[8.3.0]
* add Instagram (https://www.instagram.com/) API (thanks to https://github.com/faent)
* add getErrorMessage method to FacebookAccessTokenErrorResponse. Should be used instead of general getMessage method
from the parent Exception
[8.2.0]
* add ScopeBuilder to easily specify multiple scopes while requesting OAuth2.0 Access Tokens
* make Base64 en/de-coding not dependent from java8 implementation (use three optional implementation
(internal java 8+, Apache Commons Codec, JAXB) detected in runtime) (thanks to https://github.com/CodingFabian)
* implement possibility to add extra parameters to Access Token Request
(AccessTokenRequestParams#*ExtraParameters methods), https://github.com/scribejava/scribejava/issues/980
(thanks to https://github.com/pmorch)
[8.1.0]
* add raw Response (with HTTP response code and body) as member to the OAuth2AccessTokenErrorResponse
* add possibility to set "" (empty string) as apiSecret
* add Slack API (https://slack.com/) (thanks to https://github.com/petrkopotev)
[8.0.0]
* add Kakao API (https://kakao.com/) (thanks to https://github.com/v0o0v)
* support chunks in JDKHttpClient's Multipart (thanks to https://github.com/eos1d3)
* add support for OAuth 2.0 Device Authorization Grant (RFC 8628) (thanks to https://github.com/rebarbora-mckvak)
* update Google API URLs
[7.1.1]
* add Proxy support (via config's option) to internal JDKHttpClient (thanks to https://github.com/bjournaud)
* fix typo (change "Verfier" to "Verifier") (thanks to https://github.com/afkbrb)
* fix Multipart support in JDKHttpClient (thanks to https://github.com/eos1d3)
[7.0.0]
* Add Polar API (https://www.polar.com/) (thanks to https://github.com/vidi42)
* make Response accept resources to autoclose and autoclose it (thanks to https://github.com/drei01)
* fix url encoding in POST payload (it's needed for 'application/x-www-form-urlencoded' Content-Type)
+ unit tests (thanks to https://github.com/max904-github)
* Add Armeria HTTP client (thanks to https://github.com/max904-github)
[6.9.0]
* Add Xero API (https://www.xero.com/) (thanks to https://github.com/SidneyAllen)
[6.8.1]
* make Response implements Closeable (thanks to https://github.com/omaric)
* fix Type resolution for builder pattern in ServiceBuilderOAuth10a (thanks to https://github.com/mgyucht)
* fix no Content-length errors (thanks to https://github.com/mikita-herasiutsin and https://github.com/iankurverma)
[6.8.0]
* Add debug output to OAuth2Service (thanks to https://github.com/rbarbey)
* Add Dropbox API (https://www.dropbox.com/) (thanks to https://github.com/petrkopotev)
[6.7.0]
* Add OAuth2 support for Meetup.com (thanks to https://github.com/stevedes77)
* upgrade okhttp to 4.0.1 and security fix for jackson-databind 2.9.9.1
[6.6.3]
* fix NPE for OpenId providers
[6.6.2]
* add PMD checks on compile
* add all OAuth error codes from supported RFCs (incl. "invalid_token") (thanks to https://github.com/echorebel)
* Update LinkedIn Example to API v2 (thanks to https://github.com/peternees)
* switch to jackson dependency to parse json responses (thanks to https://github.com/galimru)
[6.5.1]
* cleanup deprecates methods
[6.5.0]
* separate OAuth1.0a and OAuth2.0 ServiceBuilders,
introduce AuthorizationUrlBuilder (along with deprecation of AuthorizationUrlWithPKCE)
add possibility to provide different scopes for each Access Token request
* upgrade Facebook API from v2.11 to v3.2
* upgrade VkontakteApi from 5.73 to 5.92
[6.4.1]
* support TLS 1.3 in JDK 11 for Salesforce
* fix NPE in Apache HTTP client in case of empty body in HTTP response (e.g. with 204 response code)
(thanks to https://github.com/SainagNeelamPatnaik)
* separate OAuth1.0a and OAuth2.0 classes
[6.3.0]
* fix Muplipart request model and implement it for a jdk HTTP client (thanks to https://github.com/NTPape)
* remove any Google+ mention (switch to clean Google OAuth2) (thanks to https://github.com/fvasco)
* fix Microsoft Azure AD v1.0 and v2.0 (thanks to https://github.com/kenpusney and https://github.com/oscararias)
* add new API Asana (https://asana.com/) (thanks to https://github.com/joestazak)
* state param should be used only for authorization url generation, for v2 only, for Authorization Code Grant only,
and it should be set per request, not per created OAuthService
[6.2.0]
* add new API Microsoft Azure Active Directory (Azure AD) 2.0
(thanks to https://github.com/rzukow and https://github.com/dgrudenic)
[6.1.0]
* add new API Keycloak (https://www.keycloak.org/) (thanks to https://github.com/JureZelic)
* add new API Discord (https://discordapp.com/) (thanks to https://github.com/Jokuni)
[6.0.0]
* make redirect_uri optional while Access Token requesting on OAuth 2.0 (thanks to https://github.com/computerlove)
* switch to java 9+ (from java 7 only) for compilation. Runtime is still java 7+.
