Contents

## 1.0.0-beta1 (21/10/2022)

### Breaking changes

The full description of breaking changes, and suggestions on how to make the migration smoother, can be found in the [migration guide](https://gitlab.com/honeyryderchuck/rodauth-oauth/-/blob/6465b8522a78cf0037a55d3d4b81f68f7811be68/MIGRATION-GUIDE-v1.md).

A short list of the main highlights:


* Ruby 2.5 or higher is required.
* `oauth_http_mac` feature removed.
* `oauth_tokens` table (and resource) were removed (only `oauth_applications` and `oauth_grants`, access and refresh tokens are now properties of the latter).
* access and refresh tokens hashed by default when stored in the database.
* default oauth response mode is `"form_post"`.
* oauth specific features require explicit enablement of respective features (no more `enable :oauth`)
* refresh token policy is "rotation" by default

### Features

The following helpers are exposed in the `rodauth` object:

* `current_oauth_account` - returns the dataset row for the `rodauth` account associated to an oauth access token in the "authorization" header.
* `current_oauth_application` - returns the dataset row for the oauth application associated to an oauth access token in the "authorization" header.

When used in `rails` via `rodauth-rails`, both are exposed directly as controller helpers.

#### `oauth_resource_server` plugin

This plugin can be used as a convenience when configuring resource servers.

### Improvements

* `:oauth_introspect` plugin: OAuth introspection endpoint exposes the token's `"username"` claim.
* endpoint client authentication supports "client credentials grant" access tokens.

### Bugfixes

* fixed `oidc` calculation of `"auth_time"` claim.

Version data entries

2 entries across 2 versions & 1 rubygems

Version	Path
rodauth-oauth-1.0.0.pre.beta2	doc/release_notes/1_0_0_beta1.md
rodauth-oauth-1.0.0.pre.beta1	doc/release_notes/1_0_0_beta1.md