All notable changes to this project will be documented in this file.
- Add support for enable_granular_consent option (#455)
- Nothing.
- Nothing.
- Nothing.
- Nothing.
- Nothing.
- Nothing.
- Fixed JWT decoding issue. (Invalid segment encoding) #431
has been added to restrict overriding authorize_options by request params. #423- Support for oauth2 2.0.x. #429
- Nothing.
- Nothing.
- Nothing.
- Output granted scopes in credentials block of the auth hash.
- Migrated to GitHub actions.
- Nothing.
- Nothing.
- Overriding the
via params or JSON request body.
- Support for Omniauth 2.x!
- Nothing.
- Support for Omniauth 1.x.
- Nothing.
- Constrains the version to Omniauth 1.x.
- Nothing.
- Nothing.
- Nothing.
- Support reading the access token from a json request body.
- Nothing.
- No longer verify the iat claim for JWT.
- A few minor issues with .rubocop.yml.
- Issues with image resizing code when the image came with size information from Google.
- Updated omniauth-oauth2 to v1.6.0 for security fixes.
- Nothing.
- Ruby 2.1 support.
- Nothing.
- Ensure
is always verified, and includeunverified_email
- Nothing.
- Nothing.
- Nothing.
- Return
keys in response.
- Nothing.
- Nothing.
- Nothing.
- Support for JWT 2.x.
- Nothing.
- Support for JWT 1.x.
- Support for
. - Stop using Google+ API endpoints.
- Nothing.
- New recommended endpoints for Google OAuth.
- Nothing.
- Nothing.
- Nothing.
- Added support for the JWT 2.x gem.
- Now fully qualifies the
class to prevent conflicts with theOmniauth::JWT
- Nothing.
- Removed the
dependency. - Support for versions of
< 1.5.
- Nothing.
- Nothing.
- Nothing.
- New
endpoints are reverted until JWT 2.0 ships.
- Nothing.
- Breaking JWT iss verification can be enabled/disabled with the
flag - see the README for more details. - Authorize options now includes
for private ip ranges.
- Nothing.
- Nothing.
- Updated
to new endpoints.
- Rubocop checks to specs.
- Defaulted dev environment to ruby 2.3.4.
- Nothing.
- Testing support for older versions of ruby not supported by OmniAuth 1.5.
- Key
no longer exists, it has been renamed to[:urls][:google]
- Updated all code to rubocop conventions. This includes the Ruby 1.9 hash syntax when appropriate.
- Example javascript flow now picks up ENV vars for google key and secret.
- Nothing.
- Nothing.
- Nothing.
- Fixed JWT iat leeway by requiring ruby-jwt 1.5.2
- Addedd ability to specify multiple hosted domains.
- Added a default leeway of 1 minute to JWT token validation.
- Now requires ruby-jwt 1.5.x.
- Nothing.
- Removed support for ruby 1.9.3 as ruby-jwt 1.5.x does not support it.
- Nothing.
- Verify Hosted Domain if hd is set in options.
- Nothing.
- Dependency on addressable.
- Nothing.
- Updated verify_token to use the v3 tokeninfo endpoint.
- Nothing.
- Nothing.
- Compatibility with omniauth-oauth2 1.4.0
- Nothing.
- Nothing.
- Removed some checks on the id_token. Now only parses the id_token in the JWT processing.
- Nothing.
- Nothing.
- Nothing.
- Nothing.
- Issue with omniauth-oauth2 where redirect_uri was handled improperly. We now lock the dependency to ~> 1.3.1
- Added skip_jwt option to bypass JWT decoding in case you get decoding errors.
- Nothing.
- Nothing.
- Resolved JWT::InvalidIatError. zquestz#195
- Now strips out the 'sz' parameter from profile image urls.
- Now uses 'addressable' gem for URI actions.
- Added image data to extras hash.
- Override validation on JWT token for open_id token.
- Handle authorization codes coming from an installed applications.
- Nothing.
- Nothing.
- Fixes double slashes in google image urls.
- Nothing.
- Nothing.
- Nothing.
- Hybrid authorization issues due to bad method alias.
- Support for versions of omniauth past 1.0.x.
- Nothing.
- Nothing.
- Nothing.
- Now requiring the "Contacts API" and "Google+ API" to be enabled in your Google API console.
- The old Google OAuth API support was removed without deprecation.
- Support for the old Google OAuth API.
will be thrown and state that access is not configured when you attempt to authenticate using the old API. See Added section for this release.
- Nothing.