Revision history for Mojolicious-Plugin-OAuth2-Server
0.51 2022-08-15
- Bump min perl version to 5.16 (as per core Mojolicious)
0.50 2022-08-08
- Allow client_id / client_secret in body params (GH #28)
0.49 2022-06-02
- Fix tests broken by Mojolicious multiple render fixes (GH #27)
0.48 2021-06-15
- Accept error_description from auth methods (GH #26)
0.47 2020-07-20
- Add t/170_expiry_ttl_callback.t for Net::OAuth2::AuthorizationServer v0.26 changes
0.46 2020-06-18
- Return scope list from access token request, as per RFC6749 (GH #22)
0.45 2020-06-18
- Fix missing mojo_controller passed to ->verify_client (GH #24)
0.44 2019-04-27
- Fix make sure user_id is returned in AuthorizationCodeGrant defaults
0.42 2018-05-01
- Prevent double encoding of URL in oauth2_auth_request helper
- Note that this requires a much more recent version of Mojolicious
so the requirement has been bumped to v7.76
0.41 2018-04-16
- Handle inconsistencies between various grant types and the return
data from ->verify_token_and_scope sometimes returning a hash ref
and sometimes returning a string - now they always return a hash
ref in the case of a successful authentication (GH #20)
- Note that this may be a BREAKING CHANGE if you are using password
grant in your app
- Requires v0.17 of Net::OAuth2::AuthorizationServer for these changes
0.40 2018-02-02
- Add oauth2_auth_request helper to get at redirect URI that results
from the authorization process
0.39 2018-09-01
- Add failing test case for return values when refresh token is
a JWT (GH #17, thanks to pierre-vigier)
- Fix above issue by bumping requirement on N::O::AuthorizationServer
to v0.16
0.38 2017-06-01
- Fix combination of verify_client and jwt_secret causing tokens
to be generated when verify_client return 0 for client_credentials
grant
0.37 2017-05-12
- Add support for jwt_claims callback in config
(see jwt_claims_cb in Net::OAuth2::AuthorizationServer)
0.36 2017-05-03
- Fix bug in test for version 0.34 due to requiring url_decode
of access token in implicit grant flow
0.35 2017-03-06
- Fix bug in test for previous version
0.34 2017-03-06
- Fix implicit grant should return query params in a fragment
0.33 2017-03-03
- Fix tests for recent version of Net::OAuth2::AuthorizationServer
0.32 2016-11-01
- Remove args_as_hash, this is now the default
0.31 2016-10-01
- Deprecate args_as_hash, will become the standard as from the next version
0.30 2016-09-16
- Add "Client Credentials Grant" flow (response_type = "client_credentials"
in call to access_token)
- Improve test coverage for Implicit Grant
- Fix setting of scopes for JWT in Implicit Grant revealed by improved test
coverage
0.29 2016-08-31
- Fix Implicit Grant needs to be able to support login_resource_owner and
confirm_by_resource_owner callbacks
0.28 2016-08-31
- Fix don't allow clients defined with a client_secret to use the Implicit
Grant Flow (handled in Net::OAuth2::AuthorizationServer, but add tests here)
0.27 2016-08-31
- Add "Implicit Grant" flow (response_type = "token" in call to authorize)
0.26 2016-05-12
- Transfer repo from G3S to Humanstate
0.25 2016-04-17
- Add "Resource Owner Password Credentials Grant"
0.24 2016-04-11
- split out bulk of code into Net::OAuth2::AuthorizationServer
- ditto for examples and bulk of the perldoc
- plugin is fully backwards compatible, although you may want to
move to using the args_as_hash option for cleaner callbacks
see docs for Net::OAuth2::AuthorizationServer::AuthorizationCodeGrant
0.23 2015-10-21
- move github repo to Humanstate org
0.22 2015-06-25
- auth codes, access tokens, and refresh tokens returned can now be
JWTs (implemented via Mojo::JWT). this allows validation without
database lookup *should you want to do that*
- this allows the "simple" usage of the plugin to be persistent and
multi process compat by supplying a jwt_secret - although you lose
the automatic token revoking capabilities of the module when doing
this. see the examples, tests, and perldoc for more information
0.11 2015-03-19
- update examples/oauth2_client.pl to work with latest version of
Mojolicious::Plugin::OAuth2. point to examples/ in the perldoc
- tweaks to perldoc to highlight that this is an implementation of
the "Authorization Code Grant" flow
0.10 2015-03-17
- change token_type to be Bearer rather than bearer as this maps better
for use in the Authorization header
0.09 2015-03-16
- fix refresh_token check to prevent it being used as an access token.
this adds an extra argument ($is_refresh_token) to the method that
is called to _verify_access_token
0.08 2015-02-12
- stipulate CryptX in the Makefile.PL rather than Crypt::PRNG, as the
latter doesn't have a VERSION number so causes dependency check to
fail (thanks to reneeb for the report/fix)
- some tweaks in examples
0.07 2015-02-11
- call verify_client before redirecting to login / confirm scopes
as there's no point logging a user in, etc, if the client is bad
- make _verify_access_token return a list as _verify_auth_code so
we can report the failure reason in a meaningful way.
- Add example schema and code for using the module with a relational
database
- harden token generation function using Crypt::PRNG random_string
0.06 2015-02-10
- test and documentation for flash + redirect in a full fat app
0.05 2015-02-07
- use warnings and fix any raised by tests
0.04 2015-02-06
- refatoring and consistency tweaks
0.03 2015-02-06
- fix regexp in tests to be looser
0.02 2015-02-06
- POD tweaks
- set minimum perl version (5.10.1)
0.01 2015-02-06
- First release inspired by frustration, confusion, and hate when trying
to implement OAuth2 resource/auth server using existing CPAN modules