forked from scribejava/scribejava
-
Notifications
You must be signed in to change notification settings - Fork 0
/
changelog
269 lines (221 loc) · 14.2 KB
/
changelog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
[6.9.0]
* Add Xero API (https://www.xero.com/) (thanks to https://github.com/SidneyAllen)
[6.8.1]
* make Response implements Closeable (thanks to https://github.com/omaric)
* fix Type resolution for builder pattern in ServiceBuilderOAuth10a (thanks to https://github.com/mgyucht)
* fix no Content-length errors (thanks to https://github.com/mikita-herasiutsin and https://github.com/iankurverma)
[6.8.0]
* Add debug output to OAuth2Service (thanks to https://github.com/rbarbey)
* Add Dropbox API (https://www.dropbox.com/) (thanks to https://github.com/petrkopotev)
[6.7.0]
* Add OAuth2 support for Meetup.com (thanks to https://github.com/stevedes77)
* upgrade okhttp to 4.0.1 and security fix for jackson-databind 2.9.9.1
[6.6.3]
* fix NPE for OpenId providers
[6.6.2]
* add PMD checks on compile
* add all OAuth error codes from supported RFCs (incl. "invalid_token") (thanks to https://github.com/echorebel)
* Update LinkedIn Example to API v2 (thanks to https://github.com/peternees)
* switch to jackson dependency to parse json responses (thanks to https://github.com/galimru)
[6.5.1]
* cleanup deprecates methods
[6.5.0]
* separate OAuth1.0a and OAuth2.0 ServiceBuilders,
introduce AuthorizationUrlBuilder (along with deprecation of AuthorizationUrlWithPKCE)
add possibility to provide different scopes for each Access Token request
* upgrade Facebook API from v2.11 to v3.2
* upgrade VkontakteApi from 5.73 to 5.92
[6.4.1]
* support TLS 1.3 in JDK 11 for Salesforce
* fix NPE in Apache HTTP client in case of empty body in HTTP response (e.g. with 204 response code) (thanks to https://github.com/SainagNeelamPatnaik)
* separate OAuth1.0a and OAuth2.0 classes
[6.3.0]
* fix Muplipart request model and implement it for a jdk HTTP client (thanks to https://github.com/NTPape)
* remove any Google+ mention (switch to clean Google OAuth2) (thanks to https://github.com/fvasco)
* fix Microsoft Azure AD v1.0 and v2.0 (thanks to https://github.com/kenpusney and https://github.com/oscararias)
* add new API Asana (https://asana.com/) (thanks to https://github.com/joestazak)
* state param should be used only for authorization url generation, for v2 only, for Authorization Code Grant only,
and it should be set per request, not per created OAuthService
[6.2.0]
* add new API Microsoft Azure Active Directory (Azure AD) 2.0 (thanks to https://github.com/rzukow and https://github.com/dgrudenic)
[6.1.0]
* add new API Keycloak (https://www.keycloak.org/) (thanks to https://github.com/JureZelic)
* add new API Discord (https://discordapp.com/) (thanks to https://github.com/Jokuni)
[6.0.0]
* make redirect_uri optional while Access Token requesting on OAuth 2.0 (thanks to https://github.com/computerlove)
* switch to java 9+ (from java 7 only) for compilation. Runtime is still java 7+. Complement README with links and RFC descriptions.
* switch OAuth2 Bearer Token Usage from enum OAuth2SignatureType to interface BearerSignature to be extensible
* add new API Wunderlist (https://www.wunderlist.com/) (thanks to https://github.com/M-F-K)
[5.6.0]
* remove support for obsolete NetEase (http://www.163.com/) and sohu 搜狐 (http://www.sohu.com/) (thanks to https://github.com/zawn)
* add Multipart functionality to JDK Http Client (thanks to https://github.com/eos1d3)
* switch OAuth2 ClientAuthenticationType from enum to interface ClientAuthentication to be extensible according to
https://tools.ietf.org/html/rfc6749#section-2.3.2 (thanks to https://github.com/zawn)
* add RuntimeException processing in async http clients (delivered to onError callbacks) (thanks to https://github.com/jochen314)
* check 200 status code from response in OAuth2AccessTokenExtractor (thanks to https://github.com/jochen314)
* fix case sensitive Http Headers comparison and sending Content-Type header along with content-type (thanks to https://github.com/marnix)
* add HiOrg-Server (https://www.hiorg-server.de/) API (thanks to https://github.com/MartinBoehmer)
[5.5.0]
* fix error parsing for Fitbit (thanks to https://github.com/danmana)
* optimize debug log performance impact on prod in OAuth1 and fix
NoClassDefFoundError on Android device with SDK 18 and lower (thanks to https://github.com/arcao)
* add new API - MediaWiki (https://www.mediawiki.org/) (thanks to https://github.com/lucaswerkmeister)
[5.4.0]
* fix missing support for scope for refresh_token grant_type (thanks to https://github.com/tlxtellef)
* add email field to VKOAuth2AccessToken (thanks to https://github.com/grouzen)
* add new API - Automatic (https://www.automatic.com/) (thanks to https://github.com/ramsrib)
* add new API - Fitbit (https://www.fitbit.com/) (thanks to https://github.com/JustinLawler and https://github.com/alexthered)
* deprecate OAuthConfig
* OAuth1.0: send "oob" instead of null callback while requesting RequestToken (thanks to https://github.com/Rafaelsk)
[5.3.0]
* fix Salesforce API (thanks to https://github.com/jhorowitz-firedrum)
* remove 'final' from methods in OAuth[10a|20]Service to allow mocking it
* fix Pinterest API (thanks to https://github.com/sschwieb)
* add Yahoo2 API (thanks to https://github.com/javatestcase)
* fix Tumblr urls, convert to https (thanks to https://github.com/highthunder)
* fix: allow spaces in scope param in OAuth2Accesstoken response
* add required param version to VK ВКонтакте (http://vk.com/) urls
[5.2.0-java7again]
* allow 'null' as callback. It's an optional parameter. Remove "oob" as default (thanks to https://github.com/massongit)
* java7 compatible again!
