⬆️ yard-fence v0.5.0

Author: pboling

CHANGELOG.md

@@ -21,11 +21,13 @@ Please file a bug if you notice a violation of semantic versioning.
 ### Added
 
 - [gh!683][gh!683], [gh!684][gh!684] - Improve documentation by @pboling
+- [gh!686][gh!686]- Add Incident Response Plan by @pboling
+- [gh!687][gh!687]- Add Threat Model by @pboling
 
 ### Changed
 
-- [gh!685][gh!685] - upgrade kettle-dev v1.1.24 by pboling
-- upgrade kettle-dev v1.1.26 by pboling
+- [gh!685][gh!685] - upgrade kettle-dev v1.1.24 by @pboling
+- upgrade kettle-dev v1.1.51 by @pboling
   - Add open collective donors to README
 
 ### Deprecated
@@ -34,11 +36,16 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Fixed
 
+- [gh!690][gh!690] - Add yard-fence to handle braces within code fences in markdown properly by @pboling
+
 ### Security
 
 [gh!683]: https://github.com/ruby-oauth/oauth2/pull/683
 [gh!684]: https://github.com/ruby-oauth/oauth2/pull/684
 [gh!685]: https://github.com/ruby-oauth/oauth2/pull/685
+[gh!686]: https://github.com/ruby-oauth/oauth2/pull/686
+[gh!687]: https://github.com/ruby-oauth/oauth2/pull/687
+[gh!690]: https://github.com/ruby-oauth/oauth2/pull/690
 
 ## [2.0.17] - 2025-09-15
 

Gemfile.lock

@@ -311,7 +311,7 @@ GEM
     uri (1.1.1)
     version_gem (1.1.9)
     yard (0.9.37)
-    yard-fence (0.4.0)
+    yard-fence (0.5.0)
       rdoc (~> 6.11)
       version_gem (~> 1.1, >= 1.1.9)
       yard (~> 0.9, >= 0.9.37)

OIDC.md

@@ -16,11 +16,13 @@ If any other libraries would like to be added to this list, please open an issue
 This document complements the inline documentation by focusing on OpenID Connect (OIDC) 1.0 usage patterns when using this gem as an OAuth 2.0 client library.
 
 Scope of this document
+
 - Audience: Developers building an OAuth 2.0/OIDC Relying Party (RP, aka client) in Ruby.
 - Non-goals: This gem does not implement an OIDC Provider (OP, aka Authorization Server); for OP/server see other projects (e.g., doorkeeper + oidc extensions).
 - Status: Informational documentation with links to normative specs. The gem intentionally remains protocol-agnostic beyond OAuth 2.0; OIDC specifics (like ID Token validation) must be handled by your application.
 
 Key concepts refresher
+
 - OAuth 2.0 delegates authorization; it does not define authentication of the end-user.
 - OIDC layers an identity layer on top of OAuth 2.0, introducing:
   - ID Token: a JWT carrying claims about the authenticated end-user and the authentication event.
@@ -29,6 +31,7 @@ Key concepts refresher
   - Discovery and Dynamic Client Registration (optional for providers/clients that support them).
 
 What this gem provides for OIDC
+
 - All OAuth 2.0 client capabilities required for OIDC flows: building authorization requests, exchanging authorization codes, refreshing tokens, and making authenticated resource requests.
 - Transport and parsing conveniences (snaky hash, Faraday integration, error handling, etc.).
 - Optional client authentication schemes useful with OIDC deployments:
@@ -38,6 +41,7 @@ What this gem provides for OIDC
   - private_key_jwt (OIDC-compliant when configured per OP requirements)
 
