Skip to content

Latest commit

 

History

History
152 lines (119 loc) · 5.34 KB

CHANGELOG.org

File metadata and controls

152 lines (119 loc) · 5.34 KB
Raw

Changes

0.7.0

Upgrade external dependencies to make sure everything’s compatible with cutting edge.

The test suite passed before and after this change. In theory it shouldn’t cause anyone any problems but it’s worth double checking for dependency conflicts if you or another dependency pull in Pandect as they’ve recently made a fairly major change to the way they interact with Bouncy Castle.

You should be able to use the previous version numbers of any dependencies should you not want to upgrade. Just add exclusions to the oauth/oauth-one artefact in your dependencies.

[oauth/oauth-one "0.7.0" :exclusions [org.bouncycastle/bcprov-jdk15on
                                      org.clojure/clojure
                                      pandect
                                      prismatic/schema
                                      ring/ring-codec]]

Make sure to only exclude dependencies you require elsewhere! These dependencies have to be loaded by something for this library to work.

0.6.0

No breaking changes.

You can now sign request more easily. Previously, you’d have to create OAuth headers yourself, and associate in the OAuth token from an access token. Then you’d need to pass in your access token secret for the signing process. The whole dance looked something like this:

(one/sign-request (one/make-consumer config)
                  {:oauth-headers (merge (one/make-oauth-headers consumer)
                                         {"oauth_token" token})
                   :request-method :get
                   :url "https://www.example.com/api"}
                  secret)

Based on feedback from @ilevd it was apparent this is a little clunky, and exposing the OAuth protocol wasn’t very user friendly so I’ve extended sign-request to support both the old version and this easier API:

(one/sign-request (one/make-consumer config)
                  {:request-method :get
                   :url "https://www.example.com/api"}
                  {:token "access-token"
                   :secret "access-token-secret"})

Notice that you can pass an access token map as the third argument to sign-request, and internally we juggle things around to do the right thing.

And, you can still pass in OAuth headers inside the request map if you so wish.

0.5.0

Fix escaping of characters by sticking more closely to RFC 3986.

This release also removes the dependency on crypto-random, as we now generate nonces more directly.

0.4.0

Avoid non-word characters in nonces.

The oauth_nonce parameter is a unique token your application should generate for each unique request. Twitter will use this value to determine whether a request has been submitted multiple times. The value for this request was generated by base64 encoding 32 bytes of random data, and stripping out all non-word characters, but any approach which produces a relatively random alphanumeric string should be OK here.

https://twittercommunity.com/t/how-to-generate-an-oauth-nonce/1307

0.3.0

Better support for query parameters

Previously, only form parameters were supported as that’s all I was using. Now that query parameters are required, you can pass params on the end of the URL, or in a separate map of query params.

(one/sign-request
 consumer
 {:url "https://example.com/?foo=bar"
  :query-params {"baz" "qux"}})

Both the foo parameter and baz parameters above will be merged into a single map of signed parameters as per the OAuth 1.0 spec.

0.2.0

Add parse-auth-header utility function

Add parse-auth-header function that was previously only used in the test suite. This function is really handy in other test suites too!

(require '[oauth.one :as one])

(one/parse-auth-header "OAuth oauth_consumer_key=\"key\"")
;; => {"oauth_consumer_key" "key"}

The function works both with and without the OAuth prefix.

Improved signed request

There are some fairly significant breaking changes in this release for anyone who made direct use of signed-request and its associated schema.

signed-request has been renamed to sign-request and has slightly modified behaviour. Firstly, you can now omit OAuth headers when calling signed-request if you’re trying to send an authenticated request.

(require '[oauth.one :as one])

(def consumer
  (one/make-consumer {:key "etc"}))

(one/sign-request
 consumer
 {:request-method :get
  :url "https://api.twitter.com/account/verify_credentials"})

You can create a header map directly via the new, public make-oauth-headers function if you want to associate some state in before creating a signed request via sign-request.

(one/sign-request
 consumer
 {:request-method :get
  :oauth-headers
  (assoc
   (one/make-oauth-headers consumer)
   "oauth_extension" "etc")
  :url "https://api.twitter.com/account/verify_credentials"})

You may notice, :oauth-headers used to be called :oauth-params. The tests have been updated accordingly, and are a good place to look for up-to-date examples of how to use the library.

In addition, the version of Schema being used has been upgraded to 1.1.0.