All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Updated
hyper
andhyper-rustls
dependencies - Removed the value of
client_secret
fromOAuthConfig
'sDebug
output
hyper-rustls
0.27 now usesaws-lc-rs
as the default cryptography implementation. For continuity with previous releases and to matchrocket
, this crate enables thering
feature flag instead. The cryptography provider that is used can be changed by callingrustls::crypto::CryptoProvider::install_default
early in application startup. Notably, you may need to make an explicit choice if your application or a dependency useshyper-rustls
with the default features enabled, making bothaws-lc-rs
andring
available.
- Added GitHub actions workflow
- Removed all public branches besides
main
(the current versions0.5.x
) and most version-related references. Please strongly consider upgrading if you are using one of these older unmaintained versions.
- Added the
query
module, including constants for some commonly used header and parameter values for use byAdapter
implementations.
- Updated the
rocket
dependency to0.5
- Refactored
rocket_oauth2
to supportasync
and other changes in 0.5- Changed
Adapter
and impls to use#[async_trait]
- Made
Adapter::exchange_code
andOAuth2::refresh
intoasync fn
s
- Changed
- Replaced
OAuthConfig::from_config
withOAuthConfig::from_figment
- Replaced
HyperSyncRustlsAdapter
withHyperRustlsAdapter
; the feature flag has also been replaced withhyper_rustls_adapter
- Implemented
Sentinel
on request guards, so misconfiguration will be detected earlier at runtime.
- Refactored
- Rewrote the primary example with
reqwest
and renamed it touser_info
- Removed support for specifying
provider
as a table withauth_uri
andtoken_uri
values. These values are no longer nested underprovider
.
- If you specified
provider
as a table withauth_uri
andtoken_uri
, remove the intermediateprovider
table and moveauth_uri
andtoken_uri
to the levelprovider
was at. - Change references to
hyper_sync_rustls_adapter
tohyper_rustls_adapter
, andHyperSyncRustlsAdapter
withHyperRustlsAdapter
. - Change calls to
OAuthConfig::from_config
toOAuthConfig::from_figment
. - Add
#[async_trait::async_trait]
toAdapter
implementations, and changeexchange_code
to anasync fn
using anasync
HTTP client or a synchronous HTTP client wrapped in aspawn_blocking
call. - Add
.await
after calls toAdapter::exchange_code()
andOAuth2::refresh()
.
- The version requirement for
hyper_sync_rustls
has been loosened, allowing up to0.3.0-rc.17
.
get_redirect_extras
method, which accepts "extra" query parameters to use in the authentication request.
- Use HTTP basic authentication by default to pass
client_id
andclient_secret
to the authorization server, instead of placing them in the request body.
Previous versions of this library sent the client_id
and client_secret
in
the request body, which is an optional extension supported by many authorization
servers. The default is now to use HTTP Basic Authentication, which servers
must support. In the case of a server that only supports authentication
parameters in the request body, this functionality can be disabled.
- For servers that support HTTP Basic Authentication, use
OAuth2::fairing()
orOAuth2::custom()
withHyperSyncRustlsAdapter::default()
. - For servers that do not support HTTP Basic Authentication, use
OAuth2::custom()
withHyperSyncRustlsAdapter::default().basic_auth(false)
. - Only
HyperSyncRustlsAdapter
is affected by this change; customAdapter
types are not affected.
- Support for 'Wikimedia' as a known provider.
- Documentation that TokenResponse guard must come before Cookies
- More specific log message when the state cookie is missing or inaccessible
- Provider names are now case-insensitive, matching the documentation
- Log messages help pinpoint which part of the token exchange failed
- The
redirect_uri
is now optional
- Removed the
A
type parameter fromOAuth2::fairing()
. To use a customAdapter
, useOAuth2::custom()
. - Removed the
Callback
trait. Callbacks are now implemented as regular routes that use theTokenResponse
request guard. OAuth2
is no longer placed in managed state. Instead,OAuth2
implementsFromRequest
.HyperSyncRustlsAdapter
is exported from the crate root instead of from a submodule.
- Removed the automatic creation of login routes. Instead,
get_redirect()
can be called from a user-defined login route.
- More complete documentation and examples of custom Provider usage
- Refresh tokens can be exchanged using
OAuth2::refresh()
- Restructured error handling in
Adapter
s. - Removed the
A
type parameter fromOAuth2
. TokenResponse
is redesigned and no longer usesserde_derive
. Fields have been converted to methods, and.as_value()
replaces the functionality of.extras
.Provider
is now a trait, allowing for dynamically determinedProvider
s.Adapter
is now only responsible for conveying state inauthorization_uri()
; state is generated by the library itself.- Added (direct) dependencies on 'ring' (0.13) and 'base64' (0.10); removed 'rand' dependency
- CHANGELOG.md.
- Support for 'Microsoft' (v2.0) as a known Provider and an example.
- A 'scope' can be specificied in the authorization callback as a fallback in case it is not present in the token response. This is the case with Strava, for example.
- Types derive more of the traits in
std
, such asClone
andDebug
.
- Update 'rand' dependency to 0.7.
- Update 'url' dependency to 2.1.