ -462,7 +475,7 @@ 
                                  Added
                                  
 !611 - Proper deprecation warnings for extract_access_token argument (@pboling)
   
                                • 
 !612 - Add snaky: false option to skip conversion to OAuth2::SnakyHash (default: true) (@pboling)
-    
                                  Fixed
                                  
+    
                                  Fixed
                                  
   
                                  • 
   
                                • 
 !608 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@nbibler)
                                  • 
@@ -477,8 +490,8 @@ 
                                  Fixed
                                  
 
                                  
 2.0.2 - 2022-06-24
                                  
 
                                    
-  
                                  • TAG: v2.0.2
-    
                                    Fixed
                                    
+  
                                  • TAG: v2.0.2
+    
                                    Fixed
                                    
   
                                    • 
   
                                  • 
 !604 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@stanhu)
                                    • 
@@ -497,8 +510,8 @@ 
                                    Fixed
                                    
 
                                    
 2.0.1 - 2022-06-22
                                    
 
                                      
-  
                                    • TAG: v2.0.1
-    
                                      Added
                                      
+  
                                    • TAG: v2.0.1
+    
                                      Added
                                      
   
                                      • 
   
                                    • Documentation improvements (@pboling)
                                      • 
   
                                    • Increased test coverage to 99% (@pboling)
                                      • 
@@ -507,8 +520,8 @@ 
                                      Added
                                      
 
                                      
 2.0.0 - 2022-06-21
                                      
 
                                        
-  
                                      • TAG: v2.0.0
-    
                                        Added
                                        
+  
                                      • TAG: v2.0.0
+    
                                        Added
                                        
   
                                        • 
   
                                      • 
 !158, !344 - Optionally pass raw response to parsers (@niels)
                                        • 
@@ -614,7 +627,7 @@ 
                                        Added
                                        
 !575 - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
   
                                      • 
 !581 - Documentation: of breaking changes (@pboling)
-    
                                        Changed
                                        
+    
                                        Changed
                                        
   
                                        • 
   
                                      • 
 !191 - BREAKING: Token is expired if expired_at time is now (@davestevens)
                                        • 
@@ -670,7 +683,7 @@ 
                                        Changed
                                        
 !576 - BREAKING: Stop rescuing parsing errors (@pboling)
   
                                      • 
 !591 - DEPRECATION: OAuth2::Client - :extract_access_token option is deprecated
-    
                                        Fixed
                                        
+    
                                        Fixed
                                        
   
                                        • 
   
                                      • 
 !158, !344 - Handling of errors when using omniauth-facebook (@niels)
                                        • 
@@ -775,7 +788,7 @@ 
                                        Removed
                                        
 
                                        
 1.4.11 - 2022-09-16
                                        
 
                                          
-  
                                        • TAG: v1.4.11
+  
                                        • TAG: v1.4.11
 
                                          • 
   
                                        • Complete migration to main branch as default (@pboling)
                                          • 
   
                                        • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
                                          • 
@@ -784,7 +797,7 @@ 
                                          
 
                                          
 1.4.10 - 2022-07-01
                                          
 
                                            
-  
                                          • TAG: v1.4.10
+  
                                          • TAG: v1.4.10
 
                                            • 
   
                                          • FIPS Compatibility !587 (@akostadinov)
                                            • 
   
                                          • FIPS Compatibility !587 (@akostadinov)
                                            • 
@@ -793,7 +806,7 @@ 
                                            
 
                                            
 1.4.9 - 2022-02-20
                                            
 
                                              
-  
                                            • TAG: v1.4.9
+  
                                            • TAG: v1.4.9
 
                                              • 
   
                                            • Fixes compatibility with Faraday v2 572
 
                                              • 
@@ -812,7 +825,7 @@ 
                                              
 
                                              
 1.4.8 - 2022-02-18
                                              
 
                                                
-  
                                              • TAG: v1.4.8
+  
                                              • TAG: v1.4.8
 
                                                • 
   
                                              • MFA is now required to push new gem versions (@pboling)
                                                • 
   
                                              • README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling)
                                                • 
@@ -832,7 +845,7 @@ 
                                                
 
                                                
 1.4.7 - 2021-03-19
                                                
 
                                                  
-  
                                                • TAG: v1.4.7
+  
                                                • TAG: v1.4.7
 
                                                  • 
   
                                                • 
 !541 - Backport fix to expires_at handling !533 to 1-4-stable branch. (@dobon)
                                                  • 
@@ -843,7 +856,7 @@ 
                                                  
 
                                                  
 1.4.6 - 2021-03-19
                                                  
 
                                                    
-  
                                                  • TAG: v1.4.6
+  
                                                  • TAG: v1.4.6
 
                                                    • 
   
                                                  • 
 !540 - Add VERSION constant (@pboling)
                                                    • 
@@ -862,7 +875,7 @@ 
                                                    
 
                                                    
 1.4.5 - 2021-03-18
                                                    
 
                                                      
-  
                                                    • TAG: v1.4.5
+  
                                                    • TAG: v1.4.5
 
                                                      • 
   
                                                    • 
 !535 - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to !536 on main branch (@pboling)
                                                      • 
@@ -885,7 +898,7 @@ 
                                                      
 
                                                      
 1.4.4 - 2020-02-12
                                                      
 
                                                        
-  
                                                      • TAG: v1.4.4
+  
                                                      • TAG: v1.4.4
 
                                                        • 
   
                                                      • 
 !408 - Fixed expires_at for formatted time (@Lomey)
                                                        • 
@@ -896,7 +909,7 @@ 
                                                        
 
                                                        
 1.4.3 - 2020-01-29
                                                        
 
                                                          
-  
                                                        • TAG: v1.4.3
+  
                                                        • TAG: v1.4.3
 
                                                          • 
   
                                                        • 
 !483 - add project metadata to gemspec (@orien)
                                                          • 
@@ -919,7 +932,7 @@ 
                                                          
 
                                                          
 1.4.2 - 2019-10-01
                                                          
 
                                                            
-  
                                                          • TAG: v1.4.2
+  
                                                          • TAG: v1.4.2
 
                                                            • 
   
                                                          • 
 !478 - support latest version of faraday & fix build (@pboling)
                                                            • 
@@ -934,7 +947,7 @@ 
                                                            
 
                                                            
 1.4.1 - 2018-10-13
                                                            
 
                                                              
-  
                                                            • TAG: v1.4.1
+  
                                                            • TAG: v1.4.1
 
                                                              • 
   
                                                            • 
 !417 - update jwt dependency (@thewoolleyman)
                                                              • 
@@ -991,7 +1004,7 @@ 
                                                              
 
                                                              
 1.4.0 - 2017-06-09
                                                              
 
                                                                
-  
                                                              • TAG: v1.4.0
+  
                                                              • TAG: v1.4.0
 
                                                                • 
   
                                                              • Drop Ruby 1.8.7 support (@sferik)
                                                                • 
   
                                                              • Fix some RuboCop offenses (@sferik)
                                                                • 
@@ -1004,7 +1017,7 @@ 
                                                                
 
                                                                
 1.3.1 - 2017-03-03
                                                                
 
                                                                  
-  
                                                                • TAG: v1.3.1
+  
                                                                • TAG: v1.3.1
 
                                                                  • 
   
                                                                • Add support for Ruby 2.4.0 (@pschambacher)
                                                                  • 
   
                                                                • 
@@ -1014,7 +1027,7 @@ 
                                                                  
 
                                                                  
 1.3.0 - 2016-12-28
                                                                  
 
                                                                    
-  
                                                                  • TAG: v1.3.0
+  
                                                                  • TAG: v1.3.0
 
                                                                    • 
   
                                                                  • Add support for header-based authentication to the Client so it can be used across the library (@bjeanes)
                                                                    • 
   
                                                                  • Default to header-based authentication when getting a token from an authorisation code (@maletor)
                                                                    • 
@@ -1029,7 +1042,7 @@ 
                                                                    
 
                                                                    
 1.2.0 - 2016-07-01
                                                                    
 
                                                                      
-  
                                                                    • TAG: v1.2.0
+  
                                                                    • TAG: v1.2.0
 
                                                                      • 
   
                                                                    • Properly handle encoding of error responses (so we don’t blow up, for example, when Google’s response includes a ∞) (@Motoshi-Nishihira)
                                                                      • 
   
                                                                    • Make a copy of the options hash in AccessToken#from_hash to avoid accidental mutations (@Linuus)
                                                                      • 
@@ -1039,7 +1052,7 @@ 
                                                                      
 
                                                                      
 1.1.0 - 2016-01-30
                                                                      
 
                                                                        
-  
                                                                      • TAG: v1.1.0
+  
                                                                      • TAG: v1.1.0
 
                                                                        • 
   
                                                                      • Various refactors (eliminating Hash#merge! usage in AccessToken#refresh!, use yield instead of #call, freezing mutable objects in constants, replacing constants with class variables) (@sferik)
                                                                        • 
   
                                                                      • Add support for Rack 2, and bump various other dependencies (@sferik)
                                                                        • 
@@ -1048,11 +1061,11 @@ 
                                                                        
 
                                                                        
 1.0.0 - 2014-07-09
                                                                        
 
                                                                          
-  
                                                                        • TAG: v1.0.0
-    
                                                                          Added
                                                                          
+  
                                                                        • TAG: v1.0.0
+    
                                                                          Added
                                                                          
   
                                                                          • 
   
                                                                        • Add an implementation of the MAC token spec.
-    
                                                                          Fixed
                                                                          
+    
                                                                          Fixed
                                                                          
   
                                                                          • 
   
                                                                        • Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
                                                                          • 
 
                                                                        
@@ -1060,8 +1073,8 @@ 
                                                                        Fixed
                                                                        
 
                                                                        
 0.5.0 - 2011-07-29
                                                                        
 
                                                                          
-  
                                                                        • TAG: v0.5.0
-    
                                                                          Changed
                                                                          
+  
                                                                        • TAG: v0.5.0
+    
                                                                          Changed
                                                                          
   
                                                                          • 
   
                                                                        • 
 breaking oauth_token renamed to oauth_bearer.
                                                                          • 
@@ -1078,140 +1091,140 @@ 
                                                                          Changed
                                                                          
 
                                                                          
 0.4.1 - 2011-04-20
                                                                          
 
 
 
                                                                          
 0.4.0 - 2011-04-20
                                                                          
 
 
 
                                                                          
 0.3.0 - 2011-04-08
                                                                          
 
 
 
                                                                          
 0.2.0 - 2011-04-01
                                                                          
 
 
 
                                                                          
 0.1.1 - 2011-01-12
                                                                          
 
 
 
                                                                          
 0.1.0 - 2010-10-13
                                                                          
 
 
 
                                                                          
 0.0.13 - 2010-08-17
                                                                          
 
 
 
                                                                          
 0.0.12 - 2010-08-17
                                                                          
 
 
 
                                                                          
 0.0.11 - 2010-08-17
                                                                          
 
 
 
                                                                          
 0.0.10 - 2010-06-19
                                                                          
 
 
 
                                                                          
 0.0.9 - 2010-06-18
                                                                          
 
 
 
                                                                          
 0.0.8 - 2010-04-27
                                                                          
 
 
 
                                                                          
 0.0.7 - 2010-04-27
                                                                          
 
 
 
                                                                          
 0.0.6 - 2010-04-25
                                                                          
 
 
 
                                                                          
 0.0.5 - 2010-04-23
                                                                          
 
 
 
                                                                          
 0.0.4 - 2010-04-22
                                                                          
 
 
 
                                                                          
 0.0.3 - 2010-04-22
                                                                          
 
 
 
                                                                          
 0.0.2 - 2010-04-22
                                                                          
 
 
 
                                                                          
-0.0.1 - 2010-04-22
                                                                          
+0.0.1 - 2010-04-22
 
 
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index c729aa44..163c9de9 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -69,10 +69,7 @@
 family-names: Boling
                                                                          
 email: peter@railsbling.com
                                                                          
 affiliation: railsbling.com
                                                                          
-orcid: ‘https://orcid.org/0009-0008-8519-441X’
-  
                                                                        • given-names: Aboling0
                                                                          
-email: aboling@railsbling.com
                                                                          
-affiliation: railsbling.com
                                                                          
+orcid: ‘https://orcid.org/0009-0008-8519-441X’
                                                                          
 identifiers:
                                                                          • 
   
                                                                        • type: url
                                                                          
 value: ‘https://github.com/ruby-oauth/oauth2’
                                                                          
@@ -85,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 97cb79bf..8f630240 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                                                                          Attribution
                                                                          
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 8d0b9608..8297a00a 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ 
                                                                          Manual process
                                                                          
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index f33accb0..aae8fd0c 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                                                                          Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index e8fcaea0..c427de52 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                                                                          MIT License

                                                                          Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                                                                          Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                                                                          Permission is hereby granted, free of charge, to any person obtaining a copy
                                                                          of this software and associated documentation files (the "Software"), to deal
                                                                          in the Software without restriction, including without limitation the rights
                                                                          to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                                                                          copies of the Software, and to permit persons to whom the Software is
                                                                          furnished to do so, subject to the following conditions:

                                                                          The above copyright notice and this permission notice shall be included in all
                                                                          copies or substantial portions of the Software.

                                                                          THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                                                                          IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                                                                          FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                                                                          AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                                                                          LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                                                                          OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                                                                          SOFTWARE.
                                                                          
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index eb1f6961..18ac837e 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -259,7 +259,7 @@ 
                                                                          💡 Info you can shake a stick at
                                                                          
     
                
       Source
       
-Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
+Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
 
     
                
     
                
 
 
 
 
 
 
 
       
 
 
       
   
     
     
                
       Source
       
-Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
+Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
 
     
                
     
                
 
 
 
 
 
 
 
       
                
-  
-    
-      
-      
-    
-  
-  
-    
-      
-      
-    
-  
-
                🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎
                👟 Check it out!github.com/appraisal-rb/appraisal2
                
-
-
                  
-  
                • Operating Systems: Linux, MacOS, Windows
                  • 
-  
                • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
-    
                    
-      
                  • NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
                    • 
-    
                  
-  
                  • 
-  
                • JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
                  • 
-  
                • TruffleRuby @ v23.1, v24.1, HEAD
                  • 
-  
                • gem faraday @ v0, v1, v2, HEAD ⏩️ lostisland/faraday
-
                  • 
-  
                • gem jwt @ v1, v2, v3, HEAD ⏩️ jwt/ruby-jwt
-
                  • 
-  
                • gem logger @ v1.2, v1.5, v1.7, HEAD ⏩️ ruby/logger
-
                  • 
-  
                • gem multi_xml @ v0.5, v0.6, v0.7, HEAD ⏩️ sferik/multi_xml
-
                  • 
-  
                • gem rack @ v1.2, v1.6, v2, v3, HEAD ⏩️ rack/rack
-
                  • 
-  
                • gem snaky_hash @ v2, HEAD ⏩️ ruby-oauth/snaky_hash
-
                  • 
-  
                • gem version_gem @ v1, HEAD ⏩️ ruby-oauth/version_gem
-
                  • 
-
                
-
-
                The last two were extracted from this gem. They are part of the ruby-oauth org,
                
-and are developed in tight collaboration with this gem.
                
-
-
                Also, where reasonable, tested against the runtime dependencies of those dependencies:
                
-
-
                  
-  
                • gem hashie @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ hashie/hashie
-
                  • 
-
                
-
-
                You should upgrade this gem with confidence*.
                
-
-
                  
-  
                • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer.
-    
                    
-      
                  • Dropping support for any of the runtime dependency versions above will be a major version bump.
                    • 
-      
                  • If you aren’t on one of the minor versions above, make getting there a priority.
                    • 
-    
                  
-  
                  • 
-  
                • You should upgrade the dependencies of this gem with confidence*.
                  • 
-  
                • Please do upgrade, and then, when it goes smooth as butter please sponsor me.  Thanks!
                  • 
-
                
-
-
                * MIT license; The only guarantees I make are for enterprise support.
                
-
-
                
-  Standard Library Dependencies
-
-The various versions of each are tested via the Ruby test matrix, along with whatever Ruby includes them.
-
-* base64
-* cgi
-* json
-* time
-* logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10)
-
-If you use a gem version of a core Ruby library it should work fine!
-
-
                
-
 
                If it seems like you are in the wrong place, you might try one of these:
                
 
 
 
 
                💡 Info you can shake a stick at
                
@@ -265,7 +168,7 @@ 
                💡 Info you can shake a stick at
                
     
                
       Documentation
       
-Current release on RubyDoc.info YARD on Galtzo.com Maintainer Blog Wiki
+Discussion Current release on RubyDoc.info YARD on Galtzo.com Maintainer Blog Wiki
 
     
                
     
                
 
 
 
 
                
@@ -321,27 +239,96 @@ 
                Compatibility
                
   
   
 
                
 
+
                  
+  
                • Operating Systems: Linux, MacOS, Windows
                  • 
+  
                • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
+    
                    
+      
                  • NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
                    • 
+    
                  
+  
                  • 
+  
                • JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
                  • 
+  
                • TruffleRuby @ v23.1, v24.1, HEAD
                  • 
+  
                • gem faraday @ v0, v1, v2, HEAD ⏩️ lostisland/faraday
+
                  • 
+  
                • gem jwt @ v1, v2, v3, HEAD ⏩️ jwt/ruby-jwt
+
                  • 
+  
                • gem logger @ v1.2, v1.5, v1.7, HEAD ⏩️ ruby/logger
+
                  • 
+  
                • gem multi_xml @ v0.5, v0.6, v0.7, HEAD ⏩️ sferik/multi_xml
+
                  • 
+  
                • gem rack @ v1.2, v1.6, v2, v3, HEAD ⏩️ rack/rack
+
                  • 
+  
                • gem snaky_hash @ v2, HEAD ⏩️ ruby-oauth/snaky_hash
+
                  • 
+  
                • gem version_gem @ v1, HEAD ⏩️ ruby-oauth/version_gem
+
                  • 
+
                
+
+
                The last two were extracted from this gem. They are part of the ruby-oauth org,
                
+and are developed in tight collaboration with this gem.
                
+
+
                Also, where reasonable, tested against the runtime dependencies of those dependencies:
                
+
+
                  
+  
                • gem hashie @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ hashie/hashie
+
                  • 
+
                
+
+
                You should upgrade this gem with confidence*.
                
+
+
                  
+  
                • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer.
+    
                    
+      
                  • Dropping support for any of the runtime dependency versions above will be a major version bump.
                    • 
+      
                  • If you aren’t on one of the minor versions above, make getting there a priority.
                    • 
+    
                  
+  
                  • 
+  
                • You should upgrade the dependencies of this gem with confidence*.
                  • 
+  
                • Please do upgrade, and then, when it goes smooth as butter please sponsor me.  Thanks!
                  • 
+
                
+
+
                * MIT license; The only guarantees I make are for enterprise support.
                
+
+
                
+  Standard Library Dependencies
+
+The various versions of each are tested via the Ruby test matrix, along with whatever Ruby includes them.
+
+* base64
+* cgi
+* json
+* time
+* logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10)
+
+If you use a gem version of a core Ruby library it should work fine!
+
+
                
+
 
                Federated DVCS
                
 
 
                
   Find this repo on other forges (Coming soon!)
 
-| Federated [DVCS][💎d-in-dvcs] Repository        | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
-|-------------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
-| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]   | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
-| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb] | An Ethical Mirror ([Donate][🤝cb-donate])                             | [💚][🤝cb-issues]         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
-| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]   | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | [💚][gh-discussions]         |
-| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                          | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
-| 🎮️ [Discord Server][✉️discord-invite]          | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
+| Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
+|-----------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
+| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]    | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
+| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb]  | An Ethical Mirror ([Donate][🤝cb-donate])                             | [💚][🤝cb-issues]         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
+| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]    | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | [💚][gh-discussions]         |
+| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                              | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
+| 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
 
 
                
 
 
                Enterprise Support Tidelift
 
                
 
+
                Available as part of the Tidelift Subscription.
                
+
 
                
   Need enterprise-level guarantees?
 
+The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use.
+
 [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
 
 - 💡Subscribe for support guarantees covering _all_ your FLOSS dependencies
@@ -403,12 +390,6 @@ 
                🔒 Secure Installation
                
 
 
                
 
-
                OAuth2 for Enterprise
                
-
-
                Available as part of the Tidelift Subscription.
                
-
-
                The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.
                
-
 
                Security contact information
                
 
 
                To report a security vulnerability, please use the Tidelift security contact.
                
@@ -715,7 +696,7 @@ 
                Serialization Extensions
                
 
 
                See response_spec.rb, or the ruby-oauth/snaky_hash gem for more ideas.
                
 
-
                What if I hate snakes and/or indifference?
                
+
                Prefer camelCase over snake_case? => snaky: false
                
 
 
                response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
 JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
@@ -1114,7 +1095,7 @@ 
                🔐 Security
                
 
                🤝 Contributing
                
 
 
                If you need some ideas of where to help, you could work on adding more code coverage,
                
-or if it is already 💯 (see below) check reek, issues, or PRs,
                
+or if it is already 💯 (see below) check reek, issues, or PRs,
                
 or use the gem and think about how it could be better.
                
 
 
                We Keep A Changelog so if you make changes, remember to update it.
                
@@ -1260,7 +1241,7 @@ 
                Please give the project a star ⭐ ♥
 
              
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 51c8f8f8..aac7c302 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
              Benefits of rubocop_gradual
              
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index b3e2756d..20614ad4 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
              Enterprise Support
              
 
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index 642f6214..95fe7792 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -87,91 +87,6 @@ 
              File List
              
   
   
 
-  
            • 
-    
              CITATION
              
-  
              • 
-  
-
-  
            • 
-    
              oauth2-2.0.10.gem
              
-  
              • 
-  
-
-  
            • 
-    
              oauth2-2.0.11.gem
              
-  
              • 
-  
-
-  
            • 
-    
              oauth2-2.0.12.gem
              
-  
              • 
-  
-
-  
            • 
-    
              oauth2-2.0.10.gem
              
-  
              • 
-  
-
-  
            • 
-    
              oauth2-2.0.11.gem
              
-  
              • 
-  
-
-  
            • 
-    
              oauth2-2.0.12.gem
              
-  
              • 
-  
-
-  
            • 
-    
              REEK
              
-  
              • 
-  
-
-  
            • 
-    
              access_token
              
-  
              • 
-  
-
-  
            • 
-    
              authenticator
              
-  
              • 
-  
-
-  
            • 
-    
              client
              
-  
              • 
-  
-
-  
            • 
-    
              error
              
-  
              • 
-  
-
-  
            • 
-    
              filtered_attributes
              
-  
              • 
-  
-
-  
            • 
-    
              response
              
-  
              • 
-  
-
-  
            • 
-    
              strategy
              
-  
              • 
-  
-
-  
            • 
-    
              version
              
-  
              • 
-  
-
-  
            • 
-    
              oauth2
              
-  
              • 
-  
-
 
       
     
diff --git a/docs/index.html b/docs/index.html
index 0e4c4866..15c9a489 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -113,103 +113,6 @@ 
              Quick Example
              
 
 
 
-
              Upgrading Runtime Gem Dependencies
              
-
-
              This project sits underneath a large portion of the authorization systems on the internet.
              
-According to GitHub’s project tracking, which I believe only reports on public projects,
              
-100,000+ projects, and
              
-500+ packages depend on this project.
              
-
-
              That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
              
-
-
              As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
              
-leading versions per each minor version of Ruby of all the runtime dependencies it can install with.
              
-
-
              What does that mean specifically for the runtime dependencies?
              
-
-
              We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
              
-covering the latest patch for each of the following minor versions:
              
-
-
-  
-    
-      
-      
-    
-  
-  
-    
-      
-      
-    
-  
-
              🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎
              👟 Check it out!github.com/appraisal-rb/appraisal2
              
-
-
                
-  
              • Operating Systems: Linux, MacOS, Windows
                • 
-  
              • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
-    
                  
-      
                • NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
                  • 
-    
                
-  
                • 
-  
              • JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
                • 
-  
              • TruffleRuby @ v23.1, v24.1, HEAD
                • 
-  
              • gem faraday @ v0, v1, v2, HEAD ⏩️ lostisland/faraday
-
                • 
-  
              • gem jwt @ v1, v2, v3, HEAD ⏩️ jwt/ruby-jwt
-
                • 
-  
              • gem logger @ v1.2, v1.5, v1.7, HEAD ⏩️ ruby/logger
-
                • 
-  
              • gem multi_xml @ v0.5, v0.6, v0.7, HEAD ⏩️ sferik/multi_xml
-
                • 
-  
              • gem rack @ v1.2, v1.6, v2, v3, HEAD ⏩️ rack/rack
-
                • 
-  
              • gem snaky_hash @ v2, HEAD ⏩️ ruby-oauth/snaky_hash
-
                • 
-  
              • gem version_gem @ v1, HEAD ⏩️ ruby-oauth/version_gem
-
                • 
-
              
-
-
              The last two were extracted from this gem. They are part of the ruby-oauth org,
              
-and are developed in tight collaboration with this gem.
              
-
-
              Also, where reasonable, tested against the runtime dependencies of those dependencies:
              
-
-
                
-  
              • gem hashie @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ hashie/hashie
-
                • 
-
              
-
-
              You should upgrade this gem with confidence*.
              
-
-
                
-  
              • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer.
-    
                  
-      
                • Dropping support for any of the runtime dependency versions above will be a major version bump.
                  • 
-      
                • If you aren’t on one of the minor versions above, make getting there a priority.
                  • 
-    
                
-  
                • 
-  
              • You should upgrade the dependencies of this gem with confidence*.
                • 
-  
              • Please do upgrade, and then, when it goes smooth as butter please sponsor me.  Thanks!
                • 
-
              
-
-
              * MIT license; The only guarantees I make are for enterprise support.
              
-
-
              
-  Standard Library Dependencies
-
-The various versions of each are tested via the Ruby test matrix, along with whatever Ruby includes them.
-
-* base64
-* cgi
-* json
-* time
-* logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10)
-
-If you use a gem version of a core Ruby library it should work fine!
-
-
              
-
 
              If it seems like you are in the wrong place, you might try one of these:
              
 
 
 
 
              💡 Info you can shake a stick at
              
@@ -265,7 +168,7 @@ 
              💡 Info you can shake a stick at
              
     
              
       Documentation
       
-Current release on RubyDoc.info YARD on Galtzo.com Maintainer Blog Wiki
+Discussion Current release on RubyDoc.info YARD on Galtzo.com Maintainer Blog Wiki
 
     
              
     
              
 
 
 
 
              
@@ -321,27 +239,96 @@ 
              Compatibility
              
   
   
 
              
 
+
                
+  
              • Operating Systems: Linux, MacOS, Windows
                • 
+  
              • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
+    
                  
+      
                • NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
                  • 
+    
                
+  
                • 
+  
              • JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
                • 
+  
              • TruffleRuby @ v23.1, v24.1, HEAD
                • 
+  
              • gem faraday @ v0, v1, v2, HEAD ⏩️ lostisland/faraday
+
                • 
+  
              • gem jwt @ v1, v2, v3, HEAD ⏩️ jwt/ruby-jwt
+
                • 
+  
              • gem logger @ v1.2, v1.5, v1.7, HEAD ⏩️ ruby/logger
+
                • 
+  
              • gem multi_xml @ v0.5, v0.6, v0.7, HEAD ⏩️ sferik/multi_xml
+
                • 
+  
              • gem rack @ v1.2, v1.6, v2, v3, HEAD ⏩️ rack/rack
+
                • 
+  
              • gem snaky_hash @ v2, HEAD ⏩️ ruby-oauth/snaky_hash
+
                • 
+  
              • gem version_gem @ v1, HEAD ⏩️ ruby-oauth/version_gem
+
                • 
+
              
+
+
              The last two were extracted from this gem. They are part of the ruby-oauth org,
              
+and are developed in tight collaboration with this gem.
              
+
+
              Also, where reasonable, tested against the runtime dependencies of those dependencies:
              
+
+
                
+  
              • gem hashie @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ hashie/hashie
+
                • 
+
              
+
+
              You should upgrade this gem with confidence*.
              
+
+
                
+  
              • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer.
+    
                  
+      
                • Dropping support for any of the runtime dependency versions above will be a major version bump.
                  • 
+      
                • If you aren’t on one of the minor versions above, make getting there a priority.
                  • 
+    
                
+  
                • 
+  
              • You should upgrade the dependencies of this gem with confidence*.
                • 
+  
              • Please do upgrade, and then, when it goes smooth as butter please sponsor me.  Thanks!
                • 
+
              
+
+
              * MIT license; The only guarantees I make are for enterprise support.
              
+
+
              
+  Standard Library Dependencies
+
+The various versions of each are tested via the Ruby test matrix, along with whatever Ruby includes them.
+
+* base64
+* cgi
+* json
+* time
+* logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10)
+
+If you use a gem version of a core Ruby library it should work fine!
+
+
              
+
 
              Federated DVCS
              
 
 
              
   Find this repo on other forges (Coming soon!)
 
-| Federated [DVCS][💎d-in-dvcs] Repository        | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
-|-------------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
-| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]   | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
-| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb] | An Ethical Mirror ([Donate][🤝cb-donate])                             | [💚][🤝cb-issues]         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
-| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]   | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | [💚][gh-discussions]         |
-| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                          | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
-| 🎮️ [Discord Server][✉️discord-invite]          | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
+| Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
+|-----------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
+| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]    | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
+| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb]  | An Ethical Mirror ([Donate][🤝cb-donate])                             | [💚][🤝cb-issues]         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
+| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]    | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | [💚][gh-discussions]         |
+| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                              | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
+| 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
 
 
              
 
 
              Enterprise Support Tidelift
 
              
 
+
              Available as part of the Tidelift Subscription.
              
+
 
              
   Need enterprise-level guarantees?
 
+The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use.
+
 [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
 
 - 💡Subscribe for support guarantees covering _all_ your FLOSS dependencies
@@ -403,12 +390,6 @@ 
              🔒 Secure Installation
              
 
 
              
 
-
              OAuth2 for Enterprise
              
-
-
              Available as part of the Tidelift Subscription.
              
-
-
              The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.
              
-
 
              Security contact information
              
 
 
              To report a security vulnerability, please use the Tidelift security contact.
              
@@ -715,7 +696,7 @@ 
              Serialization Extensions
              
 
 
              See response_spec.rb, or the ruby-oauth/snaky_hash gem for more ideas.
              
 
-
              What if I hate snakes and/or indifference?
              
+
              Prefer camelCase over snake_case? => snaky: false
              
 
 
              response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
 JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
@@ -1114,7 +1095,7 @@ 
              🔐 Security
              
 
              🤝 Contributing
              
 
 
              If you need some ideas of where to help, you could work on adding more code coverage,
              
-or if it is already 💯 (see below) check reek, issues, or PRs,
              
+or if it is already 💯 (see below) check reek, issues, or PRs,
              
 or use the gem and think about how it could be better.
              
 
 
              We Keep A Changelog so if you make changes, remember to update it.
              
@@ -1260,7 +1241,7 @@ 
              Please give the project a star ⭐ ♥
 
              
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 79b8a88e..2cf0492c 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
              Defined Under Namespace
              
 
 
       

From 5656ab4ac076b4a2e83fac14492af46fcaeffac0 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 30 Aug 2025 18:29:43 -0600
Subject: [PATCH 528/645] =?UTF-8?q?=F0=9F=93=9D=20Add=20back=20release=20d?=
 =?UTF-8?q?ocumentation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 125 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 125 insertions(+)

diff --git a/README.md b/README.md
index 418064ff..e68ef31d 100644
--- a/README.md
+++ b/README.md
@@ -197,6 +197,131 @@ Alternatively:
 
 
 
+## 🚀 Release Documentation
+
+### Version 2.0.x
+
+
              
+  2.0.x CHANGELOG and README
+
+| Version | Release Date | CHANGELOG                             | README                          |
+|---------|--------------|---------------------------------------|---------------------------------|
+| 2.0.13  | 2025-08-30   | [v2.0.13 CHANGELOG][2.0.13-changelog] | [v2.0.13 README][2.0.13-readme] |
+| 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
+| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
+| 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
+| 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
+| 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
+| 2.0.7   | 2022-08-22   | [v2.0.7 CHANGELOG][2.0.7-changelog]   | [v2.0.7 README][2.0.7-readme]   |
+| 2.0.6   | 2022-07-13   | [v2.0.6 CHANGELOG][2.0.6-changelog]   | [v2.0.6 README][2.0.6-readme]   |
+| 2.0.5   | 2022-07-07   | [v2.0.5 CHANGELOG][2.0.5-changelog]   | [v2.0.5 README][2.0.5-readme]   |
+| 2.0.4   | 2022-07-01   | [v2.0.4 CHANGELOG][2.0.4-changelog]   | [v2.0.4 README][2.0.4-readme]   |
+| 2.0.3   | 2022-06-28   | [v2.0.3 CHANGELOG][2.0.3-changelog]   | [v2.0.3 README][2.0.3-readme]   |
+| 2.0.2   | 2022-06-24   | [v2.0.2 CHANGELOG][2.0.2-changelog]   | [v2.0.2 README][2.0.2-readme]   |
+| 2.0.1   | 2022-06-22   | [v2.0.1 CHANGELOG][2.0.1-changelog]   | [v2.0.1 README][2.0.1-readme]   |
+| 2.0.0   | 2022-06-21   | [v2.0.0 CHANGELOG][2.0.0-changelog]   | [v2.0.0 README][2.0.0-readme]   |
+
+
              
+
+[2.0.13-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2013---2025-08-30
+[2.0.12-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2012---2025-05-31
+[2.0.11-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2011---2025-05-23
+[2.0.10-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2010---2025-05-17
+[2.0.9-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#209---2022-09-16
+[2.0.8-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#208---2022-09-01
+[2.0.7-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#207---2022-08-22
+[2.0.6-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#206---2022-07-13
+[2.0.5-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#205---2022-07-07
+[2.0.4-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#204---2022-07-01
+[2.0.3-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#203---2022-06-28
+[2.0.2-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#202---2022-06-24
+[2.0.1-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#201---2022-06-22
+[2.0.0-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#200---2022-06-21
+
+[2.0.13-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.13/README.md
+[2.0.12-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.12/README.md
+[2.0.11-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.11/README.md
+[2.0.10-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.10/README.md
+[2.0.9-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.9/README.md
+[2.0.8-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.8/README.md
+[2.0.7-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.7/README.md
+[2.0.6-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.6/README.md
+[2.0.5-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.5/README.md
+[2.0.4-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.4/README.md
+[2.0.3-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.3/README.md
+[2.0.2-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.2/README.md
+[2.0.1-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.1/README.md
+[2.0.0-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.0/README.md
+
+### Older Releases
+
+
              
+  1.4.x CHANGELOGs and READMEs
+
+| Version | Release Date | CHANGELOG                             | README                          |
+|---------|--------------|---------------------------------------|---------------------------------|
+| 1.4.11  | Sep 16, 2022 | [v1.4.11 CHANGELOG][1.4.11-changelog] | [v1.4.11 README][1.4.11-readme] |
+| 1.4.10  | Jul 1, 2022  | [v1.4.10 CHANGELOG][1.4.10-changelog] | [v1.4.10 README][1.4.10-readme] |
+| 1.4.9   | Feb 20, 2022 | [v1.4.9 CHANGELOG][1.4.9-changelog]   | [v1.4.9 README][1.4.9-readme]   |
+| 1.4.8   | Feb 18, 2022 | [v1.4.8 CHANGELOG][1.4.8-changelog]   | [v1.4.8 README][1.4.8-readme]   |
+| 1.4.7   | Mar 19, 2021 | [v1.4.7 CHANGELOG][1.4.7-changelog]   | [v1.4.7 README][1.4.7-readme]   |
+| 1.4.6   | Mar 19, 2021 | [v1.4.6 CHANGELOG][1.4.6-changelog]   | [v1.4.6 README][1.4.6-readme]   |
+| 1.4.5   | Mar 18, 2021 | [v1.4.5 CHANGELOG][1.4.5-changelog]   | [v1.4.5 README][1.4.5-readme]   |
+| 1.4.4   | Feb 12, 2020 | [v1.4.4 CHANGELOG][1.4.4-changelog]   | [v1.4.4 README][1.4.4-readme]   |
+| 1.4.3   | Jan 29, 2020 | [v1.4.3 CHANGELOG][1.4.3-changelog]   | [v1.4.3 README][1.4.3-readme]   |
+| 1.4.2   | Oct 1, 2019  | [v1.4.2 CHANGELOG][1.4.2-changelog]   | [v1.4.2 README][1.4.2-readme]   |
+| 1.4.1   | Oct 13, 2018 | [v1.4.1 CHANGELOG][1.4.1-changelog]   | [v1.4.1 README][1.4.1-readme]   |
+| 1.4.0   | Jun 9, 2017  | [v1.4.0 CHANGELOG][1.4.0-changelog]   | [v1.4.0 README][1.4.0-readme]   |
+
              
+
+[1.4.11-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#1411---2022-09-16
+[1.4.10-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#1410---2022-07-01
+[1.4.9-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#149---2022-02-20
+[1.4.8-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#148---2022-02-18
+[1.4.7-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#147---2021-03-19
+[1.4.6-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#146---2021-03-19
+[1.4.5-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#145---2021-03-18
+[1.4.4-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#144---2020-02-12
+[1.4.3-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#143---2020-01-29
+[1.4.2-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#142---2019-10-01
+[1.4.1-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#141---2018-10-13
+[1.4.0-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#140---2017-06-09
+
+[1.4.11-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.11/README.md
+[1.4.10-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.10/README.md
+[1.4.9-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.9/README.md
+[1.4.8-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.8/README.md
+[1.4.7-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.7/README.md
+[1.4.6-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.6/README.md
+[1.4.5-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.5/README.md
+[1.4.4-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.4/README.md
+[1.4.3-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.3/README.md
+[1.4.2-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.2/README.md
+[1.4.1-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.1/README.md
+[1.4.0-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.0/README.md
+
+
              
+  1.3.x Readmes
+
+| Version | Release Date | Readme                                                       |
+|---------|--------------|--------------------------------------------------------------|
+| 1.3.1   | Mar 3, 2017  | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.1/README.md |
+| 1.3.0   | Dec 27, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.0/README.md |
+
+
              
+
+
              
+  ≤= 1.2.x Readmes (2016 and before)
+
+| Version | Release Date | Readme                                                       |
+|---------|--------------|--------------------------------------------------------------|
+| 1.2.0   | Jun 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.2.0/README.md |
+| 1.1.0   | Jan 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.1.0/README.md |
+| 1.0.0   | May 23, 2014 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.0.0/README.md |
+| < 1.0.0 | Find here    | https://gitlab.com/ruby-oauth/oauth2/-/tags                  |
+
+
              
+
 ## ✨ Installation
 
 Install the gem and add to the application's Gemfile by executing:

From cc2c32d2163b794cd6f1ed88bb0babab0ef91384 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 30 Aug 2025 18:33:56 -0600
Subject: [PATCH 529/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20docs=20site?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/OAuth2.html                              |  2 +-
 docs/OAuth2/AccessToken.html                  |  2 +-
 docs/OAuth2/Authenticator.html                |  2 +-
 docs/OAuth2/Client.html                       |  2 +-
 docs/OAuth2/Error.html                        |  2 +-
 docs/OAuth2/FilteredAttributes.html           |  2 +-
 .../FilteredAttributes/ClassMethods.html      |  2 +-
 docs/OAuth2/Response.html                     |  2 +-
 docs/OAuth2/Strategy.html                     |  2 +-
 docs/OAuth2/Strategy/Assertion.html           |  2 +-
 docs/OAuth2/Strategy/AuthCode.html            |  2 +-
 docs/OAuth2/Strategy/Base.html                |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |  2 +-
 docs/OAuth2/Strategy/Implicit.html            |  2 +-
 docs/OAuth2/Strategy/Password.html            |  2 +-
 docs/OAuth2/Version.html                      |  2 +-
 docs/_index.html                              |  2 +-
 docs/file.CHANGELOG.html                      |  2 +-
 docs/file.CODE_OF_CONDUCT.html                |  2 +-
 docs/file.CONTRIBUTING.html                   |  2 +-
 docs/file.FUNDING.html                        |  2 +-
 docs/file.LICENSE.html                        |  2 +-
 docs/file.README.html                         | 71 ++++++++++++++++++-
 docs/file.RUBOCOP.html                        |  2 +-
 docs/file.SECURITY.html                       |  2 +-
 docs/index.html                               | 71 ++++++++++++++++++-
 docs/top-level-namespace.html                 |  2 +-
 27 files changed, 165 insertions(+), 27 deletions(-)

diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index d8d443c2..222c4438 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 5ca4896a..c82da4c6 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index c9cd0296..6ca3a884 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index e714ee28..584d5432 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index b14aecce..20939559 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index a69573fe..3096d2fb 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index dfe941b7..8f6ae09f 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index b54f9d05..9cf18203 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index a2cc0ba8..a0fe2f00 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
              Defined Under Namespace
              
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index b90be1db..e97931a8 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 822a64be..9715a135 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 8303d37b..cfc49a9e 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 3f0a053c..bb54ee90 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 33cbd210..7f659267 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 2b182640..4a6c29d8 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index f7ec788b..f4d47781 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
              
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 809db8cc..90448a5e 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -306,7 +306,7 @@ 
              Namespace Listing A-Z
              
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index ea13a640..0922ba21 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -1228,7 +1228,7 @@ 
              
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index e8725c31..bf32f7cb 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
              Attribution
              
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 48a64e22..717b193c 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ 
              Manual process
              
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 998b3e9f..56fed17e 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
              Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index c65f015d..eb5071a5 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
              MIT License

              Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
              Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

              Permission is hereby granted, free of charge, to any person obtaining a copy
              of this software and associated documentation files (the "Software"), to deal
              in the Software without restriction, including without limitation the rights
              to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
              copies of the Software, and to permit persons to whom the Software is
              furnished to do so, subject to the following conditions:

              The above copyright notice and this permission notice shall be included in all
              copies or substantial portions of the Software.

              THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
              IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
              FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
              AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
              LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
              OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
              SOFTWARE.
              
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index cfa8528d..86364773 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -343,6 +343,75 @@ 
              Enterprise Support 🚀 Release Documentation
              
+
+
              Version 2.0.x
              
+
+
              
+  2.0.x CHANGELOG and README
+
+| Version | Release Date | CHANGELOG                             | README                          |
+|---------|--------------|---------------------------------------|---------------------------------|
+| 2.0.13  | 2025-08-30   | [v2.0.13 CHANGELOG][2.0.13-changelog] | [v2.0.13 README][2.0.13-readme] |
+| 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
+| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
+| 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
+| 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
+| 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
+| 2.0.7   | 2022-08-22   | [v2.0.7 CHANGELOG][2.0.7-changelog]   | [v2.0.7 README][2.0.7-readme]   |
+| 2.0.6   | 2022-07-13   | [v2.0.6 CHANGELOG][2.0.6-changelog]   | [v2.0.6 README][2.0.6-readme]   |
+| 2.0.5   | 2022-07-07   | [v2.0.5 CHANGELOG][2.0.5-changelog]   | [v2.0.5 README][2.0.5-readme]   |
+| 2.0.4   | 2022-07-01   | [v2.0.4 CHANGELOG][2.0.4-changelog]   | [v2.0.4 README][2.0.4-readme]   |
+| 2.0.3   | 2022-06-28   | [v2.0.3 CHANGELOG][2.0.3-changelog]   | [v2.0.3 README][2.0.3-readme]   |
+| 2.0.2   | 2022-06-24   | [v2.0.2 CHANGELOG][2.0.2-changelog]   | [v2.0.2 README][2.0.2-readme]   |
+| 2.0.1   | 2022-06-22   | [v2.0.1 CHANGELOG][2.0.1-changelog]   | [v2.0.1 README][2.0.1-readme]   |
+| 2.0.0   | 2022-06-21   | [v2.0.0 CHANGELOG][2.0.0-changelog]   | [v2.0.0 README][2.0.0-readme]   |
+
+
              
+
+
              Older Releases
              
+
+
              
+  1.4.x CHANGELOGs and READMEs
+
+| Version | Release Date | CHANGELOG                             | README                          |
+|---------|--------------|---------------------------------------|---------------------------------|
+| 1.4.11  | Sep 16, 2022 | [v1.4.11 CHANGELOG][1.4.11-changelog] | [v1.4.11 README][1.4.11-readme] |
+| 1.4.10  | Jul 1, 2022  | [v1.4.10 CHANGELOG][1.4.10-changelog] | [v1.4.10 README][1.4.10-readme] |
+| 1.4.9   | Feb 20, 2022 | [v1.4.9 CHANGELOG][1.4.9-changelog]   | [v1.4.9 README][1.4.9-readme]   |
+| 1.4.8   | Feb 18, 2022 | [v1.4.8 CHANGELOG][1.4.8-changelog]   | [v1.4.8 README][1.4.8-readme]   |
+| 1.4.7   | Mar 19, 2021 | [v1.4.7 CHANGELOG][1.4.7-changelog]   | [v1.4.7 README][1.4.7-readme]   |
+| 1.4.6   | Mar 19, 2021 | [v1.4.6 CHANGELOG][1.4.6-changelog]   | [v1.4.6 README][1.4.6-readme]   |
+| 1.4.5   | Mar 18, 2021 | [v1.4.5 CHANGELOG][1.4.5-changelog]   | [v1.4.5 README][1.4.5-readme]   |
+| 1.4.4   | Feb 12, 2020 | [v1.4.4 CHANGELOG][1.4.4-changelog]   | [v1.4.4 README][1.4.4-readme]   |
+| 1.4.3   | Jan 29, 2020 | [v1.4.3 CHANGELOG][1.4.3-changelog]   | [v1.4.3 README][1.4.3-readme]   |
+| 1.4.2   | Oct 1, 2019  | [v1.4.2 CHANGELOG][1.4.2-changelog]   | [v1.4.2 README][1.4.2-readme]   |
+| 1.4.1   | Oct 13, 2018 | [v1.4.1 CHANGELOG][1.4.1-changelog]   | [v1.4.1 README][1.4.1-readme]   |
+| 1.4.0   | Jun 9, 2017  | [v1.4.0 CHANGELOG][1.4.0-changelog]   | [v1.4.0 README][1.4.0-readme]   |
+
              
+
+
              
+  1.3.x Readmes
+
+| Version | Release Date | Readme                                                       |
+|---------|--------------|--------------------------------------------------------------|
+| 1.3.1   | Mar 3, 2017  | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.1/README.md |
+| 1.3.0   | Dec 27, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.0/README.md |
+
+
              
+
+
              
+  ≤= 1.2.x Readmes (2016 and before)
+
+| Version | Release Date | Readme                                                       |
+|---------|--------------|--------------------------------------------------------------|
+| 1.2.0   | Jun 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.2.0/README.md |
+| 1.1.0   | Jan 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.1.0/README.md |
+| 1.0.0   | May 23, 2014 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.0.0/README.md |
+| < 1.0.0 | Find here    | https://gitlab.com/ruby-oauth/oauth2/-/tags                  |
+
+
              
+
 
              ✨ Installation
              
 
 
              Install the gem and add to the application’s Gemfile by executing:
              
@@ -1241,7 +1310,7 @@ 
              Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index aac7c302..7a48a78c 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
              Benefits of rubocop_gradual
              
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 20614ad4..9509196e 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
              Enterprise Support
              
 
 
       
diff --git a/docs/index.html b/docs/index.html
index 15c9a489..a48721a1 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -343,6 +343,75 @@ 
              Enterprise Support 🚀 Release Documentation
              
+
+
              Version 2.0.x
              
+
+
              
+  2.0.x CHANGELOG and README
+
+| Version | Release Date | CHANGELOG                             | README                          |
+|---------|--------------|---------------------------------------|---------------------------------|
+| 2.0.13  | 2025-08-30   | [v2.0.13 CHANGELOG][2.0.13-changelog] | [v2.0.13 README][2.0.13-readme] |
+| 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
+| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
+| 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
+| 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
+| 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
+| 2.0.7   | 2022-08-22   | [v2.0.7 CHANGELOG][2.0.7-changelog]   | [v2.0.7 README][2.0.7-readme]   |
+| 2.0.6   | 2022-07-13   | [v2.0.6 CHANGELOG][2.0.6-changelog]   | [v2.0.6 README][2.0.6-readme]   |
+| 2.0.5   | 2022-07-07   | [v2.0.5 CHANGELOG][2.0.5-changelog]   | [v2.0.5 README][2.0.5-readme]   |
+| 2.0.4   | 2022-07-01   | [v2.0.4 CHANGELOG][2.0.4-changelog]   | [v2.0.4 README][2.0.4-readme]   |
+| 2.0.3   | 2022-06-28   | [v2.0.3 CHANGELOG][2.0.3-changelog]   | [v2.0.3 README][2.0.3-readme]   |
+| 2.0.2   | 2022-06-24   | [v2.0.2 CHANGELOG][2.0.2-changelog]   | [v2.0.2 README][2.0.2-readme]   |
+| 2.0.1   | 2022-06-22   | [v2.0.1 CHANGELOG][2.0.1-changelog]   | [v2.0.1 README][2.0.1-readme]   |
+| 2.0.0   | 2022-06-21   | [v2.0.0 CHANGELOG][2.0.0-changelog]   | [v2.0.0 README][2.0.0-readme]   |
+
+
              
+
+
              Older Releases
              
+
+
              
+  1.4.x CHANGELOGs and READMEs
+
+| Version | Release Date | CHANGELOG                             | README                          |
+|---------|--------------|---------------------------------------|---------------------------------|
+| 1.4.11  | Sep 16, 2022 | [v1.4.11 CHANGELOG][1.4.11-changelog] | [v1.4.11 README][1.4.11-readme] |
+| 1.4.10  | Jul 1, 2022  | [v1.4.10 CHANGELOG][1.4.10-changelog] | [v1.4.10 README][1.4.10-readme] |
+| 1.4.9   | Feb 20, 2022 | [v1.4.9 CHANGELOG][1.4.9-changelog]   | [v1.4.9 README][1.4.9-readme]   |
+| 1.4.8   | Feb 18, 2022 | [v1.4.8 CHANGELOG][1.4.8-changelog]   | [v1.4.8 README][1.4.8-readme]   |
+| 1.4.7   | Mar 19, 2021 | [v1.4.7 CHANGELOG][1.4.7-changelog]   | [v1.4.7 README][1.4.7-readme]   |
+| 1.4.6   | Mar 19, 2021 | [v1.4.6 CHANGELOG][1.4.6-changelog]   | [v1.4.6 README][1.4.6-readme]   |
+| 1.4.5   | Mar 18, 2021 | [v1.4.5 CHANGELOG][1.4.5-changelog]   | [v1.4.5 README][1.4.5-readme]   |
+| 1.4.4   | Feb 12, 2020 | [v1.4.4 CHANGELOG][1.4.4-changelog]   | [v1.4.4 README][1.4.4-readme]   |
+| 1.4.3   | Jan 29, 2020 | [v1.4.3 CHANGELOG][1.4.3-changelog]   | [v1.4.3 README][1.4.3-readme]   |
+| 1.4.2   | Oct 1, 2019  | [v1.4.2 CHANGELOG][1.4.2-changelog]   | [v1.4.2 README][1.4.2-readme]   |
+| 1.4.1   | Oct 13, 2018 | [v1.4.1 CHANGELOG][1.4.1-changelog]   | [v1.4.1 README][1.4.1-readme]   |
+| 1.4.0   | Jun 9, 2017  | [v1.4.0 CHANGELOG][1.4.0-changelog]   | [v1.4.0 README][1.4.0-readme]   |
+
              
+
+
              
+  1.3.x Readmes
+
+| Version | Release Date | Readme                                                       |
+|---------|--------------|--------------------------------------------------------------|
+| 1.3.1   | Mar 3, 2017  | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.1/README.md |
+| 1.3.0   | Dec 27, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.0/README.md |
+
+
              
+
+
              
+  ≤= 1.2.x Readmes (2016 and before)
+
+| Version | Release Date | Readme                                                       |
+|---------|--------------|--------------------------------------------------------------|
+| 1.2.0   | Jun 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.2.0/README.md |
+| 1.1.0   | Jan 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.1.0/README.md |
+| 1.0.0   | May 23, 2014 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.0.0/README.md |
+| < 1.0.0 | Find here    | https://gitlab.com/ruby-oauth/oauth2/-/tags                  |
+
+
              
+
 
              ✨ Installation
              
 
 
              Install the gem and add to the application’s Gemfile by executing:
              
@@ -1241,7 +1310,7 @@ 
              Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 2cf0492c..9b2cea51 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
              Defined Under Namespace
              
 
 
       

From d1158a48f9a7a457cce1ac979360ccc422eedced Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 30 Aug 2025 20:10:15 -0600
Subject: [PATCH 530/645] =?UTF-8?q?=F0=9F=93=9D=20README.md=20organization?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                     | 52 ++++++-------
 docs/OAuth2.html                              |  2 +-
 docs/OAuth2/AccessToken.html                  |  2 +-
 docs/OAuth2/Authenticator.html                |  2 +-
 docs/OAuth2/Client.html                       |  2 +-
 docs/OAuth2/Error.html                        |  2 +-
 docs/OAuth2/FilteredAttributes.html           |  2 +-
 .../FilteredAttributes/ClassMethods.html      |  2 +-
 docs/OAuth2/Response.html                     |  2 +-
 docs/OAuth2/Strategy.html                     |  2 +-
 docs/OAuth2/Strategy/Assertion.html           |  2 +-
 docs/OAuth2/Strategy/AuthCode.html            |  2 +-
 docs/OAuth2/Strategy/Base.html                |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |  2 +-
 docs/OAuth2/Strategy/Implicit.html            |  2 +-
 docs/OAuth2/Strategy/Password.html            |  2 +-
 docs/OAuth2/Version.html                      |  2 +-
 docs/_index.html                              |  2 +-
 docs/file.CHANGELOG.html                      |  2 +-
 docs/file.CODE_OF_CONDUCT.html                |  2 +-
 docs/file.CONTRIBUTING.html                   |  2 +-
 docs/file.FUNDING.html                        |  2 +-
 docs/file.LICENSE.html                        |  2 +-
 docs/file.README.html                         | 78 +++++++++----------
 docs/file.RUBOCOP.html                        |  2 +-
 docs/file.SECURITY.html                       |  2 +-
 docs/index.html                               | 78 +++++++++----------
 docs/top-level-namespace.html                 |  2 +-
 28 files changed, 123 insertions(+), 135 deletions(-)

diff --git a/README.md b/README.md
index e68ef31d..3b54066f 100644
--- a/README.md
+++ b/README.md
@@ -89,6 +89,26 @@ If it seems like you are in the wrong place, you might try one of these:
 
 ### Compatibility
 
+* Operating Systems: Linux, MacOS, Windows
+* MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
+    * NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
+* JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
+* TruffleRuby @ v23.1, v24.1, HEAD
+* gem `faraday` @ v0, v1, v2, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
+* gem `jwt` @ v1, v2, v3, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt)
+* gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [ruby/logger](https://github.com/ruby/logger)
+* gem `multi_xml` @ v0.5, v0.6, v0.7, HEAD ⏩️ [sferik/multi_xml](https://github.com/sferik/multi_xml)
+* gem `rack` @ v1.2, v1.6, v2, v3, HEAD ⏩️ [rack/rack](https://github.com/rack/rack)
+* gem `snaky_hash` @ v2, HEAD ⏩️ [ruby-oauth/snaky_hash](https://gitlab.com/ruby-oauth/snaky_hash)
+* gem `version_gem` @ v1, HEAD ⏩️ [ruby-oauth/version_gem](https://gitlab.com/ruby-oauth/version_gem)
+
+The last two were extracted from this gem. They are part of the `ruby-oauth` org,
+and are developed in tight collaboration with this gem.
+
+Also, where reasonable, tested against the runtime dependencies of those dependencies:
+
+* gem `hashie` @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ [hashie/hashie](https://github.com/hashie/hashie)
+
 #### Upgrading Runtime Gem Dependencies
 
 This project sits underneath a large portion of the authorization systems on the internet.
@@ -110,26 +130,6 @@ covering the latest patch for each of the following minor versions:
 |------------------------------------------------|--------------------------------------------------------------------------------------|
 | 👟 Check it out!                               | ✨ [github.com/appraisal-rb/appraisal2](https://github.com/appraisal-rb/appraisal2) ✨ |
 
-* Operating Systems: Linux, MacOS, Windows
-* MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
-    * NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
-* JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
-* TruffleRuby @ v23.1, v24.1, HEAD
-* gem `faraday` @ v0, v1, v2, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
-* gem `jwt` @ v1, v2, v3, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt)
-* gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [ruby/logger](https://github.com/ruby/logger)
-* gem `multi_xml` @ v0.5, v0.6, v0.7, HEAD ⏩️ [sferik/multi_xml](https://github.com/sferik/multi_xml)
-* gem `rack` @ v1.2, v1.6, v2, v3, HEAD ⏩️ [rack/rack](https://github.com/rack/rack)
-* gem `snaky_hash` @ v2, HEAD ⏩️ [ruby-oauth/snaky_hash](https://gitlab.com/ruby-oauth/snaky_hash)
-* gem `version_gem` @ v1, HEAD ⏩️ [ruby-oauth/version_gem](https://gitlab.com/ruby-oauth/version_gem)
-
-The last two were extracted from this gem. They are part of the `ruby-oauth` org,
-and are developed in tight collaboration with this gem.
-
-Also, where reasonable, tested against the runtime dependencies of those dependencies:
-
-* gem `hashie` @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ [hashie/hashie](https://github.com/hashie/hashie)
-
 #### You should upgrade this gem with confidence\*.
 
 - This gem follows a _strict & correct_ (according to the maintainer of SemVer; [more info][sv-pub-api]) interpretation of SemVer.
@@ -371,13 +371,6 @@ NOTE: Be prepared to track down certs for signed gems and add them the same way
 
 
 
-## Security contact information
-
-To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
-Tidelift will coordinate the fix and disclosure.
-
-For more see [SECURITY.md][🔐security].
-
 ## What is new for v2.0?
 
 - Works with Ruby versions >= 2.2
@@ -1002,7 +995,10 @@ I’m developing a new library, [floss_funding][🖇floss-funding-gem], designed
 
 ## 🔐 Security
 
-See [SECURITY.md][🔐security].
+To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
+Tidelift will coordinate the fix and disclosure.
+
+For more see [SECURITY.md][🔐security].
 
 ## 🤝 Contributing
 
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 222c4438..794f4356 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index c82da4c6..2e75301b 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 6ca3a884..0e0214dd 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 584d5432..14375cb7 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2651,7 +2651,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 20939559..526c9ded 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 3096d2fb..7959f3ed 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 8f6ae09f..2fcffb79 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 9cf18203..9cb8de78 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index a0fe2f00..d4e31108 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
              Defined Under Namespace
              
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index e97931a8..b283a6d9 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 9715a135..4cb8b641 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -469,7 +469,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index cfc49a9e..642e130e 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index bb54ee90..d3aa1f86 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 7f659267..cacba7d5 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -410,7 +410,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 4a6c29d8..e73b941b 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -364,7 +364,7 @@ 
              
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index f4d47781..9b63d3c1 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
              
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 90448a5e..3995f9e9 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -306,7 +306,7 @@ 
              Namespace Listing A-Z
              
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 0922ba21..20347058 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -1228,7 +1228,7 @@ 
              
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index bf32f7cb..4b891735 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
              Attribution
              
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 717b193c..707469c7 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ 
              Manual process
              
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 56fed17e..d464f2b2 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
              Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index eb5071a5..6c799800 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
              MIT License

              Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
              Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

              Permission is hereby granted, free of charge, to any person obtaining a copy
              of this software and associated documentation files (the "Software"), to deal
              in the Software without restriction, including without limitation the rights
              to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
              copies of the Software, and to permit persons to whom the Software is
              furnished to do so, subject to the following conditions:

              The above copyright notice and this permission notice shall be included in all
              copies or substantial portions of the Software.

              THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
              IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
              FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
              AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
              LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
              OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
              SOFTWARE.
              
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 86364773..fba30eca 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -207,38 +207,6 @@ 
              💡 Info you can shake a stick at
              
 
 
              Compatibility
              
 
-
              Upgrading Runtime Gem Dependencies
              
-
-
              This project sits underneath a large portion of the authorization systems on the internet.
              
-According to GitHub’s project tracking, which I believe only reports on public projects,
              
-100,000+ projects, and
              
-500+ packages depend on this project.
              
-
-
              That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
              
-
-
              As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
              
-leading versions per each minor version of Ruby of all the runtime dependencies it can install with.
              
-
-
              What does that mean specifically for the runtime dependencies?
              
-
-
              We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
              
-covering the latest patch for each of the following minor versions:
              
-
-
-  
-    
-      
-      
-    
-  
-  
-    
-      
-      
-    
-  
-
              🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎
              👟 Check it out!github.com/appraisal-rb/appraisal2
              
-
 
                
   
              • Operating Systems: Linux, MacOS, Windows
                • 
   
              • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
@@ -274,6 +242,38 @@ 
                Upgrading Runtime Gem Dependencies
 
              
 
+
              Upgrading Runtime Gem Dependencies
              
+
+
              This project sits underneath a large portion of the authorization systems on the internet.
              
+According to GitHub’s project tracking, which I believe only reports on public projects,
              
+100,000+ projects, and
              
+500+ packages depend on this project.
              
+
+
              That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
              
+
+
              As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
              
+leading versions per each minor version of Ruby of all the runtime dependencies it can install with.
              
+
+
              What does that mean specifically for the runtime dependencies?
              
+
+
              We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
              
+covering the latest patch for each of the following minor versions:
              
+
+
+  
+    
+      
+      
+    
+  
+  
+    
+      
+      
+    
+  
+
              🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎
              👟 Check it out!github.com/appraisal-rb/appraisal2
              
+
 
              You should upgrade this gem with confidence*.
              
 
 
                
@@ -459,13 +459,6 @@ 
                🔒 Secure Installation
                
 
 
 
-
                Security contact information
                
-
-
                To report a security vulnerability, please use the Tidelift security contact.
                
-Tidelift will coordinate the fix and disclosure.
                
-
-
                For more see SECURITY.md.
                
-
 
                What is new for v2.0?
                
 
 
                  
@@ -1159,7 +1152,10 @@ 
                  Another way to support open-source🔐 Security
                  
 
-
                  See SECURITY.md.
                  
+
                  To report a security vulnerability, please use the Tidelift security contact.
                  
+Tidelift will coordinate the fix and disclosure.
                  
+
+
                  For more see SECURITY.md.
                  
 
 
                  🤝 Contributing
                  
 
@@ -1310,7 +1306,7 @@ 
                  Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 7a48a78c..62540ff2 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                  Benefits of rubocop_gradual
                  
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 9509196e..145a52d4 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                  Enterprise Support
                  
 
 
       
diff --git a/docs/index.html b/docs/index.html
index a48721a1..ec35c16a 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -207,38 +207,6 @@ 
                  💡 Info you can shake a stick at
                  
 
 
                  Compatibility
                  
 
-
                  Upgrading Runtime Gem Dependencies
                  
-
-
                  This project sits underneath a large portion of the authorization systems on the internet.
                  
-According to GitHub’s project tracking, which I believe only reports on public projects,
                  
-100,000+ projects, and
                  
-500+ packages depend on this project.
                  
-
-
                  That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
                  
-
-
                  As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
                  
-leading versions per each minor version of Ruby of all the runtime dependencies it can install with.
                  
-
-
                  What does that mean specifically for the runtime dependencies?
                  
-
-
                  We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
                  
-covering the latest patch for each of the following minor versions:
                  
-
-
-  
-    
-      
-      
-    
-  
-  
-    
-      
-      
-    
-  
-
                  🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎
                  👟 Check it out!github.com/appraisal-rb/appraisal2
                  
-
 
                    
   
                  • Operating Systems: Linux, MacOS, Windows
                    • 
   
                  • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
@@ -274,6 +242,38 @@ 
                    Upgrading Runtime Gem Dependencies
 
                  
 
+
                  Upgrading Runtime Gem Dependencies
                  
+
+
                  This project sits underneath a large portion of the authorization systems on the internet.
                  
+According to GitHub’s project tracking, which I believe only reports on public projects,
                  
+100,000+ projects, and
                  
+500+ packages depend on this project.
                  
+
+
                  That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
                  
+
+
                  As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
                  
+leading versions per each minor version of Ruby of all the runtime dependencies it can install with.
                  
+
+
                  What does that mean specifically for the runtime dependencies?
                  
+
+
                  We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
                  
+covering the latest patch for each of the following minor versions:
                  
+
+
+  
+    
+      
+      
+    
+  
+  
+    
+      
+      
+    
+  
+
                  🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎
                  👟 Check it out!github.com/appraisal-rb/appraisal2
                  
+
 
                  You should upgrade this gem with confidence*.
                  
 
 
                    
@@ -459,13 +459,6 @@ 
                    🔒 Secure Installation
                    
 
 
 
-
                    Security contact information
                    
-
-
                    To report a security vulnerability, please use the Tidelift security contact.
                    
-Tidelift will coordinate the fix and disclosure.
                    
-
-
                    For more see SECURITY.md.
                    
-
 
                    What is new for v2.0?
                    
 
 
                      
@@ -1159,7 +1152,10 @@ 
                      Another way to support open-source🔐 Security
                      
 
-
                      See SECURITY.md.
                      
+
                      To report a security vulnerability, please use the Tidelift security contact.
                      
+Tidelift will coordinate the fix and disclosure.
                      
+
+
                      For more see SECURITY.md.
                      
 
 
                      🤝 Contributing
                      
 
@@ -1310,7 +1306,7 @@ 
                      Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 9b2cea51..785e5eb9 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                      Defined Under Namespace
                      
 
 
       

From 42748712d3bf9987da0f0be1a8114cf9ea691f23 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 03:37:00 -0600
Subject: [PATCH 531/645] =?UTF-8?q?=F0=9F=93=9D=20Added=20OAuth=202.1=20dr?=
 =?UTF-8?q?aft=20specification=20notes=20as=20inline=20comments=20where=20?=
 =?UTF-8?q?relevant,=20with=20references?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .rubocop_gradual.lock                         |  2 +-
 CHANGELOG.md                                  | 11 ++-
 README.md                                     | 16 ++++
 docs/OAuth2.html                              |  2 +-
 docs/OAuth2/AccessToken.html                  |  2 +-
 docs/OAuth2/Authenticator.html                |  2 +-
 docs/OAuth2/Client.html                       | 19 ++--
 docs/OAuth2/Error.html                        |  2 +-
 docs/OAuth2/FilteredAttributes.html           |  2 +-
 .../FilteredAttributes/ClassMethods.html      |  2 +-
 docs/OAuth2/Response.html                     |  2 +-
 docs/OAuth2/Strategy.html                     |  2 +-
 docs/OAuth2/Strategy/Assertion.html           |  2 +-
 docs/OAuth2/Strategy/AuthCode.html            | 54 +++++++----
 docs/OAuth2/Strategy/Base.html                |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |  2 +-
 docs/OAuth2/Strategy/Implicit.html            | 38 +++++---
 docs/OAuth2/Strategy/Password.html            | 38 +++++---
 docs/OAuth2/Version.html                      |  2 +-
 docs/_index.html                              | 59 +++++++++++-
 docs/file.CHANGELOG.html                      | 28 ++++--
 docs/file.CITATION.html                       |  2 +-
 docs/file.CODE_OF_CONDUCT.html                |  2 +-
 docs/file.CONTRIBUTING.html                   |  2 +-
 docs/file.FUNDING.html                        |  2 +-
 docs/file.LICENSE.html                        |  2 +-
 docs/file.README.html                         | 24 ++++-
 docs/file.REEK.html                           |  2 +-
 docs/file.RUBOCOP.html                        |  2 +-
 docs/file.SECURITY.html                       |  2 +-
 docs/file.access_token.html                   |  2 +-
 docs/file.authenticator.html                  |  2 +-
 docs/file.client.html                         |  2 +-
 docs/file.error.html                          |  2 +-
 docs/file.filtered_attributes.html            |  2 +-
 docs/file.oauth2-2.0.10.gem.html              |  2 +-
 docs/file.oauth2-2.0.11.gem.html              |  2 +-
 docs/file.oauth2-2.0.12.gem.html              |  2 +-
 docs/file.oauth2-2.0.13.gem.html              | 71 ++++++++++++++
 docs/file.oauth2.html                         |  2 +-
 docs/file.response.html                       |  2 +-
 docs/file.strategy.html                       |  2 +-
 docs/file.version.html                        |  2 +-
 docs/file_list.html                           | 95 +++++++++++++++++++
 docs/index.html                               | 24 ++++-
 docs/top-level-namespace.html                 |  2 +-
 lib/oauth2/access_token.rb                    |  2 +
 lib/oauth2/client.rb                          |  4 +
 lib/oauth2/strategy/auth_code.rb              | 10 ++
 lib/oauth2/strategy/implicit.rb               |  8 ++
 lib/oauth2/strategy/password.rb               |  8 ++
 51 files changed, 472 insertions(+), 105 deletions(-)
 create mode 100644 docs/file.oauth2-2.0.13.gem.html

diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index 77253f0f..9e178ebe 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -6,7 +6,7 @@
   "lib/oauth2.rb:2435263975": [
     [73, 11, 7, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 651502127]
   ],
-  "lib/oauth2/access_token.rb:558937598": [
+  "lib/oauth2/access_token.rb:1775225572": [
     [64, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513],
     [70, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513]
   ],
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a6ebafb3..7c36d47d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,12 +1,19 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
-The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
+The format (since v2) is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 ### Added
 - improved documentation by @pboling
+- documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, such as:
+  - PKCE required for auth code,
+  - exact redirect URI match,
+  - implicit/password grants omitted,
+  - avoid bearer tokens in query,
+  - refresh token guidance for public clients,
+  - simplified client definitions)
 ### Changed
 ### Deprecated
 ### Removed
diff --git a/README.md b/README.md
index 3b54066f..56365fa0 100644
--- a/README.md
+++ b/README.md
@@ -692,6 +692,22 @@ Response instance will contain the `OAuth2::Error` instance.
 
 ### Authorization Grants
 
+Note on OAuth 2.1 (draft):
+- PKCE is required for all OAuth clients using the authorization code flow (especially public clients). Implement PKCE in your app when required by your provider. See RFC 7636 and RFC 8252.
+- Redirect URIs must be compared using exact string matching by the Authorization Server.
+- The Implicit grant (response_type=token) and the Resource Owner Password Credentials grant are omitted from OAuth 2.1; they remain here for OAuth 2.0 compatibility but should be avoided for new apps.
+- Bearer tokens in the query string are omitted due to security risks; prefer Authorization header usage.
+- Refresh tokens for public clients must either be sender-constrained (e.g., DPoP/MTLS) or one-time use.
+- The definitions of public and confidential clients are simplified to refer only to whether the client has credentials.
+
+References:
+- OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
+- Aaron Parecki: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
+- FusionAuth: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
+- Okta: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
+- Video: https://www.youtube.com/watch?v=g_aVPdwBTfw
+- Differences overview: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
+
 Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
 authentication grant types have helper strategy classes that simplify client
 use. They are available via the [`#auth_code`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/auth_code.rb),
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 794f4356..f147de49 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                      
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 2e75301b..9390625c 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                      
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 0e0214dd..dabcdf70 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                      
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 14375cb7..f7320c23 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -1843,6 +1843,9 @@ 
                      
 requesting authorization. If it is provided at authorization time it MUST
                      
 also be provided with the token exchange request.
                      
 
+
                      OAuth 2.1 note: Authorization Servers must compare redirect URIs using exact string matching.
                      
+This client simply forwards the configured redirect_uri; the exact-match validation happens server-side.
                      
+
 
                      Providing :redirect_uri to the OAuth2::Client instantiation will take
                      
 care of managing this.
                      
 
@@ -1880,6 +1883,8 @@ 
                      
     
       
                    • https://datatracker.ietf.org/doc/html/rfc6749#section-10.6
                      • 
     
+      
                    • https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
                      • 
+    
   
                    
 
 
@@ -1888,16 +1893,16 @@ 
                    
       
                     
 
-335
-336
-337
-338
 339
 340
-341
                    
+341
+342
+343
+344
+345
     
     
                    
@@ -1468,7 +1468,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index b064d230..8c73688c 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index ee1b3370..cfaa30a1 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                    Benefits of rubocop_gradual
                    
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 53ad1d22..012fdadc 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                    Enterprise Support
                    
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index e947e9b5..7f015385 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index b55ae39b..18932761 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
diff --git a/docs/file.client.html b/docs/file.client.html
index 0b92d6ca..47d73f54 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
diff --git a/docs/file.error.html b/docs/file.error.html
index 8548b09b..c78eeb6f 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index 83557a79..43abd8b3 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index 2ffc9eda..7dc04858 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index da2c6757..f72382ae 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index 340caa14..a60110e6 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index d18bc2e8..22904708 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index 4f8019ea..4ee5fc0e 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
diff --git a/docs/file.response.html b/docs/file.response.html
index e148314f..d74ce57a 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 1bda5575..1dcb6081 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
diff --git a/docs/file.version.html b/docs/file.version.html
index 59dd25c8..fb5f4ee1 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
diff --git a/docs/index.html b/docs/index.html
index 9230e816..a5d73fdc 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -199,7 +199,7 @@ 
                    💡 Info you can shake a stick at
                    
@@ -1468,7 +1468,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 804b5068..fe214f4b 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                    Defined Under Namespace
                    
diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb
index e1b505eb..201418e0 100644
--- a/lib/oauth2/version.rb
+++ b/lib/oauth2/version.rb
@@ -2,6 +2,6 @@
 
 module OAuth2
   module Version
-    VERSION = "2.0.13"
+    VERSION = "2.0.14"
   end
 end

From 2974db93f1b7c88e2609fd8d1ede684354cafbb1 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 05:32:32 -0600
Subject: [PATCH 540/645] =?UTF-8?q?=F0=9F=93=9D=20CHANGELOG.md=20PR=20link?=
 =?UTF-8?q?s?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                                  | 18 ++--
 docs/OAuth2.html                              |  2 +-
 docs/OAuth2/AccessToken.html                  |  2 +-
 docs/OAuth2/Authenticator.html                |  2 +-
 docs/OAuth2/Client.html                       |  2 +-
 docs/OAuth2/Error.html                        |  2 +-
 docs/OAuth2/FilteredAttributes.html           |  2 +-
 .../FilteredAttributes/ClassMethods.html      |  2 +-
 docs/OAuth2/Response.html                     |  2 +-
 docs/OAuth2/Strategy.html                     |  2 +-
 docs/OAuth2/Strategy/Assertion.html           |  2 +-
 docs/OAuth2/Strategy/AuthCode.html            |  2 +-
 docs/OAuth2/Strategy/Base.html                |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |  2 +-
 docs/OAuth2/Strategy/Implicit.html            |  2 +-
 docs/OAuth2/Strategy/Password.html            |  2 +-
 docs/OAuth2/Version.html                      |  2 +-
 docs/_index.html                              | 59 +-----------
 docs/file.CHANGELOG.html                      | 22 +++--
 docs/file.CODE_OF_CONDUCT.html                |  2 +-
 docs/file.CONTRIBUTING.html                   |  2 +-
 docs/file.FUNDING.html                        |  2 +-
 docs/file.LICENSE.html                        |  2 +-
 docs/file.OIDC.html                           |  2 +-
 docs/file.README.html                         |  4 +-
 docs/file.RUBOCOP.html                        |  2 +-
 docs/file.SECURITY.html                       |  2 +-
 docs/file_list.html                           | 95 -------------------
 docs/index.html                               |  4 +-
 docs/top-level-namespace.html                 |  2 +-
 30 files changed, 56 insertions(+), 194 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0992a918..96ae3017 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -31,19 +31,25 @@ Please file a bug if you notice a violation of semantic versioning.
 - 90.48% documented
 ### Added
 - improved documentation by @pboling
-- Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
-- Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling
-- Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder) by @pboling
-- documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, such as: by @pboling
+- [gh665][gh665] - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
+- [gh666][gh666] - Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling
+  - Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)
+- [gh662][gh662] - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, such as: by @pboling
   - PKCE required for auth code,
   - exact redirect URI match,
   - implicit/password grants omitted,
   - avoid bearer tokens in query,
   - refresh token guidance for public clients,
   - simplified client definitions)
-- document how to implement an OIDC client with this gem in OIDC.md by @pboling
+- [gh663][gh663] - document how to implement an OIDC client with this gem in OIDC.md by @pboling
   - also, list libraries built on top of the oauth2 gem that implement OIDC
-- README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
+- [gh664][gh664] - README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
+
+[gh662]: https://github.com/ruby-oauth/oauth2/pull/662
+[gh663]: https://github.com/ruby-oauth/oauth2/pull/663
+[gh664]: https://github.com/ruby-oauth/oauth2/pull/664
+[gh665]: https://github.com/ruby-oauth/oauth2/pull/665
+[gh666]: https://github.com/ruby-oauth/oauth2/pull/666
 
 ## [2.0.13] - 2025-08-30
 - TAG: [v2.0.13][2.0.13t]
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 85029be3..ccec48b0 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 4e9a3d48..327bc2db 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 6a9e5d36..3ac13b9f 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 6df80312..7824baea 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 307624c4..ed0c6a5e 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index e1f9da04..ade8a9de 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index fae134e8..a8a35633 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index aee1679c..3f4373f7 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index e67da985..9ce3f262 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                    Defined Under Namespace
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 0880b570..b2bce68b 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 9a3859c0..1556319d 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index b5f96fff..35902c74 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index d32de466..e700b58d 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index e02b5d2a..3d62d55b 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index a4872bab..d0ada5e7 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 5b46cdaa..f9a928ef 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                    
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 2114a070..b475f223 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -87,63 +87,6 @@ 
                    File Listing
                    
     
                  • LICENSE
                    • 
     
   
-    
                  • CITATION
                    • 
-    
-  
-    
                  • oauth2-2.0.10.gem
                    • 
-    
-  
-    
                  • oauth2-2.0.11.gem
                    • 
-    
-  
-    
                  • oauth2-2.0.12.gem
                    • 
-    
-  
-    
                  • oauth2-2.0.13.gem
                    • 
-    
-  
-    
                  • oauth2-2.0.10.gem
                    • 
-    
-  
-    
                  • oauth2-2.0.11.gem
                    • 
-    
-  
-    
                  • oauth2-2.0.12.gem
                    • 
-    
-  
-    
                  • oauth2-2.0.13.gem
                    • 
-    
-  
-    
                  • REEK
                    • 
-    
-  
-    
                  • access_token
                    • 
-    
-  
-    
                  • authenticator
                    • 
-    
-  
-    
                  • client
                    • 
-    
-  
-    
                  • error
                    • 
-    
-  
-    
                  • filtered_attributes
                    • 
-    
-  
-    
                  • response
                    • 
-    
-  
-    
                  • strategy
                    • 
-    
-  
-    
                  • version
                    • 
-    
-  
-    
                  • oauth2
                    • 
-    
-  
   
 
 
                    
@@ -366,7 +309,7 @@ 
                    Namespace Listing A-Z
                    
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index f8a0e8fb..779c63b6 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -87,10 +87,16 @@ 
                    
     
                    Added
                    
   
   
                  • improved documentation by @pboling
                    • 
-  
                  • Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth)
                    • 
-  
                  • Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README
                    • 
-  
                  • Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)
                    • 
-  
                  • documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, such as:
+  
                  • 
+gh665 - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
                    • 
+  
                  • 
+gh666 - Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling
+    
                      
+      
                    • Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)
                      • 
+    
                    
+  
                    • 
+  
                  • 
+gh662 - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, such as: by @pboling
     
                      
       
                    • PKCE required for auth code,
                      • 
       
                    • exact redirect URI match,
                      • 
@@ -100,12 +106,14 @@ 
                      Added
                      
       
                    • simplified client definitions)
                      • 
     
                    
   
                    • 
-  
                  • document how to implement an OIDC client with this gem in OIDC.md
+  
                  • 
+gh663 - document how to implement an OIDC client with this gem in OIDC.md by @pboling
     
                      
       
                    • also, list libraries built on top of the oauth2 gem that implement OIDC
                      • 
     
                    
   
                    • 
-  
                  • README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP
                    • 
+  
                  • 
+gh664 - README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
                    • 
 
 
 
                    
@@ -1262,7 +1270,7 @@ 
                    
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 92941ab2..26a942ff 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                    Attribution
                    
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 1a9339a3..6ef3587f 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ 
                    Manual process
                    
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 32055c15..1fedcb50 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                    Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 5470294e..480f4c6e 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                    MIT License

                    Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                    Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                    Permission is hereby granted, free of charge, to any person obtaining a copy
                    of this software and associated documentation files (the "Software"), to deal
                    in the Software without restriction, including without limitation the rights
                    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                    copies of the Software, and to permit persons to whom the Software is
                    furnished to do so, subject to the following conditions:

                    The above copyright notice and this permission notice shall be included in all
                    copies or substantial portions of the Software.

                    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                    SOFTWARE.
                    
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 4046fb8f..5e3a8840 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
                    Raw OIDC with ruby-oauth/oauth2
                    
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 30c5f2f5..f5091b9a 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -1322,7 +1322,7 @@ 
                    🔐 Security
                    
 
                    🤝 Contributing
                    
 
 
                    If you need some ideas of where to help, you could work on adding more code coverage,
                    
-or if it is already 💯 (see below) check reek, issues, or PRs,
                    
+or if it is already 💯 (see below) check reek, issues, or PRs,
                    
 or use the gem and think about how it could be better.
                    
 
 
                    We Keep A Changelog so if you make changes, remember to update it.
                    
@@ -1468,7 +1468,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index cfaa30a1..d38c64b7 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                    Benefits of rubocop_gradual
                    
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 012fdadc..6c1acc92 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                    Enterprise Support
                    
 
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index 4f34dca7..62595c8f 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -92,101 +92,6 @@ 
                    File List
                    
   
   
 
-  
                  • 
-    
                    CITATION
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    oauth2-2.0.10.gem
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    oauth2-2.0.11.gem
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    oauth2-2.0.12.gem
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    oauth2-2.0.13.gem
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    oauth2-2.0.10.gem
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    oauth2-2.0.11.gem
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    oauth2-2.0.12.gem
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    oauth2-2.0.13.gem
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    REEK
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    access_token
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    authenticator
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    client
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    error
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    filtered_attributes
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    response
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    strategy
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    version
                    
-  
                    • 
-  
-
-  
                  • 
-    
                    oauth2
                    
-  
                    • 
-  
-
 
       
     
diff --git a/docs/index.html b/docs/index.html
index a5d73fdc..8a05c08b 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1322,7 +1322,7 @@ 
                    🔐 Security
                    
 
                    🤝 Contributing
                    
 
 
                    If you need some ideas of where to help, you could work on adding more code coverage,
                    
-or if it is already 💯 (see below) check reek, issues, or PRs,
                    
+or if it is already 💯 (see below) check reek, issues, or PRs,
                    
 or use the gem and think about how it could be better.
                    
 
 
                    We Keep A Changelog so if you make changes, remember to update it.
                    
@@ -1468,7 +1468,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index fe214f4b..c67c53bc 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                    Defined Under Namespace
                    
 
 
       

From de505c115f367c51dfbe6fd894cd0ee15b8a8164 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 05:39:42 -0600
Subject: [PATCH 541/645] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20Checksums=20for?=
 =?UTF-8?q?=20v2.0.14?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 checksums/oauth2-2.0.14.gem.sha256 | 1 +
 checksums/oauth2-2.0.14.gem.sha512 | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 checksums/oauth2-2.0.14.gem.sha256
 create mode 100644 checksums/oauth2-2.0.14.gem.sha512

diff --git a/checksums/oauth2-2.0.14.gem.sha256 b/checksums/oauth2-2.0.14.gem.sha256
new file mode 100644
index 00000000..1b02972d
--- /dev/null
+++ b/checksums/oauth2-2.0.14.gem.sha256
@@ -0,0 +1 @@
+9bcb7983048cb1ea1823f9b973762cf01ac79315d9991a0721e864747293e720
\ No newline at end of file
diff --git a/checksums/oauth2-2.0.14.gem.sha512 b/checksums/oauth2-2.0.14.gem.sha512
new file mode 100644
index 00000000..6f119be2
--- /dev/null
+++ b/checksums/oauth2-2.0.14.gem.sha512
@@ -0,0 +1 @@
+5ce561a6b103a123d9b96e1e4725c07094bd6e58c135cc775ae9d5a055c031169ca6d6de379c2569daf1dd8ab2727079db3c80aa8568d6947e94a0c06b4c6d2b
\ No newline at end of file

From 737a5d64b39c72377b7432d0deb2fc1f6984637b Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Sun, 31 Aug 2025 19:34:13 +0700
Subject: [PATCH 542/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typos?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: |7eter l-|. l3oling 
---
 CHANGELOG.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 96ae3017..73d11fc0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -34,13 +34,13 @@ Please file a bug if you notice a violation of semantic versioning.
 - [gh665][gh665] - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
 - [gh666][gh666] - Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling
   - Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)
-- [gh662][gh662] - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, such as: by @pboling
+- [gh662][gh662] - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, by @pboling
   - PKCE required for auth code,
   - exact redirect URI match,
   - implicit/password grants omitted,
   - avoid bearer tokens in query,
   - refresh token guidance for public clients,
-  - simplified client definitions)
+  - simplified client definitions
 - [gh663][gh663] - document how to implement an OIDC client with this gem in OIDC.md by @pboling
   - also, list libraries built on top of the oauth2 gem that implement OIDC
 - [gh664][gh664] - README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling

From 073156218234d15f1134c02062fe925d0b825d21 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 13:47:04 -0600
Subject: [PATCH 543/645] =?UTF-8?q?=F0=9F=A7=91=E2=80=8D=F0=9F=92=BB=20env?=
 =?UTF-8?q?.local.example?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .env.local.example | 14 ++++++++++++++
 CHANGELOG.md       |  1 +
 2 files changed, 15 insertions(+)
 create mode 100644 .env.local.example

diff --git a/.env.local.example b/.env.local.example
new file mode 100644
index 00000000..f07a00ae
--- /dev/null
+++ b/.env.local.example
@@ -0,0 +1,14 @@
+#
+# DO NOT EDIT THIS FILE
+#
+# COPT THIS FILE TO .env.local
+#
+# That file is ignored by .gitignore.  This file is not.
+#
+export DEBUG=false # do not allow byebug statements (override in .env.local)
+export FLOSS_FUNDING_DEBUG=false # extra logging to help diagnose issues (override in .env.local)
+export AUTOGEN_FIXTURE_CLEANUP=false # autogenerated gem fixture cleanup after every RSpec run
+export GIT_HOOK_FOOTER_APPEND=false
+export GIT_HOOK_FOOTER_APPEND_DEBUG=false
+export GIT_HOOK_FOOTER_SENTINEL="⚡️ A message from a fellow meat-based-AI ⚡️"
+export GITHUB_TOKEN=
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 73d11fc0..294bfabc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ## [Unreleased]
 ### Added
+- .env.local.example for contributor happiness
 ### Changed
 ### Deprecated
 ### Removed

From 4f8a8376230afda2937a505651e76044836b5185 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 14:34:19 -0600
Subject: [PATCH 544/645] =?UTF-8?q?=F0=9F=93=9D=20Point=20badge=20to=20the?=
 =?UTF-8?q?=20correct=20workflow=20for=20Ruby=202.3=20(caboose.yml)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 1 +
 README.md    | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 294bfabc..335d7006 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -23,6 +23,7 @@ Please file a bug if you notice a violation of semantic versioning.
 ### Deprecated
 ### Removed
 ### Fixed
+- point badge to the correct workflow for Ruby 2.3 (caboose.yml)
 ### Security
 
 ## [2.0.14] - 2025-08-31
diff --git a/README.md b/README.md
index f7c2449c..94706d74 100644
--- a/README.md
+++ b/README.md
@@ -78,7 +78,7 @@ If it seems like you are in the wrong place, you might try one of these:
 | Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                     [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                     |
 | Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                     [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                       |
 | Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                    |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                     [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                         |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                     [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎13-cbs-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                       |
 | Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                    |
 | Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                       |
 | Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                                                               |

From 5a60e7228cc3d7338da4b287350b06419e5acedf Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 15:03:15 -0600
Subject: [PATCH 545/645] =?UTF-8?q?=F0=9F=93=9D=20Note=20lack=20of=20build?=
 =?UTF-8?q?s=20for=20JRuby=209.2,=209.3=20&=20Truffleruby=2023.0,=2023.1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- [actions/runner - issues/2347][GHA-continue-on-error-ui]
- [community/discussions/15452][GHA-allow-failure]

[GHA-continue-on-error-ui]: https://github.com/actions/runner/issues/2347
[GHA-allow-failure]: https://github.com/orgs/community/discussions/15452
---
 CHANGELOG.md                                  |   6 +
 README.md                                     |  11 +-
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              |  65 ++++++++++-
 docs/file.CHANGELOG.html                      |  29 +++--
 docs/file.CITATION.html                       |   2 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           |   2 +-
 docs/file.README.html                         |  20 +++-
 docs/file.REEK.html                           |   2 +-
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   2 +-
 docs/file.access_token.html                   |   2 +-
 docs/file.authenticator.html                  |   2 +-
 docs/file.client.html                         |   2 +-
 docs/file.error.html                          |   2 +-
 docs/file.filtered_attributes.html            |   2 +-
 docs/file.oauth2-2.0.10.gem.html              |   2 +-
 docs/file.oauth2-2.0.11.gem.html              |   2 +-
 docs/file.oauth2-2.0.12.gem.html              |   2 +-
 docs/file.oauth2-2.0.13.gem.html              |   2 +-
 docs/file.oauth2-2.0.14.gem.html              |  71 ++++++++++++
 docs/file.oauth2.html                         |   2 +-
 docs/file.response.html                       |   2 +-
 docs/file.strategy.html                       |   2 +-
 docs/file.version.html                        |   2 +-
 docs/file_list.html                           | 105 ++++++++++++++++++
 docs/index.html                               |  20 +++-
 docs/top-level-namespace.html                 |   2 +-
 47 files changed, 342 insertions(+), 63 deletions(-)
 create mode 100644 docs/file.oauth2-2.0.14.gem.html

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 335d7006..c8cfbdc3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,9 @@ Please file a bug if you notice a violation of semantic versioning.
 ## [Unreleased]
 ### Added
 - .env.local.example for contributor happiness
+- note lack of builds for JRuby 9.2, 9.3 & Truffleruby 23.0, 23.1
+  - [actions/runner - issues/2347][GHA-continue-on-error-ui]
+  - [community/discussions/15452][GHA-allow-failure]
 ### Changed
 ### Deprecated
 ### Removed
@@ -26,6 +29,9 @@ Please file a bug if you notice a violation of semantic versioning.
 - point badge to the correct workflow for Ruby 2.3 (caboose.yml)
 ### Security
 
+[GHA-continue-on-error-ui]: https://github.com/actions/runner/issues/2347
+[GHA-allow-failure]: https://github.com/orgs/community/discussions/15452
+
 ## [2.0.14] - 2025-08-31
 - TAG: [v2.0.14][2.0.14t]
 - COVERAGE: 100.00% -- 519/519 lines in 14 files
diff --git a/README.md b/README.md
index 94706d74..89a2c541 100644
--- a/README.md
+++ b/README.md
@@ -91,9 +91,11 @@ If it seems like you are in the wrong place, you might try one of these:
 
 * Operating Systems: Linux, MacOS, Windows
 * MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
-    * NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
-* JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
-* TruffleRuby @ v23.1, v24.1, HEAD
+    * NOTE: This gem may still _install_ and _run_ on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
+* JRuby @ v9.4, v10.0, HEAD
+    * NOTE: This gem may still _install_ and _run_ on JRuby v9.2 and v9.3, but they are EOL, builds are flaky, and GitHub Actions [doesn't have][GHA-continue-on-error-ui] a proper [`allow-failures` feature][GHA-allow-failure], and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
+* TruffleRuby @ v24.1, HEAD
+    * NOTE: This gem may still _install_ and _run_ on Truffleruby v23.0 and v23.1, but they are EOL, builds are flaky, and GitHub Actions [doesn't have][GHA-continue-on-error-ui] a proper [`allow-failures` feature][GHA-allow-failure], and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
 * gem `faraday` @ v0, v1, v2, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
 * gem `jwt` @ v1, v2, v3, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt)
 * gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [ruby/logger](https://github.com/ruby/logger)
@@ -109,6 +111,9 @@ Also, where reasonable, tested against the runtime dependencies of those depende
 
 * gem `hashie` @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ [hashie/hashie](https://github.com/hashie/hashie)
 
+[GHA-continue-on-error-ui]: https://github.com/actions/runner/issues/2347#issuecomment-2653479732
+[GHA-allow-failure]: https://github.com/orgs/community/discussions/15452
+
 #### Upgrading Runtime Gem Dependencies
 
 This project sits underneath a large portion of the authorization systems on the internet.
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index ccec48b0..9d37c9a5 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 327bc2db..ce223c5e 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 3ac13b9f..7a946ae2 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 7824baea..d60f0e15 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index ed0c6a5e..f04d0384 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index ade8a9de..0394d30a 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index a8a35633..4e0d0276 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 3f4373f7..fa108ce5 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 9ce3f262..8ebb5909 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                    Defined Under Namespace
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index b2bce68b..52ff04d0 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 1556319d..aec015eb 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 35902c74..865a4009 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index e700b58d..8165b951 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 3d62d55b..a0433ec4 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index d0ada5e7..b85c2ef6 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index f9a928ef..a05ba7c4 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                    
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index b475f223..2dd7159e 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -87,6 +87,69 @@ 
                    File Listing
                    
     
                  • LICENSE
                    • 
     
   
+    
                  • CITATION
                    • 
+    
+  
+    
                  • oauth2-2.0.10.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.11.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.12.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.13.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.14.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.10.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.11.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.12.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.13.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.14.gem
                    • 
+    
+  
+    
                  • REEK
                    • 
+    
+  
+    
                  • access_token
                    • 
+    
+  
+    
                  • authenticator
                    • 
+    
+  
+    
                  • client
                    • 
+    
+  
+    
                  • error
                    • 
+    
+  
+    
                  • filtered_attributes
                    • 
+    
+  
+    
                  • response
                    • 
+    
+  
+    
                  • strategy
                    • 
+    
+  
+    
                  • version
                    • 
+    
+  
+    
                  • oauth2
                    • 
+    
+  
   
 
 
                    
@@ -309,7 +372,7 @@ 
                    Namespace Listing A-Z
                    
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 779c63b6..e03ceb9b 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -70,11 +70,24 @@
 
 
                    Unreleased
                    
 
                    Added
                    
-
                    Changed
                    
-
                    Deprecated
                    
-
                    Removed
                    
-
                    Fixed
                    
-
                    Security
                    
+
                      
+  
                    • .env.local.example for contributor happiness
                      • 
+  
                    • note lack of builds for JRuby 9.2, 9.3 & Truffleruby 23.0, 23.1
+    
+  
                      • 
+  
                    • point badge to the correct workflow for Ruby 2.3 (caboose.yml)
+    
                      Security
                      
+  
                      • 
+
                    
 
 
                    
 2.0.14 - 2025-08-31
                    
@@ -96,14 +109,14 @@ 
                    Added
                    
     
   
   
                  • 
-gh662 - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, such as: by @pboling
+gh662 - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, by @pboling
     
                      
       
                    • PKCE required for auth code,
                      • 
       
                    • exact redirect URI match,
                      • 
       
                    • implicit/password grants omitted,
                      • 
       
                    • avoid bearer tokens in query,
                      • 
       
                    • refresh token guidance for public clients,
                      • 
-      
                    • simplified client definitions)
                      • 
+      
                    • simplified client definitions
                      • 
     
                    
   
                    • 
   
                  • 
@@ -1270,7 +1283,7 @@ 
                    
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 23e11a4e..828363d6 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 26a942ff..915e5d74 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                    Attribution
                    
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 6ef3587f..9c64224d 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ 
                    Manual process
                    
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 1fedcb50..e00c4c6a 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                    Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 480f4c6e..0ef24242 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                    MIT License

                    Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                    Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                    Permission is hereby granted, free of charge, to any person obtaining a copy
                    of this software and associated documentation files (the "Software"), to deal
                    in the Software without restriction, including without limitation the rights
                    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                    copies of the Software, and to permit persons to whom the Software is
                    furnished to do so, subject to the following conditions:

                    The above copyright notice and this permission notice shall be included in all
                    copies or substantial portions of the Software.

                    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                    SOFTWARE.
                    
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 5e3a8840..6c1da673 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
                    Raw OIDC with ruby-oauth/oauth2
                    
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index f5091b9a..19470634 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -156,7 +156,7 @@ 
                    💡 Info you can shake a stick at
                    
     
                    • 
@@ -211,11 +211,19 @@ 
                    Compatibility
                  • Operating Systems: Linux, MacOS, Windows
                  • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
     
                      
-      
                    • NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
                      • 
+      
                    • NOTE: This gem may still install and run on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                      • 
+    
                    
+  
                    • 
+  
                  • JRuby @ v9.4, v10.0, HEAD
+    
                      
+      
                    • NOTE: This gem may still install and run on JRuby v9.2 and v9.3, but they are EOL, builds are flaky, and GitHub Actions doesn’t have a proper allow-failures feature, and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                      • 
+    
                    
+  
                    • 
+  
                  • TruffleRuby @ v24.1, HEAD
+    
                      
+      
                    • NOTE: This gem may still install and run on Truffleruby v23.0 and v23.1, but they are EOL, builds are flaky, and GitHub Actions doesn’t have a proper allow-failures feature, and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                      • 
     
                    
   
                    • 
-  
                  • JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
                    • 
-  
                  • TruffleRuby @ v23.1, v24.1, HEAD
                  • gem faraday @ v0, v1, v2, HEAD ⏩️ lostisland/faraday
 
                  • gem jwt @ v1, v2, v3, HEAD ⏩️ jwt/ruby-jwt
@@ -1322,7 +1330,7 @@ 
                    🔐 Security
                    
 
                    🤝 Contributing
                    
 
 
                    If you need some ideas of where to help, you could work on adding more code coverage,
                    
-or if it is already 💯 (see below) check reek, issues, or PRs,
                    
+or if it is already 💯 (see below) check reek, issues, or PRs,
                    
 or use the gem and think about how it could be better.
                    
 
 
                    We Keep A Changelog so if you make changes, remember to update it.
                    
@@ -1468,7 +1476,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index 8c73688c..bd56f3d0 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index d38c64b7..667055fc 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                    Benefits of rubocop_gradual
                    
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 6c1acc92..2db3db01 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                    Enterprise Support
                    
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 7f015385..2d0f92bd 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index 18932761..200c4ae5 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index 47d73f54..a6a03c06 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index c78eeb6f..17392288 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index 43abd8b3..a6f55985 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index 7dc04858..18c6ccb5 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index f72382ae..2f0a6428 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index a60110e6..dd3eef71 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index 22904708..1517ff5a 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
new file mode 100644
index 00000000..b8390682
--- /dev/null
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.14.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                    
+      
+      
                    
+    
                    
+
+    
                    
+      
+
+      
                    5ce561a6b103a123d9b96e1e4725c07094bd6e58c135cc775ae9d5a055c031169ca6d6de379c2569daf1dd8ab2727079db3c80aa8568d6947e94a0c06b4c6d2b
                    
+
                    
+
+      
+
+    
                    
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index 4ee5fc0e..ac9d857e 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index d74ce57a..8008c168 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 1dcb6081..98783d33 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index fb5f4ee1..eb1ec85b 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index 62595c8f..f060baa4 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -92,6 +92,111 @@ 
                    File List
                    
   
                    • 
   
 
+  
                  • 
+    
                    CITATION
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.10.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.11.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.12.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.13.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.14.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.10.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.11.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.12.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.13.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.14.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    REEK
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    access_token
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    authenticator
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    client
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    error
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    filtered_attributes
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    response
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    strategy
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    version
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2
                    
+  
                    • 
+  
+
 
       
diff --git a/docs/index.html b/docs/index.html
index 8a05c08b..e2dcf0c8 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -156,7 +156,7 @@ 
                    💡 Info you can shake a stick at
                    
@@ -211,11 +211,19 @@ 
                    Compatibility
                  • Operating Systems: Linux, MacOS, Windows
                  • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
     
                      
-      
                    • NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
                      • 
+      
                    • NOTE: This gem may still install and run on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                      • 
+    
                    
+  
                    • 
+  
                  • JRuby @ v9.4, v10.0, HEAD
+    
                      
+      
                    • NOTE: This gem may still install and run on JRuby v9.2 and v9.3, but they are EOL, builds are flaky, and GitHub Actions doesn’t have a proper allow-failures feature, and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                      • 
+    
                    
+  
                    • 
+  
                  • TruffleRuby @ v24.1, HEAD
+    
                      
+      
                    • NOTE: This gem may still install and run on Truffleruby v23.0 and v23.1, but they are EOL, builds are flaky, and GitHub Actions doesn’t have a proper allow-failures feature, and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                      • 
     
                    
   
                    • 
-  
                  • JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
                    • 
-  
                  • TruffleRuby @ v23.1, v24.1, HEAD
                  • gem faraday @ v0, v1, v2, HEAD ⏩️ lostisland/faraday
 
                  • gem jwt @ v1, v2, v3, HEAD ⏩️ jwt/ruby-jwt
@@ -1322,7 +1330,7 @@ 
                    🔐 Security
                    
 
                    🤝 Contributing
                    
 
 
                    If you need some ideas of where to help, you could work on adding more code coverage,
                    
-or if it is already 💯 (see below) check reek, issues, or PRs,
                    
+or if it is already 💯 (see below) check reek, issues, or PRs,
                    
 or use the gem and think about how it could be better.
                    
 
 
                    We Keep A Changelog so if you make changes, remember to update it.
                    
@@ -1468,7 +1476,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index c67c53bc..6cedb97f 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                    Defined Under Namespace
                    
 
 
       

From 607a448a6854903f3fd7c3db1cf7fdff4af62c31 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 16:17:29 -0600
Subject: [PATCH 546/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typos?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                                     | 2 +-
 README.md                                        | 4 ++--
 docs/OAuth2.html                                 | 2 +-
 docs/OAuth2/AccessToken.html                     | 2 +-
 docs/OAuth2/Authenticator.html                   | 2 +-
 docs/OAuth2/Client.html                          | 2 +-
 docs/OAuth2/Error.html                           | 2 +-
 docs/OAuth2/FilteredAttributes.html              | 2 +-
 docs/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 docs/OAuth2/Response.html                        | 2 +-
 docs/OAuth2/Strategy.html                        | 2 +-
 docs/OAuth2/Strategy/Assertion.html              | 2 +-
 docs/OAuth2/Strategy/AuthCode.html               | 2 +-
 docs/OAuth2/Strategy/Base.html                   | 2 +-
 docs/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 docs/OAuth2/Strategy/Implicit.html               | 2 +-
 docs/OAuth2/Strategy/Password.html               | 2 +-
 docs/OAuth2/Version.html                         | 2 +-
 docs/_index.html                                 | 2 +-
 docs/file.CHANGELOG.html                         | 4 ++--
 docs/file.CITATION.html                          | 2 +-
 docs/file.CODE_OF_CONDUCT.html                   | 2 +-
 docs/file.CONTRIBUTING.html                      | 2 +-
 docs/file.FUNDING.html                           | 2 +-
 docs/file.LICENSE.html                           | 2 +-
 docs/file.OIDC.html                              | 2 +-
 docs/file.README.html                            | 6 +++---
 docs/file.REEK.html                              | 2 +-
 docs/file.RUBOCOP.html                           | 2 +-
 docs/file.SECURITY.html                          | 2 +-
 docs/file.access_token.html                      | 2 +-
 docs/file.authenticator.html                     | 2 +-
 docs/file.client.html                            | 2 +-
 docs/file.error.html                             | 2 +-
 docs/file.filtered_attributes.html               | 2 +-
 docs/file.oauth2-2.0.10.gem.html                 | 2 +-
 docs/file.oauth2-2.0.11.gem.html                 | 2 +-
 docs/file.oauth2-2.0.12.gem.html                 | 2 +-
 docs/file.oauth2-2.0.13.gem.html                 | 2 +-
 docs/file.oauth2-2.0.14.gem.html                 | 2 +-
 docs/file.oauth2.html                            | 2 +-
 docs/file.response.html                          | 2 +-
 docs/file.strategy.html                          | 2 +-
 docs/file.version.html                           | 2 +-
 docs/index.html                                  | 6 +++---
 docs/top-level-namespace.html                    | 2 +-
 46 files changed, 52 insertions(+), 52 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c8cfbdc3..fc9fcde4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,7 +19,7 @@ Please file a bug if you notice a violation of semantic versioning.
 ## [Unreleased]
 ### Added
 - .env.local.example for contributor happiness
-- note lack of builds for JRuby 9.2, 9.3 & Truffleruby 23.0, 23.1
+- note lack of builds for JRuby 9.2, 9.3 & Truffleruby 22.3, 23.0
   - [actions/runner - issues/2347][GHA-continue-on-error-ui]
   - [community/discussions/15452][GHA-allow-failure]
 ### Changed
diff --git a/README.md b/README.md
index 89a2c541..7563d5c3 100644
--- a/README.md
+++ b/README.md
@@ -94,8 +94,8 @@ If it seems like you are in the wrong place, you might try one of these:
     * NOTE: This gem may still _install_ and _run_ on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
 * JRuby @ v9.4, v10.0, HEAD
     * NOTE: This gem may still _install_ and _run_ on JRuby v9.2 and v9.3, but they are EOL, builds are flaky, and GitHub Actions [doesn't have][GHA-continue-on-error-ui] a proper [`allow-failures` feature][GHA-allow-failure], and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
-* TruffleRuby @ v24.1, HEAD
-    * NOTE: This gem may still _install_ and _run_ on Truffleruby v23.0 and v23.1, but they are EOL, builds are flaky, and GitHub Actions [doesn't have][GHA-continue-on-error-ui] a proper [`allow-failures` feature][GHA-allow-failure], and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
+* TruffleRuby @ v23.1, v24.1, HEAD
+    * NOTE: This gem may still _install_ and _run_ on Truffleruby v22.3 and v23.0, but they are EOL, builds are flaky, and GitHub Actions [doesn't have][GHA-continue-on-error-ui] a proper [`allow-failures` feature][GHA-allow-failure], and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
 * gem `faraday` @ v0, v1, v2, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
 * gem `jwt` @ v1, v2, v3, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt)
 * gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [ruby/logger](https://github.com/ruby/logger)
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 9d37c9a5..ad9ac030 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index ce223c5e..c561253c 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 7a946ae2..e31423a7 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index d60f0e15..643a445f 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index f04d0384..f4b69fde 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 0394d30a..8e7e519d 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 4e0d0276..7c1a758e 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index fa108ce5..e93be62e 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 8ebb5909..3b4a4037 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                    Defined Under Namespace
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 52ff04d0..82635e80 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index aec015eb..fbdc7613 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 865a4009..cb233acc 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 8165b951..7d744769 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index a0433ec4..9dc36a73 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index b85c2ef6..d99c9bb8 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index a05ba7c4..8d2102a9 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                    
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 2dd7159e..0ed10975 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -372,7 +372,7 @@ 
                    Namespace Listing A-Z
                    
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index e03ceb9b..49f6357c 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -72,7 +72,7 @@ 
                    Added
                    
 
                      
   
                    • .env.local.example for contributor happiness
                      • 
-  
                    • note lack of builds for JRuby 9.2, 9.3 & Truffleruby 23.0, 23.1
+  
                    • note lack of builds for JRuby 9.2, 9.3 & Truffleruby 22.3, 23.0
     
                        
       
                      • actions/runner - issues/2347
                        • 
       
                      • 
@@ -1283,7 +1283,7 @@ 
                        
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 828363d6..8ee58235 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 915e5d74..dfc6e76b 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                        Attribution
                        
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 9c64224d..b6b7f37e 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ 
                        Manual process
                        
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index e00c4c6a..0867562b 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                        Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 0ef24242..08469c09 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                        MIT License

                        Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                        Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                        Permission is hereby granted, free of charge, to any person obtaining a copy
                        of this software and associated documentation files (the "Software"), to deal
                        in the Software without restriction, including without limitation the rights
                        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                        copies of the Software, and to permit persons to whom the Software is
                        furnished to do so, subject to the following conditions:

                        The above copyright notice and this permission notice shall be included in all
                        copies or substantial portions of the Software.

                        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                        SOFTWARE.
                        
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 6c1da673..020d2613 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
                        Raw OIDC with ruby-oauth/oauth2
                        
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 19470634..b831ef70 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -219,9 +219,9 @@ 
                        Compatibility
                        
       
                      • NOTE: This gem may still install and run on JRuby v9.2 and v9.3, but they are EOL, builds are flaky, and GitHub Actions doesn’t have a proper allow-failures feature, and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                        • 
     
                      
   
                      • 
-  
                    • TruffleRuby @ v24.1, HEAD
+  
                    • TruffleRuby @ v23.1, v24.1, HEAD
     
                        
-      
                      • NOTE: This gem may still install and run on Truffleruby v23.0 and v23.1, but they are EOL, builds are flaky, and GitHub Actions doesn’t have a proper allow-failures feature, and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                        • 
+      
                      • NOTE: This gem may still install and run on Truffleruby v22.3 and v23.0, but they are EOL, builds are flaky, and GitHub Actions doesn’t have a proper allow-failures feature, and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                        • 
     
                      
   
                      • 
   
                    • gem faraday @ v0, v1, v2, HEAD ⏩️ lostisland/faraday
@@ -1476,7 +1476,7 @@ 
                      Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index bd56f3d0..6ad6c9a5 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 667055fc..b0fadd18 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                      Benefits of rubocop_gradual
                      
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 2db3db01..be9ecaa6 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                      Enterprise Support
                      
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 2d0f92bd..b3975b90 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index 200c4ae5..b292bb63 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index a6a03c06..116b030f 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index 17392288..f2bd9ffa 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index a6f55985..b24a6d9c 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index 18c6ccb5..d50cb2c9 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index 2f0a6428..8f6c5073 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index dd3eef71..c510a9fa 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index 1517ff5a..4c14bd28 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
index b8390682..51b85116 100644
--- a/docs/file.oauth2-2.0.14.gem.html
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index ac9d857e..b278571b 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index 8008c168..f7231749 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 98783d33..aaa2fc40 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index eb1ec85b..91cf430b 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/index.html b/docs/index.html
index e2dcf0c8..78d062c9 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -219,9 +219,9 @@ 
                      Compatibility
                      
       
                    • NOTE: This gem may still install and run on JRuby v9.2 and v9.3, but they are EOL, builds are flaky, and GitHub Actions doesn’t have a proper allow-failures feature, and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                      • 
     
                    
   
                    • 
-  
                  • TruffleRuby @ v24.1, HEAD
+  
                  • TruffleRuby @ v23.1, v24.1, HEAD
     
                      
-      
                    • NOTE: This gem may still install and run on Truffleruby v23.0 and v23.1, but they are EOL, builds are flaky, and GitHub Actions doesn’t have a proper allow-failures feature, and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                      • 
+      
                    • NOTE: This gem may still install and run on Truffleruby v22.3 and v23.0, but they are EOL, builds are flaky, and GitHub Actions doesn’t have a proper allow-failures feature, and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                      • 
     
                    
   
                  • gem faraday @ v0, v1, v2, HEAD ⏩️ lostisland/faraday
@@ -1476,7 +1476,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 6cedb97f..4c5e944c 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                    Defined Under Namespace
                    
 
 
       

From bdc80ac2628a066660c48ae1a35813d41966a369 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 16:36:02 -0600
Subject: [PATCH 547/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Add=20back=20maili?=
 =?UTF-8?q?ng=20list=20link?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CONTRIBUTING.md                                  | 2 ++
 docs/OAuth2.html                                 | 2 +-
 docs/OAuth2/AccessToken.html                     | 2 +-
 docs/OAuth2/Authenticator.html                   | 2 +-
 docs/OAuth2/Client.html                          | 2 +-
 docs/OAuth2/Error.html                           | 2 +-
 docs/OAuth2/FilteredAttributes.html              | 2 +-
 docs/OAuth2/FilteredAttributes/ClassMethods.html | 2 +-
 docs/OAuth2/Response.html                        | 2 +-
 docs/OAuth2/Strategy.html                        | 2 +-
 docs/OAuth2/Strategy/Assertion.html              | 2 +-
 docs/OAuth2/Strategy/AuthCode.html               | 2 +-
 docs/OAuth2/Strategy/Base.html                   | 2 +-
 docs/OAuth2/Strategy/ClientCredentials.html      | 2 +-
 docs/OAuth2/Strategy/Implicit.html               | 2 +-
 docs/OAuth2/Strategy/Password.html               | 2 +-
 docs/OAuth2/Version.html                         | 2 +-
 docs/_index.html                                 | 2 +-
 docs/file.CHANGELOG.html                         | 2 +-
 docs/file.CITATION.html                          | 2 +-
 docs/file.CODE_OF_CONDUCT.html                   | 2 +-
 docs/file.CONTRIBUTING.html                      | 5 +++--
 docs/file.FUNDING.html                           | 2 +-
 docs/file.LICENSE.html                           | 2 +-
 docs/file.OIDC.html                              | 2 +-
 docs/file.README.html                            | 2 +-
 docs/file.REEK.html                              | 2 +-
 docs/file.RUBOCOP.html                           | 2 +-
 docs/file.SECURITY.html                          | 2 +-
 docs/file.access_token.html                      | 2 +-
 docs/file.authenticator.html                     | 2 +-
 docs/file.client.html                            | 2 +-
 docs/file.error.html                             | 2 +-
 docs/file.filtered_attributes.html               | 2 +-
 docs/file.oauth2-2.0.10.gem.html                 | 2 +-
 docs/file.oauth2-2.0.11.gem.html                 | 2 +-
 docs/file.oauth2-2.0.12.gem.html                 | 2 +-
 docs/file.oauth2-2.0.13.gem.html                 | 2 +-
 docs/file.oauth2-2.0.14.gem.html                 | 2 +-
 docs/file.oauth2.html                            | 2 +-
 docs/file.response.html                          | 2 +-
 docs/file.strategy.html                          | 2 +-
 docs/file.version.html                           | 2 +-
 docs/index.html                                  | 2 +-
 docs/top-level-namespace.html                    | 2 +-
 45 files changed, 48 insertions(+), 45 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index d23bd9f3..59ae2314 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -5,6 +5,7 @@ This project should be a safe, welcoming space for collaboration, so contributor
 the [code of conduct][🤝conduct].
 
 To submit a patch, please fork the project, create a patch with tests, and send a pull request.
+Post a message to the [google group][⛳mail-list] if you want to.
 
 Remember to [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] if you make changes.
 
@@ -175,6 +176,7 @@ Run `bundle exec kettle-release`.
 13. Run `bundle exec rake release` which will create a git tag for the version,
     push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems]
 
+[⛳mail-list]: http://groups.google.com/group/oauth-ruby
 [📜src-gl]: https://gitlab.com/ruby-oauth/oauth2/
 [📜src-cb]: https://codeberg.org/ruby-oauth/oauth2
 [📜src-gh]: https://github.com/ruby-oauth/oauth2
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index ad9ac030..6282a46f 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index c561253c..65ab00e2 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index e31423a7..faf89410 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 643a445f..51a88241 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index f4b69fde..5b3f877f 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 8e7e519d..62a00b76 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 7c1a758e..f5a90ad2 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index e93be62e..ae0d68ae 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 3b4a4037..8085e14f 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                    Defined Under Namespace
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 82635e80..a73c3e38 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index fbdc7613..e51945bb 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index cb233acc..b520e5b3 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 7d744769..4c10c316 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 9dc36a73..6126dbcf 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index d99c9bb8..6ac72792 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 8d2102a9..07846f2b 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                    
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 0ed10975..a92b83b2 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -372,7 +372,7 @@ 
                    Namespace Listing A-Z
                    
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 49f6357c..de8e3bb2 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -1283,7 +1283,7 @@ 
                    
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 8ee58235..4b363e04 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index dfc6e76b..9ab02890 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                    Attribution
                    
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index b6b7f37e..69263c84 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -63,7 +63,8 @@
 This project should be a safe, welcoming space for collaboration, so contributors agree to adhere to
                    
 the code of conduct.
                    
 
-
                    To submit a patch, please fork the project, create a patch with tests, and send a pull request.
                    
+
                    To submit a patch, please fork the project, create a patch with tests, and send a pull request.
                    
+Post a message to the google group if you want to.
                    
 
 
                    Remember to Keep A Changelog if you make changes.
                    
 
@@ -274,7 +275,7 @@ 
                    Manual process
                    
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 0867562b..b48ef0de 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                    Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 08469c09..6d677a46 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                    MIT License

                    Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                    Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                    Permission is hereby granted, free of charge, to any person obtaining a copy
                    of this software and associated documentation files (the "Software"), to deal
                    in the Software without restriction, including without limitation the rights
                    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                    copies of the Software, and to permit persons to whom the Software is
                    furnished to do so, subject to the following conditions:

                    The above copyright notice and this permission notice shall be included in all
                    copies or substantial portions of the Software.

                    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                    SOFTWARE.
                    
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 020d2613..c6d7b33c 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
                    Raw OIDC with ruby-oauth/oauth2
                    
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index b831ef70..a2501cf8 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -1476,7 +1476,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index 6ad6c9a5..3820ad01 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index b0fadd18..c356839a 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                    Benefits of rubocop_gradual
                    
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index be9ecaa6..d2aea7ee 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                    Enterprise Support
                    
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index b3975b90..8c8b190e 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index b292bb63..418162db 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index 116b030f..6e7c3a0c 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index f2bd9ffa..41c84414 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index b24a6d9c..ef605c3e 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index d50cb2c9..c0b336c1 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index 8f6c5073..b5615efd 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index c510a9fa..b4d3ea9c 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index 4c14bd28..4511e72c 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
index 51b85116..0f3a1796 100644
--- a/docs/file.oauth2-2.0.14.gem.html
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index b278571b..cae2ccb7 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index f7231749..7aca41d4 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index aaa2fc40..306658cd 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index 91cf430b..111a1dfe 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/index.html b/docs/index.html
index 78d062c9..aa23d0ad 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1476,7 +1476,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 4c5e944c..91c7f665 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                    Defined Under Namespace
                    
 
 
       

From c5d7fe22bea898e41366590fbe37562deffd68af Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 22:05:08 -0600
Subject: [PATCH 548/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typo?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .junie/guidelines.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.junie/guidelines.md b/.junie/guidelines.md
index 0d9cac20..949c89b7 100644
--- a/.junie/guidelines.md
+++ b/.junie/guidelines.md
@@ -12,7 +12,7 @@ This document captures project-specific knowledge to streamline setup, testing,
     - See .env.local.example for an example of what to put in .env.local.
     - See CONTRIBUTING.md for details on how to set up your local environment.
 - Ruby and Bundler
-  - Runtime supports very old Rubies (>= 1.9.2) but development tooling targets >= 2.3 because of CI/setup-ruby and dev dependencies.
+  - Runtime supports very old Rubies (>= 2.2), but development tooling targets >= 2.3 because of CI/setup-ruby and dev dependencies.
   - Use a recent Ruby (>= 3.1 recommended) for fastest setup and to exercise modern coverage behavior.
   - Install dependencies via Bundler in project root:
     - bundle install

From 1499ef7d6d3ac31e54d073cbab9b57d255b804a4 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 23:18:11 -0600
Subject: [PATCH 549/645] =?UTF-8?q?=F0=9F=91=A5=20Add=20google=20group=20t?=
 =?UTF-8?q?o=20spec.email?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 oauth2.gemspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oauth2.gemspec b/oauth2.gemspec
index 9c8bf0c8..b75ce7e4 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -16,7 +16,7 @@ Gem::Specification.new do |spec|
   spec.name = "oauth2"
   spec.version = gem_version
   spec.authors = ["Peter Boling", "Erik Michaels-Ober", "Michael Bleigh"]
-  spec.email = ["floss@galtzo.com"]
+  spec.email = ["floss@galtzo.com", "oauth-ruby@googlegroups.com"]
 
   spec.summary = "🔐 OAuth 2.0, 2.1 & OIDC Core Ruby implementation"
   spec.description = "🔐 A Ruby wrapper for the OAuth 2.0 Authorization Framework, including the OAuth 2.1 draft spec, and OpenID Connect (OIDC)"

From 9f00b2705814d2f4809c125cab34875158331820 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 6 Sep 2025 14:08:03 -0600
Subject: [PATCH 550/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20kettle-dev=20v1.1.?=
 =?UTF-8?q?7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .git-hooks/commit-msg | 39 +++++++++++++---------
 Gemfile.lock          | 77 ++++---------------------------------------
 oauth2.gemspec        |  2 +-
 3 files changed, 30 insertions(+), 88 deletions(-)

diff --git a/.git-hooks/commit-msg b/.git-hooks/commit-msg
index cd918f6b..750c5bb1 100755
--- a/.git-hooks/commit-msg
+++ b/.git-hooks/commit-msg
@@ -1,21 +1,24 @@
 #!/usr/bin/env ruby
 # vim: set syntax=ruby
 
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
-
-require "rubygems"
-require "bundler/setup"
-
-# External gems
-require "gitmoji/regex"
+# Do not rely on Bundler; allow running outside a Bundler context
+begin
+  require "rubygems"
+rescue LoadError
+  # continue
+end
 
-full_text = File.read(ARGV[0])
-# Is the first character a GitMoji?
-gitmoji_index = full_text =~ Gitmoji::Regex::REGEX
-if gitmoji_index == 0
-  exit 0
-else
-  denied = < e
+  warn("gitmoji-regex gem not found: #{e.class}: #{e.message}.\n\tSkipping gitmoji check and allowing commit to proceed.\n\tRecommendation: add 'gitmoji-regex' to your development dependencies to enable this check.")
+  exit 0
 end
diff --git a/Gemfile.lock b/Gemfile.lock
index 8f4b5353..1982af18 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -28,25 +28,17 @@ GEM
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
     ansi (1.5.0)
-    appraisal2 (3.0.0)
-      bundler (>= 1.17.3)
-      rake (>= 10)
-      thor (>= 0.14)
     ast (2.4.3)
     backports (3.25.1)
     base64 (0.3.0)
     benchmark (0.4.1)
-    bigdecimal (3.2.2)
-    bundler-audit (0.9.2)
-      bundler (>= 1.2.0, < 3)
-      thor (~> 1.0)
+    bigdecimal (3.2.3)
     coderay (1.1.3)
     concurrent-ruby (1.3.5)
     date (3.4.1)
     debug (1.11.0)
       irb (~> 1.10)
       reline (>= 0.3.8)
-    delegate (0.4.0)
     diff-lcs (1.6.2)
     diffy (3.4.4)
     docile (1.4.1)
@@ -89,8 +81,6 @@ GEM
     gem_bench (2.0.5)
       bundler (>= 1.14)
       version_gem (~> 1.1, >= 1.1.4)
-    gitmoji-regex (1.0.3)
-      version_gem (~> 1.1, >= 1.1.8)
     hashie (5.0.0)
     io-console (0.8.1)
     irb (1.15.2)
@@ -100,17 +90,7 @@ GEM
     json (2.13.2)
     jwt (3.1.2)
       base64
-    kettle-dev (1.0.24)
-      appraisal2 (~> 3.0)
-      bundler-audit (~> 0.9.2)
-      gitmoji-regex (~> 1.0, >= 1.0.3)
-      kettle-test (~> 1.0)
-      rake (~> 13.0)
-      require_bench (~> 1.0, >= 1.0.4)
-      rspec-pending_for
-      ruby-progressbar (~> 1.13)
-      stone_checksums (~> 1.0, >= 1.0.2)
-      version_gem (~> 1.1, >= 1.1.8)
+    kettle-dev (1.1.7)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)
@@ -120,15 +100,6 @@ GEM
       simplecov-rcov (~> 0.3, >= 0.3.7)
       simplecov_json_formatter (~> 0.1, >= 0.1.4)
       version_gem (~> 1.1, >= 1.1.8)
-    kettle-test (1.0.3)
-      appraisal2 (~> 3.0)
-      rspec (~> 3.0)
-      rspec-block_is_expected (~> 1.0, >= 1.0.6)
-      rspec-stubbed_env (~> 1.0, >= 1.0.4)
-      rspec_junit_formatter (~> 0.6)
-      silent_stream (~> 1.0, >= 1.0.12)
-      timecop-rspec (~> 1.0, >= 1.0.3)
-      version_gem (~> 1.1, >= 1.1.8)
     kramdown (2.5.1)
       rexml (>= 3.3.9)
     kramdown-parser-gfm (1.1.0)
@@ -161,9 +132,8 @@ GEM
       stringio
     public_suffix (6.0.2)
     racc (1.8.1)
-    rack (3.2.0)
+    rack (3.2.1)
     rainbow (3.1.1)
-    rake (13.3.0)
     rbs (3.9.4)
       logger
     rdoc (6.14.2)
@@ -178,30 +148,8 @@ GEM
     regexp_parser (2.11.2)
     reline (0.6.2)
       io-console (~> 0.5)
-    require_bench (1.0.4)
-      version_gem (>= 1.1.3, < 4)
     rexml (3.4.2)
-    rspec (3.13.1)
-      rspec-core (~> 3.13.0)
-      rspec-expectations (~> 3.13.0)
-      rspec-mocks (~> 3.13.0)
     rspec-block_is_expected (1.0.6)
-    rspec-core (3.13.5)
-      rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.5)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.5)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.13.0)
-    rspec-pending_for (0.1.18)
-      rspec-core (~> 3.0)
-      ruby_engine (~> 2.0)
-      ruby_version (~> 1.0)
-    rspec-stubbed_env (1.0.4)
-    rspec-support (3.13.5)
-    rspec_junit_formatter (0.6.0)
-      rspec-core (>= 2, < 4, != 2.12.0)
     rubocop (1.75.8)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
@@ -243,7 +191,7 @@ GEM
     rubocop-rake (0.7.1)
       lint_roller (~> 1.1)
       rubocop (>= 1.72.1)
-    rubocop-rspec (3.6.0)
+    rubocop-rspec (3.7.0)
       lint_roller (~> 1.1)
       rubocop (~> 1.72, >= 1.72.1)
     rubocop-ruby2_2 (2.0.5)
@@ -261,11 +209,6 @@ GEM
       rubocop (~> 1.72, >= 1.72.1)
       rubocop-ast (>= 1.44.0, < 2.0)
     ruby-progressbar (1.13.0)
-    ruby_engine (2.0.3)
-    ruby_version (1.0.3)
-    silent_stream (1.0.12)
-      logger (~> 1.2)
-      version_gem (>= 1.1.8, < 3)
     simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
@@ -303,22 +246,14 @@ GEM
       standard-custom (>= 1.0.2, < 2)
       standard-performance (>= 1.3.1, < 2)
       version_gem (>= 1.1.4, < 3)
-    stone_checksums (1.0.2)
-      version_gem (~> 1.1, >= 1.1.8)
     stringio (3.1.7)
     terminal-table (4.0.0)
       unicode-display_width (>= 1.1.1, < 4)
-    thor (1.4.0)
-    timecop (0.9.10)
-    timecop-rspec (1.0.3)
-      delegate (~> 0.1)
-      rspec (~> 3.0)
-      timecop (>= 0.7, < 1)
     unicode-display_width (3.1.5)
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
     uri (1.0.3)
-    version_gem (1.1.8)
+    version_gem (1.1.9)
     yard (0.9.37)
     yard-relative_markdown_links (0.5.0)
       nokogiri (>= 1.14.3, < 2)
@@ -334,7 +269,7 @@ DEPENDENCIES
   benchmark (~> 0.4, >= 0.4.1)
   debug (>= 1.0.0)
   gem_bench (~> 2.0, >= 2.0.5)
-  kettle-dev (~> 1.0, >= 1.0.24)
+  kettle-dev (~> 1.1, >= 1.1.7)
   kettle-soup-cover (~> 1.0, >= 1.0.10)
   kramdown (~> 2.5, >= 2.5.1)
   kramdown-parser-gfm (~> 1.1)
diff --git a/oauth2.gemspec b/oauth2.gemspec
index b75ce7e4..4a70ce85 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -151,7 +151,7 @@ Thanks, @pboling / @galtzo
   # Dev, Test, & Release Tasks
   spec.add_development_dependency("addressable", "~> 2.8", ">= 2.8.7")  # ruby >= 2.2
   spec.add_development_dependency("backports", "~> 3.25", ">= 3.25.1")  # ruby >= 0
-  spec.add_development_dependency("kettle-dev", "~> 1.0", ">= 1.0.24")  # ruby >= 2.3
+  spec.add_development_dependency("kettle-dev", "~> 1.1", ">= 1.1.7")   # ruby >= 2.3
   spec.add_development_dependency("nkf", "~> 0.2")                      # ruby >= 2.3
   spec.add_development_dependency("rexml", "~> 3.2", ">= 3.2.5")        # ruby >= 0
 end

From ceccd25ca3ce6b9b2c302e3b672679d6c97c0d1f Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 6 Sep 2025 14:08:24 -0600
Subject: [PATCH 551/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typos,=20rem?=
 =?UTF-8?q?ove=20accidental=20duplication,=20in=20CHANGELOG.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 188 ++++++++-------------------------------------------
 1 file changed, 28 insertions(+), 160 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fc9fcde4..230f0cdb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -23,9 +23,11 @@ Please file a bug if you notice a violation of semantic versioning.
   - [actions/runner - issues/2347][GHA-continue-on-error-ui]
   - [community/discussions/15452][GHA-allow-failure]
 ### Changed
+- Upgrade to kettle-dev v1.1.7
 ### Deprecated
 ### Removed
 ### Fixed
+- Remove accidentally duplicated lines, and fix typos in CHANGELOG.md
 - point badge to the correct workflow for Ruby 2.3 (caboose.yml)
 ### Security
 
@@ -39,25 +41,25 @@ Please file a bug if you notice a violation of semantic versioning.
 - 90.48% documented
 ### Added
 - improved documentation by @pboling
-- [gh665][gh665] - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
-- [gh666][gh666] - Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling
+- [gh!665][gh!665] - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
+- [gh!666][gh!666] - Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling
   - Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)
-- [gh662][gh662] - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, by @pboling
+- [gh!662][gh!662] - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, by @pboling
   - PKCE required for auth code,
   - exact redirect URI match,
   - implicit/password grants omitted,
   - avoid bearer tokens in query,
   - refresh token guidance for public clients,
   - simplified client definitions
-- [gh663][gh663] - document how to implement an OIDC client with this gem in OIDC.md by @pboling
+- [gh!663][gh!663] - document how to implement an OIDC client with this gem in OIDC.md by @pboling
   - also, list libraries built on top of the oauth2 gem that implement OIDC
-- [gh664][gh664] - README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
+- [gh!664][gh!664] - README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
 
-[gh662]: https://github.com/ruby-oauth/oauth2/pull/662
-[gh663]: https://github.com/ruby-oauth/oauth2/pull/663
-[gh664]: https://github.com/ruby-oauth/oauth2/pull/664
-[gh665]: https://github.com/ruby-oauth/oauth2/pull/665
-[gh666]: https://github.com/ruby-oauth/oauth2/pull/666
+[gh!662]: https://github.com/ruby-oauth/oauth2/pull/662
+[gh!663]: https://github.com/ruby-oauth/oauth2/pull/663
+[gh!664]: https://github.com/ruby-oauth/oauth2/pull/664
+[gh!665]: https://github.com/ruby-oauth/oauth2/pull/665
+[gh!666]: https://github.com/ruby-oauth/oauth2/pull/666
 
 ## [2.0.13] - 2025-08-30
 - TAG: [v2.0.13][2.0.13t]
@@ -65,23 +67,23 @@ Please file a bug if you notice a violation of semantic versioning.
 - BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files
 - 90.48% documented
 ### Added
-- [gh656][gh656] - Support revocation with URL-encoded parameters
-- [gh660][gh660] - Inline yard documentation by @pboling
-- [gh660][gh660] - Complete RBS types documentation by @pboling
-- [gh660][gh660]- (more) Comprehensive documentation / examples by @pboling
-- [gh657][gh657] - Updated documentation for org-rename by @pboling
+- [gh!656][gh!656] - Support revocation with URL-encoded parameters
+- [gh!660][gh!660] - Inline yard documentation by @pboling
+- [gh!660][gh!660] - Complete RBS types documentation by @pboling
+- [gh!660][gh!660]- (more) Comprehensive documentation / examples by @pboling
+- [gh!657][gh!657] - Updated documentation for org-rename by @pboling
 - More funding links by @Aboling0
 - Documentation: Added docs/OIDC.md with OIDC 1.0 overview, example, and references
 ### Changed
 - Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
-- [gh660][gh660] - Shrink post-install message by 4 lines by @pboling
+- [gh!660][gh!660] - Shrink post-install message by 4 lines by @pboling
 ### Fixed
-- [gh660][gh660] - Links in README (including link to HEAD documentation) by @pboling
+- [gh!660][gh!660] - Links in README (including link to HEAD documentation) by @pboling
 ### Security
 
-[gh660]: https://github.com/ruby-oauth/oauth2/pull/660
-[gh657]: https://github.com/ruby-oauth/oauth2/pull/657
-[gh656]: https://github.com/ruby-oauth/oauth2/pull/656
+[gh!660]: https://github.com/ruby-oauth/oauth2/pull/660
+[gh!657]: https://github.com/ruby-oauth/oauth2/pull/657
+[gh!656]: https://github.com/ruby-oauth/oauth2/pull/656
 
 ## [2.0.12] - 2025-05-31
 - TAG: [v2.0.12][2.0.12t]
@@ -89,7 +91,7 @@ Please file a bug if you notice a violation of semantic versioning.
 - Branch Coverage: 100.0% (174 / 174)
 - 80.00% documented
 ### Added
-- [gh652][gh652] - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
+- [gh!652][gh!652] - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
     - Support JWT `kid` for key discovery and management
 - More Documentation by @pboling
     - Documented Serialization Extensions
@@ -103,8 +105,7 @@ Please file a bug if you notice a violation of semantic versioning.
 - Documentation Typos by @pboling
 ### Security
 
-[gh652]: https://github.com/oauth-xx/oauth2/pull/652
-[gh652]: https://github.com/ruby-oauth/oauth2/pull/652
+[gh!652]: https://github.com/ruby-oauth/oauth2/pull/652
 
 ## [2.0.11] - 2025-05-23
 - TAG: [v2.0.11][2.0.11t]
@@ -112,11 +113,9 @@ Please file a bug if you notice a violation of semantic versioning.
 - BRANCH COVERAGE: 100.00% -- 172/172 branches in 14 files
 - 80.00% documented
 ### Added
-- [gh651](https://github.com/oauth-xx/oauth2/pull/651) - `:snaky_hash_klass` option (@pboling)
-- [gh651](https://github.com/ruby-oauth/oauth2/pull/651) - `:snaky_hash_klass` option (@pboling)
+- [gh!651](https://github.com/ruby-oauth/oauth2/pull/651) - `:snaky_hash_klass` option (@pboling)
 - More documentation
 - Codeberg as ethical mirror (@pboling)
-    - https://codeberg.org/oauth-xx/oauth2
     - https://codeberg.org/ruby-oauth/oauth2
 - Don't check for cert if SKIP_GEM_SIGNING is set (@pboling)
 - All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling)
@@ -124,19 +123,15 @@ Please file a bug if you notice a violation of semantic versioning.
 - YARD config, GFM compatible with relative file links (@pboling)
 - Documentation site on GitHub Pages (@pboling)
     - [oauth2.galtzo.com](https://oauth2.galtzo.com)
-- [!649](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/649) - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
-- [gh651](https://github.com/oauth-xx/oauth2/pull/651) - Mock OAuth2 server for testing (@pboling)
 - [!649](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/649) - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
-- [gh651](https://github.com/ruby-oauth/oauth2/pull/651) - Mock OAuth2 server for testing (@pboling)
+- [gh!651](https://github.com/ruby-oauth/oauth2/pull/651) - Mock OAuth2 server for testing (@pboling)
     - https://github.com/navikt/mock-oauth2-server
 ### Changed
-- [gh651](https://github.com/oauth-xx/oauth2/pull/651) - Upgraded to snaky_hash v2.0.3 (@pboling)
-- [gh651](https://github.com/ruby-oauth/oauth2/pull/651) - Upgraded to snaky_hash v2.0.3 (@pboling)
+- [gh!651](https://github.com/ruby-oauth/oauth2/pull/651) - Upgraded to snaky_hash v2.0.3 (@pboling)
     - Provides solution for serialization issues
 - Updated `spec.homepage_uri` in gemspec to GitHub Pages YARD documentation site (@pboling)
 ### Fixed
-- [gh650](https://github.com/oauth-xx/oauth2/pull/650) - Regression in return type of `OAuth2::Response#parsed` (@pboling)
-- [gh650](https://github.com/ruby-oauth/oauth2/pull/650) - Regression in return type of `OAuth2::Response#parsed` (@pboling)
+- [gh!650](https://github.com/ruby-oauth/oauth2/pull/650) - Regression in return type of `OAuth2::Response#parsed` (@pboling)
 - Incorrect documentation related to silencing warnings (@pboling)
 
 ## [2.0.10] - 2025-05-17
@@ -145,10 +140,6 @@ Please file a bug if you notice a violation of semantic versioning.
 - BRANCH COVERAGE: 100.00% -- 170/170 branches in 14 files
 - 79.05% documented
 ### Added
-- [gh!632](https://github.com/oauth-xx/oauth2/pull/632) - Added `funding.yml` (@Aboling0)
-- [!635](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/635) - Added `.gitlab-ci.yml` (@jessieay)
-- [#638](https://gitlab.com/oauth-xx/oauth2/-/issues/638) - Documentation of support for **ILO Fundamental Principles of Rights at Work** (@pboling)
-- [!642](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/642) - 20-year certificate for signing gem releases, expires 2045-04-29 (@pboling)
 - [gh!632](https://github.com/ruby-oauth/oauth2/pull/632) - Added `funding.yml` (@Aboling0)
 - [!635](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/635) - Added `.gitlab-ci.yml` (@jessieay)
 - [#638](https://gitlab.com/ruby-oauth/oauth2/-/issues/638) - Documentation of support for **ILO Fundamental Principles of Rights at Work** (@pboling)
@@ -158,47 +149,26 @@ Please file a bug if you notice a violation of semantic versioning.
         - news_uri
         - mailing_list_uri
     - SHA256 and SHA512 Checksums for release
-- [!643](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/643) - Add `token_name` option (@pboling)
 - [!643](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/643) - Add `token_name` option (@pboling)
     - Specify the parameter name that identifies the access token
-- [!645](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/645) - Add `OAuth2::OAUTH_DEBUG` constant, based on `ENV["OAUTH_DEBUG"] (@pboling)
-- [!646](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/646) - Add `OAuth2.config.silence_extra_tokens_warning`, default: false (@pboling)
-- [!647](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/647) - Add IETF RFC 7009 Token Revocation compliant (@pboling)
 - [!645](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/645) - Add `OAuth2::OAUTH_DEBUG` constant, based on `ENV["OAUTH_DEBUG"] (@pboling)
 - [!646](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/646) - Add `OAuth2.config.silence_extra_tokens_warning`, default: false (@pboling)
 - [!647](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/647) - Add IETF RFC 7009 Token Revocation compliant (@pboling)
     - `OAuth2::Client#revoke_token`
     - `OAuth2::AccessToken#revoke`
     - See: https://datatracker.ietf.org/doc/html/rfc7009
-- [gh!644](https://github.com/oauth-xx/oauth2/pull/644), [gh!645](https://github.com/oauth-xx/oauth2/pull/645) - Added CITATION.cff (@Aboling0)
-- [!648](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/648) - Improved documentation (@pboling)
 - [gh!644](https://github.com/ruby-oauth/oauth2/pull/644), [gh!645](https://github.com/ruby-oauth/oauth2/pull/645) - Added CITATION.cff (@Aboling0)
 - [!648](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/648) - Improved documentation (@pboling)
 ### Changed
 - Default value of `OAuth2.config.silence_extra_tokens_warning` was `false`, now `true` (@pboling)
 - Gem releases are now cryptographically signed, with a 20-year cert (@pboling)
     - Allow linux distros to build release without signing, as their package managers sign independently
-- [!647](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/647) - `OAuth2::AccessToken#refresh` now supports block param pass through (@pboling)
-- [!647](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/647) - `OAuth2.config` is no longer writable (@pboling)
-- [!647](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/647) - Errors raised by `OAuth2::AccessToken` are now always `OAuth2::Error` and have better metadata (@pboling)
 - [!647](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/647) - `OAuth2::AccessToken#refresh` now supports block param pass through (@pboling)
 - [!647](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/647) - `OAuth2.config` is no longer writable (@pboling)
 - [!647](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/647) - Errors raised by `OAuth2::AccessToken` are now always `OAuth2::Error` and have better metadata (@pboling)
 ### Fixed
-- [#95](https://gitlab.com/oauth-xx/oauth2/-/issues/95) - restoring an access token via `AccessToken#from_hash` (@pboling)
 - [#95](https://gitlab.com/ruby-oauth/oauth2/-/issues/95) - restoring an access token via `AccessToken#from_hash` (@pboling)
     - This was a 13 year old bug report. 😘
-- [#619](https://gitlab.com/oauth-xx/oauth2/-/issues/619) - Internal options (like `snaky`, `raise_errors`, and `parse`) are no longer included in request (@pboling)
-- [!633](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/633) - Spaces will now be encoded as `%20` instead of `+` (@nov.matake)
-- [!634](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/634) - `CHANGELOG.md` documentation fix (@skuwa229)
-- [!638](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/638) - fix `expired?` when `expires_in` is `0` (@disep)
-- [!639](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/639) - Only instantiate `OAuth2::Error` if `raise_errors` option is `true` (@glytch2)
-- [#639](https://gitlab.com/oauth-xx/oauth2/-/issues/639) - `AccessToken#to_hash` is now serializable, just a regular Hash (@pboling)
-- [!640](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/640) - `README.md` documentation fix (@martinezcoder)
-- [!641](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/641) - Do not include sensitive information in the `inspect` (@manuelvanrijn)
-- [#641](https://gitlab.com/oauth-xx/oauth2/-/issues/641) - Made default JSON response parser more resilient (@pboling)
-- [#645](https://gitlab.com/oauth-xx/oauth2/-/issues/645) - Response no longer becomes a snaky hash (@pboling)
-- [gh!646](https://github.com/oauth-xx/oauth2/pull/646) - Change `require` to `require_relative` (improve performance) (@Aboling0)
 - [#619](https://gitlab.com/ruby-oauth/oauth2/-/issues/619) - Internal options (like `snaky`, `raise_errors`, and `parse`) are no longer included in request (@pboling)
 - [!633](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/633) - Spaces will now be encoded as `%20` instead of `+` (@nov.matake)
 - [!634](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/634) - `CHANGELOG.md` documentation fix (@skuwa229)
@@ -222,35 +192,27 @@ Please file a bug if you notice a violation of semantic versioning.
 ## [2.0.8] - 2022-09-01
 - TAG: [v2.0.8][2.0.8t]
 ### Changed
-- [!630](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/630) - Extract snaky_hash to external dependency (@pboling)
 - [!630](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/630) - Extract snaky_hash to external dependency (@pboling)
 ### Added
-- [!631](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/631) - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes [#628](https://gitlab.com/oauth-xx/oauth2/-/issues/628)
 - [!631](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/631) - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes [#628](https://gitlab.com/ruby-oauth/oauth2/-/issues/628)
 
 ## [2.0.7] - 2022-08-22
 - TAG: [v2.0.7][2.0.7t]
 ### Added
-- [!629](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/629) - Allow POST of JSON to get token (@pboling, @terracatta)
 - [!629](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/629) - Allow POST of JSON to get token (@pboling, @terracatta)
 ### Fixed
-- [!626](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
 - [!626](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
     - Note: This fixes compatibility with `omniauth-oauth2` and AWS
-- [!625](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/625) - Fixes the printed version in the post install message (@hasghari)
 - [!625](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/625) - Fixes the printed version in the post install message (@hasghari)
 
 ## [2.0.6] - 2022-07-13
 - TAG: [v2.0.6][2.0.6t]
 ### Fixed
-- [!624](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/624) - Fixes a [regression](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
 - [!624](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/624) - Fixes a [regression](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
 
 ## [2.0.5] - 2022-07-07
 - TAG: [v2.0.5][2.0.5t]
 ### Fixed
-- [!620](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/620) - Documentation improvements, to help with upgrading (@swanson)
-- [!621](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/621) - Fixed [#528](https://gitlab.com/oauth-xx/oauth2/-/issues/528) and [#619](https://gitlab.com/oauth-xx/oauth2/-/issues/619) (@pboling)
 - [!620](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/620) - Documentation improvements, to help with upgrading (@swanson)
 - [!621](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/621) - Fixed [#528](https://gitlab.com/ruby-oauth/oauth2/-/issues/528) and [#619](https://gitlab.com/ruby-oauth/oauth2/-/issues/619) (@pboling)
     - All data in responses is now returned, with the access token removed and set as `token`
@@ -262,28 +224,20 @@ Please file a bug if you notice a violation of semantic versioning.
 ## [2.0.4] - 2022-07-01
 - TAG: [v2.0.4][2.0.4t]
 ### Fixed
-- [!618](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/618) - In some scenarios the `snaky` option default value was not applied (@pboling)
 - [!618](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/618) - In some scenarios the `snaky` option default value was not applied (@pboling)
 
 ## [2.0.3] - 2022-06-28
 - TAG: [v2.0.3][2.0.3t]
 ### Added
-- [!611](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling)
-- [!612](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling)
 - [!611](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling)
 - [!612](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling)
 ### Fixed
-- [!608](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler)
-- [!615](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling)
 - [!608](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler)
 - [!615](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling)
 
 ## [2.0.2] - 2022-06-24
 - TAG: [v2.0.2][2.0.2t]
 ### Fixed
-- [!604](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu)
-- [!606](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu)
-- [!607](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan)
 - [!604](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu)
 - [!606](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu)
 - [!607](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan)
@@ -297,32 +251,6 @@ Please file a bug if you notice a violation of semantic versioning.
 ## [2.0.0] - 2022-06-21
 - TAG: [v2.0.0][2.0.0t]
 ### Added
-- [!158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [!344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Optionally pass raw response to parsers (@niels)
-- [!190](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/190), [!332](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/332), [!334](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/334), [!335](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/335), [!360](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/360), [!426](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/426), [!427](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/427), [!461](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
-- [!220](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
-- [!298](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig)
-- [!305](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/305) - Option: `OAuth2::Client#get_token` - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` (@styd)
-- [!346](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Modern gem structure (@pboling)
-- [!351](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/351) - Support Jruby 9k (@pboling)
-- [!362](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/362) - Support SemVer release version scheme (@pboling)
-- [!363](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/363) - New method `OAuth2::AccessToken#refresh!` same as old `refresh`, with backwards compatibility alias (@pboling)
-- [!364](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/364) - Support `application/hal+json` format (@pboling)
-- [!365](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/365) - Support `application/vnd.collection+json` format (@pboling)
-- [!376](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/376) - _Documentation_: Example / Test for Google 2-legged JWT (@jhmoore)
-- [!381](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/381) - Spec for extra header params on client credentials (@nikz)
-- [!394](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/394) - Option: `OAuth2::AccessToken#initialize` - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx)
-- [!412](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/412) - Support `application/vdn.api+json` format (from jsonapi.org) (@david-christensen)
-- [!413](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/413) - _Documentation_: License scan and report (@meganemura)
-- [!442](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound)
-- [!494](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork)
-- [!549](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionError` (@nikkypx)
-- [!550](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/550) - Raise error if location header not present when redirecting (@stanhu)
-- [!552](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/552) - Add missing `version.rb` require (@ahorek)
-- [!553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - Support `application/problem+json` format (@janz93)
-- [!560](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk)
-- [!571](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Support Ruby 3.1 (@pboling)
-- [!575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
-- [!581](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/581) - _Documentation_: of breaking changes (@pboling)
 - [!158](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/158), [!344](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/344) - Optionally pass raw response to parsers (@niels)
 - [!190](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/190), [!332](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/332), [!334](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/334), [!335](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/335), [!360](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/360), [!426](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/426), [!427](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/427), [!461](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
 - [!220](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
@@ -350,16 +278,6 @@ Please file a bug if you notice a violation of semantic versioning.
 - [!575](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
 - [!581](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/581) - _Documentation_: of breaking changes (@pboling)
 ### Changed
-- [!191](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens)
-- [!312](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
-- [!317](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth)
-- [!338](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/338) - _Dependency_: Switch from `Rack::Utils.escape` to `CGI.escape` (@josephpage)
-- [!339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [!368](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/368), [!424](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/424), [!479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479), [!493](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/493), [!539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539), [!542](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/542), [!553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek)
-- [!410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore)
-- [!414](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
-- [!469](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost)
-- [!469](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost)
-- [!507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507), [!575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - **BREAKING**: Transform keys to snake case, always, by default (ultimately via `rash_alt` gem)
 - [!191](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens)
 - [!312](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
 - [!317](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth)
@@ -373,29 +291,9 @@ Please file a bug if you notice a violation of semantic versioning.
     - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
     - However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be snake case.
     - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
-- [!576](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - **BREAKING**: Stop rescuing parsing errors (@pboling)
-- [!591](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated
 - [!576](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/576) - **BREAKING**: Stop rescuing parsing errors (@pboling)
 - [!591](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated
 ### Fixed
-- [!158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [!344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Handling of errors when using `omniauth-facebook` (@niels)
-- [!294](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom)
-- [!300](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare)
-- [!318](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/318), [!326](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/326), [!343](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/343), [!347](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/347), [!397](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/397), [!464](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/464), [!561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561), [!565](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/565) - _Dependency_: Support all versions of `faraday` (see [gemfiles/README.md][gemfiles/readme] for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother)
-- [!322](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/322), [!331](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/331), [!337](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/337), [!361](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/361), [!371](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/371), [!377](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/377), [!383](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/383), [!392](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/392), [!395](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/395), [!400](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/400), [!401](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/401), [!403](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/403), [!415](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/415), [!567](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/567) - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator)
-- [!328](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/328) - _Documentation_: Homepage URL is SSL (@amatsuda)
-- [!339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [!479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage)
-- [!366](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/366) - **Security**: Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling)
-- [!380](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/380) - Fix: Stop attempting to encode non-encodable objects in `Oauth2::Error` (@jhmoore)
-- [!399](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/399) - Fix: Stop duplicating `redirect_uri` in `get_token` (@markus)
-- [!410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - Fix: `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore)
-- [!460](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/460) - Fix: Stop throwing errors when `raise_errors` is set to `false`; analog of [!524](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/524) for `1-4-stable` branch (@joaolrpaulo)
-- [!472](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler)
-- [!482](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/482) - _Documentation_: Update last of `intridea` links to `oauth-xx` (@pboling)
-- [!536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [!535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) on `1-4-stable` branch (@pboling)
-- [!595](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/595) - Graceful handling of empty responses from `Client#get_token`, respecting `:raise_errors` config (@stanhu)
-- [!596](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu)
-- [!598](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu)
 - [!158](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/158), [!344](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/344) - Handling of errors when using `omniauth-facebook` (@niels)
 - [!294](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom)
 - [!300](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare)
@@ -415,12 +313,6 @@ Please file a bug if you notice a violation of semantic versioning.
 - [!596](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu)
 - [!598](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu)
 ### Removed
-- [!341](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/341) - Remove Rdoc & Jeweler related files (@josephpage)
-- [!342](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage)
-- [!539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) - Remove reliance on globally included OAuth2 in tests, analog of [!538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) for 1-4-stable (@anderscarling)
-- [!566](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/566) - _Dependency_: Removed `wwtd` (@bquorning)
-- [!589](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/589), [!593](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/593) - Remove support for expired MAC token draft spec (@stanhu)
-- [!590](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/590) - _Dependency_: Removed `multi_json` (@stanhu)
 - [!341](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/341) - Remove Rdoc & Jeweler related files (@josephpage)
 - [!342](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage)
 - [!539](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/539) - Remove reliance on globally included OAuth2 in tests, analog of [!538](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/538) for 1-4-stable (@anderscarling)
@@ -435,12 +327,10 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ## [1.4.10] - 2022-07-01
 - TAG: [v1.4.10][1.4.10t]
-- FIPS Compatibility [!587](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/587) (@akostadinov)
 - FIPS Compatibility [!587](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/587) (@akostadinov)
 
 ## [1.4.9] - 2022-02-20
 - TAG: [v1.4.9][1.4.9t]
-- Fixes compatibility with Faraday v2 [572](https://gitlab.com/oauth-xx/oauth2/-/issues/572)
 - Fixes compatibility with Faraday v2 [572](https://gitlab.com/ruby-oauth/oauth2/-/issues/572)
 - Includes supported versions of Faraday in test matrix:
     - Faraday ~> 2.2.0 with Ruby >= 2.6
@@ -452,34 +342,24 @@ Please file a bug if you notice a violation of semantic versioning.
 - TAG: [v1.4.8][1.4.8t]
 - MFA is now required to push new gem versions (@pboling)
 - README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling)
-- [!569](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/569) Backport fixes ([!561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
 - [!569](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/569) Backport fixes ([!561](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
 - Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
 - Add CodeQL, Security Policy, Funding info (@pboling)
 - Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
-- [!543](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/543) - Support for more modern Open SSL libraries (@pboling)
 - [!543](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/543) - Support for more modern Open SSL libraries (@pboling)
 
 ## [1.4.7] - 2021-03-19
 - TAG: [v1.4.7][1.4.7t]
-- [!541](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/541) - Backport fix to expires_at handling [!533](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/533) to 1-4-stable branch. (@dobon)
 - [!541](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/541) - Backport fix to expires_at handling [!533](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/533) to 1-4-stable branch. (@dobon)
 
 ## [1.4.6] - 2021-03-19
 - TAG: [v1.4.6][1.4.6t]
-- [!540](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/540) - Add VERSION constant (@pboling)
-- [!537](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/537) - Fix crash in OAuth2::Client#get_token (@anderscarling)
-- [!538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) - Remove reliance on globally included OAuth2 in tests, analogous to [!539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) on main branch (@anderscarling)
 - [!540](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/540) - Add VERSION constant (@pboling)
 - [!537](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/537) - Fix crash in OAuth2::Client#get_token (@anderscarling)
 - [!538](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/538) - Remove reliance on globally included OAuth2 in tests, analogous to [!539](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/539) on main branch (@anderscarling)
 
 ## [1.4.5] - 2021-03-18
 - TAG: [v1.4.5][1.4.5t]
-- [!535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [!536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) on main branch (@pboling)
-- [!518](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer)
-- [!507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507) - Fix camel case content type, response keys (@anvox)
-- [!500](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/500) - Fix YARD documentation formatting (@olleolleolle)
 - [!535](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [!536](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/536) on main branch (@pboling)
 - [!518](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer)
 - [!507](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/507) - Fix camel case content type, response keys (@anvox)
@@ -487,34 +367,22 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ## [1.4.4] - 2020-02-12
 - TAG: [v1.4.4][1.4.4t]
-- [!408](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/408) - Fixed expires_at for formatted time (@Lomey)
 - [!408](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/408) - Fixed expires_at for formatted time (@Lomey)
 
 ## [1.4.3] - 2020-01-29
 - TAG: [v1.4.3][1.4.3t]
-- [!483](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/483) - add project metadata to gemspec (@orien)
-- [!495](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
 - [!483](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/483) - add project metadata to gemspec (@orien)
 - [!495](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
     - Adds support for private_key_jwt and tls_client_auth
-- [!433](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/433) - allow field names with square brackets and numbers in params (@asm256)
 - [!433](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/433) - allow field names with square brackets and numbers in params (@asm256)
 
 ## [1.4.2] - 2019-10-01
 - TAG: [v1.4.2][1.4.2t]
-- [!478](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/478) - support latest version of faraday & fix build (@pboling)
 - [!478](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/478) - support latest version of faraday & fix build (@pboling)
     - Officially support Ruby 2.6 and truffleruby
 
 ## [1.4.1] - 2018-10-13
 - TAG: [v1.4.1][1.4.1t]
-- [!417](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/417) - update jwt dependency (@thewoolleyman)
-- [!419](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/419) - remove rubocop dependency (temporary, added back in [!423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423)) (@pboling)
-- [!418](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/418) - update faraday dependency (@pboling)
-- [!420](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/420) - update [oauth2.gemspec](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/oauth2.gemspec) (@pboling)
-- [!421](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/421) - fix [CHANGELOG.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/CHANGELOG.md) for previous releases (@pboling)
-- [!422](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/422) - update [LICENSE](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/LICENSE) and [README.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/README.md) (@pboling)
-- [!423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423) - update [builds](https://travis-ci.org/oauth-xx/oauth2/builds), [Rakefile](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/Rakefile) (@pboling)
 - [!417](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/417) - update jwt dependency (@thewoolleyman)
 - [!419](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/419) - remove rubocop dependency (temporary, added back in [!423](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/423)) (@pboling)
 - [!418](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/418) - update faraday dependency (@pboling)

From 50c9a66619e0fb6ab18802b149d3dd15a00129bf Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 6 Sep 2025 14:08:34 -0600
Subject: [PATCH 552/645] =?UTF-8?q?=F0=9F=A7=91=E2=80=8D=F0=9F=92=BB=20IDE?=
 =?UTF-8?q?=20settings?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/oauth2.iml | 32 +++++---------------------------
 1 file changed, 5 insertions(+), 27 deletions(-)

diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index 5c3d6b0d..62138b86 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -18,19 +18,16 @@
     
     
     
-    
     
     
     
     
-    
+    
     
-    
     
     
     
     
-    
     
     
     
@@ -45,15 +42,13 @@
     
     
     
-    
     
     
     
     
     
-    
+    
     
-    
     
     
     
@@ -74,25 +69,15 @@
     
     
     
-    
+    
     
-    
     
     
     
     
     
-    
     
-    
     
-    
-    
-    
-    
-    
-    
-    
     
     
     
@@ -102,14 +87,11 @@
     
     
     
-    
+    
     
     
     
     
-    
-    
-    
     
     
     
@@ -122,16 +104,12 @@
     
     
     
-    
     
     
-    
-    
-    
     
     
     
-    
+    
     
     
     

From 7e9650875788188bffb3c5491d3d5e7baec0d71e Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 7 Sep 2025 14:30:03 -0600
Subject: [PATCH 553/645] =?UTF-8?q?=F0=9F=8E=A8=20Template=20bootstrap=20b?=
 =?UTF-8?q?y=20kettle-dev-setup=20v1.1.9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .aiignore                                     |  19 +
 .env.local.example                            |  15 +-
 .git-hooks/prepare-commit-msg                 |   3 +-
 .github/workflows/current.yml                 |   5 +
 .github/workflows/dep-heads.yml               | 105 +++
 .github/workflows/heads.yml                   |   9 +-
 .github/workflows/jruby.yml                   |   5 +
 .gitignore                                    |   1 +
 .gitlab-ci.yml                                |  72 ++-
 .idea/oauth2.iml                              |  30 +-
 .junie/guidelines.md                          |   8 +-
 Appraisals                                    |  71 +-
 CHANGELOG.md                                  | 608 +-----------------
 CONTRIBUTING.md                               |  42 +-
 FUNDING.md                                    |   4 +-
 Gemfile                                       |  14 +-
 Gemfile.lock                                  |  84 ++-
 README.md                                     |  36 +-
 Rakefile                                      |   6 +-
 SECURITY.md                                   |  20 +-
 bin/kettle-dev-setup                          |  16 +
 bin/kettle-dvcs                               |  16 +
 bin/kettle-pre-release                        |  16 +
 bin/pry                                       |  16 +
 bin/rbs                                       |  16 +
 gemfiles/audit.gemfile                        |   5 +-
 gemfiles/coverage.gemfile                     |   5 +-
 gemfiles/current.gemfile                      |   2 +-
 gemfiles/dep_heads.gemfile                    |   7 +
 gemfiles/deps_unlocked.gemfile                |  13 -
 gemfiles/head.gemfile                         |   2 -
 gemfiles/modular/debug.gemfile                |   6 +-
 gemfiles/modular/erb/r2.3/default.gemfile     |   6 +
 gemfiles/modular/erb/r2.6/v2.2.gemfile        |   3 +
 gemfiles/modular/erb/r2/v3.0.gemfile          |   1 +
 gemfiles/modular/erb/r3.1/v4.0.gemfile        |   2 +
 gemfiles/modular/erb/r3/v5.0.gemfile          |   1 +
 gemfiles/modular/erb/vHEAD.gemfile            |   2 +
 gemfiles/modular/injected.gemfile             |  60 ++
 gemfiles/modular/mutex_m/r2.4/v0.1.gemfile    |   3 +
 gemfiles/modular/mutex_m/r2/v0.3.gemfile      |   2 +
 gemfiles/modular/mutex_m/r3/v0.3.gemfile      |   2 +
 gemfiles/modular/mutex_m/vHEAD.gemfile        |   2 +
 gemfiles/modular/runtime_heads.gemfile        |   2 +
 gemfiles/modular/stringio/r2.4/v0.0.2.gemfile |   4 +
 gemfiles/modular/stringio/r2/v3.0.gemfile     |   5 +
 gemfiles/modular/stringio/r3/v3.0.gemfile     |   5 +
 gemfiles/modular/stringio/vHEAD.gemfile       |   2 +
 gemfiles/modular/x_std_libs.gemfile           |   2 +
 gemfiles/modular/x_std_libs/r2.3/libs.gemfile |   3 +
 gemfiles/modular/x_std_libs/r2.4/libs.gemfile |   3 +
 gemfiles/modular/x_std_libs/r2.6/libs.gemfile |   3 +
 gemfiles/modular/x_std_libs/r2/libs.gemfile   |   3 +
 gemfiles/modular/x_std_libs/r3.1/libs.gemfile |   3 +
 gemfiles/modular/x_std_libs/r3/libs.gemfile   |   3 +
 gemfiles/modular/x_std_libs/vHEAD.gemfile     |   3 +
 gemfiles/ruby_2_3_hashie_v0.gemfile           |   2 +
 gemfiles/ruby_2_3_hashie_v1.gemfile           |   2 +
 gemfiles/ruby_2_3_hashie_v2.gemfile           |   2 +
 gemfiles/ruby_2_3_hashie_v3.gemfile           |   2 +
 gemfiles/ruby_2_3_hashie_v4.gemfile           |   2 +
 gemfiles/ruby_2_3_hashie_v5.gemfile           |   2 +
 gemfiles/ruby_2_4.gemfile                     |   2 +
 gemfiles/ruby_2_5.gemfile                     |   2 +
 gemfiles/ruby_2_6.gemfile                     |   5 +-
 gemfiles/ruby_2_7.gemfile                     |   5 +-
 gemfiles/ruby_3_0.gemfile                     |   5 +-
 gemfiles/ruby_3_1.gemfile                     |   5 +-
 gemfiles/ruby_3_2.gemfile                     |   5 +-
 gemfiles/ruby_3_3.gemfile                     |   5 +-
 gemfiles/style.gemfile                        |   5 +-
 gemfiles/unlocked_deps.gemfile                |   2 +
 oauth2.gemspec                                |  51 +-
 73 files changed, 728 insertions(+), 778 deletions(-)
 create mode 100644 .aiignore
 create mode 100644 .github/workflows/dep-heads.yml
 create mode 100755 bin/kettle-dev-setup
 create mode 100755 bin/kettle-dvcs
 create mode 100755 bin/kettle-pre-release
 create mode 100755 bin/pry
 create mode 100755 bin/rbs
 create mode 100644 gemfiles/dep_heads.gemfile
 delete mode 100644 gemfiles/deps_unlocked.gemfile
 create mode 100644 gemfiles/modular/erb/r2.3/default.gemfile
 create mode 100644 gemfiles/modular/erb/r2.6/v2.2.gemfile
 create mode 100644 gemfiles/modular/erb/r2/v3.0.gemfile
 create mode 100644 gemfiles/modular/erb/r3.1/v4.0.gemfile
 create mode 100644 gemfiles/modular/erb/r3/v5.0.gemfile
 create mode 100644 gemfiles/modular/erb/vHEAD.gemfile
 create mode 100644 gemfiles/modular/injected.gemfile
 create mode 100644 gemfiles/modular/mutex_m/r2.4/v0.1.gemfile
 create mode 100644 gemfiles/modular/mutex_m/r2/v0.3.gemfile
 create mode 100644 gemfiles/modular/mutex_m/r3/v0.3.gemfile
 create mode 100644 gemfiles/modular/mutex_m/vHEAD.gemfile
 create mode 100644 gemfiles/modular/stringio/r2.4/v0.0.2.gemfile
 create mode 100644 gemfiles/modular/stringio/r2/v3.0.gemfile
 create mode 100644 gemfiles/modular/stringio/r3/v3.0.gemfile
 create mode 100644 gemfiles/modular/stringio/vHEAD.gemfile
 create mode 100644 gemfiles/modular/x_std_libs.gemfile
 create mode 100644 gemfiles/modular/x_std_libs/r2.3/libs.gemfile
 create mode 100644 gemfiles/modular/x_std_libs/r2.4/libs.gemfile
 create mode 100644 gemfiles/modular/x_std_libs/r2.6/libs.gemfile
 create mode 100644 gemfiles/modular/x_std_libs/r2/libs.gemfile
 create mode 100644 gemfiles/modular/x_std_libs/r3.1/libs.gemfile
 create mode 100644 gemfiles/modular/x_std_libs/r3/libs.gemfile
 create mode 100644 gemfiles/modular/x_std_libs/vHEAD.gemfile

diff --git a/.aiignore b/.aiignore
new file mode 100644
index 00000000..df6bd8b7
--- /dev/null
+++ b/.aiignore
@@ -0,0 +1,19 @@
+# An .aiignore file follows the same syntax as a .gitignore file.
+# .gitignore documentation: https://git-scm.com/docs/gitignore
+
+# you can ignore files
+.DS_Store
+*.log
+*.tmp
+
+# or folders
+.devcontainer/
+.qlty/
+.yardoc/
+dist/
+build/
+out/
+coverage/
+docs/
+pkg/
+results/
diff --git a/.env.local.example b/.env.local.example
index f07a00ae..dd5423f9 100644
--- a/.env.local.example
+++ b/.env.local.example
@@ -11,4 +11,17 @@ export AUTOGEN_FIXTURE_CLEANUP=false # autogenerated gem fixture cleanup after e
 export GIT_HOOK_FOOTER_APPEND=false
 export GIT_HOOK_FOOTER_APPEND_DEBUG=false
 export GIT_HOOK_FOOTER_SENTINEL="⚡️ A message from a fellow meat-based-AI ⚡️"
-export GITHUB_TOKEN=
+
+# Tokens used by ci:act and CI helpers for reading workflow/pipeline status via APIs
+# GitHub (either GITHUB_TOKEN or GH_TOKEN will be used; fine-grained recommended)
+# - Scope/permissions: For fine-grained tokens, grant repository access (Read) and Actions: Read
+# - For classic tokens, public repos need no scopes; private repos typically require repo
+export GITHUB_TOKEN=
+# Alternatively:
+# export GH_TOKEN=
+
+# GitLab (either GITLAB_TOKEN or GL_TOKEN will be used)
+# - Scope: read_api is sufficient to read pipelines
+export GITLAB_TOKEN=
+# Alternatively:
+# export GL_TOKEN=
diff --git a/.git-hooks/prepare-commit-msg b/.git-hooks/prepare-commit-msg
index 48c75470..c6a15570 100755
--- a/.git-hooks/prepare-commit-msg
+++ b/.git-hooks/prepare-commit-msg
@@ -11,8 +11,7 @@ PROJECT_ROOT="$(CDPATH= cd -- "$(dirname -- "$0")"/.. && pwd)"
 # One of the things .envrc needs to do is add $PROJECT_ROOT/bin/ to the path.
 # You should have this line at the top of .envrc
 #   PATH_add bin
-# NOTE: this project needs to also add exe as well,
-#       but other libraries won't generally need to do that.
+# NOTE: If this project ships exe scripts it should also add that.
 if command -v direnv >/dev/null 2>&1; then
   exec direnv exec "$PROJECT_ROOT" "kettle-commit-msg" "$@"
 else
diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml
index aca52ba3..72e44fe1 100644
--- a/.github/workflows/current.yml
+++ b/.github/workflows/current.yml
@@ -65,9 +65,11 @@ jobs:
 
     steps:
       - name: Checkout
+        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
         uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
+        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
@@ -79,8 +81,11 @@ jobs:
       # We need to do this first to get appraisal installed.
       # NOTE: This does not use the primary Gemfile at all.
       - name: Install Root Appraisal
+        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
         run: bundle
       - name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}
+        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle
       - name: Tests for ${{ matrix.ruby }}@${{ matrix.appraisal }} via ${{ matrix.exec_cmd }}
+        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }}
diff --git a/.github/workflows/dep-heads.yml b/.github/workflows/dep-heads.yml
new file mode 100644
index 00000000..f6915689
--- /dev/null
+++ b/.github/workflows/dep-heads.yml
@@ -0,0 +1,105 @@
+# Targets the evergreen latest release of ruby, truffleruby, and jruby
+#   and tests against the HEAD of runtime dependencies
+name: Runtime Deps @ HEAD
+
+permissions:
+  contents: read
+
+env:
+  K_SOUP_COV_DO: false
+
+on:
+  push:
+    branches:
+      - 'main'
+      - '*-stable'
+    tags:
+      - '!*' # Do not execute on tags
+  pull_request:
+    branches:
+      - '*'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  # The concurrency group contains the workflow name and the branch name.
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  test:
+    if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    name: Specs ${{ matrix.ruby }}@${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
+    runs-on: ubuntu-latest
+    continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
+    env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
+      BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile
+    strategy:
+      fail-fast: true
+      matrix:
+        include:
+          # Ruby 3.4
+          - ruby: "ruby"
+            appraisal: "dep-heads"
+            exec_cmd: "rake test"
+            gemfile: "Appraisal.root"
+            rubygems: latest
+            bundler: latest
+
+          # truffleruby-24.1
+          #   (according to documentation: targets Ruby 3.3 compatibility)
+          #   (according to runtime: targets Ruby 3.2 compatibility)
+          - ruby: "truffleruby"
+            appraisal: "dep-heads"
+            exec_cmd: "rake test"
+            gemfile: "Appraisal.root"
+            rubygems: default
+            bundler: default
+
+          # jruby-10.0 (targets Ruby 3.4 compatibility)
+          - ruby: "jruby"
+            appraisal: "dep-heads"
+            exec_cmd: "rake test"
+            gemfile: "Appraisal.root"
+            rubygems: default
+            bundler: default
+
+    steps:
+      - name: Checkout
+        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+        uses: actions/checkout@v5
+
+      - name: Setup Ruby & RubyGems
+        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          rubygems: ${{ matrix.rubygems }}
+          bundler: ${{ matrix.bundler }}
+          bundler-cache: false
+
+      # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root)
+      # We need to do this first to get appraisal installed.
+      # NOTE: This does not use the primary Gemfile at all.
+      - name: "Install Root Appraisal"
+        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+        run: bundle
+
+      - name: "[Attempt 1] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
+        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+        id: bundleAttempt1
+        run: bundle exec appraisal ${{ matrix.appraisal }} bundle
+        # Continue to the next step on failure
+        continue-on-error: true
+
+      # Effectively an automatic retry of the previous step.
+      - name: "[Attempt 2] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
+        # If bundleAttempt1 failed, try again here; Otherwise skip.
+        if: ${{ steps.bundleAttempt1.outcome == 'failure' && !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+        id: bundleAttempt2
+        run: bundle exec appraisal ${{ matrix.appraisal }} bundle
+
+      - name: Tests for ${{ matrix.ruby }}@${{ matrix.appraisal }} via ${{ matrix.exec_cmd }}
+        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+        run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }}
diff --git a/.github/workflows/heads.yml b/.github/workflows/heads.yml
index e2046e66..f8c92d16 100644
--- a/.github/workflows/heads.yml
+++ b/.github/workflows/heads.yml
@@ -64,9 +64,11 @@ jobs:
 
     steps:
       - name: Checkout
+        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
         uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
+        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
@@ -78,9 +80,11 @@ jobs:
       # We need to do this first to get appraisal installed.
       # NOTE: This does not use the primary Gemfile at all.
       - name: "Install Root Appraisal"
+        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
         run: bundle
 
       - name: "[Attempt 1] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
+        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
         id: bundleAttempt1
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle
         # Continue to the next step on failure
@@ -88,10 +92,11 @@ jobs:
 
       # Effectively an automatic retry of the previous step.
       - name: "[Attempt 2] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
-        id: bundleAttempt2
         # If bundleAttempt1 failed, try again here; Otherwise skip.
-        if: steps.bundleAttempt1.outcome == 'failure'
+        if: ${{ steps.bundleAttempt1.outcome == 'failure' && !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+        id: bundleAttempt2
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle
 
       - name: Tests for ${{ matrix.ruby }}@${{ matrix.appraisal }} via ${{ matrix.exec_cmd }}
+        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }}
diff --git a/.github/workflows/jruby.yml b/.github/workflows/jruby.yml
index 99ea13d9..26cc8f3e 100644
--- a/.github/workflows/jruby.yml
+++ b/.github/workflows/jruby.yml
@@ -46,9 +46,11 @@ jobs:
 
     steps:
       - name: Checkout
+        if: ${{ !env.ACT }}
         uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
+        if: ${{ !env.ACT }}
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
@@ -60,8 +62,11 @@ jobs:
       # We need to do this first to get appraisal installed.
       # NOTE: This does not use the primary Gemfile at all.
       - name: Install Root Appraisal
+        if: ${{ !env.ACT }}
         run: bundle
       - name: Appraisal for ${{ matrix.appraisal }}
+        if: ${{ !env.ACT }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle
       - name: Tests for ${{ matrix.ruby }} via ${{ matrix.exec_cmd }}
+        if: ${{ !env.ACT }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }}
diff --git a/.gitignore b/.gitignore
index 83000f2c..5fb6e270 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,6 +16,7 @@ Appraisal.*.gemfile.lock
 /coverage/
 /spec/reports/
 /results/
+.output.txt
 
 # Documentation
 /.yardoc/
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1d4f5398..3390138a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,16 +1,31 @@
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
+#stages:
+#  - test
+#sast:
+#  stage: test
+#include:
+#  - template: Security/SAST.gitlab-ci.yml
+
 default:
-  image: ruby:3.2
+  image: ruby
 
 variables:
   BUNDLE_INSTALL_FLAGS: "--quiet --jobs=$(nproc) --retry=3"
   BUNDLE_FROZEN: "false" # No lockfile!
+  BUNDLE_GEMFILE: Appraisal.root.gemfile
   K_SOUP_COV_DEBUG: true
   K_SOUP_COV_DO: true
   K_SOUP_COV_HARD: true
   K_SOUP_COV_MIN_BRANCH: 100
   K_SOUP_COV_MIN_LINE: 100
   K_SOUP_COV_VERBOSE: true
-  K_SOUP_COV_FORMATTERS: "html,xml,rcov,lcov,json,tty"
+  K_SOUP_COV_FORMATTERS: "tty"
   K_SOUP_COV_MULTI_FORMATTERS: true
   K_SOUP_COV_COMMAND_NAME: "RSpec Coverage"
 
@@ -18,7 +33,7 @@ workflow:
   rules:
     # For merge requests, create a pipeline.
     - if: '$CI_MERGE_REQUEST_IID'
-    # For default branch, create a pipeline (this includes on schedules, pushes, merges, etc.).
+    # For the ` main ` branch, create a pipeline (this includes on schedules, pushes, merges, etc.).
     - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
     # For tags, create a pipeline.
     - if: '$CI_COMMIT_TAG'
@@ -27,10 +42,25 @@ workflow:
   image: ruby:${RUBY_VERSION}
   stage: test
   script:
-    - gem update --silent --system
-    - bundle config --local path vendor
+    # || true so we don't fail here, because it'll probably work even if the gem update fails
+    - gem update --silent --system > /dev/null 2>&1 || true
+    - mkdir -p vendor/bundle
+    - bundle config set path 'vendor/bundle'
+    - chmod +t -R vendor/bundle
+    - chmod o-w -R vendor/bundle
+    # Setup appraisal2
     - bundle install
-    - bundle exec rake
+    # Bundle a specific appraisal
+    - bundle exec appraisal unlocked_deps bundle install
+    # Light smoke test
+    - bundle exec appraisal unlocked_deps bin/rake --tasks
+    # Run tests, skipping those that won't work in CI
+    - >
+      bundle exec appraisal unlocked_deps \
+        bin/rspec spec \
+          --tag \~ci_skip \
+          --format progress \
+          --format RspecJunitFormatter
   cache:
     key: ${CI_JOB_IMAGE}
     paths:
@@ -40,13 +70,28 @@ workflow:
   image: ruby:${RUBY_VERSION}
   stage: test
   script:
-    # Because we support EOL Ruby still...
-    - gem install rubygems-update -v ${RUBYGEMS_VERSION}
+    # RUBYGEMS_VERSION because we support EOL Ruby still...
+    # || true so we don't fail here, because it'll probably work even if the gem update fails
+    - gem install rubygems-update -v ${RUBYGEMS_VERSION} || true
     # Actually updates both RubyGems and Bundler!
     - update_rubygems
-    - bundle config --local path vendor
+    - mkdir -p vendor/bundle
+    - bundle config set path 'vendor/bundle'
+    - chmod +t -R vendor/bundle
+    - chmod o-w -R vendor/bundle
+    # Setup appraisal2
     - bundle install
-    - bundle exec rake test
+    # Bundle a specific appraisal
+    - bundle exec appraisal ${APPRAISAL} bundle install
+    # Light smoke test
+    - bundle exec appraisal ${APPRAISAL} bin/rake --tasks
+    # Run tests, skipping those that won't work in CI
+    - >
+      bundle exec appraisal unlocked_deps \
+        bin/rspec spec \
+          --tag \~ci_skip \
+          --format progress \
+          --format RspecJunitFormatter
   cache:
     key: ${CI_JOB_IMAGE}
     paths:
@@ -54,7 +99,6 @@ workflow:
 
 ruby-current:
   variables:
-    BUNDLE_GEMFILE: gemfiles/omnibus.gemfile
     K_SOUP_COV_DO: true
   <<: *test_definition-current
   parallel:
@@ -64,7 +108,7 @@ ruby-current:
 ruby-ruby3_1:
   variables:
     RUBYGEMS_VERSION: "3.6.9"
-    BUNDLE_GEMFILE: gemfiles/vanilla.gemfile
+    APPRAISAL: ruby_3_1
     K_SOUP_COV_DO: false
   <<: *test_definition-legacy
   parallel:
@@ -74,7 +118,7 @@ ruby-ruby3_1:
 ruby-ruby3_0:
   variables:
     RUBYGEMS_VERSION: "3.5.23"
-    BUNDLE_GEMFILE: gemfiles/vanilla.gemfile
+    APPRAISAL: ruby_3_0
     K_SOUP_COV_DO: false
   <<: *test_definition-legacy
   parallel:
@@ -84,7 +128,7 @@ ruby-ruby3_0:
 ruby-ruby2_7:
   variables:
     RUBYGEMS_VERSION: "3.4.22"
-    BUNDLE_GEMFILE: gemfiles/vanilla.gemfile
+    APPRAISAL: ruby_2_7
     K_SOUP_COV_DO: false
   <<: *test_definition-legacy
   parallel:
diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index 62138b86..046be677 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -18,16 +18,18 @@
     
     
     
+    
     
     
     
     
     
     
-    
+    
     
     
     
+    
     
     
     
@@ -42,20 +44,22 @@
     
     
     
+    
     
     
     
     
     
-    
+    
     
+    
     
     
     
     
     
-    
     
+    
     
     
     
@@ -65,19 +69,28 @@
     
     
     
-    
     
     
     
     
     
+    
     
     
     
     
     
-    
+    
+    
+    
     
+    
+    
+    
+    
+    
+    
+    
     
     
     
@@ -92,6 +105,9 @@
     
     
     
+    
+    
+    
     
     
     
@@ -104,8 +120,12 @@
     
     
     
+    
     
     
+    
+    
+    
     
     
     
diff --git a/.junie/guidelines.md b/.junie/guidelines.md
index 949c89b7..ca783b2d 100644
--- a/.junie/guidelines.md
+++ b/.junie/guidelines.md
@@ -13,7 +13,7 @@ This document captures project-specific knowledge to streamline setup, testing,
     - See CONTRIBUTING.md for details on how to set up your local environment.
 - Ruby and Bundler
   - Runtime supports very old Rubies (>= 2.2), but development tooling targets >= 2.3 because of CI/setup-ruby and dev dependencies.
-  - Use a recent Ruby (>= 3.1 recommended) for fastest setup and to exercise modern coverage behavior.
+  - Use a recent Ruby (>= 3.4 recommended) for fastest setup and to exercise modern coverage behavior.
   - Install dependencies via Bundler in project root:
     - bundle install
 - Rake tasks (preferred entry points)
@@ -82,7 +82,7 @@ This document captures project-specific knowledge to streamline setup, testing,
   - During a spec run, the presence of output about missing activation keys is often expected, since it is literally what this library is for. It only indicates a failure if the spec expected all activation keys to be present, and not all specs do.
 - Adding new tests (guidelines)
   - Organize specs by class/module. Do not create per-task umbrella spec files; add examples to the existing spec for the class/module under test, or create a new spec file for that class/module if one does not exist. Only create a standalone scenario spec when it intentionally spans multiple classes for an integration/benchmark scenario (e.g., bench_integration_spec), and name it accordingly.
-  - Spec file names must map to a real class or module under lib/ (mirror the path). Do not introduce specs for non-existent classes or ad-hoc names (e.g., avoid template_helpers_replacements_spec.rb when testing OAuth2::TemplateHelpers; add those examples to template_helpers_spec.rb).
+  - Spec file names must map to a real class or module under lib/ (mirror the path). Do not introduce specs for non-existent classes or ad-hoc names (e.g., avoid template_helpers_replacements_spec.rb when testing Oauth2::TemplateHelpers; add those examples to template_helpers_spec.rb).
   - REQUIRED: Provide unit tests for every class, module, constant, and public method. Place them in spec/ mirroring the path under lib/. When a file under lib/ is added or changed, ensure a corresponding spec file exists/updated for it.
   - Add tests for all public methods and add contexts for variations of their arguments, and arity.
   - This repository targets near-100% coverage of its public API; when you add new public methods, rake tasks to a rakelib, or config behavior, add or update specs accordingly.
@@ -133,3 +133,7 @@ Notes
 - Coverage reports: NEVER review the HTML report. Use JSON (preferred), XML, LCOV, or RCOV. For this project, always run tests with K_SOUP_COV_FORMATTERS set to "json".
 - Do NOT modify .envrc in tasks; when running tests locally or in scripts, manually prefix each run, e.g.: K_SOUP_COV_FORMATTERS="json" bin/rspec
 - For all the kettle-soup-cover options, see .envrc and find the K_SOUP_COV_* env vars.
+
+Important documentation rules
+- Do NOT edit files under docs/ manually; they are generated by `bundle exec rake yard` as part of the default rake task.
+- Clarification: Executable scripts provided by this gem (exe/* and installed binstubs) work when the gem is installed as a system gem (gem install oauth2). However, the Rake tasks provided by this gem require oauth2 to be declared as a development dependency in the host project's Gemfile and loaded in the project's Rakefile.
diff --git a/Appraisals b/Appraisals
index 9c6dd968..51465fb7 100644
--- a/Appraisals
+++ b/Appraisals
@@ -24,28 +24,25 @@ appraise "unlocked_deps" do
   eval_gemfile "modular/documentation.gemfile"
   eval_gemfile "modular/style.gemfile"
   eval_gemfile "modular/optional.gemfile"
+  eval_gemfile "modular/x_std_libs.gemfile"
 end
 
 # Used for head (nightly) releases of ruby, truffleruby, and jruby.
 # Split into discrete appraisals if one of them needs a dependency locked discretely.
 appraise "head" do
-  gem "mutex_m", ">= 0.2"
-  gem "stringio", ">= 3.0"
   gem "benchmark", "~> 0.4", ">= 0.4.1"
   eval_gemfile "modular/runtime_heads.gemfile"
 end
 
-# Test current Rubies against head versions of runtime dependencies
-appraise "current-runtime-heads" do
-  gem "mutex_m", ">= 0.2"
-  gem "stringio", ">= 3.0"
-  eval_gemfile "modular/runtime_heads.gemfile"
-end
-
 # Used for current releases of ruby, truffleruby, and jruby.
 # Split into discrete appraisals if one of them needs a dependency locked discretely.
 appraise "current" do
-  eval_gemfile "modular/latest.gemfile"
+  eval_gemfile "modular/x_std_libs.gemfile"
+end
+
+# Test current Rubies against head versions of runtime dependencies
+appraise "dep-heads" do
+  eval_gemfile "modular/runtime_heads.gemfile"
 end
 
 appraise "ruby-2-3-hashie_v0" do
@@ -55,6 +52,7 @@ appraise "ruby-2-3-hashie_v0" do
   eval_gemfile "modular/logger_v1_2.gemfile"
   eval_gemfile "modular/multi_xml_v0_5.gemfile"
   eval_gemfile "modular/rack_v1_2.gemfile"
+  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
 end
 
 appraise "ruby-2-3-hashie_v1" do
@@ -64,6 +62,7 @@ appraise "ruby-2-3-hashie_v1" do
   eval_gemfile "modular/logger_v1_2.gemfile"
   eval_gemfile "modular/multi_xml_v0_5.gemfile"
   eval_gemfile "modular/rack_v1_2.gemfile"
+  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
 end
 
 appraise "ruby-2-3-hashie_v2" do
@@ -73,6 +72,7 @@ appraise "ruby-2-3-hashie_v2" do
   eval_gemfile "modular/logger_v1_2.gemfile"
   eval_gemfile "modular/multi_xml_v0_5.gemfile"
   eval_gemfile "modular/rack_v1_2.gemfile"
+  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
 end
 
 appraise "ruby-2-3-hashie_v3" do
@@ -82,6 +82,7 @@ appraise "ruby-2-3-hashie_v3" do
   eval_gemfile "modular/logger_v1_2.gemfile"
   eval_gemfile "modular/multi_xml_v0_5.gemfile"
   eval_gemfile "modular/rack_v1_2.gemfile"
+  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
 end
 
 appraise "ruby-2-3-hashie_v4" do
@@ -91,6 +92,7 @@ appraise "ruby-2-3-hashie_v4" do
   eval_gemfile "modular/logger_v1_2.gemfile"
   eval_gemfile "modular/multi_xml_v0_5.gemfile"
   eval_gemfile "modular/rack_v1_2.gemfile"
+  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
 end
 
 appraise "ruby-2-3-hashie_v5" do
@@ -100,6 +102,7 @@ appraise "ruby-2-3-hashie_v5" do
   eval_gemfile "modular/logger_v1_2.gemfile"
   eval_gemfile "modular/multi_xml_v0_5.gemfile"
   eval_gemfile "modular/rack_v1_2.gemfile"
+  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
 end
 
 appraise "ruby-2-4" do
@@ -109,6 +112,7 @@ appraise "ruby-2-4" do
   eval_gemfile "modular/logger_v1_2.gemfile"
   eval_gemfile "modular/multi_xml_v0_5.gemfile"
   eval_gemfile "modular/rack_v1_6.gemfile"
+  eval_gemfile "modular/x_std_libs/r2.4/libs.gemfile"
 end
 
 appraise "ruby-2-5" do
@@ -118,78 +122,71 @@ appraise "ruby-2-5" do
   eval_gemfile "modular/logger_v1_5.gemfile"
   eval_gemfile "modular/multi_xml_v0_6.gemfile"
   eval_gemfile "modular/rack_v2.gemfile"
+  eval_gemfile "modular/x_std_libs/r2.6/libs.gemfile"
 end
 
 appraise "ruby-2-6" do
-  gem "mutex_m", "~> 0.2"
-  gem "stringio", "~> 3.0"
   eval_gemfile "modular/faraday_v2.gemfile"
   eval_gemfile "modular/hashie_v3.gemfile"
   eval_gemfile "modular/jwt_v2.gemfile"
   eval_gemfile "modular/logger_v1_5.gemfile"
   eval_gemfile "modular/multi_xml_v0_6.gemfile"
   eval_gemfile "modular/rack_v3.gemfile"
+  eval_gemfile "modular/x_std_libs/r2.6/libs.gemfile"
 end
 
 appraise "ruby-2-7" do
-  gem "mutex_m", "~> 0.2"
-  gem "stringio", "~> 3.0"
   eval_gemfile "modular/faraday_v2.gemfile"
   eval_gemfile "modular/hashie_v4.gemfile"
   eval_gemfile "modular/jwt_v2.gemfile"
   eval_gemfile "modular/logger_v1_7.gemfile"
   eval_gemfile "modular/multi_xml_v0_6.gemfile"
   eval_gemfile "modular/rack_v3.gemfile"
+  eval_gemfile "modular/x_std_libs/r3.1/libs.gemfile"
 end
 
 appraise "ruby-3-0" do
-  gem "mutex_m", "~> 0.2"
-  gem "stringio", "~> 3.0"
   eval_gemfile "modular/faraday_v2.gemfile"
   eval_gemfile "modular/hashie_v5.gemfile"
   eval_gemfile "modular/jwt_v2.gemfile"
   eval_gemfile "modular/logger_v1_7.gemfile"
   eval_gemfile "modular/multi_xml_v0_6.gemfile"
   eval_gemfile "modular/rack_v3.gemfile"
+  eval_gemfile "modular/x_std_libs/r3.1/libs.gemfile"
 end
 
 appraise "ruby-3-1" do
-  gem "mutex_m", "~> 0.2"
-  gem "stringio", "~> 3.0"
   eval_gemfile "modular/faraday_v2.gemfile"
   eval_gemfile "modular/hashie_v5.gemfile"
   eval_gemfile "modular/jwt_v2.gemfile"
   eval_gemfile "modular/logger_v1_7.gemfile"
   eval_gemfile "modular/multi_xml_v0_6.gemfile"
   eval_gemfile "modular/rack_v3.gemfile"
+  eval_gemfile "modular/x_std_libs/r3.1/libs.gemfile"
 end
 
 appraise "ruby-3-2" do
-  gem "mutex_m", "~> 0.2"
-  gem "stringio", "~> 3.0"
   eval_gemfile "modular/faraday_v2.gemfile"
   eval_gemfile "modular/hashie_v5.gemfile"
   eval_gemfile "modular/jwt_v2.gemfile"
   eval_gemfile "modular/logger_v1_7.gemfile"
   eval_gemfile "modular/multi_xml_v0_7.gemfile"
   eval_gemfile "modular/rack_v3.gemfile"
+  eval_gemfile "modular/x_std_libs/r3/libs.gemfile"
 end
 
 appraise "ruby-3-3" do
-  gem "mutex_m", "~> 0.2"
-  gem "stringio", "~> 3.0"
   eval_gemfile "modular/faraday_v2.gemfile"
   eval_gemfile "modular/hashie_v5.gemfile"
   eval_gemfile "modular/jwt_v2.gemfile"
   eval_gemfile "modular/logger_v1_7.gemfile"
   eval_gemfile "modular/multi_xml_v0_7.gemfile"
   eval_gemfile "modular/rack_v3.gemfile"
+  eval_gemfile "modular/x_std_libs/r3/libs.gemfile"
 end
 
 # Only run security audit on the latest version of Ruby
 appraise "audit" do
-  gem "mutex_m", "~> 0.2"
-  gem "stringio", "~> 3.0"
   eval_gemfile "modular/audit.gemfile"
   eval_gemfile "modular/faraday_v2.gemfile"
   eval_gemfile "modular/hashie_v5.gemfile"
@@ -197,12 +194,11 @@ appraise "audit" do
   eval_gemfile "modular/logger_v1_7.gemfile"
   eval_gemfile "modular/multi_xml_v0_7.gemfile"
   eval_gemfile "modular/rack_v3.gemfile"
+  eval_gemfile "modular/x_std_libs/r3/libs.gemfile"
 end
 
 # Only run coverage on the latest version of Ruby
 appraise "coverage" do
-  gem "mutex_m", "~> 0.2"
-  gem "stringio", "~> 3.0"
   eval_gemfile "modular/coverage.gemfile"
   eval_gemfile "modular/faraday_v2.gemfile"
   eval_gemfile "modular/hashie_v5.gemfile"
@@ -211,30 +207,11 @@ appraise "coverage" do
   eval_gemfile "modular/multi_xml_v0_7.gemfile"
   eval_gemfile "modular/optional.gemfile"
   eval_gemfile "modular/rack_v3.gemfile"
+  eval_gemfile "modular/x_std_libs/r3/libs.gemfile"
 end
 
 # Only run linter on the latest version of Ruby (but, in support of oldest supported Ruby version)
 appraise "style" do
-  gem "mutex_m", "~> 0.2"
-  gem "stringio", "~> 3.0"
   eval_gemfile "modular/style.gemfile"
-end
-
-### Above: Used by GitHub CI Workflows ###
-### Below: Used by GitLab CI Pipelines ###
-
-appraise "omnibus" do
-  eval_gemfile "modular/audit.gemfile"
-  eval_gemfile "modular/coverage.gemfile"
-  eval_gemfile "modular/documentation.gemfile"
-  eval_gemfile "modular/faraday_v2.gemfile"
-  eval_gemfile "modular/hashie_v5.gemfile"
-  eval_gemfile "modular/jwt_v2.gemfile"
-  eval_gemfile "modular/logger_v1_7.gemfile"
-  eval_gemfile "modular/multi_xml_v0_7.gemfile"
-  eval_gemfile "modular/rack_v3.gemfile"
-  eval_gemfile "modular/style.gemfile"
-end
-
-appraise "vanilla" do
+  eval_gemfile "modular/x_std_libs/r3/libs.gemfile"
 end
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 230f0cdb..252a3fba 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,606 +18,30 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ## [Unreleased]
 ### Added
-- .env.local.example for contributor happiness
-- note lack of builds for JRuby 9.2, 9.3 & Truffleruby 22.3, 23.0
-  - [actions/runner - issues/2347][GHA-continue-on-error-ui]
-  - [community/discussions/15452][GHA-allow-failure]
 ### Changed
-- Upgrade to kettle-dev v1.1.7
 ### Deprecated
 ### Removed
 ### Fixed
-- Remove accidentally duplicated lines, and fix typos in CHANGELOG.md
-- point badge to the correct workflow for Ruby 2.3 (caboose.yml)
 ### Security
 
-[GHA-continue-on-error-ui]: https://github.com/actions/runner/issues/2347
-[GHA-allow-failure]: https://github.com/orgs/community/discussions/15452
-
-## [2.0.14] - 2025-08-31
-- TAG: [v2.0.14][2.0.14t]
-- COVERAGE: 100.00% -- 519/519 lines in 14 files
-- BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files
-- 90.48% documented
-### Added
-- improved documentation by @pboling
-- [gh!665][gh!665] - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
-- [gh!666][gh!666] - Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling
-  - Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)
-- [gh!662][gh!662] - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, by @pboling
-  - PKCE required for auth code,
-  - exact redirect URI match,
-  - implicit/password grants omitted,
-  - avoid bearer tokens in query,
-  - refresh token guidance for public clients,
-  - simplified client definitions
-- [gh!663][gh!663] - document how to implement an OIDC client with this gem in OIDC.md by @pboling
-  - also, list libraries built on top of the oauth2 gem that implement OIDC
-- [gh!664][gh!664] - README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
-
-[gh!662]: https://github.com/ruby-oauth/oauth2/pull/662
-[gh!663]: https://github.com/ruby-oauth/oauth2/pull/663
-[gh!664]: https://github.com/ruby-oauth/oauth2/pull/664
-[gh!665]: https://github.com/ruby-oauth/oauth2/pull/665
-[gh!666]: https://github.com/ruby-oauth/oauth2/pull/666
-
-## [2.0.13] - 2025-08-30
-- TAG: [v2.0.13][2.0.13t]
-- COVERAGE: 100.00% -- 519/519 lines in 14 files
-- BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files
-- 90.48% documented
-### Added
-- [gh!656][gh!656] - Support revocation with URL-encoded parameters
-- [gh!660][gh!660] - Inline yard documentation by @pboling
-- [gh!660][gh!660] - Complete RBS types documentation by @pboling
-- [gh!660][gh!660]- (more) Comprehensive documentation / examples by @pboling
-- [gh!657][gh!657] - Updated documentation for org-rename by @pboling
-- More funding links by @Aboling0
-- Documentation: Added docs/OIDC.md with OIDC 1.0 overview, example, and references
-### Changed
-- Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
-- [gh!660][gh!660] - Shrink post-install message by 4 lines by @pboling
-### Fixed
-- [gh!660][gh!660] - Links in README (including link to HEAD documentation) by @pboling
-### Security
-
-[gh!660]: https://github.com/ruby-oauth/oauth2/pull/660
-[gh!657]: https://github.com/ruby-oauth/oauth2/pull/657
-[gh!656]: https://github.com/ruby-oauth/oauth2/pull/656
-
-## [2.0.12] - 2025-05-31
-- TAG: [v2.0.12][2.0.12t]
-- Line Coverage: 100.0% (520 / 520)
-- Branch Coverage: 100.0% (174 / 174)
-- 80.00% documented
-### Added
-- [gh!652][gh!652] - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
-    - Support JWT `kid` for key discovery and management
-- More Documentation by @pboling
-    - Documented Serialization Extensions
-    - Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
-- Documentation site @ https://oauth2.galtzo.com now complete
-### Changed
-- Updates to gemspec (email, funding url, post install message)
-### Deprecated
-### Removed
-### Fixed
-- Documentation Typos by @pboling
-### Security
-
-[gh!652]: https://github.com/ruby-oauth/oauth2/pull/652
-
-## [2.0.11] - 2025-05-23
-- TAG: [v2.0.11][2.0.11t]
-- COVERAGE: 100.00% -- 518/518 lines in 14 files
-- BRANCH COVERAGE: 100.00% -- 172/172 branches in 14 files
-- 80.00% documented
-### Added
-- [gh!651](https://github.com/ruby-oauth/oauth2/pull/651) - `:snaky_hash_klass` option (@pboling)
-- More documentation
-- Codeberg as ethical mirror (@pboling)
-    - https://codeberg.org/ruby-oauth/oauth2
-- Don't check for cert if SKIP_GEM_SIGNING is set (@pboling)
-- All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling)
-- All runtime deps, including ruby-oauth sibling gems, are now tested against HEAD (@pboling)
-- YARD config, GFM compatible with relative file links (@pboling)
-- Documentation site on GitHub Pages (@pboling)
-    - [oauth2.galtzo.com](https://oauth2.galtzo.com)
-- [!649](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/649) - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
-- [gh!651](https://github.com/ruby-oauth/oauth2/pull/651) - Mock OAuth2 server for testing (@pboling)
-    - https://github.com/navikt/mock-oauth2-server
-### Changed
-- [gh!651](https://github.com/ruby-oauth/oauth2/pull/651) - Upgraded to snaky_hash v2.0.3 (@pboling)
-    - Provides solution for serialization issues
-- Updated `spec.homepage_uri` in gemspec to GitHub Pages YARD documentation site (@pboling)
-### Fixed
-- [gh!650](https://github.com/ruby-oauth/oauth2/pull/650) - Regression in return type of `OAuth2::Response#parsed` (@pboling)
-- Incorrect documentation related to silencing warnings (@pboling)
-
-## [2.0.10] - 2025-05-17
-- TAG: [v2.0.10][2.0.10t]
-- COVERAGE: 100.00% -- 518/518 lines in 14 files
-- BRANCH COVERAGE: 100.00% -- 170/170 branches in 14 files
-- 79.05% documented
-### Added
-- [gh!632](https://github.com/ruby-oauth/oauth2/pull/632) - Added `funding.yml` (@Aboling0)
-- [!635](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/635) - Added `.gitlab-ci.yml` (@jessieay)
-- [#638](https://gitlab.com/ruby-oauth/oauth2/-/issues/638) - Documentation of support for **ILO Fundamental Principles of Rights at Work** (@pboling)
-- [!642](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/642) - 20-year certificate for signing gem releases, expires 2045-04-29 (@pboling)
-    - Gemspec metadata
-        - funding_uri
-        - news_uri
-        - mailing_list_uri
-    - SHA256 and SHA512 Checksums for release
-- [!643](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/643) - Add `token_name` option (@pboling)
-    - Specify the parameter name that identifies the access token
-- [!645](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/645) - Add `OAuth2::OAUTH_DEBUG` constant, based on `ENV["OAUTH_DEBUG"] (@pboling)
-- [!646](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/646) - Add `OAuth2.config.silence_extra_tokens_warning`, default: false (@pboling)
-- [!647](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/647) - Add IETF RFC 7009 Token Revocation compliant (@pboling)
-    - `OAuth2::Client#revoke_token`
-    - `OAuth2::AccessToken#revoke`
-    - See: https://datatracker.ietf.org/doc/html/rfc7009
-- [gh!644](https://github.com/ruby-oauth/oauth2/pull/644), [gh!645](https://github.com/ruby-oauth/oauth2/pull/645) - Added CITATION.cff (@Aboling0)
-- [!648](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/648) - Improved documentation (@pboling)
-### Changed
-- Default value of `OAuth2.config.silence_extra_tokens_warning` was `false`, now `true` (@pboling)
-- Gem releases are now cryptographically signed, with a 20-year cert (@pboling)
-    - Allow linux distros to build release without signing, as their package managers sign independently
-- [!647](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/647) - `OAuth2::AccessToken#refresh` now supports block param pass through (@pboling)
-- [!647](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/647) - `OAuth2.config` is no longer writable (@pboling)
-- [!647](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/647) - Errors raised by `OAuth2::AccessToken` are now always `OAuth2::Error` and have better metadata (@pboling)
-### Fixed
-- [#95](https://gitlab.com/ruby-oauth/oauth2/-/issues/95) - restoring an access token via `AccessToken#from_hash` (@pboling)
-    - This was a 13 year old bug report. 😘
-- [#619](https://gitlab.com/ruby-oauth/oauth2/-/issues/619) - Internal options (like `snaky`, `raise_errors`, and `parse`) are no longer included in request (@pboling)
-- [!633](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/633) - Spaces will now be encoded as `%20` instead of `+` (@nov.matake)
-- [!634](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/634) - `CHANGELOG.md` documentation fix (@skuwa229)
-- [!638](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/638) - fix `expired?` when `expires_in` is `0` (@disep)
-- [!639](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/639) - Only instantiate `OAuth2::Error` if `raise_errors` option is `true` (@glytch2)
-- [#639](https://gitlab.com/ruby-oauth/oauth2/-/issues/639) - `AccessToken#to_hash` is now serializable, just a regular Hash (@pboling)
-- [!640](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/640) - `README.md` documentation fix (@martinezcoder)
-- [!641](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/641) - Do not include sensitive information in the `inspect` (@manuelvanrijn)
-- [#641](https://gitlab.com/ruby-oauth/oauth2/-/issues/641) - Made default JSON response parser more resilient (@pboling)
-- [#645](https://gitlab.com/ruby-oauth/oauth2/-/issues/645) - Response no longer becomes a snaky hash (@pboling)
-- [gh!646](https://github.com/ruby-oauth/oauth2/pull/646) - Change `require` to `require_relative` (improve performance) (@Aboling0)
-
-## [2.0.9] - 2022-09-16
-- TAG: [v2.0.9][2.0.9t]
-### Added
-- More specs (@pboling)
-### Changed
-- Complete migration to main branch as default (@pboling)
-- Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
-
-## [2.0.8] - 2022-09-01
-- TAG: [v2.0.8][2.0.8t]
-### Changed
-- [!630](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/630) - Extract snaky_hash to external dependency (@pboling)
-### Added
-- [!631](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/631) - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes [#628](https://gitlab.com/ruby-oauth/oauth2/-/issues/628)
-
-## [2.0.7] - 2022-08-22
-- TAG: [v2.0.7][2.0.7t]
-### Added
-- [!629](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/629) - Allow POST of JSON to get token (@pboling, @terracatta)
-### Fixed
-- [!626](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
-    - Note: This fixes compatibility with `omniauth-oauth2` and AWS
-- [!625](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/625) - Fixes the printed version in the post install message (@hasghari)
-
-## [2.0.6] - 2022-07-13
-- TAG: [v2.0.6][2.0.6t]
+## [1.0.1] - 2025-08-24
+- TAG: [v1.0.1][1.0.1t]
+- COVERAGE: 100.00% -- 130/130 lines in 7 files
+- BRANCH COVERAGE: 96.00% -- 48/50 branches in 7 files
+- 100% documented
 ### Fixed
-- [!624](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/624) - Fixes a [regression](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
-
-## [2.0.5] - 2022-07-07
-- TAG: [v2.0.5][2.0.5t]
-### Fixed
-- [!620](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/620) - Documentation improvements, to help with upgrading (@swanson)
-- [!621](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/621) - Fixed [#528](https://gitlab.com/ruby-oauth/oauth2/-/issues/528) and [#619](https://gitlab.com/ruby-oauth/oauth2/-/issues/619) (@pboling)
-    - All data in responses is now returned, with the access token removed and set as `token`
-        - `refresh_token` is no longer dropped
-        - **BREAKING**: Microsoft's `id_token` is no longer left as `access_token['id_token']`, but moved to the standard `access_token.token` that all other strategies use
-    - Remove `parse` and `snaky` from options so they don't get included in response
-    - There is now 100% test coverage, for lines _and_ branches, and it will stay that way.
-
-## [2.0.4] - 2022-07-01
-- TAG: [v2.0.4][2.0.4t]
-### Fixed
-- [!618](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/618) - In some scenarios the `snaky` option default value was not applied (@pboling)
-
-## [2.0.3] - 2022-06-28
-- TAG: [v2.0.3][2.0.3t]
-### Added
-- [!611](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling)
-- [!612](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling)
-### Fixed
-- [!608](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler)
-- [!615](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling)
-
-## [2.0.2] - 2022-06-24
-- TAG: [v2.0.2][2.0.2t]
-### Fixed
-- [!604](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu)
-- [!606](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu)
-- [!607](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan)
-
-## [2.0.1] - 2022-06-22
-- TAG: [v2.0.1][2.0.1t]
-### Added
-- Documentation improvements (@pboling)
-- Increased test coverage to 99% (@pboling)
+- bugfix: oopsie
 
-## [2.0.0] - 2022-06-21
-- TAG: [v2.0.0][2.0.0t]
-### Added
-- [!158](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/158), [!344](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/344) - Optionally pass raw response to parsers (@niels)
-- [!190](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/190), [!332](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/332), [!334](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/334), [!335](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/335), [!360](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/360), [!426](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/426), [!427](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/427), [!461](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
-- [!220](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
-- [!298](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig)
-- [!305](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/305) - Option: `OAuth2::Client#get_token` - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` (@styd)
-- [!346](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/571) - Modern gem structure (@pboling)
-- [!351](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/351) - Support Jruby 9k (@pboling)
-- [!362](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/362) - Support SemVer release version scheme (@pboling)
-- [!363](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/363) - New method `OAuth2::AccessToken#refresh!` same as old `refresh`, with backwards compatibility alias (@pboling)
-- [!364](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/364) - Support `application/hal+json` format (@pboling)
-- [!365](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/365) - Support `application/vnd.collection+json` format (@pboling)
-- [!376](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/376) - _Documentation_: Example / Test for Google 2-legged JWT (@jhmoore)
-- [!381](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/381) - Spec for extra header params on client credentials (@nikz)
-- [!394](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/394) - Option: `OAuth2::AccessToken#initialize` - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx)
-- [!412](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/412) - Support `application/vdn.api+json` format (from jsonapi.org) (@david-christensen)
-- [!413](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/413) - _Documentation_: License scan and report (@meganemura)
-- [!442](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound)
-- [!494](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork)
-- [!549](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionError` (@nikkypx)
-- [!550](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/550) - Raise error if location header not present when redirecting (@stanhu)
-- [!552](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/552) - Add missing `version.rb` require (@ahorek)
-- [!553](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/553) - Support `application/problem+json` format (@janz93)
-- [!560](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk)
-- [!571](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/571) - Support Ruby 3.1 (@pboling)
-- [!575](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
-- [!581](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/581) - _Documentation_: of breaking changes (@pboling)
-### Changed
-- [!191](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens)
-- [!312](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
-- [!317](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth)
-- [!338](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/338) - _Dependency_: Switch from `Rack::Utils.escape` to `CGI.escape` (@josephpage)
-- [!339](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/339), [!368](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/368), [!424](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/424), [!479](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/479), [!493](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/493), [!539](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/539), [!542](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/542), [!553](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek)
-- [!410](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore)
-- [!414](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
-- [!469](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost)
-- [!469](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost)
-- [!507](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/507), [!575](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/575) - **BREAKING**: Transform keys to snake case, always, by default (ultimately via `rash_alt` gem)
-    - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
-    - However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be snake case.
-    - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
-- [!576](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/576) - **BREAKING**: Stop rescuing parsing errors (@pboling)
-- [!591](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated
-### Fixed
-- [!158](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/158), [!344](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/344) - Handling of errors when using `omniauth-facebook` (@niels)
-- [!294](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom)
-- [!300](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare)
-- [!318](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/318), [!326](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/326), [!343](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/343), [!347](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/347), [!397](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/397), [!464](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/464), [!561](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/561), [!565](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/565) - _Dependency_: Support all versions of `faraday` (see [gemfiles/README.md][gemfiles/readme] for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother)
-- [!322](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/322), [!331](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/331), [!337](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/337), [!361](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/361), [!371](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/371), [!377](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/377), [!383](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/383), [!392](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/392), [!395](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/395), [!400](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/400), [!401](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/401), [!403](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/403), [!415](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/415), [!567](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/567) - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator)
-- [!328](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/328) - _Documentation_: Homepage URL is SSL (@amatsuda)
-- [!339](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/339), [!479](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/479) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage)
-- [!366](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/366) - **Security**: Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling)
-- [!380](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/380) - Fix: Stop attempting to encode non-encodable objects in `Oauth2::Error` (@jhmoore)
-- [!399](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/399) - Fix: Stop duplicating `redirect_uri` in `get_token` (@markus)
-- [!410](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/410) - Fix: `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore)
-- [!460](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/460) - Fix: Stop throwing errors when `raise_errors` is set to `false`; analog of [!524](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/524) for `1-4-stable` branch (@joaolrpaulo)
-- [!472](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler)
-- [!482](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/482) - _Documentation_: Update last of `intridea` links to `ruby-oauth` (@pboling)
-- [!536](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [!535](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/535) on `1-4-stable` branch (@pboling)
-- [!595](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/595) - Graceful handling of empty responses from `Client#get_token`, respecting `:raise_errors` config (@stanhu)
-- [!596](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu)
-- [!598](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu)
-### Removed
-- [!341](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/341) - Remove Rdoc & Jeweler related files (@josephpage)
-- [!342](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage)
-- [!539](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/539) - Remove reliance on globally included OAuth2 in tests, analog of [!538](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/538) for 1-4-stable (@anderscarling)
-- [!566](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/566) - _Dependency_: Removed `wwtd` (@bquorning)
-- [!589](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/589), [!593](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/593) - Remove support for expired MAC token draft spec (@stanhu)
-- [!590](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/590) - _Dependency_: Removed `multi_json` (@stanhu)
-
-## [1.4.11] - 2022-09-16
-- TAG: [v1.4.11][1.4.11t]
-- Complete migration to main branch as default (@pboling)
-- Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
-
-## [1.4.10] - 2022-07-01
-- TAG: [v1.4.10][1.4.10t]
-- FIPS Compatibility [!587](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/587) (@akostadinov)
-
-## [1.4.9] - 2022-02-20
-- TAG: [v1.4.9][1.4.9t]
-- Fixes compatibility with Faraday v2 [572](https://gitlab.com/ruby-oauth/oauth2/-/issues/572)
-- Includes supported versions of Faraday in test matrix:
-    - Faraday ~> 2.2.0 with Ruby >= 2.6
-    - Faraday ~> 1.10 with Ruby >= 2.4
-    - Faraday ~> 0.17.3 with Ruby >= 1.9
-- Add Windows and MacOS to test matrix
-
-## [1.4.8] - 2022-02-18
-- TAG: [v1.4.8][1.4.8t]
-- MFA is now required to push new gem versions (@pboling)
-- README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling)
-- [!569](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/569) Backport fixes ([!561](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
-- Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
-- Add CodeQL, Security Policy, Funding info (@pboling)
-- Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
-- [!543](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/543) - Support for more modern Open SSL libraries (@pboling)
-
-## [1.4.7] - 2021-03-19
-- TAG: [v1.4.7][1.4.7t]
-- [!541](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/541) - Backport fix to expires_at handling [!533](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/533) to 1-4-stable branch. (@dobon)
-
-## [1.4.6] - 2021-03-19
-- TAG: [v1.4.6][1.4.6t]
-- [!540](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/540) - Add VERSION constant (@pboling)
-- [!537](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/537) - Fix crash in OAuth2::Client#get_token (@anderscarling)
-- [!538](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/538) - Remove reliance on globally included OAuth2 in tests, analogous to [!539](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/539) on main branch (@anderscarling)
-
-## [1.4.5] - 2021-03-18
-- TAG: [v1.4.5][1.4.5t]
-- [!535](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [!536](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/536) on main branch (@pboling)
-- [!518](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer)
-- [!507](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/507) - Fix camel case content type, response keys (@anvox)
-- [!500](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/500) - Fix YARD documentation formatting (@olleolleolle)
-
-## [1.4.4] - 2020-02-12
-- TAG: [v1.4.4][1.4.4t]
-- [!408](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/408) - Fixed expires_at for formatted time (@Lomey)
-
-## [1.4.3] - 2020-01-29
-- TAG: [v1.4.3][1.4.3t]
-- [!483](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/483) - add project metadata to gemspec (@orien)
-- [!495](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
-    - Adds support for private_key_jwt and tls_client_auth
-- [!433](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/433) - allow field names with square brackets and numbers in params (@asm256)
-
-## [1.4.2] - 2019-10-01
-- TAG: [v1.4.2][1.4.2t]
-- [!478](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/478) - support latest version of faraday & fix build (@pboling)
-    - Officially support Ruby 2.6 and truffleruby
-
-## [1.4.1] - 2018-10-13
-- TAG: [v1.4.1][1.4.1t]
-- [!417](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/417) - update jwt dependency (@thewoolleyman)
-- [!419](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/419) - remove rubocop dependency (temporary, added back in [!423](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/423)) (@pboling)
-- [!418](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/418) - update faraday dependency (@pboling)
-- [!420](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/420) - update [oauth2.gemspec](https://gitlab.com/ruby-oauth/oauth2/-/blob/1-4-stable/oauth2.gemspec) (@pboling)
-- [!421](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/421) - fix [CHANGELOG.md](https://gitlab.com/ruby-oauth/oauth2/-/blob/1-4-stable/CHANGELOG.md) for previous releases (@pboling)
-- [!422](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/422) - update [LICENSE](https://gitlab.com/ruby-oauth/oauth2/-/blob/1-4-stable/LICENSE) and [README.md](https://gitlab.com/ruby-oauth/oauth2/-/blob/1-4-stable/README.md) (@pboling)
-- [!423](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/423) - update [builds](https://travis-ci.org/ruby-oauth/oauth2/builds), [Rakefile](https://gitlab.com/ruby-oauth/oauth2/-/blob/1-4-stable/Rakefile) (@pboling)
-    - officially document supported Rubies
-        * Ruby 1.9.3
-        * Ruby 2.0.0
-        * Ruby 2.1
-        * Ruby 2.2
-        * [JRuby 1.7][jruby-1.7] (targets MRI v1.9)
-        * [JRuby 9.0][jruby-9.0] (targets MRI v2.0)
-        * Ruby 2.3
-        * Ruby 2.4
-        * Ruby 2.5
-        * [JRuby 9.1][jruby-9.1] (targets MRI v2.3)
-        * [JRuby 9.2][jruby-9.2] (targets MRI v2.5)
-
-[jruby-1.7]: https://www.jruby.org/2017/05/11/jruby-1-7-27.html
-[jruby-9.0]: https://www.jruby.org/2016/01/26/jruby-9-0-5-0.html
-[jruby-9.1]: https://www.jruby.org/2017/05/16/jruby-9-1-9-0.html
-[jruby-9.2]: https://www.jruby.org/2018/05/24/jruby-9-2-0-0.html
-
-## [1.4.0] - 2017-06-09
-- TAG: [v1.4.0][1.4.0t]
-- Drop Ruby 1.8.7 support (@sferik)
-- Fix some RuboCop offenses (@sferik)
-- _Dependency_: Remove Yardstick (@sferik)
-- _Dependency_: Upgrade Faraday to 0.12 (@sferik)
-
-## [1.3.1] - 2017-03-03
-- TAG: [v1.3.1][1.3.1t]
-- Add support for Ruby 2.4.0 (@pschambacher)
-- _Dependency_: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher)
-
-## [1.3.0] - 2016-12-28
-- TAG: [v1.3.0][1.3.0t]
-- Add support for header-based authentication to the `Client` so it can be used across the library (@bjeanes)
-- Default to header-based authentication when getting a token from an authorisation code (@maletor)
-- **Breaking**: Allow an `auth_scheme` (`:basic_auth` or `:request_body`) to be set on the client, defaulting to `:request_body` to maintain backwards compatibility (@maletor, @bjeanes)
-- Handle `redirect_uri` according to the OAuth 2 spec, so it is passed on redirect and at the point of token exchange (@bjeanes)
-- Refactor handling of encoding of error responses (@urkle)
-- Avoid instantiating an `Error` if there is no error to raise (@urkle)
-- Add support for Faraday 0.10 (@rhymes)
-
-## [1.2.0] - 2016-07-01
-- TAG: [v1.2.0][1.2.0t]
-- Properly handle encoding of error responses (so we don't blow up, for example, when Google's response includes a ∞) (@Motoshi-Nishihira)
-- Make a copy of the options hash in `AccessToken#from_hash` to avoid accidental mutations (@Linuus)
-- Use `raise` rather than `fail` to throw exceptions (@sferik)
-
-## [1.1.0] - 2016-01-30
-- TAG: [v1.1.0][1.1.0t]
-- Various refactors (eliminating `Hash#merge!` usage in `AccessToken#refresh!`, use `yield` instead of `#call`, freezing mutable objects in constants, replacing constants with class variables) (@sferik)
-- Add support for Rack 2, and bump various other dependencies (@sferik)
-
-## [1.0.0] - 2014-07-09
+## [1.0.0] - 2025-08-24
 - TAG: [v1.0.0][1.0.0t]
+- COVERAGE: 100.00% -- 130/130 lines in 7 files
+- BRANCH COVERAGE: 96.00% -- 48/50 branches in 7 files
+- 100% documented
 ### Added
-- Add an implementation of the MAC token spec.
-### Fixed
-- Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
-
-## [0.5.0] - 2011-07-29
-- TAG: [v0.5.0][0.5.0t]
-### Changed
-- *breaking* `oauth_token` renamed to `oauth_bearer`.
-- *breaking* `authorize_path` Client option renamed to `authorize_url`.
-- *breaking* `access_token_path` Client option renamed to `token_url`.
-- *breaking* `access_token_method` Client option renamed to `token_method`.
-- *breaking* `web_server` renamed to `auth_code`.
-
-## [0.4.1] - 2011-04-20
-- TAG: [v0.4.1][0.4.1t]
-
-## [0.4.0] - 2011-04-20
-- TAG: [v0.4.0][0.4.0t]
-
-## [0.3.0] - 2011-04-08
-- TAG: [v0.3.0][0.3.0t]
-
-## [0.2.0] - 2011-04-01
-- TAG: [v0.2.0][0.2.0t]
-
-## [0.1.1] - 2011-01-12
-- TAG: [v0.1.1][0.1.1t]
-
-## [0.1.0] - 2010-10-13
-- TAG: [v0.1.0][0.1.0t]
-
-## [0.0.13] - 2010-08-17
-- TAG: [v0.0.13][0.0.13t]
-
-## [0.0.12] - 2010-08-17
-- TAG: [v0.0.12][0.0.12t]
-
-## [0.0.11] - 2010-08-17
-- TAG: [v0.0.11][0.0.11t]
-
-## [0.0.10] - 2010-06-19
-- TAG: [v0.0.10][0.0.10t]
-
-## [0.0.9] - 2010-06-18
-- TAG: [v0.0.9][0.0.9t]
-
-## [0.0.8] - 2010-04-27
-- TAG: [v0.0.8][0.0.8t]
-
-## [0.0.7] - 2010-04-27
-- TAG: [v0.0.7][0.0.7t]
-
-## [0.0.6] - 2010-04-25
-- TAG: [v0.0.6][0.0.6t]
-
-## [0.0.5] - 2010-04-23
-- TAG: [v0.0.5][0.0.5t]
-
-## [0.0.4] - 2010-04-22
-- TAG: [v0.0.4][0.0.4t]
-
-## [0.0.3] - 2010-04-22
-- TAG: [v0.0.3][0.0.3t]
-
-## [0.0.2] - 2010-04-22
-- TAG: [v0.0.2][0.0.2t]
-
-## [0.0.1] - 2010-04-22
-- TAG: [v0.0.1][0.0.1t]
-
-[gemfiles/readme]: gemfiles/README.md
+- Initial release
 
-[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.14...HEAD
-[2.0.14]: https://github.com/ruby-oauth/oauth2/compare/v2.0.13...v2.0.14
-[2.0.14t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.14
-[2.0.13]: https://github.com/ruby-oauth/oauth2/compare/v2.0.12...v2.0.13
-[2.0.13t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.13
-[2.0.12]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.11...v2.0.12
-[2.0.12t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.12
-[2.0.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.10...v2.0.11
-[2.0.11t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.11
-[2.0.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.9...v2.0.10
-[2.0.10t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.10
-[2.0.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.8...v2.0.9
-[2.0.9t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.9
-[2.0.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.7...v2.0.8
-[2.0.8t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.8
-[2.0.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.6...v2.0.7
-[2.0.7t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.7
-[2.0.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.5...v2.0.6
-[2.0.6t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.6
-[2.0.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.4...v2.0.5
-[2.0.5t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.5
-[2.0.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.3...v2.0.4
-[2.0.4t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.4
-[2.0.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.2...v2.0.3
-[2.0.3t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.3
-[2.0.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.1...v2.0.2
-[2.0.2t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.2
-[2.0.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.0...v2.0.1
-[2.0.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.1
-[2.0.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.11...v2.0.0
-[2.0.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.0
-[1.4.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.10...v1.4.11
-[1.4.11t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.11
-[1.4.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.9...v1.4.10
-[1.4.10t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.10
-[1.4.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.8...v1.4.9
-[1.4.9t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.9
-[1.4.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.7...v1.4.8
-[1.4.8t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.8
-[1.4.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.6...v1.4.7
-[1.4.7t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.7
-[1.4.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.5...v1.4.6
-[1.4.6t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.6
-[1.4.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.4...v1.4.5
-[1.4.5t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.5
-[1.4.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.3...v1.4.4
-[1.4.4t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.4
-[1.4.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.2...v1.4.3
-[1.4.3t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.3
-[1.4.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.1...v1.4.2
-[1.4.2t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.2
-[1.4.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.0...v1.4.1
-[1.4.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.1
-[1.4.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.3.1...v1.4.0
-[1.4.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.0
-[1.3.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.3.0...v1.3.1
-[1.3.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.3.1
-[1.3.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.2.0...v1.3.0
-[1.3.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.3.0
-[1.2.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.1.0...v1.2.0
-[1.2.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.2.0
-[1.1.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.0.0...v1.1.0
-[1.1.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.1.0
-[1.0.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.9.4...v1.0.0
-[1.0.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.0.0
-[0.5.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.4.1...v0.5.0
-[0.5.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.5.0
-[0.4.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.4.0...v0.4.1
-[0.4.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.4.1
-[0.4.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.3.0...v0.4.0
-[0.4.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.4.0
-[0.3.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.2.0...v0.3.0
-[0.3.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.3.0
-[0.2.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.1.1...v0.2.0
-[0.2.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.2.0
-[0.1.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.1.0...v0.1.1
-[0.1.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.1.1
-[0.1.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.13...v0.1.0
-[0.1.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.1.0
-[0.0.13]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.12...v0.0.13
-[0.0.13t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.13
-[0.0.12]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.11...v0.0.12
-[0.0.12t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.12
-[0.0.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.10...v0.0.11
-[0.0.11t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.11
-[0.0.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.9...v0.0.10
-[0.0.10t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.10
-[0.0.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.8...v0.0.9
-[0.0.9t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.9
-[0.0.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.7...v0.0.8
-[0.0.8t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.8
-[0.0.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.6...v0.0.7
-[0.0.7t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.7
-[0.0.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.5...v0.0.6
-[0.0.6t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.6
-[0.0.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.4...v0.0.5
-[0.0.5t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.5
-[0.0.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.3...v0.0.4
-[0.0.4t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.4
-[0.0.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.2...v0.0.3
-[0.0.3t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.3
-[0.0.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.1...v0.0.2
-[0.0.2t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.2
-[0.0.1]: https://github.com/ruby-oauth/oauth2/compare/311d9f4...v0.0.1
-[0.0.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.1
+[Unreleased]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.0.0...HEAD
+[1.0.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/a427c302df09cfe4253a7c8d400333f9a4c1a208...v1.0.0
+[1.0.0t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.0.0
+[1.0.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.0.0...v1.0.1
+[1.0.1t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.0.1
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 59ae2314..f70f8c81 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -5,7 +5,6 @@ This project should be a safe, welcoming space for collaboration, so contributor
 the [code of conduct][🤝conduct].
 
 To submit a patch, please fork the project, create a patch with tests, and send a pull request.
-Post a message to the [google group][⛳mail-list] if you want to.
 
 Remember to [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] if you make changes.
 
@@ -23,6 +22,35 @@ Follow these instructions:
 6. Make sure to add tests for it. This is important, so it doesn't break in a future release.
 7. Create new Pull Request.
 
+## Executables vs Rake tasks
+
+Executables shipped by oauth2 can be used with or without generating the binstubs.
+They will work when oauth2 is installed globally (i.e., `gem install oauth2`) and do not require that oauth2 be in your bundle.
+
+- kettle-changelog
+- kettle-commit-msg
+- oauth2-setup
+- kettle-dvcs
+- kettle-pre-release
+- kettle-readme-backers
+- kettle-release
+
+However, the rake tasks provided by oauth2 do require oauth2 to be added as a development dependency and loaded in your Rakefile.
+See the full list of rake tasks in head of Rakefile
+
+**Gemfile**
+```ruby
+group :development do
+  gem "oauth2", require: false
+end
+```
+
+**Rakefile**
+```ruby
+# Rakefile
+require "oauth2"
+```
+
 ## Environment Variables for Local Development
 
 Below are the primary environment variables recognized by stone_checksums (and its integrated tools). Unless otherwise noted, set boolean values to the string "true" to enable.
@@ -90,9 +118,10 @@ bundle exec rake test
 
 ### Spec organization (required)
 
-- For each class or module under `lib/`, keep all of its unit tests in a single spec file under `spec/` that mirrors the path and file name (e.g., specs for `lib/oauth2/release_cli.rb` live in `spec/oauth2/release_cli_spec.rb`).
-- Do not create ad-hoc "_more" or split spec files for the same class/module. Consolidate all unit tests into the main spec file for that class/module.
-- Only integration scenarios that intentionally span multiple classes belong in `spec/integration/`.
+- One spec file per class/module. For each class or module under `lib/`, keep all of its unit tests in a single spec file under `spec/` that mirrors the path and file name exactly: `lib/oauth2/release_cli.rb` -> `spec/oauth2/release_cli_spec.rb`.
+- Never add a second spec file for the same class/module. Examples of disallowed names: `*_more_spec.rb`, `*_extra_spec.rb`, `*_status_spec.rb`, or any other suffix that still targets the same class. If you find yourself wanting a second file, merge those examples into the canonical spec file for that class/module.
+- Exception: Integration specs that intentionally span multiple classes. Place these under `spec/integration/` (or a clearly named integration folder), and do not directly mirror a single class. Name them after the scenario, not a class.
+- Migration note: If a duplicate spec file exists, move all examples into the canonical file and delete the duplicate. Do not leave stubs or empty files behind.
 
 ## Lint It
 
@@ -147,7 +176,9 @@ NOTE: To build without signing the gem set `SKIP_GEM_SIGNING` to any value in th
 
 #### Automated process
 
-Run `bundle exec kettle-release`.
+1. Update version.rb to contian the correct version-to-be-released.
+2. Run `bundle exec kettle-changelog`.
+3. Run `bundle exec kettle-release`.
 
 #### Manual process
 
@@ -176,7 +207,6 @@ Run `bundle exec kettle-release`.
 13. Run `bundle exec rake release` which will create a git tag for the version,
     push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems]
 
-[⛳mail-list]: http://groups.google.com/group/oauth-ruby
 [📜src-gl]: https://gitlab.com/ruby-oauth/oauth2/
 [📜src-cb]: https://codeberg.org/ruby-oauth/oauth2
 [📜src-gh]: https://github.com/ruby-oauth/oauth2
diff --git a/FUNDING.md b/FUNDING.md
index bebc9ab1..b7a061d1 100644
--- a/FUNDING.md
+++ b/FUNDING.md
@@ -18,11 +18,11 @@ Many paths lead to being a sponsor or a backer of this project. Are you on such
 [🖇sponsor]: https://github.com/sponsors/pboling
 [🖇polar-img]: https://img.shields.io/badge/polar-donate-a51611.svg?style=flat
 [🖇polar]: https://polar.sh/pboling
-[🖇kofi-img]: https://img.shields.io/badge/ko--fi-✓-a51611.svg?style=flat
+[🖇kofi-img]: https://img.shields.io/badge/ko--fi-%E2%9C%93-a51611.svg?style=flat
 [🖇kofi]: https://ko-fi.com/O5O86SNP4
 [🖇patreon-img]: https://img.shields.io/badge/patreon-donate-a51611.svg?style=flat
 [🖇patreon]: https://patreon.com/galtzo
-[🖇buyme-small-img]: https://img.shields.io/badge/buy_me_a_coffee-✓-a51611.svg?style=flat
+[🖇buyme-small-img]: https://img.shields.io/badge/buy_me_a_coffee-%E2%9C%93-a51611.svg?style=flat
 [🖇buyme]: https://www.buymeacoffee.com/pboling
 [🖇paypal-img]: https://img.shields.io/badge/donate-paypal-a51611.svg?style=flat&logo=paypal
 [🖇paypal]: https://www.paypal.com/paypalme/peterboling
diff --git a/Gemfile b/Gemfile
index af3abbf9..19875ab5 100644
--- a/Gemfile
+++ b/Gemfile
@@ -12,15 +12,8 @@ git_source(:gitlab) { |repo_name| "https://gitlab.com/#{repo_name}" }
 # Include dependencies from .gemspec
 gemspec
 
-platform :mri do
-  # Debugging - Ensure ENV["DEBUG"] == "true" to use debuggers within spec suite
-  # Use binding.break, binding.b, or debugger in code
-  gem "debug", ">= 1.0.0"                  # ruby >= 2.7
-  gem "gem_bench", "~> 2.0", ">= 2.0.5"
-
-  # Dev Console - Binding.pry - Irb replacement
-  gem "pry", "~> 0.14"                     # ruby >= 2.0
-end
+# Debugging
+eval_gemfile "gemfiles/modular/debug.gemfile"
 
 # Code Coverage
 eval_gemfile "gemfiles/modular/coverage.gemfile"
@@ -33,3 +26,6 @@ eval_gemfile "gemfiles/modular/documentation.gemfile"
 
 # Optional
 eval_gemfile "gemfiles/modular/optional.gemfile"
+
+### Std Lib Extracted Gems
+eval_gemfile "gemfiles/modular/x_std_libs.gemfile"
diff --git a/Gemfile.lock b/Gemfile.lock
index 1982af18..6bbe0251 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -28,17 +28,24 @@ GEM
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
     ansi (1.5.0)
+    appraisal2 (3.0.0)
+      bundler (>= 1.17.3)
+      rake (>= 10)
+      thor (>= 0.14)
     ast (2.4.3)
     backports (3.25.1)
     base64 (0.3.0)
     benchmark (0.4.1)
     bigdecimal (3.2.3)
-    coderay (1.1.3)
+    bundler-audit (0.9.2)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 1.0)
     concurrent-ruby (1.3.5)
     date (3.4.1)
     debug (1.11.0)
       irb (~> 1.10)
       reline (>= 0.3.8)
+    delegate (0.4.0)
     diff-lcs (1.6.2)
     diffy (3.4.4)
     docile (1.4.1)
@@ -81,6 +88,8 @@ GEM
     gem_bench (2.0.5)
       bundler (>= 1.14)
       version_gem (~> 1.1, >= 1.1.4)
+    gitmoji-regex (1.0.3)
+      version_gem (~> 1.1, >= 1.1.8)
     hashie (5.0.0)
     io-console (0.8.1)
     irb (1.15.2)
@@ -90,7 +99,7 @@ GEM
     json (2.13.2)
     jwt (3.1.2)
       base64
-    kettle-dev (1.1.7)
+    kettle-dev (1.1.9)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)
@@ -100,6 +109,15 @@ GEM
       simplecov-rcov (~> 0.3, >= 0.3.7)
       simplecov_json_formatter (~> 0.1, >= 0.1.4)
       version_gem (~> 1.1, >= 1.1.8)
+    kettle-test (1.0.3)
+      appraisal2 (~> 3.0)
+      rspec (~> 3.0)
+      rspec-block_is_expected (~> 1.0, >= 1.0.6)
+      rspec-stubbed_env (~> 1.0, >= 1.0.4)
+      rspec_junit_formatter (~> 0.6)
+      silent_stream (~> 1.0, >= 1.0.12)
+      timecop-rspec (~> 1.0, >= 1.0.3)
+      version_gem (~> 1.1, >= 1.1.8)
     kramdown (2.5.1)
       rexml (>= 3.3.9)
     kramdown-parser-gfm (1.1.0)
@@ -107,9 +125,9 @@ GEM
     language_server-protocol (3.17.0.5)
     lint_roller (1.1.0)
     logger (1.7.0)
-    method_source (1.1.0)
     multi_xml (0.7.2)
       bigdecimal (~> 3.1)
+    mutex_m (0.3.0)
     net-http (0.6.0)
       uri
     nkf (0.2.0)
@@ -124,9 +142,6 @@ GEM
       prettyprint
     prettyprint (0.2.0)
     prism (1.4.0)
-    pry (0.15.2)
-      coderay (~> 1.1)
-      method_source (~> 1.0)
     psych (5.2.6)
       date
       stringio
@@ -134,6 +149,7 @@ GEM
     racc (1.8.1)
     rack (3.2.1)
     rainbow (3.1.1)
+    rake (13.3.0)
     rbs (3.9.4)
       logger
     rdoc (6.14.2)
@@ -148,8 +164,31 @@ GEM
     regexp_parser (2.11.2)
     reline (0.6.2)
       io-console (~> 0.5)
-    rexml (3.4.2)
+    require_bench (1.0.4)
+      version_gem (>= 1.1.3, < 4)
+    rexml (3.4.3)
+    rspec (3.13.1)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
     rspec-block_is_expected (1.0.6)
+    rspec-core (3.13.5)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.5)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.5)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.13.0)
+    rspec-pending_for (0.1.19)
+      rspec-core (~> 3.0)
+      ruby_engine (~> 2.0)
+      ruby_version (~> 1.0)
+      version_gem (~> 1.1, >= 1.1.8)
+    rspec-stubbed_env (1.0.4)
+    rspec-support (3.13.5)
+    rspec_junit_formatter (0.6.0)
+      rspec-core (>= 2, < 4, != 2.12.0)
     rubocop (1.75.8)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
@@ -209,6 +248,11 @@ GEM
       rubocop (~> 1.72, >= 1.72.1)
       rubocop-ast (>= 1.44.0, < 2.0)
     ruby-progressbar (1.13.0)
+    ruby_engine (2.0.3)
+    ruby_version (1.0.3)
+    silent_stream (1.0.12)
+      logger (~> 1.2)
+      version_gem (>= 1.1.8, < 3)
     simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
@@ -246,9 +290,17 @@ GEM
       standard-custom (>= 1.0.2, < 2)
       standard-performance (>= 1.3.1, < 2)
       version_gem (>= 1.1.4, < 3)
+    stone_checksums (1.0.2)
+      version_gem (~> 1.1, >= 1.1.8)
     stringio (3.1.7)
     terminal-table (4.0.0)
       unicode-display_width (>= 1.1.1, < 4)
+    thor (1.4.0)
+    timecop (0.9.10)
+    timecop-rspec (1.0.3)
+      delegate (~> 0.1)
+      rspec (~> 3.0)
+      timecop (>= 0.7, < 1)
     unicode-display_width (3.1.5)
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
@@ -265,26 +317,38 @@ PLATFORMS
 
 DEPENDENCIES
   addressable (~> 2.8, >= 2.8.7)
+  appraisal2 (~> 3.0)
   backports (~> 3.25, >= 3.25.1)
   benchmark (~> 0.4, >= 0.4.1)
-  debug (>= 1.0.0)
+  bundler-audit (~> 0.9.2)
+  debug (>= 1.1)
+  erb (~> 5.0)
   gem_bench (~> 2.0, >= 2.0.5)
-  kettle-dev (~> 1.1, >= 1.1.7)
+  gitmoji-regex (~> 1.0, >= 1.0.3)
+  irb (~> 1.15, >= 1.15.2)
+  kettle-dev (~> 1.1, >= 1.1.9)
   kettle-soup-cover (~> 1.0, >= 1.0.10)
+  kettle-test (~> 1.0)
   kramdown (~> 2.5, >= 2.5.1)
   kramdown-parser-gfm (~> 1.1)
+  mutex_m (~> 0.2)
   nkf (~> 0.2)
   oauth2!
-  pry (~> 0.14)
+  rake (~> 13.0)
   rdoc (~> 6.11)
   reek (~> 6.5)
+  require_bench (~> 1.0, >= 1.0.4)
   rexml (~> 3.2, >= 3.2.5)
+  rspec-pending_for (~> 0.0, >= 0.0.17)
   rubocop-lts (~> 8.0)
   rubocop-on-rbs (~> 1.8)
   rubocop-packaging (~> 0.6, >= 0.6.0)
   rubocop-rspec (~> 3.6)
   rubocop-ruby2_2
+  ruby-progressbar (~> 1.13)
   standard (>= 1.50)
+  stone_checksums (~> 1.0, >= 1.0.2)
+  stringio (>= 3.0)
   yard (~> 0.9, >= 0.9.37)
   yard-junk (~> 0.0, >= 0.0.10)!
   yard-relative_markdown_links (~> 0.5.0)
diff --git a/README.md b/README.md
index 7563d5c3..a04e1e2d 100644
--- a/README.md
+++ b/README.md
@@ -1,17 +1,17 @@
 [![Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0][🖼️galtzo-i]][🖼️galtzo-discord] [![ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5][🖼️ruby-lang-i]][🖼️ruby-lang] [![oauth2 Logo by Chris Messina, CC BY-SA 3.0][🖼️oauth2-i]][🖼️oauth2]
 
-[🖼️oauth2-i]: https://logos.galtzo.com/assets/images/oauth/oauth2/avatar-192px.svg
-[🖼️oauth2]: https://github.com/ruby-oauth/oauth2
-[🖼️ruby-lang-i]: https://logos.galtzo.com/assets/images/ruby-lang/avatar-192px.svg
-[🖼️ruby-lang]: https://www.ruby-lang.org/
 [🖼️galtzo-i]: https://logos.galtzo.com/assets/images/galtzo-floss/avatar-192px.svg
 [🖼️galtzo-discord]: https://discord.gg/3qme4XHNKN
+[🖼️ruby-lang-i]: https://logos.galtzo.com/assets/images/ruby-lang/avatar-192px.svg
+[🖼️ruby-lang]: https://www.ruby-lang.org/
+[🖼️oauth2-i]: https://logos.galtzo.com/assets/images/oauth/oauth2/avatar-192px.svg
+[🖼️oauth2]: https://github.com/ruby-oauth/oauth2
 
 # 🔐 OAuth 2.0 Authorization Framework
 
 ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
 
-[![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Caboose is an absolute WAGON][🚎13-cbs-wfi]][🚎13-cbs-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL]
+[![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🔑codecovi]][🔑codecov] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL]
 
 If ☝️ `ci_badges.map(&:color).detect { it != "green"}`  [let me know][🖼️galtzo-discord], as I may have missed the [discord notification][🖼️galtzo-discord].
 
