0.4.1 - Security fix for OAuth1 provider. Please upgrade if you're using any 0.4 version. Thanks to [tomhughes] - Limit index size in ConsumerToken migration to deal with very large tokens [devainandor] - Accept ancient OAuth2 Token token=asfavasd like tokens. Just for complete compatibility. [pelle] - oauth2 errors should return http 400 [pelle] 0.4.0 - fix migrations to use expires_at instead of valid_to [pelle] - add force parameter for forcing token refresh [afeld] - make it work in rails 2x [Kimtaro] - Use 0.5+ OAuth2 gem [kookster] - prevent addition of ? marks to callback url when not needed [kookster] - make .credentials accessible to TwitterToken [afeld] 0.4.0-rc2 - Better OAuth2 support. - Refactored authorizer into a Authorizer object which is now better tested 0.4.0-rc1 PLEASE help test this so we can mark it as final - Update to OAuth2 draft 22 which is likely the final release. [pelle] ACTION REQUIRED BY YOU, see README. - Update forms to work with rails 3.1 [morgz] - Allow nil callbacks for oob in OAuth 1.0a [Shaliko Usubov] - OAuthFilter:oauth2_token to rejects headers that explicitly state oauth_version="1.0" [KentonWhite] 0.4.0-pre7 - OAuth 1 requests using query or form encoded parameters where being interpreted as OAuth2 [pelleb] - OAuth 2 requests were not checking for invalidated tokens. Please upgrade for this if you offer OAuth 2 [rymai] - Handle case where credentials[:options] in consumer plugin was nil [marnen] - Better facebook example [marnen] 0.4.0-pre6 - fixes issue with erb generator in rails 3 [pelleb] - various cleanups in generators [akonan] 0.4.0-pre5 - protect oauth consumer relay with :expose configuration option. It's off by default. [pelle] - Reenable twitter client. It is now configurable for twitter tokens. :client=>:twitter_gem or :oauth_gem [pelle] - fix issues with new consumer tokens [afeld] - More forgiving about oob callback values[chrisrhoden] - Update Twitter consumer to use latest Twitter Gem [afeld] - removed portable_contacts client from Google Token [p8] - Fixes various mongoid issues [3en] - Adds oauth2 consumer support - Fixes oauth2 provider. parameter should be redirect_uri not redirect_url [Kimtaro] - Most core OAuth functionality is being put into OAuthFilter. This means Rails 2.3 and above only 0.4.0-pre4 - Fixed bug when creating a new user from a new consumer token - Fix typo in consumer token [krasio] - Fix issue with mongoid not supporting find_by_x style queries. [3en] 0.4.0-pre3 - Experimental rack filter for OAuth 1.0a: see lib/oauth/rack/oauth_filter.rb for details 0.4.0-pre2 - mongoid defaults to being embedded - new :auto_login option in oauth_config.rb which lets you use eg. twitter as a primary authentication method 0.4.0-pre1 - mongoid support in rails 3 [Alexander Semyonov] - OAUTH 2.0 authorization_code and password grant types - Supports OAuth 2.0 draft 10 (Note this is incompatible with previous drafts) - Refactored application_controller_methods to be a lot less intrusive - Increased default token and key size in anticipation of OAuth2 support - Rails 3 support - Rails 3 generators [Paul Rosiana] and patches by [Alexander Flatter] - Modularized Rails 3 generators [Alexander Semyonov] - Callback urls now allow query parameters. Multiple patches but I used [Unk]'s. 10/08/2009 0.3.14 - Fixed the class generation when you have a custom token defined. [Brian Morearty] 10/05/2009 0.3.13 - Got rid of yahoo token. To support it correctly requires way too much work. Let them suffer the consequences of their decissions. - GoogleToken now uses portablecontacts gem 9/30/2009 0.3.12 - Added a simple PortableContacts adapter for GoogleToken - Added a SimpleClient wrapper to provide really simple wrapper for OAuth based json web services - Increased token size in consumer_tokens table because of Yahoo's oversized tokens - Added support for Yahoo - Added support for Google (Boon Low) 9/26/2009 0.3.11 - Moved twitter tokens dependency back to regular twitter gem 7/29/2009 0.3.10 - Closed blocks in erb template (jcrosby) while pelle is hiding under his desk - Handled error case on authorize with non existent token - Fixed Agree2 token - Security Fix: Only skip verify_authenticity_token for specific oauth token requests in provider controller 7/25/2009 0.3.9 - Added an Index to oauth consumers controller. Rerun generator to create index template - Added invalidate action to provider, which allows a token to invalidate itself /oauth/invalidate - Added capabilities action to provider. Lets you expand to allow auto discovery of permissions and services that token provides. - Can override how authorize form indicates an authorization. To get around ugly checkbox def user_authorizes_token? params[:commit] == 'Authorize' end 7/23/2009 0.3.8 - Fixed Gem Plugins Loading 7/21/2009 0.3.7 - A blushing Pelle adds a missing file 0.3.6 - Twitter, Agree2 and FireEagle tokens are working in consumer. 0.3.5 - made it a gem - more thorough tests of OAuth 1.0 consumer - Add support for a OAUTH_10_SUPPORT constant to switch on support for OAuth 1.0 in provider 7/19/2009 - Added support for OAuth 1.0 consumers (nov) 7/17/2009 - Added back support for OAuth 1.0 for providers (nov) 7/14/2009 - Added OAuth Consumer generator - Moved oauth controller code to a module to make it easier to upgrade in the future 7/11/2009 - Added support for OAuth version 1.0a - Added haml support - Improved OAuth Client Controller gui (alec-c4) 2/11/2009 - Fixed escaping error and file path error in the generator simultaneously reported and fixed by Ivan Valdes and Mike Demers thanks 2/9/2009 - Fixed compatibility issue with OAuth Gem 3.1 (wr0ngway and aeden) - Added Test:Unit tests to generator (Ed Hickey) - added missing oauth_clients/edit.html.erb view template (Ed Hickey) - added missing :oauth_clients resource route in USAGE (Ed Hickey) - Don't throw NPE it token is not in db (Haruska) - Cleaned up whitespace (bricolage, Nicholas Nam) - Fixed bug in default verify_oauth_signature (igrigorik) - Doc fixes (skippy) 6/23/2008 - Split OAuth controller into two parts: OAuth and OAuth clients. [jcrosby] revision 31 - patch that fixes a problem in oauth_required from Hannes Tyden and Sean Treadway from SoundCloud. Thanks. revision 30 - updated to use oauth gem 0.2.1 revision 23 - removed all core libraries from plugin. They are now in the oauth gem. # oauth-plugin-pre-gem Branch created revision 18 - added a generator for creation oauth_providers revision 12 - the bug with post and put has now been fixed. - better documentation revision 9 - added a test helper. Include OAuth::TestHelper in your tests or specs to mock incoming requests revision: 8 - moved tests into oauth folder and renamed them to make them work with autotest by default - Refactored the request methods to make them more flexible and ready for integrating with ActiveResource - There are a few tests that fail. All of them to do with put and post requests with payload data. I decided to commit anyway, to get the new api out. revision: 7 - Done a lot of work on the Server side of things. The Server class has changed a lot and is likely to be incompatible with previous versions revision: 6 - Throws InsecureSignatureMethod exception if attempting to use straight sha1 or md5. - Disables plaintext signature over http (throws an InsecureSignatureMethod) - Better testing of signature methods - the prior tests were seriously flawed. revision: 5 - Removed support for sha1 and md5 - Implemented draft 6 support of OAuth removing secrets from base string