rodauth-oauth 1.2.0 has been released.
rodauth-oauth is a rack-compatible toolkit for building OAuth 2.0
authorization servers, as well as OpenID Authentication Providers.
rodauth-oauth
is certified <https://openid.net/certification/> for the following profiles
of the OpenID Connect™ protocol:
Basic OP, Implicit OP, Hybrid OP, Config OP, Dynamic OP, Form Post OP.
# as simple as
rodauth do
enable :oauth_authorization_code_grant
# or
enable :oidc
end
Among its features, it supports:
* Authorization Code Grant
* Refresh Token Grant
* Implicit Grant
* Client Credentials Grant
* Device Code Grant
* Token Revocation
* Token Introspection
* Auth Server Metadata
* PKCE
* Resource Indicators
* JWT Access Tokens
* mTLS Client Authentication
* Assertion Framework
* SAML 2.0 Bearer Assertion Grant
* JWT Bearer Assertion Grant
* JWT Secured authorization requests
* Pushed Authorization requests
* Dynamic Client Registration
* OpenID
* OpenID Discovery
* OpenID Multiple Response types
* OpenID Connect Dynamic Client Registration
* OpenID Relying Party Initiated Logout
It can also be used with Rails (via the "rodauth-rails" gem).
Website: https://honeyryderchuck.gitlab.io/rodauth-oauth/
Documentation: https://honeyryderchuck.gitlab.io/rodauth-oauth/rdoc/
Wiki: https://gitlab.com/honeyryderchuck/rodauth-oauth/wikis/home
CI: https://gitlab.com/honeyryderchuck/rodauth-oauth/pipeline
These are the release notes since the last update:
## 1.2.0 (13/02/2023)
### Features
#### Pushed Authorization Requests (PAR)
RFC: https://datatracker.ietf.org/doc/html/rfc9126
`rodauth-oauth` supports Pushed Authorization Requests, via the
`:oauth_pushed_authorization_request` feature.
More info about the feature [in the
wiki](https://gitlab.com/os85/rodauth-oauth/-/wikis/Pushed-Authorization-Re….
#### mTLS Client Auth (+ certificate-bound access tokens)
RFC: https://www.rfc-editor.org/rfc/rfc8705
The `:oauth_tls_client_auth` feature adds support for the variants of
mTLS Client Authentication "PKI Mutual-TLS Method" and 2Self-Signed
Certificate Mutual-TLS Method". It also supports client certificate
bound access tokens.
More about it [in the
wiki](https://gitlab.com/os85/rodauth-oauth/-/wikis/mTLS-Client-Authenticat….
#### Dynamic Client Registration management
RFC: https://www.rfc-editor.org/rfc/rfc7592
Support for dynamci client registration management was added to the
`:oauth_dynamic_client_registration` feature.
More info about it [in the
wiki](https://gitlab.com/os85/rodauth-oauth/-/wikis/Dynamic-Client-Registra….
### Improvements
* Support for 3rd-party initiated login was added, by including
support for the `initiate_login_uri` attribute in the register route
from the `:oauth_dynamic_client_registration` feature.
* Support for multitenant resource ownership was added, here's a
[description from the
wiki](https://gitlab.com/os85/rodauth-oauth/-/wikis/How-to#scoping-grants-f….
### Bugfixes
* oidc: userinfo claims were not including claims with value `false`,
such as `"email_verified"`. This behaviour has been fixed, and only
claims of value `null` are omitted.
## 1.1.0 (10/01/2023)
## Features
### Loopback Interface Redirection URI support
https://www.rfc-editor.org/rfc/rfc8252#section-7.3
Redirect URIs based on loopback addresses ("127.0.0.1", "::1") are now
supported when used in an authorization request with an ephemeral port
(@avdigrimm).
The JRuby community is pleased to announce the release of JRuby 9.4.0.0.
- Homepage: https://www.jruby.org/
- Download: https://www.jruby.org/download
Thank you to our contributors this release, you help keep JRuby moving
forward! @ahorek, @cboos, @evaniainbrooks, @jcharaoui, @k77ch7, @knovok,
@Panxuefeng-loongson, @ydah
Thanks also to the community of JRuby users for trying out JRuby 9.4.0.0
and filing issues! We’re proud to include so many fixes in this update
release and we couldn’t have done it without your bug reports.
Ruby Compatibility
- Several fixes to keyword arguments are included in this release.
#7434, #7494, #7497, #7502, #7513, #7537, #7552, #7561, #7572, #7573,
#7574, #7583, #7592, #7593
- Random has been fixed to work properly with SecureRandom, which was
generating all zeros. #7586, #7597, #7607, #7617
Standard Library
- The Psych YAML library is updated to 5.1.0. This version switches the
JRuby extension to SnakeYAML Engine, avoiding CVEs against the original
SnakeYAML and updating YAML compatibility to specification version 1.2.
