hoauth2-2.15.0: CHANGELOG.md
# hoauth2 Changelog
## 2.15.0 (2025-10-05)
- Breaking changes
- Type and class renames
- `OAuth2Token` renamed to `TokenResponse`.
- `TokenRequestAuthenicationMethod` renamed to `ClientAuthenticationMethod`.
- `HasTokenRequestClientAuthenticationMethod` renamed to `HasClientAuthenticationMethod`.
- Removed several `Has*` type classes (e.g., `HasOAuth2Key`, `HasOAuthKey` from `HasTokenRequest`).
- Removed deprecated API in `Network.OAuth2.HttpClient`
- Deprecated functions have been removed. Use `authGetJSON`/`authGetBS`/`authPostJSON`/`authPostBS` and the `WithAuthMethod` variants with `APIAuthenticationMethod`.
- Request body encoding behavior
- `authPostJSON` now sends JSON with `Content-Type: application/json`. If an endpoint requires form-encoded data, use `authPostBS` or construct a custom request body.
- Import/module path cleanup
- Consumers should import `Network.OAuth2` (not `Network.OAuth.OAuth2`).
- Behavioral changes and bug fixes
- Client authentication handling
- Append `client_id` and `client_secret` for `ClientSecretPost` in client credentials flow.
- Refresh token flow honors the configured client authentication method.
- Authorization Code flow supports client authentication methods.
- Device Authorization flow
- Updated handling of device authorization requests and polling behavior.
- Refactors and internal cleanup
- Refactored header handling, simplified URI-to-Request conversion, removed deprecated or unused internals, and general cleanups.
- Dependency changes
- Allow `microlens` 0.5 (`microlens` >= 0.4 && < 0.6).
- Raise lower bound to `uri-bytestring` >= 0.4 (< 0.5).
## 2.14.3 (2025-03-14)
- Fixes and improvements:
- Append client_id and client_secret for ClientSecretPost in client credentials flow
- Add raw response to token response and derive Show instances
- Skip empty scope; assorted refactors and cleanups
## 2.14.2 (2025-01-30)
* Updated uri-bytestring to version 0.4
## 2.14.1 (2024-11-19)
* Updated data-default to version 0.8
## 2.14.0 (2024-11-19)
* Updated crypton to version 1.0
## 2.13.0 (2024-03-07)
* Replaced cryptonite with crypton
## 2.12.0 (2024-01-19)
* Updated base64 to version 1.0
## 2.11.0 (2023-12-30)
* Updated aeson to version 2.2
* Updated binary to version 0.10
* Updated bytestring to version 0.12
* Updated container to version 0.7
## 2.10.0 (2023-11-17)
* Added support for text 2.2
## 2.9.0 (2023-10-26)
* Refactored oauth2 Experiment module implementation
* Removed generics
* Added Device Authorization grant
* Moved IdpName to hoauth2 and enabled DataKinds
* Changed the type parameter in HttpClient methods
* Removed data family `RefreshTokenRequest`
## 2.8.1 (2023-06-17)
* Added support for GHC-9.6
* Updated CI configuration for GHC 9.6.1
* Added hiedb integration
## 2.8.0 (2023-03-15)
* Added support for GHC-9.4.4
* Added support for text-2.0
## 2.7 (2022-11-17)
* Added GrantType jwt-bearer
* Added JWT authentication method for ClientCredential flow
* Replaced `OAuth2Error` with `TokenRequestError`
* Moved `HasIdpName` class to hoauth2-demo
* Improved error handling when response body is empty in `HttpClient.handleResponse`
* Removed the following modules from exposure list:
- Network.OAuth2.Experiment.Pkce
- Network.OAuth2.Experiment.Types
- Network.OAuth2.Experiment.Utils
- Network.OAuth.OAuth2.Internal
## 2.6 (2022-10-04)
* Changed type parameter order in http client JSON method
* Modified http client to only accept one Authentication Method instead of a Set
* Removed `authPostBS1` (non-standard approach to sending credentials)
* Removed Douban IdP (discontinued OAuth2 support)
* Deprecated all *Internal methods, added *WithAuthMethod alternatives
* Changed license to MIT
* Added support for PKCE flow in `Network.OAuth2.Experiment` module
* Added support for Resource Owner Password and Client Credentials flows
* Added `hoauth2-providers` and `hoauth2-providers-tutorial` modules
* Added `hoauth2-tutorial` module
## 2.5 (2022-08-17)
* Updated aeson to version 2.1
## 2.4 (2022-08-17)
* Relaxed binary and bytestring version constraints
## 2.1 (2022-02-19)
* Added documentation for OAuth2 specification
* Updated aeson to version 2
## 2.0 (2022-02-15)
* Breaking change: Refactored naming convention of `OAuth2` data type
```diff
- { oauthClientId = "xxxxxxxxxxxxxxx"
- , oauthClientSecret = Just "xxxxxxxxxxxxxxxxxxxxxx"
- , oauthCallback = Just [uri|http://127.0.0.1:9988/oauthCallback|]
- , oauthOAuthorizeEndpoint = [uri|https://api.weibo.com/oauth2/authorize|]
- , oauthAccessTokenEndpoint = [uri|https://api.weibo.com/oauth2/access_token|]
+ { oauth2ClientId = "xxxxxxxxxxxxxxx"
+ , oauth2ClientSecret = Just "xxxxxxxxxxxxxxxxxxxxxx"
+ , oauth2RedirectUri = Just [uri|http://127.0.0.1:9988/oauthCallback|]
+ , oauth2AuthorizeEndpoint = [uri|https://api.weibo.com/oauth2/authorize|]
+ , oauth2TokenEndpoint = [uri|https://api.weibo.com/oauth2/access_token|]
+ }
```
## 1.7.0 (2018-03-03)
* Added sample server and removed individual sample tests
* Added `fetchAccessToken2` function
* Added `refreshAccessToken` function and deprecated `fetchRefreshToken`
* Renamed `authGetBS'` to `authGetBS2`
* Renamed `authPostBS'` to `authPostBS2`
* Added `authPostBS3` function
## 1.0.0 (2017-04-07)
* Added umbrella type `OAuth2Token` to accommodate `AccessToken` and `RefreshToken`
* Typed the intermediate authentication code as `ExchangeToken`
* Fixed missing client_id error in tests by appending client_id and client_secret to header