🔐 Oauth2

if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.

if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.

👣 How will this project approach the September 2025 hostile takeover of RubyGems? 🚑️

I've summarized my thoughts in [this blog post](https://dev.to/galtzo/hostile-takeover-of-rubygems-my-thoughts-5hlo).

🌻 Synopsis

OAuth 2.0 is the industry-standard protocol for authorization.
This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications.

⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)

Quick Examples

Convert the following `curl` command into a token request using this gem...

curl --request POST \
  --url 'https://login.microsoftonline.com/REDMOND_REDACTED/oauth2/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=REDMOND_CLIENT_ID \
  --data client_secret=REDMOND_CLIENT_SECRET \
  --data resource=REDMOND_RESOURCE_UUID

NOTE: In the ruby version below, certain params are passed to the get_token call, instead of the client creation.

client = OAuth2::Client.new(
  "REDMOND_CLIENT_ID", # client_id
  "REDMOND_CLIENT_SECRET", # client_secret
  auth_scheme: :request_body, # Other modes are supported: :basic_auth, :tls_client_auth, :private_key_jwt
  token_url: "oauth2/token", # relative path, except with leading `/`, then absolute path
  site: "https://login.microsoftonline.com/REDMOND_REDACTED",
)
client.
  client_credentials. # There are many other types to choose from!
  get_token(resource: "REDMOND_RESOURCE_UUID")

NOTE: header - The content type specified in the curl is already the default!

Complete E2E single file script against mock-oauth2-server

E2E example uses navikt/mock-oauth2-server, which was added in v2.0.11
E2E example does not ship with the released gem, so clone the source to play with it.

docker compose -f docker-compose-ssl.yml up -d --wait
ruby examples/e2e.rb
# If your machine is slow or Docker pulls are cold, increase the wait:
E2E_WAIT_TIMEOUT=120 ruby examples/e2e.rb
# The mock server serves HTTP on 8080; the example points to http://localhost:8080 by default.

The output should be something like this:

➜  ruby examples/e2e.rb
Access token (truncated): eyJraWQiOiJkZWZhdWx0...
userinfo status: 200
userinfo body: {"sub" => "demo-sub", "aud" => ["demo-aud"], "nbf" => 1757816758000, "iss" => "http://localhost:8080/default", "exp" => 1757820358000, "iat" => 1757816758000, "jti" => "d63b97a7-ebe5-4dea-93e6-d542caba6104"}
E2E complete

Make sure to shut down the mock server when you are done:

docker compose -f docker-compose-ssl.yml down

Troubleshooting: validate connectivity to the mock server

Check container status and port mapping:
- docker compose -f docker-compose-ssl.yml ps
From the host, try the discovery URL directly (this is what the example uses by default):
- curl -v http://localhost:8080/default/.well-known/openid-configuration
- If that fails immediately, also try: curl -v --connect-timeout 2 http://127.0.0.1:8080/default/.well-known/openid-configuration
From inside the container (to distinguish container vs. host networking):
- docker exec -it oauth2-mock-oauth2-server-1 curl -v http://127.0.0.1:8080/default/.well-known/openid-configuration
Simple TCP probe from the host:
- nc -vz localhost 8080 # or: ruby -rsocket -e 'TCPSocket.new("localhost",8080).close; puts "tcp ok"'
Inspect which host port 8080 is bound to (should be 8080):
- docker inspect -f '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' oauth2-mock-oauth2-server-1
Look at server logs for readiness/errors:
- docker logs -n 200 oauth2-mock-oauth2-server-1
On Linux, ensure nothing else is bound to 8080 and that firewall/SELinux aren’t blocking:
- ss -ltnp | grep :8080

Notes

Discovery URL pattern is: http://localhost:8080/<realm>/.well-known/openid-configuration, where <realm> defaults to default.
You can change these with env vars when running the example:
- E2E_ISSUER_BASE (default: http://localhost:8080)
- E2E_REALM (default: default)

If it seems like you are in the wrong place, you might try one of these:

OAuth 2.0 Spec
doorkeeper gem for OAuth 2.0 server/provider implementation.
oauth sibling gem for OAuth 1.0a implementations in Ruby.

