File rubygem-omniauth-auth0.changes of Package rubygem-omniauth-auth0

Overview Repositories Revisions Requests Users Attributes Meta

File rubygem-omniauth-auth0.changes of Package rubygem-omniauth-auth0

-------------------------------------------------------------------
Tue Nov 14 15:19:40 UTC 2023 - Dan Čermák <dan.cermak@posteo.net>

- New upstream release 3.1.1, see bundled CHANGELOG.md

-------------------------------------------------------------------
Thu Jun 24 17:41:44 UTC 2021 - Stephan Kulow <coolo@suse.com>

updated to version 3.0.0
 see installed CHANGELOG.md

## [v3.0.0](https://github.com/auth0/omniauth-auth0/tree/v3.0.0) (2021-04-14)
  Version 3.0 introduces [Omniauth v2.0](https://github.com/omniauth/omniauth/releases/tag/v2.0.0) which addresses [CVE-2015-9284](https://nvd.nist.gov/vuln/detail/CVE-2015-9284). Omniauth now defaults to only allow `POST` as the allowed request_phase method. This was previously handled through the recommended [mitigation](https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284) using the `omniauth-rails_csrf_protection v0.x.x` gem to provide CSRF protection.
  
  ### Upgrading to omniauth-rails_csrf_protection v1.0.0
  If you are using `omniauth-rails_csrf_protection` to provide CSRF protection, you will need to be upgrade to `1.x.x`.
  
  ### BREAKING CHANGES
  Now that OmniAuth now defaults to only `POST` as the allowed request_phase method, if you aren't already, you will need to convert any login links to use [form helpers](https://api.rubyonrails.org/classes/ActionView/Helpers/FormHelper.html#method-i-form_for) with the `POST` method.
  
  ```html+ruby
  # OLD -- GET request
  <a href='/auth/auth0'>Login</a>
  
  # NEW Example #1 -- POST request
  <%= link_to 'Login', 'auth/auth0', method: :post %>
  
  # NEW Example #2 -- POST request
  <%= button_to 'Login', 'auth/auth0', method: :post %>
  
  # NEW Example #3 -- POST request
  <%= form_tag('/auth/auth0', method: :post) do %>
    <button type='submit'></button>
  <% end %>
  ```
  
  ### Allowing GET Requests
  In the scenario you absolutely must use GET requests as an allowed request method for authentication, you can override the protection provided with the following config override:
  
  ```ruby
  # Allowing GET requests will expose you to CVE-2015-9284 
  OmniAuth.config.allowed_request_methods = [:get, :post]
  ```
  
  ## [v2.6.0](https://github.com/auth0/omniauth-auth0/tree/v2.6.0) (2021-04-01)
  
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.5.0...v2.6.0)
  
  **Added**
  - Org Support [SDK-2395]  [\#124](https://github.com/auth0/omniauth-auth0/pull/124) ([davidpatrick](https://github.com/davidpatrick))
  - Add login_hint to permitted params  [\#123](https://github.com/auth0/omniauth-auth0/pull/123) ([Roriz](https://github.com/Roriz))
  
  ## [v2.5.0](https://github.com/auth0/omniauth-auth0/tree/v2.5.0) (2021-01-21)
  
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.4.2...v2.5.0)
  
  **Added**
  - Parsing claims from the id_token [\#120](https://github.com/auth0/omniauth-auth0/pull/120) ([davidpatrick](https://github.com/davidpatrick))
  
  **Changed**
  - Setup build matrix in CI [\#116](https://github.com/auth0/omniauth-auth0/pull/116) ([dmathieu](https://github.com/dmathieu))
  
  **Fixed**
  - Fixes params passed to authorize [\#119](https://github.com/auth0/omniauth-auth0/pull/119) ([davidpatrick](https://github.com/davidpatrick))

