Release/v2.0.10

In this release

2.0.10 - 2025-05-16

• TAG: [v2.0.10][2.0.10t]
• COVERAGE: 100.00% -- 518/518 lines in 14 files
• BRANCH COVERAGE: 100.00% -- 170/170 branches in 14 files
• 79.05% documented

Added

• gh!632 - Added funding.yml (@Aboling0)
• !635 (merged) - Added .gitlab-ci.yml (@jessieay)
• #638 (closed) - Documentation of support for ILO Fundamental Principles of Rights at Work (@pboling)
• !642 (merged) - 20-year certificate for signing gem releases, expires 2045-04-29 (@pboling)
  • Gemspec metadata
    • funding_uri
    • news_uri
    • mailing_list_uri
  • SHA256 and SHA512 Checksums for release
• !643 (merged) - Add token_name option (@pboling)
  • Specify the parameter name that identifies the access token
• !645 (merged) - Add OAuth2::OAUTH_DEBUG constant, based on `ENV["OAUTH_DEBUG"] (@pboling)
• !646 (merged) - Add OAuth2.config.silence_extra_tokens_warning, default: false (@pboling)
• !647 (merged) - Add IETF RFC 7009 Token Revocation compliant (@pboling)
  • OAuth2::Client#revoke_token
  • OAuth2::AccessToken#revoke
  • See: https://datatracker.ietf.org/doc/html/rfc7009
• gh!644, gh!645 - Added CITATION.cff (@Aboling0)
• !648 (merged) - Improved documentation (@pboling)

Changed

• Default value of OAuth2.config.silence_extra_tokens_warning was false, now true (@pboling)
• Gem releases are now cryptographically signed, with a 20-year cert (@pboling)
  • Allow linux distros to build release without signing, as their package managers sign independently
• !647 (merged) - OAuth2::AccessToken#refresh now supports block param pass through (@pboling)
• !647 (merged) - OAuth2.config is no longer writable (@pboling)
• !647 (merged) - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling)

Fixed

• #95 (closed) - restoring an access token via AccessToken#from_hash (@pboling)
  • This was a 13 year old bug report. 😘
• #619 (closed) - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling)
• !633 (closed) - Spaces will now be encoded as %20 instead of + (@nov.matake)
• !634 (merged) - CHANGELOG.md documentation fix (@skuwa229)
• !638 (merged) - fix expired? when expires_in is 0 (@disep)
• !639 (merged) - Only instantiate OAuth2::Error if raise_errors option is true (@glytch2)
• #639 (closed) - AccessToken#to_hash is now serializable, just a regular Hash (@pboling)
• !640 (merged) - README.md documentation fix (@martinezcoder)
• !641 (merged) - Do not include sensitive information in the inspect (@manuelvanrijn)
• #641 (closed) - Made default JSON response parser more resilient (@pboling)
• #645 (closed) - Response no longer becomes a snaky hash (@pboling)
• gh!646 - Change require to require_relative (improve performance) (@Aboling0)

TODOs

• Test against multiple versions of runtime dependencies
  • faraday
    • v0
    • v1
    • v2
    • head
  • jwt
    • v1
    • v2
    • v3 (beta)
    • head
  • rack
    • v1.2
    • v1.6
    • v2
    • v3
    • head
  • multi_xml
    • v0.5
    • v0.6
    • v0.7
    • head
• Add gems that Ruby 3.5 will remove from Standard Lib as dependencies, and add to test matrix
  • logger
    • v1.2
    • v1.5
    • v1.7
    • head
• Document dependencies
• Fix Code Coverage PR comments
• Release documentation
• Document that GitHub is a Federated Mirror that accepts issues and pull requests