Upgrade/allow oauth2 to be 2.0 #67
Comments
|
hello @PragTob we will look into it! :) but you are welcome to contribute with PRs as well if you want! |
|
@tajchumber I can happily do a PR allowing OAuth 2.0 just not to sure about the details/specifics as I'm unsure if the "possibly backwards compatible" part applies to this lib or not. The big PR seems to be this ueberauth/oauth2#131 which fixes ueberauth/oauth2#128 which is a security related issue. edit: added a small PR not sure what kind of testing one would need t do for this though #68 |
PragTob
added a commit
to PragTob/ueberauth_google
that referenced
this issue
Aug 21, 2019
oauth2 has a recent possibly backwards incompatible release that makes sure the spec is followed and authorization headers are respected (https://github.com/scrogson/oauth2/blob/master/CHANGELOG.md#v200-2019-07-15) This fixed ueberauth/oauth2#128 hence I think it's important to include. Decided to not require 2.x as that might conflict too hard with other libraries. Also decided to allow minor version bumps as @scrogson seems to be good about semver <3 As ueberauth#66 isn't merged yet I'd like it if this could get in with the release. fixes ueberauth#67
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
oauth2 was semi recently upgraded to 2.0 with a fix that seems important and relevant. Would be nice to also include that in a future release.
Also, thanks for the great library! 馃憢 馃帀
The text was updated successfully, but these errors were encountered: