Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: golang/oauth2
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.27.0
Choose a base ref
...
head repository: golang/oauth2
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.29.0
Choose a head ref
  • 6 commits
  • 11 files changed
  • 6 contributors

Commits on Feb 28, 2025

  1. oauth2.go: use a more straightforward return value 

    Change-Id: I72d94836c93dabe50fe67ddb762389f674ba6490
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/653215
Reviewed-by: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
    @cuishuang @gopherbot
    cuishuang authored and gopherbot committed Feb 28, 2025
    Configuration menu
    Copy the full SHA
    9c82a8c View commit details
    Browse the repository at this point in the history

Commits on Mar 3, 2025

  1. google: fix typos 

    Change-Id: I8fc92767c1ea73e731736056c72628977017301e
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/645775
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
    @alexandear @gopherbot
    alexandear authored and gopherbot committed Mar 3, 2025
    Configuration menu
    Copy the full SHA
    44967ab View commit details
    Browse the repository at this point in the history

  2. oauth2: remove unneeded TokenSource implementation in transport test 

    Change-Id: I2dca3a211f7b7e30ae023635c5ac44b6237ee01c
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/114957
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
    @gopherbot
    Tim Cooper authored and gopherbot committed Mar 3, 2025
    Configuration menu
    Copy the full SHA
    ce350bf View commit details
    Browse the repository at this point in the history

  3. oauth2: Deep copy context client in NewClient 

    OAuth2 client creation currently doesn't faithfully reuse the client
passed into the context. This causes config settings such as timeout to
be set to Default and may end up to be a gotcha for anyone who sends in
a context client with timeout set assuming that the timeout will be
copied to the new client.

Fix: #368
Change-Id: I4f5f052361ebe07f50fbd694379892833cd1056c
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/180920
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
    @abeltay @gopherbot
    abeltay authored and gopherbot committed Mar 3, 2025
    Configuration menu
    Copy the full SHA
    0042180 View commit details
    Browse the repository at this point in the history

Commits on Mar 13, 2025

  1. jws: improve fix for CVE-2025-22868 

    The fix for CVE-2025-22868 relies on strings.Count, which isn't ideal
because it precludes failing fast when the token contains an unexpected
number of periods. Moreover, Verify still allocates more than necessary.

Eschew strings.Count in favor of strings.Cut. Some benchmark results:

goos: darwin
goarch: amd64
pkg: golang.org/x/oauth2/jws
cpu: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
                              │      old       │                 new                 │
                              │     sec/op     │   sec/op     vs base                │
Verify/full_of_periods-8        24862.50n ± 1%   57.87n ± 0%  -99.77% (p=0.000 n=20)
Verify/two_trailing_periods-8      3.485m ± 1%   3.445m ± 1%   -1.13% (p=0.003 n=20)
geomean                            294.3µ        14.12µ       -95.20%

                              │     old      │                  new                   │
                              │     B/op     │     B/op      vs base                  │
Verify/full_of_periods-8          16.00 ± 0%     16.00 ± 0%        ~ (p=1.000 n=20) ¹
Verify/two_trailing_periods-8   2.001Mi ± 0%   1.001Mi ± 0%  -49.98% (p=0.000 n=20)
geomean                         5.658Ki        4.002Ki       -29.27%
¹ all samples are equal

                              │     old     │                 new                  │
                              │  allocs/op  │ allocs/op   vs base                  │
Verify/full_of_periods-8         1.000 ± 0%   1.000 ± 0%        ~ (p=1.000 n=20) ¹
Verify/two_trailing_periods-8   12.000 ± 0%   9.000 ± 0%  -25.00% (p=0.000 n=20)
geomean                          3.464        3.000       -13.40%
¹ all samples are equal

Also, remove all remaining calls to strings.Split.

Updates golang/go#71490

Change-Id: Icac3c7a81562161ab6533d892ba19247d6d5b943
GitHub-Last-Rev: 3a82900
GitHub-Pull-Request: #774
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/655455
Commit-Queue: Neal Patel <nealpatel@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Neal Patel <nealpatel@google.com>
Auto-Submit: Neal Patel <nealpatel@google.com>
    @jub0bs @gopherbot
    jub0bs authored and gopherbot committed Mar 13, 2025
    Configuration menu
    Copy the full SHA
    ce56909 View commit details
    Browse the repository at this point in the history

Commits on Mar 19, 2025

  1. oauth2: remove extra period 

    Change-Id: I369d3bed0e28427b1e1d416952c3766932ba3773
GitHub-Last-Rev: ca611fe
GitHub-Pull-Request: #724
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/587017
Auto-Submit: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Shin Fan <shinfan@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
    @darkfeline @gopherbot
    darkfeline authored and gopherbot committed Mar 19, 2025
    Configuration menu
    Copy the full SHA
    65c15a3 View commit details
    Browse the repository at this point in the history
Loading