@@ -131,9 +131,9 @@ What does that mean specifically for the runtime dependencies?
 We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
 covering the latest patch for each of the following minor versions:
 
-| 🚚 _Amazing_ test matrix was brought to you by | 🔎 appraisal2 🔎                                                                     |
-|------------------------------------------------|--------------------------------------------------------------------------------------|
-| 👟 Check it out!                               | ✨ [github.com/appraisal-rb/appraisal2](https://github.com/appraisal-rb/appraisal2) ✨ |
+| 🚚 _Amazing_ test matrix was brought to you by | 🔎 appraisal2 🔎                                       |
+|------------------------------------------------|--------------------------------------------------------|
+| 👟 Check it out!                               | ✨ [github.com/appraisal-rb/appraisal2][💎appraisal2] ✨ |
 
 #### You should upgrade this gem with confidence\*.
 
@@ -1180,6 +1180,8 @@ See [CONTRIBUTING.md][🤝contributing].
 
 ### Code Coverage
 
+[![Coverage Graph][🔑codecov-g]][🔑codecov]
+
 [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]
 
 [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov]
@@ -1311,11 +1313,11 @@ Thanks for RTFM. ☺️
 [🖇sponsor]: https://github.com/sponsors/pboling
 [🖇polar-img]: https://img.shields.io/badge/polar-donate-a51611.svg?style=flat
 [🖇polar]: https://polar.sh/pboling
-[🖇kofi-img]: https://img.shields.io/badge/ko--fi-✓-a51611.svg?style=flat
+[🖇kofi-img]: https://img.shields.io/badge/ko--fi-%E2%9C%93-a51611.svg?style=flat
 [🖇kofi]: https://ko-fi.com/O5O86SNP4
 [🖇patreon-img]: https://img.shields.io/badge/patreon-donate-a51611.svg?style=flat
 [🖇patreon]: https://patreon.com/galtzo
-[🖇buyme-small-img]: https://img.shields.io/badge/buy_me_a_coffee-✓-a51611.svg?style=flat
+[🖇buyme-small-img]: https://img.shields.io/badge/buy_me_a_coffee-%E2%9C%93-a51611.svg?style=flat
 [🖇buyme-img]: https://img.buymeacoffee.com/button-api/?text=Buy%20me%20a%20latte&emoji=&slug=pboling&button_colour=FFDD00&font_colour=000000&font_family=Cookie&outline_colour=000000&coffee_colour=ffffff
 [🖇buyme]: https://www.buymeacoffee.com/pboling
 [🖇paypal-img]: https://img.shields.io/badge/donate-paypal-a51611.svg?style=flat&logo=paypal
@@ -1347,7 +1349,7 @@ Thanks for RTFM. ☺️
 [💖💲crunchbase]: https://www.crunchbase.com/person/peter-boling
 [💖💲crunchbase-img]: https://img.shields.io/badge/peter--boling-purple?style=flat&logo=crunchbase
 [💖🐘ruby-mast]: https://ruby.social/@galtzo
-[💖🐘ruby-mast-img]: https://img.shields.io/mastodon/follow/109447111526622197?domain=https%3A%2F%2Fruby.social&style=flat&logo=mastodon&label=Ruby%20%40galtzo
+[💖🐘ruby-mast-img]: https://img.shields.io/mastodon/follow/109447111526622197?domain=https://ruby.social&style=flat&logo=mastodon&label=Ruby%20@galtzo
 [💖🦋bluesky]: https://bsky.app/profile/galtzo.com
 [💖🦋bluesky-img]: https://img.shields.io/badge/@galtzo.com-0285FF?style=flat&logo=bluesky&logoColor=white
 [💖🌳linktree]: https://linktr.ee/galtzo
@@ -1417,8 +1419,8 @@ Thanks for RTFM. ☺️
 [🚎10-j-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/jruby.yml/badge.svg
 [🚎11-c-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/current.yml
 [🚎11-c-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/current.yml/badge.svg
-[🚎12-crh-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/current-runtime-heads.yml
-[🚎12-crh-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/current-runtime-heads.yml/badge.svg
+[🚎12-crh-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/dep-heads.yml
+[🚎12-crh-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/dep-heads.yml/badge.svg
 [🚎13-cbs-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/caboose.yml
 [🚎13-cbs-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/caboose.yml/badge.svg
 [🚎13-🔒️-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/locked_deps.yml
@@ -1472,7 +1474,7 @@ Thanks for RTFM. ☺️
 [📗keep-changelog]: https://keepachangelog.com/en/1.0.0/
 [📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-34495e.svg?style=flat
 [📌gitmoji]:https://gitmoji.dev
-[📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20😜%20😍-34495e.svg?style=flat-square
+[📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
 [🧮kloc-img]: https://img.shields.io/badge/KLOC-0.519-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
@@ -1488,7 +1490,7 @@ Thanks for RTFM. ☺️
 [💎stone_checksums]: https://github.com/galtzo-floss/stone_checksums
 [💎SHA_checksums]: https://gitlab.com/ruby-oauth/oauth2/-/tree/main/checksums
 [💎rlts]: https://github.com/rubocop-lts/rubocop-lts
-[💎rlts-img]: https://img.shields.io/badge/code_style_%26_linting-rubocop--lts-34495e.svg?plastic&logo=ruby&logoColor=white
+[💎rlts-img]: https://img.shields.io/badge/code_style_&_linting-rubocop--lts-34495e.svg?plastic&logo=ruby&logoColor=white
 [💎appraisal2]: https://github.com/appraisal-rb/appraisal2
 [💎appraisal2-img]: https://img.shields.io/badge/appraised_by-appraisal2-34495e.svg?plastic&logo=ruby&logoColor=white
 [💎d-in-dvcs]: https://railsbling.com/posts/dvcs/put_the_d_in_dvcs/
@@ -1498,8 +1500,8 @@ Thanks for RTFM. ☺️
     rel="me" Social Proofs
   
 
-
-
+
+
 
 
 
diff --git a/Rakefile b/Rakefile
index 249ef930..4f67de12 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# kettle-dev Rakefile v1.0.24 - 2025-08-31
+# kettle-dev Rakefile v1.1.9 - 2025-09-07
 # Ruby 2.3 (Safe Navigation) or higher required
 #
 # MIT License (see License.txt)
@@ -15,14 +15,10 @@
 # rake bench                                  # Run all benchmarks (alias for bench:run)
 # rake bench:list                             # List available benchmark scripts
 # rake bench:run                              # Run all benchmark scripts (skips on CI)
-# rake build                                  # Build kettle-dev-1.0.0.gem into the pkg d...
-# rake build:checksum                         # Generate SHA512 checksum of kettle-dev-1....
 # rake build:generate_checksums               # Generate both SHA256 & SHA512 checksums i...
 # rake bundle:audit:check                     # Checks the Gemfile.lock for insecure depe...
 # rake bundle:audit:update                    # Updates the bundler-audit vulnerability d...
 # rake ci:act[opt]                            # Run 'act' with a selected workflow
-# rake clean                                  # Remove any temporary products
-# rake clobber                                # Remove any generated files
 # rake coverage                               # Run specs w/ coverage and open results in...
 # rake default                                # Default tasks aggregator
 # rake install                                # Build and install kettle-dev-1.0.0.gem in...
diff --git a/SECURITY.md b/SECURITY.md
index 1fc2f483..a319529f 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,15 +2,9 @@
 
 ## Supported Versions
 
-| Version  | Supported | Post-EOL / Enterprise                 |
-|----------|-----------|---------------------------------------|
-| 2.latest | ✅         | [Tidelift Subscription][tidelift-ref] |
-| 1.latest | ✅         | [Tidelift Subscription][tidelift-ref] |
-| <= 1     | ⛔         | ⛔                                     |
-
-### EOL Policy
-
-Non-commercial support for the oldest version of Ruby (which itself is going EOL) will be dropped each year in April.
+| Version  | Supported |
+|----------|-----------|
+| 1.latest | ✅         |
 
 ## Security contact information
 
@@ -25,11 +19,3 @@ please consider sponsoring the project / maintainer @ https://liberapay.com/pbol
 or find other sponsorship links in the [README].
 
 [README]: README.md
-
-## Enterprise Support
-
-Available as part of the Tidelift Subscription.
-
-The maintainers of this library and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref]
-
-[tidelift-ref]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise&utm_term=repo
diff --git a/bin/kettle-dev-setup b/bin/kettle-dev-setup
new file mode 100755
index 00000000..276319a7
--- /dev/null
+++ b/bin/kettle-dev-setup
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'kettle-dev-setup' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("kettle-dev", "kettle-dev-setup")
diff --git a/bin/kettle-dvcs b/bin/kettle-dvcs
new file mode 100755
index 00000000..b572d48c
--- /dev/null
+++ b/bin/kettle-dvcs
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'kettle-dvcs' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("kettle-dev", "kettle-dvcs")
diff --git a/bin/kettle-pre-release b/bin/kettle-pre-release
new file mode 100755
index 00000000..1b98ad61
--- /dev/null
+++ b/bin/kettle-pre-release
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'kettle-pre-release' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("kettle-dev", "kettle-pre-release")
diff --git a/bin/pry b/bin/pry
new file mode 100755
index 00000000..41bfde55
--- /dev/null
+++ b/bin/pry
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'pry' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("pry", "pry")
diff --git a/bin/rbs b/bin/rbs
new file mode 100755
index 00000000..ffc95a0d
--- /dev/null
+++ b/bin/rbs
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rbs' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rbs", "rbs")
diff --git a/gemfiles/audit.gemfile b/gemfiles/audit.gemfile
index 5a3af548..82550001 100644
--- a/gemfiles/audit.gemfile
+++ b/gemfiles/audit.gemfile
@@ -2,9 +2,6 @@
 
 source "https://rubygems.org/"
 
-gem "mutex_m", "~> 0.2"
-gem "stringio", "~> 3.0"
-
 gemspec path: "../"
 
 eval_gemfile("modular/audit.gemfile")
@@ -20,3 +17,5 @@ eval_gemfile("modular/logger_v1_7.gemfile")
 eval_gemfile("modular/multi_xml_v0_7.gemfile")
 
 eval_gemfile("modular/rack_v3.gemfile")
+
+eval_gemfile("modular/x_std_libs/r3/libs.gemfile")
diff --git a/gemfiles/coverage.gemfile b/gemfiles/coverage.gemfile
index 92c25c25..0bb1d61f 100644
--- a/gemfiles/coverage.gemfile
+++ b/gemfiles/coverage.gemfile
@@ -2,9 +2,6 @@
 
 source "https://rubygems.org/"
 
-gem "mutex_m", "~> 0.2"
-gem "stringio", "~> 3.0"
-
 gemspec path: "../"
 
 eval_gemfile("modular/coverage.gemfile")
@@ -22,3 +19,5 @@ eval_gemfile("modular/multi_xml_v0_7.gemfile")
 eval_gemfile("modular/optional.gemfile")
 
 eval_gemfile("modular/rack_v3.gemfile")
+
+eval_gemfile("modular/x_std_libs/r3/libs.gemfile")
diff --git a/gemfiles/current.gemfile b/gemfiles/current.gemfile
index 770c6643..d0b46ac0 100644
--- a/gemfiles/current.gemfile
+++ b/gemfiles/current.gemfile
@@ -4,4 +4,4 @@ source "https://rubygems.org/"
 
 gemspec path: "../"
 
-eval_gemfile("modular/latest.gemfile")
+eval_gemfile("modular/x_std_libs.gemfile")
diff --git a/gemfiles/dep_heads.gemfile b/gemfiles/dep_heads.gemfile
new file mode 100644
index 00000000..3173f86f
--- /dev/null
+++ b/gemfiles/dep_heads.gemfile
@@ -0,0 +1,7 @@
+# This file was generated by Appraisal2
+
+source "https://rubygems.org/"
+
+gemspec path: "../"
+
+eval_gemfile("modular/runtime_heads.gemfile")
diff --git a/gemfiles/deps_unlocked.gemfile b/gemfiles/deps_unlocked.gemfile
deleted file mode 100644
index 789a4f03..00000000
--- a/gemfiles/deps_unlocked.gemfile
+++ /dev/null
@@ -1,13 +0,0 @@
-# This file was generated by Appraisal2
-
-source "https://rubygems.org/"
-
-gemspec path: "../"
-
-eval_gemfile("modular/audit.gemfile")
-
-eval_gemfile("modular/coverage.gemfile")
-
-eval_gemfile("modular/documentation.gemfile")
-
-eval_gemfile("modular/style.gemfile")
diff --git a/gemfiles/head.gemfile b/gemfiles/head.gemfile
index f8e1bc42..e6b6d80d 100644
--- a/gemfiles/head.gemfile
+++ b/gemfiles/head.gemfile
@@ -2,8 +2,6 @@
 
 source "https://rubygems.org/"
 
-gem "mutex_m", ">= 0.2"
-gem "stringio", ">= 3.0"
 gem "benchmark", "~> 0.4", ">= 0.4.1"
 
 gemspec path: "../"
diff --git a/gemfiles/modular/debug.gemfile b/gemfiles/modular/debug.gemfile
index 28cd3728..3e86091c 100644
--- a/gemfiles/modular/debug.gemfile
+++ b/gemfiles/modular/debug.gemfile
@@ -2,10 +2,12 @@
 gem "irb", "~> 1.15", ">= 1.15.2" # removed from stdlib in 3.5
 
 platform :mri do
-  # Debugging
+  # Debugging - Ensure ENV["DEBUG"] == "true" to use debuggers within spec suite
   # Use binding.break, binding.b, or debugger in code
   gem "debug", ">= 1.1"                     # ruby >= 2.7
+
+  # Dev Console - Binding.pry - Irb replacement
+  # gem "pry", "~> 0.14"                     # ruby >= 2.0
 end
 
-gem "require_bench", "~> 1.0", ">= 1.0.4"
 gem "gem_bench", "~> 2.0", ">= 2.0.5"
diff --git a/gemfiles/modular/erb/r2.3/default.gemfile b/gemfiles/modular/erb/r2.3/default.gemfile
new file mode 100644
index 00000000..a38f952f
--- /dev/null
+++ b/gemfiles/modular/erb/r2.3/default.gemfile
@@ -0,0 +1,6 @@
+# The cake is a lie.
+# erb v2.2, the oldest release on RubyGems.org, was never compatible with Ruby 2.3.
+# In addition, erb does not follow SemVer, and old rubies get dropped in a patch.
+# This means we have no choice but to use the erb that shipped with Ruby 2.3
+# /opt/hostedtoolcache/Ruby/2.3.8/x64/lib/ruby/gems/2.3.0/gems/erb-2.2.2/lib/erb.rb:670:in `prepare_trim_mode': undefined method `match?' for "-":String (NoMethodError)
+# gem "erb", ">= 2.2"   # ruby >= 2.3.0
diff --git a/gemfiles/modular/erb/r2.6/v2.2.gemfile b/gemfiles/modular/erb/r2.6/v2.2.gemfile
new file mode 100644
index 00000000..7cd85745
--- /dev/null
+++ b/gemfiles/modular/erb/r2.6/v2.2.gemfile
@@ -0,0 +1,3 @@
+# Ruby >= 2.3.0 (claimed, but not true, minimum support is Ruby 2.4)
+# Last version supporting Ruby <= 2.6
+gem "erb", "~> 2.2.2"
diff --git a/gemfiles/modular/erb/r2/v3.0.gemfile b/gemfiles/modular/erb/r2/v3.0.gemfile
new file mode 100644
index 00000000..c03bd8d8
--- /dev/null
+++ b/gemfiles/modular/erb/r2/v3.0.gemfile
@@ -0,0 +1 @@
+gem "erb", "~> 3.0"   # ruby >= 2.7.0
diff --git a/gemfiles/modular/erb/r3.1/v4.0.gemfile b/gemfiles/modular/erb/r3.1/v4.0.gemfile
new file mode 100644
index 00000000..2e9046d8
--- /dev/null
+++ b/gemfiles/modular/erb/r3.1/v4.0.gemfile
@@ -0,0 +1,2 @@
+# last version compatible with Ruby 3.1
+gem "erb", "~> 4.0"   # ruby >= 2.7.0
diff --git a/gemfiles/modular/erb/r3/v5.0.gemfile b/gemfiles/modular/erb/r3/v5.0.gemfile
new file mode 100644
index 00000000..97033fa7
--- /dev/null
+++ b/gemfiles/modular/erb/r3/v5.0.gemfile
@@ -0,0 +1 @@
+gem "erb", "~> 5.0"   # ruby >= 3.2.0
diff --git a/gemfiles/modular/erb/vHEAD.gemfile b/gemfiles/modular/erb/vHEAD.gemfile
new file mode 100644
index 00000000..65f8433e
--- /dev/null
+++ b/gemfiles/modular/erb/vHEAD.gemfile
@@ -0,0 +1,2 @@
+# Ruby >= 3.2 (dependency of kettle-dev)
+gem "erb", github: "ruby/erb", branch: "master"
diff --git a/gemfiles/modular/injected.gemfile b/gemfiles/modular/injected.gemfile
new file mode 100644
index 00000000..0b5f8fa7
--- /dev/null
+++ b/gemfiles/modular/injected.gemfile
@@ -0,0 +1,60 @@
+# NOTE: It is preferable to list development dependencies in the gemspec due to increased
+#       visibility and discoverability on RubyGems.org.
+#       However, this gem sits underneath all my other gems, and also "depends on" many of them.
+#       So instead of depending on them directly it injects them into the other gem's gemspec on install.
+#       This gem its injected dev dependencies, will install on Ruby down to 2.3.x.
+#       This gem does not inject runtime dependencies.
+#       Thus, dev dependencies injected into gemspecs must have
+#
+#       required_ruby_version ">= 2.3" (or lower)
+#
+#       Development dependencies that require strictly newer Ruby versions should be in a "gemfile",
+#       and preferably a modular one (see gemfiles/modular/*.gemfile).
+
+# Security
+gem "bundler-audit", "~> 0.9.2"                       # ruby >= 2.0.0
+
+# Tasks
+gem "rake", "~> 13.0"                                 # ruby >= 2.2.0
+
+# Debugging
+gem "require_bench", "~> 1.0", ">= 1.0.4"             # ruby >= 2.2.0
+
+# Testing
+gem "appraisal2", "~> 3.0"                            # ruby >= 1.8.7, for testing against multiple versions of dependencies
+gem "kettle-test", "~> 1.0"                           # ruby >= 2.3
+gem "rspec-pending_for"                                 # ruby >= 2.3, used to skip specs on incompatible Rubies
+
+# Releasing
+gem "ruby-progressbar", "~> 1.13"                     # ruby >= 0
+gem "stone_checksums", "~> 1.0", ">= 1.0.2"           # ruby >= 2.2.0
+
+# Git integration (optional)
+# The 'git' gem is optional; kettle-dev falls back to shelling out to `git` if it is not present.
+# The current release of the git gem depends on activesupport, which makes it too heavy to depend on directly
+# Compatibility with the git gem is tested via appraisals instead.
+# gem("git", ">= 1.19.1")                               # ruby >= 2.3
+
+# Development tasks
+gem "gitmoji-regex", "~> 1.0", ">= 1.0.3"             # ruby >= 2.3.0
+
+# The cake is a lie. erb v2.2, the oldest release on RubyGems.org, was never compatible with Ruby 2.3.
+# This means we have no choice but to use the erb that shipped with Ruby 2.3
+# /opt/hostedtoolcache/Ruby/2.3.8/x64/lib/ruby/gems/2.3.0/gems/erb-2.2.2/lib/erb.rb:670:in `prepare_trim_mode': undefined method `match?' for "-":String (NoMethodError)
+# gem "erb", ">= 2.2"                                   # ruby >= 2.3.0, not SemVer, old rubies get dropped in a patch.
+
+# HTTP recording for deterministic specs
+# It seems that somehow just having a newer version of appraisal installed breaks
+#   Ruby 2.3 and 2.4 even if their bundle specifies an older version,
+#   and as a result it can only be a dependency in the appraisals.
+# | An error occurred while loading spec_helper.
+# | Failure/Error: require "vcr"
+# |
+# | NoMethodError:
+# |   undefined method `delete_prefix' for "CONTENT_LENGTH":String
+# | # ./spec/config/vcr.rb:3:in `require'
+# | # ./spec/config/vcr.rb:3:in `'
+# | # ./spec/spec_helper.rb:8:in `require_relative'
+# | # ./spec/spec_helper.rb:8:in `'
+# gem "vcr", ">= 4"                    # 6.0 claims to support ruby >= 2.3, but fails on ruby 2.4
+# gem "webmock", ">= 3"                # Last version to support ruby >= 2.3
diff --git a/gemfiles/modular/mutex_m/r2.4/v0.1.gemfile b/gemfiles/modular/mutex_m/r2.4/v0.1.gemfile
new file mode 100644
index 00000000..cabf9806
--- /dev/null
+++ b/gemfiles/modular/mutex_m/r2.4/v0.1.gemfile
@@ -0,0 +1,3 @@
+# Ruby >= 0
+# Last version supporting Ruby <= 2.4
+gem "mutex_m", "~> 0.1"
diff --git a/gemfiles/modular/mutex_m/r2/v0.3.gemfile b/gemfiles/modular/mutex_m/r2/v0.3.gemfile
new file mode 100644
index 00000000..42e9d9bd
--- /dev/null
+++ b/gemfiles/modular/mutex_m/r2/v0.3.gemfile
@@ -0,0 +1,2 @@
+# Ruby >= 2.5
+gem "mutex_m", "~> 0.2"
diff --git a/gemfiles/modular/mutex_m/r3/v0.3.gemfile b/gemfiles/modular/mutex_m/r3/v0.3.gemfile
new file mode 100644
index 00000000..42e9d9bd
--- /dev/null
+++ b/gemfiles/modular/mutex_m/r3/v0.3.gemfile
@@ -0,0 +1,2 @@
+# Ruby >= 2.5
+gem "mutex_m", "~> 0.2"
diff --git a/gemfiles/modular/mutex_m/vHEAD.gemfile b/gemfiles/modular/mutex_m/vHEAD.gemfile
new file mode 100644
index 00000000..8af3b6fc
--- /dev/null
+++ b/gemfiles/modular/mutex_m/vHEAD.gemfile
@@ -0,0 +1,2 @@
+# Ruby >= 2.5 (dependency of omniauth)
+gem "mutex_m", github: "ruby/mutex_m", branch: "master"
diff --git a/gemfiles/modular/runtime_heads.gemfile b/gemfiles/modular/runtime_heads.gemfile
index a3c5115c..7d74c143 100644
--- a/gemfiles/modular/runtime_heads.gemfile
+++ b/gemfiles/modular/runtime_heads.gemfile
@@ -25,3 +25,5 @@ gem "version_gem", github: "ruby-oauth/version_gem", branch: "main"
 
 # Ruby >= 2.2
 gem "snaky_hash", github: "ruby-oauth/snaky_hash", branch: "main"
+
+eval_gemfile("x_std_libs/vHEAD.gemfile")
diff --git a/gemfiles/modular/stringio/r2.4/v0.0.2.gemfile b/gemfiles/modular/stringio/r2.4/v0.0.2.gemfile
new file mode 100644
index 00000000..94021cf3
--- /dev/null
+++ b/gemfiles/modular/stringio/r2.4/v0.0.2.gemfile
@@ -0,0 +1,4 @@
+# !!WARNING!!
+#   NOT SEMVER
+# Last version to support Ruby <= 2.5
+gem "stringio", ">= 0.0.2"
diff --git a/gemfiles/modular/stringio/r2/v3.0.gemfile b/gemfiles/modular/stringio/r2/v3.0.gemfile
new file mode 100644
index 00000000..e85bb18e
--- /dev/null
+++ b/gemfiles/modular/stringio/r2/v3.0.gemfile
@@ -0,0 +1,5 @@
+# !!WARNING!!
+#   NOT SEMVER
+# Version 3.0.7 dropped support for Ruby <= 2.7
+# Version 3.0.0 dropped support for Ruby <= 2.4
+gem "stringio", ">= 3.0"
diff --git a/gemfiles/modular/stringio/r3/v3.0.gemfile b/gemfiles/modular/stringio/r3/v3.0.gemfile
new file mode 100644
index 00000000..e85bb18e
--- /dev/null
+++ b/gemfiles/modular/stringio/r3/v3.0.gemfile
@@ -0,0 +1,5 @@
+# !!WARNING!!
+#   NOT SEMVER
+# Version 3.0.7 dropped support for Ruby <= 2.7
+# Version 3.0.0 dropped support for Ruby <= 2.4
+gem "stringio", ">= 3.0"
diff --git a/gemfiles/modular/stringio/vHEAD.gemfile b/gemfiles/modular/stringio/vHEAD.gemfile
new file mode 100644
index 00000000..5f2a7412
--- /dev/null
+++ b/gemfiles/modular/stringio/vHEAD.gemfile
@@ -0,0 +1,2 @@
+# Ruby >= 2.5 (dependency of omniauth)
+gem "stringio", github: "ruby/stringio", branch: "master"
diff --git a/gemfiles/modular/x_std_libs.gemfile b/gemfiles/modular/x_std_libs.gemfile
new file mode 100644
index 00000000..cb677752
--- /dev/null
+++ b/gemfiles/modular/x_std_libs.gemfile
@@ -0,0 +1,2 @@
+### Std Lib Extracted Gems
+eval_gemfile "x_std_libs/r3/libs.gemfile"
diff --git a/gemfiles/modular/x_std_libs/r2.3/libs.gemfile b/gemfiles/modular/x_std_libs/r2.3/libs.gemfile
new file mode 100644
index 00000000..2fee8b60
--- /dev/null
+++ b/gemfiles/modular/x_std_libs/r2.3/libs.gemfile
@@ -0,0 +1,3 @@
+eval_gemfile "../../erb/r2.3/default.gemfile"
+eval_gemfile "../../mutex_m/r2.4/v0.1.gemfile"
+eval_gemfile "../../stringio/r2.4/v0.0.2.gemfile"
diff --git a/gemfiles/modular/x_std_libs/r2.4/libs.gemfile b/gemfiles/modular/x_std_libs/r2.4/libs.gemfile
new file mode 100644
index 00000000..c1bcbd8f
--- /dev/null
+++ b/gemfiles/modular/x_std_libs/r2.4/libs.gemfile
@@ -0,0 +1,3 @@
+eval_gemfile "../../erb/r2.6/v2.2.gemfile"
+eval_gemfile "../../mutex_m/r2.4/v0.1.gemfile"
+eval_gemfile "../../stringio/r2.4/v0.0.2.gemfile"
diff --git a/gemfiles/modular/x_std_libs/r2.6/libs.gemfile b/gemfiles/modular/x_std_libs/r2.6/libs.gemfile
new file mode 100644
index 00000000..beac38c9
--- /dev/null
+++ b/gemfiles/modular/x_std_libs/r2.6/libs.gemfile
@@ -0,0 +1,3 @@
+eval_gemfile "../../erb/r2.6/v2.2.gemfile"
+eval_gemfile "../../mutex_m/r2/v0.3.gemfile"
+eval_gemfile "../../stringio/r2/v3.0.gemfile"
diff --git a/gemfiles/modular/x_std_libs/r2/libs.gemfile b/gemfiles/modular/x_std_libs/r2/libs.gemfile
new file mode 100644
index 00000000..441c4f03
--- /dev/null
+++ b/gemfiles/modular/x_std_libs/r2/libs.gemfile
@@ -0,0 +1,3 @@
+eval_gemfile "../../erb/r2/v3.0.gemfile"
+eval_gemfile "../../mutex_m/r2/v0.3.gemfile"
+eval_gemfile "../../stringio/r2/v3.0.gemfile"
diff --git a/gemfiles/modular/x_std_libs/r3.1/libs.gemfile b/gemfiles/modular/x_std_libs/r3.1/libs.gemfile
new file mode 100644
index 00000000..bdab5bde
--- /dev/null
+++ b/gemfiles/modular/x_std_libs/r3.1/libs.gemfile
@@ -0,0 +1,3 @@
+eval_gemfile "../../erb/r3.1/v4.0.gemfile"
+eval_gemfile "../../mutex_m/r3/v0.3.gemfile"
+eval_gemfile "../../stringio/r3/v3.0.gemfile"
diff --git a/gemfiles/modular/x_std_libs/r3/libs.gemfile b/gemfiles/modular/x_std_libs/r3/libs.gemfile
new file mode 100644
index 00000000..c293a3dd
--- /dev/null
+++ b/gemfiles/modular/x_std_libs/r3/libs.gemfile
@@ -0,0 +1,3 @@
+eval_gemfile "../../erb/r3/v5.0.gemfile"
+eval_gemfile "../../mutex_m/r3/v0.3.gemfile"
+eval_gemfile "../../stringio/r3/v3.0.gemfile"
diff --git a/gemfiles/modular/x_std_libs/vHEAD.gemfile b/gemfiles/modular/x_std_libs/vHEAD.gemfile
new file mode 100644
index 00000000..acc5ccbf
--- /dev/null
+++ b/gemfiles/modular/x_std_libs/vHEAD.gemfile
@@ -0,0 +1,3 @@
+eval_gemfile "../erb/vHEAD.gemfile"
+eval_gemfile "../mutex_m/vHEAD.gemfile"
+eval_gemfile "../stringio/vHEAD.gemfile"
diff --git a/gemfiles/ruby_2_3_hashie_v0.gemfile b/gemfiles/ruby_2_3_hashie_v0.gemfile
index fe08e312..3d9948b0 100644
--- a/gemfiles/ruby_2_3_hashie_v0.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v0.gemfile
@@ -15,3 +15,5 @@ eval_gemfile("modular/logger_v1_2.gemfile")
 eval_gemfile("modular/multi_xml_v0_5.gemfile")
 
 eval_gemfile("modular/rack_v1_2.gemfile")
+
+eval_gemfile("modular/x_std_libs/r2.3/libs.gemfile")
diff --git a/gemfiles/ruby_2_3_hashie_v1.gemfile b/gemfiles/ruby_2_3_hashie_v1.gemfile
index 0cbdaec1..5d97162b 100644
--- a/gemfiles/ruby_2_3_hashie_v1.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v1.gemfile
@@ -15,3 +15,5 @@ eval_gemfile("modular/logger_v1_2.gemfile")
 eval_gemfile("modular/multi_xml_v0_5.gemfile")
 
 eval_gemfile("modular/rack_v1_2.gemfile")
+
+eval_gemfile("modular/x_std_libs/r2.3/libs.gemfile")
diff --git a/gemfiles/ruby_2_3_hashie_v2.gemfile b/gemfiles/ruby_2_3_hashie_v2.gemfile
index 3d0484d0..9a8d02f0 100644
--- a/gemfiles/ruby_2_3_hashie_v2.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v2.gemfile
@@ -15,3 +15,5 @@ eval_gemfile("modular/logger_v1_2.gemfile")
 eval_gemfile("modular/multi_xml_v0_5.gemfile")
 
 eval_gemfile("modular/rack_v1_2.gemfile")
+
+eval_gemfile("modular/x_std_libs/r2.3/libs.gemfile")
diff --git a/gemfiles/ruby_2_3_hashie_v3.gemfile b/gemfiles/ruby_2_3_hashie_v3.gemfile
index 452620e9..ea7cd525 100644
--- a/gemfiles/ruby_2_3_hashie_v3.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v3.gemfile
@@ -15,3 +15,5 @@ eval_gemfile("modular/logger_v1_2.gemfile")
 eval_gemfile("modular/multi_xml_v0_5.gemfile")
 
 eval_gemfile("modular/rack_v1_2.gemfile")
+
+eval_gemfile("modular/x_std_libs/r2.3/libs.gemfile")
diff --git a/gemfiles/ruby_2_3_hashie_v4.gemfile b/gemfiles/ruby_2_3_hashie_v4.gemfile
index aba8c483..37e16961 100644
--- a/gemfiles/ruby_2_3_hashie_v4.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v4.gemfile
@@ -15,3 +15,5 @@ eval_gemfile("modular/logger_v1_2.gemfile")
 eval_gemfile("modular/multi_xml_v0_5.gemfile")
 
 eval_gemfile("modular/rack_v1_2.gemfile")
+
+eval_gemfile("modular/x_std_libs/r2.3/libs.gemfile")
diff --git a/gemfiles/ruby_2_3_hashie_v5.gemfile b/gemfiles/ruby_2_3_hashie_v5.gemfile
index 19515c83..e888ef7d 100644
--- a/gemfiles/ruby_2_3_hashie_v5.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v5.gemfile
@@ -15,3 +15,5 @@ eval_gemfile("modular/logger_v1_2.gemfile")
 eval_gemfile("modular/multi_xml_v0_5.gemfile")
 
 eval_gemfile("modular/rack_v1_2.gemfile")
+
+eval_gemfile("modular/x_std_libs/r2.3/libs.gemfile")
diff --git a/gemfiles/ruby_2_4.gemfile b/gemfiles/ruby_2_4.gemfile
index ebbc746d..36a5018d 100644
--- a/gemfiles/ruby_2_4.gemfile
+++ b/gemfiles/ruby_2_4.gemfile
@@ -15,3 +15,5 @@ eval_gemfile("modular/logger_v1_2.gemfile")
 eval_gemfile("modular/multi_xml_v0_5.gemfile")
 
 eval_gemfile("modular/rack_v1_6.gemfile")
+
+eval_gemfile("modular/x_std_libs/r2.4/libs.gemfile")
diff --git a/gemfiles/ruby_2_5.gemfile b/gemfiles/ruby_2_5.gemfile
index 9c78b4de..191c0014 100644
--- a/gemfiles/ruby_2_5.gemfile
+++ b/gemfiles/ruby_2_5.gemfile
@@ -15,3 +15,5 @@ eval_gemfile("modular/logger_v1_5.gemfile")
 eval_gemfile("modular/multi_xml_v0_6.gemfile")
 
 eval_gemfile("modular/rack_v2.gemfile")
+
+eval_gemfile("modular/x_std_libs/r2.6/libs.gemfile")
diff --git a/gemfiles/ruby_2_6.gemfile b/gemfiles/ruby_2_6.gemfile
index c90a047f..547d3f94 100644
--- a/gemfiles/ruby_2_6.gemfile
+++ b/gemfiles/ruby_2_6.gemfile
@@ -2,9 +2,6 @@
 
 source "https://rubygems.org/"
 
-gem "mutex_m", "~> 0.2"
-gem "stringio", "~> 3.0"
-
 gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
@@ -18,3 +15,5 @@ eval_gemfile("modular/logger_v1_5.gemfile")
 eval_gemfile("modular/multi_xml_v0_6.gemfile")
 
 eval_gemfile("modular/rack_v3.gemfile")
+
+eval_gemfile("modular/x_std_libs/r2.6/libs.gemfile")
diff --git a/gemfiles/ruby_2_7.gemfile b/gemfiles/ruby_2_7.gemfile
index 2da4dda0..1a3262a4 100644
--- a/gemfiles/ruby_2_7.gemfile
+++ b/gemfiles/ruby_2_7.gemfile
@@ -2,9 +2,6 @@
 
 source "https://rubygems.org/"
 
-gem "mutex_m", "~> 0.2"
-gem "stringio", "~> 3.0"
-
 gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
@@ -18,3 +15,5 @@ eval_gemfile("modular/logger_v1_7.gemfile")
 eval_gemfile("modular/multi_xml_v0_6.gemfile")
 
 eval_gemfile("modular/rack_v3.gemfile")
+
+eval_gemfile("modular/x_std_libs/r3.1/libs.gemfile")
diff --git a/gemfiles/ruby_3_0.gemfile b/gemfiles/ruby_3_0.gemfile
index 7fed3524..92db0fcb 100644
--- a/gemfiles/ruby_3_0.gemfile
+++ b/gemfiles/ruby_3_0.gemfile
@@ -2,9 +2,6 @@
 
 source "https://rubygems.org/"
 
-gem "mutex_m", "~> 0.2"
-gem "stringio", "~> 3.0"
-
 gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
@@ -18,3 +15,5 @@ eval_gemfile("modular/logger_v1_7.gemfile")
 eval_gemfile("modular/multi_xml_v0_6.gemfile")
 
 eval_gemfile("modular/rack_v3.gemfile")
+
+eval_gemfile("modular/x_std_libs/r3.1/libs.gemfile")
diff --git a/gemfiles/ruby_3_1.gemfile b/gemfiles/ruby_3_1.gemfile
index 7fed3524..92db0fcb 100644
--- a/gemfiles/ruby_3_1.gemfile
+++ b/gemfiles/ruby_3_1.gemfile
@@ -2,9 +2,6 @@
 
 source "https://rubygems.org/"
 
-gem "mutex_m", "~> 0.2"
-gem "stringio", "~> 3.0"
-
 gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
@@ -18,3 +15,5 @@ eval_gemfile("modular/logger_v1_7.gemfile")
 eval_gemfile("modular/multi_xml_v0_6.gemfile")
 
 eval_gemfile("modular/rack_v3.gemfile")
+
+eval_gemfile("modular/x_std_libs/r3.1/libs.gemfile")
diff --git a/gemfiles/ruby_3_2.gemfile b/gemfiles/ruby_3_2.gemfile
index 562e0116..7c4e1ec7 100644
--- a/gemfiles/ruby_3_2.gemfile
+++ b/gemfiles/ruby_3_2.gemfile
@@ -2,9 +2,6 @@
 
 source "https://rubygems.org/"
 
-gem "mutex_m", "~> 0.2"
-gem "stringio", "~> 3.0"
-
 gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
@@ -18,3 +15,5 @@ eval_gemfile("modular/logger_v1_7.gemfile")
 eval_gemfile("modular/multi_xml_v0_7.gemfile")
 
 eval_gemfile("modular/rack_v3.gemfile")
+
+eval_gemfile("modular/x_std_libs/r3/libs.gemfile")
diff --git a/gemfiles/ruby_3_3.gemfile b/gemfiles/ruby_3_3.gemfile
index 562e0116..7c4e1ec7 100644
--- a/gemfiles/ruby_3_3.gemfile
+++ b/gemfiles/ruby_3_3.gemfile
@@ -2,9 +2,6 @@
 
 source "https://rubygems.org/"
 
-gem "mutex_m", "~> 0.2"
-gem "stringio", "~> 3.0"
-
 gemspec path: "../"
 
 eval_gemfile("modular/faraday_v2.gemfile")
@@ -18,3 +15,5 @@ eval_gemfile("modular/logger_v1_7.gemfile")
 eval_gemfile("modular/multi_xml_v0_7.gemfile")
 
 eval_gemfile("modular/rack_v3.gemfile")
+
+eval_gemfile("modular/x_std_libs/r3/libs.gemfile")
diff --git a/gemfiles/style.gemfile b/gemfiles/style.gemfile
index bd9f436e..4fd57066 100644
--- a/gemfiles/style.gemfile
+++ b/gemfiles/style.gemfile
@@ -2,9 +2,8 @@
 
 source "https://rubygems.org/"
 
-gem "mutex_m", "~> 0.2"
-gem "stringio", "~> 3.0"
-
 gemspec path: "../"
 
 eval_gemfile("modular/style.gemfile")
+
+eval_gemfile("modular/x_std_libs/r3/libs.gemfile")
diff --git a/gemfiles/unlocked_deps.gemfile b/gemfiles/unlocked_deps.gemfile
index dd719981..31c29e3e 100644
--- a/gemfiles/unlocked_deps.gemfile
+++ b/gemfiles/unlocked_deps.gemfile
@@ -11,3 +11,5 @@ eval_gemfile("modular/documentation.gemfile")
 eval_gemfile("modular/style.gemfile")
 
 eval_gemfile("modular/optional.gemfile")
+
+eval_gemfile("modular/x_std_libs.gemfile")
diff --git a/oauth2.gemspec b/oauth2.gemspec
index 4a70ce85..58fb10c1 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -148,10 +148,57 @@ Thanks, @pboling / @galtzo
   #       Development dependencies that require strictly newer Ruby versions should be in a "gemfile",
   #       and preferably a modular one (see gemfiles/modular/*.gemfile).
 
-  # Dev, Test, & Release Tasks
   spec.add_development_dependency("addressable", "~> 2.8", ">= 2.8.7")  # ruby >= 2.2
   spec.add_development_dependency("backports", "~> 3.25", ">= 3.25.1")  # ruby >= 0
-  spec.add_development_dependency("kettle-dev", "~> 1.1", ">= 1.1.7")   # ruby >= 2.3
   spec.add_development_dependency("nkf", "~> 0.2")                      # ruby >= 2.3
   spec.add_development_dependency("rexml", "~> 3.2", ">= 3.2.5")        # ruby >= 0
+
+  # Dev, Test, & Release Tasks
+  spec.add_development_dependency("kettle-dev", "~> 1.1", ">= 1.1.9")   # ruby >= 2.3
+
+  # Security
+  spec.add_development_dependency("bundler-audit", "~> 0.9.2")                      # ruby >= 2.0.0
+
+  # Tasks
+  spec.add_development_dependency("rake", "~> 13.0")                                # ruby >= 2.2.0
+
+  # Debugging
+  spec.add_development_dependency("require_bench", "~> 1.0", ">= 1.0.4")            # ruby >= 2.2.0
+
+  # Testing
+  spec.add_development_dependency("appraisal2", "~> 3.0")                           # ruby >= 1.8.7, for testing against multiple versions of dependencies
+  spec.add_development_dependency("kettle-test", "~> 1.0")                          # ruby >= 2.3
+  spec.add_development_dependency("rspec-pending_for", "~> 0.0", ">= 0.0.17")       # ruby >= 2.3, used to skip specs on incompatible Rubies
+
+  # Releasing
+  spec.add_development_dependency("ruby-progressbar", "~> 1.13")                    # ruby >= 0
+  spec.add_development_dependency("stone_checksums", "~> 1.0", ">= 1.0.2")          # ruby >= 2.2.0
+
+  # Git integration (optional)
+  # The 'git' gem is optional; oauth2 falls back to shelling out to `git` if it is not present.
+  # The current release of the git gem depends on activesupport, which makes it too heavy to depend on directly
+  # spec.add_dependency("git", ">= 1.19.1")                               # ruby >= 2.3
+
+  # Development tasks
+  # The cake is a lie. erb v2.2, the oldest release on RubyGems.org, was never compatible with Ruby 2.3.
+  # This means we have no choice but to use the erb that shipped with Ruby 2.3
+  # /opt/hostedtoolcache/Ruby/2.3.8/x64/lib/ruby/gems/2.3.0/gems/erb-2.2.2/lib/erb.rb:670:in `prepare_trim_mode': undefined method `match?' for "-":String (NoMethodError)
+  # spec.add_development_dependency("erb", ">= 2.2")                                  # ruby >= 2.3.0, not SemVer, old rubies get dropped in a patch.
+  spec.add_development_dependency("gitmoji-regex", "~> 1.0", ">= 1.0.3")            # ruby >= 2.3.0
+
+  # HTTP recording for deterministic specs
+  # It seems that somehow just having a newer version of appraisal installed breaks
+  #   Ruby 2.3 and 2.4 even if their bundle specifies an older version,
+  #   and as a result it can only be a dependency in the appraisals.
+  # | An error occurred while loading spec_helper.
+  # | Failure/Error: require "vcr"
+  # |
+  # | NoMethodError:
+  # |   undefined method `delete_prefix' for "CONTENT_LENGTH":String
+  # | # ./spec/config/vcr.rb:3:in `require'
+  # | # ./spec/config/vcr.rb:3:in `'
+  # | # ./spec/spec_helper.rb:8:in `require_relative'
+  # | # ./spec/spec_helper.rb:8:in `'
+  # spec.add_development_dependency("vcr", ">= 4")                      # 6.0 claims to support ruby >= 2.3, but fails on ruby 2.4
+  # spec.add_development_dependency("webmock", ">= 3")               # Last version to support ruby >= 2.3
 end

From 90ef38326eaf530c8d7f6e58a74d488c759f59cd Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 7 Sep 2025 22:59:19 -0600
Subject: [PATCH 554/645] =?UTF-8?q?=F0=9F=92=9A=20Use=20backports/2.5.0/st?=
 =?UTF-8?q?ring/delete=5Fprefix?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 gemfiles/modular/erb/r2.4/v2.2.gemfile        | 6 ++++++
 gemfiles/modular/x_std_libs/r2.4/libs.gemfile | 2 +-
 spec/ext/backports.rb                         | 1 +
 3 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 gemfiles/modular/erb/r2.4/v2.2.gemfile

diff --git a/gemfiles/modular/erb/r2.4/v2.2.gemfile b/gemfiles/modular/erb/r2.4/v2.2.gemfile
new file mode 100644
index 00000000..5777e7e3
--- /dev/null
+++ b/gemfiles/modular/erb/r2.4/v2.2.gemfile
@@ -0,0 +1,6 @@
+# Ruby >= 2.3.0 (claimed, but not true, minimum support is Ruby 2.4)
+# Last version supporting Ruby <= 2.6
+gem "erb", "~> 2.2.2"
+
+# Pin CGI to a version compatible with Ruby 2.4.
+gem "cgi", "~> 0.1.1"
diff --git a/gemfiles/modular/x_std_libs/r2.4/libs.gemfile b/gemfiles/modular/x_std_libs/r2.4/libs.gemfile
index c1bcbd8f..5a3c5b6c 100644
--- a/gemfiles/modular/x_std_libs/r2.4/libs.gemfile
+++ b/gemfiles/modular/x_std_libs/r2.4/libs.gemfile
@@ -1,3 +1,3 @@
-eval_gemfile "../../erb/r2.6/v2.2.gemfile"
+eval_gemfile "../../erb/r2.4/v2.2.gemfile"
 eval_gemfile "../../mutex_m/r2.4/v0.1.gemfile"
 eval_gemfile "../../stringio/r2.4/v0.0.2.gemfile"
diff --git a/spec/ext/backports.rb b/spec/ext/backports.rb
index 21f76e1c..322d8f4d 100644
--- a/spec/ext/backports.rb
+++ b/spec/ext/backports.rb
@@ -1,3 +1,4 @@
 # frozen_string_literal: true
 
 require "backports/2.5.0/hash/transform_keys"
+require "backports/2.5.0/string/delete_prefix"

From 6c16e3d239372b5936664064647379f970071685 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 7 Sep 2025 23:10:13 -0600
Subject: [PATCH 555/645] =?UTF-8?q?=F0=9F=94=A5=20dep-heads=20workflow=20s?=
 =?UTF-8?q?upersedes=20current=5Fruntime=5Fheads?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/current-runtime-heads.yml | 87 ---------------------
 1 file changed, 87 deletions(-)
 delete mode 100644 .github/workflows/current-runtime-heads.yml

diff --git a/.github/workflows/current-runtime-heads.yml b/.github/workflows/current-runtime-heads.yml
deleted file mode 100644
index eb769656..00000000
--- a/.github/workflows/current-runtime-heads.yml
+++ /dev/null
@@ -1,87 +0,0 @@
-# Targets the evergreen latest release of ruby, truffleruby, and jruby
-#   and tests against the HEAD of runtime dependencies
-name: Runtime Deps @ HEAD
-
-permissions:
-  contents: read
-
-env:
-  K_SOUP_COV_DO: false
-
-on:
-  push:
-    branches:
-      - 'main'
-      - '*-stable'
-    tags:
-      - '!*' # Do not execute on tags
-  pull_request:
-    branches:
-      - '*'
-  # Allow manually triggering the workflow.
-  workflow_dispatch:
-
-# Cancels all previous workflow runs for the same branch that have not yet completed.
-concurrency:
-  # The concurrency group contains the workflow name and the branch name.
-  group: "${{ github.workflow }}-${{ github.ref }}"
-  cancel-in-progress: true
-
-jobs:
-  test:
-    name: Specs ${{ matrix.ruby }}@${{ matrix.appraisal }}
-    if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
-    runs-on: ubuntu-latest
-    continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
-    env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
-      BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile
-    strategy:
-      matrix:
-        include:
-          # Ruby 3.4
-          - ruby: "ruby"
-            appraisal: "current-runtime-heads"
-            exec_cmd: "rake test"
-            gemfile: "Appraisal.root"
-            rubygems: latest
-            bundler: latest
-
-          # truffleruby-24.1
-          #   (according to documentation: targets Ruby 3.3 compatibility)
-          #   (according to runtime: targets Ruby 3.2 compatibility)
-          - ruby: "truffleruby"
-            appraisal: "current-runtime-heads"
-            exec_cmd: "rake test"
-            gemfile: "Appraisal.root"
-            rubygems: default
-            bundler: default
-
-          # jruby-10.0 (targets Ruby 3.4 compatibility)
-          - ruby: "jruby"
-            appraisal: "current-runtime-heads"
-            exec_cmd: "rake test"
-            gemfile: "Appraisal.root"
-            rubygems: default
-            bundler: default
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-
-      - name: Setup Ruby & RubyGems
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: ${{ matrix.ruby }}
-          rubygems: ${{ matrix.rubygems }}
-          bundler: ${{ matrix.bundler }}
-          bundler-cache: false
-
-      # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root)
-      # We need to do this first to get appraisal installed.
-      # NOTE: This does not use the primary Gemfile at all.
-      - name: Install Root Appraisal
-        run: bundle
-      - name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}
-        run: bundle exec appraisal ${{ matrix.appraisal }} bundle
-      - name: Tests for ${{ matrix.ruby }}@${{ matrix.appraisal }} via ${{ matrix.exec_cmd }}
-        run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }}

From 2037b382e79eae974a67ebe96188e755e88fd3ad Mon Sep 17 00:00:00 2001
From: Mark James 
Date: Mon, 8 Sep 2025 15:56:52 +1000
Subject: [PATCH 556/645] Add verb-dependent token mode

---
 lib/oauth2/access_token.rb       | 14 ++++++++------
 spec/oauth2/access_token_spec.rb | 20 ++++++++++++++++++++
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb
index 57b95b10..e598d110 100644
--- a/lib/oauth2/access_token.rb
+++ b/lib/oauth2/access_token.rb
@@ -132,8 +132,9 @@ def no_tokens_warning(hash, key)
     # @option opts [FixNum, String] :expires_in (nil) the number of seconds in which the AccessToken will expire
     # @option opts [FixNum, String] :expires_at (nil) the epoch time in seconds in which AccessToken will expire
     # @option opts [FixNum, String] :expires_latency (nil) the number of seconds by which AccessToken validity will be reduced to offset latency, @version 2.0+
-    # @option opts [Symbol] :mode (:header) the transmission mode of the Access Token parameter value
-    #    one of :header, :body or :query
+    # @option opts [Symbol or callable] :mode (:header) the transmission mode of the Access Token parameter value:
+    #    either one of :header, :body or :query, or a callable that accepts a request-verb parameter
+    #    and returns one of these three symbols.
     # @option opts [String] :header_format ('Bearer %s') the string format to use for the Authorization header
     # @option opts [String] :param_name ('access_token') the parameter name to use for transmission of the
     #    Access Token value in :body or :query transmission mode
@@ -324,7 +325,7 @@ def to_hash
     #
     # @see OAuth2::Client#request
     def request(verb, path, opts = {}, &block)
-      configure_authentication!(opts)
+      configure_authentication!(opts, verb)
       @client.request(verb, path, opts, &block)
     end
 
@@ -370,8 +371,9 @@ def headers
 
   private
 
-    def configure_authentication!(opts)
-      case options[:mode]
+    def configure_authentication!(opts, verb)
+      mode = options[:mode].respond_to?(:call) ? options[:mode].call(verb) : options[:mode]
+      case mode
       when :header
         opts[:headers] ||= {}
         opts[:headers].merge!(headers)
@@ -389,7 +391,7 @@ def configure_authentication!(opts)
         end
         # @todo support for multi-part (file uploads)
       else
-        raise("invalid :mode option of #{options[:mode]}")
+        raise("invalid :mode option of #{mode}")
       end
     end
 
diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb
index 2c032e4d..3d81d263 100644
--- a/spec/oauth2/access_token_spec.rb
+++ b/spec/oauth2/access_token_spec.rb
@@ -411,6 +411,26 @@ def assert_initialized_token(target)
         end
       end
 
+      context "with verb-dependent mode" do
+        let(:mode) do
+          lambda do |verb|
+            case verb
+            when :get then :query
+            when :post, :delete then :header
+            when :put, :patch then :body
+            end
+          end
+        end
+
+        let(:options) { {mode:} }
+
+        VERBS.each do |verb|
+          it "correctly handles a #{verb.to_s.upcase}" do
+            expect(subject.__send__(verb, "/token/#{mode.call(verb)}").body).to include(token)
+          end
+        end
+      end
+
       context "with client.options[:raise_errors] = false" do
         let(:options) { {raise_errors: false} }
 

From 4c6907b7d4f395b99079d5d5bacdfc7223c48ed7 Mon Sep 17 00:00:00 2001
From: Mark James 
Date: Mon, 8 Sep 2025 16:26:42 +1000
Subject: [PATCH 557/645] Add hash value to spec to support ruby < 3.1

---
 spec/oauth2/access_token_spec.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb
index 3d81d263..c7649904 100644
--- a/spec/oauth2/access_token_spec.rb
+++ b/spec/oauth2/access_token_spec.rb
@@ -422,8 +422,8 @@ def assert_initialized_token(target)
           end
         end
 
-        let(:options) { {mode:} }
-
+        let(:options) { {mode: mode} }
+        
         VERBS.each do |verb|
           it "correctly handles a #{verb.to_s.upcase}" do
             expect(subject.__send__(verb, "/token/#{mode.call(verb)}").body).to include(token)

From 54aa517556467d0ae4d9747b3dd0c4cda9ce7867 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 8 Sep 2025 01:16:08 -0600
Subject: [PATCH 558/645] =?UTF-8?q?=F0=9F=93=9D=20CHANGELOG:=20upgrade=20t?=
 =?UTF-8?q?o=20kettle-dev=20v1.1.9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 252a3fba..ea006e64 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,86 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ## [Unreleased]
 ### Added
+- .env.local.example for contributor happiness
+- note lack of builds for JRuby 9.2, 9.3 & Truffleruby 22.3, 23.0
+  - [actions/runner - issues/2347][GHA-continue-on-error-ui]
+  - [community/discussions/15452][GHA-allow-failure]
+### Changed
+- [gh!669][gh!669] - Upgrade to kettle-dev v1.1.9
+### Deprecated
+### Removed
+### Fixed
+- Remove accidentally duplicated lines, and fix typos in CHANGELOG.md
+- point badge to the correct workflow for Ruby 2.3 (caboose.yml)
+### Security
+
+[gh!669]: https://github.com/ruby-oauth/oauth2/pull/669
+[GHA-continue-on-error-ui]: https://github.com/actions/runner/issues/2347
+[GHA-allow-failure]: https://github.com/orgs/community/discussions/15452
+
+## [2.0.14] - 2025-08-31
+- TAG: [v2.0.14][2.0.14t]
+- COVERAGE: 100.00% -- 519/519 lines in 14 files
+- BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files
+- 90.48% documented
+### Added
+- improved documentation by @pboling
+- [gh!665][gh!665] - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
+- [gh!666][gh!666] - Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling
+  - Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)
+- [gh!662][gh!662] - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, by @pboling
+  - PKCE required for auth code,
+  - exact redirect URI match,
+  - implicit/password grants omitted,
+  - avoid bearer tokens in query,
+  - refresh token guidance for public clients,
+  - simplified client definitions
+- [gh!663][gh!663] - document how to implement an OIDC client with this gem in OIDC.md by @pboling
+  - also, list libraries built on top of the oauth2 gem that implement OIDC
+- [gh!664][gh!664] - README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
+
+[gh!662]: https://github.com/ruby-oauth/oauth2/pull/662
+[gh!663]: https://github.com/ruby-oauth/oauth2/pull/663
+[gh!664]: https://github.com/ruby-oauth/oauth2/pull/664
+[gh!665]: https://github.com/ruby-oauth/oauth2/pull/665
+[gh!666]: https://github.com/ruby-oauth/oauth2/pull/666
+
+## [2.0.13] - 2025-08-30
+- TAG: [v2.0.13][2.0.13t]
+- COVERAGE: 100.00% -- 519/519 lines in 14 files
+- BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files
+- 90.48% documented
+### Added
+- [gh!656][gh!656] - Support revocation with URL-encoded parameters
+- [gh!660][gh!660] - Inline yard documentation by @pboling
+- [gh!660][gh!660] - Complete RBS types documentation by @pboling
+- [gh!660][gh!660]- (more) Comprehensive documentation / examples by @pboling
+- [gh!657][gh!657] - Updated documentation for org-rename by @pboling
+- More funding links by @Aboling0
+- Documentation: Added docs/OIDC.md with OIDC 1.0 overview, example, and references
+### Changed
+- Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
+- [gh!660][gh!660] - Shrink post-install message by 4 lines by @pboling
+### Fixed
+- [gh!660][gh!660] - Links in README (including link to HEAD documentation) by @pboling
+### Security
+
+[gh!660]: https://github.com/ruby-oauth/oauth2/pull/660
+[gh!657]: https://github.com/ruby-oauth/oauth2/pull/657
+[gh!656]: https://github.com/ruby-oauth/oauth2/pull/656
+
+## [2.0.12] - 2025-05-31
+- TAG: [v2.0.12][2.0.12t]
+- Line Coverage: 100.0% (520 / 520)
+- Branch Coverage: 100.0% (174 / 174)
+- 80.00% documented
+### Added
+- [gh!652][gh!652] - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
+    - Support JWT `kid` for key discovery and management
+- More Documentation by @pboling
+    - Documented Serialization Extensions
+    - Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
+- Documentation site @ https://oauth2.galtzo.com now complete
 ### Changed
 ### Deprecated
 ### Removed

From 6ca3ae770272a7837ecd95e3806bd85d59aba83f Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 8 Sep 2025 01:16:33 -0600
Subject: [PATCH 559/645] =?UTF-8?q?=F0=9F=93=9D=20DVCS=20complete?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index a04e1e2d..df9727ff 100644
--- a/README.md
+++ b/README.md
@@ -165,7 +165,7 @@ If you use a gem version of a core Ruby library it should work fine!
 ### Federated DVCS
 
 
                    
-  Find this repo on other forges (Coming soon!)
+  Find this repo on other forges
 
 | Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
 |-----------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|

From 8a2f84850e25600d058da2778af6b7b2cd6e538b Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 8 Sep 2025 01:25:22 -0600
Subject: [PATCH 560/645] =?UTF-8?q?=F0=9F=93=9D=20Complete=20Instagram=20e?=
 =?UTF-8?q?xample?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .rubocop_gradual.lock            | 10 ++--
 CHANGELOG.md                     |  3 ++
 README.md                        | 82 ++++++++++++++++++++++++++++++++
 spec/oauth2/access_token_spec.rb |  2 +-
 4 files changed, 91 insertions(+), 6 deletions(-)

diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index 9e7f646c..1ff2a0f8 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -6,7 +6,7 @@
   "lib/oauth2.rb:2435263975": [
     [73, 11, 7, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 651502127]
   ],
-  "lib/oauth2/access_token.rb:1775225572": [
+  "lib/oauth2/access_token.rb:3678262936": [
     [64, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513],
     [70, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513]
   ],
@@ -21,11 +21,11 @@
   "lib/oauth2/response.rb:2054901929": [
     [53, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427]
   ],
-  "spec/oauth2/access_token_spec.rb:1202129469": [
+  "spec/oauth2/access_token_spec.rb:373808463": [
     [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547],
-    [789, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088],
-    [859, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639],
-    [863, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967]
+    [809, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088],
+    [879, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639],
+    [883, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967]
   ],
   "spec/oauth2/authenticator_spec.rb:853320290": [
     [3, 1, 36, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/authenticator*_spec.rb`.", 819808017],
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ea006e64..802359b9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,8 @@ Please file a bug if you notice a violation of semantic versioning.
 - note lack of builds for JRuby 9.2, 9.3 & Truffleruby 22.3, 23.0
   - [actions/runner - issues/2347][GHA-continue-on-error-ui]
   - [community/discussions/15452][GHA-allow-failure]
+- [gh!670][gh!670] - AccessToken: verb-dependent token transmission mode by @mrj
+  - e.g., Instagram GET=:query, POST/DELETE=:header
 ### Changed
 - [gh!669][gh!669] - Upgrade to kettle-dev v1.1.9
 ### Deprecated
@@ -32,6 +34,7 @@ Please file a bug if you notice a violation of semantic versioning.
 ### Security
 
 [gh!669]: https://github.com/ruby-oauth/oauth2/pull/669
+[gh!670]: https://github.com/ruby-oauth/oauth2/pull/670
 [GHA-continue-on-error-ui]: https://github.com/actions/runner/issues/2347
 [GHA-allow-failure]: https://github.com/orgs/community/discussions/15452
 
diff --git a/README.md b/README.md
index df9727ff..b9b30a76 100644
--- a/README.md
+++ b/README.md
@@ -683,6 +683,18 @@ using various class methods including the standard new, `from_hash` (if you have
 a hash of the values), or `from_kvform` (if you have an
 `application/x-www-form-urlencoded` encoded string of the values).
 
+Options (since v2.0.x unless noted):
+- expires_latency (Integer | nil): Seconds to subtract from expires_in when computing #expired? to offset latency.
+- token_name (String | Symbol | nil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
+- mode (Symbol | Proc | Hash): Controls how the token is transmitted on requests made via this AccessToken instance.
+  - :header — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
+  - :query — Send as access_token query parameter (discouraged in general, but required by some providers).
+  - Verb-dependent (since v2.0.15): Provide either:
+    - a Proc taking |verb| and returning :header or :query, or
+    - a Hash with verb symbols as keys, for example: {get: :query, post: :header, delete: :header}.
+
+Note: Verb-dependent mode was added in v2.0.15 to support providers like Instagram that require query mode for GET and header mode for POST/DELETE.
+
 ### OAuth2::Error
 
 On 400+ status code responses, an `OAuth2::Error` will be raised.  If it is a
@@ -852,6 +864,76 @@ Notes:
 
 
                    
 
+### Instagram API (verb‑dependent token mode)
+
+Providers like Instagram require the access token to be sent differently depending on the HTTP verb:
+- GET requests: token must be in the query string (?access_token=...)
+- POST/DELETE requests: token must be in the Authorization header (Bearer ...)
+
+Since v2.0.15, you can configure an AccessToken with a verb‑dependent mode. The gem will choose how to send the token based on the request method.
+
+Example: exchanging and refreshing long‑lived Instagram tokens, and making API calls
+
+```ruby
+require "oauth2"
+
+# NOTE: Users authenticate via Facebook Login to obtain a short‑lived user token (not shown here).
+# See Facebook Login docs for obtaining the initial short‑lived token.
+
+client = OAuth2::Client.new(nil, nil, site: "https://graph.instagram.com/")
+
+# Start with a short‑lived token you already obtained via Facebook Login
+short_lived = OAuth2::AccessToken.new(
+  client,
+  ENV["IG_SHORT_LIVED_TOKEN"],
+  # Key part: verb‑dependent mode
+  mode: {get: :query, post: :header, delete: :header},
+)
+
+# 1) Exchange for a long‑lived token (Instagram requires GET with access_token in query)
+#    Endpoint: GET https://graph.instagram.com/access_token
+#    Params: grant_type=ig_exchange_token, client_secret=APP_SECRET
+exchange = short_lived.get(
+  "/access_token",
+  params: {
+    grant_type: "ig_exchange_token",
+    client_secret: ENV["IG_APP_SECRET"],
+    # access_token param will be added automatically by the AccessToken (mode => :query for GET)
+  },
+)
+long_lived_token_value = exchange.parsed["access_token"]
+
+long_lived = OAuth2::AccessToken.new(
+  client,
+  long_lived_token_value,
+  mode: {get: :query, post: :header, delete: :header},
+)
+
+# 2) Refresh the long‑lived token (Instagram uses GET with token in query)
+#    Endpoint: GET https://graph.instagram.com/refresh_access_token
+refresh_resp = long_lived.get(
+  "/refresh_access_token",
+  params: {grant_type: "ig_refresh_token"},
+)
+long_lived = OAuth2::AccessToken.new(
+  client,
+  refresh_resp.parsed["access_token"],
+  mode: {get: :query, post: :header, delete: :header},
+)
+
+# 3) Typical API GET request (token in query automatically)
+me = long_lived.get("/me", params: {fields: "id,username"}).parsed
+
+# 4) Example POST (token sent via Bearer header automatically)
+# Note: Replace the path/params with a real Instagram Graph API POST you need,
+# such as publishing media via the Graph API endpoints.
+# long_lived.post("/me/media", body: {image_url: "https://.../", caption: "hello"})
+```
+
+Tips:
+- Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
+- If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
+
 ### Refresh Tokens
 
 When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb
index c7649904..c23b7e35 100644
--- a/spec/oauth2/access_token_spec.rb
+++ b/spec/oauth2/access_token_spec.rb
@@ -423,7 +423,7 @@ def assert_initialized_token(target)
         end
 
         let(:options) { {mode: mode} }
-        
+
         VERBS.each do |verb|
           it "correctly handles a #{verb.to_s.upcase}" do
             expect(subject.__send__(verb, "/token/#{mode.call(verb)}").body).to include(token)

From 61ee99b06175b1eece695bda6f65e0d822e427f5 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 8 Sep 2025 01:29:23 -0600
Subject: [PATCH 561/645] =?UTF-8?q?=F0=9F=93=9D=20Restore=20remainder=20of?=
 =?UTF-8?q?=20accidentally=20overwritten=20CHANGELOG.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 533 +++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 514 insertions(+), 19 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 802359b9..47c1a7e8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -102,29 +102,524 @@ Please file a bug if you notice a violation of semantic versioning.
     - Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
 - Documentation site @ https://oauth2.galtzo.com now complete
 ### Changed
-### Deprecated
-### Removed
+- Updates to gemspec (email, funding url, post install message)
 ### Fixed
-### Security
+- Documentation Typos by @pboling
+
+
+[gh!652]: https://github.com/ruby-oauth/oauth2/pull/652
+
+## [2.0.11] - 2025-05-23
+- TAG: [v2.0.11][2.0.11t]
+- COVERAGE: 100.00% -- 518/518 lines in 14 files
+- BRANCH COVERAGE: 100.00% -- 172/172 branches in 14 files
+- 80.00% documented
+### Added
+- [gh!651](https://github.com/ruby-oauth/oauth2/pull/651) - `:snaky_hash_klass` option (@pboling)
+- More documentation
+- Codeberg as ethical mirror (@pboling)
+    - https://codeberg.org/ruby-oauth/oauth2
+- Don't check for cert if SKIP_GEM_SIGNING is set (@pboling)
+- All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling)
+- All runtime deps, including ruby-oauth sibling gems, are now tested against HEAD (@pboling)
+- YARD config, GFM compatible with relative file links (@pboling)
+- Documentation site on GitHub Pages (@pboling)
+    - [oauth2.galtzo.com](https://oauth2.galtzo.com)
+- [!649](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/649) - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
+- [gh!651](https://github.com/ruby-oauth/oauth2/pull/651) - Mock OAuth2 server for testing (@pboling)
+    - https://github.com/navikt/mock-oauth2-server
+### Changed
+- [gh!651](https://github.com/ruby-oauth/oauth2/pull/651) - Upgraded to snaky_hash v2.0.3 (@pboling)
+    - Provides solution for serialization issues
+- Updated `spec.homepage_uri` in gemspec to GitHub Pages YARD documentation site (@pboling)
+### Fixed
+- [gh!650](https://github.com/ruby-oauth/oauth2/pull/650) - Regression in return type of `OAuth2::Response#parsed` (@pboling)
+- Incorrect documentation related to silencing warnings (@pboling)
+
+## [2.0.10] - 2025-05-17
+- TAG: [v2.0.10][2.0.10t]
+- COVERAGE: 100.00% -- 518/518 lines in 14 files
+- BRANCH COVERAGE: 100.00% -- 170/170 branches in 14 files
+- 79.05% documented
+### Added
+- [gh!632](https://github.com/ruby-oauth/oauth2/pull/632) - Added `funding.yml` (@Aboling0)
+- [!635](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/635) - Added `.gitlab-ci.yml` (@jessieay)
+- [#638](https://gitlab.com/ruby-oauth/oauth2/-/issues/638) - Documentation of support for **ILO Fundamental Principles of Rights at Work** (@pboling)
+- [!642](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/642) - 20-year certificate for signing gem releases, expires 2045-04-29 (@pboling)
+    - Gemspec metadata
+        - funding_uri
+        - news_uri
+        - mailing_list_uri
+    - SHA256 and SHA512 Checksums for release
+- [!643](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/643) - Add `token_name` option (@pboling)
+    - Specify the parameter name that identifies the access token
+- [!645](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/645) - Add `OAuth2::OAUTH_DEBUG` constant, based on `ENV["OAUTH_DEBUG"] (@pboling)
+- [!646](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/646) - Add `OAuth2.config.silence_extra_tokens_warning`, default: false (@pboling)
+- [!647](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/647) - Add IETF RFC 7009 Token Revocation compliant (@pboling)
+    - `OAuth2::Client#revoke_token`
+    - `OAuth2::AccessToken#revoke`
+    - See: https://datatracker.ietf.org/doc/html/rfc7009
+- [gh!644](https://github.com/ruby-oauth/oauth2/pull/644), [gh!645](https://github.com/ruby-oauth/oauth2/pull/645) - Added CITATION.cff (@Aboling0)
+- [!648](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/648) - Improved documentation (@pboling)
+### Changed
+- Default value of `OAuth2.config.silence_extra_tokens_warning` was `false`, now `true` (@pboling)
+- Gem releases are now cryptographically signed, with a 20-year cert (@pboling)
+    - Allow linux distros to build release without signing, as their package managers sign independently
+- [!647](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/647) - `OAuth2::AccessToken#refresh` now supports block param pass through (@pboling)
+- [!647](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/647) - `OAuth2.config` is no longer writable (@pboling)
+- [!647](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/647) - Errors raised by `OAuth2::AccessToken` are now always `OAuth2::Error` and have better metadata (@pboling)
+### Fixed
+- [#95](https://gitlab.com/ruby-oauth/oauth2/-/issues/95) - restoring an access token via `AccessToken#from_hash` (@pboling)
+    - This was a 13 year old bug report. 😘
+- [#619](https://gitlab.com/ruby-oauth/oauth2/-/issues/619) - Internal options (like `snaky`, `raise_errors`, and `parse`) are no longer included in request (@pboling)
+- [!633](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/633) - Spaces will now be encoded as `%20` instead of `+` (@nov.matake)
+- [!634](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/634) - `CHANGELOG.md` documentation fix (@skuwa229)
+- [!638](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/638) - fix `expired?` when `expires_in` is `0` (@disep)
+- [!639](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/639) - Only instantiate `OAuth2::Error` if `raise_errors` option is `true` (@glytch2)
+- [#639](https://gitlab.com/ruby-oauth/oauth2/-/issues/639) - `AccessToken#to_hash` is now serializable, just a regular Hash (@pboling)
+- [!640](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/640) - `README.md` documentation fix (@martinezcoder)
+- [!641](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/641) - Do not include sensitive information in the `inspect` (@manuelvanrijn)
+- [#641](https://gitlab.com/ruby-oauth/oauth2/-/issues/641) - Made default JSON response parser more resilient (@pboling)
+- [#645](https://gitlab.com/ruby-oauth/oauth2/-/issues/645) - Response no longer becomes a snaky hash (@pboling)
+- [gh!646](https://github.com/ruby-oauth/oauth2/pull/646) - Change `require` to `require_relative` (improve performance) (@Aboling0)
+
+## [2.0.9] - 2022-09-16
+- TAG: [v2.0.9][2.0.9t]
+### Added
+- More specs (@pboling)
+### Changed
+- Complete migration to main branch as default (@pboling)
+- Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
+
+## [2.0.8] - 2022-09-01
+- TAG: [v2.0.8][2.0.8t]
+### Changed
+- [!630](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/630) - Extract snaky_hash to external dependency (@pboling)
+### Added
+- [!631](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/631) - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes [#628](https://gitlab.com/ruby-oauth/oauth2/-/issues/628)
 
-## [1.0.1] - 2025-08-24
-- TAG: [v1.0.1][1.0.1t]
-- COVERAGE: 100.00% -- 130/130 lines in 7 files
-- BRANCH COVERAGE: 96.00% -- 48/50 branches in 7 files
-- 100% documented
+## [2.0.7] - 2022-08-22
+- TAG: [v2.0.7][2.0.7t]
+### Added
+- [!629](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/629) - Allow POST of JSON to get token (@pboling, @terracatta)
+### Fixed
+- [!626](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
+    - Note: This fixes compatibility with `omniauth-oauth2` and AWS
+- [!625](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/625) - Fixes the printed version in the post install message (@hasghari)
+
+## [2.0.6] - 2022-07-13
+- TAG: [v2.0.6][2.0.6t]
+### Fixed
+- [!624](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/624) - Fixes a [regression](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
+
+## [2.0.5] - 2022-07-07
+- TAG: [v2.0.5][2.0.5t]
+### Fixed
+- [!620](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/620) - Documentation improvements, to help with upgrading (@swanson)
+- [!621](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/621) - Fixed [#528](https://gitlab.com/ruby-oauth/oauth2/-/issues/528) and [#619](https://gitlab.com/ruby-oauth/oauth2/-/issues/619) (@pboling)
+    - All data in responses is now returned, with the access token removed and set as `token`
+        - `refresh_token` is no longer dropped
+        - **BREAKING**: Microsoft's `id_token` is no longer left as `access_token['id_token']`, but moved to the standard `access_token.token` that all other strategies use
+    - Remove `parse` and `snaky` from options so they don't get included in response
+    - There is now 100% test coverage, for lines _and_ branches, and it will stay that way.
+
+## [2.0.4] - 2022-07-01
+- TAG: [v2.0.4][2.0.4t]
+### Fixed
+- [!618](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/618) - In some scenarios the `snaky` option default value was not applied (@pboling)
+
+## [2.0.3] - 2022-06-28
+- TAG: [v2.0.3][2.0.3t]
+### Added
+- [!611](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling)
+- [!612](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling)
 ### Fixed
-- bugfix: oopsie
+- [!608](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler)
+- [!615](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling)
+
+## [2.0.2] - 2022-06-24
+- TAG: [v2.0.2][2.0.2t]
+### Fixed
+- [!604](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu)
+- [!606](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu)
+- [!607](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan)
+
+## [2.0.1] - 2022-06-22
+- TAG: [v2.0.1][2.0.1t]
+### Added
+- Documentation improvements (@pboling)
+- Increased test coverage to 99% (@pboling)
+
+## [2.0.0] - 2022-06-21
+- TAG: [v2.0.0][2.0.0t]
+### Added
+- [!158](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/158), [!344](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/344) - Optionally pass raw response to parsers (@niels)
+- [!190](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/190), [!332](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/332), [!334](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/334), [!335](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/335), [!360](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/360), [!426](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/426), [!427](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/427), [!461](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
+- [!220](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
+- [!298](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig)
+- [!305](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/305) - Option: `OAuth2::Client#get_token` - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` (@styd)
+- [!346](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/571) - Modern gem structure (@pboling)
+- [!351](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/351) - Support Jruby 9k (@pboling)
+- [!362](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/362) - Support SemVer release version scheme (@pboling)
+- [!363](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/363) - New method `OAuth2::AccessToken#refresh!` same as old `refresh`, with backwards compatibility alias (@pboling)
+- [!364](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/364) - Support `application/hal+json` format (@pboling)
+- [!365](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/365) - Support `application/vnd.collection+json` format (@pboling)
+- [!376](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/376) - _Documentation_: Example / Test for Google 2-legged JWT (@jhmoore)
+- [!381](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/381) - Spec for extra header params on client credentials (@nikz)
+- [!394](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/394) - Option: `OAuth2::AccessToken#initialize` - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx)
+- [!412](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/412) - Support `application/vdn.api+json` format (from jsonapi.org) (@david-christensen)
+- [!413](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/413) - _Documentation_: License scan and report (@meganemura)
+- [!442](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound)
+- [!494](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork)
+- [!549](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionError` (@nikkypx)
+- [!550](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/550) - Raise error if location header not present when redirecting (@stanhu)
+- [!552](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/552) - Add missing `version.rb` require (@ahorek)
+- [!553](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/553) - Support `application/problem+json` format (@janz93)
+- [!560](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk)
+- [!571](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/571) - Support Ruby 3.1 (@pboling)
+- [!575](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
+- [!581](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/581) - _Documentation_: of breaking changes (@pboling)
+### Changed
+- [!191](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens)
+- [!312](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
+- [!317](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth)
+- [!338](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/338) - _Dependency_: Switch from `Rack::Utils.escape` to `CGI.escape` (@josephpage)
+- [!339](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/339), [!368](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/368), [!424](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/424), [!479](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/479), [!493](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/493), [!539](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/539), [!542](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/542), [!553](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek)
+- [!410](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore)
+- [!414](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
+- [!469](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost)
+- [!469](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/469) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost)
+- [!507](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/507), [!575](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/575) - **BREAKING**: Transform keys to snake case, always, by default (ultimately via `rash_alt` gem)
+    - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
+    - However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be snake case.
+    - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
+- [!576](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/576) - **BREAKING**: Stop rescuing parsing errors (@pboling)
+- [!591](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated
+### Fixed
+- [!158](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/158), [!344](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/344) - Handling of errors when using `omniauth-facebook` (@niels)
+- [!294](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom)
+- [!300](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare)
+- [!318](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/318), [!326](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/326), [!343](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/343), [!347](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/347), [!397](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/397), [!464](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/464), [!561](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/561), [!565](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/565) - _Dependency_: Support all versions of `faraday` (see [gemfiles/README.md][gemfiles/readme] for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother)
+- [!322](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/322), [!331](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/331), [!337](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/337), [!361](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/361), [!371](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/371), [!377](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/377), [!383](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/383), [!392](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/392), [!395](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/395), [!400](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/400), [!401](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/401), [!403](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/403), [!415](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/415), [!567](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/567) - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator)
+- [!328](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/328) - _Documentation_: Homepage URL is SSL (@amatsuda)
+- [!339](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/339), [!479](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/479) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage)
+- [!366](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/366) - **Security**: Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling)
+- [!380](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/380) - Fix: Stop attempting to encode non-encodable objects in `Oauth2::Error` (@jhmoore)
+- [!399](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/399) - Fix: Stop duplicating `redirect_uri` in `get_token` (@markus)
+- [!410](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/410) - Fix: `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore)
+- [!460](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/460) - Fix: Stop throwing errors when `raise_errors` is set to `false`; analog of [!524](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/524) for `1-4-stable` branch (@joaolrpaulo)
+- [!472](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler)
+- [!482](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/482) - _Documentation_: Update last of `intridea` links to `ruby-oauth` (@pboling)
+- [!536](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [!535](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/535) on `1-4-stable` branch (@pboling)
+- [!595](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/595) - Graceful handling of empty responses from `Client#get_token`, respecting `:raise_errors` config (@stanhu)
+- [!596](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu)
+- [!598](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu)
+### Removed
+- [!341](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/341) - Remove Rdoc & Jeweler related files (@josephpage)
+- [!342](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage)
+- [!539](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/539) - Remove reliance on globally included OAuth2 in tests, analog of [!538](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/538) for 1-4-stable (@anderscarling)
+- [!566](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/566) - _Dependency_: Removed `wwtd` (@bquorning)
+- [!589](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/589), [!593](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/593) - Remove support for expired MAC token draft spec (@stanhu)
+- [!590](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/590) - _Dependency_: Removed `multi_json` (@stanhu)
+
+## [1.4.11] - 2022-09-16
+- TAG: [v1.4.11][1.4.11t]
+- Complete migration to main branch as default (@pboling)
+- Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
 
-## [1.0.0] - 2025-08-24
+## [1.4.10] - 2022-07-01
+- TAG: [v1.4.10][1.4.10t]
+- FIPS Compatibility [!587](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/587) (@akostadinov)
+
+## [1.4.9] - 2022-02-20
+- TAG: [v1.4.9][1.4.9t]
+- Fixes compatibility with Faraday v2 [572](https://gitlab.com/ruby-oauth/oauth2/-/issues/572)
+- Includes supported versions of Faraday in test matrix:
+    - Faraday ~> 2.2.0 with Ruby >= 2.6
+    - Faraday ~> 1.10 with Ruby >= 2.4
+    - Faraday ~> 0.17.3 with Ruby >= 1.9
+- Add Windows and MacOS to test matrix
+
+## [1.4.8] - 2022-02-18
+- TAG: [v1.4.8][1.4.8t]
+- MFA is now required to push new gem versions (@pboling)
+- README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling)
+- [!569](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/569) Backport fixes ([!561](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
+- Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
+- Add CodeQL, Security Policy, Funding info (@pboling)
+- Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
+- [!543](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/543) - Support for more modern Open SSL libraries (@pboling)
+
+## [1.4.7] - 2021-03-19
+- TAG: [v1.4.7][1.4.7t]
+- [!541](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/541) - Backport fix to expires_at handling [!533](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/533) to 1-4-stable branch. (@dobon)
+
+## [1.4.6] - 2021-03-19
+- TAG: [v1.4.6][1.4.6t]
+- [!540](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/540) - Add VERSION constant (@pboling)
+- [!537](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/537) - Fix crash in OAuth2::Client#get_token (@anderscarling)
+- [!538](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/538) - Remove reliance on globally included OAuth2 in tests, analogous to [!539](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/539) on main branch (@anderscarling)
+
+## [1.4.5] - 2021-03-18
+- TAG: [v1.4.5][1.4.5t]
+- [!535](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [!536](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/536) on main branch (@pboling)
+- [!518](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer)
+- [!507](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/507) - Fix camel case content type, response keys (@anvox)
+- [!500](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/500) - Fix YARD documentation formatting (@olleolleolle)
+
+## [1.4.4] - 2020-02-12
+- TAG: [v1.4.4][1.4.4t]
+- [!408](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/408) - Fixed expires_at for formatted time (@Lomey)
+
+## [1.4.3] - 2020-01-29
+- TAG: [v1.4.3][1.4.3t]
+- [!483](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/483) - add project metadata to gemspec (@orien)
+- [!495](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
+    - Adds support for private_key_jwt and tls_client_auth
+- [!433](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/433) - allow field names with square brackets and numbers in params (@asm256)
+
+## [1.4.2] - 2019-10-01
+- TAG: [v1.4.2][1.4.2t]
+- [!478](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/478) - support latest version of faraday & fix build (@pboling)
+    - Officially support Ruby 2.6 and truffleruby
+
+## [1.4.1] - 2018-10-13
+- TAG: [v1.4.1][1.4.1t]
+- [!417](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/417) - update jwt dependency (@thewoolleyman)
+- [!419](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/419) - remove rubocop dependency (temporary, added back in [!423](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/423)) (@pboling)
+- [!418](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/418) - update faraday dependency (@pboling)
+- [!420](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/420) - update [oauth2.gemspec](https://gitlab.com/ruby-oauth/oauth2/-/blob/1-4-stable/oauth2.gemspec) (@pboling)
+- [!421](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/421) - fix [CHANGELOG.md](https://gitlab.com/ruby-oauth/oauth2/-/blob/1-4-stable/CHANGELOG.md) for previous releases (@pboling)
+- [!422](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/422) - update [LICENSE](https://gitlab.com/ruby-oauth/oauth2/-/blob/1-4-stable/LICENSE) and [README.md](https://gitlab.com/ruby-oauth/oauth2/-/blob/1-4-stable/README.md) (@pboling)
+- [!423](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/423) - update [builds](https://travis-ci.org/ruby-oauth/oauth2/builds), [Rakefile](https://gitlab.com/ruby-oauth/oauth2/-/blob/1-4-stable/Rakefile) (@pboling)
+    - officially document supported Rubies
+        * Ruby 1.9.3
+        * Ruby 2.0.0
+        * Ruby 2.1
+        * Ruby 2.2
+        * [JRuby 1.7][jruby-1.7] (targets MRI v1.9)
+        * [JRuby 9.0][jruby-9.0] (targets MRI v2.0)
+        * Ruby 2.3
+        * Ruby 2.4
+        * Ruby 2.5
+        * [JRuby 9.1][jruby-9.1] (targets MRI v2.3)
+        * [JRuby 9.2][jruby-9.2] (targets MRI v2.5)
+
+[jruby-1.7]: https://www.jruby.org/2017/05/11/jruby-1-7-27.html
+[jruby-9.0]: https://www.jruby.org/2016/01/26/jruby-9-0-5-0.html
+[jruby-9.1]: https://www.jruby.org/2017/05/16/jruby-9-1-9-0.html
+[jruby-9.2]: https://www.jruby.org/2018/05/24/jruby-9-2-0-0.html
+
+## [1.4.0] - 2017-06-09
+- TAG: [v1.4.0][1.4.0t]
+- Drop Ruby 1.8.7 support (@sferik)
+- Fix some RuboCop offenses (@sferik)
+- _Dependency_: Remove Yardstick (@sferik)
+- _Dependency_: Upgrade Faraday to 0.12 (@sferik)
+
+## [1.3.1] - 2017-03-03
+- TAG: [v1.3.1][1.3.1t]
+- Add support for Ruby 2.4.0 (@pschambacher)
+- _Dependency_: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher)
+
+## [1.3.0] - 2016-12-28
+- TAG: [v1.3.0][1.3.0t]
+- Add support for header-based authentication to the `Client` so it can be used across the library (@bjeanes)
+- Default to header-based authentication when getting a token from an authorisation code (@maletor)
+- **Breaking**: Allow an `auth_scheme` (`:basic_auth` or `:request_body`) to be set on the client, defaulting to `:request_body` to maintain backwards compatibility (@maletor, @bjeanes)
+- Handle `redirect_uri` according to the OAuth 2 spec, so it is passed on redirect and at the point of token exchange (@bjeanes)
+- Refactor handling of encoding of error responses (@urkle)
+- Avoid instantiating an `Error` if there is no error to raise (@urkle)
+- Add support for Faraday 0.10 (@rhymes)
+
+## [1.2.0] - 2016-07-01
+- TAG: [v1.2.0][1.2.0t]
+- Properly handle encoding of error responses (so we don't blow up, for example, when Google's response includes a ∞) (@Motoshi-Nishihira)
+- Make a copy of the options hash in `AccessToken#from_hash` to avoid accidental mutations (@Linuus)
+- Use `raise` rather than `fail` to throw exceptions (@sferik)
+
+## [1.1.0] - 2016-01-30
+- TAG: [v1.1.0][1.1.0t]
+- Various refactors (eliminating `Hash#merge!` usage in `AccessToken#refresh!`, use `yield` instead of `#call`, freezing mutable objects in constants, replacing constants with class variables) (@sferik)
+- Add support for Rack 2, and bump various other dependencies (@sferik)
+
+## [1.0.0] - 2014-07-09
 - TAG: [v1.0.0][1.0.0t]
-- COVERAGE: 100.00% -- 130/130 lines in 7 files
-- BRANCH COVERAGE: 96.00% -- 48/50 branches in 7 files
-- 100% documented
 ### Added
-- Initial release
+- Add an implementation of the MAC token spec.
+### Fixed
+- Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
+
+## [0.5.0] - 2011-07-29
+- TAG: [v0.5.0][0.5.0t]
+### Changed
+- *breaking* `oauth_token` renamed to `oauth_bearer`.
+- *breaking* `authorize_path` Client option renamed to `authorize_url`.
+- *breaking* `access_token_path` Client option renamed to `token_url`.
+- *breaking* `access_token_method` Client option renamed to `token_method`.
+- *breaking* `web_server` renamed to `auth_code`.
+
+## [0.4.1] - 2011-04-20
+- TAG: [v0.4.1][0.4.1t]
+
+## [0.4.0] - 2011-04-20
+- TAG: [v0.4.0][0.4.0t]
+
+## [0.3.0] - 2011-04-08
+- TAG: [v0.3.0][0.3.0t]
+
+## [0.2.0] - 2011-04-01
+- TAG: [v0.2.0][0.2.0t]
+
+## [0.1.1] - 2011-01-12
+- TAG: [v0.1.1][0.1.1t]
+
+## [0.1.0] - 2010-10-13
+- TAG: [v0.1.0][0.1.0t]
+
+## [0.0.13] - 2010-08-17
+- TAG: [v0.0.13][0.0.13t]
+
+## [0.0.12] - 2010-08-17
+- TAG: [v0.0.12][0.0.12t]
+
+## [0.0.11] - 2010-08-17
+- TAG: [v0.0.11][0.0.11t]
+
+## [0.0.10] - 2010-06-19
+- TAG: [v0.0.10][0.0.10t]
+
+## [0.0.9] - 2010-06-18
+- TAG: [v0.0.9][0.0.9t]
+
+## [0.0.8] - 2010-04-27
+- TAG: [v0.0.8][0.0.8t]
+
+## [0.0.7] - 2010-04-27
+- TAG: [v0.0.7][0.0.7t]
+
+## [0.0.6] - 2010-04-25
+- TAG: [v0.0.6][0.0.6t]
+
+## [0.0.5] - 2010-04-23
+- TAG: [v0.0.5][0.0.5t]
+
+## [0.0.4] - 2010-04-22
+- TAG: [v0.0.4][0.0.4t]
+
+## [0.0.3] - 2010-04-22
+- TAG: [v0.0.3][0.0.3t]
+
+## [0.0.2] - 2010-04-22
+- TAG: [v0.0.2][0.0.2t]
+
+## [0.0.1] - 2010-04-22
+- TAG: [v0.0.1][0.0.1t]
+
+[gemfiles/readme]: gemfiles/README.md
 
-[Unreleased]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.0.0...HEAD
-[1.0.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/a427c302df09cfe4253a7c8d400333f9a4c1a208...v1.0.0
-[1.0.0t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.0.0
-[1.0.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.0.0...v1.0.1
-[1.0.1t]: https://gitlab.com/ruby-oauth/oauth2/-/tags/v1.0.1
+[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.14...HEAD
+[2.0.14]: https://github.com/ruby-oauth/oauth2/compare/v2.0.13...v2.0.14
+[2.0.14t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.14
+[2.0.13]: https://github.com/ruby-oauth/oauth2/compare/v2.0.12...v2.0.13
+[2.0.13t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.13
+[2.0.12]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.11...v2.0.12
+[2.0.12t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.12
+[2.0.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.10...v2.0.11
+[2.0.11t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.11
+[2.0.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.9...v2.0.10
+[2.0.10t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.10
+[2.0.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.8...v2.0.9
+[2.0.9t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.9
+[2.0.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.7...v2.0.8
+[2.0.8t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.8
+[2.0.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.6...v2.0.7
+[2.0.7t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.7
+[2.0.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.5...v2.0.6
+[2.0.6t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.6
+[2.0.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.4...v2.0.5
+[2.0.5t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.5
+[2.0.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.3...v2.0.4
+[2.0.4t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.4
+[2.0.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.2...v2.0.3
+[2.0.3t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.3
+[2.0.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.1...v2.0.2
+[2.0.2t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.2
+[2.0.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.0...v2.0.1
+[2.0.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.1
+[2.0.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.11...v2.0.0
+[2.0.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.0
+[1.4.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.10...v1.4.11
+[1.4.11t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.11
+[1.4.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.9...v1.4.10
+[1.4.10t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.10
+[1.4.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.8...v1.4.9
+[1.4.9t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.9
+[1.4.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.7...v1.4.8
+[1.4.8t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.8
+[1.4.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.6...v1.4.7
+[1.4.7t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.7
+[1.4.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.5...v1.4.6
+[1.4.6t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.6
+[1.4.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.4...v1.4.5
+[1.4.5t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.5
+[1.4.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.3...v1.4.4
+[1.4.4t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.4
+[1.4.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.2...v1.4.3
+[1.4.3t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.3
+[1.4.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.1...v1.4.2
+[1.4.2t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.2
+[1.4.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.0...v1.4.1
+[1.4.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.1
+[1.4.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.3.1...v1.4.0
+[1.4.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.0
+[1.3.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.3.0...v1.3.1
+[1.3.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.3.1
+[1.3.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.2.0...v1.3.0
+[1.3.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.3.0
+[1.2.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.1.0...v1.2.0
+[1.2.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.2.0
+[1.1.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.0.0...v1.1.0
+[1.1.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.1.0
+[1.0.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.9.4...v1.0.0
+[1.0.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.0.0
+[0.5.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.4.1...v0.5.0
+[0.5.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.5.0
+[0.4.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.4.0...v0.4.1
+[0.4.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.4.1
+[0.4.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.3.0...v0.4.0
+[0.4.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.4.0
+[0.3.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.2.0...v0.3.0
+[0.3.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.3.0
+[0.2.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.1.1...v0.2.0
+[0.2.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.2.0
+[0.1.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.1.0...v0.1.1
+[0.1.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.1.1
+[0.1.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.13...v0.1.0
+[0.1.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.1.0
+[0.0.13]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.12...v0.0.13
+[0.0.13t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.13
+[0.0.12]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.11...v0.0.12
+[0.0.12t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.12
+[0.0.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.10...v0.0.11
+[0.0.11t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.11
+[0.0.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.9...v0.0.10
+[0.0.10t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.10
+[0.0.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.8...v0.0.9
+[0.0.9t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.9
+[0.0.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.7...v0.0.8
+[0.0.8t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.8
+[0.0.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.6...v0.0.7
+[0.0.7t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.7
+[0.0.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.5...v0.0.6
+[0.0.6t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.6
+[0.0.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.4...v0.0.5
+[0.0.5t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.5
+[0.0.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.3...v0.0.4
+[0.0.4t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.4
+[0.0.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.2...v0.0.3
+[0.0.3t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.3
+[0.0.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.1...v0.0.2
+[0.0.2t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.2
+[0.0.1]: https://github.com/ruby-oauth/oauth2/compare/311d9f4...v0.0.1
+[0.0.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.1

From 53e53c0d0e5b453983d2ac0f05ceddc20d5be4f0 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 8 Sep 2025 01:39:36 -0600
Subject: [PATCH 562/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20CHANGELOG.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 47c1a7e8..a52a91f3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ## [Unreleased]
 ### Added
+- [gh!671][gh!671] - Complete documentation example for Instagram by @pboling
 - .env.local.example for contributor happiness
 - note lack of builds for JRuby 9.2, 9.3 & Truffleruby 22.3, 23.0
   - [actions/runner - issues/2347][GHA-continue-on-error-ui]
@@ -25,7 +26,7 @@ Please file a bug if you notice a violation of semantic versioning.
 - [gh!670][gh!670] - AccessToken: verb-dependent token transmission mode by @mrj
   - e.g., Instagram GET=:query, POST/DELETE=:header
 ### Changed
-- [gh!669][gh!669] - Upgrade to kettle-dev v1.1.9
+- [gh!669][gh!669] - Upgrade to kettle-dev v1.1.9 by @pboling
 ### Deprecated
 ### Removed
 ### Fixed
@@ -35,6 +36,7 @@ Please file a bug if you notice a violation of semantic versioning.
 
 [gh!669]: https://github.com/ruby-oauth/oauth2/pull/669
 [gh!670]: https://github.com/ruby-oauth/oauth2/pull/670
+[gh!671]: https://github.com/ruby-oauth/oauth2/pull/671
 [GHA-continue-on-error-ui]: https://github.com/actions/runner/issues/2347
 [GHA-allow-failure]: https://github.com/orgs/community/discussions/15452
 

From 9112baa9787e8c2ddcdd2e863656d8f0c0a5cfc3 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 8 Sep 2025 01:49:16 -0600
Subject: [PATCH 563/645] =?UTF-8?q?=E2=9C=85=20Add=20test=20for=20invalid?=
 =?UTF-8?q?=20mode=20via=20callable?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .rubocop_gradual.lock            |  8 ++++----
 spec/oauth2/access_token_spec.rb | 15 +++++++++++++++
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index 1ff2a0f8..6bf6e50c 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -21,11 +21,11 @@
   "lib/oauth2/response.rb:2054901929": [
     [53, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427]
   ],
-  "spec/oauth2/access_token_spec.rb:373808463": [
+  "spec/oauth2/access_token_spec.rb:3464059918": [
     [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547],
-    [809, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088],
-    [879, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639],
-    [883, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967]
+    [824, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088],
+    [894, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639],
+    [898, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967]
   ],
   "spec/oauth2/authenticator_spec.rb:853320290": [
     [3, 1, 36, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/authenticator*_spec.rb`.", 819808017],
diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb
index c23b7e35..2234b2cd 100644
--- a/spec/oauth2/access_token_spec.rb
+++ b/spec/oauth2/access_token_spec.rb
@@ -429,6 +429,21 @@ def assert_initialized_token(target)
             expect(subject.__send__(verb, "/token/#{mode.call(verb)}").body).to include(token)
           end
         end
+
+        context "when invalid" do
+          subject(:invalid_target) { target.__send__(http_verb, "/token/#{mode.call(http_verb)}") }
+
+          let(:http_verb) { :get }
+          let(:mode) do
+            lambda do |_verb|
+              "foobar"
+            end
+          end
+
+          it "correctly handles an invalid mode by raising an error" do
+            block_is_expected.to raise_error("invalid :mode option of foobar")
+          end
+        end
       end
 
       context "with client.options[:raise_errors] = false" do

From 4a13c92ed38b61c4d6c04921a0631d551381f98f Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 8 Sep 2025 01:52:12 -0600
Subject: [PATCH 564/645] =?UTF-8?q?=F0=9F=94=A5=20Remove=20codecov=20(agai?=
 =?UTF-8?q?n)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- https://github.com/codecov/engineering-team/issues/3594
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b9b30a76..d69fc2f5 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@
 
 ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
 
-[![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🔑codecovi]][🔑codecov] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL]
+[![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL]
 
 If ☝️ `ci_badges.map(&:color).detect { it != "green"}`  [let me know][🖼️galtzo-discord], as I may have missed the [discord notification][🖼️galtzo-discord].
 

From 6bb185bc93b90163610fa40705981b58aaf24910 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 8 Sep 2025 02:04:29 -0600
Subject: [PATCH 565/645] =?UTF-8?q?=F0=9F=94=A5=20Remove=20codecov=20(agai?=
 =?UTF-8?q?n)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- https://github.com/codecov/engineering-team/issues/3594
---
 README.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/README.md b/README.md
index d69fc2f5..3eca1004 100644
--- a/README.md
+++ b/README.md
@@ -1262,8 +1262,6 @@ See [CONTRIBUTING.md][🤝contributing].
 
 ### Code Coverage
 
-[![Coverage Graph][🔑codecov-g]][🔑codecov]
-
 [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]
 
 [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov]

From fdd67ca2f59f273c46ffe53a72e4c829b74673d1 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 8 Sep 2025 02:06:03 -0600
Subject: [PATCH 566/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20internal=20l?=
 =?UTF-8?q?ink?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3eca1004..6c663c58 100644
--- a/README.md
+++ b/README.md
@@ -143,7 +143,7 @@ covering the latest patch for each of the following minor versions:
 - You should upgrade the dependencies of this gem with confidence\*.
 - Please do upgrade, and then, when it goes smooth as butter [please sponsor me][🖇sponsor].  Thanks!
 
-[sv-pub-api]: #-is-platform-support-part-of-the-public-api
+[sv-pub-api]: #-versioning
 
 \* MIT license; The only guarantees I make are for [enterprise support](#enterprise-support).
 

From 190cfd05807e24d199642b372cbd663f8763c162 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 8 Sep 2025 02:12:08 -0600
Subject: [PATCH 567/645] =?UTF-8?q?=F0=9F=93=9D=20Improve=20documentation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 6c663c58..e3256c73 100644
--- a/README.md
+++ b/README.md
@@ -13,11 +13,11 @@
 
 [![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL]
 
-If ☝️ `ci_badges.map(&:color).detect { it != "green"}`  [let me know][🖼️galtzo-discord], as I may have missed the [discord notification][🖼️galtzo-discord].
+`if ci_badges.map(&:color).detect { it != "green"}` ☝️ [let me know][🖼️galtzo-discord], as I may have missed the [discord notification][🖼️galtzo-discord].
 
 ---
 
-OTOH, if `ci_badges.map(&:color).all? { it == "green"}` 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
+`if ci_badges.map(&:color).all? { it == "green"}` 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
 
 [![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
 
@@ -128,10 +128,10 @@ leading versions per each minor version of Ruby of all the runtime dependencies
 
 What does that mean specifically for the runtime dependencies?
 
-We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
-covering the latest patch for each of the following minor versions:
+We have 100% test coverage of lines and branches, and this test suite runs across a very large matrix.
+It wouldn't be possible without appraisal2.
 
-| 🚚 _Amazing_ test matrix was brought to you by | 🔎 appraisal2 🔎                                       |
+| 🚚 _Amazing_ test matrix was brought to you by | 🔎 appraisal2 🔎 and the color 💚 green 💚             |
 |------------------------------------------------|--------------------------------------------------------|
 | 👟 Check it out!                               | ✨ [github.com/appraisal-rb/appraisal2][💎appraisal2] ✨ |
 
@@ -1366,7 +1366,7 @@ To join the community or get help 👇️ Join the Discord.
 
 [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite]
 
-To say "thanks for maintaining such a great tool" ☝️ Join the Discord or 👇️ send money.
+To say "thanks!" ☝️ Join the Discord or 👇️ send money.
 
 [![Sponsor ruby-oauth/oauth2 on Open Source Collective][🖇osc-all-bottom-img]][🖇osc] 💌 [![Sponsor me on GitHub Sponsors][🖇sponsor-bottom-img]][🖇sponsor] 💌 [![Sponsor me on Liberapay][⛳liberapay-bottom-img]][⛳liberapay-img] 💌 [![Donate on PayPal][🖇paypal-bottom-img]][🖇paypal-img]
 

From 9f037785206db3ed34269f01f8efaf3020bf05e0 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 8 Sep 2025 02:20:17 -0600
Subject: [PATCH 568/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20post=5Finstall?=
 =?UTF-8?q?=5Fmessage?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 oauth2.gemspec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/oauth2.gemspec b/oauth2.gemspec
index 58fb10c1..9861f294 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -50,7 +50,7 @@ Gem::Specification.new do |spec|
 
 (minor) ⚠️ BREAKING CHANGES ⚠️ when upgrading from < v2
 • Summary of breaking changes: #{gl_homepage}#what-is-new-for-v20
-• Changes in this patch: #{gl_homepage}/-/blob/v#{spec.version}/CHANGELOG.md#200-2022-06-21-tag
+• Changes in this patch: #{gl_homepage}/-/blob/v#{gem_version}/CHANGELOG.md#2015-2025-09-08
 
 News:
 1. New documentation website, including for OAuth 2.1 and OIDC: https://oauth2.galtzo.com
@@ -58,7 +58,7 @@ News:
 3. New org name "ruby-oauth" on Open Source Collective, GitHub, GitLab, Codeberg (update git remotes!)
 4. Non-commercial support for the 2.x series will end by April, 2026. Please make a plan to upgrade to the next version prior to that date.
 Support will be dropped for Ruby 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 3.0, 3.1 and any other Ruby versions which will also have reached EOL by then.
-5. Gem releases are cryptographically signed with a 20-year cert, with checksums by stone_checksums.
+5. Gem releases are cryptographically signed with a 20-year cert; SHA-256 & SHA-512 checksums by stone_checksums.
 6. Please consider supporting this project:
    • https://opencollective.com/ruby-oauth (new!)
    • https://liberapay.com/pboling

From eb15243b7b412c27fc64c8b6ca37c3218dcaeb94 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 8 Sep 2025 02:25:30 -0600
Subject: [PATCH 569/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=20v2.0?=
 =?UTF-8?q?.15?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

⚡️ A message from a fellow meat-based-AI ⚡️
- [❤️] Finely-crafted open-source tools like oauth2 (& many more) are a full-time endeavor.
- [❤️] Though I adore my work, it lacks financial sustainability.
- [❤️] Please, help me continue enhancing your tools by becoming a sponsor:
  - [💲] https://liberapay.com/pboling/donate
  - [💲] https://github.com/sponsors/pboling
---
 CHANGELOG.md                                  |  18 +-
 Gemfile.lock                                  |   2 +-
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |  95 ++--
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   4 +-
 docs/_index.html                              |   2 +-
 docs/file.CHANGELOG.html                      | 415 ++++--------------
 docs/file.CITATION.html                       |   2 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |  47 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           |   2 +-
 docs/file.README.html                         | 160 ++++++-
 docs/file.REEK.html                           |   2 +-
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |  24 +-
 docs/file.access_token.html                   |   2 +-
 docs/file.authenticator.html                  |   2 +-
 docs/file.client.html                         |   2 +-
 docs/file.error.html                          |   2 +-
 docs/file.filtered_attributes.html            |   2 +-
 docs/file.oauth2-2.0.10.gem.html              |   2 +-
 docs/file.oauth2-2.0.11.gem.html              |   2 +-
 docs/file.oauth2-2.0.12.gem.html              |   2 +-
 docs/file.oauth2-2.0.13.gem.html              |   2 +-
 docs/file.oauth2-2.0.14.gem.html              |   2 +-
 docs/file.oauth2.html                         |   2 +-
 docs/file.response.html                       |   2 +-
 docs/file.strategy.html                       |   2 +-
 docs/file.version.html                        |   2 +-
 docs/index.html                               | 160 ++++++-
 docs/top-level-namespace.html                 |   2 +-
 lib/oauth2/version.rb                         |   2 +-
 47 files changed, 522 insertions(+), 479 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a52a91f3..c4904aa9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,18 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ## [Unreleased]
 ### Added
+### Changed
+### Deprecated
+### Removed
+### Fixed
+### Security
+
+## [2.0.15] - 2025-09-08
+- TAG: [v2.0.15][2.0.15t]
+- COVERAGE: 100.00% -- 519/519 lines in 14 files
+- BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files
+- 90.48% documented
+### Added
 - [gh!671][gh!671] - Complete documentation example for Instagram by @pboling
 - .env.local.example for contributor happiness
 - note lack of builds for JRuby 9.2, 9.3 & Truffleruby 22.3, 23.0
@@ -27,8 +39,6 @@ Please file a bug if you notice a violation of semantic versioning.
   - e.g., Instagram GET=:query, POST/DELETE=:header
 ### Changed
 - [gh!669][gh!669] - Upgrade to kettle-dev v1.1.9 by @pboling
-### Deprecated
-### Removed
 ### Fixed
 - Remove accidentally duplicated lines, and fix typos in CHANGELOG.md
 - point badge to the correct workflow for Ruby 2.3 (caboose.yml)
@@ -520,7 +530,9 @@ Please file a bug if you notice a violation of semantic versioning.
 
 [gemfiles/readme]: gemfiles/README.md
 
-[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.14...HEAD
+[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.15...HEAD
+[2.0.15]: https://github.com/ruby-oauth/oauth2/compare/v2.0.14...v2.0.15
+[2.0.15t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.15
 [2.0.14]: https://github.com/ruby-oauth/oauth2/compare/v2.0.13...v2.0.14
 [2.0.14t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.14
 [2.0.13]: https://github.com/ruby-oauth/oauth2/compare/v2.0.12...v2.0.13
diff --git a/Gemfile.lock b/Gemfile.lock
index 6bbe0251..a666a693 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -13,7 +13,7 @@ GIT
 PATH
   remote: .
   specs:
-    oauth2 (2.0.14)
+    oauth2 (2.0.15)
       faraday (>= 0.17.3, < 4.0)
       jwt (>= 1.0, < 4.0)
       logger (~> 1.2)
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 6282a46f..1a5f9800 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 65ab00e2..2e8db0f0 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -967,7 +967,7 @@ 
                    
       
         
                  • 
           :mode
-          (Symbol)
+          (Symbol or callable)
           
             
               — default:
@@ -975,8 +975,9 @@ 
                    
             
           
           
-            — 
                    the transmission mode of the Access Token parameter value
                    
-one of :header, :body or :query
                    
+            — 
                    the transmission mode of the Access Token parameter value:
                    
+either one of :header, :body or :query, or a callable that accepts a request-verb parameter
                    
+and returns one of these three symbols.
                    
 
                    
           
         
                    • 
@@ -1038,7 +1039,6 @@ 
                    
       
                     
 
-142
 143
 144
 145
@@ -1071,10 +1071,11 @@ 
                    
 172
 173
 174
-175
                    
+175
+176
     
     
                    • 
@@ -2911,7 +2912,6 @@ 
                    
       
                     
 
-258
 259
 260
 261
@@ -2935,10 +2935,11 @@ 
                    
 279
 280
 281
-282
                    
+282
+283
     
     
                    
@@ -192,7 +192,7 @@ 
                    💡 Info you can shake a stick at
                    
@@ -264,14 +264,14 @@ 
                    Upgrading Runtime Gem DependenciesWhat does that mean specifically for the runtime dependencies?
                    
 
-
                    We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
                    
-covering the latest patch for each of the following minor versions:
                    
+
                    We have 100% test coverage of lines and branches, and this test suite runs across a very large matrix.
                    
+It wouldn’t be possible without appraisal2.
                    
 
 
                    
-      
                    # File 'lib/oauth2/client.rb', line 335
+      
                    # File 'lib/oauth2/client.rb', line 339
 
 def redirection_params
   if options[:redirect_uri]
@@ -2651,7 +2656,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 526c9ded..565b17d6 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 7959f3ed..8add3c57 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 2fcffb79..53511059 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 9cb8de78..a9fb6698 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index d4e31108..14eeec5c 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                    Defined Under Namespace
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index b283a6d9..76a454a4 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 4cb8b641..73881c8e 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -105,6 +105,20 @@ 
                    Overview
                    
   
                    
     
                    The Authorization Code Strategy
                    
 
+
                    OAuth 2.1 notes:
                    
+
                      
+  
                    • PKCE is required for all OAuth clients using the authorization code flow (especially public clients).
                      
+This library does not enforce PKCE generation/verification; implement PKCE in your application when required.
                      • 
+  
                    • Redirect URIs must be compared using exact string matching by the Authorization Server.
                      
+This client forwards redirect_uri but does not perform server-side validation.
                      • 
+
                    
+
+
                    References:
                    
+
                      
+  
                    • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
                      • 
+  
                    • OAuth for native apps (RFC 8252) and PKCE (RFC 7636)
                      • 
+
                    
+
 
   
                    
 
                    
@@ -274,12 +288,12 @@ 
                    
       
                     
 
-12
-13
-14
                    
+22
+23
+24
                    
     
                    		
     
-      
                    # File 'lib/oauth2/strategy/auth_code.rb', line 12
+      
                    # File 'lib/oauth2/strategy/auth_code.rb', line 22
 
 def authorize_params(params = {})
   params.merge("response_type" => "code", "client_id" => @client.id)
@@ -335,13 +349,13 @@ 
                    
       
                     
 
-19
-20
-21
-22
                    
+29
+30
+31
+32
                    
     
                    		
     
-      
                    # File 'lib/oauth2/strategy/auth_code.rb', line 19
+      
                    # File 'lib/oauth2/strategy/auth_code.rb', line 29
 
 def authorize_url(params = {})
   assert_valid_params(params)
@@ -437,18 +451,18 @@ 
                    
       
                     
 
-30
-31
-32
-33
-34
-35
-36
-37
-38
                    
+40
+41
+42
+43
+44
+45
+46
+47
+48
                    
     
                    		
     
-      
                    # File 'lib/oauth2/strategy/auth_code.rb', line 30
+      
                    # File 'lib/oauth2/strategy/auth_code.rb', line 40
 
 def get_token(code, params = {}, opts = {})
   params = {"grant_type" => "authorization_code", "code" => code}.merge(@client.redirection_params).merge(params)
@@ -469,7 +483,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 642e130e..ed53e472 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index d3aa1f86..140ac362 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index cacba7d5..7db5f9e2 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -105,6 +105,16 @@ 
                    Overview
                    
   
                    
     
                    The Implicit Strategy
                    
 
+
                    IMPORTANT (OAuth 2.1): The Implicit grant (response_type=token) is omitted from the OAuth 2.1 draft specification.
                    
+It remains here for backward compatibility with OAuth 2.0 providers. Prefer the Authorization Code flow with PKCE.
                    
+
+
                    References:
                    
+
                      
+  
                    • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
                      • 
+  
                    • Why drop implicit: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
                      • 
+  
                    • Background: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
                      • 
+
                    
+
 
   
                    
 
                    
@@ -274,12 +284,12 @@ 
                    
       
                     
 
-12
-13
-14
                    
+20
+21
+22
                    
     
                    		
     
-      
                    # File 'lib/oauth2/strategy/implicit.rb', line 12
+      
                    # File 'lib/oauth2/strategy/implicit.rb', line 20
 
 def authorize_params(params = {})
   params.merge("response_type" => "token", "client_id" => @client.id)
@@ -335,13 +345,13 @@ 
                    
       
                     
 
-19
-20
-21
-22
                    
+27
+28
+29
+30
                    
     
                    		
     
-      
                    # File 'lib/oauth2/strategy/implicit.rb', line 19
+      
                    # File 'lib/oauth2/strategy/implicit.rb', line 27
 
 def authorize_url(params = {})
   assert_valid_params(params)
@@ -390,12 +400,12 @@ 
                    
       
                     
 
-27
-28
-29
                    
+35
+36
+37
                    
     
                    		
     
-      
                    # File 'lib/oauth2/strategy/implicit.rb', line 27
+      
                    # File 'lib/oauth2/strategy/implicit.rb', line 35
 
 def get_token(*)
   raise(NotImplementedError, "The token is accessed differently in this strategy")
@@ -410,7 +420,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index e73b941b..1db42065 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -105,6 +105,16 @@ 
                    Overview
                    
   
                    
     
                    The Resource Owner Password Credentials Authorization Strategy
                    
 
+
                    IMPORTANT (OAuth 2.1): The Resource Owner Password Credentials grant is omitted in OAuth 2.1.
                    
+It remains here for backward compatibility with OAuth 2.0 providers. Prefer Authorization Code + PKCE.
                    
+
+
                    References:
                    
+
                      
+  
                    • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
                      • 
+  
                    • Okta explainer: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
                      • 
+  
                    • FusionAuth blog: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
                      • 
+
                    
+
 
   
                    
 
                    
@@ -243,12 +253,12 @@ 
                    
       
                     
 
-12
-13
-14
                    
+20
+21
+22
                    
     
                    		
     
-      
                    # File 'lib/oauth2/strategy/password.rb', line 12
+      
                    # File 'lib/oauth2/strategy/password.rb', line 20
 
 def authorize_url
   raise(NotImplementedError, "The authorization endpoint is not used in this strategy")
@@ -334,17 +344,17 @@ 
                    
       
                     
 
-21
-22
-23
-24
-25
-26
-27
-28
                    
+29
+30
+31
+32
+33
+34
+35
+36
                    
     
                    		
     
-      
                    # File 'lib/oauth2/strategy/password.rb', line 21
+      
                    # File 'lib/oauth2/strategy/password.rb', line 29
 
 def get_token(username, password, params = {}, opts = {})
   params = {
@@ -364,7 +374,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 9b63d3c1..1fa26949 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                    
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 3995f9e9..48ac3aaa 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -84,6 +84,63 @@ 
                    File Listing
                    
     
                  • LICENSE
                    • 
     
   
+    
                  • CITATION
                    • 
+    
+  
+    
                  • oauth2-2.0.10.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.11.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.12.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.13.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.10.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.11.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.12.gem
                    • 
+    
+  
+    
                  • oauth2-2.0.13.gem
                    • 
+    
+  
+    
                  • REEK
                    • 
+    
+  
+    
                  • access_token
                    • 
+    
+  
+    
                  • authenticator
                    • 
+    
+  
+    
                  • client
                    • 
+    
+  
+    
                  • error
                    • 
+    
+  
+    
                  • filtered_attributes
                    • 
+    
+  
+    
                  • response
                    • 
+    
+  
+    
                  • strategy
                    • 
+    
+  
+    
                  • version
                    • 
+    
+  
+    
                  • oauth2
                    • 
+    
+  
   
 
 
                    
@@ -306,7 +363,7 @@ 
                    Namespace Listing A-Z
                    
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 20347058..d8e4431a 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -60,18 +60,28 @@
       
                    Changelog
                    
 
                    All notable changes to this project will be documented in this file.
                    
 
-
                    The format (since v2) is based on Keep a Changelog v1,
                    
-and this project adheres to Semantic Versioning v2.
                    
+
                    The format (since v2) is based on Keep a Changelog
                    
+and this project adheres to Semantic Versioning.
                    
 
 
                    Unreleased
                    
 
                    Added
                    
 
                      
-  
                    • improved documentation by @pboling
-    
                      Changed
                      
-    
                      Deprecated
                      
-    
                      Removed
                      
-    
                      Fixed
                      
-    
                      Security
                      
+  
                    • improved documentation by @pboling
                      • 
+  
                    • documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, such as:
+    
                        
+      
                      • PKCE required for auth code,
                        • 
+      
                      • exact redirect URI match,
                        • 
+      
                      • implicit/password grants omitted,
                        • 
+      
                      • avoid bearer tokens in query,
                        • 
+      
                      • refresh token guidance for public clients,
                        • 
+      
                      • simplified client definitions)
+        
                        Changed
                        
+        
                        Deprecated
                        
+        
                        Removed
                        
+        
                        Fixed
                        
+        
                        Security
                        
+      
                        • 
+    
                      
   
                      • 
 
                    
 
@@ -1228,7 +1238,7 @@ 
                    
 
                    
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 163c9de9..ad98f8f8 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 4b891735..ed3003e1 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                    Attribution
                    
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 707469c7..4978c12c 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ 
                    Manual process
                    
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index d464f2b2..0d4904a8 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                    Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 6c799800..d1165879 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                    MIT License

                    Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                    Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                    Permission is hereby granted, free of charge, to any person obtaining a copy
                    of this software and associated documentation files (the "Software"), to deal
                    in the Software without restriction, including without limitation the rights
                    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                    copies of the Software, and to permit persons to whom the Software is
                    furnished to do so, subject to the following conditions:

                    The above copyright notice and this permission notice shall be included in all
                    copies or substantial portions of the Software.

                    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                    SOFTWARE.
                    
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index fba30eca..0d3fa887 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -826,6 +826,26 @@ 
                    OAuth2::Error
                    
 
 
                    Authorization Grants
                    
 
+
                    Note on OAuth 2.1 (draft):
                    
+
                      
+  
                    • PKCE is required for all OAuth clients using the authorization code flow (especially public clients). Implement PKCE in your app when required by your provider. See RFC 7636 and RFC 8252.
                      • 
+  
                    • Redirect URIs must be compared using exact string matching by the Authorization Server.
                      • 
+  
                    • The Implicit grant (response_type=token) and the Resource Owner Password Credentials grant are omitted from OAuth 2.1; they remain here for OAuth 2.0 compatibility but should be avoided for new apps.
                      • 
+  
                    • Bearer tokens in the query string are omitted due to security risks; prefer Authorization header usage.
                      • 
+  
                    • Refresh tokens for public clients must either be sender-constrained (e.g., DPoP/MTLS) or one-time use.
                      • 
+  
                    • The definitions of public and confidential clients are simplified to refer only to whether the client has credentials.
                      • 
+
                    
+
+
                    References:
                    
+
                      
+  
                    • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
                      • 
+  
                    • Aaron Parecki: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
                      • 
+  
                    • FusionAuth: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
                      • 
+  
                    • Okta: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
                      • 
+  
                    • Video: https://www.youtube.com/watch?v=g_aVPdwBTfw
                      • 
+  
                    • Differences overview: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
                      • 
+
                    
+
 
                    Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
                    
 authentication grant types have helper strategy classes that simplify client
                    
 use. They are available via the #auth_code,
                    
@@ -1160,7 +1180,7 @@ 
                    🔐 Security
                    
 
                    🤝 Contributing
                    
 
 
                    If you need some ideas of where to help, you could work on adding more code coverage,
                    
-or if it is already 💯 (see below) check reek, issues, or PRs,
                    
+or if it is already 💯 (see below) check reek, issues, or PRs,
                    
 or use the gem and think about how it could be better.
                    
 
 
                    We Keep A Changelog so if you make changes, remember to update it.
                    
@@ -1306,7 +1326,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index 137dfca2..57f29476 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 62540ff2..4ac6b96e 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                    Benefits of rubocop_gradual
                    
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 145a52d4..7643c7c2 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                    Enterprise Support
                    
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 59dd96da..4cb72ea2 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index e703185b..ce2b14fb 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index a26f7a40..f7d7750b 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index d36d31cb..419173f9 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index b6be30c1..2006a7ed 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index 74bd8adf..734ab2bc 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index b8260853..81a61042 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index dc9a40a6..100e46f9 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
new file mode 100644
index 00000000..a86bbff3
--- /dev/null
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.13.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                    
+      
+      
                    
+    
                    
+
+    
                    
+      
+
+      
                    3bfe481d98f859f37f3b90ced2b8856a843eef0f2e0263163cccc14430047bc3cd03d28597f48daa3d623b52d692c3b3e7c2dc26df5eb588dd82d28608fba639
                    
+
                    
+
+      
+
+    
                    
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index 575122d0..5ca07d80 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index 1208f24b..6eef2f43 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 1d74d472..86173f0f 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index 0d97cbcf..14bb9040 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index 95fe7792..0f55bc81 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -87,6 +87,101 @@ 
                    File List
                    
   
   
 
+  
                  • 
+    
                    CITATION
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.10.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.11.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.12.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.13.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.10.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.11.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.12.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2-2.0.13.gem
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    REEK
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    access_token
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    authenticator
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    client
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    error
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    filtered_attributes
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    response
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    strategy
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    version
                    
+  
                    • 
+  
+
+  
                  • 
+    
                    oauth2
                    
+  
                    • 
+  
+
 
       
     
diff --git a/docs/index.html b/docs/index.html
index ec35c16a..4bdbc8bd 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -826,6 +826,26 @@ 
                    OAuth2::Error
                    
 
 
                    Authorization Grants
                    
 
+
                    Note on OAuth 2.1 (draft):
                    
+
                      
+  
                    • PKCE is required for all OAuth clients using the authorization code flow (especially public clients). Implement PKCE in your app when required by your provider. See RFC 7636 and RFC 8252.
                      • 
+  
                    • Redirect URIs must be compared using exact string matching by the Authorization Server.
                      • 
+  
                    • The Implicit grant (response_type=token) and the Resource Owner Password Credentials grant are omitted from OAuth 2.1; they remain here for OAuth 2.0 compatibility but should be avoided for new apps.
                      • 
+  
                    • Bearer tokens in the query string are omitted due to security risks; prefer Authorization header usage.
                      • 
+  
                    • Refresh tokens for public clients must either be sender-constrained (e.g., DPoP/MTLS) or one-time use.
                      • 
+  
                    • The definitions of public and confidential clients are simplified to refer only to whether the client has credentials.
                      • 
+
                    
+
+
                    References:
                    
+
                      
+  
                    • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
                      • 
+  
                    • Aaron Parecki: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
                      • 
+  
                    • FusionAuth: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
                      • 
+  
                    • Okta: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
                      • 
+  
                    • Video: https://www.youtube.com/watch?v=g_aVPdwBTfw
                      • 
+  
                    • Differences overview: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
                      • 
+
                    
+
 
                    Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
                    
 authentication grant types have helper strategy classes that simplify client
                    
 use. They are available via the #auth_code,
                    
@@ -1160,7 +1180,7 @@ 
                    🔐 Security
                    
 
                    🤝 Contributing
                    
 
 
                    If you need some ideas of where to help, you could work on adding more code coverage,
                    
-or if it is already 💯 (see below) check reek, issues, or PRs,
                    
+or if it is already 💯 (see below) check reek, issues, or PRs,
                    
 or use the gem and think about how it could be better.
                    
 
 
                    We Keep A Changelog so if you make changes, remember to update it.
                    
@@ -1306,7 +1326,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 785e5eb9..2c7379c1 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                    Defined Under Namespace
                    
 
 
       
diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb
index c5607392..57b95b10 100644
--- a/lib/oauth2/access_token.rb
+++ b/lib/oauth2/access_token.rb
@@ -376,6 +376,8 @@ def configure_authentication!(opts)
         opts[:headers] ||= {}
         opts[:headers].merge!(headers)
       when :query
+        # OAuth 2.1 note: Bearer tokens in the query string are omitted from the spec due to security risks.
+        # Prefer the default :header mode whenever possible.
         opts[:params] ||= {}
         opts[:params][options[:param_name]] = token
       when :body
diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb
index 193e95c4..7c64c3c1 100644
--- a/lib/oauth2/client.rb
+++ b/lib/oauth2/client.rb
@@ -321,6 +321,9 @@ def assertion
     # requesting authorization. If it is provided at authorization time it MUST
     # also be provided with the token exchange request.
     #
+    # OAuth 2.1 note: Authorization Servers must compare redirect URIs using exact string matching.
+    # This client simply forwards the configured redirect_uri; the exact-match validation happens server-side.
+    #
     # Providing :redirect_uri to the OAuth2::Client instantiation will take
     # care of managing this.
     #
@@ -330,6 +333,7 @@ def assertion
     # @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
     # @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.1
     # @see https://datatracker.ietf.org/doc/html/rfc6749#section-10.6
+    # @see https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
     #
     # @return [Hash] the params to add to a request or URL
     def redirection_params
diff --git a/lib/oauth2/strategy/auth_code.rb b/lib/oauth2/strategy/auth_code.rb
index 96eedf5d..ff909a37 100644
--- a/lib/oauth2/strategy/auth_code.rb
+++ b/lib/oauth2/strategy/auth_code.rb
@@ -4,6 +4,16 @@ module OAuth2
   module Strategy
     # The Authorization Code Strategy
     #
+    # OAuth 2.1 notes:
+    # - PKCE is required for all OAuth clients using the authorization code flow (especially public clients).
+    #   This library does not enforce PKCE generation/verification; implement PKCE in your application when required.
+    # - Redirect URIs must be compared using exact string matching by the Authorization Server.
+    #   This client forwards redirect_uri but does not perform server-side validation.
+    #
+    # References:
+    # - OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
+    # - OAuth for native apps (RFC 8252) and PKCE (RFC 7636)
+    #
     # @see http://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-15#section-4.1
     class AuthCode < Base
       # The required query parameters for the authorize URL
diff --git a/lib/oauth2/strategy/implicit.rb b/lib/oauth2/strategy/implicit.rb
index e9efe5c2..8dfd0a64 100644
--- a/lib/oauth2/strategy/implicit.rb
+++ b/lib/oauth2/strategy/implicit.rb
@@ -4,6 +4,14 @@ module OAuth2
   module Strategy
     # The Implicit Strategy
     #
+    # IMPORTANT (OAuth 2.1): The Implicit grant (response_type=token) is omitted from the OAuth 2.1 draft specification.
+    # It remains here for backward compatibility with OAuth 2.0 providers. Prefer the Authorization Code flow with PKCE.
+    #
+    # References:
+    # - OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
+    # - Why drop implicit: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
+    # - Background: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
+    #
     # @see http://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-26#section-4.2
     class Implicit < Base
       # The required query parameters for the authorize URL
diff --git a/lib/oauth2/strategy/password.rb b/lib/oauth2/strategy/password.rb
index 79acf654..9621e684 100644
--- a/lib/oauth2/strategy/password.rb
+++ b/lib/oauth2/strategy/password.rb
@@ -4,6 +4,14 @@ module OAuth2
   module Strategy
     # The Resource Owner Password Credentials Authorization Strategy
     #
+    # IMPORTANT (OAuth 2.1): The Resource Owner Password Credentials grant is omitted in OAuth 2.1.
+    # It remains here for backward compatibility with OAuth 2.0 providers. Prefer Authorization Code + PKCE.
+    #
+    # References:
+    # - OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
+    # - Okta explainer: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
+    # - FusionAuth blog: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
+    #
     # @see http://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-15#section-4.3
     class Password < Base
       # Not used for this strategy

From e04fcd9f8fc5f36e66bc97261069ed83a76cf235 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 04:01:02 -0600
Subject: [PATCH 532/645] =?UTF-8?q?=F0=9F=93=9D=20Added=20OIDC=20documenta?=
 =?UTF-8?q?tion,=20example,=20and=20spec=20references=20in=20OIDC.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                                  |   2 +
 OIDC.md                                       | 145 +++++++++++
 README.md                                     |   1 +
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              |  49 ++--
 docs/file.CHANGELOG.html                      |  20 +-
 docs/file.CITATION.html                       |   2 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           | 238 ++++++++++++++++++
 docs/file.README.html                         |   3 +-
 docs/file.REEK.html                           |   2 +-
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   2 +-
 docs/file.access_token.html                   |   2 +-
 docs/file.authenticator.html                  |   2 +-
 docs/file.client.html                         |   2 +-
 docs/file.error.html                          |   2 +-
 docs/file.filtered_attributes.html            |   2 +-
 docs/file.oauth2-2.0.10.gem.html              |   2 +-
 docs/file.oauth2-2.0.11.gem.html              |   2 +-
 docs/file.oauth2-2.0.12.gem.html              |   2 +-
 docs/file.oauth2-2.0.13.gem.html              |   2 +-
 docs/file.oauth2.html                         |   2 +-
 docs/file.response.html                       |   2 +-
 docs/file.strategy.html                       |   2 +-
 docs/file.version.html                        |   2 +-
 docs/file_list.html                           |  49 ++--
 docs/index.html                               |   3 +-
 docs/top-level-namespace.html                 |   2 +-
 oauth2.gemspec                                |   3 +-
 48 files changed, 494 insertions(+), 95 deletions(-)
 create mode 100644 OIDC.md
 create mode 100644 docs/file.OIDC.html

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7c36d47d..db7a8a3c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - avoid bearer tokens in query,
   - refresh token guidance for public clients,
   - simplified client definitions)
+- document how to implement an OIDC client with this gem in OIDC.md
 ### Changed
 ### Deprecated
 ### Removed
@@ -32,6 +33,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - [gh660][gh660]- (more) Comprehensive documentation / examples by @pboling
 - [gh657][gh657] - Updated documentation for org-rename by @pboling
 - More funding links by @Aboling0
+- Documentation: Added docs/OIDC.md with OIDC 1.0 overview, example, and references
 ### Changed
 - Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
 - [gh660][gh660] - Shrink post-install message by 4 lines by @pboling
diff --git a/OIDC.md b/OIDC.md
new file mode 100644
index 00000000..64c0e91f
--- /dev/null
+++ b/OIDC.md
@@ -0,0 +1,145 @@
+# OpenID Connect (OIDC) with ruby-oauth/oauth2
+
+This document complements the OAuth 2.1 notes already present in the repository by focusing on OpenID Connect (OIDC) 1.0 usage patterns when using this gem as an OAuth 2.0 client library.
+
+Scope of this document
+- Audience: Developers building an OAuth 2.0/OIDC Relying Party (RP, aka client) in Ruby.
+- Non-goals: This gem does not implement an OIDC Provider (OP, aka Authorization Server); for OP/server see other projects (e.g., doorkeeper + oidc extensions).
+- Status: Informational documentation with links to normative specs. The gem intentionally remains protocol-agnostic beyond OAuth 2.0; OIDC specifics (like ID Token validation) must be handled by your application.
+
+Key concepts refresher
+- OAuth 2.0 delegates authorization; it does not define authentication of the end-user.
+- OIDC layers an identity layer on top of OAuth 2.0, introducing:
+  - ID Token: a JWT carrying claims about the authenticated end-user and the authentication event.
+  - Standardized scopes: openid (mandatory), profile, email, address, phone, offline_access, and others.
+  - UserInfo endpoint: a protected resource for retrieving user profile claims.
+  - Discovery and Dynamic Client Registration (optional for providers/clients that support them).
+
+What this gem provides for OIDC
+- All OAuth 2.0 client capabilities required for OIDC flows: building authorization requests, exchanging authorization codes, refreshing tokens, and making authenticated resource requests.
+- Transport and parsing conveniences (snaky hash, Faraday integration, error handling, etc.).
+- Optional client authentication schemes useful with OIDC deployments:
+  - basic_auth (default)
+  - request_body (legacy)
+  - tls_client_auth (MTLS)
+  - private_key_jwt (OIDC-compliant when configured per OP requirements)
+
+What you must add in your app for OIDC
+- ID Token validation: This gem surfaces id_token values but does not verify them. Your app should:
+  1) Parse the JWT (header, payload, signature)
+  2) Fetch the OP JSON Web Key Set (JWKS) from discovery (or configure statically)
+  3) Select the correct key by kid (when present) and verify the signature and algorithm
+  4) Validate standard claims (iss, aud, exp, iat, nbf, azp, nonce when used, at_hash/c_hash when applicable)
+  5) Enforce expected client_id, issuer, and clock skew policies
+- Nonce handling for Authorization Code flow with OIDC: generate a cryptographically-random nonce, bind it to the user session before redirect, include it in authorize request, and verify it in the ID Token on return.
+- PKCE is best practice and often required by OPs: generate/verifier, send challenge in authorize, send verifier in token request.
+- Session/state management: continue to validate state to mitigate CSRF; use exact redirect_uri matching.
+
+Minimal OIDC Authorization Code example
+
+```ruby
+require "oauth2"
+require "jwt"         # jwt/ruby-jwt
+require "net/http"
+require "json"
+
+client = OAuth2::Client.new(
+  ENV.fetch("https://github.com/OIDC_CLIENT_ID"),
+  ENV.fetch("https://github.com/OIDC_CLIENT_SECRET"),
+  site: ENV.fetch("https://github.com/OIDC_ISSUER"),              # e.g. https://accounts.example.com
+  authorize_url: "/authorize",                 # or discovered
+  token_url: "/token",                         # or discovered
+)
+
+# Step 1: Redirect to OP for consent/auth
+state = SecureRandom.hex(16)
+nonce = SecureRandom.hex(16)
+pkce_verifier = SecureRandom.urlsafe_base64(64)
+pkce_challenge = Base64.urlsafe_encode64(Digest::SHA256.digest(pkce_verifier)).delete("=")
+
+authz_url = client.auth_code.authorize_url(
+  scope: "openid profile email",
+  state: state,
+  nonce: nonce,
+  code_challenge: pkce_challenge,
+  code_challenge_method: "S256",
+  redirect_uri: ENV.fetch("https://github.com/OIDC_REDIRECT_URI"),
+)
+# redirect_to authz_url
+
+# Step 2: Handle callback
+# params[:code], params[:state]
+raise "state mismatch" unless params[:state] == state
+
+token = client.auth_code.get_token(
+  params[:code],
+  redirect_uri: ENV.fetch("https://github.com/OIDC_REDIRECT_URI"),
+  code_verifier: pkce_verifier,
+)
+
+# The token may include: access_token, id_token, refresh_token, etc.
+id_token = token.params["id_token"] || token.params[:id_token]
+
+# Step 3: Validate the ID Token (simplified – add your own checks!)
+# Discover keys (example using .well-known)
+issuer = ENV.fetch("https://github.com/OIDC_ISSUER")
+jwks_uri = JSON.parse(Net::HTTP.get(URI.join(issuer, "/.well-known/openid-configuration"))).
+  fetch("https://github.com/jwks_uri")
+jwks = JSON.parse(Net::HTTP.get(URI(jwks_uri)))
+keys = jwks.fetch("https://github.com/keys")
+
+# Use ruby-jwt JWK loader
+jwk_set = JWT::JWK::Set.new(keys.map { |k| JWT::JWK.import(k) })
+
+decoded, headers = JWT.decode(
+  id_token,
+  nil,
+  true,
+  algorithms: ["RS256", "ES256", "PS256"],
+  jwks: jwk_set,
+  verify_iss: true,
+  iss: issuer,
+  verify_aud: true,
+  aud: ENV.fetch("https://github.com/OIDC_CLIENT_ID"),
+)
+
+# Verify nonce
+raise "nonce mismatch" unless decoded["nonce"] == nonce
+
+# Optionally: call UserInfo
+userinfo = token.get("/userinfo").parsed
+```
+
+Notes on discovery and registration
+- Discovery: Most OPs publish configuration at {issuer}/.well-known/openid-configuration (OIDC Discovery 1.0). From there, resolve authorization_endpoint, token_endpoint, jwks_uri, userinfo_endpoint, etc.
+- Dynamic Client Registration: Some OPs allow registering clients programmatically (OIDC Dynamic Client Registration 1.0). This gem does not implement registration; use a plain HTTP client or Faraday and store credentials securely.
+
+Common pitfalls and tips
+- Always request the openid scope when you expect an ID Token. Without it, the OP may behave as vanilla OAuth 2.0.
+- Validate ID Token signature and claims before trusting any identity data. Do not rely solely on the presence of an id_token field.
+- Prefer Authorization Code + PKCE. Avoid Implicit; it is discouraged in modern guidance and may be disabled by providers.
+- Use exact redirect_uri matching, and keep your allow-list short.
+- For public clients that use refresh tokens, prefer sender-constrained tokens (DPoP/MTLS) or rotation with one-time-use refresh tokens, per modern best practices.
+- When using private_key_jwt, ensure the "aud" (or token_url) and "iss/sub" claims are set per the OP’s rules, and include kid in the JWT header when required so the OP can select the right key.
+
+Relevant specifications and references
+- OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html
+- OIDC Core (final): https://openid.net/specs/openid-connect-core-1_0-final.html
+- How OIDC works: https://openid.net/developers/how-connect-works/
+- OpenID Connect home: https://openid.net/connect/
+- OIDC Discovery 1.0: https://openid.net/specs/openid-connect-discovery-1_0.html
+- OIDC Dynamic Client Registration 1.0: https://openid.net/specs/openid-connect-registration-1_0.html
+- OIDC Session Management 1.0: https://openid.net/specs/openid-connect-session-1_0.html
+- OIDC RP-Initiated Logout 1.0: https://openid.net/specs/openid-connect-rpinitiated-1_0.html
+- OIDC Back-Channel Logout 1.0: https://openid.net/specs/openid-connect-backchannel-1_0.html
+- OIDC Front-Channel Logout 1.0: https://openid.net/specs/openid-connect-frontchannel-1_0.html
+- Auth0 OIDC overview: https://auth0.com/docs/authenticate/protocols/openid-connect-protocol
+- Spring Authorization Server’s list of OAuth2/OIDC specs: https://github.com/spring-projects/spring-authorization-server/wiki/OAuth2-and-OIDC-Specifications
+
+See also
+- README sections on OAuth 2.1 notes and OIDC notes
+- Strategy classes under lib/oauth2/strategy for flow helpers
+- Specs under spec/oauth2 for concrete usage patterns
+
+Contributions welcome
+- If you discover provider-specific nuances, consider contributing examples or clarifications (without embedding provider-specific hacks into the library).
diff --git a/README.md b/README.md
index 56365fa0..434f932c 100644
--- a/README.md
+++ b/README.md
@@ -947,6 +947,7 @@ access = client.get_token({
 
 - If the token response includes an `id_token` (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider's JWKs to verify it.
 - For private_key_jwt client authentication, provide `auth_scheme: :private_key_jwt` and ensure your key configuration matches the provider requirements.
+- See [OIDC.md](OIDC.md) for a more complete OIDC overview, example, and links to the relevant specifications.
 
 ### Debugging
 
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index f147de49..51c9468c 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 9390625c..48ef159e 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index dabcdf70..eb73cedb 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index f7320c23..28ded2f2 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 565b17d6..3b632405 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 8add3c57..2b49116a 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 53511059..6c7a0789 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index a9fb6698..8767f4e8 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 14eeec5c..d7eb70c9 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                    Defined Under Namespace
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 76a454a4..bedd89d9 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 73881c8e..b0ea8617 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index ed53e472..f6068df3 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 140ac362..93baa6ba 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 7db5f9e2..59166027 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 1db42065..bc70cb06 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 1fa26949..7e67b8d5 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                    
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 48ac3aaa..a601b39b 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -75,70 +75,73 @@ 
                    File Listing
                    
     
                  • FUNDING
                    • 
     
   
-    
                  • RUBOCOP
                    • 
+    
                  • OIDC
                    • 
     
   
-    
                  • SECURITY
                    • 
+    
                  • RUBOCOP
                    • 
     
   
-    
                  • LICENSE
                    • 
+    
                  • SECURITY
                    • 
     
   
-    
                  • CITATION
                    • 
+    
                  • LICENSE
                    • 
     
   
-    
                  • oauth2-2.0.10.gem
                    • 
+    
                  • CITATION
                    • 
     
   
-    
                  • oauth2-2.0.11.gem
                    • 
+    
                  • oauth2-2.0.10.gem
                    • 
     
   
-    
                  • oauth2-2.0.12.gem
                    • 
+    
                  • oauth2-2.0.11.gem
                    • 
     
   
-    
                  • oauth2-2.0.13.gem
                    • 
+    
                  • oauth2-2.0.12.gem
                    • 
     
   
-    
                  • oauth2-2.0.10.gem
                    • 
+    
                  • oauth2-2.0.13.gem
                    • 
     
   
-    
                  • oauth2-2.0.11.gem
                    • 
+    
                  • oauth2-2.0.10.gem
                    • 
     
   
-    
                  • oauth2-2.0.12.gem
                    • 
+    
                  • oauth2-2.0.11.gem
                    • 
     
   
-    
                  • oauth2-2.0.13.gem
                    • 
+    
                  • oauth2-2.0.12.gem
                    • 
     
   
-    
                  • REEK
                    • 
+    
                  • oauth2-2.0.13.gem
                    • 
     
   
-    
                  • access_token
                    • 
+    
                  • REEK
                    • 
     
   
-    
                  • authenticator
                    • 
+    
                  • access_token
                    • 
     
   
-    
                  • client
                    • 
+    
                  • authenticator
                    • 
     
   
-    
                  • error
                    • 
+    
                  • client
                    • 
     
   
-    
                  • filtered_attributes
                    • 
+    
                  • error
                    • 
     
   
-    
                  • response
                    • 
+    
                  • filtered_attributes
                    • 
     
   
-    
                  • strategy
                    • 
+    
                  • response
                    • 
     
   
-    
                  • version
                    • 
+    
                  • strategy
                    • 
     
   
-    
                  • oauth2
                    • 
+    
                  • version
                    • 
+    
+  
+    
                  • oauth2
                    • 
     
   
   
@@ -363,7 +366,7 @@ 
                    Namespace Listing A-Z
                    
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index d8e4431a..b2588230 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -74,15 +74,16 @@ 
                    Added
                    
       
                  • implicit/password grants omitted,
                    • 
       
                  • avoid bearer tokens in query,
                    • 
       
                  • refresh token guidance for public clients,
                    • 
-      
                  • simplified client definitions)
-        
                    Changed
                    
-        
                    Deprecated
                    
-        
                    Removed
                    
-        
                    Fixed
                    
-        
                    Security
                    
-      
                    • 
+      
                  • simplified client definitions)
                    • 
     
   
+  
                  • document how to implement an OIDC client with this gem in OIDC.md
+    
                    Changed
                    
+    
                    Deprecated
                    
+    
                    Removed
                    
+    
                    Fixed
                    
+    
                    Security
                    
+  
                    • 
 
 
 
                    
@@ -105,7 +106,8 @@ 
                    Added
                    
 gh660- (more) Comprehensive documentation / examples by @pboling
   
                  • 
 gh657 - Updated documentation for org-rename by @pboling
                    • 
-  
                  • More funding links by @Aboling0
+  
                  • More funding links by @Aboling0
                    • 
+  
                  • Documentation: Added docs/OIDC.md with OIDC 1.0 overview, example, and references
     
                    Changed
                    
   
                    • 
   
                  • Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
                    • 
@@ -1238,7 +1240,7 @@ 
                    
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index ad98f8f8..9f06c3ac 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index ed3003e1..1159e835 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                    Attribution
                    
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 4978c12c..65b15b25 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ 
                    Manual process
                    
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 0d4904a8..c0ddd2e1 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                    Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index d1165879..d9829657 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                    MIT License

                    Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                    Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                    Permission is hereby granted, free of charge, to any person obtaining a copy
                    of this software and associated documentation files (the "Software"), to deal
                    in the Software without restriction, including without limitation the rights
                    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                    copies of the Software, and to permit persons to whom the Software is
                    furnished to do so, subject to the following conditions:

                    The above copyright notice and this permission notice shall be included in all
                    copies or substantial portions of the Software.

                    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                    SOFTWARE.
                    
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
new file mode 100644
index 00000000..60f2e974
--- /dev/null
+++ b/docs/file.OIDC.html
@@ -0,0 +1,238 @@
+
+
+  
+    
+
+
+  File: OIDC
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                    
+      
+      
                    
+    
                    
+
+    
                    
+      
+
+      
                    OpenID Connect (OIDC) with ruby-oauth/oauth2
                    
+
+
                    This document complements the OAuth 2.1 notes already present in the repository by focusing on OpenID Connect (OIDC) 1.0 usage patterns when using this gem as an OAuth 2.0 client library.
                    
+
+
                    Scope of this document
                    
+
                      
+  
                    • Audience: Developers building an OAuth 2.0/OIDC Relying Party (RP, aka client) in Ruby.
                      • 
+  
                    • Non-goals: This gem does not implement an OIDC Provider (OP, aka Authorization Server); for OP/server see other projects (e.g., doorkeeper + oidc extensions).
                      • 
+  
                    • Status: Informational documentation with links to normative specs. The gem intentionally remains protocol-agnostic beyond OAuth 2.0; OIDC specifics (like ID Token validation) must be handled by your application.
                      • 
+
                    
+
+
                    Key concepts refresher
                    
+
                      
+  
                    • OAuth 2.0 delegates authorization; it does not define authentication of the end-user.
                      • 
+  
                    • OIDC layers an identity layer on top of OAuth 2.0, introducing:
+    
                        
+      
                      • ID Token: a JWT carrying claims about the authenticated end-user and the authentication event.
                        • 
+      
                      • Standardized scopes: openid (mandatory), profile, email, address, phone, offline_access, and others.
                        • 
+      
                      • UserInfo endpoint: a protected resource for retrieving user profile claims.
                        • 
+      
                      • Discovery and Dynamic Client Registration (optional for providers/clients that support them).
                        • 
+    
                      
+  
                      • 
+
                    
+
+
                    What this gem provides for OIDC
                    
+
                      
+  
                    • All OAuth 2.0 client capabilities required for OIDC flows: building authorization requests, exchanging authorization codes, refreshing tokens, and making authenticated resource requests.
                      • 
+  
                    • Transport and parsing conveniences (snaky hash, Faraday integration, error handling, etc.).
                      • 
+  
                    • Optional client authentication schemes useful with OIDC deployments:
+    
                        
+      
                      • basic_auth (default)
                        • 
+      
                      • request_body (legacy)
                        • 
+      
                      • tls_client_auth (MTLS)
                        • 
+      
                      • private_key_jwt (OIDC-compliant when configured per OP requirements)
                        • 
+    
                      
+  
                      • 
+
                    
+
+
                    What you must add in your app for OIDC
                    
+
                      
+  
                    • ID Token validation: This gem surfaces id_token values but does not verify them. Your app should:
                      
+1) Parse the JWT (header, payload, signature)
                      
+2) Fetch the OP JSON Web Key Set (JWKS) from discovery (or configure statically)
                      
+3) Select the correct key by kid (when present) and verify the signature and algorithm
                      
+4) Validate standard claims (iss, aud, exp, iat, nbf, azp, nonce when used, at_hash/c_hash when applicable)
                      
+5) Enforce expected client_id, issuer, and clock skew policies
                      • 
+  
                    • Nonce handling for Authorization Code flow with OIDC: generate a cryptographically-random nonce, bind it to the user session before redirect, include it in authorize request, and verify it in the ID Token on return.
                      • 
+  
                    • PKCE is best practice and often required by OPs: generate/verifier, send challenge in authorize, send verifier in token request.
                      • 
+  
                    • Session/state management: continue to validate state to mitigate CSRF; use exact redirect_uri matching.
                      • 
+
                    
+
+
                    Minimal OIDC Authorization Code example
                    
+
+
                    require "oauth2"
+require "jwt"         # jwt/ruby-jwt
+require "net/http"
+require "json"
+
+client = OAuth2::Client.new(
+  ENV.fetch("OIDC_CLIENT_ID"),
+  ENV.fetch("OIDC_CLIENT_SECRET"),
+  site: ENV.fetch("OIDC_ISSUER"),              # e.g. https://accounts.example.com
+  authorize_url: "/authorize",                 # or discovered
+  token_url: "/token",                         # or discovered
+)
+
+# Step 1: Redirect to OP for consent/auth
+state = SecureRandom.hex(16)
+nonce = SecureRandom.hex(16)
+pkce_verifier = SecureRandom.urlsafe_base64(64)
+pkce_challenge = Base64.urlsafe_encode64(Digest::SHA256.digest(pkce_verifier)).delete("=")
+
+authz_url = client.auth_code.authorize_url(
+  scope: "openid profile email",
+  state: state,
+  nonce: nonce,
+  code_challenge: pkce_challenge,
+  code_challenge_method: "S256",
+  redirect_uri: ENV.fetch("OIDC_REDIRECT_URI"),
+)
+# redirect_to authz_url
+
+# Step 2: Handle callback
+# params[:code], params[:state]
+raise "state mismatch" unless params[:state] == state
+
+token = client.auth_code.get_token(
+  params[:code],
+  redirect_uri: ENV.fetch("OIDC_REDIRECT_URI"),
+  code_verifier: pkce_verifier,
+)
+
+# The token may include: access_token, id_token, refresh_token, etc.
+id_token = token.params["id_token"] || token.params[:id_token]
+
+# Step 3: Validate the ID Token (simplified – add your own checks!)
+# Discover keys (example using .well-known)
+issuer = ENV.fetch("OIDC_ISSUER")
+jwks_uri = JSON.parse(Net::HTTP.get(URI.join(issuer, "/.well-known/openid-configuration"))).
+  fetch("jwks_uri")
+jwks = JSON.parse(Net::HTTP.get(URI(jwks_uri)))
+keys = jwks.fetch("keys")
+
+# Use ruby-jwt JWK loader
+jwk_set = JWT::JWK::Set.new(keys.map { |k| JWT::JWK.import(k) })
+
+decoded, headers = JWT.decode(
+  id_token,
+  nil,
+  true,
+  algorithms: ["RS256", "ES256", "PS256"],
+  jwks: jwk_set,
+  verify_iss: true,
+  iss: issuer,
+  verify_aud: true,
+  aud: ENV.fetch("OIDC_CLIENT_ID"),
+)
+
+# Verify nonce
+raise "nonce mismatch" unless decoded["nonce"] == nonce
+
+# Optionally: call UserInfo
+userinfo = token.get("/userinfo").parsed
+
                    
+
+
                    Notes on discovery and registration
                    
+
                      
+  
                    • Discovery: Most OPs publish configuration at issuer/.well-known/openid-configuration (OIDC Discovery 1.0). From there, resolve authorization_endpoint, token_endpoint, jwks_uri, userinfo_endpoint, etc.
                      • 
+  
                    • Dynamic Client Registration: Some OPs allow registering clients programmatically (OIDC Dynamic Client Registration 1.0). This gem does not implement registration; use a plain HTTP client or Faraday and store credentials securely.
                      • 
+
                    
+
+
                    Common pitfalls and tips
                    
+
                      
+  
                    • Always request the openid scope when you expect an ID Token. Without it, the OP may behave as vanilla OAuth 2.0.
                      • 
+  
                    • Validate ID Token signature and claims before trusting any identity data. Do not rely solely on the presence of an id_token field.
                      • 
+  
                    • Prefer Authorization Code + PKCE. Avoid Implicit; it is discouraged in modern guidance and may be disabled by providers.
                      • 
+  
                    • Use exact redirect_uri matching, and keep your allow-list short.
                      • 
+  
                    • For public clients that use refresh tokens, prefer sender-constrained tokens (DPoP/MTLS) or rotation with one-time-use refresh tokens, per modern best practices.
                      • 
+  
                    • When using private_key_jwt, ensure the “aud” (or token_url) and “iss/sub” claims are set per the OP’s rules, and include kid in the JWT header when required so the OP can select the right key.
                      • 
+
                    
+
+
                    Relevant specifications and references
                    
+
                      
+  
                    • OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html
                      • 
+  
                    • OIDC Core (final): https://openid.net/specs/openid-connect-core-1_0-final.html
                      • 
+  
                    • How OIDC works: https://openid.net/developers/how-connect-works/
                      • 
+  
                    • OpenID Connect home: https://openid.net/connect/
                      • 
+  
                    • OIDC Discovery 1.0: https://openid.net/specs/openid-connect-discovery-1_0.html
                      • 
+  
                    • OIDC Dynamic Client Registration 1.0: https://openid.net/specs/openid-connect-registration-1_0.html
                      • 
+  
                    • OIDC Session Management 1.0: https://openid.net/specs/openid-connect-session-1_0.html
                      • 
+  
                    • OIDC RP-Initiated Logout 1.0: https://openid.net/specs/openid-connect-rpinitiated-1_0.html
                      • 
+  
                    • OIDC Back-Channel Logout 1.0: https://openid.net/specs/openid-connect-backchannel-1_0.html
                      • 
+  
                    • OIDC Front-Channel Logout 1.0: https://openid.net/specs/openid-connect-frontchannel-1_0.html
                      • 
+  
                    • Auth0 OIDC overview: https://auth0.com/docs/authenticate/protocols/openid-connect-protocol
                      • 
+  
                    • Spring Authorization Server’s list of OAuth2/OIDC specs: https://github.com/spring-projects/spring-authorization-server/wiki/OAuth2-and-OIDC-Specifications
                      • 
+
                    
+
+
                    See also
                    
+
                      
+  
                    • README sections on OAuth 2.1 notes and OIDC notes
                      • 
+  
                    • Strategy classes under lib/oauth2/strategy for flow helpers
                      • 
+  
                    • Specs under spec/oauth2 for concrete usage patterns
                      • 
+
                    
+
+
                    Contributions welcome
                    
+
                      
+  
                    • If you discover provider-specific nuances, consider contributing examples or clarifications (without embedding provider-specific hacks into the library).
                      • 
+
                    
+
                    
+
+      
+
+    
                    
+  
+
\ No newline at end of file
diff --git a/docs/file.README.html b/docs/file.README.html
index 0d3fa887..8b9e4426 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -1094,6 +1094,7 @@ 
                    OpenID Connect (OIDC) Notes
                    
 
                      
   
                    • If the token response includes an id_token (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider’s JWKs to verify it.
                      • 
   
                    • For private_key_jwt client authentication, provide auth_scheme: :private_key_jwt and ensure your key configuration matches the provider requirements.
                      • 
+  
                    • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
                      • 
 
                    
 
 
                    Debugging
                    
@@ -1326,7 +1327,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index 57f29476..6ad2545d 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 4ac6b96e..cbf7242e 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                    Benefits of rubocop_gradual
                    
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 7643c7c2..ab2bfc72 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                    Enterprise Support
                    
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 4cb72ea2..e8323b83 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index ce2b14fb..fc41144f 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index f7d7750b..3d320cc3 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index 419173f9..2fc71f6e 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index 2006a7ed..e278122b 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index 734ab2bc..45ff9943 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index 81a61042..371172e2 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index 100e46f9..1726bcd5 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index a86bbff3..427761be 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index 5ca07d80..bc62af1b 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index 6eef2f43..f2100125 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 86173f0f..0a0ff053 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index 14bb9040..855f51e7 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index 0f55bc81..4f34dca7 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -72,112 +72,117 @@ 
                    File List
                    
   
   
 
-  
                  • 
+  
                  • 
+    
                    OIDC
                    
+  
                    • 
+  
+
+  
                  • 
     
                    RUBOCOP
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    SECURITY
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    LICENSE
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    CITATION
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    oauth2-2.0.10.gem
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    oauth2-2.0.11.gem
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    oauth2-2.0.12.gem
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    oauth2-2.0.13.gem
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    oauth2-2.0.10.gem
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    oauth2-2.0.11.gem
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    oauth2-2.0.12.gem
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    oauth2-2.0.13.gem
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    REEK
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    access_token
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    authenticator
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    client
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    error
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    filtered_attributes
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    response
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    strategy
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    version
                    
   
                    • 
   
 
-  
                  • 
+  
                  • 
     
                    oauth2
                    
   
                    • 
   
diff --git a/docs/index.html b/docs/index.html
index 4bdbc8bd..d304cf82 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1094,6 +1094,7 @@ 
                    OpenID Connect (OIDC) Notes
                    
 
                      
   
                    • If the token response includes an id_token (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider’s JWKs to verify it.
                      • 
   
                    • For private_key_jwt client authentication, provide auth_scheme: :private_key_jwt and ensure your key configuration matches the provider requirements.
                      • 
+  
                    • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
                      • 
 
                    
 
 
                    Debugging
                    
@@ -1326,7 +1327,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 2c7379c1..d7520621 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                    Defined Under Namespace
                    
 
 
       
diff --git a/oauth2.gemspec b/oauth2.gemspec
index f96f938a..eeeea00e 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -53,7 +53,7 @@ Gem::Specification.new do |spec|
 • Changes in this patch: #{gl_homepage}/-/blob/v#{spec.version}/CHANGELOG.md#200-2022-06-21-tag
 
 News:
-1. New documentation website: https://oauth2.galtzo.com
+1. New documentation website, including for OAuth 2.1 and OIDC: https://oauth2.galtzo.com
 2. New official Discord for discussion and support: https://discord.gg/3qme4XHNKN
 3. New org name "ruby-oauth" on Open Source Collective, GitHub, GitLab, Codeberg (update git remotes!)
 4. Non-commercial support for the 2.x series will end by April, 2026. Please make a plan to upgrade to the next version prior to that date.
@@ -103,6 +103,7 @@ Thanks, @pboling / @galtzo
     "CONTRIBUTING.md",
     "FUNDING.md",
     "LICENSE.txt",
+    "OIDC.md",
     "README.md",
     "REEK",
     "RUBOCOP.md",

From f4e2ba3239a8584d3e822c33ce45db99e8141e77 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 04:15:57 -0600
Subject: [PATCH 533/645] =?UTF-8?q?=F0=9F=93=9D=20Libraries=20built=20on?=
 =?UTF-8?q?=20top=20of=20the=20oauth2=20gem=20that=20implement=20OIDC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                                  |  1 +
 OIDC.md                                       | 15 +++++++++++-
 docs/OAuth2.html                              |  2 +-
 docs/OAuth2/AccessToken.html                  |  2 +-
 docs/OAuth2/Authenticator.html                |  2 +-
 docs/OAuth2/Client.html                       |  2 +-
 docs/OAuth2/Error.html                        |  2 +-
 docs/OAuth2/FilteredAttributes.html           |  2 +-
 .../FilteredAttributes/ClassMethods.html      |  2 +-
 docs/OAuth2/Response.html                     |  2 +-
 docs/OAuth2/Strategy.html                     |  2 +-
 docs/OAuth2/Strategy/Assertion.html           |  2 +-
 docs/OAuth2/Strategy/AuthCode.html            |  2 +-
 docs/OAuth2/Strategy/Base.html                |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |  2 +-
 docs/OAuth2/Strategy/Implicit.html            |  2 +-
 docs/OAuth2/Strategy/Password.html            |  2 +-
 docs/OAuth2/Version.html                      |  2 +-
 docs/_index.html                              |  2 +-
 docs/file.CHANGELOG.html                      | 16 ++++++++-----
 docs/file.CITATION.html                       |  2 +-
 docs/file.CODE_OF_CONDUCT.html                |  2 +-
 docs/file.CONTRIBUTING.html                   |  2 +-
 docs/file.FUNDING.html                        |  2 +-
 docs/file.LICENSE.html                        |  2 +-
 docs/file.OIDC.html                           | 23 +++++++++++++++++--
 docs/file.README.html                         |  2 +-
 docs/file.REEK.html                           |  2 +-
 docs/file.RUBOCOP.html                        |  2 +-
 docs/file.SECURITY.html                       |  2 +-
 docs/file.access_token.html                   |  2 +-
 docs/file.authenticator.html                  |  2 +-
 docs/file.client.html                         |  2 +-
 docs/file.error.html                          |  2 +-
 docs/file.filtered_attributes.html            |  2 +-
 docs/file.oauth2-2.0.10.gem.html              |  2 +-
 docs/file.oauth2-2.0.11.gem.html              |  2 +-
 docs/file.oauth2-2.0.12.gem.html              |  2 +-
 docs/file.oauth2-2.0.13.gem.html              |  2 +-
 docs/file.oauth2.html                         |  2 +-
 docs/file.response.html                       |  2 +-
 docs/file.strategy.html                       |  2 +-
 docs/file.version.html                        |  2 +-
 docs/index.html                               |  2 +-
 docs/top-level-namespace.html                 |  2 +-
 45 files changed, 87 insertions(+), 50 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index db7a8a3c..4882ff50 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - refresh token guidance for public clients,
   - simplified client definitions)
 - document how to implement an OIDC client with this gem in OIDC.md
+  - also, list libraries built on top of the oauth2 gem that implement OIDC
 ### Changed
 ### Deprecated
 ### Removed
diff --git a/OIDC.md b/OIDC.md
index 64c0e91f..2bd7c708 100644
--- a/OIDC.md
+++ b/OIDC.md
@@ -1,6 +1,19 @@
 # OpenID Connect (OIDC) with ruby-oauth/oauth2
 
-This document complements the OAuth 2.1 notes already present in the repository by focusing on OpenID Connect (OIDC) 1.0 usage patterns when using this gem as an OAuth 2.0 client library.
+## OIDC Libraries
+
+Libraries built on top of the oauth2 gem that implement OIDC.
+
+- [gamora](https://github.com/amco/gamora-rb) - OpenID Connect Relying Party for Rails apps
+- [omniauth-doximity-oauth2](https://github.com/doximity/omniauth-doximity-oauth2) - OmniAuth strategy for Doximity, supporting OIDC, and using PKCE
+- [omniauth-himari](https://github.com/sorah/himari) - OmniAuth strategy to act as OIDC RP and use [Himari](https://github.com/sorah/himari) for OP
+- [omniauth-mit-oauth2](https://github.com/MITLibraries/omniauth-mit-oauth2) - OmniAuth strategy for MIT OIDC
+
+If any other libraries would like to be added to this list, please open an issue or pull request.
+
+## Raw OIDC with ruby-oauth/oauth2
+
+This document complements the inline documentation by focusing on OpenID Connect (OIDC) 1.0 usage patterns when using this gem as an OAuth 2.0 client library.
 
 Scope of this document
 - Audience: Developers building an OAuth 2.0/OIDC Relying Party (RP, aka client) in Ruby.
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 51c9468c..29589692 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 48ef159e..40443e45 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index eb73cedb..2d8d9d58 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 28ded2f2..eb046f10 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 3b632405..b852be13 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 2b49116a..82ca2b5c 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 6c7a0789..e729ba40 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 8767f4e8..17bbd4f8 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index d7eb70c9..1117d94d 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                    Defined Under Namespace
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index bedd89d9..69264be5 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index b0ea8617..6480e47e 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index f6068df3..05d29d90 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 93baa6ba..1e935d28 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 59166027..f6a52a17 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index bc70cb06..874eacd3 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 7e67b8d5..185cbff7 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                    
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index a601b39b..0aeb681f 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -366,7 +366,7 @@ 
                    Namespace Listing A-Z
                    
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index b2588230..1800d34a 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -78,11 +78,15 @@ 
                    Added
                    
     
   
   
                  • document how to implement an OIDC client with this gem in OIDC.md
-    
                    Changed
                    
-    
                    Deprecated
                    
-    
                    Removed
                    
-    
                    Fixed
                    
-    
                    Security
                    
+    
                      
+      
                    • also, list libraries built on top of the oauth2 gem that implement OIDC
+        
                      Changed
                      
+        
                      Deprecated
                      
+        
                      Removed
                      
+        
                      Fixed
                      
+        
                      Security
                      
+      
                      • 
+    
                    
   
                    • 
 
 
@@ -1240,7 +1244,7 @@ 
                    
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 9f06c3ac..cfb8a348 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 1159e835..b734d9de 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                    Attribution
                    
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 65b15b25..47ab5b39 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ 
                    Manual process
                    
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index c0ddd2e1..8898aed1 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                    Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index d9829657..668c2ecc 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                    MIT License

                    Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                    Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                    Permission is hereby granted, free of charge, to any person obtaining a copy
                    of this software and associated documentation files (the "Software"), to deal
                    in the Software without restriction, including without limitation the rights
                    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                    copies of the Software, and to permit persons to whom the Software is
                    furnished to do so, subject to the following conditions:

                    The above copyright notice and this permission notice shall be included in all
                    copies or substantial portions of the Software.

                    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                    SOFTWARE.
                    
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 60f2e974..bba61a62 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -59,7 +59,26 @@
 
       
                    OpenID Connect (OIDC) with ruby-oauth/oauth2
                    
 
-
                    This document complements the OAuth 2.1 notes already present in the repository by focusing on OpenID Connect (OIDC) 1.0 usage patterns when using this gem as an OAuth 2.0 client library.
                    
+
                    OIDC Libraries
                    
+
+
                    Libraries built on top of the oauth2 gem that implement OIDC.
                    
+
+
+
+
                    If any other libraries would like to be added to this list, please open an issue or pull request.
                    
+
+
                    Raw OIDC with ruby-oauth/oauth2
                    
+
+
                    This document complements the inline documentation by focusing on OpenID Connect (OIDC) 1.0 usage patterns when using this gem as an OAuth 2.0 client library.
                    
 
 
                    Scope of this document
                    
 
                      
@@ -228,7 +247,7 @@
 
                    
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 8b9e4426..984b4d15 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -1327,7 +1327,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index 6ad2545d..b7f88131 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index cbf7242e..12b309de 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                    Benefits of rubocop_gradual
                    
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index ab2bfc72..72e893b1 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                    Enterprise Support
                    
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index e8323b83..0f803ede 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index fc41144f..abf4b0bc 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index 3d320cc3..04fbe9c3 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index 2fc71f6e..f6679210 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index e278122b..deb0dfd6 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index 45ff9943..4651750e 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index 371172e2..bd91a146 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index 1726bcd5..77de0097 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index 427761be..e14b7573 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index bc62af1b..ae49d83e 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index f2100125..3f4f9aee 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 0a0ff053..7efc0324 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index 855f51e7..216e9cb2 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/index.html b/docs/index.html
index d304cf82..28ad4d8b 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1327,7 +1327,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index d7520621..599b7b92 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                    Defined Under Namespace
                    
 
 
       

From 418507d63c2eb602571a77f6a66173a26d4dc092 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 04:30:07 -0600
Subject: [PATCH 534/645] =?UTF-8?q?=F0=9F=93=9D=20Add=20Example=20for=20JH?=
 =?UTF-8?q?ipster=20UAA=20Server=20Integration?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- closes https://github.com/ruby-oauth/oauth2/issues/355
---
 CHANGELOG.md                                  |  1 +
 README.md                                     | 49 ++++++++++++++++++
 docs/OAuth2.html                              |  2 +-
 docs/OAuth2/AccessToken.html                  |  2 +-
 docs/OAuth2/Authenticator.html                |  2 +-
 docs/OAuth2/Client.html                       |  2 +-
 docs/OAuth2/Error.html                        |  2 +-
 docs/OAuth2/FilteredAttributes.html           |  2 +-
 .../FilteredAttributes/ClassMethods.html      |  2 +-
 docs/OAuth2/Response.html                     |  2 +-
 docs/OAuth2/Strategy.html                     |  2 +-
 docs/OAuth2/Strategy/Assertion.html           |  2 +-
 docs/OAuth2/Strategy/AuthCode.html            |  2 +-
 docs/OAuth2/Strategy/Base.html                |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |  2 +-
 docs/OAuth2/Strategy/Implicit.html            |  2 +-
 docs/OAuth2/Strategy/Password.html            |  2 +-
 docs/OAuth2/Version.html                      |  2 +-
 docs/_index.html                              |  2 +-
 docs/file.CHANGELOG.html                      | 17 ++++---
 docs/file.CITATION.html                       |  2 +-
 docs/file.CODE_OF_CONDUCT.html                |  2 +-
 docs/file.CONTRIBUTING.html                   |  2 +-
 docs/file.FUNDING.html                        |  2 +-
 docs/file.LICENSE.html                        |  2 +-
 docs/file.OIDC.html                           |  2 +-
 docs/file.README.html                         | 51 ++++++++++++++++++-
 docs/file.REEK.html                           |  2 +-
 docs/file.RUBOCOP.html                        |  2 +-
 docs/file.SECURITY.html                       |  2 +-
 docs/file.access_token.html                   |  2 +-
 docs/file.authenticator.html                  |  2 +-
 docs/file.client.html                         |  2 +-
 docs/file.error.html                          |  2 +-
 docs/file.filtered_attributes.html            |  2 +-
 docs/file.oauth2-2.0.10.gem.html              |  2 +-
 docs/file.oauth2-2.0.11.gem.html              |  2 +-
 docs/file.oauth2-2.0.12.gem.html              |  2 +-
 docs/file.oauth2-2.0.13.gem.html              |  2 +-
 docs/file.oauth2.html                         |  2 +-
 docs/file.response.html                       |  2 +-
 docs/file.strategy.html                       |  2 +-
 docs/file.version.html                        |  2 +-
 docs/index.html                               | 51 ++++++++++++++++++-
 docs/top-level-namespace.html                 |  2 +-
 45 files changed, 199 insertions(+), 50 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4882ff50..5b78172a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - simplified client definitions)
 - document how to implement an OIDC client with this gem in OIDC.md
   - also, list libraries built on top of the oauth2 gem that implement OIDC
+- README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP
 ### Changed
 ### Deprecated
 ### Removed
diff --git a/README.md b/README.md
index 434f932c..a029a2cb 100644
--- a/README.md
+++ b/README.md
@@ -798,6 +798,55 @@ resp = access.get("/v1/things")
 access = client.password.get_token("jdoe", "s3cret", scope: "read")
 ```
 
+#### Examples
+
+
                    
+JHipster UAA (Spring Cloud) password grant example (legacy; avoid when possible)
+
+```ruby
+# This converts a Postman/Net::HTTP multipart token request to oauth2 gem usage.
+# JHipster UAA typically exposes the token endpoint at /uaa/oauth/token.
+# The original snippet included:
+# - Basic Authorization header for the client (web_app:changeit)
+# - X-XSRF-TOKEN header from a cookie (some deployments require it)
+# - grant_type=password with username/password and client_id
+# Using oauth2 gem, you don't need to build multipart bodies; the gem sends
+# application/x-www-form-urlencoded as required by RFC 6749.
+
+require "oauth2"
+
+client = OAuth2::Client.new(
+  "web_app",            # client_id
+  "changeit",           # client_secret
+  site: "http://localhost:8080/uaa",
+  token_url: "/oauth/token",      # absolute under site (or "oauth/token" relative)
+  auth_scheme: :basic_auth,         # sends HTTP Basic Authorization header
+)
+
+# If your UAA requires an XSRF header for the token call, provide it as a header.
+# Often this is not required for token endpoints, but if your gateway enforces it,
+# obtain the value from the XSRF-TOKEN cookie and pass it here.
+xsrf_token = ENV["X_XSRF_TOKEN"] # e.g., pulled from a prior set-cookie value
+
+access = client.password.get_token(
+  "admin",                 # username
+  "admin",                 # password
+  headers: xsrf_token ? {"X-XSRF-TOKEN" => xsrf_token} : {},
+  # JHipster commonly also accepts/needs the client_id in the body; include if required:
+  # client_id: "web_app",
+)
+
+puts access.token
+puts access.to_hash # full token response
+```
+
+Notes:
+- Resource Owner Password Credentials (ROPC) is deprecated in OAuth 2.1 and discouraged. Prefer Authorization Code + PKCE.
+- If your deployment strictly demands the X-XSRF-TOKEN header, first fetch it from an endpoint that sets the XSRF-TOKEN cookie (often "/" or a login page) and pass it to headers.
+- For Basic auth, auth_scheme: :basic_auth handles the Authorization header; you do not need to base64-encode manually.
+
+
                    
+
 ### Refresh Tokens
 
 When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 29589692..5ac242ac 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 40443e45..be573ceb 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 2d8d9d58..d1e8ac9b 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index eb046f10..083e6461 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index b852be13..2a1497a9 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 82ca2b5c..8eecda7f 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index e729ba40..8f462b6b 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 17bbd4f8..59b51256 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 1117d94d..a2cb9437 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                    Defined Under Namespace
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 69264be5..431c6130 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 6480e47e..eb2b5df1 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 05d29d90..b4cccf51 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 1e935d28..ae1ee71f 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index f6a52a17..89cda099 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 874eacd3..7f30be63 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 185cbff7..b77c91f2 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                    
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 0aeb681f..847f17b2 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -366,7 +366,7 @@ 
                    Namespace Listing A-Z
                    
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 1800d34a..b28f4c4b 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -79,15 +79,16 @@ 
                    Added
                    
   
   
                  • document how to implement an OIDC client with this gem in OIDC.md
     
                      
-      
                    • also, list libraries built on top of the oauth2 gem that implement OIDC
-        
                      Changed
                      
-        
                      Deprecated
                      
-        
                      Removed
                      
-        
                      Fixed
                      
-        
                      Security
                      
-      
                      • 
+      
                    • also, list libraries built on top of the oauth2 gem that implement OIDC
                      • 
     
                    
   
                    • 
+  
                  • README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP
+    
                    Changed
                    
+    
                    Deprecated
                    
+    
                    Removed
                    
+    
                    Fixed
                    
+    
                    Security
                    
+  
                    • 
 
 
 
                    
@@ -1244,7 +1245,7 @@ 
                    
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index cfb8a348..6b826eb1 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index b734d9de..f6e031d6 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                    Attribution
                    
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 47ab5b39..6b6331c4 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ 
                    Manual process
                    
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 8898aed1..40725527 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                    Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 668c2ecc..a07d6c0e 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                    MIT License

                    Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                    Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                    Permission is hereby granted, free of charge, to any person obtaining a copy
                    of this software and associated documentation files (the "Software"), to deal
                    in the Software without restriction, including without limitation the rights
                    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                    copies of the Software, and to permit persons to whom the Software is
                    furnished to do so, subject to the following conditions:

                    The above copyright notice and this permission notice shall be included in all
                    copies or substantial portions of the Software.

                    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                    SOFTWARE.
                    
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index bba61a62..6d44d273 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
                    Raw OIDC with ruby-oauth/oauth2
                    
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 984b4d15..d8f9587c 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -937,6 +937,55 @@ 
                    Common Flows (end-to-end)
                    
 
                    access = client.password.get_token("jdoe", "s3cret", scope: "read")
 
                    
 
+
                    Examples
                    
+
+
                    
+JHipster UAA (Spring Cloud) password grant example (legacy; avoid when possible)
+
+```ruby
+# This converts a Postman/Net::HTTP multipart token request to oauth2 gem usage.
+# JHipster UAA typically exposes the token endpoint at /uaa/oauth/token.
+# The original snippet included:
+# - Basic Authorization header for the client (web_app:changeit)
+# - X-XSRF-TOKEN header from a cookie (some deployments require it)
+# - grant_type=password with username/password and client_id
+# Using oauth2 gem, you don't need to build multipart bodies; the gem sends
+# application/x-www-form-urlencoded as required by RFC 6749.
+
+require "oauth2"
+
+client = OAuth2::Client.new(
+  "web_app",            # client_id
+  "changeit",           # client_secret
+  site: "http://localhost:8080/uaa",
+  token_url: "/oauth/token",      # absolute under site (or "oauth/token" relative)
+  auth_scheme: :basic_auth,         # sends HTTP Basic Authorization header
+)
+
+# If your UAA requires an XSRF header for the token call, provide it as a header.
+# Often this is not required for token endpoints, but if your gateway enforces it,
+# obtain the value from the XSRF-TOKEN cookie and pass it here.
+xsrf_token = ENV["X_XSRF_TOKEN"] # e.g., pulled from a prior set-cookie value
+
+access = client.password.get_token(
+  "admin",                 # username
+  "admin",                 # password
+  headers: xsrf_token ? => xsrf_token : {},
+  # JHipster commonly also accepts/needs the client_id in the body; include if required:
+  # client_id: "web_app",
+)
+
+puts access.token
+puts access.to_hash # full token response
+```
+
+Notes:
+- Resource Owner Password Credentials (ROPC) is deprecated in OAuth 2.1 and discouraged. Prefer Authorization Code + PKCE.
+- If your deployment strictly demands the X-XSRF-TOKEN header, first fetch it from an endpoint that sets the XSRF-TOKEN cookie (often "/" or a login page) and pass it to headers.
+- For Basic auth, auth_scheme: :basic_auth handles the Authorization header; you do not need to base64-encode manually.
+
+
                    
+
 
                    Refresh Tokens
                    
 
 
                    When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
                    
@@ -1327,7 +1376,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index b7f88131..90047ac4 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 12b309de..2b54635d 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                    Benefits of rubocop_gradual
                    
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 72e893b1..5543e445 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                    Enterprise Support
                    
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 0f803ede..f5c107c0 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index abf4b0bc..92e43342 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index 04fbe9c3..54a8ee04 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index f6679210..a67057bf 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index deb0dfd6..321800fb 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index 4651750e..f2067f05 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index bd91a146..0de82d22 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index 77de0097..a68ef53b 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index e14b7573..b709b725 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index ae49d83e..13aa7462 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index 3f4f9aee..4d995be8 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 7efc0324..4a213119 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index 216e9cb2..40991e29 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/index.html b/docs/index.html
index 28ad4d8b..d06c59d7 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -937,6 +937,55 @@ 
                    Common Flows (end-to-end)
                    
 
                    access = client.password.get_token("jdoe", "s3cret", scope: "read")
 
                    
 
+
                    Examples
                    
+
+
                    
+JHipster UAA (Spring Cloud) password grant example (legacy; avoid when possible)
+
+```ruby
+# This converts a Postman/Net::HTTP multipart token request to oauth2 gem usage.
+# JHipster UAA typically exposes the token endpoint at /uaa/oauth/token.
+# The original snippet included:
+# - Basic Authorization header for the client (web_app:changeit)
+# - X-XSRF-TOKEN header from a cookie (some deployments require it)
+# - grant_type=password with username/password and client_id
+# Using oauth2 gem, you don't need to build multipart bodies; the gem sends
+# application/x-www-form-urlencoded as required by RFC 6749.
+
+require "oauth2"
+
+client = OAuth2::Client.new(
+  "web_app",            # client_id
+  "changeit",           # client_secret
+  site: "http://localhost:8080/uaa",
+  token_url: "/oauth/token",      # absolute under site (or "oauth/token" relative)
+  auth_scheme: :basic_auth,         # sends HTTP Basic Authorization header
+)
+
+# If your UAA requires an XSRF header for the token call, provide it as a header.
+# Often this is not required for token endpoints, but if your gateway enforces it,
+# obtain the value from the XSRF-TOKEN cookie and pass it here.
+xsrf_token = ENV["X_XSRF_TOKEN"] # e.g., pulled from a prior set-cookie value
+
+access = client.password.get_token(
+  "admin",                 # username
+  "admin",                 # password
+  headers: xsrf_token ? => xsrf_token : {},
+  # JHipster commonly also accepts/needs the client_id in the body; include if required:
+  # client_id: "web_app",
+)
+
+puts access.token
+puts access.to_hash # full token response
+```
+
+Notes:
+- Resource Owner Password Credentials (ROPC) is deprecated in OAuth 2.1 and discouraged. Prefer Authorization Code + PKCE.
+- If your deployment strictly demands the X-XSRF-TOKEN header, first fetch it from an endpoint that sets the XSRF-TOKEN cookie (often "/" or a login page) and pass it to headers.
+- For Basic auth, auth_scheme: :basic_auth handles the Authorization header; you do not need to base64-encode manually.
+
+
                    
+
 
                    Refresh Tokens
                    
 
 
                    When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
                    
@@ -1327,7 +1376,7 @@ 
                    Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 599b7b92..e19df3d2 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                    Defined Under Namespace
                    
 
 
       

From 5c08737c2bbe9eba115e2ed6241a9f09f9b16854 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 04:42:00 -0600
Subject: [PATCH 535/645] =?UTF-8?q?=F0=9F=93=9D=20Document=20Mutual=20TLS?=
 =?UTF-8?q?=20(mTLS)=20usage=20with=20example=20in=20README?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- closes https://github.com/ruby-oauth/oauth2/issues/583
---
 CHANGELOG.md |  1 +
 README.md    | 57 +++++++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5b78172a..264910a0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 ### Added
 - improved documentation by @pboling
+- Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth)
 - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, such as:
   - PKCE required for auth code,
   - exact redirect URI match,
diff --git a/README.md b/README.md
index a029a2cb..5ea07326 100644
--- a/README.md
+++ b/README.md
@@ -913,7 +913,55 @@ access.revoke(token_type_hint: :refresh_token)
 
 ### Client Configuration Tips
 
-- Authentication schemes for the token request:
+#### Mutual TLS (mTLS) client authentication
+
+Some providers require OAuth requests (including the token request and subsequent API calls) to be sender‑constrained using mutual TLS (mTLS). With this gem, you enable mTLS by providing a client certificate/private key to Faraday via connection_opts.ssl and, if your provider requires it for client authentication, selecting the tls_client_auth auth_scheme.
+
+Example using PEM files (certificate and key):
+
+```ruby
+require "oauth2"
+require "openssl"
+
+client = OAuth2::Client.new(
+  ENV.fetch("https://github.com/CLIENT_ID"),
+  ENV.fetch("https://github.com/CLIENT_SECRET"),
+  site: "https://example.com/",
+  authorize_url: "/oauth/authorize/",
+  token_url: "/oauth/token/",
+  auth_scheme: :tls_client_auth, # if your AS requires mTLS-based client authentication
+  connection_opts: {
+    ssl: {
+      client_cert: OpenSSL::X509::Certificate.new(File.read("localhost.pem")),
+      client_key: OpenSSL::PKey::RSA.new(File.read("localhost-key.pem")),
+      # Optional extras, uncomment as needed:
+      # ca_file: "/path/to/ca-bundle.pem",   # custom CA(s)
+      # verify: true                           # enable server cert verification (recommended)
+    },
+  },
+)
+
+# Example token request (any grant type can be used). The mTLS handshake
+# will occur automatically on HTTPS calls using the configured cert/key.
+access = client.client_credentials.get_token
+
+# Subsequent resource requests will also use mTLS on HTTPS endpoints of `site`:
+resp = access.get("/v1/protected")
+```
+
+Notes:
+- Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to OpenSSL::PKey::RSA.new(File.read(path), ENV["KEY_PASSWORD"]).
+- If your certificate and key are in a PKCS#12/PFX bundle, you can load them like:
+  - p12 = OpenSSL::PKCS12.new(File.read("client.p12"), ENV["P12_PASSWORD"])
+  - client_cert = p12.certificate; client_key = p12.key
+- Server trust:
+  - If your environment does not have system CAs, specify ca_file or ca_path inside the ssl: hash.
+  - Keep verify: true in production. Set verify: false only for local testing.
+- Faraday adapter: Any adapter that supports Ruby’s OpenSSL should work. net_http (default) and net_http_persistent are common choices.
+- Scope of mTLS: The SSL client cert is applied to any HTTPS request made by this client (token and resource requests) to the configured site base URL (and absolute URLs you call with the same client).
+- OIDC tie-in: Some OPs require tls_client_auth at the token endpoint per OIDC/OAuth specifications. That is enabled via auth_scheme: :tls_client_auth as shown above.
+
+#### Authentication schemes for the token request
 
 ```ruby
 OAuth2::Client.new(
@@ -924,7 +972,7 @@ OAuth2::Client.new(
 )
 ```
 
-- Faraday connection, timeouts, proxy, custom adapter/middleware:
+#### Faraday connection, timeouts, proxy, custom adapter/middleware:
 
 ```ruby
 client = OAuth2::Client.new(
@@ -943,7 +991,10 @@ client = OAuth2::Client.new(
 end
 ```
 
-- Redirection: The library follows up to `max_redirects` (default 5). You can override per-client via `options[:max_redirects]`.
+#### Redirection
+
+The library follows up to `max_redirects` (default 5).
+You can override per-client via `options[:max_redirects]`.
 
 ### Handling Responses and Errors
 

From d16d8a0dd36523a4713dae7cddca78eb570fa745 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 05:01:00 -0600
Subject: [PATCH 536/645] =?UTF-8?q?=E2=9C=85=20Documentation=20with=20Exam?=
 =?UTF-8?q?ple=20for=20Flat=20Params=20Usage,=20with=20specs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- closes https://github.com/ruby-oauth/oauth2/issues/221
---
 .rubocop_gradual.lock                         |   2 +-
 CHANGELOG.md                                  |   2 +
 README.md                                     |  42 +++++++
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              |   2 +-
 docs/file.CHANGELOG.html                      |   5 +-
 docs/file.CITATION.html                       |   2 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           |   2 +-
 docs/file.README.html                         | 108 ++++++++++++++++--
 docs/file.REEK.html                           |   2 +-
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   2 +-
 docs/file.access_token.html                   |   2 +-
 docs/file.authenticator.html                  |   2 +-
 docs/file.client.html                         |   2 +-
 docs/file.error.html                          |   2 +-
 docs/file.filtered_attributes.html            |   2 +-
 docs/file.oauth2-2.0.10.gem.html              |   2 +-
 docs/file.oauth2-2.0.11.gem.html              |   2 +-
 docs/file.oauth2-2.0.12.gem.html              |   2 +-
 docs/file.oauth2-2.0.13.gem.html              |   2 +-
 docs/file.oauth2.html                         |   2 +-
 docs/file.response.html                       |   2 +-
 docs/file.strategy.html                       |   2 +-
 docs/file.version.html                        |   2 +-
 docs/index.html                               | 108 ++++++++++++++++--
 docs/top-level-namespace.html                 |   2 +-
 spec/oauth2/client_spec.rb                    |  31 +++++
 47 files changed, 320 insertions(+), 58 deletions(-)

diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index 9e178ebe..9e7f646c 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -34,7 +34,7 @@
     [69, 15, 38, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1480816240],
     [79, 13, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2314399065]
   ],
-  "spec/oauth2/client_spec.rb:292714281": [
+  "spec/oauth2/client_spec.rb:2143306493": [
     [6, 1, 29, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/client*_spec.rb`.", 439549885],
     [175, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224],
     [194, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205],
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 264910a0..88c942ea 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - improved documentation by @pboling
 - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth)
+- Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README
+- Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)
 - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, such as:
   - PKCE required for auth code,
   - exact redirect URI match,
diff --git a/README.md b/README.md
index 5ea07326..40ec87b4 100644
--- a/README.md
+++ b/README.md
@@ -991,6 +991,48 @@ client = OAuth2::Client.new(
 end
 ```
 
+##### Using flat query params (Faraday::FlatParamsEncoder)
+
+Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
+
+```ruby
+require "faraday"
+
+client = OAuth2::Client.new(
+  id,
+  secret,
+  site: "https://api.example.com/",
+  # Pass Faraday connection options to make FlatParamsEncoder the default
+  connection_opts: {
+    request: {params_encoder: Faraday::FlatParamsEncoder},
+  },
+) do |faraday|
+  faraday.request(:url_encoded)
+  faraday.adapter(:net_http)
+end
+
+access = client.client_credentials.get_token
+
+# Example of a GET with two flat filter params (not an array):
+# Results in: ?filter=order.clientCreatedTime%3E1445006997000&filter=order.clientCreatedTime%3C1445611797000
+resp = access.get(
+  "/v1/orders",
+  params: {
+    # Provide the values as an array; FlatParamsEncoder expands them as repeated keys
+    filter: [
+      "order.clientCreatedTime>1445006997000",
+      "order.clientCreatedTime<1445611797000",
+    ],
+  },
+)
+```
+
+If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:
+
+```ruby
+conn = Faraday.new("https://api.example.com/", request: {params_encoder: Faraday::FlatParamsEncoder})
+```
+
 #### Redirection
 
 The library follows up to `max_redirects` (default 5).
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 5ac242ac..c86bff71 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index be573ceb..7212e270 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index d1e8ac9b..1fb60f7a 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 083e6461..359ce495 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 2a1497a9..13889173 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 8eecda7f..29e84587 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 8f462b6b..48dfc2fb 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 59b51256..e2671de9 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index a2cb9437..2a3c3b80 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                    Defined Under Namespace
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 431c6130..3a28ccf1 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index eb2b5df1..c600087b 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index b4cccf51..309f3020 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index ae1ee71f..80e3c054 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 89cda099..8c2b73e8 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 7f30be63..28d25a19 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index b77c91f2..de21a700 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                    
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 847f17b2..8cc10983 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -366,7 +366,7 @@ 
                    Namespace Listing A-Z
                    
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index b28f4c4b..61e1d9ba 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -67,6 +67,9 @@ 
                    Added
                    
 
                      
   
                    • improved documentation by @pboling
                      • 
+  
                    • Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth)
                      • 
+  
                    • Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README
                      • 
+  
                    • Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)
                      • 
   
                    • documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, such as:
     
                        
       
                      • PKCE required for auth code,
                        • 
@@ -1245,7 +1248,7 @@ 
                        
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 6b826eb1..571eccfa 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index f6e031d6..b68c6647 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                        Attribution
                        
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 6b6331c4..33182acd 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ 
                        Manual process
                        
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 40725527..60c5082a 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                        Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index a07d6c0e..0cecdb01 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                        MIT License

                        Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                        Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                        Permission is hereby granted, free of charge, to any person obtaining a copy
                        of this software and associated documentation files (the "Software"), to deal
                        in the Software without restriction, including without limitation the rights
                        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                        copies of the Software, and to permit persons to whom the Software is
                        furnished to do so, subject to the following conditions:

                        The above copyright notice and this permission notice shall be included in all
                        copies or substantial portions of the Software.

                        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                        SOFTWARE.
                        
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 6d44d273..e6c66e82 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
                        Raw OIDC with ruby-oauth/oauth2
                        
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index d8f9587c..893af48b 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -1053,10 +1053,63 @@ 
                        Token Revocation (RFC 7009)
                        
 
 
                        Client Configuration Tips
                        
 
+
                        Mutual TLS (mTLS) client authentication
                        
+
+
                        Some providers require OAuth requests (including the token request and subsequent API calls) to be sender‑constrained using mutual TLS (mTLS). With this gem, you enable mTLS by providing a client certificate/private key to Faraday via connection_opts.ssl and, if your provider requires it for client authentication, selecting the tls_client_auth auth_scheme.
                        
+
+
                        Example using PEM files (certificate and key):
                        
+
+
                        require "oauth2"
+require "openssl"
+
+client = OAuth2::Client.new(
+  ENV.fetch("CLIENT_ID"),
+  ENV.fetch("CLIENT_SECRET"),
+  site: "https://example.com",
+  authorize_url: "/oauth/authorize/",
+  token_url: "/oauth/token/",
+  auth_scheme: :tls_client_auth, # if your AS requires mTLS-based client authentication
+  connection_opts: {
+    ssl: {
+      client_cert: OpenSSL::X509::Certificate.new(File.read("localhost.pem")),
+      client_key: OpenSSL::PKey::RSA.new(File.read("localhost-key.pem")),
+      # Optional extras, uncomment as needed:
+      # ca_file: "/path/to/ca-bundle.pem",   # custom CA(s)
+      # verify: true                           # enable server cert verification (recommended)
+    },
+  },
+)
+
+# Example token request (any grant type can be used). The mTLS handshake
+# will occur automatically on HTTPS calls using the configured cert/key.
+access = client.client_credentials.get_token
+
+# Subsequent resource requests will also use mTLS on HTTPS endpoints of `site`:
+resp = access.get("/v1/protected")
+
                        
+
+
                        Notes:
                        
 
                          
-  
                        • Authentication schemes for the token request:
                          • 
+  
                        • Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to OpenSSL::PKey::RSA.new(File.read(path), ENV[“KEY_PASSWORD”]).
                          • 
+  
                        • If your certificate and key are in a PKCS#12/PFX bundle, you can load them like:
+    
                            
+      
                          • p12 = OpenSSL::PKCS12.new(File.read(“client.p12”), ENV[“P12_PASSWORD”])
                            • 
+      
                          • client_cert = p12.certificate; client_key = p12.key
                            • 
+    
                          
+  
                          • 
+  
                        • Server trust:
+    
                            
+      
                          • If your environment does not have system CAs, specify ca_file or ca_path inside the ssl: hash.
                            • 
+      
                          • Keep verify: true in production. Set verify: false only for local testing.
                            • 
+    
                          
+  
                          • 
+  
                        • Faraday adapter: Any adapter that supports Ruby’s OpenSSL should work. net_http (default) and net_http_persistent are common choices.
                          • 
+  
                        • Scope of mTLS: The SSL client cert is applied to any HTTPS request made by this client (token and resource requests) to the configured site base URL (and absolute URLs you call with the same client).
                          • 
+  
                        • OIDC tie-in: Some OPs require tls_client_auth at the token endpoint per OIDC/OAuth specifications. That is enabled via auth_scheme: :tls_client_auth as shown above.
                          • 
 
                        
 
+
                        Authentication schemes for the token request
                        
+
 
                        OAuth2::Client.new(
   id,
   secret,
@@ -1065,9 +1118,7 @@ 
                        Client Configuration Tips
                        
 )
 
                        
 
-
                          
-  
                        • Faraday connection, timeouts, proxy, custom adapter/middleware:
                          • 
-
                        
+
                        Faraday connection, timeouts, proxy, custom adapter/middleware:
                        
 
 
                        client = OAuth2::Client.new(
   id,
@@ -1085,9 +1136,50 @@ 
                        Client Configuration Tips
                        
 end
 
                        
 
-
                          
-  
                        • Redirection: The library follows up to max_redirects (default 5). You can override per-client via options[:max_redirects].
                          • 
-
                        
+
                        Using flat query params (Faraday::FlatParamsEncoder)
                        
+
+
                        Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
                        
+
+
                        require "faraday"
+
+client = OAuth2::Client.new(
+  id,
+  secret,
+  site: "https://api.example.com",
+  # Pass Faraday connection options to make FlatParamsEncoder the default
+  connection_opts: {
+    request: {params_encoder: Faraday::FlatParamsEncoder},
+  },
+) do |faraday|
+  faraday.request(:url_encoded)
+  faraday.adapter(:net_http)
+end
+
+access = client.client_credentials.get_token
+
+# Example of a GET with two flat filter params (not an array):
+# Results in: ?filter=order.clientCreatedTime%3E1445006997000&filter=order.clientCreatedTime%3C1445611797000
+resp = access.get(
+  "/v1/orders",
+  params: {
+    # Provide the values as an array; FlatParamsEncoder expands them as repeated keys
+    filter: [
+      "order.clientCreatedTime>1445006997000",
+      "order.clientCreatedTime<1445611797000",
+    ],
+  },
+)
+
                        
+
+
                        If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:
                        
+
+
                        conn = Faraday.new("https://api.example.com", request: {params_encoder: Faraday::FlatParamsEncoder})
+
                        
+
+
                        Redirection
                        
+
+
                        The library follows up to max_redirects (default 5).
                        
+You can override per-client via options[:max_redirects].
                        
 
 
                        Handling Responses and Errors
                        
 
@@ -1376,7 +1468,7 @@ 
                        Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index 90047ac4..b064d230 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 2b54635d..ee1b3370 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                        Benefits of rubocop_gradual
                        
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 5543e445..53ad1d22 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -113,7 +113,7 @@ 
                        Enterprise Support
                        
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index f5c107c0..e947e9b5 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index 92e43342..b55ae39b 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index 54a8ee04..0b92d6ca 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index a67057bf..8548b09b 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index 321800fb..83557a79 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index f2067f05..2ffc9eda 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index 0de82d22..da2c6757 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index a68ef53b..340caa14 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index b709b725..d18bc2e8 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index 13aa7462..4f8019ea 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index 4d995be8..e148314f 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 4a213119..1bda5575 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index 40991e29..59dd25c8 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/index.html b/docs/index.html
index d06c59d7..9230e816 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1053,10 +1053,63 @@ 
                        Token Revocation (RFC 7009)
                        
 
 
                        Client Configuration Tips
                        
 
+
                        Mutual TLS (mTLS) client authentication
                        
+
+
                        Some providers require OAuth requests (including the token request and subsequent API calls) to be sender‑constrained using mutual TLS (mTLS). With this gem, you enable mTLS by providing a client certificate/private key to Faraday via connection_opts.ssl and, if your provider requires it for client authentication, selecting the tls_client_auth auth_scheme.
                        
+
+
                        Example using PEM files (certificate and key):
                        
+
+
                        require "oauth2"
+require "openssl"
+
+client = OAuth2::Client.new(
+  ENV.fetch("CLIENT_ID"),
+  ENV.fetch("CLIENT_SECRET"),
+  site: "https://example.com",
+  authorize_url: "/oauth/authorize/",
+  token_url: "/oauth/token/",
+  auth_scheme: :tls_client_auth, # if your AS requires mTLS-based client authentication
+  connection_opts: {
+    ssl: {
+      client_cert: OpenSSL::X509::Certificate.new(File.read("localhost.pem")),
+      client_key: OpenSSL::PKey::RSA.new(File.read("localhost-key.pem")),
+      # Optional extras, uncomment as needed:
+      # ca_file: "/path/to/ca-bundle.pem",   # custom CA(s)
+      # verify: true                           # enable server cert verification (recommended)
+    },
+  },
+)
+
+# Example token request (any grant type can be used). The mTLS handshake
+# will occur automatically on HTTPS calls using the configured cert/key.
+access = client.client_credentials.get_token
+
+# Subsequent resource requests will also use mTLS on HTTPS endpoints of `site`:
+resp = access.get("/v1/protected")
+
                        
+
+
                        Notes:
                        
 
                          
-  
                        • Authentication schemes for the token request:
                          • 
+  
                        • Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to OpenSSL::PKey::RSA.new(File.read(path), ENV[“KEY_PASSWORD”]).
                          • 
+  
                        • If your certificate and key are in a PKCS#12/PFX bundle, you can load them like:
+    
                            
+      
                          • p12 = OpenSSL::PKCS12.new(File.read(“client.p12”), ENV[“P12_PASSWORD”])
                            • 
+      
                          • client_cert = p12.certificate; client_key = p12.key
                            • 
+    
                          
+  
                          • 
+  
                        • Server trust:
+    
                            
+      
                          • If your environment does not have system CAs, specify ca_file or ca_path inside the ssl: hash.
                            • 
+      
                          • Keep verify: true in production. Set verify: false only for local testing.
                            • 
+    
                          
+  
                          • 
+  
                        • Faraday adapter: Any adapter that supports Ruby’s OpenSSL should work. net_http (default) and net_http_persistent are common choices.
                          • 
+  
                        • Scope of mTLS: The SSL client cert is applied to any HTTPS request made by this client (token and resource requests) to the configured site base URL (and absolute URLs you call with the same client).
                          • 
+  
                        • OIDC tie-in: Some OPs require tls_client_auth at the token endpoint per OIDC/OAuth specifications. That is enabled via auth_scheme: :tls_client_auth as shown above.
                          • 
 
                        
 
+
                        Authentication schemes for the token request
                        
+
 
                        OAuth2::Client.new(
   id,
   secret,
@@ -1065,9 +1118,7 @@ 
                        Client Configuration Tips
                        
 )
 
                        
 
-
                          
-  
                        • Faraday connection, timeouts, proxy, custom adapter/middleware:
                          • 
-
                        
+
                        Faraday connection, timeouts, proxy, custom adapter/middleware:
                        
 
 
                        client = OAuth2::Client.new(
   id,
@@ -1085,9 +1136,50 @@ 
                        Client Configuration Tips
                        
 end
 
                        
 
-
                          
-  
                        • Redirection: The library follows up to max_redirects (default 5). You can override per-client via options[:max_redirects].
                          • 
-
                        
+
                        Using flat query params (Faraday::FlatParamsEncoder)
                        
+
+
                        Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
                        
+
+
                        require "faraday"
+
+client = OAuth2::Client.new(
+  id,
+  secret,
+  site: "https://api.example.com",
+  # Pass Faraday connection options to make FlatParamsEncoder the default
+  connection_opts: {
+    request: {params_encoder: Faraday::FlatParamsEncoder},
+  },
+) do |faraday|
+  faraday.request(:url_encoded)
+  faraday.adapter(:net_http)
+end
+
+access = client.client_credentials.get_token
+
+# Example of a GET with two flat filter params (not an array):
+# Results in: ?filter=order.clientCreatedTime%3E1445006997000&filter=order.clientCreatedTime%3C1445611797000
+resp = access.get(
+  "/v1/orders",
+  params: {
+    # Provide the values as an array; FlatParamsEncoder expands them as repeated keys
+    filter: [
+      "order.clientCreatedTime>1445006997000",
+      "order.clientCreatedTime<1445611797000",
+    ],
+  },
+)
+
                        
+
+
                        If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:
                        
+
+
                        conn = Faraday.new("https://api.example.com", request: {params_encoder: Faraday::FlatParamsEncoder})
+
                        
+
+
                        Redirection
                        
+
+
                        The library follows up to max_redirects (default 5).
                        
+You can override per-client via options[:max_redirects].
                        
 
 
                        Handling Responses and Errors
                        
 
@@ -1376,7 +1468,7 @@ 
                        Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index e19df3d2..804b5068 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                        Defined Under Namespace
                        
 
 
       
diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb
index 31590250..741e7568 100644
--- a/spec/oauth2/client_spec.rb
+++ b/spec/oauth2/client_spec.rb
@@ -1339,6 +1339,37 @@ def self.contains_token?(hash)
     end
   end
 
+  context "when using Faraday::FlatParamsEncoder" do
+    before do
+      skip("Faraday::FlatParamsEncoder not available in this Faraday version") unless defined?(Faraday::FlatParamsEncoder)
+    end
+
+    it "does not discard repeated params and encodes them as flat keys" do
+      client = stubbed_client(connection_opts: {request: {params_encoder: Faraday::FlatParamsEncoder}}) do |stub|
+        stub.get("/v1/orders") do |env|
+          # Query string should contain two repeated filter keys with encoded operators
+          qs = env.url.query.to_s
+          expect(qs).to include("filter=order.clientCreatedTime%3E1445006997000")
+          expect(qs).to include("filter=order.clientCreatedTime%3C1445611797000")
+          # Ensure both occurrences exist (not collapsed)
+          expect(qs.scan(/\bfilter=/).size).to be >= 2
+          [200, {"Content-Type" => "application/json"}, JSON.dump({ok: true})]
+        end
+      end
+
+      token = OAuth2::AccessToken.new(client, "token123")
+      token.get(
+        "/v1/orders",
+        params: {
+          filter: [
+            "order.clientCreatedTime>1445006997000",
+            "order.clientCreatedTime<1445611797000",
+          ],
+        },
+      )
+    end
+  end
+
   def stubbed_client(params = {}, &stubs)
     params = {site: "https://api.example.com/"}.merge(params)
     OAuth2::Client.new("abc", "def", params) do |builder|

From a3c2e63906dedb3476a0ce71e5707a4790da737b Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 05:12:21 -0600
Subject: [PATCH 537/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20kettle-dev=20v1.0.?=
 =?UTF-8?q?24?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/oauth2.iml | 2 +-
 Gemfile.lock     | 4 ++--
 oauth2.gemspec   | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index 52e08626..5c3d6b0d 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -51,7 +51,7 @@
     
     
     
-    
+    
     
     
     
diff --git a/Gemfile.lock b/Gemfile.lock
index b5941c10..23b87d4d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -100,7 +100,7 @@ GEM
     json (2.13.2)
     jwt (3.1.2)
       base64
-    kettle-dev (1.0.23)
+    kettle-dev (1.0.24)
       appraisal2 (~> 3.0)
       bundler-audit (~> 0.9.2)
       gitmoji-regex (~> 1.0, >= 1.0.3)
@@ -334,7 +334,7 @@ DEPENDENCIES
   benchmark (~> 0.4, >= 0.4.1)
   debug (>= 1.0.0)
   gem_bench (~> 2.0, >= 2.0.5)
-  kettle-dev (~> 1.0, >= 1.0.23)
+  kettle-dev (~> 1.0, >= 1.0.24)
   kettle-soup-cover (~> 1.0, >= 1.0.10)
   kramdown (~> 2.5, >= 2.5.1)
   kramdown-parser-gfm (~> 1.1)
diff --git a/oauth2.gemspec b/oauth2.gemspec
index eeeea00e..9c8bf0c8 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -151,7 +151,7 @@ Thanks, @pboling / @galtzo
   # Dev, Test, & Release Tasks
   spec.add_development_dependency("addressable", "~> 2.8", ">= 2.8.7")  # ruby >= 2.2
   spec.add_development_dependency("backports", "~> 3.25", ">= 3.25.1")  # ruby >= 0
-  spec.add_development_dependency("kettle-dev", "~> 1.0", ">= 1.0.23")  # ruby >= 2.3
+  spec.add_development_dependency("kettle-dev", "~> 1.0", ">= 1.0.24")  # ruby >= 2.3
   spec.add_development_dependency("nkf", "~> 0.2")                      # ruby >= 2.3
   spec.add_development_dependency("rexml", "~> 3.2", ">= 3.2.5")        # ruby >= 0
 end

From c6857e99d3e8ba07808f5346efd74e4f0f41e464 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 05:24:45 -0600
Subject: [PATCH 538/645] =?UTF-8?q?=F0=9F=8E=A8=20kettle-dev=20v1.0.24=20t?=
 =?UTF-8?q?emplate=20updates?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 16 ++++++++++++++--
 README.md    |  2 +-
 Rakefile     |  2 +-
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 88c942ea..f71776bc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,20 @@
 # Changelog
+
+[![SemVer 2.0.0][📌semver-img]][📌semver] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog]
+
 All notable changes to this project will be documented in this file.
 
-The format (since v2) is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+The format is based on [Keep a Changelog][📗keep-changelog],
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html),
+and [yes][📌major-versions-not-sacred], platform and engine support are part of the [public API][📌semver-breaking].
+Please file a bug if you notice a violation of semantic versioning.
+
+[📌semver]: https://semver.org/spec/v2.0.0.html
+[📌semver-img]: https://img.shields.io/badge/semver-2.0.0-FFDD67.svg?style=flat
+[📌semver-breaking]: https://github.com/semver/semver/issues/716#issuecomment-869336139
+[📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html
+[📗keep-changelog]: https://keepachangelog.com/en/1.0.0/
+[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-FFDD67.svg?style=flat
 
 ## [Unreleased]
 ### Added
diff --git a/README.md b/README.md
index 40ec87b4..f7c2449c 100644
--- a/README.md
+++ b/README.md
@@ -1337,7 +1337,7 @@ Thanks for RTFM. ☺️
 [🚂maint-contact-img]: https://img.shields.io/badge/Contact-Maintainer-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red
 [💖🖇linkedin]: http://www.linkedin.com/in/peterboling
 [💖🖇linkedin-img]: https://img.shields.io/badge/PeterBoling-LinkedIn-0B66C2?style=flat&logo=newjapanprowrestling
-[💖✌️wellfound]: https://wellfound.com/u/peter-boling/u/peter-boling
+[💖✌️wellfound]: https://wellfound.com/u/peter-boling
 [💖✌️wellfound-img]: https://img.shields.io/badge/peter--boling-orange?style=flat&logo=wellfound
 [💖💲crunchbase]: https://www.crunchbase.com/person/peter-boling
 [💖💲crunchbase-img]: https://img.shields.io/badge/peter--boling-purple?style=flat&logo=crunchbase
diff --git a/Rakefile b/Rakefile
index 89411e7e..249ef930 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# kettle-dev Rakefile v1.0.23 - 2025-08-30
+# kettle-dev Rakefile v1.0.24 - 2025-08-31
 # Ruby 2.3 (Safe Navigation) or higher required
 #
 # MIT License (see License.txt)

From 44ad10996dd27fcf7062c10ec6e38e447457681a Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 31 Aug 2025 05:28:53 -0600
Subject: [PATCH 539/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=20v2.0?=
 =?UTF-8?q?.14?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                                  | 233 +++++++++---------
 Gemfile.lock                                  |   2 +-
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   4 +-
 docs/_index.html                              |   2 +-
 docs/file.CHANGELOG.html                      |  58 +++--
 docs/file.CITATION.html                       |   2 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           |   2 +-
 docs/file.README.html                         |   4 +-
 docs/file.REEK.html                           |   2 +-
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   2 +-
 docs/file.access_token.html                   |   2 +-
 docs/file.authenticator.html                  |   2 +-
 docs/file.client.html                         |   2 +-
 docs/file.error.html                          |   2 +-
 docs/file.filtered_attributes.html            |   2 +-
 docs/file.oauth2-2.0.10.gem.html              |   2 +-
 docs/file.oauth2-2.0.11.gem.html              |   2 +-
 docs/file.oauth2-2.0.12.gem.html              |   2 +-
 docs/file.oauth2-2.0.13.gem.html              |   2 +-
 docs/file.oauth2.html                         |   2 +-
 docs/file.response.html                       |   2 +-
 docs/file.strategy.html                       |   2 +-
 docs/file.version.html                        |   2 +-
 docs/index.html                               |   4 +-
 docs/top-level-namespace.html                 |   2 +-
 lib/oauth2/version.rb                         |   2 +-
 46 files changed, 204 insertions(+), 181 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f71776bc..0992a918 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,25 +18,32 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ## [Unreleased]
 ### Added
+### Changed
+### Deprecated
+### Removed
+### Fixed
+### Security
+
+## [2.0.14] - 2025-08-31
+- TAG: [v2.0.14][2.0.14t]
+- COVERAGE: 100.00% -- 519/519 lines in 14 files
+- BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files
+- 90.48% documented
+### Added
 - improved documentation by @pboling
-- Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth)
-- Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README
-- Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)
-- documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, such as:
+- Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
+- Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling
+- Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder) by @pboling
+- documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, such as: by @pboling
   - PKCE required for auth code,
   - exact redirect URI match,
   - implicit/password grants omitted,
   - avoid bearer tokens in query,
   - refresh token guidance for public clients,
   - simplified client definitions)
-- document how to implement an OIDC client with this gem in OIDC.md
+- document how to implement an OIDC client with this gem in OIDC.md by @pboling
   - also, list libraries built on top of the oauth2 gem that implement OIDC
-- README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP
-### Changed
-### Deprecated
-### Removed
-### Fixed
-### Security
+- README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
 
 ## [2.0.13] - 2025-08-30
 - TAG: [v2.0.13][2.0.13t]
@@ -627,106 +634,108 @@ Please file a bug if you notice a violation of semantic versioning.
 
 [gemfiles/readme]: gemfiles/README.md
 
-[Unreleased]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.12...HEAD
-[0.0.1]: https://github.com/ruby-oauth/oauth2/compare/311d9f4...v0.0.1
-[0.0.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.1
-[0.0.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.1...v0.0.2
-[0.0.2t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.2
-[0.0.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.2...v0.0.3
-[0.0.3t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.3
-[0.0.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.3...v0.0.4
-[0.0.4t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.4
-[0.0.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.4...v0.0.5
-[0.0.5t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.5
-[0.0.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.5...v0.0.6
-[0.0.6t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.6
-[0.0.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.6...v0.0.7
-[0.0.7t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.7
-[0.0.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.7...v0.0.8
-[0.0.8t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.8
-[0.0.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.8...v0.0.9
-[0.0.9t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.9
-[0.0.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.9...v0.0.10
-[0.0.10t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.10
-[0.0.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.10...v0.0.11
-[0.0.11t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.11
-[0.0.12]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.11...v0.0.12
-[0.0.12t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.12
-[0.0.13]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.12...v0.0.13
-[0.0.13t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.13
-[0.1.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.13...v0.1.0
-[0.1.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.1.0
-[0.1.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.1.0...v0.1.1
-[0.1.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.1.1
-[0.2.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.1.1...v0.2.0
-[0.2.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.2.0
-[0.3.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.2.0...v0.3.0
-[0.3.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.3.0
-[0.4.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.3.0...v0.4.0
-[0.4.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.4.0
-[0.4.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.4.0...v0.4.1
-[0.4.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.4.1
-[0.5.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.4.1...v0.5.0
-[0.5.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.5.0
-[1.0.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.9.4...v1.0.0
-[1.0.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.0.0
-[1.1.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.0.0...v1.1.0
-[1.1.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.1.0
-[1.2.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.1.0...v1.2.0
-[1.2.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.2.0
-[1.3.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.2.0...v1.3.0
-[1.3.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.3.0
-[1.3.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.3.0...v1.3.1
-[1.3.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.3.1
-[1.4.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.3.1...v1.4.0
-[1.4.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.0
-[1.4.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.0...v1.4.1
-[1.4.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.1
-[1.4.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.1...v1.4.2
-[1.4.2t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.2
-[1.4.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.2...v1.4.3
-[1.4.3t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.3
-[1.4.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.3...v1.4.4
-[1.4.4t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.4
-[1.4.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.4...v1.4.5
-[1.4.5t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.5
-[1.4.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.5...v1.4.6
-[1.4.6t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.6
-[1.4.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.6...v1.4.7
-[1.4.7t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.7
-[1.4.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.7...v1.4.8
-[1.4.8t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.8
-[1.4.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.8...v1.4.9
-[1.4.9t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.9
-[1.4.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.9...v1.4.10
-[1.4.10t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.10
-[1.4.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.10...v1.4.11
-[1.4.11t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.11
-[2.0.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.11...v2.0.0
-[2.0.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.0
-[2.0.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.0...v2.0.1
-[2.0.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.1
-[2.0.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.1...v2.0.2
-[2.0.2t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.2
-[2.0.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.2...v2.0.3
-[2.0.3t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.3
-[2.0.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.3...v2.0.4
-[2.0.4t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.4
-[2.0.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.4...v2.0.5
-[2.0.5t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.5
-[2.0.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.5...v2.0.6
-[2.0.6t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.6
-[2.0.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.6...v2.0.7
-[2.0.7t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.7
-[2.0.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.7...v2.0.8
-[2.0.8t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.8
-[2.0.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.8...v2.0.9
-[2.0.9t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.9
-[2.0.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.9...v2.0.10
-[2.0.10t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.10
-[2.0.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.10...v2.0.11
-[2.0.11t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.11
-[2.0.12]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.11...v2.0.12
-[2.0.12t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.12
+[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.14...HEAD
+[2.0.14]: https://github.com/ruby-oauth/oauth2/compare/v2.0.13...v2.0.14
+[2.0.14t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.14
 [2.0.13]: https://github.com/ruby-oauth/oauth2/compare/v2.0.12...v2.0.13
 [2.0.13t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.13
+[2.0.12]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.11...v2.0.12
+[2.0.12t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.12
+[2.0.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.10...v2.0.11
+[2.0.11t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.11
+[2.0.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.9...v2.0.10
+[2.0.10t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.10
+[2.0.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.8...v2.0.9
+[2.0.9t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.9
+[2.0.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.7...v2.0.8
+[2.0.8t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.8
+[2.0.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.6...v2.0.7
+[2.0.7t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.7
+[2.0.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.5...v2.0.6
+[2.0.6t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.6
+[2.0.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.4...v2.0.5
+[2.0.5t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.5
+[2.0.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.3...v2.0.4
+[2.0.4t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.4
+[2.0.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.2...v2.0.3
+[2.0.3t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.3
+[2.0.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.1...v2.0.2
+[2.0.2t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.2
+[2.0.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v2.0.0...v2.0.1
+[2.0.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.1
+[2.0.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.11...v2.0.0
+[2.0.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.0
+[1.4.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.10...v1.4.11
+[1.4.11t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.11
+[1.4.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.9...v1.4.10
+[1.4.10t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.10
+[1.4.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.8...v1.4.9
+[1.4.9t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.9
+[1.4.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.7...v1.4.8
+[1.4.8t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.8
+[1.4.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.6...v1.4.7
+[1.4.7t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.7
+[1.4.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.5...v1.4.6
+[1.4.6t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.6
+[1.4.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.4...v1.4.5
+[1.4.5t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.5
+[1.4.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.3...v1.4.4
+[1.4.4t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.4
+[1.4.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.2...v1.4.3
+[1.4.3t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.3
+[1.4.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.1...v1.4.2
+[1.4.2t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.2
+[1.4.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.4.0...v1.4.1
+[1.4.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.1
+[1.4.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.3.1...v1.4.0
+[1.4.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.4.0
+[1.3.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.3.0...v1.3.1
+[1.3.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.3.1
+[1.3.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.2.0...v1.3.0
+[1.3.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.3.0
+[1.2.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.1.0...v1.2.0
+[1.2.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.2.0
+[1.1.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v1.0.0...v1.1.0
+[1.1.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.1.0
+[1.0.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.9.4...v1.0.0
+[1.0.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v1.0.0
+[0.5.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.4.1...v0.5.0
+[0.5.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.5.0
+[0.4.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.4.0...v0.4.1
+[0.4.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.4.1
+[0.4.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.3.0...v0.4.0
+[0.4.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.4.0
+[0.3.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.2.0...v0.3.0
+[0.3.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.3.0
+[0.2.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.1.1...v0.2.0
+[0.2.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.2.0
+[0.1.1]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.1.0...v0.1.1
+[0.1.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.1.1
+[0.1.0]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.13...v0.1.0
+[0.1.0t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.1.0
+[0.0.13]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.12...v0.0.13
+[0.0.13t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.13
+[0.0.12]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.11...v0.0.12
+[0.0.12t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.12
+[0.0.11]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.10...v0.0.11
+[0.0.11t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.11
+[0.0.10]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.9...v0.0.10
+[0.0.10t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.10
+[0.0.9]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.8...v0.0.9
+[0.0.9t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.9
+[0.0.8]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.7...v0.0.8
+[0.0.8t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.8
+[0.0.7]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.6...v0.0.7
+[0.0.7t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.7
+[0.0.6]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.5...v0.0.6
+[0.0.6t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.6
+[0.0.5]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.4...v0.0.5
+[0.0.5t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.5
+[0.0.4]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.3...v0.0.4
+[0.0.4t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.4
+[0.0.3]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.2...v0.0.3
+[0.0.3t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.3
+[0.0.2]: https://gitlab.com/ruby-oauth/oauth2/-/compare/v0.0.1...v0.0.2
+[0.0.2t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.2
+[0.0.1]: https://github.com/ruby-oauth/oauth2/compare/311d9f4...v0.0.1
+[0.0.1t]: https://github.com/ruby-oauth/oauth2/releases/tag/v0.0.1
diff --git a/Gemfile.lock b/Gemfile.lock
index 23b87d4d..8f4b5353 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -13,7 +13,7 @@ GIT
 PATH
   remote: .
   specs:
-    oauth2 (2.0.13)
+    oauth2 (2.0.14)
       faraday (>= 0.17.3, < 4.0)
       jwt (>= 1.0, < 4.0)
       logger (~> 1.2)
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index c86bff71..85029be3 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                        
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 7212e270..4e9a3d48 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3069,7 +3069,7 @@ 
                        
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 1fb60f7a..6a9e5d36 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                        
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 359ce495..6df80312 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
                        
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 13889173..307624c4 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                        
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 29e84587..e1f9da04 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                        
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 48dfc2fb..fae134e8 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                        
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index e2671de9..aee1679c 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                        
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 2a3c3b80..e67da985 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                        Defined Under Namespace
                        
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 3a28ccf1..0880b570 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                        
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index c600087b..9a3859c0 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
                        
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 309f3020..b5f96fff 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                        
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 80e3c054..d32de466 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                        
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 8c2b73e8..e02b5d2a 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
                        
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 28d25a19..a4872bab 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
                        
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index de21a700..5b46cdaa 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -95,7 +95,7 @@ 
                        
         
                        VERSION =
           
         
                        
-        
                        "2.0.13"
                        
+        
                        "2.0.14"
                        
       
     
   
@@ -111,7 +111,7 @@ 
                        
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 8cc10983..2114a070 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -366,7 +366,7 @@ 
                        Namespace Listing A-Z
                        
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 61e1d9ba..f8a0e8fb 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -58,14 +58,34 @@
       
 
       
                        Changelog
                        
+
+
                        SemVer 2.0.0 Keep-A-Changelog 1.0.0
                        
+
 
                        All notable changes to this project will be documented in this file.
                        
 
-
                        The format (since v2) is based on Keep a Changelog
                        
-and this project adheres to Semantic Versioning.
                        
+
                        The format is based on Keep a Changelog,
                        
+and this project adheres to Semantic Versioning,
                        
+and yes, platform and engine support are part of the public API.
                        
+Please file a bug if you notice a violation of semantic versioning.
                        
 
-
                        Unreleased
                        
+
                        Unreleased
                        
 
                        Added
                        
+
                        Changed
                        
+
                        Deprecated
                        
+
                        Removed
                        
+
                        Fixed
                        
+
                        Security
                        
+
+
                        
+2.0.14 - 2025-08-31
                        
 
                          
+  
                        • TAG: v2.0.14
+
                          • 
+  
                        • COVERAGE: 100.00% – 519/519 lines in 14 files
                          • 
+  
                        • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
                          • 
+  
                        • 90.48% documented
+    
                          Added
                          
+  
                          • 
   
                        • improved documentation by @pboling
                          • 
   
                        • Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth)
                          • 
   
                        • Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README
                          • 
@@ -85,13 +105,7 @@ 
                          Added
                          
       
                        • also, list libraries built on top of the oauth2 gem that implement OIDC
                          • 
     
                        
   
-  
                      • README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP
-    
                        Changed
                        
-    
                        Deprecated
                        
-    
                        Removed
                        
-    
                        Fixed
                        
-    
                        Security
                        
-  
                        • 
+  
                      • README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP
                        • 
 
                      
 
 
                      
@@ -102,7 +116,7 @@ 
                      
   
                    • COVERAGE: 100.00% – 519/519 lines in 14 files
                      • 
   
                    • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
                      • 
   
                    • 90.48% documented
-    
                      Added
                      
+    
                      Added
                      
   
                      • 
   
                    • 
 gh656 - Support revocation with URL-encoded parameters
                      • 
@@ -137,7 +151,7 @@ 
                      
   
                    • Line Coverage: 100.0% (520 / 520)
                      • 
   
                    • Branch Coverage: 100.0% (174 / 174)
                      • 
   
                    • 80.00% documented
-    
                      Added
                      
+    
                      Added
                      
   
                      • 
   
                    • 
 gh652 - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
@@ -172,7 +186,7 @@ 
                      
   
                    • COVERAGE: 100.00% – 518/518 lines in 14 files
                      • 
   
                    • BRANCH COVERAGE: 100.00% – 172/172 branches in 14 files
                      • 
   
                    • 80.00% documented
-    
                      Added
                      
+    
                      Added
                      
   
                      • 
   
                    • 
 gh651 - :snaky_hash_klass option (@pboling)
                      • 
@@ -234,7 +248,7 @@ 
                      
   
                    • COVERAGE: 100.00% – 518/518 lines in 14 files
                      • 
   
                    • BRANCH COVERAGE: 100.00% – 170/170 branches in 14 files
                      • 
   
                    • 79.05% documented
-    
                      Added
                      
+    
                      Added
                      
   
                      • 
   
                    • 
 gh!632 - Added funding.yml (@Aboling0)
                      • 
@@ -377,7 +391,7 @@ 
                      
 2.0.9 - 2022-09-16
                      
 
                        
   
                      • TAG: v2.0.9
-    
                        Added
                        
+    
                        Added
                        
   
                        • 
   
                      • More specs (@pboling)
     
                        Changed
                        
@@ -396,7 +410,7 @@ 
                        Changed
                        
 !630 - Extract snaky_hash to external dependency (@pboling)
                        • 
   
                      • 
 !630 - Extract snaky_hash to external dependency (@pboling)
-    
                        Added
                        
+    
                        Added
                        
   
                        • 
   
                      • 
 !631 - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes #628
@@ -410,7 +424,7 @@ 
                        
 2.0.7 - 2022-08-22
                        
 
                          
   
                        • TAG: v2.0.7
-    
                          Added
                          
+    
                          Added
                          
   
                          • 
   
                        • 
 !629 - Allow POST of JSON to get token (@pboling, @terracatta)
                          • 
@@ -489,7 +503,7 @@ 
                          
 2.0.3 - 2022-06-28
                          
 
                            
   
                          • TAG: v2.0.3
-    
                            Added
                            
+    
                            Added
                            
   
                            • 
   
                          • 
 !611 - Proper deprecation warnings for extract_access_token argument (@pboling)
                            • 
@@ -535,7 +549,7 @@ 
                            
 2.0.1 - 2022-06-22
                            
 
                              
   
                            • TAG: v2.0.1
-    
                              Added
                              
+    
                              Added
                              
   
                              • 
   
                            • Documentation improvements (@pboling)
                              • 
   
                            • Increased test coverage to 99% (@pboling)
                              • 
@@ -545,7 +559,7 @@ 
                              
 2.0.0 - 2022-06-21
                              
 
                                
   
                              • TAG: v2.0.0
-    
                                Added
                                
+    
                                Added
                                
   
                                • 
   
                              • 
 !158, !344 - Optionally pass raw response to parsers (@niels)
                                • 
@@ -1086,7 +1100,7 @@ 
                                
 1.0.0 - 2014-07-09
                                
 
                                  
   
                                • TAG: v1.0.0
-    
                                  Added
                                  
+    
                                  Added
                                  
   
                                  • 
   
                                • Add an implementation of the MAC token spec.
     
                                  Fixed
                                  
@@ -1248,7 +1262,7 @@ 
                                  
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 571eccfa..23e11a4e 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index b68c6647..92941ab2 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                                  Attribution
                                  
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 33182acd..1a9339a3 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -274,7 +274,7 @@ 
                                  Manual process
                                  
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 60c5082a..32055c15 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                                  Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 0cecdb01..5470294e 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                                  MIT License

                                  Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                                  Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                                  Permission is hereby granted, free of charge, to any person obtaining a copy
                                  of this software and associated documentation files (the "Software"), to deal
                                  in the Software without restriction, including without limitation the rights
                                  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                                  copies of the Software, and to permit persons to whom the Software is
                                  furnished to do so, subject to the following conditions:

                                  The above copyright notice and this permission notice shall be included in all
                                  copies or substantial portions of the Software.

                                  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                                  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                                  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                                  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                                  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                                  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                                  SOFTWARE.
                                  
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index e6c66e82..4046fb8f 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
                                  Raw OIDC with ruby-oauth/oauth2
                                  
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 893af48b..30c5f2f5 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -199,7 +199,7 @@ 
                                  💡 Info you can shake a stick at
                                  
       
                    		
 ... 💖
       
-Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
+Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
 
     
                    
                       
 
 
       
 
 
       
 
       
 
       
 
       
 
       
 
       
 
       
 
       
 
       
 
       
 
       
 
       
 
       
 
       
       
                    
 ... 💖
       
-Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
+Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
 
     
                    
                       
 
 
       
                    
       Works with MRI Ruby 2
       
-Ruby 2.2 Compat 
                     Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
+Ruby 2.2 Compat 
                     Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
                     		
     
                    
     
                    
   
   
   
   
     
     
                    
       Works with MRI Ruby 2
       
-Ruby 2.2 Compat 
                     Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
+Ruby 2.2 Compat 
                     Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
                     		
     
                    
     
                    
   
   
   
   
   
-      
                    # File 'lib/oauth2/access_token.rb', line 142
+      
                    # File 'lib/oauth2/access_token.rb', line 143
 
 def initialize(client, token, opts = {})
   @client = client
@@ -1935,12 +1936,12 @@ 
                    
       
                     
 
-180
 181
-182
                    
+182
+183
                    
     
                    		
     
-      
                    # File 'lib/oauth2/access_token.rb', line 180
+      
                    # File 'lib/oauth2/access_token.rb', line 181
 
 def [](key)
   @params[key]
@@ -1982,12 +1983,12 @@ 
                    
       
                     
 
-362
 363
-364
                    
+364
+365
                    
     
                    		
     
-      
                    # File 'lib/oauth2/access_token.rb', line 362
+      
                    # File 'lib/oauth2/access_token.rb', line 363
 
 def delete(path, opts = {}, &block)
   request(:delete, path, opts, &block)
@@ -2039,12 +2040,12 @@ 
                    
       
                     
 
-194
 195
-196
                    
+196
+197
                    
     
                    		
     
-      
                    # File 'lib/oauth2/access_token.rb', line 194
+      
                    # File 'lib/oauth2/access_token.rb', line 195
 
 def expired?
   expires? && (expires_at <= Time.now.to_i)
@@ -2092,12 +2093,12 @@ 
                    
       
                     
 
-187
 188
-189
                    
+189
+190
                    
     
                    		
     
-      
                    # File 'lib/oauth2/access_token.rb', line 187
+      
                    # File 'lib/oauth2/access_token.rb', line 188
 
 def expires?
   !!@expires_at
@@ -2139,12 +2140,12 @@ 
                    
       
                     
 
-334
 335
-336
                    
+336
+337
                    
     
                    		
     
-      
                    # File 'lib/oauth2/access_token.rb', line 334
+      
                    # File 'lib/oauth2/access_token.rb', line 335
 
 def get(path, opts = {}, &block)
   request(:get, path, opts, &block)
@@ -2179,12 +2180,12 @@ 
                    
       
                     
 
-367
 368
-369
                    
+369
+370
                    
     
                    		
     
-      
                    # File 'lib/oauth2/access_token.rb', line 367
+      
                    # File 'lib/oauth2/access_token.rb', line 368
 
 def headers
   {"Authorization" => options[:header_format] % token}
@@ -2226,12 +2227,12 @@ 
                    
       
                     
 
-355
 356
-357
                    
+357
+358
                    
     
                    		
     
-      
                    # File 'lib/oauth2/access_token.rb', line 355
+      
                    # File 'lib/oauth2/access_token.rb', line 356
 
 def patch(path, opts = {}, &block)
   request(:patch, path, opts, &block)
@@ -2273,12 +2274,12 @@ 
                    
       
                     
 
-341
 342
-343
                    
+343
+344
                    
     
                    		
     
-      
                    # File 'lib/oauth2/access_token.rb', line 341
+      
                    # File 'lib/oauth2/access_token.rb', line 342
 
 def post(path, opts = {}, &block)
   request(:post, path, opts, &block)
@@ -2320,12 +2321,12 @@ 
                    
       
                     
 
-348
 349
-350
                    
+350
+351
                    
     
                    		
     
-      
                    # File 'lib/oauth2/access_token.rb', line 348
+      
                    # File 'lib/oauth2/access_token.rb', line 349
 
 def put(path, opts = {}, &block)
   request(:put, path, opts, &block)
@@ -2475,7 +2476,6 @@ 
                    
       
                     
 
-209
 210
 211
 212
@@ -2488,10 +2488,11 @@ 
                    
 219
 220
 221
-222
                    
+222
+223
                    
     
                    		
     
-      
                    # File 'lib/oauth2/access_token.rb', line 209
+      
                    # File 'lib/oauth2/access_token.rb', line 210
 
 def refresh(params = {}, access_token_opts = {}, &block)
   raise OAuth2::Error.new({error: "A refresh_token is not available"}) unless refresh_token
@@ -2697,16 +2698,16 @@ 
                    
       
                     
 
-326
 327
 328
-329
                    
+329
+330
                    
     
                    		
     
-      
                    # File 'lib/oauth2/access_token.rb', line 326
+      
                    # File 'lib/oauth2/access_token.rb', line 327
 
 def request(verb, path, opts = {}, &block)
-  configure_authentication!(opts)
+  configure_authentication!(opts, verb)
   @client.request(verb, path, opts, &block)
 end
                    
     
                    		
-      
                    # File 'lib/oauth2/access_token.rb', line 258
+      
                    # File 'lib/oauth2/access_token.rb', line 259
 
 def revoke(params = {}, &block)
   token_type_hint_orig = params.delete(:token_type_hint)
@@ -3019,7 +3020,6 @@ 
                    
       
                     
 
-292
 293
 294
 295
@@ -3036,10 +3036,11 @@ 
                    
 306
 307
 308
-309
                    
+309
+310
                    
     
                    		
     
-      
                    # File 'lib/oauth2/access_token.rb', line 292
+      
                    # File 'lib/oauth2/access_token.rb', line 293
 
 def to_hash
   hsh = {
@@ -3069,7 +3070,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index faf89410..7c1b8216 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 51a88241..4ab3fadb 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 5b3f877f..8d552c44 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 62a00b76..4f0e8f35 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index f5a90ad2..ebba80bb 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index ae0d68ae..ad798cd7 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 8085e14f..0a529183 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                    Defined Under Namespace
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index a73c3e38..f3677860 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index e51945bb..972c4e66 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index b520e5b3..41ddc3ca 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 4c10c316..4908facc 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 6126dbcf..2a52b5c8 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 6ac72792..25bb5a64 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
                    
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 07846f2b..f433a10e 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -95,7 +95,7 @@ 
                    
         
                    VERSION =
           
         
                    
-        
                    "2.0.14"
                    
+        
                    "2.0.15"
                    
       
     
   
@@ -111,7 +111,7 @@ 
                    
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index a92b83b2..99fa4912 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -372,7 +372,7 @@ 
                    Namespace Listing A-Z
                    
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index de8e3bb2..4278f3f0 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -68,24 +68,48 @@
 and yes, platform and engine support are part of the public API.
                    
 Please file a bug if you notice a violation of semantic versioning.
                    
