# Changelog
## v2.1.0 (2022-11-29)
### Improvements
- Now you can have a lot more control over your http client, including
selecting what client you are using from the adapters available for
[Tesla](https://github.com/elixir-tesla/tesla).
You can also easily add logging and tracing with middleware.
### Backward Incompatible Changes
- No longer directly using hackney it's still possible to use it through a
Tesla adapter. To keep all your tweaks working correctly you'll need to
add these settings:
In mix.exs
```elixir
# mix.exs
defp deps do
# Add the dependency
[
{:oauth2, "~> 2.0"},
{:hackney, "~> 1.18"} # This is the new line you need to add
]
end
```
In config:
```elixir
config :oauth2, adapter: Tesla.Adapter.Hackney
```
## v2.0.1 (2022-06-20)
### Bug fixes
- Fix incorrect Accept header when requesting token
## v2.0.0 (2019-07-15)
### Bug fixes (possibly backwards incompatible)
- Ensure that the OAuth client is authenticated via Authorization header as
described in the spec (#131).
## v1.0.1 (2019-04-12)
### Bug fixes
- Always use the provided serializer if one is registered (#132)
## v1.0.0 (2019-03-13)
### Backward Incompatible Changes
- There is no longer a default serializer for `application/json`. Please make
sure to register a serializer with `OAuth2.Client.put_serializer/3`.
- Serializers are now registered via `OAuth2.Client.put_serializer/3`.
This change allows applications wrapping `oauth2` a way to provide default
serializers without requiring the user to manually configure a serializer.
## v0.9.4 (2018-10-18)
### Improvements
- Relaxed `hackney` version requirements
## v0.9.3 (2018-08-13)
### Bug fixes
- Various type specs fixed
## v0.9.2 (2017-11-17)
### Bug fixes
- Updates the `OAuth2.Client.get_token!` function to handle error `OAuth2.Response` structs.
## v0.9.1 (2017-03-10)
### Improvements
- Fix dialyzer warnings.
- Update `hackney` to `1.7`
### Bug fixes
- De-dupe headers.
## v0.9.0 (2017-02-02)
### Improvements
- Remove deprecated usage of `Behaviour` and `defcallback`
- Provides better support for configuring `request_opts` that will be used on
every request. This is useful for configuring SSL options, etc.
- Provides support for `hackney`s streaming of responses.
- Better warnings when a serializer isn't properly configured.
### Backward Incompatible Changes
- Responses with status codes between `400..599` will now return `{:error, %OAuth2.Response{}}` instead of `{:ok, %OAuth2.Response{}}`
- When using the `!` versions of functions, `{:error, %OAuth2.Response{}}` will
be converted to an `%OAuth2.Error{}` and raised.
## v0.8.3 (2017-01-26)
- Fix compile-time warnings for Elixir 1.4
- Fix dialyzer warnings on `@type params`
- Fix `content-type` resolving when there are multiple params
- Return the same refresh token unless a new one is provided
- Raise an exception when missing serializer configuration
## v0.8.2 (2016-11-22)
### Bug Fixes
- Fixed an issue in handling non-standard `expires` key in access token
requests.
## v0.8.1 (2016-11-18)
### Improvements
- Added the ability to debug responses from the provider.
### Bug Fixes
- Fixed regression in handling `text/plain` content-type for tokens in #74
## v0.8.0 (2016-10-05)
### Improvements
- Added `OAuth2.Client.basic_auth/1` convenience function.
### Bug Fixes
- Fixed broken `RefreshToken` strategy reported in #66
- Fixed an issue where checking the `content-type` was defaulting to
`application/json` causing Poison to explode.
## v0.7.0 (2016-08-16)
### Improvements
- Add support for custom serializers based on MIME types.
- Remove dependency on `HTTPoison` in favor of using `hackney` directly.
- Remove dependency on `mimetype_parser`.
- `Poison` is now only a `test` dependency.
### Bug Fixes
- `expires_in` values that are returned as strings are now properly parsed into integers for `expires_at`.
### Backward Incompatible Changes
Prior to version `v0.7.0` `OAuth2.Client` was primarily used for the purpose
of interfacing with the OAuth server to retrieve a token. `OAuth2.Token` was
then responsible for using that token to make authenticated requests.
In `v0.7.0` this interface has been refactored so that an `OAuth2.Client` struct
now references an `OAuth2.Token` directly and many of the action methods have
been moved so that they are called on `OAuth2.Client`, with an instance of the
client struct as their first argument.
Please consult the [README](https://github.com/scrogson/oauth2/blob/v0.7.0/README.md) for an example of general usage to retrieve a token and make a request.
