hoauth2 Changelog

2.15.0 (2025-10-05)

• Breaking changes
  • Type and class renames
    • OAuth2Token renamed to TokenResponse.
    • TokenRequestAuthenicationMethod renamed to ClientAuthenticationMethod.
    • HasTokenRequestClientAuthenticationMethod renamed to HasClientAuthenticationMethod.
    • Removed several Has* type classes (e.g., HasOAuth2Key, HasOAuthKey from HasTokenRequest).
  • Removed deprecated API in Network.OAuth2.HttpClient
    • Deprecated functions have been removed. Use authGetJSON/authGetBS/authPostJSON/authPostBS and the WithAuthMethod variants with APIAuthenticationMethod.
  • Request body encoding behavior
    • authPostJSON now sends JSON with Content-Type: application/json. If an endpoint requires form-encoded data, use authPostBS or construct a custom request body.
  • Import/module path cleanup
    • Consumers should import Network.OAuth2 (not Network.OAuth.OAuth2).
• Behavioral changes and bug fixes
  • Client authentication handling
    • Append client_id and client_secret for ClientSecretPost in client credentials flow.
    • Refresh token flow honors the configured client authentication method.
    • Authorization Code flow supports client authentication methods.
  • Device Authorization flow
    • Updated handling of device authorization requests and polling behavior.
• Refactors and internal cleanup
  • Refactored header handling, simplified URI-to-Request conversion, removed deprecated or unused internals, and general cleanups.
• Dependency changes
  • Allow microlens 0.5 (microlens >= 0.4 && < 0.6).
  • Raise lower bound to uri-bytestring >= 0.4 (< 0.5).

2.14.3 (2025-03-14)

• Fixes and improvements:
  • Append client_id and client_secret for ClientSecretPost in client credentials flow
  • Add raw response to token response and derive Show instances
  • Skip empty scope; assorted refactors and cleanups

2.14.2 (2025-01-30)

• Updated uri-bytestring to version 0.4

2.14.1 (2024-11-19)

• Updated data-default to version 0.8

2.14.0 (2024-11-19)

• Updated crypton to version 1.0

2.13.0 (2024-03-07)

• Replaced cryptonite with crypton

2.12.0 (2024-01-19)

• Updated base64 to version 1.0

2.11.0 (2023-12-30)

• Updated aeson to version 2.2
• Updated binary to version 0.10
• Updated bytestring to version 0.12
• Updated container to version 0.7

2.10.0 (2023-11-17)

• Added support for text 2.2

2.9.0 (2023-10-26)

• Refactored oauth2 Experiment module implementation
• Removed generics
• Added Device Authorization grant
• Moved IdpName to hoauth2 and enabled DataKinds
• Changed the type parameter in HttpClient methods
• Removed data family RefreshTokenRequest

2.8.1 (2023-06-17)

• Added support for GHC-9.6
• Updated CI configuration for GHC 9.6.1
• Added hiedb integration

2.8.0 (2023-03-15)

• Added support for GHC-9.4.4
• Added support for text-2.0

2.7 (2022-11-17)

• Added GrantType jwt-bearer
• Added JWT authentication method for ClientCredential flow
• Replaced OAuth2Error with TokenRequestError
• Moved HasIdpName class to hoauth2-demo
• Improved error handling when response body is empty in HttpClient.handleResponse
• Removed the following modules from exposure list:
  • Network.OAuth2.Experiment.Pkce
  • Network.OAuth2.Experiment.Types
  • Network.OAuth2.Experiment.Utils
  • Network.OAuth.OAuth2.Internal

2.6 (2022-10-04)

• Changed type parameter order in http client JSON method
• Modified http client to only accept one Authentication Method instead of a Set
• Removed authPostBS1 (non-standard approach to sending credentials)
• Removed Douban IdP (discontinued OAuth2 support)
• Deprecated all *Internal methods, added *WithAuthMethod alternatives
• Changed license to MIT
• Added support for PKCE flow in Network.OAuth2.Experiment module
• Added support for Resource Owner Password and Client Credentials flows
• Added hoauth2-providers and hoauth2-providers-tutorial modules
• Added hoauth2-tutorial module

2.5 (2022-08-17)

• Updated aeson to version 2.1

2.4 (2022-08-17)

• Relaxed binary and bytestring version constraints

2.1 (2022-02-19)

• Added documentation for OAuth2 specification
• Updated aeson to version 2

2.0 (2022-02-15)

• Breaking change: Refactored naming convention of OAuth2 data type

  -  { oauthClientId            = "xxxxxxxxxxxxxxx"
  -  , oauthClientSecret        = Just "xxxxxxxxxxxxxxxxxxxxxx"
  -  , oauthCallback            = Just [uri|http://127.0.0.1:9988/oauthCallback|]
  -  , oauthOAuthorizeEndpoint  = [uri|https://api.weibo.com/oauth2/authorize|]
  -  , oauthAccessTokenEndpoint = [uri|https://api.weibo.com/oauth2/access_token|]
  +  { oauth2ClientId           = "xxxxxxxxxxxxxxx"
  +  , oauth2ClientSecret       = Just "xxxxxxxxxxxxxxxxxxxxxx"
  +  , oauth2RedirectUri        = Just [uri|http://127.0.0.1:9988/oauthCallback|]
  +  , oauth2AuthorizeEndpoint  = [uri|https://api.weibo.com/oauth2/authorize|]
  +  , oauth2TokenEndpoint      = [uri|https://api.weibo.com/oauth2/access_token|]
  +  }
  

1.7.0 (2018-03-03)

• Added sample server and removed individual sample tests
• Added fetchAccessToken2 function
• Added refreshAccessToken function and deprecated fetchRefreshToken
• Renamed authGetBS' to authGetBS2
• Renamed authPostBS' to authPostBS2
• Added authPostBS3 function

1.0.0 (2017-04-07)

• Added umbrella type OAuth2Token to accommodate AccessToken and RefreshToken
• Typed the intermediate authentication code as ExchangeToken
• Fixed missing client_id error in tests by appending client_id and client_secret to header