- Fix incorrect Accept header when requesting token
- Ensure that the OAuth client is authenticated via Authorization header as described in the spec (#131).
- Always use the provided serializer if one is registered (#132)
- There is no longer a default serializer for
application/json
. Please make sure to register a serializer withOAuth2.Client.put_serializer/3
. - Serializers are now registered via
OAuth2.Client.put_serializer/3
. This change allows applications wrappingoauth2
a way to provide default serializers without requiring the user to manually configure a serializer.
- Relaxed
hackney
version requirements
- Various type specs fixed
- Updates the
OAuth2.Client.get_token!
function to handle errorOAuth2.Response
structs.
- Fix dialyzer warnings.
- Update
hackney
to1.7
- De-dupe headers.
- Remove deprecated usage of
Behaviour
anddefcallback
- Provides better support for configuring
request_opts
that will be used on every request. This is useful for configuring SSL options, etc. - Provides support for
hackney
s streaming of responses. - Better warnings when a serializer isn't properly configured.
- Responses with status codes between
400..599
will now return{:error, %OAuth2.Response{}}
instead of{:ok, %OAuth2.Response{}}
- When using the
!
versions of functions,{:error, %OAuth2.Response{}}
will be converted to an%OAuth2.Error{}
and raised.
- Fix compile-time warnings for Elixir 1.4
- Fix dialyzer warnings on
@type params
- Fix
content-type
resolving when there are multiple params - Return the same refresh token unless a new one is provided
- Raise an exception when missing serializer configuration
- Fixed an issue in handling non-standard
expires
key in access token requests.
- Added the ability to debug responses from the provider.
- Fixed regression in handling
text/plain
content-type for tokens in #74
- Added
OAuth2.Client.basic_auth/1
convenience function.
- Fixed broken
RefreshToken
strategy reported in #66 - Fixed an issue where checking the
content-type
was defaulting toapplication/json
causing Poison to explode.
- Add support for custom serializers based on MIME types.
- Remove dependency on
HTTPoison
in favor of usinghackney
directly. - Remove dependency on
mimetype_parser
. Poison
is now only atest
dependency.
expires_in
values that are returned as strings are now properly parsed into integers forexpires_at
.
Prior to version v0.7.0
OAuth2.Client
was primarily used for the purpose
of interfacing with the OAuth server to retrieve a token. OAuth2.Token
was
then responsible for using that token to make authenticated requests.
In v0.7.0
this interface has been refactored so that an OAuth2.Client
struct
now references an OAuth2.Token
directly and many of the action methods have
been moved so that they are called on OAuth2.Client
, with an instance of the
client struct as their first argument.
Please consult the README for an example of general usage to retrieve a token and make a request.
The following methods have been moved and adjusted so that they take a OAuth2.Client.t
which contains a token, rather than a token directly:
OAuth2.AccessToken.get
->OAuth2.Client.get
OAuth2.AccessToken.get!
->OAuth2.Client.get!
OAuth2.AccessToken.put
->OAuth2.Client.put
OAuth2.AccessToken.put!
->OAuth2.Client.put!
OAuth2.AccessToken.patch
->OAuth2.Client.patch
OAuth2.AccessToken.patch!
->OAuth2.Client.patch!
OAuth2.AccessToken.post
->OAuth2.Client.post
OAuth2.AccessToken.post!
->OAuth2.Client.post!
OAuth2.AccessToken.delete
->OAuth2.Client.delete
OAuth2.AccessToken.delete!
->OAuth2.Client.delete!
OAuth2.AccessToken.refresh
->OAuth2.Client.refresh_token
OAuth2.AccessToken.refresh!
->OAuth2.Client.refresh_token!
Additionally, the following methods have been moved to OAuth2.Request
OAuth2.AccessToken.request
->OAuth2.Request.request
OAuth2.AccessToken.request!
->OAuth2.Request.request!
Diff: https://github.com/scrogson/oauth2/compare/v0.6.0...v0.7.0
- Use Poison ~> 2.0
- Reset client headers after fetching the token
- Fix up auth code flow to match the RFC
Diff: https://github.com/scrogson/oauth2/compare/v0.5.0...v0.6.0
- You can now request a refresh token with
OAuth2.AccessToken.refresh
. The!
alternative is also available. - Added
Bypass
for improved testability. Plug
is no longer a direct dependency. It is only included as a test dependency through theBypass
library.OAuth2.AccessToken
now supportsDELETE
requests withdelete
anddelete!
- More tests!
- Params are no longer sent in both the body and as a query string for
POST
requests withOAuth2.Client.get_token
- Responses will no longer be parsed automatically if the
content-type
is not supported by this lib. Registering custom parsers is a future goal for this library. - Errors are now properly raised when they occur.
OAuth2.new/1
has been removed. UseOAuth2.Client.new/1
instead.
Diff: https://github.com/scrogson/oauth2/compare/v0.4.0...v0.5.0
OAuth2.AccessToken
now supports:post
,post!
,put
,put!
,patch
, andpatch!
.- Better documentation
- Test coverage improved
- Empty response bodies are no longer decoded
OAuth2.AccessToken.get!/4
now returnsOAuth2.Response{}
instead of just the parsed body.
Thanks to @meatherly, @dejanstrbac, and @optikfluffel for their contributions!
Diff: https://github.com/scrogson/oauth2/compare/v0.3.0...v0.4.0
Bump Plug
dependency to 1.0
.
Diff: https://github.com/scrogson/oauth2/compare/v0.2.0...v0.3.0
:erlang.now
was replaced with:os.timestamp
for compatibility with Erlang 18- You can now pass options to the
HTTPoison
library withOAuth2.Client.get_token/4
andOAuth2.Client.get_token!/4
Diff: https://github.com/scrogson/oauth2/compare/v0.1.1...v0.2.0
- Remove compilation warnings.
- Fix
request_body
function forClientCredentials
Diff: https://github.com/scrogson/oauth2/compare/v0.1.0...v0.1.1
This release bring breaking changes and more documentation.
Please see the README or Hex Docs for more details.
Diff: https://github.com/scrogson/oauth2/compare/v0.0.5...v0.1.0
- Handles Facebook
expires
key for Access Tokens. - Ensure the token type defaults to 'Bearer' when it is not present.
Diff: https://github.com/scrogson/oauth2/compare/0.0.3...v0.0.5
- Relax version requirements for Poison.
This release brings Password and Client Credentials strategies.
http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.3 http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.4
Initial release.
This initial release includes a functional authorization code strategy: http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.1