 What you must add in your app for OIDC
+
 - ID Token validation: This gem surfaces id_token values but does not verify them. Your app should:
   1) Parse the JWT (header, payload, signature)
   2) Fetch the OP JSON Web Key Set (JWKS) from discovery (or configure statically)
@@ -124,10 +128,12 @@ userinfo = token.get("/userinfo").parsed
 ```
 
 Notes on discovery and registration
-- Discovery: Most OPs publish configuration at {issuer}/.well-known/openid-configuration (OIDC Discovery 1.0). From there, resolve authorization_endpoint, token_endpoint, jwks_uri, userinfo_endpoint, etc.
+
+- Discovery: Most OPs publish configuration at `{issuer}/.well-known/openid-configuration` (OIDC Discovery 1.0). From there, resolve authorization_endpoint, token_endpoint, jwks_uri, userinfo_endpoint, etc.
 - Dynamic Client Registration: Some OPs allow registering clients programmatically (OIDC Dynamic Client Registration 1.0). This gem does not implement registration; use a plain HTTP client or Faraday and store credentials securely.
 
 Common pitfalls and tips
+
 - Always request the openid scope when you expect an ID Token. Without it, the OP may behave as vanilla OAuth 2.0.
 - Validate ID Token signature and claims before trusting any identity data. Do not rely solely on the presence of an id_token field.
 - Prefer Authorization Code + PKCE. Avoid Implicit; it is discouraged in modern guidance and may be disabled by providers.
@@ -136,6 +142,7 @@ Common pitfalls and tips
 - When using private_key_jwt, ensure the "aud" (or token_url) and "iss/sub" claims are set per the OP’s rules, and include kid in the JWT header when required so the OP can select the right key.
 
 Relevant specifications and references
+
 - OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html
 - OIDC Core (final): https://openid.net/specs/openid-connect-core-1_0-final.html
 - How OIDC works: https://openid.net/developers/how-connect-works/
@@ -150,9 +157,11 @@ Relevant specifications and references
 - Spring Authorization Server’s list of OAuth2/OIDC specs: https://github.com/spring-projects/spring-authorization-server/wiki/OAuth2-and-OIDC-Specifications
 
 See also
+
 - README sections on OAuth 2.1 notes and OIDC notes
 - Strategy classes under lib/oauth2/strategy for flow helpers
 - Specs under spec/oauth2 for concrete usage patterns
 
 Contributions welcome
+
 - If you discover provider-specific nuances, consider contributing examples or clarifications (without embedding provider-specific hacks into the library).

README.md

@@ -843,8 +843,8 @@ me = long_lived.get("/me", params: {fields: "id,username"}).parsed
 
 Tips:
 
-- Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
-- If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
+- Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for `GET` requests.
+- If you need a custom rule, you can pass a `Proc` for `mode`, e.g. `mode: ->(verb) { verb == :get ? :query : :header }`.
 
 ### Refresh Tokens
 
@@ -991,9 +991,9 @@ client = OAuth2::Client.new(
 end
 ```
 
-##### Using flat query params (Faraday::FlatParamsEncoder)
+##### Using flat query params (`Faraday::FlatParamsEncoder`)
 
-Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides FlatParamsEncoder for this purpose. You can configure the oauth2 client to use it when building requests.
+Some APIs expect repeated key parameters to be sent as flat params rather than arrays. Faraday provides `FlatParamsEncoder` for this purpose. You can configure the oauth2 client to use it when building requests.
 
 ```ruby
 require "faraday"

docs/OAuth2.html

@@ -415,7 +415,7 @@ <h3 class="signature first" id="configure-class_method">
 </div>
 
       <div id="footer">
-  Generated on Fri Nov  7 19:24:48 2025 by
+  Generated on Fri Nov  7 20:38:14 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.7).
 </div>

docs/OAuth2/AccessToken.html

@@ -3083,7 +3083,7 @@ <h3 class="signature " id="to_hash-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Fri Nov  7 19:24:48 2025 by
+  Generated on Fri Nov  7 20:38:14 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.7).
 </div>

docs/OAuth2/Authenticator.html

@@ -883,7 +883,7 @@ <h3 class="signature first" id="apply-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Fri Nov  7 19:24:48 2025 by
+  Generated on Fri Nov  7 20:38:14 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.7).
 </div>

docs/OAuth2/Client.html

@@ -2654,7 +2654,7 @@ <h3 class="signature " id="token_url-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Fri Nov  7 19:24:48 2025 by
+  Generated on Fri Nov  7 20:38:14 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.7).
 </div>

docs/OAuth2/Error.html

@@ -772,7 +772,7 @@ <h3 class="signature " id="response-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Fri Nov  7 19:24:48 2025 by
+  Generated on Fri Nov  7 20:38:14 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.7).
 </div>

docs/OAuth2/FilteredAttributes.html

@@ -335,7 +335,7 @@ <h3 class="signature first" id="inspect-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Fri Nov  7 19:24:48 2025 by
+  Generated on Fri Nov  7 20:38:14 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.7).
 </div>