# Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## 0.5.0 - 2023-11-22 ### Added - Added the `query` module, including constants for some commonly used header and parameter values for use by `Adapter` implementations. ### Changed - Updated the `rocket` dependency to `0.5` - Refactored `rocket_oauth2` to support `async` and other changes in 0.5 - Changed `Adapter` and impls to use `#[async_trait]` - Made `Adapter::exchange_code` and `OAuth2::refresh` into `async fn`s - Replaced `OAuthConfig::from_config` with `OAuthConfig::from_figment` - Replaced `HyperSyncRustlsAdapter` with `HyperRustlsAdapter`; the feature flag has also been replaced with `hyper_rustls_adapter` - Implemented `Sentinel` on request guards, so misconfiguration will be detected earlier at runtime. - Rewrote the primary example with `reqwest` and renamed it to `user_info` ### Removed - Removed support for specifying `provider` as a table with `auth_uri` and `token_uri` values. These values are no longer nested under `provider`. ### Migration Guide - If you specified `provider` as a table with `auth_uri` and `token_uri`, remove the intermediate `provider` table and move `auth_uri` and `token_uri` to the level `provider` was at. - Change references to `hyper_sync_rustls_adapter` to `hyper_rustls_adapter`, and `HyperSyncRustlsAdapter` with `HyperRustlsAdapter`. - Change calls to `OAuthConfig::from_config` to `OAuthConfig::from_figment`. - Add `#[async_trait::async_trait]` to `Adapter` implementations, and change `exchange_code` to an `async fn` using an `async` HTTP client or a synchronous HTTP client wrapped in a `spawn_blocking` call. - Add `.await` after calls to `Adapter::exchange_code()` and `OAuth2::refresh()`. ## 0.4.1 - 2020-09-23 ### Changed - The version requirement for `hyper_sync_rustls` has been loosened, allowing up to `0.3.0-rc.17`. ## 0.4.0 - 2020-08-25 ### Added - `get_redirect_extras` method, which accepts "extra" query parameters to use in the authentication request. ### Changed - Use HTTP basic authentication by default to pass `client_id` and `client_secret` to the authorization server, instead of placing them in the request body. ### Migration Notes Previous versions of this library sent the `client_id` and `client_secret` in the request body, which is an optional extension supported by many authorization servers. The default is now to use HTTP Basic Authentication, which [servers must support]. In the case of a server that *only* supports authentication parameters in the request body, this functionality can be disabled. * For servers that support HTTP Basic Authentication, use `OAuth2::fairing()` or `OAuth2::custom()` with `HyperSyncRustlsAdapter::default()`. * For servers that **do not** support HTTP Basic Authentication, use `OAuth2::custom()` with `HyperSyncRustlsAdapter::default().basic_auth(false)`. * Only `HyperSyncRustlsAdapter` is affected by this change; custom `Adapter` types are not affected. [servers must support]: https://tools.ietf.org/html/rfc6749#section-2.3.1 ## 0.3.1 - 2020-07-19 ### Added - Support for 'Wikimedia' as a known provider. ## 0.3.0 - 2020-07-03 ### Added - Documentation that TokenResponse guard must come before Cookies ### Changed - More specific log message when the state cookie is missing or inaccessible - Provider names are now case-insensitive, matching the documentation ## 0.3.0-rc.1 - 2020-06-15 ### Added - Log messages help pinpoint which part of the token exchange failed - The `redirect_uri` is now optional ### Changed - Removed the `A` type parameter from `OAuth2::fairing()`. To use a custom `Adapter`, use `OAuth2::custom()`. - Removed the `Callback` trait. Callbacks are now implemented as regular routes that use the `TokenResponse` request guard. - `OAuth2` is no longer placed in managed state. Instead, `OAuth2` implements `FromRequest`. - `HyperSyncRustlsAdapter` is exported from the crate root instead of from a submodule. ### Removed - Removed the automatic creation of login routes. Instead, `get_redirect()` can be called from a user-defined login route. ## 0.2.0 - 2020-04-11 ### Added - More complete documentation and examples of custom Provider usage ## 0.2.0-rc.1 - 2019-10-27 ### Added - Refresh tokens can be exchanged using `OAuth2::refresh()` ### Changed - Restructured error handling in `Adapter`s. - Removed the `A` type parameter from `OAuth2`. - `TokenResponse` is redesigned and no longer uses `serde_derive`. Fields have been converted to methods, and `.as_value()` replaces the functionality of `.extras`. - `Provider` is now a trait, allowing for dynamically determined `Provider`s. - `Adapter` is now only responsible for *conveying* state in `authorization_uri()`; state is generated by the library itself. - Added (direct) dependencies on 'ring' (0.13) and 'base64' (0.10); removed 'rand' dependency ## 0.1.0 - 2019-10-01 ### Added - CHANGELOG.md. - Support for 'Microsoft' (v2.0) as a known Provider and an example. - A 'scope' can be specificied in the authorization callback as a fallback in case it is not present in the token response. This is the case with Strava, for example. - Types derive more of the traits in `std`, such as `Clone` and `Debug`. ### Changed - Update 'rand' dependency to 0.7. - Update 'url' dependency to 2.1. ## 0.0.5 - 2018-12-06