[5.1.0]
* drop optional dependency on Apache commons-codec
* add API - Dataporten (https://docs.dataporten.no/) (thanks to https://github.com/xibriz)
* add API - Microsoft Azure Active Directory (Azure AD) (thanks to https://github.com/kaushalmall)
* fix LinkedInApi20 (thanks to https://github.com/jhorowitz-firedrum)
[5.0.0]
* drop Java 7 backward compatibility support, become Java 8 only (was reverted in v5.2.0-java7again)
* add JSON token extractor for OAuth 1.0a (thanks to https://github.com/evstropovv)
* add new API - uCoz (https://www.ucoz.com/) (thanks to https://github.com/evstropovv)
* add PKCE (RFC 7636) support (Proof Key for Code Exchange by OAuth Public Clients) (thanks for suggesting to https://github.com/dieseldjango)
* switch to use HTTP Basic Authorization by default in requests with need of
(2.3. Client Authentication) https://tools.ietf.org/html/rfc6749#section-2.3 Can be overrided in API class
* add support for client_credentials grant type (thanks to https://github.com/vivin)
* add support for RFC 7009 OAuth 2.0 Token Revocation (thanks to https://github.com/vivin)
* add OAuth2Service signRequest method accepting just String, not OAuth2 Access Token Object.
Remove signRequest from abstract OAuthService. 2.0 and 1.0a will be a bit more different now.
* drop toString method from *Tokens to prevent leak of sensible data (token ans secrets) (thanks to https://github.com/rcaa)
* add Apache HttpComponents HttpClient support in separate module (thanks to https://github.com/sschwieb)
* add support for appsecret_proof in Facebook
* update Facebook v2.8 -> v2.11 (version can be configured while constructing OAuthService - use FacebookApi.customVersion("2.11"))
[4.2.0]
* DELETE in JdkClient permits, but not requires payload (thanks to https://github.com/miguelD73)
* add new API - Frappe (https://github.com/frappe/frappe) (thanks to https://github.com/revant)
* add new API - Etsy (https://www.etsy.com/) (thanks to https://github.com/efekocabas)
[4.1.2]
* LinkedIn use Header to sign OAuth2 requests
* upgrade ServiceBuilder to check apiKey preconditions compile-time (not run-time)
* update Live API (thanks to https://github.com/typhoon17)
[4.1.1]
* omit the client_secret parameter if it is an empty string while refreshing token (thanks to https://github.com/KungfuPancake)
* allow perms to be specified in Flickr Api (read, write, or delete) (thanks to https://github.com/rogerhu)
* OdnoklassnikiService should consider params in a body while signing the request (thanks to https://github.com/MrNeuronix)
* do not open OutputStream for output while sending empty body in HTTP requests in the default JDK Http client
[4.1.0]
* make client_secret optional in OAuth2 while requesting AccessToken (if set to null, it's not required by OAuth2 specs)
* move OAuth1 SignatureType from ServiceBuilder to API
* add body for PATCH HTTP method
* make addOAuthParams appendSignature methods protected in OAuth10aService (to override them in case of need) (thanks to https://github.com/vivin)
[4.0.0]
* Remove OAuthRequestAsync, just OAuthRequest. Request should know about sync vs async. Move default Http engine to JDKHttpClient.
* introduce SignatureType for OAuth2.0 to implement Bearer signing for the requests
* switch Google, GitHub, Facebook OAuth2.0 oauth requests signing to more secured recommended variant (GET-param -> header Bearer)
* introduce custom nonstandard Facebook AccessTokenErrorResponse
[3.4.1]
* Drop deprecated methods
* Move doktornarabote.ru urls to https (thanks to https://github.com/ezibrov)
[3.4.0]
* uncouple OAuthRequest and Service. OAuthRequest shouldn't know anything about OAuthservice.
You don't need OAuthService to create OAuthRequest anymore. Async request should be sent via OAuthService method.