💡 Info you can shake a stick at

Tokens to Remember
Works with JRuby
Works with Truffle Ruby
Works with MRI Ruby 4
Works with MRI Ruby 3
Works with MRI Ruby 2
Support & Community
Source
Documentation
Compliance
Style
Maintainer 🎖️
`...` 💖	🧊 🐙 🛖 🧪

Compatibility

Compatible with MRI Ruby 2.2.0+, and concordant releases of JRuby, and TruffleRuby.
CI workflows and Appraisals are generated for MRI Ruby 2.4+.
This test floor is configured by ruby.test_minimum in .kettle-jem.yml and
may be higher than the gem’s runtime compatibility floor when legacy Rubies are
not practical for the current toolchain.

🚚 Amazing test matrix was brought to you by	🔎 appraisal2 🔎 and the color 💚 green 💚
👟 Check it out!	✨ github.com/appraisal-rb/appraisal2 ✨

Federated DVCS

Find this repo on federated forges (Coming soon!)

Federated DVCS Repository	Status	Issues	PRs	Wiki	CI	Discussions
🧪 ruby-oauth/oauth2 on GitLab	The Truth	💚	💚	💚	🐭 Tiny Matrix	➖
🧊 ruby-oauth/oauth2 on CodeBerg	An Ethical Mirror (Donate)	💚	💚	➖	⭕️ No Matrix	➖
🐙 ruby-oauth/oauth2 on GitHub	Another Mirror	💚	💚	💚	💯 Full Matrix	💚
🎮️ Discord Server		Let’s	talk	about	this	library!

Enterprise Support

Available as part of the Tidelift Subscription.

Need enterprise-level guarantees?

The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use.

💡Subscribe for support guarantees covering all your FLOSS dependencies
💡Tidelift is part of Sonar
💡Tidelift pays maintainers to maintain the software you depend on!
📊@Pointy Haired Boss: An enterprise support subscription is “never gonna let you down”, and supports open source maintainers

Alternatively:

✨ Installation

Install the gem and add to the application’s Gemfile by executing:

bundle add oauth2

If bundler is not being used to manage dependencies, install the gem by executing:

gem install oauth2

⚙️ Configuration

Global settings for the library:

OAuth2.configure do |config|
  config.silence_extra_tokens_warning = false # default: true
  config.silence_no_tokens_warning = false    # default: true
end

Filtering-related settings:

OAuth2.configure do |config|
  config.filtered_label = "[REDACTED]" # default: "[FILTERED]"
  config.filtered_debug_keys += ["client_assertion"]
end

filtered_label controls the placeholder used when sensitive values are filtered from inspected objects and debug logging output.
filtered_debug_keys controls which key names have their values redacted from debug logging output when OAUTH_DEBUG=true.
Debug logging remains opt-in and should still be used cautiously in production environments.

🔧 Basic Usage

Client Initialization Options

OAuth2::Client.new accepts several options:

:site: The base URL for the OAuth 2.0 provider.
:authorize_url: The authorization endpoint (default: "oauth/authorize").
:token_url: The token endpoint (default: "oauth/token").
:auth_scheme: The authentication scheme (:basic_auth, :request_body, :tls_client_auth, :private_key_jwt). Default is :basic_auth.
:connection_opts: Options for the underlying Faraday connection (timeouts, proxy, etc.).
:raise_errors: Whether to raise OAuth2::Error on 400+ responses (default: true).

authorize_url and token_url

`authorize_url` and `token_url` are on site root (Just Works!)

require "oauth2"
client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org")
# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
client.auth_code.authorize_url(redirect_uri: "http://localhost:8080/oauth2/callback")
# => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"

access = client.auth_code.get_token("authorization_code_value", redirect_uri: "http://localhost:8080/oauth2/callback", headers: {"Authorization" => "Basic some_password"})
response = access.get("/api/resource", params: {"query_foo" => "bar"})
response.class.name
# => OAuth2::Response

Relative `authorize_url` and `token_url` (Not on site root, Just Works!)