Complement README with links and RFC descriptions.
* switch OAuth2 Bearer Token Usage from enum OAuth2SignatureType to interface BearerSignature to be extensible
* add new API Wunderlist (https://www.wunderlist.com/) (thanks to https://github.com/M-F-K)
[5.6.0]
* remove support for obsolete NetEase (http://www.163.com/) and sohu 搜狐 (http://www.sohu.com/)
(thanks to https://github.com/zawn)
* add Multipart functionality to JDK Http Client (thanks to https://github.com/eos1d3)
* switch OAuth2 ClientAuthenticationType from enum to interface ClientAuthentication to be extensible according to
https://tools.ietf.org/html/rfc6749#section-2.3.2 (thanks to https://github.com/zawn)
* add RuntimeException processing in async http clients (delivered to onError callbacks)
(thanks to https://github.com/jochen314)
* check 200 status code from response in OAuth2AccessTokenExtractor (thanks to https://github.com/jochen314)
* fix case sensitive Http Headers comparison and sending Content-Type header along with content-type
(thanks to https://github.com/marnix)
* add HiOrg-Server (https://www.hiorg-server.de/) API (thanks to https://github.com/MartinBoehmer)
[5.5.0]
* fix error parsing for Fitbit (thanks to https://github.com/danmana)
* optimize debug log performance impact on prod in OAuth1 and fix
NoClassDefFoundError on Android device with SDK 18 and lower (thanks to https://github.com/arcao)
* add new API - MediaWiki (https://www.mediawiki.org/) (thanks to https://github.com/lucaswerkmeister)
[5.4.0]
* fix missing support for scope for refresh_token grant_type (thanks to https://github.com/tlxtellef)
* add email field to VKOAuth2AccessToken (thanks to https://github.com/grouzen)
* add new API - Automatic (https://www.automatic.com/) (thanks to https://github.com/ramsrib)
* add new API - Fitbit (https://www.fitbit.com/)
(thanks to https://github.com/JustinLawler and https://github.com/alexthered)
* deprecate OAuthConfig
* OAuth1.0: send "oob" instead of null callback while requesting RequestToken (thanks to https://github.com/Rafaelsk)
[5.3.0]
* fix Salesforce API (thanks to https://github.com/jhorowitz-firedrum)
* remove 'final' from methods in OAuth[10a|20]Service to allow mocking it
* fix Pinterest API (thanks to https://github.com/sschwieb)
* add Yahoo2 API (thanks to https://github.com/javatestcase)
* fix Tumblr urls, convert to https (thanks to https://github.com/highthunder)
* fix: allow spaces in scope param in OAuth2Accesstoken response
* add required param version to VK ВКонтакте (http://vk.com/) urls
[5.2.0-java7again]
* allow 'null' as callback. It's an optional parameter. Remove "oob" as default
(thanks to https://github.com/massongit)
* java7 compatible again!
