Tag 1.2.0
Release prep for 1.2.0
Tweak .well-known fallback handling This raises a better error than "'NoneType' is not iterable" in case neither URL return something useful. Also reports the RFC path rather than the OpenID one in the final traceback.
Simplify style
Strip indentation from redirect page Mostly being pedantic, looks nicer if you view source
Support passing login hint via explicit --oauth2-login-hint argument Explicit > implicit Also helpful in case the username contains '@', e.g. like an email or XMPP address.
Make redirect response page look nicer
Support passing 'login_hint' to the Authorization Server Running `https -A oauth2 -a username@authorization.example` will pass 'username' as login_hint parameter. https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1
Tag 1.1.0
Release prep for 1.1.0 --oauth2-token-refresh=on-expire|always added
Add way to force refresh of e.g. a revoked token This plugin does not get any feedback from HTTPie about whether the final request was authenticated or not, so in case it was not because the token has been revoked or otherwise no works, something has to be done to get a new token.
Tag 1.0.0
Release prep for 1.0.0
Request new authorization if token can't be refreshed
Forget invalid (revoked?) refresh tokens This way, repeating the command will do the authorization flow again. However we can only do this while attempting to renew the token, if it is invalidated while valid according to the timestamps, only HTTPie sees it, not this plugin.
Also look for server metadata at the OpenID well-known location Because why would there be a single well-known location when there can be multiple?
Implement RFC 7636 Proof Key for Code Exchange by OAuth Public Clients Why isn't this supported in requests-oauthlib?
Wrap client in a class to ease access to oauthlib Client methods
Refresh tokens when they expire Apparently the OAuth2 class does not do this, you have to go through the OAuth2Session for auto-refresh to work, but we're not doing that because the HTTPie architecture just takes an Auth object.
Remove scope(s) default