New Releases, New Maintainer, New Code Host
588 views
Skip to first unread message
Peter Boling
Aug 30, 2022, 2:03:08 PM8/30/22
to OAuth Ruby
TL;DR
OAuth Ruby is dead. Long live OAuth Ruby!
Hi everyone,
This old Google Group is active again, at least for the moment, because there is a lot of OAuth Ruby news to share.
# Migration from Github to Gitlab
Both projects have already begun the migration away from Github. The poll had 27 responses, and 62% of respondents indicated a preference for Gitlab as the new primary home. We will create mirrors to other hosts as well, to make it truly decentralized.
If you missed the poll/discussion, I describe some of the reasons for the migration in a post on dev.to. Feel free to leave a comment!
• Org home - https://gitlab.com/oauth-xx
• Oauth 1.0 - https://gitlab.com/oauth-xx/oauth
• OAuth 2.0 - https://gitlab.com/oauth-xx/oauth2
If you were an author / maintainer / developer of one of the gems on Github, and would like to continue on Gitlab, please let me know your handle so I can add you to the org.
# Migration from master to main
All repositories within oauth-xx (on the new GitLab home) will use main for the default branch going forward. The old master branches have been deleted. Yes, this may break something. Why is that desireable? Breaking loudly is better than breaking silently. Silent breaks include thinking you will always get the latest "master" updates, patches and security fixes, when you are actually on a dead branch without realizing it.
# Extractions
I have been extracting libraries from the oauth gems to reduce unintentional coupling, improve test coverage, and reduce duplication.
version_gem (rubygem) - extracted from oauth2, integrated with oauth
snaky_hash (rubygem) - extracted from oauth2, integrated with oauth
oauth-tty (rubygem) - extracted from oauth, not yet integrated with oauth2 (and might never be?).
# Open Source Support
For both oauth and oauth2, gem releases will follow SemVer v2.0, which I interpret to mean that dropping support for a Ruby version requires a major version bump. Every year in April non-enterprise support for all versions within the oldest still-supported major version, and EOL Rubies, will cease.
• See oauth SECURITY.md for more
• See oauth2 SECURITY.md for more
# Enterprise Support
Available as part of the Tidelift Subscription.
Maintainers of thousands of packages, including many you are familiar with, e.g. OmniAuth, are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.
Maintainers of thousands of packages, including many you are familiar with, e.g. OmniAuth, are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.
# New Releases
In oauth I fixed a bug present since 2010, added support for specifying SSL Cert options, modernized everything, and much more. See the oauth CHANGELOG.md. Finally we are past the 1.0 release goal post!
```
gem "oauth", "~> 1.1"
```
In oauth2 I've been very busy adding the following:
- Support IETF RFC 7523 JWT Bearer Tokens
- Support IETF RFC 7231 Relative Location in Redirect
- Better support for IETF RFC 6749 - Don't set oauth params when nil
- Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (IETF RFC 7523)
- Support new formats, including from jsonapi.org: application/vdn.api+json, application/vnd.collection+json, application/hal+json, application/problem+json
- Better support for IETF RFC 6749 - Don't set oauth params when nil
- Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (IETF RFC 7523)
- Support new formats, including from jsonapi.org: application/vdn.api+json, application/vnd.collection+json, application/hal+json, application/problem+json
- And a great deal more, which you can find detailed in the oauth2 CHANGELOG.md.
```
gem "oauth2", "~> 2.0"
```
I'd love to have this be a place to discuss the intersection of OAuth and Ruby again. Here are some additional resources.
# OAuth Ruby Community
* Mailing List/Google Group: http://groups.google.com/group/oauth-ruby
* Live Chat on Gitter: https://gitter.im/oauth-xx
# OAuth 1.0 - oauth
* Source Code: https://gitlab.com/oauth-xx/oauth/
* RubyDoc Documentation: https://rubydoc.info/gems/oauth
* Maintainer's Blog: http://www.railsbling.com/tags/oauth/
* RubyDoc Documentation: https://rubydoc.info/gems/oauth
* Maintainer's Blog: http://www.railsbling.com/tags/oauth/
# OAuth 2.0 - oauth2
* Source Code: https://gitlab.com/oauth-xx/oauth2/
* RubyDoc Documentation: https://rubydoc.info/gems/oauth2
* Maintainer's Blog: http://www.railsbling.com/tags/oauth2/
* RubyDoc Documentation: https://rubydoc.info/gems/oauth2
* Maintainer's Blog: http://www.railsbling.com/tags/oauth2/
# For Humans
If you are a human, please consider a donation as I move toward supporting myself with Open Source work:
• https://liberapay.com/pboling
• https://ko-fi.com/pboling
• https://patreon.com/galtzo
• https://liberapay.com/pboling
• https://ko-fi.com/pboling
• https://patreon.com/galtzo
Lastly, I am available for hire!
Regards,
|7eter l-|. l3oling
Reply all
Reply to author
Forward
0 new messages