[5.1.0]
* drop optional dependency on Apache commons-codec
* add API - Dataporten (https://docs.dataporten.no/) (thanks to https://github.com/xibriz)
* add API - Microsoft Azure Active Directory (Azure AD) (thanks to https://github.com/kaushalmall)
* fix LinkedInApi20 (thanks to https://github.com/jhorowitz-firedrum)
[5.0.0]
* drop Java 7 backward compatibility support, become Java 8 only (was reverted in v5.2.0-java7again)
* add JSON token extractor for OAuth 1.0a (thanks to https://github.com/evstropovv)
* add new API - uCoz (https://www.ucoz.com/) (thanks to https://github.com/evstropovv)
* add PKCE (RFC 7636) support (Proof Key for Code Exchange by OAuth Public Clients)
(thanks for suggesting to https://github.com/dieseldjango)
* switch to use HTTP Basic Authorization by default in requests with need of
(2.3. Client Authentication) https://tools.ietf.org/html/rfc6749#section-2.3 Can be overrided in API class
* add support for client_credentials grant type (thanks to https://github.com/vivin)
* add support for RFC 7009 OAuth 2.0 Token Revocation (thanks to https://github.com/vivin)
* add OAuth2Service signRequest method accepting just String, not OAuth2 Access Token Object.
Remove signRequest from abstract OAuthService. 2.0 and 1.0a will be a bit more different now.
* drop toString method from *Tokens to prevent leak of sensible data (token ans secrets)
(thanks to https://github.com/rcaa)
* add Apache HttpComponents HttpClient support in separate module (thanks to https://github.com/sschwieb)
* add support for appsecret_proof in Facebook
* update Facebook v2.8 -> v2.11
(version can be configured while constructing OAuthService - use FacebookApi.customVersion("2.11"))
[4.2.0]
* DELETE in JdkClient permits, but not requires payload (thanks to https://github.com/miguelD73)
* add new API - Frappe (https://github.com/frappe/frappe) (thanks to https://github.com/revant)
* add new API - Etsy (https://www.etsy.com/) (thanks to https://github.com/efekocabas)
[4.1.2]
* LinkedIn use Header to sign OAuth2 requests
* upgrade ServiceBuilder to check apiKey preconditions compile-time (not run-time)
* update Live API (thanks to https://github.com/typhoon17)
[4.1.1]
* omit the client_secret parameter if it is an empty string while refreshing token
(thanks to https://github.com/KungfuPancake)
* allow perms to be specified in Flickr Api (read, write, or delete) (thanks to https://github.com/rogerhu)
* OdnoklassnikiService should consider params in a body while signing the request
(thanks to https://github.com/MrNeuronix)
* do not open OutputStream for output while sending empty body in HTTP requests in the default JDK Http client
[4.1.0]
* make client_secret optional in OAuth2 while requesting AccessToken
(if set to null, it's not required by OAuth2 specs)
* move OAuth1 SignatureType from ServiceBuilder to API
* add body for PATCH HTTP method
* make addOAuthParams appendSignature methods protected in OAuth10aService (to override them in case of need)
(thanks to https://github.com/vivin)
[4.0.0]
* Remove OAuthRequestAsync, just OAuthRequest. Request should know about sync vs async.
Move default Http engine to JDKHttpClient.
* introduce SignatureType for OAuth2.0 to implement Bearer signing for the requests
* switch Google, GitHub, Facebook OAuth2.0 oauth requests signing to more secured recommended variant
(GET-param -> header Bearer)
* introduce custom nonstandard Facebook AccessTokenErrorResponse
[3.4.1]
* Drop deprecated methods
* Move doktornarabote.ru urls to https (thanks to https://github.com/ezibrov)
[3.4.0]
* uncouple OAuthRequest and Service. OAuthRequest shouldn't know anything about OAuthservice.
You don't need OAuthService to create OAuthRequest anymore. Async request should be sent via OAuthService method.
