Skip to content

Commit

Permalink
Merge pull request #174 from pow-auth/v0.3-hard-deprecations
Browse files Browse the repository at this point in the history
Hard deprecations for v0.3
  • Loading branch information
danschultzer authored Dec 29, 2024
2 parents b6c3ac8 + 80ba9d3 commit 2dc60fe
Show file tree
Hide file tree
Showing 13 changed files with 21 additions and 655 deletions.
276 changes: 11 additions & 265 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,273 +1,19 @@
# Changelog

## v0.2.12 (2024-12-29)

* `Assent` now has a module doc

## v0.2.11 (2024-12-29)

* Default to using `JSON` instead of `Jason` for JSON parsing on Elixir 1.18
* `Assent.Strategy.OAuth2` now supports `:state` config option
* `Assent.Strategy.OAuth2` `:state` override in `:authorization_parms` has been deprecated
* `Assent.Strategy.OIDC` now supports `none` authentication method
* `Assent.Strategy.Bitbucket` added
* `Assent.Strategy.Twitch` added
* `Assent.Strategy.Telegram` added
* `Assent.Strategy.Zitadel` added
* `Assent.Strategy.Facebook.fetch_user/2` fixed bug with user not being decoded
* `Assent.Strategy.OAuth2` now supports PKCE
* `Assent.Strategy.OAuth2.Base.authorize_url/2` incomplete typespec fixed
* `Assent.Strategy.decode_response/2` deprecated accepting result tuples and now accepts `Assent.HTTPAdapter.HTTPResponse` structs
* `Assent.Strategy.request/5` deprecated in favor of `Assent.Strategy.http_request/5`
* `Assent.Strategy.decode_response/2` deprecated in favor of `Assent.HTTPAdapter.decode_response/2`
* `Assent.Config.get/3` deprecated in favor of `Keyword.get/3`
* `Assent.Config.put/3` deprecated in favor of `Keyword.put/3`
* `Assent.Config.merge/2` deprecated in favor of `Keyword.merge/2`
* `Assent.Config.t()` type deprecated in favor of `Keyword.t()` type
* `Assent.Config.fetch/2` deprecated in favor of `Assent.fetch_config/2`

## v0.2.10 (2024-04-11)

Requires Elixir 1.13+

- Fixed bug with trailing slash in `:base_url` not being ommitted when concatenating with relative path

## v0.2.9 (2023-11-22)

- Fixed bug where `Req` was not used by default if included in project
- `Assent.Strategy.Httpc.request/5` now sets content length header

## v0.2.8 (2023-11-19)

`Req` will be used by default if available in your project, otherwise `:httpc` will be used.

- `Req` HTTP adapter added
- `Req` supported by default as HTTP client
- Global application config support for HTTP and JWT adapters
- More expressive errors now including the whole HTTP response where applicable
- Deprecated `:site` config in favor of `:base_url` config

## v0.2.7 (2023-09-12)

* `Assent.Strategy.Strava` added

## v0.2.6 (2023-08-26)

* Added `Assent.HTTPAdapter.Finch`
* Deprecated `Assent.HTTPAdapter.Mint`

## v0.2.5 (2023-08-21)

* `Assent.Strategy.Spotify` added

## v0.2.4 (2023-08-20)

* Fixed bug in `Assent.JWTAdapter.AssentJWT` where `verified?` could be a `{:error, term()}` tuple rather than boolean
* Improved message on private key file load error

## v0.2.3 (2023-03-23)

* Removed `:castore` version requirement
* `Assent.Strategy.Httpc.request/5` raises error when SSL certificate can't be validated

## v0.2.2 (2023-02-27)

* Fixed bug to handle 201 success response
* `Assent.Strategy.OIDC` now has support for multiple audiences
* `Assent.Strategy.OIDC` now permits any auth method if no `token_endpoint_auth_methods_supported` specified
* `Assent.Strategy.Linkedin` added

## v0.2.1 (2022-09-15)

* Default to using `Jason` instead of `Poison` for JSON parsing
* Fixed `Bitwise` warning when running on Elixir 1.14

## v0.2.0 (2022-03-01)
## v0.3.0 (TBA)

**This release consists of breaking changes.**

In previous `Assent.Strategy.Slack` strategy, the `sub` user id field consisted of `{SUB}-{TEAM}`. Slack has migrated to OpenID Connect, and the response has been conformed to OIDC. The `sub` will now only consists of the `sub` id, and not include team id. To succesfullly migrate to this release all slack identity records storing the `sub` user id field has to be updated.