 
-
                    Unreleased
                    
+
                    Unreleased
                    
 
                    Added
                    
+
                    Changed
                    
+
                    Deprecated
                    
+
                    Removed
                    
+
                    Fixed
                    
+
                    Security
                    
+
+
                    
+2.0.15 - 2025-09-08
                    
 
                      
+  
                    • TAG: v2.0.15
+
                      • 
+  
                    • COVERAGE: 100.00% – 519/519 lines in 14 files
                      • 
+  
                    • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
                      • 
+  
                    • 90.48% documented
+    
                      Added
                      
+  
                      • 
+  
                    • 
+gh!671 - Complete documentation example for Instagram by @pboling
                      • 
   
                    • .env.local.example for contributor happiness
                      • 
   
                    • note lack of builds for JRuby 9.2, 9.3 & Truffleruby 22.3, 23.0
     
+  
                      • 
+  
                    • 
+gh!670 - AccessToken: verb-dependent token transmission mode by @mrj
+    
                        
+      
                      • e.g., Instagram GET=:query, POST/DELETE=:header
+        
                        Changed
                        
       
                        • 
     
                      
   
                      • 
+  
                    • 
+gh!669 - Upgrade to kettle-dev v1.1.9 by @pboling
+    
                      Fixed
                      
+  
                      • 
+  
                    • Remove accidentally duplicated lines, and fix typos in CHANGELOG.md
                      • 
   
                    • point badge to the correct workflow for Ruby 2.3 (caboose.yml)
-    
                      Security
                      
+    
                      Security
                      
   
                      • 
 
                    
 
@@ -97,19 +121,19 @@ 
                    
   
                  • COVERAGE: 100.00% – 519/519 lines in 14 files
                    • 
   
                  • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
                    • 
   
                  • 90.48% documented
-    
                    Added
                    
+    
                    Added
                    
   
                    • 
   
                  • improved documentation by @pboling
                    • 
   
                  • 
-gh665 - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
                    • 
+gh!665 - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
   
                  • 
-gh666 - Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling
+gh!666 - Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling
     
                      
       
                    • Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)
                      • 
     
                    
   
                    • 
   
                  • 
-gh662 - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, by @pboling
+gh!662 - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, by @pboling
     
                      
       
                    • PKCE required for auth code,
                      • 
       
                    • exact redirect URI match,
                      • 
@@ -120,13 +144,13 @@ 
                      Added
                      
     
                    
   
                    • 
   
                  • 
-gh663 - document how to implement an OIDC client with this gem in OIDC.md by @pboling
+gh!663 - document how to implement an OIDC client with this gem in OIDC.md by @pboling
     
                      
       
                    • also, list libraries built on top of the oauth2 gem that implement OIDC
                      • 
     
                    
   
                    • 
   
                  • 
-gh664 - README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
                    • 
+gh!664 - README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
 
 
 
                    
@@ -137,30 +161,30 @@ 
                    
   
                  • COVERAGE: 100.00% – 519/519 lines in 14 files
                    • 
   
                  • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
                    • 
   
                  • 90.48% documented
-    
                    Added
                    
+    
                    Added
                    
   
                    • 
   
                  • 
-gh656 - Support revocation with URL-encoded parameters
                    • 
+gh!656 - Support revocation with URL-encoded parameters
   
                  • 
-gh660 - Inline yard documentation by @pboling
                    • 
+gh!660 - Inline yard documentation by @pboling
   
                  • 
-gh660 - Complete RBS types documentation by @pboling
                    • 
+gh!660 - Complete RBS types documentation by @pboling
   
                  • 
-gh660- (more) Comprehensive documentation / examples by @pboling
                    • 
+gh!660- (more) Comprehensive documentation / examples by @pboling
   
                  • 
-gh657 - Updated documentation for org-rename by @pboling
                    • 
+gh!657 - Updated documentation for org-rename by @pboling
   
                  • More funding links by @Aboling0
                    • 
   
                  • Documentation: Added docs/OIDC.md with OIDC 1.0 overview, example, and references
-    
                    Changed
                    
+    
                    Changed
                    
   
                    • 
   
                  • Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
                    • 
   
                  • 
-gh660 - Shrink post-install message by 4 lines by @pboling
-    
                    Fixed
                    
+gh!660 - Shrink post-install message by 4 lines by @pboling
+    
                    Fixed
                    
   
                    • 
   
                  • 
-gh660 - Links in README (including link to HEAD documentation) by @pboling
-    
                    Security
                    
+gh!660 - Links in README (including link to HEAD documentation) by @pboling
+    
                    Security
                    
   
                    • 
 
 
@@ -172,10 +196,10 @@ 
                    
   
                  • Line Coverage: 100.0% (520 / 520)
                    • 
   
                  • Branch Coverage: 100.0% (174 / 174)
                    • 
   
                  • 80.00% documented
-    
                    Added
                    
+    
                    Added
                    
   
                    • 
   
                  • 
-gh652 - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
+gh!652 - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
     
                      
       
                    • Support JWT kid for key discovery and management
                      • 
     
                    
@@ -187,16 +211,12 @@ 
                    Added
                    
     
   
                    • 
   
                  • Documentation site @ https://oauth2.galtzo.com now complete
-    
                    Changed
                    
+    
                    Changed
                    
   
                    • 
   
                  • Updates to gemspec (email, funding url, post install message)
-    
                    Deprecated
                    
-    
                    Removed
                    
-    
                    Fixed
                    
-  
                    • 
-  
                  • Documentation Typos by @pboling
-    
                    Security
                    
+    
                    Fixed
                    
   
                    • 
+  
                  • Documentation Typos by @pboling
                    • 
 
 
 
                    
@@ -207,16 +227,13 @@ 
                    
   
                  • COVERAGE: 100.00% – 518/518 lines in 14 files
                    • 
   
                  • BRANCH COVERAGE: 100.00% – 172/172 branches in 14 files
                    • 
   
                  • 80.00% documented
-    
                    Added
                    
+    
                    Added
                    
   
                    • 
   
                  • 
-gh651 - :snaky_hash_klass option (@pboling)
                    • 
-  
                  • 
-gh651 - :snaky_hash_klass option (@pboling)
                    • 
+gh!651 - :snaky_hash_klass option (@pboling)
   
                  • More documentation
                    • 
   
                  • Codeberg as ethical mirror (@pboling)
     
                      
-      
                    • https://codeberg.org/oauth-xx/oauth2
                      • 
       
                    • https://codeberg.org/ruby-oauth/oauth2
                      • 
     
                    
   
                    • 
@@ -230,34 +247,26 @@ 
                    Added
                    
     
   
   
                  • 
-!649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
                    • 
-  
                  • 
-gh651 - Mock OAuth2 server for testing (@pboling)
                    • 
-  
                  • 
 !649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
                    • 
   
                  • 
-gh651 - Mock OAuth2 server for testing (@pboling)
+gh!651 - Mock OAuth2 server for testing (@pboling)
     
                      
       
                    • https://github.com/navikt/mock-oauth2-server
-        
                      Changed
                      
+        
                      Changed
                      
       
                      • 
     
                    
   
                    • 
   
                  • 
-gh651 - Upgraded to snaky_hash v2.0.3 (@pboling)
                    • 
-  
                  • 
-gh651 - Upgraded to snaky_hash v2.0.3 (@pboling)
+gh!651 - Upgraded to snaky_hash v2.0.3 (@pboling)
     
                      
       
                    • Provides solution for serialization issues
                      • 
     
                    
   
                    • 
   
                  • Updated spec.homepage_uri in gemspec to GitHub Pages YARD documentation site (@pboling)
-    
                    Fixed
                    
+    
                    Fixed
                    
   
                    • 
   
                  • 
-gh650 - Regression in return type of OAuth2::Response#parsed (@pboling)
                    • 
-  
                  • 
-gh650 - Regression in return type of OAuth2::Response#parsed (@pboling)
                    • 
+gh!650 - Regression in return type of OAuth2::Response#parsed (@pboling)
   
                  • Incorrect documentation related to silencing warnings (@pboling)
                    • 
 
 
@@ -269,17 +278,9 @@ 
                    
   
                  • COVERAGE: 100.00% – 518/518 lines in 14 files
                    • 
   
                  • BRANCH COVERAGE: 100.00% – 170/170 branches in 14 files
                    • 
   
                  • 79.05% documented
-    
                    Added
                    
+    
                    Added
                    
   
                    • 
   
                  • 
-gh!632 - Added funding.yml (@Aboling0)
                    • 
-  
                  • 
-!635 - Added .gitlab-ci.yml (@jessieay)
                    • 
-  
                  • 
-#638 - Documentation of support for ILO Fundamental Principles of Rights at Work (@pboling)
                    • 
-  
                  • 
-!642 - 20-year certificate for signing gem releases, expires 2045-04-29 (@pboling)
                    • 
-  
                  • 
 gh!632 - Added funding.yml (@Aboling0)
                    • 
   
                  • 
 !635 - Added .gitlab-ci.yml (@jessieay)
                    • 
@@ -299,20 +300,12 @@ 
                    Added
                    
     
   
   
                  • 
-!643 - Add token_name option (@pboling)
                    • 
-  
                  • 
 !643 - Add token_name option (@pboling)
     
                      
       
                    • Specify the parameter name that identifies the access token
                      • 
     
                    
   
                    • 
   
                  • 
-!645 - Add OAuth2::OAUTH_DEBUG constant, based on `ENV[“OAUTH_DEBUG”] (@pboling)
                    • 
-  
                  • 
-!646 - Add OAuth2.config.silence_extra_tokens_warning, default: false (@pboling)
                    • 
-  
                  • 
-!647 - Add IETF RFC 7009 Token Revocation compliant (@pboling)
                    • 
-  
                  • 
 !645 - Add OAuth2::OAUTH_DEBUG constant, based on `ENV[“OAUTH_DEBUG”] (@pboling)
                    • 
   
                  • 
 !646 - Add OAuth2.config.silence_extra_tokens_warning, default: false (@pboling)
                    • 
@@ -325,14 +318,10 @@ 
                    Added
                    
     
   
   
                  • 
-gh!644, gh!645 - Added CITATION.cff (@Aboling0)
                    • 
-  
                  • 
-!648 - Improved documentation (@pboling)
                    • 
-  
                  • 
 gh!644, gh!645 - Added CITATION.cff (@Aboling0)
                    • 
   
                  • 
 !648 - Improved documentation (@pboling)
-    
                    Changed
                    
+    
                    Changed
                    
   
                    • 
   
                  • Default value of OAuth2.config.silence_extra_tokens_warning was false, now true (@pboling)
                    • 
   
                  • Gem releases are now cryptographically signed, with a 20-year cert (@pboling)
@@ -341,50 +330,20 @@ 
                    Changed
                    
     
   
                    • 
   
                  • 
-!647 - OAuth2::AccessToken#refresh now supports block param pass through (@pboling)
                    • 
-  
                  • 
-!647 - OAuth2.config is no longer writable (@pboling)
                    • 
-  
                  • 
-!647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling)
                    • 
-  
                  • 
 !647 - OAuth2::AccessToken#refresh now supports block param pass through (@pboling)
                    • 
   
                  • 
 !647 - OAuth2.config is no longer writable (@pboling)
                    • 
   
                  • 
 !647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling)
-    
                    Fixed
                    
+    
                    Fixed
                    
   
                    • 
   
                  • 
-#95 - restoring an access token via AccessToken#from_hash (@pboling)
                    • 
-  
                  • 
 #95 - restoring an access token via AccessToken#from_hash (@pboling)
     
                      
       
                    • This was a 13 year old bug report. 😘
                      • 
     
                    
   
                    • 
   
                  • 
-#619 - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling)
                    • 
-  
                  • 
-!633 - Spaces will now be encoded as %20 instead of + (@nov.matake)
                    • 
-  
                  • 
-!634 - CHANGELOG.md documentation fix (@skuwa229)
                    • 
-  
                  • 
-!638 - fix expired? when expires_in is 0 (@disep)
                    • 
-  
                  • 
-!639 - Only instantiate OAuth2::Error if raise_errors option is true (@glytch2)
                    • 
-  
                  • 
-#639 - AccessToken#to_hash is now serializable, just a regular Hash (@pboling)
                    • 
-  
                  • 
-!640 - README.md documentation fix (@martinezcoder)
                    • 
-  
                  • 
-!641 - Do not include sensitive information in the inspect (@manuelvanrijn)
                    • 
-  
                  • 
-#641 - Made default JSON response parser more resilient (@pboling)
                    • 
-  
                  • 
-#645 - Response no longer becomes a snaky hash (@pboling)
                    • 
-  
                  • 
-gh!646 - Change require to require_relative (improve performance) (@Aboling0)
                    • 
-  
                  • 
 #619 - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling)
                    • 
   
                  • 
 !633 - Spaces will now be encoded as %20 instead of + (@nov.matake)
                    • 
@@ -412,10 +371,10 @@ 
                    
 2.0.9 - 2022-09-16
                    
 
                      
   
                    • TAG: v2.0.9
-    
                      Added
                      
+    
                      Added
                      
   
                      • 
   
                    • More specs (@pboling)
-    
                      Changed
                      
+    
                      Changed
                      
   
                      • 
   
                    • Complete migration to main branch as default (@pboling)
                      • 
   
                    • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
                      • 
@@ -425,18 +384,13 @@ 
                      
 2.0.8 - 2022-09-01
                      
 
                        
   
                      • TAG: v2.0.8
-    
                        Changed
                        
+    
                        Changed
                        
   
                        • 
   
                      • 
-!630 - Extract snaky_hash to external dependency (@pboling)
                        • 
-  
                      • 
 !630 - Extract snaky_hash to external dependency (@pboling)
-    
                        Added
                        
+    
                        Added
                        
   
                        • 
   
                      • 
-!631 - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes #628
-
                        • 
-  
                      • 
 !631 - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes #628
 
                        • 
 
                      
@@ -445,25 +399,19 @@ 
                      
 2.0.7 - 2022-08-22
                      
 
                        
   
                      • TAG: v2.0.7
-    
                        Added
                        
+    
                        Added
                        
   
                        • 
   
                      • 
-!629 - Allow POST of JSON to get token (@pboling, @terracatta)
                        • 
-  
                      • 
 !629 - Allow POST of JSON to get token (@pboling, @terracatta)
-    
                        Fixed
                        
+    
                        Fixed
                        
   
                        • 
   
                      • 
-!626 - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
                        • 
-  
                      • 
 !626 - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
     
                          
       
                        • Note: This fixes compatibility with omniauth-oauth2 and AWS
                          • 
     
                        
   
                        • 
   
                      • 
-!625 - Fixes the printed version in the post install message (@hasghari)
                        • 
-  
                      • 
 !625 - Fixes the printed version in the post install message (@hasghari)
                        • 
 
                      
 
@@ -471,11 +419,9 @@ 
                      
 2.0.6 - 2022-07-13
                      
 
                        
   
                      • TAG: v2.0.6
-    
                        Fixed
                        
+    
                        Fixed
                        
   
                        • 
   
                      • 
-!624 - Fixes a regression in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
                        • 
-  
                      • 
 !624 - Fixes a regression in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
                        • 
 
                      
 
@@ -483,13 +429,9 @@ 
                      
 2.0.5 - 2022-07-07
                      
 
                        
   
                      • TAG: v2.0.5
-    
                        Fixed
                        
+    
                        Fixed
                        
   
                        • 
   
                      • 
-!620 - Documentation improvements, to help with upgrading (@swanson)
                        • 
-  
                      • 
-!621 - Fixed #528 and #619 (@pboling)
                        • 
-  
                      • 
 !620 - Documentation improvements, to help with upgrading (@swanson)
                        • 
   
                      • 
 !621 - Fixed #528 and #619 (@pboling)
@@ -512,11 +454,9 @@ 
                        
 2.0.4 - 2022-07-01
                        
 
                          
   
                        • TAG: v2.0.4
-    
                          Fixed
                          
+    
                          Fixed
                          
   
                          • 
   
                        • 
-!618 - In some scenarios the snaky option default value was not applied (@pboling)
                          • 
-  
                        • 
 !618 - In some scenarios the snaky option default value was not applied (@pboling)
                          • 
 
                        
 
@@ -524,23 +464,15 @@ 
                        
 2.0.3 - 2022-06-28
                        
 
                          
   
                        • TAG: v2.0.3
-    
                          Added
                          
+    
                          Added
                          
   
                          • 
   
                        • 
-!611 - Proper deprecation warnings for extract_access_token argument (@pboling)
                          • 
-  
                        • 
-!612 - Add snaky: false option to skip conversion to OAuth2::SnakyHash (default: true) (@pboling)
                          • 
-  
                        • 
 !611 - Proper deprecation warnings for extract_access_token argument (@pboling)
                          • 
   
                        • 
 !612 - Add snaky: false option to skip conversion to OAuth2::SnakyHash (default: true) (@pboling)
-    
                          Fixed
                          
+    
                          Fixed
                          
   
                          • 
   
                        • 
-!608 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@nbibler)
                          • 
-  
                        • 
-!615 - Fix support for requests with blocks, see Faraday::Connection#run_request (@pboling)
                          • 
-  
                        • 
 !608 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@nbibler)
                          • 
   
                        • 
 !615 - Fix support for requests with blocks, see Faraday::Connection#run_request (@pboling)
                          • 
@@ -550,15 +482,9 @@ 
                          
 2.0.2 - 2022-06-24
                          
 
                            
   
                          • TAG: v2.0.2
-    
                            Fixed
                            
+    
                            Fixed
                            
   
                            • 
   
                          • 
-!604 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@stanhu)
                            • 
-  
                          • 
-!606 - Ruby 2.7 deprecation warning fix: Move access_token_class parameter into Client constructor (@stanhu)
                            • 
-  
                          • 
-!607 - CHANGELOG correction, reference to OAuth2::ConnectionError (@zavan)
                            • 
-  
                          • 
 !604 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@stanhu)
                            • 
   
                          • 
 !606 - Ruby 2.7 deprecation warning fix: Move access_token_class parameter into Client constructor (@stanhu)
                            • 
@@ -570,7 +496,7 @@ 
                            
 2.0.1 - 2022-06-22
                            
 
                              
   
                            • TAG: v2.0.1
-    
                              Added
                              
+    
                              Added
                              
   
                              • 
   
                            • Documentation improvements (@pboling)
                              • 
   
                            • Increased test coverage to 99% (@pboling)
                              • 
@@ -580,61 +506,9 @@ 
                              
 2.0.0 - 2022-06-21
                              
 
                                
   
                              • TAG: v2.0.0
-    
                                Added
                                
+    
                                Added
                                
   
                                • 
   
                              • 
-!158, !344 - Optionally pass raw response to parsers (@niels)
                                • 
-  
                              • 
-!190, !332, !334, !335, !360, !426, !427, !461 - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
                                • 
-  
                              • 
-!220 - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
                                • 
-  
                              • 
-!298 - Set the response object on the access token on Client#get_token for debugging (@cpetschnig)
                                • 
-  
                              • 
-!305 - Option: OAuth2::Client#get_token - :access_token_class (AccessToken); user specified class to use for all calls to get_token (@styd)
                                • 
-  
                              • 
-!346 - Modern gem structure (@pboling)
                                • 
-  
                              • 
-!351 - Support Jruby 9k (@pboling)
                                • 
-  
                              • 
-!362 - Support SemVer release version scheme (@pboling)
                                • 
-  
                              • 
-!363 - New method OAuth2::AccessToken#refresh! same as old refresh, with backwards compatibility alias (@pboling)
                                • 
-  
                              • 
-!364 - Support application/hal+json format (@pboling)
                                • 
-  
                              • 
-!365 - Support application/vnd.collection+json format (@pboling)
                                • 
-  
                              • 
-!376 - Documentation: Example / Test for Google 2-legged JWT (@jhmoore)
                                • 
-  
                              • 
-!381 - Spec for extra header params on client credentials (@nikz)
                                • 
-  
                              • 
-!394 - Option: OAuth2::AccessToken#initialize - :expires_latency (nil); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx)
                                • 
-  
                              • 
-!412 - Support application/vdn.api+json format (from jsonapi.org) (@david-christensen)
                                • 
-  
                              • 
-!413 - Documentation: License scan and report (@meganemura)
                                • 
-  
                              • 
-!442 - Option: OAuth2::Client#initialize - :logger (::Logger.new($stdout)) logger to use when OAUTH_DEBUG is enabled (for parity with 1-4-stable branch) (@rthbound)
                                • 
-  
                              • 
-!494 - Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523) (@SteveyblamWork)
                                • 
-  
                              • 
-!549 - Wrap Faraday::ConnectionFailed in OAuth2::ConnectionError (@nikkypx)
                                • 
-  
                              • 
-!550 - Raise error if location header not present when redirecting (@stanhu)
                                • 
-  
                              • 
-!552 - Add missing version.rb require (@ahorek)
                                • 
-  
                              • 
-!553 - Support application/problem+json format (@janz93)
                                • 
-  
                              • 
-!560 - Support IETF rfc6749, section 2.3.1 - don’t set auth params when nil (@bouk)
                                • 
-  
                              • 
-!571 - Support Ruby 3.1 (@pboling)
                                • 
-  
                              • 
-!575 - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
                                • 
-  
                              • 
-!581 - Documentation: of breaking changes (@pboling)
                                • 
-  
                              • 
 !158, !344 - Optionally pass raw response to parsers (@niels)
                                • 
   
                              • 
 !190, !332, !334, !335, !360, !426, !427, !461 - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
                                • 
@@ -686,29 +560,9 @@ 
                                Added
                                
 !575 - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
   
                              • 
 !581 - Documentation: of breaking changes (@pboling)
-    
                                Changed
                                
+    
                                Changed
                                
   
                                • 
   
                              • 
-!191 - BREAKING: Token is expired if expired_at time is now (@davestevens)
                                • 
-  
                              • 
-!312 - BREAKING: Set :basic_auth as default for :auth_scheme instead of :request_body. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
                                • 
-  
                              • 
-!317 - Dependency: Upgrade jwt to 2.x.x (@travisofthenorth)
                                • 
-  
                              • 
-!338 - Dependency: Switch from Rack::Utils.escape to CGI.escape (@josephpage)
                                • 
-  
                              • 
-!339, !368, !424, !479, !493, !539, !542, !553 - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek)
                                • 
-  
                              • 
-!410 - BREAKING: Removed the ability to call .error from an OAuth2::Response object (@jhmoore)
                                • 
-  
                              • 
-!414 - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
                                • 
-  
                              • 
-!469 - BREAKING: Default value for option OAuth2::Client - :authorize_url removed leading slash to work with relative paths by default ('oauth/authorize') (@ghost)
                                • 
-  
                              • 
-!469 - BREAKING: Default value for option OAuth2::Client - :token_url removed leading slash to work with relative paths by default ('oauth/token') (@ghost)
                                • 
-  
                              • 
-!507, !575 - BREAKING: Transform keys to snake case, always, by default (ultimately via rash_alt gem)
                                • 
-  
                              • 
 !191 - BREAKING: Token is expired if expired_at time is now (@davestevens)
                                • 
   
                              • 
 !312 - BREAKING: Set :basic_auth as default for :auth_scheme instead of :request_body. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
                                • 
@@ -735,52 +589,12 @@ 
                                Changed
                                
     
                              
   
   
                            • 
-!576 - BREAKING: Stop rescuing parsing errors (@pboling)
                              • 
-  
                            • 
-!591 - DEPRECATION: OAuth2::Client - :extract_access_token option is deprecated
                              • 
-  
                            • 
 !576 - BREAKING: Stop rescuing parsing errors (@pboling)
                              • 
   
                            • 
 !591 - DEPRECATION: OAuth2::Client - :extract_access_token option is deprecated
-    
                              Fixed
                              
+    
                              Fixed
                              
   
                              • 
   
                            • 
-!158, !344 - Handling of errors when using omniauth-facebook (@niels)
                              • 
-  
                            • 
-!294 - Fix: “Unexpected middleware set” issue with Faraday when OAUTH_DEBUG=true (@spectator, @gafrom)
                              • 
-  
                            • 
-!300 - Documentation: Oauth2::Error - Error codes are strings, not symbols (@NobodysNightmare)
                              • 
-  
                            • 
-!318, !326, !343, !347, !397, !464, !561, !565 - Dependency: Support all versions of faraday (see gemfiles/README.md for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother)
                              • 
-  
                            • 
-!322, !331, !337, !361, !371, !377, !383, !392, !395, !400, !401, !403, !415, !567 - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator)
                              • 
-  
                            • 
-!328 - Documentation: Homepage URL is SSL (@amatsuda)
                              • 
-  
                            • 
-!339, !479 - Update testing infrastructure for all supported Rubies (@pboling and @josephpage)
                              • 
-  
                            • 
-!366 - Security: Fix logging to $stdout of request and response bodies via Faraday’s logger and ENV["OAUTH_DEBUG"] == 'true' (@pboling)
                              • 
-  
                            • 
-!380 - Fix: Stop attempting to encode non-encodable objects in Oauth2::Error (@jhmoore)
                              • 
-  
                            • 
-!399 - Fix: Stop duplicating redirect_uri in get_token (@markus)
                              • 
-  
                            • 
-!410 - Fix: SystemStackError caused by circular reference between Error and Response classes (@jhmoore)
                              • 
-  
                            • 
-!460 - Fix: Stop throwing errors when raise_errors is set to false; analog of !524 for 1-4-stable branch (@joaolrpaulo)
                              • 
-  
                            • 
-!472 - Security: Add checks to enforce client_secret is never passed in authorize_url query params for implicit and auth_code grant types (@dfockler)
                              • 
-  
                            • 
-!482 - Documentation: Update last of intridea links to oauth-xx (@pboling)
                              • 
-  
                            • 
-!536 - Security: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to !535 on 1-4-stable branch (@pboling)
                              • 
-  
                            • 
-!595 - Graceful handling of empty responses from Client#get_token, respecting :raise_errors config (@stanhu)
                              • 
-  
                            • 
-!596 - Consistency between AccessToken#refresh and Client#get_token named arguments (@stanhu)
                              • 
-  
                            • 
-!598 - Fix unparseable data not raised as error in Client#get_token, respecting :raise_errors config (@stanhu)
                              • 
-  
                            • 
 !158, !344 - Handling of errors when using omniauth-facebook (@niels)
                              • 
   
                            • 
 !294 - Fix: “Unexpected middleware set” issue with Faraday when OAUTH_DEBUG=true (@spectator, @gafrom)
                              • 
@@ -816,21 +630,9 @@ 
                              Fixed
                              
 !596 - Consistency between AccessToken#refresh and Client#get_token named arguments (@stanhu)
   
                            • 
 !598 - Fix unparseable data not raised as error in Client#get_token, respecting :raise_errors config (@stanhu)
-    
                              Removed
                              
+    
                              Removed
                              
   
                              • 
   
                            • 
-!341 - Remove Rdoc & Jeweler related files (@josephpage)
                              • 
-  
                            • 
-!342 - BREAKING: Dropped support for Ruby 1.8 (@josephpage)
                              • 
-  
                            • 
-!539 - Remove reliance on globally included OAuth2 in tests, analog of !538 for 1-4-stable (@anderscarling)
                              • 
-  
                            • 
-!566 - Dependency: Removed wwtd (@bquorning)
                              • 
-  
                            • 
-!589, !593 - Remove support for expired MAC token draft spec (@stanhu)
                              • 
-  
                            • 
-!590 - Dependency: Removed multi_json (@stanhu)
                              • 
-  
                            • 
 !341 - Remove Rdoc & Jeweler related files (@josephpage)
                              • 
   
                            • 
 !342 - BREAKING: Dropped support for Ruby 1.8 (@josephpage)
                              • 
@@ -858,7 +660,6 @@ 
                              
 
                                
   
                              • TAG: v1.4.10
 
                                • 
-  
                              • FIPS Compatibility !587 (@akostadinov)
                                • 
   
                              • FIPS Compatibility !587 (@akostadinov)
                                • 
 
                              
 
@@ -866,8 +667,6 @@ 
                              
 1.4.9 - 2022-02-20
                              
 
                                
   
                              • TAG: v1.4.9
-
                                • 
-  
                              • Fixes compatibility with Faraday v2 572
 
                                • 
   
                              • Fixes compatibility with Faraday v2 572
 
                                • 
@@ -889,15 +688,11 @@ 
                                
   
                              • MFA is now required to push new gem versions (@pboling)
                                • 
   
                              • README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling)
                                • 
   
                              • 
-!569 Backport fixes (!561 by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
                                • 
-  
                              • 
 !569 Backport fixes (!561 by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
                                • 
   
                              • Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
                                • 
   
                              • Add CodeQL, Security Policy, Funding info (@pboling)
                                • 
   
                              • Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
                                • 
   
                              • 
-!543 - Support for more modern Open SSL libraries (@pboling)
                                • 
-  
                              • 
 !543 - Support for more modern Open SSL libraries (@pboling)
                                • 
 
                              
 
@@ -907,8 +702,6 @@ 
                              
   
                            • TAG: v1.4.7
 
                              • 
   
                            • 
-!541 - Backport fix to expires_at handling !533 to 1-4-stable branch. (@dobon)
                              • 
-  
                            • 
 !541 - Backport fix to expires_at handling !533 to 1-4-stable branch. (@dobon)
                              • 
 
                            
 
@@ -918,12 +711,6 @@ 
                            
   
                          • TAG: v1.4.6
 
                            • 
   
                          • 
-!540 - Add VERSION constant (@pboling)
                            • 
-  
                          • 
-!537 - Fix crash in OAuth2::Client#get_token (@anderscarling)
                            • 
-  
                          • 
-!538 - Remove reliance on globally included OAuth2 in tests, analogous to !539 on main branch (@anderscarling)
                            • 
-  
                          • 
 !540 - Add VERSION constant (@pboling)
                            • 
   
                          • 
 !537 - Fix crash in OAuth2::Client#get_token (@anderscarling)
                            • 
@@ -937,14 +724,6 @@ 
                            
   
                          • TAG: v1.4.5
 
                            • 
   
                          • 
-!535 - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to !536 on main branch (@pboling)
                            • 
-  
                          • 
-!518 - Add extract_access_token option to OAuth2::Client (@jonspalmer)
                            • 
-  
                          • 
-!507 - Fix camel case content type, response keys (@anvox)
                            • 
-  
                          • 
-!500 - Fix YARD documentation formatting (@olleolleolle)
                            • 
-  
                          • 
 !535 - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to !536 on main branch (@pboling)
                            • 
   
                          • 
 !518 - Add extract_access_token option to OAuth2::Client (@jonspalmer)
                            • 
@@ -960,8 +739,6 @@ 
                            
   
                          • TAG: v1.4.4
 
                            • 
   
                          • 
-!408 - Fixed expires_at for formatted time (@Lomey)
                            • 
-  
                          • 
 !408 - Fixed expires_at for formatted time (@Lomey)
                            • 
 
                          
 
@@ -971,10 +748,6 @@ 
                          
   
                        • TAG: v1.4.3
 
                          • 
   
                        • 
-!483 - add project metadata to gemspec (@orien)
                          • 
-  
                        • 
-!495 - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
                          • 
-  
                        • 
 !483 - add project metadata to gemspec (@orien)
                          • 
   
                        • 
 !495 - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
@@ -983,8 +756,6 @@ 
                          
     
                        
   
                        • 
   
                      • 
-!433 - allow field names with square brackets and numbers in params (@asm256)
                        • 
-  
                      • 
 !433 - allow field names with square brackets and numbers in params (@asm256)
                        • 
 
                      
 
@@ -994,8 +765,6 @@ 
                      
   
                    • TAG: v1.4.2
 
                      • 
   
                    • 
-!478 - support latest version of faraday & fix build (@pboling)
                      • 
-  
                    • 
 !478 - support latest version of faraday & fix build (@pboling)
     
                        
       
                      • Officially support Ruby 2.6 and truffleruby
                        • 
@@ -1009,20 +778,6 @@ 
                        
   
                      • TAG: v1.4.1
 
                        • 
   
                      • 
-!417 - update jwt dependency (@thewoolleyman)
                        • 
-  
                      • 
-!419 - remove rubocop dependency (temporary, added back in !423) (@pboling)
                        • 
-  
                      • 
-!418 - update faraday dependency (@pboling)
                        • 
-  
                      • 
-!420 - update oauth2.gemspec (@pboling)
                        • 
-  
                      • 
-!421 - fix CHANGELOG.md for previous releases (@pboling)
                        • 
-  
                      • 
-!422 - update LICENSE and README.md (@pboling)
                        • 
-  
                      • 
-!423 - update builds, Rakefile (@pboling)
                        • 
-  
                      • 
 !417 - update jwt dependency (@thewoolleyman)
                        • 
   
                      • 
 !419 - remove rubocop dependency (temporary, added back in !423) (@pboling)
                        • 
@@ -1121,10 +876,10 @@ 
                        
 1.0.0 - 2014-07-09
                        
 
                          
   
                        • TAG: v1.0.0
-    
                          Added
                          
+    
                          Added
                          
   
                          • 
   
                        • Add an implementation of the MAC token spec.
-    
                          Fixed
                          
+    
                          Fixed
                          
   
                          • 
   
                        • Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
                          • 
 
                        
@@ -1133,7 +888,7 @@ 
                        
 0.5.0 - 2011-07-29
                        
 
                          
   
                        • TAG: v0.5.0
-    
                          Changed
                          
+    
                          Changed
                          
   
                          • 
   
                        • 
 breaking oauth_token renamed to oauth_bearer.
                          • 
@@ -1283,7 +1038,7 @@ 
                          
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 4b363e04..5ef04f4b 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 9ab02890..d2fc3603 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                          Attribution
                          
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 69263c84..9b453235 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -63,8 +63,7 @@
 This project should be a safe, welcoming space for collaboration, so contributors agree to adhere to
                          
 the code of conduct.
                          
 
-
                          To submit a patch, please fork the project, create a patch with tests, and send a pull request.
                          
-Post a message to the google group if you want to.
                          
+
                          To submit a patch, please fork the project, create a patch with tests, and send a pull request.
                          
 
 
                          Remember to Keep A Changelog if you make changes.
                          
 
@@ -84,6 +83,35 @@ 
                          Help out!
                          
   
                        • Create new Pull Request.
                          • 
 
 
+
                          Executables vs Rake tasks
                          
+
+
                          Executables shipped by oauth2 can be used with or without generating the binstubs.
                          
+They will work when oauth2 is installed globally (i.e., gem install oauth2) and do not require that oauth2 be in your bundle.
                          
+
+
                            
+  
                          • kettle-changelog
                            • 
+  
                          • kettle-commit-msg
                            • 
+  
                          • oauth2-setup
                            • 
+  
                          • kettle-dvcs
                            • 
+  
                          • kettle-pre-release
                            • 
+  
                          • kettle-readme-backers
                            • 
+  
                          • kettle-release
                            • 
+
                          
+
+
                          However, the rake tasks provided by oauth2 do require oauth2 to be added as a development dependency and loaded in your Rakefile.
                          
+See the full list of rake tasks in head of Rakefile
                          
+
+
                          Gemfile
                          
+
                          group :development do
+  gem "oauth2", require: false
+end
+
                          
+
+
                          Rakefile
                          
+
                          # Rakefile
+require "oauth2"
+
                          
+
 
                          Environment Variables for Local Development
                          
 
 
                          Below are the primary environment variables recognized by stone_checksums (and its integrated tools). Unless otherwise noted, set boolean values to the string “true” to enable.
                          
@@ -159,9 +187,10 @@ 
                          Run Tests
                          
 
                          Spec organization (required)
                          
 
 
                            
-  
                          • For each class or module under lib/, keep all of its unit tests in a single spec file under spec/ that mirrors the path and file name (e.g., specs for lib/oauth2/release_cli.rb live in spec/oauth2/release_cli_spec.rb).
                            • 
-  
                          • Do not create ad-hoc “_more” or split spec files for the same class/module. Consolidate all unit tests into the main spec file for that class/module.
                            • 
-  
                          • Only integration scenarios that intentionally span multiple classes belong in spec/integration/.
                            • 
+  
                          • One spec file per class/module. For each class or module under lib/, keep all of its unit tests in a single spec file under spec/ that mirrors the path and file name exactly: lib/oauth2/release_cli.rb -> spec/oauth2/release_cli_spec.rb.
                            • 
+  
                          • Never add a second spec file for the same class/module. Examples of disallowed names: *_more_spec.rb, *_extra_spec.rb, *_status_spec.rb, or any other suffix that still targets the same class. If you find yourself wanting a second file, merge those examples into the canonical spec file for that class/module.
                            • 
+  
                          • Exception: Integration specs that intentionally span multiple classes. Place these under spec/integration/ (or a clearly named integration folder), and do not directly mirror a single class. Name them after the scenario, not a class.
                            • 
+  
                          • Migration note: If a duplicate spec file exists, move all examples into the canonical file and delete the duplicate. Do not leave stubs or empty files behind.
                            • 
 
                          
 
 
                          Lint It
                          
@@ -222,7 +251,11 @@ 
                          To release a new version:
                          
 
 
                          Automated process
                          
 
-
                          Run bundle exec kettle-release.
                          
+
                            
+  
                          1. Update version.rb to contian the correct version-to-be-released.
                            2. 
+  
                          2. Run bundle exec kettle-changelog.
                            3. 
+  
                          3. Run bundle exec kettle-release.
                            4. 
+
                          
 
 
                          Manual process
                          
 
@@ -275,7 +308,7 @@ 
                          Manual process
                          
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index b48ef0de..560c0cc2 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                          Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 6d677a46..ce620220 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                          MIT License

                          Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                          Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                          Permission is hereby granted, free of charge, to any person obtaining a copy
                          of this software and associated documentation files (the "Software"), to deal
                          in the Software without restriction, including without limitation the rights
                          to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                          copies of the Software, and to permit persons to whom the Software is
                          furnished to do so, subject to the following conditions:

                          The above copyright notice and this permission notice shall be included in all
                          copies or substantial portions of the Software.

                          THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                          IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                          FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                          AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                          LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                          OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                          SOFTWARE.
                          
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index c6d7b33c..4b19c806 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
                          Raw OIDC with ruby-oauth/oauth2
                          
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index a2501cf8..68a651dc 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -63,13 +63,13 @@ 
                          🔐 OAuth 2.0 Authorization Framewor
 
 
                          ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
                          
 
-
                          Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
                          
+
                          Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL
                          
 
-
                          If ☝️ ci_badges.map(&:color).detect { it != "green"}  let me know, as I may have missed the discord notification.
                          
+
                          if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
                          
 
 
                          
 
-
                          OTOH, if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
                          
+
                          if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
                          
 
 
                          OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                          
 
@@ -180,7 +180,7 @@ 
                          💡 Info you can shake a stick at
                          
     
                    
       Style
       
-Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits Compatibility appraised by: appraisal2
+Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits Compatibility appraised by: appraisal2
 
     
                    
     
                    
     
                    
       Maintainer 🎖️
       
-Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact Maintainer My technical writing
+Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact Maintainer My technical writing
 
     
                    
     
                    
-      
+      
@@ -285,7 +285,7 @@ 
                    Upgrading Runtime Gem DependenciesYou should upgrade this gem with confidence*.
                      
-  
                    • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer.
+  
                    • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer.
     
                        
       
                      • Dropping support for any of the runtime dependency versions above will be a major version bump.
                        • 
       
                      • If you aren’t on one of the minor versions above, make getting there a priority.
                        • 
@@ -315,7 +315,7 @@ 
                        You should upgrade this gem
 
                        Federated DVCS
                        
 
 
                        
-  Find this repo on other forges (Coming soon!)
+  Find this repo on other forges
 
 | Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
 |-----------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
@@ -820,6 +820,65 @@ 
                        OAuth2::AccessToken
                        
 a hash of the values), or from_kvform (if you have an
                        
 application/x-www-form-urlencoded encoded string of the values).
                        
 
+
                        Options (since v2.0.x unless noted):
                        
+
                          
+  
                        • 
+    
                    
   
     
                    
       🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎🔎 appraisal2 🔎 and the color 💚 green 💚
     
                    
                       
   
 
 
                    
+      
+        
+          
+          
+        
+      
+    
                    expires_latency (Integernil): Seconds to subtract from expires_in when computing #expired? to offset latency.
                    
+  
+  
                  • 
+    
+      
+        
+          
+          
+          
+        
+      
+    
                    token_name (StringSymbolnil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
                    
+  
                    • 
+  
                  • 
+    
+      
+        
+          
+          
+          
+        
+      
+    
                    mode (SymbolProcHash): Controls how the token is transmitted on requests made via this AccessToken instance.
                    
+    
                      
+      
                    • :header — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
+
                      • 
+      
                    • :query — Send as access_token query parameter (discouraged in general, but required by some providers).
                      • 
+      
                    • Verb-dependent (since v2.0.15): Provide either:
+        
                        
+          
                      • 
+            
+              
+                
+                  
+                  
+                  
+                
+              
+            
                        a Proc takingverband returning :header or :query, or
                        
+          
                        • 
+          
                      • a Hash with verb symbols as keys, for example: :query, post: :header, delete: :header.
                        • 
+        
                      
+      
                      • 
+    
                    
+  
                    • 
+
                  
+
+
                  Note: Verb-dependent mode was added in v2.0.15 to support providers like Instagram that require query mode for GET and header mode for POST/DELETE.
                  
+
 
                  OAuth2::Error
                  
 
 
                  On 400+ status code responses, an OAuth2::Error will be raised.  If it is a
                  
@@ -994,6 +1053,79 @@ 
                  Examples
                  
 
 
 
+
                  Instagram API (verb‑dependent token mode)
                  
+
+
                  Providers like Instagram require the access token to be sent differently depending on the HTTP verb:
                  
+
                    
+  
                  • GET requests: token must be in the query string (?access_token=…)
                    • 
+  
                  • POST/DELETE requests: token must be in the Authorization header (Bearer …)
                    • 
+
                  
+
+
                  Since v2.0.15, you can configure an AccessToken with a verb‑dependent mode. The gem will choose how to send the token based on the request method.
                  
+
+
                  Example: exchanging and refreshing long‑lived Instagram tokens, and making API calls
                  
+
+
                  require "oauth2"
+
+# NOTE: Users authenticate via Facebook Login to obtain a short‑lived user token (not shown here).
+# See Facebook Login docs for obtaining the initial short‑lived token.
+
+client = OAuth2::Client.new(nil, nil, site: "https://graph.instagram.com")
+
+# Start with a short‑lived token you already obtained via Facebook Login
+short_lived = OAuth2::AccessToken.new(
+  client,
+  ENV["IG_SHORT_LIVED_TOKEN"],
+  # Key part: verb‑dependent mode
+  mode: {get: :query, post: :header, delete: :header},
+)
+
+# 1) Exchange for a long‑lived token (Instagram requires GET with access_token in query)
+#    Endpoint: GET https://graph.instagram.com/access_token
+#    Params: grant_type=ig_exchange_token, client_secret=APP_SECRET
+exchange = short_lived.get(
+  "/access_token",
+  params: {
+    grant_type: "ig_exchange_token",
+    client_secret: ENV["IG_APP_SECRET"],
+    # access_token param will be added automatically by the AccessToken (mode => :query for GET)
+  },
+)
+long_lived_token_value = exchange.parsed["access_token"]
+
+long_lived = OAuth2::AccessToken.new(
+  client,
+  long_lived_token_value,
+  mode: {get: :query, post: :header, delete: :header},
+)
+
+# 2) Refresh the long‑lived token (Instagram uses GET with token in query)
+#    Endpoint: GET https://graph.instagram.com/refresh_access_token
+refresh_resp = long_lived.get(
+  "/refresh_access_token",
+  params: {grant_type: "ig_refresh_token"},
+)
+long_lived = OAuth2::AccessToken.new(
+  client,
+  refresh_resp.parsed["access_token"],
+  mode: {get: :query, post: :header, delete: :header},
+)
+
+# 3) Typical API GET request (token in query automatically)
+me = long_lived.get("/me", params: {fields: "id,username"}).parsed
+
+# 4) Example POST (token sent via Bearer header automatically)
+# Note: Replace the path/params with a real Instagram Graph API POST you need,
+# such as publishing media via the Graph API endpoints.
+# long_lived.post("/me/media", body: {image_url: "https://...", caption: "hello"})
+
                  
+
+
                  Tips:
                  
+
                    
+  
                  • Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
                    • 
+  
                  • If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
                    • 
+
                  
+
 
                  Refresh Tokens
                  
 
 
                  When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
                  
@@ -1448,7 +1580,7 @@ 
                  🤑 A request for help
                  
 
 
                  Live Chat on Discord
                  
 
-
                  To say “thanks for maintaining such a great tool” ☝️ Join the Discord or 👇️ send money.
                  
+
                  To say “thanks!” ☝️ Join the Discord or 👇️ send money.
                  
 
 
                  Sponsor ruby-oauth/oauth2 on Open Source Collective 💌 Sponsor me on GitHub Sponsors 💌 Sponsor me on Liberapay 💌 Donate on PayPal
                  
 
@@ -1461,8 +1593,8 @@ 
                  Please give the project a star ⭐ ♥
     rel="me" Social Proofs
   
 
-
-
+
+
 
 
 
@@ -1476,7 +1608,7 @@ 
                  Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index 3820ad01..bd056a06 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index c356839a..4e8301ae 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                  Benefits of rubocop_gradual
                  
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index d2aea7ee..97fa7b30 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -66,32 +66,16 @@ 
                  Supported Versions
                  
     
              
       Version
       SupportedPost-EOL / Enterprise
     
              
   
   
              2.latestTidelift Subscription
              
     
              
       1.latest
       Tidelift Subscription
              <= 1
     
              
                 
 
              
 
-
              EOL Policy
              
-
-
              Non-commercial support for the oldest version of Ruby (which itself is going EOL) will be dropped each year in April.
              
-
 
              Security contact information
              
 
 
              To report a security vulnerability, please use the
              
@@ -104,16 +88,10 @@ 
              Additional Support
              
 please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
              
 or find other sponsorship links in the README.
              
 
-
              Enterprise Support
              
-
-
              Available as part of the Tidelift Subscription.
              
-
-
              The maintainers of this library and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.
              
-
 
            
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 8c8b190e..11edd2ed 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index 418162db..a91fe62b 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index 6e7c3a0c..a08b0873 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index 41c84414..2f085919 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index ef605c3e..a8c8b02c 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index c0b336c1..73b4cbbc 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index b5615efd..66025eab 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index b4d3ea9c..a492a78b 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index 4511e72c..c155024b 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
index 0f3a1796..4810d937 100644
--- a/docs/file.oauth2-2.0.14.gem.html
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index cae2ccb7..3ed53f1b 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index 7aca41d4..a5939f29 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 306658cd..7f46af9a 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index 111a1dfe..11beef54 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/index.html b/docs/index.html
index aa23d0ad..754184ee 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -63,13 +63,13 @@ 
            🔐 OAuth 2.0 Authorization Framewor
 
 
            ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
            
 
-
            Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
            
+
            Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL
            
 
-
            If ☝️ ci_badges.map(&:color).detect { it != "green"}  let me know, as I may have missed the discord notification.
            
+
            if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
            
 
 
            
 
-
            OTOH, if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
            
+
            if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
            
 
 
            OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
            
 
@@ -180,7 +180,7 @@ 
            💡 Info you can shake a stick at
            
     
            
       Style
       
-Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits Compatibility appraised by: appraisal2
+Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits Compatibility appraised by: appraisal2
 
     
            
     
            
     
            
       Maintainer 🎖️
       
-Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact Maintainer My technical writing
+Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact Maintainer My technical writing
 
     
            
     
            
-      
+      
@@ -285,7 +285,7 @@ 
            Upgrading Runtime Gem DependenciesYou should upgrade this gem with confidence*.
              
-  
            • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer.
+  
            • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer.
     
                
       
              • Dropping support for any of the runtime dependency versions above will be a major version bump.
                • 
       
              • If you aren’t on one of the minor versions above, make getting there a priority.
                • 
@@ -315,7 +315,7 @@ 
                You should upgrade this gem
 
                Federated DVCS
                
 
 
                
-  Find this repo on other forges (Coming soon!)
+  Find this repo on other forges
 
 | Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
 |-----------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
@@ -820,6 +820,65 @@ 
                OAuth2::AccessToken
                
 a hash of the values), or from_kvform (if you have an
                
 application/x-www-form-urlencoded encoded string of the values).
                
 
+
                Options (since v2.0.x unless noted):
                
+
                  
+  
                • 
+    
            
   
     
            
       🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎🔎 appraisal2 🔎 and the color 💚 green 💚
     
            
               
   
 
 
            
+      
+        
+          
+          
+        
+      
+    
            expires_latency (Integernil): Seconds to subtract from expires_in when computing #expired? to offset latency.
            
+  
+  
          • 
+    
+      
+        
+          
+          
+          
+        
+      
+    
            token_name (StringSymbolnil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
            
+  
            • 
+  
          • 
+    
+      
+        
+          
+          
+          
+        
+      
+    
            mode (SymbolProcHash): Controls how the token is transmitted on requests made via this AccessToken instance.
            
+    
              
+      
            • :header — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
+
              • 
+      
            • :query — Send as access_token query parameter (discouraged in general, but required by some providers).
              • 
+      
            • Verb-dependent (since v2.0.15): Provide either:
+        
                
+          
              • 
+            
+              
+                
+                  
+                  
+                  
+                
+              
+            
                a Proc takingverband returning :header or :query, or
                
+          
                • 
+          
              • a Hash with verb symbols as keys, for example: :query, post: :header, delete: :header.
                • 
+        
              
+      
              • 
+    
            
+  
            • 
+
+
+
            Note: Verb-dependent mode was added in v2.0.15 to support providers like Instagram that require query mode for GET and header mode for POST/DELETE.
            
+
 
            OAuth2::Error
            
 
 
            On 400+ status code responses, an OAuth2::Error will be raised.  If it is a
            
@@ -994,6 +1053,79 @@ 
            Examples
            
 
 
 
+
            Instagram API (verb‑dependent token mode)
            
+
+
            Providers like Instagram require the access token to be sent differently depending on the HTTP verb:
            
+
              
+  
            • GET requests: token must be in the query string (?access_token=…)
              • 
+  
            • POST/DELETE requests: token must be in the Authorization header (Bearer …)
              • 
+
            
+
+
            Since v2.0.15, you can configure an AccessToken with a verb‑dependent mode. The gem will choose how to send the token based on the request method.
            
+
+
            Example: exchanging and refreshing long‑lived Instagram tokens, and making API calls
            
+
+
            require "oauth2"
+
+# NOTE: Users authenticate via Facebook Login to obtain a short‑lived user token (not shown here).
+# See Facebook Login docs for obtaining the initial short‑lived token.
+
+client = OAuth2::Client.new(nil, nil, site: "https://graph.instagram.com")
+
+# Start with a short‑lived token you already obtained via Facebook Login
+short_lived = OAuth2::AccessToken.new(
+  client,
+  ENV["IG_SHORT_LIVED_TOKEN"],
+  # Key part: verb‑dependent mode
+  mode: {get: :query, post: :header, delete: :header},
+)
+
+# 1) Exchange for a long‑lived token (Instagram requires GET with access_token in query)
+#    Endpoint: GET https://graph.instagram.com/access_token
+#    Params: grant_type=ig_exchange_token, client_secret=APP_SECRET
+exchange = short_lived.get(
+  "/access_token",
+  params: {
+    grant_type: "ig_exchange_token",
+    client_secret: ENV["IG_APP_SECRET"],
+    # access_token param will be added automatically by the AccessToken (mode => :query for GET)
+  },
+)
+long_lived_token_value = exchange.parsed["access_token"]
+
+long_lived = OAuth2::AccessToken.new(
+  client,
+  long_lived_token_value,
+  mode: {get: :query, post: :header, delete: :header},
+)
+
+# 2) Refresh the long‑lived token (Instagram uses GET with token in query)
+#    Endpoint: GET https://graph.instagram.com/refresh_access_token
+refresh_resp = long_lived.get(
+  "/refresh_access_token",
+  params: {grant_type: "ig_refresh_token"},
+)
+long_lived = OAuth2::AccessToken.new(
+  client,
+  refresh_resp.parsed["access_token"],
+  mode: {get: :query, post: :header, delete: :header},
+)
+
+# 3) Typical API GET request (token in query automatically)
+me = long_lived.get("/me", params: {fields: "id,username"}).parsed
+
+# 4) Example POST (token sent via Bearer header automatically)
+# Note: Replace the path/params with a real Instagram Graph API POST you need,
+# such as publishing media via the Graph API endpoints.
+# long_lived.post("/me/media", body: {image_url: "https://...", caption: "hello"})
+
            
+
+
            Tips:
            
+
              
+  
            • Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
              • 
+  
            • If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
              • 
+
            
+
 
            Refresh Tokens
            
 
 
            When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
            
@@ -1448,7 +1580,7 @@ 
            🤑 A request for help
            
 
 
            Live Chat on Discord
            
 
-
            To say “thanks for maintaining such a great tool” ☝️ Join the Discord or 👇️ send money.
            
+
            To say “thanks!” ☝️ Join the Discord or 👇️ send money.
            
 
 
            Sponsor ruby-oauth/oauth2 on Open Source Collective 💌 Sponsor me on GitHub Sponsors 💌 Sponsor me on Liberapay 💌 Donate on PayPal
            
 
@@ -1461,8 +1593,8 @@ 
            Please give the project a star ⭐ ♥
     rel="me" Social Proofs
   
 
-
-
+
+
 
 
 
@@ -1476,7 +1608,7 @@ 
            Please give the project a star ⭐ ♥
 
            
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 91c7f665..9204eaf4 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
            Defined Under Namespace
            
 
 
       
diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb
index 201418e0..7d7683c0 100644
--- a/lib/oauth2/version.rb
+++ b/lib/oauth2/version.rb
@@ -2,6 +2,6 @@
 
 module OAuth2
   module Version
-    VERSION = "2.0.14"
+    VERSION = "2.0.15"
   end
 end

From cb2965b48205464f3a75669caf6a2a1658506eb4 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 8 Sep 2025 02:37:44 -0600
Subject: [PATCH 570/645] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20Checksums=20for?=
 =?UTF-8?q?=20v2.0.15?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

⚡️ A message from a fellow meat-based-AI ⚡️
- [❤️] Finely-crafted open-source tools like oauth2 (& many more) are a full-time endeavor.
- [❤️] Though I adore my work, it lacks financial sustainability.
- [❤️] Please, help me continue enhancing your tools by becoming a sponsor:
  - [💲] https://liberapay.com/pboling/donate
  - [💲] https://github.com/sponsors/pboling
---
 checksums/oauth2-2.0.15.gem.sha256 | 1 +
 checksums/oauth2-2.0.15.gem.sha512 | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 checksums/oauth2-2.0.15.gem.sha256
 create mode 100644 checksums/oauth2-2.0.15.gem.sha512

diff --git a/checksums/oauth2-2.0.15.gem.sha256 b/checksums/oauth2-2.0.15.gem.sha256
new file mode 100644
index 00000000..b7238cca
--- /dev/null
+++ b/checksums/oauth2-2.0.15.gem.sha256
@@ -0,0 +1 @@
+96ce2ca86cd06e80b0452e17c5bc0a1e349815d29c875a7951cdd8ff04743eab
\ No newline at end of file
diff --git a/checksums/oauth2-2.0.15.gem.sha512 b/checksums/oauth2-2.0.15.gem.sha512
new file mode 100644
index 00000000..f3899877
--- /dev/null
+++ b/checksums/oauth2-2.0.15.gem.sha512
@@ -0,0 +1 @@
+287a5d2cff87b4f37dde7b97f0fc31ee4c79edcc451b33694d1ba6f13d218cd04848780a857b94b93b656d6d81de4f4fcb4e8345f432cee17a6d96bd3f313df2
\ No newline at end of file

From 5fd877dd200ca0865d3410fd7868f3be90034e78 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 12 Sep 2025 22:52:56 -0600
Subject: [PATCH 571/645] =?UTF-8?q?=E2=9E=95=20Add=20webmock=20&=20vcr=20d?=
 =?UTF-8?q?irectly=20for=20CI?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/oauth2.iml    |  4 ++++
 .idea/vcs.xml       |  6 ++++++
 Gemfile.lock        | 12 ++++++++++++
 oauth2.gemspec      | 11 +++++------
 spec/spec_helper.rb |  8 ++++----
 5 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index 046be677..78c19b1d 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -27,6 +27,7 @@
     
     
     
+    
     
     
     
@@ -45,6 +46,7 @@
     
     
     
+    
     
     
     
@@ -129,7 +131,9 @@
     
     
     
+    
     
+    
     
     
     
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
index 35eb1ddf..7ddfc9ed 100755
--- a/.idea/vcs.xml
+++ b/.idea/vcs.xml
@@ -1,5 +1,11 @@
 
 
+  
+    
+      
+      
+    
+  
   
     
   
diff --git a/Gemfile.lock b/Gemfile.lock
index a666a693..a429b622 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -41,6 +41,9 @@ GEM
       bundler (>= 1.2.0, < 3)
       thor (~> 1.0)
     concurrent-ruby (1.3.5)
+    crack (1.0.0)
+      bigdecimal
+      rexml
     date (3.4.1)
     debug (1.11.0)
       irb (~> 1.10)
@@ -90,6 +93,7 @@ GEM
       version_gem (~> 1.1, >= 1.1.4)
     gitmoji-regex (1.0.3)
       version_gem (~> 1.1, >= 1.1.8)
+    hashdiff (1.2.1)
     hashie (5.0.0)
     io-console (0.8.1)
     irb (1.15.2)
@@ -305,7 +309,13 @@ GEM
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
     uri (1.0.3)
+    vcr (6.3.1)
+      base64
     version_gem (1.1.9)
+    webmock (3.25.1)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
     yard (0.9.37)
     yard-relative_markdown_links (0.5.0)
       nokogiri (>= 1.14.3, < 2)
@@ -349,6 +359,8 @@ DEPENDENCIES
   standard (>= 1.50)
   stone_checksums (~> 1.0, >= 1.0.2)
   stringio (>= 3.0)
+  vcr (>= 4)
+  webmock (>= 3)
   yard (~> 0.9, >= 0.9.37)
   yard-junk (~> 0.0, >= 0.0.10)!
   yard-relative_markdown_links (~> 0.5.0)
diff --git a/oauth2.gemspec b/oauth2.gemspec
index 9861f294..befa79e1 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -149,7 +149,6 @@ Thanks, @pboling / @galtzo
   #       and preferably a modular one (see gemfiles/modular/*.gemfile).
 
   spec.add_development_dependency("addressable", "~> 2.8", ">= 2.8.7")  # ruby >= 2.2
-  spec.add_development_dependency("backports", "~> 3.25", ">= 3.25.1")  # ruby >= 0
   spec.add_development_dependency("nkf", "~> 0.2")                      # ruby >= 2.3
   spec.add_development_dependency("rexml", "~> 3.2", ">= 3.2.5")        # ruby >= 0
 
@@ -187,9 +186,7 @@ Thanks, @pboling / @galtzo
   spec.add_development_dependency("gitmoji-regex", "~> 1.0", ">= 1.0.3")            # ruby >= 2.3.0
 
   # HTTP recording for deterministic specs
-  # It seems that somehow just having a newer version of appraisal installed breaks
-  #   Ruby 2.3 and 2.4 even if their bundle specifies an older version,
-  #   and as a result it can only be a dependency in the appraisals.
+  # Ruby 2.3 / 2.4 can fail with:
   # | An error occurred while loading spec_helper.
   # | Failure/Error: require "vcr"
   # |
@@ -199,6 +196,8 @@ Thanks, @pboling / @galtzo
   # | # ./spec/config/vcr.rb:3:in `'
   # | # ./spec/spec_helper.rb:8:in `require_relative'
   # | # ./spec/spec_helper.rb:8:in `'
-  # spec.add_development_dependency("vcr", ">= 4")                      # 6.0 claims to support ruby >= 2.3, but fails on ruby 2.4
-  # spec.add_development_dependency("webmock", ">= 3")               # Last version to support ruby >= 2.3
+  # So that's why we need backports.
+  spec.add_development_dependency("backports", "~> 3.25", ">= 3.25.1")  # ruby >= 0
+  spec.add_development_dependency("vcr", ">= 4")                      # 6.0 claims to support ruby >= 2.3, but fails on ruby 2.4
+  spec.add_development_dependency("webmock", ">= 3")                  # Last version to support ruby >= 2.3
 end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 524e83da..bd0d13c4 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -3,16 +3,16 @@
 # ensure test env
 ENV["RACK_ENV"] = "test"
 
-# Third Party Libraries
+# Global Extensions
+require_relative "ext/backports"
+
+# External libraries
 require "addressable/uri"
 require "rspec/pending_for"
 
 # Family libraries
 require "kettle/test/rspec"
 
-# Extensions
-require_relative "ext/backports"
-
 # Library Configs
 require_relative "config/debug"
 require_relative "config/multi_xml"

From 2df20a2eeca7784550095a1b11d9d1937b675960 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 12 Sep 2025 23:20:54 -0600
Subject: [PATCH 572/645] =?UTF-8?q?=F0=9F=91=B7=20Add=20Apache=20SkyWalkin?=
 =?UTF-8?q?g=20Eyes?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/license-eye.yml | 36 +++++++++++++++++++++++++++++++
 .licenserc.yaml                   |  3 +++
 CHANGELOG.md                      |  1 +
 3 files changed, 40 insertions(+)
 create mode 100644 .github/workflows/license-eye.yml
 create mode 100644 .licenserc.yaml

diff --git a/.github/workflows/license-eye.yml b/.github/workflows/license-eye.yml
new file mode 100644
index 00000000..20cfb379
--- /dev/null
+++ b/.github/workflows/license-eye.yml
@@ -0,0 +1,36 @@
+name: Apache SkyWalking Eyes
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches:
+      - 'main'
+      - '*-stable'
+    tags:
+      - '!*' # Do not execute on tags
+  pull_request:
+    branches:
+      - '*'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  # The concurrency group contains the workflow name and the branch name.
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  license-check:
+    if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Check Dependencies' License
+        uses: apache/skywalking-eyes/dependency@main
+        with:
+          config: .licenserc.yaml
diff --git a/.licenserc.yaml b/.licenserc.yaml
new file mode 100644
index 00000000..8e375875
--- /dev/null
+++ b/.licenserc.yaml
@@ -0,0 +1,3 @@
+dependency:
+  files:
+    - Gemfile.lock
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c4904aa9..41a21eeb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ## [Unreleased]
 ### Added
+- Apache SkyWalking Eyes dependency license check
 ### Changed
 ### Deprecated
 ### Removed

From c18db499e23df9d1b2574a23da25815fc02287ac Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 12 Sep 2025 23:50:35 -0600
Subject: [PATCH 573/645] =?UTF-8?q?=F0=9F=91=B7=20Disable=20workflows=20th?=
 =?UTF-8?q?at=20may=20interfere=20with=20Org-level=20Advanced=20Security?=
 =?UTF-8?q?=20Config?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- also discord-notifier.yml, as it is unused for now
---
 .github/{workflows => disabled-workflows}/codeql-analysis.yml   | 0
 .github/{workflows => disabled-workflows}/dependency-review.yml | 0
 .github/{workflows => disabled-workflows}/discord-notifier.yml  | 0
 3 files changed, 0 insertions(+), 0 deletions(-)
 rename .github/{workflows => disabled-workflows}/codeql-analysis.yml (100%)
 rename .github/{workflows => disabled-workflows}/dependency-review.yml (100%)
 rename .github/{workflows => disabled-workflows}/discord-notifier.yml (100%)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/disabled-workflows/codeql-analysis.yml
similarity index 100%
rename from .github/workflows/codeql-analysis.yml
rename to .github/disabled-workflows/codeql-analysis.yml
diff --git a/.github/workflows/dependency-review.yml b/.github/disabled-workflows/dependency-review.yml
similarity index 100%
rename from .github/workflows/dependency-review.yml
rename to .github/disabled-workflows/dependency-review.yml
diff --git a/.github/workflows/discord-notifier.yml b/.github/disabled-workflows/discord-notifier.yml
similarity index 100%
rename from .github/workflows/discord-notifier.yml
rename to .github/disabled-workflows/discord-notifier.yml

From 7b28cc03a067e90238d93b6f2def8cd484188f2d Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Sat, 13 Sep 2025 13:32:11 +0700
Subject: [PATCH 574/645] Update .licenserc.yaml

Co-authored-by: kezhenxu94 
Signed-off-by: |7eter l-|. l3oling 
---
 .licenserc.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.licenserc.yaml b/.licenserc.yaml
index 8e375875..0eb99818 100644
--- a/.licenserc.yaml
+++ b/.licenserc.yaml
@@ -1,3 +1,7 @@
+header:
+  license:
+    spdx-id: MIT
+
 dependency:
   files:
     - Gemfile.lock

From a16082bfe8cbf48da1bfcd53b7e22a120c74537d Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 13 Sep 2025 01:01:05 -0600
Subject: [PATCH 575/645] =?UTF-8?q?=F0=9F=92=9A=20cgi=20mostly=20removed?=
 =?UTF-8?q?=20from=20ruby-head,=20so=20add=20cgi=20as=20dev=20dependency?=
 =?UTF-8?q?=20-=20in=20support=20of=20vcr:=20https://github.com/vcr/vcr/is?=
 =?UTF-8?q?sues/1057?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Appraisals            | 2 ++
 gemfiles/head.gemfile | 1 +
 oauth2.gemspec        | 7 +++++--
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/Appraisals b/Appraisals
index 51465fb7..fb6a0995 100644
--- a/Appraisals
+++ b/Appraisals
@@ -30,6 +30,8 @@ end
 # Used for head (nightly) releases of ruby, truffleruby, and jruby.
 # Split into discrete appraisals if one of them needs a dependency locked discretely.
 appraise "head" do
+  # Why is gem "cgi" here? See: https://github.com/vcr/vcr/issues/1057
+  gem "cgi", ">= 0.5"
   gem "benchmark", "~> 0.4", ">= 0.4.1"
   eval_gemfile "modular/runtime_heads.gemfile"
 end
diff --git a/gemfiles/head.gemfile b/gemfiles/head.gemfile
index e6b6d80d..64bd1621 100644
--- a/gemfiles/head.gemfile
+++ b/gemfiles/head.gemfile
@@ -2,6 +2,7 @@
 
 source "https://rubygems.org/"
 
+gem "cgi", ">= 0.5"
 gem "benchmark", "~> 0.4", ">= 0.4.1"
 
 gemspec path: "../"
diff --git a/oauth2.gemspec b/oauth2.gemspec
index befa79e1..b3358902 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -198,6 +198,9 @@ Thanks, @pboling / @galtzo
   # | # ./spec/spec_helper.rb:8:in `'
   # So that's why we need backports.
   spec.add_development_dependency("backports", "~> 3.25", ">= 3.25.1")  # ruby >= 0
-  spec.add_development_dependency("vcr", ">= 4")                      # 6.0 claims to support ruby >= 2.3, but fails on ruby 2.4
-  spec.add_development_dependency("webmock", ">= 3")                  # Last version to support ruby >= 2.3
+  # In Ruby 3.5 (HEAD) the CGI library has been pared down, so we also need to depend on gem "cgi" for ruby@head
+  # This is done in the "head" appraisal.
+  # See: https://github.com/vcr/vcr/issues/1057
+  spec.add_development_dependency("vcr", ">= 4")                        # 6.0 claims to support ruby >= 2.3, but fails on ruby 2.4
+  spec.add_development_dependency("webmock", ">= 3")                    # Last version to support ruby >= 2.3
 end

From f554fbe01cf7fc614f37deddde47f1a667b650b7 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 13 Sep 2025 12:22:22 -0600
Subject: [PATCH 576/645] =?UTF-8?q?=F0=9F=92=9A=20Allow=20weak-compatible?=
 =?UTF-8?q?=20for=20Ruby?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Ruby packages declared as dependencies in gemspecs or Gemfiles are typically consumed as binaries;
- enable weak-compatibility so permissive and weak-copyleft combinations are treated as compatible
---
 .github/workflows/license-eye.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/license-eye.yml b/.github/workflows/license-eye.yml
index 20cfb379..d5e667dc 100644
--- a/.github/workflows/license-eye.yml
+++ b/.github/workflows/license-eye.yml
@@ -34,3 +34,7 @@ jobs:
         uses: apache/skywalking-eyes/dependency@main
         with:
           config: .licenserc.yaml
+          # Ruby packages declared as dependencies in gemspecs or Gemfiles are
+          #   typically consumed as binaries; enable weak-compatibility
+          #   so permissive and weak-copyleft combinations are treated as compatible.
+          flags: --weak-compatible

From 48f1579016f181b1f5b959083ce4649bc8c0a707 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 13 Sep 2025 17:55:22 -0600
Subject: [PATCH 577/645] =?UTF-8?q?=F0=9F=91=B7=20Add=20back=20codeql-anal?=
 =?UTF-8?q?ysis.yml=20and=20dependency-review.yml?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/{disabled-workflows => workflows}/codeql-analysis.yml   | 0
 .github/{disabled-workflows => workflows}/dependency-review.yml | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename .github/{disabled-workflows => workflows}/codeql-analysis.yml (100%)
 rename .github/{disabled-workflows => workflows}/dependency-review.yml (100%)

diff --git a/.github/disabled-workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
similarity index 100%
rename from .github/disabled-workflows/codeql-analysis.yml
rename to .github/workflows/codeql-analysis.yml
diff --git a/.github/disabled-workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
similarity index 100%
rename from .github/disabled-workflows/dependency-review.yml
rename to .github/workflows/dependency-review.yml

From 6b5ff6b93947da033d8ea7edf12c7483ffa3149a Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 13 Sep 2025 17:57:10 -0600
Subject: [PATCH 578/645] =?UTF-8?q?=F0=9F=93=9D=20Apache=20SkyWalking=20Ey?=
 =?UTF-8?q?es=20(badges)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index e3256c73..2493fec4 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@
 
 ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
 
-[![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL]
+[![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
 
 `if ci_badges.map(&:color).detect { it != "green"}` ☝️ [let me know][🖼️galtzo-discord], as I may have missed the [discord notification][🖼️galtzo-discord].
 
@@ -73,19 +73,19 @@ If it seems like you are in the wrong place, you might try one of these:
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                     |
-|-------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                     |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                       |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                    |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎13-cbs-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                       |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                    |
-| Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                       |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                                                               |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                             |
-| Support                 | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                              |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto] |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]              |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                          |
+|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                          |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                            |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                         |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎13-cbs-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                            |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                         |
+| Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                            |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                  |
+| Support                 | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                   |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                      |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                   |
 
 ### Compatibility
 
@@ -1507,6 +1507,8 @@ Thanks for RTFM. ☺️
 [🚎13-🔒️-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/locked_deps.yml/badge.svg
 [🚎14-🔓️-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/unlocked_deps.yml
 [🚎14-🔓️-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/unlocked_deps.yml/badge.svg
+[🚎15-🪪-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/license-eye.yml
+[🚎15-🪪-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/license-eye.yml/badge.svg
 [💎ruby-2.2i]: https://img.shields.io/badge/Ruby-2.2_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=white
 [💎ruby-2.3i]: https://img.shields.io/badge/Ruby-2.3-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
 [💎ruby-2.4i]: https://img.shields.io/badge/Ruby-2.4-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
@@ -1563,6 +1565,8 @@ Thanks for RTFM. ☺️
 [📄license]: LICENSE.txt
 [📄license-ref]: https://opensource.org/licenses/MIT
 [📄license-img]: https://img.shields.io/badge/License-MIT-259D6C.svg
+[📄license-compat]: https://www.apache.org/legal/resolved.html#category-a
+[📄license-compat-img]: https://img.shields.io/badge/Apache_Compatible:_Category_A-✓-259D6C.svg?style=flat&logo=Apache
 [📄ilo-declaration]: https://www.ilo.org/declaration/lang--en/index.htm
 [📄ilo-declaration-img]: https://img.shields.io/badge/ILO_Fundamental_Principles-✓-259D6C.svg?style=flat
 [🚎yard-current]: http://rubydoc.info/gems/oauth2

From f2d6152df7523f9b0470636cc1691369082c7e80 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 13 Sep 2025 17:58:31 -0600
Subject: [PATCH 579/645] =?UTF-8?q?=F0=9F=93=9D=20CHANGELOG.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 41a21eeb..1490f71a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,7 @@ Please file a bug if you notice a violation of semantic versioning.
 ### Added
 - Apache SkyWalking Eyes dependency license check
 ### Changed
+- Many improvements to make CI more resilient (past/future proof)
 ### Deprecated
 ### Removed
 ### Fixed

From ce89ee70dea2fcf88800d888d8c9cd4a61166917 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 13 Sep 2025 19:13:07 -0600
Subject: [PATCH 580/645] =?UTF-8?q?=F0=9F=9A=B8=20E2E=20Example?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md           |   9 +++
 README.md              |  57 ++++++++++++++++-
 config-ssl.json        |  22 +++++--
 docker-compose-ssl.yml |   4 +-
 examples/e2e.rb        | 138 +++++++++++++++++++++++++++++++++++++++++
 5 files changed, 223 insertions(+), 7 deletions(-)
 create mode 100644 examples/e2e.rb

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1490f71a..07e2476b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,12 +18,21 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ## [Unreleased]
 ### Added
+- E2E example using mock test server added in v2.0.11
+  - mock-oauth2-server upgraded to v2.3.0
+    - https://github.com/navikt/mock-oauth2-server
+  - `docker compose -f docker-compose-ssl.yml up -d --wait`
+  - `ruby examples/e2e.rb`
+  - `docker compose -f docker-compose-ssl.yml down`
+  - mock server readiness wait is 90s
+  - override via E2E_WAIT_TIMEOUT
 - Apache SkyWalking Eyes dependency license check
 ### Changed
 - Many improvements to make CI more resilient (past/future proof)
 ### Deprecated
 ### Removed
 ### Fixed
+
 ### Security
 
 ## [2.0.15] - 2025-09-08
diff --git a/README.md b/README.md
index 2493fec4..bd424dbb 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,7 @@ OAuth 2.0 focuses on client developer simplicity while providing specific author
     desktop applications, mobile phones, and living room devices.
 This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications.
 
-### Quick Example
+### Quick Examples
 
 
            
   Convert the following `curl` command into a token request using this gem...
@@ -61,6 +61,61 @@ NOTE: `header` - The content type specified in the `curl` is already the default
 
 
            
 
+
            
+Complete E2E single file script against [navikt/mock-oauth2-server](https://github.com/navikt/mock-oauth2-server)
+
+- E2E example using the mock test server added in v2.0.11
+
+```console
+docker compose -f docker-compose-ssl.yml up -d --wait
+ruby examples/e2e.rb
+# If your machine is slow or Docker pulls are cold, increase the wait:
+E2E_WAIT_TIMEOUT=120 ruby examples/e2e.rb
+# The mock server serves HTTP on 8080; the example points to http://localhost:8080 by default.
+```
+
+The output should be something like this:
+
+```console
+➜  ruby examples/e2e.rb
+Access token (truncated): eyJraWQiOiJkZWZhdWx0...
+userinfo status: 200
+userinfo body: {"sub" => "demo-sub", "aud" => ["demo-aud"], "nbf" => 1757816758000, "iss" => "http://localhost:8080/default", "exp" => 1757820358000, "iat" => 1757816758000, "jti" => "d63b97a7-ebe5-4dea-93e6-d542caba6104"}
+E2E complete
+```
+
+Make sure to shut down the mock server when you are done:
+
+```console
+docker compose -f docker-compose-ssl.yml down
+```
+
+Troubleshooting: validate connectivity to the mock server
+
+- Check container status and port mapping:
+    - docker compose -f docker-compose-ssl.yml ps
+- From the host, try the discovery URL directly (this is what the example uses by default):
+    - curl -v http://localhost:8080/default/.well-known/openid-configuration
+    - If that fails immediately, also try: curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration
+- From inside the container (to distinguish container vs host networking):
+    - docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration
+- Simple TCP probe from the host:
+    - nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'
+- Inspect which host port 8080 is bound to (should be 8080):
+    - docker inspect -f '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' oauth2-mock-oauth2-server-1
+- Look at server logs for readiness/errors:
+    - docker logs -n 200 oauth2-mock-oauth2-server-1
+- On Linux, ensure nothing else is bound to 8080 and that firewall/SELinux aren’t blocking:
+    - ss -ltnp | grep :8080
+
+Notes
+- Discovery URL pattern is: http://localhost:8080//.well-known/openid-configuration, where  defaults to "default".
+- You can change these with env vars when running the example:
+    - E2E_ISSUER_BASE (default: http://localhost:8080)
+    - E2E_REALM (default: default)
+
+
            
+
 If it seems like you are in the wrong place, you might try one of these:
 
 * [OAuth 2.0 Spec][oauth2-spec]
diff --git a/config-ssl.json b/config-ssl.json
index f0a8da2e..f906d9e2 100644
--- a/config-ssl.json
+++ b/config-ssl.json
@@ -1,7 +1,21 @@
 {
   "interactiveLogin": true,
   "httpServer": {
-    "type": "NettyWrapper",
-    "ssl": {}
-  }
-}
\ No newline at end of file
+    "type": "NettyWrapper"
+  },
+  "tokenCallbacks": [
+    {
+      "issuerId": "default",
+      "requestMappings": [
+        {
+          "requestParam": "grant_type",
+          "match": "client_credentials",
+          "claims": {
+            "sub": "demo-sub",
+            "aud": ["demo-aud"]
+          }
+        }
+      ]
+    }
+  ]
+}
diff --git a/docker-compose-ssl.yml b/docker-compose-ssl.yml
index 9a17fbba..f482d41d 100644
--- a/docker-compose-ssl.yml
+++ b/docker-compose-ssl.yml
@@ -1,9 +1,9 @@
 services:
   mock-oauth2-server:
-    image: ghcr.io/navikt/mock-oauth2-server:2.1.11
+    image: ghcr.io/navikt/mock-oauth2-server:2.3.0
+    restart: unless-stopped
     ports:
       - "8080:8080"
-    hostname: host.docker.internal
     volumes:
       - ./config-ssl.json:/app/config.json:Z
     environment:
diff --git a/examples/e2e.rb b/examples/e2e.rb
new file mode 100644
index 00000000..22329c1a
--- /dev/null
+++ b/examples/e2e.rb
@@ -0,0 +1,138 @@
+# frozen_string_literal: true
+
+# End-to-end example using oauth2 gem against a local mock-oauth2-server.
+# Prerequisites:
+#   1) Start the mock server (HTTP on 8080):
+#        docker compose -f docker-compose-ssl.yml up -d --wait
+#   2) Run this script:
+#        ruby examples/e2e.rb
+#   3) Stop the server when you're done:
+#        docker compose -f docker-compose-ssl.yml down
+# Notes:
+#   - The mock server uses a self-signed certificate. SSL verification is disabled in this example.
+#   - Tested down to Ruby 2.4 (avoid newer syntax).
+
+require "oauth2"
+require "json"
+require "net/http"
+require "uri"
+
+module E2E
+  class ClientCredentialsDemo
+    attr_reader :client_id, :client_secret, :issuer_base, :realm
+
+    # issuer_base: e.g., https://localhost:8080
+    # realm: mock-oauth2-server issuer id ("default" by default)
+    def initialize(client_id, client_secret, issuer_base, realm)
+      @client_id = client_id
+      @client_secret = client_secret
+      @issuer_base = issuer_base
+      @realm = realm
+    end
+
+    def run
+      wait_for_server_ready
+      well_known = discover
+      token = fetch_token(well_known)
+      puts "Access token (truncated): #{token.token[0, 20]}..."
+      call_userinfo(well_known, token)
+      puts "E2E complete"
+    end
+
+  private
+
+    def discovery_url
+      File.join(@issuer_base, @realm, "/.well-known/openid-configuration")
+    end
+
+    def wait_for_server_ready(timeout = nil)
+      timeout = (timeout || ENV["E2E_WAIT_TIMEOUT"] || 90).to_i
+      uri = URI(discovery_url)
+      deadline = Time.now + timeout
+      announced = false
+      loop do
+        begin
+          http = Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = uri.scheme == "https"
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          req = Net::HTTP::Get.new(uri.request_uri)
+          res = http.request(req)
+          return if res.code.to_i == 200
+        rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH, Errno::ECONNRESET, SocketError, EOFError, OpenSSL::SSL::SSLError
+          # ignore and retry until timeout
+        end
+        unless announced
+          puts "Waiting for mock OAuth2 server at #{uri} ..."
+          announced = true
+        end
+        break if Time.now >= deadline
+        sleep(0.5)
+      end
+      raise "Server not reachable at #{uri} within #{timeout}s. Ensure it's running: docker compose -f docker-compose-ssl.yml up -d --wait. You can increase the wait by setting E2E_WAIT_TIMEOUT (seconds)."
+    end
+
+    def discover
+      uri = URI(discovery_url)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = uri.scheme == "https"
+      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      req = Net::HTTP::Get.new(uri.request_uri)
+      res = http.request(req)
+      unless res.code.to_i == 200
+        raise "Discovery failed: #{res.code} #{res.message} - #{res.body}"
+      end
+      data = JSON.parse(res.body)
+      # Expect token_endpoint and possibly userinfo_endpoint
+      data
+    end
+
+    def fetch_token(well_known)
+      client = OAuth2::Client.new(
+        @client_id,
+        @client_secret,
+        site: @issuer_base,
+        token_url: URI.parse(well_known["token_endpoint"]).request_uri,
+        ssl: {verify: false},
+        auth_scheme: :request_body, # send client creds in request body (compatible default for mock servers)
+      )
+      # Use client_credentials grant
+      client.client_credentials.get_token
+    end
+
+    def call_userinfo(well_known, token)
+      userinfo = well_known["userinfo_endpoint"]
+      unless userinfo
+        puts "No userinfo_endpoint advertised by server; skipping userinfo call."
+        return
+      end
+      uri = URI(userinfo)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = uri.scheme == "https"
+      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      req = Net::HTTP::Get.new(uri.request_uri)
+      req["Authorization"] = "Bearer #{token.token}"
+      res = http.request(req)
+      puts "userinfo status: #{res.code} #{res.message}"
+      if res.code.to_i == 200
+        begin
+          body = JSON.parse(res.body)
+        rescue StandardError
+          body = res.body
+        end
+        puts "userinfo body: #{body.inspect}"
+      else
+        puts "userinfo error body: #{res.body}"
+      end
+    end
+  end
+end
+
+if __FILE__ == $PROGRAM_NAME
+  # These must match the mock server configuration (see config-ssl.json)
+  client_id = ENV["E2E_CLIENT_ID"] || "demo-client"
+  client_secret = ENV["E2E_CLIENT_SECRET"] || "demo-secret"
+  issuer_base = ENV["E2E_ISSUER_BASE"] || "http://localhost:8080/"
+  realm = ENV["E2E_REALM"] || "default"
+
+  E2E::ClientCredentialsDemo.new(client_id, client_secret, issuer_base, realm).run
+end

From b7baa2eb558ff5a3d1edee6cfbf7f738cfcc6f16 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 14 Sep 2025 14:49:23 -0600
Subject: [PATCH 581/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20kettle-dev=20v1.1.?=
 =?UTF-8?q?19?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/oauth2.iml          |  4 ----
 Appraisals                |  6 +++---
 CHANGELOG.md              |  1 -
 Gemfile.lock              | 24 ++++++++++++------------
 README.md                 | 14 ++++++++------
 gemfiles/audit.gemfile    |  2 +-
 gemfiles/coverage.gemfile |  2 +-
 gemfiles/style.gemfile    |  2 +-
 8 files changed, 26 insertions(+), 29 deletions(-)

diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index 78c19b1d..046be677 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -27,7 +27,6 @@
     
     
     
-    
     
     
     
@@ -46,7 +45,6 @@
     
     
     
-    
     
     
     
@@ -131,9 +129,7 @@
     
     
     
-    
     
-    
     
     
     
diff --git a/Appraisals b/Appraisals
index fb6a0995..d8be6662 100644
--- a/Appraisals
+++ b/Appraisals
@@ -196,7 +196,7 @@ appraise "audit" do
   eval_gemfile "modular/logger_v1_7.gemfile"
   eval_gemfile "modular/multi_xml_v0_7.gemfile"
   eval_gemfile "modular/rack_v3.gemfile"
-  eval_gemfile "modular/x_std_libs/r3/libs.gemfile"
+  eval_gemfile "modular/x_std_libs.gemfile"
 end
 
 # Only run coverage on the latest version of Ruby
@@ -209,11 +209,11 @@ appraise "coverage" do
   eval_gemfile "modular/multi_xml_v0_7.gemfile"
   eval_gemfile "modular/optional.gemfile"
   eval_gemfile "modular/rack_v3.gemfile"
-  eval_gemfile "modular/x_std_libs/r3/libs.gemfile"
+  eval_gemfile "modular/x_std_libs.gemfile"
 end
 
 # Only run linter on the latest version of Ruby (but, in support of oldest supported Ruby version)
 appraise "style" do
   eval_gemfile "modular/style.gemfile"
-  eval_gemfile "modular/x_std_libs/r3/libs.gemfile"
+  eval_gemfile "modular/x_std_libs.gemfile"
 end
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 07e2476b..26bef65a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,7 +32,6 @@ Please file a bug if you notice a violation of semantic versioning.
 ### Deprecated
 ### Removed
 ### Fixed
-
 ### Security
 
 ## [2.0.15] - 2025-09-08
diff --git a/Gemfile.lock b/Gemfile.lock
index a429b622..efa574d8 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -103,7 +103,7 @@ GEM
     json (2.13.2)
     jwt (3.1.2)
       base64
-    kettle-dev (1.1.9)
+    kettle-dev (1.1.19)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)
@@ -145,7 +145,7 @@ GEM
     pp (0.6.2)
       prettyprint
     prettyprint (0.2.0)
-    prism (1.4.0)
+    prism (1.5.1)
     psych (5.2.6)
       date
       stringio
@@ -154,7 +154,7 @@ GEM
     rack (3.2.1)
     rainbow (3.1.1)
     rake (13.3.0)
-    rbs (3.9.4)
+    rbs (3.9.5)
       logger
     rdoc (6.14.2)
       erb
@@ -170,7 +170,7 @@ GEM
       io-console (~> 0.5)
     require_bench (1.0.4)
       version_gem (>= 1.1.3, < 4)
-    rexml (3.4.3)
+    rexml (3.4.4)
     rspec (3.13.1)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
@@ -193,7 +193,7 @@ GEM
     rspec-support (3.13.5)
     rspec_junit_formatter (0.6.0)
       rspec-core (>= 2, < 4, != 2.12.0)
-    rubocop (1.75.8)
+    rubocop (1.80.2)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -201,7 +201,7 @@ GEM
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.44.0, < 2.0)
+      rubocop-ast (>= 1.46.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
     rubocop-ast (1.46.0)
@@ -276,10 +276,10 @@ GEM
     snaky_hash (2.0.3)
       hashie (>= 0.1.0, < 6)
       version_gem (>= 1.1.8, < 3)
-    standard (1.50.0)
+    standard (1.51.1)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)
-      rubocop (~> 1.75.5)
+      rubocop (~> 1.80.2)
       standard-custom (~> 1.0.0)
       standard-performance (~> 1.8)
     standard-custom (1.0.2)
@@ -305,9 +305,9 @@ GEM
       delegate (~> 0.1)
       rspec (~> 3.0)
       timecop (>= 0.7, < 1)
-    unicode-display_width (3.1.5)
-      unicode-emoji (~> 4.0, >= 4.0.4)
-    unicode-emoji (4.0.4)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.1.0)
     uri (1.0.3)
     vcr (6.3.1)
       base64
@@ -366,4 +366,4 @@ DEPENDENCIES
   yard-relative_markdown_links (~> 0.5.0)
 
 BUNDLED WITH
-   2.7.1
+   2.7.2
diff --git a/README.md b/README.md
index bd424dbb..50ef403e 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@
 
 `if ci_badges.map(&:color).all? { it == "green"}` 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
 
-[![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
+[![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate at ko-fi.com][🖇kofi-img]][🖇kofi]
 
 ## 🌻 Synopsis
 
@@ -133,12 +133,12 @@ If it seems like you are in the wrong place, you might try one of these:
 | Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                          |
 | Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                            |
 | Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                         |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎13-cbs-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                            |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                              |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                       |
 | Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                         |
 | Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                            |
 | Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
 | Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                  |
-| Support                 | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                   |
 | Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                      |
 | `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                   |
 
@@ -1461,7 +1461,9 @@ Thanks for RTFM. ☺️
 [🖇floss-funding.dev]: https://floss-funding.dev
 [🖇floss-funding-gem]: https://github.com/galtzo-floss/floss_funding
 [✉️discord-invite]: https://discord.gg/3qme4XHNKN
-[✉️discord-invite-img-ftb]: https://img.shields.io/discord/1373797679469170758?style=for-the-badge
+[✉️discord-invite-img-ftb]: https://img.shields.io/discord/1373797679469170758?style=for-the-badge&logo=discord
+[✉️ruby-friends-img]: https://img.shields.io/badge/daily.dev-%F0%9F%92%8E_Ruby_Friends-0A0A0A?style=for-the-badge&logo=dailydotdev&logoColor=white
+[✉️ruby-friends]: https://app.daily.dev/squads/rubyfriends
 
 [⛳gg-discussions]: https://groups.google.com/g/oauth-ruby
 [⛳gg-discussions-img]: https://img.shields.io/badge/google-group-0093D0.svg?style=for-the-badge&logo=google&logoColor=orange
@@ -1620,8 +1622,8 @@ Thanks for RTFM. ☺️
 [📄license]: LICENSE.txt
 [📄license-ref]: https://opensource.org/licenses/MIT
 [📄license-img]: https://img.shields.io/badge/License-MIT-259D6C.svg
-[📄license-compat]: https://www.apache.org/legal/resolved.html#category-a
-[📄license-compat-img]: https://img.shields.io/badge/Apache_Compatible:_Category_A-✓-259D6C.svg?style=flat&logo=Apache
+[📄license-compat]: https://dev.to/galtzo/how-to-check-license-compatibility-41h0
+[📄license-compat-img]: https://img.shields.io/badge/Apache_Compatible:_Category_A-%E2%9C%93-259D6C.svg?style=flat&logo=Apache
 [📄ilo-declaration]: https://www.ilo.org/declaration/lang--en/index.htm
 [📄ilo-declaration-img]: https://img.shields.io/badge/ILO_Fundamental_Principles-✓-259D6C.svg?style=flat
 [🚎yard-current]: http://rubydoc.info/gems/oauth2
diff --git a/gemfiles/audit.gemfile b/gemfiles/audit.gemfile
index 82550001..0c4b0dc8 100644
--- a/gemfiles/audit.gemfile
+++ b/gemfiles/audit.gemfile
@@ -18,4 +18,4 @@ eval_gemfile("modular/multi_xml_v0_7.gemfile")
 
 eval_gemfile("modular/rack_v3.gemfile")
 
-eval_gemfile("modular/x_std_libs/r3/libs.gemfile")
+eval_gemfile("modular/x_std_libs.gemfile")
diff --git a/gemfiles/coverage.gemfile b/gemfiles/coverage.gemfile
index 0bb1d61f..5190ee5c 100644
--- a/gemfiles/coverage.gemfile
+++ b/gemfiles/coverage.gemfile
@@ -20,4 +20,4 @@ eval_gemfile("modular/optional.gemfile")
 
 eval_gemfile("modular/rack_v3.gemfile")
 
-eval_gemfile("modular/x_std_libs/r3/libs.gemfile")
+eval_gemfile("modular/x_std_libs.gemfile")
diff --git a/gemfiles/style.gemfile b/gemfiles/style.gemfile
index 4fd57066..58d3714e 100644
--- a/gemfiles/style.gemfile
+++ b/gemfiles/style.gemfile
@@ -6,4 +6,4 @@ gemspec path: "../"
 
 eval_gemfile("modular/style.gemfile")
 
-eval_gemfile("modular/x_std_libs/r3/libs.gemfile")
+eval_gemfile("modular/x_std_libs.gemfile")

From 8e70e641609cd305dae6ee56bbc6a80fd5840cb5 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 14 Sep 2025 15:10:29 -0600
Subject: [PATCH 582/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=20v2.0?=
 =?UTF-8?q?.16?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

⚡️ A message from a fellow meat-based-AI ⚡️
- [❤️] Finely-crafted open-source tools like oauth2 (& many more) are a full-time endeavor.
- [❤️] Though I adore my work, it lacks financial sustainability.
- [❤️] Please, help me continue enhancing your tools by becoming a sponsor:
  - [💲] https://liberapay.com/pboling/donate
  - [💲] https://github.com/sponsors/pboling
---
 CHANGELOG.md                                  |   31 +-
 Gemfile.lock                                  |    2 +-
 README.md                                     |    2 +-
 docs/OAuth2.html                              |    2 +-
 docs/OAuth2/AccessToken.html                  |    2 +-
 docs/OAuth2/Authenticator.html                |    2 +-
 docs/OAuth2/Client.html                       |    2 +-
 docs/OAuth2/Error.html                        |    2 +-
 docs/OAuth2/FilteredAttributes.html           |    2 +-
 .../FilteredAttributes/ClassMethods.html      |    2 +-
 docs/OAuth2/Response.html                     |    2 +-
 docs/OAuth2/Strategy.html                     |    2 +-
 docs/OAuth2/Strategy/Assertion.html           |    2 +-
 docs/OAuth2/Strategy/AuthCode.html            |    2 +-
 docs/OAuth2/Strategy/Base.html                |    2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |    2 +-
 docs/OAuth2/Strategy/Implicit.html            |    2 +-
 docs/OAuth2/Strategy/Password.html            |    2 +-
 docs/OAuth2/Version.html                      |    4 +-
 docs/_index.html                              |   18 +-
 docs/file.CHANGELOG.html                      |   89 +-
 docs/file.CITATION.html                       |    2 +-
 docs/file.CODE_OF_CONDUCT.html                |    2 +-
 docs/file.CONTRIBUTING.html                   |    2 +-
 docs/file.FUNDING.html                        |    2 +-
 docs/file.LICENSE.html                        |    2 +-
 docs/file.OIDC.html                           |    2 +-
 docs/file.README.html                         | 1702 +++++++++--------
 docs/file.REEK.html                           |    2 +-
 docs/file.RUBOCOP.html                        |    2 +-
 docs/file.SECURITY.html                       |    2 +-
 docs/file.access_token.html                   |    2 +-
 docs/file.authenticator.html                  |    2 +-
 docs/file.client.html                         |    2 +-
 docs/file.error.html                          |    2 +-
 docs/file.filtered_attributes.html            |    2 +-
 docs/file.oauth2-2.0.10.gem.html              |    2 +-
 docs/file.oauth2-2.0.11.gem.html              |    2 +-
 docs/file.oauth2-2.0.12.gem.html              |    2 +-
 docs/file.oauth2-2.0.13.gem.html              |    2 +-
 docs/file.oauth2-2.0.14.gem.html              |    2 +-
 docs/file.oauth2-2.0.15.gem.html              |   71 +
 docs/file.oauth2.html                         |    2 +-
 docs/file.response.html                       |    2 +-
 docs/file.strategy.html                       |    2 +-
 docs/file.version.html                        |    2 +-
 docs/file_list.html                           |   20 +-
 docs/index.html                               | 1702 +++++++++--------
 docs/top-level-namespace.html                 |    2 +-
 lib/oauth2/version.rb                         |    2 +-
 50 files changed, 2033 insertions(+), 1688 deletions(-)
 create mode 100644 docs/file.oauth2-2.0.15.gem.html

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 26bef65a..8d33c60a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,7 +18,19 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ## [Unreleased]
 ### Added
-- E2E example using mock test server added in v2.0.11
+### Changed
+### Deprecated
+### Removed
+### Fixed
+### Security
+
+## [2.0.16] - 2025-09-14
+- TAG: [v2.0.16][2.0.16t]
+- COVERAGE: 96.33% -- 394/409 lines in 14 files
+- BRANCH COVERAGE: 86.49% -- 64/74 branches in 14 files
+- 90.48% documented
+### Added
+- [gh!680—][gh!680]E2E example using mock test server added in v2.0.11 by @pboling
   - mock-oauth2-server upgraded to v2.3.0
     - https://github.com/navikt/mock-oauth2-server
   - `docker compose -f docker-compose-ssl.yml up -d --wait`
@@ -26,13 +38,16 @@ Please file a bug if you notice a violation of semantic versioning.
   - `docker compose -f docker-compose-ssl.yml down`
   - mock server readiness wait is 90s
   - override via E2E_WAIT_TIMEOUT
-- Apache SkyWalking Eyes dependency license check
+- [gh!676][gh!676], [gh!679][gh!679] - Apache SkyWalking Eyes dependency license check by @pboling
 ### Changed
-- Many improvements to make CI more resilient (past/future proof)
-### Deprecated
-### Removed
-### Fixed
+- [gh!678][gh!678] - Many improvements to make CI more resilient (past/future proof) by @pboling
+- [gh!681][gh!681] - Upgrade to kettle-dev v1.1.19
 ### Security
+[gh!676]: https://github.com/ruby-oauth/oauth2/pull/676
+[gh!678]: https://github.com/ruby-oauth/oauth2/pull/678
+[gh!679]: https://github.com/ruby-oauth/oauth2/pull/679
+[gh!680]: https://github.com/ruby-oauth/oauth2/pull/680
+[gh!681]: https://github.com/ruby-oauth/oauth2/pull/681
 
 ## [2.0.15] - 2025-09-08
 - TAG: [v2.0.15][2.0.15t]
@@ -540,7 +555,9 @@ Please file a bug if you notice a violation of semantic versioning.
 
 [gemfiles/readme]: gemfiles/README.md
 
-[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.15...HEAD
+[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.16...HEAD
+[2.0.16]: https://github.com/ruby-oauth/oauth2/compare/v2.0.15...v2.0.16
+[2.0.16t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.16
 [2.0.15]: https://github.com/ruby-oauth/oauth2/compare/v2.0.14...v2.0.15
 [2.0.15t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.15
 [2.0.14]: https://github.com/ruby-oauth/oauth2/compare/v2.0.13...v2.0.14
diff --git a/Gemfile.lock b/Gemfile.lock
index efa574d8..6cbdc7f5 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -13,7 +13,7 @@ GIT
 PATH
   remote: .
   specs:
-    oauth2 (2.0.15)
+    oauth2 (2.0.16)
       faraday (>= 0.17.3, < 4.0)
       jwt (>= 1.0, < 4.0)
       logger (~> 1.2)
diff --git a/README.md b/README.md
index 50ef403e..5f06cfa8 100644
--- a/README.md
+++ b/README.md
@@ -1615,7 +1615,7 @@ Thanks for RTFM. ☺️
 [📌gitmoji]:https://gitmoji.dev
 [📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.519-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.409-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 1a5f9800..4b450b6b 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 2e8db0f0..0959f022 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3070,7 +3070,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 7c1b8216..2811778b 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 4ab3fadb..e10bd0d2 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 8d552c44..03bf44dd 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 4f0e8f35..eefb4838 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index ebba80bb..7a84acda 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index ad798cd7..3fcf55e8 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 0a529183..887831eb 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
            Defined Under Namespace
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index f3677860..5d2e432c 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 972c4e66..a0372b1e 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 41ddc3ca..54f983c2 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 4908facc..a2309451 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 2a52b5c8..ebfff816 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 25bb5a64..002f5975 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index f433a10e..31e00a4b 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -95,7 +95,7 @@ 
            
         
            VERSION =
           
         
            
-        
            "2.0.15"
            
+        
            "2.0.16"
            
       
     
   
@@ -111,7 +111,7 @@ 
            
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 99fa4912..59056025 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -105,19 +105,25 @@ 
            File Listing
            
     
          • oauth2-2.0.14.gem
            • 
     
   
-    
          • oauth2-2.0.10.gem
            • 
+    
          • oauth2-2.0.15.gem
            • 
     
   
-    
          • oauth2-2.0.11.gem
            • 
+    
          • oauth2-2.0.10.gem
            • 
     
   
-    
          • oauth2-2.0.12.gem
            • 
+    
          • oauth2-2.0.11.gem
            • 
+    
+  
+    
          • oauth2-2.0.12.gem
            • 
     
   
-    
          • oauth2-2.0.13.gem
            • 
+    
          • oauth2-2.0.13.gem
            • 
+    
+  
+    
          • oauth2-2.0.14.gem
            • 
     
   
-    
          • oauth2-2.0.14.gem
            • 
+    
          • oauth2-2.0.15.gem
            • 
     
   
     
          • REEK
            • 
@@ -372,7 +378,7 @@ 
            Namespace Listing A-Z
            
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 4278f3f0..ba516ac9 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -68,7 +68,7 @@
 and yes, platform and engine support are part of the public API.
            
 Please file a bug if you notice a violation of semantic versioning.
            
 
-
            Unreleased
            
+
            Unreleased
            
 
            Added
            
 
            Changed
            
 
            Deprecated
            
@@ -76,6 +76,43 @@ 
            Removed
            
 
            Fixed
            
 
            Security
            
 
+
            
+2.0.16 - 2025-09-14
            
+
              
+  
            • TAG: v2.0.16
+
              • 
+  
            • COVERAGE: 96.33% – 394/409 lines in 14 files
              • 
+  
            • BRANCH COVERAGE: 86.49% – 64/74 branches in 14 files
              • 
+  
            • 90.48% documented
+    
              Added
              
+  
              • 
+  
            • 
+gh!680—E2E example using mock test server added in v2.0.11 by @pboling
+    
                
+      
              • mock-oauth2-server upgraded to v2.3.0
+        
                  
+          
                • https://github.com/navikt/mock-oauth2-server
                  • 
+        
                
+      
                • 
+      
              • docker compose -f docker-compose-ssl.yml up -d --wait
                • 
+      
              • ruby examples/e2e.rb
                • 
+      
              • docker compose -f docker-compose-ssl.yml down
                • 
+      
              • mock server readiness wait is 90s
                • 
+      
              • override via E2E_WAIT_TIMEOUT
                • 
+    
              
+  
              • 
+  
            • 
+gh!676, gh!679 - Apache SkyWalking Eyes dependency license check by @pboling
+    
              Changed
              
+  
              • 
+  
            • 
+gh!678 - Many improvements to make CI more resilient (past/future proof) by @pboling
              • 
+  
            • 
+gh!681 - Upgrade to kettle-dev v1.1.19
+    
              Security
              
+  
              • 
+
            
+
 
            
 2.0.15 - 2025-09-08
            
 
              
@@ -84,7 +121,7 @@ 
              
   
            • COVERAGE: 100.00% – 519/519 lines in 14 files
              • 
   
            • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
              • 
   
            • 90.48% documented
-    
              Added
              
+    
              Added
              
   
              • 
   
            • 
 gh!671 - Complete documentation example for Instagram by @pboling
              • 
@@ -99,7 +136,7 @@ 
              Added
              
 gh!670 - AccessToken: verb-dependent token transmission mode by @mrj
     
                
       
              • e.g., Instagram GET=:query, POST/DELETE=:header
-        
                Changed
                
+        
                Changed
                
       
                • 
     
              
   
@@ -109,7 +146,7 @@ 
              Fixed
              
   
   
            • Remove accidentally duplicated lines, and fix typos in CHANGELOG.md
              • 
   
            • point badge to the correct workflow for Ruby 2.3 (caboose.yml)
-    
              Security
              
+    
              Security
              
   
              • 
 
            
 
@@ -121,7 +158,7 @@ 
            
   
          • COVERAGE: 100.00% – 519/519 lines in 14 files
            • 
   
          • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
            • 
   
          • 90.48% documented
-    
            Added
            
+    
            Added
            
   
            • 
   
          • improved documentation by @pboling
            • 
   
          • 
@@ -161,7 +198,7 @@ 
            
   
          • COVERAGE: 100.00% – 519/519 lines in 14 files
            • 
   
          • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
            • 
   
          • 90.48% documented
-    
            Added
            
+    
            Added
            
   
            • 
   
          • 
 gh!656 - Support revocation with URL-encoded parameters
            • 
@@ -175,7 +212,7 @@ 
            Added
            
 gh!657 - Updated documentation for org-rename by @pboling
            • 
   
          • More funding links by @Aboling0
            • 
   
          • Documentation: Added docs/OIDC.md with OIDC 1.0 overview, example, and references
-    
            Changed
            
+    
            Changed
            
   
            • 
   
          • Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
            • 
   
          • 
@@ -184,7 +221,7 @@ 
            Fixed
            
   
            • 
   
          • 
 gh!660 - Links in README (including link to HEAD documentation) by @pboling
-    
            Security
            
+    
            Security
            
   
            • 
 
 
@@ -196,7 +233,7 @@ 
            
   
          • Line Coverage: 100.0% (520 / 520)
            • 
   
          • Branch Coverage: 100.0% (174 / 174)
            • 
   
          • 80.00% documented
-    
            Added
            
+    
            Added
            
   
            • 
   
          • 
 gh!652 - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
@@ -211,7 +248,7 @@ 
            Added
            
     
   
            • 
   
          • Documentation site @ https://oauth2.galtzo.com now complete
-    
            Changed
            
+    
            Changed
            
   
            • 
   
          • Updates to gemspec (email, funding url, post install message)
     
            Fixed
            
@@ -227,7 +264,7 @@ 
            
   
          • COVERAGE: 100.00% – 518/518 lines in 14 files
            • 
   
          • BRANCH COVERAGE: 100.00% – 172/172 branches in 14 files
            • 
   
          • 80.00% documented
-    
            Added
            
+    
            Added
            
   
            • 
   
          • 
 gh!651 - :snaky_hash_klass option (@pboling)
            • 
@@ -252,7 +289,7 @@ 
            Added
            
 gh!651 - Mock OAuth2 server for testing (@pboling)
     
              
       
            • https://github.com/navikt/mock-oauth2-server
-        
              Changed
              
+        
              Changed
              
       
              • 
     
            
   
            • 
@@ -278,7 +315,7 @@ 
            
   
          • COVERAGE: 100.00% – 518/518 lines in 14 files
            • 
   
          • BRANCH COVERAGE: 100.00% – 170/170 branches in 14 files
            • 
   
          • 79.05% documented
-    
            Added
            
+    
            Added
            
   
            • 
   
          • 
 gh!632 - Added funding.yml (@Aboling0)
            • 
@@ -321,7 +358,7 @@ 
            Added
            
 gh!644, gh!645 - Added CITATION.cff (@Aboling0)
   
          • 
 !648 - Improved documentation (@pboling)
-    
            Changed
            
+    
            Changed
            
   
            • 
   
          • Default value of OAuth2.config.silence_extra_tokens_warning was false, now true (@pboling)
            • 
   
          • Gem releases are now cryptographically signed, with a 20-year cert (@pboling)
@@ -371,10 +408,10 @@ 
            
 2.0.9 - 2022-09-16
            
 
              
   
            • TAG: v2.0.9
-    
              Added
              
+    
              Added
              
   
              • 
   
            • More specs (@pboling)
-    
              Changed
              
+    
              Changed
              
   
              • 
   
            • Complete migration to main branch as default (@pboling)
              • 
   
            • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
              • 
@@ -384,11 +421,11 @@ 
              
 2.0.8 - 2022-09-01
              
 
                
   
              • TAG: v2.0.8
-    
                Changed
                
+    
                Changed
                
   
                • 
   
              • 
 !630 - Extract snaky_hash to external dependency (@pboling)
-    
                Added
                
+    
                Added
                
   
                • 
   
              • 
 !631 - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes #628
@@ -399,7 +436,7 @@ 
                
 2.0.7 - 2022-08-22
                
 
                  
   
                • TAG: v2.0.7
-    
                  Added
                  
+    
                  Added
                  
   
                  • 
   
                • 
 !629 - Allow POST of JSON to get token (@pboling, @terracatta)
@@ -464,7 +501,7 @@ 
                  
 2.0.3 - 2022-06-28
                  
 
                    
   
                  • TAG: v2.0.3
-    
                    Added
                    
+    
                    Added
                    
   
                    • 
   
                  • 
 !611 - Proper deprecation warnings for extract_access_token argument (@pboling)
                    • 
@@ -496,7 +533,7 @@ 
                    
 2.0.1 - 2022-06-22
                    
 
                      
   
                    • TAG: v2.0.1
-    
                      Added
                      
+    
                      Added
                      
   
                      • 
   
                    • Documentation improvements (@pboling)
                      • 
   
                    • Increased test coverage to 99% (@pboling)
                      • 
@@ -506,7 +543,7 @@ 
                      
 2.0.0 - 2022-06-21
                      
 
                        
   
                      • TAG: v2.0.0
-    
                        Added
                        
+    
                        Added
                        
   
                        • 
   
                      • 
 !158, !344 - Optionally pass raw response to parsers (@niels)
                        • 
@@ -560,7 +597,7 @@ 
                        Added
                        
 !575 - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
   
                      • 
 !581 - Documentation: of breaking changes (@pboling)
-    
                        Changed
                        
+    
                        Changed
                        
   
                        • 
   
                      • 
 !191 - BREAKING: Token is expired if expired_at time is now (@davestevens)
                        • 
@@ -876,7 +913,7 @@ 
                        
 1.0.0 - 2014-07-09
                        
 
                          
   
                        • TAG: v1.0.0
-    
                          Added
                          
+    
                          Added
                          
   
                          • 
   
                        • Add an implementation of the MAC token spec.
     
                          Fixed
                          
@@ -888,7 +925,7 @@ 
                          
 0.5.0 - 2011-07-29
                          
 
                            
   
                          • TAG: v0.5.0
-    
                            Changed
                            
+    
                            Changed
                            
   
                            • 
   
                          • 
 breaking oauth_token renamed to oauth_bearer.
                            • 
@@ -1038,7 +1075,7 @@ 
                            
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 5ef04f4b..2daada60 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index d2fc3603..9fa48115 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                            Attribution
                            
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 9b453235..0ef50d99 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -308,7 +308,7 @@ 
                            Manual process
                            
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 560c0cc2..ee89d91e 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                            Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index ce620220..752c9ba5 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                            MIT License

                            Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                            Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                            Permission is hereby granted, free of charge, to any person obtaining a copy
                            of this software and associated documentation files (the "Software"), to deal
                            in the Software without restriction, including without limitation the rights
                            to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                            copies of the Software, and to permit persons to whom the Software is
                            furnished to do so, subject to the following conditions:

                            The above copyright notice and this permission notice shall be included in all
                            copies or substantial portions of the Software.

                            THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                            IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                            FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                            AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                            LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                            OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                            SOFTWARE.
                            
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 4b19c806..f7006e65 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
                            Raw OIDC with ruby-oauth/oauth2
                            
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 68a651dc..42db0a14 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -63,7 +63,7 @@ 
                            🔐 OAuth 2.0 Authorization Framewor
 
 
                            ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
                            
 
-
                            Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL
                            
+
                            [![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
                            
 
 
                            if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
                            
 
@@ -71,7 +71,7 @@ 
                            🔐 OAuth 2.0 Authorization Framewor
 
 
                            if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
                            
 
-
                            OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                            
+
                            [![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate at ko-fi.com][🖇kofi-img]][🖇kofi]
                            
 
 
                            🌻 Synopsis
                            
 
@@ -80,7 +80,7 @@ 
                            🌻 Synopsis
                            
     desktop applications, mobile phones, and living room devices.
                            
 This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications.
                            
 
-
                            Quick Example
                            
+
                            Quick Examples
                            
 
 
                            
   Convert the following `curl` command into a token request using this gem...
@@ -113,189 +113,146 @@ 
                            Quick Example
                            
 
 
                            
 
-
                            If it seems like you are in the wrong place, you might try one of these:
                            
-
-
-
-
                            💡 Info you can shake a stick at
                            
-
-
-  
-    
-      
-      
-    
-  
-  
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-  
-
                            Tokens to Remember
-Gem name Gem namespace
-
                            Works with JRuby
-JRuby 9.1 Compat JRuby 9.2 Compat JRuby 9.3 Compat 
                             JRuby 9.4 Compat JRuby 10.0 Compat JRuby HEAD Compat
-
                            Works with Truffle Ruby
-Truffle Ruby 22.3 Compat Truffle Ruby 23.0 Compat 
                             Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat
-
                            Works with MRI Ruby 3
-Ruby 3.0 Compat Ruby 3.1 Compat Ruby 3.2 Compat Ruby 3.3 Compat Ruby 3.4 Compat Ruby HEAD Compat
-
                            Works with MRI Ruby 2
-Ruby 2.2 Compat 
                             Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
-
                            Source
-Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
-
                            Documentation
-Discussion Current release on RubyDoc.info YARD on Galtzo.com Maintainer Blog Wiki
-
                            Compliance
-License: MIT 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
-
                            Style
-Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits Compatibility appraised by: appraisal2
-
                            Support
-Live Chat on Discord Get help from me on Upwork Get help from me on Codementor
-
                            Maintainer 🎖️
-Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact Maintainer My technical writing
-
                            
-... 💖
-Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
-
                            
-
-
                            Compatibility
                            
-
-
                              
-  
                            • Operating Systems: Linux, MacOS, Windows
                              • 
-  
                            • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
-    
                                
-      
                              • NOTE: This gem may still install and run on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                                • 
-    
                              
-  
                              • 
-  
                            • JRuby @ v9.4, v10.0, HEAD
-    
                                
-      
                              • NOTE: This gem may still install and run on JRuby v9.2 and v9.3, but they are EOL, builds are flaky, and GitHub Actions doesn’t have a proper allow-failures feature, and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                                • 
-    
                              
-  
                              • 
-  
                            • TruffleRuby @ v23.1, v24.1, HEAD
-    
                                
-      
                              • NOTE: This gem may still install and run on Truffleruby v22.3 and v23.0, but they are EOL, builds are flaky, and GitHub Actions doesn’t have a proper allow-failures feature, and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                                • 
-    
                              
-  
                              • 
-  
                            • gem faraday @ v0, v1, v2, HEAD ⏩️ lostisland/faraday
-
                              • 
-  
                            • gem jwt @ v1, v2, v3, HEAD ⏩️ jwt/ruby-jwt
-
                              • 
-  
                            • gem logger @ v1.2, v1.5, v1.7, HEAD ⏩️ ruby/logger
-
                              • 
-  
                            • gem multi_xml @ v0.5, v0.6, v0.7, HEAD ⏩️ sferik/multi_xml
-
                              • 
-  
                            • gem rack @ v1.2, v1.6, v2, v3, HEAD ⏩️ rack/rack
-
                              • 
-  
                            • gem snaky_hash @ v2, HEAD ⏩️ ruby-oauth/snaky_hash
-
                              • 
-  
                            • gem version_gem @ v1, HEAD ⏩️ ruby-oauth/version_gem
-
                              • 
-
                            
-
-
                            The last two were extracted from this gem. They are part of the ruby-oauth org,
                            
-and are developed in tight collaboration with this gem.
                            
-
-
                            Also, where reasonable, tested against the runtime dependencies of those dependencies:
                            
-
-
                              
-  
                            • gem hashie @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ hashie/hashie
-
                              • 
-
                            
+
                            
+Complete E2E single file script against [navikt/mock-oauth2-server](https://github.com/navikt/mock-oauth2-server)
 
-
                            Upgrading Runtime Gem Dependencies
                            
+- E2E example using the mock test server added in v2.0.11
 
-
                            This project sits underneath a large portion of the authorization systems on the internet.
                            
-According to GitHub’s project tracking, which I believe only reports on public projects,
                            
-100,000+ projects, and
                            
-500+ packages depend on this project.
                            
+```console
+docker compose -f docker-compose-ssl.yml up -d --wait
+ruby examples/e2e.rb
+# If your machine is slow or Docker pulls are cold, increase the wait:
+E2E_WAIT_TIMEOUT=120 ruby examples/e2e.rb
+# The mock server serves HTTP on 8080; the example points to http://localhost:8080 by default.
+```
 
-
                            That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
                            
+The output should be something like this:
 
-
                            As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
                            
-leading versions per each minor version of Ruby of all the runtime dependencies it can install with.
                            
+```console
+➜  ruby examples/e2e.rb
+Access token (truncated): eyJraWQiOiJkZWZhdWx0...
+userinfo status: 200
+userinfo body: => "demo-sub", "aud" => ["demo-aud"], "nbf" => 1757816758000, "iss" => "http://localhost:8080/default", "exp" => 1757820358000, "iat" => 1757816758000, "jti" => "d63b97a7-ebe5-4dea-93e6-d542caba6104"
+E2E complete
+```
 
-
                            What does that mean specifically for the runtime dependencies?
                            
+Make sure to shut down the mock server when you are done:
 
-
                            We have 100% test coverage of lines and branches, and this test suite runs across a very large matrix.
                            
-It wouldn’t be possible without appraisal2.
                            
+```console
+docker compose -f docker-compose-ssl.yml down
+```
 
-
-  
-    
-      
-      
-    
-  
-  
-    
-      
-      
-    
-  
-
                            🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎 and the color 💚 green 💚
                            👟 Check it out!github.com/appraisal-rb/appraisal2
                            
+Troubleshooting: validate connectivity to the mock server
+
+- Check container status and port mapping:
+    - docker compose -f docker-compose-ssl.yml ps
+- From the host, try the discovery URL directly (this is what the example uses by default):
+    - curl -v http://localhost:8080/default/.well-known/openid-configuration
+    - If that fails immediately, also try: curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration
+- From inside the container (to distinguish container vs host networking):
+    - docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration
+- Simple TCP probe from the host:
+    - nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'
+- Inspect which host port 8080 is bound to (should be 8080):
+    - docker inspect -f '(index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }' oauth2-mock-oauth2-server-1
+- Look at server logs for readiness/errors:
+    - docker logs -n 200 oauth2-mock-oauth2-server-1
+- On Linux, ensure nothing else is bound to 8080 and that firewall/SELinux aren’t blocking:
+    - ss -ltnp | grep :8080
+
+Notes
+- Discovery URL pattern is: http://localhost:8080//.well-known/openid-configuration, where  defaults to "default".
+- You can change these with env vars when running the example:
+    - E2E_ISSUER_BASE (default: http://localhost:8080)
+    - E2E_REALM (default: default)
+
+</details>
+
+If it seems like you are in the wrong place, you might try one of these:
+
+* [OAuth 2.0 Spec][oauth2-spec]
+* [doorkeeper gem][doorkeeper-gem] for OAuth 2.0 server/provider implementation.
+* [oauth sibling gem][sibling-gem] for OAuth 1.0a implementations in Ruby.
+
+[oauth2-spec]: https://oauth.net/2/
+[sibling-gem]: https://gitlab.com/ruby-oauth/oauth
+[doorkeeper-gem]: https://github.com/doorkeeper-gem/doorkeeper
+
+## 💡 Info you can shake a stick at
+
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                          |
+|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                          |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                            |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                         |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                              |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                       |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                         |
+| Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                            |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                  |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                      |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                   |
+
+### Compatibility
+
+* Operating Systems: Linux, MacOS, Windows
+* MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
+    * NOTE: This gem may still _install_ and _run_ on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
+* JRuby @ v9.4, v10.0, HEAD
+    * NOTE: This gem may still _install_ and _run_ on JRuby v9.2 and v9.3, but they are EOL, builds are flaky, and GitHub Actions [doesn't have][GHA-continue-on-error-ui] a proper [`allow-failures` feature][GHA-allow-failure], and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
+* TruffleRuby @ v23.1, v24.1, HEAD
+    * NOTE: This gem may still _install_ and _run_ on Truffleruby v22.3 and v23.0, but they are EOL, builds are flaky, and GitHub Actions [doesn't have][GHA-continue-on-error-ui] a proper [`allow-failures` feature][GHA-allow-failure], and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
+* gem `faraday` @ v0, v1, v2, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
+* gem `jwt` @ v1, v2, v3, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt)
+* gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [ruby/logger](https://github.com/ruby/logger)
+* gem `multi_xml` @ v0.5, v0.6, v0.7, HEAD ⏩️ [sferik/multi_xml](https://github.com/sferik/multi_xml)
+* gem `rack` @ v1.2, v1.6, v2, v3, HEAD ⏩️ [rack/rack](https://github.com/rack/rack)
+* gem `snaky_hash` @ v2, HEAD ⏩️ [ruby-oauth/snaky_hash](https://gitlab.com/ruby-oauth/snaky_hash)
+* gem `version_gem` @ v1, HEAD ⏩️ [ruby-oauth/version_gem](https://gitlab.com/ruby-oauth/version_gem)
+
+The last two were extracted from this gem. They are part of the `ruby-oauth` org,
+and are developed in tight collaboration with this gem.
+
+Also, where reasonable, tested against the runtime dependencies of those dependencies:
+
+* gem `hashie` @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ [hashie/hashie](https://github.com/hashie/hashie)
+
+[GHA-continue-on-error-ui]: https://github.com/actions/runner/issues/2347#issuecomment-2653479732
+[GHA-allow-failure]: https://github.com/orgs/community/discussions/15452
+
+#### Upgrading Runtime Gem Dependencies
+
+This project sits underneath a large portion of the authorization systems on the internet.
+According to GitHub's project tracking, which I believe only reports on public projects,
+[100,000+ projects](https://github.com/ruby-oauth/oauth2/network/dependents), and
+[500+ packages](https://github.com/ruby-oauth/oauth2/network/dependents?dependent_type=PACKAGE) depend on this project.
+
+That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
+
+As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
+leading versions per each minor version of Ruby of all the runtime dependencies it can install with.
+
+What does that mean specifically for the runtime dependencies?
+
+We have 100% test coverage of lines and branches, and this test suite runs across a very large matrix.
+It wouldn't be possible without appraisal2.
+
+| 🚚 _Amazing_ test matrix was brought to you by | 🔎 appraisal2 🔎 and the color 💚 green 💚             |
+|------------------------------------------------|--------------------------------------------------------|
+| 👟 Check it out!                               | ✨ [github.com/appraisal-rb/appraisal2][💎appraisal2] ✨ |
+
+#### You should upgrade this gem with confidence\*.
+
+- This gem follows a _strict & correct_ (according to the maintainer of SemVer; [more info][sv-pub-api]) interpretation of SemVer.
+    - Dropping support for **any** of the runtime dependency versions above will be a major version bump.
+    - If you aren't on one of the minor versions above, make getting there a priority.
+- You should upgrade the dependencies of this gem with confidence\*.
+- Please do upgrade, and then, when it goes smooth as butter [please sponsor me][🖇sponsor].  Thanks!
+
+[sv-pub-api]: #-versioning
 
-
                            You should upgrade this gem with confidence*.
                            
-
-
                              
-  
                            • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer.
-    
                                
-      
                              • Dropping support for any of the runtime dependency versions above will be a major version bump.
                                • 
-      
                              • If you aren’t on one of the minor versions above, make getting there a priority.
                                • 
-    
                              
-  
                              • 
-  
                            • You should upgrade the dependencies of this gem with confidence*.
                              • 
-  
                            • Please do upgrade, and then, when it goes smooth as butter please sponsor me.  Thanks!
                              • 
-
                            
-
-
                            * MIT license; The only guarantees I make are for enterprise support.
                            
+\* MIT license; The only guarantees I make are for [enterprise support](#enterprise-support).
 
 
                            
   Standard Library Dependencies
@@ -312,7 +269,7 @@ 
                            You should upgrade this gem
 
 
                            
 
-
                            Federated DVCS
                            
+### Federated DVCS
 
 
                            
   Find this repo on other forges
@@ -327,10 +284,11 @@ 
                            Federated DVCS
                            
 
 
                            
 
-
                            Enterprise Support Tidelift
-
                            
+[gh-discussions]: https://github.com/ruby-oauth/oauth2/discussions
+
+### Enterprise Support [![Tidelift](https://tidelift.com/badges/package/rubygems/oauth2)](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=readme)
 
-
                            Available as part of the Tidelift Subscription.
                            
+Available as part of the Tidelift Subscription.
 
 
                            
   Need enterprise-level guarantees?
@@ -351,9 +309,9 @@ 
                            Enterprise Support 🚀 Release Documentation
                            
+## 🚀 Release Documentation
 
-
                            Version 2.0.x
                            
+### Version 2.0.x
 
 
                            
   2.0.x CHANGELOG and README
@@ -377,7 +335,37 @@ 
                            Version 2.0.x
                            
 
 
                            
 
-
                            Older Releases
                            
+[2.0.13-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2013---2025-08-30
+[2.0.12-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2012---2025-05-31
+[2.0.11-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2011---2025-05-23
+[2.0.10-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2010---2025-05-17
+[2.0.9-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#209---2022-09-16
+[2.0.8-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#208---2022-09-01
+[2.0.7-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#207---2022-08-22
+[2.0.6-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#206---2022-07-13
+[2.0.5-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#205---2022-07-07
+[2.0.4-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#204---2022-07-01
+[2.0.3-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#203---2022-06-28
+[2.0.2-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#202---2022-06-24
+[2.0.1-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#201---2022-06-22
+[2.0.0-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#200---2022-06-21
+
+[2.0.13-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.13/README.md
+[2.0.12-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.12/README.md
+[2.0.11-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.11/README.md
+[2.0.10-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.10/README.md
+[2.0.9-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.9/README.md
+[2.0.8-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.8/README.md
+[2.0.7-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.7/README.md
+[2.0.6-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.6/README.md
+[2.0.5-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.5/README.md
+[2.0.4-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.4/README.md
+[2.0.3-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.3/README.md
+[2.0.2-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.2/README.md
+[2.0.1-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.1/README.md
+[2.0.0-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.0/README.md
+
+### Older Releases
 
 
                            
   1.4.x CHANGELOGs and READMEs
@@ -398,6 +386,32 @@ 
                            Older Releases
                            
 | 1.4.0   | Jun 9, 2017  | [v1.4.0 CHANGELOG][1.4.0-changelog]   | [v1.4.0 README][1.4.0-readme]   |
 
                            
 
+[1.4.11-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#1411---2022-09-16
+[1.4.10-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#1410---2022-07-01
+[1.4.9-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#149---2022-02-20
+[1.4.8-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#148---2022-02-18
+[1.4.7-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#147---2021-03-19
+[1.4.6-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#146---2021-03-19
+[1.4.5-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#145---2021-03-18
+[1.4.4-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#144---2020-02-12
+[1.4.3-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#143---2020-01-29
+[1.4.2-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#142---2019-10-01
+[1.4.1-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#141---2018-10-13
+[1.4.0-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#140---2017-06-09
+
+[1.4.11-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.11/README.md
+[1.4.10-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.10/README.md
+[1.4.9-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.9/README.md
+[1.4.8-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.8/README.md
+[1.4.7-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.7/README.md
+[1.4.6-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.6/README.md
+[1.4.5-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.5/README.md
+[1.4.4-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.4/README.md
+[1.4.3-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.3/README.md
+[1.4.2-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.2/README.md
+[1.4.1-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.1/README.md
+[1.4.0-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.0/README.md
+
 
                            
   1.3.x Readmes
 
@@ -420,19 +434,21 @@ 
                            Older Releases
                            
 
 
                            
 
-
                            ✨ Installation
                            
+## ✨ Installation
 
-
                            Install the gem and add to the application’s Gemfile by executing:
                            
+Install the gem and add to the application's Gemfile by executing:
 
-
                            bundle add oauth2
-
                            
+```console
+bundle add oauth2
+```
 
-
                            If bundler is not being used to manage dependencies, install the gem by executing:
                            
+If bundler is not being used to manage dependencies, install the gem by executing:
 
-
                            gem install oauth2
-
                            
+```console
+gem install oauth2
+```
 
-
                            🔒 Secure Installation
                            
+### 🔒 Secure Installation
 
 
                            
   For Medium or High Security Installations
@@ -467,58 +483,38 @@ 
                            🔒 Secure Installation
                            
 
 
                            
 
-
                            What is new for v2.0?
                            
-
-                            
-
-
                            Compatibility
                            
-
-
                            Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
                            
-Compatibility is further distinguished as “Best Effort Support” or “Incidental Support” for older versions of Ruby.
                            
-This gem will install on Ruby versions >= v2.2 for 2.x releases.
                            
-See 1-4-stable branch for older rubies.
                            
+## What is new for v2.0?
+
+- Works with Ruby versions >= 2.2
+- Drop support for the expired MAC Draft (all versions)
+- Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
+    - Support JWT `kid` for key discovery and management
+- Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
+- Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
+- Support IETF rfc6749 Don't set oauth params when nil (since v2.0.0)
+- Support IETF rfc7009 Token Revocation (since v2.0.10, updated in v2.0.13 to support revocation via URL-encoded parameters)
+- Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523)
+- Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json`
+- Adds option to `OAuth2::Client#get_token`:
+    - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token`
+- Adds option to `OAuth2::AccessToken#initialize`:
+    - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency
+- By default, keys are transformed to snake case.
+    - Original keys will still work as previously, in most scenarios, thanks to [snaky_hash][snaky_hash] gem.
+    - However, this is a _breaking_ change if you rely on `response.parsed.to_h` to retain the original case, and the original wasn't snake case, as the keys in the result will be snake case.
+    - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
+- By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`)
+    - Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
+- [... A lot more](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md#200-2022-06-21-tag)
+
+[snaky_hash]: https://gitlab.com/ruby-oauth/snaky_hash
+
+## Compatibility
+
+Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
+Compatibility is further distinguished as "Best Effort Support" or "Incidental Support" for older versions of Ruby.
+This gem will install on Ruby versions >= v2.2 for 2.x releases.
+See `1-4-stable` branch for older rubies.
 
 
                            
   Ruby Engine Compatibility Policy
@@ -547,171 +543,144 @@ 
                            Compatibility
                            
 of a major release, support for that Ruby version may be dropped.
 
                            
 
-
-  
-    
-      
-      
-      
-      
-      
-      
-    
-  
-  
-    
-      
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-      
-    
-  
-
                             Ruby OAuth2 VersionMaintenance BranchTargeted SupportBest Effort SupportIncidental Support
                            1️⃣2.0.xmain3.2, 3.3, 3.42.5, 2.6, 2.7, 3.0, 3.12.2, 2.3, 2.4
                            2️⃣1.4.x1-4-stable3.2, 3.3, 3.42.5, 2.6, 2.7, 3.0, 3.11.9, 2.0, 2.1, 2.2, 2.3, 2.4
                            3️⃣olderN/ABest of luck to you!Please upgrade! 
                            
-
-
                            NOTE: The 1.4 series will only receive critical security updates.
                            
-See SECURITY.md.
                            
-
-
                            ⚙️ Configuration
                            
-
-
                            You can turn on additional warnings.
                            
-
-
                            OAuth2.configure do |config|
+|     | Ruby OAuth2 Version | Maintenance Branch | Targeted Support     | Best Effort Support     | Incidental Support           |
+|:----|---------------------|--------------------|----------------------|-------------------------|------------------------------|
+| 1️⃣ | 2.0.x               | `main`             | 3.2, 3.3, 3.4        | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.2, 2.3, 2.4                |
+| 2️⃣ | 1.4.x               | `1-4-stable`       | 3.2, 3.3, 3.4        | 2.5, 2.6, 2.7, 3.0, 3.1 | 1.9, 2.0, 2.1, 2.2, 2.3, 2.4 |
+| 3️⃣ | older               | N/A                | Best of luck to you! | Please upgrade!         |                              |
+
+NOTE: The 1.4 series will only receive critical security updates.
+See [SECURITY.md][🔐security].
+
+## ⚙️ Configuration
+
+You can turn on additional warnings.
+
+```ruby
+OAuth2.configure do |config|
   # Turn on a warning like:
-  #   OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key
+  #   OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key
   config.silence_extra_tokens_warning = false # default: true
   # Set to true if you want to also show warnings about no tokens
   config.silence_no_tokens_warning = false # default: true,
 end
-
                            
+```
 
-
                            The “extra tokens” problem comes from ambiguity in the spec about which token is the right token.
                            
-Some OAuth 2.0 standards legitimately have multiple tokens.
                            
-You may need to subclass OAuth2::AccessToken, or write your own custom alternative to it, and pass it in.
                            
-Specify your custom class with the access_token_class option.
                            
+The "extra tokens" problem comes from ambiguity in the spec about which token is the right token.
+Some OAuth 2.0 standards legitimately have multiple tokens.
+You may need to subclass `OAuth2::AccessToken`, or write your own custom alternative to it, and pass it in.
+Specify your custom class with the `access_token_class` option.
 
-
                            If you only need one token you can, as of v2.0.10,
                            
-specify the exact token name you want to extract via the OAuth2::AccessToken using
                            
-the token_name option.
                            
+If you only need one token you can, as of v2.0.10,
+specify the exact token name you want to extract via the `OAuth2::AccessToken` using
+the `token_name` option.
 
-
                            You’ll likely need to do some source diving.
                            
-This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
                            
-If you have time and energy please contribute to the documentation!
                            
+You'll likely need to do some source diving.
+This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
+If you have time and energy please contribute to the documentation!
 
-
                            🔧 Basic Usage
                            
+## 🔧 Basic Usage
 
-
                            
-authorize_url and token_url are on site root (Just Works!)
                            
+### `authorize_url` and `token_url` are on site root (Just Works!)
 
-
                            require "oauth2"
-client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org")
-# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
-client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
-# => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+```ruby
+require "oauth2"
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/")
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth2/callback")
+# => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
 
-access = client.auth_code.get_token("authorization_code_value", redirect_uri: "http://localhost:8080/oauth2/callback", headers: {"Authorization" => "Basic some_password"})
-response = access.get("/api/resource", params: {"query_foo" => "bar"})
+access = client.auth_code.get_token("authorization_code_value", redirect_uri: "http://localhost:8080/oauth2/callback", headers: => "Basic some_password")
+response = access.get("/api/resource", params: => "bar")
 response.class.name
 # => OAuth2::Response
-
                            
+```
 
-
                            Relative authorize_url and token_url (Not on site root, Just Works!)
                            
+### Relative `authorize_url` and `token_url` (Not on site root, Just Works!)
 
-
                            In above example, the default Authorization URL is oauth/authorize and default Access Token URL is oauth/token, and, as they are missing a leading /, both are relative.
                            
+In above example, the default Authorization URL is `oauth/authorize` and default Access Token URL is `oauth/token`, and, as they are missing a leading `/`, both are relative.
 
-
                            client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
-# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
-client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
-# => "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
-
                            
+```ruby
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth2/callback")
+# => "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+```
 
-
                            Customize authorize_url and token_url
-
                            
+### Customize `authorize_url` and `token_url`
 
-
                            You can specify custom URLs for authorization and access token, and when using a leading / they will not be relative, as shown below:
                            
+You can specify custom URLs for authorization and access token, and when using a leading `/` they will _not be relative_, as shown below:
 
-
                            client = OAuth2::Client.new(
-  "client_id",
-  "client_secret",
-  site: "https://example.org/nested/directory/on/your/server",
-  authorize_url: "/jaunty/authorize/",
-  token_url: "/stirrups/access_token",
+```ruby
+client = OAuth2::Client.new(
+  "client_id",
+  "client_secret",
+  site: "https://example.org/nested/directory/on/your/server",
+  authorize_url: "/jaunty/authorize/",
+  token_url: "/stirrups/access_token",
 )
-# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
-client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
-# => "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth2/callback")
+# => "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
 client.class.name
 # => OAuth2::Client
-
                            
+```
 
-
                            snake_case and indifferent access in Response#parsed
                            
+### snake_case and indifferent access in Response#parsed
 
-
                            response = access.get("/api/resource", params: {"query_foo" => "bar"})
+```ruby
+response = access.get("/api/resource", params: => "bar")
 # Even if the actual response is CamelCase. it will be made available as snaky:
-JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
-response.parsed                   # => {"access_token"=>"aaaaaaaa", "additional_data"=>"additional"}
-response.parsed.access_token      # => "aaaaaaaa"
-response.parsed[:access_token]    # => "aaaaaaaa"
-response.parsed.additional_data   # => "additional"
-response.parsed[:additional_data] # => "additional"
+JSON.parse(response.body)         # => "additionalData"=>"additional"
+response.parsed                   # => "additional_data"=>"additional"
+response.parsed.access_token      # => "aaaaaaaa"
+response.parsed[:access_token]    # => "aaaaaaaa"
+response.parsed.additional_data   # => "additional"
+response.parsed[:additional_data] # => "additional"
 response.parsed.class.name        # => SnakyHash::StringKeyed (from snaky_hash gem)
-
                            
+```
 
-
                            Serialization
                            
+#### Serialization
 
-
                            As of v2.0.11, if you need to serialize the parsed result, you can!
                            
+As of v2.0.11, if you need to serialize the parsed result, you can!
 
-
                            There are two ways to do this, globally, or discretely.  The discrete way is recommended.
                            
+There are two ways to do this, globally, or discretely.  The discrete way is recommended.
 
-
                            Global Serialization Config
                            
+##### Global Serialization Config
 
-
                            Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails).
                            
+Globally configure `SnakyHash::StringKeyed` to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails).
 
-
                            SnakyHash::StringKeyed.class_eval do
+```ruby
+SnakyHash::StringKeyed.class_eval do
   extend SnakyHash::Serializer
 end
-
                            
+```
 
-
                            Discrete Serialization Config
                            
+##### Discrete Serialization Config
 
-
                            Discretely configure a custom Snaky Hash class to use the serializer.
                            
+Discretely configure a custom Snaky Hash class to use the serializer.
 
-
                            class MySnakyHash < SnakyHash::StringKeyed
+```ruby
+class MySnakyHash < SnakyHash::StringKeyed
   # Give this hash class `dump` and `load` abilities!
   extend SnakyHash::Serializer
 end
 
 # And tell your client to use the custom class in each call:
-client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
-token = client.get_token({snaky_hash_klass: MySnakyHash})
-
                            
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
+token = client.get_token(MySnakyHash)
+```
 
-
                            Serialization Extensions
                            
+##### Serialization Extensions
 
-
                            These extensions work regardless of whether you used the global or discrete config above.
                            
+These extensions work regardless of whether you used the global or discrete config above.
 
-
                            There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
                            
-They are likely not needed if you are on a newer Ruby.
                            
-See response_spec.rb if you need to study the hacks for older Rubies.
                            
+There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
+They are likely not needed if you are on a newer Ruby.
+See [response_spec.rb](https://github.com/ruby-oauth/oauth2/blob/main/spec/oauth2/response_spec.rb) if you need to study the hacks for older Rubies.
 
-
                            class MySnakyHash < SnakyHash::StringKeyed
+```ruby
+class MySnakyHash < SnakyHash::StringKeyed
   # Give this hash class `dump` and `load` abilities!
   extend SnakyHash::Serializer
 
@@ -721,14 +690,14 @@ 
                            Serialization Extensions
                            
   # In other words, this retains nested hashes, and only the deepest leaf nodes become bananas.
   # WARNING: This is a silly example!
   dump_value_extensions.add(:to_fruit) do |value|
-    "banana" # => Make values "banana" on dump
+    "banana" # => Make values "banana" on dump
   end
 
   # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
   # In other words, this retains nested hashes, and only the deepest leaf nodes become ***.
   # WARNING: This is a silly example!
   load_value_extensions.add(:to_stars) do |value|
-    "***" # Turn dumped bananas into *** when they are loaded
+    "***" # Turn dumped bananas into *** when they are loaded
   end
 
   # Act on the entire hash as it is prepared for dumping to JSON
@@ -736,9 +705,9 @@ 
                            Serialization Extensions
                            
   dump_hash_extensions.add(:to_cheese) do |value|
     if value.is_a?(Hash)
       value.transform_keys do |key|
-        split = key.split("_")
+        split = key.split("_")
         first_word = split[0]
-        key.sub(first_word, "cheese")
+        key.sub(first_word, "cheese")
       end
     else
       value
@@ -751,9 +720,9 @@ 
                            Serialization Extensions
                            
     if value.is_a?(Hash)
       res = klass.new
       value.keys.each_with_object(res) do |key, result|
-        split = key.split("_")
+        split = key.split("_")
         last_word = split[-1]
-        new_key = key.sub(last_word, "pizza")
+        new_key = key.sub(last_word, "pizza")
         result[new_key] = value[key]
       end
       res
@@ -762,19 +731,20 @@ 
                            Serialization Extensions
                            
     end
   end
 end
-
                            
+```
 
-
                            See response_spec.rb, or the ruby-oauth/snaky_hash gem for more ideas.
                            
+See [response_spec.rb](https://github.com/ruby-oauth/oauth2/blob/main/spec/oauth2/response_spec.rb), or the [ruby-oauth/snaky_hash](https://gitlab.com/ruby-oauth/snaky_hash) gem for more ideas.
 
-
                            Prefer camelCase over snake_case? => snaky: false
                            
+#### Prefer camelCase over snake_case? => snaky: false
 
-
                            response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
-JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
-response.parsed                   # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
-response.parsed["accessToken"]    # => "aaaaaaaa"
-response.parsed["additionalData"] # => "additional"
+```ruby
+response = access.get("/api/resource", params: => "bar", snaky: false)
+JSON.parse(response.body)         # => "additionalData"=>"additional"
+response.parsed                   # => "additionalData"=>"additional"
+response.parsed["accessToken"]    # => "aaaaaaaa"
+response.parsed["additionalData"] # => "additional"
 response.parsed.class.name        # => Hash (just, regular old Hash)
-
                            
+```
 
 
                            
   Debugging & Logging
@@ -800,211 +770,159 @@ 
                            Prefer camelCase over sna
 ```
 
                            
 
-
                            OAuth2::Response
                            
-
-
                            The AccessToken methods #get, #post, #put and #delete and the generic #request
                            
-will return an instance of the #OAuth2::Response class.
                            
-
-
                            This instance contains a #parsed method that will parse the response body and
                            
-return a Hash-like SnakyHash::StringKeyed if the Content-Type is application/x-www-form-urlencoded or if
                            
-the body is a JSON object.  It will return an Array if the body is a JSON
                            
-array.  Otherwise, it will return the original body string.
                            
-
-
                            The original response body, headers, and status can be accessed via their
                            
-respective methods.
                            
-
-
                            OAuth2::AccessToken
                            
-
-
                            If you have an existing Access Token for a user, you can initialize an instance
                            
-using various class methods including the standard new, from_hash (if you have
                            
-a hash of the values), or from_kvform (if you have an
                            
-application/x-www-form-urlencoded encoded string of the values).
                            
-
-
                            Options (since v2.0.x unless noted):
                            
-
                              
-  
                            • 
-    
-      
-        
-          
-          
-        
-      
-    
                              expires_latency (Integernil): Seconds to subtract from expires_in when computing #expired? to offset latency.
                              
-  
                              • 
-  
                            • 
-    
-      
-        
-          
-          
-          
-        
-      
-    
                              token_name (StringSymbolnil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
                              
-  
                              • 
-  
                            • 
-    
-      
-        
-          
-          
-          
-        
-      
-    
                              mode (SymbolProcHash): Controls how the token is transmitted on requests made via this AccessToken instance.
                              
-    
                                
-      
                              • :header — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
-
                                • 
-      
                              • :query — Send as access_token query parameter (discouraged in general, but required by some providers).
                                • 
-      
                              • Verb-dependent (since v2.0.15): Provide either:
-        
                                  
-          
                                • 
-            
-              
-                
-                  
-                  
-                  
-                
-              
-            
                                  a Proc takingverband returning :header or :query, or
                                  
-          
                                  • 
-          
                                • a Hash with verb symbols as keys, for example: :query, post: :header, delete: :header.
                                  • 
-        
                                
-      
                                • 
-    
                              
-  
                              • 
-
                            
-
-
                            Note: Verb-dependent mode was added in v2.0.15 to support providers like Instagram that require query mode for GET and header mode for POST/DELETE.
                            
-
-
                            OAuth2::Error
                            
-
-
                            On 400+ status code responses, an OAuth2::Error will be raised.  If it is a
                            
-standard OAuth2 error response, the body will be parsed and #code and #description will contain the values provided from the error and
                            
-error_description parameters.  The #response property of OAuth2::Error will
                            
-always contain the OAuth2::Response instance.
                            
-
-
                            If you do not want an error to be raised, you may use :raise_errors => false
                            
-option on initialization of the client.  In this case the OAuth2::Response
                            
-instance will be returned as usual and on 400+ status code responses, the
                            
-Response instance will contain the OAuth2::Error instance.
                            
-
-
                            Authorization Grants
                            
-
-
                            Note on OAuth 2.1 (draft):
                            
-
                              
-  
                            • PKCE is required for all OAuth clients using the authorization code flow (especially public clients). Implement PKCE in your app when required by your provider. See RFC 7636 and RFC 8252.
                              • 
-  
                            • Redirect URIs must be compared using exact string matching by the Authorization Server.
                              • 
-  
                            • The Implicit grant (response_type=token) and the Resource Owner Password Credentials grant are omitted from OAuth 2.1; they remain here for OAuth 2.0 compatibility but should be avoided for new apps.
                              • 
-  
                            • Bearer tokens in the query string are omitted due to security risks; prefer Authorization header usage.
                              • 
-  
                            • Refresh tokens for public clients must either be sender-constrained (e.g., DPoP/MTLS) or one-time use.
                              • 
-  
                            • The definitions of public and confidential clients are simplified to refer only to whether the client has credentials.
                              • 
-
                            
-
-
                            References:
                            
-
                              
-  
                            • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
                              • 
-  
                            • Aaron Parecki: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
                              • 
-  
                            • FusionAuth: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
                              • 
-  
                            • Okta: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
                              • 
-  
                            • Video: https://www.youtube.com/watch?v=g_aVPdwBTfw
                              • 
-  
                            • Differences overview: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
                              • 
-
                            
-
-
                            Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
                            
-authentication grant types have helper strategy classes that simplify client
                            
-use. They are available via the #auth_code,
                            
-#implicit,
                            
-#password,
                            
-#client_credentials, and
                            
-#assertion methods respectively.
                            
-
-
                            These aren’t full examples, but demonstrative of the differences between usage for each strategy.
                            
-
                            auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth/callback")
-access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback")
+### OAuth2::Response
+
+The `AccessToken` methods `#get`, `#post`, `#put` and `#delete` and the generic `#request`
+will return an instance of the #OAuth2::Response class.
+
+This instance contains a `#parsed` method that will parse the response body and
+return a Hash-like [`SnakyHash::StringKeyed`](https://gitlab.com/ruby-oauth/snaky_hash/-/blob/main/lib/snaky_hash/string_keyed.rb) if the `Content-Type` is `application/x-www-form-urlencoded` or if
+the body is a JSON object.  It will return an Array if the body is a JSON
+array.  Otherwise, it will return the original body string.
+
+The original response body, headers, and status can be accessed via their
+respective methods.
+
+### OAuth2::AccessToken
+
+If you have an existing Access Token for a user, you can initialize an instance
+using various class methods including the standard new, `from_hash` (if you have
+a hash of the values), or `from_kvform` (if you have an
+`application/x-www-form-urlencoded` encoded string of the values).
+
+Options (since v2.0.x unless noted):
+- expires_latency (Integer | nil): Seconds to subtract from expires_in when computing #expired? to offset latency.
+- token_name (String | Symbol | nil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
+- mode (Symbol | Proc | Hash): Controls how the token is transmitted on requests made via this AccessToken instance.
+  - :header — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
+  - :query — Send as access_token query parameter (discouraged in general, but required by some providers).
+  - Verb-dependent (since v2.0.15): Provide either:
+    - a Proc taking |verb| and returning :header or :query, or
+    - a Hash with verb symbols as keys, for example: :query, post: :header, delete: :header.
+
+Note: Verb-dependent mode was added in v2.0.15 to support providers like Instagram that require query mode for GET and header mode for POST/DELETE.
+
+### OAuth2::Error
+
+On 400+ status code responses, an `OAuth2::Error` will be raised.  If it is a
+standard OAuth2 error response, the body will be parsed and `#code` and `#description` will contain the values provided from the error and
+`error_description` parameters.  The `#response` property of `OAuth2::Error` will
+always contain the `OAuth2::Response` instance.
+
+If you do not want an error to be raised, you may use `:raise_errors => false`
+option on initialization of the client.  In this case the `OAuth2::Response`
+instance will be returned as usual and on 400+ status code responses, the
+Response instance will contain the `OAuth2::Error` instance.
+
+### Authorization Grants
+
+Note on OAuth 2.1 (draft):
+- PKCE is required for all OAuth clients using the authorization code flow (especially public clients). Implement PKCE in your app when required by your provider. See RFC 7636 and RFC 8252.
+- Redirect URIs must be compared using exact string matching by the Authorization Server.
+- The Implicit grant (response_type=token) and the Resource Owner Password Credentials grant are omitted from OAuth 2.1; they remain here for OAuth 2.0 compatibility but should be avoided for new apps.
+- Bearer tokens in the query string are omitted due to security risks; prefer Authorization header usage.
+- Refresh tokens for public clients must either be sender-constrained (e.g., DPoP/MTLS) or one-time use.
+- The definitions of public and confidential clients are simplified to refer only to whether the client has credentials.
+
+References:
+- OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
+- Aaron Parecki: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
+- FusionAuth: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
+- Okta: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
+- Video: https://www.youtube.com/watch?v=g_aVPdwBTfw
+- Differences overview: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
+
+Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
+authentication grant types have helper strategy classes that simplify client
+use. They are available via the [`#auth_code`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/auth_code.rb),
+[`#implicit`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/implicit.rb),
+[`#password`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/password.rb),
+[`#client_credentials`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/client_credentials.rb), and
+[`#assertion`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/assertion.rb) methods respectively.
+
+These aren't full examples, but demonstrative of the differences between usage for each strategy.
+```ruby
+auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth/callback")
+access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback")
 
-auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth/callback")
+auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth/callback")
 # get the token params in the callback and
 access = OAuth2::AccessToken.from_kvform(client, query_string)
 
-access = client.password.get_token("username", "password")
+access = client.password.get_token("username", "password")
 
 access = client.client_credentials.get_token
 
 # Client Assertion Strategy
 # see: https://tools.ietf.org/html/rfc7523
 claimset = {
-  iss: "http://localhost:3001",
-  aud: "http://localhost:8080/oauth2/token",
-  sub: "me@example.com",
+  iss: "http://localhost:3001/",
+  aud: "http://localhost:8080/oauth2/token",
+  sub: "me@example.com",
   exp: Time.now.utc.to_i + 3600,
 }
-assertion_params = [claimset, "HS256", "secret_key"]
+assertion_params = [claimset, "HS256", "secret_key"]
 access = client.assertion.get_token(assertion_params)
 
 # The `access` (i.e. access token) is then used like so:
 access.token # actual access_token string, if you need it somewhere
-access.get("/api/stuff") # making api calls with access token
-
                            
+access.get("/api/stuff") # making api calls with access token
+```
 
-
                            If you want to specify additional headers to be sent out with the
                            
-request, add a ‘headers’ hash under ‘params’:
                            
+If you want to specify additional headers to be sent out with the
+request, add a 'headers' hash under 'params':
 
-
                            access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: {"Some" => "Header"})
-
                            
+```ruby
+access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: => "Header")
+```
 
-
                            You can always use the #request method on the OAuth2::Client instance to make
                            
-requests for tokens for any Authentication grant type.
                            
+You can always use the `#request` method on the `OAuth2::Client` instance to make
+requests for tokens for any Authentication grant type.
 
-
                            📘 Comprehensive Usage
                            
+## 📘 Comprehensive Usage
 
-
                            Common Flows (end-to-end)
                            
+### Common Flows (end-to-end)
 
-
                              
-  
                            • Authorization Code (server-side web app):
                              • 
-
                            
+- Authorization Code (server-side web app):
 
-
                            require "oauth2"
+```ruby
+require "oauth2"
 client = OAuth2::Client.new(
-  ENV["CLIENT_ID"],
-  ENV["CLIENT_SECRET"],
-  site: "https://provider.example.com",
-  redirect_uri: "https://my.app.example.com/oauth/callback",
+  ENV["CLIENT_ID"],
+  ENV["CLIENT_SECRET"],
+  site: "https://provider.example.com/",
+  redirect_uri: "https://my.app.example.com/oauth/callback",
 )
 
 # Step 1: redirect user to consent
 state = SecureRandom.hex(16)
-auth_url = client.auth_code.authorize_url(/service/scope: "openid profile email", state: state)
+auth_url = client.auth_code.authorize_url(/service/scope: "openid profile email", state: state)
 # redirect_to auth_url
 
 # Step 2: handle the callback
 # params[:code], params[:state]
-raise "state mismatch" unless params[:state] == state
+raise "state mismatch" unless params[:state] == state
 access = client.auth_code.get_token(params[:code])
 
 # Step 3: call APIs
-profile = access.get("/api/v1/me").parsed
-
                            
+profile = access.get("/api/v1/me").parsed
+```
 
-
                              
-  
                            • Client Credentials (machine-to-machine):
                              • 
-
                            
+- Client Credentials (machine-to-machine):
 
-
                            client = OAuth2::Client.new(ENV["CLIENT_ID"], ENV["CLIENT_SECRET"], site: "https://provider.example.com")
-access = client.client_credentials.get_token(audience: "https://api.example.com")
-resp = access.get("/v1/things")
-
                            
+```ruby
+client = OAuth2::Client.new(ENV["CLIENT_ID"], ENV["CLIENT_SECRET"], site: "https://provider.example.com/")
+access = client.client_credentials.get_token(audience: "https://api.example.com/")
+resp = access.get("/v1/things")
+```
 
-
                              
-  
                            • Resource Owner Password (legacy; avoid when possible):
                              • 
-
                            
+- Resource Owner Password (legacy; avoid when possible):
 
-
                            access = client.password.get_token("jdoe", "s3cret", scope: "read")
-
                            
+```ruby
+access = client.password.get_token("jdoe", "s3cret", scope: "read")
+```
 
-
                            Examples
                            
+#### Examples
 
 
                            
 JHipster UAA (Spring Cloud) password grant example (legacy; avoid when possible)
@@ -1053,97 +971,92 @@ 
                            Examples
                            
 
 
                            
 
-
                            Instagram API (verb‑dependent token mode)
                            
+### Instagram API (verb‑dependent token mode)
 
-
                            Providers like Instagram require the access token to be sent differently depending on the HTTP verb:
                            
-
                              
-  
                            • GET requests: token must be in the query string (?access_token=…)
                              • 
-  
                            • POST/DELETE requests: token must be in the Authorization header (Bearer …)
                              • 
-
                            
+Providers like Instagram require the access token to be sent differently depending on the HTTP verb:
+- GET requests: token must be in the query string (?access_token=...)
+- POST/DELETE requests: token must be in the Authorization header (Bearer ...)
 
-
                            Since v2.0.15, you can configure an AccessToken with a verb‑dependent mode. The gem will choose how to send the token based on the request method.
                            
+Since v2.0.15, you can configure an AccessToken with a verb‑dependent mode. The gem will choose how to send the token based on the request method.
 
-
                            Example: exchanging and refreshing long‑lived Instagram tokens, and making API calls
                            
+Example: exchanging and refreshing long‑lived Instagram tokens, and making API calls
 
-
                            require "oauth2"
+```ruby
+require "oauth2"
 
 # NOTE: Users authenticate via Facebook Login to obtain a short‑lived user token (not shown here).
 # See Facebook Login docs for obtaining the initial short‑lived token.
 
-client = OAuth2::Client.new(nil, nil, site: "https://graph.instagram.com")
+client = OAuth2::Client.new(nil, nil, site: "https://graph.instagram.com/")
 
 # Start with a short‑lived token you already obtained via Facebook Login
 short_lived = OAuth2::AccessToken.new(
   client,
-  ENV["IG_SHORT_LIVED_TOKEN"],
+  ENV["IG_SHORT_LIVED_TOKEN"],
   # Key part: verb‑dependent mode
-  mode: {get: :query, post: :header, delete: :header},
+  mode: :query, post: :header, delete: :header,
 )
 
 # 1) Exchange for a long‑lived token (Instagram requires GET with access_token in query)
 #    Endpoint: GET https://graph.instagram.com/access_token
 #    Params: grant_type=ig_exchange_token, client_secret=APP_SECRET
 exchange = short_lived.get(
-  "/access_token",
+  "/access_token",
   params: {
-    grant_type: "ig_exchange_token",
-    client_secret: ENV["IG_APP_SECRET"],
+    grant_type: "ig_exchange_token",
+    client_secret: ENV["IG_APP_SECRET"],
     # access_token param will be added automatically by the AccessToken (mode => :query for GET)
   },
 )
-long_lived_token_value = exchange.parsed["access_token"]
+long_lived_token_value = exchange.parsed["access_token"]
 
 long_lived = OAuth2::AccessToken.new(
   client,
   long_lived_token_value,
-  mode: {get: :query, post: :header, delete: :header},
+  mode: :query, post: :header, delete: :header,
 )
 
 # 2) Refresh the long‑lived token (Instagram uses GET with token in query)
 #    Endpoint: GET https://graph.instagram.com/refresh_access_token
 refresh_resp = long_lived.get(
-  "/refresh_access_token",
-  params: {grant_type: "ig_refresh_token"},
+  "/refresh_access_token",
+  params: "ig_refresh_token",
 )
 long_lived = OAuth2::AccessToken.new(
   client,
-  refresh_resp.parsed["access_token"],
-  mode: {get: :query, post: :header, delete: :header},
+  refresh_resp.parsed["access_token"],
+  mode: :query, post: :header, delete: :header,
 )
 
 # 3) Typical API GET request (token in query automatically)
-me = long_lived.get("/me", params: {fields: "id,username"}).parsed
+me = long_lived.get("/me", params: "id,username").parsed
 
 # 4) Example POST (token sent via Bearer header automatically)
 # Note: Replace the path/params with a real Instagram Graph API POST you need,
 # such as publishing media via the Graph API endpoints.
-# long_lived.post("/me/media", body: {image_url: "https://...", caption: "hello"})
-
                            
+# long_lived.post("/me/media", body: "https://.../", caption: "hello")
+```
 
-
                            Tips:
                            
-
                              
-  
                            • Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
                              • 
-  
                            • If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
                              • 
-
                            
+Tips:
+- Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
+- If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
 
-
                            Refresh Tokens
                            
+### Refresh Tokens
 
-
                            When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
                            
+When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
 
-
                              
-  
                            • Manual refresh:
                              • 
-
                            
+- Manual refresh:
 
-
                            if access.expired?
+```ruby
+if access.expired?
   access = access.refresh
 end
-
                            
+```
 
-
                              
-  
                            • Auto-refresh wrapper pattern:
                              • 
-
                            
+- Auto-refresh wrapper pattern:
 
-
                            class AutoRefreshingToken
+```ruby
+class AutoRefreshingToken
   def initialize(token_provider, store: nil)
     @token = token_provider
     @store = store # e.g., something that responds to read/write for token data
@@ -1175,46 +1088,48 @@ 
                            Refresh Tokens
                            
 
 # usage
 keeper = AutoRefreshingToken.new(access)
-keeper.with { |tok| tok.get("/v1/protected") }
-
                            
+keeper.with { |tok| tok.get("/v1/protected") }
+```
 
-
                            Persist the token across processes using AccessToken#to_hash and AccessToken.from_hash(client, hash).
                            
+Persist the token across processes using `AccessToken#to_hash` and `AccessToken.from_hash(client, hash)`.
 
-
                            Token Revocation (RFC 7009)
                            
+### Token Revocation (RFC 7009)
 
-
                            You can revoke either the access token or the refresh token.
                            
+You can revoke either the access token or the refresh token.
 
-
                            # Revoke the current access token
+```ruby
+# Revoke the current access token
 access.revoke(token_type_hint: :access_token)
 
 # Or explicitly revoke the refresh token (often also invalidates associated access tokens)
 access.revoke(token_type_hint: :refresh_token)
-
                            
+```
 
-
                            Client Configuration Tips
                            
+### Client Configuration Tips
 
-
                            Mutual TLS (mTLS) client authentication
                            
+#### Mutual TLS (mTLS) client authentication
 
-
                            Some providers require OAuth requests (including the token request and subsequent API calls) to be sender‑constrained using mutual TLS (mTLS). With this gem, you enable mTLS by providing a client certificate/private key to Faraday via connection_opts.ssl and, if your provider requires it for client authentication, selecting the tls_client_auth auth_scheme.
                            
+Some providers require OAuth requests (including the token request and subsequent API calls) to be sender‑constrained using mutual TLS (mTLS). With this gem, you enable mTLS by providing a client certificate/private key to Faraday via connection_opts.ssl and, if your provider requires it for client authentication, selecting the tls_client_auth auth_scheme.
 
-
                            Example using PEM files (certificate and key):
                            
+Example using PEM files (certificate and key):
 
-
                            require "oauth2"
-require "openssl"
+```ruby
+require "oauth2"
+require "openssl"
 
 client = OAuth2::Client.new(
-  ENV.fetch("CLIENT_ID"),
-  ENV.fetch("CLIENT_SECRET"),
-  site: "https://example.com",
-  authorize_url: "/oauth/authorize/",
-  token_url: "/oauth/token/",
+  ENV.fetch("https://github.com/CLIENT_ID"),
+  ENV.fetch("https://github.com/CLIENT_SECRET"),
+  site: "https://example.com/",
+  authorize_url: "/oauth/authorize/",
+  token_url: "/oauth/token/",
   auth_scheme: :tls_client_auth, # if your AS requires mTLS-based client authentication
   connection_opts: {
     ssl: {
-      client_cert: OpenSSL::X509::Certificate.new(File.read("localhost.pem")),
-      client_key: OpenSSL::PKey::RSA.new(File.read("localhost-key.pem")),
+      client_cert: OpenSSL::X509::Certificate.new(File.read("localhost.pem")),
+      client_key: OpenSSL::PKey::RSA.new(File.read("localhost-key.pem")),
       # Optional extras, uncomment as needed:
-      # ca_file: "/path/to/ca-bundle.pem",   # custom CA(s)
+      # ca_file: "/path/to/ca-bundle.pem",   # custom CA(s)
       # verify: true                           # enable server cert verification (recommended)
     },
   },
@@ -1225,70 +1140,65 @@ 
                            Mutual TLS (mTLS) client authenti
 access = client.client_credentials.get_token
 
 # Subsequent resource requests will also use mTLS on HTTPS endpoints of `site`:
-resp = access.get("/v1/protected")
-
                            
-
-
                            Notes:
                            
-
                              
-  
                            • Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to OpenSSL::PKey::RSA.new(File.read(path), ENV[“KEY_PASSWORD”]).
                              • 
-  
                            • If your certificate and key are in a PKCS#12/PFX bundle, you can load them like:
-    
                                
-      
                              • p12 = OpenSSL::PKCS12.new(File.read(“client.p12”), ENV[“P12_PASSWORD”])
                                • 
-      
                              • client_cert = p12.certificate; client_key = p12.key
                                • 
-    
                              
-  
                              • 
-  
                            • Server trust:
-    
                                
-      
                              • If your environment does not have system CAs, specify ca_file or ca_path inside the ssl: hash.
                                • 
-      
                              • Keep verify: true in production. Set verify: false only for local testing.
                                • 
-    
                              
-  
                              • 
-  
                            • Faraday adapter: Any adapter that supports Ruby’s OpenSSL should work. net_http (default) and net_http_persistent are common choices.
                              • 
-  
                            • Scope of mTLS: The SSL client cert is applied to any HTTPS request made by this client (token and resource requests) to the configured site base URL (and absolute URLs you call with the same client).
                              • 
-  
                            • OIDC tie-in: Some OPs require tls_client_auth at the token endpoint per OIDC/OAuth specifications. That is enabled via auth_scheme: :tls_client_auth as shown above.
                              • 
-
                            
+resp = access.get("/v1/protected")
+```
 
-
                            Authentication schemes for the token request
                            
+Notes:
+- Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to OpenSSL::PKey::RSA.new(File.read(path), ENV["KEY_PASSWORD"]).
+- If your certificate and key are in a PKCS#12/PFX bundle, you can load them like:
+  - p12 = OpenSSL::PKCS12.new(File.read("client.p12"), ENV["P12_PASSWORD"])
+  - client_cert = p12.certificate; client_key = p12.key
+- Server trust:
+  - If your environment does not have system CAs, specify ca_file or ca_path inside the ssl: hash.
+  - Keep verify: true in production. Set verify: false only for local testing.
+- Faraday adapter: Any adapter that supports Ruby’s OpenSSL should work. net_http (default) and net_http_persistent are common choices.
+- Scope of mTLS: The SSL client cert is applied to any HTTPS request made by this client (token and resource requests) to the configured site base URL (and absolute URLs you call with the same client).
+- OIDC tie-in: Some OPs require tls_client_auth at the token endpoint per OIDC/OAuth specifications. That is enabled via auth_scheme: :tls_client_auth as shown above.
+
+#### Authentication schemes for the token request
 
-
                            OAuth2::Client.new(
+```ruby
+OAuth2::Client.new(
   id,
   secret,
-  site: "https://provider.example.com",
+  site: "https://provider.example.com/",
   auth_scheme: :basic_auth, # default. Alternatives: :request_body, :tls_client_auth, :private_key_jwt
 )
-
                            
+```
 
-
                            Faraday connection, timeouts, proxy, custom adapter/middleware:
                            
+#### Faraday connection, timeouts, proxy, custom adapter/middleware:
 
-
                            client = OAuth2::Client.new(
+```ruby
+client = OAuth2::Client.new(
   id,
   secret,
-  site: "https://provider.example.com",
+  site: "https://provider.example.com/",
   connection_opts: {
-    request: {open_timeout: 5, timeout: 15},
-    proxy: ENV["HTTPS_PROXY"],
-    ssl: {verify: true},
+    request: 5, timeout: 15,
+    proxy: ENV["HTTPS_PROXY"],
+    ssl: true,
   },
 ) do |faraday|
   faraday.request(:url_encoded)
   # faraday.response :logger, Logger.new($stdout) # see OAUTH_DEBUG below
   faraday.adapter(:net_http_persistent) # or any Faraday adapter you need
 end
-
                            
+```
 
-
                            Using flat query params (Faraday::FlatParamsEncoder)
                            
+##### Using flat query params (Faraday::FlatParamsEncoder)
 
-
                            Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
                            
+Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
 
-
                            require "faraday"
+```ruby
+require "faraday"
 
 client = OAuth2::Client.new(
   id,
   secret,
-  site: "https://api.example.com",
+  site: "https://api.example.com/",
   # Pass Faraday connection options to make FlatParamsEncoder the default
   connection_opts: {
-    request: {params_encoder: Faraday::FlatParamsEncoder},
+    request: Faraday::FlatParamsEncoder,
   },
 ) do |faraday|
   faraday.request(:url_encoded)
@@ -1300,197 +1210,181 @@ 
                            Using flat query param
 # Example of a GET with two flat filter params (not an array):
 # Results in: ?filter=order.clientCreatedTime%3E1445006997000&filter=order.clientCreatedTime%3C1445611797000
 resp = access.get(
-  "/v1/orders",
+  "/v1/orders",
   params: {
     # Provide the values as an array; FlatParamsEncoder expands them as repeated keys
     filter: [
-      "order.clientCreatedTime>1445006997000",
-      "order.clientCreatedTime<1445611797000",
+      "order.clientCreatedTime>1445006997000",
+      "order.clientCreatedTime<1445611797000",
     ],
   },
 )
-
                            
+```
 
-
                            If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:
                            
+If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:
 
-
                            conn = Faraday.new("https://api.example.com", request: {params_encoder: Faraday::FlatParamsEncoder})
-
                            
+```ruby
+conn = Faraday.new("https://api.example.com/", request: Faraday::FlatParamsEncoder)
+```
 
-
                            Redirection
                            
+#### Redirection
 
-
                            The library follows up to max_redirects (default 5).
                            
-You can override per-client via options[:max_redirects].
                            
+The library follows up to `max_redirects` (default 5).
+You can override per-client via `options[:max_redirects]`.
 
-
                            Handling Responses and Errors
                            
+### Handling Responses and Errors
 
-
                              
-  
                            • Parsing:
                              • 
-
                            
+- Parsing:
 
-
                            resp = access.get("/v1/thing")
+```ruby
+resp = access.get("/v1/thing")
 resp.status     # Integer
 resp.headers    # Hash
 resp.body       # String
 resp.parsed     # SnakyHash::StringKeyed or Array when JSON array
-
                            
+```
 
-
                              
-  
                            • Error handling:
                              • 
-
                            
+- Error handling:
 
-
                            begin
-  access.get("/v1/forbidden")
+```ruby
+begin
+  access.get("/v1/forbidden")
 rescue OAuth2::Error => e
   e.code         # OAuth2 error code (when present)
   e.description  # OAuth2 error description (when present)
   e.response     # OAuth2::Response (full access to status/headers/body)
 end
-
                            
+```
 
-
                              
-  
                            • Disable raising on 4xx/5xx to inspect the response yourself:
                              • 
-
                            
+- Disable raising on 4xx/5xx to inspect the response yourself:
 
-
                            client = OAuth2::Client.new(id, secret, site: site, raise_errors: false)
-res = client.request(:get, "/v1/maybe-errors")
+```ruby
+client = OAuth2::Client.new(id, secret, site: site, raise_errors: false)
+res = client.request(:get, "/v1/maybe-errors")
 if res.status == 429
-  sleep res.headers["retry-after"].to_i
+  sleep res.headers["retry-after"].to_i
 end
-
                            
+```
 
-
                            Making Raw Token Requests
                            
+### Making Raw Token Requests
 
-
                            If a provider requires non-standard parameters or headers, you can call client.get_token directly:
                            
+If a provider requires non-standard parameters or headers, you can call `client.get_token` directly:
 
-
                            access = client.get_token({
-  grant_type: "client_credentials",
-  audience: "https://api.example.com",
-  headers: {"X-Custom" => "value"},
+```ruby
+access = client.get_token({
+  grant_type: "client_credentials",
+  audience: "https://api.example.com/",
+  headers: => "value",
   parse: :json, # override parsing
 })
-
                            
+```
 
-
                            OpenID Connect (OIDC) Notes
                            
+### OpenID Connect (OIDC) Notes
 
-
                              
-  
                            • If the token response includes an id_token (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider’s JWKs to verify it.
                              • 
-  
                            • For private_key_jwt client authentication, provide auth_scheme: :private_key_jwt and ensure your key configuration matches the provider requirements.
                              • 
-  
                            • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
                              • 
-
                            
+- If the token response includes an `id_token` (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider's JWKs to verify it.
+- For private_key_jwt client authentication, provide `auth_scheme: :private_key_jwt` and ensure your key configuration matches the provider requirements.
+- See [OIDC.md](OIDC.md) for a more complete OIDC overview, example, and links to the relevant specifications.
 
-
                            Debugging
                            
+### Debugging
 
-
                              
-  
                            • Set environment variable OAUTH_DEBUG=true to enable verbose Faraday logging (uses the client-provided logger).
                              • 
-  
                            • To mirror a working curl request, ensure you set the same auth scheme, params, and content type. The Quick Example at the top shows a curl-to-ruby translation.
                              • 
-
                            
+- Set environment variable `OAUTH_DEBUG=true` to enable verbose Faraday logging (uses the client-provided logger).
+- To mirror a working curl request, ensure you set the same auth scheme, params, and content type. The Quick Example at the top shows a curl-to-ruby translation.
 
-
                            
+---
 
-
                            🦷 FLOSS Funding
                            
+## 🦷 FLOSS Funding
 
-
                            While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding.
                            
-Raising a monthly budget of… “dollars” would make the project more sustainable.
                            
+While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding.
+Raising a monthly budget of... "dollars" would make the project more sustainable.
 
-
                            We welcome both individual and corporate sponsors! We also offer a
                            
-wide array of funding channels to account for your preferences
                            
-(although currently Open Collective is our preferred funding platform).
                            
+We welcome both individual and corporate sponsors! We also offer a
+wide array of funding channels to account for your preferences
+(although currently [Open Collective][🖇osc] is our preferred funding platform).
 
-
                            If you’re working in a company that’s making significant use of ruby-oauth tools we’d
                            
-appreciate it if you suggest to your company to become a ruby-oauth sponsor.
                            
+**If you're working in a company that's making significant use of ruby-oauth tools we'd
+appreciate it if you suggest to your company to become a ruby-oauth sponsor.**
 
-
                            You can support the development of ruby-oauth tools via
                            
-GitHub Sponsors,
                            
-Liberapay,
                            
-PayPal,
                            
-Open Collective
                            
-and Tidelift.
                            
+You can support the development of ruby-oauth tools via
+[GitHub Sponsors][🖇sponsor],
+[Liberapay][⛳liberapay],
+[PayPal][🖇paypal],
+[Open Collective][🖇osc]
+and [Tidelift][🏙️entsup-tidelift].
 
-
-  
-    
-      
-    
-  
-  
-    
-      
-    
-  
-
                            📍 NOTE
                            If doing a sponsorship in the form of donation is problematic for your company 
                             from an accounting standpoint, we’d recommend the use of Tidelift, 
                             where you can get a support-like subscription instead.
                            
+| 📍 NOTE                                                                                                                                                                                                              |
+|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| If doing a sponsorship in the form of donation is problematic for your company 
                             from an accounting standpoint, we'd recommend the use of Tidelift, 
                             where you can get a support-like subscription instead. |
 
-
                            Open Collective for Individuals
                            
+### Open Collective for Individuals
 
 
-
                            No backers yet. Be the first!
                            
-
                            
+No backers yet. Be the first!
+
 
-
                            Support us with a monthly donation and help us continue our activities. [Become a backer]
                            
+Support us with a monthly donation and help us continue our activities. [[Become a backer](https://opencollective.com/ruby-oauth#backer)]
 
-
                            Open Collective for Organizations
                            
+### Open Collective for Organizations
 
 
-
                            No sponsors yet. Be the first!
                            
-
                            
+No sponsors yet. Be the first!
+
 
-
                            Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
                            
+Become a sponsor and get your logo on our README on GitHub with a link to your site. [[Become a sponsor](https://opencollective.com/ruby-oauth#sponsor)]
 
-
                            Another way to support open-source
                            
+### Another way to support open-source
 
-
                            
-  
                            How wonderful it is that nobody need wait a single moment before starting to improve the world.

                            
-—Anne Frank
                            
-
                            
+> How wonderful it is that nobody need wait a single moment before starting to improve the world.
                            
+>—Anne Frank
 
-
                            I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions — totaling 79 hours of FLOSS coding over just the past seven days, a pretty regular week for me.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
                            
+I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions — totaling 79 hours of FLOSS coding over just the past seven days, a pretty regular week for me.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
 
-
                            If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.
                            
+If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in `bundle fund`.
 
-
                            I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.
                            
+I’m developing a new library, [floss_funding][🖇floss-funding-gem], designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.
 
-
                            Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags
                            
+**[Floss-Funding.dev][🖇floss-funding.dev]: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags**
 
-
                            OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                            
+[![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
 
-
                            🔐 Security
                            
+## 🔐 Security
 
-
                            To report a security vulnerability, please use the Tidelift security contact.
                            
-Tidelift will coordinate the fix and disclosure.
                            
+To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
+Tidelift will coordinate the fix and disclosure.
 
-
                            For more see SECURITY.md.
                            
+For more see [SECURITY.md][🔐security].
 
-
                            🤝 Contributing
                            
+## 🤝 Contributing
 
-
                            If you need some ideas of where to help, you could work on adding more code coverage,
                            
-or if it is already 💯 (see below) check reek, issues, or PRs,
                            
-or use the gem and think about how it could be better.
                            
+If you need some ideas of where to help, you could work on adding more code coverage,
+or if it is already 💯 (see [below](#code-coverage)) check [reek](REEK), [issues][🤝gh-issues], or [PRs][🤝gh-pulls],
+or use the gem and think about how it could be better.
 
-
                            We Keep A Changelog so if you make changes, remember to update it.
                            
+We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you make changes, remember to update it.
 
-
                            See CONTRIBUTING.md for more detailed instructions.
                            
+See [CONTRIBUTING.md][🤝contributing] for more detailed instructions.
 
-
                            🚀 Release Instructions
                            
+### 🚀 Release Instructions
 
-
                            See CONTRIBUTING.md.
                            
+See [CONTRIBUTING.md][🤝contributing].
 
-
                            Code Coverage
                            
+### Code Coverage
 
-
                            Coveralls Test Coverage
                            
+[![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]
 
-
                            QLTY Test Coverage
                            
+[![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov]
 
-
                            🪇 Code of Conduct
                            
+### 🪇 Code of Conduct
 
-
                            Everyone interacting with this project’s codebases, issue trackers,
                            
-chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
                            
+Everyone interacting with this project's codebases, issue trackers,
+chat rooms and mailing lists agrees to follow the [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct].
 
-
                            🌈 Contributors
                            
+## 🌈 Contributors
 
-
                            Contributors
                            
+[![Contributors][🖐contributors-img]][🖐contributors]
 
-
                            Made with contributors-img.
                            
+Made with [contributors-img][🖐contrib-rocks].
 
-
                            Also see GitLab Contributors: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main
                            
+Also see GitLab Contributors: [https://gitlab.com/ruby-oauth/oauth2/-/graphs/main][🚎contributors-gl]
 
 
                            
     ⭐️ Star History
@@ -1505,28 +1399,27 @@ 
                            🌈 Contributors
                            
 
 
                            
 
-
                            📌 Versioning
                            
+## 📌 Versioning
 
-
                            This Library adheres to Semantic Versioning 2.0.0.
                            
-Violations of this scheme should be reported as bugs.
                            
-Specifically, if a minor or patch version is released that breaks backward compatibility,
                            
-a new version should be immediately released that restores compatibility.
                            
-Breaking changes to the public API will only be introduced with new major versions.
                            
+This Library adheres to [![Semantic Versioning 2.0.0][📌semver-img]][📌semver].
+Violations of this scheme should be reported as bugs.
+Specifically, if a minor or patch version is released that breaks backward compatibility,
+a new version should be immediately released that restores compatibility.
+Breaking changes to the public API will only be introduced with new major versions.
 
-
                            
-  
                            dropping support for a platform is both obviously and objectively a breaking change 

                            
-—Jordan Harband (@ljharb, maintainer of SemVer) in SemVer issue 716
                            
-
                            
+> dropping support for a platform is both obviously and objectively a breaking change 
                            
+>—Jordan Harband ([@ljharb](https://github.com/ljharb), maintainer of SemVer) [in SemVer issue 716][📌semver-breaking]
 
-
                            I understand that policy doesn’t work universally (“exceptions to every rule!”),
                            
-but it is the policy here.
                            
-As such, in many cases it is good to specify a dependency on this library using
                            
-the Pessimistic Version Constraint with two digits of precision.
                            
+I understand that policy doesn't work universally ("exceptions to every rule!"),
+but it is the policy here.
+As such, in many cases it is good to specify a dependency on this library using
+the [Pessimistic Version Constraint][📌pvc] with two digits of precision.
 
-
                            For example:
                            
+For example:
 
-
                            spec.add_dependency("oauth2", "~> 2.0")
-
                            
+```ruby
+spec.add_dependency("oauth2", "~> 2.0")
+```
 
 
                            
 📌 Is "Platform Support" part of the public API? More details inside.
@@ -1542,15 +1435,15 @@ 
                            📌 Versioning
                            
 
 
                            
 
-
                            See CHANGELOG.md for a list of releases.
                            
+See [CHANGELOG.md][📌changelog] for a list of releases.
 
-
                            📄 License
                            
+## 📄 License
 
-
                            The gem is available as open source under the terms of
                            
-the MIT License License: MIT.
                            
-See LICENSE.txt for the official Copyright Notice.
                            
+The gem is available as open source under the terms of
+the [MIT License][📄license] [![License: MIT][📄license-img]][📄license-ref].
+See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright-notice-explainer].
 
-
                            © Copyright
                            
+### © Copyright
 
 
                              
     
                            • 
@@ -1567,26 +1460,233 @@ 
                              © Copyright
                              
     
                              • 
 
                            
 
-
                            🤑 A request for help
                            
-
-
                            Maintainers have teeth and need to pay their dentists.
                            
-After getting laid off in an RIF in March and filled with many dozens of rejections,
                            
-I’m now spending ~60+ hours a week building open source tools.
                            
-I’m hoping to be able to pay for my kids’ health insurance this month,
                            
-so if you value the work I am doing, I need your support.
                            
-Please consider sponsoring me or the project.
                            
-
-
                            To join the community or get help 👇️ Join the Discord.
                            
-
-
                            Live Chat on Discord
                            
-
-
                            To say “thanks!” ☝️ Join the Discord or 👇️ send money.
                            
-
-
                            Sponsor ruby-oauth/oauth2 on Open Source Collective 💌 Sponsor me on GitHub Sponsors 💌 Sponsor me on Liberapay 💌 Donate on PayPal
                            
-
-
                            Please give the project a star ⭐ ♥.
                            
-
-
                            Thanks for RTFM. ☺️
                            
+## 🤑 A request for help
+
+Maintainers have teeth and need to pay their dentists.
+After getting laid off in an RIF in March and filled with many dozens of rejections,
+I'm now spending ~60+ hours a week building open source tools.
+I'm hoping to be able to pay for my kids' health insurance this month,
+so if you value the work I am doing, I need your support.
+Please consider sponsoring me or the project.
+
+To join the community or get help 👇️ Join the Discord.
+
+[![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite]
+
+To say "thanks!" ☝️ Join the Discord or 👇️ send money.
+
+[![Sponsor ruby-oauth/oauth2 on Open Source Collective][🖇osc-all-bottom-img]][🖇osc] 💌 [![Sponsor me on GitHub Sponsors][🖇sponsor-bottom-img]][🖇sponsor] 💌 [![Sponsor me on Liberapay][⛳liberapay-bottom-img]][⛳liberapay-img] 💌 [![Donate on PayPal][🖇paypal-bottom-img]][🖇paypal-img]
+
+### Please give the project a star ⭐ ♥.
+
+Thanks for RTFM. ☺️
+
+[⛳liberapay-img]: https://img.shields.io/liberapay/goal/pboling.svg?logo=liberapay&color=a51611&style=flat
+[⛳liberapay-bottom-img]: https://img.shields.io/liberapay/goal/pboling.svg?style=for-the-badge&logo=liberapay&color=a51611
+[⛳liberapay]: https://liberapay.com/pboling/donate
+[🖇osc-all-img]: https://img.shields.io/opencollective/all/ruby-oauth
+[🖇osc-sponsors-img]: https://img.shields.io/opencollective/sponsors/ruby-oauth
+[🖇osc-backers-img]: https://img.shields.io/opencollective/backers/ruby-oauth
+[🖇osc-backers]: https://opencollective.com/ruby-oauth#backer
+[🖇osc-backers-i]: https://opencollective.com/ruby-oauth/backers/badge.svg?style=flat
+[🖇osc-sponsors]: https://opencollective.com/ruby-oauth#sponsor
+[🖇osc-sponsors-i]: https://opencollective.com/ruby-oauth/sponsors/badge.svg?style=flat
+[🖇osc-all-bottom-img]: https://img.shields.io/opencollective/all/ruby-oauth?style=for-the-badge
+[🖇osc-sponsors-bottom-img]: https://img.shields.io/opencollective/sponsors/ruby-oauth?style=for-the-badge
+[🖇osc-backers-bottom-img]: https://img.shields.io/opencollective/backers/ruby-oauth?style=for-the-badge
+[🖇osc]: https://opencollective.com/ruby-oauth
+[🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github
+[🖇sponsor-bottom-img]: https://img.shields.io/badge/Sponsor_Me!-pboling-blue?style=for-the-badge&logo=github
+[🖇sponsor]: https://github.com/sponsors/pboling
+[🖇polar-img]: https://img.shields.io/badge/polar-donate-a51611.svg?style=flat
+[🖇polar]: https://polar.sh/pboling
+[🖇kofi-img]: https://img.shields.io/badge/ko--fi-%E2%9C%93-a51611.svg?style=flat
+[🖇kofi]: https://ko-fi.com/O5O86SNP4
+[🖇patreon-img]: https://img.shields.io/badge/patreon-donate-a51611.svg?style=flat
+[🖇patreon]: https://patreon.com/galtzo
+[🖇buyme-small-img]: https://img.shields.io/badge/buy_me_a_coffee-%E2%9C%93-a51611.svg?style=flat
+[🖇buyme-img]: https://img.buymeacoffee.com/button-api/?text=Buy%20me%20a%20latte&emoji=&slug=pboling&button_colour=FFDD00&font_colour=000000&font_family=Cookie&outline_colour=000000&coffee_colour=ffffff
+[🖇buyme]: https://www.buymeacoffee.com/pboling
+[🖇paypal-img]: https://img.shields.io/badge/donate-paypal-a51611.svg?style=flat&logo=paypal
+[🖇paypal-bottom-img]: https://img.shields.io/badge/donate-paypal-a51611.svg?style=for-the-badge&logo=paypal&color=0A0A0A
+[🖇paypal]: https://www.paypal.com/paypalme/peterboling
+[🖇floss-funding.dev]: https://floss-funding.dev
+[🖇floss-funding-gem]: https://github.com/galtzo-floss/floss_funding
+[✉️discord-invite]: https://discord.gg/3qme4XHNKN
+[✉️discord-invite-img-ftb]: https://img.shields.io/discord/1373797679469170758?style=for-the-badge&logo=discord
+[✉️ruby-friends-img]: https://img.shields.io/badge/daily.dev-%F0%9F%92%8E_Ruby_Friends-0A0A0A?style=for-the-badge&logo=dailydotdev&logoColor=white
+[✉️ruby-friends]: https://app.daily.dev/squads/rubyfriends
+
+[⛳gg-discussions]: https://groups.google.com/g/oauth-ruby
+[⛳gg-discussions-img]: https://img.shields.io/badge/google-group-0093D0.svg?style=for-the-badge&logo=google&logoColor=orange
+
+[✇bundle-group-pattern]: https://gist.github.com/pboling/4564780
+[⛳️gem-namespace]: https://github.com/ruby-oauth/oauth2
+[⛳️namespace-img]: https://img.shields.io/badge/namespace-OAuth2-3C2D2D.svg?style=square&logo=ruby&logoColor=white
+[⛳️gem-name]: https://rubygems.org/gems/oauth2
+[⛳️name-img]: https://img.shields.io/badge/name-oauth2-3C2D2D.svg?style=square&logo=rubygems&logoColor=red
+[⛳️tag-img]: https://img.shields.io/github/tag/ruby-oauth/oauth2.svg
+[⛳️tag]: http://github.com/ruby-oauth/oauth2/releases
+[🚂maint-blog]: http://www.railsbling.com/tags/oauth2
+[🚂maint-blog-img]: https://img.shields.io/badge/blog-railsbling-0093D0.svg?style=for-the-badge&logo=rubyonrails&logoColor=orange
+[🚂maint-contact]: http://www.railsbling.com/contact
+[🚂maint-contact-img]: https://img.shields.io/badge/Contact-Maintainer-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red
+[💖🖇linkedin]: http://www.linkedin.com/in/peterboling
+[💖🖇linkedin-img]: https://img.shields.io/badge/PeterBoling-LinkedIn-0B66C2?style=flat&logo=newjapanprowrestling
+[💖✌️wellfound]: https://wellfound.com/u/peter-boling
+[💖✌️wellfound-img]: https://img.shields.io/badge/peter--boling-orange?style=flat&logo=wellfound
+[💖💲crunchbase]: https://www.crunchbase.com/person/peter-boling
+[💖💲crunchbase-img]: https://img.shields.io/badge/peter--boling-purple?style=flat&logo=crunchbase
+[💖🐘ruby-mast]: https://ruby.social/@galtzo
+[💖🐘ruby-mast-img]: https://img.shields.io/mastodon/follow/109447111526622197?domain=https://ruby.social&style=flat&logo=mastodon&label=Ruby%20@galtzo
+[💖🦋bluesky]: https://bsky.app/profile/galtzo.com
+[💖🦋bluesky-img]: https://img.shields.io/badge/@galtzo.com-0285FF?style=flat&logo=bluesky&logoColor=white
+[💖🌳linktree]: https://linktr.ee/galtzo
+[💖🌳linktree-img]: https://img.shields.io/badge/galtzo-purple?style=flat&logo=linktree
+[💖💁🏼‍♂️devto]: https://dev.to/galtzo
+[💖💁🏼‍♂️devto-img]: https://img.shields.io/badge/dev.to-0A0A0A?style=flat&logo=devdotto&logoColor=white
+[💖💁🏼‍♂️aboutme]: https://about.me/peter.boling
+[💖💁🏼‍♂️aboutme-img]: https://img.shields.io/badge/about.me-0A0A0A?style=flat&logo=aboutme&logoColor=white
+[💖🧊berg]: https://codeberg.org/pboling
+[💖🐙hub]: https://github.org/pboling
+[💖🛖hut]: https://sr.ht/~galtzo/
+[💖🧪lab]: https://gitlab.com/pboling
+[👨🏼‍🏫expsup-upwork]: https://www.upwork.com/freelancers/~014942e9b056abdf86?mp_source=share
+[👨🏼‍🏫expsup-upwork-img]: https://img.shields.io/badge/UpWork-13544E?style=for-the-badge&logo=Upwork&logoColor=white
+[👨🏼‍🏫expsup-codementor]: https://www.codementor.io/peterboling?utm_source=github&utm_medium=button&utm_term=peterboling&utm_campaign=github
+[👨🏼‍🏫expsup-codementor-img]: https://img.shields.io/badge/CodeMentor-Get_Help-1abc9c?style=for-the-badge&logo=CodeMentor&logoColor=white
+[🏙️entsup-tidelift]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=readme
+[🏙️entsup-tidelift-img]: https://img.shields.io/badge/Tidelift_and_Sonar-Enterprise_Support-FD3456?style=for-the-badge&logo=sonar&logoColor=white
+[🏙️entsup-tidelift-sonar]: https://blog.tidelift.com/tidelift-joins-sonar
+[💁🏼‍♂️peterboling]: http://www.peterboling.com
+[🚂railsbling]: http://www.railsbling.com
+[📜src-gl-img]: https://img.shields.io/badge/GitLab-FBA326?style=for-the-badge&logo=Gitlab&logoColor=orange
+[📜src-gl]: https://gitlab.com/ruby-oauth/oauth2/
+[📜src-cb-img]: https://img.shields.io/badge/CodeBerg-4893CC?style=for-the-badge&logo=CodeBerg&logoColor=blue
+[📜src-cb]: https://codeberg.org/ruby-oauth/oauth2
+[📜src-gh-img]: https://img.shields.io/badge/GitHub-238636?style=for-the-badge&logo=Github&logoColor=green
+[📜src-gh]: https://github.com/ruby-oauth/oauth2
+[📜docs-cr-rd-img]: https://img.shields.io/badge/RubyDoc-Current_Release-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
+[📜docs-head-rd-img]: https://img.shields.io/badge/YARD_on_Galtzo.com-HEAD-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
+[📜wiki]: https://gitlab.com/ruby-oauth/oauth2/-/wikis/home
+[📜wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=Wiki&logoColor=white
+[👽dl-rank]: https://rubygems.org/gems/oauth2
+[👽dl-ranki]: https://img.shields.io/gem/rd/oauth2.svg
+[👽oss-help]: https://www.codetriage.com/ruby-oauth/oauth2
+[👽oss-helpi]: https://www.codetriage.com/ruby-oauth/oauth2/badges/users.svg
+[👽version]: https://rubygems.org/gems/oauth2
+[👽versioni]: https://img.shields.io/gem/v/oauth2.svg
+[🔑qlty-mnt]: https://qlty.sh/gh/ruby-oauth/projects/oauth2
+[🔑qlty-mnti]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/maintainability.svg
+[🔑qlty-cov]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/metrics/code?sort=coverageRating
+[🔑qlty-covi]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/coverage.svg
+[🔑codecov]: https://codecov.io/gh/ruby-oauth/oauth2
+[🔑codecovi]: https://codecov.io/gh/ruby-oauth/oauth2/graph/badge.svg
+[🔑coveralls]: https://coveralls.io/github/ruby-oauth/oauth2?branch=main
+[🔑coveralls-img]: https://coveralls.io/repos/github/ruby-oauth/oauth2/badge.svg?branch=main
+[🖐codeQL]: https://github.com/ruby-oauth/oauth2/security/code-scanning
+[🖐codeQL-img]: https://github.com/ruby-oauth/oauth2/actions/workflows/codeql-analysis.yml/badge.svg
+[🚎1-an-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/ancient.yml
+[🚎1-an-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/ancient.yml/badge.svg
+[🚎2-cov-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/coverage.yml
+[🚎2-cov-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/coverage.yml/badge.svg
+[🚎3-hd-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/heads.yml
+[🚎3-hd-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/heads.yml/badge.svg
+[🚎4-lg-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/legacy.yml
+[🚎4-lg-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/legacy.yml/badge.svg
+[🚎5-st-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/style.yml
+[🚎5-st-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/style.yml/badge.svg
+[🚎6-s-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/supported.yml
+[🚎6-s-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/supported.yml/badge.svg
+[🚎7-us-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/unsupported.yml
+[🚎7-us-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/unsupported.yml/badge.svg
+[🚎8-ho-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/hoary.yml
+[🚎8-ho-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/hoary.yml/badge.svg
+[🚎9-t-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/truffle.yml
+[🚎9-t-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/truffle.yml/badge.svg
+[🚎10-j-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/jruby.yml
+[🚎10-j-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/jruby.yml/badge.svg
+[🚎11-c-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/current.yml
+[🚎11-c-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/current.yml/badge.svg
+[🚎12-crh-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/dep-heads.yml
+[🚎12-crh-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/dep-heads.yml/badge.svg
+[🚎13-cbs-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/caboose.yml
+[🚎13-cbs-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/caboose.yml/badge.svg
+[🚎13-🔒️-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/locked_deps.yml
+[🚎13-🔒️-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/locked_deps.yml/badge.svg
+[🚎14-🔓️-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/unlocked_deps.yml
+[🚎14-🔓️-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/unlocked_deps.yml/badge.svg
+[🚎15-🪪-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/license-eye.yml
+[🚎15-🪪-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/license-eye.yml/badge.svg
+[💎ruby-2.2i]: https://img.shields.io/badge/Ruby-2.2_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-2.3i]: https://img.shields.io/badge/Ruby-2.3-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-2.4i]: https://img.shields.io/badge/Ruby-2.4-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-2.5i]: https://img.shields.io/badge/Ruby-2.5-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-2.6i]: https://img.shields.io/badge/Ruby-2.6-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-2.7i]: https://img.shields.io/badge/Ruby-2.7-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-3.0i]: https://img.shields.io/badge/Ruby-3.0-CC342D?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-3.1i]: https://img.shields.io/badge/Ruby-3.1-CC342D?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-3.2i]: https://img.shields.io/badge/Ruby-3.2-CC342D?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-3.3i]: https://img.shields.io/badge/Ruby-3.3-CC342D?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-c-i]: https://img.shields.io/badge/Ruby-current-CC342D?style=for-the-badge&logo=ruby&logoColor=green
+[💎ruby-headi]: https://img.shields.io/badge/Ruby-HEAD-CC342D?style=for-the-badge&logo=ruby&logoColor=blue
+[💎truby-22.3i]: https://img.shields.io/badge/Truffle_Ruby-22.3_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=pink
+[💎truby-23.0i]: https://img.shields.io/badge/Truffle_Ruby-23.0_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=pink
+[💎truby-23.1i]: https://img.shields.io/badge/Truffle_Ruby-23.1-34BCB1?style=for-the-badge&logo=ruby&logoColor=pink
+[💎truby-c-i]: https://img.shields.io/badge/Truffle_Ruby-current-34BCB1?style=for-the-badge&logo=ruby&logoColor=green
+[💎truby-headi]: https://img.shields.io/badge/Truffle_Ruby-HEAD-34BCB1?style=for-the-badge&logo=ruby&logoColor=blue
+[💎jruby-9.1i]: https://img.shields.io/badge/JRuby-9.1_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=red
+[💎jruby-9.2i]: https://img.shields.io/badge/JRuby-9.2_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=red
+[💎jruby-9.3i]: https://img.shields.io/badge/JRuby-9.3_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=red
+[💎jruby-9.4i]: https://img.shields.io/badge/JRuby-9.4-FBE742?style=for-the-badge&logo=ruby&logoColor=red
+[💎jruby-c-i]: https://img.shields.io/badge/JRuby-current-FBE742?style=for-the-badge&logo=ruby&logoColor=green
+[💎jruby-headi]: https://img.shields.io/badge/JRuby-HEAD-FBE742?style=for-the-badge&logo=ruby&logoColor=blue
+[🤝gh-issues]: https://github.com/ruby-oauth/oauth2/issues
+[🤝gh-pulls]: https://github.com/ruby-oauth/oauth2/pulls
+[🤝gl-issues]: https://gitlab.com/ruby-oauth/oauth2/-/issues
+[🤝gl-pulls]: https://gitlab.com/ruby-oauth/oauth2/-/merge_requests
+[🤝cb-issues]: https://codeberg.org/ruby-oauth/oauth2/issues
+[🤝cb-pulls]: https://codeberg.org/ruby-oauth/oauth2/pulls
+[🤝cb-donate]: https://donate.codeberg.org/
+[🤝contributing]: CONTRIBUTING.md
+[🔑codecov-g]: https://codecov.io/gh/ruby-oauth/oauth2/graphs/tree.svg
+[🖐contrib-rocks]: https://contrib.rocks
+[🖐contributors]: https://github.com/ruby-oauth/oauth2/graphs/contributors
+[🖐contributors-img]: https://contrib.rocks/image?repo=ruby-oauth/oauth2
+[🚎contributors-gl]: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main
+[🪇conduct]: CODE_OF_CONDUCT.md
+[🪇conduct-img]: https://img.shields.io/badge/Contributor_Covenant-2.1-259D6C.svg
+[📌pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint
+[📌semver]: https://semver.org/spec/v2.0.0.html
+[📌semver-img]: https://img.shields.io/badge/semver-2.0.0-259D6C.svg?style=flat
+[📌semver-breaking]: https://github.com/semver/semver/issues/716#issuecomment-869336139
+[📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html
+[📌changelog]: CHANGELOG.md
+[📗keep-changelog]: https://keepachangelog.com/en/1.0.0/
+[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-34495e.svg?style=flat
+[📌gitmoji]:https://gitmoji.dev
+[📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
+[🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.409-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🔐security]: SECURITY.md
+[🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
+[📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
+[📄license]: LICENSE.txt
+[📄license-ref]: https://opensource.org/licenses/MIT
+[📄license-img]: https://img.shields.io/badge/License-MIT-259D6C.svg
+[📄license-compat]: https://dev.to/galtzo/how-to-check-license-compatibility-41h0
+[📄license-compat-img]: https://img.shields.io/badge/Apache_Compatible:_Category_A-%E2%9C%93-259D6C.svg?style=flat&logo=Apache
+[📄ilo-declaration]: https://www.ilo.org/declaration/lang--en/index.htm
+[📄ilo-declaration-img]: https://img.shields.io/badge/ILO_Fundamental_Principles-✓-259D6C.svg?style=flat
+[🚎yard-current]: http://rubydoc.info/gems/oauth2
+[🚎yard-head]: https://oauth2.galtzo.com
+[💎stone_checksums]: https://github.com/galtzo-floss/stone_checksums
+[💎SHA_checksums]: https://gitlab.com/ruby-oauth/oauth2/-/tree/main/checksums
+[💎rlts]: https://github.com/rubocop-lts/rubocop-lts
+[💎rlts-img]: https://img.shields.io/badge/code_style_&_linting-rubocop--lts-34495e.svg?plastic&logo=ruby&logoColor=white
+[💎appraisal2]: https://github.com/appraisal-rb/appraisal2
+[💎appraisal2-img]: https://img.shields.io/badge/appraised_by-appraisal2-34495e.svg?plastic&logo=ruby&logoColor=white
+[💎d-in-dvcs]: https://railsbling.com/posts/dvcs/put_the_d_in_dvcs/
 
 
                            
   
@@ -1598,6 +1698,7 @@ 
                            Please give the project a star ⭐ ♥
 
 
                            
 
+
 
                            
   Broken badges
 
@@ -1605,10 +1706,11 @@ 
                            Please give the project a star ⭐ ♥
 [![CodeCov Test Coverage][🔑codecovi]][🔑codecov]
 
 
                            
+
                            
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index bd056a06..eeff2052 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 4e8301ae..b6fd3e2c 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                            Benefits of rubocop_gradual
                            
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 97fa7b30..d7bfa31a 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -91,7 +91,7 @@ 
                            Additional Support
                            
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 11edd2ed..8f66685b 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index a91fe62b..b741b4b3 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index a08b0873..1d7ab7da 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index 2f085919..66755543 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index a8c8b02c..41f8a684 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index 73b4cbbc..ef9bf350 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index 66025eab..48ee4fb8 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index a492a78b..578e1dca 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index c155024b..1abda5d5 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
index 4810d937..8ac8b38c 100644
--- a/docs/file.oauth2-2.0.14.gem.html
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.15.gem.html b/docs/file.oauth2-2.0.15.gem.html
new file mode 100644
index 00000000..90e30eea
--- /dev/null
+++ b/docs/file.oauth2-2.0.15.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.15.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                            
+      
+      
                            
+    
                            
+
+    
                            
+      
+
+      
                            287a5d2cff87b4f37dde7b97f0fc31ee4c79edcc451b33694d1ba6f13d218cd04848780a857b94b93b656d6d81de4f4fcb4e8345f432cee17a6d96bd3f313df2
                            
+
                            
+
+      
+
+    
                            
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index 3ed53f1b..d17d9115 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index a5939f29..34c124d3 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 7f46af9a..6f85354c 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index 11beef54..687d19aa 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index f060baa4..c384e86b 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -122,31 +122,41 @@ 
                            File List
                            
   
   
 
-  
                          • 
+  
                          • 
+    
                            oauth2-2.0.15.gem
                            
+  
                            • 
+  
+
+  
                          • 
     
                            oauth2-2.0.10.gem
                            
   
                            • 
   
 
-  
                          • 
+  
                          • 
     
                            oauth2-2.0.11.gem
                            
   
                            • 
   
 
-  
                          • 
+  
                          • 
     
                            oauth2-2.0.12.gem
                            
   
                            • 
   
 
-  
                          • 
+  
                          • 
     
                            oauth2-2.0.13.gem
                            
   
                            • 
   
 
-  
                          • 
+  
                          • 
     
                            oauth2-2.0.14.gem
                            
   
                            • 
   
 
+  
                          • 
+    
                            oauth2-2.0.15.gem
                            
+  
                            • 
+  
+
   
                          • 
     
                            REEK
                            
   
                            • 
diff --git a/docs/index.html b/docs/index.html
index 754184ee..edf6033d 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -63,7 +63,7 @@ 
                            🔐 OAuth 2.0 Authorization Framewor
 
 
                            ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
                            
 
-
                            Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL
                            
+
                            [![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
                            
 
 
                            if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
                            
 
@@ -71,7 +71,7 @@ 
                            🔐 OAuth 2.0 Authorization Framewor
 
 
                            if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
                            
 
-
                            OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                            
+
                            [![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate at ko-fi.com][🖇kofi-img]][🖇kofi]
                            
 
 
                            🌻 Synopsis
                            
 
@@ -80,7 +80,7 @@ 
                            🌻 Synopsis
                            
     desktop applications, mobile phones, and living room devices.
                            
 This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications.
                            
 
-
                            Quick Example
                            
+
                            Quick Examples
                            
 
 
                            
   Convert the following `curl` command into a token request using this gem...
@@ -113,189 +113,146 @@ 
                            Quick Example
                            
 
 
                            
 
-
                            If it seems like you are in the wrong place, you might try one of these:
                            
-
-
-
-
                            💡 Info you can shake a stick at
                            
-
-
-  
-    
-      
-      
-    
-  
-  
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-    
-      
-      
-    
-  
-
                            Tokens to Remember
-Gem name Gem namespace
-
                            Works with JRuby
-JRuby 9.1 Compat JRuby 9.2 Compat JRuby 9.3 Compat 
                             JRuby 9.4 Compat JRuby 10.0 Compat JRuby HEAD Compat
-
                            Works with Truffle Ruby
-Truffle Ruby 22.3 Compat Truffle Ruby 23.0 Compat 
                             Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat
-
                            Works with MRI Ruby 3
-Ruby 3.0 Compat Ruby 3.1 Compat Ruby 3.2 Compat Ruby 3.3 Compat Ruby 3.4 Compat Ruby HEAD Compat
-
                            Works with MRI Ruby 2
-Ruby 2.2 Compat 
                             Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
-
                            Source
-Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
-
                            Documentation
-Discussion Current release on RubyDoc.info YARD on Galtzo.com Maintainer Blog Wiki
-
                            Compliance
-License: MIT 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
-
                            Style
-Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits Compatibility appraised by: appraisal2
-
                            Support
-Live Chat on Discord Get help from me on Upwork Get help from me on Codementor
-
                            Maintainer 🎖️
-Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact Maintainer My technical writing
-
                            
-... 💖
-Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
-
                            
-
-
                            Compatibility
                            
-
-
                              
-  
                            • Operating Systems: Linux, MacOS, Windows
                              • 
-  
                            • MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
-    
                                
-      
                              • NOTE: This gem may still install and run on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                                • 
-    
                              
-  
                              • 
-  
                            • JRuby @ v9.4, v10.0, HEAD
-    
                                
-      
                              • NOTE: This gem may still install and run on JRuby v9.2 and v9.3, but they are EOL, builds are flaky, and GitHub Actions doesn’t have a proper allow-failures feature, and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                                • 
-    
                              
-  
                              • 
-  
                            • TruffleRuby @ v23.1, v24.1, HEAD
-    
                                
-      
                              • NOTE: This gem may still install and run on Truffleruby v22.3 and v23.0, but they are EOL, builds are flaky, and GitHub Actions doesn’t have a proper allow-failures feature, and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don’t break the platforms that do run in CI.
                                • 
-    
                              
-  
                              • 
-  
                            • gem faraday @ v0, v1, v2, HEAD ⏩️ lostisland/faraday
-
                              • 
-  
                            • gem jwt @ v1, v2, v3, HEAD ⏩️ jwt/ruby-jwt
-
                              • 
-  
                            • gem logger @ v1.2, v1.5, v1.7, HEAD ⏩️ ruby/logger
-
                              • 
-  
                            • gem multi_xml @ v0.5, v0.6, v0.7, HEAD ⏩️ sferik/multi_xml
-
                              • 
-  
                            • gem rack @ v1.2, v1.6, v2, v3, HEAD ⏩️ rack/rack
-
                              • 
-  
                            • gem snaky_hash @ v2, HEAD ⏩️ ruby-oauth/snaky_hash
-
                              • 
-  
                            • gem version_gem @ v1, HEAD ⏩️ ruby-oauth/version_gem
-
                              • 
-
                            
-
-
                            The last two were extracted from this gem. They are part of the ruby-oauth org,
                            
-and are developed in tight collaboration with this gem.
                            
-
-
                            Also, where reasonable, tested against the runtime dependencies of those dependencies:
                            
-
-
                              
-  
                            • gem hashie @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ hashie/hashie
-
                              • 
-
                            
+
                            
+Complete E2E single file script against [navikt/mock-oauth2-server](https://github.com/navikt/mock-oauth2-server)
 
-
                            Upgrading Runtime Gem Dependencies
                            
+- E2E example using the mock test server added in v2.0.11
 
-
                            This project sits underneath a large portion of the authorization systems on the internet.
                            
-According to GitHub’s project tracking, which I believe only reports on public projects,
                            
-100,000+ projects, and
                            
-500+ packages depend on this project.
                            
+```console
+docker compose -f docker-compose-ssl.yml up -d --wait
+ruby examples/e2e.rb
+# If your machine is slow or Docker pulls are cold, increase the wait:
+E2E_WAIT_TIMEOUT=120 ruby examples/e2e.rb
+# The mock server serves HTTP on 8080; the example points to http://localhost:8080 by default.
+```
 
-
                            That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
                            
+The output should be something like this:
 
-
                            As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
                            
-leading versions per each minor version of Ruby of all the runtime dependencies it can install with.
                            
+```console
+➜  ruby examples/e2e.rb
+Access token (truncated): eyJraWQiOiJkZWZhdWx0...
+userinfo status: 200
+userinfo body: => "demo-sub", "aud" => ["demo-aud"], "nbf" => 1757816758000, "iss" => "http://localhost:8080/default", "exp" => 1757820358000, "iat" => 1757816758000, "jti" => "d63b97a7-ebe5-4dea-93e6-d542caba6104"
+E2E complete
+```
 
-
                            What does that mean specifically for the runtime dependencies?
                            
+Make sure to shut down the mock server when you are done:
 
-
                            We have 100% test coverage of lines and branches, and this test suite runs across a very large matrix.
                            
-It wouldn’t be possible without appraisal2.
                            
+```console
+docker compose -f docker-compose-ssl.yml down
+```
 
-
-  
-    
-      
-      
-    
-  
-  
-    
-      
-      
-    
-  
-
                            🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎 and the color 💚 green 💚
                            👟 Check it out!github.com/appraisal-rb/appraisal2
                            
+Troubleshooting: validate connectivity to the mock server
+
+- Check container status and port mapping:
+    - docker compose -f docker-compose-ssl.yml ps
+- From the host, try the discovery URL directly (this is what the example uses by default):
+    - curl -v http://localhost:8080/default/.well-known/openid-configuration
+    - If that fails immediately, also try: curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration
+- From inside the container (to distinguish container vs host networking):
+    - docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration
+- Simple TCP probe from the host:
+    - nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'
+- Inspect which host port 8080 is bound to (should be 8080):
+    - docker inspect -f '(index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }' oauth2-mock-oauth2-server-1
+- Look at server logs for readiness/errors:
+    - docker logs -n 200 oauth2-mock-oauth2-server-1
+- On Linux, ensure nothing else is bound to 8080 and that firewall/SELinux aren’t blocking:
+    - ss -ltnp | grep :8080
+
+Notes
+- Discovery URL pattern is: http://localhost:8080//.well-known/openid-configuration, where  defaults to "default".
+- You can change these with env vars when running the example:
+    - E2E_ISSUER_BASE (default: http://localhost:8080)
+    - E2E_REALM (default: default)
+
+</details>
+
+If it seems like you are in the wrong place, you might try one of these:
+
+* [OAuth 2.0 Spec][oauth2-spec]
+* [doorkeeper gem][doorkeeper-gem] for OAuth 2.0 server/provider implementation.
+* [oauth sibling gem][sibling-gem] for OAuth 1.0a implementations in Ruby.
+
+[oauth2-spec]: https://oauth.net/2/
+[sibling-gem]: https://gitlab.com/ruby-oauth/oauth
+[doorkeeper-gem]: https://github.com/doorkeeper-gem/doorkeeper
+
+## 💡 Info you can shake a stick at
+
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                          |
+|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                          |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                            |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                         |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                              |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                       |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                         |
+| Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                            |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                  |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                      |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                   |
+
+### Compatibility
+
+* Operating Systems: Linux, MacOS, Windows
+* MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
+    * NOTE: This gem may still _install_ and _run_ on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
+* JRuby @ v9.4, v10.0, HEAD
+    * NOTE: This gem may still _install_ and _run_ on JRuby v9.2 and v9.3, but they are EOL, builds are flaky, and GitHub Actions [doesn't have][GHA-continue-on-error-ui] a proper [`allow-failures` feature][GHA-allow-failure], and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
+* TruffleRuby @ v23.1, v24.1, HEAD
+    * NOTE: This gem may still _install_ and _run_ on Truffleruby v22.3 and v23.0, but they are EOL, builds are flaky, and GitHub Actions [doesn't have][GHA-continue-on-error-ui] a proper [`allow-failures` feature][GHA-allow-failure], and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
+* gem `faraday` @ v0, v1, v2, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
+* gem `jwt` @ v1, v2, v3, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt)
+* gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [ruby/logger](https://github.com/ruby/logger)
+* gem `multi_xml` @ v0.5, v0.6, v0.7, HEAD ⏩️ [sferik/multi_xml](https://github.com/sferik/multi_xml)
+* gem `rack` @ v1.2, v1.6, v2, v3, HEAD ⏩️ [rack/rack](https://github.com/rack/rack)
+* gem `snaky_hash` @ v2, HEAD ⏩️ [ruby-oauth/snaky_hash](https://gitlab.com/ruby-oauth/snaky_hash)
+* gem `version_gem` @ v1, HEAD ⏩️ [ruby-oauth/version_gem](https://gitlab.com/ruby-oauth/version_gem)
+
+The last two were extracted from this gem. They are part of the `ruby-oauth` org,
+and are developed in tight collaboration with this gem.
+
+Also, where reasonable, tested against the runtime dependencies of those dependencies:
+
+* gem `hashie` @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ [hashie/hashie](https://github.com/hashie/hashie)
+
+[GHA-continue-on-error-ui]: https://github.com/actions/runner/issues/2347#issuecomment-2653479732
+[GHA-allow-failure]: https://github.com/orgs/community/discussions/15452
+
+#### Upgrading Runtime Gem Dependencies
+
+This project sits underneath a large portion of the authorization systems on the internet.
+According to GitHub's project tracking, which I believe only reports on public projects,
+[100,000+ projects](https://github.com/ruby-oauth/oauth2/network/dependents), and
+[500+ packages](https://github.com/ruby-oauth/oauth2/network/dependents?dependent_type=PACKAGE) depend on this project.
+
+That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
+
+As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
+leading versions per each minor version of Ruby of all the runtime dependencies it can install with.
+
+What does that mean specifically for the runtime dependencies?
+
+We have 100% test coverage of lines and branches, and this test suite runs across a very large matrix.
+It wouldn't be possible without appraisal2.
+
+| 🚚 _Amazing_ test matrix was brought to you by | 🔎 appraisal2 🔎 and the color 💚 green 💚             |
+|------------------------------------------------|--------------------------------------------------------|
+| 👟 Check it out!                               | ✨ [github.com/appraisal-rb/appraisal2][💎appraisal2] ✨ |
+
+#### You should upgrade this gem with confidence\*.
+
+- This gem follows a _strict & correct_ (according to the maintainer of SemVer; [more info][sv-pub-api]) interpretation of SemVer.
+    - Dropping support for **any** of the runtime dependency versions above will be a major version bump.
+    - If you aren't on one of the minor versions above, make getting there a priority.
+- You should upgrade the dependencies of this gem with confidence\*.
+- Please do upgrade, and then, when it goes smooth as butter [please sponsor me][🖇sponsor].  Thanks!
+
+[sv-pub-api]: #-versioning
 
-
                            You should upgrade this gem with confidence*.
                            
-
-
                              
-  
                            • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer.
-    
                                
-      
                              • Dropping support for any of the runtime dependency versions above will be a major version bump.
                                • 
-      
                              • If you aren’t on one of the minor versions above, make getting there a priority.
                                • 
-    
                              
-  
                              • 
-  
                            • You should upgrade the dependencies of this gem with confidence*.
                              • 
-  
                            • Please do upgrade, and then, when it goes smooth as butter please sponsor me.  Thanks!
                              • 
-
                            
-
-
                            * MIT license; The only guarantees I make are for enterprise support.
                            
+\* MIT license; The only guarantees I make are for [enterprise support](#enterprise-support).
 
 
                            
   Standard Library Dependencies
@@ -312,7 +269,7 @@ 
                            You should upgrade this gem
 
 
                            
 
-
                            Federated DVCS
                            
+### Federated DVCS
 
 
                            
   Find this repo on other forges
@@ -327,10 +284,11 @@ 
                            Federated DVCS
                            
 
 
                            
 
-
                            Enterprise Support Tidelift
-
                            
+[gh-discussions]: https://github.com/ruby-oauth/oauth2/discussions
+
+### Enterprise Support [![Tidelift](https://tidelift.com/badges/package/rubygems/oauth2)](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=readme)
 
-
                            Available as part of the Tidelift Subscription.
                            
+Available as part of the Tidelift Subscription.
 
 
                            
   Need enterprise-level guarantees?
@@ -351,9 +309,9 @@ 
                            Enterprise Support 🚀 Release Documentation
                            
+## 🚀 Release Documentation
 
-
                            Version 2.0.x
                            
+### Version 2.0.x
 
 
                            
   2.0.x CHANGELOG and README
@@ -377,7 +335,37 @@ 
                            Version 2.0.x
                            
 
 
                            
 
-
                            Older Releases
                            
+[2.0.13-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2013---2025-08-30
+[2.0.12-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2012---2025-05-31
+[2.0.11-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2011---2025-05-23
+[2.0.10-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2010---2025-05-17
+[2.0.9-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#209---2022-09-16
+[2.0.8-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#208---2022-09-01
+[2.0.7-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#207---2022-08-22
+[2.0.6-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#206---2022-07-13
+[2.0.5-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#205---2022-07-07
+[2.0.4-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#204---2022-07-01
+[2.0.3-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#203---2022-06-28
+[2.0.2-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#202---2022-06-24
+[2.0.1-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#201---2022-06-22
+[2.0.0-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#200---2022-06-21
+
+[2.0.13-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.13/README.md
+[2.0.12-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.12/README.md
+[2.0.11-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.11/README.md
+[2.0.10-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.10/README.md
+[2.0.9-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.9/README.md
+[2.0.8-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.8/README.md
+[2.0.7-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.7/README.md
+[2.0.6-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.6/README.md
+[2.0.5-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.5/README.md
+[2.0.4-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.4/README.md
+[2.0.3-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.3/README.md
+[2.0.2-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.2/README.md
+[2.0.1-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.1/README.md
+[2.0.0-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.0/README.md
+
+### Older Releases
 
 
                            
   1.4.x CHANGELOGs and READMEs
@@ -398,6 +386,32 @@ 
                            Older Releases
                            
 | 1.4.0   | Jun 9, 2017  | [v1.4.0 CHANGELOG][1.4.0-changelog]   | [v1.4.0 README][1.4.0-readme]   |
 
                            
 
+[1.4.11-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#1411---2022-09-16
+[1.4.10-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#1410---2022-07-01
+[1.4.9-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#149---2022-02-20
+[1.4.8-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#148---2022-02-18
+[1.4.7-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#147---2021-03-19
+[1.4.6-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#146---2021-03-19
+[1.4.5-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#145---2021-03-18
+[1.4.4-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#144---2020-02-12
+[1.4.3-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#143---2020-01-29
+[1.4.2-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#142---2019-10-01
+[1.4.1-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#141---2018-10-13
+[1.4.0-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#140---2017-06-09
+
+[1.4.11-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.11/README.md
+[1.4.10-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.10/README.md
+[1.4.9-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.9/README.md
+[1.4.8-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.8/README.md
+[1.4.7-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.7/README.md
+[1.4.6-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.6/README.md
+[1.4.5-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.5/README.md
+[1.4.4-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.4/README.md
+[1.4.3-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.3/README.md
+[1.4.2-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.2/README.md
+[1.4.1-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.1/README.md
+[1.4.0-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.0/README.md
+
 
                            
   1.3.x Readmes
 
@@ -420,19 +434,21 @@ 
                            Older Releases
                            
 
 
                            
 
-
                            ✨ Installation
                            
+## ✨ Installation
 
-
                            Install the gem and add to the application’s Gemfile by executing:
                            
+Install the gem and add to the application's Gemfile by executing:
 
-
                            bundle add oauth2
-
                            
+```console
+bundle add oauth2
+```
 
-
                            If bundler is not being used to manage dependencies, install the gem by executing:
                            
+If bundler is not being used to manage dependencies, install the gem by executing:
 
-
                            gem install oauth2
-
                            
+```console
+gem install oauth2
+```
 
-
                            🔒 Secure Installation
                            
+### 🔒 Secure Installation
 
 
                            
   For Medium or High Security Installations
@@ -467,58 +483,38 @@ 
                            🔒 Secure Installation
                            
 
 
                            
 
-
                            What is new for v2.0?
                            
-
-                            
-
-
                            Compatibility
                            
-
-
                            Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
                            
-Compatibility is further distinguished as “Best Effort Support” or “Incidental Support” for older versions of Ruby.
                            
-This gem will install on Ruby versions >= v2.2 for 2.x releases.
                            
-See 1-4-stable branch for older rubies.
                            
+## What is new for v2.0?
+
+- Works with Ruby versions >= 2.2
+- Drop support for the expired MAC Draft (all versions)
+- Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
+    - Support JWT `kid` for key discovery and management
+- Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
+- Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
+- Support IETF rfc6749 Don't set oauth params when nil (since v2.0.0)
+- Support IETF rfc7009 Token Revocation (since v2.0.10, updated in v2.0.13 to support revocation via URL-encoded parameters)
+- Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523)
+- Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json`
+- Adds option to `OAuth2::Client#get_token`:
+    - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token`
+- Adds option to `OAuth2::AccessToken#initialize`:
+    - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency
+- By default, keys are transformed to snake case.
+    - Original keys will still work as previously, in most scenarios, thanks to [snaky_hash][snaky_hash] gem.
+    - However, this is a _breaking_ change if you rely on `response.parsed.to_h` to retain the original case, and the original wasn't snake case, as the keys in the result will be snake case.
+    - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
+- By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`)
+    - Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
+- [... A lot more](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md#200-2022-06-21-tag)
+
+[snaky_hash]: https://gitlab.com/ruby-oauth/snaky_hash
+
+## Compatibility
+
+Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
+Compatibility is further distinguished as "Best Effort Support" or "Incidental Support" for older versions of Ruby.
+This gem will install on Ruby versions >= v2.2 for 2.x releases.
+See `1-4-stable` branch for older rubies.
 
 
                            
   Ruby Engine Compatibility Policy
@@ -547,171 +543,144 @@ 
                            Compatibility
                            
 of a major release, support for that Ruby version may be dropped.
 
                            
 
-
-  
-    
-      
-      
-      
-      
-      
-      
-    
-  
-  
-    
-      
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-      
-    
-    
-      
-      
-      
-      
-      
-      
-    
-  
-
                             Ruby OAuth2 VersionMaintenance BranchTargeted SupportBest Effort SupportIncidental Support
                            1️⃣2.0.xmain3.2, 3.3, 3.42.5, 2.6, 2.7, 3.0, 3.12.2, 2.3, 2.4
                            2️⃣1.4.x1-4-stable3.2, 3.3, 3.42.5, 2.6, 2.7, 3.0, 3.11.9, 2.0, 2.1, 2.2, 2.3, 2.4
                            3️⃣olderN/ABest of luck to you!Please upgrade! 
                            
-
-
                            NOTE: The 1.4 series will only receive critical security updates.
                            
-See SECURITY.md.
                            
-
-
                            ⚙️ Configuration
                            
-
-
                            You can turn on additional warnings.
                            
-
-
                            OAuth2.configure do |config|
+|     | Ruby OAuth2 Version | Maintenance Branch | Targeted Support     | Best Effort Support     | Incidental Support           |
+|:----|---------------------|--------------------|----------------------|-------------------------|------------------------------|
+| 1️⃣ | 2.0.x               | `main`             | 3.2, 3.3, 3.4        | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.2, 2.3, 2.4                |
+| 2️⃣ | 1.4.x               | `1-4-stable`       | 3.2, 3.3, 3.4        | 2.5, 2.6, 2.7, 3.0, 3.1 | 1.9, 2.0, 2.1, 2.2, 2.3, 2.4 |
+| 3️⃣ | older               | N/A                | Best of luck to you! | Please upgrade!         |                              |
+
+NOTE: The 1.4 series will only receive critical security updates.
+See [SECURITY.md][🔐security].
+
+## ⚙️ Configuration
+
+You can turn on additional warnings.
+
+```ruby
+OAuth2.configure do |config|
   # Turn on a warning like:
-  #   OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key
+  #   OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key
   config.silence_extra_tokens_warning = false # default: true
   # Set to true if you want to also show warnings about no tokens
   config.silence_no_tokens_warning = false # default: true,
 end
-
                            
+```
 
-
                            The “extra tokens” problem comes from ambiguity in the spec about which token is the right token.
                            
-Some OAuth 2.0 standards legitimately have multiple tokens.
                            
-You may need to subclass OAuth2::AccessToken, or write your own custom alternative to it, and pass it in.
                            
-Specify your custom class with the access_token_class option.
                            
+The "extra tokens" problem comes from ambiguity in the spec about which token is the right token.
+Some OAuth 2.0 standards legitimately have multiple tokens.
+You may need to subclass `OAuth2::AccessToken`, or write your own custom alternative to it, and pass it in.
+Specify your custom class with the `access_token_class` option.
 
-
                            If you only need one token you can, as of v2.0.10,
                            
-specify the exact token name you want to extract via the OAuth2::AccessToken using
                            
-the token_name option.
                            
+If you only need one token you can, as of v2.0.10,
+specify the exact token name you want to extract via the `OAuth2::AccessToken` using
+the `token_name` option.
 
-
                            You’ll likely need to do some source diving.
                            
-This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
                            
-If you have time and energy please contribute to the documentation!
                            
+You'll likely need to do some source diving.
+This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
+If you have time and energy please contribute to the documentation!
 
-
                            🔧 Basic Usage
                            
+## 🔧 Basic Usage
 
-
                            
-authorize_url and token_url are on site root (Just Works!)
                            
+### `authorize_url` and `token_url` are on site root (Just Works!)
 
-
                            require "oauth2"
-client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org")
-# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
-client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
-# => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+```ruby
+require "oauth2"
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/")
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth2/callback")
+# => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
 
-access = client.auth_code.get_token("authorization_code_value", redirect_uri: "http://localhost:8080/oauth2/callback", headers: {"Authorization" => "Basic some_password"})
-response = access.get("/api/resource", params: {"query_foo" => "bar"})
+access = client.auth_code.get_token("authorization_code_value", redirect_uri: "http://localhost:8080/oauth2/callback", headers: => "Basic some_password")
+response = access.get("/api/resource", params: => "bar")
 response.class.name
 # => OAuth2::Response
-
                            
+```
 
-
                            Relative authorize_url and token_url (Not on site root, Just Works!)
                            
+### Relative `authorize_url` and `token_url` (Not on site root, Just Works!)
 
-
                            In above example, the default Authorization URL is oauth/authorize and default Access Token URL is oauth/token, and, as they are missing a leading /, both are relative.
                            
+In above example, the default Authorization URL is `oauth/authorize` and default Access Token URL is `oauth/token`, and, as they are missing a leading `/`, both are relative.
 
-
                            client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
-# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
-client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
-# => "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
-
                            
+```ruby
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth2/callback")
+# => "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+```
 
-
                            Customize authorize_url and token_url
-
                            
+### Customize `authorize_url` and `token_url`
 
-
                            You can specify custom URLs for authorization and access token, and when using a leading / they will not be relative, as shown below:
                            
+You can specify custom URLs for authorization and access token, and when using a leading `/` they will _not be relative_, as shown below:
 
-
                            client = OAuth2::Client.new(
-  "client_id",
-  "client_secret",
-  site: "https://example.org/nested/directory/on/your/server",
-  authorize_url: "/jaunty/authorize/",
-  token_url: "/stirrups/access_token",
+```ruby
+client = OAuth2::Client.new(
+  "client_id",
+  "client_secret",
+  site: "https://example.org/nested/directory/on/your/server",
+  authorize_url: "/jaunty/authorize/",
+  token_url: "/stirrups/access_token",
 )
-# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
-client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
-# => "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth2/callback")
+# => "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
 client.class.name
 # => OAuth2::Client
-
                            
+```
 
-
                            snake_case and indifferent access in Response#parsed
                            
+### snake_case and indifferent access in Response#parsed
 
-
                            response = access.get("/api/resource", params: {"query_foo" => "bar"})
+```ruby
+response = access.get("/api/resource", params: => "bar")
 # Even if the actual response is CamelCase. it will be made available as snaky:
-JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
-response.parsed                   # => {"access_token"=>"aaaaaaaa", "additional_data"=>"additional"}
-response.parsed.access_token      # => "aaaaaaaa"
-response.parsed[:access_token]    # => "aaaaaaaa"
-response.parsed.additional_data   # => "additional"
-response.parsed[:additional_data] # => "additional"
+JSON.parse(response.body)         # => "additionalData"=>"additional"
+response.parsed                   # => "additional_data"=>"additional"
+response.parsed.access_token      # => "aaaaaaaa"
+response.parsed[:access_token]    # => "aaaaaaaa"
+response.parsed.additional_data   # => "additional"
+response.parsed[:additional_data] # => "additional"
 response.parsed.class.name        # => SnakyHash::StringKeyed (from snaky_hash gem)
-
                            
+```
 
-
                            Serialization
                            
+#### Serialization
 
-
                            As of v2.0.11, if you need to serialize the parsed result, you can!
                            
+As of v2.0.11, if you need to serialize the parsed result, you can!
 
-
                            There are two ways to do this, globally, or discretely.  The discrete way is recommended.
                            
+There are two ways to do this, globally, or discretely.  The discrete way is recommended.
 
-
                            Global Serialization Config
                            
+##### Global Serialization Config
 
-
                            Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails).
                            
+Globally configure `SnakyHash::StringKeyed` to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails).
 
-
                            SnakyHash::StringKeyed.class_eval do
+```ruby
+SnakyHash::StringKeyed.class_eval do
   extend SnakyHash::Serializer
 end
-
                            
+```
 
-
                            Discrete Serialization Config
                            
+##### Discrete Serialization Config
 
-
                            Discretely configure a custom Snaky Hash class to use the serializer.
                            
+Discretely configure a custom Snaky Hash class to use the serializer.
 
-
                            class MySnakyHash < SnakyHash::StringKeyed
+```ruby
+class MySnakyHash < SnakyHash::StringKeyed
   # Give this hash class `dump` and `load` abilities!
   extend SnakyHash::Serializer
 end
 
 # And tell your client to use the custom class in each call:
-client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
-token = client.get_token({snaky_hash_klass: MySnakyHash})
-
                            
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
+token = client.get_token(MySnakyHash)
+```
 
-
                            Serialization Extensions
                            
+##### Serialization Extensions
 
-
                            These extensions work regardless of whether you used the global or discrete config above.
                            
+These extensions work regardless of whether you used the global or discrete config above.
 
-
                            There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
                            
-They are likely not needed if you are on a newer Ruby.
                            
-See response_spec.rb if you need to study the hacks for older Rubies.
                            
+There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
+They are likely not needed if you are on a newer Ruby.
+See [response_spec.rb](https://github.com/ruby-oauth/oauth2/blob/main/spec/oauth2/response_spec.rb) if you need to study the hacks for older Rubies.
 
-
                            class MySnakyHash < SnakyHash::StringKeyed
+```ruby
+class MySnakyHash < SnakyHash::StringKeyed
   # Give this hash class `dump` and `load` abilities!
   extend SnakyHash::Serializer
 
@@ -721,14 +690,14 @@ 
                            Serialization Extensions
                            
   # In other words, this retains nested hashes, and only the deepest leaf nodes become bananas.
   # WARNING: This is a silly example!
   dump_value_extensions.add(:to_fruit) do |value|
-    "banana" # => Make values "banana" on dump
+    "banana" # => Make values "banana" on dump
   end
 
   # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
   # In other words, this retains nested hashes, and only the deepest leaf nodes become ***.
   # WARNING: This is a silly example!
   load_value_extensions.add(:to_stars) do |value|
-    "***" # Turn dumped bananas into *** when they are loaded
+    "***" # Turn dumped bananas into *** when they are loaded
   end
 
   # Act on the entire hash as it is prepared for dumping to JSON
@@ -736,9 +705,9 @@ 
                            Serialization Extensions
                            
   dump_hash_extensions.add(:to_cheese) do |value|
     if value.is_a?(Hash)
       value.transform_keys do |key|
-        split = key.split("_")
+        split = key.split("_")
         first_word = split[0]
-        key.sub(first_word, "cheese")
+        key.sub(first_word, "cheese")
       end
     else
       value
@@ -751,9 +720,9 @@ 
                            Serialization Extensions
                            
     if value.is_a?(Hash)
       res = klass.new
       value.keys.each_with_object(res) do |key, result|
-        split = key.split("_")
+        split = key.split("_")
         last_word = split[-1]
-        new_key = key.sub(last_word, "pizza")
+        new_key = key.sub(last_word, "pizza")
         result[new_key] = value[key]
       end
       res
@@ -762,19 +731,20 @@ 
                            Serialization Extensions
                            
     end
   end
 end
-
                            
+```
 
-
                            See response_spec.rb, or the ruby-oauth/snaky_hash gem for more ideas.
                            
+See [response_spec.rb](https://github.com/ruby-oauth/oauth2/blob/main/spec/oauth2/response_spec.rb), or the [ruby-oauth/snaky_hash](https://gitlab.com/ruby-oauth/snaky_hash) gem for more ideas.
 
-
                            Prefer camelCase over snake_case? => snaky: false
                            
+#### Prefer camelCase over snake_case? => snaky: false
 
-
                            response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
-JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
-response.parsed                   # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
-response.parsed["accessToken"]    # => "aaaaaaaa"
-response.parsed["additionalData"] # => "additional"
+```ruby
+response = access.get("/api/resource", params: => "bar", snaky: false)
+JSON.parse(response.body)         # => "additionalData"=>"additional"
+response.parsed                   # => "additionalData"=>"additional"
+response.parsed["accessToken"]    # => "aaaaaaaa"
+response.parsed["additionalData"] # => "additional"
 response.parsed.class.name        # => Hash (just, regular old Hash)
-
                            
+```
 
 
                            
   Debugging & Logging
@@ -800,211 +770,159 @@ 
                            Prefer camelCase over sna
 ```
 
                            
 
-
                            OAuth2::Response
                            
-
-
                            The AccessToken methods #get, #post, #put and #delete and the generic #request
                            
-will return an instance of the #OAuth2::Response class.
                            
-
-
                            This instance contains a #parsed method that will parse the response body and
                            
-return a Hash-like SnakyHash::StringKeyed if the Content-Type is application/x-www-form-urlencoded or if
                            
-the body is a JSON object.  It will return an Array if the body is a JSON
                            
-array.  Otherwise, it will return the original body string.
                            
-
-
                            The original response body, headers, and status can be accessed via their
                            
-respective methods.
                            
-
-
                            OAuth2::AccessToken
                            
-
-
                            If you have an existing Access Token for a user, you can initialize an instance
                            
-using various class methods including the standard new, from_hash (if you have
                            
-a hash of the values), or from_kvform (if you have an
                            
-application/x-www-form-urlencoded encoded string of the values).
                            
-
-
                            Options (since v2.0.x unless noted):
                            
-
                              
-  
                            • 
-    
-      
-        
-          
-          
-        
-      
-    
                              expires_latency (Integernil): Seconds to subtract from expires_in when computing #expired? to offset latency.
                              
-  
                              • 
-  
                            • 
-    
-      
-        
-          
-          
-          
-        
-      
-    
                              token_name (StringSymbolnil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
                              
-  
                              • 
-  
                            • 
-    
-      
-        
-          
-          
-          
-        
-      
-    
                              mode (SymbolProcHash): Controls how the token is transmitted on requests made via this AccessToken instance.
                              
-    
                                
-      
                              • :header — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
-
                                • 
-      
                              • :query — Send as access_token query parameter (discouraged in general, but required by some providers).
                                • 
-      
                              • Verb-dependent (since v2.0.15): Provide either:
-        
                                  
-          
                                • 
-            
-              
-                
-                  
-                  
-                  
-                
-              
-            
                                  a Proc takingverband returning :header or :query, or
                                  
-          
                                  • 
-          
                                • a Hash with verb symbols as keys, for example: :query, post: :header, delete: :header.
                                  • 
-        
                                
-      
                                • 
-    
                              
-  
                              • 
-
                            
-
-
                            Note: Verb-dependent mode was added in v2.0.15 to support providers like Instagram that require query mode for GET and header mode for POST/DELETE.
                            
-
-
                            OAuth2::Error
                            
-
-
                            On 400+ status code responses, an OAuth2::Error will be raised.  If it is a
                            
-standard OAuth2 error response, the body will be parsed and #code and #description will contain the values provided from the error and
                            
-error_description parameters.  The #response property of OAuth2::Error will
                            
-always contain the OAuth2::Response instance.
                            
-
-
                            If you do not want an error to be raised, you may use :raise_errors => false
                            
-option on initialization of the client.  In this case the OAuth2::Response
                            
-instance will be returned as usual and on 400+ status code responses, the
                            
-Response instance will contain the OAuth2::Error instance.
                            
-
-
                            Authorization Grants
                            
-
-
                            Note on OAuth 2.1 (draft):
                            
-
                              
-  
                            • PKCE is required for all OAuth clients using the authorization code flow (especially public clients). Implement PKCE in your app when required by your provider. See RFC 7636 and RFC 8252.
                              • 
-  
                            • Redirect URIs must be compared using exact string matching by the Authorization Server.
                              • 
-  
                            • The Implicit grant (response_type=token) and the Resource Owner Password Credentials grant are omitted from OAuth 2.1; they remain here for OAuth 2.0 compatibility but should be avoided for new apps.
                              • 
-  
                            • Bearer tokens in the query string are omitted due to security risks; prefer Authorization header usage.
                              • 
-  
                            • Refresh tokens for public clients must either be sender-constrained (e.g., DPoP/MTLS) or one-time use.
                              • 
-  
                            • The definitions of public and confidential clients are simplified to refer only to whether the client has credentials.
                              • 
-
                            
-
-
                            References:
                            
-
                              
-  
                            • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
                              • 
-  
                            • Aaron Parecki: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
                              • 
-  
                            • FusionAuth: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
                              • 
-  
                            • Okta: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
                              • 
-  
                            • Video: https://www.youtube.com/watch?v=g_aVPdwBTfw
                              • 
-  
                            • Differences overview: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
                              • 
-
                            
-
-
                            Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
                            
-authentication grant types have helper strategy classes that simplify client
                            
-use. They are available via the #auth_code,
                            
-#implicit,
                            
-#password,
                            
-#client_credentials, and
                            
-#assertion methods respectively.
                            
-
-
                            These aren’t full examples, but demonstrative of the differences between usage for each strategy.
                            
-
                            auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth/callback")
-access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback")
+### OAuth2::Response
+
+The `AccessToken` methods `#get`, `#post`, `#put` and `#delete` and the generic `#request`
+will return an instance of the #OAuth2::Response class.
+
+This instance contains a `#parsed` method that will parse the response body and
+return a Hash-like [`SnakyHash::StringKeyed`](https://gitlab.com/ruby-oauth/snaky_hash/-/blob/main/lib/snaky_hash/string_keyed.rb) if the `Content-Type` is `application/x-www-form-urlencoded` or if
+the body is a JSON object.  It will return an Array if the body is a JSON
+array.  Otherwise, it will return the original body string.
+
+The original response body, headers, and status can be accessed via their
+respective methods.
+
+### OAuth2::AccessToken
+
+If you have an existing Access Token for a user, you can initialize an instance
+using various class methods including the standard new, `from_hash` (if you have
+a hash of the values), or `from_kvform` (if you have an
+`application/x-www-form-urlencoded` encoded string of the values).
+
+Options (since v2.0.x unless noted):
+- expires_latency (Integer | nil): Seconds to subtract from expires_in when computing #expired? to offset latency.
+- token_name (String | Symbol | nil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
+- mode (Symbol | Proc | Hash): Controls how the token is transmitted on requests made via this AccessToken instance.
+  - :header — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
+  - :query — Send as access_token query parameter (discouraged in general, but required by some providers).
+  - Verb-dependent (since v2.0.15): Provide either:
+    - a Proc taking |verb| and returning :header or :query, or
+    - a Hash with verb symbols as keys, for example: :query, post: :header, delete: :header.
+
+Note: Verb-dependent mode was added in v2.0.15 to support providers like Instagram that require query mode for GET and header mode for POST/DELETE.
+
+### OAuth2::Error
+
+On 400+ status code responses, an `OAuth2::Error` will be raised.  If it is a
+standard OAuth2 error response, the body will be parsed and `#code` and `#description` will contain the values provided from the error and
+`error_description` parameters.  The `#response` property of `OAuth2::Error` will
+always contain the `OAuth2::Response` instance.
+
+If you do not want an error to be raised, you may use `:raise_errors => false`
+option on initialization of the client.  In this case the `OAuth2::Response`
+instance will be returned as usual and on 400+ status code responses, the
+Response instance will contain the `OAuth2::Error` instance.
+
+### Authorization Grants
+
+Note on OAuth 2.1 (draft):
+- PKCE is required for all OAuth clients using the authorization code flow (especially public clients). Implement PKCE in your app when required by your provider. See RFC 7636 and RFC 8252.
+- Redirect URIs must be compared using exact string matching by the Authorization Server.
+- The Implicit grant (response_type=token) and the Resource Owner Password Credentials grant are omitted from OAuth 2.1; they remain here for OAuth 2.0 compatibility but should be avoided for new apps.
+- Bearer tokens in the query string are omitted due to security risks; prefer Authorization header usage.
+- Refresh tokens for public clients must either be sender-constrained (e.g., DPoP/MTLS) or one-time use.
+- The definitions of public and confidential clients are simplified to refer only to whether the client has credentials.
+
+References:
+- OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
+- Aaron Parecki: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
+- FusionAuth: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
+- Okta: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
+- Video: https://www.youtube.com/watch?v=g_aVPdwBTfw
+- Differences overview: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
+
+Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
+authentication grant types have helper strategy classes that simplify client
+use. They are available via the [`#auth_code`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/auth_code.rb),
+[`#implicit`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/implicit.rb),
+[`#password`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/password.rb),
+[`#client_credentials`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/client_credentials.rb), and
+[`#assertion`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/assertion.rb) methods respectively.
+
+These aren't full examples, but demonstrative of the differences between usage for each strategy.
+```ruby
+auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth/callback")
+access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback")
 
-auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth/callback")
+auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth/callback")
 # get the token params in the callback and
 access = OAuth2::AccessToken.from_kvform(client, query_string)
 
-access = client.password.get_token("username", "password")
+access = client.password.get_token("username", "password")
 
 access = client.client_credentials.get_token
 
 # Client Assertion Strategy
 # see: https://tools.ietf.org/html/rfc7523
 claimset = {
-  iss: "http://localhost:3001",
-  aud: "http://localhost:8080/oauth2/token",
-  sub: "me@example.com",
+  iss: "http://localhost:3001/",
+  aud: "http://localhost:8080/oauth2/token",
+  sub: "me@example.com",
   exp: Time.now.utc.to_i + 3600,
 }
-assertion_params = [claimset, "HS256", "secret_key"]
+assertion_params = [claimset, "HS256", "secret_key"]
 access = client.assertion.get_token(assertion_params)
 
 # The `access` (i.e. access token) is then used like so:
 access.token # actual access_token string, if you need it somewhere
-access.get("/api/stuff") # making api calls with access token
-
                            
+access.get("/api/stuff") # making api calls with access token
+```
 
-
                            If you want to specify additional headers to be sent out with the
                            
-request, add a ‘headers’ hash under ‘params’:
                            
+If you want to specify additional headers to be sent out with the
+request, add a 'headers' hash under 'params':
 
-
                            access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: {"Some" => "Header"})
-
                            
+```ruby
+access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: => "Header")
+```
 
-
                            You can always use the #request method on the OAuth2::Client instance to make
                            
-requests for tokens for any Authentication grant type.
                            
+You can always use the `#request` method on the `OAuth2::Client` instance to make
+requests for tokens for any Authentication grant type.
 