The following methods have been moved and adjusted so that they take a `OAuth2.Client.t` which contains a token, rather than a token directly:
- `OAuth2.AccessToken.get` -> `OAuth2.Client.get`
- `OAuth2.AccessToken.get!` -> `OAuth2.Client.get!`
- `OAuth2.AccessToken.put` -> `OAuth2.Client.put`
- `OAuth2.AccessToken.put!` -> `OAuth2.Client.put!`
- `OAuth2.AccessToken.patch` -> `OAuth2.Client.patch`
- `OAuth2.AccessToken.patch!` -> `OAuth2.Client.patch!`
- `OAuth2.AccessToken.post` -> `OAuth2.Client.post`
- `OAuth2.AccessToken.post!` -> `OAuth2.Client.post!`
- `OAuth2.AccessToken.delete` -> `OAuth2.Client.delete`
- `OAuth2.AccessToken.delete!` -> `OAuth2.Client.delete!`
- `OAuth2.AccessToken.refresh` -> `OAuth2.Client.refresh_token`
- `OAuth2.AccessToken.refresh!` -> `OAuth2.Client.refresh_token!`
Additionally, the following methods have been moved to `OAuth2.Request`
- `OAuth2.AccessToken.request` -> `OAuth2.Request.request`
- `OAuth2.AccessToken.request!` -> `OAuth2.Request.request!`
Diff: https://github.com/scrogson/oauth2/compare/v0.6.0...v0.7.0
## v0.6.0 (2016-06-24)
### Improvements
- Use Poison ~> 2.0
- Reset client headers after fetching the token
### Bug Fixes
- Fix up auth code flow to match the RFC
Diff: https://github.com/scrogson/oauth2/compare/v0.5.0...v0.6.0
## v0.5.0 (2015-11-03)
### Improvements
- You can now request a refresh token with `OAuth2.AccessToken.refresh`. The `!` alternative is also available.
- Added `Bypass` for improved testability.
- `Plug` is no longer a direct dependency. It is only included as a test dependency through the `Bypass` library.
- `OAuth2.AccessToken` now supports `DELETE` requests with `delete` and `delete!`
- More tests!
### Bug Fixes
- Params are no longer sent in both the body and as a query string for `POST` requests with `OAuth2.Client.get_token`
- Responses will no longer be parsed automatically if the `content-type` is not supported by this lib. Registering custom parsers is a future goal for this library.
- Errors are now properly raised when they occur.
### Backwards Incompatible Changes
- `OAuth2.new/1` has been removed. Use `OAuth2.Client.new/1` instead.
Diff: https://github.com/scrogson/oauth2/compare/v0.4.0...v0.5.0
## v0.4.0 (2015-10-27)
### Additions/Improvements
- `OAuth2.AccessToken` now supports: `post`, `post!`, `put`, `put!`, `patch`, and `patch!`.
- Better documentation
- Test coverage improved
### Bug fixes
- Empty response bodies are no longer decoded
### Breaking changes
- `OAuth2.AccessToken.get!/4` now returns `OAuth2.Response{}` instead of just the parsed body.
### Acknowledgments
Thanks to @meatherly, @dejanstrbac, and @optikfluffel for their contributions!
Diff: https://github.com/scrogson/oauth2/compare/v0.3.0...v0.4.0
## v0.3.0 (2015-08-19)
Bump `Plug` dependency to `1.0`.
Diff: https://github.com/scrogson/oauth2/compare/v0.2.0...v0.3.0
## v0.2.0 (2015-07-13)
- `:erlang.now` was replaced with `:os.timestamp` for compatibility with Erlang 18
- You can now pass options to the `HTTPoison` library with `OAuth2.Client.get_token/4` and `OAuth2.Client.get_token!/4`
Diff: https://github.com/scrogson/oauth2/compare/v0.1.1...v0.2.0
## v0.1.1 (2015-04-18)
- Remove compilation warnings.
- Fix `request_body` function for `ClientCredentials`
Diff: https://github.com/scrogson/oauth2/compare/v0.1.0...v0.1.1
## v0.1.0 (2015-04-14)
This release bring breaking changes and more documentation.
Please see the [README](https://github.com/scrogson/oauth2/blob/v0.1.0/README.md) or [Hex Docs](http://hexdocs.pm/oauth2/0.1.0) for more details.
Diff: https://github.com/scrogson/oauth2/compare/v0.0.5...v0.1.0
## v0.0.5 (2015-04-11)
- Handles Facebook `expires` key for Access Tokens.
- Ensure the token type defaults to 'Bearer' when it is not present.
Diff: https://github.com/scrogson/oauth2/compare/0.0.3...v0.0.5
## v0.0.3 (2015-01-12)
- Relax version requirements for Poison.
## v0.0.2 (2015-01-10)
This release brings Password and Client Credentials strategies.
http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.3
http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.4
## v0.0.1 (2014-12-07)
Initial release.
This initial release includes a functional authorization code strategy: http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.1
