2.10.2

Only validate id and access tokens on the initial callback when received

Don't invoke validation and a http request to well known jwks when decoding a previously validated id or access token

Fixes #160

2.10.1

This scope of work was for maintenance of the repo and a cleanup the documentation related to token helpers and methods on the api_client. Main changes are that on the initial user callback, access and id tokens are validated to ensure the JWT's have not been tampered with in any way!

Notable changes: none are breaking

2.10.1 bumps version & add indifferent access

• new token helper accessible & corresponding documentation in readme
• Lots of specs 🥳
• A few other OAS updates from recent release

token_expired?
validate_tokens(token_set)
validate_state(params)
decode_jwt(tkn)
access_token
id_token
decoded_access_token
decoded_id_token

2.10.0

This scope of work was for maintenance of the repo and a cleanup the documentation related to token helpers and methods on the api_client. Main changes are that on the initial user callback, access and id tokens are validated to ensure the JWT's have not been tampered with in any way!

Notable changes: none are breaking

• new token helper accessible & corresponding documentation in readme
• Lots of specs 🥳
• A few other OAS updates from recent release

token_expired?
validate_tokens(token_set)
validate_state(params)
decode_jwt(tkn)
access_token
id_token
decoded_access_token
decoded_id_token

2.9.1

Fixes #151
Fixes #145

Some technical talk on #145 that proved out there was an issue with production batch background job usage where multiple threads were stomping on each others global configuration of the gem.

Description

This PR addresses the global nature to any of the sensitive fields and creates testable, instances of a XeroRuby Client that won't ever overwrite another thread's previous configuration..

In essence it clones the default configuration for each instance, rather than inherit from the object/class.

Changes

• fixes proper optionality of the config in #151 (cc @carlospeix)
• clones the default config and applies any user init changes
• Makes each configuration option editable, strictly to the instance of the client
• allows for the setting of an id_token on the xero_client
• infers the base url programmatically based on the method scope
• some fixes for the docs
• a few odds and ends based on recent open api spec

Release Notes

• production bug
• background process / thread safety vulnerability patch

Types of Changes

• Bug fix

cc: @nikz // @CyberFerret // @armstrjare thank you all for the discourse in figuring this one out. Dm me @ w/ your address i'd like to send you some Xero swag as thanks.

---

small breaking change to the upload_file api

This:

@folder = xero_client.files_api.get_folders(current_user.active_tenant_id).last
    file_name = "xero-api.png"
    file = File.new(Rails.root.join('app/assets/images/xero-api.png'))
    opts = {
      folder_id: @folder.id,
      body: file,
      name: file_name,
      filename: file_name,
      mime_type: 'image/png'
    }
    @file = xero_client.files_api.upload_file(current_user.active_tenant_id, opts)

Changed to this

@folder = xero_client.files_api.get_folders(current_user.active_tenant_id).last
file_name = "xero-api.png"
file = File.new(Rails.root.join('app/assets/images/xero-api.png'))
opts = {
  folder_id: @folder.id,
  mime_type: 'image/png'
}
@file = xero_client.files_api.upload_file(current_user.active_tenant_id, file, file_name, file_name, opts)

2.9.0

Fixes:

• #140 - Timeout config is ignored
• #129 - Api client mutates given option parameters
• Adds specs / docs / and cleanup around the 2 issues

Thank you @irwalker & @saboter ping me @ if you want some @xero swag :)

2.8.2

Full credit for @grahamsawers - thank you for the contribution.

---

PR escapes the scopes param in the authorisation url.

The scopes are provided as a space-seperated list and added to the url without escaping the spaces. As a result the #authorization_url method on the XeroRuby::ApiClient does not return a valid url. I used CGI to escape the param as URI.escape has been deprecated.

Also fixed the require in a couple of specs where it was using a relative path as this was stopping the specs from running.

2.8.1

This PR introduces beta accounting documentation generated from the Open API Spec.

The goal is to create simpler, more interactive docs for developers. Improving discoverability by having language specific endpoint examples.

https://xeroapi.github.io/xero-ruby/accounting/index.html

There are a few known misnomers, such as some cameCase variable names, so please report any issues so we can make this 100% accurate over time 🥳

2.8.0

Renamed #attributes to #to_attributes

Fixes #132

This is a small breaking change as there was a name collision on the report model/sub models (cell) that actually had the name nested attribute name of attribute. This was causing a stack level error when rendering the report .to_json due to an unintended loop.

Bumping this only a .. version as it is fixing a live bug and not a net new breaking change.

2.7.1

Adds the #revoke_token ability to the ruby SDK. This completely wipes out an API connection, unlike the #disconnect method which just removes the tenant/org from the access_token/refresh_token permissions.

Adds the refactor from our friend @mogest - who beefed up the tests surrounding the where/sort/filtering and extracted that functionality into helper modules.

Lots of typos fixes from work on the Open API spec

A few type changes from bugs reported in other SDKs.

--

Removes the rails dependency of an assumed base64 import, and removes .blank?

2.6.2

Fix interpolation bug reported by @simbiont123

#121