#6365, #7570, #7626
Platform Support
- Final changes to support the LoongArch64 architecture have been merged
in. #7518
Performance
- Overall JIT bytecode size has been improved, allowing more methods to
compile to JVM bytecode. The maximum IR size eligible for JIT has been
increased from 1000 instructions to 3000 instructions. #7589
84 Issues resolved for 9.4.1.0
#5534 - irb and rails console broken on windows 10
#6297 - jruby-jars profile fails on Java 11
#6365 - Psych syntax error changed in JRuby 9.2.13.0
#7112 - RSpec can’t match errors in jruby-9.4.0.0
#7434 - [9.4.0.0] IR compiler/interpreter bug:
org.jruby.ir.operands.UndefinedValue should not be used as a valid value
during execution.
#7476 - Zlib::GzipWriter cannot be properly sub-classed
#7479 - Cannot sub-class Zlib::GzipWriter and call .wrap
#7481 - Symbol#to_s returns a frozen String
#7485 - JRuby 9.4 defines Hash#index, and defines
Hash.ruby2_keywords_hash{,?} as instance methods
#7486 - Regression in 9.4 (optimizer? JIT?)
#7487 - Regression in 9.4 IRB parser
#7488 - Remove Hash index method, and fix ruby2_keywords_hash module
method
#7489 - Symbol to_s returns frozen string
#7490 - Update actions/checkout version to v3
#7491 - Enumerator using Enumerable method with Symbol#to_proc passing
wrong value to yield
#7492 - Possible regression in JRuby v9.4.0.0
#7493 - one-time-execute can sometimes contain a closure. guard it.
#7494 - Specific arity kwargs undefined
#7497 - We should not be setting callInfo anywhere but the call(site)
sans (K…
#7499 - Warnings in Rake’s extension code to FileUtils under JRuby
9.4.0.0
#7500 - “Unknown node encountered in builder” error on previously
working code
#7501 - DNodes are ListNodes and get compiled wrong in presence of a
splat.
#7502 - Excessive kwargs duplicate key warns
#7503 - [refactor] make Java embed utils generic
#7506 - JRuby 9.4.0.0 Anonymous block argument after a splat is broken
#7509 - Fix syntax error in all cases where & is a param.
#7510 - Fixes #7479. Cannot sub-class Zlib::GzipWriter and call .wrap
#7511 - Fixes #7476. Zlib::GzipWriter cannot be properly sub-classed
#7513 - Kwargy
#7518 - Support for LoongArch64
#7520 - Error running rubocop with JRuby 9.4.0.0
#7521 - FFI errno spec fails on JRuby on Windows
#7525 - ENV encoding fixes (windows)
#7526 - Refinement does not self-refine properly
#7527 - alias winapi_error to lasterror
#7529 - Enumerator#inspect produces an ASCII-8BIT encoded String
#7531 - Enumerator#inspect: Use String concatenation not just bytelist
appends
#7532 - Enumerator inspect tests
#7534 - [feat] allow enabling warnings wout changing $VERBOSE
#7535 - Refinement regression on 9.4
#7536 - Fixes #7492. define_method should use definition scope.
#7537 - Keyword argument regression in JRuby 9.4
#7539 - The :binmode keyword argument isn’t applied on Tempfile in
JRuby 9.4
#7541 - passthrough anno added
#7547 - jruby-complete cannot start irb in windows
#7549 - [ji] support converting RubyThread to a java.lang.Thread
#7550 - Fix Enumerable#zip when an argument does not have each method
#7551 - UnboundMethod#bind should use virtual include class for module
methods
#7552 - Fixes #7537. Kwargs arg regression.
#7556 - jRuby 9.4 fails to load Celluloid gem
#7557 - [ji] revert Thread#to_java behavior to stay compatible, for now
#7561 - Delegating methods must be able to set ruby2_keywords on
delegate.
#7563 - Fix comparator of Bignum and Infinity
#7564 - Fix Numeric#remainder when divisor is infinity
#7566 - Fix Float#floor and Float#round for some edge cases
#7567 - Fix missing require in mri-core tests
#7570 - New snakeyaml vulnerability has dropped, affects jruby-complete
#7571 - [refactor] warnings which assumed a message is being passed
#7572 - Keyword arguments are catched as arguments instead of keyword
arguments
#7573 - Fixes #7572. Blocks with only keywords losing keyword status.
#7574 - Simplify logic in IRBuilder for keyword arguments.
#7576 - yield from Enumerator raises “no receiver given”
#7580 - Enumerator acts differently when Symbol#to_proc is used
#7583 - Dir[] with multiple patterns fails if kwargs given.
#7586 - SecureRandom.random_number is always 0
#7589 - JIT size and perf improvements
#7591 - Fix Float#round with half even option
#7592 - Unexpected ArgumentError due to a JIT bug in JRuby 9.4.0.0
#7593 - Code was trying to make an int out of the kwargs hash.
#7594 - Attempt at making proper inflate error happen.