In the above example, the default Authorization URL is oauth/authorize and default Access Token URL is oauth/token, and, as they are missing a leading /, both are relative.

client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/nested/directory/on/your/server")
# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
client.auth_code.authorize_url(redirect_uri: "http://localhost:8080/oauth2/callback")
# => "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"

Customize `authorize_url` and `token_url`

You can specify custom URLs for authorization and access token, and when using a leading / they will not be relative, as shown below:

client = OAuth2::Client.new(
  "client_id",
  "client_secret",
  site: "https://example.org/nested/directory/on/your/server",
  authorize_url: "/jaunty/authorize/",
  token_url: "/stirrups/access_token",
)
# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
client.auth_code.authorize_url(redirect_uri: "http://localhost:8080/oauth2/callback")
# => "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
client.class.name
# => OAuth2::Client

Advanced Initializers

client = OAuth2::Client.new(id, secret, site: site) do |faraday|
  faraday.request(:url_encoded)
  faraday.adapter(:net_http_persistent)
end

AccessToken Features

Instances of OAuth2::AccessToken handle request signing and token expiration.

Snake Case & Indifferent Access: response.parsed returns a SnakyHash allowing access via string/symbol and snake_case keys even if the provider returns CamelCase.
Auto-Refresh: You can manually check token.expired? and call token.refresh.
Serialization: Persist tokens using token.to_hash and restore via OAuth2::AccessToken.from_hash(client, hash).

snake_case and indifferent access in Response#parsed

response = access.get("/api/resource", params: {"query_foo" => "bar"})
# Even if the actual response is CamelCase. it will be made available as snaky:
JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
response.parsed                   # => {"access_token"=>"aaaaaaaa", "additional_data"=>"additional"}
response.parsed.access_token      # => "aaaaaaaa"
response.parsed[:access_token]    # => "aaaaaaaa"
response.parsed.additional_data   # => "additional"
response.parsed[:additional_data] # => "additional"
response.parsed.class.name        # => SnakyHash::StringKeyed (from snaky_hash gem)

Serialization

As of v2.0.11, if you need to serialize the parsed result, you can!

There are two ways to do this, globally, or discretely. The discrete way is recommended.

Global Serialization Config

Globally configure SnakyHash::StringKeyed to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails).

SnakyHash::StringKeyed.class_eval do
  extend SnakyHash::Serializer
end

Discrete Serialization Config

Discretely configure a custom Snaky Hash class to use the serializer.

class MySnakyHash < SnakyHash::StringKeyed
  # Give this hash class `dump` and `load` abilities!
  extend SnakyHash::Serializer
end

# And tell your client to use the custom class in each call:
client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
token = client.get_token({snaky_hash_klass: MySnakyHash})

Serialization Extensions

These extensions work regardless of whether you used the global or discrete config above.

There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
They are likely not needed if you are on a newer Ruby.
Expand the examples below, or the ruby-oauth/snaky_hash gem,
or response_spec.rb, for more ideas, especially if you need to study the hacks for older Rubies.

See Examples

class MySnakyHash < SnakyHash::StringKeyed
  # Give this hash class `dump` and `load` abilities!
  extend SnakyHash::Serializer

  #### Serialization Extentions
  #
  # Act on the non-hash values (including the values of hashes) as they are dumped to JSON
  # In other words, this retains nested hashes, and only the deepest leaf nodes become bananas.
  # WARNING: This is a silly example!
  dump_value_extensions.add(:to_fruit) do |value|
    "banana" # => Make values "banana" on dump
  end

  # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
  # In other words, this retains nested hashes, and only the deepest leaf nodes become ***.
  # WARNING: This is a silly example!
  load_value_extensions.add(:to_stars) do |value|
    "***" # Turn dumped bananas into *** when they are loaded
  end

  # Act on the entire hash as it is prepared for dumping to JSON
  # WARNING: This is a silly example!
  dump_hash_extensions.add(:to_cheese) do |value|
    if value.is_a?(Hash)
      value.transform_keys do |key|
        split = key.split("_")
        first_word = split[0]
        key.sub(first_word, "cheese")
      end
    else
      value
    end
  end

  # Act on the entire hash as it is loaded from the JSON dump
  # WARNING: This is a silly example!
  load_hash_extensions.add(:to_pizza) do |value|
    if value.is_a?(Hash)
      res = klass.new
      value.keys.each_with_object(res) do |key, result|
        split = key.split("_")
        last_word = split[-1]
        new_key = key.sub(last_word, "pizza")
        result[new_key] = value[key]
      end
      res
    else
      value
    end
  end
end

Prefer camelCase over snake_case? => snaky: false

response = access.get("/api/resource", params: {"query_foo" => "bar"}, snaky: false)
JSON.parse(response.body)         # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
response.parsed                   # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
response.parsed["accessToken"]    # => "aaaaaaaa"
response.parsed["additionalData"] # => "additional"
response.parsed.class.name        # => Hash (just, regular old Hash)

Debugging & Logging

Set an environment variable as per usual (e.g. with dotenv).

