Changelog for the omniauth-bigcommerce gem.
- Fix
credentialsblock to return the bearer token string (access_token.token) rather than the fullOAuth2::AccessTokenobject; also restoresrefresh_token,expires_at, andexpiresfields that the previous override was silently dropping - Fix
callback_urldouble-prependingscript_namein mounted Rack apps —OmniAuth::Strategy#callback_pathalready includesscript_name, so the override no longer adds it again - Tighten
omniauth-oauth2lower bound to>= 1.7.3to prevent a BundlerVersionConflictwithoauth2 >= 2.0.22for consumers that would otherwise resolve to 1.5.0–1.7.2
- Upgrade
oauth2gem to>= 2.0.22, < 3to address GHSA-pp92-crg2-gfv9 (protocol-relative redirect leaking bearer tokens) - Explicitly set
auth_scheme: :request_bodyto preserve client-credential behavior across the oauth2 2.x default change to:basic_auth - Drop support for Ruby < 3.3; supported versions are now Ruby 3.3, 3.4, and 4.0
- Ensure
oauth2gem is below 2.0
- Adds account_uuid to response payload
- Add Standard BigCommerce OSS Documentation
- Upgrade
oauth2gem to 1.4.4 or above
- Upgrade
oauth2gem to be between 1.3.1 and 1.4.1
- Upgrade
oauth2gem to 1.3.x - Upgrade
omniauth-oauth2gem to >= 1.5 - Add copyright notices
- Remove
gitcli dependency from gemspec
- Initial public release