Add missing dependencies.
0.27 2020-09-02
- Update example w/r/t recent(ish) changes in callback return expectations
0.26 2020-07-20
- Allow access_token_ttl to be passed as callback
0.25 2020-05-06
- Add "FURTHER READING" section to Manual
- Audit code from "OAuth 2.0 Security Best Current Practice" draft
- The above states "clients SHOULD NOT use the implicit grant"
- The above states "The resource owner password credentials grant MUST NOT be used"
- Add some documentation to note the above, with links
- The above draft also reveals:
- PKCE will be required (https://tools.ietf.org/html/rfc7636)
- "authorization codes MUST be invalidated by the AS after their first use at the token endpoint"
- "configured to return an AS identitifier [sic] ("iss") as a non-standard parameter"
- "Authorization server MUST utilize ... methods to detect refresh token replay"
0.24 2019-12-09
- Remove hard dependency on Mojo::JWT (GH #26, with thanks to ap)
0.23 2019-06-04
- Fix examples to work with recent version of deps (GH #23, GH #25)
0.22 2019-04-27
- Add support for JWEs as well as JWTs (GH #24)
- Fix make sure user_id is returned in AuthorizationCodeGrant defaults
0.20 2019-03-01
- Fix example oauth2_client.pl (GH #23)
0.19 2018-12-01
- Avoid returning from the try/catch block as this never works
(GH #20, GH #21, thanks to Dylan William Hardison)
7c413ce9ee