Tag 1.2.0

Release prep for 1.2.0

Tweak .well-known fallback handling

This raises a better error than "'NoneType' is not iterable" in case
neither URL return something useful. Also reports the RFC path rather
than the OpenID one in the final traceback.

Simplify style

Strip indentation from redirect page

Mostly being pedantic, looks nicer if you view source

Support passing login hint via explicit --oauth2-login-hint argument

Explicit > implicit

Also helpful in case the username contains '@', e.g. like an email or
XMPP address.

Make redirect response page look nicer

Support passing 'login_hint' to the Authorization Server

Running `https -A oauth2 -a username@authorization.example` will pass
'username' as login_hint parameter.

https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1

Tag 1.1.0

Release prep for 1.1.0

--oauth2-token-refresh=on-expire|always added

Add way to force refresh of e.g. a revoked token

This plugin does not get any feedback from HTTPie about whether the
final request was authenticated or not, so in case it was not because
the token has been revoked or otherwise no works, something has to be
done to get a new token.

Tag 1.0.0

Release prep for 1.0.0

Request new authorization if token can't be refreshed

Forget invalid (revoked?) refresh tokens

This way, repeating the command will do the authorization flow again.

However we can only do this while attempting to renew the token, if it
is invalidated while valid according to the timestamps, only HTTPie sees
it, not this plugin.

Also look for server metadata at the OpenID well-known location

Because why would there be a single well-known location when there can
be multiple?

Implement RFC 7636 Proof Key for Code Exchange by OAuth Public Clients

Why isn't this supported in requests-oauthlib?