-
                            📘 Comprehensive Usage
                            
+## 📘 Comprehensive Usage
 
-
                            Common Flows (end-to-end)
                            
+### Common Flows (end-to-end)
 
-
                              
-  
                            • Authorization Code (server-side web app):
                              • 
-
                            
+- Authorization Code (server-side web app):
 
-
                            require "oauth2"
+```ruby
+require "oauth2"
 client = OAuth2::Client.new(
-  ENV["CLIENT_ID"],
-  ENV["CLIENT_SECRET"],
-  site: "https://provider.example.com",
-  redirect_uri: "https://my.app.example.com/oauth/callback",
+  ENV["CLIENT_ID"],
+  ENV["CLIENT_SECRET"],
+  site: "https://provider.example.com/",
+  redirect_uri: "https://my.app.example.com/oauth/callback",
 )
 
 # Step 1: redirect user to consent
 state = SecureRandom.hex(16)
-auth_url = client.auth_code.authorize_url(/service/scope: "openid profile email", state: state)
+auth_url = client.auth_code.authorize_url(/service/scope: "openid profile email", state: state)
 # redirect_to auth_url
 
 # Step 2: handle the callback
 # params[:code], params[:state]
-raise "state mismatch" unless params[:state] == state
+raise "state mismatch" unless params[:state] == state
 access = client.auth_code.get_token(params[:code])
 
 # Step 3: call APIs
-profile = access.get("/api/v1/me").parsed
-
                            
+profile = access.get("/api/v1/me").parsed
+```
 
-
                              
-  
                            • Client Credentials (machine-to-machine):
                              • 
-
                            
+- Client Credentials (machine-to-machine):
 
-
                            client = OAuth2::Client.new(ENV["CLIENT_ID"], ENV["CLIENT_SECRET"], site: "https://provider.example.com")
-access = client.client_credentials.get_token(audience: "https://api.example.com")
-resp = access.get("/v1/things")
-
                            
+```ruby
+client = OAuth2::Client.new(ENV["CLIENT_ID"], ENV["CLIENT_SECRET"], site: "https://provider.example.com/")
+access = client.client_credentials.get_token(audience: "https://api.example.com/")
+resp = access.get("/v1/things")
+```
 
-
                              
-  
                            • Resource Owner Password (legacy; avoid when possible):
                              • 
-
                            
+- Resource Owner Password (legacy; avoid when possible):
 
-
                            access = client.password.get_token("jdoe", "s3cret", scope: "read")
-
                            
+```ruby
+access = client.password.get_token("jdoe", "s3cret", scope: "read")
+```
 
-
                            Examples
                            
+#### Examples
 
 
                            
 JHipster UAA (Spring Cloud) password grant example (legacy; avoid when possible)
@@ -1053,97 +971,92 @@ 
                            Examples
                            
 
 
                            
 
-
                            Instagram API (verb‑dependent token mode)
                            
+### Instagram API (verb‑dependent token mode)
 
-
                            Providers like Instagram require the access token to be sent differently depending on the HTTP verb:
                            
-
                              
-  
                            • GET requests: token must be in the query string (?access_token=…)
                              • 
-  
                            • POST/DELETE requests: token must be in the Authorization header (Bearer …)
                              • 
-
                            
+Providers like Instagram require the access token to be sent differently depending on the HTTP verb:
+- GET requests: token must be in the query string (?access_token=...)
+- POST/DELETE requests: token must be in the Authorization header (Bearer ...)
 
-
                            Since v2.0.15, you can configure an AccessToken with a verb‑dependent mode. The gem will choose how to send the token based on the request method.
                            
+Since v2.0.15, you can configure an AccessToken with a verb‑dependent mode. The gem will choose how to send the token based on the request method.
 
-
                            Example: exchanging and refreshing long‑lived Instagram tokens, and making API calls
                            
+Example: exchanging and refreshing long‑lived Instagram tokens, and making API calls
 
-
                            require "oauth2"
+```ruby
+require "oauth2"
 
 # NOTE: Users authenticate via Facebook Login to obtain a short‑lived user token (not shown here).
 # See Facebook Login docs for obtaining the initial short‑lived token.
 
-client = OAuth2::Client.new(nil, nil, site: "https://graph.instagram.com")
+client = OAuth2::Client.new(nil, nil, site: "https://graph.instagram.com/")
 
 # Start with a short‑lived token you already obtained via Facebook Login
 short_lived = OAuth2::AccessToken.new(
   client,
-  ENV["IG_SHORT_LIVED_TOKEN"],
+  ENV["IG_SHORT_LIVED_TOKEN"],
   # Key part: verb‑dependent mode
-  mode: {get: :query, post: :header, delete: :header},
+  mode: :query, post: :header, delete: :header,
 )
 
 # 1) Exchange for a long‑lived token (Instagram requires GET with access_token in query)
 #    Endpoint: GET https://graph.instagram.com/access_token
 #    Params: grant_type=ig_exchange_token, client_secret=APP_SECRET
 exchange = short_lived.get(
-  "/access_token",
+  "/access_token",
   params: {
-    grant_type: "ig_exchange_token",
-    client_secret: ENV["IG_APP_SECRET"],
+    grant_type: "ig_exchange_token",
+    client_secret: ENV["IG_APP_SECRET"],
     # access_token param will be added automatically by the AccessToken (mode => :query for GET)
   },
 )
-long_lived_token_value = exchange.parsed["access_token"]
+long_lived_token_value = exchange.parsed["access_token"]
 
 long_lived = OAuth2::AccessToken.new(
   client,
   long_lived_token_value,
-  mode: {get: :query, post: :header, delete: :header},
+  mode: :query, post: :header, delete: :header,
 )
 
 # 2) Refresh the long‑lived token (Instagram uses GET with token in query)
 #    Endpoint: GET https://graph.instagram.com/refresh_access_token
 refresh_resp = long_lived.get(
-  "/refresh_access_token",
-  params: {grant_type: "ig_refresh_token"},
+  "/refresh_access_token",
+  params: "ig_refresh_token",
 )
 long_lived = OAuth2::AccessToken.new(
   client,
-  refresh_resp.parsed["access_token"],
-  mode: {get: :query, post: :header, delete: :header},
+  refresh_resp.parsed["access_token"],
+  mode: :query, post: :header, delete: :header,
 )
 
 # 3) Typical API GET request (token in query automatically)
-me = long_lived.get("/me", params: {fields: "id,username"}).parsed
+me = long_lived.get("/me", params: "id,username").parsed
 
 # 4) Example POST (token sent via Bearer header automatically)
 # Note: Replace the path/params with a real Instagram Graph API POST you need,
 # such as publishing media via the Graph API endpoints.
-# long_lived.post("/me/media", body: {image_url: "https://...", caption: "hello"})
-
                            
+# long_lived.post("/me/media", body: "https://.../", caption: "hello")
+```
 
-
                            Tips:
                            
-
                              
-  
                            • Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
                              • 
-  
                            • If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
                              • 
-
                            
+Tips:
+- Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
+- If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
 
-
                            Refresh Tokens
                            
+### Refresh Tokens
 
-
                            When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
                            
+When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
 
-
                              
-  
                            • Manual refresh:
                              • 
-
                            
+- Manual refresh:
 
-
                            if access.expired?
+```ruby
+if access.expired?
   access = access.refresh
 end
-
                            
+```
 
-
                              
-  
                            • Auto-refresh wrapper pattern:
                              • 
-
                            
+- Auto-refresh wrapper pattern:
 
-
                            class AutoRefreshingToken
+```ruby
+class AutoRefreshingToken
   def initialize(token_provider, store: nil)
     @token = token_provider
     @store = store # e.g., something that responds to read/write for token data
@@ -1175,46 +1088,48 @@ 
                            Refresh Tokens
                            
 
 # usage
 keeper = AutoRefreshingToken.new(access)
-keeper.with { |tok| tok.get("/v1/protected") }
-
                            
+keeper.with { |tok| tok.get("/v1/protected") }
+```
 
-
                            Persist the token across processes using AccessToken#to_hash and AccessToken.from_hash(client, hash).
                            
+Persist the token across processes using `AccessToken#to_hash` and `AccessToken.from_hash(client, hash)`.
 
-
                            Token Revocation (RFC 7009)
                            
+### Token Revocation (RFC 7009)
 
-
                            You can revoke either the access token or the refresh token.
                            
+You can revoke either the access token or the refresh token.
 
-
                            # Revoke the current access token
+```ruby
+# Revoke the current access token
 access.revoke(token_type_hint: :access_token)
 
 # Or explicitly revoke the refresh token (often also invalidates associated access tokens)
 access.revoke(token_type_hint: :refresh_token)
-
                            
+```
 
-
                            Client Configuration Tips
                            
+### Client Configuration Tips
 
-
                            Mutual TLS (mTLS) client authentication
                            
+#### Mutual TLS (mTLS) client authentication
 
-
                            Some providers require OAuth requests (including the token request and subsequent API calls) to be sender‑constrained using mutual TLS (mTLS). With this gem, you enable mTLS by providing a client certificate/private key to Faraday via connection_opts.ssl and, if your provider requires it for client authentication, selecting the tls_client_auth auth_scheme.
                            
+Some providers require OAuth requests (including the token request and subsequent API calls) to be sender‑constrained using mutual TLS (mTLS). With this gem, you enable mTLS by providing a client certificate/private key to Faraday via connection_opts.ssl and, if your provider requires it for client authentication, selecting the tls_client_auth auth_scheme.
 
-
                            Example using PEM files (certificate and key):
                            
+Example using PEM files (certificate and key):
 
-
                            require "oauth2"
-require "openssl"
+```ruby
+require "oauth2"
+require "openssl"
 
 client = OAuth2::Client.new(
-  ENV.fetch("CLIENT_ID"),
-  ENV.fetch("CLIENT_SECRET"),
-  site: "https://example.com",
-  authorize_url: "/oauth/authorize/",
-  token_url: "/oauth/token/",
+  ENV.fetch("https://github.com/CLIENT_ID"),
+  ENV.fetch("https://github.com/CLIENT_SECRET"),
+  site: "https://example.com/",
+  authorize_url: "/oauth/authorize/",
+  token_url: "/oauth/token/",
   auth_scheme: :tls_client_auth, # if your AS requires mTLS-based client authentication
   connection_opts: {
     ssl: {
-      client_cert: OpenSSL::X509::Certificate.new(File.read("localhost.pem")),
-      client_key: OpenSSL::PKey::RSA.new(File.read("localhost-key.pem")),
+      client_cert: OpenSSL::X509::Certificate.new(File.read("localhost.pem")),
+      client_key: OpenSSL::PKey::RSA.new(File.read("localhost-key.pem")),
       # Optional extras, uncomment as needed:
-      # ca_file: "/path/to/ca-bundle.pem",   # custom CA(s)
+      # ca_file: "/path/to/ca-bundle.pem",   # custom CA(s)
       # verify: true                           # enable server cert verification (recommended)
     },
   },
@@ -1225,70 +1140,65 @@ 
                            Mutual TLS (mTLS) client authenti
 access = client.client_credentials.get_token
 
 # Subsequent resource requests will also use mTLS on HTTPS endpoints of `site`:
-resp = access.get("/v1/protected")
-
                            
-
-
                            Notes:
                            
-
                              
-  
                            • Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to OpenSSL::PKey::RSA.new(File.read(path), ENV[“KEY_PASSWORD”]).
                              • 
-  
                            • If your certificate and key are in a PKCS#12/PFX bundle, you can load them like:
-    
                                
-      
                              • p12 = OpenSSL::PKCS12.new(File.read(“client.p12”), ENV[“P12_PASSWORD”])
                                • 
-      
                              • client_cert = p12.certificate; client_key = p12.key
                                • 
-    
                              
-  
                              • 
-  
                            • Server trust:
-    
                                
-      
                              • If your environment does not have system CAs, specify ca_file or ca_path inside the ssl: hash.
                                • 
-      
                              • Keep verify: true in production. Set verify: false only for local testing.
                                • 
-    
                              
-  
                              • 
-  
                            • Faraday adapter: Any adapter that supports Ruby’s OpenSSL should work. net_http (default) and net_http_persistent are common choices.
                              • 
-  
                            • Scope of mTLS: The SSL client cert is applied to any HTTPS request made by this client (token and resource requests) to the configured site base URL (and absolute URLs you call with the same client).
                              • 
-  
                            • OIDC tie-in: Some OPs require tls_client_auth at the token endpoint per OIDC/OAuth specifications. That is enabled via auth_scheme: :tls_client_auth as shown above.
                              • 
-
                            
+resp = access.get("/v1/protected")
+```
 
-
                            Authentication schemes for the token request
                            
+Notes:
+- Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to OpenSSL::PKey::RSA.new(File.read(path), ENV["KEY_PASSWORD"]).
+- If your certificate and key are in a PKCS#12/PFX bundle, you can load them like:
+  - p12 = OpenSSL::PKCS12.new(File.read("client.p12"), ENV["P12_PASSWORD"])
+  - client_cert = p12.certificate; client_key = p12.key
+- Server trust:
+  - If your environment does not have system CAs, specify ca_file or ca_path inside the ssl: hash.
+  - Keep verify: true in production. Set verify: false only for local testing.
+- Faraday adapter: Any adapter that supports Ruby’s OpenSSL should work. net_http (default) and net_http_persistent are common choices.
+- Scope of mTLS: The SSL client cert is applied to any HTTPS request made by this client (token and resource requests) to the configured site base URL (and absolute URLs you call with the same client).
+- OIDC tie-in: Some OPs require tls_client_auth at the token endpoint per OIDC/OAuth specifications. That is enabled via auth_scheme: :tls_client_auth as shown above.
+
+#### Authentication schemes for the token request
 
-
                            OAuth2::Client.new(
+```ruby
+OAuth2::Client.new(
   id,
   secret,
-  site: "https://provider.example.com",
+  site: "https://provider.example.com/",
   auth_scheme: :basic_auth, # default. Alternatives: :request_body, :tls_client_auth, :private_key_jwt
 )
-
                            
+```
 
-
                            Faraday connection, timeouts, proxy, custom adapter/middleware:
                            
+#### Faraday connection, timeouts, proxy, custom adapter/middleware:
 
-
                            client = OAuth2::Client.new(
+```ruby
+client = OAuth2::Client.new(
   id,
   secret,
-  site: "https://provider.example.com",
+  site: "https://provider.example.com/",
   connection_opts: {
-    request: {open_timeout: 5, timeout: 15},
-    proxy: ENV["HTTPS_PROXY"],
-    ssl: {verify: true},
+    request: 5, timeout: 15,
+    proxy: ENV["HTTPS_PROXY"],
+    ssl: true,
   },
 ) do |faraday|
   faraday.request(:url_encoded)
   # faraday.response :logger, Logger.new($stdout) # see OAUTH_DEBUG below
   faraday.adapter(:net_http_persistent) # or any Faraday adapter you need
 end
-
                            
+```
 
-
                            Using flat query params (Faraday::FlatParamsEncoder)
                            
+##### Using flat query params (Faraday::FlatParamsEncoder)
 
-
                            Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
                            
+Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
 
-
                            require "faraday"
+```ruby
+require "faraday"
 
 client = OAuth2::Client.new(
   id,
   secret,
-  site: "https://api.example.com",
+  site: "https://api.example.com/",
   # Pass Faraday connection options to make FlatParamsEncoder the default
   connection_opts: {
-    request: {params_encoder: Faraday::FlatParamsEncoder},
+    request: Faraday::FlatParamsEncoder,
   },
 ) do |faraday|
   faraday.request(:url_encoded)
@@ -1300,197 +1210,181 @@ 
                            Using flat query param
 # Example of a GET with two flat filter params (not an array):
 # Results in: ?filter=order.clientCreatedTime%3E1445006997000&filter=order.clientCreatedTime%3C1445611797000
 resp = access.get(
-  "/v1/orders",
+  "/v1/orders",
   params: {
     # Provide the values as an array; FlatParamsEncoder expands them as repeated keys
     filter: [
-      "order.clientCreatedTime>1445006997000",
-      "order.clientCreatedTime<1445611797000",
+      "order.clientCreatedTime>1445006997000",
+      "order.clientCreatedTime<1445611797000",
     ],
   },
 )
-
                            
+```
 
-
                            If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:
                            
+If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:
 
-
                            conn = Faraday.new("https://api.example.com", request: {params_encoder: Faraday::FlatParamsEncoder})
-
                            
+```ruby
+conn = Faraday.new("https://api.example.com/", request: Faraday::FlatParamsEncoder)
+```
 
-
                            Redirection
                            
+#### Redirection
 
-
                            The library follows up to max_redirects (default 5).
                            
-You can override per-client via options[:max_redirects].
                            
+The library follows up to `max_redirects` (default 5).
+You can override per-client via `options[:max_redirects]`.
 
-
                            Handling Responses and Errors
                            
+### Handling Responses and Errors
 
-
                              
-  
                            • Parsing:
                              • 
-
                            
+- Parsing:
 
-
                            resp = access.get("/v1/thing")
+```ruby
+resp = access.get("/v1/thing")
 resp.status     # Integer
 resp.headers    # Hash
 resp.body       # String
 resp.parsed     # SnakyHash::StringKeyed or Array when JSON array
-
                            
+```
 
-
                              
-  
                            • Error handling:
                              • 
-
                            
+- Error handling:
 
-
                            begin
-  access.get("/v1/forbidden")
+```ruby
+begin
+  access.get("/v1/forbidden")
 rescue OAuth2::Error => e
   e.code         # OAuth2 error code (when present)
   e.description  # OAuth2 error description (when present)
   e.response     # OAuth2::Response (full access to status/headers/body)
 end
-
                            
+```
 
-
                              
-  
                            • Disable raising on 4xx/5xx to inspect the response yourself:
                              • 
-
                            
+- Disable raising on 4xx/5xx to inspect the response yourself:
 
-
                            client = OAuth2::Client.new(id, secret, site: site, raise_errors: false)
-res = client.request(:get, "/v1/maybe-errors")
+```ruby
+client = OAuth2::Client.new(id, secret, site: site, raise_errors: false)
+res = client.request(:get, "/v1/maybe-errors")
 if res.status == 429
-  sleep res.headers["retry-after"].to_i
+  sleep res.headers["retry-after"].to_i
 end
-
                            
+```
 
-
                            Making Raw Token Requests
                            
+### Making Raw Token Requests
 
-
                            If a provider requires non-standard parameters or headers, you can call client.get_token directly:
                            
+If a provider requires non-standard parameters or headers, you can call `client.get_token` directly:
 
-
                            access = client.get_token({
-  grant_type: "client_credentials",
-  audience: "https://api.example.com",
-  headers: {"X-Custom" => "value"},
+```ruby
+access = client.get_token({
+  grant_type: "client_credentials",
+  audience: "https://api.example.com/",
+  headers: => "value",
   parse: :json, # override parsing
 })
-
                            
+```
 
-
                            OpenID Connect (OIDC) Notes
                            
+### OpenID Connect (OIDC) Notes
 
-
                              
-  
                            • If the token response includes an id_token (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider’s JWKs to verify it.
                              • 
-  
                            • For private_key_jwt client authentication, provide auth_scheme: :private_key_jwt and ensure your key configuration matches the provider requirements.
                              • 
-  
                            • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
                              • 
-
                            
+- If the token response includes an `id_token` (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider's JWKs to verify it.
+- For private_key_jwt client authentication, provide `auth_scheme: :private_key_jwt` and ensure your key configuration matches the provider requirements.
+- See [OIDC.md](OIDC.md) for a more complete OIDC overview, example, and links to the relevant specifications.
 
-
                            Debugging
                            
+### Debugging
 
-
                              
-  
                            • Set environment variable OAUTH_DEBUG=true to enable verbose Faraday logging (uses the client-provided logger).
                              • 
-  
                            • To mirror a working curl request, ensure you set the same auth scheme, params, and content type. The Quick Example at the top shows a curl-to-ruby translation.
                              • 
-
                            
+- Set environment variable `OAUTH_DEBUG=true` to enable verbose Faraday logging (uses the client-provided logger).
+- To mirror a working curl request, ensure you set the same auth scheme, params, and content type. The Quick Example at the top shows a curl-to-ruby translation.
 
-
                            
+---
 
-
                            🦷 FLOSS Funding
                            
+## 🦷 FLOSS Funding
 
-
                            While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding.
                            
-Raising a monthly budget of… “dollars” would make the project more sustainable.
                            
+While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding.
+Raising a monthly budget of... "dollars" would make the project more sustainable.
 
-
                            We welcome both individual and corporate sponsors! We also offer a
                            
-wide array of funding channels to account for your preferences
                            
-(although currently Open Collective is our preferred funding platform).
                            
+We welcome both individual and corporate sponsors! We also offer a
+wide array of funding channels to account for your preferences
+(although currently [Open Collective][🖇osc] is our preferred funding platform).
 
-
                            If you’re working in a company that’s making significant use of ruby-oauth tools we’d
                            
-appreciate it if you suggest to your company to become a ruby-oauth sponsor.
                            
+**If you're working in a company that's making significant use of ruby-oauth tools we'd
+appreciate it if you suggest to your company to become a ruby-oauth sponsor.**
 
-
                            You can support the development of ruby-oauth tools via
                            
-GitHub Sponsors,
                            
-Liberapay,
                            
-PayPal,
                            
-Open Collective
                            
-and Tidelift.
                            
+You can support the development of ruby-oauth tools via
+[GitHub Sponsors][🖇sponsor],
+[Liberapay][⛳liberapay],
+[PayPal][🖇paypal],
+[Open Collective][🖇osc]
+and [Tidelift][🏙️entsup-tidelift].
 
-
-  
-    
-      
-    
-  
-  
-    
-      
-    
-  
-
                            📍 NOTE
                            If doing a sponsorship in the form of donation is problematic for your company 
                             from an accounting standpoint, we’d recommend the use of Tidelift, 
                             where you can get a support-like subscription instead.
                            
+| 📍 NOTE                                                                                                                                                                                                              |
+|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| If doing a sponsorship in the form of donation is problematic for your company 
                             from an accounting standpoint, we'd recommend the use of Tidelift, 
                             where you can get a support-like subscription instead. |
 
-
                            Open Collective for Individuals
                            
+### Open Collective for Individuals
 
 
-
                            No backers yet. Be the first!
                            
-
                            
+No backers yet. Be the first!
+
 
-
                            Support us with a monthly donation and help us continue our activities. [Become a backer]
                            
+Support us with a monthly donation and help us continue our activities. [[Become a backer](https://opencollective.com/ruby-oauth#backer)]
 
-
                            Open Collective for Organizations
                            
+### Open Collective for Organizations
 
 
-
                            No sponsors yet. Be the first!
                            
-
                            
+No sponsors yet. Be the first!
+
 
-
                            Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
                            
+Become a sponsor and get your logo on our README on GitHub with a link to your site. [[Become a sponsor](https://opencollective.com/ruby-oauth#sponsor)]
 
-
                            Another way to support open-source
                            
+### Another way to support open-source
 
-
                            
-  
                            How wonderful it is that nobody need wait a single moment before starting to improve the world.

                            
-—Anne Frank
                            
-
                            
+> How wonderful it is that nobody need wait a single moment before starting to improve the world.
                            
+>—Anne Frank
 
-
                            I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions — totaling 79 hours of FLOSS coding over just the past seven days, a pretty regular week for me.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
                            
+I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions — totaling 79 hours of FLOSS coding over just the past seven days, a pretty regular week for me.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
 
-
                            If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.
                            
+If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in `bundle fund`.
 
-
                            I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.
                            
+I’m developing a new library, [floss_funding][🖇floss-funding-gem], designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.
 
-
                            Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags
                            
+**[Floss-Funding.dev][🖇floss-funding.dev]: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags**
 
-
                            OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                            
+[![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
 
-
                            🔐 Security
                            
+## 🔐 Security
 
-
                            To report a security vulnerability, please use the Tidelift security contact.
                            
-Tidelift will coordinate the fix and disclosure.
                            
+To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
+Tidelift will coordinate the fix and disclosure.
 
-
                            For more see SECURITY.md.
                            
+For more see [SECURITY.md][🔐security].
 
-
                            🤝 Contributing
                            
+## 🤝 Contributing
 
-
                            If you need some ideas of where to help, you could work on adding more code coverage,
                            
-or if it is already 💯 (see below) check reek, issues, or PRs,
                            
-or use the gem and think about how it could be better.
                            
+If you need some ideas of where to help, you could work on adding more code coverage,
+or if it is already 💯 (see [below](#code-coverage)) check [reek](REEK), [issues][🤝gh-issues], or [PRs][🤝gh-pulls],
+or use the gem and think about how it could be better.
 
-
                            We Keep A Changelog so if you make changes, remember to update it.
                            
+We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you make changes, remember to update it.
 
-
                            See CONTRIBUTING.md for more detailed instructions.
                            
+See [CONTRIBUTING.md][🤝contributing] for more detailed instructions.
 
-
                            🚀 Release Instructions
                            
+### 🚀 Release Instructions
 
-
                            See CONTRIBUTING.md.
                            
+See [CONTRIBUTING.md][🤝contributing].
 
-
                            Code Coverage
                            
+### Code Coverage
 
-
                            Coveralls Test Coverage
                            
+[![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]
 
-
                            QLTY Test Coverage
                            
+[![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov]
 
-
                            🪇 Code of Conduct
                            
+### 🪇 Code of Conduct
 
-
                            Everyone interacting with this project’s codebases, issue trackers,
                            
-chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
                            
+Everyone interacting with this project's codebases, issue trackers,
+chat rooms and mailing lists agrees to follow the [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct].
 
-
                            🌈 Contributors
                            
+## 🌈 Contributors
 
-
                            Contributors
                            
+[![Contributors][🖐contributors-img]][🖐contributors]
 
-
                            Made with contributors-img.
                            
+Made with [contributors-img][🖐contrib-rocks].
 
-
                            Also see GitLab Contributors: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main
                            
+Also see GitLab Contributors: [https://gitlab.com/ruby-oauth/oauth2/-/graphs/main][🚎contributors-gl]
 
 
                            
     ⭐️ Star History
@@ -1505,28 +1399,27 @@ 
                            🌈 Contributors
                            
 
 
                            
 
-
                            📌 Versioning
                            
+## 📌 Versioning
 
-
                            This Library adheres to Semantic Versioning 2.0.0.
                            
-Violations of this scheme should be reported as bugs.
                            
-Specifically, if a minor or patch version is released that breaks backward compatibility,
                            
-a new version should be immediately released that restores compatibility.
                            
-Breaking changes to the public API will only be introduced with new major versions.
                            
+This Library adheres to [![Semantic Versioning 2.0.0][📌semver-img]][📌semver].
+Violations of this scheme should be reported as bugs.
+Specifically, if a minor or patch version is released that breaks backward compatibility,
+a new version should be immediately released that restores compatibility.
+Breaking changes to the public API will only be introduced with new major versions.
 
-
                            
-  
                            dropping support for a platform is both obviously and objectively a breaking change 

                            
-—Jordan Harband (@ljharb, maintainer of SemVer) in SemVer issue 716
                            
-
                            
+> dropping support for a platform is both obviously and objectively a breaking change 
                            
+>—Jordan Harband ([@ljharb](https://github.com/ljharb), maintainer of SemVer) [in SemVer issue 716][📌semver-breaking]
 
-
                            I understand that policy doesn’t work universally (“exceptions to every rule!”),
                            
-but it is the policy here.
                            
-As such, in many cases it is good to specify a dependency on this library using
                            
-the Pessimistic Version Constraint with two digits of precision.
                            
+I understand that policy doesn't work universally ("exceptions to every rule!"),
+but it is the policy here.
+As such, in many cases it is good to specify a dependency on this library using
+the [Pessimistic Version Constraint][📌pvc] with two digits of precision.
 
-
                            For example:
                            
+For example:
 
-
                            spec.add_dependency("oauth2", "~> 2.0")
-
                            
+```ruby
+spec.add_dependency("oauth2", "~> 2.0")
+```
 
 
                            
 📌 Is "Platform Support" part of the public API? More details inside.
@@ -1542,15 +1435,15 @@ 
                            📌 Versioning
                            
 
 
                            
 
-
                            See CHANGELOG.md for a list of releases.
                            
+See [CHANGELOG.md][📌changelog] for a list of releases.
 
-
                            📄 License
                            
+## 📄 License
 
-
                            The gem is available as open source under the terms of
                            
-the MIT License License: MIT.
                            
-See LICENSE.txt for the official Copyright Notice.
                            
+The gem is available as open source under the terms of
+the [MIT License][📄license] [![License: MIT][📄license-img]][📄license-ref].
+See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright-notice-explainer].
 
-
                            © Copyright
                            
+### © Copyright
 
 
                              
     
                            • 
@@ -1567,26 +1460,233 @@ 
                              © Copyright
                              
     
                              • 
 
                            
 
-
                            🤑 A request for help
                            
-
-
                            Maintainers have teeth and need to pay their dentists.
                            
-After getting laid off in an RIF in March and filled with many dozens of rejections,
                            
-I’m now spending ~60+ hours a week building open source tools.
                            
-I’m hoping to be able to pay for my kids’ health insurance this month,
                            
-so if you value the work I am doing, I need your support.
                            
-Please consider sponsoring me or the project.
                            
-
-
                            To join the community or get help 👇️ Join the Discord.
                            
-
-
                            Live Chat on Discord
                            
-
-
                            To say “thanks!” ☝️ Join the Discord or 👇️ send money.
                            
-
-
                            Sponsor ruby-oauth/oauth2 on Open Source Collective 💌 Sponsor me on GitHub Sponsors 💌 Sponsor me on Liberapay 💌 Donate on PayPal
                            
-
-
                            Please give the project a star ⭐ ♥.
                            
-
-
                            Thanks for RTFM. ☺️
                            
+## 🤑 A request for help
+
+Maintainers have teeth and need to pay their dentists.
+After getting laid off in an RIF in March and filled with many dozens of rejections,
+I'm now spending ~60+ hours a week building open source tools.
+I'm hoping to be able to pay for my kids' health insurance this month,
+so if you value the work I am doing, I need your support.
+Please consider sponsoring me or the project.
+
+To join the community or get help 👇️ Join the Discord.
+
+[![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite]
+
+To say "thanks!" ☝️ Join the Discord or 👇️ send money.
+
+[![Sponsor ruby-oauth/oauth2 on Open Source Collective][🖇osc-all-bottom-img]][🖇osc] 💌 [![Sponsor me on GitHub Sponsors][🖇sponsor-bottom-img]][🖇sponsor] 💌 [![Sponsor me on Liberapay][⛳liberapay-bottom-img]][⛳liberapay-img] 💌 [![Donate on PayPal][🖇paypal-bottom-img]][🖇paypal-img]
+
+### Please give the project a star ⭐ ♥.
+
+Thanks for RTFM. ☺️
+
+[⛳liberapay-img]: https://img.shields.io/liberapay/goal/pboling.svg?logo=liberapay&color=a51611&style=flat
+[⛳liberapay-bottom-img]: https://img.shields.io/liberapay/goal/pboling.svg?style=for-the-badge&logo=liberapay&color=a51611
+[⛳liberapay]: https://liberapay.com/pboling/donate
+[🖇osc-all-img]: https://img.shields.io/opencollective/all/ruby-oauth
+[🖇osc-sponsors-img]: https://img.shields.io/opencollective/sponsors/ruby-oauth
+[🖇osc-backers-img]: https://img.shields.io/opencollective/backers/ruby-oauth
+[🖇osc-backers]: https://opencollective.com/ruby-oauth#backer
+[🖇osc-backers-i]: https://opencollective.com/ruby-oauth/backers/badge.svg?style=flat
+[🖇osc-sponsors]: https://opencollective.com/ruby-oauth#sponsor
+[🖇osc-sponsors-i]: https://opencollective.com/ruby-oauth/sponsors/badge.svg?style=flat
+[🖇osc-all-bottom-img]: https://img.shields.io/opencollective/all/ruby-oauth?style=for-the-badge
+[🖇osc-sponsors-bottom-img]: https://img.shields.io/opencollective/sponsors/ruby-oauth?style=for-the-badge
+[🖇osc-backers-bottom-img]: https://img.shields.io/opencollective/backers/ruby-oauth?style=for-the-badge
+[🖇osc]: https://opencollective.com/ruby-oauth
+[🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github
+[🖇sponsor-bottom-img]: https://img.shields.io/badge/Sponsor_Me!-pboling-blue?style=for-the-badge&logo=github
+[🖇sponsor]: https://github.com/sponsors/pboling
+[🖇polar-img]: https://img.shields.io/badge/polar-donate-a51611.svg?style=flat
+[🖇polar]: https://polar.sh/pboling
+[🖇kofi-img]: https://img.shields.io/badge/ko--fi-%E2%9C%93-a51611.svg?style=flat
+[🖇kofi]: https://ko-fi.com/O5O86SNP4
+[🖇patreon-img]: https://img.shields.io/badge/patreon-donate-a51611.svg?style=flat
+[🖇patreon]: https://patreon.com/galtzo
+[🖇buyme-small-img]: https://img.shields.io/badge/buy_me_a_coffee-%E2%9C%93-a51611.svg?style=flat
+[🖇buyme-img]: https://img.buymeacoffee.com/button-api/?text=Buy%20me%20a%20latte&emoji=&slug=pboling&button_colour=FFDD00&font_colour=000000&font_family=Cookie&outline_colour=000000&coffee_colour=ffffff
+[🖇buyme]: https://www.buymeacoffee.com/pboling
+[🖇paypal-img]: https://img.shields.io/badge/donate-paypal-a51611.svg?style=flat&logo=paypal
+[🖇paypal-bottom-img]: https://img.shields.io/badge/donate-paypal-a51611.svg?style=for-the-badge&logo=paypal&color=0A0A0A
+[🖇paypal]: https://www.paypal.com/paypalme/peterboling
+[🖇floss-funding.dev]: https://floss-funding.dev
+[🖇floss-funding-gem]: https://github.com/galtzo-floss/floss_funding
+[✉️discord-invite]: https://discord.gg/3qme4XHNKN
+[✉️discord-invite-img-ftb]: https://img.shields.io/discord/1373797679469170758?style=for-the-badge&logo=discord
+[✉️ruby-friends-img]: https://img.shields.io/badge/daily.dev-%F0%9F%92%8E_Ruby_Friends-0A0A0A?style=for-the-badge&logo=dailydotdev&logoColor=white
+[✉️ruby-friends]: https://app.daily.dev/squads/rubyfriends
+
+[⛳gg-discussions]: https://groups.google.com/g/oauth-ruby
+[⛳gg-discussions-img]: https://img.shields.io/badge/google-group-0093D0.svg?style=for-the-badge&logo=google&logoColor=orange
+
+[✇bundle-group-pattern]: https://gist.github.com/pboling/4564780
+[⛳️gem-namespace]: https://github.com/ruby-oauth/oauth2
+[⛳️namespace-img]: https://img.shields.io/badge/namespace-OAuth2-3C2D2D.svg?style=square&logo=ruby&logoColor=white
+[⛳️gem-name]: https://rubygems.org/gems/oauth2
+[⛳️name-img]: https://img.shields.io/badge/name-oauth2-3C2D2D.svg?style=square&logo=rubygems&logoColor=red
+[⛳️tag-img]: https://img.shields.io/github/tag/ruby-oauth/oauth2.svg
+[⛳️tag]: http://github.com/ruby-oauth/oauth2/releases
+[🚂maint-blog]: http://www.railsbling.com/tags/oauth2
+[🚂maint-blog-img]: https://img.shields.io/badge/blog-railsbling-0093D0.svg?style=for-the-badge&logo=rubyonrails&logoColor=orange
+[🚂maint-contact]: http://www.railsbling.com/contact
+[🚂maint-contact-img]: https://img.shields.io/badge/Contact-Maintainer-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red
+[💖🖇linkedin]: http://www.linkedin.com/in/peterboling
+[💖🖇linkedin-img]: https://img.shields.io/badge/PeterBoling-LinkedIn-0B66C2?style=flat&logo=newjapanprowrestling
+[💖✌️wellfound]: https://wellfound.com/u/peter-boling
+[💖✌️wellfound-img]: https://img.shields.io/badge/peter--boling-orange?style=flat&logo=wellfound
+[💖💲crunchbase]: https://www.crunchbase.com/person/peter-boling
+[💖💲crunchbase-img]: https://img.shields.io/badge/peter--boling-purple?style=flat&logo=crunchbase
+[💖🐘ruby-mast]: https://ruby.social/@galtzo
+[💖🐘ruby-mast-img]: https://img.shields.io/mastodon/follow/109447111526622197?domain=https://ruby.social&style=flat&logo=mastodon&label=Ruby%20@galtzo
+[💖🦋bluesky]: https://bsky.app/profile/galtzo.com
+[💖🦋bluesky-img]: https://img.shields.io/badge/@galtzo.com-0285FF?style=flat&logo=bluesky&logoColor=white
+[💖🌳linktree]: https://linktr.ee/galtzo
+[💖🌳linktree-img]: https://img.shields.io/badge/galtzo-purple?style=flat&logo=linktree
+[💖💁🏼‍♂️devto]: https://dev.to/galtzo
+[💖💁🏼‍♂️devto-img]: https://img.shields.io/badge/dev.to-0A0A0A?style=flat&logo=devdotto&logoColor=white
+[💖💁🏼‍♂️aboutme]: https://about.me/peter.boling
+[💖💁🏼‍♂️aboutme-img]: https://img.shields.io/badge/about.me-0A0A0A?style=flat&logo=aboutme&logoColor=white
+[💖🧊berg]: https://codeberg.org/pboling
+[💖🐙hub]: https://github.org/pboling
+[💖🛖hut]: https://sr.ht/~galtzo/
+[💖🧪lab]: https://gitlab.com/pboling
+[👨🏼‍🏫expsup-upwork]: https://www.upwork.com/freelancers/~014942e9b056abdf86?mp_source=share
+[👨🏼‍🏫expsup-upwork-img]: https://img.shields.io/badge/UpWork-13544E?style=for-the-badge&logo=Upwork&logoColor=white
+[👨🏼‍🏫expsup-codementor]: https://www.codementor.io/peterboling?utm_source=github&utm_medium=button&utm_term=peterboling&utm_campaign=github
+[👨🏼‍🏫expsup-codementor-img]: https://img.shields.io/badge/CodeMentor-Get_Help-1abc9c?style=for-the-badge&logo=CodeMentor&logoColor=white
+[🏙️entsup-tidelift]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=readme
+[🏙️entsup-tidelift-img]: https://img.shields.io/badge/Tidelift_and_Sonar-Enterprise_Support-FD3456?style=for-the-badge&logo=sonar&logoColor=white
+[🏙️entsup-tidelift-sonar]: https://blog.tidelift.com/tidelift-joins-sonar
+[💁🏼‍♂️peterboling]: http://www.peterboling.com
+[🚂railsbling]: http://www.railsbling.com
+[📜src-gl-img]: https://img.shields.io/badge/GitLab-FBA326?style=for-the-badge&logo=Gitlab&logoColor=orange
+[📜src-gl]: https://gitlab.com/ruby-oauth/oauth2/
+[📜src-cb-img]: https://img.shields.io/badge/CodeBerg-4893CC?style=for-the-badge&logo=CodeBerg&logoColor=blue
+[📜src-cb]: https://codeberg.org/ruby-oauth/oauth2
+[📜src-gh-img]: https://img.shields.io/badge/GitHub-238636?style=for-the-badge&logo=Github&logoColor=green
+[📜src-gh]: https://github.com/ruby-oauth/oauth2
+[📜docs-cr-rd-img]: https://img.shields.io/badge/RubyDoc-Current_Release-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
+[📜docs-head-rd-img]: https://img.shields.io/badge/YARD_on_Galtzo.com-HEAD-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
+[📜wiki]: https://gitlab.com/ruby-oauth/oauth2/-/wikis/home
+[📜wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=Wiki&logoColor=white
+[👽dl-rank]: https://rubygems.org/gems/oauth2
+[👽dl-ranki]: https://img.shields.io/gem/rd/oauth2.svg
+[👽oss-help]: https://www.codetriage.com/ruby-oauth/oauth2
+[👽oss-helpi]: https://www.codetriage.com/ruby-oauth/oauth2/badges/users.svg
+[👽version]: https://rubygems.org/gems/oauth2
+[👽versioni]: https://img.shields.io/gem/v/oauth2.svg
+[🔑qlty-mnt]: https://qlty.sh/gh/ruby-oauth/projects/oauth2
+[🔑qlty-mnti]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/maintainability.svg
+[🔑qlty-cov]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/metrics/code?sort=coverageRating
+[🔑qlty-covi]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/coverage.svg
+[🔑codecov]: https://codecov.io/gh/ruby-oauth/oauth2
+[🔑codecovi]: https://codecov.io/gh/ruby-oauth/oauth2/graph/badge.svg
+[🔑coveralls]: https://coveralls.io/github/ruby-oauth/oauth2?branch=main
+[🔑coveralls-img]: https://coveralls.io/repos/github/ruby-oauth/oauth2/badge.svg?branch=main
+[🖐codeQL]: https://github.com/ruby-oauth/oauth2/security/code-scanning
+[🖐codeQL-img]: https://github.com/ruby-oauth/oauth2/actions/workflows/codeql-analysis.yml/badge.svg
+[🚎1-an-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/ancient.yml
+[🚎1-an-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/ancient.yml/badge.svg
+[🚎2-cov-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/coverage.yml
+[🚎2-cov-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/coverage.yml/badge.svg
+[🚎3-hd-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/heads.yml
+[🚎3-hd-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/heads.yml/badge.svg
+[🚎4-lg-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/legacy.yml
+[🚎4-lg-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/legacy.yml/badge.svg
+[🚎5-st-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/style.yml
+[🚎5-st-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/style.yml/badge.svg
+[🚎6-s-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/supported.yml
+[🚎6-s-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/supported.yml/badge.svg
+[🚎7-us-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/unsupported.yml
+[🚎7-us-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/unsupported.yml/badge.svg
+[🚎8-ho-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/hoary.yml
+[🚎8-ho-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/hoary.yml/badge.svg
+[🚎9-t-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/truffle.yml
+[🚎9-t-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/truffle.yml/badge.svg
+[🚎10-j-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/jruby.yml
+[🚎10-j-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/jruby.yml/badge.svg
+[🚎11-c-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/current.yml
+[🚎11-c-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/current.yml/badge.svg
+[🚎12-crh-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/dep-heads.yml
+[🚎12-crh-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/dep-heads.yml/badge.svg
+[🚎13-cbs-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/caboose.yml
+[🚎13-cbs-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/caboose.yml/badge.svg
+[🚎13-🔒️-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/locked_deps.yml
+[🚎13-🔒️-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/locked_deps.yml/badge.svg
+[🚎14-🔓️-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/unlocked_deps.yml
+[🚎14-🔓️-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/unlocked_deps.yml/badge.svg
+[🚎15-🪪-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/license-eye.yml
+[🚎15-🪪-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/license-eye.yml/badge.svg
+[💎ruby-2.2i]: https://img.shields.io/badge/Ruby-2.2_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-2.3i]: https://img.shields.io/badge/Ruby-2.3-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-2.4i]: https://img.shields.io/badge/Ruby-2.4-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-2.5i]: https://img.shields.io/badge/Ruby-2.5-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-2.6i]: https://img.shields.io/badge/Ruby-2.6-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-2.7i]: https://img.shields.io/badge/Ruby-2.7-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-3.0i]: https://img.shields.io/badge/Ruby-3.0-CC342D?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-3.1i]: https://img.shields.io/badge/Ruby-3.1-CC342D?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-3.2i]: https://img.shields.io/badge/Ruby-3.2-CC342D?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-3.3i]: https://img.shields.io/badge/Ruby-3.3-CC342D?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-c-i]: https://img.shields.io/badge/Ruby-current-CC342D?style=for-the-badge&logo=ruby&logoColor=green
+[💎ruby-headi]: https://img.shields.io/badge/Ruby-HEAD-CC342D?style=for-the-badge&logo=ruby&logoColor=blue
+[💎truby-22.3i]: https://img.shields.io/badge/Truffle_Ruby-22.3_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=pink
+[💎truby-23.0i]: https://img.shields.io/badge/Truffle_Ruby-23.0_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=pink
+[💎truby-23.1i]: https://img.shields.io/badge/Truffle_Ruby-23.1-34BCB1?style=for-the-badge&logo=ruby&logoColor=pink
+[💎truby-c-i]: https://img.shields.io/badge/Truffle_Ruby-current-34BCB1?style=for-the-badge&logo=ruby&logoColor=green
+[💎truby-headi]: https://img.shields.io/badge/Truffle_Ruby-HEAD-34BCB1?style=for-the-badge&logo=ruby&logoColor=blue
+[💎jruby-9.1i]: https://img.shields.io/badge/JRuby-9.1_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=red
+[💎jruby-9.2i]: https://img.shields.io/badge/JRuby-9.2_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=red
+[💎jruby-9.3i]: https://img.shields.io/badge/JRuby-9.3_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=red
+[💎jruby-9.4i]: https://img.shields.io/badge/JRuby-9.4-FBE742?style=for-the-badge&logo=ruby&logoColor=red
+[💎jruby-c-i]: https://img.shields.io/badge/JRuby-current-FBE742?style=for-the-badge&logo=ruby&logoColor=green
+[💎jruby-headi]: https://img.shields.io/badge/JRuby-HEAD-FBE742?style=for-the-badge&logo=ruby&logoColor=blue
+[🤝gh-issues]: https://github.com/ruby-oauth/oauth2/issues
+[🤝gh-pulls]: https://github.com/ruby-oauth/oauth2/pulls
+[🤝gl-issues]: https://gitlab.com/ruby-oauth/oauth2/-/issues
+[🤝gl-pulls]: https://gitlab.com/ruby-oauth/oauth2/-/merge_requests
+[🤝cb-issues]: https://codeberg.org/ruby-oauth/oauth2/issues
+[🤝cb-pulls]: https://codeberg.org/ruby-oauth/oauth2/pulls
+[🤝cb-donate]: https://donate.codeberg.org/
+[🤝contributing]: CONTRIBUTING.md
+[🔑codecov-g]: https://codecov.io/gh/ruby-oauth/oauth2/graphs/tree.svg
+[🖐contrib-rocks]: https://contrib.rocks
+[🖐contributors]: https://github.com/ruby-oauth/oauth2/graphs/contributors
+[🖐contributors-img]: https://contrib.rocks/image?repo=ruby-oauth/oauth2
+[🚎contributors-gl]: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main
+[🪇conduct]: CODE_OF_CONDUCT.md
+[🪇conduct-img]: https://img.shields.io/badge/Contributor_Covenant-2.1-259D6C.svg
+[📌pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint
+[📌semver]: https://semver.org/spec/v2.0.0.html
+[📌semver-img]: https://img.shields.io/badge/semver-2.0.0-259D6C.svg?style=flat
+[📌semver-breaking]: https://github.com/semver/semver/issues/716#issuecomment-869336139
+[📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html
+[📌changelog]: CHANGELOG.md
+[📗keep-changelog]: https://keepachangelog.com/en/1.0.0/
+[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-34495e.svg?style=flat
+[📌gitmoji]:https://gitmoji.dev
+[📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
+[🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.409-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🔐security]: SECURITY.md
+[🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
+[📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
+[📄license]: LICENSE.txt
+[📄license-ref]: https://opensource.org/licenses/MIT
+[📄license-img]: https://img.shields.io/badge/License-MIT-259D6C.svg
+[📄license-compat]: https://dev.to/galtzo/how-to-check-license-compatibility-41h0
+[📄license-compat-img]: https://img.shields.io/badge/Apache_Compatible:_Category_A-%E2%9C%93-259D6C.svg?style=flat&logo=Apache
+[📄ilo-declaration]: https://www.ilo.org/declaration/lang--en/index.htm
+[📄ilo-declaration-img]: https://img.shields.io/badge/ILO_Fundamental_Principles-✓-259D6C.svg?style=flat
+[🚎yard-current]: http://rubydoc.info/gems/oauth2
+[🚎yard-head]: https://oauth2.galtzo.com
+[💎stone_checksums]: https://github.com/galtzo-floss/stone_checksums
+[💎SHA_checksums]: https://gitlab.com/ruby-oauth/oauth2/-/tree/main/checksums
+[💎rlts]: https://github.com/rubocop-lts/rubocop-lts
+[💎rlts-img]: https://img.shields.io/badge/code_style_&_linting-rubocop--lts-34495e.svg?plastic&logo=ruby&logoColor=white
+[💎appraisal2]: https://github.com/appraisal-rb/appraisal2
+[💎appraisal2-img]: https://img.shields.io/badge/appraised_by-appraisal2-34495e.svg?plastic&logo=ruby&logoColor=white
+[💎d-in-dvcs]: https://railsbling.com/posts/dvcs/put_the_d_in_dvcs/
 
 
                            
   
@@ -1598,6 +1698,7 @@ 
                            Please give the project a star ⭐ ♥
 
 
                            
 
+
 
                            
   Broken badges
 
@@ -1605,10 +1706,11 @@ 
                            Please give the project a star ⭐ ♥
 [![CodeCov Test Coverage][🔑codecovi]][🔑codecov]
 
 
                            
+
                            
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 9204eaf4..e564502f 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                            Defined Under Namespace
                            
 
 
       
diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb
index 7d7683c0..3ca2be9e 100644
--- a/lib/oauth2/version.rb
+++ b/lib/oauth2/version.rb
@@ -2,6 +2,6 @@
 
 module OAuth2
   module Version
-    VERSION = "2.0.15"
+    VERSION = "2.0.16"
   end
 end

From b517202966275fda6097ec077ed2684327df43d0 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 14 Sep 2025 15:14:09 -0600
Subject: [PATCH 583/645] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20Checksums=20for?=
 =?UTF-8?q?=20v2.0.16?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

⚡️ A message from a fellow meat-based-AI ⚡️
- [❤️] Finely-crafted open-source tools like oauth2 (& many more) are a full-time endeavor.
- [❤️] Though I adore my work, it lacks financial sustainability.
- [❤️] Please, help me continue enhancing your tools by becoming a sponsor:
  - [💲] https://liberapay.com/pboling/donate
  - [💲] https://github.com/sponsors/pboling
---
 checksums/oauth2-2.0.16.gem.sha256 | 1 +
 checksums/oauth2-2.0.16.gem.sha512 | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 checksums/oauth2-2.0.16.gem.sha256
 create mode 100644 checksums/oauth2-2.0.16.gem.sha512

diff --git a/checksums/oauth2-2.0.16.gem.sha256 b/checksums/oauth2-2.0.16.gem.sha256
new file mode 100644
index 00000000..71c6c586
--- /dev/null
+++ b/checksums/oauth2-2.0.16.gem.sha256
@@ -0,0 +1 @@
+b45ce8b22e4c198ad372d6ba99134633a83c35aae365addbead0db27948f4294
\ No newline at end of file
diff --git a/checksums/oauth2-2.0.16.gem.sha512 b/checksums/oauth2-2.0.16.gem.sha512
new file mode 100644
index 00000000..80c78a90
--- /dev/null
+++ b/checksums/oauth2-2.0.16.gem.sha512
@@ -0,0 +1 @@
+49788bf25c3afcc08171f92c3c8a21b4bcd322aae0834f69ae77c08963f54be6c9155588ca66f82022af897ddd0bf28b0c5ee254bc9fe533d1a37b1d52f409be
\ No newline at end of file

From ba0a74f7a3c55b9ee570a3593dfcf9712159fe9e Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 14 Sep 2025 17:03:42 -0600
Subject: [PATCH 584/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typos?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8d33c60a..e403b3ec 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -30,7 +30,7 @@ Please file a bug if you notice a violation of semantic versioning.
 - BRANCH COVERAGE: 86.49% -- 64/74 branches in 14 files
 - 90.48% documented
 ### Added
-- [gh!680—][gh!680]E2E example using mock test server added in v2.0.11 by @pboling
+- [gh!680][gh!680] - E2E example using mock test server added in v2.0.11 by @pboling
   - mock-oauth2-server upgraded to v2.3.0
     - https://github.com/navikt/mock-oauth2-server
   - `docker compose -f docker-compose-ssl.yml up -d --wait`
@@ -43,6 +43,7 @@ Please file a bug if you notice a violation of semantic versioning.
 - [gh!678][gh!678] - Many improvements to make CI more resilient (past/future proof) by @pboling
 - [gh!681][gh!681] - Upgrade to kettle-dev v1.1.19
 ### Security
+
 [gh!676]: https://github.com/ruby-oauth/oauth2/pull/676
 [gh!678]: https://github.com/ruby-oauth/oauth2/pull/678
 [gh!679]: https://github.com/ruby-oauth/oauth2/pull/679

From 6f58bd9f381276a9b56633bb209f9bdc110606cd Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sun, 14 Sep 2025 17:09:47 -0600
Subject: [PATCH 585/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typos?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e403b3ec..dd6ce912 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -42,7 +42,6 @@ Please file a bug if you notice a violation of semantic versioning.
 ### Changed
 - [gh!678][gh!678] - Many improvements to make CI more resilient (past/future proof) by @pboling
 - [gh!681][gh!681] - Upgrade to kettle-dev v1.1.19
-### Security
 
 [gh!676]: https://github.com/ruby-oauth/oauth2/pull/676
 [gh!678]: https://github.com/ruby-oauth/oauth2/pull/678
@@ -68,7 +67,6 @@ Please file a bug if you notice a violation of semantic versioning.
 ### Fixed
 - Remove accidentally duplicated lines, and fix typos in CHANGELOG.md
 - point badge to the correct workflow for Ruby 2.3 (caboose.yml)
-### Security
 
 [gh!669]: https://github.com/ruby-oauth/oauth2/pull/669
 [gh!670]: https://github.com/ruby-oauth/oauth2/pull/670

From ff67d0f6486ad04f2d88eade98f978963f495e49 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 15 Sep 2025 03:10:09 -0600
Subject: [PATCH 586/645] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typos=20in?=
 =?UTF-8?q?=20CHANGELOG.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dd6ce912..9e615f86 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,8 +26,8 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ## [2.0.16] - 2025-09-14
 - TAG: [v2.0.16][2.0.16t]
-- COVERAGE: 96.33% -- 394/409 lines in 14 files
-- BRANCH COVERAGE: 86.49% -- 64/74 branches in 14 files
+- COVERAGE: 100.00% -- 520/520 lines in 14 files
+- BRANCH COVERAGE: 100.00% -- 176/176 branches in 14 files
 - 90.48% documented
 ### Added
 - [gh!680][gh!680] - E2E example using mock test server added in v2.0.11 by @pboling
@@ -554,7 +554,9 @@ Please file a bug if you notice a violation of semantic versioning.
 
 [gemfiles/readme]: gemfiles/README.md
 
-[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.16...HEAD
+[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.17...HEAD
+[2.0.17]: https://github.com/ruby-oauth/oauth2/compare/v2.0.16...v2.0.17
+[2.0.17t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.17
 [2.0.16]: https://github.com/ruby-oauth/oauth2/compare/v2.0.15...v2.0.16
 [2.0.16t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.16
 [2.0.15]: https://github.com/ruby-oauth/oauth2/compare/v2.0.14...v2.0.15

From c3255d2204f35ea7f36b9f8e9a6468a78a119a6d Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 15 Sep 2025 06:47:05 -0600
Subject: [PATCH 587/645] =?UTF-8?q?=E2=9C=A8=20HTTP=20verb-dependent=20Has?=
 =?UTF-8?q?h=20mode?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- implements https://github.com/ruby-oauth/oauth2/issues/682
---
 .idea/oauth2.iml                              |  26 +--
 .rubocop_gradual.lock                         |  10 +-
 CHANGELOG.md                                  |   1 +
 Gemfile.lock                                  |   8 +-
 Rakefile                                      |   2 +-
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  | 159 ++++++++++--------
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   4 +-
 docs/_index.html                              |  20 ++-
 docs/file.CHANGELOG.html                      |  34 ++--
 docs/file.CITATION.html                       |   2 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           |   2 +-
 docs/file.README.html                         |   2 +-
 docs/file.REEK.html                           |   2 +-
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   2 +-
 docs/file.access_token.html                   |   4 +-
 docs/file.authenticator.html                  |   2 +-
 docs/file.client.html                         |   2 +-
 docs/file.error.html                          |   2 +-
 docs/file.filtered_attributes.html            |   2 +-
 docs/file.oauth2-2.0.10.gem.html              |   2 +-
 docs/file.oauth2-2.0.11.gem.html              |   2 +-
 docs/file.oauth2-2.0.12.gem.html              |   2 +-
 docs/file.oauth2-2.0.13.gem.html              |   2 +-
 docs/file.oauth2-2.0.14.gem.html              |   2 +-
 docs/file.oauth2-2.0.15.gem.html              |   2 +-
 docs/file.oauth2-2.0.16.gem.html              |  71 ++++++++
 docs/file.oauth2.html                         |   2 +-
 docs/file.response.html                       |   2 +-
 docs/file.strategy.html                       |   2 +-
 docs/file.version.html                        |   2 +-
 docs/file_list.html                           |  22 ++-
 docs/index.html                               |   2 +-
 docs/top-level-namespace.html                 |   2 +-
 gemfiles/modular/injected.gemfile             |   2 +-
 lib/oauth2/access_token.rb                    |  22 ++-
 oauth2.gemspec                                |   2 +-
 sig/oauth2/access_token.rbs                   |   2 +-
 spec/oauth2/access_token_spec.rb              |  30 ++++
 57 files changed, 325 insertions(+), 174 deletions(-)
 create mode 100644 docs/file.oauth2-2.0.16.gem.html

diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index 046be677..f48115c5 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -24,9 +24,10 @@
     
     
     
-    
+    
     
     
+    
     
     
     
@@ -45,12 +46,13 @@
     
     
     
+    
     
     
     
     
     
-    
+    
     
     
     
@@ -62,26 +64,26 @@
     
     
     
-    
+    
     
     
     
     
     
-    
+    
     
     
     
     
     
     
-    
+    
     
     
-    
+    
     
     
-    
+    
     
     
     
@@ -91,7 +93,7 @@
     
     
     
-    
+    
     
     
     
@@ -116,7 +118,7 @@
     
     
     
-    
+    
     
     
     
@@ -126,10 +128,12 @@
     
     
     
-    
-    
+    
+    
     
+    
     
+    
     
     
     
diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index 6bf6e50c..9a28e666 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -6,7 +6,7 @@
   "lib/oauth2.rb:2435263975": [
     [73, 11, 7, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 651502127]
   ],
-  "lib/oauth2/access_token.rb:3678262936": [
+  "lib/oauth2/access_token.rb:707681139": [
     [64, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513],
     [70, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513]
   ],
@@ -21,11 +21,11 @@
   "lib/oauth2/response.rb:2054901929": [
     [53, 5, 204, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 996912427]
   ],
-  "spec/oauth2/access_token_spec.rb:3464059918": [
+  "spec/oauth2/access_token_spec.rb:3152504592": [
     [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/access_token*_spec.rb`.", 1972107547],
-    [824, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088],
-    [894, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639],
-    [898, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967]
+    [854, 13, 25, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 770233088],
+    [924, 9, 101, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3022740639],
+    [928, 9, 79, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2507338967]
   ],
   "spec/oauth2/authenticator_spec.rb:853320290": [
     [3, 1, 36, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/authenticator*_spec.rb`.", 819808017],
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9e615f86..9090ef40 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ## [Unreleased]
 ### Added
+- [gh!682][gh!682] - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., {get: :query, post: :header})
 ### Changed
 ### Deprecated
 ### Removed
diff --git a/Gemfile.lock b/Gemfile.lock
index 6cbdc7f5..086329d9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -103,7 +103,7 @@ GEM
     json (2.13.2)
     jwt (3.1.2)
       base64
-    kettle-dev (1.1.19)
+    kettle-dev (1.1.20)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)
@@ -135,7 +135,7 @@ GEM
     net-http (0.6.0)
       uri
     nkf (0.2.0)
-    nokogiri (1.18.9-x86_64-linux-gnu)
+    nokogiri (1.18.10-x86_64-linux-gnu)
       racc (~> 1.4)
     ostruct (0.6.3)
     parallel (1.27.0)
@@ -165,7 +165,7 @@ GEM
       parser (~> 3.3.0)
       rainbow (>= 2.0, < 4.0)
       rexml (~> 3.1)
-    regexp_parser (2.11.2)
+    regexp_parser (2.11.3)
     reline (0.6.2)
       io-console (~> 0.5)
     require_bench (1.0.4)
@@ -336,7 +336,7 @@ DEPENDENCIES
   gem_bench (~> 2.0, >= 2.0.5)
   gitmoji-regex (~> 1.0, >= 1.0.3)
   irb (~> 1.15, >= 1.15.2)
-  kettle-dev (~> 1.1, >= 1.1.9)
+  kettle-dev (~> 1.1, >= 1.1.20)
   kettle-soup-cover (~> 1.0, >= 1.0.10)
   kettle-test (~> 1.0)
   kramdown (~> 2.5, >= 2.5.1)
diff --git a/Rakefile b/Rakefile
index 4f67de12..2ed315ed 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# kettle-dev Rakefile v1.1.9 - 2025-09-07
+# kettle-dev Rakefile v1.1.20 - 2025-09-15
 # Ruby 2.3 (Safe Navigation) or higher required
 #
 # MIT License (see License.txt)
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 4b450b6b..35030b1b 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                            
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 0959f022..4ad8d27d 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -843,7 +843,19 @@ 
                            
   
 
 
                            
-  
                            Parameters:
                            
+  
+  
                            
+    
                            Examples:
                            
+    
+      
+        
                            Verb-dependent Hash mode
                            
+
                            
+      
+      
                            # Send token in query for GET, in header for POST/DELETE, in body for PUT/PATCH
+OAuth2::AccessToken.new(client, token, mode: {get: :query, post: :header, delete: :header, put: :body, patch: :body})
                            
+    
+  
                            
+
                            Parameters:
                            
 
                              
   
     
                            • 
@@ -967,7 +979,7 @@ 
                              
       
         
                            • 
           :mode
-          (Symbol or callable)
+          (Symbol, Hash, or callable)
           
             
               — default:
@@ -976,7 +988,8 @@ 
                              the transmission mode of the Access Token parameter value:
                              
-either one of :header, :body or :query, or a callable that accepts a request-verb parameter
                              
+either one of :header, :body or :query; or a Hash with verb symbols as keys mapping to one of these symbols
                              
+(e.g., :query, post: :header, delete: :header); or a callable that accepts a request-verb parameter
                              
 and returns one of these three symbols.
                              
 
                              
           
@@ -1039,11 +1052,6 @@ 
                              
       
                               
 
-143
-144
-145
-146
-147
 148
 149
 150
@@ -1072,10 +1080,15 @@ 
                              
 173
 174
 175
-176
                              
+176
+177
+178
+179
+180
+181
            • 
     
            		
     
-      
            # File 'lib/oauth2/access_token.rb', line 143
+      
            # File 'lib/oauth2/access_token.rb', line 148
 
 def initialize(client, token, opts = {})
   @client = client
@@ -1936,12 +1949,12 @@ 
            
       
             
 
-181
-182
-183
            
+186
+187
+188
            
     
            		
     
-      
            # File 'lib/oauth2/access_token.rb', line 181
+      
            # File 'lib/oauth2/access_token.rb', line 186
 
 def [](key)
   @params[key]
@@ -1983,12 +1996,12 @@ 
            
       
             
 
-363
-364
-365
            
+368
+369
+370
            
     
            		
     
-      
            # File 'lib/oauth2/access_token.rb', line 363
+      
            # File 'lib/oauth2/access_token.rb', line 368
 
 def delete(path, opts = {}, &block)
   request(:delete, path, opts, &block)
@@ -2040,12 +2053,12 @@ 
            
       
             
 
-195
-196
-197
            
+200
+201
+202
            
     
            		
     
-      
            # File 'lib/oauth2/access_token.rb', line 195
+      
            # File 'lib/oauth2/access_token.rb', line 200
 
 def expired?
   expires? && (expires_at <= Time.now.to_i)
@@ -2093,12 +2106,12 @@ 
            
       
             
 
-188
-189
-190
            
+193
+194
+195
            
     
            		
     
-      
            # File 'lib/oauth2/access_token.rb', line 188
+      
            # File 'lib/oauth2/access_token.rb', line 193
 
 def expires?
   !!@expires_at
@@ -2140,12 +2153,12 @@ 
            
       
             
 
-335
-336
-337
            
+340
+341
+342
            
     
            		
     
-      
            # File 'lib/oauth2/access_token.rb', line 335
+      
            # File 'lib/oauth2/access_token.rb', line 340
 
 def get(path, opts = {}, &block)
   request(:get, path, opts, &block)
@@ -2180,12 +2193,12 @@ 
            
       
             
 
-368
-369
-370
            
+373
+374
+375
            
     
            		
     
-      
            # File 'lib/oauth2/access_token.rb', line 368
+      
            # File 'lib/oauth2/access_token.rb', line 373
 
 def headers
   {"Authorization" => options[:header_format] % token}
@@ -2227,12 +2240,12 @@ 
            
       
             
 
-356
-357
-358
            
+361
+362
+363
            
     
            		
     
-      
            # File 'lib/oauth2/access_token.rb', line 356
+      
            # File 'lib/oauth2/access_token.rb', line 361
 
 def patch(path, opts = {}, &block)
   request(:patch, path, opts, &block)
@@ -2274,12 +2287,12 @@ 
            
       
             
 
-342
-343
-344
            
+347
+348
+349
            
     
            		
     
-      
            # File 'lib/oauth2/access_token.rb', line 342
+      
            # File 'lib/oauth2/access_token.rb', line 347
 
 def post(path, opts = {}, &block)
   request(:post, path, opts, &block)
@@ -2321,12 +2334,12 @@ 
            
       
             
 
-349
-350
-351
            
+354
+355
+356
            
     
            		
     
-      
            # File 'lib/oauth2/access_token.rb', line 349
+      
            # File 'lib/oauth2/access_token.rb', line 354
 
 def put(path, opts = {}, &block)
   request(:put, path, opts, &block)
@@ -2476,11 +2489,6 @@ 
            
       
             
 
-210
-211
-212
-213
-214
 215
 216
 217
@@ -2489,10 +2497,15 @@ 
            
 220
 221
 222
-223
            
+223
+224
+225
+226
+227
+228
            
     
            		
     
-      
            # File 'lib/oauth2/access_token.rb', line 210
+      
            # File 'lib/oauth2/access_token.rb', line 215
 
 def refresh(params = {}, access_token_opts = {}, &block)
   raise OAuth2::Error.new({error: "A refresh_token is not available"}) unless refresh_token
@@ -2698,13 +2711,13 @@ 
            
       
             
 
-327
-328
-329
-330
            
+332
+333
+334
+335
            
     
            		
     
-      
            # File 'lib/oauth2/access_token.rb', line 327
+      
            # File 'lib/oauth2/access_token.rb', line 332
 
 def request(verb, path, opts = {}, &block)
   configure_authentication!(opts, verb)
@@ -2912,11 +2925,6 @@ 
            
       
             
 
-259
-260
-261
-262
-263
 264
 265
 266
@@ -2936,10 +2944,15 @@ 
            
 280
 281
 282
-283
            
+283
+284
+285
+286
+287
+288
            
     
            		
     
-      
            # File 'lib/oauth2/access_token.rb', line 259
+      
            # File 'lib/oauth2/access_token.rb', line 264
 
 def revoke(params = {}, &block)
   token_type_hint_orig = params.delete(:token_type_hint)
@@ -3020,11 +3033,6 @@ 
            
       
             
 
-293
-294
-295
-296
-297
 298
 299
 300
@@ -3037,10 +3045,15 @@ 
            
 307
 308
 309
-310
            
+310
+311
+312
+313
+314
+315
            
     
            		
     
-      
            # File 'lib/oauth2/access_token.rb', line 293
+      
            # File 'lib/oauth2/access_token.rb', line 298
 
 def to_hash
   hsh = {
@@ -3070,7 +3083,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 2811778b..06a3780b 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index e10bd0d2..cf8a2109 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 03bf44dd..3223d649 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index eefb4838..99681638 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 7a84acda..1034b9d6 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 3fcf55e8..2a990f03 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 887831eb..8df5ae01 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
            Defined Under Namespace
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 5d2e432c..e6a76aef 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index a0372b1e..2e13d4a2 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 54f983c2..2337082c 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index a2309451..b73dc3b5 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index ebfff816..018ccd79 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 002f5975..59655175 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 31e00a4b..ec489e73 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -95,7 +95,7 @@ 
            
         
            VERSION =
           
         
            
-        
            "2.0.16"
            
+        
            "2.0.17"
            
       
     
   
@@ -111,7 +111,7 @@ 
            
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 59056025..cdfdf40c 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -108,22 +108,28 @@ 
            File Listing
            
     
          • oauth2-2.0.15.gem
            • 
     
   
-    
          • oauth2-2.0.10.gem
            • 
+    
          • oauth2-2.0.16.gem
            • 
     
   
-    
          • oauth2-2.0.11.gem
            • 
+    
          • oauth2-2.0.10.gem
            • 
     
   
-    
          • oauth2-2.0.12.gem
            • 
+    
          • oauth2-2.0.11.gem
            • 
     
   
-    
          • oauth2-2.0.13.gem
            • 
+    
          • oauth2-2.0.12.gem
            • 
     
   
-    
          • oauth2-2.0.14.gem
            • 
+    
          • oauth2-2.0.13.gem
            • 
     
   
-    
          • oauth2-2.0.15.gem
            • 
+    
          • oauth2-2.0.14.gem
            • 
+    
+  
+    
          • oauth2-2.0.15.gem
            • 
+    
+  
+    
          • oauth2-2.0.16.gem
            • 
     
   
     
          • REEK
            • 
@@ -378,7 +384,7 @@ 
            Namespace Listing A-Z
            
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index ba516ac9..1efddcb6 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -68,26 +68,30 @@
 and yes, platform and engine support are part of the public API.
            
 Please file a bug if you notice a violation of semantic versioning.
            
 
-
            Unreleased
            
+
            Unreleased
            
 
            Added
            
-
            Changed
            
-
            Deprecated
            
-
            Removed
            
-
            Fixed
            
-
            Security
            
+
              
+  
            • [gh!682][gh!682] - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., :query, post: :header)
+    
              Changed
              
+    
              Deprecated
              
+    
              Removed
              
+    
              Fixed
              
+    
              Security
              
+  
              • 
+
            
 
 
            
 2.0.16 - 2025-09-14
            
 
              
   
            • TAG: v2.0.16
 
              • 
-  
            • COVERAGE: 96.33% – 394/409 lines in 14 files
              • 
-  
            • BRANCH COVERAGE: 86.49% – 64/74 branches in 14 files
              • 
+  
            • COVERAGE: 100.00% – 520/520 lines in 14 files
              • 
+  
            • BRANCH COVERAGE: 100.00% – 176/176 branches in 14 files
              • 
   
            • 90.48% documented
     
              Added
              
   
              • 
   
            • 
-gh!680—E2E example using mock test server added in v2.0.11 by @pboling
+gh!680 - E2E example using mock test server added in v2.0.11 by @pboling
     
                
       
              • mock-oauth2-server upgraded to v2.3.0
         
                  
@@ -108,9 +112,7 @@ 
                  Changed
                  
   
                • 
 gh!678 - Many improvements to make CI more resilient (past/future proof) by @pboling
                  • 
   
                • 
-gh!681 - Upgrade to kettle-dev v1.1.19
-    
                  Security
                  
-  
                  • 
+gh!681 - Upgrade to kettle-dev v1.1.19
 
                
 
 
                
@@ -145,9 +147,7 @@ 
                Changed
                
     
                Fixed
                
   
                • 
   
              • Remove accidentally duplicated lines, and fix typos in CHANGELOG.md
                • 
-  
              • point badge to the correct workflow for Ruby 2.3 (caboose.yml)
-    
                Security
                
-  
                • 
+  
              • point badge to the correct workflow for Ruby 2.3 (caboose.yml)
                • 
 
              
 
 
              
@@ -221,7 +221,7 @@ 
              Fixed
              
   
              • 
   
            • 
 gh!660 - Links in README (including link to HEAD documentation) by @pboling
-    
              Security
              
+    
              Security
              
   
              • 
 
            
 
@@ -1075,7 +1075,7 @@ 
            
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 2daada60..8522f684 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 9fa48115..85888e80 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
            Attribution
            
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 0ef50d99..b92d1a33 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -308,7 +308,7 @@ 
            Manual process
            
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index ee89d91e..e0e83e3c 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
            Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 752c9ba5..f2be648d 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
            MIT License

            Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
            Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

            Permission is hereby granted, free of charge, to any person obtaining a copy
            of this software and associated documentation files (the "Software"), to deal
            in the Software without restriction, including without limitation the rights
            to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
            copies of the Software, and to permit persons to whom the Software is
            furnished to do so, subject to the following conditions:

            The above copyright notice and this permission notice shall be included in all
            copies or substantial portions of the Software.

            THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
            IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
            FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
            AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
            LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
            OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
            SOFTWARE.
            
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index f7006e65..870ca548 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
            Raw OIDC with ruby-oauth/oauth2
            
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 42db0a14..f34dcba6 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -1710,7 +1710,7 @@ 
            Quick Examples
            
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index eeff2052..87098180 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index b6fd3e2c..f98a5f49 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
            Benefits of rubocop_gradual
            
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index d7bfa31a..d55f9de7 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -91,7 +91,7 @@ 
            Additional Support
            
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 8f66685b..810c5256 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -76,7 +76,7 @@
 def patch: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
 def delete: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
 def headers: () -> Hash[String, String]
-def configure_authentication!: (Hash[Symbol, untyped]) -> void
+def configure_authentication!: (Hash[Symbol, untyped], Symbol) -> void
 def convert_expires_at: (untyped) -> (Time | Integer | nil)
 
 attr_accessor response: OAuth2::Response   end end
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index b741b4b3..ce3ec189 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index 1d7ab7da..77bfa097 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index 66755543..fe09eac2 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index 41f8a684..dd951683 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index ef9bf350..7b492fbb 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index 48ee4fb8..e71744f2 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index 578e1dca..cbb0a54c 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index 1abda5d5..d03ad420 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
index 8ac8b38c..92d61d7f 100644
--- a/docs/file.oauth2-2.0.14.gem.html
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.15.gem.html b/docs/file.oauth2-2.0.15.gem.html
index 90e30eea..7cef8418 100644
--- a/docs/file.oauth2-2.0.15.gem.html
+++ b/docs/file.oauth2-2.0.15.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.16.gem.html b/docs/file.oauth2-2.0.16.gem.html
new file mode 100644
index 00000000..51df38f1
--- /dev/null
+++ b/docs/file.oauth2-2.0.16.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.16.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
            
+      
+      
            
+    
            
+
+    
            
+      
+
+      
            49788bf25c3afcc08171f92c3c8a21b4bcd322aae0834f69ae77c08963f54be6c9155588ca66f82022af897ddd0bf28b0c5ee254bc9fe533d1a37b1d52f409be
            
+
            
+
+      
+
+    
            
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index d17d9115..c454b754 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index 34c124d3..82446338 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 6f85354c..56bb0e5d 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index 687d19aa..564a96c6 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index c384e86b..ef094c1a 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -127,36 +127,46 @@ 
            File List
            
   
   
 
-  
          • 
+  
          • 
+    
            oauth2-2.0.16.gem
            
+  
            • 
+  
+
+  
          • 
     
            oauth2-2.0.10.gem
            
   
            • 
   
 
-  
          • 
+  
          • 
     
            oauth2-2.0.11.gem
            
   
            • 
   
 
-  
          • 
+  
          • 
     
            oauth2-2.0.12.gem
            
   
            • 
   
 
-  
          • 
+  
          • 
     
            oauth2-2.0.13.gem
            
   
            • 
   
 
-  
          • 
+  
          • 
     
            oauth2-2.0.14.gem
            
   
            • 
   
 
-  
          • 
+  
          • 
     
            oauth2-2.0.15.gem
            
   
            • 
   
 
+  
          • 
+    
            oauth2-2.0.16.gem
            
+  
            • 
+  
+
   
          • 
     
            REEK
            
   
            • 
diff --git a/docs/index.html b/docs/index.html
index edf6033d..c2dd905b 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1710,7 +1710,7 @@ 
            Quick Examples
            
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index e564502f..3352ccfe 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
            Defined Under Namespace
            
 
 
       
diff --git a/gemfiles/modular/injected.gemfile b/gemfiles/modular/injected.gemfile
index 0b5f8fa7..175b724a 100644
--- a/gemfiles/modular/injected.gemfile
+++ b/gemfiles/modular/injected.gemfile
@@ -2,7 +2,7 @@
 #       visibility and discoverability on RubyGems.org.
 #       However, this gem sits underneath all my other gems, and also "depends on" many of them.
 #       So instead of depending on them directly it injects them into the other gem's gemspec on install.
-#       This gem its injected dev dependencies, will install on Ruby down to 2.3.x.
+#       This gem, and its injected dev dependencies, will install on Ruby down to 2.3.x.
 #       This gem does not inject runtime dependencies.
 #       Thus, dev dependencies injected into gemspecs must have
 #
diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb
index e598d110..c428c019 100644
--- a/lib/oauth2/access_token.rb
+++ b/lib/oauth2/access_token.rb
@@ -132,10 +132,15 @@ def no_tokens_warning(hash, key)
     # @option opts [FixNum, String] :expires_in (nil) the number of seconds in which the AccessToken will expire
     # @option opts [FixNum, String] :expires_at (nil) the epoch time in seconds in which AccessToken will expire
     # @option opts [FixNum, String] :expires_latency (nil) the number of seconds by which AccessToken validity will be reduced to offset latency, @version 2.0+
-    # @option opts [Symbol or callable] :mode (:header) the transmission mode of the Access Token parameter value:
-    #    either one of :header, :body or :query, or a callable that accepts a request-verb parameter
+    # @option opts [Symbol, Hash, or callable] :mode (:header) the transmission mode of the Access Token parameter value:
+    #    either one of :header, :body or :query; or a Hash with verb symbols as keys mapping to one of these symbols
+    #    (e.g., {get: :query, post: :header, delete: :header}); or a callable that accepts a request-verb parameter
     #    and returns one of these three symbols.
     # @option opts [String] :header_format ('Bearer %s') the string format to use for the Authorization header
+    #
+    # @example Verb-dependent Hash mode
+    #   # Send token in query for GET, in header for POST/DELETE, in body for PUT/PATCH
+    #   OAuth2::AccessToken.new(client, token, mode: {get: :query, post: :header, delete: :header, put: :body, patch: :body})
     # @option opts [String] :param_name ('access_token') the parameter name to use for transmission of the
     #    Access Token value in :body or :query transmission mode
     # @option opts [String] :token_name (nil) the name of the response parameter that identifies the access token
@@ -372,7 +377,18 @@ def headers
   private
 
     def configure_authentication!(opts, verb)
-      mode = options[:mode].respond_to?(:call) ? options[:mode].call(verb) : options[:mode]
+      mode_opt = options[:mode]
+      mode =
+        if mode_opt.respond_to?(:call)
+          mode_opt.call(verb)
+        elsif mode_opt.is_a?(Hash)
+          key = verb.to_sym
+          # Try symbol key first, then string key; default to :header when missing
+          mode_opt[key] || mode_opt[key.to_s] || :header
+        else
+          mode_opt
+        end
+
       case mode
       when :header
         opts[:headers] ||= {}
diff --git a/oauth2.gemspec b/oauth2.gemspec
index b3358902..471e279a 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -153,7 +153,7 @@ Thanks, @pboling / @galtzo
   spec.add_development_dependency("rexml", "~> 3.2", ">= 3.2.5")        # ruby >= 0
 
   # Dev, Test, & Release Tasks
-  spec.add_development_dependency("kettle-dev", "~> 1.1", ">= 1.1.9")   # ruby >= 2.3
+  spec.add_development_dependency("kettle-dev", "~> 1.1", ">= 1.1.20")              # ruby >= 2.3.0
 
   # Security
   spec.add_development_dependency("bundler-audit", "~> 0.9.2")                      # ruby >= 2.0.0
diff --git a/sig/oauth2/access_token.rbs b/sig/oauth2/access_token.rbs
index f2e414e9..06779891 100644
--- a/sig/oauth2/access_token.rbs
+++ b/sig/oauth2/access_token.rbs
@@ -17,7 +17,7 @@ module OAuth2
     def patch: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
     def delete: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
     def headers: () -> Hash[String, String]
-    def configure_authentication!: (Hash[Symbol, untyped]) -> void
+    def configure_authentication!: (Hash[Symbol, untyped], Symbol) -> void
     def convert_expires_at: (untyped) -> (Time | Integer | nil)
 
     attr_accessor response: OAuth2::Response
diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb
index 2234b2cd..97f9a706 100644
--- a/spec/oauth2/access_token_spec.rb
+++ b/spec/oauth2/access_token_spec.rb
@@ -446,6 +446,36 @@ def assert_initialized_token(target)
         end
       end
 
+      context "with verb-dependent Hash mode" do
+        let(:mode_hash) do
+          {get: :query, post: :header, delete: :header, put: :body, patch: :body}
+        end
+        let(:options) { {mode: mode_hash} }
+
+        VERBS.each do |verb|
+          it "correctly handles a #{verb.to_s.upcase} via Hash" do
+            expected = mode_hash[verb] || :header
+            expect(subject.__send__(verb, "/token/#{expected}").body).to include(token)
+          end
+        end
+
+        context "with fallback to :header for missing key" do
+          let(:mode_hash) { {get: :query} }
+
+          it "defaults POST to header when not specified" do
+            expect(subject.post("/token/header").body).to include(token)
+          end
+        end
+
+        context "when invalid value" do
+          let(:mode_hash) { {get: "foobar"} }
+
+          it "raises an error for invalid mapping" do
+            expect { subject.get("/token/foobar") }.to raise_error("invalid :mode option of foobar")
+          end
+        end
+      end
+
       context "with client.options[:raise_errors] = false" do
         let(:options) { {raise_errors: false} }
 

From 60cb3b80a56c1baa15638f9df87be7db457814af Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 15 Sep 2025 16:55:30 -0600
Subject: [PATCH 588/645] =?UTF-8?q?=F0=9F=8E=A8=20kettle-dev=20v1.1.20=20r?=
 =?UTF-8?q?e-template?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .env.local.example   |   2 +-
 .junie/guidelines.md |   5 +-
 CHANGELOG.md         | 139 ++++++++++++++++++++++++++++++++++++++++++-
 Gemfile.lock         |   2 +-
 README.md            |  30 +++++-----
 oauth2.gemspec       |   2 +-
 6 files changed, 161 insertions(+), 19 deletions(-)

diff --git a/.env.local.example b/.env.local.example
index dd5423f9..7729745d 100644
--- a/.env.local.example
+++ b/.env.local.example
@@ -10,7 +10,7 @@ export FLOSS_FUNDING_DEBUG=false # extra logging to help diagnose issues (overri
 export AUTOGEN_FIXTURE_CLEANUP=false # autogenerated gem fixture cleanup after every RSpec run
 export GIT_HOOK_FOOTER_APPEND=false
 export GIT_HOOK_FOOTER_APPEND_DEBUG=false
-export GIT_HOOK_FOOTER_SENTINEL="⚡️ A message from a fellow meat-based-AI ⚡️"
+export GIT_HOOK_FOOTER_SENTINEL="⚡️ A message from a fellow meat-based-AI"
 
 # Tokens used by ci:act and CI helpers for reading workflow/pipeline status via APIs
 # GitHub (either GITHUB_TOKEN or GH_TOKEN will be used; fine-grained recommended)
diff --git a/.junie/guidelines.md b/.junie/guidelines.md
index ca783b2d..c62d3bd4 100644
--- a/.junie/guidelines.md
+++ b/.junie/guidelines.md
@@ -90,10 +90,13 @@ This document captures project-specific knowledge to streamline setup, testing,
   - If your code relies on environment variables that drive activation (see "Activation env vars" below), prefer using rspec-stubbed_env:
     - it does not support stubbing with blocks, but it does automatically clean up after itself.
     - outside the example:
+      ```ruby
       include_context 'with stubbed env'
+      ```
     - in a before hook, or in an example:
+      ```ruby
       stub_env("FLOSS_FUNDING_MY_NS" => "Free-as-in-beer")
-      # example code continues
+      ```
   - If your spec needs to assert on console output, tag it with :check_output. By default, STDOUT is silenced.
   - Use Timecop for deterministic time-sensitive behavior as needed (require config/timecop is already done by spec_helper).
 
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9090ef40..f32483d3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,20 +17,30 @@ Please file a bug if you notice a violation of semantic versioning.
 [📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-FFDD67.svg?style=flat
 
 ## [Unreleased]
+
 ### Added
+
 - [gh!682][gh!682] - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., {get: :query, post: :header})
+
 ### Changed
+
 ### Deprecated
+
 ### Removed
+
 ### Fixed
+
 ### Security
 
 ## [2.0.16] - 2025-09-14
+
 - TAG: [v2.0.16][2.0.16t]
 - COVERAGE: 100.00% -- 520/520 lines in 14 files
 - BRANCH COVERAGE: 100.00% -- 176/176 branches in 14 files
 - 90.48% documented
+
 ### Added
+
 - [gh!680][gh!680] - E2E example using mock test server added in v2.0.11 by @pboling
   - mock-oauth2-server upgraded to v2.3.0
     - https://github.com/navikt/mock-oauth2-server
@@ -40,7 +50,9 @@ Please file a bug if you notice a violation of semantic versioning.
   - mock server readiness wait is 90s
   - override via E2E_WAIT_TIMEOUT
 - [gh!676][gh!676], [gh!679][gh!679] - Apache SkyWalking Eyes dependency license check by @pboling
+
 ### Changed
+
 - [gh!678][gh!678] - Many improvements to make CI more resilient (past/future proof) by @pboling
 - [gh!681][gh!681] - Upgrade to kettle-dev v1.1.19
 
@@ -51,11 +63,14 @@ Please file a bug if you notice a violation of semantic versioning.
 [gh!681]: https://github.com/ruby-oauth/oauth2/pull/681
 
 ## [2.0.15] - 2025-09-08
+
 - TAG: [v2.0.15][2.0.15t]
 - COVERAGE: 100.00% -- 519/519 lines in 14 files
 - BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files
 - 90.48% documented
+
 ### Added
+
 - [gh!671][gh!671] - Complete documentation example for Instagram by @pboling
 - .env.local.example for contributor happiness
 - note lack of builds for JRuby 9.2, 9.3 & Truffleruby 22.3, 23.0
@@ -63,9 +78,13 @@ Please file a bug if you notice a violation of semantic versioning.
   - [community/discussions/15452][GHA-allow-failure]
 - [gh!670][gh!670] - AccessToken: verb-dependent token transmission mode by @mrj
   - e.g., Instagram GET=:query, POST/DELETE=:header
+
 ### Changed
+
 - [gh!669][gh!669] - Upgrade to kettle-dev v1.1.9 by @pboling
+
 ### Fixed
+
 - Remove accidentally duplicated lines, and fix typos in CHANGELOG.md
 - point badge to the correct workflow for Ruby 2.3 (caboose.yml)
 
@@ -76,11 +95,14 @@ Please file a bug if you notice a violation of semantic versioning.
 [GHA-allow-failure]: https://github.com/orgs/community/discussions/15452
 
 ## [2.0.14] - 2025-08-31
+
 - TAG: [v2.0.14][2.0.14t]
 - COVERAGE: 100.00% -- 519/519 lines in 14 files
 - BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files
 - 90.48% documented
+
 ### Added
+
 - improved documentation by @pboling
 - [gh!665][gh!665] - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
 - [gh!666][gh!666] - Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling
@@ -103,11 +125,14 @@ Please file a bug if you notice a violation of semantic versioning.
 [gh!666]: https://github.com/ruby-oauth/oauth2/pull/666
 
 ## [2.0.13] - 2025-08-30
+
 - TAG: [v2.0.13][2.0.13t]
 - COVERAGE: 100.00% -- 519/519 lines in 14 files
 - BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files
 - 90.48% documented
+
 ### Added
+
 - [gh!656][gh!656] - Support revocation with URL-encoded parameters
 - [gh!660][gh!660] - Inline yard documentation by @pboling
 - [gh!660][gh!660] - Complete RBS types documentation by @pboling
@@ -115,11 +140,16 @@ Please file a bug if you notice a violation of semantic versioning.
 - [gh!657][gh!657] - Updated documentation for org-rename by @pboling
 - More funding links by @Aboling0
 - Documentation: Added docs/OIDC.md with OIDC 1.0 overview, example, and references
+
 ### Changed
+
 - Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
 - [gh!660][gh!660] - Shrink post-install message by 4 lines by @pboling
+
 ### Fixed
+
 - [gh!660][gh!660] - Links in README (including link to HEAD documentation) by @pboling
+
 ### Security
 
 [gh!660]: https://github.com/ruby-oauth/oauth2/pull/660
@@ -127,31 +157,40 @@ Please file a bug if you notice a violation of semantic versioning.
 [gh!656]: https://github.com/ruby-oauth/oauth2/pull/656
 
 ## [2.0.12] - 2025-05-31
+
 - TAG: [v2.0.12][2.0.12t]
 - Line Coverage: 100.0% (520 / 520)
 - Branch Coverage: 100.0% (174 / 174)
 - 80.00% documented
+
 ### Added
+
 - [gh!652][gh!652] - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
     - Support JWT `kid` for key discovery and management
 - More Documentation by @pboling
     - Documented Serialization Extensions
     - Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
 - Documentation site @ https://oauth2.galtzo.com now complete
+
 ### Changed
+
 - Updates to gemspec (email, funding url, post install message)
+
 ### Fixed
-- Documentation Typos by @pboling
 
+- Documentation Typos by @pboling
 
 [gh!652]: https://github.com/ruby-oauth/oauth2/pull/652
 
 ## [2.0.11] - 2025-05-23
+
 - TAG: [v2.0.11][2.0.11t]
 - COVERAGE: 100.00% -- 518/518 lines in 14 files
 - BRANCH COVERAGE: 100.00% -- 172/172 branches in 14 files
 - 80.00% documented
+
 ### Added
+
 - [gh!651](https://github.com/ruby-oauth/oauth2/pull/651) - `:snaky_hash_klass` option (@pboling)
 - More documentation
 - Codeberg as ethical mirror (@pboling)
@@ -165,20 +204,27 @@ Please file a bug if you notice a violation of semantic versioning.
 - [!649](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/649) - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
 - [gh!651](https://github.com/ruby-oauth/oauth2/pull/651) - Mock OAuth2 server for testing (@pboling)
     - https://github.com/navikt/mock-oauth2-server
+
 ### Changed
+
 - [gh!651](https://github.com/ruby-oauth/oauth2/pull/651) - Upgraded to snaky_hash v2.0.3 (@pboling)
     - Provides solution for serialization issues
 - Updated `spec.homepage_uri` in gemspec to GitHub Pages YARD documentation site (@pboling)
+
 ### Fixed
+
 - [gh!650](https://github.com/ruby-oauth/oauth2/pull/650) - Regression in return type of `OAuth2::Response#parsed` (@pboling)
 - Incorrect documentation related to silencing warnings (@pboling)
 
 ## [2.0.10] - 2025-05-17
+
 - TAG: [v2.0.10][2.0.10t]
 - COVERAGE: 100.00% -- 518/518 lines in 14 files
 - BRANCH COVERAGE: 100.00% -- 170/170 branches in 14 files
 - 79.05% documented
+
 ### Added
+
 - [gh!632](https://github.com/ruby-oauth/oauth2/pull/632) - Added `funding.yml` (@Aboling0)
 - [!635](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/635) - Added `.gitlab-ci.yml` (@jessieay)
 - [#638](https://gitlab.com/ruby-oauth/oauth2/-/issues/638) - Documentation of support for **ILO Fundamental Principles of Rights at Work** (@pboling)
@@ -198,14 +244,18 @@ Please file a bug if you notice a violation of semantic versioning.
     - See: https://datatracker.ietf.org/doc/html/rfc7009
 - [gh!644](https://github.com/ruby-oauth/oauth2/pull/644), [gh!645](https://github.com/ruby-oauth/oauth2/pull/645) - Added CITATION.cff (@Aboling0)
 - [!648](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/648) - Improved documentation (@pboling)
+
 ### Changed
+
 - Default value of `OAuth2.config.silence_extra_tokens_warning` was `false`, now `true` (@pboling)
 - Gem releases are now cryptographically signed, with a 20-year cert (@pboling)
     - Allow linux distros to build release without signing, as their package managers sign independently
 - [!647](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/647) - `OAuth2::AccessToken#refresh` now supports block param pass through (@pboling)
 - [!647](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/647) - `OAuth2.config` is no longer writable (@pboling)
 - [!647](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/647) - Errors raised by `OAuth2::AccessToken` are now always `OAuth2::Error` and have better metadata (@pboling)
+
 ### Fixed
+
 - [#95](https://gitlab.com/ruby-oauth/oauth2/-/issues/95) - restoring an access token via `AccessToken#from_hash` (@pboling)
     - This was a 13 year old bug report. 😘
 - [#619](https://gitlab.com/ruby-oauth/oauth2/-/issues/619) - Internal options (like `snaky`, `raise_errors`, and `parse`) are no longer included in request (@pboling)
@@ -221,37 +271,58 @@ Please file a bug if you notice a violation of semantic versioning.
 - [gh!646](https://github.com/ruby-oauth/oauth2/pull/646) - Change `require` to `require_relative` (improve performance) (@Aboling0)
 
 ## [2.0.9] - 2022-09-16
+
 - TAG: [v2.0.9][2.0.9t]
+
 ### Added
+
 - More specs (@pboling)
+
 ### Changed
+
 - Complete migration to main branch as default (@pboling)
 - Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
 
 ## [2.0.8] - 2022-09-01
+
 - TAG: [v2.0.8][2.0.8t]
+
 ### Changed
+
 - [!630](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/630) - Extract snaky_hash to external dependency (@pboling)
+
 ### Added
+
 - [!631](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/631) - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes [#628](https://gitlab.com/ruby-oauth/oauth2/-/issues/628)
 
 ## [2.0.7] - 2022-08-22
+
 - TAG: [v2.0.7][2.0.7t]
+
 ### Added
+
 - [!629](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/629) - Allow POST of JSON to get token (@pboling, @terracatta)
+
 ### Fixed
+
 - [!626](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
     - Note: This fixes compatibility with `omniauth-oauth2` and AWS
 - [!625](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/625) - Fixes the printed version in the post install message (@hasghari)
 
 ## [2.0.6] - 2022-07-13
+
 - TAG: [v2.0.6][2.0.6t]
+
 ### Fixed
+
 - [!624](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/624) - Fixes a [regression](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
 
 ## [2.0.5] - 2022-07-07
+
 - TAG: [v2.0.5][2.0.5t]
+
 ### Fixed
+
 - [!620](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/620) - Documentation improvements, to help with upgrading (@swanson)
 - [!621](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/621) - Fixed [#528](https://gitlab.com/ruby-oauth/oauth2/-/issues/528) and [#619](https://gitlab.com/ruby-oauth/oauth2/-/issues/619) (@pboling)
     - All data in responses is now returned, with the access token removed and set as `token`
@@ -261,35 +332,52 @@ Please file a bug if you notice a violation of semantic versioning.
     - There is now 100% test coverage, for lines _and_ branches, and it will stay that way.
 
 ## [2.0.4] - 2022-07-01
+
 - TAG: [v2.0.4][2.0.4t]
+
 ### Fixed
+
 - [!618](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/618) - In some scenarios the `snaky` option default value was not applied (@pboling)
 
 ## [2.0.3] - 2022-06-28
+
 - TAG: [v2.0.3][2.0.3t]
+
 ### Added
+
 - [!611](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling)
 - [!612](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling)
+
 ### Fixed
+
 - [!608](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler)
 - [!615](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling)
 
 ## [2.0.2] - 2022-06-24
+
 - TAG: [v2.0.2][2.0.2t]
+
 ### Fixed
+
 - [!604](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu)
 - [!606](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu)
 - [!607](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan)
 
 ## [2.0.1] - 2022-06-22
+
 - TAG: [v2.0.1][2.0.1t]
+
 ### Added
+
 - Documentation improvements (@pboling)
 - Increased test coverage to 99% (@pboling)
 
 ## [2.0.0] - 2022-06-21
+
 - TAG: [v2.0.0][2.0.0t]
+
 ### Added
+
 - [!158](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/158), [!344](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/344) - Optionally pass raw response to parsers (@niels)
 - [!190](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/190), [!332](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/332), [!334](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/334), [!335](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/335), [!360](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/360), [!426](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/426), [!427](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/427), [!461](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
 - [!220](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
@@ -316,7 +404,9 @@ Please file a bug if you notice a violation of semantic versioning.
 - [!571](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/571) - Support Ruby 3.1 (@pboling)
 - [!575](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
 - [!581](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/581) - _Documentation_: of breaking changes (@pboling)
+
 ### Changed
+
 - [!191](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens)
 - [!312](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
 - [!317](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth)
@@ -332,7 +422,9 @@ Please file a bug if you notice a violation of semantic versioning.
     - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
 - [!576](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/576) - **BREAKING**: Stop rescuing parsing errors (@pboling)
 - [!591](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated
+
 ### Fixed
+
 - [!158](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/158), [!344](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/344) - Handling of errors when using `omniauth-facebook` (@niels)
 - [!294](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom)
 - [!300](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare)
@@ -351,7 +443,9 @@ Please file a bug if you notice a violation of semantic versioning.
 - [!595](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/595) - Graceful handling of empty responses from `Client#get_token`, respecting `:raise_errors` config (@stanhu)
 - [!596](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu)
 - [!598](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu)
+
 ### Removed
+
 - [!341](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/341) - Remove Rdoc & Jeweler related files (@josephpage)
 - [!342](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage)
 - [!539](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/539) - Remove reliance on globally included OAuth2 in tests, analog of [!538](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/538) for 1-4-stable (@anderscarling)
@@ -360,15 +454,18 @@ Please file a bug if you notice a violation of semantic versioning.
 - [!590](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/590) - _Dependency_: Removed `multi_json` (@stanhu)
 
 ## [1.4.11] - 2022-09-16
+
 - TAG: [v1.4.11][1.4.11t]
 - Complete migration to main branch as default (@pboling)
 - Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
 
 ## [1.4.10] - 2022-07-01
+
 - TAG: [v1.4.10][1.4.10t]
 - FIPS Compatibility [!587](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/587) (@akostadinov)
 
 ## [1.4.9] - 2022-02-20
+
 - TAG: [v1.4.9][1.4.9t]
 - Fixes compatibility with Faraday v2 [572](https://gitlab.com/ruby-oauth/oauth2/-/issues/572)
 - Includes supported versions of Faraday in test matrix:
@@ -378,6 +475,7 @@ Please file a bug if you notice a violation of semantic versioning.
 - Add Windows and MacOS to test matrix
 
 ## [1.4.8] - 2022-02-18
+
 - TAG: [v1.4.8][1.4.8t]
 - MFA is now required to push new gem versions (@pboling)
 - README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling)
@@ -388,16 +486,19 @@ Please file a bug if you notice a violation of semantic versioning.
 - [!543](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/543) - Support for more modern Open SSL libraries (@pboling)
 
 ## [1.4.7] - 2021-03-19
+
 - TAG: [v1.4.7][1.4.7t]
 - [!541](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/541) - Backport fix to expires_at handling [!533](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/533) to 1-4-stable branch. (@dobon)
 
 ## [1.4.6] - 2021-03-19
+
 - TAG: [v1.4.6][1.4.6t]
 - [!540](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/540) - Add VERSION constant (@pboling)
 - [!537](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/537) - Fix crash in OAuth2::Client#get_token (@anderscarling)
 - [!538](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/538) - Remove reliance on globally included OAuth2 in tests, analogous to [!539](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/539) on main branch (@anderscarling)
 
 ## [1.4.5] - 2021-03-18
+
 - TAG: [v1.4.5][1.4.5t]
 - [!535](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [!536](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/536) on main branch (@pboling)
 - [!518](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer)
@@ -405,10 +506,12 @@ Please file a bug if you notice a violation of semantic versioning.
 - [!500](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/500) - Fix YARD documentation formatting (@olleolleolle)
 
 ## [1.4.4] - 2020-02-12
+
 - TAG: [v1.4.4][1.4.4t]
 - [!408](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/408) - Fixed expires_at for formatted time (@Lomey)
 
 ## [1.4.3] - 2020-01-29
+
 - TAG: [v1.4.3][1.4.3t]
 - [!483](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/483) - add project metadata to gemspec (@orien)
 - [!495](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
@@ -416,11 +519,13 @@ Please file a bug if you notice a violation of semantic versioning.
 - [!433](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/433) - allow field names with square brackets and numbers in params (@asm256)
 
 ## [1.4.2] - 2019-10-01
+
 - TAG: [v1.4.2][1.4.2t]
 - [!478](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/478) - support latest version of faraday & fix build (@pboling)
     - Officially support Ruby 2.6 and truffleruby
 
 ## [1.4.1] - 2018-10-13
+
 - TAG: [v1.4.1][1.4.1t]
 - [!417](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/417) - update jwt dependency (@thewoolleyman)
 - [!419](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/419) - remove rubocop dependency (temporary, added back in [!423](https://gitlab.com/ruby-oauth/oauth2/-/merge_requests/423)) (@pboling)
@@ -448,6 +553,7 @@ Please file a bug if you notice a violation of semantic versioning.
 [jruby-9.2]: https://www.jruby.org/2018/05/24/jruby-9-2-0-0.html
 
 ## [1.4.0] - 2017-06-09
+
 - TAG: [v1.4.0][1.4.0t]
 - Drop Ruby 1.8.7 support (@sferik)
 - Fix some RuboCop offenses (@sferik)
@@ -455,11 +561,13 @@ Please file a bug if you notice a violation of semantic versioning.
 - _Dependency_: Upgrade Faraday to 0.12 (@sferik)
 
 ## [1.3.1] - 2017-03-03
+
 - TAG: [v1.3.1][1.3.1t]
 - Add support for Ruby 2.4.0 (@pschambacher)
 - _Dependency_: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher)
 
 ## [1.3.0] - 2016-12-28
+
 - TAG: [v1.3.0][1.3.0t]
 - Add support for header-based authentication to the `Client` so it can be used across the library (@bjeanes)
 - Default to header-based authentication when getting a token from an authorisation code (@maletor)
@@ -470,26 +578,36 @@ Please file a bug if you notice a violation of semantic versioning.
 - Add support for Faraday 0.10 (@rhymes)
 
 ## [1.2.0] - 2016-07-01
+
 - TAG: [v1.2.0][1.2.0t]
 - Properly handle encoding of error responses (so we don't blow up, for example, when Google's response includes a ∞) (@Motoshi-Nishihira)
 - Make a copy of the options hash in `AccessToken#from_hash` to avoid accidental mutations (@Linuus)
 - Use `raise` rather than `fail` to throw exceptions (@sferik)
 
 ## [1.1.0] - 2016-01-30
+
 - TAG: [v1.1.0][1.1.0t]
 - Various refactors (eliminating `Hash#merge!` usage in `AccessToken#refresh!`, use `yield` instead of `#call`, freezing mutable objects in constants, replacing constants with class variables) (@sferik)
 - Add support for Rack 2, and bump various other dependencies (@sferik)
 
 ## [1.0.0] - 2014-07-09
+
 - TAG: [v1.0.0][1.0.0t]
+
 ### Added
+
 - Add an implementation of the MAC token spec.
+
 ### Fixed
+
 - Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
 
 ## [0.5.0] - 2011-07-29
+
 - TAG: [v0.5.0][0.5.0t]
+
 ### Changed
+
 - *breaking* `oauth_token` renamed to `oauth_bearer`.
 - *breaking* `authorize_path` Client option renamed to `authorize_url`.
 - *breaking* `access_token_path` Client option renamed to `token_url`.
@@ -497,60 +615,79 @@ Please file a bug if you notice a violation of semantic versioning.
 - *breaking* `web_server` renamed to `auth_code`.
 
 ## [0.4.1] - 2011-04-20
+
 - TAG: [v0.4.1][0.4.1t]
 
 ## [0.4.0] - 2011-04-20
+
 - TAG: [v0.4.0][0.4.0t]
 
 ## [0.3.0] - 2011-04-08
+
 - TAG: [v0.3.0][0.3.0t]
 
 ## [0.2.0] - 2011-04-01
+
 - TAG: [v0.2.0][0.2.0t]
 
 ## [0.1.1] - 2011-01-12
+
 - TAG: [v0.1.1][0.1.1t]
 
 ## [0.1.0] - 2010-10-13
+
 - TAG: [v0.1.0][0.1.0t]
 
 ## [0.0.13] - 2010-08-17
+
 - TAG: [v0.0.13][0.0.13t]
 
 ## [0.0.12] - 2010-08-17
+
 - TAG: [v0.0.12][0.0.12t]
 
 ## [0.0.11] - 2010-08-17
+
 - TAG: [v0.0.11][0.0.11t]
 
 ## [0.0.10] - 2010-06-19
+
 - TAG: [v0.0.10][0.0.10t]
 
 ## [0.0.9] - 2010-06-18
+
 - TAG: [v0.0.9][0.0.9t]
 
 ## [0.0.8] - 2010-04-27
+
 - TAG: [v0.0.8][0.0.8t]
 
 ## [0.0.7] - 2010-04-27
+
 - TAG: [v0.0.7][0.0.7t]
 
 ## [0.0.6] - 2010-04-25
+
 - TAG: [v0.0.6][0.0.6t]
 
 ## [0.0.5] - 2010-04-23
+
 - TAG: [v0.0.5][0.0.5t]
 
 ## [0.0.4] - 2010-04-22
+
 - TAG: [v0.0.4][0.0.4t]
 
 ## [0.0.3] - 2010-04-22
+
 - TAG: [v0.0.3][0.0.3t]
 
 ## [0.0.2] - 2010-04-22
+
 - TAG: [v0.0.2][0.0.2t]
 
 ## [0.0.1] - 2010-04-22
+
 - TAG: [v0.0.1][0.0.1t]
 
 [gemfiles/readme]: gemfiles/README.md
diff --git a/Gemfile.lock b/Gemfile.lock
index 086329d9..40621232 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -20,7 +20,7 @@ PATH
       multi_xml (~> 0.5)
       rack (>= 1.2, < 4)
       snaky_hash (~> 2.0, >= 2.0.3)
-      version_gem (~> 1.1, >= 1.1.8)
+      version_gem (~> 1.1, >= 1.1.9)
 
 GEM
   remote: https://rubygems.org/
diff --git a/README.md b/README.md
index 5f06cfa8..666308f3 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@
 
 ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
 
-[![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
+[![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🔑codecovi]][🔑codecov] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
 
 `if ci_badges.map(&:color).detect { it != "green"}` ☝️ [let me know][🖼️galtzo-discord], as I may have missed the [discord notification][🖼️galtzo-discord].
 
@@ -128,19 +128,19 @@ If it seems like you are in the wrong place, you might try one of these:
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                          |
-|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                          |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                            |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                         |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                              |
-| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                       |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                         |
-| Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                            |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                  |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                      |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                   |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                          |
+|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                          |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                            |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                         |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                              |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor] |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                         |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                                                                                                  |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                 |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                  |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                      |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                   |
 
 ### Compatibility
 
@@ -1317,6 +1317,8 @@ See [CONTRIBUTING.md][🤝contributing].
 
 ### Code Coverage
 
+[![Coverage Graph][🔑codecov-g]][🔑codecov]
+
 [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]
 
 [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov]
diff --git a/oauth2.gemspec b/oauth2.gemspec
index 471e279a..c2af062f 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -132,7 +132,7 @@ Thanks, @pboling / @galtzo
   spec.add_dependency("multi_xml", "~> 0.5")                # ruby >= 0
   spec.add_dependency("rack", [">= 1.2", "< 4"])            # ruby >= 0
   spec.add_dependency("snaky_hash", "~> 2.0", ">= 2.0.3")   # ruby >= 2.2
-  spec.add_dependency("version_gem", "~> 1.1", ">= 1.1.8")  # ruby >= 2.2.0
+  spec.add_dependency("version_gem", "~> 1.1", ">= 1.1.9")  # ruby >= 2.2.0
 
   # NOTE: It is preferable to list development dependencies in the gemspec due to increased
   #       visibility and discoverability on RubyGems.org.

From 084cd96ceb656b3eec3e8a82b67f3c403fc684bd Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 15 Sep 2025 21:29:36 -0600
Subject: [PATCH 589/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=20v2.0?=
 =?UTF-8?q?.17?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

⚡️ A message from a fellow meat-based-AI ⚡️
- [❤️] Finely-crafted open-source tools like oauth2 (& many more) are a full-time endeavor.
- [❤️] Though I adore my work, it lacks financial sustainability.
- [❤️] Please, help me continue enhancing your tools by becoming a sponsor:
  - [💲] https://liberapay.com/pboling/donate
  - [💲] https://github.com/sponsors/pboling
---
 CHANGELOG.md                                  |  13 +-
 Gemfile.lock                                  |   2 +-
 README.md                                     |  14 +-
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              |   2 +-
 docs/file.CHANGELOG.html                      | 425 +++++++++++++-----
 docs/file.CITATION.html                       |   2 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           |   2 +-
 docs/file.README.html                         |  46 +-
 docs/file.REEK.html                           |   2 +-
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   2 +-
 docs/file.access_token.html                   |   2 +-
 docs/file.authenticator.html                  |   2 +-
 docs/file.client.html                         |   2 +-
 docs/file.error.html                          |   2 +-
 docs/file.filtered_attributes.html            |   2 +-
 docs/file.oauth2-2.0.10.gem.html              |   2 +-
 docs/file.oauth2-2.0.11.gem.html              |   2 +-
 docs/file.oauth2-2.0.12.gem.html              |   2 +-
 docs/file.oauth2-2.0.13.gem.html              |   2 +-
 docs/file.oauth2-2.0.14.gem.html              |   2 +-
 docs/file.oauth2-2.0.15.gem.html              |   2 +-
 docs/file.oauth2-2.0.16.gem.html              |   2 +-
 docs/file.oauth2.html                         |   2 +-
 docs/file.response.html                       |   2 +-
 docs/file.strategy.html                       |   2 +-
 docs/file.version.html                        |   2 +-
 docs/index.html                               |  46 +-
 docs/top-level-namespace.html                 |   2 +-
 lib/oauth2/version.rb                         |   2 +-
 50 files changed, 441 insertions(+), 193 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f32483d3..c576d7ed 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,8 +20,6 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Added
 
-- [gh!682][gh!682] - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., {get: :query, post: :header})
-
 ### Changed
 
 ### Deprecated
@@ -32,6 +30,17 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Security
 
+## [2.0.17] - 2025-09-15
+
+- TAG: [v2.0.17][2.0.17t]
+- COVERAGE: 100.00% -- 526/526 lines in 14 files
+- BRANCH COVERAGE: 100.00% -- 178/178 branches in 14 files
+- 90.48% documented
+
+### Added
+
+- [gh!682][gh!682] - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., {get: :query, post: :header})
+
 ## [2.0.16] - 2025-09-14
 
 - TAG: [v2.0.16][2.0.16t]
diff --git a/Gemfile.lock b/Gemfile.lock
index 40621232..16ed3d78 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -13,7 +13,7 @@ GIT
 PATH
   remote: .
   specs:
-    oauth2 (2.0.16)
+    oauth2 (2.0.17)
       faraday (>= 0.17.3, < 4.0)
       jwt (>= 1.0, < 4.0)
       logger (~> 1.2)
diff --git a/README.md b/README.md
index 666308f3..2f1019b5 100644
--- a/README.md
+++ b/README.md
@@ -266,6 +266,10 @@ Alternatively:
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
+| 2.0.17  | 2025-09-15   | [v2.0.17 CHANGELOG][2.0.17-changelog] | [v2.0.17 README][2.0.17-readme] |
+| 2.0.16  | 2025-09-14   | [v2.0.16 CHANGELOG][2.0.16-changelog] | [v2.0.16 README][2.0.16-readme] |
+| 2.0.15  | 2025-09-08   | [v2.0.15 CHANGELOG][2.0.15-changelog] | [v2.0.15 README][2.0.15-readme] |
+| 2.0.14  | 2025-08-31   | [v2.0.14 CHANGELOG][2.0.14-changelog] | [v2.0.14 README][2.0.14-readme] |
 | 2.0.13  | 2025-08-30   | [v2.0.13 CHANGELOG][2.0.13-changelog] | [v2.0.13 README][2.0.13-readme] |
 | 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
 | 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
@@ -283,6 +287,10 @@ Alternatively:
 
 
 
+[2.0.17-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2017---2025-09-15
+[2.0.16-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2016---2025-09-14
+[2.0.15-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2015---2025-09-08
+[2.0.14-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2014---2025-08-31
 [2.0.13-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2013---2025-08-30
 [2.0.12-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2012---2025-05-31
 [2.0.11-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2011---2025-05-23
@@ -298,6 +306,10 @@ Alternatively:
 [2.0.1-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#201---2022-06-22
 [2.0.0-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#200---2022-06-21
 
+[2.0.17-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.17/README.md
+[2.0.16-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.16/README.md
+[2.0.15-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.15/README.md
+[2.0.14-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.14/README.md
 [2.0.13-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.13/README.md
 [2.0.12-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.12/README.md
 [2.0.11-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.11/README.md
@@ -1617,7 +1629,7 @@ Thanks for RTFM. ☺️
 [📌gitmoji]:https://gitmoji.dev
 [📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.409-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.526-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 35030b1b..e60933d9 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 4ad8d27d..ebc602da 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3083,7 +3083,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 06a3780b..79af5249 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index cf8a2109..002faa94 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 3223d649..85c0519a 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 99681638..1259edff 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 1034b9d6..8059ded1 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 2a990f03..77602e6b 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 8df5ae01..3fb5311a 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
            Defined Under Namespace
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index e6a76aef..7b9910f7 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 2e13d4a2..16d22ff8 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 2337082c..17a8748c 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index b73dc3b5..d703001b 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 018ccd79..14cab52b 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 59655175..5b8b0abe 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index ec489e73..0f77a1a2 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
            
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index cdfdf40c..830e48cd 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -384,7 +384,7 @@ 
            Namespace Listing A-Z
            
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 1efddcb6..302c0b51 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -69,27 +69,50 @@
 Please file a bug if you notice a violation of semantic versioning.
            
 
 
            Unreleased
            
+
 
            Added
            
+
+
            Changed
            
+
+
            Deprecated
            
+
+
            Removed
            
+
+
            Fixed
            
+
+
            Security
            
+
+
            
+2.0.17 - 2025-09-15
            
+
 
              
-  
            • [gh!682][gh!682] - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., :query, post: :header)
-    
              Changed
              
-    
              Deprecated
              
-    
              Removed
              
-    
              Fixed
              
-    
              Security
              
-  
              • 
+  
            • TAG: v2.0.17
+
              • 
+  
            • COVERAGE: 100.00% – 526/526 lines in 14 files
              • 
+  
            • BRANCH COVERAGE: 100.00% – 178/178 branches in 14 files
              • 
+  
            • 90.48% documented
              • 
+
            
+
+
            Added
            
+
+
              
+  
            • [gh!682][gh!682] - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., :query, post: :header)
              • 
 
            
 
 
            
 2.0.16 - 2025-09-14
            
+
 
              
   
            • TAG: v2.0.16
 
              • 
   
            • COVERAGE: 100.00% – 520/520 lines in 14 files
              • 
   
            • BRANCH COVERAGE: 100.00% – 176/176 branches in 14 files
              • 
-  
            • 90.48% documented
-    
              Added
              
-  
              • 
+  
            • 90.48% documented
              • 
+
            
+
+
            Added
            
+
+
              
   
            • 
 gh!680 - E2E example using mock test server added in v2.0.11 by @pboling
     
                
@@ -106,9 +129,12 @@ 
                Added
                
     
              
   
              • 
   
            • 
-gh!676, gh!679 - Apache SkyWalking Eyes dependency license check by @pboling
-    
              Changed
              
-  
              • 
+gh!676, gh!679 - Apache SkyWalking Eyes dependency license check by @pboling
+
            
+
+
            Changed
            
+
+
              
   
            • 
 gh!678 - Many improvements to make CI more resilient (past/future proof) by @pboling
              • 
   
            • 
@@ -117,14 +143,18 @@ 
              Changed
              
 
 
              
 2.0.15 - 2025-09-08
              
+
 
                
   
              • TAG: v2.0.15
 
                • 
   
              • COVERAGE: 100.00% – 519/519 lines in 14 files
                • 
   
              • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
                • 
-  
              • 90.48% documented
-    
                Added
                
-  
                • 
+  
              • 90.48% documented
                • 
+
              
+
+
              Added
              
+
+
                
   
              • 
 gh!671 - Complete documentation example for Instagram by @pboling
                • 
   
              • .env.local.example for contributor happiness
                • 
@@ -137,29 +167,39 @@ 
                Added
                
   
              • 
 gh!670 - AccessToken: verb-dependent token transmission mode by @mrj
     
                  
-      
                • e.g., Instagram GET=:query, POST/DELETE=:header
-        
                  Changed
                  
-      
                  • 
+      
                • e.g., Instagram GET=:query, POST/DELETE=:header
                  • 
     
                
   
                • 
+
              
+
+
              Changed
              
+
+
                
   
              • 
-gh!669 - Upgrade to kettle-dev v1.1.9 by @pboling
-    
                Fixed
                
-  
                • 
+gh!669 - Upgrade to kettle-dev v1.1.9 by @pboling
+
              
+
+
              Fixed
              
+
+
                
   
              • Remove accidentally duplicated lines, and fix typos in CHANGELOG.md
                • 
   
              • point badge to the correct workflow for Ruby 2.3 (caboose.yml)
                • 
 
              
 
 
              
 2.0.14 - 2025-08-31
              
+
 
                
   
              • TAG: v2.0.14
 
                • 
   
              • COVERAGE: 100.00% – 519/519 lines in 14 files
                • 
   
              • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
                • 
-  
              • 90.48% documented
-    
                Added
                
-  
                • 
+  
              • 90.48% documented
                • 
+
              
+
+
              Added
              
+
+
                
   
              • improved documentation by @pboling
                • 
   
              • 
 gh!665 - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
                • 
@@ -192,14 +232,18 @@ 
                Added
                
 
 
                
 2.0.13 - 2025-08-30
                
+
 
                  
   
                • TAG: v2.0.13
 
                  • 
   
                • COVERAGE: 100.00% – 519/519 lines in 14 files
                  • 
   
                • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
                  • 
-  
                • 90.48% documented
-    
                  Added
                  
-  
                  • 
+  
                • 90.48% documented
                  • 
+
                
+
+
                Added
                
+
+
                  
   
                • 
 gh!656 - Support revocation with URL-encoded parameters
                  • 
   
                • 
@@ -211,30 +255,40 @@ 
                  Added
                  
   
                • 
 gh!657 - Updated documentation for org-rename by @pboling
                  • 
   
                • More funding links by @Aboling0
                  • 
-  
                • Documentation: Added docs/OIDC.md with OIDC 1.0 overview, example, and references
-    
                  Changed
                  
-  
                  • 
+  
                • Documentation: Added docs/OIDC.md with OIDC 1.0 overview, example, and references
                  • 
+
                
+
+
                Changed
                
+
+
                  
   
                • Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
                  • 
   
                • 
-gh!660 - Shrink post-install message by 4 lines by @pboling
-    
                  Fixed
                  
-  
                  • 
+gh!660 - Shrink post-install message by 4 lines by @pboling
+
                
+
+
                Fixed
                
+
+
                  
   
                • 
-gh!660 - Links in README (including link to HEAD documentation) by @pboling
-    
                  Security
                  
-  
                  • 
+gh!660 - Links in README (including link to HEAD documentation) by @pboling
 
                
 
+
                Security
                
+
 
                
 2.0.12 - 2025-05-31
                
+
 
                  
   
                • TAG: v2.0.12
 
                  • 
   
                • Line Coverage: 100.0% (520 / 520)
                  • 
   
                • Branch Coverage: 100.0% (174 / 174)
                  • 
-  
                • 80.00% documented
-    
                  Added
                  
-  
                  • 
+  
                • 80.00% documented
                  • 
+
                
+
+
                Added
                
+
+
                  
   
                • 
 gh!652 - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
     
                    
@@ -247,25 +301,35 @@ 
                    Added
                    
       
                  • Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
                    • 
     
                  
   
                  • 
-  
                • Documentation site @ https://oauth2.galtzo.com now complete
-    
                  Changed
                  
-  
                  • 
-  
                • Updates to gemspec (email, funding url, post install message)
-    
                  Fixed
                  
-  
                  • 
+  
                • Documentation site @ https://oauth2.galtzo.com now complete
                  • 
+
                
+
+
                Changed
                
+
+
                  
+  
                • Updates to gemspec (email, funding url, post install message)
                  • 
+
                
+
+
                Fixed
                
+
+
                  
   
                • Documentation Typos by @pboling
                  • 
 
                
 
 
                
 2.0.11 - 2025-05-23
                
+
 
                  
   
                • TAG: v2.0.11
 
                  • 
   
                • COVERAGE: 100.00% – 518/518 lines in 14 files
                  • 
   
                • BRANCH COVERAGE: 100.00% – 172/172 branches in 14 files
                  • 
-  
                • 80.00% documented
-    
                  Added
                  
-  
                  • 
+  
                • 80.00% documented
                  • 
+
                
+
+
                Added
                
+
+
                  
   
                • 
 gh!651 - :snaky_hash_klass option (@pboling)
                  • 
   
                • More documentation
                  • 
@@ -288,20 +352,26 @@ 
                  Added
                  
   
                • 
 gh!651 - Mock OAuth2 server for testing (@pboling)
     
                    
-      
                  • https://github.com/navikt/mock-oauth2-server
-        
                    Changed
                    
-      
                    • 
+      
                  • https://github.com/navikt/mock-oauth2-server
                    • 
     
                  
   
                  • 
+
                
+
+
                Changed
                
+
+
                  
   
                • 
 gh!651 - Upgraded to snaky_hash v2.0.3 (@pboling)
     
                    
       
                  • Provides solution for serialization issues
                    • 
     
                  
   
                  • 
-  
                • Updated spec.homepage_uri in gemspec to GitHub Pages YARD documentation site (@pboling)
-    
                  Fixed
                  
-  
                  • 
+  
                • Updated spec.homepage_uri in gemspec to GitHub Pages YARD documentation site (@pboling)
                  • 
+
                
+
+
                Fixed
                
+
+
                  
   
                • 
 gh!650 - Regression in return type of OAuth2::Response#parsed (@pboling)
                  • 
   
                • Incorrect documentation related to silencing warnings (@pboling)
                  • 
@@ -309,14 +379,18 @@ 
                  Fixed
                  
 
 
                  
 2.0.10 - 2025-05-17
                  
+
 
                    
   
                  • TAG: v2.0.10
 
                    • 
   
                  • COVERAGE: 100.00% – 518/518 lines in 14 files
                    • 
   
                  • BRANCH COVERAGE: 100.00% – 170/170 branches in 14 files
                    • 
-  
                  • 79.05% documented
-    
                    Added
                    
-  
                    • 
+  
                  • 79.05% documented
                    • 
+
                  
+
+
                  Added
                  
+
+
                    
   
                  • 
 gh!632 - Added funding.yml (@Aboling0)
                    • 
   
                  • 
@@ -357,9 +431,12 @@ 
                    Added
                    
   
                  • 
 gh!644, gh!645 - Added CITATION.cff (@Aboling0)
                    • 
   
                  • 
-!648 - Improved documentation (@pboling)
-    
                    Changed
                    
-  
                    • 
+!648 - Improved documentation (@pboling)
+
                  
+
+
                  Changed
                  
+
+
                    
   
                  • Default value of OAuth2.config.silence_extra_tokens_warning was false, now true (@pboling)
                    • 
   
                  • Gem releases are now cryptographically signed, with a 20-year cert (@pboling)
     
                      
@@ -371,9 +448,12 @@ 
                      Changed
                      
   
                    • 
 !647 - OAuth2.config is no longer writable (@pboling)
                      • 
   
                    • 
-!647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling)
-    
                      Fixed
                      
-  
                      • 
+!647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling)
+
                    
+
+
                    Fixed
                    
+
+
                      
   
                    • 
 #95 - restoring an access token via AccessToken#from_hash (@pboling)
     
                        
@@ -406,27 +486,43 @@ 
                        Fixed
                        
 
 
                        
 2.0.9 - 2022-09-16
                        
+
 
                          
   
                        • TAG: v2.0.9
-    
                          Added
                          
-  
                          • 
-  
                        • More specs (@pboling)
-    
                          Changed
                          
-  
                          • 
+
+
                        
+
+
                        Added
                        
+
+
                          
+  
                        • More specs (@pboling)
                          • 
+
                        
+
+
                        Changed
                        
+
+
                          
   
                        • Complete migration to main branch as default (@pboling)
                          • 
   
                        • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
                          • 
 
                        
 
 
                        
 2.0.8 - 2022-09-01
                        
+
 
+
+
                        Changed
                        
+
+
                          
   
                        • 
-!630 - Extract snaky_hash to external dependency (@pboling)
-    
                          Added
                          
-  
                          • 
+!630 - Extract snaky_hash to external dependency (@pboling)
+
                        
+
+
                        Added
                        
+
+
                          
   
                        • 
 !631 - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes #628
 
                          • 
@@ -434,14 +530,22 @@ 
                          Added
                          
 
 
                          
 2.0.7 - 2022-08-22
                          
+
 
+
+
                          Added
                          
+
+
                            
   
                          • 
-!629 - Allow POST of JSON to get token (@pboling, @terracatta)
-    
                            Fixed
                            
-  
                            • 
+!629 - Allow POST of JSON to get token (@pboling, @terracatta)
+
                          
+
+
                          Fixed
                          
+
+
                            
   
                          • 
 !626 - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
     
                              
@@ -454,20 +558,30 @@ 
                              Fixed
                              
 
 
                              
 2.0.6 - 2022-07-13
                              
+
 
+
+
                              Fixed
                              
+
+
                                
   
                              • 
 !624 - Fixes a regression in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
                                • 
 
                              
 
 
                              
 2.0.5 - 2022-07-07
                              
+
 
+
+
                              Fixed
                              
+
+
                                
   
                              • 
 !620 - Documentation improvements, to help with upgrading (@swanson)
                                • 
   
                              • 
@@ -489,26 +603,39 @@ 
                                Fixed
                                
 
 
                                
 2.0.4 - 2022-07-01
                                
+
 
+
+
                                Fixed
                                
+
+
                                  
   
                                • 
 !618 - In some scenarios the snaky option default value was not applied (@pboling)
                                  • 
 
                                
 
 
                                
 2.0.3 - 2022-06-28
                                
+
 
+
+
                                Added
                                
+
+
                                  
   
                                • 
 !611 - Proper deprecation warnings for extract_access_token argument (@pboling)
                                  • 
   
                                • 
-!612 - Add snaky: false option to skip conversion to OAuth2::SnakyHash (default: true) (@pboling)
-    
                                  Fixed
                                  
-  
                                  • 
+!612 - Add snaky: false option to skip conversion to OAuth2::SnakyHash (default: true) (@pboling)
+
                                
+
+
                                Fixed
                                
+
+
                                  
   
                                • 
 !608 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@nbibler)
                                  • 
   
                                • 
@@ -517,10 +644,15 @@ 
                                  Fixed
                                  
 
 
                                  
 2.0.2 - 2022-06-24
                                  
+
 
+
+
                                  Fixed
                                  
+
+
                                    
   
                                  • 
 !604 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@stanhu)
                                    • 
   
                                  • 
@@ -531,20 +663,30 @@ 
                                    Fixed
                                    
 
 
                                    
 2.0.1 - 2022-06-22
                                    
+
 
+
+
                                    Added
                                    
+
+
                                      
   
                                    • Documentation improvements (@pboling)
                                      • 
   
                                    • Increased test coverage to 99% (@pboling)
                                      • 
 
                                    
 
 
                                    
 2.0.0 - 2022-06-21
                                    
+
 
+
+
                                    Added
                                    
+
+
                                      
   
                                    • 
 !158, !344 - Optionally pass raw response to parsers (@niels)
                                      • 
   
                                    • 
@@ -596,9 +738,12 @@ 
                                      Added
                                      
   
                                    • 
 !575 - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
                                      • 
   
                                    • 
-!581 - Documentation: of breaking changes (@pboling)
-    
                                      Changed
                                      
-  
                                      • 
+!581 - Documentation: of breaking changes (@pboling)
+
                                    
+
+
                                    Changed
                                    
+
+
                                      
   
                                    • 
 !191 - BREAKING: Token is expired if expired_at time is now (@davestevens)
                                      • 
   
                                    • 
@@ -628,9 +773,12 @@ 
                                      Changed
                                      
   
                                    • 
 !576 - BREAKING: Stop rescuing parsing errors (@pboling)
                                      • 
   
                                    • 
-!591 - DEPRECATION: OAuth2::Client - :extract_access_token option is deprecated
-    
                                      Fixed
                                      
-  
                                      • 
+!591 - DEPRECATION: OAuth2::Client - :extract_access_token option is deprecated
+
                                    
+
+
                                    Fixed
                                    
+
+
                                      
   
                                    • 
 !158, !344 - Handling of errors when using omniauth-facebook (@niels)
                                      • 
   
                                    • 
@@ -666,9 +814,12 @@ 
                                      Fixed
                                      
   
                                    • 
 !596 - Consistency between AccessToken#refresh and Client#get_token named arguments (@stanhu)
                                      • 
   
                                    • 
-!598 - Fix unparseable data not raised as error in Client#get_token, respecting :raise_errors config (@stanhu)
-    
                                      Removed
                                      
-  
                                      • 
+!598 - Fix unparseable data not raised as error in Client#get_token, respecting :raise_errors config (@stanhu)
+
                                    
+
+
                                    Removed
                                    
+
+
                                      
   
                                    • 
 !341 - Remove Rdoc & Jeweler related files (@josephpage)
                                      • 
   
                                    • 
@@ -685,6 +836,7 @@ 
                                      Removed
                                      
 
 
                                      
 1.4.11 - 2022-09-16
                                      
+
 
                                        
   
                                      • TAG: v1.4.11
 
                                        • 
@@ -694,6 +846,7 @@ 
                                        
 
 
                                        
 1.4.10 - 2022-07-01
                                        
+
 
                                          
   
                                        • TAG: v1.4.10
 
                                          • 
@@ -702,6 +855,7 @@ 
                                          
 
 
                                          
 1.4.9 - 2022-02-20
                                          
+
 
                                            
   
                                          • TAG: v1.4.9
 
                                            • 
@@ -719,6 +873,7 @@ 
                                            
 
 
                                            
 1.4.8 - 2022-02-18
                                            
+
 
                                              
   
                                            • TAG: v1.4.8
 
                                              • 
@@ -735,6 +890,7 @@ 
                                              
 
 
                                              
 1.4.7 - 2021-03-19
                                              
+
 
                                                
   
                                              • TAG: v1.4.7
 
                                                • 
@@ -744,6 +900,7 @@ 
                                                
 
 
                                                
 1.4.6 - 2021-03-19
                                                
+
 
                                                  
   
                                                • TAG: v1.4.6
 
                                                  • 
@@ -757,6 +914,7 @@ 
                                                  
 
 
                                                  
 1.4.5 - 2021-03-18
                                                  
+
 
                                                    
   
                                                  • TAG: v1.4.5
 
                                                    • 
@@ -772,6 +930,7 @@ 
                                                    
 
 
                                                    
 1.4.4 - 2020-02-12
                                                    
+
 
                                                      
   
                                                    • TAG: v1.4.4
 
                                                      • 
@@ -781,6 +940,7 @@ 
                                                      
 
 
                                                      
 1.4.3 - 2020-01-29
                                                      
+
 
                                                        
   
                                                      • TAG: v1.4.3
 
                                                        • 
@@ -798,6 +958,7 @@ 
                                                        
 
 
                                                        
 1.4.2 - 2019-10-01
                                                        
+
 
                                                          
   
                                                        • TAG: v1.4.2
 
                                                          • 
@@ -811,6 +972,7 @@ 
                                                          
 
 
                                                          
 1.4.1 - 2018-10-13
                                                          
+
 
                                                            
   
                                                          • TAG: v1.4.1
 
                                                            • 
@@ -854,6 +1016,7 @@ 
                                                            
 
 
                                                            
 1.4.0 - 2017-06-09
                                                            
+
 
                                                              
   
                                                            • TAG: v1.4.0
 
                                                              • 
@@ -867,6 +1030,7 @@ 
                                                              
 
 
                                                              
 1.3.1 - 2017-03-03
                                                              
+
 
                                                                
   
                                                              • TAG: v1.3.1
 
                                                                • 
@@ -877,6 +1041,7 @@ 
                                                                
 
 
                                                                
 1.3.0 - 2016-12-28
                                                                
+
 
                                                                  
   
                                                                • TAG: v1.3.0
 
                                                                  • 
@@ -892,6 +1057,7 @@ 
                                                                  
 
 
                                                                  
 1.2.0 - 2016-07-01
                                                                  
+
 
                                                                    
   
                                                                  • TAG: v1.2.0
 
                                                                    • 
@@ -902,6 +1068,7 @@ 
                                                                    
 
 
                                                                    
 1.1.0 - 2016-01-30
                                                                    
+
 
                                                                      
   
                                                                    • TAG: v1.1.0
 
                                                                      • 
@@ -911,22 +1078,35 @@ 
                                                                      
 
 
                                                                      
 1.0.0 - 2014-07-09
                                                                      
+
 
                                                                        
   
                                                                      • TAG: v1.0.0
-    
                                                                        Added
                                                                        
-  
                                                                        • 
-  
                                                                      • Add an implementation of the MAC token spec.
-    
                                                                        Fixed
                                                                        
-  
                                                                        • 
+
+
                                                                      
+
+
                                                                      Added
                                                                      
+
+
                                                                        
+  
                                                                      • Add an implementation of the MAC token spec.
                                                                        • 
+
                                                                      
+
+
                                                                      Fixed
                                                                      
+
+
                                                                        
   
                                                                      • Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
                                                                        • 
 
                                                                      
 
 
                                                                      
 0.5.0 - 2011-07-29
                                                                      
+
 
+
+
                                                                      Changed
                                                                      
+
+
                                                                        
   
                                                                      • 
 breaking oauth_token renamed to oauth_bearer.
                                                                        • 
   
                                                                      • 
@@ -941,6 +1121,7 @@ 
                                                                        Changed
                                                                        
 
 
                                                                        
 0.4.1 - 2011-04-20
                                                                        
+
 
                                                                          
   
                                                                        • TAG: v0.4.1
 
                                                                          • 
@@ -948,6 +1129,7 @@ 
                                                                          
 
 
                                                                          
 0.4.0 - 2011-04-20
                                                                          
+
 
                                                                            
   
                                                                          • TAG: v0.4.0
 
                                                                            • 
@@ -955,6 +1137,7 @@ 
                                                                            
 
 
                                                                            
 0.3.0 - 2011-04-08
                                                                            
+
 
                                                                              
   
                                                                            • TAG: v0.3.0
 
                                                                              • 
@@ -962,6 +1145,7 @@ 
                                                                              
 
 
                                                                              
 0.2.0 - 2011-04-01
                                                                              
+
 
                                                                                
   
                                                                              • TAG: v0.2.0
 
                                                                                • 
@@ -969,6 +1153,7 @@ 
                                                                                
 
 
                                                                                
 0.1.1 - 2011-01-12
                                                                                
+
 
                                                                                  
   
                                                                                • TAG: v0.1.1
 
                                                                                  • 
@@ -976,6 +1161,7 @@ 
                                                                                  
 
 
                                                                                  
 0.1.0 - 2010-10-13
                                                                                  
+
 
                                                                                    
   
                                                                                  • TAG: v0.1.0
 
                                                                                    • 
@@ -983,6 +1169,7 @@ 
                                                                                    
 
 
                                                                                    
 0.0.13 - 2010-08-17
                                                                                    
+
 
                                                                                      
   
                                                                                    • TAG: v0.0.13
 
                                                                                      • 
@@ -990,6 +1177,7 @@ 
                                                                                      
 
 
                                                                                      
 0.0.12 - 2010-08-17
                                                                                      
+
 
                                                                                        
   
                                                                                      • TAG: v0.0.12
 
                                                                                        • 
@@ -997,6 +1185,7 @@ 
                                                                                        
 
 
                                                                                        
 0.0.11 - 2010-08-17
                                                                                        
+
 
                                                                                          
   
                                                                                        • TAG: v0.0.11
 
                                                                                          • 
@@ -1004,6 +1193,7 @@ 
                                                                                          
 
 
                                                                                          
 0.0.10 - 2010-06-19
                                                                                          
+
 
                                                                                            
   
                                                                                          • TAG: v0.0.10
 
                                                                                            • 
@@ -1011,6 +1201,7 @@ 
                                                                                            
 
 
                                                                                            
 0.0.9 - 2010-06-18
                                                                                            
+
 
                                                                                              
   
                                                                                            • TAG: v0.0.9
 
                                                                                              • 
@@ -1018,6 +1209,7 @@ 
                                                                                              
 
 
                                                                                              
 0.0.8 - 2010-04-27
                                                                                              
+
 
                                                                                                
   
                                                                                              • TAG: v0.0.8
 
                                                                                                • 
@@ -1025,6 +1217,7 @@ 
                                                                                                
 
 
                                                                                                
 0.0.7 - 2010-04-27
                                                                                                
+
 
                                                                                                  
   
                                                                                                • TAG: v0.0.7
 
                                                                                                  • 
@@ -1032,6 +1225,7 @@ 
                                                                                                  
 
 
                                                                                                  
 0.0.6 - 2010-04-25
                                                                                                  
+
 
                                                                                                    
   
                                                                                                  • TAG: v0.0.6
 
                                                                                                    • 
@@ -1039,6 +1233,7 @@ 
                                                                                                    
 
 
                                                                                                    
 0.0.5 - 2010-04-23
                                                                                                    
+
 
                                                                                                      
   
                                                                                                    • TAG: v0.0.5
 
                                                                                                      • 
@@ -1046,6 +1241,7 @@ 
                                                                                                      
 
 
                                                                                                      
 0.0.4 - 2010-04-22
                                                                                                      
+
 
                                                                                                        
   
                                                                                                      • TAG: v0.0.4
 
                                                                                                        • 
@@ -1053,6 +1249,7 @@ 
                                                                                                        
 
 
                                                                                                        
 0.0.3 - 2010-04-22
                                                                                                        
+
 
                                                                                                          
   
                                                                                                        • TAG: v0.0.3
 
                                                                                                          • 
@@ -1060,6 +1257,7 @@ 
                                                                                                          
 
 
                                                                                                          
 0.0.2 - 2010-04-22
                                                                                                          
+
 
                                                                                                            
   
                                                                                                          • TAG: v0.0.2
 
                                                                                                            • 
@@ -1067,6 +1265,7 @@ 
                                                                                                            
 
 
                                                                                                            
 0.0.1 - 2010-04-22
                                                                                                            
+
 
                                                                                                              
   
                                                                                                            • TAG: v0.0.1
 
                                                                                                              • 
@@ -1075,7 +1274,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 8522f684..798db503 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 85888e80..477f470f 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                                                                                                              Attribution
                                                                                                              
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index b92d1a33..357fcd9d 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -308,7 +308,7 @@ 
                                                                                                              Manual process
                                                                                                              
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index e0e83e3c..94f053d3 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                                                                                                              Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index f2be648d..724956cf 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                                                                                                              MIT License

                                                                                                              Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                                                                                                              Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                                                                                                              Permission is hereby granted, free of charge, to any person obtaining a copy
                                                                                                              of this software and associated documentation files (the "Software"), to deal
                                                                                                              in the Software without restriction, including without limitation the rights
                                                                                                              to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                                                                                                              copies of the Software, and to permit persons to whom the Software is
                                                                                                              furnished to do so, subject to the following conditions:

                                                                                                              The above copyright notice and this permission notice shall be included in all
                                                                                                              copies or substantial portions of the Software.

                                                                                                              THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                                                                                                              IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                                                                                                              FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                                                                                                              AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                                                                                                              LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                                                                                                              OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                                                                                                              SOFTWARE.
                                                                                                              
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 870ca548..1c150afa 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
                                                                                                              Raw OIDC with ruby-oauth/oauth2
                                                                                                              
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index f34dcba6..c1b750ff 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -63,7 +63,7 @@ 
                                                                                                              🔐 OAuth 2.0 Authorization Framewor
 
 
                                                                                                              ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
                                                                                                              
 
-
                                                                                                              [![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
                                                                                                              
+
                                                                                                              [![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🔑codecovi]][🔑codecov] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
                                                                                                              
 
 
                                                                                                              if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
                                                                                                              
 
@@ -180,19 +180,19 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                          |
-|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                               [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                          |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                               [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                            |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                         |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                               [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                              |
-| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                       |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                         |
-| Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                            |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                  |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                      |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                   |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                          |
+|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                               [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                          |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                               [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                            |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                         |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                               [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                              |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor] |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                         |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                                                                                                  |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                 |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                  |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                      |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                   |
 
 ### Compatibility
 
@@ -318,6 +318,10 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
+| 2.0.17  | 2025-09-15   | [v2.0.17 CHANGELOG][2.0.17-changelog] | [v2.0.17 README][2.0.17-readme] |
+| 2.0.16  | 2025-09-14   | [v2.0.16 CHANGELOG][2.0.16-changelog] | [v2.0.16 README][2.0.16-readme] |
+| 2.0.15  | 2025-09-08   | [v2.0.15 CHANGELOG][2.0.15-changelog] | [v2.0.15 README][2.0.15-readme] |
+| 2.0.14  | 2025-08-31   | [v2.0.14 CHANGELOG][2.0.14-changelog] | [v2.0.14 README][2.0.14-readme] |
 | 2.0.13  | 2025-08-30   | [v2.0.13 CHANGELOG][2.0.13-changelog] | [v2.0.13 README][2.0.13-readme] |
 | 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
 | 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
@@ -335,6 +339,10 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 
 
+[2.0.17-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2017---2025-09-15
+[2.0.16-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2016---2025-09-14
+[2.0.15-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2015---2025-09-08
+[2.0.14-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2014---2025-08-31
 [2.0.13-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2013---2025-08-30
 [2.0.12-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2012---2025-05-31
 [2.0.11-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2011---2025-05-23
@@ -350,6 +358,10 @@ 
                                                                                                              Quick Examples
                                                                                                              
 [2.0.1-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#201---2022-06-22
 [2.0.0-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#200---2022-06-21
 
+[2.0.17-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.17/README.md
+[2.0.16-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.16/README.md
+[2.0.15-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.15/README.md
+[2.0.14-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.14/README.md
 [2.0.13-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.13/README.md
 [2.0.12-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.12/README.md
 [2.0.11-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.11/README.md
@@ -1369,6 +1381,8 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 ### Code Coverage
 
+[![Coverage Graph][🔑codecov-g]][🔑codecov]
+
 [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]
 
 [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov]
@@ -1667,7 +1681,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 [📌gitmoji]:https://gitmoji.dev
 [📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.409-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.526-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
@@ -1710,7 +1724,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index 87098180..194b0183 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index f98a5f49..374b63fa 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                                                                                                              Benefits of rubocop_gradual
                                                                                                              
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index d55f9de7..f5d6b05d 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -91,7 +91,7 @@ 
                                                                                                              Additional Support
                                                                                                              
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 810c5256..cadab659 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index ce3ec189..9984a34b 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index 77bfa097..5e19362d 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index fe09eac2..1f383acd 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index dd951683..62841903 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index 7b492fbb..d0a6124f 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index e71744f2..d4df7513 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index cbb0a54c..b87f95e8 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index d03ad420..0001dcc6 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
index 92d61d7f..bfa78aab 100644
--- a/docs/file.oauth2-2.0.14.gem.html
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.15.gem.html b/docs/file.oauth2-2.0.15.gem.html
index 7cef8418..ca7f8c53 100644
--- a/docs/file.oauth2-2.0.15.gem.html
+++ b/docs/file.oauth2-2.0.15.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.16.gem.html b/docs/file.oauth2-2.0.16.gem.html
index 51df38f1..1233eca9 100644
--- a/docs/file.oauth2-2.0.16.gem.html
+++ b/docs/file.oauth2-2.0.16.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index c454b754..0b984e14 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index 82446338..ef3c596d 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 56bb0e5d..799d823a 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index 564a96c6..2105ed13 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/index.html b/docs/index.html
index c2dd905b..26f9a51e 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -63,7 +63,7 @@ 
                                                                                                              🔐 OAuth 2.0 Authorization Framewor
 
 
                                                                                                              ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
                                                                                                              
 
-
                                                                                                              [![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
                                                                                                              
+
                                                                                                              [![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🔑codecovi]][🔑codecov] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
                                                                                                              
 
 
                                                                                                              if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
                                                                                                              
 
@@ -180,19 +180,19 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                          |
-|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                               [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                          |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                               [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                            |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                         |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                               [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                              |
-| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                       |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                         |
-| Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                            |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                  |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                      |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                   |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                          |
+|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                               [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                          |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                               [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                            |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                         |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                               [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                              |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor] |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                         |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                                                                                                  |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                 |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                  |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                      |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                   |
 
 ### Compatibility
 
@@ -318,6 +318,10 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
+| 2.0.17  | 2025-09-15   | [v2.0.17 CHANGELOG][2.0.17-changelog] | [v2.0.17 README][2.0.17-readme] |
+| 2.0.16  | 2025-09-14   | [v2.0.16 CHANGELOG][2.0.16-changelog] | [v2.0.16 README][2.0.16-readme] |
+| 2.0.15  | 2025-09-08   | [v2.0.15 CHANGELOG][2.0.15-changelog] | [v2.0.15 README][2.0.15-readme] |
+| 2.0.14  | 2025-08-31   | [v2.0.14 CHANGELOG][2.0.14-changelog] | [v2.0.14 README][2.0.14-readme] |
 | 2.0.13  | 2025-08-30   | [v2.0.13 CHANGELOG][2.0.13-changelog] | [v2.0.13 README][2.0.13-readme] |
 | 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
 | 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
@@ -335,6 +339,10 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 
 
+[2.0.17-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2017---2025-09-15
+[2.0.16-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2016---2025-09-14
+[2.0.15-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2015---2025-09-08
+[2.0.14-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2014---2025-08-31
 [2.0.13-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2013---2025-08-30
 [2.0.12-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2012---2025-05-31
 [2.0.11-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2011---2025-05-23
@@ -350,6 +358,10 @@ 
                                                                                                              Quick Examples
                                                                                                              
 [2.0.1-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#201---2022-06-22
 [2.0.0-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#200---2022-06-21
 
+[2.0.17-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.17/README.md
+[2.0.16-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.16/README.md
+[2.0.15-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.15/README.md
+[2.0.14-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.14/README.md
 [2.0.13-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.13/README.md
 [2.0.12-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.12/README.md
 [2.0.11-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.11/README.md
@@ -1369,6 +1381,8 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 ### Code Coverage
 
+[![Coverage Graph][🔑codecov-g]][🔑codecov]
+
 [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]
 
 [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov]
@@ -1667,7 +1681,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 [📌gitmoji]:https://gitmoji.dev
 [📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.409-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.526-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
@@ -1710,7 +1724,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 3352ccfe..b624c656 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                                                                                                              Defined Under Namespace
                                                                                                              
 
 
       
diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb
index 3ca2be9e..c87b3eda 100644
--- a/lib/oauth2/version.rb
+++ b/lib/oauth2/version.rb
@@ -2,6 +2,6 @@
 
 module OAuth2
   module Version
-    VERSION = "2.0.16"
+    VERSION = "2.0.17"
   end
 end

From 061ec4abe11e9142ab4f4f18743019ac828eb4b3 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Mon, 15 Sep 2025 21:42:09 -0600
Subject: [PATCH 590/645] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20Checksums=20for?=
 =?UTF-8?q?=20v2.0.17?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

⚡️ A message from a fellow meat-based-AI ⚡️
- [❤️] Finely-crafted open-source tools like oauth2 (& many more) are a full-time endeavor.
- [❤️] Though I adore my work, it lacks financial sustainability.
- [❤️] Please, help me continue enhancing your tools by becoming a sponsor:
  - [💲] https://liberapay.com/pboling/donate
  - [💲] https://github.com/sponsors/pboling
---
 checksums/oauth2-2.0.17.gem.sha256 | 1 +
 checksums/oauth2-2.0.17.gem.sha512 | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 checksums/oauth2-2.0.17.gem.sha256
 create mode 100644 checksums/oauth2-2.0.17.gem.sha512

diff --git a/checksums/oauth2-2.0.17.gem.sha256 b/checksums/oauth2-2.0.17.gem.sha256
new file mode 100644
index 00000000..d27197ef
--- /dev/null
+++ b/checksums/oauth2-2.0.17.gem.sha256
@@ -0,0 +1 @@
+c4e182aeabc06dfdafce9a15095c30edc3a1a21fc3c4f0ea49d9295429e79835
\ No newline at end of file
diff --git a/checksums/oauth2-2.0.17.gem.sha512 b/checksums/oauth2-2.0.17.gem.sha512
new file mode 100644
index 00000000..414622a7
--- /dev/null
+++ b/checksums/oauth2-2.0.17.gem.sha512
@@ -0,0 +1 @@
+6385dfb2d4cb0309745de2d442d99c6148744abaca5599bd1e4f6038e99734d9cf90d1de83d1833e416e2682f0e3d6ae83e10a5a55d6e884b9cdc54e6070fb8b
\ No newline at end of file

From 3936b86f52ce779c8bedb5a68cec427ff77840b0 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Tue, 16 Sep 2025 00:09:38 -0600
Subject: [PATCH 591/645] =?UTF-8?q?=F0=9F=93=9D=20Improved=20documentation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 6 ++++++
 README.md    | 5 +++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c576d7ed..9f8da0df 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,8 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Added
 
+- [gh!683][gh!683] Improve documentation by @pboling
+
 ### Changed
 
 ### Deprecated
@@ -30,6 +32,8 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Security
 
+[gh!683]: https://github.com/ruby-oauth/oauth2/pull/683
+
 ## [2.0.17] - 2025-09-15
 
 - TAG: [v2.0.17][2.0.17t]
@@ -41,6 +45,8 @@ Please file a bug if you notice a violation of semantic versioning.
 
 - [gh!682][gh!682] - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., {get: :query, post: :header})
 
+[gh!682]: https://github.com/ruby-oauth/oauth2/pull/682
+
 ## [2.0.16] - 2025-09-14
 
 - TAG: [v2.0.16][2.0.16t]
diff --git a/README.md b/README.md
index 2f1019b5..9e1ad6c8 100644
--- a/README.md
+++ b/README.md
@@ -62,9 +62,10 @@ NOTE: `header` - The content type specified in the `curl` is already the default
 
 
 
                                                                                                              
-Complete E2E single file script against [navikt/mock-oauth2-server](https://github.com/navikt/mock-oauth2-server)
+Complete E2E single file script against mock-oauth2-server
 
-- E2E example using the mock test server added in v2.0.11
+- E2E example uses [navikt/mock-oauth2-server](https://github.com/navikt/mock-oauth2-server), which was added in v2.0.11
+- E2E example does not ship with the released gem, so clone the source to play with it.
 
 ```console
 docker compose -f docker-compose-ssl.yml up -d --wait

From f201c7ae1cee3532b60ef0f3ed53754faef797ac Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Tue, 16 Sep 2025 00:48:23 -0600
Subject: [PATCH 592/645] =?UTF-8?q?=F0=9F=93=9D=20Improved=20markdown?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index 9e1ad6c8..5d7e6e62 100644
--- a/README.md
+++ b/README.md
@@ -94,26 +94,26 @@ docker compose -f docker-compose-ssl.yml down
 Troubleshooting: validate connectivity to the mock server
 
 - Check container status and port mapping:
-    - docker compose -f docker-compose-ssl.yml ps
+    - `docker compose -f docker-compose-ssl.yml ps`
 - From the host, try the discovery URL directly (this is what the example uses by default):
-    - curl -v http://localhost:8080/default/.well-known/openid-configuration
-    - If that fails immediately, also try: curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration
-- From inside the container (to distinguish container vs host networking):
-    - docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration
+    - `curl -v http://localhost:8080/default/.well-known/openid-configuration`
+    - If that fails immediately, also try: `curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration`
+- From inside the container (to distinguish container vs. host networking):
+    - `docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration`
 - Simple TCP probe from the host:
-    - nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'
+    - `nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'`
 - Inspect which host port 8080 is bound to (should be 8080):
-    - docker inspect -f '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' oauth2-mock-oauth2-server-1
+    - `docker inspect -f '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' oauth2-mock-oauth2-server-1`
 - Look at server logs for readiness/errors:
-    - docker logs -n 200 oauth2-mock-oauth2-server-1
+    - `docker logs -n 200 oauth2-mock-oauth2-server-1`
 - On Linux, ensure nothing else is bound to 8080 and that firewall/SELinux aren’t blocking:
-    - ss -ltnp | grep :8080
+    - `ss -ltnp | grep :8080`
 
 Notes
-- Discovery URL pattern is: http://localhost:8080//.well-known/openid-configuration, where  defaults to "default".
+- Discovery URL pattern is: `http://localhost:8080//.well-known/openid-configuration`, where `` defaults to `default`.
 - You can change these with env vars when running the example:
-    - E2E_ISSUER_BASE (default: http://localhost:8080)
-    - E2E_REALM (default: default)
+    - `E2E_ISSUER_BASE` (default: http://localhost:8080)
+    - `E2E_REALM` (default: default)
 
 
                                                                                                              
 

From f2dbc27fc55f5bd9210c4203addb42f9f16e65c6 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Tue, 16 Sep 2025 00:54:53 -0600
Subject: [PATCH 593/645] =?UTF-8?q?=F0=9F=93=9D=20Improved=20documentation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                     | 34 ++++-----
 docs/OAuth2.html                              |  2 +-
 docs/OAuth2/AccessToken.html                  |  2 +-
 docs/OAuth2/Authenticator.html                |  2 +-
 docs/OAuth2/Client.html                       |  2 +-
 docs/OAuth2/Error.html                        |  2 +-
 docs/OAuth2/FilteredAttributes.html           |  2 +-
 .../FilteredAttributes/ClassMethods.html      |  2 +-
 docs/OAuth2/Response.html                     |  2 +-
 docs/OAuth2/Strategy.html                     |  2 +-
 docs/OAuth2/Strategy/Assertion.html           |  2 +-
 docs/OAuth2/Strategy/AuthCode.html            |  2 +-
 docs/OAuth2/Strategy/Base.html                |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |  2 +-
 docs/OAuth2/Strategy/Implicit.html            |  2 +-
 docs/OAuth2/Strategy/Password.html            |  2 +-
 docs/OAuth2/Version.html                      |  2 +-
 docs/_index.html                              | 22 +++---
 docs/file.CHANGELOG.html                      | 10 ++-
 docs/file.CITATION.html                       |  2 +-
 docs/file.CODE_OF_CONDUCT.html                |  2 +-
 docs/file.CONTRIBUTING.html                   |  2 +-
 docs/file.FUNDING.html                        |  2 +-
 docs/file.LICENSE.html                        |  2 +-
 docs/file.OIDC.html                           |  2 +-
 docs/file.README.html                         | 65 +++++++++--------
 docs/file.REEK.html                           |  2 +-
 docs/file.RUBOCOP.html                        |  2 +-
 docs/file.SECURITY.html                       |  2 +-
 docs/file.access_token.html                   |  2 +-
 docs/file.authenticator.html                  |  2 +-
 docs/file.client.html                         |  2 +-
 docs/file.error.html                          |  2 +-
 docs/file.filtered_attributes.html            |  2 +-
 docs/file.oauth2-2.0.10.gem.html              |  2 +-
 docs/file.oauth2-2.0.11.gem.html              |  2 +-
 docs/file.oauth2-2.0.12.gem.html              |  2 +-
 docs/file.oauth2-2.0.13.gem.html              |  2 +-
 docs/file.oauth2-2.0.14.gem.html              |  2 +-
 docs/file.oauth2-2.0.15.gem.html              |  2 +-
 docs/file.oauth2-2.0.16.gem.html              |  2 +-
 docs/file.oauth2-2.0.17.gem.html              | 71 +++++++++++++++++++
 docs/file.oauth2.html                         |  2 +-
 docs/file.response.html                       |  2 +-
 docs/file.strategy.html                       |  2 +-
 docs/file.version.html                        |  2 +-
 docs/file_list.html                           | 24 +++++--
 docs/index.html                               | 65 +++++++++--------
 docs/top-level-namespace.html                 |  2 +-
 49 files changed, 238 insertions(+), 137 deletions(-)
 create mode 100644 docs/file.oauth2-2.0.17.gem.html

diff --git a/README.md b/README.md
index 5d7e6e62..a555249f 100644
--- a/README.md
+++ b/README.md
@@ -145,7 +145,7 @@ If it seems like you are in the wrong place, you might try one of these:
 
 ### Compatibility
 
-* Operating Systems: Linux, MacOS, Windows
+* Operating Systems: Linux, macOS, Windows
 * MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
     * NOTE: This gem may still _install_ and _run_ on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
 * JRuby @ v9.4, v10.0, HEAD
@@ -214,7 +214,7 @@ The various versions of each are tested via the Ruby test matrix, along with wha
 * time
 * logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10)
 
-If you use a gem version of a core Ruby library it should work fine!
+If you use a gem version of a core Ruby library, it should work fine!
 
 
 
@@ -414,11 +414,11 @@ gem install oauth2
 
                                                                                                              
   For Medium or High Security Installations
 
-This gem is cryptographically signed, and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
+This gem is cryptographically signed and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
 [stone_checksums][💎stone_checksums]. Be sure the gem you install hasn’t been tampered with
 by following the instructions below.
 
-Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
+Add my public key (if you haven’t already; will expire 2045-04-29) as a trusted certificate:
 
 ```console
 gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem)
@@ -493,7 +493,7 @@ see [gemfiles/README.md](gemfiles/README.md), then submit a PR to the correct ma
 If something doesn't work on one of these interpreters, it's a bug.
 
 This library may inadvertently work (or seem to work) on other Ruby
-implementations, however support will only be provided for the versions listed
+implementations; however, support will only be provided for the versions listed
 above.
 
 If you would like this library to support another Ruby version, you may
@@ -532,13 +532,13 @@ Some OAuth 2.0 standards legitimately have multiple tokens.
 You may need to subclass `OAuth2::AccessToken`, or write your own custom alternative to it, and pass it in.
 Specify your custom class with the `access_token_class` option.
 
-If you only need one token you can, as of v2.0.10,
+If you only need one token, you can, as of v2.0.10,
 specify the exact token name you want to extract via the `OAuth2::AccessToken` using
 the `token_name` option.
 
 You'll likely need to do some source diving.
 This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
-If you have time and energy please contribute to the documentation!
+If you have time and energy, please contribute to the documentation!
 
 ## 🔧 Basic Usage
 
@@ -559,7 +559,7 @@ response.class.name
 
 ### Relative `authorize_url` and `token_url` (Not on site root, Just Works!)
 
-In above example, the default Authorization URL is `oauth/authorize` and default Access Token URL is `oauth/token`, and, as they are missing a leading `/`, both are relative.
+In the above example, the default Authorization URL is `oauth/authorize` and default Access Token URL is `oauth/token`, and, as they are missing a leading `/`, both are relative.
 
 ```ruby
 client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
@@ -752,16 +752,18 @@ a hash of the values), or `from_kvform` (if you have an
 `application/x-www-form-urlencoded` encoded string of the values).
 
 Options (since v2.0.x unless noted):
-- expires_latency (Integer | nil): Seconds to subtract from expires_in when computing #expired? to offset latency.
-- token_name (String | Symbol | nil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
-- mode (Symbol | Proc | Hash): Controls how the token is transmitted on requests made via this AccessToken instance.
-  - :header — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
-  - :query — Send as access_token query parameter (discouraged in general, but required by some providers).
+- `expires_latency` (Integer | nil): Seconds to subtract from expires_in when computing #expired? to offset latency.
+- `token_name` (String | Symbol | nil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
+- `mode` (Symbol | Proc | Hash): Controls how the token is transmitted on requests made via this AccessToken instance.
+  - `:header` — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
+  - `:query` — Send as access_token query parameter (discouraged in general, but required by some providers).
   - Verb-dependent (since v2.0.15): Provide either:
-    - a Proc taking |verb| and returning :header or :query, or
-    - a Hash with verb symbols as keys, for example: {get: :query, post: :header, delete: :header}.
+    - a `Proc` taking `|verb|` and returning `:header` or `:query`, or
+    - a `Hash` with verb symbols as keys, for example `{get: :query, post: :header, delete: :header}`.
 
-Note: Verb-dependent mode was added in v2.0.15 to support providers like Instagram that require query mode for GET and header mode for POST/DELETE.
+Note: Verb-dependent mode supports providers like Instagram that require query mode for `GET` and header mode for `POST`/`DELETE`
+- Verb-dependent mode via `Proc` was added in v2.0.15
+- Verb-dependent mode via `Hash` was added in v2.0.16
 
 ### OAuth2::Error
 
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index e60933d9..3e0fcdaf 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index ebc602da..c83cc5ea 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3083,7 +3083,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 79af5249..5e899294 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 002faa94..af25fba5 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 85c0519a..42fb3123 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 1259edff..67a4aa42 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 8059ded1..f09c5ff1 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 77602e6b..cc9ba6f4 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 3fb5311a..a674e081 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                                                                                                              Defined Under Namespace
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 7b9910f7..bafdf1de 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 16d22ff8..9509bcde 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 17a8748c..b6f5ffe6 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index d703001b..f58a3e1e 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 14cab52b..0c5b11bc 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 5b8b0abe..5ec03d21 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 0f77a1a2..14bb7a4c 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 830e48cd..ceaf684e 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -111,25 +111,31 @@ 
                                                                                                              File Listing
                                                                                                              
     
                                                                                                            • oauth2-2.0.16.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.10.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.17.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.11.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.10.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.12.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.11.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.13.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.12.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.14.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.13.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.15.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.14.gem
                                                                                                              • 
+    
+  
+    
                                                                                                            • oauth2-2.0.15.gem
                                                                                                              • 
+    
+  
+    
                                                                                                            • oauth2-2.0.16.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.16.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.17.gem
                                                                                                              • 
     
   
     
                                                                                                            • REEK
                                                                                                              • 
@@ -384,7 +390,7 @@ 
                                                                                                              Namespace Listing A-Z
                                                                                                              
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 302c0b51..6896d328 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -72,6 +72,11 @@ 
                                                                                                              Added
                                                                                                              
 
+
+
 
                                                                                                              Changed
                                                                                                              
 
 
                                                                                                              Deprecated
                                                                                                              
@@ -96,7 +101,8 @@ 
                                                                                                              
 
                                                                                                              Added
                                                                                                              
 
 
                                                                                                                
-  
                                                                                                              • [gh!682][gh!682] - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., :query, post: :header)
                                                                                                                • 
+  
                                                                                                              • 
+gh!682 - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., :query, post: :header)
                                                                                                                • 
 
                                                                                                              
 
 
                                                                                                              
@@ -1274,7 +1280,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 798db503..1641271f 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 477f470f..1ba415b5 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                                                                                                              Attribution
                                                                                                              
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 357fcd9d..7753fe72 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -308,7 +308,7 @@ 
                                                                                                              Manual process
                                                                                                              
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 94f053d3..6482a6ba 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                                                                                                              Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 724956cf..bc3e8fef 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                                                                                                              MIT License

                                                                                                              Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                                                                                                              Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                                                                                                              Permission is hereby granted, free of charge, to any person obtaining a copy
                                                                                                              of this software and associated documentation files (the "Software"), to deal
                                                                                                              in the Software without restriction, including without limitation the rights
                                                                                                              to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                                                                                                              copies of the Software, and to permit persons to whom the Software is
                                                                                                              furnished to do so, subject to the following conditions:

                                                                                                              The above copyright notice and this permission notice shall be included in all
                                                                                                              copies or substantial portions of the Software.

                                                                                                              THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                                                                                                              IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                                                                                                              FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                                                                                                              AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                                                                                                              LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                                                                                                              OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                                                                                                              SOFTWARE.
                                                                                                              
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 1c150afa..93c12ff0 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
                                                                                                              Raw OIDC with ruby-oauth/oauth2
                                                                                                              
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index c1b750ff..e69c42b7 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -114,9 +114,10 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
                                                                                                              
 
 
                                                                                                              
-Complete E2E single file script against [navikt/mock-oauth2-server](https://github.com/navikt/mock-oauth2-server)
+Complete E2E single file script against mock-oauth2-server
 
-- E2E example using the mock test server added in v2.0.11
+- E2E example uses [navikt/mock-oauth2-server](https://github.com/navikt/mock-oauth2-server), which was added in v2.0.11
+- E2E example does not ship with the released gem, so clone the source to play with it.
 
 ```console
 docker compose -f docker-compose-ssl.yml up -d --wait
@@ -145,26 +146,26 @@ 
                                                                                                              Quick Examples
                                                                                                              
 Troubleshooting: validate connectivity to the mock server
 
 - Check container status and port mapping:
-    - docker compose -f docker-compose-ssl.yml ps
+    - `docker compose -f docker-compose-ssl.yml ps`
 - From the host, try the discovery URL directly (this is what the example uses by default):
-    - curl -v http://localhost:8080/default/.well-known/openid-configuration
-    - If that fails immediately, also try: curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration
-- From inside the container (to distinguish container vs host networking):
-    - docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration
+    - `curl -v http://localhost:8080/default/.well-known/openid-configuration`
+    - If that fails immediately, also try: `curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration`
+- From inside the container (to distinguish container vs. host networking):
+    - `docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration`
 - Simple TCP probe from the host:
-    - nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'
+    - `nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'`
 - Inspect which host port 8080 is bound to (should be 8080):
-    - docker inspect -f '(index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }' oauth2-mock-oauth2-server-1
+    - `docker inspect -f '(index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }' oauth2-mock-oauth2-server-1`
 - Look at server logs for readiness/errors:
-    - docker logs -n 200 oauth2-mock-oauth2-server-1
+    - `docker logs -n 200 oauth2-mock-oauth2-server-1`
 - On Linux, ensure nothing else is bound to 8080 and that firewall/SELinux aren’t blocking:
-    - ss -ltnp | grep :8080
+    - `ss -ltnp | grep :8080`
 
 Notes
-- Discovery URL pattern is: http://localhost:8080//.well-known/openid-configuration, where  defaults to "default".
+- Discovery URL pattern is: `http://localhost:8080//.well-known/openid-configuration`, where `` defaults to `default`.
 - You can change these with env vars when running the example:
-    - E2E_ISSUER_BASE (default: http://localhost:8080)
-    - E2E_REALM (default: default)
+    - `E2E_ISSUER_BASE` (default: http://localhost:8080)
+    - `E2E_REALM` (default: default)
 
 </details>
 
@@ -196,7 +197,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 ### Compatibility
 
-* Operating Systems: Linux, MacOS, Windows
+* Operating Systems: Linux, macOS, Windows
 * MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
     * NOTE: This gem may still _install_ and _run_ on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
 * JRuby @ v9.4, v10.0, HEAD
@@ -265,7 +266,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 * time
 * logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10)
 
-If you use a gem version of a core Ruby library it should work fine!
+If you use a gem version of a core Ruby library, it should work fine!
 
 
                                                                                                              
 
@@ -465,11 +466,11 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
                                                                                                              
   For Medium or High Security Installations
 
-This gem is cryptographically signed, and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
+This gem is cryptographically signed and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
 [stone_checksums][💎stone_checksums]. Be sure the gem you install hasn’t been tampered with
 by following the instructions below.
 
-Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
+Add my public key (if you haven’t already; will expire 2045-04-29) as a trusted certificate:
 
 ```console
 gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem)
@@ -544,7 +545,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 If something doesn't work on one of these interpreters, it's a bug.
 
 This library may inadvertently work (or seem to work) on other Ruby
-implementations, however support will only be provided for the versions listed
+implementations; however, support will only be provided for the versions listed
 above.
 
 If you would like this library to support another Ruby version, you may
@@ -583,13 +584,13 @@ 
                                                                                                              Quick Examples
                                                                                                              
 You may need to subclass `OAuth2::AccessToken`, or write your own custom alternative to it, and pass it in.
 Specify your custom class with the `access_token_class` option.
 
-If you only need one token you can, as of v2.0.10,
+If you only need one token, you can, as of v2.0.10,
 specify the exact token name you want to extract via the `OAuth2::AccessToken` using
 the `token_name` option.
 
 You'll likely need to do some source diving.
 This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
-If you have time and energy please contribute to the documentation!
+If you have time and energy, please contribute to the documentation!
 
 ## 🔧 Basic Usage
 
@@ -610,7 +611,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 ### Relative `authorize_url` and `token_url` (Not on site root, Just Works!)
 
-In above example, the default Authorization URL is `oauth/authorize` and default Access Token URL is `oauth/token`, and, as they are missing a leading `/`, both are relative.
+In the above example, the default Authorization URL is `oauth/authorize` and default Access Token URL is `oauth/token`, and, as they are missing a leading `/`, both are relative.
 
 ```ruby
 client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
@@ -803,16 +804,18 @@ 
                                                                                                              Quick Examples
                                                                                                              
 `application/x-www-form-urlencoded` encoded string of the values).
 
 Options (since v2.0.x unless noted):
-- expires_latency (Integer | nil): Seconds to subtract from expires_in when computing #expired? to offset latency.
-- token_name (String | Symbol | nil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
-- mode (Symbol | Proc | Hash): Controls how the token is transmitted on requests made via this AccessToken instance.
-  - :header — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
-  - :query — Send as access_token query parameter (discouraged in general, but required by some providers).
+- `expires_latency` (Integer | nil): Seconds to subtract from expires_in when computing #expired? to offset latency.
+- `token_name` (String | Symbol | nil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
+- `mode` (Symbol | Proc | Hash): Controls how the token is transmitted on requests made via this AccessToken instance.
+  - `:header` — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
+  - `:query` — Send as access_token query parameter (discouraged in general, but required by some providers).
   - Verb-dependent (since v2.0.15): Provide either:
-    - a Proc taking |verb| and returning :header or :query, or
-    - a Hash with verb symbols as keys, for example: :query, post: :header, delete: :header.
+    - a `Proc` taking `|verb|` and returning `:header` or `:query`, or
+    - a `Hash` with verb symbols as keys, for example `:query, post: :header, delete: :header`.
 
-Note: Verb-dependent mode was added in v2.0.15 to support providers like Instagram that require query mode for GET and header mode for POST/DELETE.
+Note: Verb-dependent mode supports providers like Instagram that require query mode for `GET` and header mode for `POST`/`DELETE`
+- Verb-dependent mode via `Proc` was added in v2.0.15
+- Verb-dependent mode via `Hash` was added in v2.0.16
 
 ### OAuth2::Error
 
@@ -1724,7 +1727,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index 194b0183..94ca44fa 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 374b63fa..8ebb7fa4 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                                                                                                              Benefits of rubocop_gradual
                                                                                                              
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index f5d6b05d..a85a26ad 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -91,7 +91,7 @@ 
                                                                                                              Additional Support
                                                                                                              
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index cadab659..581ce7a2 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index 9984a34b..e9266862 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index 5e19362d..679d9745 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index 1f383acd..2dc3063a 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index 62841903..497b0bc1 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index d0a6124f..4ad3a95e 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index d4df7513..ba8afba3 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index b87f95e8..38b648c7 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index 0001dcc6..7675b534 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
index bfa78aab..75e0e4f0 100644
--- a/docs/file.oauth2-2.0.14.gem.html
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.15.gem.html b/docs/file.oauth2-2.0.15.gem.html
index ca7f8c53..acc6d04b 100644
--- a/docs/file.oauth2-2.0.15.gem.html
+++ b/docs/file.oauth2-2.0.15.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.16.gem.html b/docs/file.oauth2-2.0.16.gem.html
index 1233eca9..645dfeec 100644
--- a/docs/file.oauth2-2.0.16.gem.html
+++ b/docs/file.oauth2-2.0.16.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.17.gem.html b/docs/file.oauth2-2.0.17.gem.html
new file mode 100644
index 00000000..1bd99aa2
--- /dev/null
+++ b/docs/file.oauth2-2.0.17.gem.html
@@ -0,0 +1,71 @@
+
+
+  
+    
+
+
+  File: oauth2-2.0.17.gem
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                                                                                                              
+      
+      
                                                                                                              
+    
                                                                                                              
+
+    
                                                                                                              
+      
+
+      
                                                                                                              6385dfb2d4cb0309745de2d442d99c6148744abaca5599bd1e4f6038e99734d9cf90d1de83d1833e416e2682f0e3d6ae83e10a5a55d6e884b9cdc54e6070fb8b
                                                                                                              
+
                                                                                                              
+
+      
+
+    
                                                                                                              
+  
+
\ No newline at end of file
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index 0b984e14..c948f189 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index ef3c596d..eeb77a37 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 799d823a..355274e6 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index 2105ed13..ed83c163 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index ef094c1a..e0fe7d43 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -132,41 +132,51 @@ 
                                                                                                              File List
                                                                                                              
   
   
 
-  
                                                                                                            • 
+  
                                                                                                            • 
+    
                                                                                                              oauth2-2.0.17.gem
                                                                                                              
+  
                                                                                                              • 
+  
+
+  
                                                                                                            • 
     
                                                                                                              oauth2-2.0.10.gem
                                                                                                              
   
                                                                                                              • 
   
 
-  
                                                                                                            • 
+  
                                                                                                            • 
     
                                                                                                              oauth2-2.0.11.gem
                                                                                                              
   
                                                                                                              • 
   
 
-  
                                                                                                            • 
+  
                                                                                                            • 
     
                                                                                                              oauth2-2.0.12.gem
                                                                                                              
   
                                                                                                              • 
   
 
-  
                                                                                                            • 
+  
                                                                                                            • 
     
                                                                                                              oauth2-2.0.13.gem
                                                                                                              
   
                                                                                                              • 
   
 
-  
                                                                                                            • 
+  
                                                                                                            • 
     
                                                                                                              oauth2-2.0.14.gem
                                                                                                              
   
                                                                                                              • 
   
 
-  
                                                                                                            • 
+  
                                                                                                            • 
     
                                                                                                              oauth2-2.0.15.gem
                                                                                                              
   
                                                                                                              • 
   
 
-  
                                                                                                            • 
+  
                                                                                                            • 
     
                                                                                                              oauth2-2.0.16.gem
                                                                                                              
   
                                                                                                              • 
   
 
+  
                                                                                                            • 
+    
                                                                                                              oauth2-2.0.17.gem
                                                                                                              
+  
                                                                                                              • 
+  
+
   
                                                                                                            • 
     
                                                                                                              REEK
                                                                                                              
   
                                                                                                              • 
diff --git a/docs/index.html b/docs/index.html
index 26f9a51e..2ac32ab5 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -114,9 +114,10 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
                                                                                                              
 
 
                                                                                                              
-Complete E2E single file script against [navikt/mock-oauth2-server](https://github.com/navikt/mock-oauth2-server)
+Complete E2E single file script against mock-oauth2-server
 
-- E2E example using the mock test server added in v2.0.11
+- E2E example uses [navikt/mock-oauth2-server](https://github.com/navikt/mock-oauth2-server), which was added in v2.0.11
+- E2E example does not ship with the released gem, so clone the source to play with it.
 
 ```console
 docker compose -f docker-compose-ssl.yml up -d --wait
@@ -145,26 +146,26 @@ 
                                                                                                              Quick Examples
                                                                                                              
 Troubleshooting: validate connectivity to the mock server
 
 - Check container status and port mapping:
-    - docker compose -f docker-compose-ssl.yml ps
+    - `docker compose -f docker-compose-ssl.yml ps`
 - From the host, try the discovery URL directly (this is what the example uses by default):
-    - curl -v http://localhost:8080/default/.well-known/openid-configuration
-    - If that fails immediately, also try: curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration
-- From inside the container (to distinguish container vs host networking):
-    - docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration
+    - `curl -v http://localhost:8080/default/.well-known/openid-configuration`
+    - If that fails immediately, also try: `curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration`
+- From inside the container (to distinguish container vs. host networking):
+    - `docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration`
 - Simple TCP probe from the host:
-    - nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'
+    - `nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'`
 - Inspect which host port 8080 is bound to (should be 8080):
-    - docker inspect -f '(index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }' oauth2-mock-oauth2-server-1
+    - `docker inspect -f '(index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }' oauth2-mock-oauth2-server-1`
 - Look at server logs for readiness/errors:
-    - docker logs -n 200 oauth2-mock-oauth2-server-1
+    - `docker logs -n 200 oauth2-mock-oauth2-server-1`
 - On Linux, ensure nothing else is bound to 8080 and that firewall/SELinux aren’t blocking:
-    - ss -ltnp | grep :8080
+    - `ss -ltnp | grep :8080`
 
 Notes
-- Discovery URL pattern is: http://localhost:8080//.well-known/openid-configuration, where  defaults to "default".
+- Discovery URL pattern is: `http://localhost:8080//.well-known/openid-configuration`, where `` defaults to `default`.
 - You can change these with env vars when running the example:
-    - E2E_ISSUER_BASE (default: http://localhost:8080)
-    - E2E_REALM (default: default)
+    - `E2E_ISSUER_BASE` (default: http://localhost:8080)
+    - `E2E_REALM` (default: default)
 
 </details>
 
@@ -196,7 +197,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 ### Compatibility
 
-* Operating Systems: Linux, MacOS, Windows
+* Operating Systems: Linux, macOS, Windows
 * MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
     * NOTE: This gem may still _install_ and _run_ on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
 * JRuby @ v9.4, v10.0, HEAD
@@ -265,7 +266,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 * time
 * logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10)
 
-If you use a gem version of a core Ruby library it should work fine!
+If you use a gem version of a core Ruby library, it should work fine!
 
 
                                                                                                              
 
@@ -465,11 +466,11 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
                                                                                                              
   For Medium or High Security Installations
 
-This gem is cryptographically signed, and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
+This gem is cryptographically signed and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
 [stone_checksums][💎stone_checksums]. Be sure the gem you install hasn’t been tampered with
 by following the instructions below.
 
-Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
+Add my public key (if you haven’t already; will expire 2045-04-29) as a trusted certificate:
 
 ```console
 gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem)
@@ -544,7 +545,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 If something doesn't work on one of these interpreters, it's a bug.
 
 This library may inadvertently work (or seem to work) on other Ruby
-implementations, however support will only be provided for the versions listed
+implementations; however, support will only be provided for the versions listed
 above.
 
 If you would like this library to support another Ruby version, you may
@@ -583,13 +584,13 @@ 
                                                                                                              Quick Examples
                                                                                                              
 You may need to subclass `OAuth2::AccessToken`, or write your own custom alternative to it, and pass it in.
 Specify your custom class with the `access_token_class` option.
 
-If you only need one token you can, as of v2.0.10,
+If you only need one token, you can, as of v2.0.10,
 specify the exact token name you want to extract via the `OAuth2::AccessToken` using
 the `token_name` option.
 
 You'll likely need to do some source diving.
 This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
-If you have time and energy please contribute to the documentation!
+If you have time and energy, please contribute to the documentation!
 
 ## 🔧 Basic Usage
 
@@ -610,7 +611,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 ### Relative `authorize_url` and `token_url` (Not on site root, Just Works!)
 
-In above example, the default Authorization URL is `oauth/authorize` and default Access Token URL is `oauth/token`, and, as they are missing a leading `/`, both are relative.
+In the above example, the default Authorization URL is `oauth/authorize` and default Access Token URL is `oauth/token`, and, as they are missing a leading `/`, both are relative.
 
 ```ruby
 client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
@@ -803,16 +804,18 @@ 
                                                                                                              Quick Examples
                                                                                                              
 `application/x-www-form-urlencoded` encoded string of the values).
 
 Options (since v2.0.x unless noted):
-- expires_latency (Integer | nil): Seconds to subtract from expires_in when computing #expired? to offset latency.
-- token_name (String | Symbol | nil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
-- mode (Symbol | Proc | Hash): Controls how the token is transmitted on requests made via this AccessToken instance.
-  - :header — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
-  - :query — Send as access_token query parameter (discouraged in general, but required by some providers).
+- `expires_latency` (Integer | nil): Seconds to subtract from expires_in when computing #expired? to offset latency.
+- `token_name` (String | Symbol | nil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
+- `mode` (Symbol | Proc | Hash): Controls how the token is transmitted on requests made via this AccessToken instance.
+  - `:header` — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
+  - `:query` — Send as access_token query parameter (discouraged in general, but required by some providers).
   - Verb-dependent (since v2.0.15): Provide either:
-    - a Proc taking |verb| and returning :header or :query, or
-    - a Hash with verb symbols as keys, for example: :query, post: :header, delete: :header.
+    - a `Proc` taking `|verb|` and returning `:header` or `:query`, or
+    - a `Hash` with verb symbols as keys, for example `:query, post: :header, delete: :header`.
 
-Note: Verb-dependent mode was added in v2.0.15 to support providers like Instagram that require query mode for GET and header mode for POST/DELETE.
+Note: Verb-dependent mode supports providers like Instagram that require query mode for `GET` and header mode for `POST`/`DELETE`
+- Verb-dependent mode via `Proc` was added in v2.0.15
+- Verb-dependent mode via `Hash` was added in v2.0.16
 
 ### OAuth2::Error
 
@@ -1724,7 +1727,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index b624c656..47e1417a 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                                                                                                              Defined Under Namespace
                                                                                                              
 
 
       

From 87d80d2b1f7e04a610554119fc11f460fc37892a Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Tue, 16 Sep 2025 13:23:46 -0600
Subject: [PATCH 594/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20kettle-dev=20v1.1.?=
 =?UTF-8?q?21?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/oauth2.iml | 4 ++--
 Gemfile.lock     | 6 +++---
 oauth2.gemspec   | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index f48115c5..91413792 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -52,7 +52,7 @@
     
     
     
-    
+    
     
     
     
@@ -91,7 +91,7 @@
     
     
     
-    
+    
     
     
     
diff --git a/Gemfile.lock b/Gemfile.lock
index 16ed3d78..62c7eb2d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -103,7 +103,7 @@ GEM
     json (2.13.2)
     jwt (3.1.2)
       base64
-    kettle-dev (1.1.20)
+    kettle-dev (1.1.21)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)
@@ -190,7 +190,7 @@ GEM
       ruby_version (~> 1.0)
       version_gem (~> 1.1, >= 1.1.8)
     rspec-stubbed_env (1.0.4)
-    rspec-support (3.13.5)
+    rspec-support (3.13.6)
     rspec_junit_formatter (0.6.0)
       rspec-core (>= 2, < 4, != 2.12.0)
     rubocop (1.80.2)
@@ -336,7 +336,7 @@ DEPENDENCIES
   gem_bench (~> 2.0, >= 2.0.5)
   gitmoji-regex (~> 1.0, >= 1.0.3)
   irb (~> 1.15, >= 1.15.2)
-  kettle-dev (~> 1.1, >= 1.1.20)
+  kettle-dev (~> 1.1, >= 1.1.21)
   kettle-soup-cover (~> 1.0, >= 1.0.10)
   kettle-test (~> 1.0)
   kramdown (~> 2.5, >= 2.5.1)
diff --git a/oauth2.gemspec b/oauth2.gemspec
index c2af062f..318ff81b 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -153,7 +153,7 @@ Thanks, @pboling / @galtzo
   spec.add_development_dependency("rexml", "~> 3.2", ">= 3.2.5")        # ruby >= 0
 
   # Dev, Test, & Release Tasks
-  spec.add_development_dependency("kettle-dev", "~> 1.1", ">= 1.1.20")              # ruby >= 2.3.0
+  spec.add_development_dependency("kettle-dev", "~> 1.1", ">= 1.1.21")              # ruby >= 2.3.0
 
   # Security
   spec.add_development_dependency("bundler-audit", "~> 0.9.2")                      # ruby >= 2.0.0

From 9cc3d4154cf494b3299d04c80df267b7a1a28fd3 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Tue, 16 Sep 2025 16:44:41 -0600
Subject: [PATCH 595/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20kettle-dev=20v1.1.?=
 =?UTF-8?q?22?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/oauth2.iml | 2 --
 Gemfile.lock     | 4 ++--
 oauth2.gemspec   | 2 +-
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index 91413792..0b37f1f1 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -27,7 +27,6 @@
     
     
     
-    
     
     
     
@@ -46,7 +45,6 @@
     
     
     
-    
     
     
     
diff --git a/Gemfile.lock b/Gemfile.lock
index 62c7eb2d..37305e1a 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -103,7 +103,7 @@ GEM
     json (2.13.2)
     jwt (3.1.2)
       base64
-    kettle-dev (1.1.21)
+    kettle-dev (1.1.22)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)
@@ -336,7 +336,7 @@ DEPENDENCIES
   gem_bench (~> 2.0, >= 2.0.5)
   gitmoji-regex (~> 1.0, >= 1.0.3)
   irb (~> 1.15, >= 1.15.2)
-  kettle-dev (~> 1.1, >= 1.1.21)
+  kettle-dev (~> 1.1, >= 1.1.22)
   kettle-soup-cover (~> 1.0, >= 1.0.10)
   kettle-test (~> 1.0)
   kramdown (~> 2.5, >= 2.5.1)
diff --git a/oauth2.gemspec b/oauth2.gemspec
index 318ff81b..d5978dbe 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -153,7 +153,7 @@ Thanks, @pboling / @galtzo
   spec.add_development_dependency("rexml", "~> 3.2", ">= 3.2.5")        # ruby >= 0
 
   # Dev, Test, & Release Tasks
-  spec.add_development_dependency("kettle-dev", "~> 1.1", ">= 1.1.21")              # ruby >= 2.3.0
+  spec.add_development_dependency("kettle-dev", "~> 1.1", ">= 1.1.22")              # ruby >= 2.3.0
 
   # Security
   spec.add_development_dependency("bundler-audit", "~> 0.9.2")                      # ruby >= 2.0.0

From 4464912aade4fa442acb3e8dc71d1b5c3e9fc0c5 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Wed, 17 Sep 2025 00:23:55 -0600
Subject: [PATCH 596/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20kettle-dev=20v1.1.?=
 =?UTF-8?q?23?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/oauth2.iml | 3 ++-
 Gemfile.lock     | 4 ++--
 oauth2.gemspec   | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index 0b37f1f1..bf021893 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -27,6 +27,7 @@
     
     
     
+    
     
     
     
@@ -45,12 +46,12 @@
     
     
     
+    
     
     
     
     
     
-    
     
     
     
diff --git a/Gemfile.lock b/Gemfile.lock
index 37305e1a..b001cbad 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -103,7 +103,7 @@ GEM
     json (2.13.2)
     jwt (3.1.2)
       base64
-    kettle-dev (1.1.22)
+    kettle-dev (1.1.23)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)
@@ -336,7 +336,7 @@ DEPENDENCIES
   gem_bench (~> 2.0, >= 2.0.5)
   gitmoji-regex (~> 1.0, >= 1.0.3)
   irb (~> 1.15, >= 1.15.2)
-  kettle-dev (~> 1.1, >= 1.1.22)
+  kettle-dev (~> 1.1, >= 1.1.23)
   kettle-soup-cover (~> 1.0, >= 1.0.10)
   kettle-test (~> 1.0)
   kramdown (~> 2.5, >= 2.5.1)
diff --git a/oauth2.gemspec b/oauth2.gemspec
index d5978dbe..ea2a42b9 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -153,7 +153,7 @@ Thanks, @pboling / @galtzo
   spec.add_development_dependency("rexml", "~> 3.2", ">= 3.2.5")        # ruby >= 0
 
   # Dev, Test, & Release Tasks
-  spec.add_development_dependency("kettle-dev", "~> 1.1", ">= 1.1.22")              # ruby >= 2.3.0
+  spec.add_development_dependency("kettle-dev", "~> 1.1", ">= 1.1.23")              # ruby >= 2.3.0
 
   # Security
   spec.add_development_dependency("bundler-audit", "~> 0.9.2")                      # ruby >= 2.0.0

From 37f1e1e02cc92cc4029aa1f32e28a3eb1f453831 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Wed, 17 Sep 2025 06:48:52 -0600
Subject: [PATCH 597/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20kettle-dev=20v1.1.?=
 =?UTF-8?q?24?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/current.yml |  4 +-
 .idea/oauth2.iml              |  3 +-
 .junie/guidelines.md          | 13 +++----
 Appraisals                    |  2 +-
 Gemfile.lock                  |  4 +-
 README.md                     | 73 ++++++++++++++++-------------------
 Rakefile                      |  2 +-
 oauth2.gemspec                |  9 ++---
 8 files changed, 49 insertions(+), 61 deletions(-)

diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml
index 72e44fe1..f8a9e644 100644
--- a/.github/workflows/current.yml
+++ b/.github/workflows/current.yml
@@ -45,9 +45,7 @@ jobs:
             rubygems: latest
             bundler: latest
 
-          # truffleruby-24.1
-          #   (according to documentation: targets Ruby 3.3 compatibility)
-          #   (according to runtime: targets Ruby 3.2 compatibility)
+          # truffleruby-24.1 (targets Ruby 3.3 compatibility)
           - ruby: "truffleruby"
             appraisal: "current"
             exec_cmd: "rake test"
diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
index bf021893..4b47739c 100755
--- a/.idea/oauth2.iml
+++ b/.idea/oauth2.iml
@@ -27,7 +27,6 @@
     
     
     
-    
     
     
     
@@ -46,12 +45,12 @@
     
     
     
-    
     
     
     
     
     
+    
     
     
     
diff --git a/.junie/guidelines.md b/.junie/guidelines.md
index c62d3bd4..152e080b 100644
--- a/.junie/guidelines.md
+++ b/.junie/guidelines.md
@@ -12,7 +12,8 @@ This document captures project-specific knowledge to streamline setup, testing,
     - See .env.local.example for an example of what to put in .env.local.
     - See CONTRIBUTING.md for details on how to set up your local environment.
 - Ruby and Bundler
-  - Runtime supports very old Rubies (>= 2.2), but development tooling targets >= 2.3 because of CI/setup-ruby and dev dependencies.
+  - Runtime supports Ruby >= 2.2.0
+  - Development tooling targets Ruby >= 2.3 (minimum supported by setup-ruby GHA).
   - Use a recent Ruby (>= 3.4 recommended) for fastest setup and to exercise modern coverage behavior.
   - Install dependencies via Bundler in project root:
     - bundle install
@@ -53,7 +54,7 @@ This document captures project-specific knowledge to streamline setup, testing,
     - RSpec.describe usage:
       - Use `describe "#"` to contain a block of specs that test instance method behavior.
       - Use `describe "::"` to contain a block of specs that test class method behavior.
-      - Do not use `describe "."` because the dot is ambiguous w.r.t instance vs. class methods. 
+      - Do not use `describe "."` because the dot is ambiguous w.r.t instance vs. class methods.
     - When adding new code or modifying existing code always add tests to cover the updated behavior, including branches, and different types of expected and unexpected inputs.
   - Additional test utilities:
     - rspec-stubbed_env: Use stub_env to control ENV safely within examples.
@@ -89,14 +90,11 @@ This document captures project-specific knowledge to streamline setup, testing,
   - Place new specs under spec/ mirroring lib/ structure where possible. Do not require "spec_helper" at the top of spec files, as it is automatically loaded by .rspec.
   - If your code relies on environment variables that drive activation (see "Activation env vars" below), prefer using rspec-stubbed_env:
     - it does not support stubbing with blocks, but it does automatically clean up after itself.
-    - outside the example:
-      ```ruby
+    - the below config is included in all spec scenarios by the kettle-test gem, so no need to do it again; it is here for reference:
       include_context 'with stubbed env'
-      ```
     - in a before hook, or in an example:
-      ```ruby
       stub_env("FLOSS_FUNDING_MY_NS" => "Free-as-in-beer")
-      ```
+      # example code continues
   - If your spec needs to assert on console output, tag it with :check_output. By default, STDOUT is silenced.
   - Use Timecop for deterministic time-sensitive behavior as needed (require config/timecop is already done by spec_helper).
 
@@ -136,6 +134,7 @@ Notes
 - Coverage reports: NEVER review the HTML report. Use JSON (preferred), XML, LCOV, or RCOV. For this project, always run tests with K_SOUP_COV_FORMATTERS set to "json".
 - Do NOT modify .envrc in tasks; when running tests locally or in scripts, manually prefix each run, e.g.: K_SOUP_COV_FORMATTERS="json" bin/rspec
 - For all the kettle-soup-cover options, see .envrc and find the K_SOUP_COV_* env vars.
+- NEVER modify ENV variables in tests directly. Always use the stub_env macro from the rspec-stubbed_env gem (more details in the testing section above).
 
 Important documentation rules
 - Do NOT edit files under docs/ manually; they are generated by `bundle exec rake yard` as part of the default rake task.
diff --git a/Appraisals b/Appraisals
index d8be6662..90e5effc 100644
--- a/Appraisals
+++ b/Appraisals
@@ -144,7 +144,7 @@ appraise "ruby-2-7" do
   eval_gemfile "modular/logger_v1_7.gemfile"
   eval_gemfile "modular/multi_xml_v0_6.gemfile"
   eval_gemfile "modular/rack_v3.gemfile"
-  eval_gemfile "modular/x_std_libs/r3.1/libs.gemfile"
+  eval_gemfile "modular/x_std_libs/r2/libs.gemfile"
 end
 
 appraise "ruby-3-0" do
diff --git a/Gemfile.lock b/Gemfile.lock
index b001cbad..3b6ed2bd 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -103,7 +103,7 @@ GEM
     json (2.13.2)
     jwt (3.1.2)
       base64
-    kettle-dev (1.1.23)
+    kettle-dev (1.1.24)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)
@@ -336,7 +336,7 @@ DEPENDENCIES
   gem_bench (~> 2.0, >= 2.0.5)
   gitmoji-regex (~> 1.0, >= 1.0.3)
   irb (~> 1.15, >= 1.15.2)
-  kettle-dev (~> 1.1, >= 1.1.23)
+  kettle-dev (~> 1.1)
   kettle-soup-cover (~> 1.0, >= 1.0.10)
   kettle-test (~> 1.0)
   kramdown (~> 2.5, >= 2.5.1)
diff --git a/README.md b/README.md
index a555249f..3166666f 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@
 
 ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
 
-[![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🔑codecovi]][🔑codecov] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
+[![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🏀codecovi]][🏀codecov] [![Coveralls Test Coverage][🏀coveralls-img]][🏀coveralls] [![QLTY Test Coverage][🏀qlty-covi]][🏀qlty-cov] [![QLTY Maintainability][🏀qlty-mnti]][🏀qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
 
 `if ci_badges.map(&:color).detect { it != "green"}` ☝️ [let me know][🖼️galtzo-discord], as I may have missed the [discord notification][🖼️galtzo-discord].
 
@@ -129,19 +129,19 @@ If it seems like you are in the wrong place, you might try one of these:
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                          |
-|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                               [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                          |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                               [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                            |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                         |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                               [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                              |
-| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor] |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                         |
-| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                                                                                                  |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                 |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                  |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                      |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                   |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                          |
+|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                               [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                          |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                               [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                            |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                         |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                               [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                              |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                       |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                         |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                          |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                  |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                      |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                   |
 
 ### Compatibility
 
@@ -221,13 +221,13 @@ If you use a gem version of a core Ruby library, it should work fine!
 ### Federated DVCS
 
 
                                                                                                              
-  Find this repo on other forges
+  Find this repo on federated forges
 
 | Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
 |-----------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
-| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]    | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
+| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]    | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜gl-wiki]           | 🐭 Tiny Matrix           | ➖                            |
 | 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb]  | An Ethical Mirror ([Donate][🤝cb-donate])                             | [💚][🤝cb-issues]         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
-| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]    | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | [💚][gh-discussions]         |
+| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]    | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | [💚][📜gh-wiki]           | 💯 Full Matrix           | [💚][gh-discussions]         |
 | 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                              | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
 | 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
 
@@ -1332,11 +1332,11 @@ See [CONTRIBUTING.md][🤝contributing].
 
 ### Code Coverage
 
-[![Coverage Graph][🔑codecov-g]][🔑codecov]
+[![Coverage Graph][🏀codecov-g]][🏀codecov]
 
-[![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]
+[![Coveralls Test Coverage][🏀coveralls-img]][🏀coveralls]
 
-[![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov]
+[![QLTY Test Coverage][🏀qlty-covi]][🏀qlty-cov]
 
 ### 🪇 Code of Conduct
 
@@ -1533,22 +1533,24 @@ Thanks for RTFM. ☺️
 [📜src-gh]: https://github.com/ruby-oauth/oauth2
 [📜docs-cr-rd-img]: https://img.shields.io/badge/RubyDoc-Current_Release-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
 [📜docs-head-rd-img]: https://img.shields.io/badge/YARD_on_Galtzo.com-HEAD-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
-[📜wiki]: https://gitlab.com/ruby-oauth/oauth2/-/wikis/home
-[📜wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=Wiki&logoColor=white
+[📜gl-wiki]: https://gitlab.com/ruby-oauth/oauth2/-/wikis/home
+[📜gh-wiki]: https://github.com/ruby-oauth/oauth2/wiki
+[📜gl-wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=gitlab&logoColor=white
+[📜gh-wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=github&logoColor=white
 [👽dl-rank]: https://rubygems.org/gems/oauth2
 [👽dl-ranki]: https://img.shields.io/gem/rd/oauth2.svg
 [👽oss-help]: https://www.codetriage.com/ruby-oauth/oauth2
 [👽oss-helpi]: https://www.codetriage.com/ruby-oauth/oauth2/badges/users.svg
 [👽version]: https://rubygems.org/gems/oauth2
 [👽versioni]: https://img.shields.io/gem/v/oauth2.svg
-[🔑qlty-mnt]: https://qlty.sh/gh/ruby-oauth/projects/oauth2
-[🔑qlty-mnti]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/maintainability.svg
-[🔑qlty-cov]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/metrics/code?sort=coverageRating
-[🔑qlty-covi]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/coverage.svg
-[🔑codecov]: https://codecov.io/gh/ruby-oauth/oauth2
-[🔑codecovi]: https://codecov.io/gh/ruby-oauth/oauth2/graph/badge.svg
-[🔑coveralls]: https://coveralls.io/github/ruby-oauth/oauth2?branch=main
-[🔑coveralls-img]: https://coveralls.io/repos/github/ruby-oauth/oauth2/badge.svg?branch=main
+[🏀qlty-mnt]: https://qlty.sh/gh/ruby-oauth/projects/oauth2
+[🏀qlty-mnti]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/maintainability.svg
+[🏀qlty-cov]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/metrics/code?sort=coverageRating
+[🏀qlty-covi]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/coverage.svg
+[🏀codecov]: https://codecov.io/gh/ruby-oauth/oauth2
+[🏀codecovi]: https://codecov.io/gh/ruby-oauth/oauth2/graph/badge.svg
+[🏀coveralls]: https://coveralls.io/github/ruby-oauth/oauth2?branch=main
+[🏀coveralls-img]: https://coveralls.io/repos/github/ruby-oauth/oauth2/badge.svg?branch=main
 [🖐codeQL]: https://github.com/ruby-oauth/oauth2/security/code-scanning
 [🖐codeQL-img]: https://github.com/ruby-oauth/oauth2/actions/workflows/codeql-analysis.yml/badge.svg
 [🚎1-an-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/ancient.yml
@@ -1614,7 +1616,7 @@ Thanks for RTFM. ☺️
 [🤝cb-pulls]: https://codeberg.org/ruby-oauth/oauth2/pulls
 [🤝cb-donate]: https://donate.codeberg.org/
 [🤝contributing]: CONTRIBUTING.md
-[🔑codecov-g]: https://codecov.io/gh/ruby-oauth/oauth2/graphs/tree.svg
+[🏀codecov-g]: https://codecov.io/gh/ruby-oauth/oauth2/graphs/tree.svg
 [🖐contrib-rocks]: https://contrib.rocks
 [🖐contributors]: https://github.com/ruby-oauth/oauth2/graphs/contributors
 [🖐contributors-img]: https://contrib.rocks/image?repo=ruby-oauth/oauth2
@@ -1662,12 +1664,3 @@ Thanks for RTFM. ☺️
 
 
 
                                                                                                              
-
-
-
                                                                                                              
-  Broken badges
-
-[![Coverage Graph][🔑codecov-g]][🔑codecov]
-[![CodeCov Test Coverage][🔑codecovi]][🔑codecov]
-
-
                                                                                                              
diff --git a/Rakefile b/Rakefile
index 2ed315ed..9f4f39b6 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# kettle-dev Rakefile v1.1.20 - 2025-09-15
+# kettle-dev Rakefile v1.1.24 - 2025-09-17
 # Ruby 2.3 (Safe Navigation) or higher required
 #
 # MIT License (see License.txt)
diff --git a/oauth2.gemspec b/oauth2.gemspec
index ea2a42b9..bc9705b0 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -122,7 +122,7 @@ Thanks, @pboling / @galtzo
   ]
   spec.require_paths = ["lib"]
   spec.bindir = "exe"
-  # files listed are relative paths from bindir above.
+  # Listed files are the relative paths from bindir above.
   spec.executables = []
 
   # Utilities
@@ -138,9 +138,8 @@ Thanks, @pboling / @galtzo
   #       visibility and discoverability on RubyGems.org.
   #       However, development dependencies in gemspec will install on
   #       all versions of Ruby that will run in CI.
-  #       This gem, and its gemspec runtime dependencies, will install on Ruby down to 2.2.x.
-  #       This gem, and its gemspec development dependencies, will install on Ruby down to 2.3.x.
-  #       This is because in CI easy installation of Ruby, via setup-ruby, is for >= 2.3.
+  #       This gem, and its gemspec runtime dependencies, will install on Ruby down to 2.2.0.
+  #       This gem, and its gemspec development dependencies, will install on Ruby down to 2.3.
   #       Thus, dev dependencies in gemspec must have
   #
   #       required_ruby_version ">= 2.3" (or lower)
@@ -153,7 +152,7 @@ Thanks, @pboling / @galtzo
   spec.add_development_dependency("rexml", "~> 3.2", ">= 3.2.5")        # ruby >= 0
 
   # Dev, Test, & Release Tasks
-  spec.add_development_dependency("kettle-dev", "~> 1.1", ">= 1.1.23")              # ruby >= 2.3.0
+  spec.add_development_dependency("kettle-dev", "~> 1.1")                     # ruby >= 2.3.0
 
   # Security
   spec.add_development_dependency("bundler-audit", "~> 0.9.2")                      # ruby >= 2.0.0

From 4c849dc1a0659b3220bfcd7d96d13b81fe1f1207 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 18 Sep 2025 01:51:33 -0600
Subject: [PATCH 598/645] =?UTF-8?q?=F0=9F=99=88=20Ignore=20/blogs/?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 5fb6e270..15f1f941 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,6 +23,7 @@ Appraisal.*.gemfile.lock
 /_yardoc/
 /rdoc/
 /doc/
+/blogs/
 
 # Ruby Version Managers (RVM, rbenv, etc)
 # Ignored because we currently use .tool-versions

From dc41fc02f36c08aa96b95de1fb56ba21a485a9e5 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 18 Sep 2025 02:20:33 -0600
Subject: [PATCH 599/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20CHANGELOG.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9f8da0df..67d4ea14 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,10 +20,12 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Added
 
-- [gh!683][gh!683] Improve documentation by @pboling
+- [gh!683][gh!683], [gh!684][gh!684] - Improve documentation by @pboling
 
 ### Changed
 
+- [gh!685][gh!685] - upgrade kettle-dev v1.1.24 by pboling
+
 ### Deprecated
 
 ### Removed
@@ -33,6 +35,8 @@ Please file a bug if you notice a violation of semantic versioning.
 ### Security
 
 [gh!683]: https://github.com/ruby-oauth/oauth2/pull/683
+[gh!684]: https://github.com/ruby-oauth/oauth2/pull/684
+[gh!685]: https://github.com/ruby-oauth/oauth2/pull/685
 
 ## [2.0.17] - 2025-09-15
 

From 0f8aa8608ace3ae8319ec7c8ba5afecdbc190969 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 18 Sep 2025 02:24:06 -0600
Subject: [PATCH 600/645] =?UTF-8?q?=F0=9F=99=88=20Update=20gitignore?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/.gitignore |   7 +++
 .idea/oauth2.iml | 146 -----------------------------------------------
 2 files changed, 7 insertions(+), 146 deletions(-)
 delete mode 100755 .idea/oauth2.iml

diff --git a/.idea/.gitignore b/.idea/.gitignore
index 13566b81..9df2ac9e 100755
--- a/.idea/.gitignore
+++ b/.idea/.gitignore
@@ -6,3 +6,10 @@
 # Datasource local storage ignored files
 /dataSources/
 /dataSources.local.xml
+
+# Zencoder local files
+/zencoder/chats
+/zencoder-chat-index.xml
+/zencoder-chats-dedicated.xml
+# Local project config
+*.iml
diff --git a/.idea/oauth2.iml b/.idea/oauth2.iml
deleted file mode 100755
index 4b47739c..00000000
--- a/.idea/oauth2.iml
+++ /dev/null
@@ -1,146 +0,0 @@
-
-
-  
-    
-  
-  
-    
-      
-      
-      
-      
-      
-      
-      
-      
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-  
-  
-    
-  
-
\ No newline at end of file

From aada215eefa978de678eb9cd0796c8a911cfd48a Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 18 Sep 2025 02:25:41 -0600
Subject: [PATCH 601/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20kettle-dev=20v1.1.?=
 =?UTF-8?q?25?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 3b6ed2bd..407565dd 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -103,7 +103,7 @@ GEM
     json (2.13.2)
     jwt (3.1.2)
       base64
-    kettle-dev (1.1.24)
+    kettle-dev (1.1.25)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)

From 30a828141e2600c3b55b077afb9c11e6ed6dc5e2 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 18 Sep 2025 06:20:40 -0600
Subject: [PATCH 602/645] =?UTF-8?q?=F0=9F=92=B8=20Thanks=20=F0=9F=99=8F=20?=
 =?UTF-8?q?to=20our=20new=20backers=20=F0=9F=8E=92=20and=20subscribers=20?=
 =?UTF-8?q?=F0=9F=93=9C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 3166666f..3d36eae1 100644
--- a/README.md
+++ b/README.md
@@ -1290,6 +1290,10 @@ Support us with a monthly donation and help us continue our activities. [[Become
 
 
 No sponsors yet. Be the first!
+
+### Open Collective for Donors
+
+Watch this space!
 
 
 Become a sponsor and get your logo on our README on GitHub with a link to your site. [[Become a sponsor](https://opencollective.com/ruby-oauth#sponsor)]

From 4ac3e430beee136d41200a1706ca9a800f9ec775 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 19 Sep 2025 05:53:39 -0600
Subject: [PATCH 603/645] =?UTF-8?q?=F0=9F=92=B8=20Thanks=20=F0=9F=99=8F=20?=
 =?UTF-8?q?to=20our=20new=20backers=20=F0=9F=8E=92=20and=20subscribers=20?=
 =?UTF-8?q?=F0=9F=93=9C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

# Conflicts:
#	README.md
---
 .idea/csv-editor.xml | 16 ++++++++++++++++
 README.md            | 15 +++++++++++----
 2 files changed, 27 insertions(+), 4 deletions(-)
 create mode 100644 .idea/csv-editor.xml

diff --git a/.idea/csv-editor.xml b/.idea/csv-editor.xml
new file mode 100644
index 00000000..b10a2bac
--- /dev/null
+++ b/.idea/csv-editor.xml
@@ -0,0 +1,16 @@
+
+
+  
+    
+  
+
\ No newline at end of file
diff --git a/README.md b/README.md
index 3d36eae1..f8e13f12 100644
--- a/README.md
+++ b/README.md
@@ -1280,23 +1280,30 @@ and [Tidelift][🏙️entsup-tidelift].
 
 ### Open Collective for Individuals
 
+Support us with a monthly donation and help us continue our activities. [[Become a backer](https://opencollective.com/kettle-rb#backer)]
+
+NOTE: [kettle-readme-backers][kettle-readme-backers] updates this list every day, automatically.
+
 
 No backers yet. Be the first!
 
 
-Support us with a monthly donation and help us continue our activities. [[Become a backer](https://opencollective.com/ruby-oauth#backer)]
-
 ### Open Collective for Organizations
 
+Become a sponsor and get your logo on our README on GitHub with a link to your site. [[Become a sponsor](https://opencollective.com/kettle-rb#sponsor)]
+
+NOTE: [kettle-readme-backers][kettle-readme-backers] updates this list every day, automatically.
+
 
 No sponsors yet. Be the first!
 
 ### Open Collective for Donors
 
-Watch this space!
+
+
 
 
-Become a sponsor and get your logo on our README on GitHub with a link to your site. [[Become a sponsor](https://opencollective.com/ruby-oauth#sponsor)]
+[kettle-readme-backers]: https://github.com/kettle-rb/kettle-dev/blob/main/exe/kettle-readme-backers
 
 ### Another way to support open-source
 

From 753700bdbb4e5e732b5793bac059a6303e8c05b5 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 20 Sep 2025 08:49:07 -0600
Subject: [PATCH 604/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20kettle-dev=20v1.1.?=
 =?UTF-8?q?26?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 407565dd..9c101af7 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -103,7 +103,7 @@ GEM
     json (2.13.2)
     jwt (3.1.2)
       base64
-    kettle-dev (1.1.25)
+    kettle-dev (1.1.26)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)

From f57a0211b096365e85b829c340fa77e6f67956f7 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 20 Sep 2025 08:54:02 -0600
Subject: [PATCH 605/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20docs=20site?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                                  |  2 +
 docs/OAuth2.html                              |  2 +-
 docs/OAuth2/AccessToken.html                  |  2 +-
 docs/OAuth2/Authenticator.html                |  2 +-
 docs/OAuth2/Client.html                       |  2 +-
 docs/OAuth2/Error.html                        |  2 +-
 docs/OAuth2/FilteredAttributes.html           |  2 +-
 .../FilteredAttributes/ClassMethods.html      |  2 +-
 docs/OAuth2/Response.html                     |  2 +-
 docs/OAuth2/Strategy.html                     |  2 +-
 docs/OAuth2/Strategy/Assertion.html           |  2 +-
 docs/OAuth2/Strategy/AuthCode.html            |  2 +-
 docs/OAuth2/Strategy/Base.html                |  2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |  2 +-
 docs/OAuth2/Strategy/Implicit.html            |  2 +-
 docs/OAuth2/Strategy/Password.html            |  2 +-
 docs/OAuth2/Version.html                      |  2 +-
 docs/_index.html                              |  2 +-
 docs/file.CHANGELOG.html                      | 14 ++-
 docs/file.CITATION.html                       |  2 +-
 docs/file.CODE_OF_CONDUCT.html                |  2 +-
 docs/file.CONTRIBUTING.html                   |  2 +-
 docs/file.FUNDING.html                        |  2 +-
 docs/file.LICENSE.html                        |  2 +-
 docs/file.OIDC.html                           |  2 +-
 docs/file.README.html                         | 92 ++++++++++---------
 docs/file.REEK.html                           |  2 +-
 docs/file.RUBOCOP.html                        |  2 +-
 docs/file.SECURITY.html                       |  2 +-
 docs/file.access_token.html                   |  2 +-
 docs/file.authenticator.html                  |  2 +-
 docs/file.client.html                         |  2 +-
 docs/file.error.html                          |  2 +-
 docs/file.filtered_attributes.html            |  2 +-
 docs/file.oauth2-2.0.10.gem.html              |  2 +-
 docs/file.oauth2-2.0.11.gem.html              |  2 +-
 docs/file.oauth2-2.0.12.gem.html              |  2 +-
 docs/file.oauth2-2.0.13.gem.html              |  2 +-
 docs/file.oauth2-2.0.14.gem.html              |  2 +-
 docs/file.oauth2-2.0.15.gem.html              |  2 +-
 docs/file.oauth2-2.0.16.gem.html              |  2 +-
 docs/file.oauth2-2.0.17.gem.html              |  2 +-
 docs/file.oauth2.html                         |  2 +-
 docs/file.response.html                       |  2 +-
 docs/file.strategy.html                       |  2 +-
 docs/file.version.html                        |  2 +-
 docs/index.html                               | 92 ++++++++++---------
 docs/top-level-namespace.html                 |  2 +-
 48 files changed, 154 insertions(+), 134 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 67d4ea14..044437fe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -25,6 +25,8 @@ Please file a bug if you notice a violation of semantic versioning.
 ### Changed
 
 - [gh!685][gh!685] - upgrade kettle-dev v1.1.24 by pboling
+- upgrade kettle-dev v1.1.26 by pboling
+  - Add open collective donors to README
 
 ### Deprecated
 
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 3e0fcdaf..3b664d6f 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index c83cc5ea..ff4414d7 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3083,7 +3083,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 5e899294..241b47cc 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index af25fba5..87be2028 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 42fb3123..a53c4daf 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 67a4aa42..fc8d7c2b 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index f09c5ff1..0c5e8f29 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index cc9ba6f4..f0b7430d 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index a674e081..707ec196 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                                                                                                              Defined Under Namespace
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index bafdf1de..ae3bbd75 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 9509bcde..b87c6a3d 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index b6f5ffe6..da18d6d0 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index f58a3e1e..a5a81923 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 0c5b11bc..c43912ac 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 5ec03d21..791d98f0 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 14bb7a4c..7ff03632 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index ceaf684e..65d62e35 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -390,7 +390,7 @@ 
                                                                                                              Namespace Listing A-Z
                                                                                                              
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 6896d328..b9eb2bb9 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -74,11 +74,21 @@ 
                                                                                                              Added
                                                                                                              
 
 
                                                                                                                
   
                                                                                                              • 
-gh!683 Improve documentation by @pboling
                                                                                                                • 
+gh!683, gh!684 - Improve documentation by @pboling
 
                                                                                                              
 
 
                                                                                                              Changed
                                                                                                              
 
+
                                                                                                                
+  
                                                                                                              • 
+gh!685 - upgrade kettle-dev v1.1.24 by pboling
                                                                                                                • 
+  
                                                                                                              • upgrade kettle-dev v1.1.26 by pboling
+    
                                                                                                                  
+      
                                                                                                                • Add open collective donors to README
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+
                                                                                                              
+
 
                                                                                                              Deprecated
                                                                                                              
 
 
                                                                                                              Removed
                                                                                                              
@@ -1280,7 +1290,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 1641271f..34983c8c 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 1ba415b5..2777fe33 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                                                                                                              Attribution
                                                                                                              
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 7753fe72..b4db95e5 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -308,7 +308,7 @@ 
                                                                                                              Manual process
                                                                                                              
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 6482a6ba..79bbca6a 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                                                                                                              Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index bc3e8fef..b0b6f9ae 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                                                                                                              MIT License

                                                                                                              Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                                                                                                              Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                                                                                                              Permission is hereby granted, free of charge, to any person obtaining a copy
                                                                                                              of this software and associated documentation files (the "Software"), to deal
                                                                                                              in the Software without restriction, including without limitation the rights
                                                                                                              to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                                                                                                              copies of the Software, and to permit persons to whom the Software is
                                                                                                              furnished to do so, subject to the following conditions:

                                                                                                              The above copyright notice and this permission notice shall be included in all
                                                                                                              copies or substantial portions of the Software.

                                                                                                              THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                                                                                                              IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                                                                                                              FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                                                                                                              AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                                                                                                              LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                                                                                                              OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                                                                                                              SOFTWARE.
                                                                                                              
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 93c12ff0..8a5530ca 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
                                                                                                              Raw OIDC with ruby-oauth/oauth2
                                                                                                              
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index e69c42b7..540e666f 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -63,7 +63,7 @@ 
                                                                                                              🔐 OAuth 2.0 Authorization Framewor
 
 
                                                                                                              ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
                                                                                                              
 
-
                                                                                                              [![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🔑codecovi]][🔑codecov] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
                                                                                                              
+
                                                                                                              [![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🏀codecovi]][🏀codecov] [![Coveralls Test Coverage][🏀coveralls-img]][🏀coveralls] [![QLTY Test Coverage][🏀qlty-covi]][🏀qlty-cov] [![QLTY Maintainability][🏀qlty-mnti]][🏀qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
                                                                                                              
 
 
                                                                                                              if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
                                                                                                              
 
@@ -181,19 +181,19 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                          |
-|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                               [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                          |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                               [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                            |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                         |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                               [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                              |
-| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor] |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                         |
-| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                                                                                                  |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                 |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                  |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                      |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                   |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                          |
+|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                               [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                          |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                               [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                            |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                         |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                               [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                              |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                       |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                         |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                          |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                  |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                      |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                   |
 
 ### Compatibility
 
@@ -273,13 +273,13 @@ 
                                                                                                              Quick Examples
                                                                                                              
 ### Federated DVCS
 
 
                                                                                                              
-  Find this repo on other forges
+  Find this repo on federated forges
 
 | Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
 |-----------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
-| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]    | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
+| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]    | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜gl-wiki]           | 🐭 Tiny Matrix           | ➖                            |
 | 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb]  | An Ethical Mirror ([Donate][🤝cb-donate])                             | [💚][🤝cb-issues]         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
-| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]    | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | [💚][gh-discussions]         |
+| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]    | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | [💚][📜gh-wiki]           | 💯 Full Matrix           | [💚][gh-discussions]         |
 | 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                              | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
 | 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
 
@@ -1332,19 +1332,30 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 ### Open Collective for Individuals
 
+Support us with a monthly donation and help us continue our activities. [[Become a backer](https://opencollective.com/kettle-rb#backer)]
+
+NOTE: [kettle-readme-backers][kettle-readme-backers] updates this list every day, automatically.
+
 
 No backers yet. Be the first!
 
 
-Support us with a monthly donation and help us continue our activities. [[Become a backer](https://opencollective.com/ruby-oauth#backer)]
-
 ### Open Collective for Organizations
 
+Become a sponsor and get your logo on our README on GitHub with a link to your site. [[Become a sponsor](https://opencollective.com/kettle-rb#sponsor)]
+
+NOTE: [kettle-readme-backers][kettle-readme-backers] updates this list every day, automatically.
+
 
 No sponsors yet. Be the first!
+
+### Open Collective for Donors
+
+
+
 
 
-Become a sponsor and get your logo on our README on GitHub with a link to your site. [[Become a sponsor](https://opencollective.com/ruby-oauth#sponsor)]
+[kettle-readme-backers]: https://github.com/kettle-rb/kettle-dev/blob/main/exe/kettle-readme-backers
 
 ### Another way to support open-source
 
@@ -1384,11 +1395,11 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 ### Code Coverage
 
-[![Coverage Graph][🔑codecov-g]][🔑codecov]
+[![Coverage Graph][🏀codecov-g]][🏀codecov]
 
-[![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]
+[![Coveralls Test Coverage][🏀coveralls-img]][🏀coveralls]
 
-[![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov]
+[![QLTY Test Coverage][🏀qlty-covi]][🏀qlty-cov]
 
 ### 🪇 Code of Conduct
 
@@ -1585,22 +1596,24 @@ 
                                                                                                              Quick Examples
                                                                                                              
 [📜src-gh]: https://github.com/ruby-oauth/oauth2
 [📜docs-cr-rd-img]: https://img.shields.io/badge/RubyDoc-Current_Release-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
 [📜docs-head-rd-img]: https://img.shields.io/badge/YARD_on_Galtzo.com-HEAD-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
-[📜wiki]: https://gitlab.com/ruby-oauth/oauth2/-/wikis/home
-[📜wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=Wiki&logoColor=white
+[📜gl-wiki]: https://gitlab.com/ruby-oauth/oauth2/-/wikis/home
+[📜gh-wiki]: https://github.com/ruby-oauth/oauth2/wiki
+[📜gl-wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=gitlab&logoColor=white
+[📜gh-wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=github&logoColor=white
 [👽dl-rank]: https://rubygems.org/gems/oauth2
 [👽dl-ranki]: https://img.shields.io/gem/rd/oauth2.svg
 [👽oss-help]: https://www.codetriage.com/ruby-oauth/oauth2
 [👽oss-helpi]: https://www.codetriage.com/ruby-oauth/oauth2/badges/users.svg
 [👽version]: https://rubygems.org/gems/oauth2
 [👽versioni]: https://img.shields.io/gem/v/oauth2.svg
-[🔑qlty-mnt]: https://qlty.sh/gh/ruby-oauth/projects/oauth2
-[🔑qlty-mnti]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/maintainability.svg
-[🔑qlty-cov]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/metrics/code?sort=coverageRating
-[🔑qlty-covi]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/coverage.svg
-[🔑codecov]: https://codecov.io/gh/ruby-oauth/oauth2
-[🔑codecovi]: https://codecov.io/gh/ruby-oauth/oauth2/graph/badge.svg
-[🔑coveralls]: https://coveralls.io/github/ruby-oauth/oauth2?branch=main
-[🔑coveralls-img]: https://coveralls.io/repos/github/ruby-oauth/oauth2/badge.svg?branch=main
+[🏀qlty-mnt]: https://qlty.sh/gh/ruby-oauth/projects/oauth2
+[🏀qlty-mnti]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/maintainability.svg
+[🏀qlty-cov]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/metrics/code?sort=coverageRating
+[🏀qlty-covi]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/coverage.svg
+[🏀codecov]: https://codecov.io/gh/ruby-oauth/oauth2
+[🏀codecovi]: https://codecov.io/gh/ruby-oauth/oauth2/graph/badge.svg
+[🏀coveralls]: https://coveralls.io/github/ruby-oauth/oauth2?branch=main
+[🏀coveralls-img]: https://coveralls.io/repos/github/ruby-oauth/oauth2/badge.svg?branch=main
 [🖐codeQL]: https://github.com/ruby-oauth/oauth2/security/code-scanning
 [🖐codeQL-img]: https://github.com/ruby-oauth/oauth2/actions/workflows/codeql-analysis.yml/badge.svg
 [🚎1-an-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/ancient.yml
@@ -1666,7 +1679,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 [🤝cb-pulls]: https://codeberg.org/ruby-oauth/oauth2/pulls
 [🤝cb-donate]: https://donate.codeberg.org/
 [🤝contributing]: CONTRIBUTING.md
-[🔑codecov-g]: https://codecov.io/gh/ruby-oauth/oauth2/graphs/tree.svg
+[🏀codecov-g]: https://codecov.io/gh/ruby-oauth/oauth2/graphs/tree.svg
 [🖐contrib-rocks]: https://contrib.rocks
 [🖐contributors]: https://github.com/ruby-oauth/oauth2/graphs/contributors
 [🖐contributors-img]: https://contrib.rocks/image?repo=ruby-oauth/oauth2
@@ -1713,21 +1726,12 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 
 
-
                                                                                                              
-
-
-
                                                                                                              
-  Broken badges
-
-[![Coverage Graph][🔑codecov-g]][🔑codecov]
-[![CodeCov Test Coverage][🔑codecovi]][🔑codecov]
-
 
                                                                                                              
 
                                                                                                              
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index 94ca44fa..2154e6d9 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 8ebb7fa4..d9a98307 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                                                                                                              Benefits of rubocop_gradual
                                                                                                              
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index a85a26ad..3dc2a451 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -91,7 +91,7 @@ 
                                                                                                              Additional Support
                                                                                                              
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 581ce7a2..60d566fa 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index e9266862..eb82d98a 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index 679d9745..dc64b2e4 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index 2dc3063a..4d74abe8 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index 497b0bc1..15431504 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index 4ad3a95e..2d89274c 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index ba8afba3..a9451206 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index 38b648c7..f829c1dc 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index 7675b534..66d373e8 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
index 75e0e4f0..9753b58c 100644
--- a/docs/file.oauth2-2.0.14.gem.html
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.15.gem.html b/docs/file.oauth2-2.0.15.gem.html
index acc6d04b..f3875132 100644
--- a/docs/file.oauth2-2.0.15.gem.html
+++ b/docs/file.oauth2-2.0.15.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.16.gem.html b/docs/file.oauth2-2.0.16.gem.html
index 645dfeec..84c906f4 100644
--- a/docs/file.oauth2-2.0.16.gem.html
+++ b/docs/file.oauth2-2.0.16.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.17.gem.html b/docs/file.oauth2-2.0.17.gem.html
index 1bd99aa2..f89e982f 100644
--- a/docs/file.oauth2-2.0.17.gem.html
+++ b/docs/file.oauth2-2.0.17.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index c948f189..09663bc0 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index eeb77a37..7fe5d264 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 355274e6..6f732697 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index ed83c163..084c30a1 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/index.html b/docs/index.html
index 2ac32ab5..8665487f 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -63,7 +63,7 @@ 
                                                                                                              🔐 OAuth 2.0 Authorization Framewor
 
 
                                                                                                              ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
                                                                                                              
 
-
                                                                                                              [![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🔑codecovi]][🔑codecov] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
                                                                                                              
+
                                                                                                              [![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🏀codecovi]][🏀codecov] [![Coveralls Test Coverage][🏀coveralls-img]][🏀coveralls] [![QLTY Test Coverage][🏀qlty-covi]][🏀qlty-cov] [![QLTY Maintainability][🏀qlty-mnti]][🏀qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
                                                                                                              
 
 
                                                                                                              if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
                                                                                                              
 
@@ -181,19 +181,19 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                          |
-|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                               [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                          |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                               [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                            |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                         |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                               [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                              |
-| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor] |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                         |
-| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                                                                                                  |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                 |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                  |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                      |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                   |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                          |
+|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                               [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                          |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                               [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                            |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                         |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                               [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                              |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                       |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                         |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                          |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                  |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                      |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                   |
 
 ### Compatibility
 
@@ -273,13 +273,13 @@ 
                                                                                                              Quick Examples
                                                                                                              
 ### Federated DVCS
 
 
                                                                                                              
-  Find this repo on other forges
+  Find this repo on federated forges
 
 | Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
 |-----------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
-| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]    | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
+| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]    | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜gl-wiki]           | 🐭 Tiny Matrix           | ➖                            |
 | 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb]  | An Ethical Mirror ([Donate][🤝cb-donate])                             | [💚][🤝cb-issues]         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
-| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]    | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | [💚][gh-discussions]         |
+| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]    | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | [💚][📜gh-wiki]           | 💯 Full Matrix           | [💚][gh-discussions]         |
 | 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                              | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
 | 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
 
@@ -1332,19 +1332,30 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 ### Open Collective for Individuals
 
+Support us with a monthly donation and help us continue our activities. [[Become a backer](https://opencollective.com/kettle-rb#backer)]
+
+NOTE: [kettle-readme-backers][kettle-readme-backers] updates this list every day, automatically.
+
 
 No backers yet. Be the first!
 
 
-Support us with a monthly donation and help us continue our activities. [[Become a backer](https://opencollective.com/ruby-oauth#backer)]
-
 ### Open Collective for Organizations
 
+Become a sponsor and get your logo on our README on GitHub with a link to your site. [[Become a sponsor](https://opencollective.com/kettle-rb#sponsor)]
+
+NOTE: [kettle-readme-backers][kettle-readme-backers] updates this list every day, automatically.
+
 
 No sponsors yet. Be the first!
+
+### Open Collective for Donors
+
+
+
 
 
-Become a sponsor and get your logo on our README on GitHub with a link to your site. [[Become a sponsor](https://opencollective.com/ruby-oauth#sponsor)]
+[kettle-readme-backers]: https://github.com/kettle-rb/kettle-dev/blob/main/exe/kettle-readme-backers
 
 ### Another way to support open-source
 
@@ -1384,11 +1395,11 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 ### Code Coverage
 
-[![Coverage Graph][🔑codecov-g]][🔑codecov]
+[![Coverage Graph][🏀codecov-g]][🏀codecov]
 
-[![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]
+[![Coveralls Test Coverage][🏀coveralls-img]][🏀coveralls]
 
-[![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov]
+[![QLTY Test Coverage][🏀qlty-covi]][🏀qlty-cov]
 
 ### 🪇 Code of Conduct
 
@@ -1585,22 +1596,24 @@ 
                                                                                                              Quick Examples
                                                                                                              
 [📜src-gh]: https://github.com/ruby-oauth/oauth2
 [📜docs-cr-rd-img]: https://img.shields.io/badge/RubyDoc-Current_Release-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
 [📜docs-head-rd-img]: https://img.shields.io/badge/YARD_on_Galtzo.com-HEAD-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
-[📜wiki]: https://gitlab.com/ruby-oauth/oauth2/-/wikis/home
-[📜wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=Wiki&logoColor=white
+[📜gl-wiki]: https://gitlab.com/ruby-oauth/oauth2/-/wikis/home
+[📜gh-wiki]: https://github.com/ruby-oauth/oauth2/wiki
+[📜gl-wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=gitlab&logoColor=white
+[📜gh-wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=github&logoColor=white
 [👽dl-rank]: https://rubygems.org/gems/oauth2
 [👽dl-ranki]: https://img.shields.io/gem/rd/oauth2.svg
 [👽oss-help]: https://www.codetriage.com/ruby-oauth/oauth2
 [👽oss-helpi]: https://www.codetriage.com/ruby-oauth/oauth2/badges/users.svg
 [👽version]: https://rubygems.org/gems/oauth2
 [👽versioni]: https://img.shields.io/gem/v/oauth2.svg
-[🔑qlty-mnt]: https://qlty.sh/gh/ruby-oauth/projects/oauth2
-[🔑qlty-mnti]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/maintainability.svg
-[🔑qlty-cov]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/metrics/code?sort=coverageRating
-[🔑qlty-covi]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/coverage.svg
-[🔑codecov]: https://codecov.io/gh/ruby-oauth/oauth2
-[🔑codecovi]: https://codecov.io/gh/ruby-oauth/oauth2/graph/badge.svg
-[🔑coveralls]: https://coveralls.io/github/ruby-oauth/oauth2?branch=main
-[🔑coveralls-img]: https://coveralls.io/repos/github/ruby-oauth/oauth2/badge.svg?branch=main
+[🏀qlty-mnt]: https://qlty.sh/gh/ruby-oauth/projects/oauth2
+[🏀qlty-mnti]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/maintainability.svg
+[🏀qlty-cov]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/metrics/code?sort=coverageRating
+[🏀qlty-covi]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/coverage.svg
+[🏀codecov]: https://codecov.io/gh/ruby-oauth/oauth2
+[🏀codecovi]: https://codecov.io/gh/ruby-oauth/oauth2/graph/badge.svg
+[🏀coveralls]: https://coveralls.io/github/ruby-oauth/oauth2?branch=main
+[🏀coveralls-img]: https://coveralls.io/repos/github/ruby-oauth/oauth2/badge.svg?branch=main
 [🖐codeQL]: https://github.com/ruby-oauth/oauth2/security/code-scanning
 [🖐codeQL-img]: https://github.com/ruby-oauth/oauth2/actions/workflows/codeql-analysis.yml/badge.svg
 [🚎1-an-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/ancient.yml
@@ -1666,7 +1679,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 [🤝cb-pulls]: https://codeberg.org/ruby-oauth/oauth2/pulls
 [🤝cb-donate]: https://donate.codeberg.org/
 [🤝contributing]: CONTRIBUTING.md
-[🔑codecov-g]: https://codecov.io/gh/ruby-oauth/oauth2/graphs/tree.svg
+[🏀codecov-g]: https://codecov.io/gh/ruby-oauth/oauth2/graphs/tree.svg
 [🖐contrib-rocks]: https://contrib.rocks
 [🖐contributors]: https://github.com/ruby-oauth/oauth2/graphs/contributors
 [🖐contributors-img]: https://contrib.rocks/image?repo=ruby-oauth/oauth2
@@ -1713,21 +1726,12 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 
 
-
                                                                                                              
-
-
-
                                                                                                              
-  Broken badges
-
-[![Coverage Graph][🔑codecov-g]][🔑codecov]
-[![CodeCov Test Coverage][🔑codecovi]][🔑codecov]
-
 
                                                                                                              
 
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 47e1417a..f93410b3 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                                                                                                              Defined Under Namespace
                                                                                                              
 
 
       

From 406c061d9952c2d9159b0737e7fc20d19758be95 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 20 Sep 2025 18:34:40 -0600
Subject: [PATCH 606/645] =?UTF-8?q?=F0=9F=9A=A8=20Linting=20rules=20update?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .rubocop_rspec.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.rubocop_rspec.yml b/.rubocop_rspec.yml
index df5911b2..45f84ad3 100644
--- a/.rubocop_rspec.yml
+++ b/.rubocop_rspec.yml
@@ -18,7 +18,7 @@ RSpec/InstanceVariable:
 
 RSpec/NestedGroups:
   Enabled: false
-  
+
 RSpec/ExpectInHook:
   Enabled: false
 
@@ -28,3 +28,7 @@ RSpec/DescribeClass:
 
 RSpec/MultipleMemoizedHelpers:
   Enabled: false
+
+RSpec/SpecFilePathFormat:
+  CustomTransform:
+    "OAuth": "oauth"

From b5a1648ad7c3d0a1ea37f10a68ece6422e251a57 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 25 Sep 2025 08:04:14 -0600
Subject: [PATCH 607/645] =?UTF-8?q?=F0=9F=A7=91=E2=80=8D=F0=9F=92=BB=20IDE?=
 =?UTF-8?q?=20Settings?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/copilot.data.migration.agent.xml     | 6 ++++++
 .idea/copilot.data.migration.ask.xml       | 6 ++++++
 .idea/copilot.data.migration.ask2agent.xml | 6 ++++++
 .idea/copilot.data.migration.edit.xml      | 6 ++++++
 4 files changed, 24 insertions(+)
 create mode 100644 .idea/copilot.data.migration.agent.xml
 create mode 100644 .idea/copilot.data.migration.ask.xml
 create mode 100644 .idea/copilot.data.migration.ask2agent.xml
 create mode 100644 .idea/copilot.data.migration.edit.xml

diff --git a/.idea/copilot.data.migration.agent.xml b/.idea/copilot.data.migration.agent.xml
new file mode 100644
index 00000000..4ea72a91
--- /dev/null
+++ b/.idea/copilot.data.migration.agent.xml
@@ -0,0 +1,6 @@
+
+
+  
+    
+
\ No newline at end of file
diff --git a/.idea/copilot.data.migration.ask.xml b/.idea/copilot.data.migration.ask.xml
new file mode 100644
index 00000000..7ef04e2e
--- /dev/null
+++ b/.idea/copilot.data.migration.ask.xml
@@ -0,0 +1,6 @@
+
+
+  
+    
+
\ No newline at end of file
diff --git a/.idea/copilot.data.migration.ask2agent.xml b/.idea/copilot.data.migration.ask2agent.xml
new file mode 100644
index 00000000..1f2ea11e
--- /dev/null
+++ b/.idea/copilot.data.migration.ask2agent.xml
@@ -0,0 +1,6 @@
+
+
+  
+    
+
\ No newline at end of file
diff --git a/.idea/copilot.data.migration.edit.xml b/.idea/copilot.data.migration.edit.xml
new file mode 100644
index 00000000..8648f940
--- /dev/null
+++ b/.idea/copilot.data.migration.edit.xml
@@ -0,0 +1,6 @@
+
+
+  
+    
+
\ No newline at end of file

From 4b651294e0d0338af16936de3e18b9e63a9f7f4d Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 25 Sep 2025 08:13:45 -0600
Subject: [PATCH 608/645] =?UTF-8?q?=F0=9F=94=90=20Add=20draft=20IRP?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 IRP.md                                        | 117 ++++++++++
 README.md                                     |  32 +--
 SECURITY.md                                   |   3 +
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              |  67 +++---
 docs/file.CHANGELOG.html                      |   2 +-
 docs/file.CITATION.html                       |   2 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.IRP.html                            | 218 ++++++++++++++++++
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           |   2 +-
 docs/file.README.html                         |  34 +--
 docs/file.REEK.html                           |   2 +-
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   4 +-
 docs/file.access_token.html                   |   2 +-
 docs/file.authenticator.html                  |   2 +-
 docs/file.client.html                         |   2 +-
 docs/file.error.html                          |   2 +-
 docs/file.filtered_attributes.html            |   2 +-
 docs/file.oauth2-2.0.10.gem.html              |   2 +-
 docs/file.oauth2-2.0.11.gem.html              |   2 +-
 docs/file.oauth2-2.0.12.gem.html              |   2 +-
 docs/file.oauth2-2.0.13.gem.html              |   2 +-
 docs/file.oauth2-2.0.14.gem.html              |   2 +-
 docs/file.oauth2-2.0.15.gem.html              |   2 +-
 docs/file.oauth2-2.0.16.gem.html              |   2 +-
 docs/file.oauth2-2.0.17.gem.html              |   2 +-
 docs/file.oauth2.html                         |   2 +-
 docs/file.response.html                       |   2 +-
 docs/file.strategy.html                       |   2 +-
 docs/file.version.html                        |   2 +-
 docs/file_list.html                           |  67 +++---
 docs/index.html                               |  34 +--
 docs/top-level-namespace.html                 |   2 +-
 oauth2.gemspec                                |   1 +
 53 files changed, 509 insertions(+), 154 deletions(-)
 create mode 100644 IRP.md
 create mode 100644 docs/file.IRP.html

diff --git a/IRP.md b/IRP.md
new file mode 100644
index 00000000..e80ae39a
--- /dev/null
+++ b/IRP.md
@@ -0,0 +1,117 @@
+# Incident Response Plan (IRP)
+
+Status: Draft
+
+Purpose
+-------
+This Incident Response Plan (IRP) defines the steps the project maintainer(s) will follow when handling security incidents related to the `oauth2` gem. It is written for a small project with a single primary maintainer and is intended to be practical, concise, and actionable.
+
+Scope
+-----
+Applies to security incidents that affect the `oauth2` codebase, releases (gems), CI/CD infrastructure related to building and publishing the gem, repository credentials, or any compromise of project infrastructure that could impact users.
+
+Key assumptions
+- This project is maintained primarily by a single maintainer.
+- Public vulnerability disclosure is handled via Tidelift (see `SECURITY.md`).
+- The maintainer will act as incident commander unless otherwise delegated.
+
+Contact & Roles
+---------------
+- Incident Commander: Primary maintainer (repo owner). Responsible for coordinating triage, remediation, and communications.
+- Secondary Contact: (optional) A trusted collaborator or organization contact if available.
+
+If you are an external reporter
+- Do not publicly disclose details of an active vulnerability before coordination via Tidelift.
+- See `SECURITY.md` for Tidelift disclosure instructions. If the reporter has questions and cannot use Tidelift, they may open a direct encrypted report as described in `SECURITY.md` (if available) or email the maintainer contact listed in the repository.
+
+Incident Handling Workflow (high level)
+---------------------------------------
+1. Identification & Reporting
+   - Reports may arrive via Tidelift, issue tracker, direct email, or third-party advisories.
+   - Immediately acknowledge receipt (within 24-72 hours) via the reporting channel.
+
+2. Triage & Initial Assessment (first 72 hours)
+   - Confirm the report is not duplicative and gather: reproducer, affected versions, attack surface, exploitability, and CVSS-like severity estimate.
+   - Verify the issue against the codebase and reproduce locally if possible.
+   - Determine scope: which versions are affected, whether the issue is in code paths executed in common setups, and whether a workaround exists.
+
+3. Containment & Mitigation
+   - If a simple mitigation or workaround (configuration change, safe default, or recommended upgrade) exists, document it clearly in the issue/Tidelift advisory.
+   - If immediate removal of a release is required (rare), consult Tidelift for coordinated takedown and notify package hosts if applicable.
+
+4. Remediation & Patch
+   - Prepare a fix in a branch with tests and changelog entries. Prefer minimal, well-tested changes.
+   - Include tests that reproduce the faulty behavior and demonstrate the fix.
+   - Hardening: add fuzz tests, input validation, or additional checks as appropriate.
+
+5. Release & Disclosure
+   - Coordinate disclosure through Tidelift per `SECURITY.md` timelines. Aim for a coordinated disclosure and patch release to minimize risk to users.
+   - Publish a patch release (increment gem version) and an advisory via Tidelift.
+   - Update `CHANGELOG.md` and repository release notes with non-sensitive details.
+
+6. Post-Incident
+   - Produce a short postmortem: timeline, root cause, actions taken, and follow-ups.
+   - Add/adjust tests and CI checks to prevent regressions.
+   - If credentials or infrastructure were compromised, rotate secrets and audit access.
+
+Severity classification (guidance)
+---------------------------------
+- High/Critical: Remote code execution, data exfiltration, or any vulnerability that can be exploited without user interaction. Immediate action and prioritized patching.
+- Medium: Privilege escalation, sensitive information leaks that require specific conditions. Patch in the next release cycle with advisory.
+- Low: Minor information leaks, UI issues, or non-exploitable bugs. Fix normally and include in the next scheduled release.
+
+Preservation of evidence
+------------------------
+- Preserve all reporter-provided data, logs, and reproducer code in a secure location (local encrypted storage or private branch) for the investigation.
+- Do not publish evidence that would enable exploitation before coordinated disclosure.
+
+Communication templates
+-----------------------
+Acknowledgement (to reporter)
+
+"Thank you for reporting this issue. I've received your report and will triage it within 72 hours. If you can, please provide reproduction steps, affected versions, and any exploit PoC. I will coordinate disclosure through Tidelift per the project's security policy."
+
+Public advisory (after patch is ready)
+
+"A security advisory for oauth2 (versions X.Y.Z) has been published via Tidelift. Please upgrade to version A.B.C which patches [brief description]. See the advisory for details and recommended mitigations."
+
+Runbook: Quick steps for a maintainer to patch and release
+---------------------------------------------------------
+1. Create a branch: `git checkout -b fix/security-brief-description`
+2. Reproduce the issue locally and add a regression spec in `spec/`.
+3. Implement the fix and run the test suite: `bundle exec rspec` (or the project's preferred test command).
+4. Bump version in `lib/oauth2/version.rb` following semantic versioning.
+5. Update `CHANGELOG.md` with an entry describing the fix (avoid exploit details).
+6. Commit and push the branch, open a PR, and merge after approvals.
+7. Build and push the gem: `gem build oauth2.gemspec && gem push pkg/...` (coordinate with Tidelift before public push if disclosure is coordinated).
+8. Publish a release on GitHub and ensure the Tidelift advisory is posted.
+
+Operational notes
+-----------------
+- Secrets: Use local encrypted storage for any sensitive reporter data. If repository or CI secrets may be compromised, rotate them immediately and update dependent services.
+- Access control: Limit who can publish gems and who has admin access to the repo. Keep an up-to-date list of collaborators in a secure place.
+
+Legal & regulatory
+------------------
+- If the incident involves user data or has legal implications, consult legal counsel or the maintainers' employer as appropriate. The maintainer should document the timeline and all communications.
+
+Retrospective & continuous improvement
+-------------------------------------
+After an incident, perform a brief post-incident review covering:
+- What happened and why
+- What was done to contain and remediate
+- What tests or process changes will prevent recurrence
+- Assign owners and deadlines for follow-up tasks
+
+References
+----------
+- See `SECURITY.md` for the project's official disclosure channel (Tidelift).
+
+Appendix: Example checklist for an incident
+------------------------------------------
+- [ ] Acknowledge report to reporter (24-72 hours)
+- [ ] Reproduce and classify severity
+- [ ] Prepare and test a fix in a branch
+- [ ] Coordinate disclosure via Tidelift
+- [ ] Publish patch release and advisory
+- [ ] Postmortem and follow-up actions
diff --git a/README.md b/README.md
index f8e13f12..15f081c5 100644
--- a/README.md
+++ b/README.md
@@ -129,19 +129,19 @@ If it seems like you are in the wrong place, you might try one of these:
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                          |
-|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                               [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                          |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                               [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                            |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                         |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                               [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                              |
-| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                       |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                         |
-| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                          |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                  |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                      |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                   |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                        |
+|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                               [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                        |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                               [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                          |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                       |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                               [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                            |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                     |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                       |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                        |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                    |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                 |
 
 ### Compatibility
 
@@ -511,7 +511,7 @@ of a major release, support for that Ruby version may be dropped.
 | 3️⃣ | older               | N/A                | Best of luck to you! | Please upgrade!         |                              |
 
 NOTE: The 1.4 series will only receive critical security updates.
-See [SECURITY.md][🔐security].
+See [SECURITY.md][🔐security] and [IRP.md][🔐irp].
 
 ## ⚙️ Configuration
 
@@ -1325,7 +1325,7 @@ I’m developing a new library, [floss_funding][🖇floss-funding-gem], designed
 To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 
-For more see [SECURITY.md][🔐security].
+For more see [SECURITY.md][🔐security] and [IRP.md][🔐irp].
 
 ## 🤝 Contributing
 
@@ -1648,6 +1648,8 @@ Thanks for RTFM. ☺️
 [🧮kloc-img]: https://img.shields.io/badge/KLOC-0.526-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
+[🔐irp]: IRP.md
+[🔐irp-img]: https://img.shields.io/badge/irp-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
 [📄license]: LICENSE.txt
 [📄license-ref]: https://opensource.org/licenses/MIT
diff --git a/SECURITY.md b/SECURITY.md
index a319529f..e295726c 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -12,6 +12,8 @@ To report a security vulnerability, please use the
 [Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 
+More detailed explanation of the process is in [IRP.md][IRP]
+
 ## Additional Support
 
 If you are interested in support for versions older than the latest release,
@@ -19,3 +21,4 @@ please consider sponsoring the project / maintainer @ https://liberapay.com/pbol
 or find other sponsorship links in the [README].
 
 [README]: README.md
+[IRP]: IRP.md
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 3b664d6f..1e3c3468 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index ff4414d7..f7d97474 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3083,7 +3083,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 241b47cc..5f2dda28 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 87be2028..6bafad99 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index a53c4daf..c4633eda 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index fc8d7c2b..06bf41be 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 0c5e8f29..fd1d9162 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index f0b7430d..8136150c 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 707ec196..c5eb1311 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                                                                                                              Defined Under Namespace
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index ae3bbd75..8dcb69cb 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index b87c6a3d..0d6bf5a3 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index da18d6d0..dbdc8af0 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index a5a81923..c5ed61d8 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index c43912ac..42064b4c 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 791d98f0..47344a51 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 7ff03632..c9814a83 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 65d62e35..a97b0e0d 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -75,97 +75,100 @@ 
                                                                                                              File Listing
                                                                                                              
     
                                                                                                            • FUNDING
                                                                                                              • 
     
   
-    
                                                                                                            • OIDC
                                                                                                              • 
+    
                                                                                                            • IRP
                                                                                                              • 
     
   
-    
                                                                                                            • RUBOCOP
                                                                                                              • 
+    
                                                                                                            • OIDC
                                                                                                              • 
     
   
-    
                                                                                                            • SECURITY
                                                                                                              • 
+    
                                                                                                            • RUBOCOP
                                                                                                              • 
     
   
-    
                                                                                                            • LICENSE
                                                                                                              • 
+    
                                                                                                            • SECURITY
                                                                                                              • 
     
   
-    
                                                                                                            • CITATION
                                                                                                              • 
+    
                                                                                                            • LICENSE
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.10.gem
                                                                                                              • 
+    
                                                                                                            • CITATION
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.11.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.10.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.12.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.11.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.13.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.12.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.14.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.13.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.15.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.14.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.16.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.15.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.17.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.16.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.10.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.17.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.11.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.10.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.12.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.11.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.13.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.12.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.14.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.13.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.15.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.14.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.16.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.15.gem
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2-2.0.17.gem
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.16.gem
                                                                                                              • 
     
   
-    
                                                                                                            • REEK
                                                                                                              • 
+    
                                                                                                            • oauth2-2.0.17.gem
                                                                                                              • 
     
   
-    
                                                                                                            • access_token
                                                                                                              • 
+    
                                                                                                            • REEK
                                                                                                              • 
     
   
-    
                                                                                                            • authenticator
                                                                                                              • 
+    
                                                                                                            • access_token
                                                                                                              • 
     
   
-    
                                                                                                            • client
                                                                                                              • 
+    
                                                                                                            • authenticator
                                                                                                              • 
     
   
-    
                                                                                                            • error
                                                                                                              • 
+    
                                                                                                            • client
                                                                                                              • 
     
   
-    
                                                                                                            • filtered_attributes
                                                                                                              • 
+    
                                                                                                            • error
                                                                                                              • 
     
   
-    
                                                                                                            • response
                                                                                                              • 
+    
                                                                                                            • filtered_attributes
                                                                                                              • 
     
   
-    
                                                                                                            • strategy
                                                                                                              • 
+    
                                                                                                            • response
                                                                                                              • 
     
   
-    
                                                                                                            • version
                                                                                                              • 
+    
                                                                                                            • strategy
                                                                                                              • 
     
   
-    
                                                                                                            • oauth2
                                                                                                              • 
+    
                                                                                                            • version
                                                                                                              • 
+    
+  
+    
                                                                                                            • oauth2
                                                                                                              • 
     
   
   
                                                                                                            
@@ -390,7 +393,7 @@ 
                                                                                                            Namespace Listing A-Z
                                                                                                            
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index b9eb2bb9..eac16fe4 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -1290,7 +1290,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 34983c8c..f5619201 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 2777fe33..4b2c9cff 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                                                                                                            Attribution
                                                                                                            
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index b4db95e5..892243e0 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -308,7 +308,7 @@ 
                                                                                                            Manual process
                                                                                                            
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 79bbca6a..dddb80ee 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                                                                                                            Another Way to Support Open
 
 
       
diff --git a/docs/file.IRP.html b/docs/file.IRP.html
new file mode 100644
index 00000000..1272fe95
--- /dev/null
+++ b/docs/file.IRP.html
@@ -0,0 +1,218 @@
+
+
+  
+    
+
+
+  File: IRP
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                                                                                                            
+      
+      
                                                                                                            
+    
                                                                                                            
+
+    
                                                                                                            
+      
+
+      
                                                                                                            Incident Response Plan (IRP)
                                                                                                            
+
+
                                                                                                            Status: Draft
                                                                                                            
+
+
                                                                                                            Purpose
                                                                                                            
+
                                                                                                            This Incident Response Plan (IRP) defines the steps the project maintainer(s) will follow when handling security incidents related to the oauth2 gem. It is written for a small project with a single primary maintainer and is intended to be practical, concise, and actionable.
                                                                                                            
+
+
                                                                                                            Scope
                                                                                                            
+
                                                                                                            Applies to security incidents that affect the oauth2 codebase, releases (gems), CI/CD infrastructure related to building and publishing the gem, repository credentials, or any compromise of project infrastructure that could impact users.
                                                                                                            
+
+
                                                                                                            Key assumptions
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • This project is maintained primarily by a single maintainer.
                                                                                                              • 
+  
                                                                                                            • Public vulnerability disclosure is handled via Tidelift (see SECURITY.md).
                                                                                                              • 
+  
                                                                                                            • The maintainer will act as incident commander unless otherwise delegated.
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            Contact & Roles
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • Incident Commander: Primary maintainer (repo owner). Responsible for coordinating triage, remediation, and communications.
                                                                                                              • 
+  
                                                                                                            • Secondary Contact: (optional) A trusted collaborator or organization contact if available.
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            If you are an external reporter
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • Do not publicly disclose details of an active vulnerability before coordination via Tidelift.
                                                                                                              • 
+  
                                                                                                            • See SECURITY.md for Tidelift disclosure instructions. If the reporter has questions and cannot use Tidelift, they may open a direct encrypted report as described in SECURITY.md (if available) or email the maintainer contact listed in the repository.
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            Incident Handling Workflow (high level)
                                                                                                            
+
                                                                                                              
+  
                                                                                                            1. Identification & Reporting
+    
                                                                                                                
+      
                                                                                                              • Reports may arrive via Tidelift, issue tracker, direct email, or third-party advisories.
                                                                                                                • 
+      
                                                                                                              • Immediately acknowledge receipt (within 24-72 hours) via the reporting channel.
                                                                                                                • 
+    
                                                                                                              
+  
                                                                                                              2. 
+  
                                                                                                            2. Triage & Initial Assessment (first 72 hours)
+    
                                                                                                                
+      
                                                                                                              • Confirm the report is not duplicative and gather: reproducer, affected versions, attack surface, exploitability, and CVSS-like severity estimate.
                                                                                                                • 
+      
                                                                                                              • Verify the issue against the codebase and reproduce locally if possible.
                                                                                                                • 
+      
                                                                                                              • Determine scope: which versions are affected, whether the issue is in code paths executed in common setups, and whether a workaround exists.
                                                                                                                • 
+    
                                                                                                              
+  
                                                                                                              3. 
+  
                                                                                                            3. Containment & Mitigation
+    
                                                                                                                
+      
                                                                                                              • If a simple mitigation or workaround (configuration change, safe default, or recommended upgrade) exists, document it clearly in the issue/Tidelift advisory.
                                                                                                                • 
+      
                                                                                                              • If immediate removal of a release is required (rare), consult Tidelift for coordinated takedown and notify package hosts if applicable.
                                                                                                                • 
+    
                                                                                                              
+  
                                                                                                              4. 
+  
                                                                                                            4. Remediation & Patch
+    
                                                                                                                
+      
                                                                                                              • Prepare a fix in a branch with tests and changelog entries. Prefer minimal, well-tested changes.
                                                                                                                • 
+      
                                                                                                              • Include tests that reproduce the faulty behavior and demonstrate the fix.
                                                                                                                • 
+      
                                                                                                              • Hardening: add fuzz tests, input validation, or additional checks as appropriate.
                                                                                                                • 
+    
                                                                                                              
+  
                                                                                                              5. 
+  
                                                                                                            5. Release & Disclosure
+    
                                                                                                                
+      
                                                                                                              • Coordinate disclosure through Tidelift per SECURITY.md timelines. Aim for a coordinated disclosure and patch release to minimize risk to users.
                                                                                                                • 
+      
                                                                                                              • Publish a patch release (increment gem version) and an advisory via Tidelift.
                                                                                                                • 
+      
                                                                                                              • Update CHANGELOG.md and repository release notes with non-sensitive details.
                                                                                                                • 
+    
                                                                                                              
+  
                                                                                                              6. 
+  
                                                                                                            6. Post-Incident
+    
                                                                                                                
+      
                                                                                                              • Produce a short postmortem: timeline, root cause, actions taken, and follow-ups.
                                                                                                                • 
+      
                                                                                                              • Add/adjust tests and CI checks to prevent regressions.
                                                                                                                • 
+      
                                                                                                              • If credentials or infrastructure were compromised, rotate secrets and audit access.
                                                                                                                • 
+    
                                                                                                              
+  
                                                                                                              7. 
+
                                                                                                            
+
+
                                                                                                            Severity classification (guidance)
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • High/Critical: Remote code execution, data exfiltration, or any vulnerability that can be exploited without user interaction. Immediate action and prioritized patching.
                                                                                                              • 
+  
                                                                                                            • Medium: Privilege escalation, sensitive information leaks that require specific conditions. Patch in the next release cycle with advisory.
                                                                                                              • 
+  
                                                                                                            • Low: Minor information leaks, UI issues, or non-exploitable bugs. Fix normally and include in the next scheduled release.
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            Preservation of evidence
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • Preserve all reporter-provided data, logs, and reproducer code in a secure location (local encrypted storage or private branch) for the investigation.
                                                                                                              • 
+  
                                                                                                            • Do not publish evidence that would enable exploitation before coordinated disclosure.
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            Communication templates
                                                                                                            
+
                                                                                                            Acknowledgement (to reporter)
                                                                                                            
+
+
                                                                                                            “Thank you for reporting this issue. I’ve received your report and will triage it within 72 hours. If you can, please provide reproduction steps, affected versions, and any exploit PoC. I will coordinate disclosure through Tidelift per the project’s security policy.”
                                                                                                            
+
+
                                                                                                            Public advisory (after patch is ready)
                                                                                                            
+
+
                                                                                                            “A security advisory for oauth2 (versions X.Y.Z) has been published via Tidelift. Please upgrade to version A.B.C which patches [brief description]. See the advisory for details and recommended mitigations.”
                                                                                                            
+
+
                                                                                                            Runbook: Quick steps for a maintainer to patch and release
                                                                                                            
+
                                                                                                              
+  
                                                                                                            1. Create a branch: git checkout -b fix/security-brief-description
+
                                                                                                              2. 
+  
                                                                                                            2. Reproduce the issue locally and add a regression spec in spec/.
                                                                                                              3. 
+  
                                                                                                            3. Implement the fix and run the test suite: bundle exec rspec (or the project’s preferred test command).
                                                                                                              4. 
+  
                                                                                                            4. Bump version in lib/oauth2/version.rb following semantic versioning.
                                                                                                              5. 
+  
                                                                                                            5. Update CHANGELOG.md with an entry describing the fix (avoid exploit details).
                                                                                                              6. 
+  
                                                                                                            6. Commit and push the branch, open a PR, and merge after approvals.
                                                                                                              7. 
+  
                                                                                                            7. Build and push the gem: gem build oauth2.gemspec && gem push pkg/... (coordinate with Tidelift before public push if disclosure is coordinated).
                                                                                                              8. 
+  
                                                                                                            8. Publish a release on GitHub and ensure the Tidelift advisory is posted.
                                                                                                              9. 
+
                                                                                                            
+
+
                                                                                                            Operational notes
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • Secrets: Use local encrypted storage for any sensitive reporter data. If repository or CI secrets may be compromised, rotate them immediately and update dependent services.
                                                                                                              • 
+  
                                                                                                            • Access control: Limit who can publish gems and who has admin access to the repo. Keep an up-to-date list of collaborators in a secure place.
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            Legal & regulatory
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • If the incident involves user data or has legal implications, consult legal counsel or the maintainers’ employer as appropriate. The maintainer should document the timeline and all communications.
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            Retrospective & continuous improvement
                                                                                                            
+
                                                                                                            After an incident, perform a brief post-incident review covering:
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • What happened and why
                                                                                                              • 
+  
                                                                                                            • What was done to contain and remediate
                                                                                                              • 
+  
                                                                                                            • What tests or process changes will prevent recurrence
                                                                                                              • 
+  
                                                                                                            • Assign owners and deadlines for follow-up tasks
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            References
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • See SECURITY.md for the project’s official disclosure channel (Tidelift).
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            Appendix: Example checklist for an incident
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • 
+Acknowledge report to reporter (24-72 hours)
                                                                                                              • 
+  
                                                                                                            • 
+Reproduce and classify severity
                                                                                                              • 
+  
                                                                                                            • 
+Prepare and test a fix in a branch
                                                                                                              • 
+  
                                                                                                            • 
+Coordinate disclosure via Tidelift
                                                                                                              • 
+  
                                                                                                            • 
+Publish patch release and advisory
                                                                                                              • 
+  
                                                                                                            • 
+Postmortem and follow-up actions
                                                                                                              • 
+
                                                                                                            
+
                                                                                                            
+
+      
+
+    
                                                                                                            
+  
+
\ No newline at end of file
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index b0b6f9ae..4d29fd40 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                                                                                                            MIT License

                                                                                                            Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                                                                                                            Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                                                                                                            Permission is hereby granted, free of charge, to any person obtaining a copy
                                                                                                            of this software and associated documentation files (the "Software"), to deal
                                                                                                            in the Software without restriction, including without limitation the rights
                                                                                                            to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                                                                                                            copies of the Software, and to permit persons to whom the Software is
                                                                                                            furnished to do so, subject to the following conditions:

                                                                                                            The above copyright notice and this permission notice shall be included in all
                                                                                                            copies or substantial portions of the Software.

                                                                                                            THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                                                                                                            IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                                                                                                            FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                                                                                                            AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                                                                                                            LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                                                                                                            OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                                                                                                            SOFTWARE.
                                                                                                            
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 8a5530ca..acaec720 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
                                                                                                            Raw OIDC with ruby-oauth/oauth2
                                                                                                            
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 540e666f..bd7449c0 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -181,19 +181,19 @@ 
                                                                                                            Quick Examples
                                                                                                            
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                          |
-|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                          |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                            |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                         |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                              |
-| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                       |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                         |
-| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                          |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                  |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                      |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                   |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                        |
+|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                        |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                          |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                       |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                            |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                     |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                       |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                        |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                    |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                 |
 
 ### Compatibility
 
@@ -563,7 +563,7 @@ 
                                                                                                            Quick Examples
                                                                                                            
 | 3️⃣ | older               | N/A                | Best of luck to you! | Please upgrade!         |                              |
 
 NOTE: The 1.4 series will only receive critical security updates.
-See [SECURITY.md][🔐security].
+See [SECURITY.md][🔐security] and [IRP.md][🔐irp].
 
 ## ⚙️ Configuration
 
@@ -1377,7 +1377,7 @@ 
                                                                                                            Quick Examples
                                                                                                            
 To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 
-For more see [SECURITY.md][🔐security].
+For more see [SECURITY.md][🔐security] and [IRP.md][🔐irp].
 
 ## 🤝 Contributing
 
@@ -1700,6 +1700,8 @@ 
                                                                                                            Quick Examples
                                                                                                            
 [🧮kloc-img]: https://img.shields.io/badge/KLOC-0.526-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
+[🔐irp]: IRP.md
+[🔐irp-img]: https://img.shields.io/badge/irp-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
 [📄license]: LICENSE.txt
 [📄license-ref]: https://opensource.org/licenses/MIT
@@ -1731,7 +1733,7 @@ 
                                                                                                            Quick Examples
                                                                                                            
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index 2154e6d9..9fc5bb19 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index d9a98307..b3ea38b7 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                                                                                                            Benefits of rubocop_gradual
                                                                                                            
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 3dc2a451..8763dd03 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -82,6 +82,8 @@ 
                                                                                                            Security contact information
                                                                                                            
 Tidelift security contact.
                                                                                                            
 Tidelift will coordinate the fix and disclosure.
                                                                                                            
 
+
                                                                                                            More detailed explanation of the process is in IRP.md
                                                                                                            
+
 
                                                                                                            Additional Support
                                                                                                            
 
 
                                                                                                            If you are interested in support for versions older than the latest release,
                                                                                                            
@@ -91,7 +93,7 @@ 
                                                                                                            Additional Support
                                                                                                            
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 60d566fa..5b4ea704 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index eb82d98a..36909ab7 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index dc64b2e4..05e0a9ec 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index 4d74abe8..2d42cc43 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index 15431504..c9d17c11 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index 2d89274c..c7402d40 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index a9451206..4d374ab8 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index f829c1dc..ba1fdecd 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index 66d373e8..122a6b38 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
index 9753b58c..5c6374e8 100644
--- a/docs/file.oauth2-2.0.14.gem.html
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.15.gem.html b/docs/file.oauth2-2.0.15.gem.html
index f3875132..c36a51d9 100644
--- a/docs/file.oauth2-2.0.15.gem.html
+++ b/docs/file.oauth2-2.0.15.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.16.gem.html b/docs/file.oauth2-2.0.16.gem.html
index 84c906f4..51482042 100644
--- a/docs/file.oauth2-2.0.16.gem.html
+++ b/docs/file.oauth2-2.0.16.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.17.gem.html b/docs/file.oauth2-2.0.17.gem.html
index f89e982f..14f91e33 100644
--- a/docs/file.oauth2-2.0.17.gem.html
+++ b/docs/file.oauth2-2.0.17.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index 09663bc0..f18ae0ac 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index 7fe5d264..ead0732d 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 6f732697..13d2a1bc 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index 084c30a1..3f1b157d 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index e0fe7d43..bbcfd557 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -72,157 +72,162 @@ 
                                                                                                            File List
                                                                                                            
   
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
+    
                                                                                                            IRP
                                                                                                            
+  
                                                                                                            • 
+  
+
+  
                                                                                                          • 
     
                                                                                                            OIDC
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            RUBOCOP
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            SECURITY
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            LICENSE
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            CITATION
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.10.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.11.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.12.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.13.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.14.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.15.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.16.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.17.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.10.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.11.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.12.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.13.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.14.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.15.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.16.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.17.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            REEK
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            access_token
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            authenticator
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            client
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            error
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            filtered_attributes
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            response
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            strategy
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            version
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2
                                                                                                            
   
                                                                                                            • 
   
diff --git a/docs/index.html b/docs/index.html
index 8665487f..d57a8f07 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -181,19 +181,19 @@ 
                                                                                                            Quick Examples
                                                                                                            
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                          |
-|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                          |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                            |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                         |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                              |
-| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                       |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                         |
-| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                          |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                  |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                      |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                   |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                        |
+|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                        |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                          |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                       |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                            |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                     |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                       |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                        |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                    |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                 |
 
 ### Compatibility
 
@@ -563,7 +563,7 @@ 
                                                                                                            Quick Examples
                                                                                                            
 | 3️⃣ | older               | N/A                | Best of luck to you! | Please upgrade!         |                              |
 
 NOTE: The 1.4 series will only receive critical security updates.
-See [SECURITY.md][🔐security].
+See [SECURITY.md][🔐security] and [IRP.md][🔐irp].
 
 ## ⚙️ Configuration
 
@@ -1377,7 +1377,7 @@ 
                                                                                                            Quick Examples
                                                                                                            
 To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 
-For more see [SECURITY.md][🔐security].
+For more see [SECURITY.md][🔐security] and [IRP.md][🔐irp].
 
 ## 🤝 Contributing
 
@@ -1700,6 +1700,8 @@ 
                                                                                                            Quick Examples
                                                                                                            
 [🧮kloc-img]: https://img.shields.io/badge/KLOC-0.526-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
+[🔐irp]: IRP.md
+[🔐irp-img]: https://img.shields.io/badge/irp-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
 [📄license]: LICENSE.txt
 [📄license-ref]: https://opensource.org/licenses/MIT
@@ -1731,7 +1733,7 @@ 
                                                                                                            Quick Examples
                                                                                                            
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index f93410b3..a62d59a0 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                                                                                                            Defined Under Namespace
                                                                                                            
 
 
       
diff --git a/oauth2.gemspec b/oauth2.gemspec
index bc9705b0..0556ea5c 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -103,6 +103,7 @@ Thanks, @pboling / @galtzo
     "CONTRIBUTING.md",
     "FUNDING.md",
     "LICENSE.txt",
+    "IRP.md",
     "OIDC.md",
     "README.md",
     "REEK",

From 92800a324206125aa6f4524e87e5b298b0a6d7f4 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 25 Sep 2025 08:49:18 -0600
Subject: [PATCH 609/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20kettle-dev=20v1.3.?=
 =?UTF-8?q?31?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 9c101af7..5f2a158a 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -103,7 +103,7 @@ GEM
     json (2.13.2)
     jwt (3.1.2)
       base64
-    kettle-dev (1.1.26)
+    kettle-dev (1.1.31)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)

From 0df318fd956575ca4248e2868c016d6c2f3d2770 Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Thu, 25 Sep 2025 22:00:16 +0700
Subject: [PATCH 610/645] Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: |7eter l-|. l3oling 
---
 IRP.md | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/IRP.md b/IRP.md
index e80ae39a..d237f633 100644
--- a/IRP.md
+++ b/IRP.md
@@ -2,30 +2,29 @@
 
 Status: Draft
 
-Purpose
--------
+## Purpose
+
 This Incident Response Plan (IRP) defines the steps the project maintainer(s) will follow when handling security incidents related to the `oauth2` gem. It is written for a small project with a single primary maintainer and is intended to be practical, concise, and actionable.
 
-Scope
------
+## Scope
+
 Applies to security incidents that affect the `oauth2` codebase, releases (gems), CI/CD infrastructure related to building and publishing the gem, repository credentials, or any compromise of project infrastructure that could impact users.
 
-Key assumptions
+## Key assumptions
 - This project is maintained primarily by a single maintainer.
 - Public vulnerability disclosure is handled via Tidelift (see `SECURITY.md`).
 - The maintainer will act as incident commander unless otherwise delegated.
 
-Contact & Roles
----------------
+## Contact & Roles
+
 - Incident Commander: Primary maintainer (repo owner). Responsible for coordinating triage, remediation, and communications.
 - Secondary Contact: (optional) A trusted collaborator or organization contact if available.
 
-If you are an external reporter
+### If you are an external reporter
 - Do not publicly disclose details of an active vulnerability before coordination via Tidelift.
 - See `SECURITY.md` for Tidelift disclosure instructions. If the reporter has questions and cannot use Tidelift, they may open a direct encrypted report as described in `SECURITY.md` (if available) or email the maintainer contact listed in the repository.
 
-Incident Handling Workflow (high level)
----------------------------------------
+## Incident Handling Workflow (high level)
 1. Identification & Reporting
    - Reports may arrive via Tidelift, issue tracker, direct email, or third-party advisories.
    - Immediately acknowledge receipt (within 24-72 hours) via the reporting channel.

From 52aaa9614ba90efa5235d603ae035ecae9e3df54 Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Thu, 25 Sep 2025 22:01:57 +0700
Subject: [PATCH 611/645] Update IRP.md

Signed-off-by: |7eter l-|. l3oling 
---
 IRP.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/IRP.md b/IRP.md
index d237f633..5e93b5cd 100644
--- a/IRP.md
+++ b/IRP.md
@@ -64,8 +64,7 @@ Preservation of evidence
 - Preserve all reporter-provided data, logs, and reproducer code in a secure location (local encrypted storage or private branch) for the investigation.
 - Do not publish evidence that would enable exploitation before coordinated disclosure.
 
-Communication templates
------------------------
+## Communication templates
 Acknowledgement (to reporter)
 
 "Thank you for reporting this issue. I've received your report and will triage it within 72 hours. If you can, please provide reproduction steps, affected versions, and any exploit PoC. I will coordinate disclosure through Tidelift per the project's security policy."

From ed1bffe62b1349731c2a574d7b6b15431d6e091d Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Thu, 25 Sep 2025 22:02:04 +0700
Subject: [PATCH 612/645] Update IRP.md

Signed-off-by: |7eter l-|. l3oling 
---
 IRP.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/IRP.md b/IRP.md
index 5e93b5cd..e1820840 100644
--- a/IRP.md
+++ b/IRP.md
@@ -59,8 +59,7 @@ Severity classification (guidance)
 - Medium: Privilege escalation, sensitive information leaks that require specific conditions. Patch in the next release cycle with advisory.
 - Low: Minor information leaks, UI issues, or non-exploitable bugs. Fix normally and include in the next scheduled release.
 
-Preservation of evidence
-------------------------
+## Preservation of evidence
 - Preserve all reporter-provided data, logs, and reproducer code in a secure location (local encrypted storage or private branch) for the investigation.
 - Do not publish evidence that would enable exploitation before coordinated disclosure.
 

From e465f1d3d5322f76e61f39006a187d8975e8346f Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Thu, 25 Sep 2025 23:02:01 +0700
Subject: [PATCH 613/645] Update IRP.md

Signed-off-by: |7eter l-|. l3oling 
---
 IRP.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/IRP.md b/IRP.md
index e1820840..3519fbfb 100644
--- a/IRP.md
+++ b/IRP.md
@@ -100,8 +100,7 @@ After an incident, perform a brief post-incident review covering:
 - What tests or process changes will prevent recurrence
 - Assign owners and deadlines for follow-up tasks
 
-References
-----------
+## References
 - See `SECURITY.md` for the project's official disclosure channel (Tidelift).
 
 Appendix: Example checklist for an incident

From 04b4439c0ecc28a3291e6997b5b6c755560a3ce1 Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Thu, 25 Sep 2025 23:02:10 +0700
Subject: [PATCH 614/645] Update IRP.md

Signed-off-by: |7eter l-|. l3oling 
---
 IRP.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/IRP.md b/IRP.md
index 3519fbfb..7c0a87fa 100644
--- a/IRP.md
+++ b/IRP.md
@@ -92,8 +92,7 @@ Legal & regulatory
 ------------------
 - If the incident involves user data or has legal implications, consult legal counsel or the maintainers' employer as appropriate. The maintainer should document the timeline and all communications.
 
-Retrospective & continuous improvement
--------------------------------------
+## Retrospective & continuous improvement
 After an incident, perform a brief post-incident review covering:
 - What happened and why
 - What was done to contain and remediate

From 0da32d4210b7d5208dfcf4137ee819751c0c2108 Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Thu, 25 Sep 2025 23:02:18 +0700
Subject: [PATCH 615/645] Update IRP.md

Signed-off-by: |7eter l-|. l3oling 
---
 IRP.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/IRP.md b/IRP.md
index 7c0a87fa..f597071f 100644
--- a/IRP.md
+++ b/IRP.md
@@ -88,8 +88,7 @@ Operational notes
 - Secrets: Use local encrypted storage for any sensitive reporter data. If repository or CI secrets may be compromised, rotate them immediately and update dependent services.
 - Access control: Limit who can publish gems and who has admin access to the repo. Keep an up-to-date list of collaborators in a secure place.
 
-Legal & regulatory
-------------------
+## Legal & regulatory
 - If the incident involves user data or has legal implications, consult legal counsel or the maintainers' employer as appropriate. The maintainer should document the timeline and all communications.
 
 ## Retrospective & continuous improvement

From 4d9d936011442b58a2a4e34d315edc8b190d61ec Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Thu, 25 Sep 2025 23:02:33 +0700
Subject: [PATCH 616/645] Update IRP.md

Signed-off-by: |7eter l-|. l3oling 
---
 IRP.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/IRP.md b/IRP.md
index f597071f..246e2ec1 100644
--- a/IRP.md
+++ b/IRP.md
@@ -83,8 +83,7 @@ Runbook: Quick steps for a maintainer to patch and release
 7. Build and push the gem: `gem build oauth2.gemspec && gem push pkg/...` (coordinate with Tidelift before public push if disclosure is coordinated).
 8. Publish a release on GitHub and ensure the Tidelift advisory is posted.
 
-Operational notes
------------------
+## Operational notes
 - Secrets: Use local encrypted storage for any sensitive reporter data. If repository or CI secrets may be compromised, rotate them immediately and update dependent services.
 - Access control: Limit who can publish gems and who has admin access to the repo. Keep an up-to-date list of collaborators in a secure place.
 

From 15876e184d7f6e708106745803af6891637183b9 Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Thu, 25 Sep 2025 23:02:42 +0700
Subject: [PATCH 617/645] Update IRP.md

Signed-off-by: |7eter l-|. l3oling 
---
 IRP.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/IRP.md b/IRP.md
index 246e2ec1..312a5c24 100644
--- a/IRP.md
+++ b/IRP.md
@@ -72,8 +72,7 @@ Public advisory (after patch is ready)
 
 "A security advisory for oauth2 (versions X.Y.Z) has been published via Tidelift. Please upgrade to version A.B.C which patches [brief description]. See the advisory for details and recommended mitigations."
 
-Runbook: Quick steps for a maintainer to patch and release
----------------------------------------------------------
+## Runbook: Quick steps for a maintainer to patch and release
 1. Create a branch: `git checkout -b fix/security-brief-description`
 2. Reproduce the issue locally and add a regression spec in `spec/`.
 3. Implement the fix and run the test suite: `bundle exec rspec` (or the project's preferred test command).

From d23f0e87faca6a073e75c7215c8fed437f80d1e8 Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Thu, 25 Sep 2025 23:02:50 +0700
Subject: [PATCH 618/645] Update IRP.md

Signed-off-by: |7eter l-|. l3oling 
---
 IRP.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/IRP.md b/IRP.md
index 312a5c24..3f9ae3ce 100644
--- a/IRP.md
+++ b/IRP.md
@@ -53,8 +53,7 @@ Applies to security incidents that affect the `oauth2` codebase, releases (gems)
    - Add/adjust tests and CI checks to prevent regressions.
    - If credentials or infrastructure were compromised, rotate secrets and audit access.
 
-Severity classification (guidance)
----------------------------------
+## Severity classification (guidance)
 - High/Critical: Remote code execution, data exfiltration, or any vulnerability that can be exploited without user interaction. Immediate action and prioritized patching.
 - Medium: Privilege escalation, sensitive information leaks that require specific conditions. Patch in the next release cycle with advisory.
 - Low: Minor information leaks, UI issues, or non-exploitable bugs. Fix normally and include in the next scheduled release.

From f262d5aa8d2ade0d95f42f913c65dfa9067a1797 Mon Sep 17 00:00:00 2001
From: "|7eter l-|. l3oling" 
Date: Thu, 25 Sep 2025 23:05:43 +0700
Subject: [PATCH 619/645] Update IRP.md

Signed-off-by: |7eter l-|. l3oling 
---
 IRP.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/IRP.md b/IRP.md
index 3f9ae3ce..7bd10973 100644
--- a/IRP.md
+++ b/IRP.md
@@ -98,8 +98,7 @@ After an incident, perform a brief post-incident review covering:
 ## References
 - See `SECURITY.md` for the project's official disclosure channel (Tidelift).
 
-Appendix: Example checklist for an incident
-------------------------------------------
+## Appendix: Example checklist for an incident
 - [ ] Acknowledge report to reporter (24-72 hours)
 - [ ] Reproduce and classify severity
 - [ ] Prepare and test a fix in a branch

From 3f287d6126759f0d390d2a6d94bd2f10d034ee7d Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 25 Sep 2025 11:42:48 -0600
Subject: [PATCH 620/645] =?UTF-8?q?=E2=9C=A8=20Threat=20Model?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/copilotDiffState.xml | 17 ++++++++
 THREAT_MODEL.md            | 86 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 103 insertions(+)
 create mode 100644 .idea/copilotDiffState.xml
 create mode 100644 THREAT_MODEL.md

diff --git a/.idea/copilotDiffState.xml b/.idea/copilotDiffState.xml
new file mode 100644
index 00000000..1800110b
--- /dev/null
+++ b/.idea/copilotDiffState.xml
@@ -0,0 +1,17 @@
+
+
+  
+    
+  
+
\ No newline at end of file
diff --git a/THREAT_MODEL.md b/THREAT_MODEL.md
new file mode 100644
index 00000000..430b293d
--- /dev/null
+++ b/THREAT_MODEL.md
@@ -0,0 +1,86 @@
+# Threat Model Outline for oauth2 Ruby Gem
+
+## 1. Overview
+This document outlines the threat model for the `oauth2` Ruby gem, which implements OAuth 2.0, 2.1, and OIDC Core protocols. The gem is used to facilitate secure authorization and authentication in Ruby applications.
+
+## 2. Assets to Protect
+- OAuth access tokens, refresh tokens, and ID tokens
+- User credentials (if handled)
+- Client secrets and application credentials
+- Sensitive user data accessed via OAuth
+- Private keys and certificates (for signing/verifying tokens)
+
+## 3. Potential Threat Actors
+- External attackers (internet-based)
+- Malicious OAuth clients or resource servers
+- Insiders (developers, maintainers)
+- Compromised dependencies
+
+## 4. Attack Surfaces
+- OAuth endpoints (authorization, token, revocation, introspection)
+- HTTP request/response handling
+- Token storage and management
+- Configuration files and environment variables
+- Dependency supply chain
+
+## 5. Threats and Mitigations
+
+### 5.1 Token Leakage
+- **Threat:** Tokens exposed via logs, URLs, or insecure storage
+- **Mitigations:**
+  - Avoid logging sensitive tokens
+  - Use secure storage mechanisms
+  - Never expose tokens in URLs
+
+### 5.2 Token Replay and Forgery
+- **Threat:** Attackers reuse or forge tokens
+- **Mitigations:**
+  - Validate token signatures and claims
+  - Use short-lived tokens and refresh tokens
+  - Implement token revocation
+
+### 5.3 Insecure Communication
+- **Threat:** Data intercepted via MITM attacks
+- **Mitigations:**
+  - Enforce HTTPS for all communications
+  - Validate SSL/TLS certificates
+
+### 5.4 Client Secret Exposure
+- **Threat:** Client secrets leaked in code or version control
+- **Mitigations:**
+  - Store secrets in environment variables or secure vaults
+  - Never commit secrets to source control
+
+### 5.5 Dependency Vulnerabilities
+- **Threat:** Vulnerabilities in third-party libraries
+- **Mitigations:**
+  - Regularly update dependencies
+  - Use tools like `bundler-audit` for vulnerability scanning
+
+### 5.6 Improper Input Validation
+- **Threat:** Injection attacks via untrusted input
+- **Mitigations:**
+  - Validate and sanitize all inputs
+  - Use parameterized queries and safe APIs
+
+### 5.7 Insufficient Logging and Monitoring
+- **Threat:** Attacks go undetected
+- **Mitigations:**
+  - Log security-relevant events (without sensitive data)
+  - Monitor for suspicious activity
+
+## 6. Assumptions
+- The gem is used in a secure environment with up-to-date Ruby and dependencies
+- End-users are responsible for secure configuration and deployment
+
+## 7. Out of Scope
+- Security of external OAuth providers
+- Application-level business logic
+
+## 8. References
+- [OAuth 2.0 Threat Model and Security Considerations (RFC 6819)](https://tools.ietf.org/html/rfc6819)
+- [OWASP Top Ten](https://owasp.org/www-project-top-ten/)
+
+---
+This outline should be reviewed and updated regularly as the project evolves.
+

From b565429d2e3a610a253c489c766982e42accdad1 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 25 Sep 2025 11:48:16 -0600
Subject: [PATCH 621/645] =?UTF-8?q?=F0=9F=93=9D=20Threat=20Model?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 15f081c5..190f2420 100644
--- a/README.md
+++ b/README.md
@@ -129,19 +129,19 @@ If it seems like you are in the wrong place, you might try one of these:
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                        |
-|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                        |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                          |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                       |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                            |
-| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                     |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                       |
-| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                        |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                    |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                 |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                                                                               |
+|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                                                                               |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                                                                                 |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                                                                              |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                                                                                   |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                            |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                                                                              |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                                                                               |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Threat Model][🔐threat-model-img]][🔐threat-model]  [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                                                                       |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                           |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                        |
 
 ### Compatibility
 
@@ -1325,7 +1325,7 @@ I’m developing a new library, [floss_funding][🖇floss-funding-gem], designed
 To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 
-For more see [SECURITY.md][🔐security] and [IRP.md][🔐irp].
+For more see [SECURITY.md][🔐security], [THREAT_MODEL.md][🔐threat-model], and [IRP.md][🔐irp].
 
 ## 🤝 Contributing
 
@@ -1649,7 +1649,9 @@ Thanks for RTFM. ☺️
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [🔐irp]: IRP.md
-[🔐irp-img]: https://img.shields.io/badge/irp-259D6C.svg?style=flat
+[🔐irp-img]: https://img.shields.io/badge/IRP-259D6C.svg?style=flat
+[🔐threat-model]: THREAT_MODEL.md
+[🔐threat-model-img]: https://img.shields.io/badge/threat-model-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
 [📄license]: LICENSE.txt
 [📄license-ref]: https://opensource.org/licenses/MIT

From c04db0821dd454fea4dd122c8ddab9b7838894e1 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 25 Sep 2025 11:50:48 -0600
Subject: [PATCH 622/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20docs=20site?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              |  61 ++---
 docs/file.CHANGELOG.html                      |   2 +-
 docs/file.CITATION.html                       |   2 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.IRP.html                            |   9 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           |   2 +-
 docs/file.README.html                         |  34 +--
 docs/file.REEK.html                           |   2 +-
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   2 +-
 docs/file.THREAT_MODEL.html                   | 216 ++++++++++++++++++
 docs/file.access_token.html                   |   2 +-
 docs/file.authenticator.html                  |   2 +-
 docs/file.client.html                         |   2 +-
 docs/file.error.html                          |   2 +-
 docs/file.filtered_attributes.html            |   2 +-
 docs/file.oauth2-2.0.10.gem.html              |   2 +-
 docs/file.oauth2-2.0.11.gem.html              |   2 +-
 docs/file.oauth2-2.0.12.gem.html              |   2 +-
 docs/file.oauth2-2.0.13.gem.html              |   2 +-
 docs/file.oauth2-2.0.14.gem.html              |   2 +-
 docs/file.oauth2-2.0.15.gem.html              |   2 +-
 docs/file.oauth2-2.0.16.gem.html              |   2 +-
 docs/file.oauth2-2.0.17.gem.html              |   2 +-
 docs/file.oauth2.html                         |   2 +-
 docs/file.response.html                       |   2 +-
 docs/file.strategy.html                       |   2 +-
 docs/file.version.html                        |   2 +-
 docs/file_list.html                           |  61 ++---
 docs/index.html                               |  34 +--
 docs/top-level-namespace.html                 |   2 +-
 50 files changed, 367 insertions(+), 136 deletions(-)
 create mode 100644 docs/file.THREAT_MODEL.html

diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 1e3c3468..3ca5c041 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index f7d97474..7d07ab1e 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3083,7 +3083,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 5f2dda28..0cb01dbe 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 6bafad99..c50ad592 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index c4633eda..2e23dff5 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 06bf41be..93942485 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index fd1d9162..fc2ad592 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 8136150c..f2f77289 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index c5eb1311..a75d5e8d 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                                                                                                            Defined Under Namespace
                                                                                                            
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 8dcb69cb..8f3917bb 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 0d6bf5a3..9cf98f7c 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index dbdc8af0..4b7954d8 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index c5ed61d8..32ccd5ca 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 42064b4c..8c336a7e 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 47344a51..c063b0a7 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index c9814a83..3959a0a5 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                                                                                                            
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index a97b0e0d..cd86d203 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -87,88 +87,91 @@ 
                                                                                                            File Listing
                                                                                                            
     
                                                                                                          • SECURITY
                                                                                                            • 
     
   
-    
                                                                                                          • LICENSE
                                                                                                            • 
+    
                                                                                                          • THREAT_MODEL
                                                                                                            • 
     
   
-    
                                                                                                          • CITATION
                                                                                                            • 
+    
                                                                                                          • LICENSE
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.10.gem
                                                                                                            • 
+    
                                                                                                          • CITATION
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.11.gem
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.10.gem
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.12.gem
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.11.gem
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.13.gem
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.12.gem
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.14.gem
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.13.gem
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.15.gem
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.14.gem
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.16.gem
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.15.gem
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.17.gem
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.16.gem
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.10.gem
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.17.gem
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.11.gem
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.10.gem
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.12.gem
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.11.gem
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.13.gem
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.12.gem
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.14.gem
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.13.gem
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.15.gem
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.14.gem
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.16.gem
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.15.gem
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2-2.0.17.gem
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.16.gem
                                                                                                            • 
     
   
-    
                                                                                                          • REEK
                                                                                                            • 
+    
                                                                                                          • oauth2-2.0.17.gem
                                                                                                            • 
     
   
-    
                                                                                                          • access_token
                                                                                                            • 
+    
                                                                                                          • REEK
                                                                                                            • 
     
   
-    
                                                                                                          • authenticator
                                                                                                            • 
+    
                                                                                                          • access_token
                                                                                                            • 
     
   
-    
                                                                                                          • client
                                                                                                            • 
+    
                                                                                                          • authenticator
                                                                                                            • 
     
   
-    
                                                                                                          • error
                                                                                                            • 
+    
                                                                                                          • client
                                                                                                            • 
     
   
-    
                                                                                                          • filtered_attributes
                                                                                                            • 
+    
                                                                                                          • error
                                                                                                            • 
     
   
-    
                                                                                                          • response
                                                                                                            • 
+    
                                                                                                          • filtered_attributes
                                                                                                            • 
     
   
-    
                                                                                                          • strategy
                                                                                                            • 
+    
                                                                                                          • response
                                                                                                            • 
     
   
-    
                                                                                                          • version
                                                                                                            • 
+    
                                                                                                          • strategy
                                                                                                            • 
     
   
-    
                                                                                                          • oauth2
                                                                                                            • 
+    
                                                                                                          • version
                                                                                                            • 
+    
+  
+    
                                                                                                          • oauth2
                                                                                                            • 
     
   
   
                                                                                                          
@@ -393,7 +396,7 @@ 
                                                                                                          Namespace Listing A-Z
                                                                                                          
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index eac16fe4..43671ea7 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -1290,7 +1290,7 @@ 
                                                                                                          
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index f5619201..6667e4a7 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 4b2c9cff..4e34bb2e 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                                                                                                          Attribution
                                                                                                          
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 892243e0..69803d2c 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -308,7 +308,7 @@ 
                                                                                                          Manual process
                                                                                                          
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index dddb80ee..aab97aa9 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
                                                                                                          Another Way to Support Open
 
 
       
diff --git a/docs/file.IRP.html b/docs/file.IRP.html
index 1272fe95..b2fb8145 100644
--- a/docs/file.IRP.html
+++ b/docs/file.IRP.html
@@ -62,12 +62,14 @@
 
                                                                                                          Status: Draft
                                                                                                          
 
 
                                                                                                          Purpose
                                                                                                          
+
 
                                                                                                          This Incident Response Plan (IRP) defines the steps the project maintainer(s) will follow when handling security incidents related to the oauth2 gem. It is written for a small project with a single primary maintainer and is intended to be practical, concise, and actionable.
                                                                                                          
 
 
                                                                                                          Scope
                                                                                                          
+
 
                                                                                                          Applies to security incidents that affect the oauth2 codebase, releases (gems), CI/CD infrastructure related to building and publishing the gem, repository credentials, or any compromise of project infrastructure that could impact users.
                                                                                                          
 
-
                                                                                                          Key assumptions
                                                                                                          
+
                                                                                                          Key assumptions
                                                                                                          
 
                                                                                                            
   
                                                                                                          • This project is maintained primarily by a single maintainer.
                                                                                                            • 
   
                                                                                                          • Public vulnerability disclosure is handled via Tidelift (see SECURITY.md).
                                                                                                            • 
@@ -75,12 +77,13 @@ 
                                                                                                            Scope
                                                                                                            
 
                                                                                                          
 
 
                                                                                                          Contact & Roles
                                                                                                          
+
 
                                                                                                            
   
                                                                                                          • Incident Commander: Primary maintainer (repo owner). Responsible for coordinating triage, remediation, and communications.
                                                                                                            • 
   
                                                                                                          • Secondary Contact: (optional) A trusted collaborator or organization contact if available.
                                                                                                            • 
 
                                                                                                          
 
-
                                                                                                          If you are an external reporter
                                                                                                          
+
                                                                                                          If you are an external reporter
                                                                                                          
 
                                                                                                            
   
                                                                                                          • Do not publicly disclose details of an active vulnerability before coordination via Tidelift.
                                                                                                            • 
   
                                                                                                          • See SECURITY.md for Tidelift disclosure instructions. If the reporter has questions and cannot use Tidelift, they may open a direct encrypted report as described in SECURITY.md (if available) or email the maintainer contact listed in the repository.
                                                                                                            • 
@@ -208,7 +211,7 @@ 
                                                                                                            Appendix: Example checklist
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 4d29fd40..db020c50 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                                                                                                            MIT License

                                                                                                            Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                                                                                                            Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                                                                                                            Permission is hereby granted, free of charge, to any person obtaining a copy
                                                                                                            of this software and associated documentation files (the "Software"), to deal
                                                                                                            in the Software without restriction, including without limitation the rights
                                                                                                            to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                                                                                                            copies of the Software, and to permit persons to whom the Software is
                                                                                                            furnished to do so, subject to the following conditions:

                                                                                                            The above copyright notice and this permission notice shall be included in all
                                                                                                            copies or substantial portions of the Software.

                                                                                                            THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                                                                                                            IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                                                                                                            FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                                                                                                            AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                                                                                                            LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                                                                                                            OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                                                                                                            SOFTWARE.
                                                                                                            
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index acaec720..60f480af 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
                                                                                                            Raw OIDC with ruby-oauth/oauth2
                                                                                                            
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index bd7449c0..1801f9bb 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -181,19 +181,19 @@ 
                                                                                                            Quick Examples
                                                                                                            
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                        |
-|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                        |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                          |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                       |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                            |
-| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                     |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                       |
-| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                        |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                    |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                 |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                                                                               |
+|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                                                                               |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                                                                                 |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                                                                              |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                                                                                   |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                            |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                                                                              |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                                                                               |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Threat Model][🔐threat-model-img]][🔐threat-model]  [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                                                                       |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                           |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                        |
 
 ### Compatibility
 
@@ -1377,7 +1377,7 @@ 
                                                                                                            Quick Examples
                                                                                                            
 To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 
-For more see [SECURITY.md][🔐security] and [IRP.md][🔐irp].
+For more see [SECURITY.md][🔐security], [THREAT_MODEL.md][🔐threat-model], and [IRP.md][🔐irp].
 
 ## 🤝 Contributing
 
@@ -1701,7 +1701,9 @@ 
                                                                                                            Quick Examples
                                                                                                            
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [🔐irp]: IRP.md
-[🔐irp-img]: https://img.shields.io/badge/irp-259D6C.svg?style=flat
+[🔐irp-img]: https://img.shields.io/badge/IRP-259D6C.svg?style=flat
+[🔐threat-model]: THREAT_MODEL.md
+[🔐threat-model-img]: https://img.shields.io/badge/threat-model-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
 [📄license]: LICENSE.txt
 [📄license-ref]: https://opensource.org/licenses/MIT
@@ -1733,7 +1735,7 @@ 
                                                                                                            Quick Examples
                                                                                                            
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index 9fc5bb19..bc4f2767 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index b3ea38b7..f8f449c1 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
                                                                                                            Benefits of rubocop_gradual
                                                                                                            
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 8763dd03..21f8e0dd 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -93,7 +93,7 @@ 
                                                                                                            Additional Support
                                                                                                            
 
 
       
diff --git a/docs/file.THREAT_MODEL.html b/docs/file.THREAT_MODEL.html
new file mode 100644
index 00000000..eabbf1c6
--- /dev/null
+++ b/docs/file.THREAT_MODEL.html
@@ -0,0 +1,216 @@
+
+
+  
+    
+
+
+  File: THREAT_MODEL
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                                                                                                            
+      
+      
                                                                                                            
+    
                                                                                                            
+
+    
                                                                                                            
+      
+
+      
                                                                                                            Threat Model Outline for oauth2 Ruby Gem
                                                                                                            
+
+
                                                                                                            1. Overview
                                                                                                            
+
                                                                                                            This document outlines the threat model for the oauth2 Ruby gem, which implements OAuth 2.0, 2.1, and OIDC Core protocols. The gem is used to facilitate secure authorization and authentication in Ruby applications.
                                                                                                            
+
+
                                                                                                            2. Assets to Protect
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • OAuth access tokens, refresh tokens, and ID tokens
                                                                                                              • 
+  
                                                                                                            • User credentials (if handled)
                                                                                                              • 
+  
                                                                                                            • Client secrets and application credentials
                                                                                                              • 
+  
                                                                                                            • Sensitive user data accessed via OAuth
                                                                                                              • 
+  
                                                                                                            • Private keys and certificates (for signing/verifying tokens)
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            3. Potential Threat Actors
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • External attackers (internet-based)
                                                                                                              • 
+  
                                                                                                            • Malicious OAuth clients or resource servers
                                                                                                              • 
+  
                                                                                                            • Insiders (developers, maintainers)
                                                                                                              • 
+  
                                                                                                            • Compromised dependencies
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            4. Attack Surfaces
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • OAuth endpoints (authorization, token, revocation, introspection)
                                                                                                              • 
+  
                                                                                                            • HTTP request/response handling
                                                                                                              • 
+  
                                                                                                            • Token storage and management
                                                                                                              • 
+  
                                                                                                            • Configuration files and environment variables
                                                                                                              • 
+  
                                                                                                            • Dependency supply chain
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            5. Threats and Mitigations
                                                                                                            
+
+
                                                                                                            5.1 Token Leakage
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • 
+Threat: Tokens exposed via logs, URLs, or insecure storage
                                                                                                              • 
+  
                                                                                                            • 
+Mitigations:
+    
                                                                                                                
+      
                                                                                                              • Avoid logging sensitive tokens
                                                                                                                • 
+      
                                                                                                              • Use secure storage mechanisms
                                                                                                                • 
+      
                                                                                                              • Never expose tokens in URLs
                                                                                                                • 
+    
                                                                                                              
+  
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            5.2 Token Replay and Forgery
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • 
+Threat: Attackers reuse or forge tokens
                                                                                                              • 
+  
                                                                                                            • 
+Mitigations:
+    
                                                                                                                
+      
                                                                                                              • Validate token signatures and claims
                                                                                                                • 
+      
                                                                                                              • Use short-lived tokens and refresh tokens
                                                                                                                • 
+      
                                                                                                              • Implement token revocation
                                                                                                                • 
+    
                                                                                                              
+  
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            5.3 Insecure Communication
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • 
+Threat: Data intercepted via MITM attacks
                                                                                                              • 
+  
                                                                                                            • 
+Mitigations:
+    
                                                                                                                
+      
                                                                                                              • Enforce HTTPS for all communications
                                                                                                                • 
+      
                                                                                                              • Validate SSL/TLS certificates
                                                                                                                • 
+    
                                                                                                              
+  
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            5.4 Client Secret Exposure
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • 
+Threat: Client secrets leaked in code or version control
                                                                                                              • 
+  
                                                                                                            • 
+Mitigations:
+    
                                                                                                                
+      
                                                                                                              • Store secrets in environment variables or secure vaults
                                                                                                                • 
+      
                                                                                                              • Never commit secrets to source control
                                                                                                                • 
+    
                                                                                                              
+  
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            5.5 Dependency Vulnerabilities
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • 
+Threat: Vulnerabilities in third-party libraries
                                                                                                              • 
+  
                                                                                                            • 
+Mitigations:
+    
                                                                                                                
+      
                                                                                                              • Regularly update dependencies
                                                                                                                • 
+      
                                                                                                              • Use tools like bundler-audit for vulnerability scanning
                                                                                                                • 
+    
                                                                                                              
+  
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            5.6 Improper Input Validation
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • 
+Threat: Injection attacks via untrusted input
                                                                                                              • 
+  
                                                                                                            • 
+Mitigations:
+    
                                                                                                                
+      
                                                                                                              • Validate and sanitize all inputs
                                                                                                                • 
+      
                                                                                                              • Use parameterized queries and safe APIs
                                                                                                                • 
+    
                                                                                                              
+  
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            5.7 Insufficient Logging and Monitoring
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • 
+Threat: Attacks go undetected
                                                                                                              • 
+  
                                                                                                            • 
+Mitigations:
+    
                                                                                                                
+      
                                                                                                              • Log security-relevant events (without sensitive data)
                                                                                                                • 
+      
                                                                                                              • Monitor for suspicious activity
                                                                                                                • 
+    
                                                                                                              
+  
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            6. Assumptions
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • The gem is used in a secure environment with up-to-date Ruby and dependencies
                                                                                                              • 
+  
                                                                                                            • End-users are responsible for secure configuration and deployment
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            7. Out of Scope
                                                                                                            
+
                                                                                                              
+  
                                                                                                            • Security of external OAuth providers
                                                                                                              • 
+  
                                                                                                            • Application-level business logic
                                                                                                              • 
+
                                                                                                            
+
+
                                                                                                            8. References
                                                                                                            
+
+
+
                                                                                                            
+
                                                                                                            This outline should be reviewed and updated regularly as the project evolves.
                                                                                                            
+
                                                                                                            
+
+      
+
+    
                                                                                                            
+  
+
\ No newline at end of file
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 5b4ea704..e6fc7b16 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index 36909ab7..24436d9e 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index 05e0a9ec..c9691758 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index 2d42cc43..0934c7fd 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index c9d17c11..3b36819a 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index c7402d40..b00e56e9 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index 4d374ab8..11369457 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index ba1fdecd..c691479c 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index 122a6b38..6119b737 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
index 5c6374e8..39830f8f 100644
--- a/docs/file.oauth2-2.0.14.gem.html
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.15.gem.html b/docs/file.oauth2-2.0.15.gem.html
index c36a51d9..af525d3c 100644
--- a/docs/file.oauth2-2.0.15.gem.html
+++ b/docs/file.oauth2-2.0.15.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.16.gem.html b/docs/file.oauth2-2.0.16.gem.html
index 51482042..70c1903d 100644
--- a/docs/file.oauth2-2.0.16.gem.html
+++ b/docs/file.oauth2-2.0.16.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.17.gem.html b/docs/file.oauth2-2.0.17.gem.html
index 14f91e33..555bded1 100644
--- a/docs/file.oauth2-2.0.17.gem.html
+++ b/docs/file.oauth2-2.0.17.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index f18ae0ac..ca8fc1ff 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index ead0732d..2966fd2c 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 13d2a1bc..94941ce1 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index 3f1b157d..3a21b7b8 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index bbcfd557..883a283c 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -92,142 +92,147 @@ 
                                                                                                            File List
                                                                                                            
   
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
+    
                                                                                                            THREAT_MODEL
                                                                                                            
+  
                                                                                                            • 
+  
+
+  
                                                                                                          • 
     
                                                                                                            LICENSE
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            CITATION
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.10.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.11.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.12.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.13.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.14.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.15.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.16.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.17.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.10.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.11.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.12.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.13.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.14.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.15.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.16.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2-2.0.17.gem
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            REEK
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            access_token
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            authenticator
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            client
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            error
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            filtered_attributes
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            response
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            strategy
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            version
                                                                                                            
   
                                                                                                            • 
   
 
-  
                                                                                                          • 
+  
                                                                                                          • 
     
                                                                                                            oauth2
                                                                                                            
   
                                                                                                            • 
   
diff --git a/docs/index.html b/docs/index.html
index d57a8f07..aa7dfaf6 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -181,19 +181,19 @@ 
                                                                                                            Quick Examples
                                                                                                            
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                        |
-|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                        |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                          |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                       |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                            |
-| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                     |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                       |
-| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                        |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                    |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                 |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                                                                               |
+|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                             [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                                                                               |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                             [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                                                                                 |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                                                                              |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                             [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                                                                                   |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                            |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                                                                              |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                                                                               |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Threat Model][🔐threat-model-img]][🔐threat-model]  [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                                                                       |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                           |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                        |
 
 ### Compatibility
 
@@ -1377,7 +1377,7 @@ 
                                                                                                            Quick Examples
                                                                                                            
 To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 
-For more see [SECURITY.md][🔐security] and [IRP.md][🔐irp].
+For more see [SECURITY.md][🔐security], [THREAT_MODEL.md][🔐threat-model], and [IRP.md][🔐irp].
 
 ## 🤝 Contributing
 
@@ -1701,7 +1701,9 @@ 
                                                                                                            Quick Examples
                                                                                                            
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [🔐irp]: IRP.md
-[🔐irp-img]: https://img.shields.io/badge/irp-259D6C.svg?style=flat
+[🔐irp-img]: https://img.shields.io/badge/IRP-259D6C.svg?style=flat
+[🔐threat-model]: THREAT_MODEL.md
+[🔐threat-model-img]: https://img.shields.io/badge/threat-model-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
 [📄license]: LICENSE.txt
 [📄license-ref]: https://opensource.org/licenses/MIT
@@ -1733,7 +1735,7 @@ 
                                                                                                            Quick Examples
                                                                                                            
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index a62d59a0..0040754f 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                                                                                                            Defined Under Namespace
                                                                                                            
 
 
       

From 9839689b1d55d596f606aa727885a65e7ce29a67 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Oct 2025 05:32:01 +0000
Subject: [PATCH 623/645] Bump github/codeql-action from 3 to 4

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] 
---
 .github/workflows/codeql-analysis.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 45a8ec2c..f59e5c33 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -42,7 +42,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@v4
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4

From e07c1fa904a439f745467b0fb8258791ad1edfda Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 4 Oct 2025 01:02:08 -0600
Subject: [PATCH 624/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20Upgrade=20deps?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Gemfile.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 5f2a158a..fa30a8d1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -33,7 +33,7 @@ GEM
       rake (>= 10)
       thor (>= 0.14)
     ast (2.4.3)
-    backports (3.25.1)
+    backports (3.25.2)
     base64 (0.3.0)
     benchmark (0.4.1)
     bigdecimal (3.2.3)
@@ -82,7 +82,7 @@ GEM
       dry-logic (~> 1.4)
       zeitwerk (~> 2.6)
     erb (5.0.2)
-    faraday (2.13.4)
+    faraday (2.14.0)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
@@ -100,7 +100,7 @@ GEM
       pp (>= 0.6.0)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
-    json (2.13.2)
+    json (2.15.0)
     jwt (3.1.2)
       base64
     kettle-dev (1.1.31)
@@ -204,7 +204,7 @@ GEM
       rubocop-ast (>= 1.46.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.46.0)
+    rubocop-ast (1.47.1)
       parser (>= 3.3.7.2)
       prism (~> 1.4)
     rubocop-gradual (0.3.6)

From ca63d419d7778691b8389ce9d23103493f13ce15 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Thu, 6 Nov 2025 21:02:34 -0700
Subject: [PATCH 625/645] =?UTF-8?q?=F0=9F=90=9B=20Fixing=20markdown=20=3D>?=
 =?UTF-8?q?=20HTML=20conversion?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .tool-versions       |  2 +-
 .yard_gfm_support.rb | 20 ++++++++++++++++----
 docs/.nojekyll       |  0
 docs/CNAME           |  1 -
 test_gfm.rb          | 32 ++++++++++++++++++++++++++++++++
 5 files changed, 49 insertions(+), 6 deletions(-)
 delete mode 100644 docs/.nojekyll
 delete mode 100644 docs/CNAME
 create mode 100644 test_gfm.rb

diff --git a/.tool-versions b/.tool-versions
index d1de26c4..048c75ee 100755
--- a/.tool-versions
+++ b/.tool-versions
@@ -1,2 +1,2 @@
 direnv 2.32.2
-ruby   3.4.5
+ruby   3.4.7
diff --git a/.yard_gfm_support.rb b/.yard_gfm_support.rb
index 4f2f1403..3c8a6b0e 100644
--- a/.yard_gfm_support.rb
+++ b/.yard_gfm_support.rb
@@ -11,12 +11,24 @@ def initialize(source, options = {})
   end
 end
 
+# Ensure YARD is loaded before modifying its constants
+require 'yard' unless defined?(YARD)
+
 # Insert the new provider as the highest priority option for Markdown.
 # See:
 # - https://github.com/lsegal/yard/issues/1157
 # - https://github.com/lsegal/yard/issues/1017
 # - https://github.com/lsegal/yard/blob/main/lib/yard/templates/helpers/markup_helper.rb
-YARD::Templates::Helpers::MarkupHelper::MARKUP_PROVIDERS[:markdown].insert(
-  0,
-  {const: "KramdownGfmDocument"},
-)
+require 'yard/templates/helpers/markup_helper'
+
+providers = YARD::Templates::Helpers::MarkupHelper::MARKUP_PROVIDERS[:markdown]
+providers.unshift({lib: :kramdown, const: :KramdownGfmDocument})
+
+# Normalize provider entries to what YARD expects (const must be a String)
+providers.each do |provider|
+  const = provider[:const]
+  provider[:const] = const.to_s if const.is_a?(Symbol)
+end
+
+# De-duplicate entries by [lib, const]
+providers.uniq! { |p| [p[:lib], p[:const].to_s] }
diff --git a/docs/.nojekyll b/docs/.nojekyll
deleted file mode 100644
index e69de29b..00000000
diff --git a/docs/CNAME b/docs/CNAME
deleted file mode 100644
index 9e32e7bf..00000000
--- a/docs/CNAME
+++ /dev/null
@@ -1 +0,0 @@
-oauth2.galtzo.com
\ No newline at end of file
diff --git a/test_gfm.rb b/test_gfm.rb
new file mode 100644
index 00000000..75c1dc67
--- /dev/null
+++ b/test_gfm.rb
@@ -0,0 +1,32 @@
+#!/usr/bin/env ruby
+require 'bundler/setup'
+require 'yard'
+require 'yard/templates/helpers/markup_helper'
+
+puts "Before loading .yard_gfm_support.rb:"
+YARD::Templates::Helpers::MarkupHelper::MARKUP_PROVIDERS[:markdown].each_with_index do |p, i|
+  puts "  [#{i}] #{p.inspect}"
+end
+
+require './.yard_gfm_support.rb'
+
+puts "\nAfter loading .yard_gfm_support.rb:"
+YARD::Templates::Helpers::MarkupHelper::MARKUP_PROVIDERS[:markdown].each_with_index do |p, i|
+  puts "  [#{i}] #{p.inspect}"
+end
+
+puts "\nTesting KramdownGfmDocument:"
+
+test_md = <<-MD
+  # Test
+
+  ```ruby
+  puts "hello"
+  ```
+MD
+
+doc = KramdownGfmDocument.new(test_md)
+html = doc.to_html
+puts html
+puts "\nDoes output contain 
                                                                                                            ? #{html.include?('
                                                                                                            ')}"
+puts "Does output contain ? #{html.include?('
Date: Fri, 7 Nov 2025 16:59:58 -0700
Subject: [PATCH 626/645] =?UTF-8?q?=F0=9F=93=9D=20Code=20fences?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                     |  2 +-
 README.md                        | 14 +++++++-------
 lib/oauth2/access_token.rb       |  2 +-
 lib/oauth2/strategy/assertion.rb |  4 ++--
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 044437fe..607363f7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -49,7 +49,7 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Added
 
-- [gh!682][gh!682] - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., {get: :query, post: :header})
+- [gh!682][gh!682] - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., `{get: :query, post: :header}`)
 
 [gh!682]: https://github.com/ruby-oauth/oauth2/pull/682
 
diff --git a/README.md b/README.md
index 190f2420..74069300 100644
--- a/README.md
+++ b/README.md
@@ -1107,16 +1107,16 @@ resp = access.get("/v1/protected")
 ```
 
 Notes:
-- Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to OpenSSL::PKey::RSA.new(File.read(path), ENV["KEY_PASSWORD"]).
+- Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to `OpenSSL::PKey::RSA.new(File.read(path), ENV["KEY_PASSWORD"])`.
 - If your certificate and key are in a PKCS#12/PFX bundle, you can load them like:
-  - p12 = OpenSSL::PKCS12.new(File.read("client.p12"), ENV["P12_PASSWORD"])
-  - client_cert = p12.certificate; client_key = p12.key
+  - `p12 = OpenSSL::PKCS12.new(File.read("client.p12"), ENV["P12_PASSWORD"])`
+  - `client_cert = p12.certificate; client_key = p12.key`
 - Server trust:
-  - If your environment does not have system CAs, specify ca_file or ca_path inside the ssl: hash.
-  - Keep verify: true in production. Set verify: false only for local testing.
-- Faraday adapter: Any adapter that supports Ruby’s OpenSSL should work. net_http (default) and net_http_persistent are common choices.
+  - If your environment does not have system CAs, specify `ca_file` or `ca_path` inside the `ssl:` hash.
+  - Keep `verify: true` in production. Set `verify: false` only for local testing.
+- Faraday adapter: Any adapter that supports Ruby’s OpenSSL should work. `net_http` (default) and `net_http_persistent` are common choices.
 - Scope of mTLS: The SSL client cert is applied to any HTTPS request made by this client (token and resource requests) to the configured site base URL (and absolute URLs you call with the same client).
-- OIDC tie-in: Some OPs require tls_client_auth at the token endpoint per OIDC/OAuth specifications. That is enabled via auth_scheme: :tls_client_auth as shown above.
+- OIDC tie-in: Some OPs require tls_client_auth at the token endpoint per OIDC/OAuth specifications. That is enabled via `auth_scheme: :tls_client_auth` as shown above.
 
 #### Authentication schemes for the token request
 
diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb
index c428c019..8c68e321 100644
--- a/lib/oauth2/access_token.rb
+++ b/lib/oauth2/access_token.rb
@@ -134,7 +134,7 @@ def no_tokens_warning(hash, key)
     # @option opts [FixNum, String] :expires_latency (nil) the number of seconds by which AccessToken validity will be reduced to offset latency, @version 2.0+
     # @option opts [Symbol, Hash, or callable] :mode (:header) the transmission mode of the Access Token parameter value:
     #    either one of :header, :body or :query; or a Hash with verb symbols as keys mapping to one of these symbols
-    #    (e.g., {get: :query, post: :header, delete: :header}); or a callable that accepts a request-verb parameter
+    #    (e.g., `{get: :query, post: :header, delete: :header}`); or a callable that accepts a request-verb parameter
     #    and returns one of these three symbols.
     # @option opts [String] :header_format ('Bearer %s') the string format to use for the Authorization header
     #
diff --git a/lib/oauth2/strategy/assertion.rb b/lib/oauth2/strategy/assertion.rb
index 6396fd6d..0515b26b 100644
--- a/lib/oauth2/strategy/assertion.rb
+++ b/lib/oauth2/strategy/assertion.rb
@@ -66,8 +66,8 @@ def authorize_url
       #   @see https://datatracker.ietf.org/doc/html/rfc7518#section-3.1
       #
       # The object type of `:key` may depend on the value of `:algorithm`.  Sample arguments:
-      #   get_token(claim_set, {:algorithm => 'HS256', :key => 'secret_key'})
-      #   get_token(claim_set, {:algorithm => 'RS256', :key => OpenSSL::PKCS12.new(File.read('my_key.p12'), 'not_secret')})
+      #   `get_token(claim_set, {:algorithm => 'HS256', :key => 'secret_key'})`
+      #   `get_token(claim_set, {:algorithm => 'RS256', :key => OpenSSL::PKCS12.new(File.read('my_key.p12'), 'not_secret')})`
       #
       # @param [Hash] request_opts options that will be used to assemble the request
       # @option request_opts [String] :scope the url parameter `scope` that may be required by some endpoints

From 3ae1da5f71c46aed47dda4d310fc9b1298f394da Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 7 Nov 2025 17:04:12 -0700
Subject: [PATCH 627/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20Upgrade=20deps?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Gemfile.lock | 60 ++++++++++++++++++++++++++++------------------------
 1 file changed, 32 insertions(+), 28 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index fa30a8d1..9961d0f9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -35,16 +35,16 @@ GEM
     ast (2.4.3)
     backports (3.25.2)
     base64 (0.3.0)
-    benchmark (0.4.1)
-    bigdecimal (3.2.3)
+    benchmark (0.5.0)
+    bigdecimal (3.3.1)
     bundler-audit (0.9.2)
       bundler (>= 1.2.0, < 3)
       thor (~> 1.0)
     concurrent-ruby (1.3.5)
-    crack (1.0.0)
+    crack (1.0.1)
       bigdecimal
       rexml
-    date (3.4.1)
+    date (3.5.0)
     debug (1.11.0)
       irb (~> 1.10)
       reline (>= 0.3.8)
@@ -81,13 +81,13 @@ GEM
       dry-inflector (~> 1.0)
       dry-logic (~> 1.4)
       zeitwerk (~> 2.6)
-    erb (5.0.2)
+    erb (5.1.3)
     faraday (2.14.0)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
-    faraday-net_http (3.4.1)
-      net-http (>= 0.5.0)
+    faraday-net_http (3.4.2)
+      net-http (~> 0.5)
     gem_bench (2.0.5)
       bundler (>= 1.14)
       version_gem (~> 1.1, >= 1.1.4)
@@ -96,14 +96,14 @@ GEM
     hashdiff (1.2.1)
     hashie (5.0.0)
     io-console (0.8.1)
-    irb (1.15.2)
+    irb (1.15.3)
       pp (>= 0.6.0)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
-    json (2.15.0)
+    json (2.16.0)
     jwt (3.1.2)
       base64
-    kettle-dev (1.1.31)
+    kettle-dev (1.1.49)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)
@@ -113,15 +113,17 @@ GEM
       simplecov-rcov (~> 0.3, >= 0.3.7)
       simplecov_json_formatter (~> 0.1, >= 0.1.4)
       version_gem (~> 1.1, >= 1.1.8)
-    kettle-test (1.0.3)
+    kettle-test (1.0.6)
       appraisal2 (~> 3.0)
+      backports (~> 3.0)
       rspec (~> 3.0)
       rspec-block_is_expected (~> 1.0, >= 1.0.6)
+      rspec-pending_for (~> 0.1, >= 0.1.19)
       rspec-stubbed_env (~> 1.0, >= 1.0.4)
       rspec_junit_formatter (~> 0.6)
       silent_stream (~> 1.0, >= 1.0.12)
       timecop-rspec (~> 1.0, >= 1.0.3)
-      version_gem (~> 1.1, >= 1.1.8)
+      version_gem (~> 1.1, >= 1.1.9)
     kramdown (2.5.1)
       rexml (>= 3.3.9)
     kramdown-parser-gfm (1.1.0)
@@ -132,33 +134,34 @@ GEM
     multi_xml (0.7.2)
       bigdecimal (~> 3.1)
     mutex_m (0.3.0)
-    net-http (0.6.0)
+    net-http (0.7.0)
       uri
     nkf (0.2.0)
     nokogiri (1.18.10-x86_64-linux-gnu)
       racc (~> 1.4)
     ostruct (0.6.3)
     parallel (1.27.0)
-    parser (3.3.9.0)
+    parser (3.3.10.0)
       ast (~> 2.4.1)
       racc
-    pp (0.6.2)
+    pp (0.6.3)
       prettyprint
     prettyprint (0.2.0)
-    prism (1.5.1)
+    prism (1.6.0)
     psych (5.2.6)
       date
       stringio
     public_suffix (6.0.2)
     racc (1.8.1)
-    rack (3.2.1)
+    rack (3.2.4)
     rainbow (3.1.1)
-    rake (13.3.0)
+    rake (13.3.1)
     rbs (3.9.5)
       logger
-    rdoc (6.14.2)
+    rdoc (6.15.1)
       erb
       psych (>= 4.0.0)
+      tsort
     reek (6.5.0)
       dry-schema (~> 1.13)
       logger (~> 1.6)
@@ -171,17 +174,17 @@ GEM
     require_bench (1.0.4)
       version_gem (>= 1.1.3, < 4)
     rexml (3.4.4)
-    rspec (3.13.1)
+    rspec (3.13.2)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
     rspec-block_is_expected (1.0.6)
-    rspec-core (3.13.5)
+    rspec-core (3.13.6)
       rspec-support (~> 3.13.0)
     rspec-expectations (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.5)
+    rspec-mocks (3.13.7)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-pending_for (0.1.19)
@@ -245,7 +248,7 @@ GEM
       rubocop-thread_safety (~> 0.5, >= 0.5.1)
       standard-rubocop-lts (~> 1.0, >= 1.0.7)
       version_gem (>= 1.1.3, < 3)
-    rubocop-shopify (2.17.1)
+    rubocop-shopify (2.18.0)
       rubocop (~> 1.62)
     rubocop-thread_safety (0.7.3)
       lint_roller (~> 1.1)
@@ -294,8 +297,8 @@ GEM
       standard-custom (>= 1.0.2, < 2)
       standard-performance (>= 1.3.1, < 2)
       version_gem (>= 1.1.4, < 3)
-    stone_checksums (1.0.2)
-      version_gem (~> 1.1, >= 1.1.8)
+    stone_checksums (1.0.3)
+      version_gem (~> 1.1, >= 1.1.9)
     stringio (3.1.7)
     terminal-table (4.0.0)
       unicode-display_width (>= 1.1.1, < 4)
@@ -305,14 +308,15 @@ GEM
       delegate (~> 0.1)
       rspec (~> 3.0)
       timecop (>= 0.7, < 1)
+    tsort (0.2.0)
     unicode-display_width (3.2.0)
       unicode-emoji (~> 4.1)
     unicode-emoji (4.1.0)
-    uri (1.0.3)
+    uri (1.1.1)
     vcr (6.3.1)
       base64
     version_gem (1.1.9)
-    webmock (3.25.1)
+    webmock (3.26.1)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -320,7 +324,7 @@ GEM
     yard-relative_markdown_links (0.5.0)
       nokogiri (>= 1.14.3, < 2)
     zeitwerk (2.7.3)
-    zlib (3.2.1)
+    zlib (3.2.2)
 
 PLATFORMS
   x86_64-linux

From 23f9af35cb0dc2d5f12a76adef7ce12ca131e583 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 7 Nov 2025 17:04:16 -0700
Subject: [PATCH 628/645] =?UTF-8?q?=F0=9F=8E=A8=20Template=20bootstrap=20b?=
 =?UTF-8?q?y=20kettle-dev-setup=20v1.1.49?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .git-hooks/commit-msg                         |  56 +--
 .git-hooks/footer-template.erb.txt            |   2 +-
 .git-hooks/prepare-commit-msg                 |  17 +-
 .github/workflows/current.yml                 |  40 +-
 .github/workflows/dep-heads.yml               |  40 +-
 .github/workflows/heads.yml                   |  36 +-
 .github/workflows/legacy.yml                  |   4 +-
 .github/workflows/style.yml                   |   2 +
 .github/workflows/truffle.yml                 |  12 +-
 .gitignore                                    |   1 +
 .junie/guidelines.md                          |  13 +-
 .yard_gfm_support.rb                          |  34 --
 .yardopts                                     |   9 +-
 Appraisal.root.gemfile                        |   2 +-
 Appraisals                                    | 119 +++---
 CONTRIBUTING.md                               |  35 +-
 FUNDING.md                                    |  17 +-
 Gemfile                                       |   4 +-
 Gemfile.lock                                  |  26 +-
 README.md                                     | 364 +++++-------------
 Rakefile                                      |   2 +-
 gemfiles/modular/documentation.gemfile        |   1 +
 gemfiles/modular/erb/r2.3/default.gemfile     |   2 +-
 gemfiles/modular/optional.gemfile             |   1 +
 gemfiles/modular/x_std_libs/r2.4/libs.gemfile |   2 +-
 oauth2.gemspec                                |  24 +-
 test_gfm.rb                                   |  32 --
 27 files changed, 351 insertions(+), 546 deletions(-)
 delete mode 100644 .yard_gfm_support.rb
 delete mode 100644 test_gfm.rb

diff --git a/.git-hooks/commit-msg b/.git-hooks/commit-msg
index 750c5bb1..5d160e67 100755
--- a/.git-hooks/commit-msg
+++ b/.git-hooks/commit-msg
@@ -16,33 +16,39 @@ begin
   # Is the first character a GitMoji?
   gitmoji_index = full_text =~ Gitmoji::Regex::REGEX
   if gitmoji_index == 0
-    exit 0
+    exit(0)
   else
-    denied = < e
-  warn("gitmoji-regex gem not found: #{e.class}: #{e.message}.\n\tSkipping gitmoji check and allowing commit to proceed.\n\tRecommendation: add 'gitmoji-regex' to your development dependencies to enable this check.")
-  exit 0
+  failure = <<~EOM
+    gitmoji-regex gem not found: #{e.class}: #{e.message}.
+      Skipping gitmoji check and allowing commit to proceed.
+      Recommendation: add 'gitmoji-regex' to your development dependencies to enable this check.
+    
+  EOM
+  warn(failure)
+  exit(0)
 end
diff --git a/.git-hooks/footer-template.erb.txt b/.git-hooks/footer-template.erb.txt
index d732d699..36cdb0ad 100644
--- a/.git-hooks/footer-template.erb.txt
+++ b/.git-hooks/footer-template.erb.txt
@@ -1,5 +1,5 @@
 ⚡️ A message from a fellow meat-based-AI ⚡️
-- [❤️] Finely-crafted open-source tools like <%= @gem_name %> (& many more) are a full-time endeavor.
+- [❤️] Finely-crafted open-source tools like <%= @gem_name %> (& many more) require time and effort.
 - [❤️] Though I adore my work, it lacks financial sustainability.
 - [❤️] Please, help me continue enhancing your tools by becoming a sponsor:
   - [💲] https://liberapay.com/pboling/donate
diff --git a/.git-hooks/prepare-commit-msg b/.git-hooks/prepare-commit-msg
index c6a15570..dbc30589 100755
--- a/.git-hooks/prepare-commit-msg
+++ b/.git-hooks/prepare-commit-msg
@@ -3,17 +3,6 @@
 # Fail on error and unset variables
 set -eu
 
-# Determine project root as the parent directory of this hook script
-PROJECT_ROOT="$(CDPATH= cd -- "$(dirname -- "$0")"/.. && pwd)"
-
-# Run the Ruby hook within the direnv context (if available),
-# so ENV from .envrc/.env.local at project root is loaded.
-# One of the things .envrc needs to do is add $PROJECT_ROOT/bin/ to the path.
-# You should have this line at the top of .envrc
-#   PATH_add bin
-# NOTE: If this project ships exe scripts it should also add that.
-if command -v direnv >/dev/null 2>&1; then
-  exec direnv exec "$PROJECT_ROOT" "kettle-commit-msg" "$@"
-else
-  raise "direnv not found. Local development of this project ($PROJECT_ROOT) with tools from the kettle-dev gem may not work properly. Please run 'brew install direnv'."
-fi
+# We are not using direnv exec here because mise and direnv can result in conflicting PATH settings:
+# See: https://mise.jdx.dev/direnv.html
+exec "kettle-commit-msg" "$@"
diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml
index f8a9e644..7dab87e0 100644
--- a/.github/workflows/current.yml
+++ b/.github/workflows/current.yml
@@ -63,11 +63,11 @@ jobs:
 
     steps:
       - name: Checkout
-        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
-        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
@@ -79,11 +79,37 @@ jobs:
       # We need to do this first to get appraisal installed.
       # NOTE: This does not use the primary Gemfile at all.
       - name: Install Root Appraisal
-        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle
-      - name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}
-        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+
+      - name: "[Attempt 1] Install Root Appraisal"
+        id: bundleAttempt1
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
+        run: bundle
+        # Continue to the next step on failure
+        continue-on-error: true
+
+      # Effectively an automatic retry of the previous step.
+      - name: "[Attempt 2] Install Root Appraisal"
+        id: bundleAttempt2
+        # If bundleAttempt1 failed, try again here; Otherwise skip.
+        if: ${{ steps.bundleAttempt1.outcome == 'failure' && (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
+        run: bundle
+
+      - name: "[Attempt 1] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
+        id: bundleAppraisalAttempt1
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
+        run: bundle exec appraisal ${{ matrix.appraisal }} bundle
+        # Continue to the next step on failure
+        continue-on-error: true
+
+      # Effectively an automatic retry of the previous step.
+      - name: "[Attempt 2] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
+        id: bundleAppraisalAttempt2
+        # If bundleAppraisalAttempt1 failed, try again here; Otherwise skip.
+        if: ${{ steps.bundleAppraisalAttempt1.outcome == 'failure' && (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle
-      - name: Tests for ${{ matrix.ruby }}@${{ matrix.appraisal }} via ${{ matrix.exec_cmd }}
-        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+
+      - name: Tests for ${{ matrix.ruby }} via ${{ matrix.exec_cmd }}
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }}
diff --git a/.github/workflows/dep-heads.yml b/.github/workflows/dep-heads.yml
index f6915689..a3d03f5f 100644
--- a/.github/workflows/dep-heads.yml
+++ b/.github/workflows/dep-heads.yml
@@ -47,9 +47,7 @@ jobs:
             rubygems: latest
             bundler: latest
 
-          # truffleruby-24.1
-          #   (according to documentation: targets Ruby 3.3 compatibility)
-          #   (according to runtime: targets Ruby 3.2 compatibility)
+          # truffleruby-24.1 (targets Ruby 3.3 compatibility)
           - ruby: "truffleruby"
             appraisal: "dep-heads"
             exec_cmd: "rake test"
@@ -67,11 +65,11 @@ jobs:
 
     steps:
       - name: Checkout
-        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
-        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
@@ -82,24 +80,38 @@ jobs:
       # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root)
       # We need to do this first to get appraisal installed.
       # NOTE: This does not use the primary Gemfile at all.
-      - name: "Install Root Appraisal"
-        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+      - name: Install Root Appraisal
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle
 
-      - name: "[Attempt 1] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
-        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+      - name: "[Attempt 1] Install Root Appraisal"
         id: bundleAttempt1
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
+        run: bundle
+        # Continue to the next step on failure
+        continue-on-error: true
+
+      # Effectively an automatic retry of the previous step.
+      - name: "[Attempt 2] Install Root Appraisal"
+        id: bundleAttempt2
+        # If bundleAttempt1 failed, try again here; Otherwise skip.
+        if: ${{ steps.bundleAttempt1.outcome == 'failure' && (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
+        run: bundle
+
+      - name: "[Attempt 1] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
+        id: bundleAppraisalAttempt1
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle
         # Continue to the next step on failure
         continue-on-error: true
 
       # Effectively an automatic retry of the previous step.
       - name: "[Attempt 2] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
-        # If bundleAttempt1 failed, try again here; Otherwise skip.
-        if: ${{ steps.bundleAttempt1.outcome == 'failure' && !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
-        id: bundleAttempt2
+        id: bundleAppraisalAttempt2
+        # If bundleAppraisalAttempt1 failed, try again here; Otherwise skip.
+        if: ${{ steps.bundleAppraisalAttempt1.outcome == 'failure' && (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle
 
-      - name: Tests for ${{ matrix.ruby }}@${{ matrix.appraisal }} via ${{ matrix.exec_cmd }}
-        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+      - name: Tests for ${{ matrix.ruby }} via ${{ matrix.exec_cmd }}
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }}
diff --git a/.github/workflows/heads.yml b/.github/workflows/heads.yml
index f8c92d16..104f1a7a 100644
--- a/.github/workflows/heads.yml
+++ b/.github/workflows/heads.yml
@@ -64,11 +64,11 @@ jobs:
 
     steps:
       - name: Checkout
-        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
-        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
@@ -79,24 +79,38 @@ jobs:
       # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root)
       # We need to do this first to get appraisal installed.
       # NOTE: This does not use the primary Gemfile at all.
-      - name: "Install Root Appraisal"
-        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+      - name: Install Root Appraisal
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle
 
-      - name: "[Attempt 1] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
-        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+      - name: "[Attempt 1] Install Root Appraisal"
         id: bundleAttempt1
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
+        run: bundle
+        # Continue to the next step on failure
+        continue-on-error: true
+
+      # Effectively an automatic retry of the previous step.
+      - name: "[Attempt 2] Install Root Appraisal"
+        id: bundleAttempt2
+        # If bundleAttempt1 failed, try again here; Otherwise skip.
+        if: ${{ steps.bundleAttempt1.outcome == 'failure' && (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
+        run: bundle
+
+      - name: "[Attempt 1] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
+        id: bundleAppraisalAttempt1
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle
         # Continue to the next step on failure
         continue-on-error: true
 
       # Effectively an automatic retry of the previous step.
       - name: "[Attempt 2] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
-        # If bundleAttempt1 failed, try again here; Otherwise skip.
-        if: ${{ steps.bundleAttempt1.outcome == 'failure' && !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
-        id: bundleAttempt2
+        id: bundleAppraisalAttempt2
+        # If bundleAppraisalAttempt1 failed, try again here; Otherwise skip.
+        if: ${{ steps.bundleAppraisalAttempt1.outcome == 'failure' && (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle
 
-      - name: Tests for ${{ matrix.ruby }}@${{ matrix.appraisal }} via ${{ matrix.exec_cmd }}
-        if: ${{ !(env.ACT && startsWith(matrix.ruby, 'jruby')) }}
+      - name: Tests for ${{ matrix.ruby }} via ${{ matrix.exec_cmd }}
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }}
diff --git a/.github/workflows/legacy.yml b/.github/workflows/legacy.yml
index 7f1fc299..f7853f62 100644
--- a/.github/workflows/legacy.yml
+++ b/.github/workflows/legacy.yml
@@ -50,8 +50,8 @@ jobs:
             appraisal: "ruby-3-1"
             exec_cmd: "rake test"
             gemfile: "Appraisal.root"
-            rubygems: latest
-            bundler: latest
+            rubygems: '3.6.9'
+            bundler: '2.6.9'
 
     steps:
       - name: Checkout
diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
index 2fe1e03c..4fbef86e 100644
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@@ -63,3 +63,5 @@ jobs:
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle
       - name: Run ${{ matrix.appraisal }} checks via ${{ matrix.exec_cmd }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }}
+      - name: Validate RBS Types
+        run: bundle exec appraisal ${{ matrix.appraisal }} bin/rbs validate
diff --git a/.github/workflows/truffle.yml b/.github/workflows/truffle.yml
index db651885..67807231 100644
--- a/.github/workflows/truffle.yml
+++ b/.github/workflows/truffle.yml
@@ -47,9 +47,11 @@ jobs:
 
     steps:
       - name: Checkout
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         uses: actions/checkout@v5
 
       - name: Setup Ruby & RubyGems
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
@@ -61,10 +63,12 @@ jobs:
       # We need to do this first to get appraisal installed.
       # NOTE: This does not use the primary Gemfile at all.
       - name: Install Root Appraisal
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle
 
       - name: "[Attempt 1] Install Root Appraisal"
         id: bundleAttempt1
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle
         # Continue to the next step on failure
         continue-on-error: true
@@ -73,11 +77,12 @@ jobs:
       - name: "[Attempt 2] Install Root Appraisal"
         id: bundleAttempt2
         # If bundleAttempt1 failed, try again here; Otherwise skip.
-        if: steps.bundleAttempt1.outcome == 'failure'
+        if: ${{ steps.bundleAttempt1.outcome == 'failure' && (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle
 
       - name: "[Attempt 1] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
         id: bundleAppraisalAttempt1
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle
         # Continue to the next step on failure
         continue-on-error: true
@@ -85,9 +90,10 @@ jobs:
       # Effectively an automatic retry of the previous step.
       - name: "[Attempt 2] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
         id: bundleAppraisalAttempt2
-        # If bundleAttempt1 failed, try again here; Otherwise skip.
-        if: steps.bundleAppraisalAttempt1.outcome == 'failure'
+        # If bundleAppraisalAttempt1 failed, try again here; Otherwise skip.
+        if: ${{ steps.bundleAppraisalAttempt1.outcome == 'failure' && (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle
 
       - name: Tests for ${{ matrix.ruby }} via ${{ matrix.exec_cmd }}
+        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
         run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }}
diff --git a/.gitignore b/.gitignore
index 15f1f941..068190dc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@
 *.gem
 
 # Bundler
+/vendor/bundle/
 /.bundle/
 /gemfiles/*.lock
 /gemfiles/.bundle/
diff --git a/.junie/guidelines.md b/.junie/guidelines.md
index 152e080b..42844a0a 100644
--- a/.junie/guidelines.md
+++ b/.junie/guidelines.md
@@ -47,9 +47,7 @@ This document captures project-specific knowledge to streamline setup, testing,
   - RSpec 3.13 with custom spec/spec_helper.rb configuration:
     - silent_stream: STDOUT is silenced by default for examples to keep logs clean.
       - To explicitly test console output, tag the example or group with :check_output.
-    - Global state hygiene: Around each example, FlossFunding.namespaces and FlossFunding.silenced are snapshotted and restored to prevent cross-test pollution.
     - DEBUG toggle: Set DEBUG=true to require 'debug' and avoid silencing output during your run.
-    - ENV seeding: The suite sets ENV["FLOSS_FUNDING_FLOSS_FUNDING"] = "Free-as-in-beer" so that the library’s own namespace is considered activated (avoids noisy warnings).
     - Coverage: kettle-soup-cover integrates SimpleCov; .simplecov is invoked from spec_helper when enabled by Kettle::Soup::Cover::DO_COV, which is controlled by K_SOUP_COV_DO being set to true / false.
     - RSpec.describe usage:
       - Use `describe "#"` to contain a block of specs that test instance method behavior.
@@ -73,10 +71,11 @@ This document captures project-specific knowledge to streamline setup, testing,
   - Output visibility
     - To see STDOUT from the code under test, use the :check_output tag on the example or group.
       Example:
-      RSpec.describe "output", :check_output do
-        it "prints" do
-          puts "This output should be visible"
-          expect(true).to be true
+      RSpec.describe "with output", :check_output do
+        it "has output" do
+          output = capture(:stderr) {kernel.warn("This is a warning")}
+          logs = [ "This is a warning\n" ]
+          expect(output).to(include(*logs))
         end
       end
     - Alternatively, run with DEBUG=true to disable silencing for the entire run.
@@ -94,7 +93,9 @@ This document captures project-specific knowledge to streamline setup, testing,
       include_context 'with stubbed env'
     - in a before hook, or in an example:
       stub_env("FLOSS_FUNDING_MY_NS" => "Free-as-in-beer")
+
       # example code continues
+
   - If your spec needs to assert on console output, tag it with :check_output. By default, STDOUT is silenced.
   - Use Timecop for deterministic time-sensitive behavior as needed (require config/timecop is already done by spec_helper).
 
diff --git a/.yard_gfm_support.rb b/.yard_gfm_support.rb
deleted file mode 100644
index 3c8a6b0e..00000000
--- a/.yard_gfm_support.rb
+++ /dev/null
@@ -1,34 +0,0 @@
-# Gratefully and liberally taken from the MIT-licensed https://github.com/bensheldon/good_job/pull/113/files
-require "kramdown"
-require "kramdown-parser-gfm"
-
-# Custom markup provider class that always renders Kramdown using GFM (Github Flavored Markdown).
-# GFM is needed to render markdown tables and fenced code blocks in the README.
-class KramdownGfmDocument < Kramdown::Document
-  def initialize(source, options = {})
-    options[:input] = "GFM" unless options.key?(:input)
-    super(source, options)
-  end
-end
-
-# Ensure YARD is loaded before modifying its constants
-require 'yard' unless defined?(YARD)
-
-# Insert the new provider as the highest priority option for Markdown.
-# See:
-# - https://github.com/lsegal/yard/issues/1157
-# - https://github.com/lsegal/yard/issues/1017
-# - https://github.com/lsegal/yard/blob/main/lib/yard/templates/helpers/markup_helper.rb
-require 'yard/templates/helpers/markup_helper'
-
-providers = YARD::Templates::Helpers::MarkupHelper::MARKUP_PROVIDERS[:markdown]
-providers.unshift({lib: :kramdown, const: :KramdownGfmDocument})
-
-# Normalize provider entries to what YARD expects (const must be a String)
-providers.each do |provider|
-  const = provider[:const]
-  provider[:const] = const.to_s if const.is_a?(Symbol)
-end
-
-# De-duplicate entries by [lib, const]
-providers.uniq! { |p| [p[:lib], p[:const].to_s] }
diff --git a/.yardopts b/.yardopts
index 479134df..ab259161 100644
--- a/.yardopts
+++ b/.yardopts
@@ -1,11 +1,12 @@
+--plugin fence
+-e yard/fence/hoist.rb
 --plugin junk
 --plugin relative_markdown_links
---readme README.md
+--readme tmp/yard-fence/README.md
 --charset utf-8
 --markup markdown
 --output docs
---load .yard_gfm_support.rb
 'lib/**/*.rb'
 -
-'*.md'
-'*.txt'
\ No newline at end of file
+'tmp/yard-fence/*.md'
+'tmp/yard-fence/*.txt'
diff --git a/Appraisal.root.gemfile b/Appraisal.root.gemfile
index 02afd183..a0001cd0 100644
--- a/Appraisal.root.gemfile
+++ b/Appraisal.root.gemfile
@@ -2,7 +2,7 @@
 
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 # Appraisal Root Gemfile is for running appraisal to generate the Appraisal Gemfiles
 #   in gemfiles/*gemfile.
diff --git a/Appraisals b/Appraisals
index 90e5effc..e1a741b5 100644
--- a/Appraisals
+++ b/Appraisals
@@ -47,65 +47,6 @@ appraise "dep-heads" do
   eval_gemfile "modular/runtime_heads.gemfile"
 end
 
-appraise "ruby-2-3-hashie_v0" do
-  eval_gemfile "modular/faraday_v0.gemfile"
-  eval_gemfile "modular/hashie_v0.gemfile"
-  eval_gemfile "modular/jwt_v1.gemfile"
-  eval_gemfile "modular/logger_v1_2.gemfile"
-  eval_gemfile "modular/multi_xml_v0_5.gemfile"
-  eval_gemfile "modular/rack_v1_2.gemfile"
-  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
-end
-
-appraise "ruby-2-3-hashie_v1" do
-  eval_gemfile "modular/faraday_v0.gemfile"
-  eval_gemfile "modular/hashie_v1.gemfile"
-  eval_gemfile "modular/jwt_v1.gemfile"
-  eval_gemfile "modular/logger_v1_2.gemfile"
-  eval_gemfile "modular/multi_xml_v0_5.gemfile"
-  eval_gemfile "modular/rack_v1_2.gemfile"
-  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
-end
-
-appraise "ruby-2-3-hashie_v2" do
-  eval_gemfile "modular/faraday_v0.gemfile"
-  eval_gemfile "modular/hashie_v2.gemfile"
-  eval_gemfile "modular/jwt_v1.gemfile"
-  eval_gemfile "modular/logger_v1_2.gemfile"
-  eval_gemfile "modular/multi_xml_v0_5.gemfile"
-  eval_gemfile "modular/rack_v1_2.gemfile"
-  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
-end
-
-appraise "ruby-2-3-hashie_v3" do
-  eval_gemfile "modular/faraday_v0.gemfile"
-  eval_gemfile "modular/hashie_v3.gemfile"
-  eval_gemfile "modular/jwt_v1.gemfile"
-  eval_gemfile "modular/logger_v1_2.gemfile"
-  eval_gemfile "modular/multi_xml_v0_5.gemfile"
-  eval_gemfile "modular/rack_v1_2.gemfile"
-  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
-end
-
-appraise "ruby-2-3-hashie_v4" do
-  eval_gemfile "modular/faraday_v0.gemfile"
-  eval_gemfile "modular/hashie_v4.gemfile"
-  eval_gemfile "modular/jwt_v1.gemfile"
-  eval_gemfile "modular/logger_v1_2.gemfile"
-  eval_gemfile "modular/multi_xml_v0_5.gemfile"
-  eval_gemfile "modular/rack_v1_2.gemfile"
-  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
-end
-
-appraise "ruby-2-3-hashie_v5" do
-  eval_gemfile "modular/faraday_v0.gemfile"
-  eval_gemfile "modular/hashie_v5.gemfile"
-  eval_gemfile "modular/jwt_v1.gemfile"
-  eval_gemfile "modular/logger_v1_2.gemfile"
-  eval_gemfile "modular/multi_xml_v0_5.gemfile"
-  eval_gemfile "modular/rack_v1_2.gemfile"
-  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
-end
 
 appraise "ruby-2-4" do
   eval_gemfile "modular/faraday_v1.gemfile"
@@ -217,3 +158,63 @@ appraise "style" do
   eval_gemfile "modular/style.gemfile"
   eval_gemfile "modular/x_std_libs.gemfile"
 end
+
+appraise "ruby-2-3-hashie_v0" do
+  eval_gemfile "modular/faraday_v0.gemfile"
+  eval_gemfile "modular/hashie_v0.gemfile"
+  eval_gemfile "modular/jwt_v1.gemfile"
+  eval_gemfile "modular/logger_v1_2.gemfile"
+  eval_gemfile "modular/multi_xml_v0_5.gemfile"
+  eval_gemfile "modular/rack_v1_2.gemfile"
+  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
+end
+
+appraise "ruby-2-3-hashie_v1" do
+  eval_gemfile "modular/faraday_v0.gemfile"
+  eval_gemfile "modular/hashie_v1.gemfile"
+  eval_gemfile "modular/jwt_v1.gemfile"
+  eval_gemfile "modular/logger_v1_2.gemfile"
+  eval_gemfile "modular/multi_xml_v0_5.gemfile"
+  eval_gemfile "modular/rack_v1_2.gemfile"
+  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
+end
+
+appraise "ruby-2-3-hashie_v2" do
+  eval_gemfile "modular/faraday_v0.gemfile"
+  eval_gemfile "modular/hashie_v2.gemfile"
+  eval_gemfile "modular/jwt_v1.gemfile"
+  eval_gemfile "modular/logger_v1_2.gemfile"
+  eval_gemfile "modular/multi_xml_v0_5.gemfile"
+  eval_gemfile "modular/rack_v1_2.gemfile"
+  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
+end
+
+appraise "ruby-2-3-hashie_v3" do
+  eval_gemfile "modular/faraday_v0.gemfile"
+  eval_gemfile "modular/hashie_v3.gemfile"
+  eval_gemfile "modular/jwt_v1.gemfile"
+  eval_gemfile "modular/logger_v1_2.gemfile"
+  eval_gemfile "modular/multi_xml_v0_5.gemfile"
+  eval_gemfile "modular/rack_v1_2.gemfile"
+  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
+end
+
+appraise "ruby-2-3-hashie_v4" do
+  eval_gemfile "modular/faraday_v0.gemfile"
+  eval_gemfile "modular/hashie_v4.gemfile"
+  eval_gemfile "modular/jwt_v1.gemfile"
+  eval_gemfile "modular/logger_v1_2.gemfile"
+  eval_gemfile "modular/multi_xml_v0_5.gemfile"
+  eval_gemfile "modular/rack_v1_2.gemfile"
+  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
+end
+
+appraise "ruby-2-3-hashie_v5" do
+  eval_gemfile "modular/faraday_v0.gemfile"
+  eval_gemfile "modular/hashie_v5.gemfile"
+  eval_gemfile "modular/jwt_v1.gemfile"
+  eval_gemfile "modular/logger_v1_2.gemfile"
+  eval_gemfile "modular/multi_xml_v0_5.gemfile"
+  eval_gemfile "modular/rack_v1_2.gemfile"
+  eval_gemfile "modular/x_std_libs/r2.3/libs.gemfile"
+end
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index f70f8c81..4cbdfb9b 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -24,9 +24,10 @@ Follow these instructions:
 
 ## Executables vs Rake tasks
 
-Executables shipped by oauth2 can be used with or without generating the binstubs.
-They will work when oauth2 is installed globally (i.e., `gem install oauth2`) and do not require that oauth2 be in your bundle.
+Executables shipped by dependencies, such as kettle-dev, and stone_checksums, are available
+after running `bin/setup`. These include:
 
+- gem_checksums
 - kettle-changelog
 - kettle-commit-msg
 - oauth2-setup
@@ -35,20 +36,10 @@ They will work when oauth2 is installed globally (i.e., `gem install oauth2`) an
 - kettle-readme-backers
 - kettle-release
 
-However, the rake tasks provided by oauth2 do require oauth2 to be added as a development dependency and loaded in your Rakefile.
-See the full list of rake tasks in head of Rakefile
+There are many Rake tasks available as well. You can see them by running:
 
-**Gemfile**
-```ruby
-group :development do
-  gem "oauth2", require: false
-end
-```
-
-**Rakefile**
-```ruby
-# Rakefile
-require "oauth2"
+```shell
+bin/rake -T
 ```
 
 ## Environment Variables for Local Development
@@ -118,10 +109,8 @@ bundle exec rake test
 
 ### Spec organization (required)
 
-- One spec file per class/module. For each class or module under `lib/`, keep all of its unit tests in a single spec file under `spec/` that mirrors the path and file name exactly: `lib/oauth2/release_cli.rb` -> `spec/oauth2/release_cli_spec.rb`.
-- Never add a second spec file for the same class/module. Examples of disallowed names: `*_more_spec.rb`, `*_extra_spec.rb`, `*_status_spec.rb`, or any other suffix that still targets the same class. If you find yourself wanting a second file, merge those examples into the canonical spec file for that class/module.
+- One spec file per class/module. For each class or module under `lib/`, keep all of its unit tests in a single spec file under `spec/` that mirrors the path and file name exactly: `lib/oauth2/my_class.rb` -> `spec/oauth2/my_class_spec.rb`.
 - Exception: Integration specs that intentionally span multiple classes. Place these under `spec/integration/` (or a clearly named integration folder), and do not directly mirror a single class. Name them after the scenario, not a class.
-- Migration note: If a duplicate spec file exists, move all examples into the canonical file and delete the duplicate. Do not leave stubs or empty files behind.
 
 ## Lint It
 
@@ -144,7 +133,7 @@ For more detailed information about using RuboCop in this project, please see th
 Never add `# rubocop:disable ...` / `# rubocop:enable ...` comments to code or specs (except when following the few existing `rubocop:disable` patterns for a rule already being disabled elsewhere in the code). Instead:
 
 - Prefer configuration-based exclusions when a rule should not apply to certain paths or files (e.g., via `.rubocop.yml`).
-- When a violation is temporary and you plan to fix it later, record it in `.rubocop_gradual.lock` using the gradual workflow:
+- When a violation is temporary, and you plan to fix it later, record it in `.rubocop_gradual.lock` using the gradual workflow:
   - `bundle exec rake rubocop_gradual:autocorrect` (preferred)
   - `bundle exec rake rubocop_gradual:force_update` (only when you cannot fix the violations immediately)
 
@@ -167,7 +156,7 @@ Also see GitLab Contributors: [https://gitlab.com/ruby-oauth/oauth2/-/graphs/mai
 **IMPORTANT**: To sign a build,
 a public key for signing gems will need to be picked up by the line in the
 `gemspec` defining the `spec.cert_chain` (check the relevant ENV variables there).
-All releases to RubyGems.org are signed releases.
+All releases are signed releases.
 See: [RubyGems Security Guide][🔒️rubygems-security-guide]
 
 NOTE: To build without signing the gem set `SKIP_GEM_SIGNING` to any value in the environment.
@@ -176,7 +165,7 @@ NOTE: To build without signing the gem set `SKIP_GEM_SIGNING` to any value in th
 
 #### Automated process
 
-1. Update version.rb to contian the correct version-to-be-released.
+1. Update version.rb to contain the correct version-to-be-released.
 2. Run `bundle exec kettle-changelog`.
 3. Run `bundle exec kettle-release`.
 
@@ -205,7 +194,7 @@ NOTE: To build without signing the gem set `SKIP_GEM_SIGNING` to any value in th
 12. Sanity check the SHA256, comparing with the output from the `bin/gem_checksums` command:
     - `sha256sum pkg/-.gem`
 13. Run `bundle exec rake release` which will create a git tag for the version,
-    push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems]
+    push git commits and tags, and push the `.gem` file to the gem host configured in the gemspec.
 
 [📜src-gl]: https://gitlab.com/ruby-oauth/oauth2/
 [📜src-cb]: https://codeberg.org/ruby-oauth/oauth2
@@ -216,7 +205,7 @@ NOTE: To build without signing the gem set `SKIP_GEM_SIGNING` to any value in th
 [🖐contributors]: https://github.com/ruby-oauth/oauth2/graphs/contributors
 [🚎contributors-gl]: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main
 [🖐contributors-img]: https://contrib.rocks/image?repo=ruby-oauth/oauth2
-[💎rubygems]: https://rubygems.org
+[💎gem-coop]: https://gem.coop
 [🔒️rubygems-security-guide]: https://guides.rubygems.org/security/#building-gems
 [🔒️rubygems-checksums-pr]: https://github.com/rubygems/rubygems/pull/6022
 [🔒️rubygems-guides-pr]: https://github.com/rubygems/guides/pull/325
diff --git a/FUNDING.md b/FUNDING.md
index b7a061d1..5ddd4bca 100644
--- a/FUNDING.md
+++ b/FUNDING.md
@@ -6,7 +6,7 @@ Many paths lead to being a sponsor or a backer of this project. Are you on such
 
 [![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal]
 
-[![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
+[![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS efforts using Patreon][🖇patreon-img]][🖇patreon]
 
 [⛳liberapay-img]: https://img.shields.io/liberapay/goal/pboling.svg?logo=liberapay&color=a51611&style=flat
 [⛳liberapay]: https://liberapay.com/pboling/donate
@@ -31,11 +31,11 @@ Many paths lead to being a sponsor or a backer of this project. Are you on such
 
 
 
-# 🤑 Request for Help
+# 🤑 A request for help
 
 Maintainers have teeth and need to pay their dentists.
-After getting laid off in an RIF in March and filled with many dozens of rejections,
-I'm now spending ~60+ hours a week building open source tools.
+After getting laid off in an RIF in March, and encountering difficulty finding a new one,
+I began spending most of my time building open source tools.
 I'm hoping to be able to pay for my kids' health insurance this month,
 so if you value the work I am doing, I need your support.
 Please consider sponsoring me or the project.
@@ -44,16 +44,13 @@ To join the community or get help 👇️ Join the Discord.
 
 [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite]
 
-To say "thanks for maintaining such a great tool" ☝️ Join the Discord or 👇️ send money.
+To say "thanks!" ☝️ Join the Discord or 👇️ send money.
 
-[![Sponsor ruby-oauth/oauth2 on Open Source Collective][🖇osc-all-bottom-img]][🖇osc] 💌 [![Sponsor me on GitHub Sponsors][🖇sponsor-bottom-img]][🖇sponsor] 💌 [![Sponsor me on Liberapay][⛳liberapay-bottom-img]][⛳liberapay-img] 💌 [![Donate on PayPal][🖇paypal-bottom-img]][🖇paypal-img]
+[![Sponsor ruby-oauth/oauth2 on Open Source Collective][🖇osc-all-bottom-img]][🖇osc] 💌 [![Sponsor me on GitHub Sponsors][🖇sponsor-bottom-img]][🖇sponsor] 💌 [![Sponsor me on Liberapay][⛳liberapay-bottom-img]][⛳liberapay] 💌 [![Donate on PayPal][🖇paypal-bottom-img]][🖇paypal]
 
 # Another Way to Support Open Source Software
 
-> How wonderful it is that nobody need wait a single moment before starting to improve the world.
                                                                                                            
->—Anne Frank
-
-I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions — totaling 79 hours of FLOSS coding over just the past seven days, a pretty regular week for me.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
+I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
 
 If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in `bundle fund`.
 
diff --git a/Gemfile b/Gemfile
index 19875ab5..be6c1816 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
-git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+git_source(:codeberg) { |repo_name| "https://codeberg.org/#{repo_name}" }
 git_source(:gitlab) { |repo_name| "https://gitlab.com/#{repo_name}" }
 
 #### IMPORTANT #######################################################
diff --git a/Gemfile.lock b/Gemfile.lock
index 9961d0f9..65ed6feb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,5 +1,5 @@
 GIT
-  remote: https://github.com/pboling/yard-junk
+  remote: https://github.com/pboling/yard-junk.git
   revision: 54ccebabbfa9a9cd44d0b991687ebbfd22c32b55
   branch: next
   specs:
@@ -23,7 +23,7 @@ PATH
       version_gem (~> 1.1, >= 1.1.9)
 
 GEM
-  remote: https://rubygems.org/
+  remote: https://gem.coop/
   specs:
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
@@ -41,9 +41,6 @@ GEM
       bundler (>= 1.2.0, < 3)
       thor (~> 1.0)
     concurrent-ruby (1.3.5)
-    crack (1.0.1)
-      bigdecimal
-      rexml
     date (3.5.0)
     debug (1.11.0)
       irb (~> 1.10)
@@ -93,7 +90,6 @@ GEM
       version_gem (~> 1.1, >= 1.1.4)
     gitmoji-regex (1.0.3)
       version_gem (~> 1.1, >= 1.1.8)
-    hashdiff (1.2.1)
     hashie (5.0.0)
     io-console (0.8.1)
     irb (1.15.3)
@@ -313,14 +309,12 @@ GEM
       unicode-emoji (~> 4.1)
     unicode-emoji (4.1.0)
     uri (1.1.1)
-    vcr (6.3.1)
-      base64
     version_gem (1.1.9)
-    webmock (3.26.1)
-      addressable (>= 2.8.0)
-      crack (>= 0.3.2)
-      hashdiff (>= 0.4.0, < 2.0.0)
     yard (0.9.37)
+    yard-fence (0.4.0)
+      rdoc (~> 6.11)
+      version_gem (~> 1.1, >= 1.1.9)
+      yard (~> 0.9, >= 0.9.37)
     yard-relative_markdown_links (0.5.0)
       nokogiri (>= 1.14.3, < 2)
     zeitwerk (2.7.3)
@@ -330,7 +324,7 @@ PLATFORMS
   x86_64-linux
 
 DEPENDENCIES
-  addressable (~> 2.8, >= 2.8.7)
+  addressable (~> 2.8, >= 2.8.7, >= 2.8, < 3)
   appraisal2 (~> 3.0)
   backports (~> 3.25, >= 3.25.1)
   benchmark (~> 0.4, >= 0.4.1)
@@ -342,7 +336,7 @@ DEPENDENCIES
   irb (~> 1.15, >= 1.15.2)
   kettle-dev (~> 1.1)
   kettle-soup-cover (~> 1.0, >= 1.0.10)
-  kettle-test (~> 1.0)
+  kettle-test (~> 1.0, >= 1.0.6)
   kramdown (~> 2.5, >= 2.5.1)
   kramdown-parser-gfm (~> 1.1)
   mutex_m (~> 0.2)
@@ -353,7 +347,6 @@ DEPENDENCIES
   reek (~> 6.5)
   require_bench (~> 1.0, >= 1.0.4)
   rexml (~> 3.2, >= 3.2.5)
-  rspec-pending_for (~> 0.0, >= 0.0.17)
   rubocop-lts (~> 8.0)
   rubocop-on-rbs (~> 1.8)
   rubocop-packaging (~> 0.6, >= 0.6.0)
@@ -363,9 +356,8 @@ DEPENDENCIES
   standard (>= 1.50)
   stone_checksums (~> 1.0, >= 1.0.2)
   stringio (>= 3.0)
-  vcr (>= 4)
-  webmock (>= 3)
   yard (~> 0.9, >= 0.9.37)
+  yard-fence (~> 0.4)
   yard-junk (~> 0.0, >= 0.0.10)!
   yard-relative_markdown_links (~> 0.5.0)
 
diff --git a/README.md b/README.md
index 74069300..a5ec5975 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,32 @@
+| 📍 NOTE                                                                                                                                                           |
+|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| RubyGems (the [GitHub org][rubygems-org], not the website) [suffered][draper-security] a [hostile takeover][ellen-takeover] in September 2025.                    |
+| Ultimately [4 maintainers][simi-removed] were [hard removed][martin-removed] and a reason has been given for only 1 of those, while 2 others resigned in protest. |
+| It is a [complicated story][draper-takeover] which is difficult to [parse quickly][draper-lies].                                                                  |
+| I'm adding notes like this to gems because I [don't condone theft][draper-theft] of repositories or gems from their rightful owners.                              |
+| If a similar theft happened with my repos/gems, I'd hope some would stand up for me.                                                                              |
+| Disenfranchised former-maintainers have started [gem.coop][gem-coop].                                                                                             |
+| Once available I will publish there exclusively; unless RubyCentral makes amends with the community.                                                              |
+| The ["Technology for Humans: Joel Draper"][reinteractive-podcast] podcast episode by [reinteractive][reinteractive] is the most cogent summary I'm aware of.      |
+| See [here][gem-naming], [here][gem-coop] and [here][martin-ann] for more info on what comes next.                                                                 |
+| What I'm doing: A (WIP) proposal for [bundler/gem scopes][gem-scopes], and a (WIP) proposal for a federated [gem server][gem-server].                             |
+
+[rubygems-org]: https://github.com/rubygems/
+[draper-security]: https://joel.drapper.me/p/ruby-central-security-measures/
+[draper-takeover]: https://joel.drapper.me/p/ruby-central-takeover/
+[ellen-takeover]: https://pup-e.com/blog/goodbye-rubygems/
+[simi-removed]: https://www.reddit.com/r/ruby/s/gOk42POCaV
+[martin-removed]: https://bsky.app/profile/martinemde.com/post/3m3occezxxs2q
+[draper-lies]: https://joel.drapper.me/p/ruby-central-fact-check/
+[draper-theft]: https://joel.drapper.me/p/ruby-central/
+[reinteractive]: https://reinteractive.com/ruby-on-rails
+[gem-coop]: https://gem.coop
+[gem-naming]: https://github.com/gem-coop/gem.coop/issues/12
+[martin-ann]: https://martinemde.com/2025/10/05/announcing-gem-coop.html
+[gem-scopes]: https://github.com/galtzo-floss/bundle-namespace
+[gem-server]: https://github.com/galtzo-floss/gem-server
+[reinteractive-podcast]: https://youtu.be/_H4qbtC5qzU?si=BvuBU90R2wAqD2E6
+
 [![Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0][🖼️galtzo-i]][🖼️galtzo-discord] [![ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5][🖼️ruby-lang-i]][🖼️ruby-lang] [![oauth2 Logo by Chris Messina, CC BY-SA 3.0][🖼️oauth2-i]][🖼️oauth2]
 
 [🖼️galtzo-i]: https://logos.galtzo.com/assets/images/galtzo-floss/avatar-192px.svg
@@ -30,7 +59,7 @@ This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby appli
 
 ### Quick Examples
 
-
                                                                                                            
+
                                                                                                            
   Convert the following `curl` command into a token request using this gem...
 
 ```shell
@@ -61,7 +90,7 @@ NOTE: `header` - The content type specified in the `curl` is already the default
 
 
                                                                                                            
 
-
                                                                                                            
+
                                                                                                            
+  Find this repo on federated forges (Coming soon!)
 
-| Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
-|-----------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
-| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]    | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜gl-wiki]           | 🐭 Tiny Matrix           | ➖                            |
-| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb]  | An Ethical Mirror ([Donate][🤝cb-donate])                             | [💚][🤝cb-issues]         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
-| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]    | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | [💚][📜gh-wiki]           | 💯 Full Matrix           | [💚][gh-discussions]         |
-| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                              | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
-| 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
+| Federated [DVCS][💎d-in-dvcs] Repository        | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
+|-------------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
+| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]   | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜gl-wiki]           | 🐭 Tiny Matrix           | ➖                            |
+| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb] | An Ethical Mirror ([Donate][🤝cb-donate])                             | [💚][🤝cb-issues]         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
+| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]   | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | [💚][📜gh-wiki]           | 💯 Full Matrix           | [💚][gh-discussions]         |
+| 🎮️ [Discord Server][✉️discord-invite]          | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
 
 
                                                                                                            
 
@@ -239,7 +201,7 @@ If you use a gem version of a core Ruby library, it should work fine!
 
 Available as part of the Tidelift Subscription.
 
-
                                                                                                            
+
                                                                                                            
   Need enterprise-level guarantees?
 
 The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use.
@@ -258,143 +220,6 @@ Alternatively:
 
 
                                                                                                            
 
-## 🚀 Release Documentation
-
-### Version 2.0.x
-
-
                                                                                                            
-  2.0.x CHANGELOG and README
-
-| Version | Release Date | CHANGELOG                             | README                          |
-|---------|--------------|---------------------------------------|---------------------------------|
-| 2.0.17  | 2025-09-15   | [v2.0.17 CHANGELOG][2.0.17-changelog] | [v2.0.17 README][2.0.17-readme] |
-| 2.0.16  | 2025-09-14   | [v2.0.16 CHANGELOG][2.0.16-changelog] | [v2.0.16 README][2.0.16-readme] |
-| 2.0.15  | 2025-09-08   | [v2.0.15 CHANGELOG][2.0.15-changelog] | [v2.0.15 README][2.0.15-readme] |
-| 2.0.14  | 2025-08-31   | [v2.0.14 CHANGELOG][2.0.14-changelog] | [v2.0.14 README][2.0.14-readme] |
-| 2.0.13  | 2025-08-30   | [v2.0.13 CHANGELOG][2.0.13-changelog] | [v2.0.13 README][2.0.13-readme] |
-| 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
-| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
-| 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
-| 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
-| 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
-| 2.0.7   | 2022-08-22   | [v2.0.7 CHANGELOG][2.0.7-changelog]   | [v2.0.7 README][2.0.7-readme]   |
-| 2.0.6   | 2022-07-13   | [v2.0.6 CHANGELOG][2.0.6-changelog]   | [v2.0.6 README][2.0.6-readme]   |
-| 2.0.5   | 2022-07-07   | [v2.0.5 CHANGELOG][2.0.5-changelog]   | [v2.0.5 README][2.0.5-readme]   |
-| 2.0.4   | 2022-07-01   | [v2.0.4 CHANGELOG][2.0.4-changelog]   | [v2.0.4 README][2.0.4-readme]   |
-| 2.0.3   | 2022-06-28   | [v2.0.3 CHANGELOG][2.0.3-changelog]   | [v2.0.3 README][2.0.3-readme]   |
-| 2.0.2   | 2022-06-24   | [v2.0.2 CHANGELOG][2.0.2-changelog]   | [v2.0.2 README][2.0.2-readme]   |
-| 2.0.1   | 2022-06-22   | [v2.0.1 CHANGELOG][2.0.1-changelog]   | [v2.0.1 README][2.0.1-readme]   |
-| 2.0.0   | 2022-06-21   | [v2.0.0 CHANGELOG][2.0.0-changelog]   | [v2.0.0 README][2.0.0-readme]   |
-
-
                                                                                                            
-
-[2.0.17-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2017---2025-09-15
-[2.0.16-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2016---2025-09-14
-[2.0.15-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2015---2025-09-08
-[2.0.14-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2014---2025-08-31
-[2.0.13-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2013---2025-08-30
-[2.0.12-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2012---2025-05-31
-[2.0.11-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2011---2025-05-23
-[2.0.10-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2010---2025-05-17
-[2.0.9-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#209---2022-09-16
-[2.0.8-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#208---2022-09-01
-[2.0.7-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#207---2022-08-22
-[2.0.6-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#206---2022-07-13
-[2.0.5-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#205---2022-07-07
-[2.0.4-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#204---2022-07-01
-[2.0.3-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#203---2022-06-28
-[2.0.2-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#202---2022-06-24
-[2.0.1-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#201---2022-06-22
-[2.0.0-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#200---2022-06-21
-
-[2.0.17-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.17/README.md
-[2.0.16-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.16/README.md
-[2.0.15-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.15/README.md
-[2.0.14-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.14/README.md
-[2.0.13-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.13/README.md
-[2.0.12-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.12/README.md
-[2.0.11-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.11/README.md
-[2.0.10-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.10/README.md
-[2.0.9-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.9/README.md
-[2.0.8-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.8/README.md
-[2.0.7-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.7/README.md
-[2.0.6-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.6/README.md
-[2.0.5-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.5/README.md
-[2.0.4-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.4/README.md
-[2.0.3-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.3/README.md
-[2.0.2-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.2/README.md
-[2.0.1-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.1/README.md
-[2.0.0-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.0/README.md
-
-### Older Releases
-
-
                                                                                                            
-  1.4.x CHANGELOGs and READMEs
-
-| Version | Release Date | CHANGELOG                             | README                          |
-|---------|--------------|---------------------------------------|---------------------------------|
-| 1.4.11  | Sep 16, 2022 | [v1.4.11 CHANGELOG][1.4.11-changelog] | [v1.4.11 README][1.4.11-readme] |
-| 1.4.10  | Jul 1, 2022  | [v1.4.10 CHANGELOG][1.4.10-changelog] | [v1.4.10 README][1.4.10-readme] |
-| 1.4.9   | Feb 20, 2022 | [v1.4.9 CHANGELOG][1.4.9-changelog]   | [v1.4.9 README][1.4.9-readme]   |
-| 1.4.8   | Feb 18, 2022 | [v1.4.8 CHANGELOG][1.4.8-changelog]   | [v1.4.8 README][1.4.8-readme]   |
-| 1.4.7   | Mar 19, 2021 | [v1.4.7 CHANGELOG][1.4.7-changelog]   | [v1.4.7 README][1.4.7-readme]   |
-| 1.4.6   | Mar 19, 2021 | [v1.4.6 CHANGELOG][1.4.6-changelog]   | [v1.4.6 README][1.4.6-readme]   |
-| 1.4.5   | Mar 18, 2021 | [v1.4.5 CHANGELOG][1.4.5-changelog]   | [v1.4.5 README][1.4.5-readme]   |
-| 1.4.4   | Feb 12, 2020 | [v1.4.4 CHANGELOG][1.4.4-changelog]   | [v1.4.4 README][1.4.4-readme]   |
-| 1.4.3   | Jan 29, 2020 | [v1.4.3 CHANGELOG][1.4.3-changelog]   | [v1.4.3 README][1.4.3-readme]   |
-| 1.4.2   | Oct 1, 2019  | [v1.4.2 CHANGELOG][1.4.2-changelog]   | [v1.4.2 README][1.4.2-readme]   |
-| 1.4.1   | Oct 13, 2018 | [v1.4.1 CHANGELOG][1.4.1-changelog]   | [v1.4.1 README][1.4.1-readme]   |
-| 1.4.0   | Jun 9, 2017  | [v1.4.0 CHANGELOG][1.4.0-changelog]   | [v1.4.0 README][1.4.0-readme]   |
-
                                                                                                            
-
-[1.4.11-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#1411---2022-09-16
-[1.4.10-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#1410---2022-07-01
-[1.4.9-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#149---2022-02-20
-[1.4.8-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#148---2022-02-18
-[1.4.7-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#147---2021-03-19
-[1.4.6-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#146---2021-03-19
-[1.4.5-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#145---2021-03-18
-[1.4.4-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#144---2020-02-12
-[1.4.3-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#143---2020-01-29
-[1.4.2-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#142---2019-10-01
-[1.4.1-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#141---2018-10-13
-[1.4.0-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#140---2017-06-09
-
-[1.4.11-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.11/README.md
-[1.4.10-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.10/README.md
-[1.4.9-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.9/README.md
-[1.4.8-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.8/README.md
-[1.4.7-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.7/README.md
-[1.4.6-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.6/README.md
-[1.4.5-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.5/README.md
-[1.4.4-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.4/README.md
-[1.4.3-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.3/README.md
-[1.4.2-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.2/README.md
-[1.4.1-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.1/README.md
-[1.4.0-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.0/README.md
-
-
                                                                                                            
-  1.3.x Readmes
-
-| Version | Release Date | Readme                                                       |
-|---------|--------------|--------------------------------------------------------------|
-| 1.3.1   | Mar 3, 2017  | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.1/README.md |
-| 1.3.0   | Dec 27, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.0/README.md |
-
-
                                                                                                            
-
-
                                                                                                            
-  ≤= 1.2.x Readmes (2016 and before)
-
-| Version | Release Date | Readme                                                       |
-|---------|--------------|--------------------------------------------------------------|
-| 1.2.0   | Jun 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.2.0/README.md |
-| 1.1.0   | Jan 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.1.0/README.md |
-| 1.0.0   | May 23, 2014 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.0.0/README.md |
-| < 1.0.0 | Find here    | https://gitlab.com/ruby-oauth/oauth2/-/tags                  |
-
-
                                                                                                            
-
 ## ✨ Installation
 
 Install the gem and add to the application's Gemfile by executing:
@@ -411,14 +236,14 @@ gem install oauth2
 
 ### 🔒 Secure Installation
 
-
                                                                                                            
+
                                                                                                            
   For Medium or High Security Installations
 
-This gem is cryptographically signed and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
+This gem is cryptographically signed, and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
 [stone_checksums][💎stone_checksums]. Be sure the gem you install hasn’t been tampered with
 by following the instructions below.
 
-Add my public key (if you haven’t already; will expire 2045-04-29) as a trusted certificate:
+Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
 
 ```console
 gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem)
@@ -440,6 +265,8 @@ If you want to up your security game full-time:
 bundle config set --global trust-policy MediumSecurity
 ```
 
+`MediumSecurity` instead of `HighSecurity` is necessary if not all the gems you use are signed.
+
 NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.
 
 
                                                                                                            
@@ -477,7 +304,7 @@ Compatibility is further distinguished as "Best Effort Support" or "Incidental S
 This gem will install on Ruby versions >= v2.2 for 2.x releases.
 See `1-4-stable` branch for older rubies.
 
-
                                                                                                            
+
                                                                                                            
   Ruby Version Compatibility Policy
 
 If something doesn't work on one of these interpreters, it's a bug.
@@ -502,6 +330,7 @@ run and pass on that implementation. When something breaks on your
 implementation, you will be responsible for providing patches in a timely
 fashion. If critical issues for a particular implementation exist at the time
 of a major release, support for that Ruby version may be dropped.
+
 
                                                                                                            
 
 |     | Ruby OAuth2 Version | Maintenance Branch | Targeted Support     | Best Effort Support     | Incidental Support           |
@@ -638,7 +467,11 @@ These extensions work regardless of whether you used the global or discrete conf
 
 There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
 They are likely not needed if you are on a newer Ruby.
-See [response_spec.rb](https://github.com/ruby-oauth/oauth2/blob/main/spec/oauth2/response_spec.rb) if you need to study the hacks for older Rubies.
+Expand the examples below, or the [ruby-oauth/snaky_hash](https://gitlab.com/ruby-oauth/snaky_hash) gem,
+or [response_spec.rb](https://github.com/ruby-oauth/oauth2/blob/main/spec/oauth2/response_spec.rb), for more ideas, especially if you need to study the hacks for older Rubies.
+
+
                                                                                                             "additional"
 response.parsed.class.name        # => Hash (just, regular old Hash)
 ```
 
-
                                                                                                            
+
                                                                                                            
   Debugging & Logging
 
 Set an environment variable as per usual (e.g. with [dotenv](https://github.com/bkeepers/dotenv)).
@@ -729,6 +562,7 @@ client = OAuth2::Client.new(
   logger: Logger.new("example.log", "weekly"),
 )
 ```
+
 
                                                                                                            
 
 ### OAuth2::Response
@@ -752,6 +586,7 @@ a hash of the values), or `from_kvform` (if you have an
 `application/x-www-form-urlencoded` encoded string of the values).
 
 Options (since v2.0.x unless noted):
+
 - `expires_latency` (Integer | nil): Seconds to subtract from expires_in when computing #expired? to offset latency.
 - `token_name` (String | Symbol | nil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
 - `mode` (Symbol | Proc | Hash): Controls how the token is transmitted on requests made via this AccessToken instance.
@@ -762,6 +597,7 @@ Options (since v2.0.x unless noted):
     - a `Hash` with verb symbols as keys, for example `{get: :query, post: :header, delete: :header}`.
 
 Note: Verb-dependent mode supports providers like Instagram that require query mode for `GET` and header mode for `POST`/`DELETE`
+
 - Verb-dependent mode via `Proc` was added in v2.0.15
 - Verb-dependent mode via `Hash` was added in v2.0.16
 
@@ -780,6 +616,7 @@ Response instance will contain the `OAuth2::Error` instance.
 ### Authorization Grants
 
 Note on OAuth 2.1 (draft):
+
 - PKCE is required for all OAuth clients using the authorization code flow (especially public clients). Implement PKCE in your app when required by your provider. See RFC 7636 and RFC 8252.
 - Redirect URIs must be compared using exact string matching by the Authorization Server.
 - The Implicit grant (response_type=token) and the Resource Owner Password Credentials grant are omitted from OAuth 2.1; they remain here for OAuth 2.0 compatibility but should be avoided for new apps.
@@ -788,6 +625,7 @@ Note on OAuth 2.1 (draft):
 - The definitions of public and confidential clients are simplified to refer only to whether the client has credentials.
 
 References:
+
 - OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
 - Aaron Parecki: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
 - FusionAuth: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
@@ -804,6 +642,7 @@ use. They are available via the [`#auth_code`](https://gitlab.com/ruby-oauth/oau
 [`#assertion`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/assertion.rb) methods respectively.
 
 These aren't full examples, but demonstrative of the differences between usage for each strategy.
+
 ```ruby
 auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth/callback")
 access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback")
@@ -887,7 +726,7 @@ access = client.password.get_token("jdoe", "s3cret", scope: "read")
 
 #### Examples
 
-
                                                                                                            
+
                                                                                                            
 JHipster UAA (Spring Cloud) password grant example (legacy; avoid when possible)
 
 ```ruby
@@ -928,6 +767,7 @@ puts access.to_hash # full token response
 ```
 
 Notes:
+
 - Resource Owner Password Credentials (ROPC) is deprecated in OAuth 2.1 and discouraged. Prefer Authorization Code + PKCE.
 - If your deployment strictly demands the X-XSRF-TOKEN header, first fetch it from an endpoint that sets the XSRF-TOKEN cookie (often "/" or a login page) and pass it to headers.
 - For Basic auth, auth_scheme: :basic_auth handles the Authorization header; you do not need to base64-encode manually.
@@ -937,6 +777,7 @@ Notes:
 ### Instagram API (verb‑dependent token mode)
 
 Providers like Instagram require the access token to be sent differently depending on the HTTP verb:
+
 - GET requests: token must be in the query string (?access_token=...)
 - POST/DELETE requests: token must be in the Authorization header (Bearer ...)
 
@@ -1001,6 +842,7 @@ me = long_lived.get("/me", params: {fields: "id,username"}).parsed
 ```
 
 Tips:
+
 - Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
 - If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
 
@@ -1107,6 +949,7 @@ resp = access.get("/v1/protected")
 ```
 
 Notes:
+
 - Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to `OpenSSL::PKey::RSA.new(File.read(path), ENV["KEY_PASSWORD"])`.
 - If your certificate and key are in a PKCS#12/PFX bundle, you can load them like:
   - `p12 = OpenSSL::PKCS12.new(File.read("client.p12"), ENV["P12_PASSWORD"])`
@@ -1280,7 +1123,7 @@ and [Tidelift][🏙️entsup-tidelift].
 
 ### Open Collective for Individuals
 
-Support us with a monthly donation and help us continue our activities. [[Become a backer](https://opencollective.com/kettle-rb#backer)]
+Support us with a monthly donation and help us continue our activities. [[Become a backer](https://opencollective.com/ruby-oauth#backer)]
 
 NOTE: [kettle-readme-backers][kettle-readme-backers] updates this list every day, automatically.
 
@@ -1290,27 +1133,19 @@ No backers yet. Be the first!
 
 ### Open Collective for Organizations
 
-Become a sponsor and get your logo on our README on GitHub with a link to your site. [[Become a sponsor](https://opencollective.com/kettle-rb#sponsor)]
+Become a sponsor and get your logo on our README on GitHub with a link to your site. [[Become a sponsor](https://opencollective.com/ruby-oauth#sponsor)]
 
 NOTE: [kettle-readme-backers][kettle-readme-backers] updates this list every day, automatically.
 
 
 No sponsors yet. Be the first!
-
-### Open Collective for Donors
-
-
-
 
 
-[kettle-readme-backers]: https://github.com/kettle-rb/kettle-dev/blob/main/exe/kettle-readme-backers
+[kettle-readme-backers]: https://github.com/ruby-oauth/oauth2/blob/main/exe/kettle-readme-backers
 
 ### Another way to support open-source
 
-> How wonderful it is that nobody need wait a single moment before starting to improve the world.
                                                                                                            
->—Anne Frank
-
-I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions — totaling 79 hours of FLOSS coding over just the past seven days, a pretty regular week for me.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
+I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
 
 If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in `bundle fund`.
 
@@ -1318,7 +1153,7 @@ I’m developing a new library, [floss_funding][🖇floss-funding-gem], designed
 
 **[Floss-Funding.dev][🖇floss-funding.dev]: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags**
 
-[![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
+[![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS efforts using Patreon][🖇patreon-img]][🖇patreon]
 
 ## 🔐 Security
 
@@ -1397,12 +1232,11 @@ For example:
 spec.add_dependency("oauth2", "~> 2.0")
 ```
 
-
                                                                                                            
+
                                                                                                            
 📌 Is "Platform Support" part of the public API? More details inside.
 
 SemVer should, IMO, but doesn't explicitly, say that dropping support for specific Platforms
-is a *breaking change* to an API.
-It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless.
+is a *breaking change* to an API, and for that reason the bike shedding is endless.
 
 To get a better understanding of how SemVer is intended to work over a project's lifetime,
 read this article from the creator of SemVer:
@@ -1423,7 +1257,7 @@ See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright
 
 
 
 ## 🤑 A request for help
 
 Maintainers have teeth and need to pay their dentists.
-After getting laid off in an RIF in March and filled with many dozens of rejections,
-I'm now spending ~60+ hours a week building open source tools.
+After getting laid off in an RIF in March, and encountering difficulty finding a new one,
+I began spending most of my time building open source tools.
 I'm hoping to be able to pay for my kids' health insurance this month,
 so if you value the work I am doing, I need your support.
 Please consider sponsoring me or the project.
@@ -1451,7 +1285,7 @@ To join the community or get help 👇️ Join the Discord.
 
 To say "thanks!" ☝️ Join the Discord or 👇️ send money.
 
-[![Sponsor ruby-oauth/oauth2 on Open Source Collective][🖇osc-all-bottom-img]][🖇osc] 💌 [![Sponsor me on GitHub Sponsors][🖇sponsor-bottom-img]][🖇sponsor] 💌 [![Sponsor me on Liberapay][⛳liberapay-bottom-img]][⛳liberapay-img] 💌 [![Donate on PayPal][🖇paypal-bottom-img]][🖇paypal-img]
+[![Sponsor ruby-oauth/oauth2 on Open Source Collective][🖇osc-all-bottom-img]][🖇osc] 💌 [![Sponsor me on GitHub Sponsors][🖇sponsor-bottom-img]][🖇sponsor] 💌 [![Sponsor me on Liberapay][⛳liberapay-bottom-img]][⛳liberapay] 💌 [![Donate on PayPal][🖇paypal-bottom-img]][🖇paypal]
 
 ### Please give the project a star ⭐ ♥.
 
@@ -1499,7 +1333,7 @@ Thanks for RTFM. ☺️
 [✇bundle-group-pattern]: https://gist.github.com/pboling/4564780
 [⛳️gem-namespace]: https://github.com/ruby-oauth/oauth2
 [⛳️namespace-img]: https://img.shields.io/badge/namespace-OAuth2-3C2D2D.svg?style=square&logo=ruby&logoColor=white
-[⛳️gem-name]: https://rubygems.org/gems/oauth2
+[⛳️gem-name]: https://bestgems.org/gems/oauth2
 [⛳️name-img]: https://img.shields.io/badge/name-oauth2-3C2D2D.svg?style=square&logo=rubygems&logoColor=red
 [⛳️tag-img]: https://img.shields.io/github/tag/ruby-oauth/oauth2.svg
 [⛳️tag]: http://github.com/ruby-oauth/oauth2/releases
@@ -1548,11 +1382,11 @@ Thanks for RTFM. ☺️
 [📜gh-wiki]: https://github.com/ruby-oauth/oauth2/wiki
 [📜gl-wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=gitlab&logoColor=white
 [📜gh-wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=github&logoColor=white
-[👽dl-rank]: https://rubygems.org/gems/oauth2
+[👽dl-rank]: https://bestgems.org/gems/oauth2
 [👽dl-ranki]: https://img.shields.io/gem/rd/oauth2.svg
 [👽oss-help]: https://www.codetriage.com/ruby-oauth/oauth2
 [👽oss-helpi]: https://www.codetriage.com/ruby-oauth/oauth2/badges/users.svg
-[👽version]: https://rubygems.org/gems/oauth2
+[👽version]: https://bestgems.org/gems/oauth2
 [👽versioni]: https://img.shields.io/gem/v/oauth2.svg
 [🏀qlty-mnt]: https://qlty.sh/gh/ruby-oauth/projects/oauth2
 [🏀qlty-mnti]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/maintainability.svg
@@ -1642,8 +1476,8 @@ Thanks for RTFM. ☺️
 [📌changelog]: CHANGELOG.md
 [📗keep-changelog]: https://keepachangelog.com/en/1.0.0/
 [📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-34495e.svg?style=flat
-[📌gitmoji]:https://gitmoji.dev
-[📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
+[📌gitmoji]: https://gitmoji.dev
+[📌gitmoji-img]: https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
 [🧮kloc-img]: https://img.shields.io/badge/KLOC-0.526-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
diff --git a/Rakefile b/Rakefile
index 9f4f39b6..acb40883 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# kettle-dev Rakefile v1.1.24 - 2025-09-17
+# kettle-dev Rakefile v1.1.49 - 2025-11-07
 # Ruby 2.3 (Safe Navigation) or higher required
 #
 # MIT License (see License.txt)
diff --git a/gemfiles/modular/documentation.gemfile b/gemfiles/modular/documentation.gemfile
index 78533908..47f1a9d3 100644
--- a/gemfiles/modular/documentation.gemfile
+++ b/gemfiles/modular/documentation.gemfile
@@ -9,3 +9,4 @@ gem "yard-relative_markdown_links", "~> 0.5.0"
 
 # Std Lib extractions
 gem "rdoc", "~> 6.11"
+gem "yard-fence", "~> 0.4", require: false # Ruby >= 3.2
diff --git a/gemfiles/modular/erb/r2.3/default.gemfile b/gemfiles/modular/erb/r2.3/default.gemfile
index a38f952f..ca868e84 100644
--- a/gemfiles/modular/erb/r2.3/default.gemfile
+++ b/gemfiles/modular/erb/r2.3/default.gemfile
@@ -1,5 +1,5 @@
 # The cake is a lie.
-# erb v2.2, the oldest release on RubyGems.org, was never compatible with Ruby 2.3.
+# erb v2.2, the oldest release, was never compatible with Ruby 2.3.
 # In addition, erb does not follow SemVer, and old rubies get dropped in a patch.
 # This means we have no choice but to use the erb that shipped with Ruby 2.3
 # /opt/hostedtoolcache/Ruby/2.3.8/x64/lib/ruby/gems/2.3.0/gems/erb-2.2.2/lib/erb.rb:670:in `prepare_trim_mode': undefined method `match?' for "-":String (NoMethodError)
diff --git a/gemfiles/modular/optional.gemfile b/gemfiles/modular/optional.gemfile
index dae6a950..2eda51c6 100644
--- a/gemfiles/modular/optional.gemfile
+++ b/gemfiles/modular/optional.gemfile
@@ -1 +1,2 @@
 # Optional dependencies are not depended on directly, but may be used if present.
+gem "addressable", ">= 2.8", "< 3" # ruby >= 2.2
diff --git a/gemfiles/modular/x_std_libs/r2.4/libs.gemfile b/gemfiles/modular/x_std_libs/r2.4/libs.gemfile
index 5a3c5b6c..c1bcbd8f 100644
--- a/gemfiles/modular/x_std_libs/r2.4/libs.gemfile
+++ b/gemfiles/modular/x_std_libs/r2.4/libs.gemfile
@@ -1,3 +1,3 @@
-eval_gemfile "../../erb/r2.4/v2.2.gemfile"
+eval_gemfile "../../erb/r2.6/v2.2.gemfile"
 eval_gemfile "../../mutex_m/r2.4/v0.1.gemfile"
 eval_gemfile "../../stringio/r2.4/v0.0.2.gemfile"
diff --git a/oauth2.gemspec b/oauth2.gemspec
index 0556ea5c..a1d34e52 100644
--- a/oauth2.gemspec
+++ b/oauth2.gemspec
@@ -43,7 +43,6 @@ Gem::Specification.new do |spec|
   end
 
   gl_homepage = "https://gitlab.com/ruby-oauth/#{spec.name}"
-  gh_mirror = spec.homepage
 
   spec.post_install_message = %{
 ---+++--- oauth2 v#{gem_version} ---+++---
@@ -73,9 +72,9 @@ Thanks, @pboling / @galtzo
 }
 
   spec.metadata["homepage_uri"] = "https://#{spec.name.tr("_", "-")}.galtzo.com/"
-  spec.metadata["source_code_uri"] = "#{gh_mirror}/tree/v#{spec.version}"
-  spec.metadata["changelog_uri"] = "#{gh_mirror}/blob/v#{spec.version}/CHANGELOG.md"
-  spec.metadata["bug_tracker_uri"] = "#{gh_mirror}/issues"
+  spec.metadata["source_code_uri"] = "#{spec.homepage}/tree/v#{spec.version}"
+  spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/v#{spec.version}/CHANGELOG.md"
+  spec.metadata["bug_tracker_uri"] = "#{spec.homepage}/issues"
   spec.metadata["documentation_uri"] = "https://www.rubydoc.info/gems/#{spec.name}/#{spec.version}"
   spec.metadata["mailing_list_uri"] = "https://groups.google.com/g/oauth-ruby"
   spec.metadata["funding_uri"] = "https://github.com/sponsors/pboling"
@@ -86,8 +85,7 @@ Thanks, @pboling / @galtzo
 
   # Specify which files are part of the released package.
   spec.files = Dir[
-    # Executables and tasks
-    "exe/*",
+    # Code / tasks / data (NOTE: exe/ is specified via spec.bindir and spec.executables below)
     "lib/**/*.rb",
     "lib/**/*.rake",
     # Signatures
@@ -109,6 +107,7 @@ Thanks, @pboling / @galtzo
     "REEK",
     "RUBOCOP.md",
     "SECURITY.md",
+    "THREAT_MODEL.md",
   ]
   spec.rdoc_options += [
     "--title",
@@ -136,7 +135,7 @@ Thanks, @pboling / @galtzo
   spec.add_dependency("version_gem", "~> 1.1", ">= 1.1.9")  # ruby >= 2.2.0
 
   # NOTE: It is preferable to list development dependencies in the gemspec due to increased
-  #       visibility and discoverability on RubyGems.org.
+  #       visibility and discoverability.
   #       However, development dependencies in gemspec will install on
   #       all versions of Ruby that will run in CI.
   #       This gem, and its gemspec runtime dependencies, will install on Ruby down to 2.2.0.
@@ -153,7 +152,7 @@ Thanks, @pboling / @galtzo
   spec.add_development_dependency("rexml", "~> 3.2", ">= 3.2.5")        # ruby >= 0
 
   # Dev, Test, & Release Tasks
-  spec.add_development_dependency("kettle-dev", "~> 1.1")                     # ruby >= 2.3.0
+  spec.add_development_dependency("kettle-dev", "~> 1.1")                           # ruby >= 2.3.0
 
   # Security
   spec.add_development_dependency("bundler-audit", "~> 0.9.2")                      # ruby >= 2.0.0
@@ -166,8 +165,7 @@ Thanks, @pboling / @galtzo
 
   # Testing
   spec.add_development_dependency("appraisal2", "~> 3.0")                           # ruby >= 1.8.7, for testing against multiple versions of dependencies
-  spec.add_development_dependency("kettle-test", "~> 1.0")                          # ruby >= 2.3
-  spec.add_development_dependency("rspec-pending_for", "~> 0.0", ">= 0.0.17")       # ruby >= 2.3, used to skip specs on incompatible Rubies
+  spec.add_development_dependency("kettle-test", "~> 1.0", ">= 1.0.6")              # ruby >= 2.3
 
   # Releasing
   spec.add_development_dependency("ruby-progressbar", "~> 1.13")                    # ruby >= 0
@@ -179,7 +177,7 @@ Thanks, @pboling / @galtzo
   # spec.add_dependency("git", ">= 1.19.1")                               # ruby >= 2.3
 
   # Development tasks
-  # The cake is a lie. erb v2.2, the oldest release on RubyGems.org, was never compatible with Ruby 2.3.
+  # The cake is a lie. erb v2.2, the oldest release, was never compatible with Ruby 2.3.
   # This means we have no choice but to use the erb that shipped with Ruby 2.3
   # /opt/hostedtoolcache/Ruby/2.3.8/x64/lib/ruby/gems/2.3.0/gems/erb-2.2.2/lib/erb.rb:670:in `prepare_trim_mode': undefined method `match?' for "-":String (NoMethodError)
   # spec.add_development_dependency("erb", ">= 2.2")                                  # ruby >= 2.3.0, not SemVer, old rubies get dropped in a patch.
@@ -201,6 +199,6 @@ Thanks, @pboling / @galtzo
   # In Ruby 3.5 (HEAD) the CGI library has been pared down, so we also need to depend on gem "cgi" for ruby@head
   # This is done in the "head" appraisal.
   # See: https://github.com/vcr/vcr/issues/1057
-  spec.add_development_dependency("vcr", ">= 4")                        # 6.0 claims to support ruby >= 2.3, but fails on ruby 2.4
-  spec.add_development_dependency("webmock", ">= 3")                    # Last version to support ruby >= 2.3
+  # spec.add_development_dependency("vcr", ">= 4")                        # 6.0 claims to support ruby >= 2.3, but fails on ruby 2.4
+  # spec.add_development_dependency("webmock", ">= 3")                    # Last version to support ruby >= 2.3
 end
diff --git a/test_gfm.rb b/test_gfm.rb
deleted file mode 100644
index 75c1dc67..00000000
--- a/test_gfm.rb
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/usr/bin/env ruby
-require 'bundler/setup'
-require 'yard'
-require 'yard/templates/helpers/markup_helper'
-
-puts "Before loading .yard_gfm_support.rb:"
-YARD::Templates::Helpers::MarkupHelper::MARKUP_PROVIDERS[:markdown].each_with_index do |p, i|
-  puts "  [#{i}] #{p.inspect}"
-end
-
-require './.yard_gfm_support.rb'
-
-puts "\nAfter loading .yard_gfm_support.rb:"
-YARD::Templates::Helpers::MarkupHelper::MARKUP_PROVIDERS[:markdown].each_with_index do |p, i|
-  puts "  [#{i}] #{p.inspect}"
-end
-
-puts "\nTesting KramdownGfmDocument:"
-
-test_md = <<-MD
-  # Test
-
-  ```ruby
-  puts "hello"
-  ```
-MD
-
-doc = KramdownGfmDocument.new(test_md)
-html = doc.to_html
-puts html
-puts "\nDoes output contain 
                                                                                                            ? #{html.include?('
                                                                                                            ')}"
-puts "Does output contain ? #{html.include?('
Date: Fri, 7 Nov 2025 18:22:32 -0700
Subject: [PATCH 629/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20Upgrade=20kettle-d?=
 =?UTF-8?q?ev?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 65ed6feb..e6e1832d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -99,7 +99,7 @@ GEM
     json (2.16.0)
     jwt (3.1.2)
       base64
-    kettle-dev (1.1.49)
+    kettle-dev (1.1.50)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)

From 46d75d104137846e0141625277b0f35d50d3f754 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 7 Nov 2025 18:57:25 -0700
Subject: [PATCH 630/645] =?UTF-8?q?=F0=9F=8E=A8=20Template=20bootstrap=20b?=
 =?UTF-8?q?y=20kettle-dev-setup=20v1.1.50?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Appraisals      | 1 -
 CONTRIBUTING.md | 7 +++++--
 Rakefile        | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/Appraisals b/Appraisals
index e1a741b5..5cacc191 100644
--- a/Appraisals
+++ b/Appraisals
@@ -47,7 +47,6 @@ appraise "dep-heads" do
   eval_gemfile "modular/runtime_heads.gemfile"
 end
 
-
 appraise "ruby-2-4" do
   eval_gemfile "modular/faraday_v1.gemfile"
   eval_gemfile "modular/hashie_v1.gemfile"
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 4cbdfb9b..fbc87e94 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -30,7 +30,7 @@ after running `bin/setup`. These include:
 - gem_checksums
 - kettle-changelog
 - kettle-commit-msg
-- oauth2-setup
+- kettle-dev-setup
 - kettle-dvcs
 - kettle-pre-release
 - kettle-readme-backers
@@ -68,7 +68,9 @@ GitHub API and CI helpers
 Releasing and signing
 - SKIP_GEM_SIGNING: If set, skip gem signing during build/release
 - GEM_CERT_USER: Username for selecting your public cert in `certs/.pem` (defaults to $USER)
-- SOURCE_DATE_EPOCH: Reproducible build timestamp. `kettle-release` will set this automatically for the session.
+- SOURCE_DATE_EPOCH: Reproducible build timestamp.
+  - `kettle-release` will set this automatically for the session.
+  - Not needed on bundler >= 2.7.0, as reproducible builds have become the default.
 
 Git hooks and commit message helpers (exe/kettle-commit-msg)
 - GIT_HOOK_BRANCH_VALIDATE: Branch name validation mode (e.g., `jira`) or `false` to disable
@@ -168,6 +170,7 @@ NOTE: To build without signing the gem set `SKIP_GEM_SIGNING` to any value in th
 1. Update version.rb to contain the correct version-to-be-released.
 2. Run `bundle exec kettle-changelog`.
 3. Run `bundle exec kettle-release`.
+4. Stay awake and monitor the release process for any errors, and answer any prompts.
 
 #### Manual process
 
diff --git a/Rakefile b/Rakefile
index acb40883..786d1916 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# kettle-dev Rakefile v1.1.49 - 2025-11-07
+# kettle-dev Rakefile v1.1.50 - 2025-11-07
 # Ruby 2.3 (Safe Navigation) or higher required
 #
 # MIT License (see License.txt)

From 6263de80bc38d10d05aa9e85590f32771eca6ce5 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 7 Nov 2025 19:03:12 -0700
Subject: [PATCH 631/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20Upgrade=20kettle-d?=
 =?UTF-8?q?ev?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index e6e1832d..dbb04aaf 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -99,7 +99,7 @@ GEM
     json (2.16.0)
     jwt (3.1.2)
       base64
-    kettle-dev (1.1.50)
+    kettle-dev (1.1.51)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)

From 27164bbe95d928c40bd51d0c7f90f56c02b7c120 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 7 Nov 2025 19:03:17 -0700
Subject: [PATCH 632/645] =?UTF-8?q?=F0=9F=8E=A8=20Template=20bootstrap=20b?=
 =?UTF-8?q?y=20kettle-dev-setup=20v1.1.51?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Rakefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Rakefile b/Rakefile
index 786d1916..631e8b13 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# kettle-dev Rakefile v1.1.50 - 2025-11-07
+# kettle-dev Rakefile v1.1.51 - 2025-11-07
 # Ruby 2.3 (Safe Navigation) or higher required
 #
 # MIT License (see License.txt)

From c110574a27bfbd7a301fbdf5239e2f4d215ee107 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 7 Nov 2025 19:12:51 -0700
Subject: [PATCH 633/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20docs=20site?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/OAuth2.html                              |    8 +-
 docs/OAuth2/AccessToken.html                  |   54 +-
 docs/OAuth2/Authenticator.html                |    8 +-
 docs/OAuth2/Client.html                       |   52 +-
 docs/OAuth2/Error.html                        |    6 +-
 docs/OAuth2/FilteredAttributes.html           |   10 +-
 .../FilteredAttributes/ClassMethods.html      |    4 +-
 docs/OAuth2/Response.html                     |   14 +-
 docs/OAuth2/Strategy.html                     |    4 +-
 docs/OAuth2/Strategy/Assertion.html           |   64 +-
 docs/OAuth2/Strategy/AuthCode.html            |   24 +-
 docs/OAuth2/Strategy/Base.html                |    4 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |    4 +-
 docs/OAuth2/Strategy/Implicit.html            |   16 +-
 docs/OAuth2/Strategy/Password.html            |   16 +-
 docs/OAuth2/Version.html                      |    4 +-
 docs/_index.html                              |   85 +-
 docs/file.CHANGELOG.html                      |  122 +-
 docs/file.CODE_OF_CONDUCT.html                |  110 +-
 docs/file.CONTRIBUTING.html                   |  156 +-
 docs/file.FUNDING.html                        |   29 +-
 docs/file.IRP.html                            |   36 +-
 docs/file.LICENSE.html                        |    4 +-
 docs/file.OIDC.html                           |  257 +-
 docs/file.README.html                         | 2142 ++++++++---------
 docs/file.RUBOCOP.html                        |   23 +-
 docs/file.SECURITY.html                       |   16 +-
 docs/file.THREAT_MODEL.html                   |   34 +-
 docs/file_list.html                           |  135 --
 docs/index.html                               | 2142 ++++++++---------
 docs/top-level-namespace.html                 |    4 +-
 31 files changed, 2598 insertions(+), 2989 deletions(-)

diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 3ca5c041..11eebbb6 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -119,8 +119,8 @@ 
                                                                                                            
         
                                                                                                            OAUTH_DEBUG =
           
                                                                                                            
   
                                                                                                            
-    
                                                                                                            When true, enables verbose HTTP logging via Faraday’s logger middleware.
                                                                                                            
-Controlled by the OAUTH_DEBUG environment variable. Any case-insensitive
                                                                                                            
+    
                                                                                                            When true, enables verbose HTTP logging via Faraday’s logger middleware.
+Controlled by the OAUTH_DEBUG environment variable. Any case-insensitive
 value equal to “true” will enable debugging.
                                                                                                            
 
 
@@ -415,9 +415,9 @@ 
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 7d07ab1e..4eb602c5 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -826,13 +826,13 @@ 
                                                                                                            
 
   
                                                                                                            
     Note:
-    
                                                                                                            If no token is provided, the AccessToken will be considered invalid.
                                                                                                            
-This is to prevent the possibility of a token being accidentally
                                                                                                            
-created with no token value.
                                                                                                            
-If you want to create an AccessToken with no token value,
                                                                                                            
-you can pass in an empty string or nil for the token value.
                                                                                                            
-If you want to create an AccessToken with no token value and
                                                                                                            
-no refresh token, you can pass in an empty string or nil for the
                                                                                                            
+    
                                                                                                            If no token is provided, the AccessToken will be considered invalid.
+This is to prevent the possibility of a token being accidentally
+created with no token value.
+If you want to create an AccessToken with no token value,
+you can pass in an empty string or nil for the token value.
+If you want to create an AccessToken with no token value and
+no refresh token, you can pass in an empty string or nil for the
 token value and nil for the refresh token, and raise_errors: false.
                                                                                                            
 
                                                                                                            
   
                                                                                                            
@@ -987,9 +987,9 @@ 
                                                                                                            Verb-dependent Hash mode
                                                                                                            
             
           
           
-            — 
                                                                                                            the transmission mode of the Access Token parameter value:
                                                                                                            
-either one of :header, :body or :query; or a Hash with verb symbols as keys mapping to one of these symbols
                                                                                                            
-(e.g., :query, post: :header, delete: :header); or a callable that accepts a request-verb parameter
                                                                                                            
+            — 
                                                                                                            the transmission mode of the Access Token parameter value:
+either one of :header, :body or :query; or a Hash with verb symbols as keys mapping to one of these symbols
+(e.g., {get: :query, post: :header, delete: :header}); or a callable that accepts a request-verb parameter
 and returns one of these three symbols.
                                                                                                            
 
                                                                                                            
           
@@ -1020,7 +1020,7 @@ 
                                                                                                            Verb-dependent Hash mode
                                                                                                            
             
           
           
-            — 
                                                                                                            the parameter name to use for transmission of the
                                                                                                            
+            — 
                                                                                                            the parameter name to use for transmission of the
 Access Token value in :body or :query transmission mode
                                                                                                            
 
                                                                                                            
           
@@ -1036,7 +1036,7 @@ 
                                                                                                            Verb-dependent Hash mode
                                                                                                            
             
           
           
-            — 
                                                                                                            the name of the response parameter that identifies the access token
                                                                                                            
+            — 
                                                                                                            the name of the response parameter that identifies the access token
 When nil one of TOKEN_KEY_LOOKUP will be used
                                                                                                            
 
                                                                                                            
           
@@ -1533,21 +1533,21 @@ 
                                                                                                            
     
   
                                                                                                            
     Note:
-    
                                                                                                            The method will use the first found token key in the following order:
                                                                                                            
+    
                                                                                                            The method will use the first found token key in the following order:
 ‘access_token’, ‘id_token’, ‘token’ (or their symbolic versions)
                                                                                                            
 
                                                                                                            
   
                                                                                                            
 
   
                                                                                                            
     Note:
-    
                                                                                                            If multiple token keys are present, a warning will be issued unless
                                                                                                            
+    
                                                                                                            If multiple token keys are present, a warning will be issued unless
 OAuth2.config.silence_extra_tokens_warning is true
                                                                                                            
 
                                                                                                            
   
                                                                                                            
 
   
                                                                                                            
     Note:
-    
                                                                                                            If no token keys are present, a warning will be issued unless
                                                                                                            
+    
                                                                                                            If no token keys are present, a warning will be issued unless
 OAuth2.config.silence_no_tokens_warning is true
                                                                                                            
 
                                                                                                            
   
                                                                                                            
@@ -2746,28 +2746,28 @@ 
                                                                                                            
     
   
                                                                                                            
     Note:
-    
                                                                                                            If the token passed to the request
                                                                                                            
-is an access token, the server MAY revoke the respective refresh
                                                                                                            
+    
                                                                                                            If the token passed to the request
+is an access token, the server MAY revoke the respective refresh
 token as well.
                                                                                                            
 
                                                                                                            
   
                                                                                                            
 
   
                                                                                                            
     Note:
-    
                                                                                                            If the token passed to the request
                                                                                                            
-is a refresh token and the authorization server supports the
                                                                                                            
-revocation of access tokens, then the authorization server SHOULD
                                                                                                            
-also invalidate all access tokens based on the same authorization
                                                                                                            
+    
                                                                                                            If the token passed to the request
+is a refresh token and the authorization server supports the
+revocation of access tokens, then the authorization server SHOULD
+also invalidate all access tokens based on the same authorization
 grant
                                                                                                            
 
                                                                                                            
   
                                                                                                            
 
   
                                                                                                            
     Note:
-    
                                                                                                            If the server responds with HTTP status code 503, your code must
                                                                                                            
-assume the token still exists and may retry after a reasonable delay.
                                                                                                            
-The server may include a “Retry-After” header in the response to
                                                                                                            
-indicate how long the service is expected to be unavailable to the
                                                                                                            
+    
                                                                                                            If the server responds with HTTP status code 503, your code must
+assume the token still exists and may retry after a reasonable delay.
+The server may include a “Retry-After” header in the response to
+indicate how long the service is expected to be unavailable to the
 requesting client.
                                                                                                            
 
                                                                                                            
   
                                                                                                            
@@ -3083,9 +3083,9 @@ 
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 0cb01dbe..7e023866 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -108,7 +108,7 @@ 
                                                                                                            Overview
                                                                                                            
   
                                                                                                            
     
                                                                                                            Builds and applies client authentication to token and revoke requests.
                                                                                                            
 
-
                                                                                                            Depending on the selected mode, credentials are applied as Basic Auth
                                                                                                            
+
                                                                                                            Depending on the selected mode, credentials are applied as Basic Auth
 headers, request body parameters, or only the client_id is sent (TLS).
                                                                                                            
 
 
@@ -788,7 +788,7 @@ 
                                                                                                            
   
                                                                                                            
     
                                                                                                            Apply the request credentials used to authenticate to the Authorization Server
                                                                                                            
 
-
                                                                                                            Depending on the configuration, this might be as request params or as an
                                                                                                            
+
                                                                                                            Depending on the configuration, this might be as request params or as an
 Authorization header.
                                                                                                            
 
 
                                                                                                            User-provided params and header take precedence.
                                                                                                            
@@ -883,9 +883,9 @@ 
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index c50ad592..beff8225 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -1243,7 +1243,7 @@ 
                                                                                                            
   
                                                                                                            
     
                                                                                                            The Assertion strategy
                                                                                                            
 
-
                                                                                                            This allows for assertion-based authentication where an identity provider
                                                                                                            
+
                                                                                                            This allows for assertion-based authentication where an identity provider
 asserts the identity of the user or client application seeking access.
                                                                                                            
 
 
@@ -1487,7 +1487,7 @@ 
                                                                                                            
     
   
                                                                                                            
     Note:
-    
                                                                                                            The extract_access_token parameter is deprecated and will be removed in oauth2 v3.
                                                                                                            
+    
                                                                                                            The extract_access_token parameter is deprecated and will be removed in oauth2 v3.
 Use access_token_class on initialization instead.
                                                                                                            
 
                                                                                                            
   
                                                                                                            
@@ -1523,12 +1523,10 @@ 
                                                                                                            Examples:
                                                                                                            
       
       
         —
-        
                                                                                                            a Hash of params for the token endpoint
                                                                                                            
-
                                                                                                              
-  
                                                                                                            • params can include a ‘headers’ key with a Hash of request headers
                                                                                                              • 
-  
                                                                                                            • params can include a ‘parse’ key with the Symbol name of response parsing strategy (default: :automatic)
                                                                                                              • 
-  
                                                                                                            • params can include a ‘snaky’ key to control snake_case conversion (default: false)
                                                                                                              • 
-
                                                                                                            
+        
                                                                                                            a Hash of params for the token endpoint
+* params can include a ‘headers’ key with a Hash of request headers
+* params can include a ‘parse’ key with the Symbol name of response parsing strategy (default: :automatic)
+* params can include a ‘snaky’ key to control snake_case conversion (default: false)
                                                                                                            
 
                                                                                                            
       
     
@@ -1616,7 +1614,7 @@ 
                                                                                                            Examples:
                                                                                                            
       
       
         —
-        
                                                                                                            the initialized AccessToken instance, or nil if token extraction fails
                                                                                                            
+        
                                                                                                            the initialized AccessToken instance, or nil if token extraction fails
 and raise_errors is false
                                                                                                            
 
                                                                                                            
       
@@ -1839,14 +1837,14 @@ 
                                                                                                            
   
                                                                                                            
     
                                                                                                            The redirect_uri parameters, if configured
                                                                                                            
 
-
                                                                                                            The redirect_uri query parameter is OPTIONAL (though encouraged) when
                                                                                                            
-requesting authorization. If it is provided at authorization time it MUST
                                                                                                            
+
                                                                                                            The redirect_uri query parameter is OPTIONAL (though encouraged) when
+requesting authorization. If it is provided at authorization time it MUST
 also be provided with the token exchange request.
                                                                                                            
 
-
                                                                                                            OAuth 2.1 note: Authorization Servers must compare redirect URIs using exact string matching.
                                                                                                            
+
                                                                                                            OAuth 2.1 note: Authorization Servers must compare redirect URIs using exact string matching.
 This client simply forwards the configured redirect_uri; the exact-match validation happens server-side.
                                                                                                            
 
-
                                                                                                            Providing :redirect_uri to the OAuth2::Client instantiation will take
                                                                                                            
+
                                                                                                            Providing :redirect_uri to the OAuth2::Client instantiation will take
 care of managing this.
                                                                                                            
 
 
@@ -1929,7 +1927,7 @@ 
                                                                                                            
   
                                                                                                            
     
                                                                                                            Makes a request relative to the specified site root.
                                                                                                            
 
-
                                                                                                            Updated HTTP 1.1 specification (IETF RFC 7231) relaxed the original constraint (IETF RFC 2616),
                                                                                                            
+
                                                                                                            Updated HTTP 1.1 specification (IETF RFC 7231) relaxed the original constraint (IETF RFC 2616),
   allowing the use of relative URLs in Location headers.
                                                                                                            
 
 
@@ -2041,7 +2039,7 @@ 
                                                                                                            
             
           
           
-            — 
                                                                                                            whether to raise an OAuth2::Error on 400+ status
                                                                                                            
+            — 
                                                                                                            whether to raise an OAuth2::Error on 400+ status
 code response for this request.  Overrides the client instance setting.
                                                                                                            
 
                                                                                                            
           
@@ -2243,28 +2241,28 @@ 
                                                                                                            
     
   
                                                                                                            
     Note:
-    
                                                                                                            If the token passed to the request
                                                                                                            
-is an access token, the server MAY revoke the respective refresh
                                                                                                            
+    
                                                                                                            If the token passed to the request
+is an access token, the server MAY revoke the respective refresh
 token as well.
                                                                                                            
 
                                                                                                            
   
                                                                                                            
 
   
                                                                                                            
     Note:
-    
                                                                                                            If the token passed to the request
                                                                                                            
-is a refresh token and the authorization server supports the
                                                                                                            
-revocation of access tokens, then the authorization server SHOULD
                                                                                                            
-also invalidate all access tokens based on the same authorization
                                                                                                            
+    
                                                                                                            If the token passed to the request
+is a refresh token and the authorization server supports the
+revocation of access tokens, then the authorization server SHOULD
+also invalidate all access tokens based on the same authorization
 grant
                                                                                                            
 
                                                                                                            
   
                                                                                                            
 
   
                                                                                                            
     Note:
-    
                                                                                                            If the server responds with HTTP status code 503, your code must
                                                                                                            
-assume the token still exists and may retry after a reasonable delay.
                                                                                                            
-The server may include a “Retry-After” header in the response to
                                                                                                            
-indicate how long the service is expected to be unavailable to the
                                                                                                            
+    
                                                                                                            If the server responds with HTTP status code 503, your code must
+assume the token still exists and may retry after a reasonable delay.
+The server may include a “Retry-After” header in the response to
+indicate how long the service is expected to be unavailable to the
 requesting client.
                                                                                                            
 
                                                                                                            
   
                                                                                                            
@@ -2656,9 +2654,9 @@ 
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 2e23dff5..78c78b30 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -105,7 +105,7 @@ 
                                                                                                            Overview
                                                                                                            
   
                                                                                                            
     
                                                                                                            Represents an OAuth2 error condition.
                                                                                                            
 
-
                                                                                                            Wraps details from an OAuth2::Response or Hash payload returned by an
                                                                                                            
+
                                                                                                            Wraps details from an OAuth2::Response or Hash payload returned by an
 authorization server, exposing error code and description per RFC 6749.
                                                                                                            
 
 
@@ -772,9 +772,9 @@ 
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 93942485..55a0ab89 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -92,8 +92,8 @@ 
                                                                                                            Overview
                                                                                                            
   
                                                                                                            
     
                                                                                                            Mixin that redacts sensitive instance variables in #inspect output.
                                                                                                            
 
-
                                                                                                            Classes include this module and declare which attributes should be filtered
                                                                                                            
-using filtered_attributes. Any instance variable name that includes one of
                                                                                                            
+
                                                                                                            Classes include this module and declare which attributes should be filtered
+using filtered_attributes. Any instance variable name that includes one of
 those attribute names will be shown as [FILTERED] in the object’s inspect.
                                                                                                            
 
 
@@ -202,7 +202,7 @@ 
                                                                                                            
   
 
                                                                                                            
   
                                                                                                            
-    
                                                                                                            This method returns an undefined value.
                                                                                                            Hook invoked when the module is included. Extends the including class with
                                                                                                            
+    
                                                                                                            This method returns an undefined value.
                                                                                                            Hook invoked when the module is included. Extends the including class with
 class-level helpers.
                                                                                                            
 
 
@@ -335,9 +335,9 @@ 
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index fc2ad592..94807c82 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,9 +280,9 @@ 
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index f2f77289..0a0d9c6e 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -101,7 +101,7 @@
 
 
                                                                                                            Overview
                                                                                                            
   
                                                                                                            
-    
                                                                                                            The Response class handles HTTP responses in the OAuth2 gem, providing methods
                                                                                                            
+    
                                                                                                            The Response class handles HTTP responses in the OAuth2 gem, providing methods
 to access and parse response data in various formats.
                                                                                                            
 
 
@@ -1430,22 +1430,22 @@ 
                                                                                                            
     
   
                                                                                                            
     Note:
-    
                                                                                                            The parser can be supplied as the +:parse+ option in the form of a Proc
                                                                                                            
-(or other Object responding to #call) or a Symbol. In the latter case,
                                                                                                            
+    
                                                                                                            The parser can be supplied as the +:parse+ option in the form of a Proc
+(or other Object responding to #call) or a Symbol. In the latter case,
 the actual parser will be looked up in @@parsers by the supplied Symbol.
                                                                                                            
 
                                                                                                            
   
                                                                                                            
 
   
                                                                                                            
     Note:
-    
                                                                                                            If no +:parse+ option is supplied, the lookup Symbol will be determined
                                                                                                            
+    
                                                                                                            If no +:parse+ option is supplied, the lookup Symbol will be determined
 by looking up #content_type in @@content_types.
                                                                                                            
 
                                                                                                            
   
                                                                                                            
 
   
                                                                                                            
     Note:
-    
                                                                                                            If #parser is a Proc, it will be called with no arguments, just
                                                                                                            
+    
                                                                                                            If #parser is a Proc, it will be called with no arguments, just
 #body, or #body and #response, depending on the Proc’s arity.
                                                                                                            
 
                                                                                                            
   
                                                                                                            
@@ -1619,9 +1619,9 @@ 
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index a75d5e8d..33004cea 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,9 +107,9 @@ 
                                                                                                            Defined Under Namespace
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 8f3917bb..9b50b18f 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -105,25 +105,25 @@ 
                                                                                                            Overview
                                                                                                            
   
                                                                                                            
     
                                                                                                            The Client Assertion Strategy
                                                                                                            
 
-
                                                                                                            Sample usage:
                                                                                                            
-  client = OAuth2::Client.new(client_id, client_secret,
                                                                                                            
-                              :site => ‘http://localhost:8080’,
                                                                                                            
+
                                                                                                            Sample usage:
+  client = OAuth2::Client.new(client_id, client_secret,
+                              :site => ‘http://localhost:8080’,
                               :auth_scheme => :request_body)
                                                                                                            
 
-
                                                                                                            claim_set = {
                                                                                                            
-    :iss => “http://localhost:3001”,
                                                                                                            
-    :aud => “http://localhost:8080/oauth2/token”,
                                                                                                            
-    :sub => “me@example.com”,
                                                                                                            
-    :exp => Time.now.utc.to_i + 3600,
                                                                                                            
+
                                                                                                            claim_set = {
+    :iss => “http://localhost:3001”,
+    :aud => “http://localhost:8080/oauth2/token”,
+    :sub => “me@example.com”,
+    :exp => Time.now.utc.to_i + 3600,
   }
                                                                                                            
 
-
                                                                                                            encoding = {
                                                                                                            
-    :algorithm => ‘HS256’,
                                                                                                            
-    :key => ‘secret_key’,
                                                                                                            
+
                                                                                                            encoding = {
+    :algorithm => ‘HS256’,
+    :key => ‘secret_key’,
   }
                                                                                                            
 
-
                                                                                                            access = client.assertion.get_token(claim_set, encoding)
                                                                                                            
-  access.token                 # actual access_token string
                                                                                                            
+
                                                                                                            access = client.assertion.get_token(claim_set, encoding)
+  access.token                 # actual access_token string
   access.get(“/api/stuff”)     # making api calls with access token in header
                                                                                                            
 
 
@@ -292,29 +292,29 @@ 
                                                                                                            
   
                                                                                                            
     
                                                                                                            Retrieve an access token given the specified client.
                                                                                                            
 
-
                                                                                                            For reading on JWT and claim keys:
                                                                                                            
-  @see https://github.com/jwt/ruby-jwt
                                                                                                            
-  @see https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
                                                                                                            
-  @see https://datatracker.ietf.org/doc/html/rfc7523#section-3
                                                                                                            
+
                                                                                                            For reading on JWT and claim keys:
+  @see https://github.com/jwt/ruby-jwt
+  @see https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
+  @see https://datatracker.ietf.org/doc/html/rfc7523#section-3
   @see https://www.iana.org/assignments/jwt/jwt.xhtml
                                                                                                            
 
-
                                                                                                            There are many possible claim keys, and applications may ask for their own custom keys.
                                                                                                            
-Some typically required ones:
                                                                                                            
-  :iss (issuer)
                                                                                                            
-  :aud (audience)
                                                                                                            
-  :sub (subject) – formerly :prn https://datatracker.ietf.org/doc/html/draft-ietf-oauth-json-web-token-06#appendix-F
                                                                                                            
+
                                                                                                            There are many possible claim keys, and applications may ask for their own custom keys.
+Some typically required ones:
+  :iss (issuer)
+  :aud (audience)
+  :sub (subject) – formerly :prn https://datatracker.ietf.org/doc/html/draft-ietf-oauth-json-web-token-06#appendix-F
   :exp, (expiration time) – in seconds, e.g. Time.now.utc.to_i + 3600
                                                                                                            
 
-
                                                                                                            Note that this method does not validate presence of those four claim keys indicated as required by RFC 7523.
                                                                                                            
+
                                                                                                            Note that this method does not validate presence of those four claim keys indicated as required by RFC 7523.
 There are endpoints that may not conform with this RFC, and this gem should still work for those use cases.
                                                                                                            
 
-
                                                                                                            These two options are passed directly to JWT.encode.  For supported encoding arguments:
                                                                                                            
-  @see https://github.com/jwt/ruby-jwt#algorithms-and-usage
                                                                                                            
+
                                                                                                            These two options are passed directly to JWT.encode.  For supported encoding arguments:
+  @see https://github.com/jwt/ruby-jwt#algorithms-and-usage
   @see https://datatracker.ietf.org/doc/html/rfc7518#section-3.1
                                                                                                            
 
-
                                                                                                            The object type of :key may depend on the value of :algorithm.  Sample arguments:
                                                                                                            
-  get_token(claim_set, => ‘HS256’, :key => ‘secret_key’)
                                                                                                            
-  get_token(claim_set, => ‘RS256’, :key => OpenSSL::PKCS12.new(File.read(‘my_key.p12’), ‘not_secret’))
                                                                                                            
+
                                                                                                            The object type of :key may depend on the value of :algorithm.  Sample arguments:
+  get_token(claim_set, {:algorithm => 'HS256', :key => 'secret_key'})
+  get_token(claim_set, {:algorithm => 'RS256', :key => OpenSSL::PKCS12.new(File.read('my_key.p12'), 'not_secret')})
                                                                                                            
 
 
   
                                                                                                            
@@ -382,7 +382,7 @@ 
                                                                                                            
       
       
         —
-        
                                                                                                            this will be merged with the token response to create the AccessToken object
                                                                                                            
+        
                                                                                                            this will be merged with the token response to create the AccessToken object
 @see the access_token_opts argument to Client#get_token
                                                                                                            
 
                                                                                                            
       
@@ -437,7 +437,7 @@ 
                                                                                                            
             
           
           
-            — 
                                                                                                            the url parameter scope that may be required by some endpoints
                                                                                                            
+            — 
                                                                                                            the url parameter scope that may be required by some endpoints
 @see https://datatracker.ietf.org/doc/html/rfc7521#section-4.1
                                                                                                            
 
                                                                                                            
           
@@ -481,9 +481,9 @@ 
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 9cf98f7c..66f488e8 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -105,19 +105,15 @@ 
                                                                                                            Overview
                                                                                                            
   
                                                                                                            
     
                                                                                                            The Authorization Code Strategy
                                                                                                            
 
-
                                                                                                            OAuth 2.1 notes:
                                                                                                            
-
                                                                                                              
-  
                                                                                                            • PKCE is required for all OAuth clients using the authorization code flow (especially public clients).
                                                                                                              
-This library does not enforce PKCE generation/verification; implement PKCE in your application when required.
                                                                                                              • 
-  
                                                                                                            • Redirect URIs must be compared using exact string matching by the Authorization Server.
                                                                                                              
-This client forwards redirect_uri but does not perform server-side validation.
                                                                                                              • 
-
                                                                                                            
+
                                                                                                            OAuth 2.1 notes:
+- PKCE is required for all OAuth clients using the authorization code flow (especially public clients).
+  This library does not enforce PKCE generation/verification; implement PKCE in your application when required.
+- Redirect URIs must be compared using exact string matching by the Authorization Server.
+  This client forwards redirect_uri but does not perform server-side validation.
                                                                                                            
 
-
                                                                                                            References:
                                                                                                            
-
                                                                                                              
-  
                                                                                                            • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
                                                                                                              • 
-  
                                                                                                            • OAuth for native apps (RFC 8252) and PKCE (RFC 7636)
                                                                                                              • 
-
                                                                                                            
+
                                                                                                            References:
+- OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
+- OAuth for native apps (RFC 8252) and PKCE (RFC 7636)
                                                                                                            
 
 
   
                                                                                                            
@@ -483,9 +479,9 @@ 
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 4b7954d8..25d0e02c 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,9 +195,9 @@ 
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 32ccd5ca..0ae17856 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,9 +343,9 @@ 
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 8c336a7e..1c4f1a99 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -105,15 +105,13 @@ 
                                                                                                            Overview
                                                                                                            
   
                                                                                                            
     
                                                                                                            The Implicit Strategy
                                                                                                            
 
-
                                                                                                            IMPORTANT (OAuth 2.1): The Implicit grant (response_type=token) is omitted from the OAuth 2.1 draft specification.
                                                                                                            
+
                                                                                                            IMPORTANT (OAuth 2.1): The Implicit grant (response_type=token) is omitted from the OAuth 2.1 draft specification.
 It remains here for backward compatibility with OAuth 2.0 providers. Prefer the Authorization Code flow with PKCE.
                                                                                                            
 
-
                                                                                                            References:
                                                                                                            
-
                                                                                                              
-  
                                                                                                            • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
                                                                                                              • 
-  
                                                                                                            • Why drop implicit: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
                                                                                                              • 
-  
                                                                                                            • Background: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
                                                                                                              • 
-
                                                                                                            
+
                                                                                                            References:
+- OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
+- Why drop implicit: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
+- Background: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
                                                                                                            
 
 
   
                                                                                                            
@@ -420,9 +418,9 @@ 
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index c063b0a7..040c2902 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -105,15 +105,13 @@ 
                                                                                                            Overview
                                                                                                            
   
                                                                                                            
     
                                                                                                            The Resource Owner Password Credentials Authorization Strategy
                                                                                                            
 
-
                                                                                                            IMPORTANT (OAuth 2.1): The Resource Owner Password Credentials grant is omitted in OAuth 2.1.
                                                                                                            
+
                                                                                                            IMPORTANT (OAuth 2.1): The Resource Owner Password Credentials grant is omitted in OAuth 2.1.
 It remains here for backward compatibility with OAuth 2.0 providers. Prefer Authorization Code + PKCE.
                                                                                                            
 
-
                                                                                                            References:
                                                                                                            
-
                                                                                                              
-  
                                                                                                            • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
                                                                                                              • 
-  
                                                                                                            • Okta explainer: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
                                                                                                              • 
-  
                                                                                                            • FusionAuth blog: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
                                                                                                              • 
-
                                                                                                            
+
                                                                                                            References:
+- OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
+- Okta explainer: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
+- FusionAuth blog: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
                                                                                                            
 
 
   
                                                                                                            
@@ -374,9 +372,9 @@ 
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 3959a0a5..cd15b2c4 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,9 +111,9 @@ 
                                                                                                            
 
                                                                                                            
 
       
 
     
                                                                                                            
diff --git a/docs/_index.html b/docs/_index.html
index cd86d203..1f2eec5b 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -93,87 +93,6 @@ 
                                                                                                            File Listing
                                                                                                            
     
                                                                                                          • LICENSE
                                                                                                            • 
     
   
-    
                                                                                                          • CITATION
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.10.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.11.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.12.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.13.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.14.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.15.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.16.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.17.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.10.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.11.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.12.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.13.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.14.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.15.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.16.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2-2.0.17.gem
                                                                                                            • 
-    
-  
-    
                                                                                                          • REEK
                                                                                                            • 
-    
-  
-    
                                                                                                          • access_token
                                                                                                            • 
-    
-  
-    
                                                                                                          • authenticator
                                                                                                            • 
-    
-  
-    
                                                                                                          • client
                                                                                                            • 
-    
-  
-    
                                                                                                          • error
                                                                                                            • 
-    
-  
-    
                                                                                                          • filtered_attributes
                                                                                                            • 
-    
-  
-    
                                                                                                          • response
                                                                                                            • 
-    
-  
-    
                                                                                                          • strategy
                                                                                                            • 
-    
-  
-    
                                                                                                          • version
                                                                                                            • 
-    
-  
-    
                                                                                                          • oauth2
                                                                                                            • 
-    
-  
   
                                                                                                          
 
 
                                                                                                          
@@ -396,9 +315,9 @@ 
                                                                                                          Namespace Listing A-Z
                                                                                                          
 
 
       
 
     
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 43671ea7..e953df4b 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -63,9 +63,9 @@
 
 
                                                                                                          All notable changes to this project will be documented in this file.
                                                                                                          
 
-
                                                                                                          The format is based on Keep a Changelog,
                                                                                                          
-and this project adheres to Semantic Versioning,
                                                                                                          
-and yes, platform and engine support are part of the public API.
                                                                                                          
+
                                                                                                          The format is based on Keep a Changelog,
+and this project adheres to Semantic Versioning,
+and yes, platform and engine support are part of the public API.
 Please file a bug if you notice a violation of semantic versioning.
                                                                                                          
 
 
                                                                                                          Unreleased
                                                                                                          
@@ -97,7 +97,7 @@ 
                                                                                                          Fixed
                                                                                                          
 
 
                                                                                                          Security
                                                                                                          
 
-
                                                                                                          
+
                                                                                                          
 2.0.17 - 2025-09-15
                                                                                                          
 
 
                                                                                                            
@@ -112,10 +112,10 @@ 
                                                                                                            Added
                                                                                                            
 
 
                                                                                                              
   
                                                                                                            • 
-gh!682 - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., :query, post: :header)
                                                                                                              • 
+gh!682 - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., {get: :query, post: :header})
 
                                                                                                            
 
-
                                                                                                            
+
                                                                                                            
 2.0.16 - 2025-09-14
                                                                                                            
 
 
                                                                                                              
@@ -157,7 +157,7 @@ 
                                                                                                              Changed
                                                                                                              
 gh!681 - Upgrade to kettle-dev v1.1.19
 
                                                                                                            
 
-
                                                                                                            
+
                                                                                                            
 2.0.15 - 2025-09-08
                                                                                                            
 
 
                                                                                                              
@@ -202,7 +202,7 @@ 
                                                                                                              Fixed
                                                                                                              
   
                                                                                                            • point badge to the correct workflow for Ruby 2.3 (caboose.yml)
                                                                                                              • 
 
                                                                                                            
 
-
                                                                                                            
+
                                                                                                            
 2.0.14 - 2025-08-31
                                                                                                            
 
 
                                                                                                              
@@ -246,7 +246,7 @@ 
                                                                                                              Added
                                                                                                              
 gh!664 - README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
 
                                                                                                            
 
-
                                                                                                            
+
                                                                                                            
 2.0.13 - 2025-08-30
                                                                                                            
 
 
                                                                                                              
@@ -291,7 +291,7 @@ 
                                                                                                              Fixed
                                                                                                              
 
 
                                                                                                              Security
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 2.0.12 - 2025-05-31
                                                                                                              
 
 
                                                                                                                
@@ -332,7 +332,7 @@ 
                                                                                                                Fixed
                                                                                                                
   
                                                                                                              • Documentation Typos by @pboling
                                                                                                                • 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 2.0.11 - 2025-05-23
                                                                                                              
 
 
                                                                                                                
@@ -393,7 +393,7 @@ 
                                                                                                                Fixed
                                                                                                                
   
                                                                                                              • Incorrect documentation related to silencing warnings (@pboling)
                                                                                                                • 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 2.0.10 - 2025-05-17
                                                                                                              
 
 
                                                                                                                
@@ -500,7 +500,7 @@ 
                                                                                                                Fixed
                                                                                                                
 gh!646 - Change require to require_relative (improve performance) (@Aboling0)
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 2.0.9 - 2022-09-16
                                                                                                              
 
 
                                                                                                                
@@ -521,7 +521,7 @@ 
                                                                                                                Changed
                                                                                                                
   
                                                                                                              • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
                                                                                                                • 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 2.0.8 - 2022-09-01
                                                                                                              
 
 
                                                                                                                
@@ -544,7 +544,7 @@ 
                                                                                                                Added
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 2.0.7 - 2022-08-22
                                                                                                              
 
 
                                                                                                                
@@ -572,7 +572,7 @@ 
                                                                                                                Fixed
                                                                                                                
 !625 - Fixes the printed version in the post install message (@hasghari)
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 2.0.6 - 2022-07-13
                                                                                                              
 
 
                                                                                                                
@@ -587,7 +587,7 @@ 
                                                                                                                Fixed
                                                                                                                
 !624 - Fixes a regression in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 2.0.5 - 2022-07-07
                                                                                                              
 
 
                                                                                                                
@@ -617,7 +617,7 @@ 
                                                                                                                Fixed
                                                                                                                
   
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 2.0.4 - 2022-07-01
                                                                                                              
 
 
                                                                                                                
@@ -632,7 +632,7 @@ 
                                                                                                                Fixed
                                                                                                                
 !618 - In some scenarios the snaky option default value was not applied (@pboling)
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 2.0.3 - 2022-06-28
                                                                                                              
 
 
                                                                                                                
@@ -658,7 +658,7 @@ 
                                                                                                                Fixed
                                                                                                                
 !615 - Fix support for requests with blocks, see Faraday::Connection#run_request (@pboling)
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 2.0.2 - 2022-06-24
                                                                                                              
 
 
                                                                                                                
@@ -677,7 +677,7 @@ 
                                                                                                                Fixed
                                                                                                                
 !607 - CHANGELOG correction, reference to OAuth2::ConnectionError (@zavan)
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 2.0.1 - 2022-06-22
                                                                                                              
 
 
                                                                                                                
@@ -692,7 +692,7 @@ 
                                                                                                                Added
                                                                                                                
   
                                                                                                              • Increased test coverage to 99% (@pboling)
                                                                                                                • 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 2.0.0 - 2022-06-21
                                                                                                              
 
 
                                                                                                                
@@ -850,7 +850,7 @@ 
                                                                                                                Removed
                                                                                                                
 !590 - Dependency: Removed multi_json (@stanhu)
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.4.11 - 2022-09-16
                                                                                                              
 
 
                                                                                                                
@@ -860,7 +860,7 @@ 
                                                                                                                
   
                                                                                                              • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
                                                                                                                • 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.4.10 - 2022-07-01
                                                                                                              
 
 
                                                                                                                
@@ -869,7 +869,7 @@ 
                                                                                                                
   
                                                                                                              • FIPS Compatibility !587 (@akostadinov)
                                                                                                                • 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.4.9 - 2022-02-20
                                                                                                              
 
 
                                                                                                                
@@ -887,7 +887,7 @@ 
                                                                                                                
   
                                                                                                              • Add Windows and MacOS to test matrix
                                                                                                                • 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.4.8 - 2022-02-18
                                                                                                              
 
 
                                                                                                                
@@ -904,7 +904,7 @@ 
                                                                                                                
 !543 - Support for more modern Open SSL libraries (@pboling)
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.4.7 - 2021-03-19
                                                                                                              
 
 
                                                                                                                
@@ -914,7 +914,7 @@ 
                                                                                                                
 !541 - Backport fix to expires_at handling !533 to 1-4-stable branch. (@dobon)
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.4.6 - 2021-03-19
                                                                                                              
 
 
                                                                                                                
@@ -928,7 +928,7 @@ 
                                                                                                                
 !538 - Remove reliance on globally included OAuth2 in tests, analogous to !539 on main branch (@anderscarling)
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.4.5 - 2021-03-18
                                                                                                              
 
 
                                                                                                                
@@ -944,7 +944,7 @@ 
                                                                                                                
 !500 - Fix YARD documentation formatting (@olleolleolle)
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.4.4 - 2020-02-12
                                                                                                              
 
 
                                                                                                                
@@ -954,7 +954,7 @@ 
                                                                                                                
 !408 - Fixed expires_at for formatted time (@Lomey)
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.4.3 - 2020-01-29
                                                                                                              
 
 
                                                                                                                
@@ -972,7 +972,7 @@ 
                                                                                                                
 !433 - allow field names with square brackets and numbers in params (@asm256)
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.4.2 - 2019-10-01
                                                                                                              
 
 
                                                                                                                
@@ -986,7 +986,7 @@ 
                                                                                                                
   
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.4.1 - 2018-10-13
                                                                                                              
 
 
                                                                                                                
@@ -1030,7 +1030,7 @@ 
                                                                                                                
   
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.4.0 - 2017-06-09
                                                                                                              
 
 
                                                                                                                
@@ -1044,7 +1044,7 @@ 
                                                                                                                
 Dependency: Upgrade Faraday to 0.12 (@sferik)
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.3.1 - 2017-03-03
                                                                                                              
 
 
                                                                                                                
@@ -1055,7 +1055,7 @@ 
                                                                                                                
 Dependency: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher)
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.3.0 - 2016-12-28
                                                                                                              
 
 
                                                                                                                
@@ -1071,7 +1071,7 @@ 
                                                                                                                
   
                                                                                                              • Add support for Faraday 0.10 (@rhymes)
                                                                                                                • 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.2.0 - 2016-07-01
                                                                                                              
 
 
                                                                                                                
@@ -1082,7 +1082,7 @@ 
                                                                                                                
   
                                                                                                              • Use raise rather than fail to throw exceptions (@sferik)
                                                                                                                • 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.1.0 - 2016-01-30
                                                                                                              
 
 
                                                                                                                
@@ -1092,7 +1092,7 @@ 
                                                                                                                
   
                                                                                                              • Add support for Rack 2, and bump various other dependencies (@sferik)
                                                                                                                • 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 1.0.0 - 2014-07-09
                                                                                                              
 
 
                                                                                                                
@@ -1112,7 +1112,7 @@ 
                                                                                                                Fixed
                                                                                                                
   
                                                                                                              • Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
                                                                                                                • 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.5.0 - 2011-07-29
                                                                                                              
 
 
                                                                                                                
@@ -1135,7 +1135,7 @@ 
                                                                                                                Changed
                                                                                                                
 breaking web_server renamed to auth_code.
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.4.1 - 2011-04-20
                                                                                                              
 
 
                                                                                                                
@@ -1143,7 +1143,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.4.0 - 2011-04-20
                                                                                                              
 
 
                                                                                                                
@@ -1151,7 +1151,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.3.0 - 2011-04-08
                                                                                                              
 
 
                                                                                                                
@@ -1159,7 +1159,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.2.0 - 2011-04-01
                                                                                                              
 
 
                                                                                                                
@@ -1167,7 +1167,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.1.1 - 2011-01-12
                                                                                                              
 
 
                                                                                                                
@@ -1175,7 +1175,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.1.0 - 2010-10-13
                                                                                                              
 
 
                                                                                                                
@@ -1183,7 +1183,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.0.13 - 2010-08-17
                                                                                                              
 
 
                                                                                                                
@@ -1191,7 +1191,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.0.12 - 2010-08-17
                                                                                                              
 
 
                                                                                                                
@@ -1199,7 +1199,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.0.11 - 2010-08-17
                                                                                                              
 
 
                                                                                                                
@@ -1207,7 +1207,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.0.10 - 2010-06-19
                                                                                                              
 
 
                                                                                                                
@@ -1215,7 +1215,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.0.9 - 2010-06-18
                                                                                                              
 
 
                                                                                                                
@@ -1223,7 +1223,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.0.8 - 2010-04-27
                                                                                                              
 
 
                                                                                                                
@@ -1231,7 +1231,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.0.7 - 2010-04-27
                                                                                                              
 
 
                                                                                                                
@@ -1239,7 +1239,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.0.6 - 2010-04-25
                                                                                                              
 
 
                                                                                                                
@@ -1247,7 +1247,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.0.5 - 2010-04-23
                                                                                                              
 
 
                                                                                                                
@@ -1255,7 +1255,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.0.4 - 2010-04-22
                                                                                                              
 
 
                                                                                                                
@@ -1263,7 +1263,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.0.3 - 2010-04-22
                                                                                                              
 
 
                                                                                                                
@@ -1271,7 +1271,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.0.2 - 2010-04-22
                                                                                                              
 
 
                                                                                                                
@@ -1279,7 +1279,7 @@ 
                                                                                                                
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              
 0.0.1 - 2010-04-22
                                                                                                              
 
 
                                                                                                                
@@ -1290,9 +1290,9 @@ 
                                                                                                                
 
 
       
 
     
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 4e34bb2e..dbbd6d87 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -61,139 +61,139 @@
 
 
                                                                                                                Our Pledge
                                                                                                                
 
-
                                                                                                                We as members, contributors, and leaders pledge to make participation in our
                                                                                                                
-community a harassment-free experience for everyone, regardless of age, body
                                                                                                                
-size, visible or invisible disability, ethnicity, sex characteristics, gender
                                                                                                                
-identity and expression, level of experience, education, socio-economic status,
                                                                                                                
-nationality, personal appearance, race, caste, color, religion, or sexual
                                                                                                                
+
                                                                                                                We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
 identity and orientation.
                                                                                                                
 
-
                                                                                                                We pledge to act and interact in ways that contribute to an open, welcoming,
                                                                                                                
+
                                                                                                                We pledge to act and interact in ways that contribute to an open, welcoming,
 diverse, inclusive, and healthy community.
                                                                                                                
 
 
                                                                                                                Our Standards
                                                                                                                
 
-
                                                                                                                Examples of behavior that contributes to a positive environment for our
                                                                                                                
+
                                                                                                                Examples of behavior that contributes to a positive environment for our
 community include:
                                                                                                                
 
 
                                                                                                                  
   
                                                                                                                • Demonstrating empathy and kindness toward other people
                                                                                                                  • 
   
                                                                                                                • Being respectful of differing opinions, viewpoints, and experiences
                                                                                                                  • 
   
                                                                                                                • Giving and gracefully accepting constructive feedback
                                                                                                                  • 
-  
                                                                                                                • Accepting responsibility and apologizing to those affected by our mistakes,
                                                                                                                  
+  
                                                                                                                • Accepting responsibility and apologizing to those affected by our mistakes,
 and learning from the experience
                                                                                                                  • 
-  
                                                                                                                • Focusing on what is best not just for us as individuals, but for the overall
                                                                                                                  
+  
                                                                                                                • Focusing on what is best not just for us as individuals, but for the overall
 community
                                                                                                                  • 
 
                                                                                                                
 
 
                                                                                                                Examples of unacceptable behavior include:
                                                                                                                
 
 
                                                                                                                  
-  
                                                                                                                • The use of sexualized language or imagery, and sexual attention or advances of
                                                                                                                  
+  
                                                                                                                • The use of sexualized language or imagery, and sexual attention or advances of
 any kind
                                                                                                                  • 
   
                                                                                                                • Trolling, insulting or derogatory comments, and personal or political attacks
                                                                                                                  • 
   
                                                                                                                • Public or private harassment
                                                                                                                  • 
-  
                                                                                                                • Publishing others’ private information, such as a physical or email address,
                                                                                                                  
+  
                                                                                                                • Publishing others’ private information, such as a physical or email address,
 without their explicit permission
                                                                                                                  • 
-  
                                                                                                                • Other conduct which could reasonably be considered inappropriate in a
                                                                                                                  
+  
                                                                                                                • Other conduct which could reasonably be considered inappropriate in a
 professional setting
                                                                                                                  • 
 
                                                                                                                
 
 
                                                                                                                Enforcement Responsibilities
                                                                                                                
 
-
                                                                                                                Community leaders are responsible for clarifying and enforcing our standards of
                                                                                                                
-acceptable behavior and will take appropriate and fair corrective action in
                                                                                                                
-response to any behavior that they deem inappropriate, threatening, offensive,
                                                                                                                
+
                                                                                                                Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
 or harmful.
                                                                                                                
 
-
                                                                                                                Community leaders have the right and responsibility to remove, edit, or reject
                                                                                                                
-comments, commits, code, wiki edits, issues, and other contributions that are
                                                                                                                
-not aligned to this Code of Conduct, and will communicate reasons for moderation
                                                                                                                
+
                                                                                                                Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
 decisions when appropriate.
                                                                                                                
 
 
                                                                                                                Scope
                                                                                                                
 
-
                                                                                                                This Code of Conduct applies within all community spaces, and also applies when
                                                                                                                
-an individual is officially representing the community in public spaces.
                                                                                                                
-Examples of representing our community include using an official email address,
                                                                                                                
-posting via an official social media account, or acting as an appointed
                                                                                                                
+
                                                                                                                This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
 representative at an online or offline event.
                                                                                                                
 
 
                                                                                                                Enforcement
                                                                                                                
 
-
                                                                                                                Instances of abusive, harassing, or otherwise unacceptable behavior may be
                                                                                                                
-reported to the community leaders responsible for enforcement at
                                                                                                                
-Contact Maintainer.
                                                                                                                
+
                                                                                                                Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+Contact Maintainer.
 All complaints will be reviewed and investigated promptly and fairly.
                                                                                                                
 
-
                                                                                                                All community leaders are obligated to respect the privacy and security of the
                                                                                                                
+
                                                                                                                All community leaders are obligated to respect the privacy and security of the
 reporter of any incident.
                                                                                                                
 
 
                                                                                                                Enforcement Guidelines
                                                                                                                
 
-
                                                                                                                Community leaders will follow these Community Impact Guidelines in determining
                                                                                                                
+
                                                                                                                Community leaders will follow these Community Impact Guidelines in determining
 the consequences for any action they deem in violation of this Code of Conduct:
                                                                                                                
 
-
                                                                                                                1. Correction
                                                                                                                
+
                                                                                                                1. Correction
                                                                                                                
 
-
                                                                                                                Community Impact: Use of inappropriate language or other behavior deemed
                                                                                                                
+
                                                                                                                Community Impact: Use of inappropriate language or other behavior deemed
 unprofessional or unwelcome in the community.
                                                                                                                
 
-
                                                                                                                Consequence: A private, written warning from community leaders, providing
                                                                                                                
-clarity around the nature of the violation and an explanation of why the
                                                                                                                
+
                                                                                                                Consequence: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
 behavior was inappropriate. A public apology may be requested.
                                                                                                                
 
-
                                                                                                                2. Warning
                                                                                                                
+
                                                                                                                2. Warning
                                                                                                                
 
-
                                                                                                                Community Impact: A violation through a single incident or series of
                                                                                                                
+
                                                                                                                Community Impact: A violation through a single incident or series of
 actions.
                                                                                                                
 
-
                                                                                                                Consequence: A warning with consequences for continued behavior. No
                                                                                                                
-interaction with the people involved, including unsolicited interaction with
                                                                                                                
-those enforcing the Code of Conduct, for a specified period of time. This
                                                                                                                
-includes avoiding interactions in community spaces as well as external channels
                                                                                                                
-like social media. Violating these terms may lead to a temporary or permanent
                                                                                                                
+
                                                                                                                Consequence: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
 ban.
                                                                                                                
 
-
                                                                                                                3. Temporary Ban
                                                                                                                
+
                                                                                                                3. Temporary Ban
                                                                                                                
 
-
                                                                                                                Community Impact: A serious violation of community standards, including
                                                                                                                
+
                                                                                                                Community Impact: A serious violation of community standards, including
 sustained inappropriate behavior.
                                                                                                                
 
-
                                                                                                                Consequence: A temporary ban from any sort of interaction or public
                                                                                                                
-communication with the community for a specified period of time. No public or
                                                                                                                
-private interaction with the people involved, including unsolicited interaction
                                                                                                                
-with those enforcing the Code of Conduct, is allowed during this period.
                                                                                                                
+
                                                                                                                Consequence: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
 Violating these terms may lead to a permanent ban.
                                                                                                                
 
-
                                                                                                                4. Permanent Ban
                                                                                                                
+
                                                                                                                4. Permanent Ban
                                                                                                                
 
-
                                                                                                                Community Impact: Demonstrating a pattern of violation of community
                                                                                                                
-standards, including sustained inappropriate behavior, harassment of an
                                                                                                                
+
                                                                                                                Community Impact: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
 individual, or aggression toward or disparagement of classes of individuals.
                                                                                                                
 
-
                                                                                                                Consequence: A permanent ban from any sort of public interaction within the
                                                                                                                
+
                                                                                                                Consequence: A permanent ban from any sort of public interaction within the
 community.
                                                                                                                
 
 
                                                                                                                Attribution
                                                                                                                
 
-
                                                                                                                This Code of Conduct is adapted from the Contributor Covenant,
                                                                                                                
-version 2.1, available at
                                                                                                                
+
                                                                                                                This Code of Conduct is adapted from the Contributor Covenant,
+version 2.1, available at
 https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
                                                                                                                
 
-
                                                                                                                Community Impact Guidelines were inspired by
                                                                                                                
+
                                                                                                                Community Impact Guidelines were inspired by
 Mozilla’s code of conduct enforcement ladder.
                                                                                                                
 
-
                                                                                                                For answers to common questions about this code of conduct, see the FAQ at
                                                                                                                
-https://www.contributor-covenant.org/faq. Translations are available at
                                                                                                                
+
                                                                                                                For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
 https://www.contributor-covenant.org/translations.
                                                                                                                
 
 
 
       
 
     
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 69803d2c..0a22870a 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -59,8 +59,8 @@
 
       
                                                                                                                Contributing
                                                                                                                
 
-
                                                                                                                Bug reports and pull requests are welcome on CodeBerg, GitLab, or GitHub.
                                                                                                                
-This project should be a safe, welcoming space for collaboration, so contributors agree to adhere to
                                                                                                                
+
                                                                                                                Bug reports and pull requests are welcome on CodeBerg, GitLab, or GitHub.
+This project should be a safe, welcoming space for collaboration, so contributors agree to adhere to
 the code of conduct.
                                                                                                                
 
 
                                                                                                                To submit a patch, please fork the project, create a patch with tests, and send a pull request.
                                                                                                                
@@ -85,86 +85,72 @@ 
                                                                                                                Help out!
                                                                                                                
 
 
                                                                                                                Executables vs Rake tasks
                                                                                                                
 
-
                                                                                                                Executables shipped by oauth2 can be used with or without generating the binstubs.
                                                                                                                
-They will work when oauth2 is installed globally (i.e., gem install oauth2) and do not require that oauth2 be in your bundle.
                                                                                                                
+
                                                                                                                Executables shipped by dependencies, such as kettle-dev, and stone_checksums, are available
+after running bin/setup. These include:
                                                                                                                
 
 
                                                                                                                  
+  
                                                                                                                • gem_checksums
                                                                                                                  • 
   
                                                                                                                • kettle-changelog
                                                                                                                  • 
   
                                                                                                                • kettle-commit-msg
                                                                                                                  • 
-  
                                                                                                                • oauth2-setup
                                                                                                                  • 
+  
                                                                                                                • kettle-dev-setup
                                                                                                                  • 
   
                                                                                                                • kettle-dvcs
                                                                                                                  • 
   
                                                                                                                • kettle-pre-release
                                                                                                                  • 
   
                                                                                                                • kettle-readme-backers
                                                                                                                  • 
   
                                                                                                                • kettle-release
                                                                                                                  • 
 
                                                                                                                
 
-
                                                                                                                However, the rake tasks provided by oauth2 do require oauth2 to be added as a development dependency and loaded in your Rakefile.
                                                                                                                
-See the full list of rake tasks in head of Rakefile
                                                                                                                
+
                                                                                                                There are many Rake tasks available as well. You can see them by running:
                                                                                                                
 
-
                                                                                                                Gemfile
                                                                                                                
-
                                                                                                                group :development do
-  gem "oauth2", require: false
-end
-
                                                                                                                
-
-
                                                                                                                Rakefile
                                                                                                                
-
                                                                                                                # Rakefile
-require "oauth2"
-
                                                                                                                
+
                                                                                                                shell
+bin/rake -T
+
                                                                                                                
 
 
                                                                                                                Environment Variables for Local Development
                                                                                                                
 
 
                                                                                                                Below are the primary environment variables recognized by stone_checksums (and its integrated tools). Unless otherwise noted, set boolean values to the string “true” to enable.
                                                                                                                
 
-
                                                                                                                General/runtime
                                                                                                                
-
                                                                                                                  
-  
                                                                                                                • DEBUG: Enable extra internal logging for this library (default: false)
                                                                                                                  • 
-  
                                                                                                                • REQUIRE_BENCH: Enable require_bench to profile requires (default: false)
                                                                                                                  • 
-  
                                                                                                                • CI: When set to true, adjusts default rake tasks toward CI behavior
                                                                                                                  • 
-
                                                                                                                
-
-
                                                                                                                Coverage (kettle-soup-cover / SimpleCov)
                                                                                                                
-
                                                                                                                  
-  
                                                                                                                • K_SOUP_COV_DO: Enable coverage collection (default: true in .envrc)
                                                                                                                  • 
-  
                                                                                                                • K_SOUP_COV_FORMATTERS: Comma-separated list of formatters (html, xml, rcov, lcov, json, tty)
                                                                                                                  • 
-  
                                                                                                                • K_SOUP_COV_MIN_LINE: Minimum line coverage threshold (integer, e.g., 100)
                                                                                                                  • 
-  
                                                                                                                • K_SOUP_COV_MIN_BRANCH: Minimum branch coverage threshold (integer, e.g., 100)
                                                                                                                  • 
-  
                                                                                                                • K_SOUP_COV_MIN_HARD: Fail the run if thresholds are not met (true/false)
                                                                                                                  • 
-  
                                                                                                                • K_SOUP_COV_MULTI_FORMATTERS: Enable multiple formatters at once (true/false)
                                                                                                                  • 
-  
                                                                                                                • K_SOUP_COV_OPEN_BIN: Path to browser opener for HTML (empty disables auto-open)
                                                                                                                  • 
-  
                                                                                                                • MAX_ROWS: Limit console output rows for simplecov-console (e.g., 1)
                                                                                                                  
-Tip: When running a single spec file locally, you may want K_SOUP_COV_MIN_HARD=false to avoid failing thresholds for a partial run.
                                                                                                                  • 
-
                                                                                                                
-
-
                                                                                                                GitHub API and CI helpers
                                                                                                                
-
                                                                                                                  
-  
                                                                                                                • GITHUB_TOKEN or GH_TOKEN: Token used by ci:act and release workflow checks to query GitHub Actions status at higher rate limits
                                                                                                                  • 
-
                                                                                                                
-
-
                                                                                                                Releasing and signing
                                                                                                                
-
                                                                                                                  
-  
                                                                                                                • SKIP_GEM_SIGNING: If set, skip gem signing during build/release
                                                                                                                  • 
-  
                                                                                                                • GEM_CERT_USER: Username for selecting your public cert in certs/<USER>.pem (defaults to $USER)
                                                                                                                  • 
-  
                                                                                                                • SOURCE_DATE_EPOCH: Reproducible build timestamp. kettle-release will set this automatically for the session.
                                                                                                                  • 
-
                                                                                                                
-
-
                                                                                                                Git hooks and commit message helpers (exe/kettle-commit-msg)
                                                                                                                
-
                                                                                                                  
-  
                                                                                                                • GIT_HOOK_BRANCH_VALIDATE: Branch name validation mode (e.g., jira) or false to disable
                                                                                                                  • 
-  
                                                                                                                • GIT_HOOK_FOOTER_APPEND: Append a footer to commit messages when goalie allows (true/false)
                                                                                                                  • 
-  
                                                                                                                • GIT_HOOK_FOOTER_SENTINEL: Required when footer append is enabled — a unique first-line sentinel to prevent duplicates
                                                                                                                  • 
-  
                                                                                                                • GIT_HOOK_FOOTER_APPEND_DEBUG: Extra debug output in the footer template (true/false)
                                                                                                                  • 
-
                                                                                                                
+
                                                                                                                General/runtime
+- DEBUG: Enable extra internal logging for this library (default: false)
+- REQUIRE_BENCH: Enable require_bench to profile requires (default: false)
+- CI: When set to true, adjusts default rake tasks toward CI behavior
                                                                                                                
+
+
                                                                                                                Coverage (kettle-soup-cover / SimpleCov)
+- K_SOUP_COV_DO: Enable coverage collection (default: true in .envrc)
+- K_SOUP_COV_FORMATTERS: Comma-separated list of formatters (html, xml, rcov, lcov, json, tty)
+- K_SOUP_COV_MIN_LINE: Minimum line coverage threshold (integer, e.g., 100)
+- K_SOUP_COV_MIN_BRANCH: Minimum branch coverage threshold (integer, e.g., 100)
+- K_SOUP_COV_MIN_HARD: Fail the run if thresholds are not met (true/false)
+- K_SOUP_COV_MULTI_FORMATTERS: Enable multiple formatters at once (true/false)
+- K_SOUP_COV_OPEN_BIN: Path to browser opener for HTML (empty disables auto-open)
+- MAX_ROWS: Limit console output rows for simplecov-console (e.g., 1)
+  Tip: When running a single spec file locally, you may want K_SOUP_COV_MIN_HARD=false to avoid failing thresholds for a partial run.
                                                                                                                
+
+
                                                                                                                GitHub API and CI helpers
+- GITHUB_TOKEN or GH_TOKEN: Token used by ci:act and release workflow checks to query GitHub Actions status at higher rate limits
                                                                                                                
+
+
                                                                                                                Releasing and signing
+- SKIP_GEM_SIGNING: If set, skip gem signing during build/release
+- GEM_CERT_USER: Username for selecting your public cert in certs/<USER>.pem (defaults to $USER)
+- SOURCE_DATE_EPOCH: Reproducible build timestamp.
+  - kettle-release will set this automatically for the session.
+  - Not needed on bundler >= 2.7.0, as reproducible builds have become the default.
                                                                                                                
+
+
                                                                                                                Git hooks and commit message helpers (exe/kettle-commit-msg)
+- GIT_HOOK_BRANCH_VALIDATE: Branch name validation mode (e.g., jira) or false to disable
+- GIT_HOOK_FOOTER_APPEND: Append a footer to commit messages when goalie allows (true/false)
+- GIT_HOOK_FOOTER_SENTINEL: Required when footer append is enabled — a unique first-line sentinel to prevent duplicates
+- GIT_HOOK_FOOTER_APPEND_DEBUG: Extra debug output in the footer template (true/false)
                                                                                                                
 
 
                                                                                                                For a quick starting point, this repository’s .envrc shows sane defaults, and .env.local can override them locally.
                                                                                                                
 
 
                                                                                                                Appraisals
                                                                                                                
 
-
                                                                                                                From time to time the appraisal2 gemfiles in gemfiles/ will need to be updated.
                                                                                                                
+
                                                                                                                From time to time the appraisal2 gemfiles in gemfiles/ will need to be updated.
 They are created and updated with the commands:
                                                                                                                
 
-
                                                                                                                bin/rake appraisal:update
-
                                                                                                                
+
                                                                                                                console
+bin/rake appraisal:update
+
                                                                                                                
 
 
                                                                                                                When adding an appraisal to CI, check the runner tool cache to see which runner to use.
                                                                                                                
 
@@ -174,38 +160,40 @@ 
                                                                                                                The Reek List
                                                                                                                
 
 
                                                                                                                To refresh the reek list:
                                                                                                                
 
-
                                                                                                                bundle exec reek > REEK
-
                                                                                                                
+
                                                                                                                console
+bundle exec reek > REEK
+
                                                                                                                
 
 
                                                                                                                Run Tests
                                                                                                                
 
 
                                                                                                                To run all tests
                                                                                                                
 
-
                                                                                                                bundle exec rake test
-
                                                                                                                
+
                                                                                                                console
+bundle exec rake test
+
                                                                                                                
 
 
                                                                                                                Spec organization (required)
                                                                                                                
 
 
                                                                                                                  
-  
                                                                                                                • One spec file per class/module. For each class or module under lib/, keep all of its unit tests in a single spec file under spec/ that mirrors the path and file name exactly: lib/oauth2/release_cli.rb -> spec/oauth2/release_cli_spec.rb.
                                                                                                                  • 
-  
                                                                                                                • Never add a second spec file for the same class/module. Examples of disallowed names: *_more_spec.rb, *_extra_spec.rb, *_status_spec.rb, or any other suffix that still targets the same class. If you find yourself wanting a second file, merge those examples into the canonical spec file for that class/module.
                                                                                                                  • 
+  
                                                                                                                • One spec file per class/module. For each class or module under lib/, keep all of its unit tests in a single spec file under spec/ that mirrors the path and file name exactly: lib/oauth2/my_class.rb -> spec/oauth2/my_class_spec.rb.
                                                                                                                  • 
   
                                                                                                                • Exception: Integration specs that intentionally span multiple classes. Place these under spec/integration/ (or a clearly named integration folder), and do not directly mirror a single class. Name them after the scenario, not a class.
                                                                                                                  • 
-  
                                                                                                                • Migration note: If a duplicate spec file exists, move all examples into the canonical file and delete the duplicate. Do not leave stubs or empty files behind.
                                                                                                                  • 
 
                                                                                                                
 
 
                                                                                                                Lint It
                                                                                                                
 
 
                                                                                                                Run all the default tasks, which includes running the gradually autocorrecting linter, rubocop-gradual.
                                                                                                                
 
-
                                                                                                                bundle exec rake
-
                                                                                                                
+
                                                                                                                console
+bundle exec rake
+
                                                                                                                
 
 
                                                                                                                Or just run the linter.
                                                                                                                
 
-
                                                                                                                bundle exec rake rubocop_gradual:autocorrect
-
                                                                                                                
+
                                                                                                                console
+bundle exec rake rubocop_gradual:autocorrect
+
                                                                                                                
 
-
                                                                                                                For more detailed information about using RuboCop in this project, please see the RUBOCOP.md guide. This project uses rubocop_gradual instead of vanilla RuboCop, which requires specific commands for checking violations.
                                                                                                                
+
                                                                                                                For more detailed information about using RuboCop in this project, please see the RUBOCOP.md guide. This project uses rubocop_gradual instead of vanilla RuboCop, which requires specific commands for checking violations.
                                                                                                                
 
 
                                                                                                                Important: Do not add inline RuboCop disables
                                                                                                                
 
@@ -213,7 +201,7 @@ 
                                                                                                                Important: Do not add inli
 
 
                                                                                                                  
   
                                                                                                                • Prefer configuration-based exclusions when a rule should not apply to certain paths or files (e.g., via .rubocop.yml).
                                                                                                                  • 
-  
                                                                                                                • When a violation is temporary and you plan to fix it later, record it in .rubocop_gradual.lock using the gradual workflow:
+  
                                                                                                                • When a violation is temporary, and you plan to fix it later, record it in .rubocop_gradual.lock using the gradual workflow:
     
                                                                                                                    
       
                                                                                                                  • 
 bundle exec rake rubocop_gradual:autocorrect (preferred)
                                                                                                                    • 
@@ -239,10 +227,10 @@ 
                                                                                                                    For Maintainers
                                                                                                                    
 
 
                                                                                                                    One-time, Per-maintainer, Setup
                                                                                                                    
 
-
                                                                                                                    IMPORTANT: To sign a build,
                                                                                                                    
-a public key for signing gems will need to be picked up by the line in the
                                                                                                                    
-gemspec defining the spec.cert_chain (check the relevant ENV variables there).
                                                                                                                    
-All releases to RubyGems.org are signed releases.
                                                                                                                    
+
                                                                                                                    IMPORTANT: To sign a build,
+a public key for signing gems will need to be picked up by the line in the
+gemspec defining the spec.cert_chain (check the relevant ENV variables there).
+All releases are signed releases.
 See: RubyGems Security Guide
                                                                                                                    
 
 
                                                                                                                    NOTE: To build without signing the gem set SKIP_GEM_SIGNING to any value in the environment.
                                                                                                                    
@@ -252,9 +240,10 @@ 
                                                                                                                    To release a new version:
                                                                                                                    
 
                                                                                                                    Automated process
                                                                                                                    
 
 
                                                                                                                      
-  
                                                                                                                    1. Update version.rb to contian the correct version-to-be-released.
                                                                                                                      2. 
+  
                                                                                                                    2. Update version.rb to contain the correct version-to-be-released.
                                                                                                                      3. 
   
                                                                                                                    3. Run bundle exec kettle-changelog.
                                                                                                                      4. 
   
                                                                                                                    4. Run bundle exec kettle-release.
                                                                                                                      5. 
+  
                                                                                                                    5. Stay awake and monitor the release process for any errors, and answer any prompts.
                                                                                                                      6. 
 
                                                                                                                    
 
 
                                                                                                                    Manual process
                                                                                                                    
@@ -288,8 +277,8 @@ 
                                                                                                                    Manual process
                                                                                                                    
   
   
                                                                                                                  • Run bundle exec rake build
 
                                                                                                                    • 
-  
                                                                                                                  • Run bin/gem_checksums (more context 1, 2)
                                                                                                                    
-to create SHA-256 and SHA-512 checksums. This functionality is provided by the stone_checksums
                                                                                                                    
+  
                                                                                                                  • Run bin/gem_checksums (more context 1, 2)
+to create SHA-256 and SHA-512 checksums. This functionality is provided by the stone_checksums
 gem.
     
                                                                                                                      
       
                                                                                                                    • The script automatically commits but does not push the checksums
                                                                                                                      • 
@@ -300,17 +289,16 @@ 
                                                                                                                      Manual process
                                                                                                                      
       
                                                                                                                    • sha256sum pkg/<gem name>-<version>.gem
                                                                                                                      • 
     
                                                                                                                    
   
                                                                                                                    • 
-  
                                                                                                                  • Run bundle exec rake release which will create a git tag for the version,
                                                                                                                    
-push git commits and tags, and push the .gem file to rubygems.org
-
                                                                                                                    • 
+  
                                                                                                                  • Run bundle exec rake release which will create a git tag for the version,
+push git commits and tags, and push the .gem file to the gem host configured in the gemspec.
                                                                                                                    • 
 
 
 
                                                                                                                
 
       
 
     
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index aab97aa9..3a6b386d 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -65,35 +65,30 @@
 
 
                                                                                                                OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal
                                                                                                                
 
-
                                                                                                                Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
                                                                                                                
+
                                                                                                                Buy me a coffee Donate on Polar Donate to my FLOSS efforts at ko-fi.com Donate to my FLOSS efforts using Patreon
                                                                                                                
 
 
 
-
                                                                                                                🤑 Request for Help
                                                                                                                
+
                                                                                                                🤑 A request for help
                                                                                                                
 
-
                                                                                                                Maintainers have teeth and need to pay their dentists.
                                                                                                                
-After getting laid off in an RIF in March and filled with many dozens of rejections,
                                                                                                                
-I’m now spending ~60+ hours a week building open source tools.
                                                                                                                
-I’m hoping to be able to pay for my kids’ health insurance this month,
                                                                                                                
-so if you value the work I am doing, I need your support.
                                                                                                                
+
                                                                                                                Maintainers have teeth and need to pay their dentists.
+After getting laid off in an RIF in March, and encountering difficulty finding a new one,
+I began spending most of my time building open source tools.
+I’m hoping to be able to pay for my kids’ health insurance this month,
+so if you value the work I am doing, I need your support.
 Please consider sponsoring me or the project.
                                                                                                                
 
 
                                                                                                                To join the community or get help 👇️ Join the Discord.
                                                                                                                
 
 
                                                                                                                Live Chat on Discord
                                                                                                                
 
-
                                                                                                                To say “thanks for maintaining such a great tool” ☝️ Join the Discord or 👇️ send money.
                                                                                                                
+
                                                                                                                To say “thanks!” ☝️ Join the Discord or 👇️ send money.
                                                                                                                
 
-
                                                                                                                Sponsor ruby-oauth/oauth2 on Open Source Collective 💌 Sponsor me on GitHub Sponsors 💌 Sponsor me on Liberapay 💌 Donate on PayPal
                                                                                                                
+
                                                                                                                Sponsor ruby-oauth/oauth2 on Open Source Collective 💌 Sponsor me on GitHub Sponsors 💌 Sponsor me on Liberapay 💌 Donate on PayPal
                                                                                                                
 
 
                                                                                                                Another Way to Support Open Source Software
                                                                                                                
 
-
                                                                                                                
-  
                                                                                                                How wonderful it is that nobody need wait a single moment before starting to improve the world.

                                                                                                                
-—Anne Frank
                                                                                                                
-
                                                                                                                
-
-
                                                                                                                I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions — totaling 79 hours of FLOSS coding over just the past seven days, a pretty regular week for me.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
                                                                                                                
+
                                                                                                                I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
                                                                                                                
 
 
                                                                                                                If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.
                                                                                                                
 
@@ -104,9 +99,9 @@ 
                                                                                                                Another Way to Support Open
 
 
       
 
     
diff --git a/docs/file.IRP.html b/docs/file.IRP.html
index b2fb8145..38d6f80d 100644
--- a/docs/file.IRP.html
+++ b/docs/file.IRP.html
@@ -180,13 +180,11 @@ 
                                                                                                                Legal & regulatory
                                                                                                                
 
                                                                                                              
 
 
                                                                                                              Retrospective & continuous improvement
                                                                                                              
-
                                                                                                              After an incident, perform a brief post-incident review covering:
                                                                                                              
-
                                                                                                                
-  
                                                                                                              • What happened and why
                                                                                                                • 
-  
                                                                                                              • What was done to contain and remediate
                                                                                                                • 
-  
                                                                                                              • What tests or process changes will prevent recurrence
                                                                                                                • 
-  
                                                                                                              • Assign owners and deadlines for follow-up tasks
                                                                                                                • 
-
                                                                                                              
+
                                                                                                              After an incident, perform a brief post-incident review covering:
+- What happened and why
+- What was done to contain and remediate
+- What tests or process changes will prevent recurrence
+- Assign owners and deadlines for follow-up tasks
                                                                                                              
 
 
                                                                                                              References
                                                                                                              
 
                                                                                                                
@@ -194,26 +192,20 @@ 
                                                                                                                References
                                                                                                                
 
                                                                                                              
 
 
                                                                                                              Appendix: Example checklist for an incident
                                                                                                              
-
                                                                                                                
-  
                                                                                                              • 
-Acknowledge report to reporter (24-72 hours)
                                                                                                                • 
-  
                                                                                                              • 
-Reproduce and classify severity
                                                                                                                • 
-  
                                                                                                              • 
-Prepare and test a fix in a branch
                                                                                                                • 
-  
                                                                                                              • 
-Coordinate disclosure via Tidelift
                                                                                                                • 
-  
                                                                                                              • 
-Publish patch release and advisory
                                                                                                                • 
-  
                                                                                                              • 
-Postmortem and follow-up actions
                                                                                                                • 
+
                                                                                                                  
+  
                                                                                                                • [ ] Acknowledge report to reporter (24-72 hours)
                                                                                                                  • 
+  
                                                                                                                • [ ] Reproduce and classify severity
                                                                                                                  • 
+  
                                                                                                                • [ ] Prepare and test a fix in a branch
                                                                                                                  • 
+  
                                                                                                                • [ ] Coordinate disclosure via Tidelift
                                                                                                                  • 
+  
                                                                                                                • [ ] Publish patch release and advisory
                                                                                                                  • 
+  
                                                                                                                • [ ] Postmortem and follow-up actions
                                                                                                                  • 
 
                                                                                                                
 
 
       
 
     
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index db020c50..8befb1fa 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,9 +60,9 @@
       
                                                                                                                MIT License

                                                                                                                Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                                                                                                                Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                                                                                                                Permission is hereby granted, free of charge, to any person obtaining a copy
                                                                                                                of this software and associated documentation files (the "Software"), to deal
                                                                                                                in the Software without restriction, including without limitation the rights
                                                                                                                to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                                                                                                                copies of the Software, and to permit persons to whom the Software is
                                                                                                                furnished to do so, subject to the following conditions:

                                                                                                                The above copyright notice and this permission notice shall be included in all
                                                                                                                copies or substantial portions of the Software.

                                                                                                                THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                                                                                                                IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                                                                                                                FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                                                                                                                AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                                                                                                                LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                                                                                                                OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                                                                                                                SOFTWARE.
                                                                                                                
 
       
 
     
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 60f480af..2f34a113 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -80,176 +80,153 @@ 
                                                                                                                Raw OIDC with ruby-oauth/oauth2
                                                                                                                
 
 
                                                                                                                This document complements the inline documentation by focusing on OpenID Connect (OIDC) 1.0 usage patterns when using this gem as an OAuth 2.0 client library.
                                                                                                                
 
-
                                                                                                                Scope of this document
                                                                                                                
-
                                                                                                                  
-  
                                                                                                                • Audience: Developers building an OAuth 2.0/OIDC Relying Party (RP, aka client) in Ruby.
                                                                                                                  • 
-  
                                                                                                                • Non-goals: This gem does not implement an OIDC Provider (OP, aka Authorization Server); for OP/server see other projects (e.g., doorkeeper + oidc extensions).
                                                                                                                  • 
-  
                                                                                                                • Status: Informational documentation with links to normative specs. The gem intentionally remains protocol-agnostic beyond OAuth 2.0; OIDC specifics (like ID Token validation) must be handled by your application.
                                                                                                                  • 
-
                                                                                                                
-
-
                                                                                                                Key concepts refresher
                                                                                                                
-
                                                                                                                  
-  
                                                                                                                • OAuth 2.0 delegates authorization; it does not define authentication of the end-user.
                                                                                                                  • 
-  
                                                                                                                • OIDC layers an identity layer on top of OAuth 2.0, introducing:
-    
                                                                                                                    
-      
                                                                                                                  • ID Token: a JWT carrying claims about the authenticated end-user and the authentication event.
                                                                                                                    • 
-      
                                                                                                                  • Standardized scopes: openid (mandatory), profile, email, address, phone, offline_access, and others.
                                                                                                                    • 
-      
                                                                                                                  • UserInfo endpoint: a protected resource for retrieving user profile claims.
                                                                                                                    • 
-      
                                                                                                                  • Discovery and Dynamic Client Registration (optional for providers/clients that support them).
                                                                                                                    • 
-    
                                                                                                                  
-  
                                                                                                                  • 
-
                                                                                                                
-
-
                                                                                                                What this gem provides for OIDC
                                                                                                                
-
                                                                                                                  
-  
                                                                                                                • All OAuth 2.0 client capabilities required for OIDC flows: building authorization requests, exchanging authorization codes, refreshing tokens, and making authenticated resource requests.
                                                                                                                  • 
-  
                                                                                                                • Transport and parsing conveniences (snaky hash, Faraday integration, error handling, etc.).
                                                                                                                  • 
-  
                                                                                                                • Optional client authentication schemes useful with OIDC deployments:
-    
                                                                                                                    
-      
                                                                                                                  • basic_auth (default)
                                                                                                                    • 
-      
                                                                                                                  • request_body (legacy)
                                                                                                                    • 
-      
                                                                                                                  • tls_client_auth (MTLS)
                                                                                                                    • 
-      
                                                                                                                  • private_key_jwt (OIDC-compliant when configured per OP requirements)
                                                                                                                    • 
-    
                                                                                                                  
-  
                                                                                                                  • 
-
                                                                                                                
-
-
                                                                                                                What you must add in your app for OIDC
                                                                                                                
-
                                                                                                                  
-  
                                                                                                                • ID Token validation: This gem surfaces id_token values but does not verify them. Your app should:
                                                                                                                  
-1) Parse the JWT (header, payload, signature)
                                                                                                                  
-2) Fetch the OP JSON Web Key Set (JWKS) from discovery (or configure statically)
                                                                                                                  
-3) Select the correct key by kid (when present) and verify the signature and algorithm
                                                                                                                  
-4) Validate standard claims (iss, aud, exp, iat, nbf, azp, nonce when used, at_hash/c_hash when applicable)
                                                                                                                  
-5) Enforce expected client_id, issuer, and clock skew policies
                                                                                                                  • 
-  
                                                                                                                • Nonce handling for Authorization Code flow with OIDC: generate a cryptographically-random nonce, bind it to the user session before redirect, include it in authorize request, and verify it in the ID Token on return.
                                                                                                                  • 
-  
                                                                                                                • PKCE is best practice and often required by OPs: generate/verifier, send challenge in authorize, send verifier in token request.
                                                                                                                  • 
-  
                                                                                                                • Session/state management: continue to validate state to mitigate CSRF; use exact redirect_uri matching.
                                                                                                                  • 
-
                                                                                                                
+
                                                                                                                Scope of this document
+- Audience: Developers building an OAuth 2.0/OIDC Relying Party (RP, aka client) in Ruby.
+- Non-goals: This gem does not implement an OIDC Provider (OP, aka Authorization Server); for OP/server see other projects (e.g., doorkeeper + oidc extensions).
+- Status: Informational documentation with links to normative specs. The gem intentionally remains protocol-agnostic beyond OAuth 2.0; OIDC specifics (like ID Token validation) must be handled by your application.
                                                                                                                
+
+
                                                                                                                Key concepts refresher
+- OAuth 2.0 delegates authorization; it does not define authentication of the end-user.
+- OIDC layers an identity layer on top of OAuth 2.0, introducing:
+  - ID Token: a JWT carrying claims about the authenticated end-user and the authentication event.
+  - Standardized scopes: openid (mandatory), profile, email, address, phone, offline_access, and others.
+  - UserInfo endpoint: a protected resource for retrieving user profile claims.
+  - Discovery and Dynamic Client Registration (optional for providers/clients that support them).
                                                                                                                
+
+
                                                                                                                What this gem provides for OIDC
+- All OAuth 2.0 client capabilities required for OIDC flows: building authorization requests, exchanging authorization codes, refreshing tokens, and making authenticated resource requests.
+- Transport and parsing conveniences (snaky hash, Faraday integration, error handling, etc.).
+- Optional client authentication schemes useful with OIDC deployments:
+  - basic_auth (default)
+  - request_body (legacy)
+  - tls_client_auth (MTLS)
+  - private_key_jwt (OIDC-compliant when configured per OP requirements)
                                                                                                                
+
+
                                                                                                                What you must add in your app for OIDC
+- ID Token validation: This gem surfaces id_token values but does not verify them. Your app should:
+  1) Parse the JWT (header, payload, signature)
+  2) Fetch the OP JSON Web Key Set (JWKS) from discovery (or configure statically)
+  3) Select the correct key by kid (when present) and verify the signature and algorithm
+  4) Validate standard claims (iss, aud, exp, iat, nbf, azp, nonce when used, at_hash/c_hash when applicable)
+  5) Enforce expected client_id, issuer, and clock skew policies
+- Nonce handling for Authorization Code flow with OIDC: generate a cryptographically-random nonce, bind it to the user session before redirect, include it in authorize request, and verify it in the ID Token on return.
+- PKCE is best practice and often required by OPs: generate/verifier, send challenge in authorize, send verifier in token request.
+- Session/state management: continue to validate state to mitigate CSRF; use exact redirect_uri matching.
                                                                                                                
 
 
                                                                                                                Minimal OIDC Authorization Code example
                                                                                                                
 
-
                                                                                                                require "oauth2"
-require "jwt"         # jwt/ruby-jwt
-require "net/http"
-require "json"
-
-client = OAuth2::Client.new(
-  ENV.fetch("OIDC_CLIENT_ID"),
-  ENV.fetch("OIDC_CLIENT_SECRET"),
-  site: ENV.fetch("OIDC_ISSUER"),              # e.g. https://accounts.example.com
-  authorize_url: "/authorize",                 # or discovered
-  token_url: "/token",                         # or discovered
-)
-
-# Step 1: Redirect to OP for consent/auth
-state = SecureRandom.hex(16)
+
                                                                                                                ```ruby
+require “oauth2”
+require “jwt”         # jwt/ruby-jwt
+require “net/http”
+require “json”
                                                                                                                
+
+
                                                                                                                client = OAuth2::Client.new(
+  ENV.fetch(“OIDC_CLIENT_ID”),
+  ENV.fetch(“OIDC_CLIENT_SECRET”),
+  site: ENV.fetch(“OIDC_ISSUER”),              # e.g. https://accounts.example.com
+  authorize_url: “/authorize”,                 # or discovered
+  token_url: “/token”,                         # or discovered
+)
                                                                                                                
+
+
                                                                                                                Step 1: Redirect to OP for consent/auth
                                                                                                                
+
                                                                                                                state = SecureRandom.hex(16)
 nonce = SecureRandom.hex(16)
 pkce_verifier = SecureRandom.urlsafe_base64(64)
-pkce_challenge = Base64.urlsafe_encode64(Digest::SHA256.digest(pkce_verifier)).delete("=")
+pkce_challenge = Base64.urlsafe_encode64(Digest::SHA256.digest(pkce_verifier)).delete(“=”)
                                                                                                                
 
-authz_url = client.auth_code.authorize_url(
-  scope: "openid profile email",
+
                                                                                                                authz_url = client.auth_code.authorize_url(
+  scope: “openid profile email”,
   state: state,
   nonce: nonce,
   code_challenge: pkce_challenge,
-  code_challenge_method: "S256",
-  redirect_uri: ENV.fetch("OIDC_REDIRECT_URI"),
+  code_challenge_method: “S256”,
+  redirect_uri: ENV.fetch(“OIDC_REDIRECT_URI”),
 )
-# redirect_to authz_url
+# redirect_to authz_url
                                                                                                                
 
-# Step 2: Handle callback
-# params[:code], params[:state]
-raise "state mismatch" unless params[:state] == state
+
                                                                                                                Step 2: Handle callback
                                                                                                                
+
                                                                                                                # params[:code], params[:state]
+raise “state mismatch” unless params[:state] == state
                                                                                                                
 
-token = client.auth_code.get_token(
+
                                                                                                                token = client.auth_code.get_token(
   params[:code],
-  redirect_uri: ENV.fetch("OIDC_REDIRECT_URI"),
+  redirect_uri: ENV.fetch(“OIDC_REDIRECT_URI”),
   code_verifier: pkce_verifier,
-)
+)
                                                                                                                
 
-# The token may include: access_token, id_token, refresh_token, etc.
-id_token = token.params["id_token"] || token.params[:id_token]
+
                                                                                                                The token may include: access_token, id_token, refresh_token, etc.
                                                                                                                
+
                                                                                                                id_token = token.params[“id_token”] || token.params[:id_token]
                                                                                                                
 
-# Step 3: Validate the ID Token (simplified – add your own checks!)
-# Discover keys (example using .well-known)
-issuer = ENV.fetch("OIDC_ISSUER")
-jwks_uri = JSON.parse(Net::HTTP.get(URI.join(issuer, "/.well-known/openid-configuration"))).
-  fetch("jwks_uri")
+
                                                                                                                Step 3: Validate the ID Token (simplified – add your own checks!)
                                                                                                                
+
                                                                                                                # Discover keys (example using .well-known)
+issuer = ENV.fetch(“OIDC_ISSUER”)
+jwks_uri = JSON.parse(Net::HTTP.get(URI.join(issuer, “/.well-known/openid-configuration”))).
+  fetch(“jwks_uri”)
 jwks = JSON.parse(Net::HTTP.get(URI(jwks_uri)))
-keys = jwks.fetch("keys")
+keys = jwks.fetch(“keys”)
                                                                                                                
 
-# Use ruby-jwt JWK loader
-jwk_set = JWT::JWK::Set.new(keys.map { |k| JWT::JWK.import(k) })
+
                                                                                                                Use ruby-jwt JWK loader
                                                                                                                
+
                                                                                                                jwk_set = JWT::JWK::Set.new(keys.map { |k| JWT::JWK.import(k) })
                                                                                                                
 
-decoded, headers = JWT.decode(
+
                                                                                                                decoded, headers = JWT.decode(
   id_token,
   nil,
   true,
-  algorithms: ["RS256", "ES256", "PS256"],
+  algorithms: [“RS256”, “ES256”, “PS256”],
   jwks: jwk_set,
   verify_iss: true,
   iss: issuer,
   verify_aud: true,
-  aud: ENV.fetch("OIDC_CLIENT_ID"),
-)
-
-# Verify nonce
-raise "nonce mismatch" unless decoded["nonce"] == nonce
-
-# Optionally: call UserInfo
-userinfo = token.get("/userinfo").parsed
-
                                                                                                                
-
-
                                                                                                                Notes on discovery and registration
                                                                                                                
-
                                                                                                                  
-  
                                                                                                                • Discovery: Most OPs publish configuration at issuer/.well-known/openid-configuration (OIDC Discovery 1.0). From there, resolve authorization_endpoint, token_endpoint, jwks_uri, userinfo_endpoint, etc.
                                                                                                                  • 
-  
                                                                                                                • Dynamic Client Registration: Some OPs allow registering clients programmatically (OIDC Dynamic Client Registration 1.0). This gem does not implement registration; use a plain HTTP client or Faraday and store credentials securely.
                                                                                                                  • 
-
                                                                                                                
-
-
                                                                                                                Common pitfalls and tips
                                                                                                                
-
                                                                                                                  
-  
                                                                                                                • Always request the openid scope when you expect an ID Token. Without it, the OP may behave as vanilla OAuth 2.0.
                                                                                                                  • 
-  
                                                                                                                • Validate ID Token signature and claims before trusting any identity data. Do not rely solely on the presence of an id_token field.
                                                                                                                  • 
-  
                                                                                                                • Prefer Authorization Code + PKCE. Avoid Implicit; it is discouraged in modern guidance and may be disabled by providers.
                                                                                                                  • 
-  
                                                                                                                • Use exact redirect_uri matching, and keep your allow-list short.
                                                                                                                  • 
-  
                                                                                                                • For public clients that use refresh tokens, prefer sender-constrained tokens (DPoP/MTLS) or rotation with one-time-use refresh tokens, per modern best practices.
                                                                                                                  • 
-  
                                                                                                                • When using private_key_jwt, ensure the “aud” (or token_url) and “iss/sub” claims are set per the OP’s rules, and include kid in the JWT header when required so the OP can select the right key.
                                                                                                                  • 
-
                                                                                                                
-
-
                                                                                                                Relevant specifications and references
                                                                                                                
-
                                                                                                                  
-  
                                                                                                                • OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html
                                                                                                                  • 
-  
                                                                                                                • OIDC Core (final): https://openid.net/specs/openid-connect-core-1_0-final.html
                                                                                                                  • 
-  
                                                                                                                • How OIDC works: https://openid.net/developers/how-connect-works/
                                                                                                                  • 
-  
                                                                                                                • OpenID Connect home: https://openid.net/connect/
                                                                                                                  • 
-  
                                                                                                                • OIDC Discovery 1.0: https://openid.net/specs/openid-connect-discovery-1_0.html
                                                                                                                  • 
-  
                                                                                                                • OIDC Dynamic Client Registration 1.0: https://openid.net/specs/openid-connect-registration-1_0.html
                                                                                                                  • 
-  
                                                                                                                • OIDC Session Management 1.0: https://openid.net/specs/openid-connect-session-1_0.html
                                                                                                                  • 
-  
                                                                                                                • OIDC RP-Initiated Logout 1.0: https://openid.net/specs/openid-connect-rpinitiated-1_0.html
                                                                                                                  • 
-  
                                                                                                                • OIDC Back-Channel Logout 1.0: https://openid.net/specs/openid-connect-backchannel-1_0.html
                                                                                                                  • 
-  
                                                                                                                • OIDC Front-Channel Logout 1.0: https://openid.net/specs/openid-connect-frontchannel-1_0.html
                                                                                                                  • 
-  
                                                                                                                • Auth0 OIDC overview: https://auth0.com/docs/authenticate/protocols/openid-connect-protocol
                                                                                                                  • 
-  
                                                                                                                • Spring Authorization Server’s list of OAuth2/OIDC specs: https://github.com/spring-projects/spring-authorization-server/wiki/OAuth2-and-OIDC-Specifications
                                                                                                                  • 
-
                                                                                                                
-
-
                                                                                                                See also
                                                                                                                
-
                                                                                                                  
-  
                                                                                                                • README sections on OAuth 2.1 notes and OIDC notes
                                                                                                                  • 
-  
                                                                                                                • Strategy classes under lib/oauth2/strategy for flow helpers
                                                                                                                  • 
-  
                                                                                                                • Specs under spec/oauth2 for concrete usage patterns
                                                                                                                  • 
-
                                                                                                                
-
-
                                                                                                                Contributions welcome
                                                                                                                
-
                                                                                                                  
-  
                                                                                                                • If you discover provider-specific nuances, consider contributing examples or clarifications (without embedding provider-specific hacks into the library).
                                                                                                                  • 
-
                                                                                                                
+  aud: ENV.fetch(“OIDC_CLIENT_ID”),
+)
                                                                                                                
+
+
                                                                                                                Verify nonce
                                                                                                                
+
                                                                                                                raise “nonce mismatch” unless decoded[“nonce”] == nonce
                                                                                                                
+
+
                                                                                                                Optionally: call UserInfo
                                                                                                                
+
                                                                                                                userinfo = token.get(“/userinfo”).parsed
+```
                                                                                                                
+
+
                                                                                                                Notes on discovery and registration
+- Discovery: Most OPs publish configuration at {issuer}/.well-known/openid-configuration (OIDC Discovery 1.0). From there, resolve authorization_endpoint, token_endpoint, jwks_uri, userinfo_endpoint, etc.
+- Dynamic Client Registration: Some OPs allow registering clients programmatically (OIDC Dynamic Client Registration 1.0). This gem does not implement registration; use a plain HTTP client or Faraday and store credentials securely.
                                                                                                                
+
+
                                                                                                                Common pitfalls and tips
+- Always request the openid scope when you expect an ID Token. Without it, the OP may behave as vanilla OAuth 2.0.
+- Validate ID Token signature and claims before trusting any identity data. Do not rely solely on the presence of an id_token field.
+- Prefer Authorization Code + PKCE. Avoid Implicit; it is discouraged in modern guidance and may be disabled by providers.
+- Use exact redirect_uri matching, and keep your allow-list short.
+- For public clients that use refresh tokens, prefer sender-constrained tokens (DPoP/MTLS) or rotation with one-time-use refresh tokens, per modern best practices.
+- When using private_key_jwt, ensure the “aud” (or token_url) and “iss/sub” claims are set per the OP’s rules, and include kid in the JWT header when required so the OP can select the right key.
                                                                                                                
+
+
                                                                                                                Relevant specifications and references
+- OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html
+- OIDC Core (final): https://openid.net/specs/openid-connect-core-1_0-final.html
+- How OIDC works: https://openid.net/developers/how-connect-works/
+- OpenID Connect home: https://openid.net/connect/
+- OIDC Discovery 1.0: https://openid.net/specs/openid-connect-discovery-1_0.html
+- OIDC Dynamic Client Registration 1.0: https://openid.net/specs/openid-connect-registration-1_0.html
+- OIDC Session Management 1.0: https://openid.net/specs/openid-connect-session-1_0.html
+- OIDC RP-Initiated Logout 1.0: https://openid.net/specs/openid-connect-rpinitiated-1_0.html
+- OIDC Back-Channel Logout 1.0: https://openid.net/specs/openid-connect-backchannel-1_0.html
+- OIDC Front-Channel Logout 1.0: https://openid.net/specs/openid-connect-frontchannel-1_0.html
+- Auth0 OIDC overview: https://auth0.com/docs/authenticate/protocols/openid-connect-protocol
+- Spring Authorization Server’s list of OAuth2/OIDC specs: https://github.com/spring-projects/spring-authorization-server/wiki/OAuth2-and-OIDC-Specifications
                                                                                                                
+
+
                                                                                                                See also
+- README sections on OAuth 2.1 notes and OIDC notes
+- Strategy classes under lib/oauth2/strategy for flow helpers
+- Specs under spec/oauth2 for concrete usage patterns
                                                                                                                
+
+
                                                                                                                Contributions welcome
+- If you discover provider-specific nuances, consider contributing examples or clarifications (without embedding provider-specific hacks into the library).
                                                                                                                
 
 
       
 
     
diff --git a/docs/file.README.html b/docs/file.README.html
index 1801f9bb..2dc94f80 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -57,13 +57,53 @@
         
                                                                                                                
       
 
-      
                                                                                                                Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Chris Messina, CC BY-SA 3.0
                                                                                                                
-
-
                                                                                                                🔐 OAuth 2.0 Authorization Framework
                                                                                                                
+      
                                                                                                                
+  
+    
+      
+    
+  
+  
+    
+      
+    
+    
+      
+    
+    
+      
+    
+    
+      
+    
+    
+      
+    
+    
+      
+    
+    
+      
+    
+    
+      
+    
+    
+      
+    
+    
+      
+    
+  
+
                                                                                                                📍 NOTE
                                                                                                                RubyGems (the GitHub org, not the website) suffered a hostile takeover in September 2025.
                                                                                                                Ultimately 4 maintainers were hard removed and a reason has been given for only 1 of those, while 2 others resigned in protest.
                                                                                                                It is a complicated story which is difficult to parse quickly.
                                                                                                                I’m adding notes like this to gems because I don’t condone theft of repositories or gems from their rightful owners.
                                                                                                                If a similar theft happened with my repos/gems, I’d hope some would stand up for me.
                                                                                                                Disenfranchised former-maintainers have started gem.coop.
                                                                                                                Once available I will publish there exclusively; unless RubyCentral makes amends with the community.
                                                                                                                The “Technology for Humans: Joel Draper” podcast episode by reinteractive is the most cogent summary I’m aware of.
                                                                                                                See here, here and here for more info on what comes next.
                                                                                                                What I’m doing: A (WIP) proposal for bundler/gem scopes, and a (WIP) proposal for a federated gem server.
                                                                                                                
+
+
                                                                                                                Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Chris Messina, CC BY-SA 3.0
                                                                                                                
+
+
                                                                                                                🔐 OAuth 2.0 Authorization Framework
                                                                                                                
 
 
                                                                                                                ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
                                                                                                                
 
-
                                                                                                                [![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🏀codecovi]][🏀codecov] [![Coveralls Test Coverage][🏀coveralls-img]][🏀coveralls] [![QLTY Test Coverage][🏀qlty-covi]][🏀qlty-cov] [![QLTY Maintainability][🏀qlty-mnti]][🏀qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
                                                                                                                
+
                                                                                                                Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers CodeCov Test Coverage Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL Apache SkyWalking Eyes License Compatibility Check
                                                                                                                
 
 
                                                                                                                if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
                                                                                                                
 
@@ -71,13 +111,13 @@ 
                                                                                                                🔐 OAuth 2.0 Authorization Framewor
 
 
                                                                                                                if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
                                                                                                                
 
-
                                                                                                                [![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate at ko-fi.com][🖇kofi-img]][🖇kofi]
                                                                                                                
+
                                                                                                                OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate at ko-fi.com
                                                                                                                
 
-
                                                                                                                🌻 Synopsis
                                                                                                                
+
                                                                                                                🌻 Synopsis
                                                                                                                
 
-
                                                                                                                OAuth 2.0 is the industry-standard protocol for authorization.
                                                                                                                
-OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
                                                                                                                
-    desktop applications, mobile phones, and living room devices.
                                                                                                                
+
                                                                                                                OAuth 2.0 is the industry-standard protocol for authorization.
+OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
+    desktop applications, mobile phones, and living room devices.
 This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications.
                                                                                                                
 
 
                                                                                                                Quick Examples
                                                                                                                
@@ -85,7 +125,7 @@ 
                                                                                                                Quick Examples
                                                                                                                
 
                                                                                                                
   Convert the following `curl` command into a token request using this gem...
 
-```shell
+  
                                                                                                                shell
 curl --request POST \
   --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \
   --header 'content-type: application/x-www-form-urlencoded' \
@@ -93,11 +133,11 @@ 
                                                                                                                Quick Examples
                                                                                                                
   --data client_id=REDMOND_CLIENT_ID \
   --data client_secret=REDMOND_CLIENT_SECRET \
   --data resource=REDMOND_RESOURCE_UUID
-```
+
                                                                                                                
 
-NOTE: In the ruby version below, certain params are passed to the `get_token` call, instead of the client creation.
+  
                                                                                                                NOTE: In the ruby version below, certain params are passed to the get_token call, instead of the client creation.
                                                                                                                
 
-```ruby
+  
                                                                                                                ruby
 OAuth2::Client.new(
   "REDMOND_CLIENT_ID", # client_id
   "REDMOND_CLIENT_SECRET", # client_secret
@@ -107,469 +147,485 @@ 
                                                                                                                Quick Examples
                                                                                                                
 ). # The base path for token_url when it is relative
   client_credentials. # There are many other types to choose from!
   get_token(resource: "REDMOND_RESOURCE_UUID")
-```
+
                                                                                                                
 
-NOTE: `header` - The content type specified in the `curl` is already the default!
+  
                                                                                                                NOTE: header - The content type specified in the curl is already the default!
                                                                                                                
 
 
                                                                                                                
 
-
                                                                                                                
+
                                                                                                                <details markdown=”1>
                                                                                                                
 Complete E2E single file script against mock-oauth2-server
 
-- E2E example uses [navikt/mock-oauth2-server](https://github.com/navikt/mock-oauth2-server), which was added in v2.0.11
-- E2E example does not ship with the released gem, so clone the source to play with it.
+
                                                                                                                  
+  
                                                                                                                • E2E example uses navikt/mock-oauth2-server, which was added in v2.0.11
                                                                                                                  • 
+  
                                                                                                                • E2E example does not ship with the released gem, so clone the source to play with it.
                                                                                                                  • 
+
                                                                                                                
 
-```console
+
                                                                                                                console
 docker compose -f docker-compose-ssl.yml up -d --wait
 ruby examples/e2e.rb
 # If your machine is slow or Docker pulls are cold, increase the wait:
 E2E_WAIT_TIMEOUT=120 ruby examples/e2e.rb
 # The mock server serves HTTP on 8080; the example points to http://localhost:8080 by default.
-```
+
                                                                                                                
 
-The output should be something like this:
+
                                                                                                                The output should be something like this:
                                                                                                                
 
-```console
+
                                                                                                                console
 ➜  ruby examples/e2e.rb
 Access token (truncated): eyJraWQiOiJkZWZhdWx0...
 userinfo status: 200
-userinfo body: => "demo-sub", "aud" => ["demo-aud"], "nbf" => 1757816758000, "iss" => "http://localhost:8080/default", "exp" => 1757820358000, "iat" => 1757816758000, "jti" => "d63b97a7-ebe5-4dea-93e6-d542caba6104"
+userinfo body: {"sub" => "demo-sub", "aud" => ["demo-aud"], "nbf" => 1757816758000, "iss" => "http://localhost:8080/default", "exp" => 1757820358000, "iat" => 1757816758000, "jti" => "d63b97a7-ebe5-4dea-93e6-d542caba6104"}
 E2E complete
-```
+
                                                                                                                
 
-Make sure to shut down the mock server when you are done:
+
                                                                                                                Make sure to shut down the mock server when you are done:
                                                                                                                
 
-```console
+
                                                                                                                console
 docker compose -f docker-compose-ssl.yml down
-```
-
-Troubleshooting: validate connectivity to the mock server
-
-- Check container status and port mapping:
-    - `docker compose -f docker-compose-ssl.yml ps`
-- From the host, try the discovery URL directly (this is what the example uses by default):
-    - `curl -v http://localhost:8080/default/.well-known/openid-configuration`
-    - If that fails immediately, also try: `curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration`
-- From inside the container (to distinguish container vs. host networking):
-    - `docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration`
-- Simple TCP probe from the host:
-    - `nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'`
-- Inspect which host port 8080 is bound to (should be 8080):
-    - `docker inspect -f '(index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }' oauth2-mock-oauth2-server-1`
-- Look at server logs for readiness/errors:
-    - `docker logs -n 200 oauth2-mock-oauth2-server-1`
-- On Linux, ensure nothing else is bound to 8080 and that firewall/SELinux aren’t blocking:
-    - `ss -ltnp | grep :8080`
-
-Notes
-- Discovery URL pattern is: `http://localhost:8080//.well-known/openid-configuration`, where `` defaults to `default`.
-- You can change these with env vars when running the example:
-    - `E2E_ISSUER_BASE` (default: http://localhost:8080)
-    - `E2E_REALM` (default: default)
-
-</details>
-
-If it seems like you are in the wrong place, you might try one of these:
-
-* [OAuth 2.0 Spec][oauth2-spec]
-* [doorkeeper gem][doorkeeper-gem] for OAuth 2.0 server/provider implementation.
-* [oauth sibling gem][sibling-gem] for OAuth 1.0a implementations in Ruby.
-
-[oauth2-spec]: https://oauth.net/2/
-[sibling-gem]: https://gitlab.com/ruby-oauth/oauth
-[doorkeeper-gem]: https://github.com/doorkeeper-gem/doorkeeper
-
-## 💡 Info you can shake a stick at
-
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                                                                               |
-|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                                 [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                                                                               |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                                 [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                                                                                 |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                                                                              |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                                 [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                                                                                   |
-| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                            |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                                                                              |
-| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                                                                               |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Threat Model][🔐threat-model-img]][🔐threat-model]  [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                                                                       |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                           |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                        |
-
-### Compatibility
-
-* Operating Systems: Linux, macOS, Windows
-* MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
-    * NOTE: This gem may still _install_ and _run_ on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
-* JRuby @ v9.4, v10.0, HEAD
-    * NOTE: This gem may still _install_ and _run_ on JRuby v9.2 and v9.3, but they are EOL, builds are flaky, and GitHub Actions [doesn't have][GHA-continue-on-error-ui] a proper [`allow-failures` feature][GHA-allow-failure], and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
-* TruffleRuby @ v23.1, v24.1, HEAD
-    * NOTE: This gem may still _install_ and _run_ on Truffleruby v22.3 and v23.0, but they are EOL, builds are flaky, and GitHub Actions [doesn't have][GHA-continue-on-error-ui] a proper [`allow-failures` feature][GHA-allow-failure], and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
-* gem `faraday` @ v0, v1, v2, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
-* gem `jwt` @ v1, v2, v3, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt)
-* gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [ruby/logger](https://github.com/ruby/logger)
-* gem `multi_xml` @ v0.5, v0.6, v0.7, HEAD ⏩️ [sferik/multi_xml](https://github.com/sferik/multi_xml)
-* gem `rack` @ v1.2, v1.6, v2, v3, HEAD ⏩️ [rack/rack](https://github.com/rack/rack)
-* gem `snaky_hash` @ v2, HEAD ⏩️ [ruby-oauth/snaky_hash](https://gitlab.com/ruby-oauth/snaky_hash)
-* gem `version_gem` @ v1, HEAD ⏩️ [ruby-oauth/version_gem](https://gitlab.com/ruby-oauth/version_gem)
-
-The last two were extracted from this gem. They are part of the `ruby-oauth` org,
-and are developed in tight collaboration with this gem.
-
-Also, where reasonable, tested against the runtime dependencies of those dependencies:
-
-* gem `hashie` @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ [hashie/hashie](https://github.com/hashie/hashie)
-
-[GHA-continue-on-error-ui]: https://github.com/actions/runner/issues/2347#issuecomment-2653479732
-[GHA-allow-failure]: https://github.com/orgs/community/discussions/15452
-
-#### Upgrading Runtime Gem Dependencies
-
-This project sits underneath a large portion of the authorization systems on the internet.
-According to GitHub's project tracking, which I believe only reports on public projects,
-[100,000+ projects](https://github.com/ruby-oauth/oauth2/network/dependents), and
-[500+ packages](https://github.com/ruby-oauth/oauth2/network/dependents?dependent_type=PACKAGE) depend on this project.
-
-That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
-
-As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
-leading versions per each minor version of Ruby of all the runtime dependencies it can install with.
-
-What does that mean specifically for the runtime dependencies?
-
-We have 100% test coverage of lines and branches, and this test suite runs across a very large matrix.
-It wouldn't be possible without appraisal2.
-
-| 🚚 _Amazing_ test matrix was brought to you by | 🔎 appraisal2 🔎 and the color 💚 green 💚             |
-|------------------------------------------------|--------------------------------------------------------|
-| 👟 Check it out!                               | ✨ [github.com/appraisal-rb/appraisal2][💎appraisal2] ✨ |
-
-#### You should upgrade this gem with confidence\*.
-
-- This gem follows a _strict & correct_ (according to the maintainer of SemVer; [more info][sv-pub-api]) interpretation of SemVer.
-    - Dropping support for **any** of the runtime dependency versions above will be a major version bump.
-    - If you aren't on one of the minor versions above, make getting there a priority.
-- You should upgrade the dependencies of this gem with confidence\*.
-- Please do upgrade, and then, when it goes smooth as butter [please sponsor me][🖇sponsor].  Thanks!
-
-[sv-pub-api]: #-versioning
-
-\* MIT license; The only guarantees I make are for [enterprise support](#enterprise-support).
+
                                                                                                                
 
-
                                                                                                                
-  Standard Library Dependencies
-
-The various versions of each are tested via the Ruby test matrix, along with whatever Ruby includes them.
-
-* base64
-* cgi
-* json
-* time
-* logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10)
+
                                                                                                                Troubleshooting: validate connectivity to the mock server
                                                                                                                
 
-If you use a gem version of a core Ruby library, it should work fine!
-
-
                                                                                                                
+
                                                                                                                  
+  
                                                                                                                • Check container status and port mapping:
+    
                                                                                                                    
+      
                                                                                                                  • docker compose -f docker-compose-ssl.yml ps
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+  
                                                                                                                • From the host, try the discovery URL directly (this is what the example uses by default):
+    
                                                                                                                    
+      
                                                                                                                  • curl -v http://localhost:8080/default/.well-known/openid-configuration
                                                                                                                    • 
+      
                                                                                                                  • If that fails immediately, also try: curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration
+
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+  
                                                                                                                • From inside the container (to distinguish container vs. host networking):
+    
                                                                                                                    
+      
                                                                                                                  • docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+  
                                                                                                                • Simple TCP probe from the host:
+    
                                                                                                                    
+      
                                                                                                                  • nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+  
                                                                                                                • Inspect which host port 8080 is bound to (should be 8080):
+    
                                                                                                                    
+      
                                                                                                                  • docker inspect -f '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' oauth2-mock-oauth2-server-1
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+  
                                                                                                                • Look at server logs for readiness/errors:
+    
                                                                                                                    
+      
                                                                                                                  • docker logs -n 200 oauth2-mock-oauth2-server-1
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+  
                                                                                                                • On Linux, ensure nothing else is bound to 8080 and that firewall/SELinux aren’t blocking:
+    
                                                                                                                    
+      
                                                                                                                  • ss -ltnp | grep :8080
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+
                                                                                                                
 
-### Federated DVCS
+
                                                                                                                Notes
                                                                                                                
 
-
                                                                                                                
-  Find this repo on federated forges
-
-| Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
-|-----------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
-| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]    | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜gl-wiki]           | 🐭 Tiny Matrix           | ➖                            |
-| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb]  | An Ethical Mirror ([Donate][🤝cb-donate])                             | [💚][🤝cb-issues]         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
-| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]    | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | [💚][📜gh-wiki]           | 💯 Full Matrix           | [💚][gh-discussions]         |
-| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                              | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
-| 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
+
                                                                                                                  
+  
                                                                                                                • Discovery URL pattern is: http://localhost:8080/<realm>/.well-known/openid-configuration, where <realm> defaults to default.
                                                                                                                  • 
+  
                                                                                                                • You can change these with env vars when running the example:
+    
                                                                                                                    
+      
                                                                                                                  • 
+E2E_ISSUER_BASE (default: http://localhost:8080)
                                                                                                                    • 
+      
                                                                                                                  • 
+E2E_REALM (default: default)
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+
                                                                                                                
 
-
                                                                                                                
+
                                                                                                                </details>
                                                                                                                
 
-[gh-discussions]: https://github.com/ruby-oauth/oauth2/discussions
+
                                                                                                                If it seems like you are in the wrong place, you might try one of these:
                                                                                                                
 
-### Enterprise Support [![Tidelift](https://tidelift.com/badges/package/rubygems/oauth2)](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=readme)
+
 
-Available as part of the Tidelift Subscription.
+
                                                                                                                💡 Info you can shake a stick at
                                                                                                                
+
+
+  
+    
+      
+      
+    
+  
+  
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+  
+
                                                                                                                Tokens to Remember
+Gem name Gem namespace
+
                                                                                                                Works with JRuby
+JRuby 9.1 Compat JRuby 9.2 Compat JRuby 9.3 Compat 
                                                                                                                 JRuby 9.4 Compat JRuby 10.0 Compat JRuby HEAD Compat
+
                                                                                                                Works with Truffle Ruby
+Truffle Ruby 22.3 Compat Truffle Ruby 23.0 Compat 
                                                                                                                 Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat
+
                                                                                                                Works with MRI Ruby 3
+Ruby 3.0 Compat Ruby 3.1 Compat Ruby 3.2 Compat Ruby 3.3 Compat Ruby 3.4 Compat Ruby HEAD Compat
+
                                                                                                                Works with MRI Ruby 2
+Ruby 2.2 Compat 
                                                                                                                 Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
+
                                                                                                                Support & Community
+Join Me on Daily.dev's RubyFriends Live Chat on Discord Get help from me on Upwork Get help from me on Codementor
+
                                                                                                                Source
+Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
+
                                                                                                                Documentation
+Current release on RubyDoc.info YARD on Galtzo.com Maintainer Blog GitLab Wiki GitHub Wiki
+
                                                                                                                Compliance
+License: MIT Compatible with Apache Software Projects: Verified by SkyWalking Eyes 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
+
                                                                                                                Style
+Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits Compatibility appraised by: appraisal2
+
                                                                                                                Maintainer 🎖️
+Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact Maintainer My technical writing
+
                                                                                                                
+... 💖
+Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
+
                                                                                                                
+
+
                                                                                                                Compatibility
                                                                                                                
+
+
                                                                                                                Compatible with MRI Ruby 2.2.0+, and concordant releases of JRuby, and TruffleRuby.
                                                                                                                
+
+
+  
+    
+      
+      
+    
+  
+  
+    
+      
+      
+    
+  
+
                                                                                                                🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎 and the color 💚 green 💚
                                                                                                                👟 Check it out!github.com/appraisal-rb/appraisal2
                                                                                                                
+
+
                                                                                                                Federated DVCS
                                                                                                                
 
 
                                                                                                                
-  Need enterprise-level guarantees?
-
-The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use.
-
-[![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
-
-- 💡Subscribe for support guarantees covering _all_ your FLOSS dependencies
-- 💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]
-- 💡Tidelift pays maintainers to maintain the software you depend on!
                                                                                                                📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers
-
-Alternatively:
-
-- [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite]
-- [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork]
-- [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]
+  Find this repo on federated forges (Coming soon!)
+
+  
+    
+      
+        
+        
+        
+        
+        
+        
+        
+      
+    
+    
+      
+        
+        
+        
+        
+        
+        
+        
+      
+      
+        
+        
+        
+        
+        
+        
+        
+      
+      
+        
+        
+        
+        
+        
+        
+        
+      
+      
+        
+        
+        
+        
+        
+        
+        
+      
+    
+  
                                                                                                                Federated DVCS RepositoryStatusIssuesPRsWikiCIDiscussions
                                                                                                                🧪 ruby-oauth/oauth2 on GitLab
+The Truth💚💚💚🐭 Tiny Matrix
                                                                                                                🧊 ruby-oauth/oauth2 on CodeBerg
+An Ethical Mirror (Donate)💚💚⭕️ No Matrix
                                                                                                                🐙 ruby-oauth/oauth2 on GitHub
+Another Mirror💚💚💚💯 Full Matrix💚
                                                                                                                🎮️ Discord Server
+Live Chat on DiscordLet’stalkaboutthislibrary!
                                                                                                                
 
 
                                                                                                                
 
-## 🚀 Release Documentation
+
                                                                                                                Enterprise Support Tidelift
+
                                                                                                                
 
-### Version 2.0.x
+
                                                                                                                Available as part of the Tidelift Subscription.
                                                                                                                
 
 
                                                                                                                
-  2.0.x CHANGELOG and README
-
-| Version | Release Date | CHANGELOG                             | README                          |
-|---------|--------------|---------------------------------------|---------------------------------|
-| 2.0.17  | 2025-09-15   | [v2.0.17 CHANGELOG][2.0.17-changelog] | [v2.0.17 README][2.0.17-readme] |
-| 2.0.16  | 2025-09-14   | [v2.0.16 CHANGELOG][2.0.16-changelog] | [v2.0.16 README][2.0.16-readme] |
-| 2.0.15  | 2025-09-08   | [v2.0.15 CHANGELOG][2.0.15-changelog] | [v2.0.15 README][2.0.15-readme] |
-| 2.0.14  | 2025-08-31   | [v2.0.14 CHANGELOG][2.0.14-changelog] | [v2.0.14 README][2.0.14-readme] |
-| 2.0.13  | 2025-08-30   | [v2.0.13 CHANGELOG][2.0.13-changelog] | [v2.0.13 README][2.0.13-readme] |
-| 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
-| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
-| 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
-| 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
-| 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
-| 2.0.7   | 2022-08-22   | [v2.0.7 CHANGELOG][2.0.7-changelog]   | [v2.0.7 README][2.0.7-readme]   |
-| 2.0.6   | 2022-07-13   | [v2.0.6 CHANGELOG][2.0.6-changelog]   | [v2.0.6 README][2.0.6-readme]   |
-| 2.0.5   | 2022-07-07   | [v2.0.5 CHANGELOG][2.0.5-changelog]   | [v2.0.5 README][2.0.5-readme]   |
-| 2.0.4   | 2022-07-01   | [v2.0.4 CHANGELOG][2.0.4-changelog]   | [v2.0.4 README][2.0.4-readme]   |
-| 2.0.3   | 2022-06-28   | [v2.0.3 CHANGELOG][2.0.3-changelog]   | [v2.0.3 README][2.0.3-readme]   |
-| 2.0.2   | 2022-06-24   | [v2.0.2 CHANGELOG][2.0.2-changelog]   | [v2.0.2 README][2.0.2-readme]   |
-| 2.0.1   | 2022-06-22   | [v2.0.1 CHANGELOG][2.0.1-changelog]   | [v2.0.1 README][2.0.1-readme]   |
-| 2.0.0   | 2022-06-21   | [v2.0.0 CHANGELOG][2.0.0-changelog]   | [v2.0.0 README][2.0.0-readme]   |
-
-
                                                                                                                
-
-[2.0.17-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2017---2025-09-15
-[2.0.16-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2016---2025-09-14
-[2.0.15-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2015---2025-09-08
-[2.0.14-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2014---2025-08-31
-[2.0.13-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2013---2025-08-30
-[2.0.12-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2012---2025-05-31
-[2.0.11-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2011---2025-05-23
-[2.0.10-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2010---2025-05-17
-[2.0.9-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#209---2022-09-16
-[2.0.8-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#208---2022-09-01
-[2.0.7-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#207---2022-08-22
-[2.0.6-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#206---2022-07-13
-[2.0.5-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#205---2022-07-07
-[2.0.4-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#204---2022-07-01
-[2.0.3-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#203---2022-06-28
-[2.0.2-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#202---2022-06-24
-[2.0.1-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#201---2022-06-22
-[2.0.0-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#200---2022-06-21
-
-[2.0.17-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.17/README.md
-[2.0.16-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.16/README.md
-[2.0.15-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.15/README.md
-[2.0.14-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.14/README.md
-[2.0.13-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.13/README.md
-[2.0.12-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.12/README.md
-[2.0.11-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.11/README.md
-[2.0.10-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.10/README.md
-[2.0.9-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.9/README.md
-[2.0.8-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.8/README.md
-[2.0.7-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.7/README.md
-[2.0.6-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.6/README.md
-[2.0.5-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.5/README.md
-[2.0.4-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.4/README.md
-[2.0.3-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.3/README.md
-[2.0.2-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.2/README.md
-[2.0.1-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.1/README.md
-[2.0.0-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.0/README.md
-
-### Older Releases
-
-
                                                                                                                
-  1.4.x CHANGELOGs and READMEs
-
-| Version | Release Date | CHANGELOG                             | README                          |
-|---------|--------------|---------------------------------------|---------------------------------|
-| 1.4.11  | Sep 16, 2022 | [v1.4.11 CHANGELOG][1.4.11-changelog] | [v1.4.11 README][1.4.11-readme] |
-| 1.4.10  | Jul 1, 2022  | [v1.4.10 CHANGELOG][1.4.10-changelog] | [v1.4.10 README][1.4.10-readme] |
-| 1.4.9   | Feb 20, 2022 | [v1.4.9 CHANGELOG][1.4.9-changelog]   | [v1.4.9 README][1.4.9-readme]   |
-| 1.4.8   | Feb 18, 2022 | [v1.4.8 CHANGELOG][1.4.8-changelog]   | [v1.4.8 README][1.4.8-readme]   |
-| 1.4.7   | Mar 19, 2021 | [v1.4.7 CHANGELOG][1.4.7-changelog]   | [v1.4.7 README][1.4.7-readme]   |
-| 1.4.6   | Mar 19, 2021 | [v1.4.6 CHANGELOG][1.4.6-changelog]   | [v1.4.6 README][1.4.6-readme]   |
-| 1.4.5   | Mar 18, 2021 | [v1.4.5 CHANGELOG][1.4.5-changelog]   | [v1.4.5 README][1.4.5-readme]   |
-| 1.4.4   | Feb 12, 2020 | [v1.4.4 CHANGELOG][1.4.4-changelog]   | [v1.4.4 README][1.4.4-readme]   |
-| 1.4.3   | Jan 29, 2020 | [v1.4.3 CHANGELOG][1.4.3-changelog]   | [v1.4.3 README][1.4.3-readme]   |
-| 1.4.2   | Oct 1, 2019  | [v1.4.2 CHANGELOG][1.4.2-changelog]   | [v1.4.2 README][1.4.2-readme]   |
-| 1.4.1   | Oct 13, 2018 | [v1.4.1 CHANGELOG][1.4.1-changelog]   | [v1.4.1 README][1.4.1-readme]   |
-| 1.4.0   | Jun 9, 2017  | [v1.4.0 CHANGELOG][1.4.0-changelog]   | [v1.4.0 README][1.4.0-readme]   |
-
                                                                                                                
+  Need enterprise-level guarantees?
 
-[1.4.11-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#1411---2022-09-16
-[1.4.10-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#1410---2022-07-01
-[1.4.9-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#149---2022-02-20
-[1.4.8-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#148---2022-02-18
-[1.4.7-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#147---2021-03-19
-[1.4.6-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#146---2021-03-19
-[1.4.5-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#145---2021-03-18
-[1.4.4-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#144---2020-02-12
-[1.4.3-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#143---2020-01-29
-[1.4.2-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#142---2019-10-01
-[1.4.1-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#141---2018-10-13
-[1.4.0-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#140---2017-06-09
-
-[1.4.11-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.11/README.md
-[1.4.10-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.10/README.md
-[1.4.9-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.9/README.md
-[1.4.8-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.8/README.md
-[1.4.7-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.7/README.md
-[1.4.6-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.6/README.md
-[1.4.5-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.5/README.md
-[1.4.4-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.4/README.md
-[1.4.3-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.3/README.md
-[1.4.2-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.2/README.md
-[1.4.1-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.1/README.md
-[1.4.0-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.0/README.md
+  
                                                                                                                The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use.
                                                                                                                
 
-
                                                                                                                
-  1.3.x Readmes
+  
                                                                                                                Get help from me on Tidelift
                                                                                                                
 
-| Version | Release Date | Readme                                                       |
-|---------|--------------|--------------------------------------------------------------|
-| 1.3.1   | Mar 3, 2017  | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.1/README.md |
-| 1.3.0   | Dec 27, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.0/README.md |
+  
                                                                                                                  
+    
                                                                                                                • 💡Subscribe for support guarantees covering all your FLOSS dependencies
                                                                                                                  • 
+    
                                                                                                                • 💡Tidelift is part of Sonar
+
                                                                                                                  • 
+    
                                                                                                                • 💡Tidelift pays maintainers to maintain the software you depend on!
                                                                                                                  📊@Pointy Haired Boss: An enterprise support subscription is “never gonna let you down”, and supports open source maintainers
                                                                                                                  • 
+  
                                                                                                                
 
-
                                                                                                                
+  
                                                                                                                Alternatively:
                                                                                                                
 
-
                                                                                                                
-  ≤= 1.2.x Readmes (2016 and before)
-
-| Version | Release Date | Readme                                                       |
-|---------|--------------|--------------------------------------------------------------|
-| 1.2.0   | Jun 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.2.0/README.md |
-| 1.1.0   | Jan 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.1.0/README.md |
-| 1.0.0   | May 23, 2014 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.0.0/README.md |
-| < 1.0.0 | Find here    | https://gitlab.com/ruby-oauth/oauth2/-/tags                  |
+  
                                                                                                                  
+    
                                                                                                                • Live Chat on Discord
                                                                                                                  • 
+    
                                                                                                                • Get help from me on Upwork
                                                                                                                  • 
+    
                                                                                                                • Get help from me on Codementor
                                                                                                                  • 
+  
                                                                                                                
 
 
                                                                                                                
 
-## ✨ Installation
+
                                                                                                                ✨ Installation
                                                                                                                
 
-Install the gem and add to the application's Gemfile by executing:
+
                                                                                                                Install the gem and add to the application’s Gemfile by executing:
                                                                                                                
 
-```console
+
                                                                                                                console
 bundle add oauth2
-```
+
                                                                                                                
 
-If bundler is not being used to manage dependencies, install the gem by executing:
+
                                                                                                                If bundler is not being used to manage dependencies, install the gem by executing:
                                                                                                                
 
-```console
+
                                                                                                                console
 gem install oauth2
-```
+
                                                                                                                
 
-### 🔒 Secure Installation
+
                                                                                                                🔒 Secure Installation
                                                                                                                
 
 
                                                                                                                
   For Medium or High Security Installations
 
-This gem is cryptographically signed and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
-[stone_checksums][💎stone_checksums]. Be sure the gem you install hasn’t been tampered with
-by following the instructions below.
+  
                                                                                                                This gem is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by
+stone_checksums. Be sure the gem you install hasn’t been tampered with
+by following the instructions below.
                                                                                                                
 
-Add my public key (if you haven’t already; will expire 2045-04-29) as a trusted certificate:
+  
                                                                                                                Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
                                                                                                                
 
-```console
+  
                                                                                                                console
 gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem)
-```
+
                                                                                                                
 
-You only need to do that once.  Then proceed to install with:
+  
                                                                                                                You only need to do that once.  Then proceed to install with:
                                                                                                                
 
-```console
+  
                                                                                                                console
 gem install oauth2 -P MediumSecurity
-```
+
                                                                                                                
 
-The `MediumSecurity` trust profile will verify signed gems, but allow the installation of unsigned dependencies.
+  
                                                                                                                The MediumSecurity trust profile will verify signed gems, but allow the installation of unsigned dependencies.
                                                                                                                
 
-This is necessary because not all of `oauth2`’s dependencies are signed, so we cannot use `HighSecurity`.
+  
                                                                                                                This is necessary because not all of oauth2’s dependencies are signed, so we cannot use HighSecurity.
                                                                                                                
 
-If you want to up your security game full-time:
+  
                                                                                                                If you want to up your security game full-time:
                                                                                                                
 
-```console
+  
                                                                                                                console
 bundle config set --global trust-policy MediumSecurity
-```
+
                                                                                                                
 
-NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.
+  
                                                                                                                MediumSecurity instead of HighSecurity is necessary if not all the gems you use are signed.
                                                                                                                
+
+  
                                                                                                                NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.
                                                                                                                
 
 
                                                                                                                
 
-## What is new for v2.0?
-
-- Works with Ruby versions >= 2.2
-- Drop support for the expired MAC Draft (all versions)
-- Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
-    - Support JWT `kid` for key discovery and management
-- Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
-- Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
-- Support IETF rfc6749 Don't set oauth params when nil (since v2.0.0)
-- Support IETF rfc7009 Token Revocation (since v2.0.10, updated in v2.0.13 to support revocation via URL-encoded parameters)
-- Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523)
-- Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json`
-- Adds option to `OAuth2::Client#get_token`:
-    - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token`
-- Adds option to `OAuth2::AccessToken#initialize`:
-    - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency
-- By default, keys are transformed to snake case.
-    - Original keys will still work as previously, in most scenarios, thanks to [snaky_hash][snaky_hash] gem.
-    - However, this is a _breaking_ change if you rely on `response.parsed.to_h` to retain the original case, and the original wasn't snake case, as the keys in the result will be snake case.
-    - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
-- By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`)
-    - Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
-- [... A lot more](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md#200-2022-06-21-tag)
-
-[snaky_hash]: https://gitlab.com/ruby-oauth/snaky_hash
-
-## Compatibility
-
-Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
-Compatibility is further distinguished as "Best Effort Support" or "Incidental Support" for older versions of Ruby.
+
                                                                                                                What is new for v2.0?
                                                                                                                
+
+
                                                                                                                  
+  
                                                                                                                • Works with Ruby versions >= 2.2
                                                                                                                  • 
+  
                                                                                                                • Drop support for the expired MAC Draft (all versions)
                                                                                                                  • 
+  
                                                                                                                • Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
+    
                                                                                                                    
+      
                                                                                                                  • Support JWT kid for key discovery and management
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+  
                                                                                                                • Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
                                                                                                                  • 
+  
                                                                                                                • Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
                                                                                                                  • 
+  
                                                                                                                • Support IETF rfc6749 Don’t set oauth params when nil (since v2.0.0)
                                                                                                                  • 
+  
                                                                                                                • Support IETF rfc7009 Token Revocation (since v2.0.10, updated in v2.0.13 to support revocation via URL-encoded parameters)
                                                                                                                  • 
+  
                                                                                                                • Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523)
+
                                                                                                                  • 
+  
                                                                                                                • Support new formats, including from jsonapi.org: application/vdn.api+json, application/vnd.collection+json, application/hal+json, application/problem+json
+
                                                                                                                  • 
+  
                                                                                                                • Adds option to OAuth2::Client#get_token:
+    
                                                                                                                    
+      
                                                                                                                  • 
+:access_token_class (AccessToken); user specified class to use for all calls to get_token
+
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+  
                                                                                                                • Adds option to OAuth2::AccessToken#initialize:
+    
                                                                                                                    
+      
                                                                                                                  • 
+:expires_latency (nil); number of seconds by which AccessToken validity will be reduced to offset latency
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+  
                                                                                                                • By default, keys are transformed to snake case.
+    
                                                                                                                    
+      
                                                                                                                  • Original keys will still work as previously, in most scenarios, thanks to snaky_hash gem.
                                                                                                                    • 
+      
                                                                                                                  • However, this is a breaking change if you rely on response.parsed.to_h to retain the original case, and the original wasn’t snake case, as the keys in the result will be snake case.
                                                                                                                    • 
+      
                                                                                                                  • As of version 2.0.4 you can turn key transformation off with the snaky: false option.
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+  
                                                                                                                • By default, the :auth_scheme is now :basic_auth (instead of :request_body)
+    
                                                                                                                    
+      
                                                                                                                  • Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+  
                                                                                                                • … A lot more
                                                                                                                  • 
+
                                                                                                                
+
+
                                                                                                                Compatibility
                                                                                                                
+
+
                                                                                                                Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
+Compatibility is further distinguished as “Best Effort Support” or “Incidental Support” for older versions of Ruby.
 This gem will install on Ruby versions >= v2.2 for 2.x releases.
-See `1-4-stable` branch for older rubies.
+See 1-4-stable branch for older rubies.
                                                                                                                
 
-
                                                                                                                
-  Ruby Engine Compatibility Policy
+
                                                                                                                <details markdown=”1>
                                                                                                                
+Ruby Engine Compatibility Policy
 
-This gem is tested against MRI, JRuby, and Truffleruby.
+
                                                                                                                This gem is tested against MRI, JRuby, and Truffleruby.
 Each of those has varying versions that target a specific version of MRI Ruby.
 This gem should work in the just-listed Ruby engines according to the targeted MRI compatibility in the table below.
 If you would like to add support for additional engines,
-see [gemfiles/README.md](gemfiles/README.md), then submit a PR to the correct maintenance branch as according to the table below.
-
                                                                                                                
+see gemfiles/README.md, then submit a PR to the correct maintenance branch as according to the table below.
                                                                                                                
 
-
                                                                                                                
-  Ruby Version Compatibility Policy
+
                                                                                                                </details>
                                                                                                                
+
+
                                                                                                                <details markdown=”1>
                                                                                                                
+Ruby Version Compatibility Policy
 
-If something doesn't work on one of these interpreters, it's a bug.
+
                                                                                                                If something doesn’t work on one of these interpreters, it’s a bug.
                                                                                                                
 
-This library may inadvertently work (or seem to work) on other Ruby
+
                                                                                                                This library may inadvertently work (or seem to work) on other Ruby
 implementations; however, support will only be provided for the versions listed
-above.
+above.
                                                                                                                
 
-If you would like this library to support another Ruby version, you may
+
                                                                                                                If you would like this library to support another Ruby version, you may
 volunteer to be a maintainer. Being a maintainer entails making sure all tests
 run and pass on that implementation. When something breaks on your
 implementation, you will be responsible for providing patches in a timely
 fashion. If critical issues for a particular implementation exist at the time
-of a major release, support for that Ruby version may be dropped.
-
                                                                                                                
-
-|     | Ruby OAuth2 Version | Maintenance Branch | Targeted Support     | Best Effort Support     | Incidental Support           |
-|:----|---------------------|--------------------|----------------------|-------------------------|------------------------------|
-| 1️⃣ | 2.0.x               | `main`             | 3.2, 3.3, 3.4        | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.2, 2.3, 2.4                |
-| 2️⃣ | 1.4.x               | `1-4-stable`       | 3.2, 3.3, 3.4        | 2.5, 2.6, 2.7, 3.0, 3.1 | 1.9, 2.0, 2.1, 2.2, 2.3, 2.4 |
-| 3️⃣ | older               | N/A                | Best of luck to you! | Please upgrade!         |                              |
-
-NOTE: The 1.4 series will only receive critical security updates.
-See [SECURITY.md][🔐security] and [IRP.md][🔐irp].
-
-## ⚙️ Configuration
-
-You can turn on additional warnings.
-
-```ruby
+of a major release, support for that Ruby version may be dropped.
                                                                                                                
+
+
                                                                                                                </details>
                                                                                                                
+
+
+  
+    
+      
+      
+      
+      
+      
+      
+    
+  
+  
+    
+      
+      
+      
+      
+      
+      
+    
+    
+      
+      
+      
+      
+      
+      
+    
+    
+      
+      
+      
+      
+      
+      
+    
+  
+
                                                                                                                 Ruby OAuth2 VersionMaintenance BranchTargeted SupportBest Effort SupportIncidental Support
                                                                                                                1️⃣2.0.xmain3.2, 3.3, 3.42.5, 2.6, 2.7, 3.0, 3.12.2, 2.3, 2.4
                                                                                                                2️⃣1.4.x1-4-stable3.2, 3.3, 3.42.5, 2.6, 2.7, 3.0, 3.11.9, 2.0, 2.1, 2.2, 2.3, 2.4
                                                                                                                3️⃣olderN/ABest of luck to you!Please upgrade! 
                                                                                                                
+
+
                                                                                                                NOTE: The 1.4 series will only receive critical security updates.
+See SECURITY.md and IRP.md.
                                                                                                                
+
+
                                                                                                                ⚙️ Configuration
                                                                                                                
+
+
                                                                                                                You can turn on additional warnings.
                                                                                                                
+
+
                                                                                                                ruby
 OAuth2.configure do |config|
   # Turn on a warning like:
   #   OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key
@@ -577,54 +633,56 @@ 
                                                                                                                Quick Examples
                                                                                                                
   # Set to true if you want to also show warnings about no tokens
   config.silence_no_tokens_warning = false # default: true,
 end
-```
+
                                                                                                                
 
-The "extra tokens" problem comes from ambiguity in the spec about which token is the right token.
+
                                                                                                                The “extra tokens” problem comes from ambiguity in the spec about which token is the right token.
 Some OAuth 2.0 standards legitimately have multiple tokens.
-You may need to subclass `OAuth2::AccessToken`, or write your own custom alternative to it, and pass it in.
-Specify your custom class with the `access_token_class` option.
+You may need to subclass OAuth2::AccessToken, or write your own custom alternative to it, and pass it in.
+Specify your custom class with the access_token_class option.
                                                                                                                
 
-If you only need one token, you can, as of v2.0.10,
-specify the exact token name you want to extract via the `OAuth2::AccessToken` using
-the `token_name` option.
+
                                                                                                                If you only need one token, you can, as of v2.0.10,
+specify the exact token name you want to extract via the OAuth2::AccessToken using
+the token_name option.
                                                                                                                
 
-You'll likely need to do some source diving.
+
                                                                                                                You’ll likely need to do some source diving.
 This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
-If you have time and energy, please contribute to the documentation!
+If you have time and energy, please contribute to the documentation!
                                                                                                                
 
-## 🔧 Basic Usage
+
                                                                                                                🔧 Basic Usage
                                                                                                                
 
-### `authorize_url` and `token_url` are on site root (Just Works!)
+
                                                                                                                
+authorize_url and token_url are on site root (Just Works!)
                                                                                                                
 
-```ruby
-require "oauth2"
-client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/")
-# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
-client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth2/callback")
-# => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+
                                                                                                                ```ruby
+require “oauth2”
+client = OAuth2::Client.new(“client_id”, “client_secret”, site: “https://example.org”)
+# => #<OAuth2::Client:0x00000001204c8288 @id=”client_id”, @secret=”client_sec…
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20%E2%80%9Chttp://localhost:8080/oauth2/callback%E2%80%9D)
+# => “https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code”
                                                                                                                
 
-access = client.auth_code.get_token("authorization_code_value", redirect_uri: "http://localhost:8080/oauth2/callback", headers: => "Basic some_password")
-response = access.get("/api/resource", params: => "bar")
+
                                                                                                                access = client.auth_code.get_token(“authorization_code_value”, redirect_uri: “http://localhost:8080/oauth2/callback”, headers: {”Authorization” => “Basic some_password”})
+response = access.get(“/api/resource”, params: {”query_foo” => “bar”})
 response.class.name
 # => OAuth2::Response
-```
+```
                                                                                                                
 
-### Relative `authorize_url` and `token_url` (Not on site root, Just Works!)
+
                                                                                                                Relative authorize_url and token_url (Not on site root, Just Works!)
                                                                                                                
 
-In the above example, the default Authorization URL is `oauth/authorize` and default Access Token URL is `oauth/token`, and, as they are missing a leading `/`, both are relative.
+
                                                                                                                In the above example, the default Authorization URL is oauth/authorize and default Access Token URL is oauth/token, and, as they are missing a leading /, both are relative.
                                                                                                                
 
-```ruby
+
                                                                                                                ruby
 client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
 # => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
 client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth2/callback")
 # => "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
-```
+
                                                                                                                
 
-### Customize `authorize_url` and `token_url`
+
                                                                                                                Customize authorize_url and token_url
+
                                                                                                                
 
-You can specify custom URLs for authorization and access token, and when using a leading `/` they will _not be relative_, as shown below:
+
                                                                                                                You can specify custom URLs for authorization and access token, and when using a leading / they will not be relative, as shown below:
                                                                                                                
 
-```ruby
+
                                                                                                                ruby
 client = OAuth2::Client.new(
   "client_id",
   "client_secret",
@@ -637,105 +695,109 @@ 
                                                                                                                Quick Examples
                                                                                                                
 # => "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
 client.class.name
 # => OAuth2::Client
-```
+
                                                                                                                
 
-### snake_case and indifferent access in Response#parsed
+
                                                                                                                snake_case and indifferent access in Response#parsed
                                                                                                                
 
-```ruby
-response = access.get("/api/resource", params: => "bar")
+
                                                                                                                ruby
+response = access.get("/api/resource", params: {"query_foo" => "bar"})
 # Even if the actual response is CamelCase. it will be made available as snaky:
-JSON.parse(response.body)         # => "additionalData"=>"additional"
-response.parsed                   # => "additional_data"=>"additional"
+JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed                   # => {"access_token"=>"aaaaaaaa", "additional_data"=>"additional"}
 response.parsed.access_token      # => "aaaaaaaa"
 response.parsed[:access_token]    # => "aaaaaaaa"
 response.parsed.additional_data   # => "additional"
 response.parsed[:additional_data] # => "additional"
 response.parsed.class.name        # => SnakyHash::StringKeyed (from snaky_hash gem)
-```
+
                                                                                                                
 
-#### Serialization
+
                                                                                                                Serialization
                                                                                                                
 
-As of v2.0.11, if you need to serialize the parsed result, you can!
+
                                                                                                                As of v2.0.11, if you need to serialize the parsed result, you can!
                                                                                                                
 
-There are two ways to do this, globally, or discretely.  The discrete way is recommended.
+
                                                                                                                There are two ways to do this, globally, or discretely.  The discrete way is recommended.
                                                                                                                
 
-##### Global Serialization Config
+
                                                                                                                Global Serialization Config
                                                                                                                
 
-Globally configure `SnakyHash::StringKeyed` to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails).
+
                                                                                                                Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails).
                                                                                                                
 
-```ruby
+
                                                                                                                ruby
 SnakyHash::StringKeyed.class_eval do
   extend SnakyHash::Serializer
 end
-```
+
                                                                                                                
 
-##### Discrete Serialization Config
+
                                                                                                                Discrete Serialization Config
                                                                                                                
 
-Discretely configure a custom Snaky Hash class to use the serializer.
+
                                                                                                                Discretely configure a custom Snaky Hash class to use the serializer.
                                                                                                                
 
-```ruby
+
                                                                                                                ```ruby
 class MySnakyHash < SnakyHash::StringKeyed
-  # Give this hash class `dump` and `load` abilities!
+  # Give this hash class dump and load abilities!
   extend SnakyHash::Serializer
-end
+end
                                                                                                                
 
-# And tell your client to use the custom class in each call:
-client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
-token = client.get_token(MySnakyHash)
-```
+
                                                                                                                And tell your client to use the custom class in each call:
                                                                                                                
+
                                                                                                                client = OAuth2::Client.new(“client_id”, “client_secret”, site: “https://example.org/oauth2”)
+token = client.get_token({snaky_hash_klass: MySnakyHash})
+```
                                                                                                                
 
-##### Serialization Extensions
+
                                                                                                                Serialization Extensions
                                                                                                                
 
-These extensions work regardless of whether you used the global or discrete config above.
+
                                                                                                                These extensions work regardless of whether you used the global or discrete config above.
                                                                                                                
 
-There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
+
                                                                                                                There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
 They are likely not needed if you are on a newer Ruby.
-See [response_spec.rb](https://github.com/ruby-oauth/oauth2/blob/main/spec/oauth2/response_spec.rb) if you need to study the hacks for older Rubies.
+Expand the examples below, or the ruby-oauth/snaky_hash gem,
+or response_spec.rb, for more ideas, especially if you need to study the hacks for older Rubies.
                                                                                                                
+
+
                                                                                                                <details markdown=”1>
                                                                                                                
+See Examples
 
-```ruby
+
                                                                                                                ```ruby
 class MySnakyHash < SnakyHash::StringKeyed
-  # Give this hash class `dump` and `load` abilities!
-  extend SnakyHash::Serializer
+  # Give this hash class dump and load abilities!
+  extend SnakyHash::Serializer
                                                                                                                
 
-  #### Serialization Extentions
+
                                                                                                                #### Serialization Extentions
   #
   # Act on the non-hash values (including the values of hashes) as they are dumped to JSON
   # In other words, this retains nested hashes, and only the deepest leaf nodes become bananas.
   # WARNING: This is a silly example!
   dump_value_extensions.add(:to_fruit) do |value|
-    "banana" # => Make values "banana" on dump
-  end
+    “banana” # => Make values “banana” on dump
+  end
                                                                                                                
 
-  # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
-  # In other words, this retains nested hashes, and only the deepest leaf nodes become ***.
+
                                                                                                                # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
+  # In other words, this retains nested hashes, and only the deepest leaf nodes become .
   # WARNING: This is a silly example!
   load_value_extensions.add(:to_stars) do |value|
-    "***" # Turn dumped bananas into *** when they are loaded
-  end
+    “” # Turn dumped bananas into *** when they are loaded
+  end
                                                                                                                
 
-  # Act on the entire hash as it is prepared for dumping to JSON
+
                                                                                                                # Act on the entire hash as it is prepared for dumping to JSON
   # WARNING: This is a silly example!
   dump_hash_extensions.add(:to_cheese) do |value|
     if value.is_a?(Hash)
       value.transform_keys do |key|
-        split = key.split("_")
+        split = key.split(“_”)
         first_word = split[0]
-        key.sub(first_word, "cheese")
+        key.sub(first_word, “cheese”)
       end
     else
       value
     end
-  end
+  end
                                                                                                                
 
-  # Act on the entire hash as it is loaded from the JSON dump
+
                                                                                                                # Act on the entire hash as it is loaded from the JSON dump
   # WARNING: This is a silly example!
   load_hash_extensions.add(:to_pizza) do |value|
     if value.is_a?(Hash)
       res = klass.new
       value.keys.each_with_object(res) do |key, result|
-        split = key.split("_")
+        split = key.split(“_”)
         last_word = split[-1]
-        new_key = key.sub(last_word, "pizza")
+        new_key = key.sub(last_word, “pizza”)
         result[new_key] = value[key]
       end
       res
@@ -744,35 +806,35 @@ 
                                                                                                                Quick Examples
                                                                                                                
     end
   end
 end
-```
+```
                                                                                                                
 
-See [response_spec.rb](https://github.com/ruby-oauth/oauth2/blob/main/spec/oauth2/response_spec.rb), or the [ruby-oauth/snaky_hash](https://gitlab.com/ruby-oauth/snaky_hash) gem for more ideas.
+
                                                                                                                </details>
                                                                                                                
 
-#### Prefer camelCase over snake_case? => snaky: false
+
                                                                                                                Prefer camelCase over snake_case? => snaky: false
                                                                                                                
 
-```ruby
-response = access.get("/api/resource", params: => "bar", snaky: false)
-JSON.parse(response.body)         # => "additionalData"=>"additional"
-response.parsed                   # => "additionalData"=>"additional"
+
                                                                                                                ruby
+response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
+JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed                   # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
 response.parsed["accessToken"]    # => "aaaaaaaa"
 response.parsed["additionalData"] # => "additional"
 response.parsed.class.name        # => Hash (just, regular old Hash)
-```
+
                                                                                                                
 
 
                                                                                                                
   Debugging & Logging
 
-Set an environment variable as per usual (e.g. with [dotenv](https://github.com/bkeepers/dotenv)).
+  
                                                                                                                Set an environment variable as per usual (e.g. with dotenv).
                                                                                                                
 
-```ruby
+  
                                                                                                                ruby
 # will log both request and response, including bodies
 ENV["OAUTH_DEBUG"] = "true"
-```
+
                                                                                                                
 
-By default, debug output will go to `$stdout`. This can be overridden when
-initializing your OAuth2::Client.
+  
                                                                                                                By default, debug output will go to $stdout. This can be overridden when
+initializing your OAuth2::Client.
                                                                                                                
 
-```ruby
+  
                                                                                                                ruby
 require "oauth2"
 client = OAuth2::Client.new(
   "client_id",
@@ -780,304 +842,377 @@ 
                                                                                                                Quick Examples
                                                                                                                
   site: "https://example.org/",
   logger: Logger.new("example.log", "weekly"),
 )
-```
+
                                                                                                                
+
 
                                                                                                                
 
-### OAuth2::Response
+
                                                                                                                OAuth2::Response
                                                                                                                
 
-The `AccessToken` methods `#get`, `#post`, `#put` and `#delete` and the generic `#request`
-will return an instance of the #OAuth2::Response class.
+
                                                                                                                The AccessToken methods #get, #post, #put and #delete and the generic #request
+will return an instance of the #OAuth2::Response class.
                                                                                                                
 
-This instance contains a `#parsed` method that will parse the response body and
-return a Hash-like [`SnakyHash::StringKeyed`](https://gitlab.com/ruby-oauth/snaky_hash/-/blob/main/lib/snaky_hash/string_keyed.rb) if the `Content-Type` is `application/x-www-form-urlencoded` or if
+
                                                                                                                This instance contains a #parsed method that will parse the response body and
+return a Hash-like SnakyHash::StringKeyed if the Content-Type is application/x-www-form-urlencoded or if
 the body is a JSON object.  It will return an Array if the body is a JSON
-array.  Otherwise, it will return the original body string.
+array.  Otherwise, it will return the original body string.
                                                                                                                
 
-The original response body, headers, and status can be accessed via their
-respective methods.
+
                                                                                                                The original response body, headers, and status can be accessed via their
+respective methods.
                                                                                                                
 
-### OAuth2::AccessToken
+
                                                                                                                OAuth2::AccessToken
                                                                                                                
 
-If you have an existing Access Token for a user, you can initialize an instance
-using various class methods including the standard new, `from_hash` (if you have
-a hash of the values), or `from_kvform` (if you have an
-`application/x-www-form-urlencoded` encoded string of the values).
+
                                                                                                                If you have an existing Access Token for a user, you can initialize an instance
+using various class methods including the standard new, from_hash (if you have
+a hash of the values), or from_kvform (if you have an
+application/x-www-form-urlencoded encoded string of the values).
                                                                                                                
+
+
                                                                                                                Options (since v2.0.x unless noted):
                                                                                                                
+
+
                                                                                                                  
+  
                                                                                                                • 
+    
+      
+        
+          
+          
+        
+      
+    
                                                                                                                  
+expires_latency (Integernil): Seconds to subtract from expires_in when computing #expired? to offset latency.
                                                                                                                  
+  
                                                                                                                  • 
+  
                                                                                                                • 
+    
+      
+        
+          
+          
+          
+        
+      
+    
                                                                                                                  
+token_name (StringSymbolnil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
                                                                                                                  
+  
                                                                                                                  • 
+  
                                                                                                                • 
+    
+      
+        
+          
+          
+          
+        
+      
+    
                                                                                                                  
+mode (SymbolProcHash): Controls how the token is transmitted on requests made via this AccessToken instance.
                                                                                                                  
+    
                                                                                                                    
+      
                                                                                                                  • 
+:header — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
+
                                                                                                                    • 
+      
                                                                                                                  • 
+:query — Send as access_token query parameter (discouraged in general, but required by some providers).
                                                                                                                    • 
+      
                                                                                                                  • Verb-dependent (since v2.0.15): Provide either:
+        
                                                                                                                      
+          
                                                                                                                    • a Proc taking |verb| and returning :header or :query, or
                                                                                                                      • 
+          
                                                                                                                    • a Hash with verb symbols as keys, for example {get: :query, post: :header, delete: :header}.
                                                                                                                      • 
+        
                                                                                                                    
+      
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+
                                                                                                                
 
-Options (since v2.0.x unless noted):
-- `expires_latency` (Integer | nil): Seconds to subtract from expires_in when computing #expired? to offset latency.
-- `token_name` (String | Symbol | nil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
-- `mode` (Symbol | Proc | Hash): Controls how the token is transmitted on requests made via this AccessToken instance.
-  - `:header` — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
-  - `:query` — Send as access_token query parameter (discouraged in general, but required by some providers).
-  - Verb-dependent (since v2.0.15): Provide either:
-    - a `Proc` taking `|verb|` and returning `:header` or `:query`, or
-    - a `Hash` with verb symbols as keys, for example `:query, post: :header, delete: :header`.
+
                                                                                                                Note: Verb-dependent mode supports providers like Instagram that require query mode for GET and header mode for POST/DELETE
                                                                                                                
 
-Note: Verb-dependent mode supports providers like Instagram that require query mode for `GET` and header mode for `POST`/`DELETE`
-- Verb-dependent mode via `Proc` was added in v2.0.15
-- Verb-dependent mode via `Hash` was added in v2.0.16
+
                                                                                                                  
+  
                                                                                                                • Verb-dependent mode via Proc was added in v2.0.15
                                                                                                                  • 
+  
                                                                                                                • Verb-dependent mode via Hash was added in v2.0.16
                                                                                                                  • 
+
                                                                                                                
 
-### OAuth2::Error
+
                                                                                                                OAuth2::Error
                                                                                                                
 
-On 400+ status code responses, an `OAuth2::Error` will be raised.  If it is a
-standard OAuth2 error response, the body will be parsed and `#code` and `#description` will contain the values provided from the error and
-`error_description` parameters.  The `#response` property of `OAuth2::Error` will
-always contain the `OAuth2::Response` instance.
+
                                                                                                                On 400+ status code responses, an OAuth2::Error will be raised.  If it is a
+standard OAuth2 error response, the body will be parsed and #code and #description will contain the values provided from the error and
+error_description parameters.  The #response property of OAuth2::Error will
+always contain the OAuth2::Response instance.
                                                                                                                
 
-If you do not want an error to be raised, you may use `:raise_errors => false`
-option on initialization of the client.  In this case the `OAuth2::Response`
+
                                                                                                                If you do not want an error to be raised, you may use :raise_errors => false
+option on initialization of the client.  In this case the OAuth2::Response
 instance will be returned as usual and on 400+ status code responses, the
-Response instance will contain the `OAuth2::Error` instance.
-
-### Authorization Grants
-
-Note on OAuth 2.1 (draft):
-- PKCE is required for all OAuth clients using the authorization code flow (especially public clients). Implement PKCE in your app when required by your provider. See RFC 7636 and RFC 8252.
-- Redirect URIs must be compared using exact string matching by the Authorization Server.
-- The Implicit grant (response_type=token) and the Resource Owner Password Credentials grant are omitted from OAuth 2.1; they remain here for OAuth 2.0 compatibility but should be avoided for new apps.
-- Bearer tokens in the query string are omitted due to security risks; prefer Authorization header usage.
-- Refresh tokens for public clients must either be sender-constrained (e.g., DPoP/MTLS) or one-time use.
-- The definitions of public and confidential clients are simplified to refer only to whether the client has credentials.
-
-References:
-- OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
-- Aaron Parecki: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
-- FusionAuth: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
-- Okta: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
-- Video: https://www.youtube.com/watch?v=g_aVPdwBTfw
-- Differences overview: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
-
-Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
+Response instance will contain the OAuth2::Error instance.
                                                                                                                
+
+
                                                                                                                Authorization Grants
                                                                                                                
+
+
                                                                                                                Note on OAuth 2.1 (draft):
                                                                                                                
+
+
                                                                                                                  
+  
                                                                                                                • PKCE is required for all OAuth clients using the authorization code flow (especially public clients). Implement PKCE in your app when required by your provider. See RFC 7636 and RFC 8252.
                                                                                                                  • 
+  
                                                                                                                • Redirect URIs must be compared using exact string matching by the Authorization Server.
                                                                                                                  • 
+  
                                                                                                                • The Implicit grant (response_type=token) and the Resource Owner Password Credentials grant are omitted from OAuth 2.1; they remain here for OAuth 2.0 compatibility but should be avoided for new apps.
                                                                                                                  • 
+  
                                                                                                                • Bearer tokens in the query string are omitted due to security risks; prefer Authorization header usage.
                                                                                                                  • 
+  
                                                                                                                • Refresh tokens for public clients must either be sender-constrained (e.g., DPoP/MTLS) or one-time use.
                                                                                                                  • 
+  
                                                                                                                • The definitions of public and confidential clients are simplified to refer only to whether the client has credentials.
                                                                                                                  • 
+
                                                                                                                
+
+
                                                                                                                References:
                                                                                                                
+
+
                                                                                                                  
+  
                                                                                                                • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
                                                                                                                  • 
+  
                                                                                                                • Aaron Parecki: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
                                                                                                                  • 
+  
                                                                                                                • FusionAuth: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
                                                                                                                  • 
+  
                                                                                                                • Okta: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
                                                                                                                  • 
+  
                                                                                                                • Video: https://www.youtube.com/watch?v=g_aVPdwBTfw
                                                                                                                  • 
+  
                                                                                                                • Differences overview: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
                                                                                                                  • 
+
                                                                                                                
+
+
                                                                                                                Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
 authentication grant types have helper strategy classes that simplify client
-use. They are available via the [`#auth_code`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/auth_code.rb),
-[`#implicit`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/implicit.rb),
-[`#password`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/password.rb),
-[`#client_credentials`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/client_credentials.rb), and
-[`#assertion`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/assertion.rb) methods respectively.
-
-These aren't full examples, but demonstrative of the differences between usage for each strategy.
-```ruby
-auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth/callback")
-access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback")
-
-auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth/callback")
+use. They are available via the #auth_code,
+#implicit,
+#password,
+#client_credentials, and
+#assertion methods respectively.
                                                                                                                
+
+
                                                                                                                These aren’t full examples, but demonstrative of the differences between usage for each strategy.
                                                                                                                
+
+
                                                                                                                ```ruby
+auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20%E2%80%9Chttp://localhost:8080/oauth/callback%E2%80%9D)
+access = client.auth_code.get_token(“code_value”, redirect_uri: “http://localhost:8080/oauth/callback”)
                                                                                                                
+
+
                                                                                                                auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20%E2%80%9Chttp://localhost:8080/oauth/callback%E2%80%9D)
 # get the token params in the callback and
-access = OAuth2::AccessToken.from_kvform(client, query_string)
+access = OAuth2::AccessToken.from_kvform(client, query_string)
                                                                                                                
 
-access = client.password.get_token("username", "password")
+
                                                                                                                access = client.password.get_token(“username”, “password”)
                                                                                                                
 
-access = client.client_credentials.get_token
+
                                                                                                                access = client.client_credentials.get_token
                                                                                                                
 
-# Client Assertion Strategy
-# see: https://tools.ietf.org/html/rfc7523
+
                                                                                                                Client Assertion Strategy
                                                                                                                
+
                                                                                                                # see: https://tools.ietf.org/html/rfc7523
 claimset = {
-  iss: "http://localhost:3001/",
-  aud: "http://localhost:8080/oauth2/token",
-  sub: "me@example.com",
+  iss: “http://localhost:3001”,
+  aud: “http://localhost:8080/oauth2/token”,
+  sub: “me@example.com”,
   exp: Time.now.utc.to_i + 3600,
 }
-assertion_params = [claimset, "HS256", "secret_key"]
-access = client.assertion.get_token(assertion_params)
+assertion_params = [claimset, “HS256”, “secret_key”]
+access = client.assertion.get_token(assertion_params)
                                                                                                                
 
-# The `access` (i.e. access token) is then used like so:
-access.token # actual access_token string, if you need it somewhere
-access.get("/api/stuff") # making api calls with access token
-```
+
                                                                                                                The access (i.e. access token) is then used like so:
                                                                                                                
+
                                                                                                                access.token # actual access_token string, if you need it somewhere
+access.get(“/api/stuff”) # making api calls with access token
+```
                                                                                                                
 
-If you want to specify additional headers to be sent out with the
-request, add a 'headers' hash under 'params':
+
                                                                                                                If you want to specify additional headers to be sent out with the
+request, add a ‘headers’ hash under ‘params’:
                                                                                                                
 
-```ruby
-access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: => "Header")
-```
+
                                                                                                                ruby
+access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: {"Some" => "Header"})
+
                                                                                                                
 
-You can always use the `#request` method on the `OAuth2::Client` instance to make
-requests for tokens for any Authentication grant type.
+
                                                                                                                You can always use the #request method on the OAuth2::Client instance to make
+requests for tokens for any Authentication grant type.
                                                                                                                
 
-## 📘 Comprehensive Usage
+
                                                                                                                📘 Comprehensive Usage
                                                                                                                
 
-### Common Flows (end-to-end)
+
                                                                                                                Common Flows (end-to-end)
                                                                                                                
 
-- Authorization Code (server-side web app):
+
                                                                                                                  
+  
                                                                                                                • Authorization Code (server-side web app):
                                                                                                                  • 
+
                                                                                                                
 
-```ruby
-require "oauth2"
+
                                                                                                                ```ruby
+require “oauth2”
 client = OAuth2::Client.new(
-  ENV["CLIENT_ID"],
-  ENV["CLIENT_SECRET"],
-  site: "https://provider.example.com/",
-  redirect_uri: "https://my.app.example.com/oauth/callback",
-)
-
-# Step 1: redirect user to consent
-state = SecureRandom.hex(16)
-auth_url = client.auth_code.authorize_url(/service/scope: "openid profile email", state: state)
-# redirect_to auth_url
-
-# Step 2: handle the callback
-# params[:code], params[:state]
-raise "state mismatch" unless params[:state] == state
-access = client.auth_code.get_token(params[:code])
+  ENV[“CLIENT_ID”],
+  ENV[“CLIENT_SECRET”],
+  site: “https://provider.example.com”,
+  redirect_uri: “https://my.app.example.com/oauth/callback”,
+)
                                                                                                                
+
+
                                                                                                                Step 1: redirect user to consent
                                                                                                                
+
                                                                                                                state = SecureRandom.hex(16)
+auth_url = client.auth_code.authorize_url(/service/scope: %E2%80%9Copenid profile email%E2%80%9D, state: state)
+# redirect_to auth_url
                                                                                                                
+
+
                                                                                                                Step 2: handle the callback
                                                                                                                
+
                                                                                                                # params[:code], params[:state]
+raise “state mismatch” unless params[:state] == state
+access = client.auth_code.get_token(params[:code])
                                                                                                                
+
+
                                                                                                                Step 3: call APIs
                                                                                                                
+
                                                                                                                profile = access.get(“/api/v1/me”).parsed
+```
                                                                                                                
 
-# Step 3: call APIs
-profile = access.get("/api/v1/me").parsed
-```
-
-- Client Credentials (machine-to-machine):
+
                                                                                                                  
+  
                                                                                                                • Client Credentials (machine-to-machine):
                                                                                                                  • 
+
                                                                                                                
 
-```ruby
+
                                                                                                                ruby
 client = OAuth2::Client.new(ENV["CLIENT_ID"], ENV["CLIENT_SECRET"], site: "https://provider.example.com/")
 access = client.client_credentials.get_token(audience: "https://api.example.com/")
 resp = access.get("/v1/things")
-```
+
                                                                                                                
 
-- Resource Owner Password (legacy; avoid when possible):
+
                                                                                                                  
+  
                                                                                                                • Resource Owner Password (legacy; avoid when possible):
                                                                                                                  • 
+
                                                                                                                
 
-```ruby
+
                                                                                                                ruby
 access = client.password.get_token("jdoe", "s3cret", scope: "read")
-```
+
                                                                                                                
 
-#### Examples
+
                                                                                                                Examples
                                                                                                                
 
 
                                                                                                                
-JHipster UAA (Spring Cloud) password grant example (legacy; avoid when possible)
+  JHipster UAA (Spring Cloud) password grant example (legacy; avoid when possible)
 
-```ruby
+  
                                                                                                                ```ruby
 # This converts a Postman/Net::HTTP multipart token request to oauth2 gem usage.
 # JHipster UAA typically exposes the token endpoint at /uaa/oauth/token.
 # The original snippet included:
 # - Basic Authorization header for the client (web_app:changeit)
 # - X-XSRF-TOKEN header from a cookie (some deployments require it)
 # - grant_type=password with username/password and client_id
-# Using oauth2 gem, you don't need to build multipart bodies; the gem sends
-# application/x-www-form-urlencoded as required by RFC 6749.
+# Using oauth2 gem, you don’t need to build multipart bodies; the gem sends
+# application/x-www-form-urlencoded as required by RFC 6749.
                                                                                                                
 
-require "oauth2"
+  
                                                                                                                require “oauth2”
                                                                                                                
 
-client = OAuth2::Client.new(
-  "web_app",            # client_id
-  "changeit",           # client_secret
-  site: "http://localhost:8080/uaa",
-  token_url: "/oauth/token",      # absolute under site (or "oauth/token" relative)
+  
                                                                                                                client = OAuth2::Client.new(
+  “web_app”,            # client_id
+  “changeit”,           # client_secret
+  site: “http://localhost:8080/uaa”,
+  token_url: “/oauth/token”,      # absolute under site (or “oauth/token” relative)
   auth_scheme: :basic_auth,         # sends HTTP Basic Authorization header
-)
+)
                                                                                                                
 
-# If your UAA requires an XSRF header for the token call, provide it as a header.
-# Often this is not required for token endpoints, but if your gateway enforces it,
+  
                                                                                                                If your UAA requires an XSRF header for the token call, provide it as a header.
                                                                                                                
+  
                                                                                                                # Often this is not required for token endpoints, but if your gateway enforces it,
 # obtain the value from the XSRF-TOKEN cookie and pass it here.
-xsrf_token = ENV["X_XSRF_TOKEN"] # e.g., pulled from a prior set-cookie value
+xsrf_token = ENV[“X_XSRF_TOKEN”] # e.g., pulled from a prior set-cookie value
                                                                                                                
 
-access = client.password.get_token(
-  "admin",                 # username
-  "admin",                 # password
-  headers: xsrf_token ? => xsrf_token : {},
+  
                                                                                                                access = client.password.get_token(
+  “admin”,                 # username
+  “admin”,                 # password
+  headers: xsrf_token ? {”X-XSRF-TOKEN” => xsrf_token} : {},
   # JHipster commonly also accepts/needs the client_id in the body; include if required:
-  # client_id: "web_app",
-)
+  # client_id: “web_app”,
+)
                                                                                                                
 
-puts access.token
+  
                                                                                                                puts access.token
 puts access.to_hash # full token response
-```
+```
                                                                                                                
 
-Notes:
-- Resource Owner Password Credentials (ROPC) is deprecated in OAuth 2.1 and discouraged. Prefer Authorization Code + PKCE.
-- If your deployment strictly demands the X-XSRF-TOKEN header, first fetch it from an endpoint that sets the XSRF-TOKEN cookie (often "/" or a login page) and pass it to headers.
-- For Basic auth, auth_scheme: :basic_auth handles the Authorization header; you do not need to base64-encode manually.
+  
                                                                                                                Notes:
                                                                                                                
+
+  
                                                                                                                  
+    
                                                                                                                • Resource Owner Password Credentials (ROPC) is deprecated in OAuth 2.1 and discouraged. Prefer Authorization Code + PKCE.
                                                                                                                  • 
+    
                                                                                                                • If your deployment strictly demands the X-XSRF-TOKEN header, first fetch it from an endpoint that sets the XSRF-TOKEN cookie (often “/” or a login page) and pass it to headers.
                                                                                                                  • 
+    
                                                                                                                • For Basic auth, auth_scheme: :basic_auth handles the Authorization header; you do not need to base64-encode manually.
                                                                                                                  • 
+  
                                                                                                                
 
 
                                                                                                                
 
-### Instagram API (verb‑dependent token mode)
+
                                                                                                                Instagram API (verb‑dependent token mode)
                                                                                                                
+
+
                                                                                                                Providers like Instagram require the access token to be sent differently depending on the HTTP verb:
                                                                                                                
 
-Providers like Instagram require the access token to be sent differently depending on the HTTP verb:
-- GET requests: token must be in the query string (?access_token=...)
-- POST/DELETE requests: token must be in the Authorization header (Bearer ...)
+
                                                                                                                  
+  
                                                                                                                • GET requests: token must be in the query string (?access_token=…)
                                                                                                                  • 
+  
                                                                                                                • POST/DELETE requests: token must be in the Authorization header (Bearer …)
                                                                                                                  • 
+
                                                                                                                
 
-Since v2.0.15, you can configure an AccessToken with a verb‑dependent mode. The gem will choose how to send the token based on the request method.
+
                                                                                                                Since v2.0.15, you can configure an AccessToken with a verb‑dependent mode. The gem will choose how to send the token based on the request method.
                                                                                                                
 
-Example: exchanging and refreshing long‑lived Instagram tokens, and making API calls
+
                                                                                                                Example: exchanging and refreshing long‑lived Instagram tokens, and making API calls
                                                                                                                
 
-```ruby
-require "oauth2"
+
                                                                                                                ```ruby
+require “oauth2”
                                                                                                                
 
-# NOTE: Users authenticate via Facebook Login to obtain a short‑lived user token (not shown here).
-# See Facebook Login docs for obtaining the initial short‑lived token.
+
                                                                                                                NOTE: Users authenticate via Facebook Login to obtain a short‑lived user token (not shown here).
                                                                                                                
+
                                                                                                                # See Facebook Login docs for obtaining the initial short‑lived token.
                                                                                                                
 
-client = OAuth2::Client.new(nil, nil, site: "https://graph.instagram.com/")
+
                                                                                                                client = OAuth2::Client.new(nil, nil, site: “https://graph.instagram.com”)
                                                                                                                
 
-# Start with a short‑lived token you already obtained via Facebook Login
-short_lived = OAuth2::AccessToken.new(
+
                                                                                                                Start with a short‑lived token you already obtained via Facebook Login
                                                                                                                
+
                                                                                                                short_lived = OAuth2::AccessToken.new(
   client,
-  ENV["IG_SHORT_LIVED_TOKEN"],
+  ENV[“IG_SHORT_LIVED_TOKEN”],
   # Key part: verb‑dependent mode
-  mode: :query, post: :header, delete: :header,
-)
+  mode: {get: :query, post: :header, delete: :header},
+)
                                                                                                                
 
-# 1) Exchange for a long‑lived token (Instagram requires GET with access_token in query)
-#    Endpoint: GET https://graph.instagram.com/access_token
+
                                                                                                                1) Exchange for a long‑lived token (Instagram requires GET with access_token in query)
                                                                                                                
+
                                                                                                                #    Endpoint: GET https://graph.instagram.com/access_token
 #    Params: grant_type=ig_exchange_token, client_secret=APP_SECRET
 exchange = short_lived.get(
-  "/access_token",
+  “/access_token”,
   params: {
-    grant_type: "ig_exchange_token",
-    client_secret: ENV["IG_APP_SECRET"],
+    grant_type: “ig_exchange_token”,
+    client_secret: ENV[“IG_APP_SECRET”],
     # access_token param will be added automatically by the AccessToken (mode => :query for GET)
   },
 )
-long_lived_token_value = exchange.parsed["access_token"]
+long_lived_token_value = exchange.parsed[“access_token”]
                                                                                                                
 
-long_lived = OAuth2::AccessToken.new(
+
                                                                                                                long_lived = OAuth2::AccessToken.new(
   client,
   long_lived_token_value,
-  mode: :query, post: :header, delete: :header,
-)
+  mode: {get: :query, post: :header, delete: :header},
+)
                                                                                                                
 
-# 2) Refresh the long‑lived token (Instagram uses GET with token in query)
-#    Endpoint: GET https://graph.instagram.com/refresh_access_token
+
                                                                                                                2) Refresh the long‑lived token (Instagram uses GET with token in query)
                                                                                                                
+
                                                                                                                #    Endpoint: GET https://graph.instagram.com/refresh_access_token
 refresh_resp = long_lived.get(
-  "/refresh_access_token",
-  params: "ig_refresh_token",
+  “/refresh_access_token”,
+  params: {grant_type: “ig_refresh_token”},
 )
 long_lived = OAuth2::AccessToken.new(
   client,
-  refresh_resp.parsed["access_token"],
-  mode: :query, post: :header, delete: :header,
-)
+  refresh_resp.parsed[“access_token”],
+  mode: {get: :query, post: :header, delete: :header},
+)
                                                                                                                
 
-# 3) Typical API GET request (token in query automatically)
-me = long_lived.get("/me", params: "id,username").parsed
+
                                                                                                                3) Typical API GET request (token in query automatically)
                                                                                                                
+
                                                                                                                me = long_lived.get(“/me”, params: {fields: “id,username”}).parsed
                                                                                                                
 
-# 4) Example POST (token sent via Bearer header automatically)
-# Note: Replace the path/params with a real Instagram Graph API POST you need,
+
                                                                                                                4) Example POST (token sent via Bearer header automatically)
                                                                                                                
+
                                                                                                                # Note: Replace the path/params with a real Instagram Graph API POST you need,
 # such as publishing media via the Graph API endpoints.
-# long_lived.post("/me/media", body: "https://.../", caption: "hello")
-```
+# long_lived.post(“/me/media”, body: {image_url: “https://…”, caption: “hello”})
+```
                                                                                                                
 
-Tips:
-- Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
-- If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
+
                                                                                                                Tips:
                                                                                                                
 
-### Refresh Tokens
+
                                                                                                                  
+  
                                                                                                                • Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
                                                                                                                  • 
+  
                                                                                                                • If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
                                                                                                                  • 
+
                                                                                                                
 
-When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
+
                                                                                                                Refresh Tokens
                                                                                                                
 
-- Manual refresh:
+
                                                                                                                When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
                                                                                                                
 
-```ruby
+
                                                                                                                  
+  
                                                                                                                • Manual refresh:
                                                                                                                  • 
+
                                                                                                                
+
+
                                                                                                                ruby
 if access.expired?
   access = access.refresh
 end
-```
+
                                                                                                                
 
-- Auto-refresh wrapper pattern:
+
                                                                                                                  
+  
                                                                                                                • Auto-refresh wrapper pattern:
                                                                                                                  • 
+
                                                                                                                
 
-```ruby
+
                                                                                                                ```ruby
 class AutoRefreshingToken
   def initialize(token_provider, store: nil)
     @token = token_provider
     @store = store # e.g., something that responds to read/write for token data
-  end
+  end
                                                                                                                
 
-  def with(&blk)
+
                                                                                                                def with(&blk)
     tok = ensure_fresh!
     blk ? blk.call(tok) : tok
   rescue OAuth2::Error => e
@@ -1088,180 +1223,193 @@ 
                                                                                                                Quick Examples
                                                                                                                
       retry
     end
     raise
-  end
+  end
                                                                                                                
 
-private
+
                                                                                                                private
                                                                                                                
 
-  def ensure_fresh!
+
                                                                                                                def ensure_fresh!
     if @token.expired? && @token.refresh_token
       @token = @token.refresh
       @store.write(@token.to_hash) if @store
     end
     @token
   end
-end
+end
                                                                                                                
 
-# usage
-keeper = AutoRefreshingToken.new(access)
-keeper.with { |tok| tok.get("/v1/protected") }
-```
+
                                                                                                                usage
                                                                                                                
+
                                                                                                                keeper = AutoRefreshingToken.new(access)
+keeper.with { |tok| tok.get(“/v1/protected”) }
+```
                                                                                                                
 
-Persist the token across processes using `AccessToken#to_hash` and `AccessToken.from_hash(client, hash)`.
+
                                                                                                                Persist the token across processes using AccessToken#to_hash and AccessToken.from_hash(client, hash).
                                                                                                                
 
-### Token Revocation (RFC 7009)
+
                                                                                                                Token Revocation (RFC 7009)
                                                                                                                
 
-You can revoke either the access token or the refresh token.
+
                                                                                                                You can revoke either the access token or the refresh token.
                                                                                                                
 
-```ruby
+
                                                                                                                ```ruby
 # Revoke the current access token
-access.revoke(token_type_hint: :access_token)
+access.revoke(token_type_hint: :access_token)
                                                                                                                
 
-# Or explicitly revoke the refresh token (often also invalidates associated access tokens)
-access.revoke(token_type_hint: :refresh_token)
-```
+
                                                                                                                Or explicitly revoke the refresh token (often also invalidates associated access tokens)
                                                                                                                
+
                                                                                                                access.revoke(token_type_hint: :refresh_token)
+```
                                                                                                                
 
-### Client Configuration Tips
+
                                                                                                                Client Configuration Tips
                                                                                                                
 
-#### Mutual TLS (mTLS) client authentication
+
                                                                                                                Mutual TLS (mTLS) client authentication
                                                                                                                
 
-Some providers require OAuth requests (including the token request and subsequent API calls) to be sender‑constrained using mutual TLS (mTLS). With this gem, you enable mTLS by providing a client certificate/private key to Faraday via connection_opts.ssl and, if your provider requires it for client authentication, selecting the tls_client_auth auth_scheme.
+
                                                                                                                Some providers require OAuth requests (including the token request and subsequent API calls) to be sender‑constrained using mutual TLS (mTLS). With this gem, you enable mTLS by providing a client certificate/private key to Faraday via connection_opts.ssl and, if your provider requires it for client authentication, selecting the tls_client_auth auth_scheme.
                                                                                                                
 
-Example using PEM files (certificate and key):
+
                                                                                                                Example using PEM files (certificate and key):
                                                                                                                
 
-```ruby
-require "oauth2"
-require "openssl"
+
                                                                                                                ```ruby
+require “oauth2”
+require “openssl”
                                                                                                                
 
-client = OAuth2::Client.new(
-  ENV.fetch("https://github.com/CLIENT_ID"),
-  ENV.fetch("https://github.com/CLIENT_SECRET"),
-  site: "https://example.com/",
-  authorize_url: "/oauth/authorize/",
-  token_url: "/oauth/token/",
+
                                                                                                                client = OAuth2::Client.new(
+  ENV.fetch(“CLIENT_ID”),
+  ENV.fetch(“CLIENT_SECRET”),
+  site: “https://example.com”,
+  authorize_url: “/oauth/authorize/”,
+  token_url: “/oauth/token/”,
   auth_scheme: :tls_client_auth, # if your AS requires mTLS-based client authentication
   connection_opts: {
     ssl: {
-      client_cert: OpenSSL::X509::Certificate.new(File.read("localhost.pem")),
-      client_key: OpenSSL::PKey::RSA.new(File.read("localhost-key.pem")),
+      client_cert: OpenSSL::X509::Certificate.new(File.read(“localhost.pem”)),
+      client_key: OpenSSL::PKey::RSA.new(File.read(“localhost-key.pem”)),
       # Optional extras, uncomment as needed:
-      # ca_file: "/path/to/ca-bundle.pem",   # custom CA(s)
+      # ca_file: “/path/to/ca-bundle.pem”,   # custom CA(s)
       # verify: true                           # enable server cert verification (recommended)
     },
   },
-)
+)
                                                                                                                
+
+
                                                                                                                Example token request (any grant type can be used). The mTLS handshake
                                                                                                                
+
                                                                                                                # will occur automatically on HTTPS calls using the configured cert/key.
+access = client.client_credentials.get_token
                                                                                                                
+
+
                                                                                                                Subsequent resource requests will also use mTLS on HTTPS endpoints of site:
                                                                                                                
+
                                                                                                                resp = access.get(“/v1/protected”)
+```
                                                                                                                
 
-# Example token request (any grant type can be used). The mTLS handshake
-# will occur automatically on HTTPS calls using the configured cert/key.
-access = client.client_credentials.get_token
-
-# Subsequent resource requests will also use mTLS on HTTPS endpoints of `site`:
-resp = access.get("/v1/protected")
-```
-
-Notes:
-- Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to OpenSSL::PKey::RSA.new(File.read(path), ENV["KEY_PASSWORD"]).
-- If your certificate and key are in a PKCS#12/PFX bundle, you can load them like:
-  - p12 = OpenSSL::PKCS12.new(File.read("client.p12"), ENV["P12_PASSWORD"])
-  - client_cert = p12.certificate; client_key = p12.key
-- Server trust:
-  - If your environment does not have system CAs, specify ca_file or ca_path inside the ssl: hash.
-  - Keep verify: true in production. Set verify: false only for local testing.
-- Faraday adapter: Any adapter that supports Ruby’s OpenSSL should work. net_http (default) and net_http_persistent are common choices.
-- Scope of mTLS: The SSL client cert is applied to any HTTPS request made by this client (token and resource requests) to the configured site base URL (and absolute URLs you call with the same client).
-- OIDC tie-in: Some OPs require tls_client_auth at the token endpoint per OIDC/OAuth specifications. That is enabled via auth_scheme: :tls_client_auth as shown above.
-
-#### Authentication schemes for the token request
-
-```ruby
+
                                                                                                                Notes:
                                                                                                                
+
+
                                                                                                                  
+  
                                                                                                                • Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to OpenSSL::PKey::RSA.new(File.read(path), ENV["KEY_PASSWORD"]).
                                                                                                                  • 
+  
                                                                                                                • If your certificate and key are in a PKCS#12/PFX bundle, you can load them like:
+    
                                                                                                                    
+      
                                                                                                                  • p12 = OpenSSL::PKCS12.new(File.read("client.p12"), ENV["P12_PASSWORD"])
                                                                                                                    • 
+      
                                                                                                                  • client_cert = p12.certificate; client_key = p12.key
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+  
                                                                                                                • Server trust:
+    
                                                                                                                    
+      
                                                                                                                  • If your environment does not have system CAs, specify ca_file or ca_path inside the ssl: hash.
                                                                                                                    • 
+      
                                                                                                                  • Keep verify: true in production. Set verify: false only for local testing.
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+  
                                                                                                                • Faraday adapter: Any adapter that supports Ruby’s OpenSSL should work. net_http (default) and net_http_persistent are common choices.
                                                                                                                  • 
+  
                                                                                                                • Scope of mTLS: The SSL client cert is applied to any HTTPS request made by this client (token and resource requests) to the configured site base URL (and absolute URLs you call with the same client).
                                                                                                                  • 
+  
                                                                                                                • OIDC tie-in: Some OPs require tls_client_auth at the token endpoint per OIDC/OAuth specifications. That is enabled via auth_scheme: :tls_client_auth as shown above.
                                                                                                                  • 
+
                                                                                                                
+
+
                                                                                                                Authentication schemes for the token request
                                                                                                                
+
+
                                                                                                                ruby
 OAuth2::Client.new(
   id,
   secret,
   site: "https://provider.example.com/",
   auth_scheme: :basic_auth, # default. Alternatives: :request_body, :tls_client_auth, :private_key_jwt
 )
-```
+
                                                                                                                
 
-#### Faraday connection, timeouts, proxy, custom adapter/middleware:
+
                                                                                                                Faraday connection, timeouts, proxy, custom adapter/middleware:
                                                                                                                
 
-```ruby
+
                                                                                                                ruby
 client = OAuth2::Client.new(
   id,
   secret,
   site: "https://provider.example.com/",
   connection_opts: {
-    request: 5, timeout: 15,
+    request: {open_timeout: 5, timeout: 15},
     proxy: ENV["HTTPS_PROXY"],
-    ssl: true,
+    ssl: {verify: true},
   },
 ) do |faraday|
   faraday.request(:url_encoded)
   # faraday.response :logger, Logger.new($stdout) # see OAUTH_DEBUG below
   faraday.adapter(:net_http_persistent) # or any Faraday adapter you need
 end
-```
+
                                                                                                                
 
-##### Using flat query params (Faraday::FlatParamsEncoder)
+
                                                                                                                Using flat query params (Faraday::FlatParamsEncoder)
                                                                                                                
 
-Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
+
                                                                                                                Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
                                                                                                                
 
-```ruby
-require "faraday"
+
                                                                                                                ```ruby
+require “faraday”
                                                                                                                
 
-client = OAuth2::Client.new(
+
                                                                                                                client = OAuth2::Client.new(
   id,
   secret,
-  site: "https://api.example.com/",
+  site: “https://api.example.com”,
   # Pass Faraday connection options to make FlatParamsEncoder the default
   connection_opts: {
-    request: Faraday::FlatParamsEncoder,
+    request: {params_encoder: Faraday::FlatParamsEncoder},
   },
 ) do |faraday|
   faraday.request(:url_encoded)
   faraday.adapter(:net_http)
-end
+end
                                                                                                                
 
-access = client.client_credentials.get_token
+
                                                                                                                access = client.client_credentials.get_token
                                                                                                                
 
-# Example of a GET with two flat filter params (not an array):
-# Results in: ?filter=order.clientCreatedTime%3E1445006997000&filter=order.clientCreatedTime%3C1445611797000
+
                                                                                                                Example of a GET with two flat filter params (not an array):
                                                                                                                
+
                                                                                                                # Results in: ?filter=order.clientCreatedTime%3E1445006997000&filter=order.clientCreatedTime%3C1445611797000
 resp = access.get(
-  "/v1/orders",
+  “/v1/orders”,
   params: {
     # Provide the values as an array; FlatParamsEncoder expands them as repeated keys
     filter: [
-      "order.clientCreatedTime>1445006997000",
-      "order.clientCreatedTime<1445611797000",
+      “order.clientCreatedTime>1445006997000”,
+      “order.clientCreatedTime<1445611797000”,
     ],
   },
 )
-```
+```
                                                                                                                
 
-If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:
+
                                                                                                                If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:
                                                                                                                
 
-```ruby
-conn = Faraday.new("https://api.example.com/", request: Faraday::FlatParamsEncoder)
-```
+
                                                                                                                ruby
+conn = Faraday.new("https://api.example.com/", request: {params_encoder: Faraday::FlatParamsEncoder})
+
                                                                                                                
 
-#### Redirection
+
                                                                                                                Redirection
                                                                                                                
 
-The library follows up to `max_redirects` (default 5).
-You can override per-client via `options[:max_redirects]`.
+
                                                                                                                The library follows up to max_redirects (default 5).
+You can override per-client via options[:max_redirects].
                                                                                                                
 
-### Handling Responses and Errors
+
                                                                                                                Handling Responses and Errors
                                                                                                                
 
-- Parsing:
+
                                                                                                                  
+  
                                                                                                                • Parsing:
                                                                                                                  • 
+
                                                                                                                
 
-```ruby
+
                                                                                                                ruby
 resp = access.get("/v1/thing")
 resp.status     # Integer
 resp.headers    # Hash
 resp.body       # String
 resp.parsed     # SnakyHash::StringKeyed or Array when JSON array
-```
+
                                                                                                                
 
-- Error handling:
+
                                                                                                                  
+  
                                                                                                                • Error handling:
                                                                                                                  • 
+
                                                                                                                
 
-```ruby
+
                                                                                                                ruby
 begin
   access.get("/v1/forbidden")
 rescue OAuth2::Error => e
@@ -1269,150 +1417,155 @@ 
                                                                                                                Quick Examples
                                                                                                                
   e.description  # OAuth2 error description (when present)
   e.response     # OAuth2::Response (full access to status/headers/body)
 end
-```
+
                                                                                                                
 
-- Disable raising on 4xx/5xx to inspect the response yourself:
+
                                                                                                                  
+  
                                                                                                                • Disable raising on 4xx/5xx to inspect the response yourself:
                                                                                                                  • 
+
                                                                                                                
 
-```ruby
+
                                                                                                                ruby
 client = OAuth2::Client.new(id, secret, site: site, raise_errors: false)
 res = client.request(:get, "/v1/maybe-errors")
 if res.status == 429
   sleep res.headers["retry-after"].to_i
 end
-```
+
                                                                                                                
 
-### Making Raw Token Requests
+
                                                                                                                Making Raw Token Requests
                                                                                                                
 
-If a provider requires non-standard parameters or headers, you can call `client.get_token` directly:
+
                                                                                                                If a provider requires non-standard parameters or headers, you can call client.get_token directly:
                                                                                                                
 
-```ruby
+
                                                                                                                ruby
 access = client.get_token({
   grant_type: "client_credentials",
   audience: "https://api.example.com/",
-  headers: => "value",
+  headers: {"X-Custom" => "value"},
   parse: :json, # override parsing
 })
-```
+
                                                                                                                
 
-### OpenID Connect (OIDC) Notes
+
                                                                                                                OpenID Connect (OIDC) Notes
                                                                                                                
 
-- If the token response includes an `id_token` (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider's JWKs to verify it.
-- For private_key_jwt client authentication, provide `auth_scheme: :private_key_jwt` and ensure your key configuration matches the provider requirements.
-- See [OIDC.md](OIDC.md) for a more complete OIDC overview, example, and links to the relevant specifications.
+
                                                                                                                  
+  
                                                                                                                • If the token response includes an id_token (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider’s JWKs to verify it.
                                                                                                                  • 
+  
                                                                                                                • For private_key_jwt client authentication, provide auth_scheme: :private_key_jwt and ensure your key configuration matches the provider requirements.
                                                                                                                  • 
+  
                                                                                                                • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
                                                                                                                  • 
+
                                                                                                                
 
-### Debugging
+
                                                                                                                Debugging
                                                                                                                
 
-- Set environment variable `OAUTH_DEBUG=true` to enable verbose Faraday logging (uses the client-provided logger).
-- To mirror a working curl request, ensure you set the same auth scheme, params, and content type. The Quick Example at the top shows a curl-to-ruby translation.
+
                                                                                                                  
+  
                                                                                                                • Set environment variable OAUTH_DEBUG=true to enable verbose Faraday logging (uses the client-provided logger).
                                                                                                                  • 
+  
                                                                                                                • To mirror a working curl request, ensure you set the same auth scheme, params, and content type. The Quick Example at the top shows a curl-to-ruby translation.
                                                                                                                  • 
+
                                                                                                                
 
----
+
                                                                                                                
 
-## 🦷 FLOSS Funding
+
                                                                                                                🦷 FLOSS Funding
                                                                                                                
 
-While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding.
-Raising a monthly budget of... "dollars" would make the project more sustainable.
+
                                                                                                                While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding.
+Raising a monthly budget of… “dollars” would make the project more sustainable.
                                                                                                                
 
-We welcome both individual and corporate sponsors! We also offer a
+
                                                                                                                We welcome both individual and corporate sponsors! We also offer a
 wide array of funding channels to account for your preferences
-(although currently [Open Collective][🖇osc] is our preferred funding platform).
+(although currently Open Collective is our preferred funding platform).
                                                                                                                
 
-**If you're working in a company that's making significant use of ruby-oauth tools we'd
-appreciate it if you suggest to your company to become a ruby-oauth sponsor.**
+
                                                                                                                If you’re working in a company that’s making significant use of ruby-oauth tools we’d
+appreciate it if you suggest to your company to become a ruby-oauth sponsor.
                                                                                                                
 
-You can support the development of ruby-oauth tools via
-[GitHub Sponsors][🖇sponsor],
-[Liberapay][⛳liberapay],
-[PayPal][🖇paypal],
-[Open Collective][🖇osc]
-and [Tidelift][🏙️entsup-tidelift].
+
                                                                                                                You can support the development of ruby-oauth tools via
+GitHub Sponsors,
+Liberapay,
+PayPal,
+Open Collective
+and Tidelift.
                                                                                                                
 
-| 📍 NOTE                                                                                                                                                                                                              |
-|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| If doing a sponsorship in the form of donation is problematic for your company 
                                                                                                                 from an accounting standpoint, we'd recommend the use of Tidelift, 
                                                                                                                 where you can get a support-like subscription instead. |
+
+  
+    
+      
+    
+  
+  
+    
+      
+    
+  
+
                                                                                                                📍 NOTE
                                                                                                                If doing a sponsorship in the form of donation is problematic for your company 
                                                                                                                 from an accounting standpoint, we’d recommend the use of Tidelift, 
                                                                                                                 where you can get a support-like subscription instead.
                                                                                                                
 
-### Open Collective for Individuals
+
                                                                                                                Open Collective for Individuals
                                                                                                                
 
-Support us with a monthly donation and help us continue our activities. [[Become a backer](https://opencollective.com/kettle-rb#backer)]
+
                                                                                                                Support us with a monthly donation and help us continue our activities. [Become a backer]
                                                                                                                
 
-NOTE: [kettle-readme-backers][kettle-readme-backers] updates this list every day, automatically.
+
                                                                                                                NOTE: kettle-readme-backers updates this list every day, automatically.
                                                                                                                
 
 
-No backers yet. Be the first!
-
+
                                                                                                                No backers yet. Be the first!
+
                                                                                                                
 
-### Open Collective for Organizations
+
                                                                                                                Open Collective for Organizations
                                                                                                                
 
-Become a sponsor and get your logo on our README on GitHub with a link to your site. [[Become a sponsor](https://opencollective.com/kettle-rb#sponsor)]
+
                                                                                                                Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
                                                                                                                
 
-NOTE: [kettle-readme-backers][kettle-readme-backers] updates this list every day, automatically.
+
                                                                                                                NOTE: kettle-readme-backers updates this list every day, automatically.
                                                                                                                
 
 
-No sponsors yet. Be the first!
-
-### Open Collective for Donors
-
-
+
                                                                                                                No sponsors yet. Be the first!
+
                                                                                                                
 
-
+
                                                                                                                Another way to support open-source
                                                                                                                
 
-[kettle-readme-backers]: https://github.com/kettle-rb/kettle-dev/blob/main/exe/kettle-readme-backers
+
                                                                                                                I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
                                                                                                                
 
-### Another way to support open-source
+
                                                                                                                If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.
                                                                                                                
 
-> How wonderful it is that nobody need wait a single moment before starting to improve the world.
                                                                                                                
->—Anne Frank
+
                                                                                                                I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.
                                                                                                                
 
-I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions — totaling 79 hours of FLOSS coding over just the past seven days, a pretty regular week for me.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
+
                                                                                                                Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags
                                                                                                                
 
-If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in `bundle fund`.
+
                                                                                                                OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS efforts at ko-fi.com Donate to my FLOSS efforts using Patreon
                                                                                                                
 
-I’m developing a new library, [floss_funding][🖇floss-funding-gem], designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.
+
                                                                                                                🔐 Security
                                                                                                                
 
-**[Floss-Funding.dev][🖇floss-funding.dev]: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags**
+
                                                                                                                To report a security vulnerability, please use the Tidelift security contact.
+Tidelift will coordinate the fix and disclosure.
                                                                                                                
 
-[![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
+
                                                                                                                For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
                                                                                                                
 
-## 🔐 Security
+
                                                                                                                🤝 Contributing
                                                                                                                
 
-To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
-Tidelift will coordinate the fix and disclosure.
+
                                                                                                                If you need some ideas of where to help, you could work on adding more code coverage,
+or if it is already 💯 (see below) check reek, issues, or PRs,
+or use the gem and think about how it could be better.
                                                                                                                
 
-For more see [SECURITY.md][🔐security], [THREAT_MODEL.md][🔐threat-model], and [IRP.md][🔐irp].
+
                                                                                                                We Keep A Changelog so if you make changes, remember to update it.
                                                                                                                
 
-## 🤝 Contributing
+
                                                                                                                See CONTRIBUTING.md for more detailed instructions.
                                                                                                                
 
-If you need some ideas of where to help, you could work on adding more code coverage,
-or if it is already 💯 (see [below](#code-coverage)) check [reek](REEK), [issues][🤝gh-issues], or [PRs][🤝gh-pulls],
-or use the gem and think about how it could be better.
+
                                                                                                                🚀 Release Instructions
                                                                                                                
 
-We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you make changes, remember to update it.
+
                                                                                                                See CONTRIBUTING.md.
                                                                                                                
 
-See [CONTRIBUTING.md][🤝contributing] for more detailed instructions.
+
                                                                                                                Code Coverage
                                                                                                                
 
-### 🚀 Release Instructions
+
                                                                                                                Coverage Graph
                                                                                                                
 
-See [CONTRIBUTING.md][🤝contributing].
+
                                                                                                                Coveralls Test Coverage
                                                                                                                
 
-### Code Coverage
+
                                                                                                                QLTY Test Coverage
                                                                                                                
 
-[![Coverage Graph][🏀codecov-g]][🏀codecov]
+
                                                                                                                🪇 Code of Conduct
                                                                                                                
 
-[![Coveralls Test Coverage][🏀coveralls-img]][🏀coveralls]
+
                                                                                                                Everyone interacting with this project’s codebases, issue trackers,
+chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
                                                                                                                
 
-[![QLTY Test Coverage][🏀qlty-covi]][🏀qlty-cov]
+
                                                                                                                🌈 Contributors
                                                                                                                
 
-### 🪇 Code of Conduct
+
                                                                                                                Contributors
                                                                                                                
 
-Everyone interacting with this project's codebases, issue trackers,
-chat rooms and mailing lists agrees to follow the [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct].
+
                                                                                                                Made with contributors-img.
                                                                                                                
 
-## 🌈 Contributors
-
-[![Contributors][🖐contributors-img]][🖐contributors]
-
-Made with [contributors-img][🖐contrib-rocks].
-
-Also see GitLab Contributors: [https://gitlab.com/ruby-oauth/oauth2/-/graphs/main][🚎contributors-gl]
+
                                                                                                                Also see GitLab Contributors: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main
                                                                                                                
 
 
                                                                                                                
     ⭐️ Star History
@@ -1427,55 +1580,58 @@ 
                                                                                                                Quick Examples
                                                                                                                
 
 
                                                                                                                
 
-## 📌 Versioning
+
                                                                                                                📌 Versioning
                                                                                                                
 
-This Library adheres to [![Semantic Versioning 2.0.0][📌semver-img]][📌semver].
+
                                                                                                                This Library adheres to Semantic Versioning 2.0.0.
 Violations of this scheme should be reported as bugs.
 Specifically, if a minor or patch version is released that breaks backward compatibility,
 a new version should be immediately released that restores compatibility.
-Breaking changes to the public API will only be introduced with new major versions.
+Breaking changes to the public API will only be introduced with new major versions.
                                                                                                                
 
-> dropping support for a platform is both obviously and objectively a breaking change 
                                                                                                                
->—Jordan Harband ([@ljharb](https://github.com/ljharb), maintainer of SemVer) [in SemVer issue 716][📌semver-breaking]
+
                                                                                                                
+  
                                                                                                                dropping support for a platform is both obviously and objectively a breaking change 
                                                                                                                
+—Jordan Harband (@ljharb, maintainer of SemVer) in SemVer issue 716
                                                                                                                
+
                                                                                                                
 
-I understand that policy doesn't work universally ("exceptions to every rule!"),
+
                                                                                                                I understand that policy doesn’t work universally (“exceptions to every rule!”),
 but it is the policy here.
 As such, in many cases it is good to specify a dependency on this library using
-the [Pessimistic Version Constraint][📌pvc] with two digits of precision.
+the Pessimistic Version Constraint with two digits of precision.
                                                                                                                
 
-For example:
+
                                                                                                                For example:
                                                                                                                
 
-```ruby
+
                                                                                                                ruby
 spec.add_dependency("oauth2", "~> 2.0")
-```
+
                                                                                                                
 
 
                                                                                                                
-📌 Is "Platform Support" part of the public API? More details inside.
+  📌 Is "Platform Support" part of the public API? More details inside.
 
-SemVer should, IMO, but doesn't explicitly, say that dropping support for specific Platforms
-is a *breaking change* to an API.
-It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless.
+  
                                                                                                                SemVer should, IMO, but doesn’t explicitly, say that dropping support for specific Platforms
+is a breaking change to an API, and for that reason the bike shedding is endless.
                                                                                                                
 
-To get a better understanding of how SemVer is intended to work over a project's lifetime,
-read this article from the creator of SemVer:
+  
                                                                                                                To get a better understanding of how SemVer is intended to work over a project’s lifetime,
+read this article from the creator of SemVer:
                                                                                                                
 
-- ["Major Version Numbers are Not Sacred"][📌major-versions-not-sacred]
+  
 
 
                                                                                                                
 
-See [CHANGELOG.md][📌changelog] for a list of releases.
+
                                                                                                                See CHANGELOG.md for a list of releases.
                                                                                                                
 
-## 📄 License
+
                                                                                                                📄 License
                                                                                                                
 
-The gem is available as open source under the terms of
-the [MIT License][📄license] [![License: MIT][📄license-img]][📄license-ref].
-See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright-notice-explainer].
+
                                                                                                                The gem is available as open source under the terms of
+the MIT License License: MIT.
+See LICENSE.txt for the official Copyright Notice.
                                                                                                                
 
-### © Copyright
+
 
 
                                                                                                                  
     
                                                                                                                • 
-        Copyright (c) 2017–2025 Peter H. Boling, of
+        Copyright (c) 2017 – 2025 Peter H. Boling, of
         
             Galtzo.com
             
@@ -1484,243 +1640,30 @@ 
                                                                                                                  Quick Examples
                                                                                                                  
                                                                                                                           , and oauth2 contributors.
     
                                                                                                                  • 
     
                                                                                                                • 
-        Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.
+        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
     
                                                                                                                  • 
 
                                                                                                                
 
-## 🤑 A request for help
+
                                                                                                                🤑 A request for help
                                                                                                                
 
-Maintainers have teeth and need to pay their dentists.
-After getting laid off in an RIF in March and filled with many dozens of rejections,
-I'm now spending ~60+ hours a week building open source tools.
-I'm hoping to be able to pay for my kids' health insurance this month,
+
                                                                                                                Maintainers have teeth and need to pay their dentists.
+After getting laid off in an RIF in March, and encountering difficulty finding a new one,
+I began spending most of my time building open source tools.
+I’m hoping to be able to pay for my kids’ health insurance this month,
 so if you value the work I am doing, I need your support.
-Please consider sponsoring me or the project.
-
-To join the community or get help 👇️ Join the Discord.
-
-[![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite]
-
-To say "thanks!" ☝️ Join the Discord or 👇️ send money.
-
-[![Sponsor ruby-oauth/oauth2 on Open Source Collective][🖇osc-all-bottom-img]][🖇osc] 💌 [![Sponsor me on GitHub Sponsors][🖇sponsor-bottom-img]][🖇sponsor] 💌 [![Sponsor me on Liberapay][⛳liberapay-bottom-img]][⛳liberapay-img] 💌 [![Donate on PayPal][🖇paypal-bottom-img]][🖇paypal-img]
-
-### Please give the project a star ⭐ ♥.
-
-Thanks for RTFM. ☺️
-
-[⛳liberapay-img]: https://img.shields.io/liberapay/goal/pboling.svg?logo=liberapay&color=a51611&style=flat
-[⛳liberapay-bottom-img]: https://img.shields.io/liberapay/goal/pboling.svg?style=for-the-badge&logo=liberapay&color=a51611
-[⛳liberapay]: https://liberapay.com/pboling/donate
-[🖇osc-all-img]: https://img.shields.io/opencollective/all/ruby-oauth
-[🖇osc-sponsors-img]: https://img.shields.io/opencollective/sponsors/ruby-oauth
-[🖇osc-backers-img]: https://img.shields.io/opencollective/backers/ruby-oauth
-[🖇osc-backers]: https://opencollective.com/ruby-oauth#backer
-[🖇osc-backers-i]: https://opencollective.com/ruby-oauth/backers/badge.svg?style=flat
-[🖇osc-sponsors]: https://opencollective.com/ruby-oauth#sponsor
-[🖇osc-sponsors-i]: https://opencollective.com/ruby-oauth/sponsors/badge.svg?style=flat
-[🖇osc-all-bottom-img]: https://img.shields.io/opencollective/all/ruby-oauth?style=for-the-badge
-[🖇osc-sponsors-bottom-img]: https://img.shields.io/opencollective/sponsors/ruby-oauth?style=for-the-badge
-[🖇osc-backers-bottom-img]: https://img.shields.io/opencollective/backers/ruby-oauth?style=for-the-badge
-[🖇osc]: https://opencollective.com/ruby-oauth
-[🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github
-[🖇sponsor-bottom-img]: https://img.shields.io/badge/Sponsor_Me!-pboling-blue?style=for-the-badge&logo=github
-[🖇sponsor]: https://github.com/sponsors/pboling
-[🖇polar-img]: https://img.shields.io/badge/polar-donate-a51611.svg?style=flat
-[🖇polar]: https://polar.sh/pboling
-[🖇kofi-img]: https://img.shields.io/badge/ko--fi-%E2%9C%93-a51611.svg?style=flat
-[🖇kofi]: https://ko-fi.com/O5O86SNP4
-[🖇patreon-img]: https://img.shields.io/badge/patreon-donate-a51611.svg?style=flat
-[🖇patreon]: https://patreon.com/galtzo
-[🖇buyme-small-img]: https://img.shields.io/badge/buy_me_a_coffee-%E2%9C%93-a51611.svg?style=flat
-[🖇buyme-img]: https://img.buymeacoffee.com/button-api/?text=Buy%20me%20a%20latte&emoji=&slug=pboling&button_colour=FFDD00&font_colour=000000&font_family=Cookie&outline_colour=000000&coffee_colour=ffffff
-[🖇buyme]: https://www.buymeacoffee.com/pboling
-[🖇paypal-img]: https://img.shields.io/badge/donate-paypal-a51611.svg?style=flat&logo=paypal
-[🖇paypal-bottom-img]: https://img.shields.io/badge/donate-paypal-a51611.svg?style=for-the-badge&logo=paypal&color=0A0A0A
-[🖇paypal]: https://www.paypal.com/paypalme/peterboling
-[🖇floss-funding.dev]: https://floss-funding.dev
-[🖇floss-funding-gem]: https://github.com/galtzo-floss/floss_funding
-[✉️discord-invite]: https://discord.gg/3qme4XHNKN
-[✉️discord-invite-img-ftb]: https://img.shields.io/discord/1373797679469170758?style=for-the-badge&logo=discord
-[✉️ruby-friends-img]: https://img.shields.io/badge/daily.dev-%F0%9F%92%8E_Ruby_Friends-0A0A0A?style=for-the-badge&logo=dailydotdev&logoColor=white
-[✉️ruby-friends]: https://app.daily.dev/squads/rubyfriends
-
-[⛳gg-discussions]: https://groups.google.com/g/oauth-ruby
-[⛳gg-discussions-img]: https://img.shields.io/badge/google-group-0093D0.svg?style=for-the-badge&logo=google&logoColor=orange
-
-[✇bundle-group-pattern]: https://gist.github.com/pboling/4564780
-[⛳️gem-namespace]: https://github.com/ruby-oauth/oauth2
-[⛳️namespace-img]: https://img.shields.io/badge/namespace-OAuth2-3C2D2D.svg?style=square&logo=ruby&logoColor=white
-[⛳️gem-name]: https://rubygems.org/gems/oauth2
-[⛳️name-img]: https://img.shields.io/badge/name-oauth2-3C2D2D.svg?style=square&logo=rubygems&logoColor=red
-[⛳️tag-img]: https://img.shields.io/github/tag/ruby-oauth/oauth2.svg
-[⛳️tag]: http://github.com/ruby-oauth/oauth2/releases
-[🚂maint-blog]: http://www.railsbling.com/tags/oauth2
-[🚂maint-blog-img]: https://img.shields.io/badge/blog-railsbling-0093D0.svg?style=for-the-badge&logo=rubyonrails&logoColor=orange
-[🚂maint-contact]: http://www.railsbling.com/contact
-[🚂maint-contact-img]: https://img.shields.io/badge/Contact-Maintainer-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red
-[💖🖇linkedin]: http://www.linkedin.com/in/peterboling
-[💖🖇linkedin-img]: https://img.shields.io/badge/PeterBoling-LinkedIn-0B66C2?style=flat&logo=newjapanprowrestling
-[💖✌️wellfound]: https://wellfound.com/u/peter-boling
-[💖✌️wellfound-img]: https://img.shields.io/badge/peter--boling-orange?style=flat&logo=wellfound
-[💖💲crunchbase]: https://www.crunchbase.com/person/peter-boling
-[💖💲crunchbase-img]: https://img.shields.io/badge/peter--boling-purple?style=flat&logo=crunchbase
-[💖🐘ruby-mast]: https://ruby.social/@galtzo
-[💖🐘ruby-mast-img]: https://img.shields.io/mastodon/follow/109447111526622197?domain=https://ruby.social&style=flat&logo=mastodon&label=Ruby%20@galtzo
-[💖🦋bluesky]: https://bsky.app/profile/galtzo.com
-[💖🦋bluesky-img]: https://img.shields.io/badge/@galtzo.com-0285FF?style=flat&logo=bluesky&logoColor=white
-[💖🌳linktree]: https://linktr.ee/galtzo
-[💖🌳linktree-img]: https://img.shields.io/badge/galtzo-purple?style=flat&logo=linktree
-[💖💁🏼‍♂️devto]: https://dev.to/galtzo
-[💖💁🏼‍♂️devto-img]: https://img.shields.io/badge/dev.to-0A0A0A?style=flat&logo=devdotto&logoColor=white
-[💖💁🏼‍♂️aboutme]: https://about.me/peter.boling
-[💖💁🏼‍♂️aboutme-img]: https://img.shields.io/badge/about.me-0A0A0A?style=flat&logo=aboutme&logoColor=white
-[💖🧊berg]: https://codeberg.org/pboling
-[💖🐙hub]: https://github.org/pboling
-[💖🛖hut]: https://sr.ht/~galtzo/
-[💖🧪lab]: https://gitlab.com/pboling
-[👨🏼‍🏫expsup-upwork]: https://www.upwork.com/freelancers/~014942e9b056abdf86?mp_source=share
-[👨🏼‍🏫expsup-upwork-img]: https://img.shields.io/badge/UpWork-13544E?style=for-the-badge&logo=Upwork&logoColor=white
-[👨🏼‍🏫expsup-codementor]: https://www.codementor.io/peterboling?utm_source=github&utm_medium=button&utm_term=peterboling&utm_campaign=github
-[👨🏼‍🏫expsup-codementor-img]: https://img.shields.io/badge/CodeMentor-Get_Help-1abc9c?style=for-the-badge&logo=CodeMentor&logoColor=white
-[🏙️entsup-tidelift]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=readme
-[🏙️entsup-tidelift-img]: https://img.shields.io/badge/Tidelift_and_Sonar-Enterprise_Support-FD3456?style=for-the-badge&logo=sonar&logoColor=white
-[🏙️entsup-tidelift-sonar]: https://blog.tidelift.com/tidelift-joins-sonar
-[💁🏼‍♂️peterboling]: http://www.peterboling.com
-[🚂railsbling]: http://www.railsbling.com
-[📜src-gl-img]: https://img.shields.io/badge/GitLab-FBA326?style=for-the-badge&logo=Gitlab&logoColor=orange
-[📜src-gl]: https://gitlab.com/ruby-oauth/oauth2/
-[📜src-cb-img]: https://img.shields.io/badge/CodeBerg-4893CC?style=for-the-badge&logo=CodeBerg&logoColor=blue
-[📜src-cb]: https://codeberg.org/ruby-oauth/oauth2
-[📜src-gh-img]: https://img.shields.io/badge/GitHub-238636?style=for-the-badge&logo=Github&logoColor=green
-[📜src-gh]: https://github.com/ruby-oauth/oauth2
-[📜docs-cr-rd-img]: https://img.shields.io/badge/RubyDoc-Current_Release-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
-[📜docs-head-rd-img]: https://img.shields.io/badge/YARD_on_Galtzo.com-HEAD-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
-[📜gl-wiki]: https://gitlab.com/ruby-oauth/oauth2/-/wikis/home
-[📜gh-wiki]: https://github.com/ruby-oauth/oauth2/wiki
-[📜gl-wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=gitlab&logoColor=white
-[📜gh-wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=github&logoColor=white
-[👽dl-rank]: https://rubygems.org/gems/oauth2
-[👽dl-ranki]: https://img.shields.io/gem/rd/oauth2.svg
-[👽oss-help]: https://www.codetriage.com/ruby-oauth/oauth2
-[👽oss-helpi]: https://www.codetriage.com/ruby-oauth/oauth2/badges/users.svg
-[👽version]: https://rubygems.org/gems/oauth2
-[👽versioni]: https://img.shields.io/gem/v/oauth2.svg
-[🏀qlty-mnt]: https://qlty.sh/gh/ruby-oauth/projects/oauth2
-[🏀qlty-mnti]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/maintainability.svg
-[🏀qlty-cov]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/metrics/code?sort=coverageRating
-[🏀qlty-covi]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/coverage.svg
-[🏀codecov]: https://codecov.io/gh/ruby-oauth/oauth2
-[🏀codecovi]: https://codecov.io/gh/ruby-oauth/oauth2/graph/badge.svg
-[🏀coveralls]: https://coveralls.io/github/ruby-oauth/oauth2?branch=main
-[🏀coveralls-img]: https://coveralls.io/repos/github/ruby-oauth/oauth2/badge.svg?branch=main
-[🖐codeQL]: https://github.com/ruby-oauth/oauth2/security/code-scanning
-[🖐codeQL-img]: https://github.com/ruby-oauth/oauth2/actions/workflows/codeql-analysis.yml/badge.svg
-[🚎1-an-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/ancient.yml
-[🚎1-an-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/ancient.yml/badge.svg
-[🚎2-cov-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/coverage.yml
-[🚎2-cov-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/coverage.yml/badge.svg
-[🚎3-hd-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/heads.yml
-[🚎3-hd-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/heads.yml/badge.svg
-[🚎4-lg-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/legacy.yml
-[🚎4-lg-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/legacy.yml/badge.svg
-[🚎5-st-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/style.yml
-[🚎5-st-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/style.yml/badge.svg
-[🚎6-s-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/supported.yml
-[🚎6-s-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/supported.yml/badge.svg
-[🚎7-us-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/unsupported.yml
-[🚎7-us-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/unsupported.yml/badge.svg
-[🚎8-ho-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/hoary.yml
-[🚎8-ho-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/hoary.yml/badge.svg
-[🚎9-t-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/truffle.yml
-[🚎9-t-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/truffle.yml/badge.svg
-[🚎10-j-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/jruby.yml
-[🚎10-j-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/jruby.yml/badge.svg
-[🚎11-c-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/current.yml
-[🚎11-c-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/current.yml/badge.svg
-[🚎12-crh-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/dep-heads.yml
-[🚎12-crh-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/dep-heads.yml/badge.svg
-[🚎13-cbs-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/caboose.yml
-[🚎13-cbs-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/caboose.yml/badge.svg
-[🚎13-🔒️-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/locked_deps.yml
-[🚎13-🔒️-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/locked_deps.yml/badge.svg
-[🚎14-🔓️-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/unlocked_deps.yml
-[🚎14-🔓️-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/unlocked_deps.yml/badge.svg
-[🚎15-🪪-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/license-eye.yml
-[🚎15-🪪-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/license-eye.yml/badge.svg
-[💎ruby-2.2i]: https://img.shields.io/badge/Ruby-2.2_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-2.3i]: https://img.shields.io/badge/Ruby-2.3-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-2.4i]: https://img.shields.io/badge/Ruby-2.4-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-2.5i]: https://img.shields.io/badge/Ruby-2.5-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-2.6i]: https://img.shields.io/badge/Ruby-2.6-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-2.7i]: https://img.shields.io/badge/Ruby-2.7-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-3.0i]: https://img.shields.io/badge/Ruby-3.0-CC342D?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-3.1i]: https://img.shields.io/badge/Ruby-3.1-CC342D?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-3.2i]: https://img.shields.io/badge/Ruby-3.2-CC342D?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-3.3i]: https://img.shields.io/badge/Ruby-3.3-CC342D?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-c-i]: https://img.shields.io/badge/Ruby-current-CC342D?style=for-the-badge&logo=ruby&logoColor=green
-[💎ruby-headi]: https://img.shields.io/badge/Ruby-HEAD-CC342D?style=for-the-badge&logo=ruby&logoColor=blue
-[💎truby-22.3i]: https://img.shields.io/badge/Truffle_Ruby-22.3_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=pink
-[💎truby-23.0i]: https://img.shields.io/badge/Truffle_Ruby-23.0_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=pink
-[💎truby-23.1i]: https://img.shields.io/badge/Truffle_Ruby-23.1-34BCB1?style=for-the-badge&logo=ruby&logoColor=pink
-[💎truby-c-i]: https://img.shields.io/badge/Truffle_Ruby-current-34BCB1?style=for-the-badge&logo=ruby&logoColor=green
-[💎truby-headi]: https://img.shields.io/badge/Truffle_Ruby-HEAD-34BCB1?style=for-the-badge&logo=ruby&logoColor=blue
-[💎jruby-9.1i]: https://img.shields.io/badge/JRuby-9.1_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=red
-[💎jruby-9.2i]: https://img.shields.io/badge/JRuby-9.2_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=red
-[💎jruby-9.3i]: https://img.shields.io/badge/JRuby-9.3_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=red
-[💎jruby-9.4i]: https://img.shields.io/badge/JRuby-9.4-FBE742?style=for-the-badge&logo=ruby&logoColor=red
-[💎jruby-c-i]: https://img.shields.io/badge/JRuby-current-FBE742?style=for-the-badge&logo=ruby&logoColor=green
-[💎jruby-headi]: https://img.shields.io/badge/JRuby-HEAD-FBE742?style=for-the-badge&logo=ruby&logoColor=blue
-[🤝gh-issues]: https://github.com/ruby-oauth/oauth2/issues
-[🤝gh-pulls]: https://github.com/ruby-oauth/oauth2/pulls
-[🤝gl-issues]: https://gitlab.com/ruby-oauth/oauth2/-/issues
-[🤝gl-pulls]: https://gitlab.com/ruby-oauth/oauth2/-/merge_requests
-[🤝cb-issues]: https://codeberg.org/ruby-oauth/oauth2/issues
-[🤝cb-pulls]: https://codeberg.org/ruby-oauth/oauth2/pulls
-[🤝cb-donate]: https://donate.codeberg.org/
-[🤝contributing]: CONTRIBUTING.md
-[🏀codecov-g]: https://codecov.io/gh/ruby-oauth/oauth2/graphs/tree.svg
-[🖐contrib-rocks]: https://contrib.rocks
-[🖐contributors]: https://github.com/ruby-oauth/oauth2/graphs/contributors
-[🖐contributors-img]: https://contrib.rocks/image?repo=ruby-oauth/oauth2
-[🚎contributors-gl]: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main
-[🪇conduct]: CODE_OF_CONDUCT.md
-[🪇conduct-img]: https://img.shields.io/badge/Contributor_Covenant-2.1-259D6C.svg
-[📌pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint
-[📌semver]: https://semver.org/spec/v2.0.0.html
-[📌semver-img]: https://img.shields.io/badge/semver-2.0.0-259D6C.svg?style=flat
-[📌semver-breaking]: https://github.com/semver/semver/issues/716#issuecomment-869336139
-[📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html
-[📌changelog]: CHANGELOG.md
-[📗keep-changelog]: https://keepachangelog.com/en/1.0.0/
-[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-34495e.svg?style=flat
-[📌gitmoji]:https://gitmoji.dev
-[📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
-[🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.526-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
-[🔐security]: SECURITY.md
-[🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
-[🔐irp]: IRP.md
-[🔐irp-img]: https://img.shields.io/badge/IRP-259D6C.svg?style=flat
-[🔐threat-model]: THREAT_MODEL.md
-[🔐threat-model-img]: https://img.shields.io/badge/threat-model-259D6C.svg?style=flat
-[📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
-[📄license]: LICENSE.txt
-[📄license-ref]: https://opensource.org/licenses/MIT
-[📄license-img]: https://img.shields.io/badge/License-MIT-259D6C.svg
-[📄license-compat]: https://dev.to/galtzo/how-to-check-license-compatibility-41h0
-[📄license-compat-img]: https://img.shields.io/badge/Apache_Compatible:_Category_A-%E2%9C%93-259D6C.svg?style=flat&logo=Apache
-[📄ilo-declaration]: https://www.ilo.org/declaration/lang--en/index.htm
-[📄ilo-declaration-img]: https://img.shields.io/badge/ILO_Fundamental_Principles-✓-259D6C.svg?style=flat
-[🚎yard-current]: http://rubydoc.info/gems/oauth2
-[🚎yard-head]: https://oauth2.galtzo.com
-[💎stone_checksums]: https://github.com/galtzo-floss/stone_checksums
-[💎SHA_checksums]: https://gitlab.com/ruby-oauth/oauth2/-/tree/main/checksums
-[💎rlts]: https://github.com/rubocop-lts/rubocop-lts
-[💎rlts-img]: https://img.shields.io/badge/code_style_&_linting-rubocop--lts-34495e.svg?plastic&logo=ruby&logoColor=white
-[💎appraisal2]: https://github.com/appraisal-rb/appraisal2
-[💎appraisal2-img]: https://img.shields.io/badge/appraised_by-appraisal2-34495e.svg?plastic&logo=ruby&logoColor=white
-[💎d-in-dvcs]: https://railsbling.com/posts/dvcs/put_the_d_in_dvcs/
+Please consider sponsoring me or the project.
                                                                                                                
+
+
                                                                                                                To join the community or get help 👇️ Join the Discord.
                                                                                                                
+
+
                                                                                                                Live Chat on Discord
                                                                                                                
+
+
                                                                                                                To say “thanks!” ☝️ Join the Discord or 👇️ send money.
                                                                                                                
+
+
                                                                                                                Sponsor ruby-oauth/oauth2 on Open Source Collective 💌 Sponsor me on GitHub Sponsors 💌 Sponsor me on Liberapay 💌 Donate on PayPal
                                                                                                                
+
+
                                                                                                                Please give the project a star ⭐ ♥.
                                                                                                                
+
+
                                                                                                                Thanks for RTFM. ☺️
                                                                                                                
 
 
                                                                                                                
   
@@ -1731,13 +1674,12 @@ 
                                                                                                                Quick Examples
                                                                                                                
 
 
 
                                                                                                                
-
                                                                                                                
 
                                                                                                                
 
       
 
     
                                                                                                                
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index f8f449c1..fcb0033e 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -69,21 +69,20 @@ 
                                                                                                                RuboCop Gradual
                                                                                                                
 
 
                                                                                                                RuboCop LTS
                                                                                                                
 
-
                                                                                                                This project uses rubocop-lts to ensure, on a best-effort basis, compatibility with Ruby >= 1.9.2.
                                                                                                                
+
                                                                                                                This project uses rubocop-lts to ensure, on a best-effort basis, compatibility with Ruby >= 1.9.2.
 RuboCop rules are meticulously configured by the rubocop-lts family of gems to ensure that a project is compatible with a specific version of Ruby. See: https://rubocop-lts.gitlab.io for more.
                                                                                                                
 
 
                                                                                                                Checking RuboCop Violations
                                                                                                                
 
 
                                                                                                                To check for RuboCop violations in this project, always use:
                                                                                                                
 
-
                                                                                                                bundle exec rake rubocop_gradual:check
-
                                                                                                                
+
                                                                                                                bash
+bundle exec rake rubocop_gradual:check
+
                                                                                                                
 
-
                                                                                                                Do not use the standard RuboCop commands like:
                                                                                                                
-
                                                                                                                  
-  
                                                                                                                • bundle exec rubocop
                                                                                                                  • 
-  
                                                                                                                • rubocop
                                                                                                                  • 
-
                                                                                                                
+
                                                                                                                Do not use the standard RuboCop commands like:
+- bundle exec rubocop
+- rubocop
                                                                                                                
 
 
                                                                                                                Understanding the Lock File
                                                                                                                
 
@@ -122,7 +121,7 @@ 
                                                                                                                Common Commands
                                                                                                                
 
                                                                                                                Workflow
                                                                                                                
 
 
                                                                                                                  
-  
                                                                                                                1. Before submitting a PR, run bundle exec rake rubocop_gradual:autocorrect
                                                                                                                  
+  
                                                                                                                2. Before submitting a PR, run bundle exec rake rubocop_gradual:autocorrect
 a. or just the default bundle exec rake, as autocorrection is a pre-requisite of the default task.
                                                                                                                  3. 
   
                                                                                                                3. If there are new violations, either:
     
                                                                                                                    
@@ -150,7 +149,7 @@ 
                                                                                                                    Never add inline RuboCop disables
                                                                                                                    In general, treat the rules as guidance to follow; fix violations rather than ignore them. For example, RSpec conventions in this project expect described_class to be used in specs that target a specific class under test.
                                                                                                                    
 
-
                                                                                                                    Benefits of rubocop_gradual
                                                                                                                    
+
                                                                                                                    Benefits of rubocop_gradual
                                                                                                                    
 
 
                                                                                                                      
   
                                                                                                                    • Allows incremental adoption of code style rules
                                                                                                                      • 
@@ -161,9 +160,9 @@ 
                                                                                                                      Benefits of rubocop_gradual
                                                                                                                      
 
                                                                                                                
 
       
 
     
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 21f8e0dd..bc43ae18 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -78,24 +78,24 @@ 
                                                                                                                Supported Versions
                                                                                                                
 
 
                                                                                                                Security contact information
                                                                                                                
 
-
                                                                                                                To report a security vulnerability, please use the
                                                                                                                
-Tidelift security contact.
                                                                                                                
+
                                                                                                                To report a security vulnerability, please use the
+Tidelift security contact.
 Tidelift will coordinate the fix and disclosure.
                                                                                                                
 
-
                                                                                                                More detailed explanation of the process is in IRP.md
                                                                                                                
+
                                                                                                                More detailed explanation of the process is in IRP.md
                                                                                                                
 
 
                                                                                                                Additional Support
                                                                                                                
 
-
                                                                                                                If you are interested in support for versions older than the latest release,
                                                                                                                
-please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
                                                                                                                
-or find other sponsorship links in the README.
                                                                                                                
+
                                                                                                                If you are interested in support for versions older than the latest release,
+please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
+or find other sponsorship links in the README.
                                                                                                                
 
 
 
       
 
     
diff --git a/docs/file.THREAT_MODEL.html b/docs/file.THREAT_MODEL.html
index eabbf1c6..6307deac 100644
--- a/docs/file.THREAT_MODEL.html
+++ b/docs/file.THREAT_MODEL.html
@@ -59,10 +59,10 @@
 
       
                                                                                                                Threat Model Outline for oauth2 Ruby Gem
                                                                                                                
 
-
                                                                                                                1. Overview
                                                                                                                
+
                                                                                                                1. Overview
                                                                                                                
 
                                                                                                                This document outlines the threat model for the oauth2 Ruby gem, which implements OAuth 2.0, 2.1, and OIDC Core protocols. The gem is used to facilitate secure authorization and authentication in Ruby applications.
                                                                                                                
 
-
                                                                                                                2. Assets to Protect
                                                                                                                
+
                                                                                                                2. Assets to Protect
                                                                                                                
 
                                                                                                                  
   
                                                                                                                • OAuth access tokens, refresh tokens, and ID tokens
                                                                                                                  • 
   
                                                                                                                • User credentials (if handled)
                                                                                                                  • 
@@ -71,7 +71,7 @@ 
                                                                                                                  2. Assets to Protect
                                                                                                                  
   
                                                                                                                • Private keys and certificates (for signing/verifying tokens)
                                                                                                                  • 
 
                                                                                                                
 
-
                                                                                                                3. Potential Threat Actors
                                                                                                                
+
                                                                                                                3. Potential Threat Actors
                                                                                                                
 
                                                                                                                  
   
                                                                                                                • External attackers (internet-based)
                                                                                                                  • 
   
                                                                                                                • Malicious OAuth clients or resource servers
                                                                                                                  • 
@@ -79,7 +79,7 @@ 
                                                                                                                  3. Potential Threat Actors
                                                                                                                  
   
                                                                                                                • Compromised dependencies
                                                                                                                  • 
 
                                                                                                                
 
-
                                                                                                                4. Attack Surfaces
                                                                                                                
+
                                                                                                                4. Attack Surfaces
                                                                                                                
 
                                                                                                                  
   
                                                                                                                • OAuth endpoints (authorization, token, revocation, introspection)
                                                                                                                  • 
   
                                                                                                                • HTTP request/response handling
                                                                                                                  • 
@@ -88,9 +88,9 @@ 
                                                                                                                  4. Attack Surfaces
                                                                                                                  
   
                                                                                                                • Dependency supply chain
                                                                                                                  • 
 
                                                                                                                
 
-
                                                                                                                5. Threats and Mitigations
                                                                                                                
+
                                                                                                                5. Threats and Mitigations
                                                                                                                
 
-
                                                                                                                5.1 Token Leakage
                                                                                                                
+
                                                                                                                5.1 Token Leakage
                                                                                                                
 
                                                                                                                  
   
                                                                                                                • 
 Threat: Tokens exposed via logs, URLs, or insecure storage
                                                                                                                  • 
@@ -104,7 +104,7 @@ 
                                                                                                                  5.1 Token Leakage
                                                                                                                  
   
 
                                                                                                                
 
-
                                                                                                                5.2 Token Replay and Forgery
                                                                                                                
+
                                                                                                                5.2 Token Replay and Forgery
                                                                                                                
 
                                                                                                                  
   
                                                                                                                • 
 Threat: Attackers reuse or forge tokens
                                                                                                                  • 
@@ -118,7 +118,7 @@ 
                                                                                                                  5.2 Token Replay and Forgery
                                                                                                                  
   
 
                                                                                                                
 
-
                                                                                                                5.3 Insecure Communication
                                                                                                                
+
                                                                                                                5.3 Insecure Communication
                                                                                                                
 
                                                                                                                  
   
                                                                                                                • 
 Threat: Data intercepted via MITM attacks
                                                                                                                  • 
@@ -131,7 +131,7 @@ 
                                                                                                                  5.3 Insecure Communication
                                                                                                                  
   
 
                                                                                                                
 
-
                                                                                                                5.4 Client Secret Exposure
                                                                                                                
+
                                                                                                                5.4 Client Secret Exposure
                                                                                                                
 
                                                                                                                  
   
                                                                                                                • 
 Threat: Client secrets leaked in code or version control
                                                                                                                  • 
@@ -144,7 +144,7 @@ 
                                                                                                                  5.4 Client Secret Exposure
                                                                                                                  
   
 
                                                                                                                
 
-
                                                                                                                5.5 Dependency Vulnerabilities
                                                                                                                
+
                                                                                                                5.5 Dependency Vulnerabilities
                                                                                                                
 
                                                                                                                  
   
                                                                                                                • 
 Threat: Vulnerabilities in third-party libraries
                                                                                                                  • 
@@ -157,7 +157,7 @@ 
                                                                                                                  5.5 Dependency Vulnerabilities
                                                                                                                  
   
 
                                                                                                                
 
-
                                                                                                                5.6 Improper Input Validation
                                                                                                                
+
                                                                                                                5.6 Improper Input Validation
                                                                                                                
 
                                                                                                                  
   
                                                                                                                • 
 Threat: Injection attacks via untrusted input
                                                                                                                  • 
@@ -170,7 +170,7 @@ 
                                                                                                                  5.6 Improper Input Validation
                                                                                                                  
   
 
                                                                                                                
 
-
                                                                                                                5.7 Insufficient Logging and Monitoring
                                                                                                                
+
                                                                                                                5.7 Insufficient Logging and Monitoring
                                                                                                                
 
                                                                                                                  
   
                                                                                                                • 
 Threat: Attacks go undetected
                                                                                                                  • 
@@ -183,19 +183,19 @@ 
                                                                                                                  5.7 Insufficient Logging and Mon
   
 
                                                                                                                
 
-
                                                                                                                6. Assumptions
                                                                                                                
+
                                                                                                                6. Assumptions
                                                                                                                
 
                                                                                                                  
   
                                                                                                                • The gem is used in a secure environment with up-to-date Ruby and dependencies
                                                                                                                  • 
   
                                                                                                                • End-users are responsible for secure configuration and deployment
                                                                                                                  • 
 
                                                                                                                
 
-
                                                                                                                7. Out of Scope
                                                                                                                
+
                                                                                                                7. Out of Scope
                                                                                                                
 
                                                                                                                  
   
                                                                                                                • Security of external OAuth providers
                                                                                                                  • 
   
                                                                                                                • Application-level business logic
                                                                                                                  • 
 
                                                                                                                
 
-
                                                                                                                8. References
                                                                                                                
+
                                                                                                                8. References
                                                                                                                
 
                                                                                                                
 
       
 
     
diff --git a/docs/file_list.html b/docs/file_list.html
index 883a283c..4fec7a08 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -102,141 +102,6 @@ 
                                                                                                                File List
                                                                                                                
   
   
 
-  
                                                                                                              • 
-    
                                                                                                                CITATION
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.10.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.11.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.12.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.13.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.14.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.15.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.16.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.17.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.10.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.11.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.12.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.13.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.14.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.15.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.16.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2-2.0.17.gem
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                REEK
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                access_token
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                authenticator
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                client
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                error
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                filtered_attributes
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                response
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                strategy
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                version
                                                                                                                
-  
                                                                                                                • 
-  
-
-  
                                                                                                              • 
-    
                                                                                                                oauth2
                                                                                                                
-  
                                                                                                                • 
-  
-
 
       
                                                                                                              
     
diff --git a/docs/index.html b/docs/index.html
index aa7dfaf6..76368c46 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -57,13 +57,53 @@
         
                                                                                                              
       
 
-      
                                                                                                              Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Chris Messina, CC BY-SA 3.0
                                                                                                              
-
-
                                                                                                              🔐 OAuth 2.0 Authorization Framework
                                                                                                              
+      
                                                                                                              
+  
+    
+      
+    
+  
+  
+    
+      
+    
+    
+      
+    
+    
+      
+    
+    
+      
+    
+    
+      
+    
+    
+      
+    
+    
+      
+    
+    
+      
+    
+    
+      
+    
+    
+      
+    
+  
+
                                                                                                              📍 NOTE
                                                                                                              RubyGems (the GitHub org, not the website) suffered a hostile takeover in September 2025.
                                                                                                              Ultimately 4 maintainers were hard removed and a reason has been given for only 1 of those, while 2 others resigned in protest.
                                                                                                              It is a complicated story which is difficult to parse quickly.
                                                                                                              I’m adding notes like this to gems because I don’t condone theft of repositories or gems from their rightful owners.
                                                                                                              If a similar theft happened with my repos/gems, I’d hope some would stand up for me.
                                                                                                              Disenfranchised former-maintainers have started gem.coop.
                                                                                                              Once available I will publish there exclusively; unless RubyCentral makes amends with the community.
                                                                                                              The “Technology for Humans: Joel Draper” podcast episode by reinteractive is the most cogent summary I’m aware of.
                                                                                                              See here, here and here for more info on what comes next.
                                                                                                              What I’m doing: A (WIP) proposal for bundler/gem scopes, and a (WIP) proposal for a federated gem server.
                                                                                                              
+
+
                                                                                                              Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Chris Messina, CC BY-SA 3.0
                                                                                                              
+
+
                                                                                                              🔐 OAuth 2.0 Authorization Framework
                                                                                                              
 
 
                                                                                                              ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
                                                                                                              
 
-
                                                                                                              [![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🏀codecovi]][🏀codecov] [![Coveralls Test Coverage][🏀coveralls-img]][🏀coveralls] [![QLTY Test Coverage][🏀qlty-covi]][🏀qlty-cov] [![QLTY Maintainability][🏀qlty-mnti]][🏀qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
                                                                                                              
+
                                                                                                              Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers CodeCov Test Coverage Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL Apache SkyWalking Eyes License Compatibility Check
                                                                                                              
 
 
                                                                                                              if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
                                                                                                              
 
@@ -71,13 +111,13 @@ 
                                                                                                              🔐 OAuth 2.0 Authorization Framewor
 
 
                                                                                                              if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
                                                                                                              
 
-
                                                                                                              [![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate at ko-fi.com][🖇kofi-img]][🖇kofi]
                                                                                                              
+
                                                                                                              OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate at ko-fi.com
                                                                                                              
 
-
                                                                                                              🌻 Synopsis
                                                                                                              
+
                                                                                                              🌻 Synopsis
                                                                                                              
 
-
                                                                                                              OAuth 2.0 is the industry-standard protocol for authorization.
                                                                                                              
-OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
                                                                                                              
-    desktop applications, mobile phones, and living room devices.
                                                                                                              
+
                                                                                                              OAuth 2.0 is the industry-standard protocol for authorization.
+OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
+    desktop applications, mobile phones, and living room devices.
 This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications.
                                                                                                              
 
 
                                                                                                              Quick Examples
                                                                                                              
@@ -85,7 +125,7 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
                                                                                                              
   Convert the following `curl` command into a token request using this gem...
 
-```shell
+  
                                                                                                              shell
 curl --request POST \
   --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \
   --header 'content-type: application/x-www-form-urlencoded' \
@@ -93,11 +133,11 @@ 
                                                                                                              Quick Examples
                                                                                                              
   --data client_id=REDMOND_CLIENT_ID \
   --data client_secret=REDMOND_CLIENT_SECRET \
   --data resource=REDMOND_RESOURCE_UUID
-```
+
                                                                                                              
 
-NOTE: In the ruby version below, certain params are passed to the `get_token` call, instead of the client creation.
+  
                                                                                                              NOTE: In the ruby version below, certain params are passed to the get_token call, instead of the client creation.
                                                                                                              
 
-```ruby
+  
                                                                                                              ruby
 OAuth2::Client.new(
   "REDMOND_CLIENT_ID", # client_id
   "REDMOND_CLIENT_SECRET", # client_secret
@@ -107,469 +147,485 @@ 
                                                                                                              Quick Examples
                                                                                                              
 ). # The base path for token_url when it is relative
   client_credentials. # There are many other types to choose from!
   get_token(resource: "REDMOND_RESOURCE_UUID")
-```
+
                                                                                                              
 
-NOTE: `header` - The content type specified in the `curl` is already the default!
+  
                                                                                                              NOTE: header - The content type specified in the curl is already the default!
                                                                                                              
 
 
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              <details markdown=”1>
                                                                                                              
 Complete E2E single file script against mock-oauth2-server
 
-- E2E example uses [navikt/mock-oauth2-server](https://github.com/navikt/mock-oauth2-server), which was added in v2.0.11
-- E2E example does not ship with the released gem, so clone the source to play with it.
+
                                                                                                                
+  
                                                                                                              • E2E example uses navikt/mock-oauth2-server, which was added in v2.0.11
                                                                                                                • 
+  
                                                                                                              • E2E example does not ship with the released gem, so clone the source to play with it.
                                                                                                                • 
+
                                                                                                              
 
-```console
+
                                                                                                              console
 docker compose -f docker-compose-ssl.yml up -d --wait
 ruby examples/e2e.rb
 # If your machine is slow or Docker pulls are cold, increase the wait:
 E2E_WAIT_TIMEOUT=120 ruby examples/e2e.rb
 # The mock server serves HTTP on 8080; the example points to http://localhost:8080 by default.
-```
+
                                                                                                              
 
-The output should be something like this:
+
                                                                                                              The output should be something like this:
                                                                                                              
 
-```console
+
                                                                                                              console
 ➜  ruby examples/e2e.rb
 Access token (truncated): eyJraWQiOiJkZWZhdWx0...
 userinfo status: 200
-userinfo body: => "demo-sub", "aud" => ["demo-aud"], "nbf" => 1757816758000, "iss" => "http://localhost:8080/default", "exp" => 1757820358000, "iat" => 1757816758000, "jti" => "d63b97a7-ebe5-4dea-93e6-d542caba6104"
+userinfo body: {"sub" => "demo-sub", "aud" => ["demo-aud"], "nbf" => 1757816758000, "iss" => "http://localhost:8080/default", "exp" => 1757820358000, "iat" => 1757816758000, "jti" => "d63b97a7-ebe5-4dea-93e6-d542caba6104"}
 E2E complete
-```
+
                                                                                                              
 
-Make sure to shut down the mock server when you are done:
+
                                                                                                              Make sure to shut down the mock server when you are done:
                                                                                                              
 
-```console
+
                                                                                                              console
 docker compose -f docker-compose-ssl.yml down
-```
-
-Troubleshooting: validate connectivity to the mock server
-
-- Check container status and port mapping:
-    - `docker compose -f docker-compose-ssl.yml ps`
-- From the host, try the discovery URL directly (this is what the example uses by default):
-    - `curl -v http://localhost:8080/default/.well-known/openid-configuration`
-    - If that fails immediately, also try: `curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration`
-- From inside the container (to distinguish container vs. host networking):
-    - `docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration`
-- Simple TCP probe from the host:
-    - `nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'`
-- Inspect which host port 8080 is bound to (should be 8080):
-    - `docker inspect -f '(index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }' oauth2-mock-oauth2-server-1`
-- Look at server logs for readiness/errors:
-    - `docker logs -n 200 oauth2-mock-oauth2-server-1`
-- On Linux, ensure nothing else is bound to 8080 and that firewall/SELinux aren’t blocking:
-    - `ss -ltnp | grep :8080`
-
-Notes
-- Discovery URL pattern is: `http://localhost:8080//.well-known/openid-configuration`, where `` defaults to `default`.
-- You can change these with env vars when running the example:
-    - `E2E_ISSUER_BASE` (default: http://localhost:8080)
-    - `E2E_REALM` (default: default)
-
-</details>
-
-If it seems like you are in the wrong place, you might try one of these:
-
-* [OAuth 2.0 Spec][oauth2-spec]
-* [doorkeeper gem][doorkeeper-gem] for OAuth 2.0 server/provider implementation.
-* [oauth sibling gem][sibling-gem] for OAuth 1.0a implementations in Ruby.
-
-[oauth2-spec]: https://oauth.net/2/
-[sibling-gem]: https://gitlab.com/ruby-oauth/oauth
-[doorkeeper-gem]: https://github.com/doorkeeper-gem/doorkeeper
-
-## 💡 Info you can shake a stick at
-
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                                                                               |
-|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                               [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                                                                               |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                               [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                                                                                 |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                                                                              |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                               [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                                                                                   |
-| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                            |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                                                                              |
-| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                                                                               |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Threat Model][🔐threat-model-img]][🔐threat-model]  [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                                                                       |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                           |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                        |
-
-### Compatibility
-
-* Operating Systems: Linux, macOS, Windows
-* MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
-    * NOTE: This gem may still _install_ and _run_ on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
-* JRuby @ v9.4, v10.0, HEAD
-    * NOTE: This gem may still _install_ and _run_ on JRuby v9.2 and v9.3, but they are EOL, builds are flaky, and GitHub Actions [doesn't have][GHA-continue-on-error-ui] a proper [`allow-failures` feature][GHA-allow-failure], and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
-* TruffleRuby @ v23.1, v24.1, HEAD
-    * NOTE: This gem may still _install_ and _run_ on Truffleruby v22.3 and v23.0, but they are EOL, builds are flaky, and GitHub Actions [doesn't have][GHA-continue-on-error-ui] a proper [`allow-failures` feature][GHA-allow-failure], and until they do flaky EOL-platform builds get dropped, so YMMV. Accept patches so long as they don't break the platforms that do run in CI.
-* gem `faraday` @ v0, v1, v2, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
-* gem `jwt` @ v1, v2, v3, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt)
-* gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [ruby/logger](https://github.com/ruby/logger)
-* gem `multi_xml` @ v0.5, v0.6, v0.7, HEAD ⏩️ [sferik/multi_xml](https://github.com/sferik/multi_xml)
-* gem `rack` @ v1.2, v1.6, v2, v3, HEAD ⏩️ [rack/rack](https://github.com/rack/rack)
-* gem `snaky_hash` @ v2, HEAD ⏩️ [ruby-oauth/snaky_hash](https://gitlab.com/ruby-oauth/snaky_hash)
-* gem `version_gem` @ v1, HEAD ⏩️ [ruby-oauth/version_gem](https://gitlab.com/ruby-oauth/version_gem)
-
-The last two were extracted from this gem. They are part of the `ruby-oauth` org,
-and are developed in tight collaboration with this gem.
-
-Also, where reasonable, tested against the runtime dependencies of those dependencies:
-
-* gem `hashie` @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ [hashie/hashie](https://github.com/hashie/hashie)
-
-[GHA-continue-on-error-ui]: https://github.com/actions/runner/issues/2347#issuecomment-2653479732
-[GHA-allow-failure]: https://github.com/orgs/community/discussions/15452
-
-#### Upgrading Runtime Gem Dependencies
-
-This project sits underneath a large portion of the authorization systems on the internet.
-According to GitHub's project tracking, which I believe only reports on public projects,
-[100,000+ projects](https://github.com/ruby-oauth/oauth2/network/dependents), and
-[500+ packages](https://github.com/ruby-oauth/oauth2/network/dependents?dependent_type=PACKAGE) depend on this project.
-
-That means it is painful for the Ruby community when this gem forces updates to its runtime dependencies.
-
-As a result, great care, and a lot of time, have been invested to ensure this gem is working with all the
-leading versions per each minor version of Ruby of all the runtime dependencies it can install with.
-
-What does that mean specifically for the runtime dependencies?
-
-We have 100% test coverage of lines and branches, and this test suite runs across a very large matrix.
-It wouldn't be possible without appraisal2.
-
-| 🚚 _Amazing_ test matrix was brought to you by | 🔎 appraisal2 🔎 and the color 💚 green 💚             |
-|------------------------------------------------|--------------------------------------------------------|
-| 👟 Check it out!                               | ✨ [github.com/appraisal-rb/appraisal2][💎appraisal2] ✨ |
-
-#### You should upgrade this gem with confidence\*.
-
-- This gem follows a _strict & correct_ (according to the maintainer of SemVer; [more info][sv-pub-api]) interpretation of SemVer.
-    - Dropping support for **any** of the runtime dependency versions above will be a major version bump.
-    - If you aren't on one of the minor versions above, make getting there a priority.
-- You should upgrade the dependencies of this gem with confidence\*.
-- Please do upgrade, and then, when it goes smooth as butter [please sponsor me][🖇sponsor].  Thanks!
-
-[sv-pub-api]: #-versioning
-
-\* MIT license; The only guarantees I make are for [enterprise support](#enterprise-support).
+
                                                                                                              
 
-
                                                                                                              
-  Standard Library Dependencies
-
-The various versions of each are tested via the Ruby test matrix, along with whatever Ruby includes them.
-
-* base64
-* cgi
-* json
-* time
-* logger (removed from stdlib in Ruby 3.5 so added as runtime dependency in v2.0.10)
+
                                                                                                              Troubleshooting: validate connectivity to the mock server
                                                                                                              
 
-If you use a gem version of a core Ruby library, it should work fine!
-
-
                                                                                                              
+
                                                                                                                
+  
                                                                                                              • Check container status and port mapping:
+    
                                                                                                                  
+      
                                                                                                                • docker compose -f docker-compose-ssl.yml ps
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+  
                                                                                                              • From the host, try the discovery URL directly (this is what the example uses by default):
+    
                                                                                                                  
+      
                                                                                                                • curl -v http://localhost:8080/default/.well-known/openid-configuration
                                                                                                                  • 
+      
                                                                                                                • If that fails immediately, also try: curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration
+
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+  
                                                                                                              • From inside the container (to distinguish container vs. host networking):
+    
                                                                                                                  
+      
                                                                                                                • docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+  
                                                                                                              • Simple TCP probe from the host:
+    
                                                                                                                  
+      
                                                                                                                • nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+  
                                                                                                              • Inspect which host port 8080 is bound to (should be 8080):
+    
                                                                                                                  
+      
                                                                                                                • docker inspect -f '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' oauth2-mock-oauth2-server-1
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+  
                                                                                                              • Look at server logs for readiness/errors:
+    
                                                                                                                  
+      
                                                                                                                • docker logs -n 200 oauth2-mock-oauth2-server-1
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+  
                                                                                                              • On Linux, ensure nothing else is bound to 8080 and that firewall/SELinux aren’t blocking:
+    
                                                                                                                  
+      
                                                                                                                • ss -ltnp | grep :8080
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+
                                                                                                              
 
-### Federated DVCS
+
                                                                                                              Notes
                                                                                                              
 
-
                                                                                                              
-  Find this repo on federated forges
-
-| Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
-|-----------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
-| 🧪 [ruby-oauth/oauth2 on GitLab][📜src-gl]    | The Truth                                                             | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜gl-wiki]           | 🐭 Tiny Matrix           | ➖                            |
-| 🧊 [ruby-oauth/oauth2 on CodeBerg][📜src-cb]  | An Ethical Mirror ([Donate][🤝cb-donate])                             | [💚][🤝cb-issues]         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
-| 🐙 [ruby-oauth/oauth2 on GitHub][📜src-gh]    | Another Mirror                                                        | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | [💚][📜gh-wiki]           | 💯 Full Matrix           | [💚][gh-discussions]         |
-| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                              | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
-| 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
+
                                                                                                                
+  
                                                                                                              • Discovery URL pattern is: http://localhost:8080/<realm>/.well-known/openid-configuration, where <realm> defaults to default.
                                                                                                                • 
+  
                                                                                                              • You can change these with env vars when running the example:
+    
                                                                                                                  
+      
                                                                                                                • 
+E2E_ISSUER_BASE (default: http://localhost:8080)
                                                                                                                  • 
+      
                                                                                                                • 
+E2E_REALM (default: default)
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+
                                                                                                              
 
-
                                                                                                              
+
                                                                                                              </details>
                                                                                                              
 
-[gh-discussions]: https://github.com/ruby-oauth/oauth2/discussions
+
                                                                                                              If it seems like you are in the wrong place, you might try one of these:
                                                                                                              
 
-### Enterprise Support [![Tidelift](https://tidelift.com/badges/package/rubygems/oauth2)](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=readme)
+
 
-Available as part of the Tidelift Subscription.
+
                                                                                                              💡 Info you can shake a stick at
                                                                                                              
+
+
+  
+    
+      
+      
+    
+  
+  
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+    
+      
+      
+    
+  
+
                                                                                                              Tokens to Remember
+Gem name Gem namespace
+
                                                                                                              Works with JRuby
+JRuby 9.1 Compat JRuby 9.2 Compat JRuby 9.3 Compat 
                                                                                                               JRuby 9.4 Compat JRuby 10.0 Compat JRuby HEAD Compat
+
                                                                                                              Works with Truffle Ruby
+Truffle Ruby 22.3 Compat Truffle Ruby 23.0 Compat 
                                                                                                               Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat
+
                                                                                                              Works with MRI Ruby 3
+Ruby 3.0 Compat Ruby 3.1 Compat Ruby 3.2 Compat Ruby 3.3 Compat Ruby 3.4 Compat Ruby HEAD Compat
+
                                                                                                              Works with MRI Ruby 2
+Ruby 2.2 Compat 
                                                                                                               Ruby 2.3 Compat Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
+
                                                                                                              Support & Community
+Join Me on Daily.dev's RubyFriends Live Chat on Discord Get help from me on Upwork Get help from me on Codementor
+
                                                                                                              Source
+Source on GitLab.com Source on CodeBerg.org Source on Github.com The best SHA: dQw4w9WgXcQ!
+
                                                                                                              Documentation
+Current release on RubyDoc.info YARD on Galtzo.com Maintainer Blog GitLab Wiki GitHub Wiki
+
                                                                                                              Compliance
+License: MIT Compatible with Apache Software Projects: Verified by SkyWalking Eyes 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
+
                                                                                                              Style
+Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits Compatibility appraised by: appraisal2
+
                                                                                                              Maintainer 🎖️
+Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact Maintainer My technical writing
+
                                                                                                              
+... 💖
+Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙  🛖 🧪
+
                                                                                                              
+
+
                                                                                                              Compatibility
                                                                                                              
+
+
                                                                                                              Compatible with MRI Ruby 2.2.0+, and concordant releases of JRuby, and TruffleRuby.
                                                                                                              
+
+
+  
+    
+      
+      
+    
+  
+  
+    
+      
+      
+    
+  
+
                                                                                                              🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎 and the color 💚 green 💚
                                                                                                              👟 Check it out!github.com/appraisal-rb/appraisal2
                                                                                                              
+
+
                                                                                                              Federated DVCS
                                                                                                              
 
 
                                                                                                              
-  Need enterprise-level guarantees?
-
-The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use.
-
-[![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
-
-- 💡Subscribe for support guarantees covering _all_ your FLOSS dependencies
-- 💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]
-- 💡Tidelift pays maintainers to maintain the software you depend on!
                                                                                                              📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers
-
-Alternatively:
-
-- [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite]
-- [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork]
-- [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]
+  Find this repo on federated forges (Coming soon!)
+
+  
+    
+      
+        
+        
+        
+        
+        
+        
+        
+      
+    
+    
+      
+        
+        
+        
+        
+        
+        
+        
+      
+      
+        
+        
+        
+        
+        
+        
+        
+      
+      
+        
+        
+        
+        
+        
+        
+        
+      
+      
+        
+        
+        
+        
+        
+        
+        
+      
+    
+  
                                                                                                              Federated DVCS RepositoryStatusIssuesPRsWikiCIDiscussions
                                                                                                              🧪 ruby-oauth/oauth2 on GitLab
+The Truth💚💚💚🐭 Tiny Matrix
                                                                                                              🧊 ruby-oauth/oauth2 on CodeBerg
+An Ethical Mirror (Donate)💚💚⭕️ No Matrix
                                                                                                              🐙 ruby-oauth/oauth2 on GitHub
+Another Mirror💚💚💚💯 Full Matrix💚
                                                                                                              🎮️ Discord Server
+Live Chat on DiscordLet’stalkaboutthislibrary!
                                                                                                              
 
 
                                                                                                              
 
-## 🚀 Release Documentation
+
                                                                                                              Enterprise Support Tidelift
+
                                                                                                              
 
-### Version 2.0.x
+
                                                                                                              Available as part of the Tidelift Subscription.
                                                                                                              
 
 
                                                                                                              
-  2.0.x CHANGELOG and README
-
-| Version | Release Date | CHANGELOG                             | README                          |
-|---------|--------------|---------------------------------------|---------------------------------|
-| 2.0.17  | 2025-09-15   | [v2.0.17 CHANGELOG][2.0.17-changelog] | [v2.0.17 README][2.0.17-readme] |
-| 2.0.16  | 2025-09-14   | [v2.0.16 CHANGELOG][2.0.16-changelog] | [v2.0.16 README][2.0.16-readme] |
-| 2.0.15  | 2025-09-08   | [v2.0.15 CHANGELOG][2.0.15-changelog] | [v2.0.15 README][2.0.15-readme] |
-| 2.0.14  | 2025-08-31   | [v2.0.14 CHANGELOG][2.0.14-changelog] | [v2.0.14 README][2.0.14-readme] |
-| 2.0.13  | 2025-08-30   | [v2.0.13 CHANGELOG][2.0.13-changelog] | [v2.0.13 README][2.0.13-readme] |
-| 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
-| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
-| 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
-| 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
-| 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
-| 2.0.7   | 2022-08-22   | [v2.0.7 CHANGELOG][2.0.7-changelog]   | [v2.0.7 README][2.0.7-readme]   |
-| 2.0.6   | 2022-07-13   | [v2.0.6 CHANGELOG][2.0.6-changelog]   | [v2.0.6 README][2.0.6-readme]   |
-| 2.0.5   | 2022-07-07   | [v2.0.5 CHANGELOG][2.0.5-changelog]   | [v2.0.5 README][2.0.5-readme]   |
-| 2.0.4   | 2022-07-01   | [v2.0.4 CHANGELOG][2.0.4-changelog]   | [v2.0.4 README][2.0.4-readme]   |
-| 2.0.3   | 2022-06-28   | [v2.0.3 CHANGELOG][2.0.3-changelog]   | [v2.0.3 README][2.0.3-readme]   |
-| 2.0.2   | 2022-06-24   | [v2.0.2 CHANGELOG][2.0.2-changelog]   | [v2.0.2 README][2.0.2-readme]   |
-| 2.0.1   | 2022-06-22   | [v2.0.1 CHANGELOG][2.0.1-changelog]   | [v2.0.1 README][2.0.1-readme]   |
-| 2.0.0   | 2022-06-21   | [v2.0.0 CHANGELOG][2.0.0-changelog]   | [v2.0.0 README][2.0.0-readme]   |
-
-
                                                                                                              
-
-[2.0.17-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2017---2025-09-15
-[2.0.16-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2016---2025-09-14
-[2.0.15-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2015---2025-09-08
-[2.0.14-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2014---2025-08-31
-[2.0.13-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2013---2025-08-30
-[2.0.12-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2012---2025-05-31
-[2.0.11-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2011---2025-05-23
-[2.0.10-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2010---2025-05-17
-[2.0.9-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#209---2022-09-16
-[2.0.8-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#208---2022-09-01
-[2.0.7-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#207---2022-08-22
-[2.0.6-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#206---2022-07-13
-[2.0.5-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#205---2022-07-07
-[2.0.4-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#204---2022-07-01
-[2.0.3-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#203---2022-06-28
-[2.0.2-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#202---2022-06-24
-[2.0.1-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#201---2022-06-22
-[2.0.0-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#200---2022-06-21
-
-[2.0.17-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.17/README.md
-[2.0.16-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.16/README.md
-[2.0.15-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.15/README.md
-[2.0.14-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.14/README.md
-[2.0.13-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.13/README.md
-[2.0.12-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.12/README.md
-[2.0.11-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.11/README.md
-[2.0.10-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.10/README.md
-[2.0.9-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.9/README.md
-[2.0.8-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.8/README.md
-[2.0.7-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.7/README.md
-[2.0.6-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.6/README.md
-[2.0.5-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.5/README.md
-[2.0.4-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.4/README.md
-[2.0.3-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.3/README.md
-[2.0.2-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.2/README.md
-[2.0.1-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.1/README.md
-[2.0.0-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.0/README.md
-
-### Older Releases
-
-
                                                                                                              
-  1.4.x CHANGELOGs and READMEs
-
-| Version | Release Date | CHANGELOG                             | README                          |
-|---------|--------------|---------------------------------------|---------------------------------|
-| 1.4.11  | Sep 16, 2022 | [v1.4.11 CHANGELOG][1.4.11-changelog] | [v1.4.11 README][1.4.11-readme] |
-| 1.4.10  | Jul 1, 2022  | [v1.4.10 CHANGELOG][1.4.10-changelog] | [v1.4.10 README][1.4.10-readme] |
-| 1.4.9   | Feb 20, 2022 | [v1.4.9 CHANGELOG][1.4.9-changelog]   | [v1.4.9 README][1.4.9-readme]   |
-| 1.4.8   | Feb 18, 2022 | [v1.4.8 CHANGELOG][1.4.8-changelog]   | [v1.4.8 README][1.4.8-readme]   |
-| 1.4.7   | Mar 19, 2021 | [v1.4.7 CHANGELOG][1.4.7-changelog]   | [v1.4.7 README][1.4.7-readme]   |
-| 1.4.6   | Mar 19, 2021 | [v1.4.6 CHANGELOG][1.4.6-changelog]   | [v1.4.6 README][1.4.6-readme]   |
-| 1.4.5   | Mar 18, 2021 | [v1.4.5 CHANGELOG][1.4.5-changelog]   | [v1.4.5 README][1.4.5-readme]   |
-| 1.4.4   | Feb 12, 2020 | [v1.4.4 CHANGELOG][1.4.4-changelog]   | [v1.4.4 README][1.4.4-readme]   |
-| 1.4.3   | Jan 29, 2020 | [v1.4.3 CHANGELOG][1.4.3-changelog]   | [v1.4.3 README][1.4.3-readme]   |
-| 1.4.2   | Oct 1, 2019  | [v1.4.2 CHANGELOG][1.4.2-changelog]   | [v1.4.2 README][1.4.2-readme]   |
-| 1.4.1   | Oct 13, 2018 | [v1.4.1 CHANGELOG][1.4.1-changelog]   | [v1.4.1 README][1.4.1-readme]   |
-| 1.4.0   | Jun 9, 2017  | [v1.4.0 CHANGELOG][1.4.0-changelog]   | [v1.4.0 README][1.4.0-readme]   |
-
                                                                                                              
+  Need enterprise-level guarantees?
 
-[1.4.11-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#1411---2022-09-16
-[1.4.10-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#1410---2022-07-01
-[1.4.9-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#149---2022-02-20
-[1.4.8-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#148---2022-02-18
-[1.4.7-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#147---2021-03-19
-[1.4.6-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#146---2021-03-19
-[1.4.5-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#145---2021-03-18
-[1.4.4-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#144---2020-02-12
-[1.4.3-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#143---2020-01-29
-[1.4.2-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#142---2019-10-01
-[1.4.1-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#141---2018-10-13
-[1.4.0-changelog]: https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#140---2017-06-09
-
-[1.4.11-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.11/README.md
-[1.4.10-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.10/README.md
-[1.4.9-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.9/README.md
-[1.4.8-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.8/README.md
-[1.4.7-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.7/README.md
-[1.4.6-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.6/README.md
-[1.4.5-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.5/README.md
-[1.4.4-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.4/README.md
-[1.4.3-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.3/README.md
-[1.4.2-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.2/README.md
-[1.4.1-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.1/README.md
-[1.4.0-readme]: https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.4.0/README.md
+  
                                                                                                              The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use.
                                                                                                              
 
-
                                                                                                              
-  1.3.x Readmes
+  
                                                                                                              Get help from me on Tidelift
                                                                                                              
 
-| Version | Release Date | Readme                                                       |
-|---------|--------------|--------------------------------------------------------------|
-| 1.3.1   | Mar 3, 2017  | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.1/README.md |
-| 1.3.0   | Dec 27, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.3.0/README.md |
+  
                                                                                                                
+    
                                                                                                              • 💡Subscribe for support guarantees covering all your FLOSS dependencies
                                                                                                                • 
+    
                                                                                                              • 💡Tidelift is part of Sonar
+
                                                                                                                • 
+    
                                                                                                              • 💡Tidelift pays maintainers to maintain the software you depend on!
                                                                                                                📊@Pointy Haired Boss: An enterprise support subscription is “never gonna let you down”, and supports open source maintainers
                                                                                                                • 
+  
                                                                                                              
 
-
                                                                                                              
+  
                                                                                                              Alternatively:
                                                                                                              
 
-
                                                                                                              
-  ≤= 1.2.x Readmes (2016 and before)
-
-| Version | Release Date | Readme                                                       |
-|---------|--------------|--------------------------------------------------------------|
-| 1.2.0   | Jun 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.2.0/README.md |
-| 1.1.0   | Jan 30, 2016 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.1.0/README.md |
-| 1.0.0   | May 23, 2014 | https://gitlab.com/ruby-oauth/oauth2/-/blob/v1.0.0/README.md |
-| < 1.0.0 | Find here    | https://gitlab.com/ruby-oauth/oauth2/-/tags                  |
+  
                                                                                                                
+    
                                                                                                              • Live Chat on Discord
                                                                                                                • 
+    
                                                                                                              • Get help from me on Upwork
                                                                                                                • 
+    
                                                                                                              • Get help from me on Codementor
                                                                                                                • 
+  
                                                                                                              
 
 
                                                                                                              
 
-## ✨ Installation
+
                                                                                                              ✨ Installation
                                                                                                              
 
-Install the gem and add to the application's Gemfile by executing:
+
                                                                                                              Install the gem and add to the application’s Gemfile by executing:
                                                                                                              
 
-```console
+
                                                                                                              console
 bundle add oauth2
-```
+
                                                                                                              
 
-If bundler is not being used to manage dependencies, install the gem by executing:
+
                                                                                                              If bundler is not being used to manage dependencies, install the gem by executing:
                                                                                                              
 
-```console
+
                                                                                                              console
 gem install oauth2
-```
+
                                                                                                              
 
-### 🔒 Secure Installation
+
                                                                                                              🔒 Secure Installation
                                                                                                              
 
 
                                                                                                              
   For Medium or High Security Installations
 
-This gem is cryptographically signed and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by
-[stone_checksums][💎stone_checksums]. Be sure the gem you install hasn’t been tampered with
-by following the instructions below.
+  
                                                                                                              This gem is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by
+stone_checksums. Be sure the gem you install hasn’t been tampered with
+by following the instructions below.
                                                                                                              
 
-Add my public key (if you haven’t already; will expire 2045-04-29) as a trusted certificate:
+  
                                                                                                              Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
                                                                                                              
 
-```console
+  
                                                                                                              console
 gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem)
-```
+
                                                                                                              
 
-You only need to do that once.  Then proceed to install with:
+  
                                                                                                              You only need to do that once.  Then proceed to install with:
                                                                                                              
 
-```console
+  
                                                                                                              console
 gem install oauth2 -P MediumSecurity
-```
+
                                                                                                              
 
-The `MediumSecurity` trust profile will verify signed gems, but allow the installation of unsigned dependencies.
+  
                                                                                                              The MediumSecurity trust profile will verify signed gems, but allow the installation of unsigned dependencies.
                                                                                                              
 
-This is necessary because not all of `oauth2`’s dependencies are signed, so we cannot use `HighSecurity`.
+  
                                                                                                              This is necessary because not all of oauth2’s dependencies are signed, so we cannot use HighSecurity.
                                                                                                              
 
-If you want to up your security game full-time:
+  
                                                                                                              If you want to up your security game full-time:
                                                                                                              
 
-```console
+  
                                                                                                              console
 bundle config set --global trust-policy MediumSecurity
-```
+
                                                                                                              
 
-NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.
+  
                                                                                                              MediumSecurity instead of HighSecurity is necessary if not all the gems you use are signed.
                                                                                                              
+
+  
                                                                                                              NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.
                                                                                                              
 
 
                                                                                                              
 
-## What is new for v2.0?
-
-- Works with Ruby versions >= 2.2
-- Drop support for the expired MAC Draft (all versions)
-- Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
-    - Support JWT `kid` for key discovery and management
-- Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
-- Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
-- Support IETF rfc6749 Don't set oauth params when nil (since v2.0.0)
-- Support IETF rfc7009 Token Revocation (since v2.0.10, updated in v2.0.13 to support revocation via URL-encoded parameters)
-- Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523)
-- Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json`
-- Adds option to `OAuth2::Client#get_token`:
-    - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token`
-- Adds option to `OAuth2::AccessToken#initialize`:
-    - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency
-- By default, keys are transformed to snake case.
-    - Original keys will still work as previously, in most scenarios, thanks to [snaky_hash][snaky_hash] gem.
-    - However, this is a _breaking_ change if you rely on `response.parsed.to_h` to retain the original case, and the original wasn't snake case, as the keys in the result will be snake case.
-    - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
-- By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`)
-    - Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
-- [... A lot more](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/CHANGELOG.md#200-2022-06-21-tag)
-
-[snaky_hash]: https://gitlab.com/ruby-oauth/snaky_hash
-
-## Compatibility
-
-Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
-Compatibility is further distinguished as "Best Effort Support" or "Incidental Support" for older versions of Ruby.
+
                                                                                                              What is new for v2.0?
                                                                                                              
+
+
                                                                                                                
+  
                                                                                                              • Works with Ruby versions >= 2.2
                                                                                                                • 
+  
                                                                                                              • Drop support for the expired MAC Draft (all versions)
                                                                                                                • 
+  
                                                                                                              • Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
+    
                                                                                                                  
+      
                                                                                                                • Support JWT kid for key discovery and management
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+  
                                                                                                              • Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
                                                                                                                • 
+  
                                                                                                              • Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
                                                                                                                • 
+  
                                                                                                              • Support IETF rfc6749 Don’t set oauth params when nil (since v2.0.0)
                                                                                                                • 
+  
                                                                                                              • Support IETF rfc7009 Token Revocation (since v2.0.10, updated in v2.0.13 to support revocation via URL-encoded parameters)
                                                                                                                • 
+  
                                                                                                              • Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523)
+
                                                                                                                • 
+  
                                                                                                              • Support new formats, including from jsonapi.org: application/vdn.api+json, application/vnd.collection+json, application/hal+json, application/problem+json
+
                                                                                                                • 
+  
                                                                                                              • Adds option to OAuth2::Client#get_token:
+    
                                                                                                                  
+      
                                                                                                                • 
+:access_token_class (AccessToken); user specified class to use for all calls to get_token
+
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+  
                                                                                                              • Adds option to OAuth2::AccessToken#initialize:
+    
                                                                                                                  
+      
                                                                                                                • 
+:expires_latency (nil); number of seconds by which AccessToken validity will be reduced to offset latency
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+  
                                                                                                              • By default, keys are transformed to snake case.
+    
                                                                                                                  
+      
                                                                                                                • Original keys will still work as previously, in most scenarios, thanks to snaky_hash gem.
                                                                                                                  • 
+      
                                                                                                                • However, this is a breaking change if you rely on response.parsed.to_h to retain the original case, and the original wasn’t snake case, as the keys in the result will be snake case.
                                                                                                                  • 
+      
                                                                                                                • As of version 2.0.4 you can turn key transformation off with the snaky: false option.
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+  
                                                                                                              • By default, the :auth_scheme is now :basic_auth (instead of :request_body)
+    
                                                                                                                  
+      
                                                                                                                • Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+  
                                                                                                              • … A lot more
                                                                                                                • 
+
                                                                                                              
+
+
                                                                                                              Compatibility
                                                                                                              
+
+
                                                                                                              Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
+Compatibility is further distinguished as “Best Effort Support” or “Incidental Support” for older versions of Ruby.
 This gem will install on Ruby versions >= v2.2 for 2.x releases.
-See `1-4-stable` branch for older rubies.
+See 1-4-stable branch for older rubies.
                                                                                                              
 
-
                                                                                                              
-  Ruby Engine Compatibility Policy
+
                                                                                                              <details markdown=”1>
                                                                                                              
+Ruby Engine Compatibility Policy
 
-This gem is tested against MRI, JRuby, and Truffleruby.
+
                                                                                                              This gem is tested against MRI, JRuby, and Truffleruby.
 Each of those has varying versions that target a specific version of MRI Ruby.
 This gem should work in the just-listed Ruby engines according to the targeted MRI compatibility in the table below.
 If you would like to add support for additional engines,
-see [gemfiles/README.md](gemfiles/README.md), then submit a PR to the correct maintenance branch as according to the table below.
-
                                                                                                              
+see gemfiles/README.md, then submit a PR to the correct maintenance branch as according to the table below.
                                                                                                              
 
-
                                                                                                              
-  Ruby Version Compatibility Policy
+
                                                                                                              </details>
                                                                                                              
+
+
                                                                                                              <details markdown=”1>
                                                                                                              
+Ruby Version Compatibility Policy
 
-If something doesn't work on one of these interpreters, it's a bug.
+
                                                                                                              If something doesn’t work on one of these interpreters, it’s a bug.
                                                                                                              
 
-This library may inadvertently work (or seem to work) on other Ruby
+
                                                                                                              This library may inadvertently work (or seem to work) on other Ruby
 implementations; however, support will only be provided for the versions listed
-above.
+above.
                                                                                                              
 
-If you would like this library to support another Ruby version, you may
+
                                                                                                              If you would like this library to support another Ruby version, you may
 volunteer to be a maintainer. Being a maintainer entails making sure all tests
 run and pass on that implementation. When something breaks on your
 implementation, you will be responsible for providing patches in a timely
 fashion. If critical issues for a particular implementation exist at the time
-of a major release, support for that Ruby version may be dropped.
-
                                                                                                              
-
-|     | Ruby OAuth2 Version | Maintenance Branch | Targeted Support     | Best Effort Support     | Incidental Support           |
-|:----|---------------------|--------------------|----------------------|-------------------------|------------------------------|
-| 1️⃣ | 2.0.x               | `main`             | 3.2, 3.3, 3.4        | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.2, 2.3, 2.4                |
-| 2️⃣ | 1.4.x               | `1-4-stable`       | 3.2, 3.3, 3.4        | 2.5, 2.6, 2.7, 3.0, 3.1 | 1.9, 2.0, 2.1, 2.2, 2.3, 2.4 |
-| 3️⃣ | older               | N/A                | Best of luck to you! | Please upgrade!         |                              |
-
-NOTE: The 1.4 series will only receive critical security updates.
-See [SECURITY.md][🔐security] and [IRP.md][🔐irp].
-
-## ⚙️ Configuration
-
-You can turn on additional warnings.
-
-```ruby
+of a major release, support for that Ruby version may be dropped.
                                                                                                              
+
+
                                                                                                              </details>
                                                                                                              
+
+
+  
+    
+      
+      
+      
+      
+      
+      
+    
+  
+  
+    
+      
+      
+      
+      
+      
+      
+    
+    
+      
+      
+      
+      
+      
+      
+    
+    
+      
+      
+      
+      
+      
+      
+    
+  
+
                                                                                                               Ruby OAuth2 VersionMaintenance BranchTargeted SupportBest Effort SupportIncidental Support
                                                                                                              1️⃣2.0.xmain3.2, 3.3, 3.42.5, 2.6, 2.7, 3.0, 3.12.2, 2.3, 2.4
                                                                                                              2️⃣1.4.x1-4-stable3.2, 3.3, 3.42.5, 2.6, 2.7, 3.0, 3.11.9, 2.0, 2.1, 2.2, 2.3, 2.4
                                                                                                              3️⃣olderN/ABest of luck to you!Please upgrade! 
                                                                                                              
+
+
                                                                                                              NOTE: The 1.4 series will only receive critical security updates.
+See SECURITY.md and IRP.md.
                                                                                                              
+
+
                                                                                                              ⚙️ Configuration
                                                                                                              
+
+
                                                                                                              You can turn on additional warnings.
                                                                                                              
+
+
                                                                                                              ruby
 OAuth2.configure do |config|
   # Turn on a warning like:
   #   OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key
@@ -577,54 +633,56 @@ 
                                                                                                              Quick Examples
                                                                                                              
   # Set to true if you want to also show warnings about no tokens
   config.silence_no_tokens_warning = false # default: true,
 end
-```
+
                                                                                                              
 
-The "extra tokens" problem comes from ambiguity in the spec about which token is the right token.
+
                                                                                                              The “extra tokens” problem comes from ambiguity in the spec about which token is the right token.
 Some OAuth 2.0 standards legitimately have multiple tokens.
-You may need to subclass `OAuth2::AccessToken`, or write your own custom alternative to it, and pass it in.
-Specify your custom class with the `access_token_class` option.
+You may need to subclass OAuth2::AccessToken, or write your own custom alternative to it, and pass it in.
+Specify your custom class with the access_token_class option.
                                                                                                              
 
-If you only need one token, you can, as of v2.0.10,
-specify the exact token name you want to extract via the `OAuth2::AccessToken` using
-the `token_name` option.
+
                                                                                                              If you only need one token, you can, as of v2.0.10,
+specify the exact token name you want to extract via the OAuth2::AccessToken using
+the token_name option.
                                                                                                              
 
-You'll likely need to do some source diving.
+
                                                                                                              You’ll likely need to do some source diving.
 This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
-If you have time and energy, please contribute to the documentation!
+If you have time and energy, please contribute to the documentation!
                                                                                                              
 
-## 🔧 Basic Usage
+
                                                                                                              🔧 Basic Usage
                                                                                                              
 
-### `authorize_url` and `token_url` are on site root (Just Works!)
+
                                                                                                              
+authorize_url and token_url are on site root (Just Works!)
                                                                                                              
 
-```ruby
-require "oauth2"
-client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/")
-# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
-client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth2/callback")
-# => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+
                                                                                                              ```ruby
+require “oauth2”
+client = OAuth2::Client.new(“client_id”, “client_secret”, site: “https://example.org”)
+# => #<OAuth2::Client:0x00000001204c8288 @id=”client_id”, @secret=”client_sec…
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20%E2%80%9Chttp://localhost:8080/oauth2/callback%E2%80%9D)
+# => “https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code”
                                                                                                              
 
-access = client.auth_code.get_token("authorization_code_value", redirect_uri: "http://localhost:8080/oauth2/callback", headers: => "Basic some_password")
-response = access.get("/api/resource", params: => "bar")
+
                                                                                                              access = client.auth_code.get_token(“authorization_code_value”, redirect_uri: “http://localhost:8080/oauth2/callback”, headers: {”Authorization” => “Basic some_password”})
+response = access.get(“/api/resource”, params: {”query_foo” => “bar”})
 response.class.name
 # => OAuth2::Response
-```
+```
                                                                                                              
 
-### Relative `authorize_url` and `token_url` (Not on site root, Just Works!)
+
                                                                                                              Relative authorize_url and token_url (Not on site root, Just Works!)
                                                                                                              
 
-In the above example, the default Authorization URL is `oauth/authorize` and default Access Token URL is `oauth/token`, and, as they are missing a leading `/`, both are relative.
+
                                                                                                              In the above example, the default Authorization URL is oauth/authorize and default Access Token URL is oauth/token, and, as they are missing a leading /, both are relative.
                                                                                                              
 
-```ruby
+
                                                                                                              ruby
 client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
 # => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
 client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth2/callback")
 # => "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
-```
+
                                                                                                              
 
-### Customize `authorize_url` and `token_url`
+
                                                                                                              Customize authorize_url and token_url
+
                                                                                                              
 
-You can specify custom URLs for authorization and access token, and when using a leading `/` they will _not be relative_, as shown below:
+
                                                                                                              You can specify custom URLs for authorization and access token, and when using a leading / they will not be relative, as shown below:
                                                                                                              
 
-```ruby
+
                                                                                                              ruby
 client = OAuth2::Client.new(
   "client_id",
   "client_secret",
@@ -637,105 +695,109 @@ 
                                                                                                              Quick Examples
                                                                                                              
 # => "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
 client.class.name
 # => OAuth2::Client
-```
+
                                                                                                              
 
-### snake_case and indifferent access in Response#parsed
+
                                                                                                              snake_case and indifferent access in Response#parsed
                                                                                                              
 
-```ruby
-response = access.get("/api/resource", params: => "bar")
+
                                                                                                              ruby
+response = access.get("/api/resource", params: {"query_foo" => "bar"})
 # Even if the actual response is CamelCase. it will be made available as snaky:
-JSON.parse(response.body)         # => "additionalData"=>"additional"
-response.parsed                   # => "additional_data"=>"additional"
+JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed                   # => {"access_token"=>"aaaaaaaa", "additional_data"=>"additional"}
 response.parsed.access_token      # => "aaaaaaaa"
 response.parsed[:access_token]    # => "aaaaaaaa"
 response.parsed.additional_data   # => "additional"
 response.parsed[:additional_data] # => "additional"
 response.parsed.class.name        # => SnakyHash::StringKeyed (from snaky_hash gem)
-```
+
                                                                                                              
 
-#### Serialization
+
                                                                                                              Serialization
                                                                                                              
 
-As of v2.0.11, if you need to serialize the parsed result, you can!
+
                                                                                                              As of v2.0.11, if you need to serialize the parsed result, you can!
                                                                                                              
 
-There are two ways to do this, globally, or discretely.  The discrete way is recommended.
+
                                                                                                              There are two ways to do this, globally, or discretely.  The discrete way is recommended.
                                                                                                              
 
-##### Global Serialization Config
+
                                                                                                              Global Serialization Config
                                                                                                              
 
-Globally configure `SnakyHash::StringKeyed` to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails).
+
                                                                                                              Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails).
                                                                                                              
 
-```ruby
+
                                                                                                              ruby
 SnakyHash::StringKeyed.class_eval do
   extend SnakyHash::Serializer
 end
-```
+
                                                                                                              
 
-##### Discrete Serialization Config
+
                                                                                                              Discrete Serialization Config
                                                                                                              
 
-Discretely configure a custom Snaky Hash class to use the serializer.
+
                                                                                                              Discretely configure a custom Snaky Hash class to use the serializer.
                                                                                                              
 
-```ruby
+
                                                                                                              ```ruby
 class MySnakyHash < SnakyHash::StringKeyed
-  # Give this hash class `dump` and `load` abilities!
+  # Give this hash class dump and load abilities!
   extend SnakyHash::Serializer
-end
+end
                                                                                                              
 
-# And tell your client to use the custom class in each call:
-client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
-token = client.get_token(MySnakyHash)
-```
+
                                                                                                              And tell your client to use the custom class in each call:
                                                                                                              
+
                                                                                                              client = OAuth2::Client.new(“client_id”, “client_secret”, site: “https://example.org/oauth2”)
+token = client.get_token({snaky_hash_klass: MySnakyHash})
+```
                                                                                                              
 
-##### Serialization Extensions
+
                                                                                                              Serialization Extensions
                                                                                                              
 
-These extensions work regardless of whether you used the global or discrete config above.
+
                                                                                                              These extensions work regardless of whether you used the global or discrete config above.
                                                                                                              
 
-There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
+
                                                                                                              There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
 They are likely not needed if you are on a newer Ruby.
-See [response_spec.rb](https://github.com/ruby-oauth/oauth2/blob/main/spec/oauth2/response_spec.rb) if you need to study the hacks for older Rubies.
+Expand the examples below, or the ruby-oauth/snaky_hash gem,
+or response_spec.rb, for more ideas, especially if you need to study the hacks for older Rubies.
                                                                                                              
+
+
                                                                                                              <details markdown=”1>
                                                                                                              
+See Examples
 
-```ruby
+
                                                                                                              ```ruby
 class MySnakyHash < SnakyHash::StringKeyed
-  # Give this hash class `dump` and `load` abilities!
-  extend SnakyHash::Serializer
+  # Give this hash class dump and load abilities!
+  extend SnakyHash::Serializer
                                                                                                              
 
-  #### Serialization Extentions
+
                                                                                                              #### Serialization Extentions
   #
   # Act on the non-hash values (including the values of hashes) as they are dumped to JSON
   # In other words, this retains nested hashes, and only the deepest leaf nodes become bananas.
   # WARNING: This is a silly example!
   dump_value_extensions.add(:to_fruit) do |value|
-    "banana" # => Make values "banana" on dump
-  end
+    “banana” # => Make values “banana” on dump
+  end
                                                                                                              
 
-  # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
-  # In other words, this retains nested hashes, and only the deepest leaf nodes become ***.
+
                                                                                                              # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
+  # In other words, this retains nested hashes, and only the deepest leaf nodes become .
   # WARNING: This is a silly example!
   load_value_extensions.add(:to_stars) do |value|
-    "***" # Turn dumped bananas into *** when they are loaded
-  end
+    “” # Turn dumped bananas into *** when they are loaded
+  end
                                                                                                              
 
-  # Act on the entire hash as it is prepared for dumping to JSON
+
                                                                                                              # Act on the entire hash as it is prepared for dumping to JSON
   # WARNING: This is a silly example!
   dump_hash_extensions.add(:to_cheese) do |value|
     if value.is_a?(Hash)
       value.transform_keys do |key|
-        split = key.split("_")
+        split = key.split(“_”)
         first_word = split[0]
-        key.sub(first_word, "cheese")
+        key.sub(first_word, “cheese”)
       end
     else
       value
     end
-  end
+  end
                                                                                                              
 
-  # Act on the entire hash as it is loaded from the JSON dump
+
                                                                                                              # Act on the entire hash as it is loaded from the JSON dump
   # WARNING: This is a silly example!
   load_hash_extensions.add(:to_pizza) do |value|
     if value.is_a?(Hash)
       res = klass.new
       value.keys.each_with_object(res) do |key, result|
-        split = key.split("_")
+        split = key.split(“_”)
         last_word = split[-1]
-        new_key = key.sub(last_word, "pizza")
+        new_key = key.sub(last_word, “pizza”)
         result[new_key] = value[key]
       end
       res
@@ -744,35 +806,35 @@ 
                                                                                                              Quick Examples
                                                                                                              
     end
   end
 end
-```
+```
                                                                                                              
 
-See [response_spec.rb](https://github.com/ruby-oauth/oauth2/blob/main/spec/oauth2/response_spec.rb), or the [ruby-oauth/snaky_hash](https://gitlab.com/ruby-oauth/snaky_hash) gem for more ideas.
+
                                                                                                              </details>
                                                                                                              
 
-#### Prefer camelCase over snake_case? => snaky: false
+
                                                                                                              Prefer camelCase over snake_case? => snaky: false
                                                                                                              
 
-```ruby
-response = access.get("/api/resource", params: => "bar", snaky: false)
-JSON.parse(response.body)         # => "additionalData"=>"additional"
-response.parsed                   # => "additionalData"=>"additional"
+
                                                                                                              ruby
+response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
+JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed                   # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
 response.parsed["accessToken"]    # => "aaaaaaaa"
 response.parsed["additionalData"] # => "additional"
 response.parsed.class.name        # => Hash (just, regular old Hash)
-```
+
                                                                                                              
 
 
                                                                                                              
   Debugging & Logging
 
-Set an environment variable as per usual (e.g. with [dotenv](https://github.com/bkeepers/dotenv)).
+  
                                                                                                              Set an environment variable as per usual (e.g. with dotenv).
                                                                                                              
 
-```ruby
+  
                                                                                                              ruby
 # will log both request and response, including bodies
 ENV["OAUTH_DEBUG"] = "true"
-```
+
                                                                                                              
 
-By default, debug output will go to `$stdout`. This can be overridden when
-initializing your OAuth2::Client.
+  
                                                                                                              By default, debug output will go to $stdout. This can be overridden when
+initializing your OAuth2::Client.
                                                                                                              
 
-```ruby
+  
                                                                                                              ruby
 require "oauth2"
 client = OAuth2::Client.new(
   "client_id",
@@ -780,304 +842,377 @@ 
                                                                                                              Quick Examples
                                                                                                              
   site: "https://example.org/",
   logger: Logger.new("example.log", "weekly"),
 )
-```
+
                                                                                                              
+
 
                                                                                                              
 
-### OAuth2::Response
+
                                                                                                              OAuth2::Response
                                                                                                              
 
-The `AccessToken` methods `#get`, `#post`, `#put` and `#delete` and the generic `#request`
-will return an instance of the #OAuth2::Response class.
+
                                                                                                              The AccessToken methods #get, #post, #put and #delete and the generic #request
+will return an instance of the #OAuth2::Response class.
                                                                                                              
 
-This instance contains a `#parsed` method that will parse the response body and
-return a Hash-like [`SnakyHash::StringKeyed`](https://gitlab.com/ruby-oauth/snaky_hash/-/blob/main/lib/snaky_hash/string_keyed.rb) if the `Content-Type` is `application/x-www-form-urlencoded` or if
+
                                                                                                              This instance contains a #parsed method that will parse the response body and
+return a Hash-like SnakyHash::StringKeyed if the Content-Type is application/x-www-form-urlencoded or if
 the body is a JSON object.  It will return an Array if the body is a JSON
-array.  Otherwise, it will return the original body string.
+array.  Otherwise, it will return the original body string.
                                                                                                              
 
-The original response body, headers, and status can be accessed via their
-respective methods.
+
                                                                                                              The original response body, headers, and status can be accessed via their
+respective methods.
                                                                                                              
 
-### OAuth2::AccessToken
+
                                                                                                              OAuth2::AccessToken
                                                                                                              
 
-If you have an existing Access Token for a user, you can initialize an instance
-using various class methods including the standard new, `from_hash` (if you have
-a hash of the values), or `from_kvform` (if you have an
-`application/x-www-form-urlencoded` encoded string of the values).
+
                                                                                                              If you have an existing Access Token for a user, you can initialize an instance
+using various class methods including the standard new, from_hash (if you have
+a hash of the values), or from_kvform (if you have an
+application/x-www-form-urlencoded encoded string of the values).
                                                                                                              
+
+
                                                                                                              Options (since v2.0.x unless noted):
                                                                                                              
+
+
                                                                                                                
+  
                                                                                                              • 
+    
+      
+        
+          
+          
+        
+      
+    
                                                                                                                
+expires_latency (Integernil): Seconds to subtract from expires_in when computing #expired? to offset latency.
                                                                                                                
+  
                                                                                                                • 
+  
                                                                                                              • 
+    
+      
+        
+          
+          
+          
+        
+      
+    
                                                                                                                
+token_name (StringSymbolnil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
                                                                                                                
+  
                                                                                                                • 
+  
                                                                                                              • 
+    
+      
+        
+          
+          
+          
+        
+      
+    
                                                                                                                
+mode (SymbolProcHash): Controls how the token is transmitted on requests made via this AccessToken instance.
                                                                                                                
+    
                                                                                                                  
+      
                                                                                                                • 
+:header — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
+
                                                                                                                  • 
+      
                                                                                                                • 
+:query — Send as access_token query parameter (discouraged in general, but required by some providers).
                                                                                                                  • 
+      
                                                                                                                • Verb-dependent (since v2.0.15): Provide either:
+        
                                                                                                                    
+          
                                                                                                                  • a Proc taking |verb| and returning :header or :query, or
                                                                                                                    • 
+          
                                                                                                                  • a Hash with verb symbols as keys, for example {get: :query, post: :header, delete: :header}.
                                                                                                                    • 
+        
                                                                                                                  
+      
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+
                                                                                                              
 
-Options (since v2.0.x unless noted):
-- `expires_latency` (Integer | nil): Seconds to subtract from expires_in when computing #expired? to offset latency.
-- `token_name` (String | Symbol | nil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
-- `mode` (Symbol | Proc | Hash): Controls how the token is transmitted on requests made via this AccessToken instance.
-  - `:header` — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
-  - `:query` — Send as access_token query parameter (discouraged in general, but required by some providers).
-  - Verb-dependent (since v2.0.15): Provide either:
-    - a `Proc` taking `|verb|` and returning `:header` or `:query`, or
-    - a `Hash` with verb symbols as keys, for example `:query, post: :header, delete: :header`.
+
                                                                                                              Note: Verb-dependent mode supports providers like Instagram that require query mode for GET and header mode for POST/DELETE
                                                                                                              
 
-Note: Verb-dependent mode supports providers like Instagram that require query mode for `GET` and header mode for `POST`/`DELETE`
-- Verb-dependent mode via `Proc` was added in v2.0.15
-- Verb-dependent mode via `Hash` was added in v2.0.16
+
                                                                                                                
+  
                                                                                                              • Verb-dependent mode via Proc was added in v2.0.15
                                                                                                                • 
+  
                                                                                                              • Verb-dependent mode via Hash was added in v2.0.16
                                                                                                                • 
+
                                                                                                              
 
-### OAuth2::Error
+
                                                                                                              OAuth2::Error
                                                                                                              
 
-On 400+ status code responses, an `OAuth2::Error` will be raised.  If it is a
-standard OAuth2 error response, the body will be parsed and `#code` and `#description` will contain the values provided from the error and
-`error_description` parameters.  The `#response` property of `OAuth2::Error` will
-always contain the `OAuth2::Response` instance.
+
                                                                                                              On 400+ status code responses, an OAuth2::Error will be raised.  If it is a
+standard OAuth2 error response, the body will be parsed and #code and #description will contain the values provided from the error and
+error_description parameters.  The #response property of OAuth2::Error will
+always contain the OAuth2::Response instance.
                                                                                                              
 
-If you do not want an error to be raised, you may use `:raise_errors => false`
-option on initialization of the client.  In this case the `OAuth2::Response`
+
                                                                                                              If you do not want an error to be raised, you may use :raise_errors => false
+option on initialization of the client.  In this case the OAuth2::Response
 instance will be returned as usual and on 400+ status code responses, the
-Response instance will contain the `OAuth2::Error` instance.
-
-### Authorization Grants
-
-Note on OAuth 2.1 (draft):
-- PKCE is required for all OAuth clients using the authorization code flow (especially public clients). Implement PKCE in your app when required by your provider. See RFC 7636 and RFC 8252.
-- Redirect URIs must be compared using exact string matching by the Authorization Server.
-- The Implicit grant (response_type=token) and the Resource Owner Password Credentials grant are omitted from OAuth 2.1; they remain here for OAuth 2.0 compatibility but should be avoided for new apps.
-- Bearer tokens in the query string are omitted due to security risks; prefer Authorization header usage.
-- Refresh tokens for public clients must either be sender-constrained (e.g., DPoP/MTLS) or one-time use.
-- The definitions of public and confidential clients are simplified to refer only to whether the client has credentials.
-
-References:
-- OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
-- Aaron Parecki: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
-- FusionAuth: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
-- Okta: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
-- Video: https://www.youtube.com/watch?v=g_aVPdwBTfw
-- Differences overview: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
-
-Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
+Response instance will contain the OAuth2::Error instance.
                                                                                                              
+
+
                                                                                                              Authorization Grants
                                                                                                              
+
+
                                                                                                              Note on OAuth 2.1 (draft):
                                                                                                              
+
+
                                                                                                                
+  
                                                                                                              • PKCE is required for all OAuth clients using the authorization code flow (especially public clients). Implement PKCE in your app when required by your provider. See RFC 7636 and RFC 8252.
                                                                                                                • 
+  
                                                                                                              • Redirect URIs must be compared using exact string matching by the Authorization Server.
                                                                                                                • 
+  
                                                                                                              • The Implicit grant (response_type=token) and the Resource Owner Password Credentials grant are omitted from OAuth 2.1; they remain here for OAuth 2.0 compatibility but should be avoided for new apps.
                                                                                                                • 
+  
                                                                                                              • Bearer tokens in the query string are omitted due to security risks; prefer Authorization header usage.
                                                                                                                • 
+  
                                                                                                              • Refresh tokens for public clients must either be sender-constrained (e.g., DPoP/MTLS) or one-time use.
                                                                                                                • 
+  
                                                                                                              • The definitions of public and confidential clients are simplified to refer only to whether the client has credentials.
                                                                                                                • 
+
                                                                                                              
+
+
                                                                                                              References:
                                                                                                              
+
+
                                                                                                                
+  
                                                                                                              • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
                                                                                                                • 
+  
                                                                                                              • Aaron Parecki: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
                                                                                                                • 
+  
                                                                                                              • FusionAuth: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
                                                                                                                • 
+  
                                                                                                              • Okta: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
                                                                                                                • 
+  
                                                                                                              • Video: https://www.youtube.com/watch?v=g_aVPdwBTfw
                                                                                                                • 
+  
                                                                                                              • Differences overview: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
                                                                                                                • 
+
                                                                                                              
+
+
                                                                                                              Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
 authentication grant types have helper strategy classes that simplify client
-use. They are available via the [`#auth_code`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/auth_code.rb),
-[`#implicit`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/implicit.rb),
-[`#password`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/password.rb),
-[`#client_credentials`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/client_credentials.rb), and
-[`#assertion`](https://gitlab.com/ruby-oauth/oauth2/-/blob/main/lib/oauth2/strategy/assertion.rb) methods respectively.
-
-These aren't full examples, but demonstrative of the differences between usage for each strategy.
-```ruby
-auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth/callback")
-access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback")
-
-auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth/callback")
+use. They are available via the #auth_code,
+#implicit,
+#password,
+#client_credentials, and
+#assertion methods respectively.
                                                                                                              
+
+
                                                                                                              These aren’t full examples, but demonstrative of the differences between usage for each strategy.
                                                                                                              
+
+
                                                                                                              ```ruby
+auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20%E2%80%9Chttp://localhost:8080/oauth/callback%E2%80%9D)
+access = client.auth_code.get_token(“code_value”, redirect_uri: “http://localhost:8080/oauth/callback”)
                                                                                                              
+
+
                                                                                                              auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20%E2%80%9Chttp://localhost:8080/oauth/callback%E2%80%9D)
 # get the token params in the callback and
-access = OAuth2::AccessToken.from_kvform(client, query_string)
+access = OAuth2::AccessToken.from_kvform(client, query_string)
                                                                                                              
 
-access = client.password.get_token("username", "password")
+
                                                                                                              access = client.password.get_token(“username”, “password”)
                                                                                                              
 
-access = client.client_credentials.get_token
+
                                                                                                              access = client.client_credentials.get_token
                                                                                                              
 
-# Client Assertion Strategy
-# see: https://tools.ietf.org/html/rfc7523
+
                                                                                                              Client Assertion Strategy
                                                                                                              
+
                                                                                                              # see: https://tools.ietf.org/html/rfc7523
 claimset = {
-  iss: "http://localhost:3001/",
-  aud: "http://localhost:8080/oauth2/token",
-  sub: "me@example.com",
+  iss: “http://localhost:3001”,
+  aud: “http://localhost:8080/oauth2/token”,
+  sub: “me@example.com”,
   exp: Time.now.utc.to_i + 3600,
 }
-assertion_params = [claimset, "HS256", "secret_key"]
-access = client.assertion.get_token(assertion_params)
+assertion_params = [claimset, “HS256”, “secret_key”]
+access = client.assertion.get_token(assertion_params)
                                                                                                              
 
-# The `access` (i.e. access token) is then used like so:
-access.token # actual access_token string, if you need it somewhere
-access.get("/api/stuff") # making api calls with access token
-```
+
                                                                                                              The access (i.e. access token) is then used like so:
                                                                                                              
+
                                                                                                              access.token # actual access_token string, if you need it somewhere
+access.get(“/api/stuff”) # making api calls with access token
+```
                                                                                                              
 
-If you want to specify additional headers to be sent out with the
-request, add a 'headers' hash under 'params':
+
                                                                                                              If you want to specify additional headers to be sent out with the
+request, add a ‘headers’ hash under ‘params’:
                                                                                                              
 
-```ruby
-access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: => "Header")
-```
+
                                                                                                              ruby
+access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: {"Some" => "Header"})
+
                                                                                                              
 
-You can always use the `#request` method on the `OAuth2::Client` instance to make
-requests for tokens for any Authentication grant type.
+
                                                                                                              You can always use the #request method on the OAuth2::Client instance to make
+requests for tokens for any Authentication grant type.
                                                                                                              
 
-## 📘 Comprehensive Usage
+
                                                                                                              📘 Comprehensive Usage
                                                                                                              
 
-### Common Flows (end-to-end)
+
                                                                                                              Common Flows (end-to-end)
                                                                                                              
 
-- Authorization Code (server-side web app):
+
                                                                                                                
+  
                                                                                                              • Authorization Code (server-side web app):
                                                                                                                • 
+
                                                                                                              
 
-```ruby
-require "oauth2"
+
                                                                                                              ```ruby
+require “oauth2”
 client = OAuth2::Client.new(
-  ENV["CLIENT_ID"],
-  ENV["CLIENT_SECRET"],
-  site: "https://provider.example.com/",
-  redirect_uri: "https://my.app.example.com/oauth/callback",
-)
-
-# Step 1: redirect user to consent
-state = SecureRandom.hex(16)
-auth_url = client.auth_code.authorize_url(/service/scope: "openid profile email", state: state)
-# redirect_to auth_url
-
-# Step 2: handle the callback
-# params[:code], params[:state]
-raise "state mismatch" unless params[:state] == state
-access = client.auth_code.get_token(params[:code])
+  ENV[“CLIENT_ID”],
+  ENV[“CLIENT_SECRET”],
+  site: “https://provider.example.com”,
+  redirect_uri: “https://my.app.example.com/oauth/callback”,
+)
                                                                                                              
+
+
                                                                                                              Step 1: redirect user to consent
                                                                                                              
+
                                                                                                              state = SecureRandom.hex(16)
+auth_url = client.auth_code.authorize_url(/service/scope: %E2%80%9Copenid profile email%E2%80%9D, state: state)
+# redirect_to auth_url
                                                                                                              
+
+
                                                                                                              Step 2: handle the callback
                                                                                                              
+
                                                                                                              # params[:code], params[:state]
+raise “state mismatch” unless params[:state] == state
+access = client.auth_code.get_token(params[:code])
                                                                                                              
+
+
                                                                                                              Step 3: call APIs
                                                                                                              
+
                                                                                                              profile = access.get(“/api/v1/me”).parsed
+```
                                                                                                              
 
-# Step 3: call APIs
-profile = access.get("/api/v1/me").parsed
-```
-
-- Client Credentials (machine-to-machine):
+
                                                                                                                
+  
                                                                                                              • Client Credentials (machine-to-machine):
                                                                                                                • 
+
                                                                                                              
 
-```ruby
+
                                                                                                              ruby
 client = OAuth2::Client.new(ENV["CLIENT_ID"], ENV["CLIENT_SECRET"], site: "https://provider.example.com/")
 access = client.client_credentials.get_token(audience: "https://api.example.com/")
 resp = access.get("/v1/things")
-```
+
                                                                                                              
 
-- Resource Owner Password (legacy; avoid when possible):
+
                                                                                                                
+  
                                                                                                              • Resource Owner Password (legacy; avoid when possible):
                                                                                                                • 
+
                                                                                                              
 
-```ruby
+
                                                                                                              ruby
 access = client.password.get_token("jdoe", "s3cret", scope: "read")
-```
+
                                                                                                              
 
-#### Examples
+
                                                                                                              Examples
                                                                                                              
 
 
                                                                                                              
-JHipster UAA (Spring Cloud) password grant example (legacy; avoid when possible)
+  JHipster UAA (Spring Cloud) password grant example (legacy; avoid when possible)
 
-```ruby
+  
                                                                                                              ```ruby
 # This converts a Postman/Net::HTTP multipart token request to oauth2 gem usage.
 # JHipster UAA typically exposes the token endpoint at /uaa/oauth/token.
 # The original snippet included:
 # - Basic Authorization header for the client (web_app:changeit)
 # - X-XSRF-TOKEN header from a cookie (some deployments require it)
 # - grant_type=password with username/password and client_id
-# Using oauth2 gem, you don't need to build multipart bodies; the gem sends
-# application/x-www-form-urlencoded as required by RFC 6749.
+# Using oauth2 gem, you don’t need to build multipart bodies; the gem sends
+# application/x-www-form-urlencoded as required by RFC 6749.
                                                                                                              
 
-require "oauth2"
+  
                                                                                                              require “oauth2”
                                                                                                              
 
-client = OAuth2::Client.new(
-  "web_app",            # client_id
-  "changeit",           # client_secret
-  site: "http://localhost:8080/uaa",
-  token_url: "/oauth/token",      # absolute under site (or "oauth/token" relative)
+  
                                                                                                              client = OAuth2::Client.new(
+  “web_app”,            # client_id
+  “changeit”,           # client_secret
+  site: “http://localhost:8080/uaa”,
+  token_url: “/oauth/token”,      # absolute under site (or “oauth/token” relative)
   auth_scheme: :basic_auth,         # sends HTTP Basic Authorization header
-)
+)
                                                                                                              
 
-# If your UAA requires an XSRF header for the token call, provide it as a header.
-# Often this is not required for token endpoints, but if your gateway enforces it,
+  
                                                                                                              If your UAA requires an XSRF header for the token call, provide it as a header.
                                                                                                              
+  
                                                                                                              # Often this is not required for token endpoints, but if your gateway enforces it,
 # obtain the value from the XSRF-TOKEN cookie and pass it here.
-xsrf_token = ENV["X_XSRF_TOKEN"] # e.g., pulled from a prior set-cookie value
+xsrf_token = ENV[“X_XSRF_TOKEN”] # e.g., pulled from a prior set-cookie value
                                                                                                              
 
-access = client.password.get_token(
-  "admin",                 # username
-  "admin",                 # password
-  headers: xsrf_token ? => xsrf_token : {},
+  
                                                                                                              access = client.password.get_token(
+  “admin”,                 # username
+  “admin”,                 # password
+  headers: xsrf_token ? {”X-XSRF-TOKEN” => xsrf_token} : {},
   # JHipster commonly also accepts/needs the client_id in the body; include if required:
-  # client_id: "web_app",
-)
+  # client_id: “web_app”,
+)
                                                                                                              
 
-puts access.token
+  
                                                                                                              puts access.token
 puts access.to_hash # full token response
-```
+```
                                                                                                              
 
-Notes:
-- Resource Owner Password Credentials (ROPC) is deprecated in OAuth 2.1 and discouraged. Prefer Authorization Code + PKCE.
-- If your deployment strictly demands the X-XSRF-TOKEN header, first fetch it from an endpoint that sets the XSRF-TOKEN cookie (often "/" or a login page) and pass it to headers.
-- For Basic auth, auth_scheme: :basic_auth handles the Authorization header; you do not need to base64-encode manually.
+  
                                                                                                              Notes:
                                                                                                              
+
+  
                                                                                                                
+    
                                                                                                              • Resource Owner Password Credentials (ROPC) is deprecated in OAuth 2.1 and discouraged. Prefer Authorization Code + PKCE.
                                                                                                                • 
+    
                                                                                                              • If your deployment strictly demands the X-XSRF-TOKEN header, first fetch it from an endpoint that sets the XSRF-TOKEN cookie (often “/” or a login page) and pass it to headers.
                                                                                                                • 
+    
                                                                                                              • For Basic auth, auth_scheme: :basic_auth handles the Authorization header; you do not need to base64-encode manually.
                                                                                                                • 
+  
                                                                                                              
 
 
                                                                                                              
 
-### Instagram API (verb‑dependent token mode)
+
                                                                                                              Instagram API (verb‑dependent token mode)
                                                                                                              
+
+
                                                                                                              Providers like Instagram require the access token to be sent differently depending on the HTTP verb:
                                                                                                              
 
-Providers like Instagram require the access token to be sent differently depending on the HTTP verb:
-- GET requests: token must be in the query string (?access_token=...)
-- POST/DELETE requests: token must be in the Authorization header (Bearer ...)
+
                                                                                                                
+  
                                                                                                              • GET requests: token must be in the query string (?access_token=…)
                                                                                                                • 
+  
                                                                                                              • POST/DELETE requests: token must be in the Authorization header (Bearer …)
                                                                                                                • 
+
                                                                                                              
 
-Since v2.0.15, you can configure an AccessToken with a verb‑dependent mode. The gem will choose how to send the token based on the request method.
+
                                                                                                              Since v2.0.15, you can configure an AccessToken with a verb‑dependent mode. The gem will choose how to send the token based on the request method.
                                                                                                              
 
-Example: exchanging and refreshing long‑lived Instagram tokens, and making API calls
+
                                                                                                              Example: exchanging and refreshing long‑lived Instagram tokens, and making API calls
                                                                                                              
 
-```ruby
-require "oauth2"
+
                                                                                                              ```ruby
+require “oauth2”
                                                                                                              
 
-# NOTE: Users authenticate via Facebook Login to obtain a short‑lived user token (not shown here).
-# See Facebook Login docs for obtaining the initial short‑lived token.
+
                                                                                                              NOTE: Users authenticate via Facebook Login to obtain a short‑lived user token (not shown here).
                                                                                                              
+
                                                                                                              # See Facebook Login docs for obtaining the initial short‑lived token.
                                                                                                              
 
-client = OAuth2::Client.new(nil, nil, site: "https://graph.instagram.com/")
+
                                                                                                              client = OAuth2::Client.new(nil, nil, site: “https://graph.instagram.com”)
                                                                                                              
 
-# Start with a short‑lived token you already obtained via Facebook Login
-short_lived = OAuth2::AccessToken.new(
+
                                                                                                              Start with a short‑lived token you already obtained via Facebook Login
                                                                                                              
+
                                                                                                              short_lived = OAuth2::AccessToken.new(
   client,
-  ENV["IG_SHORT_LIVED_TOKEN"],
+  ENV[“IG_SHORT_LIVED_TOKEN”],
   # Key part: verb‑dependent mode
-  mode: :query, post: :header, delete: :header,
-)
+  mode: {get: :query, post: :header, delete: :header},
+)
                                                                                                              
 
-# 1) Exchange for a long‑lived token (Instagram requires GET with access_token in query)
-#    Endpoint: GET https://graph.instagram.com/access_token
+
                                                                                                              1) Exchange for a long‑lived token (Instagram requires GET with access_token in query)
                                                                                                              
+
                                                                                                              #    Endpoint: GET https://graph.instagram.com/access_token
 #    Params: grant_type=ig_exchange_token, client_secret=APP_SECRET
 exchange = short_lived.get(
-  "/access_token",
+  “/access_token”,
   params: {
-    grant_type: "ig_exchange_token",
-    client_secret: ENV["IG_APP_SECRET"],
+    grant_type: “ig_exchange_token”,
+    client_secret: ENV[“IG_APP_SECRET”],
     # access_token param will be added automatically by the AccessToken (mode => :query for GET)
   },
 )
-long_lived_token_value = exchange.parsed["access_token"]
+long_lived_token_value = exchange.parsed[“access_token”]
                                                                                                              
 
-long_lived = OAuth2::AccessToken.new(
+
                                                                                                              long_lived = OAuth2::AccessToken.new(
   client,
   long_lived_token_value,
-  mode: :query, post: :header, delete: :header,
-)
+  mode: {get: :query, post: :header, delete: :header},
+)
                                                                                                              
 
-# 2) Refresh the long‑lived token (Instagram uses GET with token in query)
-#    Endpoint: GET https://graph.instagram.com/refresh_access_token
+
                                                                                                              2) Refresh the long‑lived token (Instagram uses GET with token in query)
                                                                                                              
+
                                                                                                              #    Endpoint: GET https://graph.instagram.com/refresh_access_token
 refresh_resp = long_lived.get(
-  "/refresh_access_token",
-  params: "ig_refresh_token",
+  “/refresh_access_token”,
+  params: {grant_type: “ig_refresh_token”},
 )
 long_lived = OAuth2::AccessToken.new(
   client,
-  refresh_resp.parsed["access_token"],
-  mode: :query, post: :header, delete: :header,
-)
+  refresh_resp.parsed[“access_token”],
+  mode: {get: :query, post: :header, delete: :header},
+)
                                                                                                              
 
-# 3) Typical API GET request (token in query automatically)
-me = long_lived.get("/me", params: "id,username").parsed
+
                                                                                                              3) Typical API GET request (token in query automatically)
                                                                                                              
+
                                                                                                              me = long_lived.get(“/me”, params: {fields: “id,username”}).parsed
                                                                                                              
 
-# 4) Example POST (token sent via Bearer header automatically)
-# Note: Replace the path/params with a real Instagram Graph API POST you need,
+
                                                                                                              4) Example POST (token sent via Bearer header automatically)
                                                                                                              
+
                                                                                                              # Note: Replace the path/params with a real Instagram Graph API POST you need,
 # such as publishing media via the Graph API endpoints.
-# long_lived.post("/me/media", body: "https://.../", caption: "hello")
-```
+# long_lived.post(“/me/media”, body: {image_url: “https://…”, caption: “hello”})
+```
                                                                                                              
 
-Tips:
-- Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
-- If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
+
                                                                                                              Tips:
                                                                                                              
 
-### Refresh Tokens
+
                                                                                                                
+  
                                                                                                              • Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
                                                                                                                • 
+  
                                                                                                              • If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
                                                                                                                • 
+
                                                                                                              
 
-When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
+
                                                                                                              Refresh Tokens
                                                                                                              
 
-- Manual refresh:
+
                                                                                                              When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
                                                                                                              
 
-```ruby
+
                                                                                                                
+  
                                                                                                              • Manual refresh:
                                                                                                                • 
+
                                                                                                              
+
+
                                                                                                              ruby
 if access.expired?
   access = access.refresh
 end
-```
+
                                                                                                              
 
-- Auto-refresh wrapper pattern:
+
                                                                                                                
+  
                                                                                                              • Auto-refresh wrapper pattern:
                                                                                                                • 
+
                                                                                                              
 
-```ruby
+
                                                                                                              ```ruby
 class AutoRefreshingToken
   def initialize(token_provider, store: nil)
     @token = token_provider
     @store = store # e.g., something that responds to read/write for token data
-  end
+  end
                                                                                                              
 
-  def with(&blk)
+
                                                                                                              def with(&blk)
     tok = ensure_fresh!
     blk ? blk.call(tok) : tok
   rescue OAuth2::Error => e
@@ -1088,180 +1223,193 @@ 
                                                                                                              Quick Examples
                                                                                                              
       retry
     end
     raise
-  end
+  end
                                                                                                              
 
-private
+
                                                                                                              private
                                                                                                              
 
-  def ensure_fresh!
+
                                                                                                              def ensure_fresh!
     if @token.expired? && @token.refresh_token
       @token = @token.refresh
       @store.write(@token.to_hash) if @store
     end
     @token
   end
-end
+end
                                                                                                              
 
-# usage
-keeper = AutoRefreshingToken.new(access)
-keeper.with { |tok| tok.get("/v1/protected") }
-```
+
                                                                                                              usage
                                                                                                              
+
                                                                                                              keeper = AutoRefreshingToken.new(access)
+keeper.with { |tok| tok.get(“/v1/protected”) }
+```
                                                                                                              
 
-Persist the token across processes using `AccessToken#to_hash` and `AccessToken.from_hash(client, hash)`.
+
                                                                                                              Persist the token across processes using AccessToken#to_hash and AccessToken.from_hash(client, hash).
                                                                                                              
 
-### Token Revocation (RFC 7009)
+
                                                                                                              Token Revocation (RFC 7009)
                                                                                                              
 
-You can revoke either the access token or the refresh token.
+
                                                                                                              You can revoke either the access token or the refresh token.
                                                                                                              
 
-```ruby
+
                                                                                                              ```ruby
 # Revoke the current access token
-access.revoke(token_type_hint: :access_token)
+access.revoke(token_type_hint: :access_token)
                                                                                                              
 
-# Or explicitly revoke the refresh token (often also invalidates associated access tokens)
-access.revoke(token_type_hint: :refresh_token)
-```
+
                                                                                                              Or explicitly revoke the refresh token (often also invalidates associated access tokens)
                                                                                                              
+
                                                                                                              access.revoke(token_type_hint: :refresh_token)
+```
                                                                                                              
 
-### Client Configuration Tips
+
                                                                                                              Client Configuration Tips
                                                                                                              
 
-#### Mutual TLS (mTLS) client authentication
+
                                                                                                              Mutual TLS (mTLS) client authentication
                                                                                                              
 
-Some providers require OAuth requests (including the token request and subsequent API calls) to be sender‑constrained using mutual TLS (mTLS). With this gem, you enable mTLS by providing a client certificate/private key to Faraday via connection_opts.ssl and, if your provider requires it for client authentication, selecting the tls_client_auth auth_scheme.
+
                                                                                                              Some providers require OAuth requests (including the token request and subsequent API calls) to be sender‑constrained using mutual TLS (mTLS). With this gem, you enable mTLS by providing a client certificate/private key to Faraday via connection_opts.ssl and, if your provider requires it for client authentication, selecting the tls_client_auth auth_scheme.
                                                                                                              
 
-Example using PEM files (certificate and key):
+
                                                                                                              Example using PEM files (certificate and key):
                                                                                                              
 
-```ruby
-require "oauth2"
-require "openssl"
+
                                                                                                              ```ruby
+require “oauth2”
+require “openssl”
                                                                                                              
 
-client = OAuth2::Client.new(
-  ENV.fetch("https://github.com/CLIENT_ID"),
-  ENV.fetch("https://github.com/CLIENT_SECRET"),
-  site: "https://example.com/",
-  authorize_url: "/oauth/authorize/",
-  token_url: "/oauth/token/",
+
                                                                                                              client = OAuth2::Client.new(
+  ENV.fetch(“CLIENT_ID”),
+  ENV.fetch(“CLIENT_SECRET”),
+  site: “https://example.com”,
+  authorize_url: “/oauth/authorize/”,
+  token_url: “/oauth/token/”,
   auth_scheme: :tls_client_auth, # if your AS requires mTLS-based client authentication
   connection_opts: {
     ssl: {
-      client_cert: OpenSSL::X509::Certificate.new(File.read("localhost.pem")),
-      client_key: OpenSSL::PKey::RSA.new(File.read("localhost-key.pem")),
+      client_cert: OpenSSL::X509::Certificate.new(File.read(“localhost.pem”)),
+      client_key: OpenSSL::PKey::RSA.new(File.read(“localhost-key.pem”)),
       # Optional extras, uncomment as needed:
-      # ca_file: "/path/to/ca-bundle.pem",   # custom CA(s)
+      # ca_file: “/path/to/ca-bundle.pem”,   # custom CA(s)
       # verify: true                           # enable server cert verification (recommended)
     },
   },
-)
+)
                                                                                                              
+
+
                                                                                                              Example token request (any grant type can be used). The mTLS handshake
                                                                                                              
+
                                                                                                              # will occur automatically on HTTPS calls using the configured cert/key.
+access = client.client_credentials.get_token
                                                                                                              
+
+
                                                                                                              Subsequent resource requests will also use mTLS on HTTPS endpoints of site:
                                                                                                              
+
                                                                                                              resp = access.get(“/v1/protected”)
+```
                                                                                                              
 
-# Example token request (any grant type can be used). The mTLS handshake
-# will occur automatically on HTTPS calls using the configured cert/key.
-access = client.client_credentials.get_token
-
-# Subsequent resource requests will also use mTLS on HTTPS endpoints of `site`:
-resp = access.get("/v1/protected")
-```
-
-Notes:
-- Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to OpenSSL::PKey::RSA.new(File.read(path), ENV["KEY_PASSWORD"]).
-- If your certificate and key are in a PKCS#12/PFX bundle, you can load them like:
-  - p12 = OpenSSL::PKCS12.new(File.read("client.p12"), ENV["P12_PASSWORD"])
-  - client_cert = p12.certificate; client_key = p12.key
-- Server trust:
-  - If your environment does not have system CAs, specify ca_file or ca_path inside the ssl: hash.
-  - Keep verify: true in production. Set verify: false only for local testing.
-- Faraday adapter: Any adapter that supports Ruby’s OpenSSL should work. net_http (default) and net_http_persistent are common choices.
-- Scope of mTLS: The SSL client cert is applied to any HTTPS request made by this client (token and resource requests) to the configured site base URL (and absolute URLs you call with the same client).
-- OIDC tie-in: Some OPs require tls_client_auth at the token endpoint per OIDC/OAuth specifications. That is enabled via auth_scheme: :tls_client_auth as shown above.
-
-#### Authentication schemes for the token request
-
-```ruby
+
                                                                                                              Notes:
                                                                                                              
+
+
                                                                                                                
+  
                                                                                                              • Files must contain the appropriate PEMs. The private key may be encrypted; if so, pass a password to OpenSSL::PKey::RSA.new(File.read(path), ENV["KEY_PASSWORD"]).
                                                                                                                • 
+  
                                                                                                              • If your certificate and key are in a PKCS#12/PFX bundle, you can load them like:
+    
                                                                                                                  
+      
                                                                                                                • p12 = OpenSSL::PKCS12.new(File.read("client.p12"), ENV["P12_PASSWORD"])
                                                                                                                  • 
+      
                                                                                                                • client_cert = p12.certificate; client_key = p12.key
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+  
                                                                                                              • Server trust:
+    
                                                                                                                  
+      
                                                                                                                • If your environment does not have system CAs, specify ca_file or ca_path inside the ssl: hash.
                                                                                                                  • 
+      
                                                                                                                • Keep verify: true in production. Set verify: false only for local testing.
                                                                                                                  • 
+    
                                                                                                                
+  
                                                                                                                • 
+  
                                                                                                              • Faraday adapter: Any adapter that supports Ruby’s OpenSSL should work. net_http (default) and net_http_persistent are common choices.
                                                                                                                • 
+  
                                                                                                              • Scope of mTLS: The SSL client cert is applied to any HTTPS request made by this client (token and resource requests) to the configured site base URL (and absolute URLs you call with the same client).
                                                                                                                • 
+  
                                                                                                              • OIDC tie-in: Some OPs require tls_client_auth at the token endpoint per OIDC/OAuth specifications. That is enabled via auth_scheme: :tls_client_auth as shown above.
                                                                                                                • 
+
                                                                                                              
+
+
                                                                                                              Authentication schemes for the token request
                                                                                                              
+
+
                                                                                                              ruby
 OAuth2::Client.new(
   id,
   secret,
   site: "https://provider.example.com/",
   auth_scheme: :basic_auth, # default. Alternatives: :request_body, :tls_client_auth, :private_key_jwt
 )
-```
+
                                                                                                              
 
-#### Faraday connection, timeouts, proxy, custom adapter/middleware:
+
                                                                                                              Faraday connection, timeouts, proxy, custom adapter/middleware:
                                                                                                              
 
-```ruby
+
                                                                                                              ruby
 client = OAuth2::Client.new(
   id,
   secret,
   site: "https://provider.example.com/",
   connection_opts: {
-    request: 5, timeout: 15,
+    request: {open_timeout: 5, timeout: 15},
     proxy: ENV["HTTPS_PROXY"],
-    ssl: true,
+    ssl: {verify: true},
   },
 ) do |faraday|
   faraday.request(:url_encoded)
   # faraday.response :logger, Logger.new($stdout) # see OAUTH_DEBUG below
   faraday.adapter(:net_http_persistent) # or any Faraday adapter you need
 end
-```
+
                                                                                                              
 
-##### Using flat query params (Faraday::FlatParamsEncoder)
+
                                                                                                              Using flat query params (Faraday::FlatParamsEncoder)
                                                                                                              
 
-Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
+
                                                                                                              Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
                                                                                                              
