Skip to content

Update Rust crate oauth2 to v5 #148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update Rust crate oauth2 to v5 #148

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 21, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
oauth2 dependencies major 4 -> 5

Release Notes

ramosbugs/oauth2-rs (oauth2)

v5.0.0

Compare Source

Refer to the Upgrade Guide for tips on how to upgrade from 4.x.

Changes since 5.0.0-rc.1

Bug Fixes

  • Improve HttpClientError::Reqwest error message (9a2b746)

Full Changelog: ramosbugs/oauth2-rs@5.0.0-rc.1...5.0.0

Summary of changes since 4.4.2

Breaking Changes

  • Replace TokenResponse generic with associated type (30ced32)
  • Return impl Future instead of Pin<Box<dyn Future>> to fix Send/Sync bounds (6e583bd)
  • Bump http to 1.0 and reqwest to 0.12 (408ecab)
  • Add conditional typestates (replacing Boolean typestates from 5.0.0-alpha.1) (85ea470)
  • Consolidate HTTP client errors into oauth2::HttpClientError and flatten exports (e.g., oauth2::reqwest instead of oauth2::reqwest::reqwest) (4391eed)
  • reqwest: Migrate to shared Error type and use thiserror's From impl by @​MarijnS95 (#​238)
  • Bump MSRV to 1.65 and institute a policy supporting Rust releases going back at least 6 months (same policy as openidconnect crate) (576f809)
  • Improve Display output of RequestTokenError::ServerResponse (96c6f9b)
  • Track Client endpoints statically via typestates (1d1f4d1)
  • Refactor crate into smaller private modules and make devicecode and revocation modules private (9d8f11a)
  • Add reqwest-blocking feature (da7d1c5)
  • Rename URI/URL getters and setters (4d55c26)
  • Add AsyncHttpClient and SyncHttpClient traits (23b952b)

New Features

  • Implement SecretType::into_secret (#​272)
  • Add timing-resistant-secret-traits feature for PartialEq/Hash by @​kate-shine (#​232)
  • Derive Eq for types that already derive PartialEq (b19ad89)
  • Implement From instead of Into for newtypes (d9402c4)
  • Implement Display trait for URL types (8bd0ff1)

Bug Fixes

  • Improve HttpClientError::Reqwest error message (9a2b746)
  • Accept null device code interval (#​278)
  • Ignore async token revocation response body (#​282)
  • Derive Clone and Debug for EndpointState types (#​263)

Other Changes

  • Inline format args (#​270)
  • Update dev dependencies (#​285)
  • Remove defunct sponsorship from README
  • Remove client secret from implicit flow example (#​286)
  • Use --locked on MSRV build in CI
  • Allow base64 0.21 or 0.22 (#​261)
  • Bump base64 to 0.21 (db0ea44)
  • Set minimum version of chrono to 0.4.31 (7b667fc)
  • Mention openidconnect crate in README (7b667fc)
  • Add note about spawn_blocking to docs (1fc8188)
  • Re-export curl as oauth2::curl and ureq as oauth2::ureq when the corresponding Cargo features are enabled (aff7471)
  • Replace map_err() conversions with a From call via the Try operator by @​MarijnS95 (#​239)
  • Fix comments about csrf_state by @​ikehz (#​245)
  • Add documentation about comparing secrets securely by @​ikehz (#​246)
  • Remove unused imports in examples by @​frewsxcv (#​207)
  • Make private prepare_request() methods infallible (8ef74ac)
  • Address clippy lints and clean up examples (d675e81)
  • Remove empty leading and trailing lines from doc comments (a8b5cf8)
  • Reorder and clean up imports (92c491a)
  • Add Upgrade Guide

Full Changelog: ramosbugs/oauth2-rs@4.4.2...5.0.0

v4.4.2

Compare Source

Bug Fixes

  • Enable chrono wasmbind feature to fix panic in WASM environments (#​230)

Other Changes

  • Fix token URL for Microsoft device code flow example (#​220)
  • Add Microsoft device code example with tenant ID (#​222)

v4.4.1

Compare Source

Bug Fixes

  • Export device authorization flow types in top-level namespace along with VerificationUriComplete type

v4.4.0

Compare Source

New Features

  • Add DeviceAccessTokenRequest::set_max_backoff_interval() method (with default value of 10 seconds) to control max polling backoff in response to HTTP client errors (#​216).

Bug Fixes

  • Fix serde_path_to_error dependency min version (#​197)

Other Changes

  • Use SPDX license format (#​205)

v4.3.0

Compare Source

New Features

  • Make new-type constructors const functions (#​186)

Bug Fixes

  • Have ureq::http_client use send_bytes() for POST requests to avoid sending Transfer-Encoding: chunked header that certain providers such as Microsoft do not support (#​182/#​183)
  • Return RequestTokenError::ServerResponse with DeviceCodeErrorResponseType::ExpiredToken (instead of RequestTokenError::Other) when device access token request times out (#​195)

Other Changes

  • Add async device code example for Microsoft endpoints (#​190)

v4.2.3

Compare Source

Bug Fixes

  • Fix stale documentation around async API, along with some RFC links

Other Changes

  • Add sponsor to README

v4.2.2

Compare Source

Bug Fixes

v4.2.1

Compare Source

Bug Fixes

  • Only use HTTP Basic auth with a client secret (see #​176)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/oauth2-5.x branch from 2f1c988 to e52fb8c Compare August 10, 2025 13:34
@renovate renovate bot force-pushed the renovate/oauth2-5.x branch from e52fb8c to 445a5f6 Compare September 25, 2025 15:12
@renovate
Copy link
Contributor Author

renovate bot commented Sep 25, 2025

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Cargo.lock
Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path Cargo.toml --package [email protected] --precise 5.0.0
error: failed to acquire package cache lock

Caused by:
  failed to open: /home/ubuntu/.cargo/.package-cache

Caused by:
  failed to create directory `/home/ubuntu/.cargo`

Caused by:
  File exists (os error 17)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant