4.2.2

Bug Fixes

• Fix PKCE documentation link (See ramosbugs/openidconnect-rs#76)

4.2.1

Bug Fixes

• Only use HTTP Basic auth with a client secret (see #176)

4.2.0

New Features

• Add field getters to Client struct (#167)

Other Changes

• Update sha2 and hmac dependencies (#174)
• Fix set_redirect_uri docs typo (#168)
• Fix reqwest version mentioned in docs (#154)

4.1.0

New features

• Add add_scopes convenience methods to request objects (#138)
• Add set_redirect_uri method to CodeTokenRequest (#144)

Bug fixes

• Await the given sleep method in DeviceAccessTokenRequest::request_async (#152)
• Fix curl client implementation (#147)
• Update docs to reference current version

Other changes

• Don't depend on chrono oldtime (#149)
• Update dependencies (base64, rand, hmac) (#145)
• Update Microsoft example to use unified Azure app registration (#143)

4.0.0

Changes since 4.0.0-beta.1

• Fix a couple of doc comments and an error message to say failed instead of Errored.

Summary of changes since 3.0.0

Breaking changes

• Raise minimum supported Rust version (MSRV) to 1.45.
• Upgrade reqwest to 0.11 and rename feature flag to reqwest. This upgrades tokio to 1.0 and removes support for both the reqwest-010 and reqwest-09 feature flags.
• Drop support for futures 0.1 and remove the futures-01 and futures-03 feature flags; only async/await and futures 0.3 are now supported (without requiring any feature flags).
• Eliminate Async* traits and move the request_async methods to the underlying *Request structs
• Migrate public API from http 0.1 to 0.2.
• Return error types that implement std::error::Error instead of failure::Fail.
• Expose a serde_path_to_error::Error<serde_json::Error>> in the RequestTokenError::Parse variant instead of a serde_json::Error to make JSON deserialization errors easier to diagnose.
• Add #[non_exhaustive] attribute to AuthType to support non-breaking additions in the future.

New features

• Add support for OAuth 2.0 Device Authorization Grant.
• Add support for OAuth 2.0 Token Revocation (RFC 7009) (#122).
• Add support for OAuth 2.0 Token Introspection.
• Add support for the plain (plaintext) PKCE verifier when the (non-default) pkce-plain feature flag is enabled. Use of this feature is discouraged for security reasons.
• Support wasm32 targets (#120).
• Add ureq HTTP client (#119).

Other changes

• Have reqwest client use rustls-tls by default instead of native TLS. This behavior can be overridden using the native-tls feature flag.
• RUSTSEC-2016-0005: replace rust-crypto with hmac in dev-dependencies

4.0.0-beta.1

This is the first beta release for the 4.0 major version. No further breaking changes are expected until the next major version.

Breaking Changes

• Add rustls-tls (default) and native-tls feature flags for use with reqwest. Previously, enabling the reqwest feature flag would always use rustls. The default behavior is unchanged, but users that disable the default features and wish to continue using rustls may wish to add the rustls-tls feature flag to their Cargo.toml.
• Expose a serde_path_to_error::Error<serde_json::Error>> in the RequestTokenError::Parse variant instead of a serde_json::Error. This change should make JSON deserialization errors easier to diagnose.

4.0.0-alpha.6

Breaking Changes

• Fix URI/URL naming inconsistencies (#128). For context, see ramosbugs/openidconnect-rs#39.
  • set_introspection_url -> set_introspection_uri
  • set_redirect_url -> set_redirect_uri
  • set_revocation_url -> set_revocation_uri

4.0.0-alpha.5

Breaking Changes

• Have Client::exchange_device_code, Client::introspect, and Client::revoke_token fail fast with a new ConfigurationError enum when the relevant OAuth2 endpoint hasn't been configured by calling set_device_authorization_url, set_introspection_url, or set_revocation_url, respectively. Previously, an error would not be returned until a call to request/request_async (#127).

Other Changes

• Add extra_fields() getter to StandardTokenIntrospectionResponse (#126)
• Fix missing closing parenthesis in doc comment (#125)

4.0.0-alpha.4

Breaking Changes

• Fix inconsistent naming of types related to RFC 7662 Token Introspection (fdab640/#123). This renames the following:
  • IntrospectRequest to IntrospectionRequest
  • *TokenInspectionResponse to *TokenIntrospectionResponse
  • IntrospectUrl to IntrospectionUrl
  • introspect_url to introspection_url.

New Features

• Add support for OAuth 2.0 Token Revocation (RFC 7009) (#122).

  Special thanks to @ximon18 for contributing this feature.

• Add ureq http_client (#119)

Other Changes

• Support wasm32 targets (#120)

4.0.0-alpha.3

Breaking Changes

• Raise minimum supported Rust version (MSRV) to 1.45
• Upgrade reqwest to 0.11 and rename feature flag from reqwest-010 to reqwest. This upgrades tokio to 1.0.
• Add #[non_exhaustive] attribute to AuthType to support non-breaking additions in the future

New Features

• Add support for the plain (plaintext) PKCE verifier when the (non-default) pkce-plain feature flag is enabled. Use of this feature is discouraged for security reasons.

• Add support for OAuth 2.0 Token Introspection.

  Special thanks to @jeroenvervaeke for contributing this feature.