 
-```ruby
-require "faraday"
+
                                                                                                              ```ruby
+require “faraday”
                                                                                                              
 
-client = OAuth2::Client.new(
+
                                                                                                              client = OAuth2::Client.new(
   id,
   secret,
-  site: "https://api.example.com/",
+  site: “https://api.example.com”,
   # Pass Faraday connection options to make FlatParamsEncoder the default
   connection_opts: {
-    request: Faraday::FlatParamsEncoder,
+    request: {params_encoder: Faraday::FlatParamsEncoder},
   },
 ) do |faraday|
   faraday.request(:url_encoded)
   faraday.adapter(:net_http)
-end
+end
                                                                                                              
 
-access = client.client_credentials.get_token
+
                                                                                                              access = client.client_credentials.get_token
                                                                                                              
 
-# Example of a GET with two flat filter params (not an array):
-# Results in: ?filter=order.clientCreatedTime%3E1445006997000&filter=order.clientCreatedTime%3C1445611797000
+
                                                                                                              Example of a GET with two flat filter params (not an array):
                                                                                                              
+
                                                                                                              # Results in: ?filter=order.clientCreatedTime%3E1445006997000&filter=order.clientCreatedTime%3C1445611797000
 resp = access.get(
-  "/v1/orders",
+  “/v1/orders”,
   params: {
     # Provide the values as an array; FlatParamsEncoder expands them as repeated keys
     filter: [
-      "order.clientCreatedTime>1445006997000",
-      "order.clientCreatedTime<1445611797000",
+      “order.clientCreatedTime>1445006997000”,
+      “order.clientCreatedTime<1445611797000”,
     ],
   },
 )
-```
+```
                                                                                                              
 
-If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:
+
                                                                                                              If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:
                                                                                                              
 
-```ruby
-conn = Faraday.new("https://api.example.com/", request: Faraday::FlatParamsEncoder)
-```
+
                                                                                                              ruby
+conn = Faraday.new("https://api.example.com/", request: {params_encoder: Faraday::FlatParamsEncoder})
+
                                                                                                              
 
-#### Redirection
+
                                                                                                              Redirection
                                                                                                              
 
-The library follows up to `max_redirects` (default 5).
-You can override per-client via `options[:max_redirects]`.
+
                                                                                                              The library follows up to max_redirects (default 5).
+You can override per-client via options[:max_redirects].
                                                                                                              
 
-### Handling Responses and Errors
+
                                                                                                              Handling Responses and Errors
                                                                                                              
 
-- Parsing:
+
                                                                                                                
+  
                                                                                                              • Parsing:
                                                                                                                • 
+
                                                                                                              
 
-```ruby
+
                                                                                                              ruby
 resp = access.get("/v1/thing")
 resp.status     # Integer
 resp.headers    # Hash
 resp.body       # String
 resp.parsed     # SnakyHash::StringKeyed or Array when JSON array
-```
+
                                                                                                              
 
-- Error handling:
+
                                                                                                                
+  
                                                                                                              • Error handling:
                                                                                                                • 
+
                                                                                                              
 
-```ruby
+
                                                                                                              ruby
 begin
   access.get("/v1/forbidden")
 rescue OAuth2::Error => e
@@ -1269,150 +1417,155 @@ 
                                                                                                              Quick Examples
                                                                                                              
   e.description  # OAuth2 error description (when present)
   e.response     # OAuth2::Response (full access to status/headers/body)
 end
-```
+
                                                                                                              
 
-- Disable raising on 4xx/5xx to inspect the response yourself:
+
                                                                                                                
+  
                                                                                                              • Disable raising on 4xx/5xx to inspect the response yourself:
                                                                                                                • 
+
                                                                                                              
 
-```ruby
+
                                                                                                              ruby
 client = OAuth2::Client.new(id, secret, site: site, raise_errors: false)
 res = client.request(:get, "/v1/maybe-errors")
 if res.status == 429
   sleep res.headers["retry-after"].to_i
 end
-```
+
                                                                                                              
 
-### Making Raw Token Requests
+
                                                                                                              Making Raw Token Requests
                                                                                                              
 
-If a provider requires non-standard parameters or headers, you can call `client.get_token` directly:
+
                                                                                                              If a provider requires non-standard parameters or headers, you can call client.get_token directly:
                                                                                                              
 
-```ruby
+
                                                                                                              ruby
 access = client.get_token({
   grant_type: "client_credentials",
   audience: "https://api.example.com/",
-  headers: => "value",
+  headers: {"X-Custom" => "value"},
   parse: :json, # override parsing
 })
-```
+
                                                                                                              
 
-### OpenID Connect (OIDC) Notes
+
                                                                                                              OpenID Connect (OIDC) Notes
                                                                                                              
 
-- If the token response includes an `id_token` (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider's JWKs to verify it.
-- For private_key_jwt client authentication, provide `auth_scheme: :private_key_jwt` and ensure your key configuration matches the provider requirements.
-- See [OIDC.md](OIDC.md) for a more complete OIDC overview, example, and links to the relevant specifications.
+
                                                                                                                
+  
                                                                                                              • If the token response includes an id_token (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider’s JWKs to verify it.
                                                                                                                • 
+  
                                                                                                              • For private_key_jwt client authentication, provide auth_scheme: :private_key_jwt and ensure your key configuration matches the provider requirements.
                                                                                                                • 
+  
                                                                                                              • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
                                                                                                                • 
+
                                                                                                              
 
-### Debugging
+
                                                                                                              Debugging
                                                                                                              
 
-- Set environment variable `OAUTH_DEBUG=true` to enable verbose Faraday logging (uses the client-provided logger).
-- To mirror a working curl request, ensure you set the same auth scheme, params, and content type. The Quick Example at the top shows a curl-to-ruby translation.
+
                                                                                                                
+  
                                                                                                              • Set environment variable OAUTH_DEBUG=true to enable verbose Faraday logging (uses the client-provided logger).
                                                                                                                • 
+  
                                                                                                              • To mirror a working curl request, ensure you set the same auth scheme, params, and content type. The Quick Example at the top shows a curl-to-ruby translation.
                                                                                                                • 
+
                                                                                                              
 
----
+
                                                                                                              
 
-## 🦷 FLOSS Funding
+
                                                                                                              🦷 FLOSS Funding
                                                                                                              
 
-While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding.
-Raising a monthly budget of... "dollars" would make the project more sustainable.
+
                                                                                                              While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding.
+Raising a monthly budget of… “dollars” would make the project more sustainable.
                                                                                                              
 
-We welcome both individual and corporate sponsors! We also offer a
+
                                                                                                              We welcome both individual and corporate sponsors! We also offer a
 wide array of funding channels to account for your preferences
-(although currently [Open Collective][🖇osc] is our preferred funding platform).
+(although currently Open Collective is our preferred funding platform).
                                                                                                              
 
-**If you're working in a company that's making significant use of ruby-oauth tools we'd
-appreciate it if you suggest to your company to become a ruby-oauth sponsor.**
+
                                                                                                              If you’re working in a company that’s making significant use of ruby-oauth tools we’d
+appreciate it if you suggest to your company to become a ruby-oauth sponsor.
                                                                                                              
 
-You can support the development of ruby-oauth tools via
-[GitHub Sponsors][🖇sponsor],
-[Liberapay][⛳liberapay],
-[PayPal][🖇paypal],
-[Open Collective][🖇osc]
-and [Tidelift][🏙️entsup-tidelift].
+
                                                                                                              You can support the development of ruby-oauth tools via
+GitHub Sponsors,
+Liberapay,
+PayPal,
+Open Collective
+and Tidelift.
                                                                                                              
 
-| 📍 NOTE                                                                                                                                                                                                              |
-|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| If doing a sponsorship in the form of donation is problematic for your company 
                                                                                                               from an accounting standpoint, we'd recommend the use of Tidelift, 
                                                                                                               where you can get a support-like subscription instead. |
+
+  
+    
+      
+    
+  
+  
+    
+      
+    
+  
+
                                                                                                              📍 NOTE
                                                                                                              If doing a sponsorship in the form of donation is problematic for your company 
                                                                                                               from an accounting standpoint, we’d recommend the use of Tidelift, 
                                                                                                               where you can get a support-like subscription instead.
                                                                                                              
 
-### Open Collective for Individuals
+
                                                                                                              Open Collective for Individuals
                                                                                                              
 
-Support us with a monthly donation and help us continue our activities. [[Become a backer](https://opencollective.com/kettle-rb#backer)]
+
                                                                                                              Support us with a monthly donation and help us continue our activities. [Become a backer]
                                                                                                              
 
-NOTE: [kettle-readme-backers][kettle-readme-backers] updates this list every day, automatically.
+
                                                                                                              NOTE: kettle-readme-backers updates this list every day, automatically.
                                                                                                              
 
 
-No backers yet. Be the first!
-
+
                                                                                                              No backers yet. Be the first!
+
                                                                                                              
 
-### Open Collective for Organizations
+
                                                                                                              Open Collective for Organizations
                                                                                                              
 
-Become a sponsor and get your logo on our README on GitHub with a link to your site. [[Become a sponsor](https://opencollective.com/kettle-rb#sponsor)]
+
                                                                                                              Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
                                                                                                              
 
-NOTE: [kettle-readme-backers][kettle-readme-backers] updates this list every day, automatically.
+
                                                                                                              NOTE: kettle-readme-backers updates this list every day, automatically.
                                                                                                              
 
 
-No sponsors yet. Be the first!
-
-### Open Collective for Donors
-
-
+
                                                                                                              No sponsors yet. Be the first!
+
                                                                                                              
 
-
+
                                                                                                              Another way to support open-source
                                                                                                              
 
-[kettle-readme-backers]: https://github.com/kettle-rb/kettle-dev/blob/main/exe/kettle-readme-backers
+
                                                                                                              I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
                                                                                                              
 
-### Another way to support open-source
+
                                                                                                              If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.
                                                                                                              
 
-> How wonderful it is that nobody need wait a single moment before starting to improve the world.
                                                                                                              
->—Anne Frank
+
                                                                                                              I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.
                                                                                                              
 
-I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions — totaling 79 hours of FLOSS coding over just the past seven days, a pretty regular week for me.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
+
                                                                                                              Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags
                                                                                                              
 
-If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in `bundle fund`.
+
                                                                                                              OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS efforts at ko-fi.com Donate to my FLOSS efforts using Patreon
                                                                                                              
 
-I’m developing a new library, [floss_funding][🖇floss-funding-gem], designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.
+
                                                                                                              🔐 Security
                                                                                                              
 
-**[Floss-Funding.dev][🖇floss-funding.dev]: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags**
+
                                                                                                              To report a security vulnerability, please use the Tidelift security contact.
+Tidelift will coordinate the fix and disclosure.
                                                                                                              
 
-[![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
+
                                                                                                              For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
                                                                                                              
 
-## 🔐 Security
+
                                                                                                              🤝 Contributing
                                                                                                              
 
-To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
-Tidelift will coordinate the fix and disclosure.
+
                                                                                                              If you need some ideas of where to help, you could work on adding more code coverage,
+or if it is already 💯 (see below) check reek, issues, or PRs,
+or use the gem and think about how it could be better.
                                                                                                              
 
-For more see [SECURITY.md][🔐security], [THREAT_MODEL.md][🔐threat-model], and [IRP.md][🔐irp].
+
                                                                                                              We Keep A Changelog so if you make changes, remember to update it.
                                                                                                              
 
-## 🤝 Contributing
+
                                                                                                              See CONTRIBUTING.md for more detailed instructions.
                                                                                                              
 
-If you need some ideas of where to help, you could work on adding more code coverage,
-or if it is already 💯 (see [below](#code-coverage)) check [reek](REEK), [issues][🤝gh-issues], or [PRs][🤝gh-pulls],
-or use the gem and think about how it could be better.
+
                                                                                                              🚀 Release Instructions
                                                                                                              
 
-We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you make changes, remember to update it.
+
                                                                                                              See CONTRIBUTING.md.
                                                                                                              
 
-See [CONTRIBUTING.md][🤝contributing] for more detailed instructions.
+
                                                                                                              Code Coverage
                                                                                                              
 
-### 🚀 Release Instructions
+
                                                                                                              Coverage Graph
                                                                                                              
 
-See [CONTRIBUTING.md][🤝contributing].
+
                                                                                                              Coveralls Test Coverage
                                                                                                              
 
-### Code Coverage
+
                                                                                                              QLTY Test Coverage
                                                                                                              
 
-[![Coverage Graph][🏀codecov-g]][🏀codecov]
+
                                                                                                              🪇 Code of Conduct
                                                                                                              
 
-[![Coveralls Test Coverage][🏀coveralls-img]][🏀coveralls]
+
                                                                                                              Everyone interacting with this project’s codebases, issue trackers,
+chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
                                                                                                              
 
-[![QLTY Test Coverage][🏀qlty-covi]][🏀qlty-cov]
+
                                                                                                              🌈 Contributors
                                                                                                              
 
-### 🪇 Code of Conduct
+
                                                                                                              Contributors
                                                                                                              
 
-Everyone interacting with this project's codebases, issue trackers,
-chat rooms and mailing lists agrees to follow the [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct].
+
                                                                                                              Made with contributors-img.
                                                                                                              
 
-## 🌈 Contributors
-
-[![Contributors][🖐contributors-img]][🖐contributors]
-
-Made with [contributors-img][🖐contrib-rocks].
-
-Also see GitLab Contributors: [https://gitlab.com/ruby-oauth/oauth2/-/graphs/main][🚎contributors-gl]
+
                                                                                                              Also see GitLab Contributors: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main
                                                                                                              
 
 
                                                                                                              
     ⭐️ Star History
@@ -1427,55 +1580,58 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 
                                                                                                              
 
-## 📌 Versioning
+
                                                                                                              📌 Versioning
                                                                                                              
 
-This Library adheres to [![Semantic Versioning 2.0.0][📌semver-img]][📌semver].
+
                                                                                                              This Library adheres to Semantic Versioning 2.0.0.
 Violations of this scheme should be reported as bugs.
 Specifically, if a minor or patch version is released that breaks backward compatibility,
 a new version should be immediately released that restores compatibility.
-Breaking changes to the public API will only be introduced with new major versions.
+Breaking changes to the public API will only be introduced with new major versions.
                                                                                                              
 
-> dropping support for a platform is both obviously and objectively a breaking change 
                                                                                                              
->—Jordan Harband ([@ljharb](https://github.com/ljharb), maintainer of SemVer) [in SemVer issue 716][📌semver-breaking]
+
                                                                                                              
+  
                                                                                                              dropping support for a platform is both obviously and objectively a breaking change 
                                                                                                              
+—Jordan Harband (@ljharb, maintainer of SemVer) in SemVer issue 716
                                                                                                              
+
                                                                                                              
 
-I understand that policy doesn't work universally ("exceptions to every rule!"),
+
                                                                                                              I understand that policy doesn’t work universally (“exceptions to every rule!”),
 but it is the policy here.
 As such, in many cases it is good to specify a dependency on this library using
-the [Pessimistic Version Constraint][📌pvc] with two digits of precision.
+the Pessimistic Version Constraint with two digits of precision.
                                                                                                              
 
-For example:
+
                                                                                                              For example:
                                                                                                              
 
-```ruby
+
                                                                                                              ruby
 spec.add_dependency("oauth2", "~> 2.0")
-```
+
                                                                                                              
 
 
                                                                                                              
-📌 Is "Platform Support" part of the public API? More details inside.
+  📌 Is "Platform Support" part of the public API? More details inside.
 
-SemVer should, IMO, but doesn't explicitly, say that dropping support for specific Platforms
-is a *breaking change* to an API.
-It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless.
+  
                                                                                                              SemVer should, IMO, but doesn’t explicitly, say that dropping support for specific Platforms
+is a breaking change to an API, and for that reason the bike shedding is endless.
                                                                                                              
 
-To get a better understanding of how SemVer is intended to work over a project's lifetime,
-read this article from the creator of SemVer:
+  
                                                                                                              To get a better understanding of how SemVer is intended to work over a project’s lifetime,
+read this article from the creator of SemVer:
                                                                                                              
 
-- ["Major Version Numbers are Not Sacred"][📌major-versions-not-sacred]
+  
 
 
                                                                                                              
 
-See [CHANGELOG.md][📌changelog] for a list of releases.
+
                                                                                                              See CHANGELOG.md for a list of releases.
                                                                                                              
 
-## 📄 License
+
                                                                                                              📄 License
                                                                                                              
 
-The gem is available as open source under the terms of
-the [MIT License][📄license] [![License: MIT][📄license-img]][📄license-ref].
-See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright-notice-explainer].
+
                                                                                                              The gem is available as open source under the terms of
+the MIT License License: MIT.
+See LICENSE.txt for the official Copyright Notice.
                                                                                                              
 
-### © Copyright
+
 
 
                                                                                                                
     
                                                                                                              • 
-        Copyright (c) 2017–2025 Peter H. Boling, of
+        Copyright (c) 2017 – 2025 Peter H. Boling, of
         
             Galtzo.com
             
@@ -1484,243 +1640,30 @@ 
                                                                                                                Quick Examples
                                                                                                                
                                                                                                                         , and oauth2 contributors.
     
                                                                                                                • 
     
                                                                                                              • 
-        Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.
+        Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
     
                                                                                                                • 
 
                                                                                                              
 
-## 🤑 A request for help
+
                                                                                                              🤑 A request for help
                                                                                                              
 
-Maintainers have teeth and need to pay their dentists.
-After getting laid off in an RIF in March and filled with many dozens of rejections,
-I'm now spending ~60+ hours a week building open source tools.
-I'm hoping to be able to pay for my kids' health insurance this month,
+
                                                                                                              Maintainers have teeth and need to pay their dentists.
+After getting laid off in an RIF in March, and encountering difficulty finding a new one,
+I began spending most of my time building open source tools.
+I’m hoping to be able to pay for my kids’ health insurance this month,
 so if you value the work I am doing, I need your support.
-Please consider sponsoring me or the project.
-
-To join the community or get help 👇️ Join the Discord.
-
-[![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite]
-
-To say "thanks!" ☝️ Join the Discord or 👇️ send money.
-
-[![Sponsor ruby-oauth/oauth2 on Open Source Collective][🖇osc-all-bottom-img]][🖇osc] 💌 [![Sponsor me on GitHub Sponsors][🖇sponsor-bottom-img]][🖇sponsor] 💌 [![Sponsor me on Liberapay][⛳liberapay-bottom-img]][⛳liberapay-img] 💌 [![Donate on PayPal][🖇paypal-bottom-img]][🖇paypal-img]
-
-### Please give the project a star ⭐ ♥.
-
-Thanks for RTFM. ☺️
-
-[⛳liberapay-img]: https://img.shields.io/liberapay/goal/pboling.svg?logo=liberapay&color=a51611&style=flat
-[⛳liberapay-bottom-img]: https://img.shields.io/liberapay/goal/pboling.svg?style=for-the-badge&logo=liberapay&color=a51611
-[⛳liberapay]: https://liberapay.com/pboling/donate
-[🖇osc-all-img]: https://img.shields.io/opencollective/all/ruby-oauth
-[🖇osc-sponsors-img]: https://img.shields.io/opencollective/sponsors/ruby-oauth
-[🖇osc-backers-img]: https://img.shields.io/opencollective/backers/ruby-oauth
-[🖇osc-backers]: https://opencollective.com/ruby-oauth#backer
-[🖇osc-backers-i]: https://opencollective.com/ruby-oauth/backers/badge.svg?style=flat
-[🖇osc-sponsors]: https://opencollective.com/ruby-oauth#sponsor
-[🖇osc-sponsors-i]: https://opencollective.com/ruby-oauth/sponsors/badge.svg?style=flat
-[🖇osc-all-bottom-img]: https://img.shields.io/opencollective/all/ruby-oauth?style=for-the-badge
-[🖇osc-sponsors-bottom-img]: https://img.shields.io/opencollective/sponsors/ruby-oauth?style=for-the-badge
-[🖇osc-backers-bottom-img]: https://img.shields.io/opencollective/backers/ruby-oauth?style=for-the-badge
-[🖇osc]: https://opencollective.com/ruby-oauth
-[🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github
-[🖇sponsor-bottom-img]: https://img.shields.io/badge/Sponsor_Me!-pboling-blue?style=for-the-badge&logo=github
-[🖇sponsor]: https://github.com/sponsors/pboling
-[🖇polar-img]: https://img.shields.io/badge/polar-donate-a51611.svg?style=flat
-[🖇polar]: https://polar.sh/pboling
-[🖇kofi-img]: https://img.shields.io/badge/ko--fi-%E2%9C%93-a51611.svg?style=flat
-[🖇kofi]: https://ko-fi.com/O5O86SNP4
-[🖇patreon-img]: https://img.shields.io/badge/patreon-donate-a51611.svg?style=flat
-[🖇patreon]: https://patreon.com/galtzo
-[🖇buyme-small-img]: https://img.shields.io/badge/buy_me_a_coffee-%E2%9C%93-a51611.svg?style=flat
-[🖇buyme-img]: https://img.buymeacoffee.com/button-api/?text=Buy%20me%20a%20latte&emoji=&slug=pboling&button_colour=FFDD00&font_colour=000000&font_family=Cookie&outline_colour=000000&coffee_colour=ffffff
-[🖇buyme]: https://www.buymeacoffee.com/pboling
-[🖇paypal-img]: https://img.shields.io/badge/donate-paypal-a51611.svg?style=flat&logo=paypal
-[🖇paypal-bottom-img]: https://img.shields.io/badge/donate-paypal-a51611.svg?style=for-the-badge&logo=paypal&color=0A0A0A
-[🖇paypal]: https://www.paypal.com/paypalme/peterboling
-[🖇floss-funding.dev]: https://floss-funding.dev
-[🖇floss-funding-gem]: https://github.com/galtzo-floss/floss_funding
-[✉️discord-invite]: https://discord.gg/3qme4XHNKN
-[✉️discord-invite-img-ftb]: https://img.shields.io/discord/1373797679469170758?style=for-the-badge&logo=discord
-[✉️ruby-friends-img]: https://img.shields.io/badge/daily.dev-%F0%9F%92%8E_Ruby_Friends-0A0A0A?style=for-the-badge&logo=dailydotdev&logoColor=white
-[✉️ruby-friends]: https://app.daily.dev/squads/rubyfriends
-
-[⛳gg-discussions]: https://groups.google.com/g/oauth-ruby
-[⛳gg-discussions-img]: https://img.shields.io/badge/google-group-0093D0.svg?style=for-the-badge&logo=google&logoColor=orange
-
-[✇bundle-group-pattern]: https://gist.github.com/pboling/4564780
-[⛳️gem-namespace]: https://github.com/ruby-oauth/oauth2
-[⛳️namespace-img]: https://img.shields.io/badge/namespace-OAuth2-3C2D2D.svg?style=square&logo=ruby&logoColor=white
-[⛳️gem-name]: https://rubygems.org/gems/oauth2
-[⛳️name-img]: https://img.shields.io/badge/name-oauth2-3C2D2D.svg?style=square&logo=rubygems&logoColor=red
-[⛳️tag-img]: https://img.shields.io/github/tag/ruby-oauth/oauth2.svg
-[⛳️tag]: http://github.com/ruby-oauth/oauth2/releases
-[🚂maint-blog]: http://www.railsbling.com/tags/oauth2
-[🚂maint-blog-img]: https://img.shields.io/badge/blog-railsbling-0093D0.svg?style=for-the-badge&logo=rubyonrails&logoColor=orange
-[🚂maint-contact]: http://www.railsbling.com/contact
-[🚂maint-contact-img]: https://img.shields.io/badge/Contact-Maintainer-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red
-[💖🖇linkedin]: http://www.linkedin.com/in/peterboling
-[💖🖇linkedin-img]: https://img.shields.io/badge/PeterBoling-LinkedIn-0B66C2?style=flat&logo=newjapanprowrestling
-[💖✌️wellfound]: https://wellfound.com/u/peter-boling
-[💖✌️wellfound-img]: https://img.shields.io/badge/peter--boling-orange?style=flat&logo=wellfound
-[💖💲crunchbase]: https://www.crunchbase.com/person/peter-boling
-[💖💲crunchbase-img]: https://img.shields.io/badge/peter--boling-purple?style=flat&logo=crunchbase
-[💖🐘ruby-mast]: https://ruby.social/@galtzo
-[💖🐘ruby-mast-img]: https://img.shields.io/mastodon/follow/109447111526622197?domain=https://ruby.social&style=flat&logo=mastodon&label=Ruby%20@galtzo
-[💖🦋bluesky]: https://bsky.app/profile/galtzo.com
-[💖🦋bluesky-img]: https://img.shields.io/badge/@galtzo.com-0285FF?style=flat&logo=bluesky&logoColor=white
-[💖🌳linktree]: https://linktr.ee/galtzo
-[💖🌳linktree-img]: https://img.shields.io/badge/galtzo-purple?style=flat&logo=linktree
-[💖💁🏼‍♂️devto]: https://dev.to/galtzo
-[💖💁🏼‍♂️devto-img]: https://img.shields.io/badge/dev.to-0A0A0A?style=flat&logo=devdotto&logoColor=white
-[💖💁🏼‍♂️aboutme]: https://about.me/peter.boling
-[💖💁🏼‍♂️aboutme-img]: https://img.shields.io/badge/about.me-0A0A0A?style=flat&logo=aboutme&logoColor=white
-[💖🧊berg]: https://codeberg.org/pboling
-[💖🐙hub]: https://github.org/pboling
-[💖🛖hut]: https://sr.ht/~galtzo/
-[💖🧪lab]: https://gitlab.com/pboling
-[👨🏼‍🏫expsup-upwork]: https://www.upwork.com/freelancers/~014942e9b056abdf86?mp_source=share
-[👨🏼‍🏫expsup-upwork-img]: https://img.shields.io/badge/UpWork-13544E?style=for-the-badge&logo=Upwork&logoColor=white
-[👨🏼‍🏫expsup-codementor]: https://www.codementor.io/peterboling?utm_source=github&utm_medium=button&utm_term=peterboling&utm_campaign=github
-[👨🏼‍🏫expsup-codementor-img]: https://img.shields.io/badge/CodeMentor-Get_Help-1abc9c?style=for-the-badge&logo=CodeMentor&logoColor=white
-[🏙️entsup-tidelift]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=readme
-[🏙️entsup-tidelift-img]: https://img.shields.io/badge/Tidelift_and_Sonar-Enterprise_Support-FD3456?style=for-the-badge&logo=sonar&logoColor=white
-[🏙️entsup-tidelift-sonar]: https://blog.tidelift.com/tidelift-joins-sonar
-[💁🏼‍♂️peterboling]: http://www.peterboling.com
-[🚂railsbling]: http://www.railsbling.com
-[📜src-gl-img]: https://img.shields.io/badge/GitLab-FBA326?style=for-the-badge&logo=Gitlab&logoColor=orange
-[📜src-gl]: https://gitlab.com/ruby-oauth/oauth2/
-[📜src-cb-img]: https://img.shields.io/badge/CodeBerg-4893CC?style=for-the-badge&logo=CodeBerg&logoColor=blue
-[📜src-cb]: https://codeberg.org/ruby-oauth/oauth2
-[📜src-gh-img]: https://img.shields.io/badge/GitHub-238636?style=for-the-badge&logo=Github&logoColor=green
-[📜src-gh]: https://github.com/ruby-oauth/oauth2
-[📜docs-cr-rd-img]: https://img.shields.io/badge/RubyDoc-Current_Release-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
-[📜docs-head-rd-img]: https://img.shields.io/badge/YARD_on_Galtzo.com-HEAD-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
-[📜gl-wiki]: https://gitlab.com/ruby-oauth/oauth2/-/wikis/home
-[📜gh-wiki]: https://github.com/ruby-oauth/oauth2/wiki
-[📜gl-wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=gitlab&logoColor=white
-[📜gh-wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=github&logoColor=white
-[👽dl-rank]: https://rubygems.org/gems/oauth2
-[👽dl-ranki]: https://img.shields.io/gem/rd/oauth2.svg
-[👽oss-help]: https://www.codetriage.com/ruby-oauth/oauth2
-[👽oss-helpi]: https://www.codetriage.com/ruby-oauth/oauth2/badges/users.svg
-[👽version]: https://rubygems.org/gems/oauth2
-[👽versioni]: https://img.shields.io/gem/v/oauth2.svg
-[🏀qlty-mnt]: https://qlty.sh/gh/ruby-oauth/projects/oauth2
-[🏀qlty-mnti]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/maintainability.svg
-[🏀qlty-cov]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/metrics/code?sort=coverageRating
-[🏀qlty-covi]: https://qlty.sh/gh/ruby-oauth/projects/oauth2/coverage.svg
-[🏀codecov]: https://codecov.io/gh/ruby-oauth/oauth2
-[🏀codecovi]: https://codecov.io/gh/ruby-oauth/oauth2/graph/badge.svg
-[🏀coveralls]: https://coveralls.io/github/ruby-oauth/oauth2?branch=main
-[🏀coveralls-img]: https://coveralls.io/repos/github/ruby-oauth/oauth2/badge.svg?branch=main
-[🖐codeQL]: https://github.com/ruby-oauth/oauth2/security/code-scanning
-[🖐codeQL-img]: https://github.com/ruby-oauth/oauth2/actions/workflows/codeql-analysis.yml/badge.svg
-[🚎1-an-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/ancient.yml
-[🚎1-an-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/ancient.yml/badge.svg
-[🚎2-cov-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/coverage.yml
-[🚎2-cov-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/coverage.yml/badge.svg
-[🚎3-hd-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/heads.yml
-[🚎3-hd-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/heads.yml/badge.svg
-[🚎4-lg-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/legacy.yml
-[🚎4-lg-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/legacy.yml/badge.svg
-[🚎5-st-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/style.yml
-[🚎5-st-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/style.yml/badge.svg
-[🚎6-s-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/supported.yml
-[🚎6-s-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/supported.yml/badge.svg
-[🚎7-us-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/unsupported.yml
-[🚎7-us-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/unsupported.yml/badge.svg
-[🚎8-ho-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/hoary.yml
-[🚎8-ho-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/hoary.yml/badge.svg
-[🚎9-t-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/truffle.yml
-[🚎9-t-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/truffle.yml/badge.svg
-[🚎10-j-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/jruby.yml
-[🚎10-j-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/jruby.yml/badge.svg
-[🚎11-c-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/current.yml
-[🚎11-c-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/current.yml/badge.svg
-[🚎12-crh-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/dep-heads.yml
-[🚎12-crh-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/dep-heads.yml/badge.svg
-[🚎13-cbs-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/caboose.yml
-[🚎13-cbs-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/caboose.yml/badge.svg
-[🚎13-🔒️-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/locked_deps.yml
-[🚎13-🔒️-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/locked_deps.yml/badge.svg
-[🚎14-🔓️-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/unlocked_deps.yml
-[🚎14-🔓️-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/unlocked_deps.yml/badge.svg
-[🚎15-🪪-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/license-eye.yml
-[🚎15-🪪-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/license-eye.yml/badge.svg
-[💎ruby-2.2i]: https://img.shields.io/badge/Ruby-2.2_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-2.3i]: https://img.shields.io/badge/Ruby-2.3-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-2.4i]: https://img.shields.io/badge/Ruby-2.4-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-2.5i]: https://img.shields.io/badge/Ruby-2.5-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-2.6i]: https://img.shields.io/badge/Ruby-2.6-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-2.7i]: https://img.shields.io/badge/Ruby-2.7-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-3.0i]: https://img.shields.io/badge/Ruby-3.0-CC342D?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-3.1i]: https://img.shields.io/badge/Ruby-3.1-CC342D?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-3.2i]: https://img.shields.io/badge/Ruby-3.2-CC342D?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-3.3i]: https://img.shields.io/badge/Ruby-3.3-CC342D?style=for-the-badge&logo=ruby&logoColor=white
-[💎ruby-c-i]: https://img.shields.io/badge/Ruby-current-CC342D?style=for-the-badge&logo=ruby&logoColor=green
-[💎ruby-headi]: https://img.shields.io/badge/Ruby-HEAD-CC342D?style=for-the-badge&logo=ruby&logoColor=blue
-[💎truby-22.3i]: https://img.shields.io/badge/Truffle_Ruby-22.3_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=pink
-[💎truby-23.0i]: https://img.shields.io/badge/Truffle_Ruby-23.0_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=pink
-[💎truby-23.1i]: https://img.shields.io/badge/Truffle_Ruby-23.1-34BCB1?style=for-the-badge&logo=ruby&logoColor=pink
-[💎truby-c-i]: https://img.shields.io/badge/Truffle_Ruby-current-34BCB1?style=for-the-badge&logo=ruby&logoColor=green
-[💎truby-headi]: https://img.shields.io/badge/Truffle_Ruby-HEAD-34BCB1?style=for-the-badge&logo=ruby&logoColor=blue
-[💎jruby-9.1i]: https://img.shields.io/badge/JRuby-9.1_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=red
-[💎jruby-9.2i]: https://img.shields.io/badge/JRuby-9.2_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=red
-[💎jruby-9.3i]: https://img.shields.io/badge/JRuby-9.3_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=red
-[💎jruby-9.4i]: https://img.shields.io/badge/JRuby-9.4-FBE742?style=for-the-badge&logo=ruby&logoColor=red
-[💎jruby-c-i]: https://img.shields.io/badge/JRuby-current-FBE742?style=for-the-badge&logo=ruby&logoColor=green
-[💎jruby-headi]: https://img.shields.io/badge/JRuby-HEAD-FBE742?style=for-the-badge&logo=ruby&logoColor=blue
-[🤝gh-issues]: https://github.com/ruby-oauth/oauth2/issues
-[🤝gh-pulls]: https://github.com/ruby-oauth/oauth2/pulls
-[🤝gl-issues]: https://gitlab.com/ruby-oauth/oauth2/-/issues
-[🤝gl-pulls]: https://gitlab.com/ruby-oauth/oauth2/-/merge_requests
-[🤝cb-issues]: https://codeberg.org/ruby-oauth/oauth2/issues
-[🤝cb-pulls]: https://codeberg.org/ruby-oauth/oauth2/pulls
-[🤝cb-donate]: https://donate.codeberg.org/
-[🤝contributing]: CONTRIBUTING.md
-[🏀codecov-g]: https://codecov.io/gh/ruby-oauth/oauth2/graphs/tree.svg
-[🖐contrib-rocks]: https://contrib.rocks
-[🖐contributors]: https://github.com/ruby-oauth/oauth2/graphs/contributors
-[🖐contributors-img]: https://contrib.rocks/image?repo=ruby-oauth/oauth2
-[🚎contributors-gl]: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main
-[🪇conduct]: CODE_OF_CONDUCT.md
-[🪇conduct-img]: https://img.shields.io/badge/Contributor_Covenant-2.1-259D6C.svg
-[📌pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint
-[📌semver]: https://semver.org/spec/v2.0.0.html
-[📌semver-img]: https://img.shields.io/badge/semver-2.0.0-259D6C.svg?style=flat
-[📌semver-breaking]: https://github.com/semver/semver/issues/716#issuecomment-869336139
-[📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html
-[📌changelog]: CHANGELOG.md
-[📗keep-changelog]: https://keepachangelog.com/en/1.0.0/
-[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-34495e.svg?style=flat
-[📌gitmoji]:https://gitmoji.dev
-[📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
-[🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.526-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
-[🔐security]: SECURITY.md
-[🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
-[🔐irp]: IRP.md
-[🔐irp-img]: https://img.shields.io/badge/IRP-259D6C.svg?style=flat
-[🔐threat-model]: THREAT_MODEL.md
-[🔐threat-model-img]: https://img.shields.io/badge/threat-model-259D6C.svg?style=flat
-[📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
-[📄license]: LICENSE.txt
-[📄license-ref]: https://opensource.org/licenses/MIT
-[📄license-img]: https://img.shields.io/badge/License-MIT-259D6C.svg
-[📄license-compat]: https://dev.to/galtzo/how-to-check-license-compatibility-41h0
-[📄license-compat-img]: https://img.shields.io/badge/Apache_Compatible:_Category_A-%E2%9C%93-259D6C.svg?style=flat&logo=Apache
-[📄ilo-declaration]: https://www.ilo.org/declaration/lang--en/index.htm
-[📄ilo-declaration-img]: https://img.shields.io/badge/ILO_Fundamental_Principles-✓-259D6C.svg?style=flat
-[🚎yard-current]: http://rubydoc.info/gems/oauth2
-[🚎yard-head]: https://oauth2.galtzo.com
-[💎stone_checksums]: https://github.com/galtzo-floss/stone_checksums
-[💎SHA_checksums]: https://gitlab.com/ruby-oauth/oauth2/-/tree/main/checksums
-[💎rlts]: https://github.com/rubocop-lts/rubocop-lts
-[💎rlts-img]: https://img.shields.io/badge/code_style_&_linting-rubocop--lts-34495e.svg?plastic&logo=ruby&logoColor=white
-[💎appraisal2]: https://github.com/appraisal-rb/appraisal2
-[💎appraisal2-img]: https://img.shields.io/badge/appraised_by-appraisal2-34495e.svg?plastic&logo=ruby&logoColor=white
-[💎d-in-dvcs]: https://railsbling.com/posts/dvcs/put_the_d_in_dvcs/
+Please consider sponsoring me or the project.
                                                                                                              
+
+
                                                                                                              To join the community or get help 👇️ Join the Discord.
                                                                                                              
+
+
                                                                                                              Live Chat on Discord
                                                                                                              
+
+
                                                                                                              To say “thanks!” ☝️ Join the Discord or 👇️ send money.
                                                                                                              
+
+
                                                                                                              Sponsor ruby-oauth/oauth2 on Open Source Collective 💌 Sponsor me on GitHub Sponsors 💌 Sponsor me on Liberapay 💌 Donate on PayPal
                                                                                                              
+
+
                                                                                                              Please give the project a star ⭐ ♥.
                                                                                                              
+
+
                                                                                                              Thanks for RTFM. ☺️
                                                                                                              
 
 
                                                                                                              
   
@@ -1731,13 +1674,12 @@ 
                                                                                                              Quick Examples
                                                                                                              
 
 
 
                                                                                                              
-
                                                                                                              
 
                                                                                                              
 
       
 
     
                                                                                                              
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 0040754f..9097f9bf 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,9 +100,9 @@ 
                                                                                                              Defined Under Namespace
                                                                                                              
 
                                                                                                              
 
       
 
     

From 206fea19687cd7ad8eb5153617791860870a8eb5 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 7 Nov 2025 19:25:18 -0700
Subject: [PATCH 634/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20docs=20site?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .rubocop_gradual.lock                         |   2 +-
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              |   2 +-
 docs/file.CHANGELOG.html                      |   2 +-
 docs/file.CITATION.html                       |  92 -------------
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.IRP.html                            |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           |   2 +-
 docs/file.README.html                         |   2 +-
 docs/file.REEK.html                           |  71 ----------
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   2 +-
 docs/file.THREAT_MODEL.html                   |   2 +-
 docs/file.access_token.html                   |  94 --------------
 docs/file.authenticator.html                  |  91 -------------
 docs/file.client.html                         | 121 ------------------
 docs/file.error.html                          |  78 -----------
 docs/file.filtered_attributes.html            |  76 -----------
 docs/file.oauth2-2.0.10.gem.html              |  71 ----------
 docs/file.oauth2-2.0.11.gem.html              |  71 ----------
 docs/file.oauth2-2.0.12.gem.html              |  71 ----------
 docs/file.oauth2-2.0.13.gem.html              |  71 ----------
 docs/file.oauth2-2.0.14.gem.html              |  71 ----------
 docs/file.oauth2-2.0.15.gem.html              |  71 ----------
 docs/file.oauth2-2.0.16.gem.html              |  71 ----------
 docs/file.oauth2-2.0.17.gem.html              |  71 ----------
 docs/file.oauth2.html                         |  79 ------------
 docs/file.response.html                       |  87 -------------
 docs/file.strategy.html                       | 103 ---------------
 docs/file.version.html                        |  75 -----------
 docs/index.html                               |   2 +-
 docs/top-level-namespace.html                 |   2 +-
 50 files changed, 31 insertions(+), 1566 deletions(-)
 delete mode 100644 docs/file.CITATION.html
 delete mode 100644 docs/file.REEK.html
 delete mode 100644 docs/file.access_token.html
 delete mode 100644 docs/file.authenticator.html
 delete mode 100644 docs/file.client.html
 delete mode 100644 docs/file.error.html
 delete mode 100644 docs/file.filtered_attributes.html
 delete mode 100644 docs/file.oauth2-2.0.10.gem.html
 delete mode 100644 docs/file.oauth2-2.0.11.gem.html
 delete mode 100644 docs/file.oauth2-2.0.12.gem.html
 delete mode 100644 docs/file.oauth2-2.0.13.gem.html
 delete mode 100644 docs/file.oauth2-2.0.14.gem.html
 delete mode 100644 docs/file.oauth2-2.0.15.gem.html
 delete mode 100644 docs/file.oauth2-2.0.16.gem.html
 delete mode 100644 docs/file.oauth2-2.0.17.gem.html
 delete mode 100644 docs/file.oauth2.html
 delete mode 100644 docs/file.response.html
 delete mode 100644 docs/file.strategy.html
 delete mode 100644 docs/file.version.html

diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
index 9a28e666..ae390c31 100644
--- a/.rubocop_gradual.lock
+++ b/.rubocop_gradual.lock
@@ -6,7 +6,7 @@
   "lib/oauth2.rb:2435263975": [
     [73, 11, 7, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 651502127]
   ],
-  "lib/oauth2/access_token.rb:707681139": [
+  "lib/oauth2/access_token.rb:1962777363": [
     [64, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513],
     [70, 13, 5, "Style/IdenticalConditionalBranches: Move `t_key` out of the conditional.", 183811513]
   ],
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 11eebbb6..20892da0 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 4eb602c5..dc0bf8cc 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3083,7 +3083,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 7e023866..a5f21aec 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index beff8225..4658bb2f 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2654,7 +2654,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 78c78b30..2f174eed 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 55a0ab89..c0197942 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 94807c82..e0290629 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 0a0d9c6e..8ef77038 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 33004cea..e1ccd313 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                                                                                                              Defined Under Namespace
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 9b50b18f..7a06b005 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 66f488e8..5242b1c8 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -479,7 +479,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 25d0e02c..f27dc542 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 0ae17856..6a8cfba9 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 1c4f1a99..1887c973 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -418,7 +418,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 040c2902..bc0021ae 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -372,7 +372,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index cd15b2c4..2d7730b3 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 1f2eec5b..f5410716 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -315,7 +315,7 @@ 
                                                                                                              Namespace Listing A-Z
                                                                                                              
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index e953df4b..8e99bef0 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -1290,7 +1290,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
deleted file mode 100644
index 6667e4a7..00000000
--- a/docs/file.CITATION.html
+++ /dev/null
@@ -1,92 +0,0 @@
-
-
-  
-    
-
-
-  File: CITATION
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              cff-version: 1.2.0
                                                                                                              
-title: oauth2
                                                                                                              
-message: >-
                                                                                                              
-  If you use this work and you want to cite it,
                                                                                                              
-  then you can use the metadata from this file.
                                                                                                              
-type: software
                                                                                                              
-authors:
                                                                                                              
-
                                                                                                                
-  
                                                                                                              • given-names: Peter Hurn
                                                                                                                
-family-names: Boling
                                                                                                                
-email: peter@railsbling.com
                                                                                                                
-affiliation: railsbling.com
                                                                                                                
-orcid: ‘https://orcid.org/0009-0008-8519-441X’
                                                                                                                
-identifiers:
                                                                                                                • 
-  
                                                                                                              • type: url
                                                                                                                
-value: ‘https://github.com/ruby-oauth/oauth2’
                                                                                                                
-description: oauth2
                                                                                                                
-repository-code: ‘https://github.com/ruby-oauth/oauth2’
                                                                                                                
-abstract: >-
                                                                                                                
-  oauth2
                                                                                                                
-license: See license file
                                                                                                                • 
-
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index dbbd6d87..cf36e06e 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                                                                                                              Attribution
                                                                                                              
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 0a22870a..dd5ef561 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -296,7 +296,7 @@ 
                                                                                                              Manual process
                                                                                                              
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 3a6b386d..9c4d8142 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -99,7 +99,7 @@ 
                                                                                                              Another Way to Support Open
 
 
       
diff --git a/docs/file.IRP.html b/docs/file.IRP.html
index 38d6f80d..84142c56 100644
--- a/docs/file.IRP.html
+++ b/docs/file.IRP.html
@@ -203,7 +203,7 @@ 
                                                                                                              Appendix: Example checklist
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 8befb1fa..ee6cf1a9 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                                                                                                              MIT License

                                                                                                              Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                                                                                                              Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                                                                                                              Permission is hereby granted, free of charge, to any person obtaining a copy
                                                                                                              of this software and associated documentation files (the "Software"), to deal
                                                                                                              in the Software without restriction, including without limitation the rights
                                                                                                              to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                                                                                                              copies of the Software, and to permit persons to whom the Software is
                                                                                                              furnished to do so, subject to the following conditions:

                                                                                                              The above copyright notice and this permission notice shall be included in all
                                                                                                              copies or substantial portions of the Software.

                                                                                                              THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                                                                                                              IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                                                                                                              FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                                                                                                              AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                                                                                                              LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                                                                                                              OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                                                                                                              SOFTWARE.
                                                                                                              
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 2f34a113..46fdcb1b 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -224,7 +224,7 @@ 
                                                                                                              Optionally: call UserInfo
                                                                                                              
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 2dc94f80..3d63387d 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -1677,7 +1677,7 @@ 
                                                                                                              Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
deleted file mode 100644
index bc4f2767..00000000
--- a/docs/file.REEK.html
+++ /dev/null
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: REEK
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index fcb0033e..d616dada 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -160,7 +160,7 @@ 
                                                                                                              Benefits of rubocop_gradual
                                                                                                              
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index bc43ae18..d2d62611 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -93,7 +93,7 @@ 
                                                                                                              Additional Support
                                                                                                              
 
 
       
diff --git a/docs/file.THREAT_MODEL.html b/docs/file.THREAT_MODEL.html
index 6307deac..e6487b53 100644
--- a/docs/file.THREAT_MODEL.html
+++ b/docs/file.THREAT_MODEL.html
@@ -206,7 +206,7 @@ 
                                                                                                              8. References
                                                                                                              
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
deleted file mode 100644
index e6fc7b16..00000000
--- a/docs/file.access_token.html
+++ /dev/null
@@ -1,94 +0,0 @@
-
-
-  
-    
-
-
-  File: access_token
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              module OAuth2
                                                                                                              
-  class AccessToken
                                                                                                              
-    def self.from_hash: (OAuth2::Client, Hash[untyped, untyped]) -> OAuth2::AccessToken
                                                                                                              
-    def self.from_kvform: (OAuth2::Client, String) -> OAuth2::AccessToken
                                                                                                              
-
-
                                                                                                              def initialize: (OAuth2::Client, String, ?Hash[Symbol, untyped]) -> void
-def []: (String | Symbol) -> untyped
-def expires?: () -> bool
-def expired?: () -> bool
-def refresh: (?Hash[untyped, untyped], ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::AccessToken
-def revoke: (?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-def to_hash: () -> Hash[Symbol, untyped]
-def request: (Symbol, String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-def get: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-def post: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-def put: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-def patch: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-def delete: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-def headers: () -> Hash[String, String]
-def configure_authentication!: (Hash[Symbol, untyped], Symbol) -> void
-def convert_expires_at: (untyped) -> (Time | Integer | nil)
-
-attr_accessor response: OAuth2::Response   end end
-
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
deleted file mode 100644
index 24436d9e..00000000
--- a/docs/file.authenticator.html
+++ /dev/null
@@ -1,91 +0,0 @@
-
-
-  
-    
-
-
-  File: authenticator
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              module OAuth2
                                                                                                              
-  class Authenticator
                                                                                                              
-    include OAuth2::FilteredAttributes
                                                                                                              
-
-
                                                                                                              attr_reader mode: (Symbol | String)
-attr_reader id: String?
-attr_reader secret: String?
-
-def initialize: (String? id, String? secret, (Symbol | String) mode) -> void
-
-def apply: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
-
-def self.encode_basic_auth: (String, String) -> String
-
-private
-
-def apply_params_auth: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
-def apply_client_id: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
-def apply_basic_auth: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
-def basic_auth_header: () -> Hash[String, String]   end end
-
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.client.html b/docs/file.client.html
deleted file mode 100644
index c9691758..00000000
--- a/docs/file.client.html
+++ /dev/null
@@ -1,121 +0,0 @@
-
-
-  
-    
-
-
-  File: client
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              module OAuth2
                                                                                                              
-  class Client
                                                                                                              
-    RESERVED_REQ_KEYS: Array[String]
                                                                                                              
-    RESERVED_PARAM_KEYS: Array[String]
                                                                                                              
-
-
                                                                                                              include OAuth2::FilteredAttributes
-
-attr_reader id: String
-attr_reader secret: String
-attr_reader site: String?
-attr_accessor options: Hash[Symbol, untyped]
-attr_writer connection: untyped
-
-def initialize: (String client_id, String client_secret, ?Hash[Symbol, untyped]) { (untyped) -> void } -> void
-
-def site=: (String) -> String
-
-def connection: () -> untyped
-
-def authorize_url: (?Hash[untyped, untyped]) -> String
-def token_url: (?Hash[untyped, untyped]) -> String
-def revoke_url: (?Hash[untyped, untyped]) -> String
-
-def request: (Symbol verb, String url, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-
-def get_token: (Hash[untyped, untyped] params, ?Hash[Symbol, untyped] access_token_opts, ?Proc) { (Hash[Symbol, untyped]) -> void } -> (OAuth2::AccessToken | nil)
-
-def revoke_token: (String token, ?String token_type_hint, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-
-def http_method: () -> Symbol
-
-def auth_code: () -> OAuth2::Strategy::AuthCode
-def implicit: () -> OAuth2::Strategy::Implicit
-def password: () -> OAuth2::Strategy::Password
-def client_credentials: () -> OAuth2::Strategy::ClientCredentials
-def assertion: () -> OAuth2::Strategy::Assertion
-
-def redirection_params: () -> Hash[String, String]
-
-private
-
-def params_to_req_opts: (Hash[untyped, untyped]) -> Hash[Symbol, untyped]
-def parse_snaky_params_headers: (Hash[untyped, untyped]) -> [Symbol, bool, untyped, (Symbol | nil), Hash[untyped, untyped], Hash[String, String]]
-def execute_request: (Symbol verb, String url, ?Hash[Symbol, untyped]) { (Faraday::Request) -> void } -> OAuth2::Response
-def authenticator: () -> OAuth2::Authenticator
-def parse_response_legacy: (OAuth2::Response, Hash[Symbol, untyped], Proc) -> (OAuth2::AccessToken | nil)
-def parse_response: (OAuth2::Response, Hash[Symbol, untyped]) -> (OAuth2::AccessToken | nil)
-def build_access_token: (OAuth2::Response, Hash[Symbol, untyped], untyped) -> OAuth2::AccessToken
-def build_access_token_legacy: (OAuth2::Response, Hash[Symbol, untyped], Proc) -> (OAuth2::AccessToken | nil)
-def oauth_debug_logging: (untyped) -> void   end end
-
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.error.html b/docs/file.error.html
deleted file mode 100644
index 0934c7fd..00000000
--- a/docs/file.error.html
+++ /dev/null
@@ -1,78 +0,0 @@
-
-
-  
-    
-
-
-  File: error
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              module OAuth2
                                                                                                              
-  class Error < StandardError
                                                                                                              
-    def initialize: (OAuth2::Response) -> void
                                                                                                              
-    def code: () -> (String | Integer | nil)
                                                                                                              
-    def description: () -> (String | nil)
                                                                                                              
-    def response: () -> OAuth2::Response
                                                                                                              
-  end
                                                                                                              
-end
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
deleted file mode 100644
index 3b36819a..00000000
--- a/docs/file.filtered_attributes.html
+++ /dev/null
@@ -1,76 +0,0 @@
-
-
-  
-    
-
-
-  File: filtered_attributes
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              module OAuth2
                                                                                                              
-  module FilteredAttributes
                                                                                                              
-    def self.included: (untyped) -> untyped
                                                                                                              
-    def filtered_attributes: (*String) -> void
                                                                                                              
-  end
                                                                                                              
-end
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
deleted file mode 100644
index b00e56e9..00000000
--- a/docs/file.oauth2-2.0.10.gem.html
+++ /dev/null
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2-2.0.10.gem
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              e692f68ab79677ee7fa9300bbd5e0c41de08642d51659a49ca7fd742230445601ad3c2d271ee110718d58a27383aba0c25ddbdbef5b13f7c18585cdfda74850b
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
deleted file mode 100644
index 11369457..00000000
--- a/docs/file.oauth2-2.0.11.gem.html
+++ /dev/null
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2-2.0.11.gem
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              048743f9efd89460231738885c9c0de7b36433055eefc66331b91eee343885cd9145bbac239c6121d13b716633fb8385fa886ce854bf14142f9894e6c8f19ba2
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
deleted file mode 100644
index c691479c..00000000
--- a/docs/file.oauth2-2.0.12.gem.html
+++ /dev/null
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2-2.0.12.gem
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              a209c7a0c4b9d46ccb00e750af8899c01d52648ca77a0d40b934593de53edc4f2774440fc50733c0e5098672c6c5a4a20f8709046be427fcf032f45922dff2d2
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
deleted file mode 100644
index 6119b737..00000000
--- a/docs/file.oauth2-2.0.13.gem.html
+++ /dev/null
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2-2.0.13.gem
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              3bfe481d98f859f37f3b90ced2b8856a843eef0f2e0263163cccc14430047bc3cd03d28597f48daa3d623b52d692c3b3e7c2dc26df5eb588dd82d28608fba639
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
deleted file mode 100644
index 39830f8f..00000000
--- a/docs/file.oauth2-2.0.14.gem.html
+++ /dev/null
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2-2.0.14.gem
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              5ce561a6b103a123d9b96e1e4725c07094bd6e58c135cc775ae9d5a055c031169ca6d6de379c2569daf1dd8ab2727079db3c80aa8568d6947e94a0c06b4c6d2b
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.15.gem.html b/docs/file.oauth2-2.0.15.gem.html
deleted file mode 100644
index af525d3c..00000000
--- a/docs/file.oauth2-2.0.15.gem.html
+++ /dev/null
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2-2.0.15.gem
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              287a5d2cff87b4f37dde7b97f0fc31ee4c79edcc451b33694d1ba6f13d218cd04848780a857b94b93b656d6d81de4f4fcb4e8345f432cee17a6d96bd3f313df2
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.16.gem.html b/docs/file.oauth2-2.0.16.gem.html
deleted file mode 100644
index 70c1903d..00000000
--- a/docs/file.oauth2-2.0.16.gem.html
+++ /dev/null
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2-2.0.16.gem
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              49788bf25c3afcc08171f92c3c8a21b4bcd322aae0834f69ae77c08963f54be6c9155588ca66f82022af897ddd0bf28b0c5ee254bc9fe533d1a37b1d52f409be
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.17.gem.html b/docs/file.oauth2-2.0.17.gem.html
deleted file mode 100644
index 555bded1..00000000
--- a/docs/file.oauth2-2.0.17.gem.html
+++ /dev/null
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2-2.0.17.gem
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              6385dfb2d4cb0309745de2d442d99c6148744abaca5599bd1e4f6038e99734d9cf90d1de83d1833e416e2682f0e3d6ae83e10a5a55d6e884b9cdc54e6070fb8b
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
deleted file mode 100644
index ca8fc1ff..00000000
--- a/docs/file.oauth2.html
+++ /dev/null
@@ -1,79 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              module OAuth2
                                                                                                              
-  OAUTH_DEBUG: bool
                                                                                                              
-
-
                                                                                                              DEFAULT_CONFIG: untyped
                                                                                                              
-  @config: untyped
                                                                                                              
-
-
                                                                                                              def self.config: () -> untyped
                                                                                                              
-  def self.configure: () { (untyped) -> void } -> void
                                                                                                              
-end
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.response.html b/docs/file.response.html
deleted file mode 100644
index 2966fd2c..00000000
--- a/docs/file.response.html
+++ /dev/null
@@ -1,87 +0,0 @@
-
-
-  
-    
-
-
-  File: response
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              module OAuth2
                                                                                                              
-  class Response
                                                                                                              
-    DEFAULT_OPTIONS: Hash[Symbol, untyped]
                                                                                                              
-
-
                                                                                                              def self.register_parser: (Symbol key, (Array[String] | String) mime_types) { (String) -> untyped } -> void
-
-def initialize: (untyped response, parse: Symbol?, snaky: bool?, snaky_hash_klass: untyped?, options: Hash[Symbol, untyped]?) -> void
-def headers: () -> Hash[untyped, untyped]
-def status: () -> Integer
-def body: () -> String
-def parsed: () -> untyped
-def content_type: () -> (String | nil)
-def parser: () -> (untyped | nil)
-
-attr_reader response: untyped
-attr_accessor options: Hash[Symbol, untyped]   end end
-
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
deleted file mode 100644
index 94941ce1..00000000
--- a/docs/file.strategy.html
+++ /dev/null
@@ -1,103 +0,0 @@
-
-
-  
-    
-
-
-  File: strategy
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              module OAuth2
                                                                                                              
-  module Strategy
                                                                                                              
-    class Base
                                                                                                              
-      def initialize: (OAuth2::Client) -> void
                                                                                                              
-    end
                                                                                                              
-
-
                                                                                                              class AuthCode < Base
-  def authorize_params: (?Hash[untyped, untyped]) -> Hash[untyped, untyped]
-  def authorize_url: (?Hash[untyped, untyped]) -> String
-  def get_token: (String, ?Hash[untyped, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
-end
-
-class Implicit < Base
-  def authorize_params: (?Hash[untyped, untyped]) -> Hash[untyped, untyped]
-  def authorize_url: (?Hash[untyped, untyped]) -> String
-  def get_token: (*untyped) -> void
-end
-
-class Password < Base
-  def authorize_url: () -> void
-  def get_token: (String, String, ?Hash[untyped, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
-end
-
-class ClientCredentials < Base
-  def authorize_url: () -> void
-  def get_token: (?Hash[untyped, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
-end
-
-class Assertion < Base
-  def authorize_url: () -> void
-  def get_token: (Hash[untyped, untyped], Hash[Symbol, untyped], ?Hash[Symbol, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
-end   end end
-
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/file.version.html b/docs/file.version.html
deleted file mode 100644
index 3a21b7b8..00000000
--- a/docs/file.version.html
+++ /dev/null
@@ -1,75 +0,0 @@
-
-
-  
-    
-
-
-  File: version
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
                                                                                                              
-      
-      
                                                                                                              
-    
                                                                                                              
-
-    
                                                                                                              
-      
-
-      
                                                                                                              module OAuth2
                                                                                                              
-  module Version
                                                                                                              
-    VERSION: String
                                                                                                              
-  end
                                                                                                              
-end
                                                                                                              
-
                                                                                                              
-
-      
-
-    
                                                                                                              
-  
-
\ No newline at end of file
diff --git a/docs/index.html b/docs/index.html
index 76368c46..b4641ae9 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1677,7 +1677,7 @@ 
                                                                                                              Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 9097f9bf..a4e375cf 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
                                                                                                              Defined Under Namespace
                                                                                                              
 
 
       

From dd10b3295215a3b25d84568d65c4efc06aa6d0f6 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 7 Nov 2025 19:36:22 -0700
Subject: [PATCH 635/645] =?UTF-8?q?=F0=9F=91=B7=20json=20having=20trouble?=
 =?UTF-8?q?=20installing=20on=20TruffleRuby=20v23.1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/truffle.yml | 99 -----------------------------------
 README.md                     |  8 ++-
 2 files changed, 3 insertions(+), 104 deletions(-)
 delete mode 100644 .github/workflows/truffle.yml

diff --git a/.github/workflows/truffle.yml b/.github/workflows/truffle.yml
deleted file mode 100644
index 67807231..00000000
--- a/.github/workflows/truffle.yml
+++ /dev/null
@@ -1,99 +0,0 @@
-name: Truffle
-
-permissions:
-  contents: read
-
-env:
-  K_SOUP_COV_DO: false
-
-on:
-  push:
-    branches:
-      - 'main'
-      - '*-stable'
-    tags:
-      - '!*' # Do not execute on tags
-  pull_request:
-    branches:
-      - '*'
-  # Allow manually triggering the workflow.
-  workflow_dispatch:
-
-# Cancels all previous workflow runs for the same branch that have not yet completed.
-concurrency:
-  # The concurrency group contains the workflow name and the branch name.
-  group: "${{ github.workflow }}-${{ github.ref }}"
-  cancel-in-progress: true
-
-jobs:
-  test:
-    if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
-    name: Specs ${{ matrix.ruby }} ${{ matrix.appraisal }}${{ matrix.name_extra || '' }}
-    runs-on: ubuntu-22.04
-    continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
-    env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
-      BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile
-    strategy:
-      matrix:
-        include:
-          # NOTE: truffleruby does not support upgrading rubygems.
-          # truffleruby-23.1 (targets Ruby 3.2 compatibility)
-          - ruby: "truffleruby-23.1"
-            appraisal: "ruby-3-2"
-            exec_cmd: "rake test"
-            gemfile: "Appraisal.root"
-            rubygems: default
-            bundler: default
-
-    steps:
-      - name: Checkout
-        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
-        uses: actions/checkout@v5
-
-      - name: Setup Ruby & RubyGems
-        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: ${{ matrix.ruby }}
-          rubygems: ${{ matrix.rubygems }}
-          bundler: ${{ matrix.bundler }}
-          bundler-cache: false
-
-      # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root)
-      # We need to do this first to get appraisal installed.
-      # NOTE: This does not use the primary Gemfile at all.
-      - name: Install Root Appraisal
-        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
-        run: bundle
-
-      - name: "[Attempt 1] Install Root Appraisal"
-        id: bundleAttempt1
-        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
-        run: bundle
-        # Continue to the next step on failure
-        continue-on-error: true
-
-      # Effectively an automatic retry of the previous step.
-      - name: "[Attempt 2] Install Root Appraisal"
-        id: bundleAttempt2
-        # If bundleAttempt1 failed, try again here; Otherwise skip.
-        if: ${{ steps.bundleAttempt1.outcome == 'failure' && (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
-        run: bundle
-
-      - name: "[Attempt 1] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
-        id: bundleAppraisalAttempt1
-        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
-        run: bundle exec appraisal ${{ matrix.appraisal }} bundle
-        # Continue to the next step on failure
-        continue-on-error: true
-
-      # Effectively an automatic retry of the previous step.
-      - name: "[Attempt 2] Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal }}"
-        id: bundleAppraisalAttempt2
-        # If bundleAppraisalAttempt1 failed, try again here; Otherwise skip.
-        if: ${{ steps.bundleAppraisalAttempt1.outcome == 'failure' && (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
-        run: bundle exec appraisal ${{ matrix.appraisal }} bundle
-
-      - name: Tests for ${{ matrix.ruby }} via ${{ matrix.exec_cmd }}
-        if: ${{ (env.ACT && !(startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) || (!env.ACT && (startsWith(matrix.ruby, 'jruby')) || startsWith(matrix.ruby, 'truffleruby')) }}
-        run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }}
diff --git a/README.md b/README.md
index a5ec5975..5517fd43 100644
--- a/README.md
+++ b/README.md
@@ -162,9 +162,9 @@ If it seems like you are in the wrong place, you might try one of these:
 | Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                          |
 |-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] 
                                                                                                               [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                          |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] 
                                                                                                               [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                            |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] ![Truffle Ruby 23.1 Compat][💎truby-23.1i] 
                                                                                                               [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                        |
 | Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                         |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                               [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                              |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] 
                                                                                                               [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                              |
 | Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                       |
 | Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                         |
 | Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                          |
@@ -1414,8 +1414,6 @@ Thanks for RTFM. ☺️
 [🚎7-us-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/unsupported.yml/badge.svg
 [🚎8-ho-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/hoary.yml
 [🚎8-ho-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/hoary.yml/badge.svg
-[🚎9-t-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/truffle.yml
-[🚎9-t-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/truffle.yml/badge.svg
 [🚎10-j-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/jruby.yml
 [🚎10-j-wfi]: https://github.com/ruby-oauth/oauth2/actions/workflows/jruby.yml/badge.svg
 [🚎11-c-wf]: https://github.com/ruby-oauth/oauth2/actions/workflows/current.yml
@@ -1444,7 +1442,7 @@ Thanks for RTFM. ☺️
 [💎ruby-headi]: https://img.shields.io/badge/Ruby-HEAD-CC342D?style=for-the-badge&logo=ruby&logoColor=blue
 [💎truby-22.3i]: https://img.shields.io/badge/Truffle_Ruby-22.3_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=pink
 [💎truby-23.0i]: https://img.shields.io/badge/Truffle_Ruby-23.0_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=pink
-[💎truby-23.1i]: https://img.shields.io/badge/Truffle_Ruby-23.1-34BCB1?style=for-the-badge&logo=ruby&logoColor=pink
+[💎truby-23.1i]: https://img.shields.io/badge/Truffle_Ruby-23.1_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=pink
 [💎truby-c-i]: https://img.shields.io/badge/Truffle_Ruby-current-34BCB1?style=for-the-badge&logo=ruby&logoColor=green
 [💎truby-headi]: https://img.shields.io/badge/Truffle_Ruby-HEAD-34BCB1?style=for-the-badge&logo=ruby&logoColor=blue
 [💎jruby-9.1i]: https://img.shields.io/badge/JRuby-9.1_(%F0%9F%9A%ABCI)-AABBCC?style=for-the-badge&logo=ruby&logoColor=red

From 710c3419b7f0a8f483f73009b7039b5c366a3395 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Fri, 7 Nov 2025 20:39:54 -0700
Subject: [PATCH 636/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20yard-fence=20v0.5.?=
 =?UTF-8?q?0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                                  |  11 +-
 Gemfile.lock                                  |   2 +-
 OIDC.md                                       |  11 +-
 README.md                                     |   8 +-
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              |   2 +-
 docs/file.CHANGELOG.html                      |  15 +-
 docs/file.CITATION.html                       |  90 ++++++++++
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.IRP.html                            |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           | 165 +++++++++++-------
 docs/file.README.html                         |  14 +-
 docs/file.REEK.html                           |  71 ++++++++
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   2 +-
 docs/file.THREAT_MODEL.html                   |   2 +-
 docs/file.access_token.html                   |  94 ++++++++++
 docs/file.authenticator.html                  |  91 ++++++++++
 docs/file.client.html                         | 121 +++++++++++++
 docs/file.error.html                          |  78 +++++++++
 docs/file.filtered_attributes.html            |  76 ++++++++
 docs/file.oauth2-2.0.10.gem.html              |  71 ++++++++
 docs/file.oauth2-2.0.11.gem.html              |  71 ++++++++
 docs/file.oauth2-2.0.12.gem.html              |  71 ++++++++
 docs/file.oauth2-2.0.13.gem.html              |  71 ++++++++
 docs/file.oauth2-2.0.14.gem.html              |  71 ++++++++
 docs/file.oauth2-2.0.15.gem.html              |  71 ++++++++
 docs/file.oauth2-2.0.16.gem.html              |  71 ++++++++
 docs/file.oauth2-2.0.17.gem.html              |  71 ++++++++
 docs/file.oauth2.html                         |  79 +++++++++
 docs/file.response.html                       |  87 +++++++++
 docs/file.strategy.html                       | 103 +++++++++++
 docs/file.version.html                        |  75 ++++++++
 docs/index.html                               |  14 +-
 docs/top-level-namespace.html                 |   2 +-
 53 files changed, 1708 insertions(+), 117 deletions(-)
 create mode 100644 docs/file.CITATION.html
 create mode 100644 docs/file.REEK.html
 create mode 100644 docs/file.access_token.html
 create mode 100644 docs/file.authenticator.html
 create mode 100644 docs/file.client.html
 create mode 100644 docs/file.error.html
 create mode 100644 docs/file.filtered_attributes.html
 create mode 100644 docs/file.oauth2-2.0.10.gem.html
 create mode 100644 docs/file.oauth2-2.0.11.gem.html
 create mode 100644 docs/file.oauth2-2.0.12.gem.html
 create mode 100644 docs/file.oauth2-2.0.13.gem.html
 create mode 100644 docs/file.oauth2-2.0.14.gem.html
 create mode 100644 docs/file.oauth2-2.0.15.gem.html
 create mode 100644 docs/file.oauth2-2.0.16.gem.html
 create mode 100644 docs/file.oauth2-2.0.17.gem.html
 create mode 100644 docs/file.oauth2.html
 create mode 100644 docs/file.response.html
 create mode 100644 docs/file.strategy.html
 create mode 100644 docs/file.version.html

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 607363f7..17cc8fb0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,11 +21,13 @@ Please file a bug if you notice a violation of semantic versioning.
 ### Added
 
 - [gh!683][gh!683], [gh!684][gh!684] - Improve documentation by @pboling
+- [gh!686][gh!686]- Add Incident Response Plan by @pboling
+- [gh!687][gh!687]- Add Threat Model by @pboling
 
 ### Changed
 
-- [gh!685][gh!685] - upgrade kettle-dev v1.1.24 by pboling
-- upgrade kettle-dev v1.1.26 by pboling
+- [gh!685][gh!685] - upgrade kettle-dev v1.1.24 by @pboling
+- upgrade kettle-dev v1.1.51 by @pboling
   - Add open collective donors to README
 
 ### Deprecated
@@ -34,11 +36,16 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Fixed
 
+- [gh!690][gh!690] - Add yard-fence to handle braces within code fences in markdown properly by @pboling
+
 ### Security
 
 [gh!683]: https://github.com/ruby-oauth/oauth2/pull/683
 [gh!684]: https://github.com/ruby-oauth/oauth2/pull/684
 [gh!685]: https://github.com/ruby-oauth/oauth2/pull/685
+[gh!686]: https://github.com/ruby-oauth/oauth2/pull/686
+[gh!687]: https://github.com/ruby-oauth/oauth2/pull/687
+[gh!690]: https://github.com/ruby-oauth/oauth2/pull/690
 
 ## [2.0.17] - 2025-09-15
 
diff --git a/Gemfile.lock b/Gemfile.lock
index dbb04aaf..8c4b1f4b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -311,7 +311,7 @@ GEM
     uri (1.1.1)
     version_gem (1.1.9)
     yard (0.9.37)
-    yard-fence (0.4.0)
+    yard-fence (0.5.0)
       rdoc (~> 6.11)
       version_gem (~> 1.1, >= 1.1.9)
       yard (~> 0.9, >= 0.9.37)
diff --git a/OIDC.md b/OIDC.md
index 2bd7c708..22e31d11 100644
--- a/OIDC.md
+++ b/OIDC.md
@@ -16,11 +16,13 @@ If any other libraries would like to be added to this list, please open an issue
 This document complements the inline documentation by focusing on OpenID Connect (OIDC) 1.0 usage patterns when using this gem as an OAuth 2.0 client library.
 
 Scope of this document
+
 - Audience: Developers building an OAuth 2.0/OIDC Relying Party (RP, aka client) in Ruby.
 - Non-goals: This gem does not implement an OIDC Provider (OP, aka Authorization Server); for OP/server see other projects (e.g., doorkeeper + oidc extensions).
 - Status: Informational documentation with links to normative specs. The gem intentionally remains protocol-agnostic beyond OAuth 2.0; OIDC specifics (like ID Token validation) must be handled by your application.
 
 Key concepts refresher
+
 - OAuth 2.0 delegates authorization; it does not define authentication of the end-user.
 - OIDC layers an identity layer on top of OAuth 2.0, introducing:
   - ID Token: a JWT carrying claims about the authenticated end-user and the authentication event.
@@ -29,6 +31,7 @@ Key concepts refresher
   - Discovery and Dynamic Client Registration (optional for providers/clients that support them).
 
 What this gem provides for OIDC
+
 - All OAuth 2.0 client capabilities required for OIDC flows: building authorization requests, exchanging authorization codes, refreshing tokens, and making authenticated resource requests.
 - Transport and parsing conveniences (snaky hash, Faraday integration, error handling, etc.).
 - Optional client authentication schemes useful with OIDC deployments:
@@ -38,6 +41,7 @@ What this gem provides for OIDC
   - private_key_jwt (OIDC-compliant when configured per OP requirements)
 
 What you must add in your app for OIDC
+
 - ID Token validation: This gem surfaces id_token values but does not verify them. Your app should:
   1) Parse the JWT (header, payload, signature)
   2) Fetch the OP JSON Web Key Set (JWKS) from discovery (or configure statically)
@@ -124,10 +128,12 @@ userinfo = token.get("/userinfo").parsed
 ```
 
 Notes on discovery and registration
-- Discovery: Most OPs publish configuration at {issuer}/.well-known/openid-configuration (OIDC Discovery 1.0). From there, resolve authorization_endpoint, token_endpoint, jwks_uri, userinfo_endpoint, etc.
+
+- Discovery: Most OPs publish configuration at `{issuer}/.well-known/openid-configuration` (OIDC Discovery 1.0). From there, resolve authorization_endpoint, token_endpoint, jwks_uri, userinfo_endpoint, etc.
 - Dynamic Client Registration: Some OPs allow registering clients programmatically (OIDC Dynamic Client Registration 1.0). This gem does not implement registration; use a plain HTTP client or Faraday and store credentials securely.
 
 Common pitfalls and tips
+
 - Always request the openid scope when you expect an ID Token. Without it, the OP may behave as vanilla OAuth 2.0.
 - Validate ID Token signature and claims before trusting any identity data. Do not rely solely on the presence of an id_token field.
 - Prefer Authorization Code + PKCE. Avoid Implicit; it is discouraged in modern guidance and may be disabled by providers.
@@ -136,6 +142,7 @@ Common pitfalls and tips
 - When using private_key_jwt, ensure the "aud" (or token_url) and "iss/sub" claims are set per the OP’s rules, and include kid in the JWT header when required so the OP can select the right key.
 
 Relevant specifications and references
+
 - OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html
 - OIDC Core (final): https://openid.net/specs/openid-connect-core-1_0-final.html
 - How OIDC works: https://openid.net/developers/how-connect-works/
@@ -150,9 +157,11 @@ Relevant specifications and references
 - Spring Authorization Server’s list of OAuth2/OIDC specs: https://github.com/spring-projects/spring-authorization-server/wiki/OAuth2-and-OIDC-Specifications
 
 See also
+
 - README sections on OAuth 2.1 notes and OIDC notes
 - Strategy classes under lib/oauth2/strategy for flow helpers
 - Specs under spec/oauth2 for concrete usage patterns
 
 Contributions welcome
+
 - If you discover provider-specific nuances, consider contributing examples or clarifications (without embedding provider-specific hacks into the library).
diff --git a/README.md b/README.md
index 5517fd43..13ab7ba0 100644
--- a/README.md
+++ b/README.md
@@ -843,8 +843,8 @@ me = long_lived.get("/me", params: {fields: "id,username"}).parsed
 
 Tips:
 
-- Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
-- If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
+- Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for `GET` requests.
+- If you need a custom rule, you can pass a `Proc` for `mode`, e.g. `mode: ->(verb) { verb == :get ? :query : :header }`.
 
 ### Refresh Tokens
 
@@ -991,9 +991,9 @@ client = OAuth2::Client.new(
 end
 ```
 
-##### Using flat query params (Faraday::FlatParamsEncoder)
+##### Using flat query params (`Faraday::FlatParamsEncoder`)
 
-Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
+Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides `FlatParamsEncoder` for this purpose. You can configure the oauth2 client to use it when building requests.
 
 ```ruby
 require "faraday"
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 20892da0..1ffcdd17 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index dc0bf8cc..2d0ed1df 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3083,7 +3083,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index a5f21aec..53736878 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 4658bb2f..9ff6fc48 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2654,7 +2654,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 2f174eed..1401cd95 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index c0197942..7c738657 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index e0290629..75bb5568 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 8ef77038..dccdc25b 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index e1ccd313..c629c668 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
                                                                                                              Defined Under Namespace
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 7a06b005..6153d6fa 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 5242b1c8..d5081e25 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -479,7 +479,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index f27dc542..dd410d38 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 6a8cfba9..efa4fdb8 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 1887c973..32f63999 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -418,7 +418,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index bc0021ae..91d2fe7c 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -372,7 +372,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 2d7730b3..35c06cb4 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
                                                                                                              
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index f5410716..f023b32d 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -315,7 +315,7 @@ 
                                                                                                              Namespace Listing A-Z
                                                                                                              
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 8e99bef0..b22f44a2 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -75,14 +75,18 @@ 
                                                                                                              Added
                                                                                                              
 
                                                                                                                
   
                                                                                                              • 
 gh!683, gh!684 - Improve documentation by @pboling
                                                                                                                • 
+  
                                                                                                              • 
+gh!686- Add Incident Response Plan by @pboling
                                                                                                                • 
+  
                                                                                                              • 
+gh!687- Add Threat Model by @pboling
                                                                                                                • 
 
                                                                                                              
 
 
                                                                                                              Changed
                                                                                                              
 
 
                                                                                                                
   
                                                                                                              • 
-gh!685 - upgrade kettle-dev v1.1.24 by pboling
                                                                                                                • 
-  
                                                                                                              • upgrade kettle-dev v1.1.26 by pboling
+gh!685 - upgrade kettle-dev v1.1.24 by @pboling
                                                                                                                • 
+  
                                                                                                              • upgrade kettle-dev v1.1.51 by @pboling
     
                                                                                                                  
       
                                                                                                                • Add open collective donors to README
                                                                                                                  • 
     
                                                                                                                
@@ -95,6 +99,11 @@ 
                                                                                                                Removed
                                                                                                                
 
 
                                                                                                                Fixed
                                                                                                                
 
+
                                                                                                                  
+  
                                                                                                                • 
+gh!690 - Add yard-fence to handle braces within code fences in markdown properly by @pboling
                                                                                                                  • 
+
                                                                                                                
+
 
                                                                                                                Security
                                                                                                                
 
 
                                                                                                                
@@ -1290,7 +1299,7 @@ 
                                                                                                                
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
new file mode 100644
index 00000000..ec687c30
--- /dev/null
+++ b/docs/file.CITATION.html
@@ -0,0 +1,90 @@
+
+
+  
+    
+
+
+  File: CITATION
+  
+    — Documentation by YARD 0.9.37
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
                                                                                                                
+      
+      
                                                                                                                
+    
                                                                                                                
+
+    
                                                                                                                
+      
+
+      
                                                                                                                cff-version: 1.2.0
+title: oauth2
+message: >-
+  If you use this work and you want to cite it,
+  then you can use the metadata from this file.
+type: software
+authors:
+  - given-names: Peter Hurn
+    family-names: Boling
+    email: peter@railsbling.com
+    affiliation: railsbling.com
+    orcid: ‘https://orcid.org/0009-0008-8519-441X’
+identifiers:
+  - type: url
+    value: ‘https://github.com/ruby-oauth/oauth2’
+    description: oauth2
+repository-code: ‘https://github.com/ruby-oauth/oauth2’
+abstract: >-
+  oauth2
+license: See license file
                                                                                                                
+
                                                                                                                
+
+      
+
+    
                                                                                                                
+  
+
\ No newline at end of file
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index cf36e06e..818acbd7 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
                                                                                                                Attribution
                                                                                                                
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index dd5ef561..08f3438c 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -296,7 +296,7 @@ 
                                                                                                                Manual process
                                                                                                                
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 9c4d8142..59b0b074 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -99,7 +99,7 @@ 
                                                                                                                Another Way to Support Open
 
 
       
diff --git a/docs/file.IRP.html b/docs/file.IRP.html
index 84142c56..6664d497 100644
--- a/docs/file.IRP.html
+++ b/docs/file.IRP.html
@@ -203,7 +203,7 @@ 
                                                                                                                Appendix: Example checklist
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index ee6cf1a9..428dfecc 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
                                                                                                                MIT License

                                                                                                                Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
                                                                                                                Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

                                                                                                                Permission is hereby granted, free of charge, to any person obtaining a copy
                                                                                                                of this software and associated documentation files (the "Software"), to deal
                                                                                                                in the Software without restriction, including without limitation the rights
                                                                                                                to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                                                                                                                copies of the Software, and to permit persons to whom the Software is
                                                                                                                furnished to do so, subject to the following conditions:

                                                                                                                The above copyright notice and this permission notice shall be included in all
                                                                                                                copies or substantial portions of the Software.

                                                                                                                THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                                                                                                                IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                                                                                                                FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
                                                                                                                AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                                                                                                                LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                                                                                                                OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
                                                                                                                SOFTWARE.
                                                                                                                
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 46fdcb1b..e73faa29 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -80,38 +80,56 @@ 
                                                                                                                Raw OIDC with ruby-oauth/oauth2
                                                                                                                
 
 
                                                                                                                This document complements the inline documentation by focusing on OpenID Connect (OIDC) 1.0 usage patterns when using this gem as an OAuth 2.0 client library.
                                                                                                                
 
-
                                                                                                                Scope of this document
-- Audience: Developers building an OAuth 2.0/OIDC Relying Party (RP, aka client) in Ruby.
-- Non-goals: This gem does not implement an OIDC Provider (OP, aka Authorization Server); for OP/server see other projects (e.g., doorkeeper + oidc extensions).
-- Status: Informational documentation with links to normative specs. The gem intentionally remains protocol-agnostic beyond OAuth 2.0; OIDC specifics (like ID Token validation) must be handled by your application.
                                                                                                                
-
-
                                                                                                                Key concepts refresher
-- OAuth 2.0 delegates authorization; it does not define authentication of the end-user.
-- OIDC layers an identity layer on top of OAuth 2.0, introducing:
-  - ID Token: a JWT carrying claims about the authenticated end-user and the authentication event.
-  - Standardized scopes: openid (mandatory), profile, email, address, phone, offline_access, and others.
-  - UserInfo endpoint: a protected resource for retrieving user profile claims.
-  - Discovery and Dynamic Client Registration (optional for providers/clients that support them).
                                                                                                                
-
-
                                                                                                                What this gem provides for OIDC
-- All OAuth 2.0 client capabilities required for OIDC flows: building authorization requests, exchanging authorization codes, refreshing tokens, and making authenticated resource requests.
-- Transport and parsing conveniences (snaky hash, Faraday integration, error handling, etc.).
-- Optional client authentication schemes useful with OIDC deployments:
-  - basic_auth (default)
-  - request_body (legacy)
-  - tls_client_auth (MTLS)
-  - private_key_jwt (OIDC-compliant when configured per OP requirements)
                                                                                                                
-
-
                                                                                                                What you must add in your app for OIDC
-- ID Token validation: This gem surfaces id_token values but does not verify them. Your app should:
-  1) Parse the JWT (header, payload, signature)
-  2) Fetch the OP JSON Web Key Set (JWKS) from discovery (or configure statically)
-  3) Select the correct key by kid (when present) and verify the signature and algorithm
-  4) Validate standard claims (iss, aud, exp, iat, nbf, azp, nonce when used, at_hash/c_hash when applicable)
-  5) Enforce expected client_id, issuer, and clock skew policies
-- Nonce handling for Authorization Code flow with OIDC: generate a cryptographically-random nonce, bind it to the user session before redirect, include it in authorize request, and verify it in the ID Token on return.
-- PKCE is best practice and often required by OPs: generate/verifier, send challenge in authorize, send verifier in token request.
-- Session/state management: continue to validate state to mitigate CSRF; use exact redirect_uri matching.
                                                                                                                
+
                                                                                                                Scope of this document
                                                                                                                
+
+
                                                                                                                  
+  
                                                                                                                • Audience: Developers building an OAuth 2.0/OIDC Relying Party (RP, aka client) in Ruby.
                                                                                                                  • 
+  
                                                                                                                • Non-goals: This gem does not implement an OIDC Provider (OP, aka Authorization Server); for OP/server see other projects (e.g., doorkeeper + oidc extensions).
                                                                                                                  • 
+  
                                                                                                                • Status: Informational documentation with links to normative specs. The gem intentionally remains protocol-agnostic beyond OAuth 2.0; OIDC specifics (like ID Token validation) must be handled by your application.
                                                                                                                  • 
+
                                                                                                                
+
+
                                                                                                                Key concepts refresher
                                                                                                                
+
+
                                                                                                                  
+  
                                                                                                                • OAuth 2.0 delegates authorization; it does not define authentication of the end-user.
                                                                                                                  • 
+  
                                                                                                                • OIDC layers an identity layer on top of OAuth 2.0, introducing:
+    
                                                                                                                    
+      
                                                                                                                  • ID Token: a JWT carrying claims about the authenticated end-user and the authentication event.
                                                                                                                    • 
+      
                                                                                                                  • Standardized scopes: openid (mandatory), profile, email, address, phone, offline_access, and others.
                                                                                                                    • 
+      
                                                                                                                  • UserInfo endpoint: a protected resource for retrieving user profile claims.
                                                                                                                    • 
+      
                                                                                                                  • Discovery and Dynamic Client Registration (optional for providers/clients that support them).
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+
                                                                                                                
+
+
                                                                                                                What this gem provides for OIDC
                                                                                                                
+
+
                                                                                                                  
+  
                                                                                                                • All OAuth 2.0 client capabilities required for OIDC flows: building authorization requests, exchanging authorization codes, refreshing tokens, and making authenticated resource requests.
                                                                                                                  • 
+  
                                                                                                                • Transport and parsing conveniences (snaky hash, Faraday integration, error handling, etc.).
                                                                                                                  • 
+  
                                                                                                                • Optional client authentication schemes useful with OIDC deployments:
+    
                                                                                                                    
+      
                                                                                                                  • basic_auth (default)
                                                                                                                    • 
+      
                                                                                                                  • request_body (legacy)
                                                                                                                    • 
+      
                                                                                                                  • tls_client_auth (MTLS)
                                                                                                                    • 
+      
                                                                                                                  • private_key_jwt (OIDC-compliant when configured per OP requirements)
                                                                                                                    • 
+    
                                                                                                                  
+  
                                                                                                                  • 
+
                                                                                                                
+
+
                                                                                                                What you must add in your app for OIDC
                                                                                                                
+
+
                                                                                                                  
+  
                                                                                                                • ID Token validation: This gem surfaces id_token values but does not verify them. Your app should:
+1) Parse the JWT (header, payload, signature)
+2) Fetch the OP JSON Web Key Set (JWKS) from discovery (or configure statically)
+3) Select the correct key by kid (when present) and verify the signature and algorithm
+4) Validate standard claims (iss, aud, exp, iat, nbf, azp, nonce when used, at_hash/c_hash when applicable)
+5) Enforce expected client_id, issuer, and clock skew policies
                                                                                                                  • 
+  
                                                                                                                • Nonce handling for Authorization Code flow with OIDC: generate a cryptographically-random nonce, bind it to the user session before redirect, include it in authorize request, and verify it in the ID Token on return.
                                                                                                                  • 
+  
                                                                                                                • PKCE is best practice and often required by OPs: generate/verifier, send challenge in authorize, send verifier in token request.
                                                                                                                  • 
+  
                                                                                                                • Session/state management: continue to validate state to mitigate CSRF; use exact redirect_uri matching.
                                                                                                                  • 
+
                                                                                                                
 
 
                                                                                                                Minimal OIDC Authorization Code example
                                                                                                                
 
@@ -188,43 +206,58 @@ 
                                                                                                                Optionally: call UserInfo
                                                                                                                
 
                                                                                                                userinfo = token.get(“/userinfo”).parsed
 ```
                                                                                                                
 
-
                                                                                                                Notes on discovery and registration
-- Discovery: Most OPs publish configuration at {issuer}/.well-known/openid-configuration (OIDC Discovery 1.0). From there, resolve authorization_endpoint, token_endpoint, jwks_uri, userinfo_endpoint, etc.
-- Dynamic Client Registration: Some OPs allow registering clients programmatically (OIDC Dynamic Client Registration 1.0). This gem does not implement registration; use a plain HTTP client or Faraday and store credentials securely.
                                                                                                                
-
-
                                                                                                                Common pitfalls and tips
-- Always request the openid scope when you expect an ID Token. Without it, the OP may behave as vanilla OAuth 2.0.
-- Validate ID Token signature and claims before trusting any identity data. Do not rely solely on the presence of an id_token field.
-- Prefer Authorization Code + PKCE. Avoid Implicit; it is discouraged in modern guidance and may be disabled by providers.
-- Use exact redirect_uri matching, and keep your allow-list short.
-- For public clients that use refresh tokens, prefer sender-constrained tokens (DPoP/MTLS) or rotation with one-time-use refresh tokens, per modern best practices.
-- When using private_key_jwt, ensure the “aud” (or token_url) and “iss/sub” claims are set per the OP’s rules, and include kid in the JWT header when required so the OP can select the right key.
                                                                                                                
-
-
                                                                                                                Relevant specifications and references
-- OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html
-- OIDC Core (final): https://openid.net/specs/openid-connect-core-1_0-final.html
-- How OIDC works: https://openid.net/developers/how-connect-works/
-- OpenID Connect home: https://openid.net/connect/
-- OIDC Discovery 1.0: https://openid.net/specs/openid-connect-discovery-1_0.html
-- OIDC Dynamic Client Registration 1.0: https://openid.net/specs/openid-connect-registration-1_0.html
-- OIDC Session Management 1.0: https://openid.net/specs/openid-connect-session-1_0.html
-- OIDC RP-Initiated Logout 1.0: https://openid.net/specs/openid-connect-rpinitiated-1_0.html
-- OIDC Back-Channel Logout 1.0: https://openid.net/specs/openid-connect-backchannel-1_0.html
-- OIDC Front-Channel Logout 1.0: https://openid.net/specs/openid-connect-frontchannel-1_0.html
-- Auth0 OIDC overview: https://auth0.com/docs/authenticate/protocols/openid-connect-protocol
-- Spring Authorization Server’s list of OAuth2/OIDC specs: https://github.com/spring-projects/spring-authorization-server/wiki/OAuth2-and-OIDC-Specifications
                                                                                                                
-
-
                                                                                                                See also
-- README sections on OAuth 2.1 notes and OIDC notes
-- Strategy classes under lib/oauth2/strategy for flow helpers
-- Specs under spec/oauth2 for concrete usage patterns
                                                                                                                
-
-
                                                                                                                Contributions welcome
-- If you discover provider-specific nuances, consider contributing examples or clarifications (without embedding provider-specific hacks into the library).
                                                                                                                
+
                                                                                                                Notes on discovery and registration
                                                                                                                
+
+
                                                                                                                  
+  
                                                                                                                • Discovery: Most OPs publish configuration at {issuer}/.well-known/openid-configuration (OIDC Discovery 1.0). From there, resolve authorization_endpoint, token_endpoint, jwks_uri, userinfo_endpoint, etc.
                                                                                                                  • 
+  
                                                                                                                • Dynamic Client Registration: Some OPs allow registering clients programmatically (OIDC Dynamic Client Registration 1.0). This gem does not implement registration; use a plain HTTP client or Faraday and store credentials securely.
                                                                                                                  • 
+
                                                                                                                
+
+
                                                                                                                Common pitfalls and tips
                                                                                                                
+
+
                                                                                                                  
+  
                                                                                                                • Always request the openid scope when you expect an ID Token. Without it, the OP may behave as vanilla OAuth 2.0.
                                                                                                                  • 
+  
                                                                                                                • Validate ID Token signature and claims before trusting any identity data. Do not rely solely on the presence of an id_token field.
                                                                                                                  • 
+  
                                                                                                                • Prefer Authorization Code + PKCE. Avoid Implicit; it is discouraged in modern guidance and may be disabled by providers.
                                                                                                                  • 
+  
                                                                                                                • Use exact redirect_uri matching, and keep your allow-list short.
                                                                                                                  • 
+  
                                                                                                                • For public clients that use refresh tokens, prefer sender-constrained tokens (DPoP/MTLS) or rotation with one-time-use refresh tokens, per modern best practices.
                                                                                                                  • 
+  
                                                                                                                • When using private_key_jwt, ensure the “aud” (or token_url) and “iss/sub” claims are set per the OP’s rules, and include kid in the JWT header when required so the OP can select the right key.
                                                                                                                  • 
+
                                                                                                                
+
+
                                                                                                                Relevant specifications and references
                                                                                                                
+
+
                                                                                                                  
+  
                                                                                                                • OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html
                                                                                                                  • 
+  
                                                                                                                • OIDC Core (final): https://openid.net/specs/openid-connect-core-1_0-final.html
                                                                                                                  • 
+  
                                                                                                                • How OIDC works: https://openid.net/developers/how-connect-works/
                                                                                                                  • 
+  
                                                                                                                • OpenID Connect home: https://openid.net/connect/
                                                                                                                  • 
+  
                                                                                                                • OIDC Discovery 1.0: https://openid.net/specs/openid-connect-discovery-1_0.html
                                                                                                                  • 
+  
                                                                                                                • OIDC Dynamic Client Registration 1.0: https://openid.net/specs/openid-connect-registration-1_0.html
                                                                                                                  • 
+  
                                                                                                                • OIDC Session Management 1.0: https://openid.net/specs/openid-connect-session-1_0.html
                                                                                                                  • 
+  
                                                                                                                • OIDC RP-Initiated Logout 1.0: https://openid.net/specs/openid-connect-rpinitiated-1_0.html
                                                                                                                  • 
+  
                                                                                                                • OIDC Back-Channel Logout 1.0: https://openid.net/specs/openid-connect-backchannel-1_0.html
                                                                                                                  • 
+  
                                                                                                                • OIDC Front-Channel Logout 1.0: https://openid.net/specs/openid-connect-frontchannel-1_0.html
                                                                                                                  • 
+  
                                                                                                                • Auth0 OIDC overview: https://auth0.com/docs/authenticate/protocols/openid-connect-protocol
                                                                                                                  • 
+  
                                                                                                                • Spring Authorization Server’s list of OAuth2/OIDC specs: https://github.com/spring-projects/spring-authorization-server/wiki/OAuth2-and-OIDC-Specifications
                                                                                                                  • 
+
                                                                                                                
+
+
                                                                                                                See also
                                                                                                                
+
+
                                                                                                                  
+  
                                                                                                                • README sections on OAuth 2.1 notes and OIDC notes
                                                                                                                  • 
+  
                                                                                                                • Strategy classes under lib/oauth2/strategy for flow helpers
                                                                                                                  • 
+  
                                                                                                                • Specs under spec/oauth2 for concrete usage patterns
                                                                                                                  • 
+
                                                                                                                
+
+
                                                                                                                Contributions welcome
                                                                                                                
+
+
                                                                                                                  
+  
                                                                                                                • If you discover provider-specific nuances, consider contributing examples or clarifications (without embedding provider-specific hacks into the library).
                                                                                                                  • 
+
                                                                                                                
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 3d63387d..f103d44c 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -103,7 +103,7 @@ 
                                                                                                                🔐 OAuth 2.0 Authorization Framework
 
 
                                                                                                                ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
                                                                                                                
 
-
                                                                                                                Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers CodeCov Test Coverage Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL Apache SkyWalking Eyes License Compatibility Check
                                                                                                                
+
                                                                                                                Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers CodeCov Test Coverage Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL Apache SkyWalking Eyes License Compatibility Check
                                                                                                                
 
 
                                                                                                                if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
                                                                                                                
 
@@ -274,7 +274,7 @@ 
                                                                                                                💡 Info you can shake a stick at
                                                                                                                
     
            
       Works with Truffle Ruby
       
-Truffle Ruby 22.3 Compat Truffle Ruby 23.0 Compat 
             Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat
+Truffle Ruby 22.3 Compat Truffle Ruby 23.0 Compat Truffle Ruby 23.1 Compat 
             Truffle Ruby 24.1 Compat
             		
     
            
     
            
 
 
 
 
       
 
 
       
 
 
       
     
            
       Works with Truffle Ruby
       
-Truffle Ruby 22.3 Compat Truffle Ruby 23.0 Compat 
             Truffle Ruby 23.1 Compat Truffle Ruby 24.1 Compat
+Truffle Ruby 22.3 Compat Truffle Ruby 23.0 Compat Truffle Ruby 23.1 Compat 
             Truffle Ruby 24.1 Compat
             		
     
            
     
            
 
 
 
 
       
            
@@ -751,15 +751,15 @@ 
            Serialization Extensions
            
 Expand the examples below, or the ruby-oauth/snaky_hash gem,
 or response_spec.rb, for more ideas, especially if you need to study the hacks for older Rubies.
            
 
-
            <details markdown=”1>
            
-See Examples
+
            
+  See Examples
 
-
            ```ruby
+  
            ```ruby
 class MySnakyHash < SnakyHash::StringKeyed
   # Give this hash class dump and load abilities!
   extend SnakyHash::Serializer
            
 
-
            #### Serialization Extentions
+  
            #### Serialization Extentions
   #
   # Act on the non-hash values (including the values of hashes) as they are dumped to JSON
   # In other words, this retains nested hashes, and only the deepest leaf nodes become bananas.
@@ -768,14 +768,14 @@ 
            Serialization Extensions
            
     “banana” # => Make values “banana” on dump
   end
            
 
-
            # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
+  
            # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
   # In other words, this retains nested hashes, and only the deepest leaf nodes become .
   # WARNING: This is a silly example!
   load_value_extensions.add(:to_stars) do |value|
     “” # Turn dumped bananas into *** when they are loaded
   end
            
 
-
            # Act on the entire hash as it is prepared for dumping to JSON
+  
            # Act on the entire hash as it is prepared for dumping to JSON
   # WARNING: This is a silly example!
   dump_hash_extensions.add(:to_cheese) do |value|
     if value.is_a?(Hash)
@@ -789,7 +789,7 @@ 
            Serialization Extensions
            
     end
   end
            
 
-
            # Act on the entire hash as it is loaded from the JSON dump
+  
            # Act on the entire hash as it is loaded from the JSON dump
   # WARNING: This is a silly example!
   load_hash_extensions.add(:to_pizza) do |value|
     if value.is_a?(Hash)
@@ -808,7 +808,7 @@ 
            Serialization Extensions
            
 end
 ```
            
 
-
            </details>
            
+
            
 
 
            Prefer camelCase over snake_case? => snaky: false
            
 
@@ -1677,7 +1677,7 @@ 
            Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 99b4a4b1..a05b5068 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -160,7 +160,7 @@ 
            Benefits of rubocop_gradual
            
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index b1a7d6ea..39842b81 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -93,7 +93,7 @@ 
            Additional Support
            
 
 
       
diff --git a/docs/file.THREAT_MODEL.html b/docs/file.THREAT_MODEL.html
index d9568287..71e52de8 100644
--- a/docs/file.THREAT_MODEL.html
+++ b/docs/file.THREAT_MODEL.html
@@ -206,7 +206,7 @@ 
            8. References
            
 
 
       
diff --git a/docs/index.html b/docs/index.html
index 95578274..57948e36 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -153,15 +153,15 @@ 
            Quick Examples
            
 
 
 
-
            <details markdown=”1>
            
-Complete E2E single file script against mock-oauth2-server
+
            
+  Complete E2E single file script against mock-oauth2-server
 
-
              
-  
            • E2E example uses navikt/mock-oauth2-server, which was added in v2.0.11
              • 
-  
            • E2E example does not ship with the released gem, so clone the source to play with it.
              • 
-
            
+  
              
+    
            • E2E example uses navikt/mock-oauth2-server, which was added in v2.0.11
              • 
+    
            • E2E example does not ship with the released gem, so clone the source to play with it.
              • 
+  
            
 
-
            console
+  
            console
 docker compose -f docker-compose-ssl.yml up -d --wait
 ruby examples/e2e.rb
 # If your machine is slow or Docker pulls are cold, increase the wait:
@@ -169,9 +169,9 @@ 
            Quick Examples
            
 # The mock server serves HTTP on 8080; the example points to http://localhost:8080 by default.
 
            
 
-
            The output should be something like this:
            
+  
            The output should be something like this:
            
 
-
            console
+  
            console
 ➜  ruby examples/e2e.rb
 Access token (truncated): eyJraWQiOiJkZWZhdWx0...
 userinfo status: 200
@@ -179,69 +179,69 @@ 
            Quick Examples
            
 E2E complete
 
            
 
-
            Make sure to shut down the mock server when you are done:
            
+  
            Make sure to shut down the mock server when you are done:
            
 
-
            console
+  
            console
 docker compose -f docker-compose-ssl.yml down
 
            
 
-
            Troubleshooting: validate connectivity to the mock server
            
+  
            Troubleshooting: validate connectivity to the mock server
            
 
-
              
-  
            • Check container status and port mapping:
-    
                
-      
              • docker compose -f docker-compose-ssl.yml ps
                • 
-    
              
-  
              • 
-  
            • From the host, try the discovery URL directly (this is what the example uses by default):
-    
                
-      
              • curl -v http://localhost:8080/default/.well-known/openid-configuration
                • 
-      
              • If that fails immediately, also try: curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration
+  
                  
+    
                • Check container status and port mapping:
+      
                    
+        
                  • docker compose -f docker-compose-ssl.yml ps
                    • 
+      
                  
+    
                  • 
+    
                • From the host, try the discovery URL directly (this is what the example uses by default):
+      
                    
+        
                  • curl -v http://localhost:8080/default/.well-known/openid-configuration
                    • 
+        
                  • If that fails immediately, also try: curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration
 
                    • 
-    
                  
-  
                  • 
-  
                • From inside the container (to distinguish container vs. host networking):
-    
                    
-      
                  • docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration
                    • 
-    
                  
-  
                  • 
-  
                • Simple TCP probe from the host:
-    
                    
-      
                  • nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'
                    • 
-    
                  
-  
                  • 
-  
                • Inspect which host port 8080 is bound to (should be 8080):
-    
                    
-      
                  • docker inspect -f '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' oauth2-mock-oauth2-server-1
                    • 
-    
                  
-  
                  • 
-  
                • Look at server logs for readiness/errors:
-    
                    
-      
                  • docker logs -n 200 oauth2-mock-oauth2-server-1
                    • 
-    
                  
-  
                  • 
-  
                • On Linux, ensure nothing else is bound to 8080 and that firewall/SELinux aren’t blocking:
-    
                    
-      
                  • ss -ltnp | grep :8080
                    • 
-    
                  
-  
                  • 
-
                
+      
              
+    
              • 
+    
            • From inside the container (to distinguish container vs. host networking):
+      
                
+        
              • docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration
                • 
+      
              
+    
              • 
+    
            • Simple TCP probe from the host:
+      
                
+        
              • nc -vz localhost 8080  # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'
                • 
+      
              
+    
              • 
+    
            • Inspect which host port 8080 is bound to (should be 8080):
+      
                
+        
              • docker inspect -f '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' oauth2-mock-oauth2-server-1
                • 
+      
              
+    
              • 
+    
            • Look at server logs for readiness/errors:
+      
                
+        
              • docker logs -n 200 oauth2-mock-oauth2-server-1
                • 
+      
              
+    
              • 
+    
            • On Linux, ensure nothing else is bound to 8080 and that firewall/SELinux aren’t blocking:
+      
                
+        
              • ss -ltnp | grep :8080
                • 
+      
              
+    
              • 
+  
            
 
-
            Notes
            
+  
            Notes
            
 
-
              
-  
            • Discovery URL pattern is: http://localhost:8080/<realm>/.well-known/openid-configuration, where <realm> defaults to default.
              • 
-  
            • You can change these with env vars when running the example:
-    
                
-      
              • 
+  
                  
+    
                • Discovery URL pattern is: http://localhost:8080/<realm>/.well-known/openid-configuration, where <realm> defaults to default.
                  • 
+    
                • You can change these with env vars when running the example:
+      
                    
+        
                  • 
 E2E_ISSUER_BASE (default: http://localhost:8080)
                    • 
-      
                  • 
+        
                  • 
 E2E_REALM (default: default)
                    • 
-    
                  
-  
                  • 
-
                
+      
              
+    
              • 
+  
            
 
-
            </details>
            
+
            
 
 
            If it seems like you are in the wrong place, you might try one of these:
            
 
@@ -550,34 +550,34 @@ 
            Compatibility
            
 This gem will install on Ruby versions >= v2.2 for 2.x releases.
 See 1-4-stable branch for older rubies.
            
 
-
            <details markdown=”1>
            
-Ruby Engine Compatibility Policy
+
            
+  Ruby Engine Compatibility Policy
 
-
            This gem is tested against MRI, JRuby, and Truffleruby.
+  
            This gem is tested against MRI, JRuby, and Truffleruby.
 Each of those has varying versions that target a specific version of MRI Ruby.
 This gem should work in the just-listed Ruby engines according to the targeted MRI compatibility in the table below.
 If you would like to add support for additional engines,
 see gemfiles/README.md, then submit a PR to the correct maintenance branch as according to the table below.
            
 
-
            </details>
            
+
            
 
-
            <details markdown=”1>
            
-Ruby Version Compatibility Policy
+
            
+  Ruby Version Compatibility Policy
 
-
            If something doesn’t work on one of these interpreters, it’s a bug.
            
+  
            If something doesn’t work on one of these interpreters, it’s a bug.
            
 
-
            This library may inadvertently work (or seem to work) on other Ruby
+  
            This library may inadvertently work (or seem to work) on other Ruby
 implementations; however, support will only be provided for the versions listed
 above.
            
 
-
            If you would like this library to support another Ruby version, you may
+  
            If you would like this library to support another Ruby version, you may
 volunteer to be a maintainer. Being a maintainer entails making sure all tests
 run and pass on that implementation. When something breaks on your
 implementation, you will be responsible for providing patches in a timely
 fashion. If critical issues for a particular implementation exist at the time
 of a major release, support for that Ruby version may be dropped.
            
 
-
            </details>
            
+
            
 
 
            
   
            
@@ -751,15 +751,15 @@ 
            Serialization Extensions
            
 Expand the examples below, or the ruby-oauth/snaky_hash gem,
 or response_spec.rb, for more ideas, especially if you need to study the hacks for older Rubies.
            
 
-
            <details markdown=”1>
            
-See Examples
+
            
+  See Examples
 
-
            ```ruby
+  
            ```ruby
 class MySnakyHash < SnakyHash::StringKeyed
   # Give this hash class dump and load abilities!
   extend SnakyHash::Serializer
            
 
-
            #### Serialization Extentions
+  
            #### Serialization Extentions
   #
   # Act on the non-hash values (including the values of hashes) as they are dumped to JSON
   # In other words, this retains nested hashes, and only the deepest leaf nodes become bananas.
@@ -768,14 +768,14 @@ 
            Serialization Extensions
            
     “banana” # => Make values “banana” on dump
   end
            
 
-
            # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
+  
            # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
   # In other words, this retains nested hashes, and only the deepest leaf nodes become .
   # WARNING: This is a silly example!
   load_value_extensions.add(:to_stars) do |value|
     “” # Turn dumped bananas into *** when they are loaded
   end
            
 
-
            # Act on the entire hash as it is prepared for dumping to JSON
+  
            # Act on the entire hash as it is prepared for dumping to JSON
   # WARNING: This is a silly example!
   dump_hash_extensions.add(:to_cheese) do |value|
     if value.is_a?(Hash)
@@ -789,7 +789,7 @@ 
            Serialization Extensions
            
     end
   end
            
 
-
            # Act on the entire hash as it is loaded from the JSON dump
+  
            # Act on the entire hash as it is loaded from the JSON dump
   # WARNING: This is a silly example!
   load_hash_extensions.add(:to_pizza) do |value|
     if value.is_a?(Hash)
@@ -808,7 +808,7 @@ 
            Serialization Extensions
            
 end
 ```
            
 
-
            </details>
            
+
            
 
 
            Prefer camelCase over snake_case? => snaky: false
            
 
@@ -1677,7 +1677,7 @@ 
            Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index ba975a96..6dacf828 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
            Defined Under Namespace
            
 
 
       

From 2095732d7cd4eeb80fe74c89e2a2d012517e40d6 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 8 Nov 2025 00:28:23 -0700
Subject: [PATCH 640/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20yard-fence=20v0.7.?=
 =?UTF-8?q?0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Gemfile.lock                                  |   2 +-
 README.md                                     |   2 +-
 docs/OAuth2.html                              |   6 +-
 docs/OAuth2/AccessToken.html                  |  52 +-
 docs/OAuth2/Authenticator.html                |   6 +-
 docs/OAuth2/Client.html                       |  50 +-
 docs/OAuth2/Error.html                        |   4 +-
 docs/OAuth2/FilteredAttributes.html           |   8 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |  12 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |  60 +-
 docs/OAuth2/Strategy/AuthCode.html            |  22 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |  14 +-
 docs/OAuth2/Strategy/Password.html            |  14 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              |   2 +-
 docs/file.CHANGELOG.html                      | 118 +--
 docs/file.CODE_OF_CONDUCT.html                | 108 +--
 docs/file.CONTRIBUTING.html                   | 130 +--
 docs/file.FUNDING.html                        |  14 +-
 docs/file.IRP.html                            |  34 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           | 105 ++-
 docs/file.README.html                         | 769 +++++++++---------
 docs/file.RUBOCOP.html                        |  21 +-
 docs/file.SECURITY.html                       |  10 +-
 docs/file.THREAT_MODEL.html                   |  32 +-
 docs/index.html                               | 769 +++++++++---------
 docs/top-level-namespace.html                 |   2 +-
 32 files changed, 1161 insertions(+), 1217 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 8c4b1f4b..4b8b7ebe 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -311,7 +311,7 @@ GEM
     uri (1.1.1)
     version_gem (1.1.9)
     yard (0.9.37)
-    yard-fence (0.5.0)
+    yard-fence (0.7.0)
       rdoc (~> 6.11)
       version_gem (~> 1.1, >= 1.1.9)
       yard (~> 0.9, >= 0.9.37)
diff --git a/README.md b/README.md
index 65e7d6bc..75c72dda 100644
--- a/README.md
+++ b/README.md
@@ -471,7 +471,7 @@ Expand the examples below, or the [ruby-oauth/snaky_hash](https://gitlab.com/rub
 or [response_spec.rb](https://github.com/ruby-oauth/oauth2/blob/main/spec/oauth2/response_spec.rb), for more ideas, especially if you need to study the hacks for older Rubies.
 
 
            
-See Examples
+  See Examples
 
 ```ruby
 class MySnakyHash < SnakyHash::StringKeyed
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 8f5751f6..a55e82e2 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -119,8 +119,8 @@ 
            
         
            OAUTH_DEBUG =
           
            
   
            
-    
            When true, enables verbose HTTP logging via Faraday’s logger middleware.
-Controlled by the OAUTH_DEBUG environment variable. Any case-insensitive
+    
            When true, enables verbose HTTP logging via Faraday’s logger middleware.
            
+Controlled by the OAUTH_DEBUG environment variable. Any case-insensitive
            
 value equal to “true” will enable debugging.
            
 
 
@@ -415,7 +415,7 @@ 
            
 
            
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 1db81ede..70a207ea 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -826,13 +826,13 @@ 
            
 
   
            
     Note:
-    
            If no token is provided, the AccessToken will be considered invalid.
-This is to prevent the possibility of a token being accidentally
-created with no token value.
-If you want to create an AccessToken with no token value,
-you can pass in an empty string or nil for the token value.
-If you want to create an AccessToken with no token value and
-no refresh token, you can pass in an empty string or nil for the
+    
            If no token is provided, the AccessToken will be considered invalid.
            
+This is to prevent the possibility of a token being accidentally
            
+created with no token value.
            
+If you want to create an AccessToken with no token value,
            
+you can pass in an empty string or nil for the token value.
            
+If you want to create an AccessToken with no token value and
            
+no refresh token, you can pass in an empty string or nil for the
            
 token value and nil for the refresh token, and raise_errors: false.
            
 
            
   
            
@@ -987,9 +987,9 @@ 
            Verb-dependent Hash mode
            
             
           
           
-            — 
            the transmission mode of the Access Token parameter value:
-either one of :header, :body or :query; or a Hash with verb symbols as keys mapping to one of these symbols
-(e.g., {get: :query, post: :header, delete: :header}); or a callable that accepts a request-verb parameter
+            — 
            the transmission mode of the Access Token parameter value:
            
+either one of :header, :body or :query; or a Hash with verb symbols as keys mapping to one of these symbols
            
+(e.g., {get: :query, post: :header, delete: :header}); or a callable that accepts a request-verb parameter
            
 and returns one of these three symbols.
            
 
            
           
@@ -1020,7 +1020,7 @@ 
            Verb-dependent Hash mode
            
             
           
           
-            — 
            the parameter name to use for transmission of the
+            — 
            the parameter name to use for transmission of the
            
 Access Token value in :body or :query transmission mode
            
 
            
           
@@ -1036,7 +1036,7 @@ 
            Verb-dependent Hash mode
            
             
           
           
-            — 
            the name of the response parameter that identifies the access token
+            — 
            the name of the response parameter that identifies the access token
            
 When nil one of TOKEN_KEY_LOOKUP will be used
            
 
            
           
@@ -1533,21 +1533,21 @@ 
            
     
   
            
     Note:
-    
            The method will use the first found token key in the following order:
+    
            The method will use the first found token key in the following order:
            
 ‘access_token’, ‘id_token’, ‘token’ (or their symbolic versions)
            
 
            
   
            
 
   
            
     Note:
-    
            If multiple token keys are present, a warning will be issued unless
+    
            If multiple token keys are present, a warning will be issued unless
            
 OAuth2.config.silence_extra_tokens_warning is true
            
 
            
   
            
 
   
            
     Note:
-    
            If no token keys are present, a warning will be issued unless
+    
            If no token keys are present, a warning will be issued unless
            
 OAuth2.config.silence_no_tokens_warning is true
            
 
            
   
            
@@ -2746,28 +2746,28 @@ 
            
     
   
            
     Note:
-    
            If the token passed to the request
-is an access token, the server MAY revoke the respective refresh
+    
            If the token passed to the request
            
+is an access token, the server MAY revoke the respective refresh
            
 token as well.
            
 
            
   
            
 
   
            
     Note:
-    
            If the token passed to the request
-is a refresh token and the authorization server supports the
-revocation of access tokens, then the authorization server SHOULD
-also invalidate all access tokens based on the same authorization
+    
            If the token passed to the request
            
+is a refresh token and the authorization server supports the
            
+revocation of access tokens, then the authorization server SHOULD
            
+also invalidate all access tokens based on the same authorization
            
 grant
            
 
            
   
            
 
   
            
     Note:
-    
            If the server responds with HTTP status code 503, your code must
-assume the token still exists and may retry after a reasonable delay.
-The server may include a “Retry-After” header in the response to
-indicate how long the service is expected to be unavailable to the
+    
            If the server responds with HTTP status code 503, your code must
            
+assume the token still exists and may retry after a reasonable delay.
            
+The server may include a “Retry-After” header in the response to
            
+indicate how long the service is expected to be unavailable to the
            
 requesting client.
            
 
            
   
            
@@ -3083,7 +3083,7 @@ 
            
 
            
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index d1a2fe57..18d54f5b 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -108,7 +108,7 @@ 
            Overview
            
   
            
     
            Builds and applies client authentication to token and revoke requests.
            
 
-
            Depending on the selected mode, credentials are applied as Basic Auth
+
            Depending on the selected mode, credentials are applied as Basic Auth
            
 headers, request body parameters, or only the client_id is sent (TLS).
            
 
 
@@ -788,7 +788,7 @@ 
            
   
            
     
            Apply the request credentials used to authenticate to the Authorization Server
            
 
-
            Depending on the configuration, this might be as request params or as an
+
            Depending on the configuration, this might be as request params or as an
            
 Authorization header.
            
 
 
            User-provided params and header take precedence.
            
@@ -883,7 +883,7 @@ 
            
 
            
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 62bc3d6f..f46b4be7 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -1243,7 +1243,7 @@ 
            
   
            
     
            The Assertion strategy
            
 
-
            This allows for assertion-based authentication where an identity provider
+
            This allows for assertion-based authentication where an identity provider
            
 asserts the identity of the user or client application seeking access.
            
 
 
@@ -1487,7 +1487,7 @@ 
            
     
   
            
     Note:
-    
            The extract_access_token parameter is deprecated and will be removed in oauth2 v3.
+    
            The extract_access_token parameter is deprecated and will be removed in oauth2 v3.
            
 Use access_token_class on initialization instead.
            
 
            
   
            
@@ -1523,10 +1523,12 @@ 
            Examples:
            
       
       
         —
-        
            a Hash of params for the token endpoint
-* params can include a ‘headers’ key with a Hash of request headers
-* params can include a ‘parse’ key with the Symbol name of response parsing strategy (default: :automatic)
-* params can include a ‘snaky’ key to control snake_case conversion (default: false)
            
+        
            a Hash of params for the token endpoint
            
+
              
+  
            • params can include a ‘headers’ key with a Hash of request headers
              • 
+  
            • params can include a ‘parse’ key with the Symbol name of response parsing strategy (default: :automatic)
              • 
+  
            • params can include a ‘snaky’ key to control snake_case conversion (default: false)
              • 
+
            
 
            
       
     
@@ -1614,7 +1616,7 @@ 
            Examples:
            
       
       
         —
-        
            the initialized AccessToken instance, or nil if token extraction fails
+        
            the initialized AccessToken instance, or nil if token extraction fails
            
 and raise_errors is false
            
 
            
       
@@ -1837,14 +1839,14 @@ 
            
   
            
     
            The redirect_uri parameters, if configured
            
 
-
            The redirect_uri query parameter is OPTIONAL (though encouraged) when
-requesting authorization. If it is provided at authorization time it MUST
+
            The redirect_uri query parameter is OPTIONAL (though encouraged) when
            
+requesting authorization. If it is provided at authorization time it MUST
            
 also be provided with the token exchange request.
            
 
-
            OAuth 2.1 note: Authorization Servers must compare redirect URIs using exact string matching.
+
            OAuth 2.1 note: Authorization Servers must compare redirect URIs using exact string matching.
            
 This client simply forwards the configured redirect_uri; the exact-match validation happens server-side.
            
 
-
            Providing :redirect_uri to the OAuth2::Client instantiation will take
+
            Providing :redirect_uri to the OAuth2::Client instantiation will take
            
 care of managing this.
            
 
 
@@ -1927,7 +1929,7 @@ 
            
   
            
     
            Makes a request relative to the specified site root.
            
 
-
            Updated HTTP 1.1 specification (IETF RFC 7231) relaxed the original constraint (IETF RFC 2616),
+
            Updated HTTP 1.1 specification (IETF RFC 7231) relaxed the original constraint (IETF RFC 2616),
            
   allowing the use of relative URLs in Location headers.
            
 
 
@@ -2039,7 +2041,7 @@ 
            
             
           
           
-            — 
            whether to raise an OAuth2::Error on 400+ status
+            — 
            whether to raise an OAuth2::Error on 400+ status
            
 code response for this request.  Overrides the client instance setting.
            
 
            
           
@@ -2241,28 +2243,28 @@ 
            
     
   
            
     Note:
-    
            If the token passed to the request
-is an access token, the server MAY revoke the respective refresh
+    
            If the token passed to the request
            
+is an access token, the server MAY revoke the respective refresh
            
 token as well.
            
 
            
   
            
 
   
            
     Note:
-    
            If the token passed to the request
-is a refresh token and the authorization server supports the
-revocation of access tokens, then the authorization server SHOULD
-also invalidate all access tokens based on the same authorization
+    
            If the token passed to the request
            
+is a refresh token and the authorization server supports the
            
+revocation of access tokens, then the authorization server SHOULD
            
+also invalidate all access tokens based on the same authorization
            
 grant
            
 
            
   
            
 
   
            
     Note:
-    
            If the server responds with HTTP status code 503, your code must
-assume the token still exists and may retry after a reasonable delay.
-The server may include a “Retry-After” header in the response to
-indicate how long the service is expected to be unavailable to the
+    
            If the server responds with HTTP status code 503, your code must
            
+assume the token still exists and may retry after a reasonable delay.
            
+The server may include a “Retry-After” header in the response to
            
+indicate how long the service is expected to be unavailable to the
            
 requesting client.
            
 
            
   
            
@@ -2654,7 +2656,7 @@ 
            
 
            
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 68262584..6892113d 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -105,7 +105,7 @@ 
            Overview
            
   
            
     
            Represents an OAuth2 error condition.
            
 
-
            Wraps details from an OAuth2::Response or Hash payload returned by an
+
            Wraps details from an OAuth2::Response or Hash payload returned by an
            
 authorization server, exposing error code and description per RFC 6749.
            
 
 
@@ -772,7 +772,7 @@ 
            
 
            
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 13010514..e5ea7de7 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -92,8 +92,8 @@ 
            Overview
            
   
            
     
            Mixin that redacts sensitive instance variables in #inspect output.
            
 
-
            Classes include this module and declare which attributes should be filtered
-using filtered_attributes. Any instance variable name that includes one of
+
            Classes include this module and declare which attributes should be filtered
            
+using filtered_attributes. Any instance variable name that includes one of
            
 those attribute names will be shown as [FILTERED] in the object’s inspect.
            
 
 
@@ -202,7 +202,7 @@ 
            
   
 
            
   
            
-    
            This method returns an undefined value.
            Hook invoked when the module is included. Extends the including class with
+    
            This method returns an undefined value.
            Hook invoked when the module is included. Extends the including class with
            
 class-level helpers.
            
 
 
@@ -335,7 +335,7 @@ 
            
 
            
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 2f746c4c..4d6ef536 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
            
 
            
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 79f4fe2f..a8bd2548 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -101,7 +101,7 @@
 
 
            Overview
            
   
            
-    
            The Response class handles HTTP responses in the OAuth2 gem, providing methods
+    
            The Response class handles HTTP responses in the OAuth2 gem, providing methods
            
 to access and parse response data in various formats.
            
 
 
@@ -1430,22 +1430,22 @@ 
            
     
   
            
     Note:
-    
            The parser can be supplied as the +:parse+ option in the form of a Proc
-(or other Object responding to #call) or a Symbol. In the latter case,
+    
            The parser can be supplied as the +:parse+ option in the form of a Proc
            
+(or other Object responding to #call) or a Symbol. In the latter case,
            
 the actual parser will be looked up in @@parsers by the supplied Symbol.
            
 
            
   
            
 
   
            
     Note:
-    
            If no +:parse+ option is supplied, the lookup Symbol will be determined
+    
            If no +:parse+ option is supplied, the lookup Symbol will be determined
            
 by looking up #content_type in @@content_types.
            
 
            
   
            
 
   
            
     Note:
-    
            If #parser is a Proc, it will be called with no arguments, just
+    
            If #parser is a Proc, it will be called with no arguments, just
            
 #body, or #body and #response, depending on the Proc’s arity.
            
 
            
   
            
@@ -1619,7 +1619,7 @@ 
            
 
            
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index ba6f9096..a12ec766 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
            Defined Under Namespace
            
 
            
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 24d17623..11cb1f95 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -105,25 +105,25 @@ 
            Overview
            
   
            
     
            The Client Assertion Strategy
            
 
-
            Sample usage:
-  client = OAuth2::Client.new(client_id, client_secret,
-                              :site => ‘http://localhost:8080’,
+
            Sample usage:
            
+  client = OAuth2::Client.new(client_id, client_secret,
            
+                              :site => ‘http://localhost:8080’,
            
                               :auth_scheme => :request_body)
            
 
-
            claim_set = {
-    :iss => “http://localhost:3001”,
-    :aud => “http://localhost:8080/oauth2/token”,
-    :sub => “me@example.com”,
-    :exp => Time.now.utc.to_i + 3600,
+
            claim_set = {
            
+    :iss => “http://localhost:3001”,
            
+    :aud => “http://localhost:8080/oauth2/token”,
            
+    :sub => “me@example.com”,
            
+    :exp => Time.now.utc.to_i + 3600,
            
   }
            
 
-
            encoding = {
-    :algorithm => ‘HS256’,
-    :key => ‘secret_key’,
+
            encoding = {
            
+    :algorithm => ‘HS256’,
            
+    :key => ‘secret_key’,
            
   }
            
 
-
            access = client.assertion.get_token(claim_set, encoding)
-  access.token                 # actual access_token string
+
            access = client.assertion.get_token(claim_set, encoding)
            
+  access.token                 # actual access_token string
            
   access.get(“/api/stuff”)     # making api calls with access token in header
            
 
 
@@ -292,28 +292,28 @@ 
            
   
            
     
            Retrieve an access token given the specified client.
            
 
-
            For reading on JWT and claim keys:
-  @see https://github.com/jwt/ruby-jwt
-  @see https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
-  @see https://datatracker.ietf.org/doc/html/rfc7523#section-3
+
            For reading on JWT and claim keys:
            
+  @see https://github.com/jwt/ruby-jwt
            
+  @see https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
            
+  @see https://datatracker.ietf.org/doc/html/rfc7523#section-3
            
   @see https://www.iana.org/assignments/jwt/jwt.xhtml
            
 
-
            There are many possible claim keys, and applications may ask for their own custom keys.
-Some typically required ones:
-  :iss (issuer)
-  :aud (audience)
-  :sub (subject) – formerly :prn https://datatracker.ietf.org/doc/html/draft-ietf-oauth-json-web-token-06#appendix-F
+
            There are many possible claim keys, and applications may ask for their own custom keys.
            
+Some typically required ones:
            
+  :iss (issuer)
            
+  :aud (audience)
            
+  :sub (subject) – formerly :prn https://datatracker.ietf.org/doc/html/draft-ietf-oauth-json-web-token-06#appendix-F
            
   :exp, (expiration time) – in seconds, e.g. Time.now.utc.to_i + 3600
            
 
-
            Note that this method does not validate presence of those four claim keys indicated as required by RFC 7523.
+
            Note that this method does not validate presence of those four claim keys indicated as required by RFC 7523.
            
 There are endpoints that may not conform with this RFC, and this gem should still work for those use cases.
            
 
-
            These two options are passed directly to JWT.encode.  For supported encoding arguments:
-  @see https://github.com/jwt/ruby-jwt#algorithms-and-usage
+
            These two options are passed directly to JWT.encode.  For supported encoding arguments:
            
+  @see https://github.com/jwt/ruby-jwt#algorithms-and-usage
            
   @see https://datatracker.ietf.org/doc/html/rfc7518#section-3.1
            
 
-
            The object type of :key may depend on the value of :algorithm.  Sample arguments:
-  get_token(claim_set, {:algorithm => 'HS256', :key => 'secret_key'})
+
            The object type of :key may depend on the value of :algorithm.  Sample arguments:
            
+  get_token(claim_set, {:algorithm => 'HS256', :key => 'secret_key'})
            
   get_token(claim_set, {:algorithm => 'RS256', :key => OpenSSL::PKCS12.new(File.read('my_key.p12'), 'not_secret')})
            
 
 
@@ -382,7 +382,7 @@ 
            
       
       
         —
-        
            this will be merged with the token response to create the AccessToken object
+        
            this will be merged with the token response to create the AccessToken object
            
 @see the access_token_opts argument to Client#get_token
            
 
            
       
@@ -437,7 +437,7 @@ 
            
             
           
           
-            — 
            the url parameter scope that may be required by some endpoints
+            — 
            the url parameter scope that may be required by some endpoints
            
 @see https://datatracker.ietf.org/doc/html/rfc7521#section-4.1
            
 
            
           
@@ -481,7 +481,7 @@ 
            
 
            
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 90253890..4901a6c1 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -105,15 +105,19 @@ 
            Overview
            
   
            
     
            The Authorization Code Strategy
            
 
-
            OAuth 2.1 notes:
-- PKCE is required for all OAuth clients using the authorization code flow (especially public clients).
-  This library does not enforce PKCE generation/verification; implement PKCE in your application when required.
-- Redirect URIs must be compared using exact string matching by the Authorization Server.
-  This client forwards redirect_uri but does not perform server-side validation.
            
+
            OAuth 2.1 notes:
            
+
              
+  
            • PKCE is required for all OAuth clients using the authorization code flow (especially public clients).
              
+This library does not enforce PKCE generation/verification; implement PKCE in your application when required.
              • 
+  
            • Redirect URIs must be compared using exact string matching by the Authorization Server.
              
+This client forwards redirect_uri but does not perform server-side validation.
              • 
+
            
 
-
            References:
-- OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
-- OAuth for native apps (RFC 8252) and PKCE (RFC 7636)
            
+
            References:
            
+
              
+  
            • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
              • 
+  
            • OAuth for native apps (RFC 8252) and PKCE (RFC 7636)
              • 
+
            
 
 
   
            
@@ -479,7 +483,7 @@ 
            
 
            
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 7ad9e5bb..98b85f29 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
            
 
            
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 1c69124f..57fd20cd 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
            
 
            
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index b03f9047..0fe96e09 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -105,13 +105,15 @@ 
            Overview
            
   
            
     
            The Implicit Strategy
            
 
-
            IMPORTANT (OAuth 2.1): The Implicit grant (response_type=token) is omitted from the OAuth 2.1 draft specification.
+
            IMPORTANT (OAuth 2.1): The Implicit grant (response_type=token) is omitted from the OAuth 2.1 draft specification.
            
 It remains here for backward compatibility with OAuth 2.0 providers. Prefer the Authorization Code flow with PKCE.
            
 
-
            References:
-- OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
-- Why drop implicit: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
-- Background: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
            
+
            References:
            
+
              
+  
            • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
              • 
+  
            • Why drop implicit: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
              • 
+  
            • Background: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
              • 
+
            
 
 
   
            
@@ -418,7 +420,7 @@ 
            
 
            
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 83b4d0be..698b755e 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -105,13 +105,15 @@ 
            Overview
            
   
            
     
            The Resource Owner Password Credentials Authorization Strategy
            
 
-
            IMPORTANT (OAuth 2.1): The Resource Owner Password Credentials grant is omitted in OAuth 2.1.
+
            IMPORTANT (OAuth 2.1): The Resource Owner Password Credentials grant is omitted in OAuth 2.1.
            
 It remains here for backward compatibility with OAuth 2.0 providers. Prefer Authorization Code + PKCE.
            
 
-
            References:
-- OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
-- Okta explainer: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
-- FusionAuth blog: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
            
+
            References:
            
+
              
+  
            • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
              • 
+  
            • Okta explainer: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
              • 
+  
            • FusionAuth blog: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
              • 
+
            
 
 
   
            
@@ -372,7 +374,7 @@ 
            
 
            
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index a997000b..fd949561 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
            
 
            
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 0535ab06..a73441e6 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -315,7 +315,7 @@ 
            Namespace Listing A-Z
            
 
            
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index ce161097..9720289f 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -63,9 +63,9 @@
 
 
            All notable changes to this project will be documented in this file.
            
 
-
            The format is based on Keep a Changelog,
-and this project adheres to Semantic Versioning,
-and yes, platform and engine support are part of the public API.
+
            The format is based on Keep a Changelog,
            
+and this project adheres to Semantic Versioning,
            
+and yes, platform and engine support are part of the public API.
            
 Please file a bug if you notice a violation of semantic versioning.
            
 
 
            Unreleased
            
@@ -106,7 +106,7 @@ 
            Fixed
            
 
 
            Security
            
 
-
            
+
            
 2.0.17 - 2025-09-15
            
 
 
              
@@ -124,7 +124,7 @@ 
              Added
              
 gh!682 - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., {get: :query, post: :header})
 
            
 
-
            
+
            
 2.0.16 - 2025-09-14
            
 
 
              
@@ -166,7 +166,7 @@ 
              Changed
              
 gh!681 - Upgrade to kettle-dev v1.1.19
 
            
 
-
            
+
            
 2.0.15 - 2025-09-08
            
 
 
              
@@ -211,7 +211,7 @@ 
              Fixed
              
   
            • point badge to the correct workflow for Ruby 2.3 (caboose.yml)
              • 
 
            
 
-
            
+
            
 2.0.14 - 2025-08-31
            
 
 
              
@@ -255,7 +255,7 @@ 
              Added
              
 gh!664 - README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
 
            
 
-
            
+
            
 2.0.13 - 2025-08-30
            
 
 
              
@@ -300,7 +300,7 @@ 
              Fixed
              
 
 
              Security
              
 
-
              
+
              
 2.0.12 - 2025-05-31
              
 
 
                
@@ -341,7 +341,7 @@ 
                Fixed
                
   
              • Documentation Typos by @pboling
                • 
 
              
 
-
              
+
              
 2.0.11 - 2025-05-23
              
 
 
                
@@ -402,7 +402,7 @@ 
                Fixed
                
   
              • Incorrect documentation related to silencing warnings (@pboling)
                • 
 
              
 
-
              
+
              
 2.0.10 - 2025-05-17
              
 
 
                
@@ -509,7 +509,7 @@ 
                Fixed
                
 gh!646 - Change require to require_relative (improve performance) (@Aboling0)
 
              
 
-
              
+
              
 2.0.9 - 2022-09-16
              
 
 
                
@@ -530,7 +530,7 @@ 
                Changed
                
   
              • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
                • 
 
              
 
-
              
+
              
 2.0.8 - 2022-09-01
              
 
 
                
@@ -553,7 +553,7 @@ 
                Added
                
 
 
              
 
-
              
+
              
 2.0.7 - 2022-08-22
              
 
 
                
@@ -581,7 +581,7 @@ 
                Fixed
                
 !625 - Fixes the printed version in the post install message (@hasghari)
 
              
 
-
              
+
              
 2.0.6 - 2022-07-13
              
 
 
                
@@ -596,7 +596,7 @@ 
                Fixed
                
 !624 - Fixes a regression in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
 
              
 
-
              
+
              
 2.0.5 - 2022-07-07
              
 
 
                
@@ -626,7 +626,7 @@ 
                Fixed
                
   
 
              
 
-
              
+
              
 2.0.4 - 2022-07-01
              
 
 
                
@@ -641,7 +641,7 @@ 
                Fixed
                
 !618 - In some scenarios the snaky option default value was not applied (@pboling)
 
              
 
-
              
+
              
 2.0.3 - 2022-06-28
              
 
 
                
@@ -667,7 +667,7 @@ 
                Fixed
                
 !615 - Fix support for requests with blocks, see Faraday::Connection#run_request (@pboling)
 
              
 
-
              
+
              
 2.0.2 - 2022-06-24
              
 
 
                
@@ -686,7 +686,7 @@ 
                Fixed
                
 !607 - CHANGELOG correction, reference to OAuth2::ConnectionError (@zavan)
 
              
 
-
              
+
              
 2.0.1 - 2022-06-22
              
 
 
                
@@ -701,7 +701,7 @@ 
                Added
                
   
              • Increased test coverage to 99% (@pboling)
                • 
 
              
 
-
              
+
              
 2.0.0 - 2022-06-21
              
 
 
                
@@ -859,7 +859,7 @@ 
                Removed
                
 !590 - Dependency: Removed multi_json (@stanhu)
 
              
 
-
              
+
              
 1.4.11 - 2022-09-16
              
 
 
                
@@ -869,7 +869,7 @@ 
                
   
              • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
                • 
 
              
 
-
              
+
              
 1.4.10 - 2022-07-01
              
 
 
                
@@ -878,7 +878,7 @@ 
                
   
              • FIPS Compatibility !587 (@akostadinov)
                • 
 
              
 
-
              
+
              
 1.4.9 - 2022-02-20
              
 
 
                
@@ -896,7 +896,7 @@ 
                
   
              • Add Windows and MacOS to test matrix
                • 
 
              
 
-
              
+
              
 1.4.8 - 2022-02-18
              
 
 
                
@@ -913,7 +913,7 @@ 
                
 !543 - Support for more modern Open SSL libraries (@pboling)
 
              
 
-
              
+
              
 1.4.7 - 2021-03-19
              
 
 
                
@@ -923,7 +923,7 @@ 
                
 !541 - Backport fix to expires_at handling !533 to 1-4-stable branch. (@dobon)
 
              
 
-
              
+
              
 1.4.6 - 2021-03-19
              
 
 
                
@@ -937,7 +937,7 @@ 
                
 !538 - Remove reliance on globally included OAuth2 in tests, analogous to !539 on main branch (@anderscarling)
 
              
 
-
              
+
              
 1.4.5 - 2021-03-18
              
 
 
                
@@ -953,7 +953,7 @@ 
                
 !500 - Fix YARD documentation formatting (@olleolleolle)
 
              
 
-
              
+
              
 1.4.4 - 2020-02-12
              
 
 
                
@@ -963,7 +963,7 @@ 
                
 !408 - Fixed expires_at for formatted time (@Lomey)
 
              
 
-
              
+
              
 1.4.3 - 2020-01-29
              
 
 
                
@@ -981,7 +981,7 @@ 
                
 !433 - allow field names with square brackets and numbers in params (@asm256)
 
              
 
-
              
+
              
 1.4.2 - 2019-10-01
              
 
 
                
@@ -995,7 +995,7 @@ 
                
   
 
              
 
-
              
+
              
 1.4.1 - 2018-10-13
              
 
 
                
@@ -1039,7 +1039,7 @@ 
                
   
 
              
 
-
              
+
              
 1.4.0 - 2017-06-09
              
 
 
                
@@ -1053,7 +1053,7 @@ 
                
 Dependency: Upgrade Faraday to 0.12 (@sferik)
 
              
 
-
              
+
              
 1.3.1 - 2017-03-03
              
 
 
                
@@ -1064,7 +1064,7 @@ 
                
 Dependency: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher)
 
              
 
-
              
+
              
 1.3.0 - 2016-12-28
              
 
 
                
@@ -1080,7 +1080,7 @@ 
                
   
              • Add support for Faraday 0.10 (@rhymes)
                • 
 
              
 
-
              
+
              
 1.2.0 - 2016-07-01
              
 
 
                
@@ -1091,7 +1091,7 @@ 
                
   
              • Use raise rather than fail to throw exceptions (@sferik)
                • 
 
              
 
-
              
+
              
 1.1.0 - 2016-01-30
              
 
 
                
@@ -1101,7 +1101,7 @@ 
                
   
              • Add support for Rack 2, and bump various other dependencies (@sferik)
                • 
 
              
 
-
              
+
              
 1.0.0 - 2014-07-09
              
 
 
                
@@ -1121,7 +1121,7 @@ 
                Fixed
                
   
              • Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
                • 
 
              
 
-
              
+
              
 0.5.0 - 2011-07-29
              
 
 
                
@@ -1144,7 +1144,7 @@ 
                Changed
                
 breaking web_server renamed to auth_code.
 
              
 
-
              
+
              
 0.4.1 - 2011-04-20
              
 
 
                
@@ -1152,7 +1152,7 @@ 
                
 
 
              
 
-
              
+
              
 0.4.0 - 2011-04-20
              
 
 
                
@@ -1160,7 +1160,7 @@ 
                
 
 
              
 
-
              
+
              
 0.3.0 - 2011-04-08
              
 
 
                
@@ -1168,7 +1168,7 @@ 
                
 
 
              
 
-
              
+
              
 0.2.0 - 2011-04-01
              
 
 
                
@@ -1176,7 +1176,7 @@ 
                
 
 
              
 
-
              
+
              
 0.1.1 - 2011-01-12
              
 
 
                
@@ -1184,7 +1184,7 @@ 
                
 
 
              
 
-
              
+
              
 0.1.0 - 2010-10-13
              
 
 
                
@@ -1192,7 +1192,7 @@ 
                
 
 
              
 
-
              
+
              
 0.0.13 - 2010-08-17
              
 
 
                
@@ -1200,7 +1200,7 @@ 
                
 
 
              
 
-
              
+
              
 0.0.12 - 2010-08-17
              
 
 
                
@@ -1208,7 +1208,7 @@ 
                
 
 
              
 
-
              
+
              
 0.0.11 - 2010-08-17
              
 
 
                
@@ -1216,7 +1216,7 @@ 
                
 
 
              
 
-
              
+
              
 0.0.10 - 2010-06-19
              
 
 
                
@@ -1224,7 +1224,7 @@ 
                
 
 
              
 
-
              
+
              
 0.0.9 - 2010-06-18
              
 
 
                
@@ -1232,7 +1232,7 @@ 
                
 
 
              
 
-
              
+
              
 0.0.8 - 2010-04-27
              
 
 
                
@@ -1240,7 +1240,7 @@ 
                
 
 
              
 
-
              
+
              
 0.0.7 - 2010-04-27
              
 
 
                
@@ -1248,7 +1248,7 @@ 
                
 
 
              
 
-
              
+
              
 0.0.6 - 2010-04-25
              
 
 
                
@@ -1256,7 +1256,7 @@ 
                
 
 
              
 
-
              
+
              
 0.0.5 - 2010-04-23
              
 
 
                
@@ -1264,7 +1264,7 @@ 
                
 
 
              
 
-
              
+
              
 0.0.4 - 2010-04-22
              
 
 
                
@@ -1272,7 +1272,7 @@ 
                
 
 
              
 
-
              
+
              
 0.0.3 - 2010-04-22
              
 
 
                
@@ -1280,7 +1280,7 @@ 
                
 
 
              
 
-
              
+
              
 0.0.2 - 2010-04-22
              
 
 
                
@@ -1288,7 +1288,7 @@ 
                
 
 
              
 
-
              
+
              
 0.0.1 - 2010-04-22
              
 
 
                
@@ -1299,7 +1299,7 @@ 
                
 
            
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 732d3293..28cfa69c 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -61,137 +61,137 @@
 
 
            Our Pledge
            
 
-
            We as members, contributors, and leaders pledge to make participation in our
-community a harassment-free experience for everyone, regardless of age, body
-size, visible or invisible disability, ethnicity, sex characteristics, gender
-identity and expression, level of experience, education, socio-economic status,
-nationality, personal appearance, race, caste, color, religion, or sexual
+
            We as members, contributors, and leaders pledge to make participation in our
            
+community a harassment-free experience for everyone, regardless of age, body
            
+size, visible or invisible disability, ethnicity, sex characteristics, gender
            
+identity and expression, level of experience, education, socio-economic status,
            
+nationality, personal appearance, race, caste, color, religion, or sexual
            
 identity and orientation.
            
 
-
            We pledge to act and interact in ways that contribute to an open, welcoming,
+
            We pledge to act and interact in ways that contribute to an open, welcoming,
            
 diverse, inclusive, and healthy community.
            
 
 
            Our Standards
            
 
-
            Examples of behavior that contributes to a positive environment for our
+
            Examples of behavior that contributes to a positive environment for our
            
 community include:
            
 
 
              
   
            • Demonstrating empathy and kindness toward other people
              • 
   
            • Being respectful of differing opinions, viewpoints, and experiences
              • 
   
            • Giving and gracefully accepting constructive feedback
              • 
-  
            • Accepting responsibility and apologizing to those affected by our mistakes,
+  
            • Accepting responsibility and apologizing to those affected by our mistakes,
              
 and learning from the experience
              • 
-  
            • Focusing on what is best not just for us as individuals, but for the overall
+  
            • Focusing on what is best not just for us as individuals, but for the overall
              
 community
              • 
 
            
 
 
            Examples of unacceptable behavior include:
            
 
 
              
-  
            • The use of sexualized language or imagery, and sexual attention or advances of
+  
            • The use of sexualized language or imagery, and sexual attention or advances of
              
 any kind
              • 
   
            • Trolling, insulting or derogatory comments, and personal or political attacks
              • 
   
            • Public or private harassment
              • 
-  
            • Publishing others’ private information, such as a physical or email address,
+  
            • Publishing others’ private information, such as a physical or email address,
              
 without their explicit permission
              • 
-  
            • Other conduct which could reasonably be considered inappropriate in a
+  
            • Other conduct which could reasonably be considered inappropriate in a
              
 professional setting
              • 
 
            
 
 
            Enforcement Responsibilities
            
 
-
            Community leaders are responsible for clarifying and enforcing our standards of
-acceptable behavior and will take appropriate and fair corrective action in
-response to any behavior that they deem inappropriate, threatening, offensive,
+
            Community leaders are responsible for clarifying and enforcing our standards of
            
+acceptable behavior and will take appropriate and fair corrective action in
            
+response to any behavior that they deem inappropriate, threatening, offensive,
            
 or harmful.
            
 
-
            Community leaders have the right and responsibility to remove, edit, or reject
-comments, commits, code, wiki edits, issues, and other contributions that are
-not aligned to this Code of Conduct, and will communicate reasons for moderation
+
            Community leaders have the right and responsibility to remove, edit, or reject
            
+comments, commits, code, wiki edits, issues, and other contributions that are
            
+not aligned to this Code of Conduct, and will communicate reasons for moderation
            
 decisions when appropriate.
            
 
 
            Scope
            
 
-
            This Code of Conduct applies within all community spaces, and also applies when
-an individual is officially representing the community in public spaces.
-Examples of representing our community include using an official email address,
-posting via an official social media account, or acting as an appointed
+
            This Code of Conduct applies within all community spaces, and also applies when
            
+an individual is officially representing the community in public spaces.
            
+Examples of representing our community include using an official email address,
            
+posting via an official social media account, or acting as an appointed
            
 representative at an online or offline event.
            
 
 
            Enforcement
            
 
-
            Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported to the community leaders responsible for enforcement at
-Contact Maintainer.
+
            Instances of abusive, harassing, or otherwise unacceptable behavior may be
            
+reported to the community leaders responsible for enforcement at
            
+Contact Maintainer.
            
 All complaints will be reviewed and investigated promptly and fairly.
            
 
-
            All community leaders are obligated to respect the privacy and security of the
+
            All community leaders are obligated to respect the privacy and security of the
            
 reporter of any incident.
            
 
 
            Enforcement Guidelines
            
 
-
            Community leaders will follow these Community Impact Guidelines in determining
+
            Community leaders will follow these Community Impact Guidelines in determining
            
 the consequences for any action they deem in violation of this Code of Conduct:
            
 
-
            1. Correction
            
+
            1. Correction
            
 
-
            Community Impact: Use of inappropriate language or other behavior deemed
+
            Community Impact: Use of inappropriate language or other behavior deemed
            
 unprofessional or unwelcome in the community.
            
 
-
            Consequence: A private, written warning from community leaders, providing
-clarity around the nature of the violation and an explanation of why the
+
            Consequence: A private, written warning from community leaders, providing
            
+clarity around the nature of the violation and an explanation of why the
            
 behavior was inappropriate. A public apology may be requested.
            
 
-
            2. Warning
            
+
            2. Warning
            
 
-
            Community Impact: A violation through a single incident or series of
+
            Community Impact: A violation through a single incident or series of
            
 actions.
            
 
-
            Consequence: A warning with consequences for continued behavior. No
-interaction with the people involved, including unsolicited interaction with
-those enforcing the Code of Conduct, for a specified period of time. This
-includes avoiding interactions in community spaces as well as external channels
-like social media. Violating these terms may lead to a temporary or permanent
+
            Consequence: A warning with consequences for continued behavior. No
            
+interaction with the people involved, including unsolicited interaction with
            
+those enforcing the Code of Conduct, for a specified period of time. This
            
+includes avoiding interactions in community spaces as well as external channels
            
+like social media. Violating these terms may lead to a temporary or permanent
            
 ban.
            
 
-
            3. Temporary Ban
            
+
            3. Temporary Ban
            
 
-
            Community Impact: A serious violation of community standards, including
+
            Community Impact: A serious violation of community standards, including
            
 sustained inappropriate behavior.
            
 
-
            Consequence: A temporary ban from any sort of interaction or public
-communication with the community for a specified period of time. No public or
-private interaction with the people involved, including unsolicited interaction
-with those enforcing the Code of Conduct, is allowed during this period.
+
            Consequence: A temporary ban from any sort of interaction or public
            
+communication with the community for a specified period of time. No public or
            
+private interaction with the people involved, including unsolicited interaction
            
+with those enforcing the Code of Conduct, is allowed during this period.
            
 Violating these terms may lead to a permanent ban.
            
 
-
            4. Permanent Ban
            
+
            4. Permanent Ban
            
 
-
            Community Impact: Demonstrating a pattern of violation of community
-standards, including sustained inappropriate behavior, harassment of an
+
            Community Impact: Demonstrating a pattern of violation of community
            
+standards, including sustained inappropriate behavior, harassment of an
            
 individual, or aggression toward or disparagement of classes of individuals.
            
 
-
            Consequence: A permanent ban from any sort of public interaction within the
+
            Consequence: A permanent ban from any sort of public interaction within the
            
 community.
            
 
 
            Attribution
            
 
-
            This Code of Conduct is adapted from the Contributor Covenant,
-version 2.1, available at
+
            This Code of Conduct is adapted from the Contributor Covenant,
            
+version 2.1, available at
            
 https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
            
 
-
            Community Impact Guidelines were inspired by
+
            Community Impact Guidelines were inspired by
            
 Mozilla’s code of conduct enforcement ladder.
            
 
-
            For answers to common questions about this code of conduct, see the FAQ at
-https://www.contributor-covenant.org/faq. Translations are available at
+
            For answers to common questions about this code of conduct, see the FAQ at
            
+https://www.contributor-covenant.org/faq. Translations are available at
            
 https://www.contributor-covenant.org/translations.
            
 
 
            
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 48eef79e..65efad98 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -59,8 +59,8 @@
 
       
            Contributing
            
 
-
            Bug reports and pull requests are welcome on CodeBerg, GitLab, or GitHub.
-This project should be a safe, welcoming space for collaboration, so contributors agree to adhere to
+
            Bug reports and pull requests are welcome on CodeBerg, GitLab, or GitHub.
            
+This project should be a safe, welcoming space for collaboration, so contributors agree to adhere to
            
 the code of conduct.
            
 
 
            To submit a patch, please fork the project, create a patch with tests, and send a pull request.
            
@@ -85,7 +85,7 @@ 
            Help out!
            
 
 
            Executables vs Rake tasks
            
 
-
            Executables shipped by dependencies, such as kettle-dev, and stone_checksums, are available
+
            Executables shipped by dependencies, such as kettle-dev, and stone_checksums, are available
            
 after running bin/setup. These include:
            
 
 
              
@@ -101,56 +101,68 @@ 
              Executables vs Rake tasks
              
 
 
              There are many Rake tasks available as well. You can see them by running:
              
 
-
              shell
-bin/rake -T
-
              
+
              bin/rake -T
+
              
 
 
              Environment Variables for Local Development
              
 
 
              Below are the primary environment variables recognized by stone_checksums (and its integrated tools). Unless otherwise noted, set boolean values to the string “true” to enable.
              
 
-
              General/runtime
-- DEBUG: Enable extra internal logging for this library (default: false)
-- REQUIRE_BENCH: Enable require_bench to profile requires (default: false)
-- CI: When set to true, adjusts default rake tasks toward CI behavior
              
-
-
              Coverage (kettle-soup-cover / SimpleCov)
-- K_SOUP_COV_DO: Enable coverage collection (default: true in .envrc)
-- K_SOUP_COV_FORMATTERS: Comma-separated list of formatters (html, xml, rcov, lcov, json, tty)
-- K_SOUP_COV_MIN_LINE: Minimum line coverage threshold (integer, e.g., 100)
-- K_SOUP_COV_MIN_BRANCH: Minimum branch coverage threshold (integer, e.g., 100)
-- K_SOUP_COV_MIN_HARD: Fail the run if thresholds are not met (true/false)
-- K_SOUP_COV_MULTI_FORMATTERS: Enable multiple formatters at once (true/false)
-- K_SOUP_COV_OPEN_BIN: Path to browser opener for HTML (empty disables auto-open)
-- MAX_ROWS: Limit console output rows for simplecov-console (e.g., 1)
-  Tip: When running a single spec file locally, you may want K_SOUP_COV_MIN_HARD=false to avoid failing thresholds for a partial run.
              
-
-
              GitHub API and CI helpers
-- GITHUB_TOKEN or GH_TOKEN: Token used by ci:act and release workflow checks to query GitHub Actions status at higher rate limits
              
-
-
              Releasing and signing
-- SKIP_GEM_SIGNING: If set, skip gem signing during build/release
-- GEM_CERT_USER: Username for selecting your public cert in certs/<USER>.pem (defaults to $USER)
-- SOURCE_DATE_EPOCH: Reproducible build timestamp.
-  - kettle-release will set this automatically for the session.
-  - Not needed on bundler >= 2.7.0, as reproducible builds have become the default.
              
-
-
              Git hooks and commit message helpers (exe/kettle-commit-msg)
-- GIT_HOOK_BRANCH_VALIDATE: Branch name validation mode (e.g., jira) or false to disable
-- GIT_HOOK_FOOTER_APPEND: Append a footer to commit messages when goalie allows (true/false)
-- GIT_HOOK_FOOTER_SENTINEL: Required when footer append is enabled — a unique first-line sentinel to prevent duplicates
-- GIT_HOOK_FOOTER_APPEND_DEBUG: Extra debug output in the footer template (true/false)
              
+
              General/runtime
              
+
                
+  
              • DEBUG: Enable extra internal logging for this library (default: false)
                • 
+  
              • REQUIRE_BENCH: Enable require_bench to profile requires (default: false)
                • 
+  
              • CI: When set to true, adjusts default rake tasks toward CI behavior
                • 
+
              
+
+
              Coverage (kettle-soup-cover / SimpleCov)
              
+
                
+  
              • K_SOUP_COV_DO: Enable coverage collection (default: true in .envrc)
                • 
+  
              • K_SOUP_COV_FORMATTERS: Comma-separated list of formatters (html, xml, rcov, lcov, json, tty)
                • 
+  
              • K_SOUP_COV_MIN_LINE: Minimum line coverage threshold (integer, e.g., 100)
                • 
+  
              • K_SOUP_COV_MIN_BRANCH: Minimum branch coverage threshold (integer, e.g., 100)
                • 
+  
              • K_SOUP_COV_MIN_HARD: Fail the run if thresholds are not met (true/false)
                • 
+  
              • K_SOUP_COV_MULTI_FORMATTERS: Enable multiple formatters at once (true/false)
                • 
+  
              • K_SOUP_COV_OPEN_BIN: Path to browser opener for HTML (empty disables auto-open)
                • 
+  
              • MAX_ROWS: Limit console output rows for simplecov-console (e.g., 1)
                
+Tip: When running a single spec file locally, you may want K_SOUP_COV_MIN_HARD=false to avoid failing thresholds for a partial run.
                • 
+
              
+
+
              GitHub API and CI helpers
              
+
                
+  
              • GITHUB_TOKEN or GH_TOKEN: Token used by ci:act and release workflow checks to query GitHub Actions status at higher rate limits
                • 
+
              
+
+
              Releasing and signing
              
+
                
+  
              • SKIP_GEM_SIGNING: If set, skip gem signing during build/release
                • 
+  
              • GEM_CERT_USER: Username for selecting your public cert in certs/<USER>.pem (defaults to $USER)
                • 
+  
              • SOURCE_DATE_EPOCH: Reproducible build timestamp.
+    
                  
+      
                • 
+kettle-release will set this automatically for the session.
                  • 
+      
                • Not needed on bundler >= 2.7.0, as reproducible builds have become the default.
                  • 
+    
                
+  
                • 
+
              
+
+
              Git hooks and commit message helpers (exe/kettle-commit-msg)
              
+
                
+  
              • GIT_HOOK_BRANCH_VALIDATE: Branch name validation mode (e.g., jira) or false to disable
                • 
+  
              • GIT_HOOK_FOOTER_APPEND: Append a footer to commit messages when goalie allows (true/false)
                • 
+  
              • GIT_HOOK_FOOTER_SENTINEL: Required when footer append is enabled — a unique first-line sentinel to prevent duplicates
                • 
+  
              • GIT_HOOK_FOOTER_APPEND_DEBUG: Extra debug output in the footer template (true/false)
                • 
+
              
 
 
              For a quick starting point, this repository’s .envrc shows sane defaults, and .env.local can override them locally.
              
 
 
              Appraisals
              
 
-
              From time to time the appraisal2 gemfiles in gemfiles/ will need to be updated.
+
              From time to time the appraisal2 gemfiles in gemfiles/ will need to be updated.
              
 They are created and updated with the commands:
              
 
-
              console
-bin/rake appraisal:update
-
              
+
              bin/rake appraisal:update
+
              
 
 
              When adding an appraisal to CI, check the runner tool cache to see which runner to use.
              
 
@@ -160,17 +172,15 @@ 
              The Reek List
              
 
 
              To refresh the reek list:
              
 
-
              console
-bundle exec reek > REEK
-
              
+
              bundle exec reek > REEK
+
              
 
 
              Run Tests
              
 
 
              To run all tests
              
 
-
              console
-bundle exec rake test
-
              
+
              bundle exec rake test
+
              
 
 
              Spec organization (required)
              
 
@@ -183,15 +193,13 @@ 
              Lint It
              
 
 
              Run all the default tasks, which includes running the gradually autocorrecting linter, rubocop-gradual.
              
 
-
              console
-bundle exec rake
-
              
+
              bundle exec rake
+
              
 
 
              Or just run the linter.
              
 
-
              console
-bundle exec rake rubocop_gradual:autocorrect
-
              
+
              bundle exec rake rubocop_gradual:autocorrect
+
              
 
 
              For more detailed information about using RuboCop in this project, please see the RUBOCOP.md guide. This project uses rubocop_gradual instead of vanilla RuboCop, which requires specific commands for checking violations.
              
 
@@ -227,10 +235,10 @@ 
              For Maintainers
              
 
 
              One-time, Per-maintainer, Setup
              
 
-
              IMPORTANT: To sign a build,
-a public key for signing gems will need to be picked up by the line in the
-gemspec defining the spec.cert_chain (check the relevant ENV variables there).
-All releases are signed releases.
+
              IMPORTANT: To sign a build,
              
+a public key for signing gems will need to be picked up by the line in the
              
+gemspec defining the spec.cert_chain (check the relevant ENV variables there).
              
+All releases are signed releases.
              
 See: RubyGems Security Guide
              
 
 
              NOTE: To build without signing the gem set SKIP_GEM_SIGNING to any value in the environment.
              
@@ -277,8 +285,8 @@ 
              Manual process
              
   
   
            • Run bundle exec rake build
 
              • 
-  
            • Run bin/gem_checksums (more context 1, 2)
-to create SHA-256 and SHA-512 checksums. This functionality is provided by the stone_checksums
+  
            • Run bin/gem_checksums (more context 1, 2)
              
+to create SHA-256 and SHA-512 checksums. This functionality is provided by the stone_checksums
              
 gem.
     
                
       
              • The script automatically commits but does not push the checksums
                • 
@@ -289,14 +297,14 @@ 
                Manual process
                
       
              • sha256sum pkg/<gem name>-<version>.gem
                • 
     
              
   
              • 
-  
            • Run bundle exec rake release which will create a git tag for the version,
+  
            • Run bundle exec rake release which will create a git tag for the version,
              
 push git commits and tags, and push the .gem file to the gem host configured in the gemspec.
              • 
 
 
 
            
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 6d232159..0eb9ce7d 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -69,13 +69,13 @@
 
 
 
-
            🤑 A request for help
            
+
            🤑 A request for help
            
 
-
            Maintainers have teeth and need to pay their dentists.
-After getting laid off in an RIF in March, and encountering difficulty finding a new one,
-I began spending most of my time building open source tools.
-I’m hoping to be able to pay for my kids’ health insurance this month,
-so if you value the work I am doing, I need your support.
+
            Maintainers have teeth and need to pay their dentists.
            
+After getting laid off in an RIF in March, and encountering difficulty finding a new one,
            
+I began spending most of my time building open source tools.
            
+I’m hoping to be able to pay for my kids’ health insurance this month,
            
+so if you value the work I am doing, I need your support.
            
 Please consider sponsoring me or the project.
            
 
 
            To join the community or get help 👇️ Join the Discord.
            
@@ -99,7 +99,7 @@ 
            Another Way to Support Open
 
            
 
       
diff --git a/docs/file.IRP.html b/docs/file.IRP.html
index cd701065..43718bd2 100644
--- a/docs/file.IRP.html
+++ b/docs/file.IRP.html
@@ -180,11 +180,13 @@ 
            Legal & regulatory
            
 
 
 
            Retrospective & continuous improvement
            
-
            After an incident, perform a brief post-incident review covering:
-- What happened and why
-- What was done to contain and remediate
-- What tests or process changes will prevent recurrence
-- Assign owners and deadlines for follow-up tasks
            
+
            After an incident, perform a brief post-incident review covering:
            
+
              
+  
            • What happened and why
              • 
+  
            • What was done to contain and remediate
              • 
+  
            • What tests or process changes will prevent recurrence
              • 
+  
            • Assign owners and deadlines for follow-up tasks
              • 
+
            
 
 
            References
            
 
              
@@ -192,18 +194,24 @@ 
              References
              
 
            
 
 
            Appendix: Example checklist for an incident
            
-
              
-  
            • [ ] Acknowledge report to reporter (24-72 hours)
              • 
-  
            • [ ] Reproduce and classify severity
              • 
-  
            • [ ] Prepare and test a fix in a branch
              • 
-  
            • [ ] Coordinate disclosure via Tidelift
              • 
-  
            • [ ] Publish patch release and advisory
              • 
-  
            • [ ] Postmortem and follow-up actions
              • 
+
                
+  
              • 
+Acknowledge report to reporter (24-72 hours)
                • 
+  
              • 
+Reproduce and classify severity
                • 
+  
              • 
+Prepare and test a fix in a branch
                • 
+  
              • 
+Coordinate disclosure via Tidelift
                • 
+  
              • 
+Publish patch release and advisory
                • 
+  
              • 
+Postmortem and follow-up actions
                • 
 
              
 
            
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index ac83a495..4e01e91e 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
            MIT License

            Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
            Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

            Permission is hereby granted, free of charge, to any person obtaining a copy
            of this software and associated documentation files (the "Software"), to deal
            in the Software without restriction, including without limitation the rights
            to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
            copies of the Software, and to permit persons to whom the Software is
            furnished to do so, subject to the following conditions:

            The above copyright notice and this permission notice shall be included in all
            copies or substantial portions of the Software.

            THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
            IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
            FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
            AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
            LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
            OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
            SOFTWARE.
            
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index b5ebfaf2..5068218e 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -120,11 +120,11 @@ 
            Raw OIDC with ruby-oauth/oauth2
            
 
            What you must add in your app for OIDC
            
 
 
              
-  
            • ID Token validation: This gem surfaces id_token values but does not verify them. Your app should:
-1) Parse the JWT (header, payload, signature)
-2) Fetch the OP JSON Web Key Set (JWKS) from discovery (or configure statically)
-3) Select the correct key by kid (when present) and verify the signature and algorithm
-4) Validate standard claims (iss, aud, exp, iat, nbf, azp, nonce when used, at_hash/c_hash when applicable)
+  
            • ID Token validation: This gem surfaces id_token values but does not verify them. Your app should:
              
+1) Parse the JWT (header, payload, signature)
              
+2) Fetch the OP JSON Web Key Set (JWKS) from discovery (or configure statically)
              
+3) Select the correct key by kid (when present) and verify the signature and algorithm
              
+4) Validate standard claims (iss, aud, exp, iat, nbf, azp, nonce when used, at_hash/c_hash when applicable)
              
 5) Enforce expected client_id, issuer, and clock skew policies
              • 
   
            • Nonce handling for Authorization Code flow with OIDC: generate a cryptographically-random nonce, bind it to the user session before redirect, include it in authorize request, and verify it in the ID Token on return.
              • 
   
            • PKCE is best practice and often required by OPs: generate/verifier, send challenge in authorize, send verifier in token request.
              • 
@@ -133,78 +133,77 @@ 
              Raw OIDC with ruby-oauth/oauth2
              
 
 
              Minimal OIDC Authorization Code example
              
 
-
              ```ruby
-require “oauth2”
-require “jwt”         # jwt/ruby-jwt
-require “net/http”
-require “json”
              
-
-
              client = OAuth2::Client.new(
-  ENV.fetch(“OIDC_CLIENT_ID”),
-  ENV.fetch(“OIDC_CLIENT_SECRET”),
-  site: ENV.fetch(“OIDC_ISSUER”),              # e.g. https://accounts.example.com
-  authorize_url: “/authorize”,                 # or discovered
-  token_url: “/token”,                         # or discovered
-)
              
-
-
              Step 1: Redirect to OP for consent/auth
              
-
              state = SecureRandom.hex(16)
+
              require "oauth2"
+require "jwt"         # jwt/ruby-jwt
+require "net/http"
+require "json"
+
+client = OAuth2::Client.new(
+  ENV.fetch("OIDC_CLIENT_ID"),
+  ENV.fetch("OIDC_CLIENT_SECRET"),
+  site: ENV.fetch("OIDC_ISSUER"),              # e.g. https://accounts.example.com
+  authorize_url: "/authorize",                 # or discovered
+  token_url: "/token",                         # or discovered
+)
+
+# Step 1: Redirect to OP for consent/auth
+state = SecureRandom.hex(16)
 nonce = SecureRandom.hex(16)
 pkce_verifier = SecureRandom.urlsafe_base64(64)
-pkce_challenge = Base64.urlsafe_encode64(Digest::SHA256.digest(pkce_verifier)).delete(“=”)
              
+pkce_challenge = Base64.urlsafe_encode64(Digest::SHA256.digest(pkce_verifier)).delete("=")
 
-
              authz_url = client.auth_code.authorize_url(
-  scope: “openid profile email”,
+authz_url = client.auth_code.authorize_url(
+  scope: "openid profile email",
   state: state,
   nonce: nonce,
   code_challenge: pkce_challenge,
-  code_challenge_method: “S256”,
-  redirect_uri: ENV.fetch(“OIDC_REDIRECT_URI”),
+  code_challenge_method: "S256",
+  redirect_uri: ENV.fetch("OIDC_REDIRECT_URI"),
 )
-# redirect_to authz_url
              
+# redirect_to authz_url
 
-
              Step 2: Handle callback
              
-
              # params[:code], params[:state]
-raise “state mismatch” unless params[:state] == state
              
+# Step 2: Handle callback
+# params[:code], params[:state]
+raise "state mismatch" unless params[:state] == state
 
-
              token = client.auth_code.get_token(
+token = client.auth_code.get_token(
   params[:code],
-  redirect_uri: ENV.fetch(“OIDC_REDIRECT_URI”),
+  redirect_uri: ENV.fetch("OIDC_REDIRECT_URI"),
   code_verifier: pkce_verifier,
-)
              
+)
 
-
              The token may include: access_token, id_token, refresh_token, etc.
              
-
              id_token = token.params[“id_token”] || token.params[:id_token]
              
+# The token may include: access_token, id_token, refresh_token, etc.
+id_token = token.params["id_token"] || token.params[:id_token]
 
-
              Step 3: Validate the ID Token (simplified – add your own checks!)
              
-
              # Discover keys (example using .well-known)
-issuer = ENV.fetch(“OIDC_ISSUER”)
-jwks_uri = JSON.parse(Net::HTTP.get(URI.join(issuer, “/.well-known/openid-configuration”))).
-  fetch(“jwks_uri”)
+# Step 3: Validate the ID Token (simplified – add your own checks!)
+# Discover keys (example using .well-known)
+issuer = ENV.fetch("OIDC_ISSUER")
+jwks_uri = JSON.parse(Net::HTTP.get(URI.join(issuer, "/.well-known/openid-configuration"))).
+  fetch("jwks_uri")
 jwks = JSON.parse(Net::HTTP.get(URI(jwks_uri)))
-keys = jwks.fetch(“keys”)
              
+keys = jwks.fetch("keys")
 
-
              Use ruby-jwt JWK loader
              
-
              jwk_set = JWT::JWK::Set.new(keys.map { |k| JWT::JWK.import(k) })
              
+# Use ruby-jwt JWK loader
+jwk_set = JWT::JWK::Set.new(keys.map { |k| JWT::JWK.import(k) })
 
-
              decoded, headers = JWT.decode(
+decoded, headers = JWT.decode(
   id_token,
   nil,
   true,
-  algorithms: [“RS256”, “ES256”, “PS256”],
+  algorithms: ["RS256", "ES256", "PS256"],
   jwks: jwk_set,
   verify_iss: true,
   iss: issuer,
   verify_aud: true,
-  aud: ENV.fetch(“OIDC_CLIENT_ID”),
-)
              
+  aud: ENV.fetch("OIDC_CLIENT_ID"),
+)
 
-
              Verify nonce
              
-
              raise “nonce mismatch” unless decoded[“nonce”] == nonce
              
+# Verify nonce
+raise "nonce mismatch" unless decoded["nonce"] == nonce
 
-
              Optionally: call UserInfo
              
-
              userinfo = token.get(“/userinfo”).parsed
-```
              
+# Optionally: call UserInfo
+userinfo = token.get("/userinfo").parsed
+
              
 
 
              Notes on discovery and registration
              
 
@@ -257,7 +256,7 @@ 
              Optionally: call UserInfo
              
 
            
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 40081e21..a06abfa9 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -99,7 +99,7 @@
 
 
            Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Chris Messina, CC BY-SA 3.0
            
 
-
            🔐 OAuth 2.0 Authorization Framework
            
+
            🔐 OAuth 2.0 Authorization Framework
            
 
 
            ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
            
 
@@ -113,11 +113,11 @@ 
            🔐 OAuth 2.0 Authorization Framework
 
 
            OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate at ko-fi.com
            
 
-
            🌻 Synopsis
            
+
            🌻 Synopsis
            
 
-
            OAuth 2.0 is the industry-standard protocol for authorization.
-OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
-    desktop applications, mobile phones, and living room devices.
+
            OAuth 2.0 is the industry-standard protocol for authorization.
            
+OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
            
+    desktop applications, mobile phones, and living room devices.
            
 This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications.
            
 
 
            Quick Examples
            
@@ -125,29 +125,27 @@ 
            Quick Examples
            
 
            
   Convert the following `curl` command into a token request using this gem...
 
-  
            shell
-curl --request POST \
-  --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \
-  --header 'content-type: application/x-www-form-urlencoded' \
+  
            curl --request POST \
+  --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \
+  --header 'content-type: application/x-www-form-urlencoded' \
   --data grant_type=client_credentials \
   --data client_id=REDMOND_CLIENT_ID \
   --data client_secret=REDMOND_CLIENT_SECRET \
   --data resource=REDMOND_RESOURCE_UUID
-
            
+
            
 
   
            NOTE: In the ruby version below, certain params are passed to the get_token call, instead of the client creation.
            
 
-  
            ruby
-OAuth2::Client.new(
-  "REDMOND_CLIENT_ID", # client_id
-  "REDMOND_CLIENT_SECRET", # client_secret
+  
            OAuth2::Client.new(
+  "REDMOND_CLIENT_ID", # client_id
+  "REDMOND_CLIENT_SECRET", # client_secret
   auth_scheme: :request_body, # Other modes are supported: :basic_auth, :tls_client_auth, :private_key_jwt
-  token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path
-  site: "https://login.microsoftonline.com/REDMOND_REDACTED",
+  token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path
+  site: "https://login.microsoftonline.com/REDMOND_REDACTED",
 ). # The base path for token_url when it is relative
   client_credentials. # There are many other types to choose from!
-  get_token(resource: "REDMOND_RESOURCE_UUID")
-
            
+  get_token(resource: "REDMOND_RESOURCE_UUID")
+
            
 
   
            NOTE: header - The content type specified in the curl is already the default!
            
 
@@ -161,29 +159,26 @@ 
            Quick Examples
            
     
          • E2E example does not ship with the released gem, so clone the source to play with it.
            • 
   
 
-  
            console
-docker compose -f docker-compose-ssl.yml up -d --wait
+  
            docker compose -f docker-compose-ssl.yml up -d --wait
 ruby examples/e2e.rb
 # If your machine is slow or Docker pulls are cold, increase the wait:
 E2E_WAIT_TIMEOUT=120 ruby examples/e2e.rb
 # The mock server serves HTTP on 8080; the example points to http://localhost:8080 by default.
-
            
+
            
 
   
            The output should be something like this:
            
 
-  
            console
-➜  ruby examples/e2e.rb
+  
            ➜  ruby examples/e2e.rb
 Access token (truncated): eyJraWQiOiJkZWZhdWx0...
 userinfo status: 200
-userinfo body: {"sub" => "demo-sub", "aud" => ["demo-aud"], "nbf" => 1757816758000, "iss" => "http://localhost:8080/default", "exp" => 1757820358000, "iat" => 1757816758000, "jti" => "d63b97a7-ebe5-4dea-93e6-d542caba6104"}
+userinfo body: {"sub" => "demo-sub", "aud" => ["demo-aud"], "nbf" => 1757816758000, "iss" => "http://localhost:8080/default", "exp" => 1757820358000, "iat" => 1757816758000, "jti" => "d63b97a7-ebe5-4dea-93e6-d542caba6104"}
 E2E complete
-
            
+
            
 
   
            Make sure to shut down the mock server when you are done:
            
 
-  
            console
-docker compose -f docker-compose-ssl.yml down
-
            
+  
            docker compose -f docker-compose-ssl.yml down
+
            
 
   
            Troubleshooting: validate connectivity to the mock server
            
 
@@ -253,7 +248,7 @@ 
            Quick Examples
            
 oauth sibling gem for OAuth 1.0a implementations in Ruby.
 
 
-
            💡 Info you can shake a stick at
            
+
            💡 Info you can shake a stick at
            
 
 
            
   
            
@@ -417,7 +412,7 @@ 
            Federated DVCS
            
 
 
 
-
            Enterprise Support Tidelift
+
            Enterprise Support Tidelift
 
            
 
 
            Available as part of the Tidelift Subscription.
            
@@ -446,21 +441,19 @@ 
            ✨ Installation
            
+
            ✨ Installation
            
 
 
            Install the gem and add to the application’s Gemfile by executing:
            
 
-
            console
-bundle add oauth2
-
            
+
            bundle add oauth2
+
            
 
 
            If bundler is not being used to manage dependencies, install the gem by executing:
            
 
-
            console
-gem install oauth2
-
            
+
            gem install oauth2
+
            
 
-
            🔒 Secure Installation
            
+
            🔒 Secure Installation
            
 
 
            
   For Medium or High Security Installations
@@ -471,15 +464,13 @@ 
            🔒 Secure Installation
            
 
   
            Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
            
 
-  
            console
-gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem)
-
            
+  
            gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem)
+
            
 
   
            You only need to do that once.  Then proceed to install with:
            
 
-  
            console
-gem install oauth2 -P MediumSecurity
-
            
+  
            gem install oauth2 -P MediumSecurity
+
            
 
   
            The MediumSecurity trust profile will verify signed gems, but allow the installation of unsigned dependencies.
            
 
@@ -487,9 +478,8 @@ 
            🔒 Secure Installation
            
 
   
            If you want to up your security game full-time:
            
 
-  
            console
-bundle config set --global trust-policy MediumSecurity
-
            
+  
            bundle config set --global trust-policy MediumSecurity
+
            
 
   
            MediumSecurity instead of HighSecurity is necessary if not all the gems you use are signed.
            
 
@@ -545,9 +535,9 @@ 
            What is new for v2.0?
            
 
 
            Compatibility
            
 
-
            Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
-Compatibility is further distinguished as “Best Effort Support” or “Incidental Support” for older versions of Ruby.
-This gem will install on Ruby versions >= v2.2 for 2.x releases.
+
            Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
            
+Compatibility is further distinguished as “Best Effort Support” or “Incidental Support” for older versions of Ruby.
            
+This gem will install on Ruby versions >= v2.2 for 2.x releases.
            
 See 1-4-stable branch for older rubies.
            
 
 
            
@@ -618,98 +608,93 @@ 
            Compatibility
            
   
 
            
   
            
 
-
            NOTE: The 1.4 series will only receive critical security updates.
+
            NOTE: The 1.4 series will only receive critical security updates.
            
 See SECURITY.md and IRP.md.
            
 
-
            ⚙️ Configuration
            
+
            ⚙️ Configuration
            
 
 
            You can turn on additional warnings.
            
 
-
            ruby
-OAuth2.configure do |config|
+
            OAuth2.configure do |config|
   # Turn on a warning like:
-  #   OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key
+  #   OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key
   config.silence_extra_tokens_warning = false # default: true
   # Set to true if you want to also show warnings about no tokens
   config.silence_no_tokens_warning = false # default: true,
 end
-
            
+
            
 
-
            The “extra tokens” problem comes from ambiguity in the spec about which token is the right token.
-Some OAuth 2.0 standards legitimately have multiple tokens.
-You may need to subclass OAuth2::AccessToken, or write your own custom alternative to it, and pass it in.
+
            The “extra tokens” problem comes from ambiguity in the spec about which token is the right token.
            
+Some OAuth 2.0 standards legitimately have multiple tokens.
            
+You may need to subclass OAuth2::AccessToken, or write your own custom alternative to it, and pass it in.
            
 Specify your custom class with the access_token_class option.
            
 
-
            If you only need one token, you can, as of v2.0.10,
-specify the exact token name you want to extract via the OAuth2::AccessToken using
+
            If you only need one token, you can, as of v2.0.10,
            
+specify the exact token name you want to extract via the OAuth2::AccessToken using
            
 the token_name option.
            
 
-
            You’ll likely need to do some source diving.
-This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
+
            You’ll likely need to do some source diving.
            
+This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
            
 If you have time and energy, please contribute to the documentation!
            
 
-
            🔧 Basic Usage
            
+
            🔧 Basic Usage
            
 
-
            
+
            
 authorize_url and token_url are on site root (Just Works!)
            
 
-
            ```ruby
-require “oauth2”
-client = OAuth2::Client.new(“client_id”, “client_secret”, site: “https://example.org”)
-# => #<OAuth2::Client:0x00000001204c8288 @id=”client_id”, @secret=”client_sec…
-client.auth_code.authorize_url(https://github.com/redirect_uri:%20%E2%80%9Chttp://localhost:8080/oauth2/callback%E2%80%9D)
-# => “https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code”
            
+
            require "oauth2"
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org")
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
+# => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
 
-
            access = client.auth_code.get_token(“authorization_code_value”, redirect_uri: “http://localhost:8080/oauth2/callback”, headers: {”Authorization” => “Basic some_password”})
-response = access.get(“/api/resource”, params: {”query_foo” => “bar”})
+access = client.auth_code.get_token("authorization_code_value", redirect_uri: "http://localhost:8080/oauth2/callback", headers: {"Authorization" => "Basic some_password"})
+response = access.get("/api/resource", params: {"query_foo" => "bar"})
 response.class.name
 # => OAuth2::Response
-```
            
+
            
 
-
            Relative authorize_url and token_url (Not on site root, Just Works!)
            
+
            Relative authorize_url and token_url (Not on site root, Just Works!)
            
 
 
            In the above example, the default Authorization URL is oauth/authorize and default Access Token URL is oauth/token, and, as they are missing a leading /, both are relative.
            
 
-
            ruby
-client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
-# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
-client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth2/callback")
-# => "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
-
            
+
            client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
+# => "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+
            
 
-
            Customize authorize_url and token_url
+
            Customize authorize_url and token_url
 
            
 
 
            You can specify custom URLs for authorization and access token, and when using a leading / they will not be relative, as shown below:
            
 
-
            ruby
-client = OAuth2::Client.new(
-  "client_id",
-  "client_secret",
-  site: "https://example.org/nested/directory/on/your/server",
-  authorize_url: "/jaunty/authorize/",
-  token_url: "/stirrups/access_token",
+
            client = OAuth2::Client.new(
+  "client_id",
+  "client_secret",
+  site: "https://example.org/nested/directory/on/your/server",
+  authorize_url: "/jaunty/authorize/",
+  token_url: "/stirrups/access_token",
 )
-# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
-client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth2/callback")
-# => "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
+# => "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
 client.class.name
 # => OAuth2::Client
-
            
+
            
 
-
            snake_case and indifferent access in Response#parsed
            
+
            snake_case and indifferent access in Response#parsed
            
 
-
            ruby
-response = access.get("/api/resource", params: {"query_foo" => "bar"})
+
            response = access.get("/api/resource", params: {"query_foo" => "bar"})
 # Even if the actual response is CamelCase. it will be made available as snaky:
-JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
-response.parsed                   # => {"access_token"=>"aaaaaaaa", "additional_data"=>"additional"}
-response.parsed.access_token      # => "aaaaaaaa"
-response.parsed[:access_token]    # => "aaaaaaaa"
-response.parsed.additional_data   # => "additional"
-response.parsed[:additional_data] # => "additional"
+JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed                   # => {"access_token"=>"aaaaaaaa", "additional_data"=>"additional"}
+response.parsed.access_token      # => "aaaaaaaa"
+response.parsed[:access_token]    # => "aaaaaaaa"
+response.parsed.additional_data   # => "additional"
+response.parsed[:additional_data] # => "additional"
 response.parsed.class.name        # => SnakyHash::StringKeyed (from snaky_hash gem)
-
            
+
            
 
 
            Serialization
            
 
@@ -721,83 +706,80 @@ 
            Global Serialization Config
            
 
 
            Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails).
            
 
-
            ruby
-SnakyHash::StringKeyed.class_eval do
+
            SnakyHash::StringKeyed.class_eval do
   extend SnakyHash::Serializer
 end
-
            
+
            
 
 
            Discrete Serialization Config
            
 
 
            Discretely configure a custom Snaky Hash class to use the serializer.
            
 
-
            ```ruby
-class MySnakyHash < SnakyHash::StringKeyed
-  # Give this hash class dump and load abilities!
+
            class MySnakyHash < SnakyHash::StringKeyed
+  # Give this hash class `dump` and `load` abilities!
   extend SnakyHash::Serializer
-end
            
+end
 
-
            And tell your client to use the custom class in each call:
            
-
            client = OAuth2::Client.new(“client_id”, “client_secret”, site: “https://example.org/oauth2”)
+# And tell your client to use the custom class in each call:
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
 token = client.get_token({snaky_hash_klass: MySnakyHash})
-```
            
+
            
 
 
            Serialization Extensions
            
 
 
            These extensions work regardless of whether you used the global or discrete config above.
            
 
-
            There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
-They are likely not needed if you are on a newer Ruby.
-Expand the examples below, or the ruby-oauth/snaky_hash gem,
+
            There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
            
+They are likely not needed if you are on a newer Ruby.
            
+Expand the examples below, or the ruby-oauth/snaky_hash gem,
            
 or response_spec.rb, for more ideas, especially if you need to study the hacks for older Rubies.
            
 
 
            
   See Examples
 
-  
            ```ruby
-class MySnakyHash < SnakyHash::StringKeyed
-  # Give this hash class dump and load abilities!
-  extend SnakyHash::Serializer
            
+  
            class MySnakyHash < SnakyHash::StringKeyed
+  # Give this hash class `dump` and `load` abilities!
+  extend SnakyHash::Serializer
 
-  
            #### Serialization Extentions
+  #### Serialization Extentions
   #
   # Act on the non-hash values (including the values of hashes) as they are dumped to JSON
   # In other words, this retains nested hashes, and only the deepest leaf nodes become bananas.
   # WARNING: This is a silly example!
   dump_value_extensions.add(:to_fruit) do |value|
-    “banana” # => Make values “banana” on dump
-  end
            
+    "banana" # => Make values "banana" on dump
+  end
 
-  
            # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
-  # In other words, this retains nested hashes, and only the deepest leaf nodes become .
+  # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
+  # In other words, this retains nested hashes, and only the deepest leaf nodes become ***.
   # WARNING: This is a silly example!
   load_value_extensions.add(:to_stars) do |value|
-    “” # Turn dumped bananas into *** when they are loaded
-  end
            
+    "***" # Turn dumped bananas into *** when they are loaded
+  end
 
-  
            # Act on the entire hash as it is prepared for dumping to JSON
+  # Act on the entire hash as it is prepared for dumping to JSON
   # WARNING: This is a silly example!
   dump_hash_extensions.add(:to_cheese) do |value|
     if value.is_a?(Hash)
       value.transform_keys do |key|
-        split = key.split(“_”)
+        split = key.split("_")
         first_word = split[0]
-        key.sub(first_word, “cheese”)
+        key.sub(first_word, "cheese")
       end
     else
       value
     end
-  end
            
+  end
 
-  
            # Act on the entire hash as it is loaded from the JSON dump
+  # Act on the entire hash as it is loaded from the JSON dump
   # WARNING: This is a silly example!
   load_hash_extensions.add(:to_pizza) do |value|
     if value.is_a?(Hash)
       res = klass.new
       value.keys.each_with_object(res) do |key, result|
-        split = key.split(“_”)
+        split = key.split("_")
         last_word = split[-1]
-        new_key = key.sub(last_word, “pizza”)
+        new_key = key.sub(last_word, "pizza")
         result[new_key] = value[key]
       end
       res
@@ -806,64 +788,61 @@ 
            Serialization Extensions
            
     end
   end
 end
-```
            
+
            
 
 
            
 
-
            Prefer camelCase over snake_case? => snaky: false
            
+
            Prefer camelCase over snake_case? => snaky: false
            
 
-
            ruby
-response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
-JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
-response.parsed                   # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
-response.parsed["accessToken"]    # => "aaaaaaaa"
-response.parsed["additionalData"] # => "additional"
+
            response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
+JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed                   # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed["accessToken"]    # => "aaaaaaaa"
+response.parsed["additionalData"] # => "additional"
 response.parsed.class.name        # => Hash (just, regular old Hash)
-
            
+
            
 
 
            
   Debugging & Logging
 
   
            Set an environment variable as per usual (e.g. with dotenv).
            
 
-  
            ruby
-# will log both request and response, including bodies
-ENV["OAUTH_DEBUG"] = "true"
-
            
+  
            # will log both request and response, including bodies
+ENV["OAUTH_DEBUG"] = "true"
+
            
 
   
            By default, debug output will go to $stdout. This can be overridden when
 initializing your OAuth2::Client.
            
 
-  
            ruby
-require "oauth2"
+  
            require "oauth2"
 client = OAuth2::Client.new(
-  "client_id",
-  "client_secret",
-  site: "https://example.org/",
-  logger: Logger.new("example.log", "weekly"),
+  "client_id",
+  "client_secret",
+  site: "https://example.org",
+  logger: Logger.new("example.log", "weekly"),
 )
-
            
+
            
 
 
            
 
 
            OAuth2::Response
            
 
-
            The AccessToken methods #get, #post, #put and #delete and the generic #request
+
            The AccessToken methods #get, #post, #put and #delete and the generic #request
            
 will return an instance of the #OAuth2::Response class.
            
 
-
            This instance contains a #parsed method that will parse the response body and
-return a Hash-like SnakyHash::StringKeyed if the Content-Type is application/x-www-form-urlencoded or if
-the body is a JSON object.  It will return an Array if the body is a JSON
+
            This instance contains a #parsed method that will parse the response body and
            
+return a Hash-like SnakyHash::StringKeyed if the Content-Type is application/x-www-form-urlencoded or if
            
+the body is a JSON object.  It will return an Array if the body is a JSON
            
 array.  Otherwise, it will return the original body string.
            
 
-
            The original response body, headers, and status can be accessed via their
+
            The original response body, headers, and status can be accessed via their
            
 respective methods.
            
 
 
            OAuth2::AccessToken
            
 
-
            If you have an existing Access Token for a user, you can initialize an instance
-using various class methods including the standard new, from_hash (if you have
-a hash of the values), or from_kvform (if you have an
+
            If you have an existing Access Token for a user, you can initialize an instance
            
+using various class methods including the standard new, from_hash (if you have
            
+a hash of the values), or from_kvform (if you have an
            
 application/x-www-form-urlencoded encoded string of the values).
            
 
 
            Options (since v2.0.x unless noted):
            
@@ -928,14 +907,14 @@ 
            OAuth2::AccessToken
            
 
 
            OAuth2::Error
            
 
-
            On 400+ status code responses, an OAuth2::Error will be raised.  If it is a
-standard OAuth2 error response, the body will be parsed and #code and #description will contain the values provided from the error and
-error_description parameters.  The #response property of OAuth2::Error will
+
            On 400+ status code responses, an OAuth2::Error will be raised.  If it is a
            
+standard OAuth2 error response, the body will be parsed and #code and #description will contain the values provided from the error and
            
+error_description parameters.  The #response property of OAuth2::Error will
            
 always contain the OAuth2::Response instance.
            
 
-
            If you do not want an error to be raised, you may use :raise_errors => false
-option on initialization of the client.  In this case the OAuth2::Response
-instance will be returned as usual and on 400+ status code responses, the
+
            If you do not want an error to be raised, you may use :raise_errors => false
            
+option on initialization of the client.  In this case the OAuth2::Response
            
+instance will be returned as usual and on 400+ status code responses, the
            
 Response instance will contain the OAuth2::Error instance.
            
 
 
            Authorization Grants
            
@@ -962,55 +941,53 @@ 
            Authorization Grants
            
   
          • Differences overview: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
            • 
 
 
-
            Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
-authentication grant types have helper strategy classes that simplify client
-use. They are available via the #auth_code,
-#implicit,
-#password,
-#client_credentials, and
+
            Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
            
+authentication grant types have helper strategy classes that simplify client
            
+use. They are available via the #auth_code,
            
+#implicit,
            
+#password,
            
+#client_credentials, and
            
 #assertion methods respectively.
            
 
 
            These aren’t full examples, but demonstrative of the differences between usage for each strategy.
            
 
-
            ```ruby
-auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20%E2%80%9Chttp://localhost:8080/oauth/callback%E2%80%9D)
-access = client.auth_code.get_token(“code_value”, redirect_uri: “http://localhost:8080/oauth/callback”)
            
+
            auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth/callback")
+access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback")
 
-
            auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20%E2%80%9Chttp://localhost:8080/oauth/callback%E2%80%9D)
+auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth/callback")
 # get the token params in the callback and
-access = OAuth2::AccessToken.from_kvform(client, query_string)
            
+access = OAuth2::AccessToken.from_kvform(client, query_string)
 
-
            access = client.password.get_token(“username”, “password”)
            
+access = client.password.get_token("username", "password")
 
-
            access = client.client_credentials.get_token
            
+access = client.client_credentials.get_token
 
-
            Client Assertion Strategy
            
-
            # see: https://tools.ietf.org/html/rfc7523
+# Client Assertion Strategy
+# see: https://tools.ietf.org/html/rfc7523
 claimset = {
-  iss: “http://localhost:3001”,
-  aud: “http://localhost:8080/oauth2/token”,
-  sub: “me@example.com”,
+  iss: "http://localhost:3001",
+  aud: "http://localhost:8080/oauth2/token",
+  sub: "me@example.com",
   exp: Time.now.utc.to_i + 3600,
 }
-assertion_params = [claimset, “HS256”, “secret_key”]
-access = client.assertion.get_token(assertion_params)
            
+assertion_params = [claimset, "HS256", "secret_key"]
+access = client.assertion.get_token(assertion_params)
 
-
            The access (i.e. access token) is then used like so:
            
-
            access.token # actual access_token string, if you need it somewhere
-access.get(“/api/stuff”) # making api calls with access token
-```
            
+# The `access` (i.e. access token) is then used like so:
+access.token # actual access_token string, if you need it somewhere
+access.get("/api/stuff") # making api calls with access token
+
            
 
-
            If you want to specify additional headers to be sent out with the
+
            If you want to specify additional headers to be sent out with the
            
 request, add a ‘headers’ hash under ‘params’:
            
 
-
            ruby
-access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: {"Some" => "Header"})
-
            
+
            access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: {"Some" => "Header"})
+
            
 
-
            You can always use the #request method on the OAuth2::Client instance to make
+
            You can always use the #request method on the OAuth2::Client instance to make
            
 requests for tokens for any Authentication grant type.
            
 
-
            📘 Comprehensive Usage
            
+
            📘 Comprehensive Usage
            
 
 
            Common Flows (end-to-end)
            
 
@@ -1018,88 +995,84 @@ 
            Common Flows (end-to-end)
            
   
          • Authorization Code (server-side web app):
            • 
 
 
-
            ```ruby
-require “oauth2”
+
            require "oauth2"
 client = OAuth2::Client.new(
-  ENV[“CLIENT_ID”],
-  ENV[“CLIENT_SECRET”],
-  site: “https://provider.example.com”,
-  redirect_uri: “https://my.app.example.com/oauth/callback”,
-)
            
-
-
            Step 1: redirect user to consent
            
-
            state = SecureRandom.hex(16)
-auth_url = client.auth_code.authorize_url(/service/scope: %E2%80%9Copenid profile email%E2%80%9D, state: state)
-# redirect_to auth_url
            
-
-
            Step 2: handle the callback
            
-
            # params[:code], params[:state]
-raise “state mismatch” unless params[:state] == state
-access = client.auth_code.get_token(params[:code])
            
-
-
            Step 3: call APIs
            
-
            profile = access.get(“/api/v1/me”).parsed
-```
            
+  ENV["CLIENT_ID"],
+  ENV["CLIENT_SECRET"],
+  site: "https://provider.example.com",
+  redirect_uri: "https://my.app.example.com/oauth/callback",
+)
+
+# Step 1: redirect user to consent
+state = SecureRandom.hex(16)
+auth_url = client.auth_code.authorize_url(/service/scope: "openid profile email", state: state)
+# redirect_to auth_url
+
+# Step 2: handle the callback
+# params[:code], params[:state]
+raise "state mismatch" unless params[:state] == state
+access = client.auth_code.get_token(params[:code])
+
+# Step 3: call APIs
+profile = access.get("/api/v1/me").parsed
+
            
 
 
              
   
            • Client Credentials (machine-to-machine):
              • 
 
            
 
-
            ruby
-client = OAuth2::Client.new(ENV["CLIENT_ID"], ENV["CLIENT_SECRET"], site: "https://provider.example.com/")
-access = client.client_credentials.get_token(audience: "https://api.example.com/")
-resp = access.get("/v1/things")
-
            
+
            client = OAuth2::Client.new(ENV["CLIENT_ID"], ENV["CLIENT_SECRET"], site: "https://provider.example.com")
+access = client.client_credentials.get_token(audience: "https://api.example.com")
+resp = access.get("/v1/things")
+
            
 
 
              
   
            • Resource Owner Password (legacy; avoid when possible):
              • 
 
            
 
-
            ruby
-access = client.password.get_token("jdoe", "s3cret", scope: "read")
-
            
+
            access = client.password.get_token("jdoe", "s3cret", scope: "read")
+
            
 
 
            Examples
            
 
 
            
   JHipster UAA (Spring Cloud) password grant example (legacy; avoid when possible)
 
-  
            ```ruby
-# This converts a Postman/Net::HTTP multipart token request to oauth2 gem usage.
+  
            # This converts a Postman/Net::HTTP multipart token request to oauth2 gem usage.
 # JHipster UAA typically exposes the token endpoint at /uaa/oauth/token.
 # The original snippet included:
 # - Basic Authorization header for the client (web_app:changeit)
 # - X-XSRF-TOKEN header from a cookie (some deployments require it)
 # - grant_type=password with username/password and client_id
-# Using oauth2 gem, you don’t need to build multipart bodies; the gem sends
-# application/x-www-form-urlencoded as required by RFC 6749.
            
+# Using oauth2 gem, you don't need to build multipart bodies; the gem sends
+# application/x-www-form-urlencoded as required by RFC 6749.
 
-  
            require “oauth2”
            
+require "oauth2"
 
-  
            client = OAuth2::Client.new(
-  “web_app”,            # client_id
-  “changeit”,           # client_secret
-  site: “http://localhost:8080/uaa”,
-  token_url: “/oauth/token”,      # absolute under site (or “oauth/token” relative)
+client = OAuth2::Client.new(
+  "web_app",            # client_id
+  "changeit",           # client_secret
+  site: "http://localhost:8080/uaa",
+  token_url: "/oauth/token",      # absolute under site (or "oauth/token" relative)
   auth_scheme: :basic_auth,         # sends HTTP Basic Authorization header
-)
            
+)
 
-  
            If your UAA requires an XSRF header for the token call, provide it as a header.
            
-  
            # Often this is not required for token endpoints, but if your gateway enforces it,
+# If your UAA requires an XSRF header for the token call, provide it as a header.
+# Often this is not required for token endpoints, but if your gateway enforces it,
 # obtain the value from the XSRF-TOKEN cookie and pass it here.
-xsrf_token = ENV[“X_XSRF_TOKEN”] # e.g., pulled from a prior set-cookie value
            
+xsrf_token = ENV["X_XSRF_TOKEN"] # e.g., pulled from a prior set-cookie value
 
-  
            access = client.password.get_token(
-  “admin”,                 # username
-  “admin”,                 # password
-  headers: xsrf_token ? {”X-XSRF-TOKEN” => xsrf_token} : {},
+access = client.password.get_token(
+  "admin",                 # username
+  "admin",                 # password
+  headers: xsrf_token ? {"X-XSRF-TOKEN" => xsrf_token} : {},
   # JHipster commonly also accepts/needs the client_id in the body; include if required:
-  # client_id: “web_app”,
-)
            
+  # client_id: "web_app",
+)
 
-  
            puts access.token
+puts access.token
 puts access.to_hash # full token response
-```
            
+
            
 
   
            Notes:
            
 
@@ -1124,61 +1097,60 @@ 
            Instagram API (verb‑dependent
 
 
            Example: exchanging and refreshing long‑lived Instagram tokens, and making API calls
            
 
-
            ```ruby
-require “oauth2”
            
+
            require "oauth2"
 
-
            NOTE: Users authenticate via Facebook Login to obtain a short‑lived user token (not shown here).
            
-
            # See Facebook Login docs for obtaining the initial short‑lived token.
            
+# NOTE: Users authenticate via Facebook Login to obtain a short‑lived user token (not shown here).
+# See Facebook Login docs for obtaining the initial short‑lived token.
 
-
            client = OAuth2::Client.new(nil, nil, site: “https://graph.instagram.com”)
            
+client = OAuth2::Client.new(nil, nil, site: "https://graph.instagram.com")
 
-
            Start with a short‑lived token you already obtained via Facebook Login
            
-
            short_lived = OAuth2::AccessToken.new(
+# Start with a short‑lived token you already obtained via Facebook Login
+short_lived = OAuth2::AccessToken.new(
   client,
-  ENV[“IG_SHORT_LIVED_TOKEN”],
+  ENV["IG_SHORT_LIVED_TOKEN"],
   # Key part: verb‑dependent mode
   mode: {get: :query, post: :header, delete: :header},
-)
            
+)
 
-
            1) Exchange for a long‑lived token (Instagram requires GET with access_token in query)
            
-
            #    Endpoint: GET https://graph.instagram.com/access_token
+# 1) Exchange for a long‑lived token (Instagram requires GET with access_token in query)
+#    Endpoint: GET https://graph.instagram.com/access_token
 #    Params: grant_type=ig_exchange_token, client_secret=APP_SECRET
 exchange = short_lived.get(
-  “/access_token”,
+  "/access_token",
   params: {
-    grant_type: “ig_exchange_token”,
-    client_secret: ENV[“IG_APP_SECRET”],
+    grant_type: "ig_exchange_token",
+    client_secret: ENV["IG_APP_SECRET"],
     # access_token param will be added automatically by the AccessToken (mode => :query for GET)
   },
 )
-long_lived_token_value = exchange.parsed[“access_token”]
            
+long_lived_token_value = exchange.parsed["access_token"]
 
-
            long_lived = OAuth2::AccessToken.new(
+long_lived = OAuth2::AccessToken.new(
   client,
   long_lived_token_value,
   mode: {get: :query, post: :header, delete: :header},
-)
            
+)
 
-
            2) Refresh the long‑lived token (Instagram uses GET with token in query)
            
-
            #    Endpoint: GET https://graph.instagram.com/refresh_access_token
+# 2) Refresh the long‑lived token (Instagram uses GET with token in query)
+#    Endpoint: GET https://graph.instagram.com/refresh_access_token
 refresh_resp = long_lived.get(
-  “/refresh_access_token”,
-  params: {grant_type: “ig_refresh_token”},
+  "/refresh_access_token",
+  params: {grant_type: "ig_refresh_token"},
 )
 long_lived = OAuth2::AccessToken.new(
   client,
-  refresh_resp.parsed[“access_token”],
+  refresh_resp.parsed["access_token"],
   mode: {get: :query, post: :header, delete: :header},
-)
            
+)
 
-
            3) Typical API GET request (token in query automatically)
            
-
            me = long_lived.get(“/me”, params: {fields: “id,username”}).parsed
            
+# 3) Typical API GET request (token in query automatically)
+me = long_lived.get("/me", params: {fields: "id,username"}).parsed
 
-
            4) Example POST (token sent via Bearer header automatically)
            
-
            # Note: Replace the path/params with a real Instagram Graph API POST you need,
+# 4) Example POST (token sent via Bearer header automatically)
+# Note: Replace the path/params with a real Instagram Graph API POST you need,
 # such as publishing media via the Graph API endpoints.
-# long_lived.post(“/me/media”, body: {image_url: “https://…”, caption: “hello”})
-```
            
+# long_lived.post("/me/media", body: {image_url: "https://...", caption: "hello"})
+
            
 
 
            Tips:
            
 
@@ -1195,24 +1167,22 @@ 
            Refresh Tokens
            
   
          • Manual refresh:
            • 
 
 
-
            ruby
-if access.expired?
+
            if access.expired?
   access = access.refresh
 end
-
            
+
            
 
 
              
   
            • Auto-refresh wrapper pattern:
              • 
 
            
 
-
            ```ruby
-class AutoRefreshingToken
+
            class AutoRefreshingToken
   def initialize(token_provider, store: nil)
     @token = token_provider
     @store = store # e.g., something that responds to read/write for token data
-  end
            
+  end
 
-
            def with(&blk)
+  def with(&blk)
     tok = ensure_fresh!
     blk ? blk.call(tok) : tok
   rescue OAuth2::Error => e
@@ -1223,23 +1193,23 @@ 
            Refresh Tokens
            
       retry
     end
     raise
-  end
            
+  end
 
-
            private
            
+private
 
-
            def ensure_fresh!
+  def ensure_fresh!
     if @token.expired? && @token.refresh_token
       @token = @token.refresh
       @store.write(@token.to_hash) if @store
     end
     @token
   end
-end
            
+end
 
-
            usage
            
-
            keeper = AutoRefreshingToken.new(access)
-keeper.with { |tok| tok.get(“/v1/protected”) }
-```
            
+# usage
+keeper = AutoRefreshingToken.new(access)
+keeper.with { |tok| tok.get("/v1/protected") }
+
            
 
 
            Persist the token across processes using AccessToken#to_hash and AccessToken.from_hash(client, hash).
            
 
@@ -1247,13 +1217,12 @@ 
            Token Revocation (RFC 7009)
            
 
 
            You can revoke either the access token or the refresh token.
            
 
-
            ```ruby
-# Revoke the current access token
-access.revoke(token_type_hint: :access_token)
            
+
            # Revoke the current access token
+access.revoke(token_type_hint: :access_token)
 
-
            Or explicitly revoke the refresh token (often also invalidates associated access tokens)
            
-
            access.revoke(token_type_hint: :refresh_token)
-```
            
+# Or explicitly revoke the refresh token (often also invalidates associated access tokens)
+access.revoke(token_type_hint: :refresh_token)
+
            
 
 
            Client Configuration Tips
            
 
@@ -1263,35 +1232,34 @@ 
            Mutual TLS (mTLS) client authenti
 
 
            Example using PEM files (certificate and key):
            
 
-
            ```ruby
-require “oauth2”
-require “openssl”
            
+
            require "oauth2"
+require "openssl"
 
-
            client = OAuth2::Client.new(
-  ENV.fetch(“CLIENT_ID”),
-  ENV.fetch(“CLIENT_SECRET”),
-  site: “https://example.com”,
-  authorize_url: “/oauth/authorize/”,
-  token_url: “/oauth/token/”,
+client = OAuth2::Client.new(
+  ENV.fetch("CLIENT_ID"),
+  ENV.fetch("CLIENT_SECRET"),
+  site: "https://example.com",
+  authorize_url: "/oauth/authorize/",
+  token_url: "/oauth/token/",
   auth_scheme: :tls_client_auth, # if your AS requires mTLS-based client authentication
   connection_opts: {
     ssl: {
-      client_cert: OpenSSL::X509::Certificate.new(File.read(“localhost.pem”)),
-      client_key: OpenSSL::PKey::RSA.new(File.read(“localhost-key.pem”)),
+      client_cert: OpenSSL::X509::Certificate.new(File.read("localhost.pem")),
+      client_key: OpenSSL::PKey::RSA.new(File.read("localhost-key.pem")),
       # Optional extras, uncomment as needed:
-      # ca_file: “/path/to/ca-bundle.pem”,   # custom CA(s)
+      # ca_file: "/path/to/ca-bundle.pem",   # custom CA(s)
       # verify: true                           # enable server cert verification (recommended)
     },
   },
-)
            
+)
 
-
            Example token request (any grant type can be used). The mTLS handshake
            
-
            # will occur automatically on HTTPS calls using the configured cert/key.
-access = client.client_credentials.get_token
            
+# Example token request (any grant type can be used). The mTLS handshake
+# will occur automatically on HTTPS calls using the configured cert/key.
+access = client.client_credentials.get_token
 
-
            Subsequent resource requests will also use mTLS on HTTPS endpoints of site:
            
-
            resp = access.get(“/v1/protected”)
-```
            
+# Subsequent resource requests will also use mTLS on HTTPS endpoints of `site`:
+resp = access.get("/v1/protected")
+
            
 
 
            Notes:
            
 
@@ -1316,25 +1284,23 @@ 
            Authentication schemes for the token request
            
 
-
            ruby
-OAuth2::Client.new(
+
            OAuth2::Client.new(
   id,
   secret,
-  site: "https://provider.example.com/",
+  site: "https://provider.example.com",
   auth_scheme: :basic_auth, # default. Alternatives: :request_body, :tls_client_auth, :private_key_jwt
 )
-
            
+
            
 
 
            Faraday connection, timeouts, proxy, custom adapter/middleware:
            
 
-
            ruby
-client = OAuth2::Client.new(
+
            client = OAuth2::Client.new(
   id,
   secret,
-  site: "https://provider.example.com/",
+  site: "https://provider.example.com",
   connection_opts: {
     request: {open_timeout: 5, timeout: 15},
-    proxy: ENV["HTTPS_PROXY"],
+    proxy: ENV["HTTPS_PROXY"],
     ssl: {verify: true},
   },
 ) do |faraday|
@@ -1342,19 +1308,18 @@ 
            Faraday conn
   # faraday.response :logger, Logger.new($stdout) # see OAUTH_DEBUG below
   faraday.adapter(:net_http_persistent) # or any Faraday adapter you need
 end
-
            
+
            
 
 
            Using flat query params (Faraday::FlatParamsEncoder)
            
 
 
            Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
            
 
-
            ```ruby
-require “faraday”
            
+
            require "faraday"
 
-
            client = OAuth2::Client.new(
+client = OAuth2::Client.new(
   id,
   secret,
-  site: “https://api.example.com”,
+  site: "https://api.example.com",
   # Pass Faraday connection options to make FlatParamsEncoder the default
   connection_opts: {
     request: {params_encoder: Faraday::FlatParamsEncoder},
@@ -1362,33 +1327,32 @@ 
            Using flat query param
 ) do |faraday|
   faraday.request(:url_encoded)
   faraday.adapter(:net_http)
-end
            
+end
 
-
            access = client.client_credentials.get_token
            
+access = client.client_credentials.get_token
 
-
            Example of a GET with two flat filter params (not an array):
            
-
            # Results in: ?filter=order.clientCreatedTime%3E1445006997000&filter=order.clientCreatedTime%3C1445611797000
+# Example of a GET with two flat filter params (not an array):
+# Results in: ?filter=order.clientCreatedTime%3E1445006997000&filter=order.clientCreatedTime%3C1445611797000
 resp = access.get(
-  “/v1/orders”,
+  "/v1/orders",
   params: {
     # Provide the values as an array; FlatParamsEncoder expands them as repeated keys
     filter: [
-      “order.clientCreatedTime>1445006997000”,
-      “order.clientCreatedTime<1445611797000”,
+      "order.clientCreatedTime>1445006997000",
+      "order.clientCreatedTime<1445611797000",
     ],
   },
 )
-```
            
+
            
 
 
            If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:
            
 
-
            ruby
-conn = Faraday.new("https://api.example.com/", request: {params_encoder: Faraday::FlatParamsEncoder})
-
            
+
            conn = Faraday.new("https://api.example.com", request: {params_encoder: Faraday::FlatParamsEncoder})
+
            
 
 
            Redirection
            
 
-
            The library follows up to max_redirects (default 5).
+
            The library follows up to max_redirects (default 5).
            
 You can override per-client via options[:max_redirects].
            
 
 
            Handling Responses and Errors
            
@@ -1397,52 +1361,48 @@ 
            Handling Responses and Errors
            
   
          • Parsing:
            • 
 
 
-
            ruby
-resp = access.get("/v1/thing")
+
            resp = access.get("/v1/thing")
 resp.status     # Integer
 resp.headers    # Hash
 resp.body       # String
 resp.parsed     # SnakyHash::StringKeyed or Array when JSON array
-
            
+
            
 
 
              
   
            • Error handling:
              • 
 
            
 
-
            ruby
-begin
-  access.get("/v1/forbidden")
+
            begin
+  access.get("/v1/forbidden")
 rescue OAuth2::Error => e
   e.code         # OAuth2 error code (when present)
   e.description  # OAuth2 error description (when present)
   e.response     # OAuth2::Response (full access to status/headers/body)
 end
-
            
+
            
 
 
              
   
            • Disable raising on 4xx/5xx to inspect the response yourself:
              • 
 
            
 
-
            ruby
-client = OAuth2::Client.new(id, secret, site: site, raise_errors: false)
-res = client.request(:get, "/v1/maybe-errors")
+
            client = OAuth2::Client.new(id, secret, site: site, raise_errors: false)
+res = client.request(:get, "/v1/maybe-errors")
 if res.status == 429
-  sleep res.headers["retry-after"].to_i
+  sleep res.headers["retry-after"].to_i
 end
-
            
+
            
 
 
            Making Raw Token Requests
            
 
 
            If a provider requires non-standard parameters or headers, you can call client.get_token directly:
            
 
-
            ruby
-access = client.get_token({
-  grant_type: "client_credentials",
-  audience: "https://api.example.com/",
-  headers: {"X-Custom" => "value"},
+
            access = client.get_token({
+  grant_type: "client_credentials",
+  audience: "https://api.example.com",
+  headers: {"X-Custom" => "value"},
   parse: :json, # override parsing
 })
-
            
+
            
 
 
            OpenID Connect (OIDC) Notes
            
 
@@ -1461,23 +1421,23 @@ 
            Debugging
            
 
 
            
 
-
            🦷 FLOSS Funding
            
+
            🦷 FLOSS Funding
            
 
-
            While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding.
+
            While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding.
            
 Raising a monthly budget of… “dollars” would make the project more sustainable.
            
 
-
            We welcome both individual and corporate sponsors! We also offer a
-wide array of funding channels to account for your preferences
+
            We welcome both individual and corporate sponsors! We also offer a
            
+wide array of funding channels to account for your preferences
            
 (although currently Open Collective is our preferred funding platform).
            
 
-
            If you’re working in a company that’s making significant use of ruby-oauth tools we’d
+
            If you’re working in a company that’s making significant use of ruby-oauth tools we’d
            
 appreciate it if you suggest to your company to become a ruby-oauth sponsor.
            
 
-
            You can support the development of ruby-oauth tools via
-GitHub Sponsors,
-Liberapay,
-PayPal,
-Open Collective
+
            You can support the development of ruby-oauth tools via
            
+GitHub Sponsors,
            
+Liberapay,
            
+PayPal,
            
+Open Collective
            
 and Tidelift.
            
 
 
@@ -1500,7 +1460,7 @@ 
            Open Collective for Individuals
            NOTE: kettle-readme-backers updates this list every day, automatically.
            
-
            No backers yet. Be the first!
+
            No backers yet. Be the first!
            
 
            Open Collective for Organizations
            
@@ -1510,7 +1470,7 @@ 
            Open Collective for Organizations
            NOTE: kettle-readme-backers updates this list every day, automatically.
            
-
            No sponsors yet. Be the first!
+
            No sponsors yet. Be the first!
            
 
            Another way to support open-source
            
@@ -1525,24 +1485,24 @@ 
            Another way to support open-sourceOpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS efforts at ko-fi.com Donate to my FLOSS efforts using Patreon
            
 
-
            🔐 Security
            
+
            🔐 Security
            
 
-
            To report a security vulnerability, please use the Tidelift security contact.
+
            To report a security vulnerability, please use the Tidelift security contact.
            
 Tidelift will coordinate the fix and disclosure.
            For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
            
 
-
            🤝 Contributing
            
+
            🤝 Contributing
            
 
-
            If you need some ideas of where to help, you could work on adding more code coverage,
-or if it is already 💯 (see below) check reek, issues, or PRs,
+
            If you need some ideas of where to help, you could work on adding more code coverage,
            
+or if it is already 💯 (see below) check reek, issues, or PRs,
            
 or use the gem and think about how it could be better.
            We Keep A Changelog so if you make changes, remember to update it.
            See CONTRIBUTING.md for more detailed instructions.
            
 
-
            🚀 Release Instructions
            
+
            🚀 Release Instructions
            See CONTRIBUTING.md.
            
 
@@ -1554,12 +1514,12 @@ 
            Code Coverage
            QLTY Test Coverage
            
 
-
            🪇 Code of Conduct
            
+
            🪇 Code of Conduct
            
 
-
            Everyone interacting with this project’s codebases, issue trackers,
+
            Everyone interacting with this project’s codebases, issue trackers,
            
 chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
            
 
-
            🌈 Contributors
            
+
            🌈 Contributors
            Contributors
            
 
@@ -1580,29 +1540,28 @@ 
            🌈 Contributors
            
 
-
            📌 Versioning
            
+
            📌 Versioning
            
 
-
            This Library adheres to Semantic Versioning 2.0.0.
-Violations of this scheme should be reported as bugs.
-Specifically, if a minor or patch version is released that breaks backward compatibility,
-a new version should be immediately released that restores compatibility.
+
            This Library adheres to Semantic Versioning 2.0.0.
            
+Violations of this scheme should be reported as bugs.
            
+Specifically, if a minor or patch version is released that breaks backward compatibility,
            
+a new version should be immediately released that restores compatibility.
            
 Breaking changes to the public API will only be introduced with new major versions.
            
-  
            dropping support for a platform is both obviously and objectively a breaking change 
            
+  
            dropping support for a platform is both obviously and objectively a breaking change 

            
 —Jordan Harband (@ljharb, maintainer of SemVer) in SemVer issue 716
            
 
            
 
-
            I understand that policy doesn’t work universally (“exceptions to every rule!”),
-but it is the policy here.
-As such, in many cases it is good to specify a dependency on this library using
+
            I understand that policy doesn’t work universally (“exceptions to every rule!”),
            
+but it is the policy here.
            
+As such, in many cases it is good to specify a dependency on this library using
            
 the Pessimistic Version Constraint with two digits of precision.
            For example:
            
 
-
            ruby
-spec.add_dependency("oauth2", "~> 2.0")
-
            
+
            spec.add_dependency("oauth2", "~> 2.0")
+
            
   📌 Is "Platform Support" part of the public API? More details inside.
@@ -1621,13 +1580,13 @@ 
            📌 Versioning
            
 
 
            See CHANGELOG.md for a list of releases.
            
 
-
            📄 License
            
+
            📄 License
            
 
-
            The gem is available as open source under the terms of
-the MIT License License: MIT.
+
            The gem is available as open source under the terms of
            
+the MIT License License: MIT.
            
 See LICENSE.txt for the official Copyright Notice.
            
 
-
+
            © Copyright
            
 
 
              
     
            • 
@@ -1644,13 +1603,13 @@ 
     
              • 
 
            
 
-
            🤑 A request for help
            
+
            🤑 A request for help
            
 
-
            Maintainers have teeth and need to pay their dentists.
-After getting laid off in an RIF in March, and encountering difficulty finding a new one,
-I began spending most of my time building open source tools.
-I’m hoping to be able to pay for my kids’ health insurance this month,
-so if you value the work I am doing, I need your support.
+
            Maintainers have teeth and need to pay their dentists.
            
+After getting laid off in an RIF in March, and encountering difficulty finding a new one,
            
+I began spending most of my time building open source tools.
            
+I’m hoping to be able to pay for my kids’ health insurance this month,
            
+so if you value the work I am doing, I need your support.
            
 Please consider sponsoring me or the project.
            
 
 
            To join the community or get help 👇️ Join the Discord.
            
@@ -1677,7 +1636,7 @@ 
            Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index a05b5068..05ae681e 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -69,20 +69,21 @@ 
            RuboCop Gradual
            
 
 
            RuboCop LTS
            
 
-
            This project uses rubocop-lts to ensure, on a best-effort basis, compatibility with Ruby >= 1.9.2.
+
            This project uses rubocop-lts to ensure, on a best-effort basis, compatibility with Ruby >= 1.9.2.
            
 RuboCop rules are meticulously configured by the rubocop-lts family of gems to ensure that a project is compatible with a specific version of Ruby. See: https://rubocop-lts.gitlab.io for more.
            
 
 
            Checking RuboCop Violations
            
 
 
            To check for RuboCop violations in this project, always use:
            
 
-
            bash
-bundle exec rake rubocop_gradual:check
-
            
+
            bundle exec rake rubocop_gradual:check
+
            
 
-
            Do not use the standard RuboCop commands like:
-- bundle exec rubocop
-- rubocop
            
+
            Do not use the standard RuboCop commands like:
            
+
              
+  
            • bundle exec rubocop
              • 
+  
            • rubocop
              • 
+
            
 
 
            Understanding the Lock File
            
 
@@ -121,7 +122,7 @@ 
            Common Commands
            
 
            Workflow
            
 
 
              
-  
            1. Before submitting a PR, run bundle exec rake rubocop_gradual:autocorrect
+  
            2. Before submitting a PR, run bundle exec rake rubocop_gradual:autocorrect
              
 a. or just the default bundle exec rake, as autocorrection is a pre-requisite of the default task.
              3. 
   
            3. If there are new violations, either:
     
                
@@ -149,7 +150,7 @@ 
                Never add inline RuboCop disables
                In general, treat the rules as guidance to follow; fix violations rather than ignore them. For example, RSpec conventions in this project expect described_class to be used in specs that target a specific class under test.
                
 
-
                Benefits of rubocop_gradual
                
+
                Benefits of rubocop_gradual
                
 
 
                  
   
                • Allows incremental adoption of code style rules
                  • 
@@ -160,7 +161,7 @@ 
                  Benefits of rubocop_gradual
                  
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 39842b81..76ca890a 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -78,22 +78,22 @@ 
                  Supported Versions
                  
 
 
                  Security contact information
                  
 
-
                  To report a security vulnerability, please use the
-Tidelift security contact.
+
                  To report a security vulnerability, please use the
                  
+Tidelift security contact.
                  
 Tidelift will coordinate the fix and disclosure.
                  
 
 
                  More detailed explanation of the process is in IRP.md
                  
 
 
                  Additional Support
                  
 
-
                  If you are interested in support for versions older than the latest release,
-please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
+
                  If you are interested in support for versions older than the latest release,
                  
+please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
                  
 or find other sponsorship links in the README.
                  
 
 
 
       
diff --git a/docs/file.THREAT_MODEL.html b/docs/file.THREAT_MODEL.html
index 71e52de8..7bd7cc73 100644
--- a/docs/file.THREAT_MODEL.html
+++ b/docs/file.THREAT_MODEL.html
@@ -59,10 +59,10 @@
 
       
                  Threat Model Outline for oauth2 Ruby Gem
                  
 
-
                  1. Overview
                  
+
                  1. Overview
                  
 
                  This document outlines the threat model for the oauth2 Ruby gem, which implements OAuth 2.0, 2.1, and OIDC Core protocols. The gem is used to facilitate secure authorization and authentication in Ruby applications.
                  
 
-
                  2. Assets to Protect
                  
+
                  2. Assets to Protect
                  
 
                    
   
                  • OAuth access tokens, refresh tokens, and ID tokens
                    • 
   
                  • User credentials (if handled)
                    • 
@@ -71,7 +71,7 @@ 
                    2. Assets to Protect
                    
   
                  • Private keys and certificates (for signing/verifying tokens)
                    • 
 
                  
 
-
                  3. Potential Threat Actors
                  
+
                  3. Potential Threat Actors
                  
 
                    
   
                  • External attackers (internet-based)
                    • 
   
                  • Malicious OAuth clients or resource servers
                    • 
@@ -79,7 +79,7 @@ 
                    3. Potential Threat Actors
                    
   
                  • Compromised dependencies
                    • 
 
                  
 
-
                  4. Attack Surfaces
                  
+
                  4. Attack Surfaces
                  
 
                    
   
                  • OAuth endpoints (authorization, token, revocation, introspection)
                    • 
   
                  • HTTP request/response handling
                    • 
@@ -88,9 +88,9 @@ 
                    4. Attack Surfaces
                    
   
                  • Dependency supply chain
                    • 
 
                  
 
-
                  5. Threats and Mitigations
                  
+
                  5. Threats and Mitigations
                  
 
-
                  5.1 Token Leakage
                  
+
                  5.1 Token Leakage
                  
 
                    
   
                  • 
 Threat: Tokens exposed via logs, URLs, or insecure storage
                    • 
@@ -104,7 +104,7 @@ 
                    5.1 Token Leakage
                    
   
 
                  
 
-
                  5.2 Token Replay and Forgery
                  
+
                  5.2 Token Replay and Forgery
                  
 
                    
   
                  • 
 Threat: Attackers reuse or forge tokens
                    • 
@@ -118,7 +118,7 @@ 
                    5.2 Token Replay and Forgery
                    
   
 
                  
 
-
                  5.3 Insecure Communication
                  
+
                  5.3 Insecure Communication
                  
 
                    
   
                  • 
 Threat: Data intercepted via MITM attacks
                    • 
@@ -131,7 +131,7 @@ 
                    5.3 Insecure Communication
                    
   
 
                  
 
-
                  5.4 Client Secret Exposure
                  
+
                  5.4 Client Secret Exposure
                  
 
                    
   
                  • 
 Threat: Client secrets leaked in code or version control
                    • 
@@ -144,7 +144,7 @@ 
                    5.4 Client Secret Exposure
                    
   
 
                  
 
-
                  5.5 Dependency Vulnerabilities
                  
+
                  5.5 Dependency Vulnerabilities
                  
 
                    
   
                  • 
 Threat: Vulnerabilities in third-party libraries
                    • 
@@ -157,7 +157,7 @@ 
                    5.5 Dependency Vulnerabilities
                    
   
 
                  
 
-
                  5.6 Improper Input Validation
                  
+
                  5.6 Improper Input Validation
                  
 
                    
   
                  • 
 Threat: Injection attacks via untrusted input
                    • 
@@ -170,7 +170,7 @@ 
                    5.6 Improper Input Validation
                    
   
 
                  
 
-
                  5.7 Insufficient Logging and Monitoring
                  
+
                  5.7 Insufficient Logging and Monitoring
                  
 
                    
   
                  • 
 Threat: Attacks go undetected
                    • 
@@ -183,19 +183,19 @@ 
                    5.7 Insufficient Logging and Monito
   
 
                  
 
-
                  6. Assumptions
                  
+
                  6. Assumptions
                  
 
                    
   
                  • The gem is used in a secure environment with up-to-date Ruby and dependencies
                    • 
   
                  • End-users are responsible for secure configuration and deployment
                    • 
 
                  
 
-
                  7. Out of Scope
                  
+
                  7. Out of Scope
                  
 
                    
   
                  • Security of external OAuth providers
                    • 
   
                  • Application-level business logic
                    • 
 
                  
 
-
                  8. References
                  
+
                  8. References
                  
 
                  
 
       
diff --git a/docs/index.html b/docs/index.html
index 57948e36..53a7821f 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -99,7 +99,7 @@
 
 
                  Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Chris Messina, CC BY-SA 3.0
                  
 
-
                  🔐 OAuth 2.0 Authorization Framework
                  
+
                  🔐 OAuth 2.0 Authorization Framework
                  
 
 
                  ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
                  
 
@@ -113,11 +113,11 @@ 
                  🔐 OAuth 2.0 Authorization Framework
 
 
                  OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate at ko-fi.com
                  
 
-
                  🌻 Synopsis
                  
+
                  🌻 Synopsis
                  
 
-
                  OAuth 2.0 is the industry-standard protocol for authorization.
-OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
-    desktop applications, mobile phones, and living room devices.
+
                  OAuth 2.0 is the industry-standard protocol for authorization.
                  
+OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
                  
+    desktop applications, mobile phones, and living room devices.
                  
 This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications.
                  
 
 
                  Quick Examples
                  
@@ -125,29 +125,27 @@ 
                  Quick Examples
                  
 
                  
   Convert the following `curl` command into a token request using this gem...
 
-  
                  shell
-curl --request POST \
-  --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \
-  --header 'content-type: application/x-www-form-urlencoded' \
+  
                  curl --request POST \
+  --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \
+  --header 'content-type: application/x-www-form-urlencoded' \
   --data grant_type=client_credentials \
   --data client_id=REDMOND_CLIENT_ID \
   --data client_secret=REDMOND_CLIENT_SECRET \
   --data resource=REDMOND_RESOURCE_UUID
-
                  
+
                  
 
   
                  NOTE: In the ruby version below, certain params are passed to the get_token call, instead of the client creation.
                  
 
-  
                  ruby
-OAuth2::Client.new(
-  "REDMOND_CLIENT_ID", # client_id
-  "REDMOND_CLIENT_SECRET", # client_secret
+  
                  OAuth2::Client.new(
+  "REDMOND_CLIENT_ID", # client_id
+  "REDMOND_CLIENT_SECRET", # client_secret
   auth_scheme: :request_body, # Other modes are supported: :basic_auth, :tls_client_auth, :private_key_jwt
-  token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path
-  site: "https://login.microsoftonline.com/REDMOND_REDACTED",
+  token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path
+  site: "https://login.microsoftonline.com/REDMOND_REDACTED",
 ). # The base path for token_url when it is relative
   client_credentials. # There are many other types to choose from!
-  get_token(resource: "REDMOND_RESOURCE_UUID")
-
                  
+  get_token(resource: "REDMOND_RESOURCE_UUID")
+
                  
 
   
                  NOTE: header - The content type specified in the curl is already the default!
                  
 
@@ -161,29 +159,26 @@ 
                  Quick Examples
                  
     
                • E2E example does not ship with the released gem, so clone the source to play with it.
                  • 
   
                
 
-  
                console
-docker compose -f docker-compose-ssl.yml up -d --wait
+  
                docker compose -f docker-compose-ssl.yml up -d --wait
 ruby examples/e2e.rb
 # If your machine is slow or Docker pulls are cold, increase the wait:
 E2E_WAIT_TIMEOUT=120 ruby examples/e2e.rb
 # The mock server serves HTTP on 8080; the example points to http://localhost:8080 by default.
-
                
+
                
 
   
                The output should be something like this:
                
 
-  
                console
-➜  ruby examples/e2e.rb
+  
                ➜  ruby examples/e2e.rb
 Access token (truncated): eyJraWQiOiJkZWZhdWx0...
 userinfo status: 200
-userinfo body: {"sub" => "demo-sub", "aud" => ["demo-aud"], "nbf" => 1757816758000, "iss" => "http://localhost:8080/default", "exp" => 1757820358000, "iat" => 1757816758000, "jti" => "d63b97a7-ebe5-4dea-93e6-d542caba6104"}
+userinfo body: {"sub" => "demo-sub", "aud" => ["demo-aud"], "nbf" => 1757816758000, "iss" => "http://localhost:8080/default", "exp" => 1757820358000, "iat" => 1757816758000, "jti" => "d63b97a7-ebe5-4dea-93e6-d542caba6104"}
 E2E complete
-
                
+
                
 
   
                Make sure to shut down the mock server when you are done:
                
 
-  
                console
-docker compose -f docker-compose-ssl.yml down
-
                
+  
                docker compose -f docker-compose-ssl.yml down
+
                
 
   
                Troubleshooting: validate connectivity to the mock server
                
 
@@ -253,7 +248,7 @@ 
                Quick Examples
                
 oauth sibling gem for OAuth 1.0a implementations in Ruby.
 
              
 
-
              💡 Info you can shake a stick at
              
+
              💡 Info you can shake a stick at
              
 
 
            
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
            
@@ -417,7 +412,7 @@ 
            Federated DVCS
            
 
-
            Enterprise Support Tidelift
+
            Enterprise Support Tidelift
 
            Available as part of the Tidelift Subscription.
            
@@ -446,21 +441,19 @@ 
            ✨ Installation
            
+
            ✨ Installation
            Install the gem and add to the application’s Gemfile by executing:
            
 
-
            console
-bundle add oauth2
-
            
+
            bundle add oauth2
+
            If bundler is not being used to manage dependencies, install the gem by executing:
            
 
-
            console
-gem install oauth2
-
            
+
            gem install oauth2
+
            
 
-
            🔒 Secure Installation
            
+
            🔒 Secure Installation
            
   For Medium or High Security Installations
@@ -471,15 +464,13 @@ 
            🔒 Secure Installation
            
 
   
            Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
            
 
-  
            console
-gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem)
-
            
+  
            gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem)
+
            
 
   
            You only need to do that once.  Then proceed to install with:
            
 
-  
            console
-gem install oauth2 -P MediumSecurity
-
            
+  
            gem install oauth2 -P MediumSecurity
+
            
 
   
            The MediumSecurity trust profile will verify signed gems, but allow the installation of unsigned dependencies.
            
 
@@ -487,9 +478,8 @@ 
            🔒 Secure Installation
            
 
   
            If you want to up your security game full-time:
            
 
-  
            console
-bundle config set --global trust-policy MediumSecurity
-
            
+  
            bundle config set --global trust-policy MediumSecurity
+
            
 
   
            MediumSecurity instead of HighSecurity is necessary if not all the gems you use are signed.
            
 
@@ -545,9 +535,9 @@ 
            What is new for v2.0?
            
 
 
            Compatibility
            
 
-
            Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
-Compatibility is further distinguished as “Best Effort Support” or “Incidental Support” for older versions of Ruby.
-This gem will install on Ruby versions >= v2.2 for 2.x releases.
+
            Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
            
+Compatibility is further distinguished as “Best Effort Support” or “Incidental Support” for older versions of Ruby.
            
+This gem will install on Ruby versions >= v2.2 for 2.x releases.
            
 See 1-4-stable branch for older rubies.
            
 
 
            
@@ -618,98 +608,93 @@ 
            Compatibility
            
   
 
            
   
 
 
 
 
 
 
 
 
 
 
            
 
-
            NOTE: The 1.4 series will only receive critical security updates.
+
            NOTE: The 1.4 series will only receive critical security updates.
            
 See SECURITY.md and IRP.md.
            
 
-
            ⚙️ Configuration
            
+
            ⚙️ Configuration
            
 
 
            You can turn on additional warnings.
            
 
-
            ruby
-OAuth2.configure do |config|
+
            OAuth2.configure do |config|
   # Turn on a warning like:
-  #   OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key
+  #   OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key
   config.silence_extra_tokens_warning = false # default: true
   # Set to true if you want to also show warnings about no tokens
   config.silence_no_tokens_warning = false # default: true,
 end
-
            
+
            
 
-
            The “extra tokens” problem comes from ambiguity in the spec about which token is the right token.
-Some OAuth 2.0 standards legitimately have multiple tokens.
-You may need to subclass OAuth2::AccessToken, or write your own custom alternative to it, and pass it in.
+
            The “extra tokens” problem comes from ambiguity in the spec about which token is the right token.
            
+Some OAuth 2.0 standards legitimately have multiple tokens.
            
+You may need to subclass OAuth2::AccessToken, or write your own custom alternative to it, and pass it in.
            
 Specify your custom class with the access_token_class option.
            
 
-
            If you only need one token, you can, as of v2.0.10,
-specify the exact token name you want to extract via the OAuth2::AccessToken using
+
            If you only need one token, you can, as of v2.0.10,
            
+specify the exact token name you want to extract via the OAuth2::AccessToken using
            
 the token_name option.
            
 
-
            You’ll likely need to do some source diving.
-This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
+
            You’ll likely need to do some source diving.
            
+This gem has 100% test coverage for lines and branches, so the specs are a great place to look for ideas.
            
 If you have time and energy, please contribute to the documentation!
            
 
-
            🔧 Basic Usage
            
+
            🔧 Basic Usage
            
 
-
            
+
            
 authorize_url and token_url are on site root (Just Works!)
            
 
-
            ```ruby
-require “oauth2”
-client = OAuth2::Client.new(“client_id”, “client_secret”, site: “https://example.org”)
-# => #<OAuth2::Client:0x00000001204c8288 @id=”client_id”, @secret=”client_sec…
-client.auth_code.authorize_url(https://github.com/redirect_uri:%20%E2%80%9Chttp://localhost:8080/oauth2/callback%E2%80%9D)
-# => “https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code”
            
+
            require "oauth2"
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org")
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
+# => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
 
-
            access = client.auth_code.get_token(“authorization_code_value”, redirect_uri: “http://localhost:8080/oauth2/callback”, headers: {”Authorization” => “Basic some_password”})
-response = access.get(“/api/resource”, params: {”query_foo” => “bar”})
+access = client.auth_code.get_token("authorization_code_value", redirect_uri: "http://localhost:8080/oauth2/callback", headers: {"Authorization" => "Basic some_password"})
+response = access.get("/api/resource", params: {"query_foo" => "bar"})
 response.class.name
 # => OAuth2::Response
-```
            
+
            
 
-
            Relative authorize_url and token_url (Not on site root, Just Works!)
            
+
            Relative authorize_url and token_url (Not on site root, Just Works!)
            
 
 
            In the above example, the default Authorization URL is oauth/authorize and default Access Token URL is oauth/token, and, as they are missing a leading /, both are relative.
            
 
-
            ruby
-client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
-# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
-client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth2/callback")
-# => "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
-
            
+
            client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
+# => "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+
            
 
-
            Customize authorize_url and token_url
+
            Customize authorize_url and token_url
 
            
 
 
            You can specify custom URLs for authorization and access token, and when using a leading / they will not be relative, as shown below:
            
 
-
            ruby
-client = OAuth2::Client.new(
-  "client_id",
-  "client_secret",
-  site: "https://example.org/nested/directory/on/your/server",
-  authorize_url: "/jaunty/authorize/",
-  token_url: "/stirrups/access_token",
+
            client = OAuth2::Client.new(
+  "client_id",
+  "client_secret",
+  site: "https://example.org/nested/directory/on/your/server",
+  authorize_url: "/jaunty/authorize/",
+  token_url: "/stirrups/access_token",
 )
-# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
-client.auth_code.authorize_url(https://github.com/redirect_uri:%20%22http://localhost:8080/oauth2/callback")
-# => "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
+# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
+client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth2/callback")
+# => "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
 client.class.name
 # => OAuth2::Client
-
            
+
            
 
-
            snake_case and indifferent access in Response#parsed
            
+
            snake_case and indifferent access in Response#parsed
            
 
-
            ruby
-response = access.get("/api/resource", params: {"query_foo" => "bar"})
+
            response = access.get("/api/resource", params: {"query_foo" => "bar"})
 # Even if the actual response is CamelCase. it will be made available as snaky:
-JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
-response.parsed                   # => {"access_token"=>"aaaaaaaa", "additional_data"=>"additional"}
-response.parsed.access_token      # => "aaaaaaaa"
-response.parsed[:access_token]    # => "aaaaaaaa"
-response.parsed.additional_data   # => "additional"
-response.parsed[:additional_data] # => "additional"
+JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed                   # => {"access_token"=>"aaaaaaaa", "additional_data"=>"additional"}
+response.parsed.access_token      # => "aaaaaaaa"
+response.parsed[:access_token]    # => "aaaaaaaa"
+response.parsed.additional_data   # => "additional"
+response.parsed[:additional_data] # => "additional"
 response.parsed.class.name        # => SnakyHash::StringKeyed (from snaky_hash gem)
-
            
+
            
 
 
            Serialization
            
 
@@ -721,83 +706,80 @@ 
            Global Serialization Config
            
 
 
            Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails).
            
 
-
            ruby
-SnakyHash::StringKeyed.class_eval do
+
            SnakyHash::StringKeyed.class_eval do
   extend SnakyHash::Serializer
 end
-
            
+
            
 
 
            Discrete Serialization Config
            
 
 
            Discretely configure a custom Snaky Hash class to use the serializer.
            
 
-
            ```ruby
-class MySnakyHash < SnakyHash::StringKeyed
-  # Give this hash class dump and load abilities!
+
            class MySnakyHash < SnakyHash::StringKeyed
+  # Give this hash class `dump` and `load` abilities!
   extend SnakyHash::Serializer
-end
            
+end
 
-
            And tell your client to use the custom class in each call:
            
-
            client = OAuth2::Client.new(“client_id”, “client_secret”, site: “https://example.org/oauth2”)
+# And tell your client to use the custom class in each call:
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
 token = client.get_token({snaky_hash_klass: MySnakyHash})
-```
            
+
            
 
 
            Serialization Extensions
            
 
 
            These extensions work regardless of whether you used the global or discrete config above.
            
 
-
            There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
-They are likely not needed if you are on a newer Ruby.
-Expand the examples below, or the ruby-oauth/snaky_hash gem,
+
            There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
            
+They are likely not needed if you are on a newer Ruby.
            
+Expand the examples below, or the ruby-oauth/snaky_hash gem,
            
 or response_spec.rb, for more ideas, especially if you need to study the hacks for older Rubies.
            
 
 
            
   See Examples
 
-  
            ```ruby
-class MySnakyHash < SnakyHash::StringKeyed
-  # Give this hash class dump and load abilities!
-  extend SnakyHash::Serializer
            
+  
            class MySnakyHash < SnakyHash::StringKeyed
+  # Give this hash class `dump` and `load` abilities!
+  extend SnakyHash::Serializer
 
-  
            #### Serialization Extentions
+  #### Serialization Extentions
   #
   # Act on the non-hash values (including the values of hashes) as they are dumped to JSON
   # In other words, this retains nested hashes, and only the deepest leaf nodes become bananas.
   # WARNING: This is a silly example!
   dump_value_extensions.add(:to_fruit) do |value|
-    “banana” # => Make values “banana” on dump
-  end
            
+    "banana" # => Make values "banana" on dump
+  end
 
-  
            # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
-  # In other words, this retains nested hashes, and only the deepest leaf nodes become .
+  # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
+  # In other words, this retains nested hashes, and only the deepest leaf nodes become ***.
   # WARNING: This is a silly example!
   load_value_extensions.add(:to_stars) do |value|
-    “” # Turn dumped bananas into *** when they are loaded
-  end
            
+    "***" # Turn dumped bananas into *** when they are loaded
+  end
 
-  
            # Act on the entire hash as it is prepared for dumping to JSON
+  # Act on the entire hash as it is prepared for dumping to JSON
   # WARNING: This is a silly example!
   dump_hash_extensions.add(:to_cheese) do |value|
     if value.is_a?(Hash)
       value.transform_keys do |key|
-        split = key.split(“_”)
+        split = key.split("_")
         first_word = split[0]
-        key.sub(first_word, “cheese”)
+        key.sub(first_word, "cheese")
       end
     else
       value
     end
-  end
            
+  end
 
-  
            # Act on the entire hash as it is loaded from the JSON dump
+  # Act on the entire hash as it is loaded from the JSON dump
   # WARNING: This is a silly example!
   load_hash_extensions.add(:to_pizza) do |value|
     if value.is_a?(Hash)
       res = klass.new
       value.keys.each_with_object(res) do |key, result|
-        split = key.split(“_”)
+        split = key.split("_")
         last_word = split[-1]
-        new_key = key.sub(last_word, “pizza”)
+        new_key = key.sub(last_word, "pizza")
         result[new_key] = value[key]
       end
       res
@@ -806,64 +788,61 @@ 
            Serialization Extensions
            
     end
   end
 end
-```
            
+
            
 
 
            
 
-
            Prefer camelCase over snake_case? => snaky: false
            
+
            Prefer camelCase over snake_case? => snaky: false
            
 
-
            ruby
-response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
-JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
-response.parsed                   # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
-response.parsed["accessToken"]    # => "aaaaaaaa"
-response.parsed["additionalData"] # => "additional"
+
            response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
+JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed                   # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
+response.parsed["accessToken"]    # => "aaaaaaaa"
+response.parsed["additionalData"] # => "additional"
 response.parsed.class.name        # => Hash (just, regular old Hash)
-
            
+
            
 
 
            
   Debugging & Logging
 
   
            Set an environment variable as per usual (e.g. with dotenv).
            
 
-  
            ruby
-# will log both request and response, including bodies
-ENV["OAUTH_DEBUG"] = "true"
-
            
+  
            # will log both request and response, including bodies
+ENV["OAUTH_DEBUG"] = "true"
+
            
 
   
            By default, debug output will go to $stdout. This can be overridden when
 initializing your OAuth2::Client.
            
 
-  
            ruby
-require "oauth2"
+  
            require "oauth2"
 client = OAuth2::Client.new(
-  "client_id",
-  "client_secret",
-  site: "https://example.org/",
-  logger: Logger.new("example.log", "weekly"),
+  "client_id",
+  "client_secret",
+  site: "https://example.org",
+  logger: Logger.new("example.log", "weekly"),
 )
-
            
+
            
 
 
            
 
 
            OAuth2::Response
            
 
-
            The AccessToken methods #get, #post, #put and #delete and the generic #request
+
            The AccessToken methods #get, #post, #put and #delete and the generic #request
            
 will return an instance of the #OAuth2::Response class.
            
 
-
            This instance contains a #parsed method that will parse the response body and
-return a Hash-like SnakyHash::StringKeyed if the Content-Type is application/x-www-form-urlencoded or if
-the body is a JSON object.  It will return an Array if the body is a JSON
+
            This instance contains a #parsed method that will parse the response body and
            
+return a Hash-like SnakyHash::StringKeyed if the Content-Type is application/x-www-form-urlencoded or if
            
+the body is a JSON object.  It will return an Array if the body is a JSON
            
 array.  Otherwise, it will return the original body string.
            
 
-
            The original response body, headers, and status can be accessed via their
+
            The original response body, headers, and status can be accessed via their
            
 respective methods.
            
 
 
            OAuth2::AccessToken
            
 
-
            If you have an existing Access Token for a user, you can initialize an instance
-using various class methods including the standard new, from_hash (if you have
-a hash of the values), or from_kvform (if you have an
+
            If you have an existing Access Token for a user, you can initialize an instance
            
+using various class methods including the standard new, from_hash (if you have
            
+a hash of the values), or from_kvform (if you have an
            
 application/x-www-form-urlencoded encoded string of the values).
            
 
 
            Options (since v2.0.x unless noted):
            
@@ -928,14 +907,14 @@ 
            OAuth2::AccessToken
            
 
 
            OAuth2::Error
            
 
-
            On 400+ status code responses, an OAuth2::Error will be raised.  If it is a
-standard OAuth2 error response, the body will be parsed and #code and #description will contain the values provided from the error and
-error_description parameters.  The #response property of OAuth2::Error will
+
            On 400+ status code responses, an OAuth2::Error will be raised.  If it is a
            
+standard OAuth2 error response, the body will be parsed and #code and #description will contain the values provided from the error and
            
+error_description parameters.  The #response property of OAuth2::Error will
            
 always contain the OAuth2::Response instance.
            
 
-
            If you do not want an error to be raised, you may use :raise_errors => false
-option on initialization of the client.  In this case the OAuth2::Response
-instance will be returned as usual and on 400+ status code responses, the
+
            If you do not want an error to be raised, you may use :raise_errors => false
            
+option on initialization of the client.  In this case the OAuth2::Response
            
+instance will be returned as usual and on 400+ status code responses, the
            
 Response instance will contain the OAuth2::Error instance.
            
 
 
            Authorization Grants
            
@@ -962,55 +941,53 @@ 
            Authorization Grants
            
   
          • Differences overview: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
            • 
 
 
-
            Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
-authentication grant types have helper strategy classes that simplify client
-use. They are available via the #auth_code,
-#implicit,
-#password,
-#client_credentials, and
+
            Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
            
+authentication grant types have helper strategy classes that simplify client
            
+use. They are available via the #auth_code,
            
+#implicit,
            
+#password,
            
+#client_credentials, and
            
 #assertion methods respectively.
            
 
 
            These aren’t full examples, but demonstrative of the differences between usage for each strategy.
            
 
-
            ```ruby
-auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20%E2%80%9Chttp://localhost:8080/oauth/callback%E2%80%9D)
-access = client.auth_code.get_token(“code_value”, redirect_uri: “http://localhost:8080/oauth/callback”)
            
+
            auth_url = client.auth_code.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth/callback")
+access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback")
 
-
            auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20%E2%80%9Chttp://localhost:8080/oauth/callback%E2%80%9D)
+auth_url = client.implicit.authorize_url(https://github.com/redirect_uri:%20"http://localhost:8080/oauth/callback")
 # get the token params in the callback and
-access = OAuth2::AccessToken.from_kvform(client, query_string)
            
+access = OAuth2::AccessToken.from_kvform(client, query_string)
 
-
            access = client.password.get_token(“username”, “password”)
            
+access = client.password.get_token("username", "password")
 
-
            access = client.client_credentials.get_token
            
+access = client.client_credentials.get_token
 
-
            Client Assertion Strategy
            
-
            # see: https://tools.ietf.org/html/rfc7523
+# Client Assertion Strategy
+# see: https://tools.ietf.org/html/rfc7523
 claimset = {
-  iss: “http://localhost:3001”,
-  aud: “http://localhost:8080/oauth2/token”,
-  sub: “me@example.com”,
+  iss: "http://localhost:3001",
+  aud: "http://localhost:8080/oauth2/token",
+  sub: "me@example.com",
   exp: Time.now.utc.to_i + 3600,
 }
-assertion_params = [claimset, “HS256”, “secret_key”]
-access = client.assertion.get_token(assertion_params)
            
+assertion_params = [claimset, "HS256", "secret_key"]
+access = client.assertion.get_token(assertion_params)
 
-
            The access (i.e. access token) is then used like so:
            
-
            access.token # actual access_token string, if you need it somewhere
-access.get(“/api/stuff”) # making api calls with access token
-```
            
+# The `access` (i.e. access token) is then used like so:
+access.token # actual access_token string, if you need it somewhere
+access.get("/api/stuff") # making api calls with access token
+
            
 
-
            If you want to specify additional headers to be sent out with the
+
            If you want to specify additional headers to be sent out with the
            
 request, add a ‘headers’ hash under ‘params’:
            
 
-
            ruby
-access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: {"Some" => "Header"})
-
            
+
            access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: {"Some" => "Header"})
+
            
 
-
            You can always use the #request method on the OAuth2::Client instance to make
+
            You can always use the #request method on the OAuth2::Client instance to make
            
 requests for tokens for any Authentication grant type.
            