-------------------------------------------------------------------
Wed Jan 20 13:01:30 UTC 2021 - Stephan Kulow <coolo@suse.com>

updated to version 2.4.2
 see installed CHANGELOG.md

## [v2.4.2](https://github.com/auth0/omniauth-auth0/tree/v2.4.2) (2021-01-19)
  
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.4.1...v2.4.2)
  
  **Fixed**
  - Lock Omniauth to 1.9 in gemspec
  
  ## [v2.4.1](https://github.com/auth0/omniauth-auth0/tree/v2.4.1) (2020-10-08)
  
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.4.0...v2.4.1)
  
  **Fixed**
  - Verify the JWT Signature [\#109](https://github.com/auth0/omniauth-auth0/pull/109) ([jimmyjames](https://github.com/jimmyjames))

-------------------------------------------------------------------
Fri Sep 25 14:28:57 UTC 2020 - Stephan Kulow <coolo@suse.com>

updated to version 2.4.0
 see installed CHANGELOG.md

## [v2.4.0](https://github.com/auth0/omniauth-auth0/tree/v2.4.0) (2020-09-22)
  
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.3.1...v2.4.0)
  
  **Security**
  - Bump rack from 2.2.2 to 2.2.3 [\#107](https://github.com/auth0/omniauth-auth0/pull/107) ([dependabot](https://github.com/dependabot))
  - Update dependencies [\#100](https://github.com/auth0/omniauth-auth0/pull/100) ([Albalmaceda](https://github.com/Albalmaceda))
  
  **Added**
  - Add support for screen_hint=signup param [\#103](https://github.com/auth0/omniauth-auth0/pull/103) ([bbean86](https://github.com/bbean86))
  - Add support for `connection_scope` in params [\#99](https://github.com/auth0/omniauth-auth0/pull/99) ([felixclack](https://github.com/felixclack))

-------------------------------------------------------------------
Thu May  7 21:10:30 UTC 2020 - Stephan Kulow <coolo@suse.com>

- updated to version 2.3.1
 see installed CHANGELOG.md

## [v2.3.1](https://github.com/auth0/omniauth-auth0/tree/v2.3.1) (2020-03-27)
  
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.3.0...v2.3.1)
  
  **Fixed bugs:**
  
  - Fixes dependency issue [\#97](https://github.com/auth0/omniauth-auth0/pull/97) ([davidpatrick](https://github.com/davidpatrick))
  - Fix "NameError: uninitialized constant OmniAuth::Auth0::TokenValidationError" [\#96](https://github.com/auth0/omniauth-auth0/pull/96) ([stefanwork](https://github.com/stefanwork))
  
  ## [v2.3.0](https://github.com/auth0/omniauth-auth0/tree/v2.3.0) (2020-03-06)
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.2.0...v2.3.0)
  
  **Added**
  - Improved OIDC Compliance [\#92](https://github.com/auth0/omniauth-auth0/pull/92) ([davidpatrick](https://github.com/davidpatrick))

-------------------------------------------------------------------
Sun May  5 09:37:29 UTC 2019 - Stephan Kulow <coolo@suse.com>

- updated to version 2.2.0
 see installed CHANGELOG.md

## [v2.2.0](https://github.com/auth0/omniauth-auth0/tree/v2.2.0) (2018-04-18)
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.1.0...v2.2.0)
  
  **Closed issues**
  - It supports custom domain? [\#71](https://github.com/auth0/omniauth-auth0/issues/71)
  - Valid Login, No Details: email=nil image=nil name="github|38257089" nickname=nil [\#70](https://github.com/auth0/omniauth-auth0/issues/70)
  
  **Added**
  - Custom issuer [\#77](https://github.com/auth0/omniauth-auth0/pull/77) ([ryan-rosenfeld](https://github.com/ryan-rosenfeld))
  - Add telemetry to token endpoint [\#74](https://github.com/auth0/omniauth-auth0/pull/74) ([joshcanhelp](https://github.com/joshcanhelp))
  
