# Release History ## [0.16.0](https://www.github.com/googleapis/signet/compare/signet/v0.15.0...signet/v0.16.0) (2021-09-03) ### Features * Support for fetching an access token with basic auth ([3c43e32](https://www.github.com/googleapis/signet/commit/3c43e3201d79b1e2303e672f3c07e060c5079423)) ### Bug Fixes * Remove extraneous files from the gem ([e515bb6](https://www.github.com/googleapis/signet/commit/e515bb627a64e32ec885412fed8b01eb73067ee0)) * Require addressable 2.8 to remediate vulnerability ([9a2f899](https://www.github.com/googleapis/signet/commit/9a2f8996f522538c4bb7998535e2a50331d564fc)) ## [0.15.0](https://www.github.com/googleapis/signet/compare/v0.14.1...v0.15.0) (2021-03-04) ### Features * Drop support for Ruby 2.4 and add support for Ruby 3.0 ([bd6fe87](https://www.github.com/googleapis/signet/commit/bd6fe87948f8fc7702720dae651e82f4fd348b5d)) ## 0.14.1 / 2021-01-27 * Fix OAuth1 signature with duplicate query param names ## 0.14.0 / 2020-03-31 * Support for fetching ID tokens from google oauth2 endpoint. ## 0.13.2 / 2020-03-25 Rerelease of 0.13.1. ## 0.13.1 / 2020-03-24 * Update github url ## 0.13.0 / 2020-02-24 * Support Faraday 1.x ## 0.12.0 / 2019-10-08 * This version now requires Ruby 2.4. * Support array values of the "aud" field. * Normalize the version constant to match related gems. ## 0.11.0 / 2018-10-08 * Add constant time comparison for oauth signatures. ## 0.10.0 / 2018-09-21 * Add UnexpectedStatusError class for http status errors that are not handled. ## 0.9.2 / 2018-09-12 * Update issued_at correctly when it is set simultaneously with expires_in. ## 0.9.1 / 2018-08-29 * Warn on EOL ruby versions. * Fix DateTime normalization. ## 0.9.0 / 2018-08-20 * Add RemoteServerError class for 5xx level errors. * Allow to_json to be called with arguments * Expires_in now sets and reflects current expires_at value * Expires_within(0) now returns false when expires_at is nil. ## 0.8.1 / 2017-10-13 * Restore support for Ruby 1.9.3 ## 0.8.0 / 2017-10-12 * Ensure the "expires_at" attribute is recalculated on refresh (chutzimir) * Fix warnings on Ruby 2.4 (koic) * Allow DateTime objects to be passed into attributes (foxtacles) * Provide signature verification algorithm for compatibility with ruby-jwt 2.0 (jurriaan) * Signet::OAuth2::Client#decoded_id_token can take a keyfinder block (mvastola) ## 0.7.3 / 2016-06-20 * Fix timestamp parsing on 32-bit systems * Fix expiration check when issue/expiry times are nil ## 0.7.2 / 2015-12-21 * Don't assume Faraday form encoding middleware is present ## 0.7.1 / 2015-12-17 * Fix an issue with date parsing ## 0.7 / 2015-12-06 * No longer overwrite SSL environment variables. * Tighten up date & URL (de)serialization for OAuth2 client * Allow Hurley as a connection * Allow scope as an option in `fetch_access_token!` to request downscoped access tokens * Add expires_within(sec) method to oauth2 client to facilitate proactive refreshes ## 0.6.1 / 2015-06-08 * Fix language warnings for unused & shadowed variables ((@blowmage)[]) * Update SSL cert path for OSX ((@gambaroff)[]) * Update JWT library and fix broken tests * Fix incorrect parameter name in OAuth2 client docs ((@samuelreh)[]) * Fix symbolization of URL parameter keys ((@swifthand)[]) ## 0.6.0 / 2014-12-05 * Drop support for ruby versions < 1.9.3 * Update gem dependencies and lock down versions tighter * Allow form encoded responses when exchanging OAuth 2 authorization codes * Normalize options keys for indifferent access ## 0.5.1 / 2014-06-08 * Allow Hash objects to be used to initialize authorization URI * Added PLAINTEXT and RSA-SHA1 signature methods to OAuth 1 support * Added client object serialization * The `approval_prompt` option no longer defaults to `:force` * The `approval_prompt` and `prompt` are now mutually exclusive. ## 0.5.0 / 2013-05-31 * Switched to faraday 0.9.0 * Added `expires_at` option ## 0.4.5 * Minor documentation fixes * Allow postmessage as a valid redirect_uri in OAuth 2 ## 0.4.4 * Add support for assertion profile ## 0.4.3 * Added method to clear credentials ## 0.4.2 * Backwards compatibility for MultiJson ## 0.4.1 * Updated Launchy dependency ## 0.4.0 * Added OAuth 1 server implementation * Updated Faraday dependency ## 0.3.4 * Attempts to auto-detect CA cert location ## 0.3.3 * Request objects no longer recreated during processing * Faraday middleware now supported * Streamed requests now supported * Fixed assertion profiles; client ID/secret omission no longer an error ## 0.3.2 * Added audience security check for ID tokens ## 0.3.1 * Fixed a warning while determining grant type * Removed requirement that a connection be supplied when authorizing requests * Updated addressable dependency to avoid minor bug * Fixed some documentation stuff around markdown formatting * Added support for Google Code wiki format output when generating docs ## 0.3.0 * Replaced httpadapter gem dependency with faraday * Replaced json gem dependency with multi_json * Updated to OAuth 2.0 draft 22 * Complete test coverage ## 0.2.4 * Updated to incorporate changes to the Google OAuth endpoints ## 0.2.3 * Added support for JWT-formatted ID tokens. * Added :issued_at option to #update_token! method. ## 0.2.2 * Lowered requirements for json gem ## 0.2.1 * Updated to keep in sync with the new httpadapter changes ## 0.2.0 * Added support for OAuth 2.0 draft 10 ## 0.1.4 * Added support for a two-legged authorization flow ## 0.1.3 * Fixed issue with headers passed in as a Hash * Fixed incompatibilities with Ruby 1.8.6 ## 0.1.2 * Fixed bug with overzealous normalization ## 0.1.1 * Fixed bug with missing StringIO require * Fixed issue with dependency on unreleased features of addressable ## 0.1.0 * Initial release