# will log both request and response, including bodies
ENV["OAUTH_DEBUG"] = "true"

By default, debug output will go to $stdout. This can be overridden when initializing your OAuth2::Client.

Sensitive values are filtered from debug logging output using:

OAuth2.config[:filtered_label]
OAuth2.config[:filtered_debug_keys]

Debug logging remains opt-in and should still be used cautiously in production environments.

require "oauth2"
client = OAuth2::Client.new(
  "client_id",
  "client_secret",
  site: "https://example.org",
  logger: Logger.new("example.log", "weekly"),
)

Request Target Trust Boundaries

This gem supports request flows that can involve absolute URLs in addition to relative paths.
That flexibility can expand trust boundaries when a token-bearing client is asked to send requests
to caller-provided targets.

Practical guidance:

prefer relative paths where practical
do not pass untrusted absolute URLs into token-bearing clients
validate or allowlist request targets at the application layer today if your deployment has strict trust-boundary requirements

This release line does not yet enforce same-host or allowlist request policy automatically.
If stricter outbound request controls are needed, they should currently be implemented by the calling application.

OAuth2::Response

The AccessToken methods #get, #post, #put and #delete and the generic #request
will return an instance of the OAuth2::Response class.

This instance contains a #parsed method that will parse the response body and
return a Hash-like SnakyHash::StringKeyed if the Content-Type is application/x-www-form-urlencoded or if
the body is a JSON object. It will return an Array if the body is a JSON
array. Otherwise, it will return the original body string.

The original response body, headers, and status can be accessed via their
respective methods.

OAuth2::AccessToken

If you have an existing Access Token for a user, you can initialize an instance
using various class methods including the standard new, from_hash (if you have
a hash of the values), or from_kvform (if you have an
application/x-www-form-urlencoded encoded string of the values).

Options (since v2.0.x unless noted):

expires_latency (Integer nil): Seconds to subtract from expires_in when computing #expired? to offset latency.

token_name (String Symbol nil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).

mode (Symbol Proc Hash): Controls how the token is transmitted on requests made via this AccessToken instance.
- :header — Send as Authorization: Bearer header (default and preferred by OAuth 2.1 draft guidance).
- :query — Send as access_token query parameter (discouraged in general, but required by some providers).
- Verb-dependent (since v2.0.15): Provide either:
  - a Proc taking |verb| and returning :header or :query, or
  - a Hash with verb symbols as keys, for example {get: :query, post: :header, delete: :header}.

Note: Verb-dependent mode supports providers like Instagram that require query mode for GET and header mode for POST/DELETE

Verb-dependent mode via Proc was added in v2.0.15
Verb-dependent mode via Hash was added in v2.0.16

OAuth2::Error

On 400+ status code responses, an OAuth2::Error will be raised. If it is a
standard OAuth2 error response, the body will be parsed and #code and #description will contain the values provided from the error and
error_description parameters. The #response property of OAuth2::Error will
always contain the OAuth2::Response instance.

If you do not want an error to be raised, you may use :raise_errors => false
option on initialization of the client. In this case the OAuth2::Response
instance will be returned as usual and on 400+ status code responses, the
Response instance will contain the OAuth2::Error instance.

Authorization Grants

Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
authentication grant types have helper strategy classes that simplify client
use. They are available via the #auth_code,
#implicit,
#password,
#client_credentials, and
#assertion methods respectively.

OAuth 2.1 (draft) Note:

PKCE is required for all OAuth clients using the authorization code flow (especially public clients). Implement PKCE in your app when required by your provider. See RFC 7636 and RFC 8252.
Implicit grant (response_type=token) and Resource Owner Password Credentials grant are omitted from OAuth 2.1; they remain here for OAuth 2.0 compatibility but should be avoided for new apps.
Redirect URIs must be compared using exact string matching by the Authorization Server.

