Revision history for Mojolicious-Plugin-OAuth2-Server
0.20 2015-06-25
- auth codes, access tokens, and refresh tokens returned can now be
JWTs (implemented via Mojo::JWT). this allows validation without
database lookup *should you want to do that*
- this allows the "simple" usage of the plugin to be persistent and
multi process compat by supplying a jwt_secret - although you lose
the automatic token revoking capabilities of the module when doing
this. see the examples, tests, and perldoc for more information
0.11 2015-03-19
- update examples/oauth2_client.pl to work with latest version of
Mojolicious::Plugin::OAuth2. point to examples/ in the perldoc
- tweaks to perldoc to highlight that this is an implementation of
the "Authorization Code Grant" flow
0.10 2015-03-17
- change token_type to be Bearer rather than bearer as this maps better
for use in the Authorization header
0.09 2015-03-16
- fix refresh_token check to prevent it being used as an access token.
this adds an extra argument ($is_refresh_token) to the method that
is called to _verify_access_token
0.08 2015-02-12
- stipulate CryptX in the Makefile.PL rather than Crypt::PRNG, as the
latter doesn't have a VERSION number so causes dependency check to
fail (thanks to reneeb for the report/fix)
- some tweaks in examples
0.07 2015-02-11
- call verify_client before redirecting to login / confirm scopes
as there's no point logging a user in, etc, if the client is bad
- make _verify_access_token return a list as _verify_auth_code so
we can report the failure reason in a meaningful way.
- add example schema and code for using the module with a relational
database
- harden token generation function using Crypt::PRNG random_string
0.06 2015-02-10
- test and documentation for flash + redirect in a full fat app
0.05 2015-02-07
- use warnings and fix any raised by tests
0.04 2015-02-06
- refatoring and consistency tweaks
0.03 2015-02-06
- fix regexp in tests to be looser
0.02 2015-02-06
- POD tweaks
- set minimum perl version (5.10.1)
0.01 2015-02-06
- First release inspired by frustration, confusion, and hate when trying
to implement OAuth2 resource/auth server using existing CPAN modules