  **Changed**
  - Remove telemetry from authorize URL [\#75](https://github.com/auth0/omniauth-auth0/pull/75) ([joshcanhelp](https://github.com/joshcanhelp))

-------------------------------------------------------------------
Thu Nov 22 05:24:43 UTC 2018 - Stephan Kulow <coolo@suse.com>

- updated to version 2.1.0
 see installed CHANGELOG.md

## [v2.1.0](https://github.com/auth0/omniauth-auth0/tree/v2.1.0) (2018-10-30)
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.0.0...v2.1.0)
  
  **Closed issues**
  - URL should be spelled uppercase outside of code [\#64](https://github.com/auth0/omniauth-auth0/issues/64)
  - Add prompt=none authorization param handler [\#58](https://github.com/auth0/omniauth-auth0/issues/58)
  - Could not find a valid mapping for path "/auth/oauth2/callback" [\#56](https://github.com/auth0/omniauth-auth0/issues/56)
  - I had to downgrade my gems to use this strategy :-( [\#53](https://github.com/auth0/omniauth-auth0/issues/53)
  - CSRF detected [\#49](https://github.com/auth0/omniauth-auth0/issues/49)
  - /auth/:provider route not registered? [\#47](https://github.com/auth0/omniauth-auth0/issues/47)
  
  **Added**
  - Add ID token validation [\#62](https://github.com/auth0/omniauth-auth0/pull/62) ([joshcanhelp](https://github.com/joshcanhelp))
  - Silent authentication [\#59](https://github.com/auth0/omniauth-auth0/pull/59) ([batalla3692](https://github.com/batalla3692))
  - Pass connection parameter to auth0 [\#54](https://github.com/auth0/omniauth-auth0/pull/54) ([tomgi](https://github.com/tomgi))
  
  **Changed**
  - Update to omniauth-oauth2 [\#55](https://github.com/auth0/omniauth-auth0/pull/55) ([chills42](https://github.com/chills42))
  
  **Fixed**
  - Fix Rubocop errors [\#66](https://github.com/auth0/omniauth-auth0/pull/66) ([joshcanhelp](https://github.com/joshcanhelp))
  - Fix minute bug in README.md [\#63](https://github.com/auth0/omniauth-auth0/pull/63) ([rahuldess](https://github.com/rahuldess))

-------------------------------------------------------------------
Thu Jan 26 05:38:53 UTC 2017 - coolo@suse.com

- updated to version 2.0.0
 see installed CHANGELOG.md

## [v2.0.0](https://github.com/auth0/omniauth-auth0/tree/v2.0.0) (2017-01-25)
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v1.4.1...v2.0.0)
  
  Updated library to handle OIDC conformant clients and OAuth2 features in Auth0.
  This affects how the `credentials` and `info` attributes are populated since the payload of /oauth/token and /userinfo are differnt when using OAuth2/OIDC features.
  
  The `credentials` hash will always have an `access_token` and might have a `refresh_token` (if it's allowed in your API settings in Auth0 dashboard and requested using `offline_access` scope) and an `id_token` (scope `openid` is needed for Auth0 to return it).
  
  The `info` object will use the [OmniAuth schema](https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema#schema-10-and-later) after calling /userinfo:
  
  - name: `name` attribute in userinfo response or `sub` if not available.
  - email: `email` attribute in userinfo response.
  - nickname: `nickname` attribute in userinfo response.
  - image: `picture` attribute in userinfo response.
  
  Also in `extra` will have in `raw_info` the full /userinfo response.

-------------------------------------------------------------------
Sun Oct  9 04:33:36 UTC 2016 - coolo@suse.com

- updated to version 1.4.2
 see installed CHANGELOG.md

-------------------------------------------------------------------
Thu Mar 17 00:19:42 UTC 2016 - mrueckert@suse.de

- initial package

Places

File rubygem-omniauth-auth0.changes of Package rubygem-omniauth-auth0

Places