TL;DROAuth Ruby is dead. Long live OAuth Ruby!
Hi everyone,
This old Google Group is active again, at least for the moment, because there is a lot of OAuth Ruby news to share.
# Migration from Github to Gitlab
Both projects have already begun the migration away from Github. The poll had 27 responses, and 62% of respondents indicated a preference for Gitlab as the new primary home. We will create mirrors to other hosts as well, to make it truly decentralized.
If you missed the poll/discussion, I describe some of the reasons for the migration in a
post on dev.to. Feel free to leave a comment!
If you were an author / maintainer / developer of one of the gems on Github, and would like to continue on Gitlab, please let me know your handle so I can add you to the org.
# Migration from master to main
All repositories within oauth-xx (on the new GitLab home) will use main for the default branch going forward. The old master branches have been deleted. Yes, this may break something. Why is that desireable? Breaking loudly is better than breaking silently. Silent breaks include thinking you will always get the latest "master" updates, patches and security fixes, when you are actually on a dead branch without realizing it.
I have been extracting libraries from the oauth gems to reduce unintentional coupling, improve test coverage, and reduce duplication.
version_gem (
rubygem)
- extracted from oauth2, integrated with oauth
snaky_hash (
rubygem)
- extracted from oauth2, integrated with oauth
oauth-tty (
rubygem)
- extracted from oauth, not yet integrated with oauth2 (and might never be?).
# Open Source Support
For both oauth and oauth2, gem releases will follow SemVer v2.0, which I interpret to mean that dropping support for a Ruby version requires a major version bump. Every year in April non-enterprise support for all versions within the oldest still-supported major version, and EOL Rubies, will cease.
# Enterprise Support
Available as part of the
Tidelift Subscription.
Maintainers of thousands of packages, including many you are familiar with, e.g.
OmniAuth, are working with
Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use.
Learn more.
# New Releases
In
oauth I fixed a bug present since 2010, added support for specifying SSL Cert options, modernized everything, and much more. See the
oauth CHANGELOG.md. Finally we are past the 1.0 release goal post!
```
gem "oauth", "~> 1.1"
```
In oauth2 I've been very busy adding the following:
- Support
IETF RFC 7231 Relative Location in Redirect
- Better support for
IETF RFC 6749 - Don't set oauth params when nil
- Support
OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (
IETF RFC 7523)
- Support new formats, including from
jsonapi.org:
application/vdn.api+json,
application/vnd.collection+json,
application/hal+json,
application/problem+json```
gem "oauth2", "~> 2.0"
```
I'd love to have this be a place to discuss the intersection of OAuth and Ruby again. Here are some additional resources.
# OAuth Ruby Community
# OAuth 1.0 - oauth
# For Humans
Regards,
|7eter l-|. l3oling