* add support for byte[] and File (async only) payload in OAuth Requests (thanks to https://github.com/keijohyttinen)
* add support for HTTP verbs (thanks to https://github.com/keijohyttinen)
* add OkHttp http client support (thanks to https://github.com/arcao)
* add default HTTP client configs
(to use like 'new ServiceBuilder().httpClientConfig(OkHttpHttpClientConfig.defaultConfig())')
* you can use your own impl of AsyncHttpClient
[3.3.0]
* update Facebook v2.6 -> v2.8
* add The Things Network API (v1-staging and v2-preview) (thanks to https://github.com/jpmeijers)
* add Box (thanks to https://github.com/MclaughlinSteve)
* fix: OAuth20Service::refreshAccessToken should use RefreshTokenEndpoint, not AccessTokenEndpoint
(thanks to https://github.com/vivin)
* move signRequest method to OAuthService (common for OAuth1 and OAuth2) (thanks to https://github.com/apomelov)
* drop deprecated setConnectionKeepAlive method
[3.2.0]
* Add Naver API (thanks to chooco)
* handle OAuth2 error response for Issuing an Access Token (thanks to juherr)
[3.1.0]
* fix OdnoklassnikiServiceImpl signature, params for hash must be sorted in lexicographic order,
see http://new.apiok.ru/dev/methods/
* add posibility to use externally created http client
* make ScribeJava compilable under jdk7 (checkstyle downgraded for jdk 1.7)
* add travis CI (check [oracle|open]jdk7 oraclejdk8)
[3.0.0]
* create abstract HTTP Client layer to support different HTTP clients as plugins
(AHC and Ning support becames maven submodules)
* remove changing global JVM property http.keepAlive, deprecate controlling this property inside of ScribeJava
(thanks to wldaunfr and rockihack)
[2.8.1]
* add Salesforce sandbox API support
[2.8.0]
* add Salesforce API
* update Linked In API
[2.7.3]
* FIX: ScribeJava shouldn't require all async http client provider to be on the classpath if using only one of them
[2.7.2]
* FIX: ScribeJava shouldn't require any async http client provider to be on the classpath (neither ning neither AHC)
[2.7.1]
* do not hide checked IOException in unchecked IllegalArgumentException
[2.7.0]
* make http async client implementation be more pluggable
* add async-http-client 2.0 support (thanks to Sai Chandrasekharan https://github.com/saichand)
* add Misfit (http://misfit.com/) API
* implement async version getting Request Token for OAuth 1.0a
[2.6.0]
* simplify async/sync usages
* add optional "User-Agent" config option to use while making http calls
* refactor usage of grant_type [authorization_code|refresh_token|password|etc]
* add Genius.com API authentication (OAuth2)
* fix GitHub API
* standardize authorization url generation for OAuth2
* update Facebook to v2.6
* cleanup: drop old APIs without Examples and with outdated domains
[2.5.3]
* fix - do not send two Content-Type header in async requests
* improve OK example
[2.5.2]
* add Google Async Exmaple (with bugfix for it to work)
* add OSGI manifest metadata
* apiSecret is not mandatory parameter in config
(to use on client sides and other flows without need of the API secret)
* implement OAuth2 Authorization Response parsing in the OAuth20Service
(to extract code and state from url, useful for Android)
* update ok.ru API urls, add 'state' support, add refresh token to the example
[2.4.0]
* APIs 2.0 can define different endpoints for access token and for refresh token (the same urls by default)
* mark Facebook doesn't support refresh token by throwing UnsupportedOperationException
* make JSON Access Token Extractor be the default for OAuth 2.0 (according to RFC 6749)
* drop Google OAuth 1.0 support (OAuth 1.0 was officially deprecated by Google)
* add response_type parameter to the ServiceBuilder/OAuthConfig to use not only "code" for authorization code
* remove Verifier object, we just need Strings, 'code' for OAuth2 and 'oauthVerifier' for OAuth1
* default HTTP verb for OAuth 2.0 Access Token EndPoint is POST (http://tools.ietf.org/html/rfc6749#section-3.2)
* send missed headers in async version (as in sync)
* support 'password' grant_type for OAuth 2.0
[2.3.0]
* Stack Exchange authentication via OAuth 2.0 (stackoverflow.com, askubuntu.com, etc.).
* Support response in gzip.
* differentiate OAuth1 Access token, OAuth 1 Request Token and OAuth 2 Access token, make them conforms RFCs
* OAuth 1 APIs can choose whether to pass empty oauth_token param in requests
* Support refresh tokens for OAuth2 (very thanks to P. Daniel Tyreus https://github.com/pdtyreus)
[2.2.2]
* make all APIs to be extentable (have protected constructors, useful for testing)
[2.2.1]
* Update Facebook API v2.2 -> v2.5
* Update hh.ru urls
[2.2.0]
* Let GoogleApi20 supports OOB
* Updated Imgur API to OAuth2
* force not to instantiate stateless APIs. Use provided singletons
* reduce OAuthService abstraction for OAuth1 and OAuth2. Separate OAuth(1|2)Services
[2.1.0]
* add Pinterest API
[2.0.1]
* small code enhancements
[2.0]
* merge back SubScribe fork to the ScribeJava
for previous changes see
v1-changelog - changelog for 1.x version
v2pre-changelog - changelog for SubScribe fork