Upgrade Strategy to MyMLH v4 API

.github/workflows/test.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest 
     strategy:
       matrix:
-        ruby: ['2.7', '3.2']
+        ruby: ['3.2']
     steps:
       - uses: actions/checkout@v2
       - name: Set up Ruby ${{ matrix.ruby }}

.gitignore

@@ -9,3 +9,4 @@
 /tmp/
 *.gem
 *.rbc
+vendor/

.rubocop.yml

@@ -1,10 +1,11 @@
-require: 
+require:
   - rubocop-rspec
   - rubocop-performance
 
 AllCops:
   # Ruby 2.7 is the MINIMUM Ruby version supported
   TargetRubyVersion: '2.7.0'
+  NewCops: enable
   Exclude:
     - vendor/**/*
 
@@ -13,16 +14,37 @@ Style/WordArray:
   EnforcedStyle: brackets
   Enabled: true
 
-Style/SymbolArray: 
+Style/SymbolArray:
   Description: Force symbol arrays to use bracket notation instead of %i
-  EnforcedStyle: brackets 
+  EnforcedStyle: brackets
   Enabled: true
 
 Style/RegexpLiteral:
   Description: Allow forward slashes within regular expressions
   AllowInnerSlashes: true
   Enabled: true
 
-RSpec/MultipleExpectations: 
-  Description: Allow tests to contain multiple expectations 
-  Enabled: false
+RSpec/MultipleExpectations:
+  Description: Allow tests to contain multiple expectations
+  Enabled: false
+
+# Configure new cops
+Gemspec/RequireMFA:
+  Enabled: false
+
+Style/OpenStructUse:
+  Enabled: false
+
+Performance/MapCompact:
+  Enabled: true
+
+RSpec/StringAsInstanceDoubleConstant:
+  Enabled: true
+
+# Allow more memoized helpers for complex test scenarios
+RSpec/MultipleMemoizedHelpers:
+  Max: 10
+
+# Disable development dependencies warning as it's a gem
+Gemspec/DevelopmentDependencies:
+  Enabled: false

README.md

@@ -7,10 +7,27 @@ This is the official [OmniAuth](https://github.com/omniauth/omniauth) strategy f
 authenticating with [MyMLH](https://my.mlh.io). To use it, you'll need to
 [register an application](https://my.mlh.io/oauth/applications) and obtain a OAuth Application ID and Secret from MyMLH.
 
-It now supports MyMLH API V3. [Read the MyMLH V3 docs here](https://my.mlh.io/docs).
+It supports MyMLH API V4. For API documentation, please contact MLH support.
 
 Once you have done so, you can follow the instructions below:
 
+## Breaking Changes in Version 2.0.0
+
+Version 2.0.0 introduces support for MyMLH API V4, which includes several breaking changes:
+
+1. New API Endpoints
+   - The API now uses `https://api.mlh.com` as the base URL
+   - User data is now fetched from `/v4/users/me`
+
+2. Updated Scope System
+   - New granular scope system
+   - Default scopes: `public user:read:profile user:read:email`
+   - The old scope system (e.g., 'default email birthday') is no longer supported
+
+3. Authentication Flow
+   - Only Authorization Code Flow is supported
+   - Implicit Grant Flow has been removed
+
 ## Requirements
 
 This Gem requires your Ruby version to be at least `2.2.0`, which is set
@@ -21,7 +38,7 @@ downstream by [Omniauth](https://github.com/omniauth/omniauth/blob/master/omniau
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'omniauth-mlh'
+gem 'omniauth-mlh', '~> 2.0'
 ```
 
 And then execute:
@@ -36,7 +53,8 @@ Or install it yourself as:
 
 ```ruby
 use OmniAuth::Builder do
-  provider :mlh, ENV['MY_MLH_KEY'], ENV['MY_MLH_SECRET'], scope: 'default email birthday'
+  provider :mlh, ENV['MY_MLH_KEY'], ENV['MY_MLH_SECRET'],
+          scope: 'public user:read:profile user:read:email'
 end
 ```
 
@@ -46,10 +64,30 @@ end
 # config/devise.rb
 
 Devise.setup do |config|
-  config.provider :mlh, ENV['MY_MLH_KEY'], ENV['MY_MLH_SECRET'], scope: 'default email birthday'
+  config.provider :mlh, ENV['MY_MLH_KEY'], ENV['MY_MLH_SECRET'],
+                 scope: 'public user:read:profile user:read:email'
 end
 ```
 
+## Migration Guide
+
+If you're upgrading from v1.x to v2.0.0:
+
+1. Update your gemfile to use version 2.0.0:
+   ```ruby
+   gem 'omniauth-mlh', '~> 2.0'
+   ```
+
+2. Update your scope configuration:
+   - Old: `scope: 'default email birthday'`
+   - New: `scope: 'public user:read:profile user:read:email'`
+
+3. If you're accessing the API directly:
+   - Update API base URL to `https://api.mlh.com`
+   - Update user endpoint to `/v4/users/me`
+
+4. Test your integration thoroughly as this is a breaking change
+
 ## Contributing
 
 For guidance on setting up a development environment and how to make a contribution to omniauth-mlh, see the [contributing guidelines](https://github.com/MLH/omniauth-mlh/blob/main/CONTRIBUTING.md).

lib/omniauth-mlh/version.rb

@@ -2,6 +2,6 @@
 
 module OmniAuth
   module MLH
-    VERSION = '1.0.1'
+    VERSION = '2.0.0'
   end
 end

lib/omniauth/strategies/mlh.rb

@@ -9,9 +9,19 @@ class MLH < OmniAuth::Strategies::OAuth2 # :nodoc:
       option :name, :mlh
 
       option :client_options, {
-        site: 'https://my.mlh.io',
-        authorize_url: 'oauth/authorize',
-        token_url: 'oauth/token'
+        site: 'https://api.mlh.com/v4',
+        authorize_url: 'https://my.mlh.io/oauth/authorize',
+        token_url: 'https://api.mlh.com/v4/oauth/token',
+        api_site: 'https://api.mlh.com' # New API endpoint
+      }
+
+      option :authorize_options, [:scope]
+      option :authorize_params, {
+        scope: 'public user:read:profile user:read:email' # Default scopes for v4
+      }
+
+      option :auth_token_params, {
+        auth_scheme: :request_body
       }
 
       uid { data[:id] }
@@ -38,7 +48,9 @@ class MLH < OmniAuth::Strategies::OAuth2 # :nodoc:
 
       def data
         @data ||= begin
-          access_token.get('/api/v3/user.json').parsed.deep_symbolize_keys[:data]
+          api_site = options.client_options[:api_site]
+          response = access_token.get("#{api_site}/v4/users/me").parsed
+          response.deep_symbolize_keys[:data]
         rescue StandardError
           {}
         end

omniauth-mlh.gemspec

@@ -20,13 +20,13 @@ Gem::Specification.new do |spec|
 
   spec.executables    = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   spec.files          = `git ls-files`.split("\n")
-  spec.test_files     = `git ls-files -- {test,spec,features}/*`.split("\n")
   spec.require_paths = ['lib']
 
   spec.add_dependency 'oauth2', '~> 2.0.9'
   spec.add_dependency 'omniauth', '~> 2.1.1'
   spec.add_dependency 'omniauth-oauth2', '~> 1.8.0'
 
+  spec.add_development_dependency 'activesupport', '~> 7.0'
   spec.add_development_dependency 'rack-test'
   spec.add_development_dependency 'rake', '~> 12.3.3'
   spec.add_development_dependency 'rspec', '~> 3.10'