From 48e58e676a28b0c0c0bd4cfe9ccd8e1028edd376 Mon Sep 17 00:00:00 2001
From: Matt Van Gundy <matt.van.gundy@clio.com>
Date: Mon, 1 Jun 2026 11:43:47 -0700
Subject: [PATCH] Upgrade oauth2 dependency to 2.x

Bump the oauth2 dependency from ~> 1.1 to ~> 2.0. The only API change
affecting this gem is oauth2 2.0 changing the default :auth_scheme from
:request_body to :basic_auth. Dropbox expects the client credentials in
the request body, so set auth_scheme: :request_body explicitly to
preserve the prior behaviour.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 dropbox_api.gemspec              | 2 +-
 lib/dropbox_api/authenticator.rb | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/dropbox_api.gemspec b/dropbox_api.gemspec
index 09bf4abc..7f0f06bb 100644
--- a/dropbox_api.gemspec
+++ b/dropbox_api.gemspec
@@ -21,5 +21,5 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.3'
 
   spec.add_dependency 'faraday', '< 3.0'
-  spec.add_dependency 'oauth2', '~> 1.1'
+  spec.add_dependency 'oauth2', '~> 2.0'
 end
diff --git a/lib/dropbox_api/authenticator.rb b/lib/dropbox_api/authenticator.rb
index d2cf025a..80d6dce1 100644
--- a/lib/dropbox_api/authenticator.rb
+++ b/lib/dropbox_api/authenticator.rb
@@ -6,7 +6,11 @@ class Authenticator < OAuth2::Client
     def initialize(client_id, client_secret)
       super(client_id, client_secret, {
         authorize_url: 'https://www.dropbox.com/oauth2/authorize',
-        token_url: 'https://api.dropboxapi.com/oauth2/token'
+        token_url: 'https://api.dropboxapi.com/oauth2/token',
+        # oauth2 2.0 defaults `auth_scheme` to `:basic_auth`, sending the
+        # client credentials in the Authorization header. Dropbox expects them
+        # in the request body, which was the oauth2 1.x default behaviour.
+        auth_scheme: :request_body
       })
     end
   end