#7595 - Set refinement bit before building closure
#7596 - Java::JavaLang::ClassCastException when initializing instance
variable
#7597 - If no seed given, use default random for seed
#7599 - Treat send of using or refine as refinement
#7601 - Fixed launch jruby in MSYS2 environment
#7602 - Some ranges will ‘warning: … at EOL, should be parenthesized?’
#7603 - Fix errant … warning
#7606 - Use an identity map for the partial objects
#7607 - Array#sample does not honor random byte gen
#7617 - Implement ulong random logic with random bytes
#7619 - Small internal optimizations found profiling CSV
#7620 - Use Region accessors in prep for privatizing fields
#7626 - Use Psych 5.1
#7628 - RUBY_REVISION is a short sha, not the full sha like on other
Rubies
--
blog: http://blog.enebo.com twitter: tom_enebo
mail: tom.enebo(a)gmail.com
minitest-allow version 1.2.3 has been released!
* home: <https://github.com/seattlerb/minitest-allow>
* rdoc: <http://docs.seattlerb.org/minitest-allow>
Allows you to provide an exclusion list of allowed failures/errors.
Failures and errors on this list still get run and reported as usual,
but do not cause a non-zero exit code. This enables you to have a
green CI with against a list of known bad tests.
Changes:
### 1.2.3 / 2023-02-06
* 1 bug fix:
* Treat empty allow file (in yaml, nil) as empty array.
I recorded a drum solo to demo Glimmer Metronome, a Ruby-based metronome
GUI app that supports different beat counts, click sounds, and tempos,
including tap-based tempo calculation. It was built with Glimmer DSL for
SWT using JRuby to help me with my drumming practice. Glimmer Metronome
just received a new update in version 1.1.4 that adds menus and keyboard
shortcuts, thus becoming more user-friendly when using via the keyboard
alone.
https://youtube.com/shorts/F4xu13y0wTMhttps://andymaleh.blogspot.com/2023/02/drum-solo-demo-of-glimmer-metronome.…
The JRuby community is pleased to announce the release of JRuby 9.3.10.0
- Homepage: https://www.jruby.org/
- Download: https://www.jruby.org/download
JRuby 9.3.x is compatible with Ruby 2.6.x and stays in sync with C Ruby. As
always there is a mix of miscellaneous fixes so be sure to read the issue
list below.
Thank you to our community members who contributed pull requests for this
release: @ahorek
Ruby Compatibility
- Various small compatibility fixes. See the issues list.
Platform Support
- This release includes improved support for the LoongArch64 platform.
(#7260, #7590, #7608)
Regexp Regression Fix
- Fixed regression which caused longer strings to match slower. (#7484)
Issues resolved for 9.3.10.0
#5588 - OpenSSL::PKey::RSA.new without password results in terminal
input failure
#6821 - Possible unpacking issue on current 9.3.0.0 with arm64 arch
#7260 - JRuby supports a new architecture
#7484 - Regression for non matching Regexp in 9.3.4
#7514 - [fix] java_alias-ing for interface methods
#7542 - specs for pack/unpack with j and J formats failing on 32-bit
platforms
#7545 - public_method_defined? changed value after prepend unrelated
module
#7546 - Method overriding new does not have super_method from Class
#7548 - cannot use T::Struct from sorbet-runtime due to exception
#7554 - 1 « (2**40) returns 1 on JRuby
#7555 - UnboundMethod#bind should introduce include class
#7558 - Raise NoMemoryError for lshift > int max
#7559 - Etc#sysconf errors when it shouldn’t
#7560 - Improvements and greening of 9.3 CI
#7562 - Use latest mysql like sequel HEAD
#7565 - Process#spawn should call #to_io on non-IO file descriptor
objects
#7575 - Fix Method#super_method.owner pointing at wrong class
#7577 - Fix public_method_defined in presence of prepend
#7581 - Use platform bit width for J/j pack directive
#7590 - backport Update JNR dependencies
#7596 - Java::JavaLang::ClassCastException when initializing instance
variable
#7598 - instance_eval, module_eval, class_eval cannot yield to block
#7605 - Also include frame’s block for instance_eval
#7608 - Support for LoongArch64
--
blog: http://blog.enebo.com twitter: tom_enebo
mail: tom.enebo(a)gmail.com
RubyInline version 3.13.0 has been released!
* rdoc: <http://docs.seattlerb.org/RubyInline/>
* home: <http://www.zenspider.com/ZSS/Products/RubyInline/>
* code: <https://github.com/seattlerb/rubyinline>
Inline allows you to write foreign code within your ruby code. It
automatically determines if the code in question has changed and
builds it only when necessary. The extensions are then automatically
loaded into the class/module that defines it.
You can even write extra builders that will allow you to write inlined
code in any language. Use Inline::C as a template and look at
Module#inline for the required API.
Changes:
### 3.13.0 / 2023-01-31
* 1 minor enhancement:
* Error out if current ruby isn't configured for ENABLE_SHARED.
* 1 bug fix:
* Clean up examples. C++ warns about ANYARGS deprecation. Gonna have to sit with it for now.