OAuth 2.1 (draft) References

OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
Aaron Parecki: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
FusionAuth: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
Okta: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
Video: https://www.youtube.com/watch?v=g_aVPdwBTfw
Differences overview: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/

These aren’t full examples, but demonstrative of the differences between usage for each strategy.

auth_url = client.auth_code.authorize_url(redirect_uri: "http://localhost:8080/oauth/callback")
access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback")

auth_url = client.implicit.authorize_url(redirect_uri: "http://localhost:8080/oauth/callback")
# get the token params in the callback and
access = OAuth2::AccessToken.from_kvform(client, query_string)

access = client.password.get_token("username", "password")

access = client.client_credentials.get_token

# Client Assertion Strategy
# see: https://tools.ietf.org/html/rfc7523
claimset = {
  iss: "http://localhost:3001",
  aud: "http://localhost:8080/oauth2/token",
  sub: "me@example.com",
  exp: Time.now.utc.to_i + 3600,
}
assertion_params = [claimset, "HS256", "secret_key"]
access = client.assertion.get_token(assertion_params)

# The `access` (i.e. access token) is then used like so:
access.token # actual access_token string, if you need it somewhere
access.get("/api/stuff") # making api calls with access token

If you want to specify additional headers to be sent out with the
request, add a ‘headers’ hash under ‘params’:

access = client.auth_code.get_token("code_value", redirect_uri: "http://localhost:8080/oauth/callback", headers: {"Some" => "Header"})

You can always use the #request method on the OAuth2::Client instance to make
requests for tokens for any Authentication grant type.

🦷 FLOSS Funding

While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding.
Raising a monthly budget of… “dollars” would make the project more sustainable.

We welcome both individual and corporate sponsors! We also offer a
wide array of funding channels to account for your preferences.
Currently, Open Collective is our preferred funding platform.

If you’re working in a company that’s making significant use of ruby-oauth tools we’d
appreciate it if you suggest to your company to become a ruby-oauth sponsor.

You can support the development of ruby-oauth tools via
GitHub Sponsors,
Liberapay,
PayPal,
Open Collective
and Tidelift.

📍 NOTE
If doing a sponsorship in the form of donation is problematic for your company from an accounting standpoint, we’d recommend the use of Tidelift, where you can get a support-like subscription instead.

Open Collective for Individuals

Support us with a monthly donation and help us continue our activities. [Become a backer]

NOTE: kettle-readme-backers updates this list every day, automatically.

No backers yet. Be the first!

Open Collective for Organizations

Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]

NOTE: kettle-readme-backers updates this list every day, automatically.

No sponsors yet. Be the first!

Another way to support open-source

I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small. Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions. I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).

If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.

I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.

Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags

🔐 Security

See SECURITY.md.

🤝 Contributing

If you need some ideas of where to help, you could work on adding more code coverage,
or if it is already 💯 (see below) check issues or PRs,
or use the gem and think about how it could be better.

We so if you make changes, remember to update it.

See CONTRIBUTING.md for more detailed instructions.

🚀 Release Instructions

See CONTRIBUTING.md.

Code Coverage

Coverage service badges

🪇 Code of Conduct

Everyone interacting with this project’s codebases, issue trackers,
chat rooms and mailing lists agrees to follow the .

🌈 Contributors

Made with contributors-img.

Also see GitLab Contributors: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main

⭐️ Star History

📌 Versioning

This library follows for its public API where practical.
For most applications, prefer the Pessimistic Version Constraint with two digits of precision.

For example:

spec.add_dependency("oauth2", "~> 2.0")

📌 Is "Platform Support" part of the public API? More details inside.

Dropping support for a platform can be a breaking change for affected users. If a release changes supported platforms, it should be called out clearly in the changelog and versioned with that impact in mind.

To get a better understanding of how SemVer is intended to work over a project’s lifetime, read this article from the creator of SemVer:

“Major Version Numbers are Not Sacred”

See CHANGELOG.md for a list of releases.

📄 License

The gem is available as open source under the terms of
the MIT .

© Copyright

See LICENSE.md for the official copyright notice.

🤑 A request for help

Maintainers have teeth and need to pay their dentists.
After getting laid off in an RIF in March, and encountering difficulty finding a new one,
I began spending most of my time building open source tools.
I’m hoping to be able to pay for my kids’ health insurance this month,
so if you value the work I am doing, I need your support.
Please consider sponsoring me or the project.

To join the community or get help 👇️ Join the Discord.

To say “thanks!” ☝️ Join the Discord or 👇️ send money.

💌 💌 💌

Please give the project a star ⭐ ♥.

Many parts of this project are actively managed by a kettle-jem smart template utilizing StructuredMerge.org merge contracts.

Thanks for RTFM. ☺️