If you wish to continue using the previous `sub` user id a custom OIDC strategy can be used instead:

```elixir
defmodule Slack do
use Assent.Strategy.OIDC.Base

alias Assent.Strategy.Slack

defdelegate default_config(config), to: Slack

def normalize(config, user) do
user = Map.put(user, "sub", "#{user["https://slack.com/user_id"]}-#{user["https://slack.com/team_id"]}")

Slack.normalize(config, user)
end
end
```

* `Assent.Strategy.OIDC.fetch_user/2` now removes the ID token specific keys from the user claims instead of normalizing
* `Assent.Strategy.OIDC.Base` now adds `normalize/2` to the macro that will include the full user claims in the user params
* `Assent.Strategy.Slack` now uses OpenID connect instead of legacy OAuth 2.0, please note that the `sub` value may have changed

## v0.1.28 (2021-09-30)

* `Assent.Strategy.OIDC` bug fixed so it handles unreachable urls correctly

## v0.1.27 (2021-08-21)

* `Assent.Strategy.OIDC` bug fixed for `normalize/2` macro callback

## v0.1.26 (2021-05-27)

* `Assent.constant_time_compare/2` no longer outputs a deprecation warning for OTP 24

## v0.1.25 (2021-04-09)

* `Assent.Strategy.Apple` has been fixed to handle the JSON encoded user in callback params

## v0.1.24 (2021-03-22)

* `Assent.Strategy.OIDC.Base.authorize_url/2` now has correct type specs

## v0.1.23 (2021-03-01)

Updated to support OTP 24 and no longer support OTP < 22.1

* `Assent.Strategy.OIDC` now handles missing `id_token` in token params

## v0.1.22 (2021-01-08)

* `Assent.Strategy.OAuth2.fetch_user/4` now accepts headers in arguments
* `Assent.Strategy.AzureAD` bug fixed so it now uses the `RS256` alg

## v0.1.21 (2020-12-29)

* `Assent.Strategy.OAuth` now handles missing params in callback phase
* `Assent.Strategy.Twitter` now handles access denied callback

## v0.1.20 (2020-12-10)

* `Assent.Strategy.Stripe` added
* `Assent.Strategy.to_url/3` now handles nested query params
* `Assent.Strategy.OAuth2` no longer removes padding for base64 encoding authorization header
* `Assent.Strategy.OIDC.validate_id_token/2` now supports dynamic OpenID configuration
* `Assent.Strategy.OIDC.fetch_userinfo/2` now supports dynamic OpenID configuration

## v0.1.19 (2020-11-25)

* Updated docs to detail `:inets` compilation
* `Assent.OAuth2.authorize_url/1` now returns the state, if defined, from `authorization_params`

## v0.1.18 (2020-11-08)

* Removed `oauther` dependency

## v0.1.17 (2020-11-05)

* Relax `mint` requirement

## v0.1.16 (2020-10-21)

**Warning:** This release has breaking changes.

All `get_user/2` functions has been renamed to `fetch_user/2` as they return `{:ok, res}`/`{:error, res}` tuples.

* `Assent.OAuth.get/4` removed in favor of `Assent.OAuth.request/6`
* `Assent.OAuth2.get_access_token/3` renamed to `Assent.OAuth2.grant_access_token/3`
* `Assent.OAuth2.get/4` removed in favor of `Assent.OAuth2.request/6`

## v0.1.15 (2020-10-18)

* `Assent.Strategy.OIDC.validate_id_token/2` has a bug fixed where `alg` was not validated correctly
* `Assent.Strategy.OIDC` now has an `:id_token_signed_response_alg` configuration option
* `Assent.Strategy.LINE` added

## v0.1.14 (2020-10-11)

* `Assent.Strategy.OAuth2.get_access_token/3` added
* `Assent.Strategy.OAuth2.refresh_access_token/3` added
* `Assent.Strategy.OAuth2.authorization_headers/2` is no long a public function
* `Assent.Strategy.Apple` updated to handle `name` scope

## v0.1.13 (2020-07-14)

* `Assent.Strategy.DigitalOcean` added

## v0.1.12 (2020-05-24)

* `Assent.Strategy.OAuth2.authorization_headers/2` now capitalizes the token type in the authorization header
* `Assent.Strategy.OIDC.callback/2` now calls the strategy `get_user/2` method before any ID token validation
* `Assent.Strategy.OIDC.validate_id_token/2` added
* `Assent.Strategy.OIDC.fetch_userinfo/2` added
* `Assent.Strategy.OIDC` no longer fetches the userinfo by default instead using the claims in the ID Token

## v0.1.11 (2020-05-16)

* `Assent.Strategy.OAuth2.callback/2` now requires `:session_params` to be set in the config
* `Assent.Strategy.OIDC.callback/2` now requires `:session_params` to be set in the config
* `Assent.Strategy.OAuth2` now uses constant time comparison for state
* `Assent.Strategy.OIDC` now uses constant time comparison for nonce
* `Assent.Strategy.Httpc.request/5` bug fixed for certificates that has wildcard domain with SAN extension
* `Assent.Strategy.Mint.request/5` bug fixed for certificates that has wildcard domain with SAN extension

## v0.1.10 (2020-04-23)

Now requires Mint 1.0.0 or higher.

