Open Collective
Open Collective
Loading
The Ruby OAuth Collective
Contribute
Connect
About
oauth2 - Recent Releases
Published on July 8, 2025 by Peter Boling
I've been hard at work ensuring that oauth2 remains a safe, reliable workhorse for the Ruby ecosystem, and I need your monetary support.

A short review of recent changelogs, with light editing.  All releases were at 100% code coverage for both lines and branches.


  • oauth2 v2.0.12 - 2025-05-31

    • Added
      • gh652 - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
        • Support JWT kid for key discovery and management
      • More Documentation by @pboling
        • Documented Serialization Extensions
        • Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
      • Documentation site @ https://oauth2.galtzo.com now complete
    • Changed
      • Updates to gemspec (email, funding url, post install message)

  • oauth2 v2.0.11 - 2025-05-23

    • Added
      • gh651 - :snaky_hash_klass option (@pboling)
      • More documentation
      • Codeberg as ethical mirror (@pboling)
      • Don't check for cert if SKIP_GEM_SIGNING is set (@pboling)
      • All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling)
      • YARD config, GFM compatible with relative file links (@pboling)
      • Documentation site on GitHub Pages (@pboling)
      • !649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
      • gh651 - Mock OAuth2 server for testing (@pboling)
    • Changed
      • gh651 - Upgraded to snaky_hash v2.0.3 (@pboling)
        • Provides solution for serialization issues
      • Updated spec.homepage_uri in gemspec to GitHub Pages YARD documentation site (@pboling)
    • Fixed
      • gh650 - Regression in return type of OAuth2::Response#parsed (@pboling)
      • Incorrect documentation related to silencing warnings (@pboling)

  • oauth2 v2.0.10 - 2025-05-17

    • Added
      • gh!632 - Added funding.yml (@Aboling0)
      • !635 - Added .gitlab-ci.yml (@jessieay)
      • #638 - Documentation of support for ILO Fundamental Principles of Rights at Work (@pboling)
      • !642 - 20-year certificate for signing gem releases, expires 2045-04-29 (@pboling)
        • Gemspec metadata (funding_uri, news_uri, mailing_list_uri)
      • SHA256 and SHA512 Checksums for release
      • !643 - Add token_name option (@pboling)
        • Specify the parameter name that identifies the access token
      • !645 - Add OAuth2::OAUTH_DEBUG constant, based on `ENV["OAUTH_DEBUG"] (@pboling)
      • !646 - Add OAuth2.config.silence_extra_tokens_warning, default: false (@pboling)
      • !647 - Add IETF RFC 7009 Token Revocation compliance (@pboling)
      • gh!644, gh!645 - Added CITATION.cff (@Aboling0)
      • !648 - Improved documentation (@pboling)
    • Changed
      • Default value of OAuth2.config.silence_extra_tokens_warning was false, now true (@pboling)
      • Gem releases are now cryptographically signed, with a 20-year cert (@pboling)
        • Allow linux distros to build release without signing, as their package managers sign independently
      • !647 - OAuth2::AccessToken#refresh now supports block param pass through (@pboling)
      • !647 - OAuth2.config is no longer writable (@pboling)
      • !647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling)
    • Fixed
      • #95 - restoring an access token via AccessToken#from_hash (@pboling)
        • This was a 13 year old bug report. 😘
      • #619 - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling)
      • !633 - Spaces will now be encoded as %20 instead of + (@nov.matake)
      • !634 - CHANGELOG.md documentation fix (@skuwa229)
      • !638 - fix expired? when expires_in is 0 (@disep)
      • !639 - Only instantiate OAuth2::Error if raise_errors option is true (@glytch2)
      • #639 - AccessToken#to_hash is now serializable, just a regular Hash (@pboling)
      • !640 - README.md documentation fix (@martinezcoder)
      • !641 - Do not include sensitive information in the inspect (@manuelvanrijn)
      • #641 - Made default JSON response parser more resilient (@pboling)
      • #645 - Response no longer becomes a snaky hash (@pboling)
      • gh!646 - Change require to require_relative (improve performance) (@Aboling0)