 
-
            📘 Comprehensive Usage
            
+
            📘 Comprehensive Usage
            
 
 
            Common Flows (end-to-end)
            
 
@@ -1018,88 +995,84 @@ 
            Common Flows (end-to-end)
            
   
          • Authorization Code (server-side web app):
            • 
 
 
-
            ```ruby
-require “oauth2”
+
            require "oauth2"
 client = OAuth2::Client.new(
-  ENV[“CLIENT_ID”],
-  ENV[“CLIENT_SECRET”],
-  site: “https://provider.example.com”,
-  redirect_uri: “https://my.app.example.com/oauth/callback”,
-)
            
-
-
            Step 1: redirect user to consent
            
-
            state = SecureRandom.hex(16)
-auth_url = client.auth_code.authorize_url(/service/scope: %E2%80%9Copenid profile email%E2%80%9D, state: state)
-# redirect_to auth_url
            
-
-
            Step 2: handle the callback
            
-
            # params[:code], params[:state]
-raise “state mismatch” unless params[:state] == state
-access = client.auth_code.get_token(params[:code])
            
-
-
            Step 3: call APIs
            
-
            profile = access.get(“/api/v1/me”).parsed
-```
            
+  ENV["CLIENT_ID"],
+  ENV["CLIENT_SECRET"],
+  site: "https://provider.example.com",
+  redirect_uri: "https://my.app.example.com/oauth/callback",
+)
+
+# Step 1: redirect user to consent
+state = SecureRandom.hex(16)
+auth_url = client.auth_code.authorize_url(/service/scope: "openid profile email", state: state)
+# redirect_to auth_url
+
+# Step 2: handle the callback
+# params[:code], params[:state]
+raise "state mismatch" unless params[:state] == state
+access = client.auth_code.get_token(params[:code])
+
+# Step 3: call APIs
+profile = access.get("/api/v1/me").parsed
+
            
 
 
              
   
            • Client Credentials (machine-to-machine):
              • 
 
            
 
-
            ruby
-client = OAuth2::Client.new(ENV["CLIENT_ID"], ENV["CLIENT_SECRET"], site: "https://provider.example.com/")
-access = client.client_credentials.get_token(audience: "https://api.example.com/")
-resp = access.get("/v1/things")
-
            
+
            client = OAuth2::Client.new(ENV["CLIENT_ID"], ENV["CLIENT_SECRET"], site: "https://provider.example.com")
+access = client.client_credentials.get_token(audience: "https://api.example.com")
+resp = access.get("/v1/things")
+
            
 
 
              
   
            • Resource Owner Password (legacy; avoid when possible):
              • 
 
            
 
-
            ruby
-access = client.password.get_token("jdoe", "s3cret", scope: "read")
-
            
+
            access = client.password.get_token("jdoe", "s3cret", scope: "read")
+
            
 
 
            Examples
            
 
 
            
   JHipster UAA (Spring Cloud) password grant example (legacy; avoid when possible)
 
-  
            ```ruby
-# This converts a Postman/Net::HTTP multipart token request to oauth2 gem usage.
+  
            # This converts a Postman/Net::HTTP multipart token request to oauth2 gem usage.
 # JHipster UAA typically exposes the token endpoint at /uaa/oauth/token.
 # The original snippet included:
 # - Basic Authorization header for the client (web_app:changeit)
 # - X-XSRF-TOKEN header from a cookie (some deployments require it)
 # - grant_type=password with username/password and client_id
-# Using oauth2 gem, you don’t need to build multipart bodies; the gem sends
-# application/x-www-form-urlencoded as required by RFC 6749.
            
+# Using oauth2 gem, you don't need to build multipart bodies; the gem sends
+# application/x-www-form-urlencoded as required by RFC 6749.
 
-  
            require “oauth2”
            
+require "oauth2"
 
-  
            client = OAuth2::Client.new(
-  “web_app”,            # client_id
-  “changeit”,           # client_secret
-  site: “http://localhost:8080/uaa”,
-  token_url: “/oauth/token”,      # absolute under site (or “oauth/token” relative)
+client = OAuth2::Client.new(
+  "web_app",            # client_id
+  "changeit",           # client_secret
+  site: "http://localhost:8080/uaa",
+  token_url: "/oauth/token",      # absolute under site (or "oauth/token" relative)
   auth_scheme: :basic_auth,         # sends HTTP Basic Authorization header
-)
            
+)
 
-  
            If your UAA requires an XSRF header for the token call, provide it as a header.
            
-  
            # Often this is not required for token endpoints, but if your gateway enforces it,
+# If your UAA requires an XSRF header for the token call, provide it as a header.
+# Often this is not required for token endpoints, but if your gateway enforces it,
 # obtain the value from the XSRF-TOKEN cookie and pass it here.
-xsrf_token = ENV[“X_XSRF_TOKEN”] # e.g., pulled from a prior set-cookie value
            
+xsrf_token = ENV["X_XSRF_TOKEN"] # e.g., pulled from a prior set-cookie value
 
-  
            access = client.password.get_token(
-  “admin”,                 # username
-  “admin”,                 # password
-  headers: xsrf_token ? {”X-XSRF-TOKEN” => xsrf_token} : {},
+access = client.password.get_token(
+  "admin",                 # username
+  "admin",                 # password
+  headers: xsrf_token ? {"X-XSRF-TOKEN" => xsrf_token} : {},
   # JHipster commonly also accepts/needs the client_id in the body; include if required:
-  # client_id: “web_app”,
-)
            
+  # client_id: "web_app",
+)
 
-  
            puts access.token
+puts access.token
 puts access.to_hash # full token response
-```
            
+
            
 
   
            Notes:
            
 
@@ -1124,61 +1097,60 @@ 
            Instagram API (verb‑dependent
 
 
            Example: exchanging and refreshing long‑lived Instagram tokens, and making API calls
            
 
-
            ```ruby
-require “oauth2”
            
+
            require "oauth2"
 
-
            NOTE: Users authenticate via Facebook Login to obtain a short‑lived user token (not shown here).
            
-
            # See Facebook Login docs for obtaining the initial short‑lived token.
            
+# NOTE: Users authenticate via Facebook Login to obtain a short‑lived user token (not shown here).
+# See Facebook Login docs for obtaining the initial short‑lived token.
 
-
            client = OAuth2::Client.new(nil, nil, site: “https://graph.instagram.com”)
            
+client = OAuth2::Client.new(nil, nil, site: "https://graph.instagram.com")
 
-
            Start with a short‑lived token you already obtained via Facebook Login
            
-
            short_lived = OAuth2::AccessToken.new(
+# Start with a short‑lived token you already obtained via Facebook Login
+short_lived = OAuth2::AccessToken.new(
   client,
-  ENV[“IG_SHORT_LIVED_TOKEN”],
+  ENV["IG_SHORT_LIVED_TOKEN"],
   # Key part: verb‑dependent mode
   mode: {get: :query, post: :header, delete: :header},
-)
            
+)
 
-
            1) Exchange for a long‑lived token (Instagram requires GET with access_token in query)
            
-
            #    Endpoint: GET https://graph.instagram.com/access_token
+# 1) Exchange for a long‑lived token (Instagram requires GET with access_token in query)
+#    Endpoint: GET https://graph.instagram.com/access_token
 #    Params: grant_type=ig_exchange_token, client_secret=APP_SECRET
 exchange = short_lived.get(
-  “/access_token”,
+  "/access_token",
   params: {
-    grant_type: “ig_exchange_token”,
-    client_secret: ENV[“IG_APP_SECRET”],
+    grant_type: "ig_exchange_token",
+    client_secret: ENV["IG_APP_SECRET"],
     # access_token param will be added automatically by the AccessToken (mode => :query for GET)
   },
 )
-long_lived_token_value = exchange.parsed[“access_token”]
            
+long_lived_token_value = exchange.parsed["access_token"]
 
-
            long_lived = OAuth2::AccessToken.new(
+long_lived = OAuth2::AccessToken.new(
   client,
   long_lived_token_value,
   mode: {get: :query, post: :header, delete: :header},
-)
            
+)
 
-
            2) Refresh the long‑lived token (Instagram uses GET with token in query)
            
-
            #    Endpoint: GET https://graph.instagram.com/refresh_access_token
+# 2) Refresh the long‑lived token (Instagram uses GET with token in query)
+#    Endpoint: GET https://graph.instagram.com/refresh_access_token
 refresh_resp = long_lived.get(
-  “/refresh_access_token”,
-  params: {grant_type: “ig_refresh_token”},
+  "/refresh_access_token",
+  params: {grant_type: "ig_refresh_token"},
 )
 long_lived = OAuth2::AccessToken.new(
   client,
-  refresh_resp.parsed[“access_token”],
+  refresh_resp.parsed["access_token"],
   mode: {get: :query, post: :header, delete: :header},
-)
            
+)
 
-
            3) Typical API GET request (token in query automatically)
            
-
            me = long_lived.get(“/me”, params: {fields: “id,username”}).parsed
            
+# 3) Typical API GET request (token in query automatically)
+me = long_lived.get("/me", params: {fields: "id,username"}).parsed
 
-
            4) Example POST (token sent via Bearer header automatically)
            
-
            # Note: Replace the path/params with a real Instagram Graph API POST you need,
+# 4) Example POST (token sent via Bearer header automatically)
+# Note: Replace the path/params with a real Instagram Graph API POST you need,
 # such as publishing media via the Graph API endpoints.
-# long_lived.post(“/me/media”, body: {image_url: “https://…”, caption: “hello”})
-```
            
+# long_lived.post("/me/media", body: {image_url: "https://...", caption: "hello"})
+
            
 
 
            Tips:
            
 
@@ -1195,24 +1167,22 @@ 
            Refresh Tokens
            
   
          • Manual refresh:
            • 
 
 
-
            ruby
-if access.expired?
+
            if access.expired?
   access = access.refresh
 end
-
            
+
            
 
 
              
   
            • Auto-refresh wrapper pattern:
              • 
 
            
 
-
            ```ruby
-class AutoRefreshingToken
+
            class AutoRefreshingToken
   def initialize(token_provider, store: nil)
     @token = token_provider
     @store = store # e.g., something that responds to read/write for token data
-  end
            
+  end
 
-
            def with(&blk)
+  def with(&blk)
     tok = ensure_fresh!
     blk ? blk.call(tok) : tok
   rescue OAuth2::Error => e
@@ -1223,23 +1193,23 @@ 
            Refresh Tokens
            
       retry
     end
     raise
-  end
            
+  end
 
-
            private
            
+private
 
-
            def ensure_fresh!
+  def ensure_fresh!
     if @token.expired? && @token.refresh_token
       @token = @token.refresh
       @store.write(@token.to_hash) if @store
     end
     @token
   end
-end
            
+end
 
-
            usage
            
-
            keeper = AutoRefreshingToken.new(access)
-keeper.with { |tok| tok.get(“/v1/protected”) }
-```
            
+# usage
+keeper = AutoRefreshingToken.new(access)
+keeper.with { |tok| tok.get("/v1/protected") }
+
            
 
 
            Persist the token across processes using AccessToken#to_hash and AccessToken.from_hash(client, hash).
            
 
@@ -1247,13 +1217,12 @@ 
            Token Revocation (RFC 7009)
            
 
 
            You can revoke either the access token or the refresh token.
            
 
-
            ```ruby
-# Revoke the current access token
-access.revoke(token_type_hint: :access_token)
            
+
            # Revoke the current access token
+access.revoke(token_type_hint: :access_token)
 
-
            Or explicitly revoke the refresh token (often also invalidates associated access tokens)
            
-
            access.revoke(token_type_hint: :refresh_token)
-```
            
+# Or explicitly revoke the refresh token (often also invalidates associated access tokens)
+access.revoke(token_type_hint: :refresh_token)
+
            
 
 
            Client Configuration Tips
            
 
@@ -1263,35 +1232,34 @@ 
            Mutual TLS (mTLS) client authenti
 
 
            Example using PEM files (certificate and key):
            
 
-
            ```ruby
-require “oauth2”
-require “openssl”
            
+
            require "oauth2"
+require "openssl"
 
-
            client = OAuth2::Client.new(
-  ENV.fetch(“CLIENT_ID”),
-  ENV.fetch(“CLIENT_SECRET”),
-  site: “https://example.com”,
-  authorize_url: “/oauth/authorize/”,
-  token_url: “/oauth/token/”,
+client = OAuth2::Client.new(
+  ENV.fetch("CLIENT_ID"),
+  ENV.fetch("CLIENT_SECRET"),
+  site: "https://example.com",
+  authorize_url: "/oauth/authorize/",
+  token_url: "/oauth/token/",
   auth_scheme: :tls_client_auth, # if your AS requires mTLS-based client authentication
   connection_opts: {
     ssl: {
-      client_cert: OpenSSL::X509::Certificate.new(File.read(“localhost.pem”)),
-      client_key: OpenSSL::PKey::RSA.new(File.read(“localhost-key.pem”)),
+      client_cert: OpenSSL::X509::Certificate.new(File.read("localhost.pem")),
+      client_key: OpenSSL::PKey::RSA.new(File.read("localhost-key.pem")),
       # Optional extras, uncomment as needed:
-      # ca_file: “/path/to/ca-bundle.pem”,   # custom CA(s)
+      # ca_file: "/path/to/ca-bundle.pem",   # custom CA(s)
       # verify: true                           # enable server cert verification (recommended)
     },
   },
-)
            
+)
 
-
            Example token request (any grant type can be used). The mTLS handshake
            
-
            # will occur automatically on HTTPS calls using the configured cert/key.
-access = client.client_credentials.get_token
            
+# Example token request (any grant type can be used). The mTLS handshake
+# will occur automatically on HTTPS calls using the configured cert/key.
+access = client.client_credentials.get_token
 
-
            Subsequent resource requests will also use mTLS on HTTPS endpoints of site:
            
-
            resp = access.get(“/v1/protected”)
-```
            
+# Subsequent resource requests will also use mTLS on HTTPS endpoints of `site`:
+resp = access.get("/v1/protected")
+
            
 
 
            Notes:
            
 
@@ -1316,25 +1284,23 @@ 
            Authentication schemes for the token request
            
 
-
            ruby
-OAuth2::Client.new(
+
            OAuth2::Client.new(
   id,
   secret,
-  site: "https://provider.example.com/",
+  site: "https://provider.example.com",
   auth_scheme: :basic_auth, # default. Alternatives: :request_body, :tls_client_auth, :private_key_jwt
 )
-
            
+
            
 
 
            Faraday connection, timeouts, proxy, custom adapter/middleware:
            
 
-
            ruby
-client = OAuth2::Client.new(
+
            client = OAuth2::Client.new(
   id,
   secret,
-  site: "https://provider.example.com/",
+  site: "https://provider.example.com",
   connection_opts: {
     request: {open_timeout: 5, timeout: 15},
-    proxy: ENV["HTTPS_PROXY"],
+    proxy: ENV["HTTPS_PROXY"],
     ssl: {verify: true},
   },
 ) do |faraday|
@@ -1342,19 +1308,18 @@ 
            Faraday conn
   # faraday.response :logger, Logger.new($stdout) # see OAUTH_DEBUG below
   faraday.adapter(:net_http_persistent) # or any Faraday adapter you need
 end
-
            
+
            
 
 
            Using flat query params (Faraday::FlatParamsEncoder)
            
 
 
            Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
            
 
-
            ```ruby
-require “faraday”
            
+
            require "faraday"
 
-
            client = OAuth2::Client.new(
+client = OAuth2::Client.new(
   id,
   secret,
-  site: “https://api.example.com”,
+  site: "https://api.example.com",
   # Pass Faraday connection options to make FlatParamsEncoder the default
   connection_opts: {
     request: {params_encoder: Faraday::FlatParamsEncoder},
@@ -1362,33 +1327,32 @@ 
            Using flat query param
 ) do |faraday|
   faraday.request(:url_encoded)
   faraday.adapter(:net_http)
-end
            
+end
 
-
            access = client.client_credentials.get_token
            
+access = client.client_credentials.get_token
 
-
            Example of a GET with two flat filter params (not an array):
            
-
            # Results in: ?filter=order.clientCreatedTime%3E1445006997000&filter=order.clientCreatedTime%3C1445611797000
+# Example of a GET with two flat filter params (not an array):
+# Results in: ?filter=order.clientCreatedTime%3E1445006997000&filter=order.clientCreatedTime%3C1445611797000
 resp = access.get(
-  “/v1/orders”,
+  "/v1/orders",
   params: {
     # Provide the values as an array; FlatParamsEncoder expands them as repeated keys
     filter: [
-      “order.clientCreatedTime>1445006997000”,
-      “order.clientCreatedTime<1445611797000”,
+      "order.clientCreatedTime>1445006997000",
+      "order.clientCreatedTime<1445611797000",
     ],
   },
 )
-```
            
+
            
 
 
            If you instead need to build a raw Faraday connection yourself, the equivalent configuration is:
            
 
-
            ruby
-conn = Faraday.new("https://api.example.com/", request: {params_encoder: Faraday::FlatParamsEncoder})
-
            
+
            conn = Faraday.new("https://api.example.com", request: {params_encoder: Faraday::FlatParamsEncoder})
+
            
 
 
            Redirection
            
 
-
            The library follows up to max_redirects (default 5).
+
            The library follows up to max_redirects (default 5).
            
 You can override per-client via options[:max_redirects].
            
 
 
            Handling Responses and Errors
            
@@ -1397,52 +1361,48 @@ 
            Handling Responses and Errors
            
   
          • Parsing:
            • 
 
 
-
            ruby
-resp = access.get("/v1/thing")
+
            resp = access.get("/v1/thing")
 resp.status     # Integer
 resp.headers    # Hash
 resp.body       # String
 resp.parsed     # SnakyHash::StringKeyed or Array when JSON array
-
            
+
            
 
 
              
   
            • Error handling:
              • 
 
            
 
-
            ruby
-begin
-  access.get("/v1/forbidden")
+
            begin
+  access.get("/v1/forbidden")
 rescue OAuth2::Error => e
   e.code         # OAuth2 error code (when present)
   e.description  # OAuth2 error description (when present)
   e.response     # OAuth2::Response (full access to status/headers/body)
 end
-
            
+
            
 
 
              
   
            • Disable raising on 4xx/5xx to inspect the response yourself:
              • 
 
            
 
-
            ruby
-client = OAuth2::Client.new(id, secret, site: site, raise_errors: false)
-res = client.request(:get, "/v1/maybe-errors")
+
            client = OAuth2::Client.new(id, secret, site: site, raise_errors: false)
+res = client.request(:get, "/v1/maybe-errors")
 if res.status == 429
-  sleep res.headers["retry-after"].to_i
+  sleep res.headers["retry-after"].to_i
 end
-
            
+
            
 
 
            Making Raw Token Requests
            
 
 
            If a provider requires non-standard parameters or headers, you can call client.get_token directly:
            
 
-
            ruby
-access = client.get_token({
-  grant_type: "client_credentials",
-  audience: "https://api.example.com/",
-  headers: {"X-Custom" => "value"},
+
            access = client.get_token({
+  grant_type: "client_credentials",
+  audience: "https://api.example.com",
+  headers: {"X-Custom" => "value"},
   parse: :json, # override parsing
 })
-
            
+
            
 
 
            OpenID Connect (OIDC) Notes
            
 
@@ -1461,23 +1421,23 @@ 
            Debugging
            
 
 
            
 
-
            🦷 FLOSS Funding
            
+
            🦷 FLOSS Funding
            
 
-
            While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding.
+
            While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding.
            
 Raising a monthly budget of… “dollars” would make the project more sustainable.
            
 
-
            We welcome both individual and corporate sponsors! We also offer a
-wide array of funding channels to account for your preferences
+
            We welcome both individual and corporate sponsors! We also offer a
            
+wide array of funding channels to account for your preferences
            
 (although currently Open Collective is our preferred funding platform).
            
 
-
            If you’re working in a company that’s making significant use of ruby-oauth tools we’d
+
            If you’re working in a company that’s making significant use of ruby-oauth tools we’d
            
 appreciate it if you suggest to your company to become a ruby-oauth sponsor.
            
 
-
            You can support the development of ruby-oauth tools via
-GitHub Sponsors,
-Liberapay,
-PayPal,
-Open Collective
+
            You can support the development of ruby-oauth tools via
            
+GitHub Sponsors,
            
+Liberapay,
            
+PayPal,
            
+Open Collective
            
 and Tidelift.
            
 
 
@@ -1500,7 +1460,7 @@ 
            Open Collective for Individuals
            NOTE: kettle-readme-backers updates this list every day, automatically.
            
-
            No backers yet. Be the first!
+
            No backers yet. Be the first!
            
 
            Open Collective for Organizations
            
@@ -1510,7 +1470,7 @@ 
            Open Collective for Organizations
            NOTE: kettle-readme-backers updates this list every day, automatically.
            
-
            No sponsors yet. Be the first!
+
            No sponsors yet. Be the first!
            
 
            Another way to support open-source
            
@@ -1525,24 +1485,24 @@ 
            Another way to support open-sourceOpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS efforts at ko-fi.com Donate to my FLOSS efforts using Patreon
            
 
-
            🔐 Security
            
+
            🔐 Security
            
 
-
            To report a security vulnerability, please use the Tidelift security contact.
+
            To report a security vulnerability, please use the Tidelift security contact.
            
 Tidelift will coordinate the fix and disclosure.
            For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
            
 
-
            🤝 Contributing
            
+
            🤝 Contributing
            
 
-
            If you need some ideas of where to help, you could work on adding more code coverage,
-or if it is already 💯 (see below) check reek, issues, or PRs,
+
            If you need some ideas of where to help, you could work on adding more code coverage,
            
+or if it is already 💯 (see below) check reek, issues, or PRs,
            
 or use the gem and think about how it could be better.
            We Keep A Changelog so if you make changes, remember to update it.
            See CONTRIBUTING.md for more detailed instructions.
            
 
-
            🚀 Release Instructions
            
+
            🚀 Release Instructions
            See CONTRIBUTING.md.
            
 
@@ -1554,12 +1514,12 @@ 
            Code Coverage
            QLTY Test Coverage
            
 
-
            🪇 Code of Conduct
            
+
            🪇 Code of Conduct
            
 
-
            Everyone interacting with this project’s codebases, issue trackers,
+
            Everyone interacting with this project’s codebases, issue trackers,
            
 chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
            
 
-
            🌈 Contributors
            
+
            🌈 Contributors
            Contributors
            
 
@@ -1580,29 +1540,28 @@ 
            🌈 Contributors
            
 
-
            📌 Versioning
            
+
            📌 Versioning
            
 
-
            This Library adheres to Semantic Versioning 2.0.0.
-Violations of this scheme should be reported as bugs.
-Specifically, if a minor or patch version is released that breaks backward compatibility,
-a new version should be immediately released that restores compatibility.
+
            This Library adheres to Semantic Versioning 2.0.0.
            
+Violations of this scheme should be reported as bugs.
            
+Specifically, if a minor or patch version is released that breaks backward compatibility,
            
+a new version should be immediately released that restores compatibility.
            
 Breaking changes to the public API will only be introduced with new major versions.
            
-  
            dropping support for a platform is both obviously and objectively a breaking change 
            
+  
            dropping support for a platform is both obviously and objectively a breaking change 

            
 —Jordan Harband (@ljharb, maintainer of SemVer) in SemVer issue 716
            
 
            
 
-
            I understand that policy doesn’t work universally (“exceptions to every rule!”),
-but it is the policy here.
-As such, in many cases it is good to specify a dependency on this library using
+
            I understand that policy doesn’t work universally (“exceptions to every rule!”),
            
+but it is the policy here.
            
+As such, in many cases it is good to specify a dependency on this library using
            
 the Pessimistic Version Constraint with two digits of precision.
            For example:
            
 
-
            ruby
-spec.add_dependency("oauth2", "~> 2.0")
-
            
+
            spec.add_dependency("oauth2", "~> 2.0")
+
            
   📌 Is "Platform Support" part of the public API? More details inside.
@@ -1621,13 +1580,13 @@ 
            📌 Versioning
            
 
 
            See CHANGELOG.md for a list of releases.
            
 
-
            📄 License
            
+
            📄 License
            
 
-
            The gem is available as open source under the terms of
-the MIT License License: MIT.
+
            The gem is available as open source under the terms of
            
+the MIT License License: MIT.
            
 See LICENSE.txt for the official Copyright Notice.
            
 
-
+
            © Copyright
            
 
 
              
     
            • 
@@ -1644,13 +1603,13 @@ 
     
              • 
 
            
 
-
            🤑 A request for help
            
+
            🤑 A request for help
            
 
-
            Maintainers have teeth and need to pay their dentists.
-After getting laid off in an RIF in March, and encountering difficulty finding a new one,
-I began spending most of my time building open source tools.
-I’m hoping to be able to pay for my kids’ health insurance this month,
-so if you value the work I am doing, I need your support.
+
            Maintainers have teeth and need to pay their dentists.
            
+After getting laid off in an RIF in March, and encountering difficulty finding a new one,
            
+I began spending most of my time building open source tools.
            
+I’m hoping to be able to pay for my kids’ health insurance this month,
            
+so if you value the work I am doing, I need your support.
            
 Please consider sponsoring me or the project.
            
 
 
            To join the community or get help 👇️ Join the Discord.
            
@@ -1677,7 +1636,7 @@ 
            Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 6dacf828..a8f44a8d 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
            Defined Under Namespace
            
 
 
       

From 18434156bfc988527d2453b2174e6356e233757d Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 8 Nov 2025 03:49:32 -0700
Subject: [PATCH 641/645] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20kettle-dev=20v1.1.?=
 =?UTF-8?q?52,=20yard-fence=20v0.8.0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/copilotDiffState.xml                    |  17 --
 CHANGELOG.md                                  |   7 +-
 Gemfile.lock                                  |   6 +-
 README.md                                     |   2 +-
 THREAT_MODEL.md                               |   1 -
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              | 116 ++++++++++-
 docs/file.CHANGELOG.html                      |   8 +-
 docs/file.CITATION.html                       |  44 ++--
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   4 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.IRP.html                            |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           |   2 +-
 docs/file.README.html                         |  26 +--
 docs/file.REEK.html                           |   2 +-
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   6 +-
 docs/file.THREAT_MODEL.html                   |   2 +-
 docs/file.access_token.html                   |   8 +-
 docs/file.authenticator.html                  |   6 +-
 docs/file.client.html                         |   8 +-
 docs/file.error.html                          |  16 +-
 docs/file.filtered_attributes.html            |  12 +-
 docs/file.oauth2-2.0.10.gem.html              |   2 +-
 docs/file.oauth2-2.0.11.gem.html              |   2 +-
 docs/file.oauth2-2.0.12.gem.html              |   2 +-
 docs/file.oauth2-2.0.13.gem.html              |   2 +-
 docs/file.oauth2-2.0.14.gem.html              |   2 +-
 docs/file.oauth2-2.0.15.gem.html              |   2 +-
 docs/file.oauth2-2.0.16.gem.html              |   2 +-
 docs/file.oauth2-2.0.17.gem.html              |   2 +-
 docs/file.oauth2.html                         |  10 +-
 docs/file.response.html                       |   6 +-
 docs/file.strategy.html                       |  10 +-
 docs/file.version.html                        |  10 +-
 docs/file_list.html                           | 190 ++++++++++++++++++
 docs/index.html                               |  26 +--
 docs/top-level-namespace.html                 |   2 +-
 55 files changed, 450 insertions(+), 155 deletions(-)
 delete mode 100644 .idea/copilotDiffState.xml

diff --git a/.idea/copilotDiffState.xml b/.idea/copilotDiffState.xml
deleted file mode 100644
index 1800110b..00000000
--- a/.idea/copilotDiffState.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-
-
-  
-    
-  
-
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 17cc8fb0..6f9fc707 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,7 +27,7 @@ Please file a bug if you notice a violation of semantic versioning.
 ### Changed
 
 - [gh!685][gh!685] - upgrade kettle-dev v1.1.24 by @pboling
-- upgrade kettle-dev v1.1.51 by @pboling
+- upgrade kettle-dev v1.1.52 by @pboling
   - Add open collective donors to README
 
 ### Deprecated
@@ -36,7 +36,8 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Fixed
 
-- [gh!690][gh!690] - Add yard-fence to handle braces within code fences in markdown properly by @pboling
+- [gh!690][gh!690], [gh!691][gh!691], [gh!692][gh!692] - Add yard-fence
+  - handle braces within code fences in markdown properly by @pboling
 
 ### Security
 
@@ -46,6 +47,8 @@ Please file a bug if you notice a violation of semantic versioning.
 [gh!686]: https://github.com/ruby-oauth/oauth2/pull/686
 [gh!687]: https://github.com/ruby-oauth/oauth2/pull/687
 [gh!690]: https://github.com/ruby-oauth/oauth2/pull/690
+[gh!691]: https://github.com/ruby-oauth/oauth2/pull/691
+[gh!692]: https://github.com/ruby-oauth/oauth2/pull/692
 
 ## [2.0.17] - 2025-09-15
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 4b8b7ebe..3087a5ed 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -99,7 +99,7 @@ GEM
     json (2.16.0)
     jwt (3.1.2)
       base64
-    kettle-dev (1.1.51)
+    kettle-dev (1.1.52)
     kettle-soup-cover (1.0.10)
       simplecov (~> 0.22)
       simplecov-cobertura (~> 3.0)
@@ -203,7 +203,7 @@ GEM
       rubocop-ast (>= 1.46.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.47.1)
+    rubocop-ast (1.48.0)
       parser (>= 3.3.7.2)
       prism (~> 1.4)
     rubocop-gradual (0.3.6)
@@ -311,7 +311,7 @@ GEM
     uri (1.1.1)
     version_gem (1.1.9)
     yard (0.9.37)
-    yard-fence (0.7.0)
+    yard-fence (0.8.0)
       rdoc (~> 6.11)
       version_gem (~> 1.1, >= 1.1.9)
       yard (~> 0.9, >= 0.9.37)
diff --git a/README.md b/README.md
index 75c72dda..54416cb3 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@
 
 ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
 
-[![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🏀codecovi]][🏀codecov] [![Coveralls Test Coverage][🏀coveralls-img]][🏀coveralls] [![QLTY Test Coverage][🏀qlty-covi]][🏀qlty-cov] [![QLTY Maintainability][🏀qlty-mnti]][🏀qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
+[![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🏀codecovi]][🏀codecov] [![Coveralls Test Coverage][🏀coveralls-img]][🏀coveralls] [![QLTY Test Coverage][🏀qlty-covi]][🏀qlty-cov] [![QLTY Maintainability][🏀qlty-mnti]][🏀qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
 
 `if ci_badges.map(&:color).detect { it != "green"}` ☝️ [let me know][🖼️galtzo-discord], as I may have missed the [discord notification][🖼️galtzo-discord].
 
diff --git a/THREAT_MODEL.md b/THREAT_MODEL.md
index 430b293d..9b1f8830 100644
--- a/THREAT_MODEL.md
+++ b/THREAT_MODEL.md
@@ -83,4 +83,3 @@ This document outlines the threat model for the `oauth2` Ruby gem, which impleme
 
 ---
 This outline should be reviewed and updated regularly as the project evolves.
-
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index a55e82e2..ee8bb207 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 70a207ea..2d2877fb 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3083,7 +3083,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 18d54f5b..d074b67a 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index f46b4be7..d2611fe5 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 6892113d..d70f829c 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index e5ea7de7..42b859e8 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 4d6ef536..50e00f3f 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index a8bd2548..2e328521 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index a12ec766..1cd516b5 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
            Defined Under Namespace
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 11cb1f95..a2d8d6d4 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 4901a6c1..a79f6bbe 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 98b85f29..dda6f98d 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 57fd20cd..5185db5f 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 0fe96e09..634c8c96 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 698b755e..55cc2659 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index fd949561..5a59b725 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
            
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index a73441e6..9605364e 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -93,6 +93,120 @@ 
            File Listing
            
     
          • LICENSE
            • 
     
   
+    
          • CITATION
            • 
+    
+  
+    
          • CHANGELOG
            • 
+    
+  
+    
          • CODE_OF_CONDUCT
            • 
+    
+  
+    
          • CONTRIBUTING
            • 
+    
+  
+    
          • FUNDING
            • 
+    
+  
+    
          • IRP
            • 
+    
+  
+    
          • OIDC
            • 
+    
+  
+    
          • README
            • 
+    
+  
+    
          • RUBOCOP
            • 
+    
+  
+    
          • SECURITY
            • 
+    
+  
+    
          • THREAT_MODEL
            • 
+    
+  
+    
          • LICENSE
            • 
+    
+  
+    
          • oauth2-2.0.10.gem
            • 
+    
+  
+    
          • oauth2-2.0.11.gem
            • 
+    
+  
+    
          • oauth2-2.0.12.gem
            • 
+    
+  
+    
          • oauth2-2.0.13.gem
            • 
+    
+  
+    
          • oauth2-2.0.14.gem
            • 
+    
+  
+    
          • oauth2-2.0.15.gem
            • 
+    
+  
+    
          • oauth2-2.0.16.gem
            • 
+    
+  
+    
          • oauth2-2.0.17.gem
            • 
+    
+  
+    
          • oauth2-2.0.10.gem
            • 
+    
+  
+    
          • oauth2-2.0.11.gem
            • 
+    
+  
+    
          • oauth2-2.0.12.gem
            • 
+    
+  
+    
          • oauth2-2.0.13.gem
            • 
+    
+  
+    
          • oauth2-2.0.14.gem
            • 
+    
+  
+    
          • oauth2-2.0.15.gem
            • 
+    
+  
+    
          • oauth2-2.0.16.gem
            • 
+    
+  
+    
          • oauth2-2.0.17.gem
            • 
+    
+  
+    
          • REEK
            • 
+    
+  
+    
          • access_token
            • 
+    
+  
+    
          • authenticator
            • 
+    
+  
+    
          • client
            • 
+    
+  
+    
          • error
            • 
+    
+  
+    
          • filtered_attributes
            • 
+    
+  
+    
          • response
            • 
+    
+  
+    
          • strategy
            • 
+    
+  
+    
          • version
            • 
+    
+  
+    
          • oauth2
            • 
+    
+  
   
 
 
            
@@ -315,7 +429,7 @@ 
            Namespace Listing A-Z
            
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 9720289f..8b60c52a 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -101,7 +101,11 @@ 
            Fixed
            
 
 
              
   
            • 
-gh!690 - Add yard-fence to handle braces within code fences in markdown properly by @pboling
              • 
+gh!690, gh!691, gh!692 - Add yard-fence
+    
                
+      
              • handle braces within code fences in markdown properly by @pboling
                • 
+    
              
+  
 
            
 
 
            Security
            
@@ -1299,7 +1303,7 @@ 
            
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index ec687c30..48c4a26e 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -57,30 +57,32 @@
         
            
       
 
-      
            cff-version: 1.2.0
-title: oauth2
-message: >-
-  If you use this work and you want to cite it,
-  then you can use the metadata from this file.
-type: software
-authors:
-  - given-names: Peter Hurn
-    family-names: Boling
-    email: peter@railsbling.com
-    affiliation: railsbling.com
-    orcid: ‘https://orcid.org/0009-0008-8519-441X’
-identifiers:
-  - type: url
-    value: ‘https://github.com/ruby-oauth/oauth2’
-    description: oauth2
-repository-code: ‘https://github.com/ruby-oauth/oauth2’
-abstract: >-
-  oauth2
-license: See license file
            
+      
            cff-version: 1.2.0
            
+title: oauth2
            
+message: >-
            
+  If you use this work and you want to cite it,
            
+  then you can use the metadata from this file.
            
+type: software
            
+authors:
            
+
              
+  
            • given-names: Peter Hurn
              
+family-names: Boling
              
+email: peter@railsbling.com
              
+affiliation: railsbling.com
              
+orcid: ‘https://orcid.org/0009-0008-8519-441X’
              
+identifiers:
              • 
+  
            • type: url
              
+value: ‘https://github.com/ruby-oauth/oauth2’
              
+description: oauth2
              
+repository-code: ‘https://github.com/ruby-oauth/oauth2’
              
+abstract: >-
              
+  oauth2
              
+license: See license file
              • 
+
            
 
            
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 28cfa69c..b6386287 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
            Attribution
            
 
            
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 65efad98..c488d9cc 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -201,7 +201,7 @@ 
            Lint It
            
 
            bundle exec rake rubocop_gradual:autocorrect
 
            
 
-
            For more detailed information about using RuboCop in this project, please see the RUBOCOP.md guide. This project uses rubocop_gradual instead of vanilla RuboCop, which requires specific commands for checking violations.
            
+
            For more detailed information about using RuboCop in this project, please see the RUBOCOP.md guide. This project uses rubocop_gradual instead of vanilla RuboCop, which requires specific commands for checking violations.
            
 
 
            Important: Do not add inline RuboCop disables
            
 
@@ -304,7 +304,7 @@ 
            Manual process
            
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 0eb9ce7d..af82a198 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -99,7 +99,7 @@ 
            Another Way to Support Open
 
 
       
diff --git a/docs/file.IRP.html b/docs/file.IRP.html
index 43718bd2..5f842502 100644
--- a/docs/file.IRP.html
+++ b/docs/file.IRP.html
@@ -211,7 +211,7 @@ 
            Appendix: Example checklist
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 4e01e91e..249a86fc 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
            MIT License

            Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
            Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

            Permission is hereby granted, free of charge, to any person obtaining a copy
            of this software and associated documentation files (the "Software"), to deal
            in the Software without restriction, including without limitation the rights
            to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
            copies of the Software, and to permit persons to whom the Software is
            furnished to do so, subject to the following conditions:

            The above copyright notice and this permission notice shall be included in all
            copies or substantial portions of the Software.

            THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
            IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
            FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
            AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
            LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
            OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
            SOFTWARE.
            
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 5068218e..04d54e01 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -256,7 +256,7 @@ 
            Raw OIDC with ruby-oauth/oauth2
            
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index a06abfa9..6dc49cae 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -103,7 +103,7 @@ 
            🔐 OAuth 2.0 Authorization Framewor
 
 
            ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
            
 
-
            Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers CodeCov Test Coverage Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL Apache SkyWalking Eyes License Compatibility Check
            
+
            Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers CodeCov Test Coverage Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL Apache SkyWalking Eyes License Compatibility Check
            
 
 
            if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
            
 
@@ -305,7 +305,7 @@ 
            💡 Info you can shake a stick at
            
     
            
@@ -609,7 +609,7 @@ 
            Compatibility
            
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
            
       Compliance
       
-License: MIT Compatible with Apache Software Projects: Verified by SkyWalking Eyes 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
+License: MIT Compatible with Apache Software Projects: Verified by SkyWalking Eyes 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
 
     
            
     
            
 
            
 
 
            NOTE: The 1.4 series will only receive critical security updates.
            
-See SECURITY.md and IRP.md.
            
+See SECURITY.md and IRP.md.
            
 
 
            ⚙️ Configuration
            
 
@@ -1409,7 +1409,7 @@ 
            OpenID Connect (OIDC) Notes
            
 
              
   
            • If the token response includes an id_token (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider’s JWKs to verify it.
              • 
   
            • For private_key_jwt client authentication, provide auth_scheme: :private_key_jwt and ensure your key configuration matches the provider requirements.
              • 
-  
            • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
              • 
+  
            • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
              • 
 
            
 
 
            Debugging
            
@@ -1490,21 +1490,21 @@ 
            🔐 Security
            
 
            To report a security vulnerability, please use the Tidelift security contact.
            
 Tidelift will coordinate the fix and disclosure.
            
 
-
            For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
            
+
            For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
            
 
 
            🤝 Contributing
            
 
 
            If you need some ideas of where to help, you could work on adding more code coverage,
            
-or if it is already 💯 (see below) check reek, issues, or PRs,
            
+or if it is already 💯 (see below) check reek, issues, or PRs,
            
 or use the gem and think about how it could be better.
            
 
 
            We Keep A Changelog so if you make changes, remember to update it.
            
 
-
            See CONTRIBUTING.md for more detailed instructions.
            
+
            See CONTRIBUTING.md for more detailed instructions.
            
 
 
            🚀 Release Instructions
            
 
-
            See CONTRIBUTING.md.
            
+
            See CONTRIBUTING.md.
            
 
 
            Code Coverage
            
 
@@ -1517,7 +1517,7 @@ 
            Code Coverage
            
 
            🪇 Code of Conduct
            
 
 
            Everyone interacting with this project’s codebases, issue trackers,
            
-chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
            
+chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
            
 
 
            🌈 Contributors
            
 
@@ -1578,13 +1578,13 @@ 
            📌 Versioning
            
 
 
            
 
-
            See CHANGELOG.md for a list of releases.
            
+
            See CHANGELOG.md for a list of releases.
            
 
 
            📄 License
            
 
 
            The gem is available as open source under the terms of
            
-the MIT License License: MIT.
            
-See LICENSE.txt for the official Copyright Notice.
            
+the MIT License License: MIT.
            
+See LICENSE.txt for the official Copyright Notice.
            
 
 
            © Copyright
            
 
@@ -1636,7 +1636,7 @@ 
            Please give the project a star ⭐ ♥
 
            
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index fa6fc2fc..fc7c71a8 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 05ae681e..5dfea70c 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
            Benefits of rubocop_gradual
            
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 76ca890a..66b36683 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -82,18 +82,18 @@ 
            Security contact information
            
 Tidelift security contact.
            
 Tidelift will coordinate the fix and disclosure.
            
 
-
            More detailed explanation of the process is in IRP.md
            
+
            More detailed explanation of the process is in IRP.md
            
 
 
            Additional Support
            
 
 
            If you are interested in support for versions older than the latest release,
            
 please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
            
-or find other sponsorship links in the README.
            
+or find other sponsorship links in the README.
            
 
 
 
       
diff --git a/docs/file.THREAT_MODEL.html b/docs/file.THREAT_MODEL.html
index 7bd7cc73..da154235 100644
--- a/docs/file.THREAT_MODEL.html
+++ b/docs/file.THREAT_MODEL.html
@@ -206,7 +206,7 @@ 
            8. References
            
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 1300c2b1..65e4aaa8 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -57,9 +57,9 @@
         
            
       
 
-      
            module OAuth2
-  class AccessToken
-    def self.from_hash: (OAuth2::Client, Hash[untyped, untyped]) -> OAuth2::AccessToken
+      
            module OAuth2
            
+  class AccessToken
            
+    def self.from_hash: (OAuth2::Client, Hash[untyped, untyped]) -> OAuth2::AccessToken
            
     def self.from_kvform: (OAuth2::Client, String) -> OAuth2::AccessToken
            
 
 
            def initialize: (OAuth2::Client, String, ?Hash[Symbol, untyped]) -> void
@@ -84,7 +84,7 @@
 
            
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index 630200ca..bd9ad4f3 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -57,8 +57,8 @@
         
            
       
            
 
-      
            module OAuth2
-  class Authenticator
+      
            module OAuth2
            
+  class Authenticator
            
     include OAuth2::FilteredAttributes
            
 
 
            attr_reader mode: (Symbol | String)
@@ -81,7 +81,7 @@
 
            
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index a21933aa..9015aa65 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -57,9 +57,9 @@
         
            
       
            
 
-      
            module OAuth2
-  class Client
-    RESERVED_REQ_KEYS: Array[String]
+      
            module OAuth2
            
+  class Client
            
+    RESERVED_REQ_KEYS: Array[String]
            
     RESERVED_PARAM_KEYS: Array[String]
            
 
 
            include OAuth2::FilteredAttributes
@@ -111,7 +111,7 @@
 
            
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index d6e43057..ba7da6a6 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -57,18 +57,18 @@
         
            
       
            
 
-      
            module OAuth2
-  class Error < StandardError
-    def initialize: (OAuth2::Response) -> void
-    def code: () -> (String | Integer | nil)
-    def description: () -> (String | nil)
-    def response: () -> OAuth2::Response
-  end
+      
            module OAuth2
            
+  class Error < StandardError
            
+    def initialize: (OAuth2::Response) -> void
            
+    def code: () -> (String | Integer | nil)
            
+    def description: () -> (String | nil)
            
+    def response: () -> OAuth2::Response
            
+  end
            
 end
            
 
            
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index 95f557bb..5cf2e2f9 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -57,16 +57,16 @@
         
            
       
            
 
-      
            module OAuth2
-  module FilteredAttributes
-    def self.included: (untyped) -> untyped
-    def filtered_attributes: (*String) -> void
-  end
+      
            module OAuth2
            
+  module FilteredAttributes
            
+    def self.included: (untyped) -> untyped
            
+    def filtered_attributes: (*String) -> void
            
+  end
            
 end
            
 
            
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index aaedb848..eb6e5b05 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
            
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index 299ada70..a3bcde43 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
            
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index f5efd44b..bb176075 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
            
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index 72e8abb0..d43805a4 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
index ee25b93f..1706e312 100644
--- a/docs/file.oauth2-2.0.14.gem.html
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.15.gem.html b/docs/file.oauth2-2.0.15.gem.html
index c4d115e1..89123e68 100644
--- a/docs/file.oauth2-2.0.15.gem.html
+++ b/docs/file.oauth2-2.0.15.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.16.gem.html b/docs/file.oauth2-2.0.16.gem.html
index 7abd2400..ec2b5f0a 100644
--- a/docs/file.oauth2-2.0.16.gem.html
+++ b/docs/file.oauth2-2.0.16.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.17.gem.html b/docs/file.oauth2-2.0.17.gem.html
index 668d7dbd..72b314c5 100644
--- a/docs/file.oauth2-2.0.17.gem.html
+++ b/docs/file.oauth2-2.0.17.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index af26ebe4..a6c2acc6 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -57,19 +57,19 @@
         
            
       
 
-      
            module OAuth2
+      
            module OAuth2
            
   OAUTH_DEBUG: bool
            
 
-
            DEFAULT_CONFIG: untyped
+
            DEFAULT_CONFIG: untyped
            
   @config: untyped
            
 
-
            def self.config: () -> untyped
-  def self.configure: () { (untyped) -> void } -> void
+
            def self.config: () -> untyped
            
+  def self.configure: () { (untyped) -> void } -> void
            
 end
            
 
            
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index f9edaafd..ddde2640 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -57,8 +57,8 @@
         
            
       
            
 
-      
            module OAuth2
-  class Response
+      
            module OAuth2
            
+  class Response
            
     DEFAULT_OPTIONS: Hash[Symbol, untyped]
            
 
 
            def self.register_parser: (Symbol key, (Array[String] | String) mime_types) { (String) -> untyped } -> void
@@ -77,7 +77,7 @@
 
            
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index e1f679f3..4f19ebc6 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -57,10 +57,10 @@
         
            
       
            
 
-      
            module OAuth2
-  module Strategy
-    class Base
-      def initialize: (OAuth2::Client) -> void
+      
            module OAuth2
            
+  module Strategy
            
+    class Base
            
+      def initialize: (OAuth2::Client) -> void
            
     end
            
 
 
            class AuthCode < Base
@@ -93,7 +93,7 @@
 
            
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index db7a1599..58fd6b82 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -57,15 +57,15 @@
         
            
       
            
 
-      
            module OAuth2
-  module Version
-    VERSION: String
-  end
+      
            module OAuth2
            
+  module Version
            
+    VERSION: String
            
+  end
            
 end
            
 
            
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index 4fec7a08..b342b1fa 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -102,6 +102,196 @@ 
            File List
            
   
   
 
+  
          • 
+    
            CITATION
            
+  
            • 
+  
+
+  
          • 
+    
            CHANGELOG
            
+  
            • 
+  
+
+  
          • 
+    
            CODE_OF_CONDUCT
            
+  
            • 
+  
+
+  
          • 
+    
            CONTRIBUTING
            
+  
            • 
+  
+
+  
          • 
+    
            FUNDING
            
+  
            • 
+  
+
+  
          • 
+    
            IRP
            
+  
            • 
+  
+
+  
          • 
+    
            OIDC
            
+  
            • 
+  
+
+  
          • 
+    
            README
            
+  
            • 
+  
+
+  
          • 
+    
            RUBOCOP
            
+  
            • 
+  
+
+  
          • 
+    
            SECURITY
            
+  
            • 
+  
+
+  
          • 
+    
            THREAT_MODEL
            
+  
            • 
+  
+
+  
          • 
+    
            LICENSE
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.10.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.11.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.12.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.13.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.14.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.15.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.16.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.17.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.10.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.11.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.12.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.13.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.14.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.15.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.16.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.17.gem
            
+  
            • 
+  
+
+  
          • 
+    
            REEK
            
+  
            • 
+  
+
+  
          • 
+    
            access_token
            
+  
            • 
+  
+
+  
          • 
+    
            authenticator
            
+  
            • 
+  
+
+  
          • 
+    
            client
            
+  
            • 
+  
+
+  
          • 
+    
            error
            
+  
            • 
+  
+
+  
          • 
+    
            filtered_attributes
            
+  
            • 
+  
+
+  
          • 
+    
            response
            
+  
            • 
+  
+
+  
          • 
+    
            strategy
            
+  
            • 
+  
+
+  
          • 
+    
            version
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2
            
+  
            • 
+  
+
 
       
     
            
diff --git a/docs/index.html b/docs/index.html
index 53a7821f..a6881b64 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -103,7 +103,7 @@ 
            🔐 OAuth 2.0 Authorization Framewor
 
 
            ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
            
 
-
            Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers CodeCov Test Coverage Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL Apache SkyWalking Eyes License Compatibility Check
            
+
            Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers CodeCov Test Coverage Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL Apache SkyWalking Eyes License Compatibility Check
            
 
 
            if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
            
 
@@ -305,7 +305,7 @@ 
            💡 Info you can shake a stick at
            
     
            
       Compliance
       
-License: MIT Compatible with Apache Software Projects: Verified by SkyWalking Eyes 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
+License: MIT Compatible with Apache Software Projects: Verified by SkyWalking Eyes 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
 
     
            
     
            
 
            
 
 
            NOTE: The 1.4 series will only receive critical security updates.
            
-See SECURITY.md and IRP.md.
            
+See SECURITY.md and IRP.md.
            
 
 
            ⚙️ Configuration
            
 
@@ -1409,7 +1409,7 @@ 
            OpenID Connect (OIDC) Notes
            
 
              
   
            • If the token response includes an id_token (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider’s JWKs to verify it.
              • 
   
            • For private_key_jwt client authentication, provide auth_scheme: :private_key_jwt and ensure your key configuration matches the provider requirements.
              • 
-  
            • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
              • 
+  
            • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
              • 
 
            
 
 
            Debugging
            
@@ -1490,21 +1490,21 @@ 
            🔐 Security
            
 
            To report a security vulnerability, please use the Tidelift security contact.
            
 Tidelift will coordinate the fix and disclosure.
            
 
-
            For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
            
+
            For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
            
 
 
            🤝 Contributing
            
 
 
            If you need some ideas of where to help, you could work on adding more code coverage,
            
-or if it is already 💯 (see below) check reek, issues, or PRs,
            
+or if it is already 💯 (see below) check reek, issues, or PRs,
            
 or use the gem and think about how it could be better.
            
 
 
            We Keep A Changelog so if you make changes, remember to update it.
            
 
-
            See CONTRIBUTING.md for more detailed instructions.
            
+
            See CONTRIBUTING.md for more detailed instructions.
            
 
 
            🚀 Release Instructions
            
 
-
            See CONTRIBUTING.md.
            
+
            See CONTRIBUTING.md.
            
 
 
            Code Coverage
            
 
@@ -1517,7 +1517,7 @@ 
            Code Coverage
            
 
            🪇 Code of Conduct
            
 
 
            Everyone interacting with this project’s codebases, issue trackers,
            
-chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
            
+chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
            
 
 
            🌈 Contributors
            
 
@@ -1578,13 +1578,13 @@ 
            📌 Versioning
            
 
 
 
-
            See CHANGELOG.md for a list of releases.
            
+
            See CHANGELOG.md for a list of releases.
            
 
 
            📄 License
            
 
 
            The gem is available as open source under the terms of
            
-the MIT License License: MIT.
            
-See LICENSE.txt for the official Copyright Notice.
            
+the MIT License License: MIT.
            
+See LICENSE.txt for the official Copyright Notice.
            
 
 
            © Copyright
            
 
@@ -1636,7 +1636,7 @@ 
            Please give the project a star ⭐ ♥
 
            
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index a8f44a8d..4eef21eb 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
            Defined Under Namespace
            
 
 
       

From cf2853d9fa05999f88c9df8b1b3a8a3ed21c64e8 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 8 Nov 2025 04:35:11 -0700
Subject: [PATCH 642/645] =?UTF-8?q?=F0=9F=93=9D=20Update=20docs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              | 116 +----------
 docs/file.CHANGELOG.html                      |   4 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   4 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.IRP.html                            |   2 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           |   2 +-
 docs/file.README.html                         |  24 +--
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   6 +-
 docs/file.THREAT_MODEL.html                   |   2 +-
 docs/file_list.html                           | 190 ------------------
 docs/index.html                               |  24 +--
 docs/top-level-namespace.html                 |   2 +-
 31 files changed, 56 insertions(+), 360 deletions(-)

diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index ee8bb207..e66f2e01 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 2d2877fb..675af0af 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3083,7 +3083,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index d074b67a..4ed2e745 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index d2611fe5..d0bef00e 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index d70f829c..bd467387 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 42b859e8..1d24c918 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 50e00f3f..5ba6576f 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 2e328521..6a890d6b 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 1cd516b5..cc5b20fa 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
            Defined Under Namespace
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index a2d8d6d4..c6121f2a 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index a79f6bbe..39939fae 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index dda6f98d..2ecf97e2 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 5185db5f..4d4515be 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 634c8c96..8689a409 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 55cc2659..ec50a6ae 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 5a59b725..1f0525dd 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ 
            
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 9605364e..49e99f29 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -93,120 +93,6 @@ 
            File Listing
            
     
          • LICENSE
            • 
     
   
-    
          • CITATION
            • 
-    
-  
-    
          • CHANGELOG
            • 
-    
-  
-    
          • CODE_OF_CONDUCT
            • 
-    
-  
-    
          • CONTRIBUTING
            • 
-    
-  
-    
          • FUNDING
            • 
-    
-  
-    
          • IRP
            • 
-    
-  
-    
          • OIDC
            • 
-    
-  
-    
          • README
            • 
-    
-  
-    
          • RUBOCOP
            • 
-    
-  
-    
          • SECURITY
            • 
-    
-  
-    
          • THREAT_MODEL
            • 
-    
-  
-    
          • LICENSE
            • 
-    
-  
-    
          • oauth2-2.0.10.gem
            • 
-    
-  
-    
          • oauth2-2.0.11.gem
            • 
-    
-  
-    
          • oauth2-2.0.12.gem
            • 
-    
-  
-    
          • oauth2-2.0.13.gem
            • 
-    
-  
-    
          • oauth2-2.0.14.gem
            • 
-    
-  
-    
          • oauth2-2.0.15.gem
            • 
-    
-  
-    
          • oauth2-2.0.16.gem
            • 
-    
-  
-    
          • oauth2-2.0.17.gem
            • 
-    
-  
-    
          • oauth2-2.0.10.gem
            • 
-    
-  
-    
          • oauth2-2.0.11.gem
            • 
-    
-  
-    
          • oauth2-2.0.12.gem
            • 
-    
-  
-    
          • oauth2-2.0.13.gem
            • 
-    
-  
-    
          • oauth2-2.0.14.gem
            • 
-    
-  
-    
          • oauth2-2.0.15.gem
            • 
-    
-  
-    
          • oauth2-2.0.16.gem
            • 
-    
-  
-    
          • oauth2-2.0.17.gem
            • 
-    
-  
-    
          • REEK
            • 
-    
-  
-    
          • access_token
            • 
-    
-  
-    
          • authenticator
            • 
-    
-  
-    
          • client
            • 
-    
-  
-    
          • error
            • 
-    
-  
-    
          • filtered_attributes
            • 
-    
-  
-    
          • response
            • 
-    
-  
-    
          • strategy
            • 
-    
-  
-    
          • version
            • 
-    
-  
-    
          • oauth2
            • 
-    
-  
   
 
 
            
@@ -429,7 +315,7 @@ 
            Namespace Listing A-Z
            
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 8b60c52a..583b33a0 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -86,7 +86,7 @@ 
            Changed
            
 
              
   
            • 
 gh!685 - upgrade kettle-dev v1.1.24 by @pboling
              • 
-  
            • upgrade kettle-dev v1.1.51 by @pboling
+  
            • upgrade kettle-dev v1.1.52 by @pboling
     
                
       
              • Add open collective donors to README
                • 
     
              
@@ -1303,7 +1303,7 @@ 
              
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index b6386287..9b7d0779 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
              Attribution
              
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index c488d9cc..3b2e75d4 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -201,7 +201,7 @@ 
              Lint It
              
 
              bundle exec rake rubocop_gradual:autocorrect
 
              
 
-
              For more detailed information about using RuboCop in this project, please see the RUBOCOP.md guide. This project uses rubocop_gradual instead of vanilla RuboCop, which requires specific commands for checking violations.
              
+
              For more detailed information about using RuboCop in this project, please see the RUBOCOP.md guide. This project uses rubocop_gradual instead of vanilla RuboCop, which requires specific commands for checking violations.
              
 
 
              Important: Do not add inline RuboCop disables
              
 
@@ -304,7 +304,7 @@ 
              Manual process
              
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index af82a198..6b8226e8 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -99,7 +99,7 @@ 
              Another Way to Support Open
 
 
       
diff --git a/docs/file.IRP.html b/docs/file.IRP.html
index 5f842502..73e80163 100644
--- a/docs/file.IRP.html
+++ b/docs/file.IRP.html
@@ -211,7 +211,7 @@ 
              Appendix: Example checklist
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 249a86fc..f6480a01 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
              MIT License

              Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
              Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

              Permission is hereby granted, free of charge, to any person obtaining a copy
              of this software and associated documentation files (the "Software"), to deal
              in the Software without restriction, including without limitation the rights
              to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
              copies of the Software, and to permit persons to whom the Software is
              furnished to do so, subject to the following conditions:

              The above copyright notice and this permission notice shall be included in all
              copies or substantial portions of the Software.

              THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
              IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
              FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
              AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
              LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
              OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
              SOFTWARE.
              
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index 04d54e01..c54c8780 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -256,7 +256,7 @@ 
              Raw OIDC with ruby-oauth/oauth2
              
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index 6dc49cae..50815d28 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -305,7 +305,7 @@ 
              💡 Info you can shake a stick at
              
     
            
       Compliance
       
-License: MIT Compatible with Apache Software Projects: Verified by SkyWalking Eyes 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
+License: MIT Compatible with Apache Software Projects: Verified by SkyWalking Eyes 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
 
     
            
     
            
 
            
 
 
            NOTE: The 1.4 series will only receive critical security updates.
            
-See SECURITY.md and IRP.md.
            
+See SECURITY.md and IRP.md.
            
 
 
            ⚙️ Configuration
            
 
@@ -1409,7 +1409,7 @@ 
            OpenID Connect (OIDC) Notes
            
 
              
   
            • If the token response includes an id_token (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider’s JWKs to verify it.
              • 
   
            • For private_key_jwt client authentication, provide auth_scheme: :private_key_jwt and ensure your key configuration matches the provider requirements.
              • 
-  
            • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
              • 
+  
            • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
              • 
 
            
 
 
            Debugging
            
@@ -1490,21 +1490,21 @@ 
            🔐 Security
            
 
            To report a security vulnerability, please use the Tidelift security contact.
            
 Tidelift will coordinate the fix and disclosure.
            
 
-
            For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
            
+
            For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
            
 
 
            🤝 Contributing
            
 
 
            If you need some ideas of where to help, you could work on adding more code coverage,
            
-or if it is already 💯 (see below) check reek, issues, or PRs,
            
+or if it is already 💯 (see below) check reek, issues, or PRs,
            
 or use the gem and think about how it could be better.
            
 
 
            We Keep A Changelog so if you make changes, remember to update it.
            
 
-
            See CONTRIBUTING.md for more detailed instructions.
            
+
            See CONTRIBUTING.md for more detailed instructions.
            
 
 
            🚀 Release Instructions
            
 
-
            See CONTRIBUTING.md.
            
+
            See CONTRIBUTING.md.
            
 
 
            Code Coverage
            
 
@@ -1517,7 +1517,7 @@ 
            Code Coverage
            
 
            🪇 Code of Conduct
            
 
 
            Everyone interacting with this project’s codebases, issue trackers,
            
-chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
            
+chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
            
 
 
            🌈 Contributors
            
 
@@ -1578,13 +1578,13 @@ 
            📌 Versioning
            
 
 
 
-
            See CHANGELOG.md for a list of releases.
            
+
            See CHANGELOG.md for a list of releases.
            
 
 
            📄 License
            
 
 
            The gem is available as open source under the terms of
            
-the MIT License License: MIT.
            
-See LICENSE.txt for the official Copyright Notice.
            
+the MIT License License: MIT.
            
+See LICENSE.txt for the official Copyright Notice.
            
 
 
            © Copyright
            
 
@@ -1636,7 +1636,7 @@ 
            Please give the project a star ⭐ ♥
 
            
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index 5dfea70c..fa028a86 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
            Benefits of rubocop_gradual
            
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 66b36683..2ac3d53d 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -82,18 +82,18 @@ 
            Security contact information
            
 Tidelift security contact.
            
 Tidelift will coordinate the fix and disclosure.
            
 
-
            More detailed explanation of the process is in IRP.md
            
+
            More detailed explanation of the process is in IRP.md
            
 
 
            Additional Support
            
 
 
            If you are interested in support for versions older than the latest release,
            
 please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
            
-or find other sponsorship links in the README.
            
+or find other sponsorship links in the README.
            
 
 
 
       
diff --git a/docs/file.THREAT_MODEL.html b/docs/file.THREAT_MODEL.html
index da154235..054a049e 100644
--- a/docs/file.THREAT_MODEL.html
+++ b/docs/file.THREAT_MODEL.html
@@ -206,7 +206,7 @@ 
            8. References
            
 
 
       
diff --git a/docs/file_list.html b/docs/file_list.html
index b342b1fa..4fec7a08 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -102,196 +102,6 @@ 
            File List
            
   
   
 
-  
          • 
-    
            CITATION
            
-  
            • 
-  
-
-  
          • 
-    
            CHANGELOG
            
-  
            • 
-  
-
-  
          • 
-    
            CODE_OF_CONDUCT
            
-  
            • 
-  
-
-  
          • 
-    
            CONTRIBUTING
            
-  
            • 
-  
-
-  
          • 
-    
            FUNDING
            
-  
            • 
-  
-
-  
          • 
-    
            IRP
            
-  
            • 
-  
-
-  
          • 
-    
            OIDC
            
-  
            • 
-  
-
-  
          • 
-    
            README
            
-  
            • 
-  
-
-  
          • 
-    
            RUBOCOP
            
-  
            • 
-  
-
-  
          • 
-    
            SECURITY
            
-  
            • 
-  
-
-  
          • 
-    
            THREAT_MODEL
            
-  
            • 
-  
-
-  
          • 
-    
            LICENSE
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.10.gem
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.11.gem
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.12.gem
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.13.gem
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.14.gem
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.15.gem
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.16.gem
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.17.gem
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.10.gem
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.11.gem
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.12.gem
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.13.gem
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.14.gem
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.15.gem
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.16.gem
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2-2.0.17.gem
            
-  
            • 
-  
-
-  
          • 
-    
            REEK
            
-  
            • 
-  
-
-  
          • 
-    
            access_token
            
-  
            • 
-  
-
-  
          • 
-    
            authenticator
            
-  
            • 
-  
-
-  
          • 
-    
            client
            
-  
            • 
-  
-
-  
          • 
-    
            error
            
-  
            • 
-  
-
-  
          • 
-    
            filtered_attributes
            
-  
            • 
-  
-
-  
          • 
-    
            response
            
-  
            • 
-  
-
-  
          • 
-    
            strategy
            
-  
            • 
-  
-
-  
          • 
-    
            version
            
-  
            • 
-  
-
-  
          • 
-    
            oauth2
            
-  
            • 
-  
-
 
       
     
diff --git a/docs/index.html b/docs/index.html
index a6881b64..a522c14e 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -305,7 +305,7 @@ 
            💡 Info you can shake a stick at
            
     
            
       Compliance
       
-License: MIT Compatible with Apache Software Projects: Verified by SkyWalking Eyes 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
+License: MIT Compatible with Apache Software Projects: Verified by SkyWalking Eyes 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
 
     
            
     
            
 
            
 
 
            NOTE: The 1.4 series will only receive critical security updates.
            
-See SECURITY.md and IRP.md.
            
+See SECURITY.md and IRP.md.
            
 
 
            ⚙️ Configuration
            
 
@@ -1409,7 +1409,7 @@ 
            OpenID Connect (OIDC) Notes
            
 
              
   
            • If the token response includes an id_token (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider’s JWKs to verify it.
              • 
   
            • For private_key_jwt client authentication, provide auth_scheme: :private_key_jwt and ensure your key configuration matches the provider requirements.
              • 
-  
            • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
              • 
+  
            • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
              • 
 
            
 
 
            Debugging
            
@@ -1490,21 +1490,21 @@ 
            🔐 Security
            
 
            To report a security vulnerability, please use the Tidelift security contact.
            
 Tidelift will coordinate the fix and disclosure.
            
 
-
            For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
            
+
            For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
            
 
 
            🤝 Contributing
            
 
 
            If you need some ideas of where to help, you could work on adding more code coverage,
            
-or if it is already 💯 (see below) check reek, issues, or PRs,
            
+or if it is already 💯 (see below) check reek, issues, or PRs,
            
 or use the gem and think about how it could be better.
            
 
 
            We Keep A Changelog so if you make changes, remember to update it.
            
 
-
            See CONTRIBUTING.md for more detailed instructions.
            
+
            See CONTRIBUTING.md for more detailed instructions.
            
 
 
            🚀 Release Instructions
            
 
-
            See CONTRIBUTING.md.
            
+
            See CONTRIBUTING.md.
            
 
 
            Code Coverage
            
 
@@ -1517,7 +1517,7 @@ 
            Code Coverage
            
 
            🪇 Code of Conduct
            
 
 
            Everyone interacting with this project’s codebases, issue trackers,
            
-chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
            
+chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
            
 
 
            🌈 Contributors
            
 
@@ -1578,13 +1578,13 @@ 
            📌 Versioning
            
 
 
 
-
            See CHANGELOG.md for a list of releases.
            
+
            See CHANGELOG.md for a list of releases.
            
 
 
            📄 License
            
 
 
            The gem is available as open source under the terms of
            
-the MIT License License: MIT.
            
-See LICENSE.txt for the official Copyright Notice.
            
+the MIT License License: MIT.
            
+See LICENSE.txt for the official Copyright Notice.
            
 
 
            © Copyright
            
 
@@ -1636,7 +1636,7 @@ 
            Please give the project a star ⭐ ♥
 
            
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 4eef21eb..0e5416d9 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
            Defined Under Namespace
            
 
 
       

From b5753116121553d56937039dafc5ea472d9a99ed Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 8 Nov 2025 04:47:30 -0700
Subject: [PATCH 643/645] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=20v2.0?=
 =?UTF-8?q?.18?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

⚡️ A message from a fellow meat-based-AI ⚡️
- [❤️] Finely-crafted open-source tools like oauth2 (& many more) require time and effort.
- [❤️] Though I adore my work, it lacks financial sustainability.
- [❤️] Please, help me continue enhancing your tools by becoming a sponsor:
  - [💲] https://liberapay.com/pboling/donate
  - [💲] https://github.com/sponsors/pboling
---
 CHANGELOG.md                                  |   27 +-
 Gemfile.lock                                  |    2 +-
 docs/OAuth2.html                              |  425 ------
 docs/OAuth2/AccessToken.html                  |    2 +-
 docs/OAuth2/Authenticator.html                |  893 -----------
 docs/OAuth2/Client.html                       |  760 +---------
 docs/OAuth2/Error.html                        |  782 ----------
 docs/OAuth2/FilteredAttributes.html           |  345 -----
 .../FilteredAttributes/ClassMethods.html      |    2 +-
 docs/OAuth2/Response.html                     | 1264 +---------------
 docs/OAuth2/Strategy.html                     |  117 --
 docs/OAuth2/Strategy/Assertion.html           |  491 ------
 docs/OAuth2/Strategy/AuthCode.html            |  493 -------
 docs/OAuth2/Strategy/Base.html                |  205 ---
 docs/OAuth2/Strategy/ClientCredentials.html   |  353 -----
 docs/OAuth2/Strategy/Implicit.html            |  430 ------
 docs/OAuth2/Strategy/Password.html            |  384 -----
 docs/OAuth2/Version.html                      |    4 +-
 docs/_index.html                              |  325 ----
 docs/file.CHANGELOG.html                      | 1313 -----------------
 docs/file.CITATION.html                       |   92 --
 docs/file.CODE_OF_CONDUCT.html                |  201 ---
 docs/file.CONTRIBUTING.html                   |  314 ----
 docs/file.FUNDING.html                        |  109 --
 docs/file.IRP.html                            |    2 +-
 docs/file.LICENSE.html                        |   70 -
 docs/file.OIDC.html                           |  266 ----
 docs/file.README.html                         |   24 +-
 docs/file.REEK.html                           |   71 -
 docs/file.RUBOCOP.html                        |  171 ---
 docs/file.SECURITY.html                       |  103 --
 docs/file.THREAT_MODEL.html                   |  216 ---
 docs/file.access_token.html                   |   94 --
 docs/file.authenticator.html                  |   91 --
 docs/file.client.html                         |  121 --
 docs/file.error.html                          |   78 -
 docs/file.filtered_attributes.html            |   76 -
 docs/file.oauth2-2.0.10.gem.html              |   71 -
 docs/file.oauth2-2.0.11.gem.html              |   71 -
 docs/file.oauth2-2.0.12.gem.html              |   71 -
 docs/file.oauth2-2.0.13.gem.html              |    2 +-
 docs/file.oauth2-2.0.14.gem.html              |   71 -
 docs/file.oauth2-2.0.15.gem.html              |   71 -
 docs/file.oauth2-2.0.16.gem.html              |   71 -
 docs/file.oauth2-2.0.17.gem.html              |   71 -
 docs/file.oauth2.html                         |    2 +-
 docs/file.response.html                       |   87 --
 docs/file.strategy.html                       |  103 --
 docs/file.version.html                        |   75 -
 docs/file_list.html                           |  190 +++
 docs/frames.html                              |   22 -
 docs/index.html                               |   24 +-
 docs/method_list.html                         |  726 ---------
 docs/top-level-namespace.html                 |  110 --
 gemfiles/audit.gemfile                        |    2 +-
 gemfiles/coverage.gemfile                     |    2 +-
 gemfiles/current.gemfile                      |    2 +-
 gemfiles/dep_heads.gemfile                    |    2 +-
 gemfiles/head.gemfile                         |    2 +-
 gemfiles/ruby_2_3_hashie_v0.gemfile           |    2 +-
 gemfiles/ruby_2_3_hashie_v1.gemfile           |    2 +-
 gemfiles/ruby_2_3_hashie_v2.gemfile           |    2 +-
 gemfiles/ruby_2_3_hashie_v3.gemfile           |    2 +-
 gemfiles/ruby_2_3_hashie_v4.gemfile           |    2 +-
 gemfiles/ruby_2_3_hashie_v5.gemfile           |    2 +-
 gemfiles/ruby_2_4.gemfile                     |    2 +-
 gemfiles/ruby_2_5.gemfile                     |    2 +-
 gemfiles/ruby_2_6.gemfile                     |    2 +-
 gemfiles/ruby_2_7.gemfile                     |    4 +-
 gemfiles/ruby_3_0.gemfile                     |    2 +-
 gemfiles/ruby_3_1.gemfile                     |    2 +-
 gemfiles/ruby_3_2.gemfile                     |    2 +-
 gemfiles/ruby_3_3.gemfile                     |    2 +-
 gemfiles/style.gemfile                        |    2 +-
 gemfiles/unlocked_deps.gemfile                |    2 +-
 lib/oauth2/version.rb                         |    2 +-
 76 files changed, 269 insertions(+), 12331 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6f9fc707..01e26c92 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,25 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Added
 
+### Changed
+
+### Deprecated
+
+### Removed
+
+### Fixed
+
+### Security
+
+## [2.0.18] - 2025-11-08
+
+- TAG: [v2.0.18][2.0.18t]
+- COVERAGE: 100.00% -- 526/526 lines in 14 files
+- BRANCH COVERAGE: 100.00% -- 178/178 branches in 14 files
+- 90.48% documented
+
+### Added
+
 - [gh!683][gh!683], [gh!684][gh!684] - Improve documentation by @pboling
 - [gh!686][gh!686]- Add Incident Response Plan by @pboling
 - [gh!687][gh!687]- Add Threat Model by @pboling
@@ -30,10 +49,6 @@ Please file a bug if you notice a violation of semantic versioning.
 - upgrade kettle-dev v1.1.52 by @pboling
   - Add open collective donors to README
 
-### Deprecated
-
-### Removed
-
 ### Fixed
 
 - [gh!690][gh!690], [gh!691][gh!691], [gh!692][gh!692] - Add yard-fence
@@ -723,7 +738,9 @@ Please file a bug if you notice a violation of semantic versioning.
 
 [gemfiles/readme]: gemfiles/README.md
 
-[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.17...HEAD
+[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.18...HEAD
+[2.0.18]: https://github.com/ruby-oauth/oauth2/compare/v2.0.17...v2.0.18
+[2.0.18t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.18
 [2.0.17]: https://github.com/ruby-oauth/oauth2/compare/v2.0.16...v2.0.17
 [2.0.17t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.17
 [2.0.16]: https://github.com/ruby-oauth/oauth2/compare/v2.0.15...v2.0.16
diff --git a/Gemfile.lock b/Gemfile.lock
index 3087a5ed..936086a3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -13,7 +13,7 @@ GIT
 PATH
   remote: .
   specs:
-    oauth2 (2.0.17)
+    oauth2 (2.0.18)
       faraday (>= 0.17.3, < 4.0)
       jwt (>= 1.0, < 4.0)
       logger (~> 1.2)
diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index e66f2e01..e69de29b 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -1,425 +0,0 @@
-
-
-  
-    
-
-
-  Module: OAuth2
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Module: OAuth2
-  
-  
-  
-
            
-
            
-  
-
-  
-  
-  
-  
-  
-
-  
-
-  
-  
            
-    
            Defined in:
            
-    
            lib/oauth2.rb,
            
-  lib/oauth2/error.rb,
             lib/oauth2/client.rb,
             lib/oauth2/version.rb,
             lib/oauth2/response.rb,
             lib/oauth2/access_token.rb,
             lib/oauth2/authenticator.rb,
             lib/oauth2/strategy/base.rb,
             lib/oauth2/strategy/implicit.rb,
             lib/oauth2/strategy/password.rb,
             lib/oauth2/strategy/assertion.rb,
             lib/oauth2/strategy/auth_code.rb,
             lib/oauth2/filtered_attributes.rb,
             lib/oauth2/strategy/client_credentials.rb            
-
            
-  
            
-  
-
            
-
-
            Overview
            
-  
            
-    
            :nocov:
            
-
-
-  
            
-
            
-
            
-  
-
-
            Defined Under Namespace
            
-
            
-  
-    
-      Modules: FilteredAttributes, Strategy, Version
-    
-  
-    
-      Classes: AccessToken, Authenticator, Client, Error, Response
-    
-  
-
            
-
-  
-    
            
-      Constant Summary
-      collapse
-    
            
-
-    
            
-      
-        
            OAUTH_DEBUG =
-          
            
-  
            
-    
            When true, enables verbose HTTP logging via Faraday’s logger middleware.
            
-Controlled by the OAUTH_DEBUG environment variable. Any case-insensitive
            
-value equal to “true” will enable debugging.
            
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (Boolean)
-      
-      
-      
-    
              • 
-  
-
            
-
-
            
-        
            
-        
            ENV.fetch("OAUTH_DEBUG", "false").casecmp("true").zero?
            
-      
-        
            DEFAULT_CONFIG =
-          
            
-  
            
-    
            Default configuration values for the oauth2 library.
            
-
-
-  
            
-
            
-
            
-  
-  
            
-    
            Examples:
            
-    
-      
-        
            Toggle warnings
            
-
            
-      
-      
            OAuth2.configure do |config|
-  config[:silence_extra_tokens_warning] = false
-  config[:silence_no_tokens_warning] = false
-end
            
-    
-  
            
-
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (SnakyHash::SymbolKeyed)
-      
-      
-      
-        —
-        
              A mutable Hash-like config with symbol keys
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-        
            
-        
            SnakyHash::SymbolKeyed.new(
-  silence_extra_tokens_warning: true,
-  silence_no_tokens_warning: true,
-)
            
-      
-        
            ConnectionError =
-          
-        
            
-        
            Class.new(Faraday::ConnectionFailed)
            
-      
-        
            TimeoutError =
-          
-        
            
-        
            Class.new(Faraday::TimeoutError)
            
-      
-    
            
-  
-
-
-
-
-  
            Class Attribute Summary collapse
            
-  
-
-
-
-
-  
-    
            
-      Class Method Summary
-      collapse
-    
            
-
-    
-  
-
-
-  
            
-    
            Class Attribute Details
            
-    
-      
-      
-      
            
-  
            
-  
-    .configSnakyHash::SymbolKeyed  (readonly)
-  
-
-  
-
-  
-
            
-  
            
-    
            Access the current configuration.
            
-
-
            Prefer using configure to mutate configuration.
            
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (SnakyHash::SymbolKeyed)
-      
-      
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-63
-64
-65
            
-                		
-      
            # File 'lib/oauth2.rb', line 63
-
-def config
-  @config
-end
            
-    
            
-
            
-    
-  
            
-
-
-  
            
-    
            Class Method Details
            
-
-    
-      
            
-  
            
-  
-    .configure {|config| ... } ⇒ void 
-  
-
-  
-
-  
-
            
-  
            
-    
            This method returns an undefined value.
            Configure global library behavior.
            
-
-
            Yields the mutable configuration object so callers can update settings.
            
-
-
-  
            
-
            
-
            
-  
-
            Yield Parameters:
            
-
              
-  
-    
            • 
-      
-        config
-      
-      
-        (SnakyHash::SymbolKeyed)
-      
-      
-      
-        —
-        
              the configuration object
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-72
-73
-74
            
-                		
-      
            # File 'lib/oauth2.rb', line 72
-
-def configure
-  yield @config
-end
            
-    
            
-
            
-    
-  
            
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index 675af0af..733a4c74 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3083,7 +3083,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 4ed2e745..e69de29b 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -1,893 +0,0 @@
-
-
-  
-    
-
-
-  Class: OAuth2::Authenticator
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Class: OAuth2::Authenticator
-  
-  
-  
-
            
-
            
-  
-  
            
-    
            Inherits:
            
-    
            
-      Object
-      
-        
              
-          
            • Object
              • 
-          
-            
-          
-        
            
-        show all
-      
-    
            
-  
            
-  
-
-  
-  
-  
-  
-  
            
-      
            Includes:
            
-      
            FilteredAttributes
            
-  
            
-  
-  
-
-  
-
-  
-  
            
-    
            Defined in:
            
-    
            lib/oauth2/authenticator.rb
            
-  
            
-  
-
            
-
-
            Overview
            
-  
            
-    
            Builds and applies client authentication to token and revoke requests.
            
-
-
            Depending on the selected mode, credentials are applied as Basic Auth
            
-headers, request body parameters, or only the client_id is sent (TLS).
            
-
-
-  
            
-
            
-
            
-  
-
-
            
-
-
-
-  
            Instance Attribute Summary collapse
            
-  
-
-
-
-
-  
-    
            
-      Class Method Summary
-      collapse
-    
            
-
-    
-  
-    
            
-      Instance Method Summary
-      collapse
-    
            
-
-    
-  
-
-
-  
-  
-  
-  
-  
-  
-  
-  
-  
            Methods included from FilteredAttributes
            
-  
            included, #inspect
            
-
            
-  
            Constructor Details
            
-  
-    
            
-  
            
-  
-    #initialize(id, secret, mode)  ⇒ Authenticator 
-  
-
-  
-
-  
-
            
-  
            
-    
            Create a new Authenticator
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        id
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Client identifier
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        secret
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Client secret
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        mode
-      
-      
-        (Symbol, String)
-      
-      
-      
-        —
-        
              Authentication mode
              
-
              
-      
-    
              • 
-  
-
            
-
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-24
-25
-26
-27
-28
            
-                		
-      
            # File 'lib/oauth2/authenticator.rb', line 24
-
-def initialize(id, secret, mode)
-  @id = id
-  @secret = secret
-  @mode = mode
-end
            
-    
            
-
            
-  
-
            
-
-  
            
-    
            Instance Attribute Details
            
-    
-      
-      
-      
            
-  
            
-  
-    #idSymbol, ...  (readonly)
-  
-
-  
-
-  
-
            
-  
            
-    
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (Symbol, String)
-      
-      
-      
-        —
-        
              Authentication mode (e.g., :basic_auth, :request_body, :tls_client_auth, :private_key_jwt)
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Client identifier
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Client secret (filtered in inspected output)
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-16
-17
-18
            
-                		
-      
            # File 'lib/oauth2/authenticator.rb', line 16
-
-def id
-  @id
-end
            
-    
            
-
            
-    
-      
-      
-      
            
-  
            
-  
-    #modeSymbol, ...  (readonly)
-  
-
-  
-
-  
-
            
-  
            
-    
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (Symbol, String)
-      
-      
-      
-        —
-        
              Authentication mode (e.g., :basic_auth, :request_body, :tls_client_auth, :private_key_jwt)
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Client identifier
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Client secret (filtered in inspected output)
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-16
-17
-18
            
-                		
-      
            # File 'lib/oauth2/authenticator.rb', line 16
-
-def mode
-  @mode
-end
            
-    
            
-
            
-    
-      
-      
-      
            
-  
            
-  
-    #secretSymbol, ...  (readonly)
-  
-
-  
-
-  
-
            
-  
            
-    
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (Symbol, String)
-      
-      
-      
-        —
-        
              Authentication mode (e.g., :basic_auth, :request_body, :tls_client_auth, :private_key_jwt)
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Client identifier
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Client secret (filtered in inspected output)
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-16
-17
-18
            
-                		
-      
            # File 'lib/oauth2/authenticator.rb', line 16
-
-def secret
-  @secret
-end
            
-    
            
-
            
-    
-  
            
-
-
-  
            
-    
            Class Method Details
            
-
-    
-      
            
-  
            
-  
-    .encode_basic_auth(user, password)  ⇒ String 
-  
-
-  
-
-  
-
            
-  
            
-    
            Encodes a Basic Authorization header value for the provided credentials.
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        user
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              The client identifier
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        password
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              The client secret
              
-
              
-      
-    
              • 
-  
-
            
-
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              The value to use for the Authorization header
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-59
-60
-61
            
-                		
-      
            # File 'lib/oauth2/authenticator.rb', line 59
-
-def self.encode_basic_auth(user, password)
-  "Basic #{Base64.strict_encode64("#{user}:#{password}")}"
-end
            
-    
            
-
            
-    
-  
            
-
-  
            
-    
            Instance Method Details
            
-
-    
-      
            
-  
            
-  
-    #apply(params)  ⇒ Hash 
-  
-
-  
-
-  
-
            
-  
            
-    
            Apply the request credentials used to authenticate to the Authorization Server
            
-
-
            Depending on the configuration, this might be as request params or as an
            
-Authorization header.
            
-
-
            User-provided params and header take precedence.
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        params
-      
-      
-        (Hash)
-      
-      
-      
-        —
-        
              a Hash of params for the token endpoint
              
-
              
-      
-    
              • 
-  
-
            
-
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (Hash)
-      
-      
-      
-        —
-        
              params amended with appropriate authentication details
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-39
-40
-41
-42
-43
-44
-45
-46
-47
-48
-49
-50
-51
-52
            
-                		
-      
            # File 'lib/oauth2/authenticator.rb', line 39
-
-def apply(params)
-  case mode.to_sym
-  when :basic_auth
-    apply_basic_auth(params)
-  when :request_body
-    apply_params_auth(params)
-  when :tls_client_auth
-    apply_client_id(params)
-  when :private_key_jwt
-    params
-  else
-    raise NotImplementedError
-  end
-end
            
-    
            
-
            
-    
-  
            
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index d0bef00e..ac07320c 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -1905,762 +1905,4 @@ 
            
       
            # File 'lib/oauth2/client.rb', line 339
 
 def redirection_params
-  if options[:redirect_uri]
-    {"redirect_uri" => options[:redirect_uri]}
-  else
-    {}
-  end
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #request(verb, url, req_opts = {}) {|req| ... } ⇒ OAuth2::Response 
-  
-
-  
-
-  
-
            
-  
            
-    
            Makes a request relative to the specified site root.
            
-
-
            Updated HTTP 1.1 specification (IETF RFC 7231) relaxed the original constraint (IETF RFC 2616),
            
-  allowing the use of relative URLs in Location headers.
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        verb
-      
-      
-        (Symbol)
-      
-      
-      
-        —
-        
              one of [:get, :post, :put, :delete]
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        url
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              URL path of request
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        req_opts
-      
-      
-        (Hash)
-      
-      
-        (defaults to: {})
-      
-      
-        —
-        
              the options to make the request with
              
-
              
-      
-    
              • 
-  
-
            
-
-  
-    
-    
-    
-    
-    
-    
-    
            Options Hash (req_opts):
            
-    
              
-      
-        
            • 
-          :params
-          (Hash)
-          
-            
-          
-          
-            — 
              additional query parameters for the URL of the request
              
-
              
-          
-        
              • 
-      
-        
            • 
-          :body
-          (Hash, String)
-          
-            
-          
-          
-            — 
              the body of the request
              
-
              
-          
-        
              • 
-      
-        
            • 
-          :headers
-          (Hash)
-          
-            
-          
-          
-            — 
              http request headers
              
-
              
-          
-        
              • 
-      
-        
            • 
-          :raise_errors
-          (Boolean)
-          
-            
-          
-          
-            — 
              whether to raise an OAuth2::Error on 400+ status
              
-code response for this request.  Overrides the client instance setting.
              
-
              
-          
-        
              • 
-      
-        
            • 
-          :parse
-          (Symbol)
-          
-            
-          
-          
-            — 
              @see Response::initialize
              
-
              
-          
-        
              • 
-      
-        
            • 
-          :snaky
-          (Boolean)
-          
-            
-              — default:
-              true
-            
-          
-          
-            — 
              @see Response::initialize
              
-
              
-          
-        
              • 
-      
-    
            
-  
-
-
            Yields:
            
-
              
-  
-    
            • 
-      
-      
-        (req)
-      
-      
-      
-        —
-        
              The block is passed the request being made, allowing customization
              
-
              
-      
-    
              • 
-  
-
            
-
            Yield Parameters:
            
-
              
-  
-    
            • 
-      
-        req
-      
-      
-        (Faraday::Request)
-      
-      
-      
-        —
-        
              The request object that can be modified
              
-
              
-      
-    
              • 
-  
-
            
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (OAuth2::Response)
-      
-      
-      
-        —
-        
              the response from the request
              
-
              
-      
-    
              • 
-  
-
            
-
-  
            See Also:
            
-  
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-146
-147
-148
-149
-150
-151
-152
-153
-154
-155
-156
-157
-158
-159
-160
-161
-162
-163
-164
-165
-166
-167
-168
-169
-170
-171
-172
-173
-174
-175
-176
-177
-178
-179
-180
-181
-182
            
-                		
-      
            # File 'lib/oauth2/client.rb', line 146
-
-def request(verb, url, req_opts = {}, &block)
-  response = execute_request(verb, url, req_opts, &block)
-  status = response.status
-
-  case status
-  when 301, 302, 303, 307
-    req_opts[:redirect_count] ||= 0
-    req_opts[:redirect_count] += 1
-    return response if req_opts[:redirect_count] > options[:max_redirects]
-
-    if status == 303
-      verb = :get
-      req_opts.delete(:body)
-    end
-    location = response.headers["location"]
-    if location
-      full_location = response.response.env.url.merge(location)
-      request(verb, full_location, req_opts)
-    else
-      error = Error.new(response)
-      raise(error, "Got #{status} status code, but no Location header was present")
-    end
-  when 200..299, 300..399
-    # on non-redirecting 3xx statuses, return the response
-    response
-  when 400..599
-    if req_opts.fetch(:raise_errors, options[:raise_errors])
-      error = Error.new(response)
-      raise(error)
-    end
-
-    response
-  else
-    error = Error.new(response)
-    raise(error, "Unhandled status code value of #{status}")
-  end
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #revoke_token(token, token_type_hint = nil, params = {}) {|req| ... } ⇒ OAuth2::Response 
-  
-
-  
-
-  
-
            
-  
            
-    
-  
            
-    Note:
-    
            If the token passed to the request
            
-is an access token, the server MAY revoke the respective refresh
            
-token as well.
            
-
            
-  
            
-
-  
            
-    Note:
-    
            If the token passed to the request
            
-is a refresh token and the authorization server supports the
            
-revocation of access tokens, then the authorization server SHOULD
            
-also invalidate all access tokens based on the same authorization
            
-grant
            
-
            
-  
            
-
-  
            
-    Note:
-    
            If the server responds with HTTP status code 503, your code must
            
-assume the token still exists and may retry after a reasonable delay.
            
-The server may include a “Retry-After” header in the response to
            
-indicate how long the service is expected to be unavailable to the
            
-requesting client.
            
-
            
-  
            
-
-
            Makes a request to revoke a token at the authorization server
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        token
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              The token to be revoked
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        token_type_hint
-      
-      
-        (String, nil)
-      
-      
-        (defaults to: nil)
-      
-      
-        —
-        
              A hint about the type of the token being revoked (e.g., ‘access_token’ or ‘refresh_token’)
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        params
-      
-      
-        (Hash)
-      
-      
-        (defaults to: {})
-      
-      
-        —
-        
              additional parameters for the token revocation
              
-
              
-      
-    
              • 
-  
-
            
-
-  
-    
-    
-    
-    
-    
-    
-    
            Options Hash (params):
            
-    
              
-      
-        
            • 
-          :parse
-          (Symbol)
-          
-            
-              — default:
-              :automatic
-            
-          
-          
-            — 
              parsing strategy for the response
              
-
              
-          
-        
              • 
-      
-        
            • 
-          :snaky
-          (Boolean)
-          
-            
-              — default:
-              true
-            
-          
-          
-            — 
              whether to convert response keys to snake_case
              
-
              
-          
-        
              • 
-      
-        
            • 
-          :token_method
-          (Symbol)
-          
-            
-              — default:
-              :post_with_query_string
-            
-          
-          
-            — 
              overrides OAuth2::Client#options[:token_method]
              
-
              
-          
-        
              • 
-      
-        
            • 
-          :headers
-          (Hash)
-          
-            
-          
-          
-            — 
              Additional request headers
              
-
              
-          
-        
              • 
-      
-    
            
-  
-
-
            Yields:
            
-
              
-  
-    
            • 
-      
-      
-        (req)
-      
-      
-      
-        —
-        
              The block is passed the request being made, allowing customization
              
-
              
-      
-    
              • 
-  
-
            
-
            Yield Parameters:
            
-
              
-  
-    
            • 
-      
-        req
-      
-      
-        (Faraday::Request)
-      
-      
-      
-        —
-        
              The request object that can be modified
              
-
              
-      
-    
              • 
-  
-
            
-
            Returns:
            
-
-
-  
            See Also:
            
-  
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-257
-258
-259
-260
-261
-262
-263
-264
-265
            
-                		
-      
            # File 'lib/oauth2/client.rb', line 257
-
-def revoke_token(token, token_type_hint = nil, params = {}, &block)
-  params[:token_method] ||= :post_with_query_string
-  params[:token] = token
-  params[:token_type_hint] = token_type_hint if token_type_hint
-
-  req_opts = params_to_req_opts(params)
-
-  request(http_method, revoke_url, req_opts, &block)
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #revoke_url(params = nil)  ⇒ String 
-  
-
-  
-
-  
-
            
-  
            
-    
            The revoke endpoint URL of the OAuth2 provider
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        params
-      
-      
-        (Hash, nil)
-      
-      
-        (defaults to: nil)
-      
-      
-        —
-        
              additional query parameters
              
-
              
-      
-    
              • 
-  
-
            
-
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              the constructed revoke URL
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-119
-120
-121
            
-                		
-      
            # File 'lib/oauth2/client.rb', line 119
-
-def revoke_url(params = nil)
-  connection.build_url(options[:revoke_url], params).to_s
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #token_url(params = nil)  ⇒ String 
-  
-
-  
-
-  
-
            
-  
            
-    
            The token endpoint URL of the OAuth2 provider
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        params
-      
-      
-        (Hash, nil)
-      
-      
-        (defaults to: nil)
-      
-      
-        —
-        
              additional query parameters
              
-
              
-      
-    
              • 
-  
-
            
-
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              the constructed token URL
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-111
-112
-113
            
-                		
-      
            # File 'lib/oauth2/client.rb', line 111
-
-def token_url(params = nil)
-  connection.build_url(options[:token_url], params).to_s
-end
            
-    
            
-
            
-    
-  
-
-
-
-      
-
-    
-  
-
\ No newline at end of file
+  if opt
\ No newline at end of file
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index bd467387..e69de29b 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -1,782 +0,0 @@
-
-
-  
-    
-
-
-  Exception: OAuth2::Error
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Exception: OAuth2::Error
-  
-  
-  
-
            
-
            
-  
-  
            
-    
            Inherits:
            
-    
            
-      StandardError
-      
-        
              
-          
            • Object
              • 
-          
-            
-          
-            
-          
-        
            
-        show all
-      
-    
            
-  
            
-  
-
-  
-  
-  
-  
-  
-
-  
-
-  
-  
            
-    
            Defined in:
            
-    
            lib/oauth2/error.rb
            
-  
            
-  
-
            
-
-
            Overview
            
-  
            
-    
            Represents an OAuth2 error condition.
            
-
-
            Wraps details from an OAuth2::Response or Hash payload returned by an
            
-authorization server, exposing error code and description per RFC 6749.
            
-
-
-  
            
-
            
-
            
-  
-
-
            
-
-
-
-  
            Instance Attribute Summary collapse
            
-  
-
-
-
-
-  
-    
            
-      Instance Method Summary
-      collapse
-    
            
-
-    
-  
-
-
-  
            
-  
            Constructor Details
            
-  
-    
            
-  
            
-  
-    #initialize(response)  ⇒ Error 
-  
-
-  
-
-  
-
            
-  
            
-    
            Create a new OAuth2::Error
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        response
-      
-      
-        (OAuth2::Response, Hash, Object)
-      
-      
-      
-        —
-        
              A Response or error payload
              
-
              
-      
-    
              • 
-  
-
            
-
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-18
-19
-20
-21
-22
-23
-24
-25
-26
-27
-28
-29
-30
-31
-32
-33
-34
-35
-36
            
-                		
-      
            # File 'lib/oauth2/error.rb', line 18
-
-def initialize(response)
-  @response = response
-  if response.respond_to?(:parsed)
-    if response.parsed.is_a?(Hash)
-      @code = response.parsed["error"]
-      @description = response.parsed["error_description"]
-    end
-  elsif response.is_a?(Hash)
-    @code = response["error"]
-    @description = response["error_description"]
-  end
-  @body = if response.respond_to?(:body)
-    response.body
-  else
-    @response
-  end
-  message_opts = parse_error_description(@code, @description)
-  super(error_message(@body, message_opts))
-end
            
-    
            
-
            
-  
-
            
-
-  
            
-    
            Instance Attribute Details
            
-    
-      
-      
-      
            
-  
            
-  
-    #bodyOAuth2::Response, ...  (readonly)
-  
-
-  
-
-  
-
            
-  
            
-    
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (OAuth2::Response, Hash, Object)
-      
-      
-      
-        —
-        
              Original response or payload used to build the error
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              Raw body content (if available)
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Error code (e.g., ‘invalid_grant’)
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Human-readable description for the error
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-13
-14
-15
            
-                		
-      
            # File 'lib/oauth2/error.rb', line 13
-
-def body
-  @body
-end
            
-    
            
-
            
-    
-      
-      
-      
            
-  
            
-  
-    #codeOAuth2::Response, ...  (readonly)
-  
-
-  
-
-  
-
            
-  
            
-    
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (OAuth2::Response, Hash, Object)
-      
-      
-      
-        —
-        
              Original response or payload used to build the error
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              Raw body content (if available)
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Error code (e.g., ‘invalid_grant’)
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Human-readable description for the error
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-13
-14
-15
            
-                		
-      
            # File 'lib/oauth2/error.rb', line 13
-
-def code
-  @code
-end
            
-    
            
-
            
-    
-      
-      
-      
            
-  
            
-  
-    #descriptionOAuth2::Response, ...  (readonly)
-  
-
-  
-
-  
-
            
-  
            
-    
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (OAuth2::Response, Hash, Object)
-      
-      
-      
-        —
-        
              Original response or payload used to build the error
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              Raw body content (if available)
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Error code (e.g., ‘invalid_grant’)
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Human-readable description for the error
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-13
-14
-15
            
-                		
-      
            # File 'lib/oauth2/error.rb', line 13
-
-def description
-  @description
-end
            
-    
            
-
            
-    
-      
-      
-      
            
-  
            
-  
-    #responseOAuth2::Response, ...  (readonly)
-  
-
-  
-
-  
-
            
-  
            
-    
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (OAuth2::Response, Hash, Object)
-      
-      
-      
-        —
-        
              Original response or payload used to build the error
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              Raw body content (if available)
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Error code (e.g., ‘invalid_grant’)
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              Human-readable description for the error
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-13
-14
-15
            
-                		
-      
            # File 'lib/oauth2/error.rb', line 13
-
-def response
-  @response
-end
            
-    
            
-
            
-    
-  
            
-
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 1d24c918..e69de29b 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -1,345 +0,0 @@
-
-
-  
-    
-
-
-  Module: OAuth2::FilteredAttributes
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Module: OAuth2::FilteredAttributes
-  
-  
-  
-
            
-
            
-  
-
-  
-  
-  
-  
-  
-
-  
-  
            
-    
            Included in:
            
-    
            AccessToken, Authenticator, Client
            
-  
            
-  
-
-  
-  
            
-    
            Defined in:
            
-    
            lib/oauth2/filtered_attributes.rb
            
-  
            
-  
-
            
-
-
            Overview
            
-  
            
-    
            Mixin that redacts sensitive instance variables in #inspect output.
            
-
-
            Classes include this module and declare which attributes should be filtered
            
-using filtered_attributes. Any instance variable name that includes one of
            
-those attribute names will be shown as [FILTERED] in the object’s inspect.
            
-
-
-  
            
-
            
-
            
-  
-
-
            Defined Under Namespace
            
-
            
-  
-    
-      Modules: ClassMethods
-    
-  
-    
-  
-
            
-
-
-
-
-
-
-
-  
-    
            
-      Class Method Summary
-      collapse
-    
            
-
-    
-  
-    
            
-      Instance Method Summary
-      collapse
-    
            
-
-    
              
-      
-        
            • 
-  
-    
-      #inspect  ⇒ String 
-    
-
-    
-  
-  
-  
-  
-  
-  
-  
-  
-
-  
-    
              Custom inspect that redacts configured attributes.
              
-
              
-  
-
              • 
-
-      
-    
            
-  
-
-
-
-  
            
-    
            Class Method Details
            
-
-    
-      
            
-  
            
-  
-    .included(base)  ⇒ void 
-  
-
-  
-
-  
-
            
-  
            
-    
            This method returns an undefined value.
            Hook invoked when the module is included. Extends the including class with
            
-class-level helpers.
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        base
-      
-      
-        (Class)
-      
-      
-      
-        —
-        
              The including class
              
-
              
-      
-    
              • 
-  
-
            
-
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-13
-14
-15
            
-                		
-      
            # File 'lib/oauth2/filtered_attributes.rb', line 13
-
-def self.included(base)
-  base.extend(ClassMethods)
-end
            
-    
            
-
            
-    
-  
            
-
-  
            
-    
            Instance Method Details
            
-
-    
-      
            
-  
            
-  
-    #inspectString 
-  
-
-  
-
-  
-
            
-  
            
-    
            Custom inspect that redacts configured attributes.
            
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (String)
-      
-      
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-38
-39
-40
-41
-42
-43
-44
-45
-46
-47
-48
-49
-50
            
-                		
-      
            # File 'lib/oauth2/filtered_attributes.rb', line 38
-
-def inspect
-  filtered_attribute_names = self.class.filtered_attribute_names
-  return super if filtered_attribute_names.empty?
-
-  inspected_vars = instance_variables.map do |var|
-    if filtered_attribute_names.any? { |filtered_var| var.to_s.include?(filtered_var.to_s) }
-      "#{var}=[FILTERED]"
-    else
-      "#{var}=#{instance_variable_get(var).inspect}"
-    end
-  end
-  "#<#{self.class}:#{object_id} #{inspected_vars.join(", ")}>"
-end
            
-    
            
-
            
-    
-  
            
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index 5ba6576f..c37b47e7 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
            
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 6a890d6b..388127f3 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -364,1266 +364,4 @@ 
            
         
          • 
   
     
-      .register_parser(key, mime_types) {|String| ... } ⇒ void 
-    
-
-    
-  
-  
-  
-  
-  
-  
-  
-  
-
-  
-    
            Adds a new content type parser.
            
-
            
-  
-
            • 
-
-      
-    
-  
-    
            
-      Instance Method Summary
-      collapse
-    
            
-
-    
-  
-
-
            
-  
            Constructor Details
            
-  
-    
            
-  
            
-  
-    #initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil, **options)  ⇒ OAuth2::Response 
-  
-
-  
-
-  
-
            
-  
            
-    
            Initializes a Response instance
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        response
-      
-      
-        (Faraday::Response)
-      
-      
-      
-        —
-        
              The Faraday response instance
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        parse
-      
-      
-        (Symbol)
-      
-      
-        (defaults to: :automatic)
-      
-      
-        —
-        
              (:automatic) How to parse the response body
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        snaky
-      
-      
-        (Boolean)
-      
-      
-        (defaults to: true)
-      
-      
-        —
-        
              (true) Whether to convert parsed response to snake_case using SnakyHash
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        snaky_hash_klass
-      
-      
-        (Class, nil)
-      
-      
-        (defaults to: nil)
-      
-      
-        —
-        
              (nil) Custom class for snake_case hash conversion
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        options
-      
-      
-        (Hash)
-      
-      
-      
-        —
-        
              Additional options for the response
              
-
              
-      
-    
              • 
-  
-
            
-
-  
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
            Options Hash (**options):
            
-    
              
-      
-        
            • 
-          :parse
-          (Symbol)
-          
-            
-              — default:
-              :automatic
-            
-          
-          
-            — 
              Parse strategy (:query, :json, or :automatic)
              
-
              
-          
-        
              • 
-      
-        
            • 
-          :snaky
-          (Boolean)
-          
-            
-              — default:
-              true
-            
-          
-          
-            — 
              Enable/disable snake_case conversion
              
-
              
-          
-        
              • 
-      
-        
            • 
-          :snaky_hash_klass
-          (Class)
-          
-            
-              — default:
-              SnakyHash::StringKeyed
-            
-          
-          
-            — 
              Class to use for hash conversion
              
-
              
-          
-        
              • 
-      
-    
            
-  
-
-
            Since:
            
-
              
-  
-    
            • 
-      
-      
-      
-      
-        
-        
              1.0.0
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-72
-73
-74
-75
-76
-77
-78
-79
            
-                		
-      
            # File 'lib/oauth2/response.rb', line 72
-
-def initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil, **options)
-  @response = response
-  @options = {
-    parse: parse,
-    snaky: snaky,
-    snaky_hash_klass: snaky_hash_klass,
-  }.merge(options)
-end
            
-    
            
-
            
-  
-
            
-
-  
            
-    
            Instance Attribute Details
            
-    
-      
-      
-      
            
-  
            
-  
-    #optionsHash 
-  
-
-  
-
-  
-
            
-  
            
-    
            Returns The options hash for this instance.
            
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (Hash)
-      
-      
-      
-        —
-        
              The options hash for this instance
              
-
              
-      
-    
              • 
-  
-
            
-
            Since:
            
-
              
-  
-    
            • 
-      
-      
-      
-      
-        
-        
              1.0.0
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-26
-27
-28
            
-                		
-      
            # File 'lib/oauth2/response.rb', line 26
-
-def options
-  @options
-end
            
-    
            
-
            
-    
-      
-      
-      
            
-  
            
-  
-    #responseFaraday::Response  (readonly)
-  
-
-  
-
-  
-
            
-  
            
-    
            Returns The raw Faraday response object.
            
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (Faraday::Response)
-      
-      
-      
-        —
-        
              The raw Faraday response object
              
-
              
-      
-    
              • 
-  
-
            
-
            Since:
            
-
              
-  
-    
            • 
-      
-      
-      
-      
-        
-        
              1.0.0
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-23
-24
-25
            
-                		
-      
            # File 'lib/oauth2/response.rb', line 23
-
-def response
-  @response
-end
            
-    
            
-
            
-    
-  
            
-
-
-  
            
-    
            Class Method Details
            
-
-    
-      
            
-  
            
-  
-    .register_parser(key, mime_types) {|String| ... } ⇒ void 
-  
-
-  
-
-  
-
            
-  
            
-    
            This method returns an undefined value.
            Adds a new content type parser.
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        key
-      
-      
-        (Symbol)
-      
-      
-      
-        —
-        
              A descriptive symbol key such as :json or :query
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        mime_types
-      
-      
-        (Array<String>, String)
-      
-      
-      
-        —
-        
              One or more mime types to which this parser applies
              
-
              
-      
-    
              • 
-  
-
            
-
-
            Yields:
            
-
              
-  
-    
            • 
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              Block that will be called to parse the response body
              
-
              
-      
-    
              • 
-  
-
            
-
            Yield Parameters:
            
-
              
-  
-    
            • 
-      
-        body
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              The response body to parse
              
-
              
-      
-    
              • 
-  
-
            
-
            Since:
            
-
              
-  
-    
            • 
-      
-      
-      
-      
-        
-        
              1.0.0
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-53
-54
-55
-56
-57
-58
-59
            
-                		
-      
            # File 'lib/oauth2/response.rb', line 53
-
-def self.register_parser(key, mime_types, &block)
-  key = key.to_sym
-  @@parsers[key] = block
-  Array(mime_types).each do |mime_type|
-    @@content_types[mime_type] = key
-  end
-end
            
-    
            
-
            
-    
-  
            
-
-  
            
-    
            Instance Method Details
            
-
-    
-      
            
-  
            
-  
-    #bodyString 
-  
-
-  
-
-  
-
            
-  
            
-    
            The HTTP response body
            
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              The response body or empty string if nil
              
-
              
-      
-    
              • 
-  
-
            
-
            Since:
            
-
              
-  
-    
            • 
-      
-      
-      
-      
-        
-        
              1.0.0
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-98
-99
-100
            
-                		
-      
            # File 'lib/oauth2/response.rb', line 98
-
-def body
-  response.body || ""
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #content_typeString? 
-  
-
-  
-
-  
-
            
-  
            
-    
            Determines the content type of the response
            
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (String, nil)
-      
-      
-      
-        —
-        
              The content type or nil if headers are not present
              
-
              
-      
-    
              • 
-  
-
            
-
            Since:
            
-
              
-  
-    
            • 
-      
-      
-      
-      
-        
-        
              1.0.0
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-132
-133
-134
-135
-136
            
-                		
-      
            # File 'lib/oauth2/response.rb', line 132
-
-def content_type
-  return unless response.headers
-
-  ((response.headers.values_at("content-type", "Content-Type").compact.first || "").split(";").first || "").strip.downcase
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #headersHash 
-  
-
-  
-
-  
-
            
-  
            
-    
            The HTTP response headers
            
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (Hash)
-      
-      
-      
-        —
-        
              The response headers
              
-
              
-      
-    
              • 
-  
-
            
-
            Since:
            
-
              
-  
-    
            • 
-      
-      
-      
-      
-        
-        
              1.0.0
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-84
-85
-86
            
-                		
-      
            # File 'lib/oauth2/response.rb', line 84
-
-def headers
-  response.headers
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #parsedObject, ... 
-  
-
-  
-
-  
-
            
-  
            
-    
            The parsed response body
            
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (Object, SnakyHash::StringKeyed)
-      
-      
-      
-        —
-        
              The parsed response body
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (nil)
-      
-      
-      
-        —
-        
              If no parser is available
              
-
              
-      
-    
              • 
-  
-
            
-
            Since:
            
-
              
-  
-    
            • 
-      
-      
-      
-      
-        
-        
              1.0.0
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-106
-107
-108
-109
-110
-111
-112
-113
-114
-115
-116
-117
-118
-119
-120
-121
-122
-123
-124
-125
-126
-127
            
-                		
-      
            # File 'lib/oauth2/response.rb', line 106
-
-def parsed
-  return @parsed if defined?(@parsed)
-
-  @parsed =
-    if parser.respond_to?(:call)
-      case parser.arity
-      when 0
-        parser.call
-      when 1
-        parser.call(body)
-      else
-        parser.call(body, response)
-      end
-    end
-
-  if options[:snaky] && @parsed.is_a?(Hash)
-    hash_klass = options[:snaky_hash_klass] || DEFAULT_OPTIONS[:snaky_hash_klass]
-    @parsed = hash_klass[@parsed]
-  end
-
-  @parsed
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #parserProc, ... 
-  
-
-  
-
-  
-
            
-  
            
-    
-  
            
-    Note:
-    
            The parser can be supplied as the +:parse+ option in the form of a Proc
            
-(or other Object responding to #call) or a Symbol. In the latter case,
            
-the actual parser will be looked up in @@parsers by the supplied Symbol.
            
-
            
-  
            
-
-  
            
-    Note:
-    
            If no +:parse+ option is supplied, the lookup Symbol will be determined
            
-by looking up #content_type in @@content_types.
            
-
            
-  
            
-
-  
            
-    Note:
-    
            If #parser is a Proc, it will be called with no arguments, just
            
-#body, or #body and #response, depending on the Proc’s arity.
            
-
            
-  
            
-
-
            Determines the parser to be used for the response body
            
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (Proc, #call)
-      
-      
-      
-        —
-        
              The parser proc or callable object
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-      
-        (nil)
-      
-      
-      
-        —
-        
              If no suitable parser is found
              
-
              
-      
-    
              • 
-  
-
            
-
            Since:
            
-
              
-  
-    
            • 
-      
-      
-      
-      
-        
-        
              1.0.0
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-152
-153
-154
-155
-156
-157
-158
-159
-160
-161
-162
-163
            
-                		
-      
            # File 'lib/oauth2/response.rb', line 152
-
-def parser
-  return @parser if defined?(@parser)
-
-  @parser =
-    if options[:parse].respond_to?(:call)
-      options[:parse]
-    elsif options[:parse]
-      @@parsers[options[:parse].to_sym]
-    end
-
-  @parser ||= @@parsers[@@content_types[content_type]]
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #statusInteger 
-  
-
-  
-
-  
-
            
-  
            
-    
            The HTTP response status code
            
-
-
-  
            
-
            
-
            
-  
-
            Returns:
            
-
              
-  
-    
            • 
-      
-      
-        (Integer)
-      
-      
-      
-        —
-        
              The response status code
              
-
              
-      
-    
              • 
-  
-
            
-
            Since:
            
-
              
-  
-    
            • 
-      
-      
-      
-      
-        
-        
              1.0.0
              
-
              
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-91
-92
-93
            
-                		
-      
            # File 'lib/oauth2/response.rb', line 91
-
-def status
-  response.status
-end
            
-    
            
-
            
-    
-  
            
-
-
-
-      
-
-    
-  
-
\ No newline at end of file
+      
-
-
-  Module: OAuth2::Strategy
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Module: OAuth2::Strategy
-  
-  
-  
-
            
-
            
-  
-
-  
-  
-  
-  
-  
-
-  
-
-  
-  
            
-    
            Defined in:
            
-    
            lib/oauth2/strategy/base.rb,
            
-  lib/oauth2/strategy/implicit.rb,
             lib/oauth2/strategy/password.rb,
             lib/oauth2/strategy/assertion.rb,
             lib/oauth2/strategy/auth_code.rb,
             lib/oauth2/strategy/client_credentials.rb            
-
            
-  
            
-  
-
            
-
-
            Defined Under Namespace
            
-
            
-  
-    
-  
-    
-      Classes: Assertion, AuthCode, Base, ClientCredentials, Implicit, Password
-    
-  
-
            
-
-
-
-
-
-
-
-
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index c6121f2a..e69de29b 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -1,491 +0,0 @@
-
-
-  
-    
-
-
-  Class: OAuth2::Strategy::Assertion
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Class: OAuth2::Strategy::Assertion
-  
-  
-  
-
            
-
            
-  
-  
            
-    
            Inherits:
            
-    
            
-      Base
-      
-        
              
-          
            • Object
              • 
-          
-            
-          
-            
-          
-        
            
-        show all
-      
-    
            
-  
            
-  
-
-  
-  
-  
-  
-  
-
-  
-
-  
-  
            
-    
            Defined in:
            
-    
            lib/oauth2/strategy/assertion.rb
            
-  
            
-  
-
            
-
-
            Overview
            
-  
            
-    
            The Client Assertion Strategy
            
-
-
            Sample usage:
            
-  client = OAuth2::Client.new(client_id, client_secret,
            
-                              :site => ‘http://localhost:8080’,
            
-                              :auth_scheme => :request_body)
            
-
-
            claim_set = {
            
-    :iss => “http://localhost:3001”,
            
-    :aud => “http://localhost:8080/oauth2/token”,
            
-    :sub => “me@example.com”,
            
-    :exp => Time.now.utc.to_i + 3600,
            
-  }
            
-
-
            encoding = {
            
-    :algorithm => ‘HS256’,
            
-    :key => ‘secret_key’,
            
-  }
            
-
-
            access = client.assertion.get_token(claim_set, encoding)
            
-  access.token                 # actual access_token string
            
-  access.get(“/api/stuff”)     # making api calls with access token in header
            
-
-
-  
            
-
            
-
            
-  
-
-  
            See Also:
            
-  
-
-
            
-
-
-
-
-
-
-  
-    
            
-      Instance Method Summary
-      collapse
-    
            
-
-    
-  
-
-
-  
-  
-  
-  
-  
-  
-  
-  
-  
            Methods inherited from Base
            
-  
            #initialize
            
-
            
-  
            Constructor Details
            
-  
-    
            This class inherits a constructor from OAuth2::Strategy::Base
            
-  
-
            
-
-
-  
            
-    
            Instance Method Details
            
-
-    
-      
            
-  
            
-  
-    #authorize_urlObject 
-  
-
-  
-
-  
-
            
-  
            
-    
            Not used for this strategy
            
-
-
-  
            
-
            
-
            
-  
-
            Raises:
            
-
              
-  
-    
            • 
-      
-      
-        (NotImplementedError)
-      
-      
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-36
-37
-38
            
-                		
-      
            # File 'lib/oauth2/strategy/assertion.rb', line 36
-
-def authorize_url
-  raise(NotImplementedError, "The authorization endpoint is not used in this strategy")
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #get_token(claims, encoding_opts, request_opts = {}, response_opts = {})  ⇒ Object 
-  
-
-  
-
-  
-
            
-  
            
-    
            Retrieve an access token given the specified client.
            
-
-
            For reading on JWT and claim keys:
            
-  @see https://github.com/jwt/ruby-jwt
            
-  @see https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
            
-  @see https://datatracker.ietf.org/doc/html/rfc7523#section-3
            
-  @see https://www.iana.org/assignments/jwt/jwt.xhtml
            
-
-
            There are many possible claim keys, and applications may ask for their own custom keys.
            
-Some typically required ones:
            
-  :iss (issuer)
            
-  :aud (audience)
            
-  :sub (subject) – formerly :prn https://datatracker.ietf.org/doc/html/draft-ietf-oauth-json-web-token-06#appendix-F
            
-  :exp, (expiration time) – in seconds, e.g. Time.now.utc.to_i + 3600
            
-
-
            Note that this method does not validate presence of those four claim keys indicated as required by RFC 7523.
            
-There are endpoints that may not conform with this RFC, and this gem should still work for those use cases.
            
-
-
            These two options are passed directly to JWT.encode.  For supported encoding arguments:
            
-  @see https://github.com/jwt/ruby-jwt#algorithms-and-usage
            
-  @see https://datatracker.ietf.org/doc/html/rfc7518#section-3.1
            
-
-
            The object type of :key may depend on the value of :algorithm.  Sample arguments:
            
-  get_token(claim_set, {:algorithm => 'HS256', :key => 'secret_key'})
            
-  get_token(claim_set, {:algorithm => 'RS256', :key => OpenSSL::PKCS12.new(File.read('my_key.p12'), 'not_secret')})
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        claims
-      
-      
-        (Hash)
-      
-      
-      
-        —
-        
              the hash representation of the claims that should be encoded as a JWT (JSON Web Token)
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        encoding_opts
-      
-      
-        (Hash)
-      
-      
-      
-        —
-        
              a hash containing instructions on how the JWT should be encoded
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        request_opts
-      
-      
-        (Hash)
-      
-      
-        (defaults to: {})
-      
-      
-        —
-        
              options that will be used to assemble the request
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        response_opts
-      
-      
-        (Hash)
-      
-      
-        (defaults to: {})
-      
-      
-        —
-        
              this will be merged with the token response to create the AccessToken object
              
-@see the access_token_opts argument to Client#get_token
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        algorithm
-      
-      
-        (Hash)
-      
-      
-      
-        —
-        
              a customizable set of options
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        key
-      
-      
-        (Hash)
-      
-      
-      
-        —
-        
              a customizable set of options
              
-
              
-      
-    
              • 
-  
-
            
-
-  
-    
-    
-    
-    
-    
-    
-    
            Options Hash (request_opts):
            
-    
              
-      
-        
            • 
-          :scope
-          (String)
-          
-            
-          
-          
-            — 
              the url parameter scope that may be required by some endpoints
              
-@see https://datatracker.ietf.org/doc/html/rfc7521#section-4.1
              
-
              
-          
-        
              • 
-      
-    
            
-  
-    
-    
-
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-79
-80
-81
-82
-83
-84
            
-                		
-      
            # File 'lib/oauth2/strategy/assertion.rb', line 79
-
-def get_token(claims, encoding_opts, request_opts = {}, response_opts = {})
-  assertion = build_assertion(claims, encoding_opts)
-  params = build_request(assertion, request_opts)
-
-  @client.get_token(params, response_opts)
-end
            
-    
            
-
            
-    
-  
            
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 39939fae..e69de29b 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -1,493 +0,0 @@
-
-
-  
-    
-
-
-  Class: OAuth2::Strategy::AuthCode
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Class: OAuth2::Strategy::AuthCode
-  
-  
-  
-
            
-
            
-  
-  
            
-    
            Inherits:
            
-    
            
-      Base
-      
-        
              
-          
            • Object
              • 
-          
-            
-          
-            
-          
-        
            
-        show all
-      
-    
            
-  
            
-  
-
-  
-  
-  
-  
-  
-
-  
-
-  
-  
            
-    
            Defined in:
            
-    
            lib/oauth2/strategy/auth_code.rb
            
-  
            
-  
-
            
-
-
            Overview
            
-  
            
-    
            The Authorization Code Strategy
            
-
-
            OAuth 2.1 notes:
            
-
              
-  
            • PKCE is required for all OAuth clients using the authorization code flow (especially public clients).
              
-This library does not enforce PKCE generation/verification; implement PKCE in your application when required.
              • 
-  
            • Redirect URIs must be compared using exact string matching by the Authorization Server.
              
-This client forwards redirect_uri but does not perform server-side validation.
              • 
-
            
-
-
            References:
            
-
              
-  
            • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
              • 
-  
            • OAuth for native apps (RFC 8252) and PKCE (RFC 7636)
              • 
-
            
-
-
-  
            
-
            
-
            
-  
-
-  
            See Also:
            
-  
-
-
            
-
-
-
-
-
-
-  
-    
            
-      Instance Method Summary
-      collapse
-    
            
-
-    
-  
-
-
-  
-  
-  
-  
-  
-  
-  
-  
-  
            Methods inherited from Base
            
-  
            #initialize
            
-
            
-  
            Constructor Details
            
-  
-    
            This class inherits a constructor from OAuth2::Strategy::Base
            
-  
-
            
-
-
-  
            
-    
            Instance Method Details
            
-
-    
-      
            
-  
            
-  
-    #authorize_params(params = {})  ⇒ Object 
-  
-
-  
-
-  
-
            
-  
            
-    
            The required query parameters for the authorize URL
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        params
-      
-      
-        (Hash)
-      
-      
-        (defaults to: {})
-      
-      
-        —
-        
              additional query parameters
              
-
              
-      
-    
              • 
-  
-
            
-
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-22
-23
-24
            
-                		
-      
            # File 'lib/oauth2/strategy/auth_code.rb', line 22
-
-def authorize_params(params = {})
-  params.merge("response_type" => "code", "client_id" => @client.id)
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #authorize_url(params = {})  ⇒ Object 
-  
-
-  
-
-  
-
            
-  
            
-    
            The authorization URL endpoint of the provider
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        params
-      
-      
-        (Hash)
-      
-      
-        (defaults to: {})
-      
-      
-        —
-        
              additional query parameters for the URL
              
-
              
-      
-    
              • 
-  
-
            
-
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-29
-30
-31
-32
            
-                		
-      
            # File 'lib/oauth2/strategy/auth_code.rb', line 29
-
-def authorize_url(params = {})
-  assert_valid_params(params)
-  @client.authorize_url(authorize_params.merge(params))
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #get_token(code, params = {}, opts = {})  ⇒ Object 
-  
-
-  
-
-  
-
            
-  
            
-    
-  
            
-    Note:
-    
            that you must also provide a :redirect_uri with most OAuth 2.0 providers
            
-
            
-  
            
-
-
            Retrieve an access token given the specified validation code.
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        code
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              The Authorization Code value
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        params
-      
-      
-        (Hash)
-      
-      
-        (defaults to: {})
-      
-      
-        —
-        
              additional params
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        opts
-      
-      
-        (Hash)
-      
-      
-        (defaults to: {})
-      
-      
-        —
-        
              access_token_opts, @see Client#get_token
              
-
              
-      
-    
              • 
-  
-
            
-
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-40
-41
-42
-43
-44
-45
-46
-47
-48
            
-                		
-      
            # File 'lib/oauth2/strategy/auth_code.rb', line 40
-
-def get_token(code, params = {}, opts = {})
-  params = {"grant_type" => "authorization_code", "code" => code}.merge(@client.redirection_params).merge(params)
-  params_dup = params.dup
-  params.each_key do |key|
-    params_dup[key.to_s] = params_dup.delete(key) if key.is_a?(Symbol)
-  end
-
-  @client.get_token(params_dup, opts)
-end
            
-    
            
-
            
-    
-  
            
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index 2ecf97e2..e69de29b 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -1,205 +0,0 @@
-
-
-  
-    
-
-
-  Class: OAuth2::Strategy::Base
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Class: OAuth2::Strategy::Base
-  
-  
-  
-
            
-
            
-  
-  
            
-    
            Inherits:
            
-    
            
-      Object
-      
-        
              
-          
            • Object
              • 
-          
-            
-          
-        
            
-        show all
-      
-    
            
-  
            
-  
-
-  
-  
-  
-  
-  
-
-  
-
-  
-  
            
-    
            Defined in:
            
-    
            lib/oauth2/strategy/base.rb
            
-  
            
-  
-
            
-
-
            
-  
            Direct Known Subclasses
            
-  
            Assertion, AuthCode, ClientCredentials, Implicit, Password
            
-
            
-
-
-
-
-
-
-
-  
-    
            
-      Instance Method Summary
-      collapse
-    
            
-
-    
-  
-
-
            
-  
            Constructor Details
            
-  
-    
            
-  
            
-  
-    #initialize(client)  ⇒ Base 
-  
-
-  
-
-  
-
            
-  
            
-    
            Returns a new instance of Base.
            
-
-
-  
            
-
            
-
            
-  
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-6
-7
-8
            
-                		
-      
            # File 'lib/oauth2/strategy/base.rb', line 6
-
-def initialize(client)
-  @client = client
-end
            
-    
            
-
            
-  
-
            
-
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 4d4515be..e69de29b 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -1,353 +0,0 @@
-
-
-  
-    
-
-
-  Class: OAuth2::Strategy::ClientCredentials
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Class: OAuth2::Strategy::ClientCredentials
-  
-  
-  
-
            
-
            
-  
-  
            
-    
            Inherits:
            
-    
            
-      Base
-      
-        
              
-          
            • Object
              • 
-          
-            
-          
-            
-          
-        
            
-        show all
-      
-    
            
-  
            
-  
-
-  
-  
-  
-  
-  
-
-  
-
-  
-  
            
-    
            Defined in:
            
-    
            lib/oauth2/strategy/client_credentials.rb
            
-  
            
-  
-
            
-
-
            Overview
            
-  
            
-    
            The Client Credentials Strategy
            
-
-
-  
            
-
            
-
            
-  
-
-  
            See Also:
            
-  
-
-
            
-
-
-
-
-
-
-  
-    
            
-      Instance Method Summary
-      collapse
-    
            
-
-    
-  
-
-
-  
-  
-  
-  
-  
-  
-  
-  
-  
            Methods inherited from Base
            
-  
            #initialize
            
-
            
-  
            Constructor Details
            
-  
-    
            This class inherits a constructor from OAuth2::Strategy::Base
            
-  
-
            
-
-
-  
            
-    
            Instance Method Details
            
-
-    
-      
            
-  
            
-  
-    #authorize_urlObject 
-  
-
-  
-
-  
-
            
-  
            
-    
            Not used for this strategy
            
-
-
-  
            
-
            
-
            
-  
-
            Raises:
            
-
              
-  
-    
            • 
-      
-      
-        (NotImplementedError)
-      
-      
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-12
-13
-14
            
-                		
-      
            # File 'lib/oauth2/strategy/client_credentials.rb', line 12
-
-def authorize_url
-  raise(NotImplementedError, "The authorization endpoint is not used in this strategy")
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #get_token(params = {}, opts = {})  ⇒ Object 
-  
-
-  
-
-  
-
            
-  
            
-    
            Retrieve an access token given the specified client.
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        params
-      
-      
-        (Hash)
-      
-      
-        (defaults to: {})
-      
-      
-        —
-        
              additional params
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        opts
-      
-      
-        (Hash)
-      
-      
-        (defaults to: {})
-      
-      
-        —
-        
              options
              
-
              
-      
-    
              • 
-  
-
            
-
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-20
-21
-22
-23
            
-                		
-      
            # File 'lib/oauth2/strategy/client_credentials.rb', line 20
-
-def get_token(params = {}, opts = {})
-  params = params.merge("grant_type" => "client_credentials")
-  @client.get_token(params, opts)
-end
            
-    
            
-
            
-    
-  
            
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 8689a409..e69de29b 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -1,430 +0,0 @@
-
-
-  
-    
-
-
-  Class: OAuth2::Strategy::Implicit
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Class: OAuth2::Strategy::Implicit
-  
-  
-  
-
            
-
            
-  
-  
            
-    
            Inherits:
            
-    
            
-      Base
-      
-        
              
-          
            • Object
              • 
-          
-            
-          
-            
-          
-        
            
-        show all
-      
-    
            
-  
            
-  
-
-  
-  
-  
-  
-  
-
-  
-
-  
-  
            
-    
            Defined in:
            
-    
            lib/oauth2/strategy/implicit.rb
            
-  
            
-  
-
            
-
-
            Overview
            
-  
            
-    
            The Implicit Strategy
            
-
-
            IMPORTANT (OAuth 2.1): The Implicit grant (response_type=token) is omitted from the OAuth 2.1 draft specification.
            
-It remains here for backward compatibility with OAuth 2.0 providers. Prefer the Authorization Code flow with PKCE.
            
-
-
            References:
            
-
              
-  
            • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
              • 
-  
            • Why drop implicit: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
              • 
-  
            • Background: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
              • 
-
            
-
-
-  
            
-
            
-
            
-  
-
-  
            See Also:
            
-  
-
-
            
-
-
-
-
-
-
-  
-    
            
-      Instance Method Summary
-      collapse
-    
            
-
-    
-  
-
-
-  
-  
-  
-  
-  
-  
-  
-  
-  
            Methods inherited from Base
            
-  
            #initialize
            
-
            
-  
            Constructor Details
            
-  
-    
            This class inherits a constructor from OAuth2::Strategy::Base
            
-  
-
            
-
-
-  
            
-    
            Instance Method Details
            
-
-    
-      
            
-  
            
-  
-    #authorize_params(params = {})  ⇒ Object 
-  
-
-  
-
-  
-
            
-  
            
-    
            The required query parameters for the authorize URL
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        params
-      
-      
-        (Hash)
-      
-      
-        (defaults to: {})
-      
-      
-        —
-        
              additional query parameters
              
-
              
-      
-    
              • 
-  
-
            
-
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-20
-21
-22
            
-                		
-      
            # File 'lib/oauth2/strategy/implicit.rb', line 20
-
-def authorize_params(params = {})
-  params.merge("response_type" => "token", "client_id" => @client.id)
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #authorize_url(params = {})  ⇒ Object 
-  
-
-  
-
-  
-
            
-  
            
-    
            The authorization URL endpoint of the provider
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        params
-      
-      
-        (Hash)
-      
-      
-        (defaults to: {})
-      
-      
-        —
-        
              additional query parameters for the URL
              
-
              
-      
-    
              • 
-  
-
            
-
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-27
-28
-29
-30
            
-                		
-      
            # File 'lib/oauth2/strategy/implicit.rb', line 27
-
-def authorize_url(params = {})
-  assert_valid_params(params)
-  @client.authorize_url(authorize_params.merge(params))
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #get_tokenObject 
-  
-
-  
-
-  
-
            
-  
            
-    
            Not used for this strategy
            
-
-
-  
            
-
            
-
            
-  
-
            Raises:
            
-
              
-  
-    
            • 
-      
-      
-        (NotImplementedError)
-      
-      
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-35
-36
-37
            
-                		
-      
            # File 'lib/oauth2/strategy/implicit.rb', line 35
-
-def get_token(*)
-  raise(NotImplementedError, "The token is accessed differently in this strategy")
-end
            
-    
            
-
            
-    
-  
            
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index ec50a6ae..e69de29b 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -1,384 +0,0 @@
-
-
-  
-    
-
-
-  Class: OAuth2::Strategy::Password
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Class: OAuth2::Strategy::Password
-  
-  
-  
-
            
-
            
-  
-  
            
-    
            Inherits:
            
-    
            
-      Base
-      
-        
              
-          
            • Object
              • 
-          
-            
-          
-            
-          
-        
            
-        show all
-      
-    
            
-  
            
-  
-
-  
-  
-  
-  
-  
-
-  
-
-  
-  
            
-    
            Defined in:
            
-    
            lib/oauth2/strategy/password.rb
            
-  
            
-  
-
            
-
-
            Overview
            
-  
            
-    
            The Resource Owner Password Credentials Authorization Strategy
            
-
-
            IMPORTANT (OAuth 2.1): The Resource Owner Password Credentials grant is omitted in OAuth 2.1.
            
-It remains here for backward compatibility with OAuth 2.0 providers. Prefer Authorization Code + PKCE.
            
-
-
            References:
            
-
              
-  
            • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
              • 
-  
            • Okta explainer: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
              • 
-  
            • FusionAuth blog: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
              • 
-
            
-
-
-  
            
-
            
-
            
-  
-
-  
            See Also:
            
-  
-
-
            
-
-
-
-
-
-
-  
-    
            
-      Instance Method Summary
-      collapse
-    
            
-
-    
-  
-
-
-  
-  
-  
-  
-  
-  
-  
-  
-  
            Methods inherited from Base
            
-  
            #initialize
            
-
            
-  
            Constructor Details
            
-  
-    
            This class inherits a constructor from OAuth2::Strategy::Base
            
-  
-
            
-
-
-  
            
-    
            Instance Method Details
            
-
-    
-      
            
-  
            
-  
-    #authorize_urlObject 
-  
-
-  
-
-  
-
            
-  
            
-    
            Not used for this strategy
            
-
-
-  
            
-
            
-
            
-  
-
            Raises:
            
-
              
-  
-    
            • 
-      
-      
-        (NotImplementedError)
-      
-      
-      
-    
              • 
-  
-
            
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-20
-21
-22
            
-                		
-      
            # File 'lib/oauth2/strategy/password.rb', line 20
-
-def authorize_url
-  raise(NotImplementedError, "The authorization endpoint is not used in this strategy")
-end
            
-    
            
-
            
-    
-      
            
-  
            
-  
-    #get_token(username, password, params = {}, opts = {})  ⇒ Object 
-  
-
-  
-
-  
-
            
-  
            
-    
            Retrieve an access token given the specified End User username and password.
            
-
-
-  
            
-
            
-
            
-  
            Parameters:
            
-
              
-  
-    
            • 
-      
-        username
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              the End User username
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        password
-      
-      
-        (String)
-      
-      
-      
-        —
-        
              the End User password
              
-
              
-      
-    
              • 
-  
-    
            • 
-      
-        params
-      
-      
-        (Hash)
-      
-      
-        (defaults to: {})
-      
-      
-        —
-        
              additional params
              
-
              
-      
-    
              • 
-  
-
            
-
-
-
            
-  
-    
-    
-  
-
            
-      
            -
-
-29
-30
-31
-32
-33
-34
-35
-36
            
-                		
-      
            # File 'lib/oauth2/strategy/password.rb', line 29
-
-def get_token(username, password, params = {}, opts = {})
-  params = {
-    "grant_type" => "password",
-    "username" => username,
-    "password" => password,
-  }.merge(params)
-  @client.get_token(params, opts)
-end
            
-    
            
-
            
-    
-  
            
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 1f0525dd..3cd6caeb 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -95,7 +95,7 @@ 
            
         
            VERSION =
           
         
            
-        
            "2.0.17"
            
+        
            "2.0.18"
            
       
     
   
@@ -111,7 +111,7 @@ 
            
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index 49e99f29..e69de29b 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -1,325 +0,0 @@
-
-
-  
-    
-
-
-  Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Documentation by YARD 0.9.37
            
-
            
-  
            Alphabetic Index
            
-  
-  
            File Listing
            
-  
-
-
            
-
            Namespace Listing A-Z
            
-
-
-
-
-
-  
-    
-  
-
            
-      
-        
-        
-      
-        
-        
              
-          
            • B
              • 
-          
                
-            
-              
              • 
-                Base
-                
-                  (OAuth2::Strategy)
-                
-              
                • 
-            
-          
              
-        
            
-      
-        
-        
-      
-        
-        
              
-          
            • E
              • 
-          
                
-            
-              
              • 
-                Error
-                
-                  (OAuth2)
-                
-              
                • 
-            
-          
              
-        
            
-      
-        
-        
-      
-        
-        
              
-          
            • I
              • 
-          
                
-            
-              
              • 
-                Implicit
-                
-                  (OAuth2::Strategy)
-                
-              
                • 
-            
-          
              
-        
            
-      
-        
-        
              
-          
            • O
              • 
-          
-        
            
-      
-        
-                      		
-          
-        
-        
              
-          
            • P
              • 
-          
                
-            
-              
              • 
-                Password
-                
-                  (OAuth2::Strategy)
-                
-              
                • 
-            
-          
              
-        
            
-      
-        
-        
              
-          
            • R
              • 
-          
-        
            
-      
-        
-        
              
-          
            • S
              • 
-          
-        
            
-      
-        
-        
              
-          
            • V
              • 
-          
                
-            
-              
              • 
-                Version
-                
-                  (OAuth2)
-                
-              
                • 
-            
-          
              
-        
            
-      
-    
            
-
-
            
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index 583b33a0..e69de29b 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -1,1313 +0,0 @@
-
-
-  
-    
-
-
-  File: CHANGELOG
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Changelog
            
-
-
            SemVer 2.0.0 Keep-A-Changelog 1.0.0
            
-
-
            All notable changes to this project will be documented in this file.
            
-
-
            The format is based on Keep a Changelog,
            
-and this project adheres to Semantic Versioning,
            
-and yes, platform and engine support are part of the public API.
            
-Please file a bug if you notice a violation of semantic versioning.
            
-
-
            Unreleased
            
-
-
            Added
            
-
-
              
-  
            • 
-gh!683, gh!684 - Improve documentation by @pboling
              • 
-  
            • 
-gh!686- Add Incident Response Plan by @pboling
              • 
-  
            • 
-gh!687- Add Threat Model by @pboling
              • 
-
            
-
-
            Changed
            
-
-
              
-  
            • 
-gh!685 - upgrade kettle-dev v1.1.24 by @pboling
              • 
-  
            • upgrade kettle-dev v1.1.52 by @pboling
-    
                
-      
              • Add open collective donors to README
                • 
-    
              
-  
              • 
-
            
-
-
            Deprecated
            
-
-
            Removed
            
-
-
            Fixed
            
-
-
              
-  
            • 
-gh!690, gh!691, gh!692 - Add yard-fence
-    
                
-      
              • handle braces within code fences in markdown properly by @pboling
                • 
-    
              
-  
              • 
-
            
-
-
            Security
            
-
-
            
-2.0.17 - 2025-09-15
            
-
-
              
-  
            • TAG: v2.0.17
-
              • 
-  
            • COVERAGE: 100.00% – 526/526 lines in 14 files
              • 
-  
            • BRANCH COVERAGE: 100.00% – 178/178 branches in 14 files
              • 
-  
            • 90.48% documented
              • 
-
            
-
-
            Added
            
-
-
              
-  
            • 
-gh!682 - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., {get: :query, post: :header})
              • 
-
            
-
-
            
-2.0.16 - 2025-09-14
            
-
-
              
-  
            • TAG: v2.0.16
-
              • 
-  
            • COVERAGE: 100.00% – 520/520 lines in 14 files
              • 
-  
            • BRANCH COVERAGE: 100.00% – 176/176 branches in 14 files
              • 
-  
            • 90.48% documented
              • 
-
            
-
-
            Added
            
-
-
              
-  
            • 
-gh!680 - E2E example using mock test server added in v2.0.11 by @pboling
-    
                
-      
              • mock-oauth2-server upgraded to v2.3.0
-        
                  
-          
                • https://github.com/navikt/mock-oauth2-server
                  • 
-        
                
-      
                • 
-      
              • docker compose -f docker-compose-ssl.yml up -d --wait
                • 
-      
              • ruby examples/e2e.rb
                • 
-      
              • docker compose -f docker-compose-ssl.yml down
                • 
-      
              • mock server readiness wait is 90s
                • 
-      
              • override via E2E_WAIT_TIMEOUT
                • 
-    
              
-  
              • 
-  
            • 
-gh!676, gh!679 - Apache SkyWalking Eyes dependency license check by @pboling
              • 
-
            
-
-
            Changed
            
-
-
              
-  
            • 
-gh!678 - Many improvements to make CI more resilient (past/future proof) by @pboling
              • 
-  
            • 
-gh!681 - Upgrade to kettle-dev v1.1.19
              • 
-
            
-
-
            
-2.0.15 - 2025-09-08
            
-
-
              
-  
            • TAG: v2.0.15
-
              • 
-  
            • COVERAGE: 100.00% – 519/519 lines in 14 files
              • 
-  
            • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
              • 
-  
            • 90.48% documented
              • 
-
            
-
-
            Added
            
-
-
              
-  
            • 
-gh!671 - Complete documentation example for Instagram by @pboling
              • 
-  
            • .env.local.example for contributor happiness
              • 
-  
            • note lack of builds for JRuby 9.2, 9.3 & Truffleruby 22.3, 23.0
-    
-  
              • 
-  
            • 
-gh!670 - AccessToken: verb-dependent token transmission mode by @mrj
-    
                
-      
              • e.g., Instagram GET=:query, POST/DELETE=:header
                • 
-    
              
-  
              • 
-
            
-
-
            Changed
            
-
-
              
-  
            • 
-gh!669 - Upgrade to kettle-dev v1.1.9 by @pboling
              • 
-
            
-
-
            Fixed
            
-
-
              
-  
            • Remove accidentally duplicated lines, and fix typos in CHANGELOG.md
              • 
-  
            • point badge to the correct workflow for Ruby 2.3 (caboose.yml)
              • 
-
            
-
-
            
-2.0.14 - 2025-08-31
            
-
-
              
-  
            • TAG: v2.0.14
-
              • 
-  
            • COVERAGE: 100.00% – 519/519 lines in 14 files
              • 
-  
            • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
              • 
-  
            • 90.48% documented
              • 
-
            
-
-
            Added
            
-
-
              
-  
            • improved documentation by @pboling
              • 
-  
            • 
-gh!665 - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
              • 
-  
            • 
-gh!666 - Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling
-    
                
-      
              • Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)
                • 
-    
              
-  
              • 
-  
            • 
-gh!662 - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, by @pboling
-    
                
-      
              • PKCE required for auth code,
                • 
-      
              • exact redirect URI match,
                • 
-      
              • implicit/password grants omitted,
                • 
-      
              • avoid bearer tokens in query,
                • 
-      
              • refresh token guidance for public clients,
                • 
-      
              • simplified client definitions
                • 
-    
              
-  
              • 
-  
            • 
-gh!663 - document how to implement an OIDC client with this gem in OIDC.md by @pboling
-    
                
-      
              • also, list libraries built on top of the oauth2 gem that implement OIDC
                • 
-    
              
-  
              • 
-  
            • 
-gh!664 - README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
              • 
-
            
-
-
            
-2.0.13 - 2025-08-30
            
-
-
              
-  
            • TAG: v2.0.13
-
              • 
-  
            • COVERAGE: 100.00% – 519/519 lines in 14 files
              • 
-  
            • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
              • 
-  
            • 90.48% documented
              • 
-
            
-
-
            Added
            
-
-
              
-  
            • 
-gh!656 - Support revocation with URL-encoded parameters
              • 
-  
            • 
-gh!660 - Inline yard documentation by @pboling
              • 
-  
            • 
-gh!660 - Complete RBS types documentation by @pboling
              • 
-  
            • 
-gh!660- (more) Comprehensive documentation / examples by @pboling
              • 
-  
            • 
-gh!657 - Updated documentation for org-rename by @pboling
              • 
-  
            • More funding links by @Aboling0
              • 
-  
            • Documentation: Added docs/OIDC.md with OIDC 1.0 overview, example, and references
              • 
-
            
-
-
            Changed
            
-
-
              
-  
            • Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
              • 
-  
            • 
-gh!660 - Shrink post-install message by 4 lines by @pboling
              • 
-
            
-
-
            Fixed
            
-
-
              
-  
            • 
-gh!660 - Links in README (including link to HEAD documentation) by @pboling
              • 
-
            
-
-
            Security
            
-
-
            
-2.0.12 - 2025-05-31
            
-
-
              
-  
            • TAG: v2.0.12
-
              • 
-  
            • Line Coverage: 100.0% (520 / 520)
              • 
-  
            • Branch Coverage: 100.0% (174 / 174)
              • 
-  
            • 80.00% documented
              • 
-
            
-
-
            Added
            
-
-
              
-  
            • 
-gh!652 - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
-    
                
-      
              • Support JWT kid for key discovery and management
                • 
-    
              
-  
              • 
-  
            • More Documentation by @pboling
-    
                
-      
              • Documented Serialization Extensions
                • 
-      
              • Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
                • 
-    
              
-  
              • 
-  
            • Documentation site @ https://oauth2.galtzo.com now complete
              • 
-
            
-
-
            Changed
            
-
-
              
-  
            • Updates to gemspec (email, funding url, post install message)
              • 
-
            
-
-
            Fixed
            
-
-
              
-  
            • Documentation Typos by @pboling
              • 
-
            
-
-
            
-2.0.11 - 2025-05-23
            
-
-
              
-  
            • TAG: v2.0.11
-
              • 
-  
            • COVERAGE: 100.00% – 518/518 lines in 14 files
              • 
-  
            • BRANCH COVERAGE: 100.00% – 172/172 branches in 14 files
              • 
-  
            • 80.00% documented
              • 
-
            
-
-
            Added
            
-
-
              
-  
            • 
-gh!651 - :snaky_hash_klass option (@pboling)
              • 
-  
            • More documentation
              • 
-  
            • Codeberg as ethical mirror (@pboling)
-    
                
-      
              • https://codeberg.org/ruby-oauth/oauth2
                • 
-    
              
-  
              • 
-  
            • Don’t check for cert if SKIP_GEM_SIGNING is set (@pboling)
              • 
-  
            • All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling)
              • 
-  
            • All runtime deps, including ruby-oauth sibling gems, are now tested against HEAD (@pboling)
              • 
-  
            • YARD config, GFM compatible with relative file links (@pboling)
              • 
-  
            • Documentation site on GitHub Pages (@pboling)
-    
-  
              • 
-  
            • 
-!649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
              • 
-  
            • 
-gh!651 - Mock OAuth2 server for testing (@pboling)
-    
                
-      
              • https://github.com/navikt/mock-oauth2-server
                • 
-    
              
-  
              • 
-
            
-
-
            Changed
            
-
-
              
-  
            • 
-gh!651 - Upgraded to snaky_hash v2.0.3 (@pboling)
-    
                
-      
              • Provides solution for serialization issues
                • 
-    
              
-  
              • 
-  
            • Updated spec.homepage_uri in gemspec to GitHub Pages YARD documentation site (@pboling)
              • 
-
            
-
-
            Fixed
            
-
-
              
-  
            • 
-gh!650 - Regression in return type of OAuth2::Response#parsed (@pboling)
              • 
-  
            • Incorrect documentation related to silencing warnings (@pboling)
              • 
-
            
-
-
            
-2.0.10 - 2025-05-17
            
-
-
              
-  
            • TAG: v2.0.10
-
              • 
-  
            • COVERAGE: 100.00% – 518/518 lines in 14 files
              • 
-  
            • BRANCH COVERAGE: 100.00% – 170/170 branches in 14 files
              • 
-  
            • 79.05% documented
              • 
-
            
-
-
            Added
            
-
-
              
-  
            • 
-gh!632 - Added funding.yml (@Aboling0)
              • 
-  
            • 
-!635 - Added .gitlab-ci.yml (@jessieay)
              • 
-  
            • 
-#638 - Documentation of support for ILO Fundamental Principles of Rights at Work (@pboling)
              • 
-  
            • 
-!642 - 20-year certificate for signing gem releases, expires 2045-04-29 (@pboling)
-    
                
-      
              • Gemspec metadata
-        
                  
-          
                • funding_uri
                  • 
-          
                • news_uri
                  • 
-          
                • mailing_list_uri
                  • 
-        
                
-      
                • 
-      
              • SHA256 and SHA512 Checksums for release
                • 
-    
              
-  
              • 
-  
            • 
-!643 - Add token_name option (@pboling)
-    
                
-      
              • Specify the parameter name that identifies the access token
                • 
-    
              
-  
              • 
-  
            • 
-!645 - Add OAuth2::OAUTH_DEBUG constant, based on `ENV[“OAUTH_DEBUG”] (@pboling)
              • 
-  
            • 
-!646 - Add OAuth2.config.silence_extra_tokens_warning, default: false (@pboling)
              • 
-  
            • 
-!647 - Add IETF RFC 7009 Token Revocation compliant (@pboling)
-    
                
-      
              • OAuth2::Client#revoke_token
                • 
-      
              • OAuth2::AccessToken#revoke
                • 
-      
              • See: https://datatracker.ietf.org/doc/html/rfc7009
                • 
-    
              
-  
              • 
-  
            • 
-gh!644, gh!645 - Added CITATION.cff (@Aboling0)
              • 
-  
            • 
-!648 - Improved documentation (@pboling)
              • 
-
            
-
-
            Changed
            
-
-
              
-  
            • Default value of OAuth2.config.silence_extra_tokens_warning was false, now true (@pboling)
              • 
-  
            • Gem releases are now cryptographically signed, with a 20-year cert (@pboling)
-    
                
-      
              • Allow linux distros to build release without signing, as their package managers sign independently
                • 
-    
              
-  
              • 
-  
            • 
-!647 - OAuth2::AccessToken#refresh now supports block param pass through (@pboling)
              • 
-  
            • 
-!647 - OAuth2.config is no longer writable (@pboling)
              • 
-  
            • 
-!647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling)
              • 
-
            
-
-
            Fixed
            
-
-
              
-  
            • 
-#95 - restoring an access token via AccessToken#from_hash (@pboling)
-    
                
-      
              • This was a 13 year old bug report. 😘
                • 
-    
              
-  
              • 
-  
            • 
-#619 - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling)
              • 
-  
            • 
-!633 - Spaces will now be encoded as %20 instead of + (@nov.matake)
              • 
-  
            • 
-!634 - CHANGELOG.md documentation fix (@skuwa229)
              • 
-  
            • 
-!638 - fix expired? when expires_in is 0 (@disep)
              • 
-  
            • 
-!639 - Only instantiate OAuth2::Error if raise_errors option is true (@glytch2)
              • 
-  
            • 
-#639 - AccessToken#to_hash is now serializable, just a regular Hash (@pboling)
              • 
-  
            • 
-!640 - README.md documentation fix (@martinezcoder)
              • 
-  
            • 
-!641 - Do not include sensitive information in the inspect (@manuelvanrijn)
              • 
-  
            • 
-#641 - Made default JSON response parser more resilient (@pboling)
              • 
-  
            • 
-#645 - Response no longer becomes a snaky hash (@pboling)
              • 
-  
            • 
-gh!646 - Change require to require_relative (improve performance) (@Aboling0)
              • 
-
            
-
-
            
-2.0.9 - 2022-09-16
            
-
-
-
-
            Added
            
-
-
              
-  
            • More specs (@pboling)
              • 
-
            
-
-
            Changed
            
-
-
              
-  
            • Complete migration to main branch as default (@pboling)
              • 
-  
            • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
              • 
-
            
-
-
            
-2.0.8 - 2022-09-01
            
-
-
-
-
            Changed
            
-
-
              
-  
            • 
-!630 - Extract snaky_hash to external dependency (@pboling)
              • 
-
            
-
-
            Added
            
-
-
              
-  
            • 
-!631 - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes #628
-
              • 
-
            
-
-
            
-2.0.7 - 2022-08-22
            
-
-
-
-
            Added
            
-
-
              
-  
            • 
-!629 - Allow POST of JSON to get token (@pboling, @terracatta)
              • 
-
            
-
-
            Fixed
            
-
-
              
-  
            • 
-!626 - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
-    
                
-      
              • Note: This fixes compatibility with omniauth-oauth2 and AWS
                • 
-    
              
-  
              • 
-  
            • 
-!625 - Fixes the printed version in the post install message (@hasghari)
              • 
-
            
-
-
            
-2.0.6 - 2022-07-13
            
-
-
-
-
            Fixed
            
-
-
              
-  
            • 
-!624 - Fixes a regression in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
              • 
-
            
-
-
            
-2.0.5 - 2022-07-07
            
-
-
-
-
            Fixed
            
-
-
              
-  
            • 
-!620 - Documentation improvements, to help with upgrading (@swanson)
              • 
-  
            • 
-!621 - Fixed #528 and #619 (@pboling)
-    
                
-      
              • All data in responses is now returned, with the access token removed and set as token
-        
                  
-          
                • 
-refresh_token is no longer dropped
                  • 
-          
                • 
-BREAKING: Microsoft’s id_token is no longer left as access_token['id_token'], but moved to the standard access_token.token that all other strategies use
                  • 
-        
                
-      
                • 
-      
              • Remove parse and snaky from options so they don’t get included in response
                • 
-      
              • There is now 100% test coverage, for lines and branches, and it will stay that way.
                • 
-    
              
-  
              • 
-
            
-
-
            
-2.0.4 - 2022-07-01
            
-
-
-
-
            Fixed
            
-
-
              
-  
            • 
-!618 - In some scenarios the snaky option default value was not applied (@pboling)
              • 
-
            
-
-
            
-2.0.3 - 2022-06-28
            
-
-
-
-
            Added
            
-
-
              
-  
            • 
-!611 - Proper deprecation warnings for extract_access_token argument (@pboling)
              • 
-  
            • 
-!612 - Add snaky: false option to skip conversion to OAuth2::SnakyHash (default: true) (@pboling)
              • 
-
            
-
-
            Fixed
            
-
-
              
-  
            • 
-!608 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@nbibler)
              • 
-  
            • 
-!615 - Fix support for requests with blocks, see Faraday::Connection#run_request (@pboling)
              • 
-
            
-
-
            
-2.0.2 - 2022-06-24
            
-
-
-
-
            Fixed
            
-
-
              
-  
            • 
-!604 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@stanhu)
              • 
-  
            • 
-!606 - Ruby 2.7 deprecation warning fix: Move access_token_class parameter into Client constructor (@stanhu)
              • 
-  
            • 
-!607 - CHANGELOG correction, reference to OAuth2::ConnectionError (@zavan)
              • 
-
            
-
-
            
-2.0.1 - 2022-06-22
            
-
-
-
-
            Added
            
-
-
              
-  
            • Documentation improvements (@pboling)
              • 
-  
            • Increased test coverage to 99% (@pboling)
              • 
-
            
-
-
            
-2.0.0 - 2022-06-21
            
-
-
-
-
            Added
            
-
-
              
-  
            • 
-!158, !344 - Optionally pass raw response to parsers (@niels)
              • 
-  
            • 
-!190, !332, !334, !335, !360, !426, !427, !461 - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
              • 
-  
            • 
-!220 - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
              • 
-  
            • 
-!298 - Set the response object on the access token on Client#get_token for debugging (@cpetschnig)
              • 
-  
            • 
-!305 - Option: OAuth2::Client#get_token - :access_token_class (AccessToken); user specified class to use for all calls to get_token (@styd)
              • 
-  
            • 
-!346 - Modern gem structure (@pboling)
              • 
-  
            • 
-!351 - Support Jruby 9k (@pboling)
              • 
-  
            • 
-!362 - Support SemVer release version scheme (@pboling)
              • 
-  
            • 
-!363 - New method OAuth2::AccessToken#refresh! same as old refresh, with backwards compatibility alias (@pboling)
              • 
-  
            • 
-!364 - Support application/hal+json format (@pboling)
              • 
-  
            • 
-!365 - Support application/vnd.collection+json format (@pboling)
              • 
-  
            • 
-!376 - Documentation: Example / Test for Google 2-legged JWT (@jhmoore)
              • 
-  
            • 
-!381 - Spec for extra header params on client credentials (@nikz)
              • 
-  
            • 
-!394 - Option: OAuth2::AccessToken#initialize - :expires_latency (nil); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx)
              • 
-  
            • 
-!412 - Support application/vdn.api+json format (from jsonapi.org) (@david-christensen)
              • 
-  
            • 
-!413 - Documentation: License scan and report (@meganemura)
              • 
-  
            • 
-!442 - Option: OAuth2::Client#initialize - :logger (::Logger.new($stdout)) logger to use when OAUTH_DEBUG is enabled (for parity with 1-4-stable branch) (@rthbound)
              • 
-  
            • 
-!494 - Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523) (@SteveyblamWork)
              • 
-  
            • 
-!549 - Wrap Faraday::ConnectionFailed in OAuth2::ConnectionError (@nikkypx)
              • 
-  
            • 
-!550 - Raise error if location header not present when redirecting (@stanhu)
              • 
-  
            • 
-!552 - Add missing version.rb require (@ahorek)
              • 
-  
            • 
-!553 - Support application/problem+json format (@janz93)
              • 
-  
            • 
-!560 - Support IETF rfc6749, section 2.3.1 - don’t set auth params when nil (@bouk)
              • 
-  
            • 
-!571 - Support Ruby 3.1 (@pboling)
              • 
-  
            • 
-!575 - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
              • 
-  
            • 
-!581 - Documentation: of breaking changes (@pboling)
              • 
-
            
-
-
            Changed
            
-
-
              
-  
            • 
-!191 - BREAKING: Token is expired if expired_at time is now (@davestevens)
              • 
-  
            • 
-!312 - BREAKING: Set :basic_auth as default for :auth_scheme instead of :request_body. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
              • 
-  
            • 
-!317 - Dependency: Upgrade jwt to 2.x.x (@travisofthenorth)
              • 
-  
            • 
-!338 - Dependency: Switch from Rack::Utils.escape to CGI.escape (@josephpage)
              • 
-  
            • 
-!339, !368, !424, !479, !493, !539, !542, !553 - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek)
              • 
-  
            • 
-!410 - BREAKING: Removed the ability to call .error from an OAuth2::Response object (@jhmoore)
              • 
-  
            • 
-!414 - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
              • 
-  
            • 
-!469 - BREAKING: Default value for option OAuth2::Client - :authorize_url removed leading slash to work with relative paths by default ('oauth/authorize') (@ghost)
              • 
-  
            • 
-!469 - BREAKING: Default value for option OAuth2::Client - :token_url removed leading slash to work with relative paths by default ('oauth/token') (@ghost)
              • 
-  
            • 
-!507, !575 - BREAKING: Transform keys to snake case, always, by default (ultimately via rash_alt gem)
-    
                
-      
              • Original keys will still work as previously, in most scenarios, thanks to rash_alt gem.
                • 
-      
              • However, this is a breaking change if you rely on response.parsed.to_h, as the keys in the result will be snake case.
                • 
-      
              • As of version 2.0.4 you can turn key transformation off with the snaky: false option.
                • 
-    
              
-  
              • 
-  
            • 
-!576 - BREAKING: Stop rescuing parsing errors (@pboling)
              • 
-  
            • 
-!591 - DEPRECATION: OAuth2::Client - :extract_access_token option is deprecated
              • 
-
            
-
-
            Fixed
            
-
-
              
-  
            • 
-!158, !344 - Handling of errors when using omniauth-facebook (@niels)
              • 
-  
            • 
-!294 - Fix: “Unexpected middleware set” issue with Faraday when OAUTH_DEBUG=true (@spectator, @gafrom)
              • 
-  
            • 
-!300 - Documentation: Oauth2::Error - Error codes are strings, not symbols (@NobodysNightmare)
              • 
-  
            • 
-!318, !326, !343, !347, !397, !464, !561, !565 - Dependency: Support all versions of faraday (see gemfiles/README.md for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother)
              • 
-  
            • 
-!322, !331, !337, !361, !371, !377, !383, !392, !395, !400, !401, !403, !415, !567 - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator)
              • 
-  
            • 
-!328 - Documentation: Homepage URL is SSL (@amatsuda)
              • 
-  
            • 
-!339, !479 - Update testing infrastructure for all supported Rubies (@pboling and @josephpage)
              • 
-  
            • 
-!366 - Security: Fix logging to $stdout of request and response bodies via Faraday’s logger and ENV["OAUTH_DEBUG"] == 'true' (@pboling)
              • 
-  
            • 
-!380 - Fix: Stop attempting to encode non-encodable objects in Oauth2::Error (@jhmoore)
              • 
-  
            • 
-!399 - Fix: Stop duplicating redirect_uri in get_token (@markus)
              • 
-  
            • 
-!410 - Fix: SystemStackError caused by circular reference between Error and Response classes (@jhmoore)
              • 
-  
            • 
-!460 - Fix: Stop throwing errors when raise_errors is set to false; analog of !524 for 1-4-stable branch (@joaolrpaulo)
              • 
-  
            • 
-!472 - Security: Add checks to enforce client_secret is never passed in authorize_url query params for implicit and auth_code grant types (@dfockler)
              • 
-  
            • 
-!482 - Documentation: Update last of intridea links to ruby-oauth (@pboling)
              • 
-  
            • 
-!536 - Security: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to !535 on 1-4-stable branch (@pboling)
              • 
-  
            • 
-!595 - Graceful handling of empty responses from Client#get_token, respecting :raise_errors config (@stanhu)
              • 
-  
            • 
-!596 - Consistency between AccessToken#refresh and Client#get_token named arguments (@stanhu)
              • 
-  
            • 
-!598 - Fix unparseable data not raised as error in Client#get_token, respecting :raise_errors config (@stanhu)
              • 
-
            
-
-
            Removed
            
-
-
              
-  
            • 
-!341 - Remove Rdoc & Jeweler related files (@josephpage)
              • 
-  
            • 
-!342 - BREAKING: Dropped support for Ruby 1.8 (@josephpage)
              • 
-  
            • 
-!539 - Remove reliance on globally included OAuth2 in tests, analog of !538 for 1-4-stable (@anderscarling)
              • 
-  
            • 
-!566 - Dependency: Removed wwtd (@bquorning)
              • 
-  
            • 
-!589, !593 - Remove support for expired MAC token draft spec (@stanhu)
              • 
-  
            • 
-!590 - Dependency: Removed multi_json (@stanhu)
              • 
-
            
-
-
            
-1.4.11 - 2022-09-16
            
-
-
              
-  
            • TAG: v1.4.11
-
              • 
-  
            • Complete migration to main branch as default (@pboling)
              • 
-  
            • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
              • 
-
            
-
-
            
-1.4.10 - 2022-07-01
            
-
-
              
-  
            • TAG: v1.4.10
-
              • 
-  
            • FIPS Compatibility !587 (@akostadinov)
              • 
-
            
-
-
            
-1.4.9 - 2022-02-20
            
-
-
              
-  
            • TAG: v1.4.9
-
              • 
-  
            • Fixes compatibility with Faraday v2 572
-
              • 
-  
            • Includes supported versions of Faraday in test matrix:
-    
                
-      
              • Faraday ~> 2.2.0 with Ruby >= 2.6
                • 
-      
              • Faraday ~> 1.10 with Ruby >= 2.4
                • 
-      
              • Faraday ~> 0.17.3 with Ruby >= 1.9
                • 
-    
              
-  
              • 
-  
            • Add Windows and MacOS to test matrix
              • 
-
            
-
-
            
-1.4.8 - 2022-02-18
            
-
-
              
-  
            • TAG: v1.4.8
-
              • 
-  
            • MFA is now required to push new gem versions (@pboling)
              • 
-  
            • README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling)
              • 
-  
            • 
-!569 Backport fixes (!561 by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
              • 
-  
            • Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
              • 
-  
            • Add CodeQL, Security Policy, Funding info (@pboling)
              • 
-  
            • Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
              • 
-  
            • 
-!543 - Support for more modern Open SSL libraries (@pboling)
              • 
-
            
-
-
            
-1.4.7 - 2021-03-19
            
-
-
              
-  
            • TAG: v1.4.7
-
              • 
-  
            • 
-!541 - Backport fix to expires_at handling !533 to 1-4-stable branch. (@dobon)
              • 
-
            
-
-
            
-1.4.6 - 2021-03-19
            
-
-
              
-  
            • TAG: v1.4.6
-
              • 
-  
            • 
-!540 - Add VERSION constant (@pboling)
              • 
-  
            • 
-!537 - Fix crash in OAuth2::Client#get_token (@anderscarling)
              • 
-  
            • 
-!538 - Remove reliance on globally included OAuth2 in tests, analogous to !539 on main branch (@anderscarling)
              • 
-
            
-
-
            
-1.4.5 - 2021-03-18
            
-
-
              
-  
            • TAG: v1.4.5
-
              • 
-  
            • 
-!535 - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to !536 on main branch (@pboling)
              • 
-  
            • 
-!518 - Add extract_access_token option to OAuth2::Client (@jonspalmer)
              • 
-  
            • 
-!507 - Fix camel case content type, response keys (@anvox)
              • 
-  
            • 
-!500 - Fix YARD documentation formatting (@olleolleolle)
              • 
-
            
-
-
            
-1.4.4 - 2020-02-12
            
-
-
              
-  
            • TAG: v1.4.4
-
              • 
-  
            • 
-!408 - Fixed expires_at for formatted time (@Lomey)
              • 
-
            
-
-
            
-1.4.3 - 2020-01-29
            
-
-
              
-  
            • TAG: v1.4.3
-
              • 
-  
            • 
-!483 - add project metadata to gemspec (@orien)
              • 
-  
            • 
-!495 - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
-    
                
-      
              • Adds support for private_key_jwt and tls_client_auth
                • 
-    
              
-  
              • 
-  
            • 
-!433 - allow field names with square brackets and numbers in params (@asm256)
              • 
-
            
-
-
            
-1.4.2 - 2019-10-01
            
-
-
              
-  
            • TAG: v1.4.2
-
              • 
-  
            • 
-!478 - support latest version of faraday & fix build (@pboling)
-    
                
-      
              • Officially support Ruby 2.6 and truffleruby
                • 
-    
              
-  
              • 
-
            
-
-
            
-1.4.1 - 2018-10-13
            
-
-
              
-  
            • TAG: v1.4.1
-
              • 
-  
            • 
-!417 - update jwt dependency (@thewoolleyman)
              • 
-  
            • 
-!419 - remove rubocop dependency (temporary, added back in !423) (@pboling)
              • 
-  
            • 
-!418 - update faraday dependency (@pboling)
              • 
-  
            • 
-!420 - update oauth2.gemspec (@pboling)
              • 
-  
            • 
-!421 - fix CHANGELOG.md for previous releases (@pboling)
              • 
-  
            • 
-!422 - update LICENSE and README.md (@pboling)
              • 
-  
            • 
-!423 - update builds, Rakefile (@pboling)
-    
                
-      
              • officially document supported Rubies
-        
                  
-          
                • Ruby 1.9.3
                  • 
-          
                • Ruby 2.0.0
                  • 
-          
                • Ruby 2.1
                  • 
-          
                • Ruby 2.2
                  • 
-          
                • 
-JRuby 1.7 (targets MRI v1.9)
                  • 
-          
                • 
-JRuby 9.0 (targets MRI v2.0)
                  • 
-          
                • Ruby 2.3
                  • 
-          
                • Ruby 2.4
                  • 
-          
                • Ruby 2.5
                  • 
-          
                • 
-JRuby 9.1 (targets MRI v2.3)
                  • 
-          
                • 
-JRuby 9.2 (targets MRI v2.5)
                  • 
-        
                
-      
                • 
-    
              
-  
              • 
-
            
-
-
            
-1.4.0 - 2017-06-09
            
-
-
              
-  
            • TAG: v1.4.0
-
              • 
-  
            • Drop Ruby 1.8.7 support (@sferik)
              • 
-  
            • Fix some RuboCop offenses (@sferik)
              • 
-  
            • 
-Dependency: Remove Yardstick (@sferik)
              • 
-  
            • 
-Dependency: Upgrade Faraday to 0.12 (@sferik)
              • 
-
            
-
-
            
-1.3.1 - 2017-03-03
            
-
-
              
-  
            • TAG: v1.3.1
-
              • 
-  
            • Add support for Ruby 2.4.0 (@pschambacher)
              • 
-  
            • 
-Dependency: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher)
              • 
-
            
-
-
            
-1.3.0 - 2016-12-28
            
-
-
              
-  
            • TAG: v1.3.0
-
              • 
-  
            • Add support for header-based authentication to the Client so it can be used across the library (@bjeanes)
              • 
-  
            • Default to header-based authentication when getting a token from an authorisation code (@maletor)
              • 
-  
            • 
-Breaking: Allow an auth_scheme (:basic_auth or :request_body) to be set on the client, defaulting to :request_body to maintain backwards compatibility (@maletor, @bjeanes)
              • 
-  
            • Handle redirect_uri according to the OAuth 2 spec, so it is passed on redirect and at the point of token exchange (@bjeanes)
              • 
-  
            • Refactor handling of encoding of error responses (@urkle)
              • 
-  
            • Avoid instantiating an Error if there is no error to raise (@urkle)
              • 
-  
            • Add support for Faraday 0.10 (@rhymes)
              • 
-
            
-
-
            
-1.2.0 - 2016-07-01
            
-
-
              
-  
            • TAG: v1.2.0
-
              • 
-  
            • Properly handle encoding of error responses (so we don’t blow up, for example, when Google’s response includes a ∞) (@Motoshi-Nishihira)
              • 
-  
            • Make a copy of the options hash in AccessToken#from_hash to avoid accidental mutations (@Linuus)
              • 
-  
            • Use raise rather than fail to throw exceptions (@sferik)
              • 
-
            
-
-
            
-1.1.0 - 2016-01-30
            
-
-
              
-  
            • TAG: v1.1.0
-
              • 
-  
            • Various refactors (eliminating Hash#merge! usage in AccessToken#refresh!, use yield instead of #call, freezing mutable objects in constants, replacing constants with class variables) (@sferik)
              • 
-  
            • Add support for Rack 2, and bump various other dependencies (@sferik)
              • 
-
            
-
-
            
-1.0.0 - 2014-07-09
            
-
-
-
-
            Added
            
-
-
              
-  
            • Add an implementation of the MAC token spec.
              • 
-
            
-
-
            Fixed
            
-
-
              
-  
            • Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
              • 
-
            
-
-
            
-0.5.0 - 2011-07-29
            
-
-
-
-
            Changed
            
-
-
              
-  
            • 
-breaking oauth_token renamed to oauth_bearer.
              • 
-  
            • 
-breaking authorize_path Client option renamed to authorize_url.
              • 
-  
            • 
-breaking access_token_path Client option renamed to token_url.
              • 
-  
            • 
-breaking access_token_method Client option renamed to token_method.
              • 
-  
            • 
-breaking web_server renamed to auth_code.
              • 
-
            
-
-
            
-0.4.1 - 2011-04-20
            
-
-
-
-
            
-0.4.0 - 2011-04-20
            
-
-
-
-
            
-0.3.0 - 2011-04-08
            
-
-
-
-
            
-0.2.0 - 2011-04-01
            
-
-
-
-
            
-0.1.1 - 2011-01-12
            
-
-
-
-
            
-0.1.0 - 2010-10-13
            
-
-
-
-
            
-0.0.13 - 2010-08-17
            
-
-
-
-
            
-0.0.12 - 2010-08-17
            
-
-
-
-
            
-0.0.11 - 2010-08-17
            
-
-
-
-
            
-0.0.10 - 2010-06-19
            
-
-
-
-
            
-0.0.9 - 2010-06-18
            
-
-
-
-
            
-0.0.8 - 2010-04-27
            
-
-
-
-
            
-0.0.7 - 2010-04-27
            
-
-
-
-
            
-0.0.6 - 2010-04-25
            
-
-
-
-
            
-0.0.5 - 2010-04-23
            
-
-
-
-
            
-0.0.4 - 2010-04-22
            
-
-
-
-
            
-0.0.3 - 2010-04-22
            
-
-
-
-
            
-0.0.2 - 2010-04-22
            
-
-
-
-
            
-0.0.1 - 2010-04-22
            
-
-
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 48c4a26e..e69de29b 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -1,92 +0,0 @@
-
-
-  
-    
-
-
-  File: CITATION
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            cff-version: 1.2.0
            
-title: oauth2
            
-message: >-
            
-  If you use this work and you want to cite it,
            
-  then you can use the metadata from this file.
            
-type: software
            
-authors:
            
-
              
-  
            • given-names: Peter Hurn
              
-family-names: Boling
              
-email: peter@railsbling.com
              
-affiliation: railsbling.com
              
-orcid: ‘https://orcid.org/0009-0008-8519-441X’
              
-identifiers:
              • 
-  
            • type: url
              
-value: ‘https://github.com/ruby-oauth/oauth2’
              
-description: oauth2
              
-repository-code: ‘https://github.com/ruby-oauth/oauth2’
              
-abstract: >-
              
-  oauth2
              
-license: See license file
              • 
-
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 9b7d0779..e69de29b 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -1,201 +0,0 @@
-
-
-  
-    
-
-
-  File: CODE_OF_CONDUCT
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Contributor Covenant Code of Conduct
            
-
-
            Our Pledge
            
-
-
            We as members, contributors, and leaders pledge to make participation in our
            
-community a harassment-free experience for everyone, regardless of age, body
            
-size, visible or invisible disability, ethnicity, sex characteristics, gender
            
-identity and expression, level of experience, education, socio-economic status,
            
-nationality, personal appearance, race, caste, color, religion, or sexual
            
-identity and orientation.
            
-
-
            We pledge to act and interact in ways that contribute to an open, welcoming,
            
-diverse, inclusive, and healthy community.
            
-
-
            Our Standards
            
-
-
            Examples of behavior that contributes to a positive environment for our
            
-community include:
            
-
-
              
-  
            • Demonstrating empathy and kindness toward other people
              • 
-  
            • Being respectful of differing opinions, viewpoints, and experiences
              • 
-  
            • Giving and gracefully accepting constructive feedback
              • 
-  
            • Accepting responsibility and apologizing to those affected by our mistakes,
              
-and learning from the experience
              • 
-  
            • Focusing on what is best not just for us as individuals, but for the overall
              
-community
              • 
-
            
-
-
            Examples of unacceptable behavior include:
            
-
-
              
-  
            • The use of sexualized language or imagery, and sexual attention or advances of
              
-any kind
              • 
-  
            • Trolling, insulting or derogatory comments, and personal or political attacks
              • 
-  
            • Public or private harassment
              • 
-  
            • Publishing others’ private information, such as a physical or email address,
              
-without their explicit permission
              • 
-  
            • Other conduct which could reasonably be considered inappropriate in a
              
-professional setting
              • 
-
            
-
-
            Enforcement Responsibilities
            
-
-
            Community leaders are responsible for clarifying and enforcing our standards of
            
-acceptable behavior and will take appropriate and fair corrective action in
            
-response to any behavior that they deem inappropriate, threatening, offensive,
            
-or harmful.
            
-
-
            Community leaders have the right and responsibility to remove, edit, or reject
            
-comments, commits, code, wiki edits, issues, and other contributions that are
            
-not aligned to this Code of Conduct, and will communicate reasons for moderation
            
-decisions when appropriate.
            
-
-
            Scope
            
-
-
            This Code of Conduct applies within all community spaces, and also applies when
            
-an individual is officially representing the community in public spaces.
            
-Examples of representing our community include using an official email address,
            
-posting via an official social media account, or acting as an appointed
            
-representative at an online or offline event.
            
-
-
            Enforcement
            
-
-
            Instances of abusive, harassing, or otherwise unacceptable behavior may be
            
-reported to the community leaders responsible for enforcement at
            
-Contact Maintainer.
            
-All complaints will be reviewed and investigated promptly and fairly.
            
-
-
            All community leaders are obligated to respect the privacy and security of the
            
-reporter of any incident.
            
-
-
            Enforcement Guidelines
            
-
-
            Community leaders will follow these Community Impact Guidelines in determining
            
-the consequences for any action they deem in violation of this Code of Conduct:
            
-
-
            1. Correction
            
-
-
            Community Impact: Use of inappropriate language or other behavior deemed
            
-unprofessional or unwelcome in the community.
            
-
-
            Consequence: A private, written warning from community leaders, providing
            
-clarity around the nature of the violation and an explanation of why the
            
-behavior was inappropriate. A public apology may be requested.
            
-
-
            2. Warning
            
-
-
            Community Impact: A violation through a single incident or series of
            
-actions.
            
-
-
            Consequence: A warning with consequences for continued behavior. No
            
-interaction with the people involved, including unsolicited interaction with
            
-those enforcing the Code of Conduct, for a specified period of time. This
            
-includes avoiding interactions in community spaces as well as external channels
            
-like social media. Violating these terms may lead to a temporary or permanent
            
-ban.
            
-
-
            3. Temporary Ban
            
-
-
            Community Impact: A serious violation of community standards, including
            
-sustained inappropriate behavior.
            
-
-
            Consequence: A temporary ban from any sort of interaction or public
            
-communication with the community for a specified period of time. No public or
            
-private interaction with the people involved, including unsolicited interaction
            
-with those enforcing the Code of Conduct, is allowed during this period.
            
-Violating these terms may lead to a permanent ban.
            
-
-
            4. Permanent Ban
            
-
-
            Community Impact: Demonstrating a pattern of violation of community
            
-standards, including sustained inappropriate behavior, harassment of an
            
-individual, or aggression toward or disparagement of classes of individuals.
            
-
-
            Consequence: A permanent ban from any sort of public interaction within the
            
-community.
            
-
-
            Attribution
            
-
-
            This Code of Conduct is adapted from the Contributor Covenant,
            
-version 2.1, available at
            
-https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
            
-
-
            Community Impact Guidelines were inspired by
            
-Mozilla’s code of conduct enforcement ladder.
            
-
-
            For answers to common questions about this code of conduct, see the FAQ at
            
-https://www.contributor-covenant.org/faq. Translations are available at
            
-https://www.contributor-covenant.org/translations.
            
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 3b2e75d4..e69de29b 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -1,314 +0,0 @@
-
-
-  
-    
-
-
-  File: CONTRIBUTING
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Contributing
            
-
-
            Bug reports and pull requests are welcome on CodeBerg, GitLab, or GitHub.
            
-This project should be a safe, welcoming space for collaboration, so contributors agree to adhere to
            
-the code of conduct.
            
-
-
            To submit a patch, please fork the project, create a patch with tests, and send a pull request.
            
-
-
            Remember to Keep A Changelog if you make changes.
            
-
-
            Help out!
            
-
-
            Take a look at the reek list which is the file called REEK and find something to improve.
            
-
-
            Follow these instructions:
            
-
-
              
-  
            1. Fork the repository
              2. 
-  
            2. Create a feature branch (git checkout -b my-new-feature)
              3. 
-  
            3. Make some fixes.
              4. 
-  
            4. Commit changes (git commit -am 'Added some feature')
              5. 
-  
            5. Push to the branch (git push origin my-new-feature)
              6. 
-  
            6. Make sure to add tests for it. This is important, so it doesn’t break in a future release.
              7. 
-  
            7. Create new Pull Request.
              8. 
-
            
-
-
            Executables vs Rake tasks
            
-
-
            Executables shipped by dependencies, such as kettle-dev, and stone_checksums, are available
            
-after running bin/setup. These include:
            
-
-
              
-  
            • gem_checksums
              • 
-  
            • kettle-changelog
              • 
-  
            • kettle-commit-msg
              • 
-  
            • kettle-dev-setup
              • 
-  
            • kettle-dvcs
              • 
-  
            • kettle-pre-release
              • 
-  
            • kettle-readme-backers
              • 
-  
            • kettle-release
              • 
-
            
-
-
            There are many Rake tasks available as well. You can see them by running:
            
-
-
            bin/rake -T
-
            
-
-
            Environment Variables for Local Development
            
-
-
            Below are the primary environment variables recognized by stone_checksums (and its integrated tools). Unless otherwise noted, set boolean values to the string “true” to enable.
            
-
-
            General/runtime
            
-
              
-  
            • DEBUG: Enable extra internal logging for this library (default: false)
              • 
-  
            • REQUIRE_BENCH: Enable require_bench to profile requires (default: false)
              • 
-  
            • CI: When set to true, adjusts default rake tasks toward CI behavior
              • 
-
            
-
-
            Coverage (kettle-soup-cover / SimpleCov)
            
-
              
-  
            • K_SOUP_COV_DO: Enable coverage collection (default: true in .envrc)
              • 
-  
            • K_SOUP_COV_FORMATTERS: Comma-separated list of formatters (html, xml, rcov, lcov, json, tty)
              • 
-  
            • K_SOUP_COV_MIN_LINE: Minimum line coverage threshold (integer, e.g., 100)
              • 
-  
            • K_SOUP_COV_MIN_BRANCH: Minimum branch coverage threshold (integer, e.g., 100)
              • 
-  
            • K_SOUP_COV_MIN_HARD: Fail the run if thresholds are not met (true/false)
              • 
-  
            • K_SOUP_COV_MULTI_FORMATTERS: Enable multiple formatters at once (true/false)
              • 
-  
            • K_SOUP_COV_OPEN_BIN: Path to browser opener for HTML (empty disables auto-open)
              • 
-  
            • MAX_ROWS: Limit console output rows for simplecov-console (e.g., 1)
              
-Tip: When running a single spec file locally, you may want K_SOUP_COV_MIN_HARD=false to avoid failing thresholds for a partial run.
              • 
-
            
-
-
            GitHub API and CI helpers
            
-
              
-  
            • GITHUB_TOKEN or GH_TOKEN: Token used by ci:act and release workflow checks to query GitHub Actions status at higher rate limits
              • 
-
            
-
-
            Releasing and signing
            
-
              
-  
            • SKIP_GEM_SIGNING: If set, skip gem signing during build/release
              • 
-  
            • GEM_CERT_USER: Username for selecting your public cert in certs/<USER>.pem (defaults to $USER)
              • 
-  
            • SOURCE_DATE_EPOCH: Reproducible build timestamp.
-    
                
-      
              • 
-kettle-release will set this automatically for the session.
                • 
-      
              • Not needed on bundler >= 2.7.0, as reproducible builds have become the default.
                • 
-    
              
-  
              • 
-
            
-
-
            Git hooks and commit message helpers (exe/kettle-commit-msg)
            
-
              
-  
            • GIT_HOOK_BRANCH_VALIDATE: Branch name validation mode (e.g., jira) or false to disable
              • 
-  
            • GIT_HOOK_FOOTER_APPEND: Append a footer to commit messages when goalie allows (true/false)
              • 
-  
            • GIT_HOOK_FOOTER_SENTINEL: Required when footer append is enabled — a unique first-line sentinel to prevent duplicates
              • 
-  
            • GIT_HOOK_FOOTER_APPEND_DEBUG: Extra debug output in the footer template (true/false)
              • 
-
            
-
-
            For a quick starting point, this repository’s .envrc shows sane defaults, and .env.local can override them locally.
            
-
-
            Appraisals
            
-
-
            From time to time the appraisal2 gemfiles in gemfiles/ will need to be updated.
            
-They are created and updated with the commands:
            
-
-
            bin/rake appraisal:update
-
            
-
-
            When adding an appraisal to CI, check the runner tool cache to see which runner to use.
            
-
-
            The Reek List
            
-
-
            Take a look at the reek list which is the file called REEK and find something to improve.
            
-
-
            To refresh the reek list:
            
-
-
            bundle exec reek > REEK
-
            
-
-
            Run Tests
            
-
-
            To run all tests
            
-
-
            bundle exec rake test
-
            
-
-
            Spec organization (required)
            
-
-
              
-  
            • One spec file per class/module. For each class or module under lib/, keep all of its unit tests in a single spec file under spec/ that mirrors the path and file name exactly: lib/oauth2/my_class.rb -> spec/oauth2/my_class_spec.rb.
              • 
-  
            • Exception: Integration specs that intentionally span multiple classes. Place these under spec/integration/ (or a clearly named integration folder), and do not directly mirror a single class. Name them after the scenario, not a class.
              • 
-
            
-
-
            Lint It
            
-
-
            Run all the default tasks, which includes running the gradually autocorrecting linter, rubocop-gradual.
            
-
-
            bundle exec rake
-
            
-
-
            Or just run the linter.
            
-
-
            bundle exec rake rubocop_gradual:autocorrect
-
            
-
-
            For more detailed information about using RuboCop in this project, please see the RUBOCOP.md guide. This project uses rubocop_gradual instead of vanilla RuboCop, which requires specific commands for checking violations.
            
-
-
            Important: Do not add inline RuboCop disables
            
-
-
            Never add # rubocop:disable ... / # rubocop:enable ... comments to code or specs (except when following the few existing rubocop:disable patterns for a rule already being disabled elsewhere in the code). Instead:
            
-
-
              
-  
            • Prefer configuration-based exclusions when a rule should not apply to certain paths or files (e.g., via .rubocop.yml).
              • 
-  
            • When a violation is temporary, and you plan to fix it later, record it in .rubocop_gradual.lock using the gradual workflow:
-    
                
-      
              • 
-bundle exec rake rubocop_gradual:autocorrect (preferred)
                • 
-      
              • 
-bundle exec rake rubocop_gradual:force_update (only when you cannot fix the violations immediately)
                • 
-    
              
-  
              • 
-
            
-
-
            As a general rule, fix style issues rather than ignoring them. For example, our specs should follow RSpec conventions like using described_class for the class under test.
            
-
-
            Contributors
            
-
-
            Your picture could be here!
            
-
-
            Contributors
            
-
-
            Made with contributors-img.
            
-
-
            Also see GitLab Contributors: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main
            
-
-
            For Maintainers
            
-
-
            One-time, Per-maintainer, Setup
            
-
-
            IMPORTANT: To sign a build,
            
-a public key for signing gems will need to be picked up by the line in the
            
-gemspec defining the spec.cert_chain (check the relevant ENV variables there).
            
-All releases are signed releases.
            
-See: RubyGems Security Guide
            
-
-
            NOTE: To build without signing the gem set SKIP_GEM_SIGNING to any value in the environment.
            
-
-
            To release a new version:
            
-
-
            Automated process
            
-
-
              
-  
            1. Update version.rb to contain the correct version-to-be-released.
              2. 
-  
            2. Run bundle exec kettle-changelog.
              3. 
-  
            3. Run bundle exec kettle-release.
              4. 
-  
            4. Stay awake and monitor the release process for any errors, and answer any prompts.
              5. 
-
            
-
-
            Manual process
            
-
-
              
-  
            1. Run bin/setup && bin/rake as a “test, coverage, & linting” sanity check
              2. 
-  
            2. Update the version number in version.rb, and ensure CHANGELOG.md reflects changes
              3. 
-  
            3. Run bin/setup && bin/rake again as a secondary check, and to update Gemfile.lock
-
              4. 
-  
            4. Run git commit -am "🔖 Prepare release v<VERSION>" to commit the changes
              5. 
-  
            5. Run git push to trigger the final CI pipeline before release, and merge PRs
-    
-  
              6. 
-  
            6. Run export GIT_TRUNK_BRANCH_NAME="$(git remote show origin | grep 'HEAD branch' | cut -d ' ' -f5)" && echo $GIT_TRUNK_BRANCH_NAME
-
              7. 
-  
            7. Run git checkout $GIT_TRUNK_BRANCH_NAME
-
              8. 
-  
            8. Run git pull origin $GIT_TRUNK_BRANCH_NAME to ensure latest trunk code
              9. 
-  
            9. Optional for older Bundler (< 2.7.0): Set SOURCE_DATE_EPOCH so rake build and rake release use the same timestamp and generate the same checksums
-    
                
-      
              • If your Bundler is >= 2.7.0, you can skip this; builds are reproducible by default.
                • 
-      
              • Run export SOURCE_DATE_EPOCH=$EPOCHSECONDS && echo $SOURCE_DATE_EPOCH
-
                • 
-      
              • If the echo above has no output, then it didn’t work.
                • 
-      
              • Note: zsh/datetime module is needed, if running zsh.
                • 
-      
              • In older versions of bash you can use date +%s instead, i.e. export SOURCE_DATE_EPOCH=$(date +%s) && echo $SOURCE_DATE_EPOCH
-
                • 
-    
              
-  
              10. 
-  
            10. Run bundle exec rake build
-
              11. 
-  
            11. Run bin/gem_checksums (more context 1, 2)
              
-to create SHA-256 and SHA-512 checksums. This functionality is provided by the stone_checksums
              
-gem.
-    
                
-      
              • The script automatically commits but does not push the checksums
                • 
-    
              
-  
              12. 
-  
            12. Sanity check the SHA256, comparing with the output from the bin/gem_checksums command:
-    
                
-      
              • sha256sum pkg/<gem name>-<version>.gem
                • 
-    
              
-  
              13. 
-  
            13. Run bundle exec rake release which will create a git tag for the version,
              
-push git commits and tags, and push the .gem file to the gem host configured in the gemspec.
              14. 
-
            
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index 6b8226e8..e69de29b 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -1,109 +0,0 @@
-
-
-  
-    
-
-
-  File: FUNDING
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            
-
-
            Official Discord 👉️ Live Chat on Discord
            
-
-
            Many paths lead to being a sponsor or a backer of this project. Are you on such a path?
            
-
-
            OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal
            
-
-
            Buy me a coffee Donate on Polar Donate to my FLOSS efforts at ko-fi.com Donate to my FLOSS efforts using Patreon
            
-
-
-
-
            🤑 A request for help
            
-
-
            Maintainers have teeth and need to pay their dentists.
            
-After getting laid off in an RIF in March, and encountering difficulty finding a new one,
            
-I began spending most of my time building open source tools.
            
-I’m hoping to be able to pay for my kids’ health insurance this month,
            
-so if you value the work I am doing, I need your support.
            
-Please consider sponsoring me or the project.
            
-
-
            To join the community or get help 👇️ Join the Discord.
            
-
-
            Live Chat on Discord
            
-
-
            To say “thanks!” ☝️ Join the Discord or 👇️ send money.
            
-
-
            Sponsor ruby-oauth/oauth2 on Open Source Collective 💌 Sponsor me on GitHub Sponsors 💌 Sponsor me on Liberapay 💌 Donate on PayPal
            
-
-
            Another Way to Support Open Source Software
            
-
-
            I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small.  Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions.  I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).
            
-
-
            If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.
            
-
-
            I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.
            
-
-
            Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags
            
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.IRP.html b/docs/file.IRP.html
index 73e80163..34f4624b 100644
--- a/docs/file.IRP.html
+++ b/docs/file.IRP.html
@@ -211,7 +211,7 @@ 
            Appendix: Example checklist
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index f6480a01..e69de29b 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -1,70 +0,0 @@
-
-
-  
-    
-
-
-  File: LICENSE
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            MIT License

            Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
            Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

            Permission is hereby granted, free of charge, to any person obtaining a copy
            of this software and associated documentation files (the "Software"), to deal
            in the Software without restriction, including without limitation the rights
            to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
            copies of the Software, and to permit persons to whom the Software is
            furnished to do so, subject to the following conditions:

            The above copyright notice and this permission notice shall be included in all
            copies or substantial portions of the Software.

            THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
            IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
            FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
            AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
            LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
            OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
            SOFTWARE.
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index c54c8780..e69de29b 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -1,266 +0,0 @@
-
-
-  
-    
-
-
-  File: OIDC
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            OpenID Connect (OIDC) with ruby-oauth/oauth2
            
-
-
            OIDC Libraries
            
-
-
            Libraries built on top of the oauth2 gem that implement OIDC.
            
-
-
-
-
            If any other libraries would like to be added to this list, please open an issue or pull request.
            
-
-
            Raw OIDC with ruby-oauth/oauth2
            
-
-
            This document complements the inline documentation by focusing on OpenID Connect (OIDC) 1.0 usage patterns when using this gem as an OAuth 2.0 client library.
            
-
-
            Scope of this document
            
-
-
              
-  
            • Audience: Developers building an OAuth 2.0/OIDC Relying Party (RP, aka client) in Ruby.
              • 
-  
            • Non-goals: This gem does not implement an OIDC Provider (OP, aka Authorization Server); for OP/server see other projects (e.g., doorkeeper + oidc extensions).
              • 
-  
            • Status: Informational documentation with links to normative specs. The gem intentionally remains protocol-agnostic beyond OAuth 2.0; OIDC specifics (like ID Token validation) must be handled by your application.
              • 
-
            
-
-
            Key concepts refresher
            
-
-
              
-  
            • OAuth 2.0 delegates authorization; it does not define authentication of the end-user.
              • 
-  
            • OIDC layers an identity layer on top of OAuth 2.0, introducing:
-    
                
-      
              • ID Token: a JWT carrying claims about the authenticated end-user and the authentication event.
                • 
-      
              • Standardized scopes: openid (mandatory), profile, email, address, phone, offline_access, and others.
                • 
-      
              • UserInfo endpoint: a protected resource for retrieving user profile claims.
                • 
-      
              • Discovery and Dynamic Client Registration (optional for providers/clients that support them).
                • 
-    
              
-  
              • 
-
            
-
-
            What this gem provides for OIDC
            
-
-
              
-  
            • All OAuth 2.0 client capabilities required for OIDC flows: building authorization requests, exchanging authorization codes, refreshing tokens, and making authenticated resource requests.
              • 
-  
            • Transport and parsing conveniences (snaky hash, Faraday integration, error handling, etc.).
              • 
-  
            • Optional client authentication schemes useful with OIDC deployments:
-    
                
-      
              • basic_auth (default)
                • 
-      
              • request_body (legacy)
                • 
-      
              • tls_client_auth (MTLS)
                • 
-      
              • private_key_jwt (OIDC-compliant when configured per OP requirements)
                • 
-    
              
-  
              • 
-
            
-
-
            What you must add in your app for OIDC
            
-
-
              
-  
            • ID Token validation: This gem surfaces id_token values but does not verify them. Your app should:
              
-1) Parse the JWT (header, payload, signature)
              
-2) Fetch the OP JSON Web Key Set (JWKS) from discovery (or configure statically)
              
-3) Select the correct key by kid (when present) and verify the signature and algorithm
              
-4) Validate standard claims (iss, aud, exp, iat, nbf, azp, nonce when used, at_hash/c_hash when applicable)
              
-5) Enforce expected client_id, issuer, and clock skew policies
              • 
-  
            • Nonce handling for Authorization Code flow with OIDC: generate a cryptographically-random nonce, bind it to the user session before redirect, include it in authorize request, and verify it in the ID Token on return.
              • 
-  
            • PKCE is best practice and often required by OPs: generate/verifier, send challenge in authorize, send verifier in token request.
              • 
-  
            • Session/state management: continue to validate state to mitigate CSRF; use exact redirect_uri matching.
              • 
-
            
-
-
            Minimal OIDC Authorization Code example
            
-
-
            require "oauth2"
-require "jwt"         # jwt/ruby-jwt
-require "net/http"
-require "json"
-
-client = OAuth2::Client.new(
-  ENV.fetch("OIDC_CLIENT_ID"),
-  ENV.fetch("OIDC_CLIENT_SECRET"),
-  site: ENV.fetch("OIDC_ISSUER"),              # e.g. https://accounts.example.com
-  authorize_url: "/authorize",                 # or discovered
-  token_url: "/token",                         # or discovered
-)
-
-# Step 1: Redirect to OP for consent/auth
-state = SecureRandom.hex(16)
-nonce = SecureRandom.hex(16)
-pkce_verifier = SecureRandom.urlsafe_base64(64)
-pkce_challenge = Base64.urlsafe_encode64(Digest::SHA256.digest(pkce_verifier)).delete("=")
-
-authz_url = client.auth_code.authorize_url(
-  scope: "openid profile email",
-  state: state,
-  nonce: nonce,
-  code_challenge: pkce_challenge,
-  code_challenge_method: "S256",
-  redirect_uri: ENV.fetch("OIDC_REDIRECT_URI"),
-)
-# redirect_to authz_url
-
-# Step 2: Handle callback
-# params[:code], params[:state]
-raise "state mismatch" unless params[:state] == state
-
-token = client.auth_code.get_token(
-  params[:code],
-  redirect_uri: ENV.fetch("OIDC_REDIRECT_URI"),
-  code_verifier: pkce_verifier,
-)
-
-# The token may include: access_token, id_token, refresh_token, etc.
-id_token = token.params["id_token"] || token.params[:id_token]
-
-# Step 3: Validate the ID Token (simplified – add your own checks!)
-# Discover keys (example using .well-known)
-issuer = ENV.fetch("OIDC_ISSUER")
-jwks_uri = JSON.parse(Net::HTTP.get(URI.join(issuer, "/.well-known/openid-configuration"))).
-  fetch("jwks_uri")
-jwks = JSON.parse(Net::HTTP.get(URI(jwks_uri)))
-keys = jwks.fetch("keys")
-
-# Use ruby-jwt JWK loader
-jwk_set = JWT::JWK::Set.new(keys.map { |k| JWT::JWK.import(k) })
-
-decoded, headers = JWT.decode(
-  id_token,
-  nil,
-  true,
-  algorithms: ["RS256", "ES256", "PS256"],
-  jwks: jwk_set,
-  verify_iss: true,
-  iss: issuer,
-  verify_aud: true,
-  aud: ENV.fetch("OIDC_CLIENT_ID"),
-)
-
-# Verify nonce
-raise "nonce mismatch" unless decoded["nonce"] == nonce
-
-# Optionally: call UserInfo
-userinfo = token.get("/userinfo").parsed
-
            
-
-
            Notes on discovery and registration
            
-
-
              
-  
            • Discovery: Most OPs publish configuration at {issuer}/.well-known/openid-configuration (OIDC Discovery 1.0). From there, resolve authorization_endpoint, token_endpoint, jwks_uri, userinfo_endpoint, etc.
              • 
-  
            • Dynamic Client Registration: Some OPs allow registering clients programmatically (OIDC Dynamic Client Registration 1.0). This gem does not implement registration; use a plain HTTP client or Faraday and store credentials securely.
              • 
-
            
-
-
            Common pitfalls and tips
            
-
-
              
-  
            • Always request the openid scope when you expect an ID Token. Without it, the OP may behave as vanilla OAuth 2.0.
              • 
-  
            • Validate ID Token signature and claims before trusting any identity data. Do not rely solely on the presence of an id_token field.
              • 
-  
            • Prefer Authorization Code + PKCE. Avoid Implicit; it is discouraged in modern guidance and may be disabled by providers.
              • 
-  
            • Use exact redirect_uri matching, and keep your allow-list short.
              • 
-  
            • For public clients that use refresh tokens, prefer sender-constrained tokens (DPoP/MTLS) or rotation with one-time-use refresh tokens, per modern best practices.
              • 
-  
            • When using private_key_jwt, ensure the “aud” (or token_url) and “iss/sub” claims are set per the OP’s rules, and include kid in the JWT header when required so the OP can select the right key.
              • 
-
            
-
-
            Relevant specifications and references
            
-
-
              
-  
            • OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html
              • 
-  
            • OIDC Core (final): https://openid.net/specs/openid-connect-core-1_0-final.html
              • 
-  
            • How OIDC works: https://openid.net/developers/how-connect-works/
              • 
-  
            • OpenID Connect home: https://openid.net/connect/
              • 
-  
            • OIDC Discovery 1.0: https://openid.net/specs/openid-connect-discovery-1_0.html
              • 
-  
            • OIDC Dynamic Client Registration 1.0: https://openid.net/specs/openid-connect-registration-1_0.html
              • 
-  
            • OIDC Session Management 1.0: https://openid.net/specs/openid-connect-session-1_0.html
              • 
-  
            • OIDC RP-Initiated Logout 1.0: https://openid.net/specs/openid-connect-rpinitiated-1_0.html
              • 
-  
            • OIDC Back-Channel Logout 1.0: https://openid.net/specs/openid-connect-backchannel-1_0.html
              • 
-  
            • OIDC Front-Channel Logout 1.0: https://openid.net/specs/openid-connect-frontchannel-1_0.html
              • 
-  
            • Auth0 OIDC overview: https://auth0.com/docs/authenticate/protocols/openid-connect-protocol
              • 
-  
            • Spring Authorization Server’s list of OAuth2/OIDC specs: https://github.com/spring-projects/spring-authorization-server/wiki/OAuth2-and-OIDC-Specifications
              • 
-
            
-
-
            See also
            
-
-
              
-  
            • README sections on OAuth 2.1 notes and OIDC notes
              • 
-  
            • Strategy classes under lib/oauth2/strategy for flow helpers
              • 
-  
            • Specs under spec/oauth2 for concrete usage patterns
              • 
-
            
-
-
            Contributions welcome
            
-
-
              
-  
            • If you discover provider-specific nuances, consider contributing examples or clarifications (without embedding provider-specific hacks into the library).
              • 
-
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.README.html b/docs/file.README.html
index 50815d28..b8856d16 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -305,7 +305,7 @@ 
            💡 Info you can shake a stick at
            
     
            
       Compliance
       
-License: MIT Compatible with Apache Software Projects: Verified by SkyWalking Eyes 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
+License: MIT Compatible with Apache Software Projects: Verified by SkyWalking Eyes 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
 
     
            
     
            
 
            
 
 
            NOTE: The 1.4 series will only receive critical security updates.
            
-See SECURITY.md and IRP.md.
            
+See SECURITY.md and IRP.md.
            
 
 
            ⚙️ Configuration
            
 
@@ -1409,7 +1409,7 @@ 
            OpenID Connect (OIDC) Notes
            
 
              
   
            • If the token response includes an id_token (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider’s JWKs to verify it.
              • 
   
            • For private_key_jwt client authentication, provide auth_scheme: :private_key_jwt and ensure your key configuration matches the provider requirements.
              • 
-  
            • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
              • 
+  
            • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
              • 
 
            
 
 
            Debugging
            
@@ -1490,21 +1490,21 @@ 
            🔐 Security
            
 
            To report a security vulnerability, please use the Tidelift security contact.
            
 Tidelift will coordinate the fix and disclosure.
            
 
-
            For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
            
+
            For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
            
 
 
            🤝 Contributing
            
 
 
            If you need some ideas of where to help, you could work on adding more code coverage,
            
-or if it is already 💯 (see below) check reek, issues, or PRs,
            
+or if it is already 💯 (see below) check reek, issues, or PRs,
            
 or use the gem and think about how it could be better.
            
 
 
            We Keep A Changelog so if you make changes, remember to update it.
            
 
-
            See CONTRIBUTING.md for more detailed instructions.
            
+
            See CONTRIBUTING.md for more detailed instructions.
            
 
 
            🚀 Release Instructions
            
 
-
            See CONTRIBUTING.md.
            
+
            See CONTRIBUTING.md.
            
 
 
            Code Coverage
            
 
@@ -1517,7 +1517,7 @@ 
            Code Coverage
            
 
            🪇 Code of Conduct
            
 
 
            Everyone interacting with this project’s codebases, issue trackers,
            
-chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
            
+chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
            
 
 
            🌈 Contributors
            
 
@@ -1578,13 +1578,13 @@ 
            📌 Versioning
            
 
 
 
-
            See CHANGELOG.md for a list of releases.
            
+
            See CHANGELOG.md for a list of releases.
            
 
 
            📄 License
            
 
 
            The gem is available as open source under the terms of
            
-the MIT License License: MIT.
            
-See LICENSE.txt for the official Copyright Notice.
            
+the MIT License License: MIT.
            
+See LICENSE.txt for the official Copyright Notice.
            
 
 
            © Copyright
            
 
@@ -1636,7 +1636,7 @@ 
            Please give the project a star ⭐ ♥
 
            
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index fc7c71a8..e69de29b 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: REEK
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index fa028a86..e69de29b 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -1,171 +0,0 @@
-
-
-  
-    
-
-
-  File: RUBOCOP
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            RuboCop Usage Guide
            
-
-
            Overview
            
-
-
            A tale of two RuboCop plugin gems.
            
-
-
            RuboCop Gradual
            
-
-
            This project uses rubocop_gradual instead of vanilla RuboCop for code style checking. The rubocop_gradual tool allows for gradual adoption of RuboCop rules by tracking violations in a lock file.
            
-
-
            RuboCop LTS
            
-
-
            This project uses rubocop-lts to ensure, on a best-effort basis, compatibility with Ruby >= 1.9.2.
            
-RuboCop rules are meticulously configured by the rubocop-lts family of gems to ensure that a project is compatible with a specific version of Ruby. See: https://rubocop-lts.gitlab.io for more.
            
-
-
            Checking RuboCop Violations
            
-
-
            To check for RuboCop violations in this project, always use:
            
-
-
            bundle exec rake rubocop_gradual:check
-
            
-
-
            Do not use the standard RuboCop commands like:
            
-
              
-  
            • bundle exec rubocop
              • 
-  
            • rubocop
              • 
-
            
-
-
            Understanding the Lock File
            
-
-
            The .rubocop_gradual.lock file tracks all current RuboCop violations in the project. This allows the team to:
            
-
-
              
-  
            1. Prevent new violations while gradually fixing existing ones
              2. 
-  
            2. Track progress on code style improvements
              3. 
-  
            3. Ensure CI builds don’t fail due to pre-existing violations
              4. 
-
            
-
-
            Common Commands
            
-
-
              
-  
            • 
-Check violations
-    
                
-      
              • bundle exec rake rubocop_gradual
                • 
-      
              • bundle exec rake rubocop_gradual:check
                • 
-    
              
-  
              • 
-  
            • 
-(Safe) Autocorrect violations, and update lockfile if no new violations
-    
                
-      
              • bundle exec rake rubocop_gradual:autocorrect
                • 
-    
              
-  
              • 
-  
            • 
-Force update the lock file (w/o autocorrect) to match violations present in code
-    
                
-      
              • bundle exec rake rubocop_gradual:force_update
                • 
-    
              
-  
              • 
-
            
-
-
            Workflow
            
-
-
              
-  
            1. Before submitting a PR, run bundle exec rake rubocop_gradual:autocorrect
              
-a. or just the default bundle exec rake, as autocorrection is a pre-requisite of the default task.
              2. 
-  
            2. If there are new violations, either:
-    
                
-      
              • Fix them in your code
                • 
-      
              • Run bundle exec rake rubocop_gradual:force_update to update the lock file (only for violations you can’t fix immediately)
                • 
-    
              
-  
              3. 
-  
            3. Commit the updated .rubocop_gradual.lock file along with your changes
              4. 
-
            
-
-
            Never add inline RuboCop disables
            
-
-
            Do not add inline rubocop:disable / rubocop:enable comments anywhere in the codebase (including specs, except when following the few existing rubocop:disable patterns for a rule already being disabled elsewhere in the code). We handle exceptions in two supported ways:
            
-
-
              
-  
            • Permanent/structural exceptions: prefer adjusting the RuboCop configuration (e.g., in .rubocop.yml) to exclude a rule for a path or file pattern when it makes sense project-wide.
              • 
-  
            • Temporary exceptions while improving code: record the current violations in .rubocop_gradual.lock via the gradual workflow:
-    
                
-      
              • 
-bundle exec rake rubocop_gradual:autocorrect (preferred; will autocorrect what it can and update the lock only if no new violations were introduced)
                • 
-      
              • If needed, bundle exec rake rubocop_gradual:force_update (as a last resort when you cannot fix the newly reported violations immediately)
                • 
-    
              
-  
              • 
-
            
-
-
            In general, treat the rules as guidance to follow; fix violations rather than ignore them. For example, RSpec conventions in this project expect described_class to be used in specs that target a specific class under test.
            
-
-
            Benefits of rubocop_gradual
            
-
-
              
-  
            • Allows incremental adoption of code style rules
              • 
-  
            • Prevents CI failures due to pre-existing violations
              • 
-  
            • Provides a clear record of code style debt
              • 
-  
            • Enables focused efforts on improving code quality over time
              • 
-
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 2ac3d53d..e69de29b 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -1,103 +0,0 @@
-
-
-  
-    
-
-
-  File: SECURITY
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Security Policy
            
-
-
            Supported Versions
            
-
-
-  
-    
-      
-      
-    
-  
-  
-    
-      
-      
-    
-  
-
            VersionSupported
            1.latest
            
-
-
            Security contact information
            
-
-
            To report a security vulnerability, please use the
            
-Tidelift security contact.
            
-Tidelift will coordinate the fix and disclosure.
            
-
-
            More detailed explanation of the process is in IRP.md
            
-
-
            Additional Support
            
-
-
            If you are interested in support for versions older than the latest release,
            
-please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
            
-or find other sponsorship links in the README.
            
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.THREAT_MODEL.html b/docs/file.THREAT_MODEL.html
index 054a049e..e69de29b 100644
--- a/docs/file.THREAT_MODEL.html
+++ b/docs/file.THREAT_MODEL.html
@@ -1,216 +0,0 @@
-
-
-  
-    
-
-
-  File: THREAT_MODEL
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Threat Model Outline for oauth2 Ruby Gem
            
-
-
            1. Overview
            
-
            This document outlines the threat model for the oauth2 Ruby gem, which implements OAuth 2.0, 2.1, and OIDC Core protocols. The gem is used to facilitate secure authorization and authentication in Ruby applications.
            
-
-
            2. Assets to Protect
            
-
              
-  
            • OAuth access tokens, refresh tokens, and ID tokens
              • 
-  
            • User credentials (if handled)
              • 
-  
            • Client secrets and application credentials
              • 
-  
            • Sensitive user data accessed via OAuth
              • 
-  
            • Private keys and certificates (for signing/verifying tokens)
              • 
-
            
-
-
            3. Potential Threat Actors
            
-
              
-  
            • External attackers (internet-based)
              • 
-  
            • Malicious OAuth clients or resource servers
              • 
-  
            • Insiders (developers, maintainers)
              • 
-  
            • Compromised dependencies
              • 
-
            
-
-
            4. Attack Surfaces
            
-
              
-  
            • OAuth endpoints (authorization, token, revocation, introspection)
              • 
-  
            • HTTP request/response handling
              • 
-  
            • Token storage and management
              • 
-  
            • Configuration files and environment variables
              • 
-  
            • Dependency supply chain
              • 
-
            
-
-
            5. Threats and Mitigations
            
-
-
            5.1 Token Leakage
            
-
              
-  
            • 
-Threat: Tokens exposed via logs, URLs, or insecure storage
              • 
-  
            • 
-Mitigations:
-    
                
-      
              • Avoid logging sensitive tokens
                • 
-      
              • Use secure storage mechanisms
                • 
-      
              • Never expose tokens in URLs
                • 
-    
              
-  
              • 
-
            
-
-
            5.2 Token Replay and Forgery
            
-
              
-  
            • 
-Threat: Attackers reuse or forge tokens
              • 
-  
            • 
-Mitigations:
-    
                
-      
              • Validate token signatures and claims
                • 
-      
              • Use short-lived tokens and refresh tokens
                • 
-      
              • Implement token revocation
                • 
-    
              
-  
              • 
-
            
-
-
            5.3 Insecure Communication
            
-
              
-  
            • 
-Threat: Data intercepted via MITM attacks
              • 
-  
            • 
-Mitigations:
-    
                
-      
              • Enforce HTTPS for all communications
                • 
-      
              • Validate SSL/TLS certificates
                • 
-    
              
-  
              • 
-
            
-
-
            5.4 Client Secret Exposure
            
-
              
-  
            • 
-Threat: Client secrets leaked in code or version control
              • 
-  
            • 
-Mitigations:
-    
                
-      
              • Store secrets in environment variables or secure vaults
                • 
-      
              • Never commit secrets to source control
                • 
-    
              
-  
              • 
-
            
-
-
            5.5 Dependency Vulnerabilities
            
-
              
-  
            • 
-Threat: Vulnerabilities in third-party libraries
              • 
-  
            • 
-Mitigations:
-    
                
-      
              • Regularly update dependencies
                • 
-      
              • Use tools like bundler-audit for vulnerability scanning
                • 
-    
              
-  
              • 
-
            
-
-
            5.6 Improper Input Validation
            
-
              
-  
            • 
-Threat: Injection attacks via untrusted input
              • 
-  
            • 
-Mitigations:
-    
                
-      
              • Validate and sanitize all inputs
                • 
-      
              • Use parameterized queries and safe APIs
                • 
-    
              
-  
              • 
-
            
-
-
            5.7 Insufficient Logging and Monitoring
            
-
              
-  
            • 
-Threat: Attacks go undetected
              • 
-  
            • 
-Mitigations:
-    
                
-      
              • Log security-relevant events (without sensitive data)
                • 
-      
              • Monitor for suspicious activity
                • 
-    
              
-  
              • 
-
            
-
-
            6. Assumptions
            
-
              
-  
            • The gem is used in a secure environment with up-to-date Ruby and dependencies
              • 
-  
            • End-users are responsible for secure configuration and deployment
              • 
-
            
-
-
            7. Out of Scope
            
-
              
-  
            • Security of external OAuth providers
              • 
-  
            • Application-level business logic
              • 
-
            
-
-
            8. References
            
-
-
-
            
-
            This outline should be reviewed and updated regularly as the project evolves.
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 65e4aaa8..e69de29b 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -1,94 +0,0 @@
-
-
-  
-    
-
-
-  File: access_token
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            module OAuth2
            
-  class AccessToken
            
-    def self.from_hash: (OAuth2::Client, Hash[untyped, untyped]) -> OAuth2::AccessToken
            
-    def self.from_kvform: (OAuth2::Client, String) -> OAuth2::AccessToken
            
-
-
            def initialize: (OAuth2::Client, String, ?Hash[Symbol, untyped]) -> void
-def []: (String | Symbol) -> untyped
-def expires?: () -> bool
-def expired?: () -> bool
-def refresh: (?Hash[untyped, untyped], ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::AccessToken
-def revoke: (?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-def to_hash: () -> Hash[Symbol, untyped]
-def request: (Symbol, String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-def get: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-def post: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-def put: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-def patch: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-def delete: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-def headers: () -> Hash[String, String]
-def configure_authentication!: (Hash[Symbol, untyped], Symbol) -> void
-def convert_expires_at: (untyped) -> (Time | Integer | nil)
-
-attr_accessor response: OAuth2::Response   end end
-
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index bd9ad4f3..e69de29b 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -1,91 +0,0 @@
-
-
-  
-    
-
-
-  File: authenticator
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            module OAuth2
            
-  class Authenticator
            
-    include OAuth2::FilteredAttributes
            
-
-
            attr_reader mode: (Symbol | String)
-attr_reader id: String?
-attr_reader secret: String?
-
-def initialize: (String? id, String? secret, (Symbol | String) mode) -> void
-
-def apply: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
-
-def self.encode_basic_auth: (String, String) -> String
-
-private
-
-def apply_params_auth: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
-def apply_client_id: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
-def apply_basic_auth: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
-def basic_auth_header: () -> Hash[String, String]   end end
-
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.client.html b/docs/file.client.html
index 9015aa65..e69de29b 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -1,121 +0,0 @@
-
-
-  
-    
-
-
-  File: client
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            module OAuth2
            
-  class Client
            
-    RESERVED_REQ_KEYS: Array[String]
            
-    RESERVED_PARAM_KEYS: Array[String]
            
-
-
            include OAuth2::FilteredAttributes
-
-attr_reader id: String
-attr_reader secret: String
-attr_reader site: String?
-attr_accessor options: Hash[Symbol, untyped]
-attr_writer connection: untyped
-
-def initialize: (String client_id, String client_secret, ?Hash[Symbol, untyped]) { (untyped) -> void } -> void
-
-def site=: (String) -> String
-
-def connection: () -> untyped
-
-def authorize_url: (?Hash[untyped, untyped]) -> String
-def token_url: (?Hash[untyped, untyped]) -> String
-def revoke_url: (?Hash[untyped, untyped]) -> String
-
-def request: (Symbol verb, String url, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-
-def get_token: (Hash[untyped, untyped] params, ?Hash[Symbol, untyped] access_token_opts, ?Proc) { (Hash[Symbol, untyped]) -> void } -> (OAuth2::AccessToken | nil)
-
-def revoke_token: (String token, ?String token_type_hint, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
-
-def http_method: () -> Symbol
-
-def auth_code: () -> OAuth2::Strategy::AuthCode
-def implicit: () -> OAuth2::Strategy::Implicit
-def password: () -> OAuth2::Strategy::Password
-def client_credentials: () -> OAuth2::Strategy::ClientCredentials
-def assertion: () -> OAuth2::Strategy::Assertion
-
-def redirection_params: () -> Hash[String, String]
-
-private
-
-def params_to_req_opts: (Hash[untyped, untyped]) -> Hash[Symbol, untyped]
-def parse_snaky_params_headers: (Hash[untyped, untyped]) -> [Symbol, bool, untyped, (Symbol | nil), Hash[untyped, untyped], Hash[String, String]]
-def execute_request: (Symbol verb, String url, ?Hash[Symbol, untyped]) { (Faraday::Request) -> void } -> OAuth2::Response
-def authenticator: () -> OAuth2::Authenticator
-def parse_response_legacy: (OAuth2::Response, Hash[Symbol, untyped], Proc) -> (OAuth2::AccessToken | nil)
-def parse_response: (OAuth2::Response, Hash[Symbol, untyped]) -> (OAuth2::AccessToken | nil)
-def build_access_token: (OAuth2::Response, Hash[Symbol, untyped], untyped) -> OAuth2::AccessToken
-def build_access_token_legacy: (OAuth2::Response, Hash[Symbol, untyped], Proc) -> (OAuth2::AccessToken | nil)
-def oauth_debug_logging: (untyped) -> void   end end
-
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.error.html b/docs/file.error.html
index ba7da6a6..e69de29b 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -1,78 +0,0 @@
-
-
-  
-    
-
-
-  File: error
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            module OAuth2
            
-  class Error < StandardError
            
-    def initialize: (OAuth2::Response) -> void
            
-    def code: () -> (String | Integer | nil)
            
-    def description: () -> (String | nil)
            
-    def response: () -> OAuth2::Response
            
-  end
            
-end
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index 5cf2e2f9..e69de29b 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -1,76 +0,0 @@
-
-
-  
-    
-
-
-  File: filtered_attributes
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            module OAuth2
            
-  module FilteredAttributes
            
-    def self.included: (untyped) -> untyped
            
-    def filtered_attributes: (*String) -> void
            
-  end
            
-end
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index eb6e5b05..e69de29b 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2-2.0.10.gem
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            e692f68ab79677ee7fa9300bbd5e0c41de08642d51659a49ca7fd742230445601ad3c2d271ee110718d58a27383aba0c25ddbdbef5b13f7c18585cdfda74850b
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index a3bcde43..e69de29b 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2-2.0.11.gem
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            048743f9efd89460231738885c9c0de7b36433055eefc66331b91eee343885cd9145bbac239c6121d13b716633fb8385fa886ce854bf14142f9894e6c8f19ba2
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index bb176075..e69de29b 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2-2.0.12.gem
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            a209c7a0c4b9d46ccb00e750af8899c01d52648ca77a0d40b934593de53edc4f2774440fc50733c0e5098672c6c5a4a20f8709046be427fcf032f45922dff2d2
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index d43805a4..8068efe3 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
index 1706e312..e69de29b 100644
--- a/docs/file.oauth2-2.0.14.gem.html
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2-2.0.14.gem
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            5ce561a6b103a123d9b96e1e4725c07094bd6e58c135cc775ae9d5a055c031169ca6d6de379c2569daf1dd8ab2727079db3c80aa8568d6947e94a0c06b4c6d2b
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.15.gem.html b/docs/file.oauth2-2.0.15.gem.html
index 89123e68..e69de29b 100644
--- a/docs/file.oauth2-2.0.15.gem.html
+++ b/docs/file.oauth2-2.0.15.gem.html
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2-2.0.15.gem
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            287a5d2cff87b4f37dde7b97f0fc31ee4c79edcc451b33694d1ba6f13d218cd04848780a857b94b93b656d6d81de4f4fcb4e8345f432cee17a6d96bd3f313df2
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.16.gem.html b/docs/file.oauth2-2.0.16.gem.html
index ec2b5f0a..e69de29b 100644
--- a/docs/file.oauth2-2.0.16.gem.html
+++ b/docs/file.oauth2-2.0.16.gem.html
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2-2.0.16.gem
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            49788bf25c3afcc08171f92c3c8a21b4bcd322aae0834f69ae77c08963f54be6c9155588ca66f82022af897ddd0bf28b0c5ee254bc9fe533d1a37b1d52f409be
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2-2.0.17.gem.html b/docs/file.oauth2-2.0.17.gem.html
index 72b314c5..e69de29b 100644
--- a/docs/file.oauth2-2.0.17.gem.html
+++ b/docs/file.oauth2-2.0.17.gem.html
@@ -1,71 +0,0 @@
-
-
-  
-    
-
-
-  File: oauth2-2.0.17.gem
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            6385dfb2d4cb0309745de2d442d99c6148744abaca5599bd1e4f6038e99734d9cf90d1de83d1833e416e2682f0e3d6ae83e10a5a55d6e884b9cdc54e6070fb8b
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index a6c2acc6..d68c15d5 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index ddde2640..e69de29b 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -1,87 +0,0 @@
-
-
-  
-    
-
-
-  File: response
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            module OAuth2
            
-  class Response
            
-    DEFAULT_OPTIONS: Hash[Symbol, untyped]
            
-
-
            def self.register_parser: (Symbol key, (Array[String] | String) mime_types) { (String) -> untyped } -> void
-
-def initialize: (untyped response, parse: Symbol?, snaky: bool?, snaky_hash_klass: untyped?, options: Hash[Symbol, untyped]?) -> void
-def headers: () -> Hash[untyped, untyped]
-def status: () -> Integer
-def body: () -> String
-def parsed: () -> untyped
-def content_type: () -> (String | nil)
-def parser: () -> (untyped | nil)
-
-attr_reader response: untyped
-attr_accessor options: Hash[Symbol, untyped]   end end
-
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 4f19ebc6..e69de29b 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -1,103 +0,0 @@
-
-
-  
-    
-
-
-  File: strategy
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            module OAuth2
            
-  module Strategy
            
-    class Base
            
-      def initialize: (OAuth2::Client) -> void
            
-    end
            
-
-
            class AuthCode < Base
-  def authorize_params: (?Hash[untyped, untyped]) -> Hash[untyped, untyped]
-  def authorize_url: (?Hash[untyped, untyped]) -> String
-  def get_token: (String, ?Hash[untyped, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
-end
-
-class Implicit < Base
-  def authorize_params: (?Hash[untyped, untyped]) -> Hash[untyped, untyped]
-  def authorize_url: (?Hash[untyped, untyped]) -> String
-  def get_token: (*untyped) -> void
-end
-
-class Password < Base
-  def authorize_url: () -> void
-  def get_token: (String, String, ?Hash[untyped, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
-end
-
-class ClientCredentials < Base
-  def authorize_url: () -> void
-  def get_token: (?Hash[untyped, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
-end
-
-class Assertion < Base
-  def authorize_url: () -> void
-  def get_token: (Hash[untyped, untyped], Hash[Symbol, untyped], ?Hash[Symbol, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
-end   end end
-
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file.version.html b/docs/file.version.html
index 58fd6b82..e69de29b 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -1,75 +0,0 @@
-
-
-  
-    
-
-
-  File: version
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            module OAuth2
            
-  module Version
            
-    VERSION: String
            
-  end
            
-end
            
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/docs/file_list.html b/docs/file_list.html
index 4fec7a08..b342b1fa 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -102,6 +102,196 @@ 
            File List
            
   
   
 
+  
          • 
+    
            CITATION
            
+  
            • 
+  
+
+  
          • 
+    
            CHANGELOG
            
+  
            • 
+  
+
+  
          • 
+    
            CODE_OF_CONDUCT
            
+  
            • 
+  
+
+  
          • 
+    
            CONTRIBUTING
            
+  
            • 
+  
+
+  
          • 
+    
            FUNDING
            
+  
            • 
+  
+
+  
          • 
+    
            IRP
            
+  
            • 
+  
+
+  
          • 
+    
            OIDC
            
+  
            • 
+  
+
+  
          • 
+    
            README
            
+  
            • 
+  
+
+  
          • 
+    
            RUBOCOP
            
+  
            • 
+  
+
+  
          • 
+    
            SECURITY
            
+  
            • 
+  
+
+  
          • 
+    
            THREAT_MODEL
            
+  
            • 
+  
+
+  
          • 
+    
            LICENSE
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.10.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.11.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.12.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.13.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.14.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.15.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.16.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.17.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.10.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.11.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.12.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.13.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.14.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.15.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.16.gem
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2-2.0.17.gem
            
+  
            • 
+  
+
+  
          • 
+    
            REEK
            
+  
            • 
+  
+
+  
          • 
+    
            access_token
            
+  
            • 
+  
+
+  
          • 
+    
            authenticator
            
+  
            • 
+  
+
+  
          • 
+    
            client
            
+  
            • 
+  
+
+  
          • 
+    
            error
            
+  
            • 
+  
+
+  
          • 
+    
            filtered_attributes
            
+  
            • 
+  
+
+  
          • 
+    
            response
            
+  
            • 
+  
+
+  
          • 
+    
            strategy
            
+  
            • 
+  
+
+  
          • 
+    
            version
            
+  
            • 
+  
+
+  
          • 
+    
            oauth2
            
+  
            • 
+  
+
 
       
     
diff --git a/docs/frames.html b/docs/frames.html
index 6586005f..e69de29b 100644
--- a/docs/frames.html
+++ b/docs/frames.html
@@ -1,22 +0,0 @@
-
-
-
-  
-	Documentation by YARD 0.9.37
-
-
-
-
diff --git a/docs/index.html b/docs/index.html
index a522c14e..d41b748e 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -305,7 +305,7 @@ 
            💡 Info you can shake a stick at
            
     
            
       Compliance
       
-License: MIT Compatible with Apache Software Projects: Verified by SkyWalking Eyes 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
+License: MIT Compatible with Apache Software Projects: Verified by SkyWalking Eyes 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
 
     
            
     
            
 
            
 
 
            NOTE: The 1.4 series will only receive critical security updates.
            
-See SECURITY.md and IRP.md.
            
+See SECURITY.md and IRP.md.
            
 
 
            ⚙️ Configuration
            
 
@@ -1409,7 +1409,7 @@ 
            OpenID Connect (OIDC) Notes
            
 
              
   
            • If the token response includes an id_token (a JWT), this gem surfaces it but does not validate the signature. Use a JWT library and your provider’s JWKs to verify it.
              • 
   
            • For private_key_jwt client authentication, provide auth_scheme: :private_key_jwt and ensure your key configuration matches the provider requirements.
              • 
-  
            • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
              • 
+  
            • See OIDC.md for a more complete OIDC overview, example, and links to the relevant specifications.
              • 
 
            
 
 
            Debugging
            
@@ -1490,21 +1490,21 @@ 
            🔐 Security
            
 
            To report a security vulnerability, please use the Tidelift security contact.
            
 Tidelift will coordinate the fix and disclosure.
            
 
-
            For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
            
+
            For more see SECURITY.md, THREAT_MODEL.md, and IRP.md.
            
 
 
            🤝 Contributing
            
 
 
            If you need some ideas of where to help, you could work on adding more code coverage,
            
-or if it is already 💯 (see below) check reek, issues, or PRs,
            
+or if it is already 💯 (see below) check reek, issues, or PRs,
            
 or use the gem and think about how it could be better.
            
 
 
            We Keep A Changelog so if you make changes, remember to update it.
            
 
-
            See CONTRIBUTING.md for more detailed instructions.
            
+
            See CONTRIBUTING.md for more detailed instructions.
            
 
 
            🚀 Release Instructions
            
 
-
            See CONTRIBUTING.md.
            
+
            See CONTRIBUTING.md.
            
 
 
            Code Coverage
            
 
@@ -1517,7 +1517,7 @@ 
            Code Coverage
            
 
            🪇 Code of Conduct
            
 
 
            Everyone interacting with this project’s codebases, issue trackers,
            
-chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
            
+chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.
            
 
 
            🌈 Contributors
            
 
@@ -1578,13 +1578,13 @@ 
            📌 Versioning
            
 
 
 
-
            See CHANGELOG.md for a list of releases.
            
+
            See CHANGELOG.md for a list of releases.
            
 
 
            📄 License
            
 
 
            The gem is available as open source under the terms of
            
-the MIT License License: MIT.
            
-See LICENSE.txt for the official Copyright Notice.
            
+the MIT License License: MIT.
            
+See LICENSE.txt for the official Copyright Notice.
            
 
 
            © Copyright
            
 
@@ -1636,7 +1636,7 @@ 
            Please give the project a star ⭐ ♥
 
            
 
       
diff --git a/docs/method_list.html b/docs/method_list.html
index 18aa7298..e69de29b 100644
--- a/docs/method_list.html
+++ b/docs/method_list.html
@@ -1,726 +0,0 @@
-
-
-  
-    
-    
-    
-      
-    
-      
-    
-
-    
-      
-    
-      
-    
-
-    Method List
-    
-  
-  
-    
            
-      
            
-        
            Method List
            
-        
-
-        
-      
            
-
-      
-    
            
-  
-
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 0e5416d9..e69de29b 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -1,110 +0,0 @@
-
-
-  
-    
-
-
-  Top Level Namespace
-  
-    — Documentation by YARD 0.9.37
-  
-
-
-  
-
-  
-
-
-
-
-  
-
-  
-
-
-  
-  
-    
            
-      
-      
            
-    
            
-
-    
            
-      
-
-      
            Top Level Namespace
-  
-  
-  
-
            
-
            
-  
-
-  
-  
-  
-  
-  
-
-  
-
-  
-
            
-
-
            Defined Under Namespace
            
-
            
-  
-    
-      Modules: OAuth2
-    
-  
-    
-  
-
            
-
-
-
-
-
-
-
-
-
-
            
-
-      
-
-    
            
-  
-
\ No newline at end of file
diff --git a/gemfiles/audit.gemfile b/gemfiles/audit.gemfile
index 0c4b0dc8..46af23c5 100644
--- a/gemfiles/audit.gemfile
+++ b/gemfiles/audit.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/coverage.gemfile b/gemfiles/coverage.gemfile
index 5190ee5c..ea228fb0 100644
--- a/gemfiles/coverage.gemfile
+++ b/gemfiles/coverage.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/current.gemfile b/gemfiles/current.gemfile
index d0b46ac0..8880702e 100644
--- a/gemfiles/current.gemfile
+++ b/gemfiles/current.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/dep_heads.gemfile b/gemfiles/dep_heads.gemfile
index 3173f86f..ceecfc2b 100644
--- a/gemfiles/dep_heads.gemfile
+++ b/gemfiles/dep_heads.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/head.gemfile b/gemfiles/head.gemfile
index 64bd1621..f22db7f3 100644
--- a/gemfiles/head.gemfile
+++ b/gemfiles/head.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gem "cgi", ">= 0.5"
 gem "benchmark", "~> 0.4", ">= 0.4.1"
diff --git a/gemfiles/ruby_2_3_hashie_v0.gemfile b/gemfiles/ruby_2_3_hashie_v0.gemfile
index 3d9948b0..e05db00c 100644
--- a/gemfiles/ruby_2_3_hashie_v0.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v0.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/ruby_2_3_hashie_v1.gemfile b/gemfiles/ruby_2_3_hashie_v1.gemfile
index 5d97162b..4c75f106 100644
--- a/gemfiles/ruby_2_3_hashie_v1.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v1.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/ruby_2_3_hashie_v2.gemfile b/gemfiles/ruby_2_3_hashie_v2.gemfile
index 9a8d02f0..d4c88a94 100644
--- a/gemfiles/ruby_2_3_hashie_v2.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v2.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/ruby_2_3_hashie_v3.gemfile b/gemfiles/ruby_2_3_hashie_v3.gemfile
index ea7cd525..d9707c54 100644
--- a/gemfiles/ruby_2_3_hashie_v3.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v3.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/ruby_2_3_hashie_v4.gemfile b/gemfiles/ruby_2_3_hashie_v4.gemfile
index 37e16961..fe6aa629 100644
--- a/gemfiles/ruby_2_3_hashie_v4.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v4.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/ruby_2_3_hashie_v5.gemfile b/gemfiles/ruby_2_3_hashie_v5.gemfile
index e888ef7d..80c73ee7 100644
--- a/gemfiles/ruby_2_3_hashie_v5.gemfile
+++ b/gemfiles/ruby_2_3_hashie_v5.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/ruby_2_4.gemfile b/gemfiles/ruby_2_4.gemfile
index 36a5018d..040a5e7a 100644
--- a/gemfiles/ruby_2_4.gemfile
+++ b/gemfiles/ruby_2_4.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/ruby_2_5.gemfile b/gemfiles/ruby_2_5.gemfile
index 191c0014..ebc8793a 100644
--- a/gemfiles/ruby_2_5.gemfile
+++ b/gemfiles/ruby_2_5.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/ruby_2_6.gemfile b/gemfiles/ruby_2_6.gemfile
index 547d3f94..cda9b771 100644
--- a/gemfiles/ruby_2_6.gemfile
+++ b/gemfiles/ruby_2_6.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/ruby_2_7.gemfile b/gemfiles/ruby_2_7.gemfile
index 1a3262a4..2a1c3f9f 100644
--- a/gemfiles/ruby_2_7.gemfile
+++ b/gemfiles/ruby_2_7.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
@@ -16,4 +16,4 @@ eval_gemfile("modular/multi_xml_v0_6.gemfile")
 
 eval_gemfile("modular/rack_v3.gemfile")
 
-eval_gemfile("modular/x_std_libs/r3.1/libs.gemfile")
+eval_gemfile("modular/x_std_libs/r2/libs.gemfile")
diff --git a/gemfiles/ruby_3_0.gemfile b/gemfiles/ruby_3_0.gemfile
index 92db0fcb..64aecbb9 100644
--- a/gemfiles/ruby_3_0.gemfile
+++ b/gemfiles/ruby_3_0.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/ruby_3_1.gemfile b/gemfiles/ruby_3_1.gemfile
index 92db0fcb..64aecbb9 100644
--- a/gemfiles/ruby_3_1.gemfile
+++ b/gemfiles/ruby_3_1.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/ruby_3_2.gemfile b/gemfiles/ruby_3_2.gemfile
index 7c4e1ec7..74a84749 100644
--- a/gemfiles/ruby_3_2.gemfile
+++ b/gemfiles/ruby_3_2.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/ruby_3_3.gemfile b/gemfiles/ruby_3_3.gemfile
index 7c4e1ec7..74a84749 100644
--- a/gemfiles/ruby_3_3.gemfile
+++ b/gemfiles/ruby_3_3.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/style.gemfile b/gemfiles/style.gemfile
index 58d3714e..f1d77e54 100644
--- a/gemfiles/style.gemfile
+++ b/gemfiles/style.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/gemfiles/unlocked_deps.gemfile b/gemfiles/unlocked_deps.gemfile
index 31c29e3e..50f8c85c 100644
--- a/gemfiles/unlocked_deps.gemfile
+++ b/gemfiles/unlocked_deps.gemfile
@@ -1,6 +1,6 @@
 # This file was generated by Appraisal2
 
-source "https://rubygems.org/"
+source "https://gem.coop/"
 
 gemspec path: "../"
 
diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb
index c87b3eda..b5e51565 100644
--- a/lib/oauth2/version.rb
+++ b/lib/oauth2/version.rb
@@ -2,6 +2,6 @@
 
 module OAuth2
   module Version
-    VERSION = "2.0.17"
+    VERSION = "2.0.18"
   end
 end

From fdb22ddea40ac1894d76c09a2fbeaacf4a9e49a8 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" 
Date: Sat, 8 Nov 2025 04:51:50 -0700
Subject: [PATCH 644/645] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20Checksums=20for?=
 =?UTF-8?q?=20v2.0.18?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

⚡️ A message from a fellow meat-based-AI ⚡️
- [❤️] Finely-crafted open-source tools like oauth2 (& many more) require time and effort.
- [❤️] Though I adore my work, it lacks financial sustainability.
- [❤️] Please, help me continue enhancing your tools by becoming a sponsor:
  - [💲] https://liberapay.com/pboling/donate
  - [💲] https://github.com/sponsors/pboling
---
 checksums/oauth2-2.0.18.gem.sha256 | 1 +
 checksums/oauth2-2.0.18.gem.sha512 | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 checksums/oauth2-2.0.18.gem.sha256
 create mode 100644 checksums/oauth2-2.0.18.gem.sha512

diff --git a/checksums/oauth2-2.0.18.gem.sha256 b/checksums/oauth2-2.0.18.gem.sha256
new file mode 100644
index 00000000..a1201909
--- /dev/null
+++ b/checksums/oauth2-2.0.18.gem.sha256
@@ -0,0 +1 @@
+bacf11e470dfb963f17348666d0a75c7b29ca65bc48fd47be9057cf91a403287
\ No newline at end of file
diff --git a/checksums/oauth2-2.0.18.gem.sha512 b/checksums/oauth2-2.0.18.gem.sha512
new file mode 100644
index 00000000..efb96235
--- /dev/null
+++ b/checksums/oauth2-2.0.18.gem.sha512
@@ -0,0 +1 @@
+1db20c4bfe395f45e01ee2fbdcd4922aff6480c8071af404b324d4f5b6582b476359bf9bbcf38cd3537f26d15d413d31de4ea9c7e1b215bb0cf8a623a0d2e44e
\ No newline at end of file

From ac3d639546558919315f342b98ab9bfc3517ebe7 Mon Sep 17 00:00:00 2001
From: autobolt 
Date: Sun, 9 Nov 2025 00:08:35 +0000
Subject: [PATCH 645/645] =?UTF-8?q?=F0=9F=92=B8=20Thanks=20=F0=9F=99=8F=20?=
 =?UTF-8?q?to=20our=20new=20backers=20=F0=9F=8E=92=20and=20subscribers=20?=
 =?UTF-8?q?=F0=9F=93=9C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 54416cb3..82cbb176 100644
--- a/README.md
+++ b/README.md
@@ -1139,6 +1139,10 @@ NOTE: [kettle-readme-backers][kettle-readme-backers] updates this list every day
 
 
 No sponsors yet. Be the first!
+
+### Open Collective for Donors
+
+[Bill Woika](https://opencollective.com/bill-woika)
 
 
 [kettle-readme-backers]: https://github.com/ruby-oauth/oauth2/blob/main/exe/kettle-readme-backers