* `Assent.Strategy.Instagram` now accepts `:user_url_request_fields` config option and passes `fields` params to the `/me` point

## v0.1.9 (2020-04-23)

Now requires Elixir 1.7 or higher.

* `Assent.Strategy.Instagram` now uses the Instagram Graph API
* `Assent.Strategy.OIDC` bug fixed when no `:session_params` set in config

## v0.1.8 (2020-02-15)

* `Assent.Strategy.Github` now provides `email_verified` value
* `Assent.Strategy.Gitlab` now provides `email_verified` value
* `Assent.Strategy.Google` fixed to provide correct `email_verified` value
* `Assent.Strategy.Twitter` now provides `email_verified` value

## v0.1.7 (2020-02-10)

* Fix `Assent.HTTPAdapter.Mint` where `:unknown` responses where not handled correctly

## v0.1.6 (2020-01-30)

* `Assent.Strategy.AzureAD` now uses auth code flow instead of hybrid flow

## v0.1.5 (2020-01-13)

* Removed unused `:resource` param in `Assent.Strategy.AzureAD`
* Added "email profile" to scope in `Assent.Strategy.AzureAD`
* Use `response_mode=form_post` for `Assent.Strategy.AzureAD`
* Updated `Assent.Strategy.OAuth2` to handle access token request correctly when `:auth_method` is `nil` per RFC specs
* Changed `Assent.Strategy.Apple` to use OIDC strategy and verify the JWT
* Changed `Assent.Strategy.OIDC` to update token with the expanded JWT as the `id_token`
* Fixed bug in `Assent.HTTPAdapter.Mint` with query params not being included in request

## v0.1.4 (2019-11-09)

* Support mint up to `v1.0.x`
* Fixed bug in `Assent.JWTAdapter.JOSE` where `nil` secret value raised an exception
* Fixed bug in `Assent.JWTAdapter.AssentJWT` where ECDSA algorithms didn't generate or verify valid signatures

## v0.1.3 (2019-10-27)

* Fixed bug in `Assent.Strategy.Github` where multiple emails for account resulted in the verified primary e-mail not being returned

## v0.1.2 (2019-10-08)

* Require `:redirect_uri` is set in the config of `Assent.Strategy.OAuth2.callback/3` instead of as `redirect_uri` in the params

## v0.1.1 (2019-10-07)
### Breaking changes

* Relax mint requirement
* Fix bug in `Assent.HTTPAdapter.Mint` where HTTP/2 responses wasn't parsed correctly
* `:site` configuration option removed, use `:base_url` instead
* `Assent.Strategy.OAuth2.authorize_url/2` no longer allows `:state` in `:authorization_params`
* `Assent.Strategy.decode_response/2`removed, use `Assent.HTTPAdapter.decode_response/2` instead
* `Assent.Strategy.request/5` removed, use `Assent.Strategy.http_request/5` instead
* `Assent.MissingParamError` no longer accepts `:expected_key`, use `:key` instead
* `Assent.HTTPAdapter.Mint` removed
* `Assent.Config` removed

## v0.1.0 (2019-10-06)
## v0.2

* Initial release
The CHANGELOG for v0.2 releases can be found [in the v0.2 branch](https://github.com/pow-auth/assent/blob/v0.2/CHANGELOG.md).
15 changes: 0 additions & 15 deletions lib/assent.ex
Original file line number Diff line number Diff line change
Expand Up @@ -45,21 +45,6 @@ defmodule Assent do
params: map()
}

# TODO: Deprecated, remove in 0.3
def exception(opts) do
opts =
case Keyword.fetch(opts, :expected_key) do
{:ok, key} ->
IO.warn("The `expected_key` option is deprecated. Please use `key` instead.")
[key: key, params: opts[:params]]

:error ->
opts
end

struct!(__MODULE__, opts)
end

def message(exception) do
key = inspect(exception.key)
param_keys = exception.params |> Map.keys() |> Enum.sort() |> inspect()
Expand Down
49 changes: 0 additions & 49 deletions lib/assent/config.ex

This file was deleted.

Loading

0 comments on commit 2dc60fe

Please sign in to comment.