[ANN] rodauth-oauth 0.0.2 released

rodauth-oauth 0.8.2 has been released.

Project page: https://gitlab.com/honeyryderchuck/rodauth-oauth

rodauth-oauth is an implementation of the OAuth 2.0 framework on top of
rodauth to build OAuth authorization servers.

# as simple as
rodauth do
  enable :oauth
end

It provides the following features:

* Authorization grant flow;
* Access Token generation;
* Access Token refresh;
* Token revocation;
* Implicit grant (off by default);
* Access Type-enabled Grants (online and offline);
* PKCE;
* OAuth application and token management dashboards (optional);
* Rails support (through rodauth-rails);

# 0.0.2

### Features

* Implementation of PKCE by OAuth Public Clients (
https://tools.ietf.org/html/rfc7636);
* Implementation of grants using "access_type" and "approval_prompt"
([similar to what Google OAuth 2.0 API does](
https://wiki.scn.sap.com/wiki/display/Security/Access+Google+APIs+using+the+OAuth+2.0+Client+API)
);

### Improvements

* Store token/refresh token hashes in the database, instead of the "plain"
tokens;
* Client secret hashed by default, and provided by the application owner;

### Fix

* usage of client secret for authorizing the generation of tokens, as the
spec mandates (and refraining from them when doing PKCE).