2.0.0-alpha.1

Breaking Changes

• Drop support for reqwest 0.9 (previously enabled via the reqwest-09 feature flag); only the (default) reqwest-010 feature flag is now supported
• Migrate public API from http 0.1 to 0.2
• Drop support for futures 0.1 and remove the futures-01 and futures-03 feature flags; only async/await is now supported (without requiring any feature flags)
• Eliminate Async* traits and move the request_async methods to the underlying *Request structs
• Return error types that implement std::error::Error instead of failure::Fail
• Add Send and Sync bounds to verification functions to enable sharing across threads

NOTE: These changes track the unstable 4.x release for the oauth2 crate.

Other Changes

• Add support for the client credentials grant
• Disable deprecated OpenID Connect conformance tests

1.0.1

• Fix oauth2 version pin to 3.0
• Replace references to old master branch with main

1.0.0

• Upgrade untrusted to 0.7

1.0.0-alpha.14

Breaking Changes

• Upgrade ring to 0.16

Other Changes

• Fix UserInfo response handling when Content-Type includes a charset
• Make the retry crate only a dev dependency
• Remove hyper dev dependency
• Support application/jwk-set+json Content-Type in JWKS response
• Add Client::exchange_password method
• Switch from Rc to Arc to improve async/thread support
• Upgrade rand, itertools, and base64 dependencies
• Add AuthorizationRequest::set_redirect_url method

1.0.0-alpha.13

• Re-export oauth2::{http, url}

1.0.0-alpha.12

Breaking Changes

• Remove RefreshTokenFields and related type parameters (unnecessary since 9152d3f)
• Add either an Extension variant or #[non_exhaustive] to all exported enums; this raises the minimum supported Rust version to 1.40 but should reduce future breaking changes related to enums

Other Changes

• Update to oauth2 3.0.0-alpha.9, which includes reqwest 0.10 when the reqwest-010 feature flag is enabled
• Add CoreAuthErrorResponseType enum

1.0.0-alpha.11

Breaking Changes

• Add a None enum variant to CoreClientAuthMethod. This variant is not mentioned in the token_endpoint_auth_methods_supported definition, but it is mentioned in the Core spec cited by the former. At least one major OIDC provider uses this variant.

Bug Fixes

• Pin to version 3.0.0-alpha.8 of the oauth2 crate to avoid accidentally depending on request 0.10, which the crate does not yet support.

1.0.0-alpha.10

Breaking Changes

• Add support for async/await and pin to oauth2 3.0.0-alpha.7. Added new docs describing the various HTTP client interfaces. Special thanks to @Folyd for contributing this support.
• Enable CoreAuthenticationFlow by default since type_alias_enum_variants is stable. Effectively sets the minimum supported Rust version to 1.37.0.

Bug Fixes

• Fix deserialization bug in IdTokenClaims and UserInfoClaimsImpl that caused standard claims to be exposed to the deserializer for AC (additional claims). When using AC types that capture all of the remaining claims, this could lead to duplicate keys after re-serializing the claims.

1.0.0-alpha.9

Breaking changes

• Have EndUserPictureUrl, EndUserProfileUrl, and EndUserWebsiteUrl wrap a String instead of a Url

1.0.0-alpha.8

Breaking changes

• Make IdTokenFields::id_token and TokenResponse::id_token return an Option.
• Remove RefreshIdTokenFields now that it's identical to IdTokenFields.
• Remove higher rank trait bounds from NonceVerifier.
• Make DateTime arguments and return types owned values instead of references.

Other changes

• Add enable_openid_scope and disable_openid_scope methods to Client.
• Add require_audience_match and require_issuer_match methods to IdTokenVerifier.
• Make ID token deserialization tolerant of missing aud claim (defaults to empty Vec). Note that ID token validation will still fail unless require_audience_match is used to disable audience validation.
• Add IdToken::into_claims method.
• Add UserInfoClaims::standard_claims method.