* add support for byte[] and File (async only) payload in OAuth Requests (thanks to https://github.com/keijohyttinen)
* add support for HTTP verbs (thanks to https://github.com/keijohyttinen)
* add OkHttp http client support (thanks to https://github.com/arcao)
* add default HTTP client configs (to use like 'new ServiceBuilder().httpClientConfig(OkHttpHttpClientConfig.defaultConfig())')
* you can use your own impl of AsyncHttpClient
[3.3.0]
* update Facebook v2.6 -> v2.8
* add The Things Network API (v1-staging and v2-preview) (thanks to https://github.com/jpmeijers)
* add Box (thanks to https://github.com/MclaughlinSteve)
* fix: OAuth20Service::refreshAccessToken should use RefreshTokenEndpoint, not AccessTokenEndpoint (thanks to https://github.com/vivin)
* move signRequest method to OAuthService (common for OAuth1 and OAuth2) (thanks to https://github.com/apomelov)
* drop deprecated setConnectionKeepAlive method
[3.2.0]
* Add Naver API (thanks to chooco)
* handle OAuth2 error response for Issuing an Access Token (thanks to juherr)
[3.1.0]
* fix OdnoklassnikiServiceImpl signature, params for hash must be sorted in lexicographic order, see http://new.apiok.ru/dev/methods/
* add posibility to use externally created http client
* make ScribeJava compilable under jdk7 (checkstyle downgraded for jdk 1.7)
* add travis CI (check [oracle|open]jdk7 oraclejdk8)
[3.0.0]
* create abstract HTTP Client layer to support different HTTP clients as plugins (AHC and Ning support becames maven submodules)
* remove changing global JVM property http.keepAlive, deprecate controlling this property inside of ScribeJava (thanks to wldaunfr and rockihack)
[2.8.1]
* add Salesforce sandbox API support
[2.8.0]
* add Salesforce API
* update Linked In API
[2.7.3]
* FIX: ScribeJava shouldn't require all async http client provider to be on the classpath if using only one of them
[2.7.2]
* FIX: ScribeJava shouldn't require any async http client provider to be on the classpath (neither ning neither AHC)
[2.7.1]
* do not hide checked IOException in unchecked IllegalArgumentException
[2.7.0]
* make http async client implementation be more pluggable
* add async-http-client 2.0 support (thanks to Sai Chandrasekharan https://github.com/saichand)
* add Misfit (http://misfit.com/) API
* implement async version getting Request Token for OAuth 1.0a
[2.6.0]
* simplify async/sync usages
* add optional "User-Agent" config option to use while making http calls
* refactor usage of grant_type [authorization_code|refresh_token|password|etc]
* add Genius.com API authentication (OAuth2)
* fix GitHub API
* standardize authorization url generation for OAuth2
* update Facebook to v2.6
* cleanup: drop old APIs without Examples and with outdated domains
[2.5.3]
* fix - do not send two Content-Type header in async requests
* improve OK example
[2.5.2]
* add Google Async Exmaple (with bugfix for it to work)
* add OSGI manifest metadata
* apiSecret is not mandatory parameter in config (to use on client sides and other flows without need of the API secret)
* implement OAuth2 Authorization Response parsing in the OAuth20Service (to extract code and state from url, useful for Android)
* update ok.ru API urls, add 'state' support, add refresh token to the example
[2.4.0]
* APIs 2.0 can define different endpoints for access token and for refresh token (the same urls by default)
* mark Facebook doesn't support refresh token by throwing UnsupportedOperationException
* make JSON Access Token Extractor be the default for OAuth 2.0 (according to RFC 6749)
* drop Google OAuth 1.0 support (OAuth 1.0 was officially deprecated by Google)
* add response_type parameter to the ServiceBuilder/OAuthConfig to use not only "code" for authorization code
* remove Verifier object, we just need Strings, 'code' for OAuth2 and 'oauthVerifier' for OAuth1
* default HTTP verb for OAuth 2.0 Access Token EndPoint is POST (http://tools.ietf.org/html/rfc6749#section-3.2)
* send missed headers in async version (as in sync)
* support 'password' grant_type for OAuth 2.0
[2.3.0]
* Stack Exchange authentication via OAuth 2.0 (stackoverflow.com, askubuntu.com, etc.).
* Support response in gzip.
* differentiate OAuth1 Access token, OAuth 1 Request Token and OAuth 2 Access token, make them conforms RFCs
* OAuth 1 APIs can choose whether to pass empty oauth_token param in requests
* Support refresh tokens for OAuth2 (very thanks to P. Daniel Tyreus https://github.com/pdtyreus)
[2.2.2]
* make all APIs to be extentable (have protected constructors, useful for testing)
[2.2.1]
* Update Facebook API v2.2 -> v2.5
* Update hh.ru urls
[2.2.0]
* Let GoogleApi20 supports OOB
* Updated Imgur API to OAuth2
* force not to instantiate stateless APIs. Use provided singletons
* reduce OAuthService abstraction for OAuth1 and OAuth2. Separate OAuth(1|2)Services
[2.1.0]
* add Pinterest API
[2.0.1]
* small code enhancements
[2.0]
* merge back SubScribe fork to the ScribeJava
for previous changes see
v1-changelog - changelog for 1.x version
v2pre-changelog - changelog for SubScribe fork