From 3f287d6126759f0d390d2a6d94bd2f10d034ee7d Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" <peter.boling@gmail.com>
Date: Thu, 25 Sep 2025 11:42:48 -0600
Subject: [PATCH 1/3] =?UTF-8?q?=E2=9C=A8=20Threat=20Model?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .idea/copilotDiffState.xml | 17 ++++++++
 THREAT_MODEL.md            | 86 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 103 insertions(+)
 create mode 100644 .idea/copilotDiffState.xml
 create mode 100644 THREAT_MODEL.md

diff --git a/.idea/copilotDiffState.xml b/.idea/copilotDiffState.xml
new file mode 100644
index 00000000..1800110b
--- /dev/null
+++ b/.idea/copilotDiffState.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="CopilotDiffPersistence">
+    <option name="pendingDiffs">
+      <map>
+        <entry key="$PROJECT_DIR$/THREAT_MODEL.md">
+          <value>
+            <PendingDiffInfo>
+              <option name="filePath" value="$PROJECT_DIR$/THREAT_MODEL.md" />
+              <option name="updatedContent" value="# Threat Model Outline for oauth2 Ruby Gem&#10;&#10;## 1. Overview&#10;This document outlines the threat model for the `oauth2` Ruby gem, which implements OAuth 2.0, 2.1, and OIDC Core protocols. The gem is used to facilitate secure authorization and authentication in Ruby applications.&#10;&#10;## 2. Assets to Protect&#10;- OAuth access tokens, refresh tokens, and ID tokens&#10;- User credentials (if handled)&#10;- Client secrets and application credentials&#10;- Sensitive user data accessed via OAuth&#10;- Private keys and certificates (for signing/verifying tokens)&#10;&#10;## 3. Potential Threat Actors&#10;- External attackers (internet-based)&#10;- Malicious OAuth clients or resource servers&#10;- Insiders (developers, maintainers)&#10;- Compromised dependencies&#10;&#10;## 4. Attack Surfaces&#10;- OAuth endpoints (authorization, token, revocation, introspection)&#10;- HTTP request/response handling&#10;- Token storage and management&#10;- Configuration files and environment variables&#10;- Dependency supply chain&#10;&#10;## 5. Threats and Mitigations&#10;&#10;### 5.1 Token Leakage&#10;- **Threat:** Tokens exposed via logs, URLs, or insecure storage&#10;- **Mitigations:**&#10;  - Avoid logging sensitive tokens&#10;  - Use secure storage mechanisms&#10;  - Never expose tokens in URLs&#10;&#10;### 5.2 Token Replay and Forgery&#10;- **Threat:** Attackers reuse or forge tokens&#10;- **Mitigations:**&#10;  - Validate token signatures and claims&#10;  - Use short-lived tokens and refresh tokens&#10;  - Implement token revocation&#10;&#10;### 5.3 Insecure Communication&#10;- **Threat:** Data intercepted via MITM attacks&#10;- **Mitigations:**&#10;  - Enforce HTTPS for all communications&#10;  - Validate SSL/TLS certificates&#10;&#10;### 5.4 Client Secret Exposure&#10;- **Threat:** Client secrets leaked in code or version control&#10;- **Mitigations:**&#10;  - Store secrets in environment variables or secure vaults&#10;  - Never commit secrets to source control&#10;&#10;### 5.5 Dependency Vulnerabilities&#10;- **Threat:** Vulnerabilities in third-party libraries&#10;- **Mitigations:**&#10;  - Regularly update dependencies&#10;  - Use tools like `bundler-audit` for vulnerability scanning&#10;&#10;### 5.6 Improper Input Validation&#10;- **Threat:** Injection attacks via untrusted input&#10;- **Mitigations:**&#10;  - Validate and sanitize all inputs&#10;  - Use parameterized queries and safe APIs&#10;&#10;### 5.7 Insufficient Logging and Monitoring&#10;- **Threat:** Attacks go undetected&#10;- **Mitigations:**&#10;  - Log security-relevant events (without sensitive data)&#10;  - Monitor for suspicious activity&#10;&#10;## 6. Assumptions&#10;- The gem is used in a secure environment with up-to-date Ruby and dependencies&#10;- End-users are responsible for secure configuration and deployment&#10;&#10;## 7. Out of Scope&#10;- Security of external OAuth providers&#10;- Application-level business logic&#10;&#10;## 8. References&#10;- [OAuth 2.0 Threat Model and Security Considerations (RFC 6819)](https://tools.ietf.org/html/rfc6819)&#10;- [OWASP Top Ten](https://owasp.org/www-project-top-ten/)&#10;&#10;---&#10;This outline should be reviewed and updated regularly as the project evolves.&#10;" />
+            </PendingDiffInfo>
+          </value>
+        </entry>
+      </map>
+    </option>
+  </component>
+</project>
\ No newline at end of file
diff --git a/THREAT_MODEL.md b/THREAT_MODEL.md
new file mode 100644
index 00000000..430b293d
--- /dev/null
+++ b/THREAT_MODEL.md
@@ -0,0 +1,86 @@
+# Threat Model Outline for oauth2 Ruby Gem
+
+## 1. Overview
+This document outlines the threat model for the `oauth2` Ruby gem, which implements OAuth 2.0, 2.1, and OIDC Core protocols. The gem is used to facilitate secure authorization and authentication in Ruby applications.
+
+## 2. Assets to Protect
+- OAuth access tokens, refresh tokens, and ID tokens
+- User credentials (if handled)
+- Client secrets and application credentials
+- Sensitive user data accessed via OAuth
+- Private keys and certificates (for signing/verifying tokens)
+
+## 3. Potential Threat Actors
+- External attackers (internet-based)
+- Malicious OAuth clients or resource servers
+- Insiders (developers, maintainers)
+- Compromised dependencies
+
+## 4. Attack Surfaces
+- OAuth endpoints (authorization, token, revocation, introspection)
+- HTTP request/response handling
+- Token storage and management
+- Configuration files and environment variables
+- Dependency supply chain
+
+## 5. Threats and Mitigations
+
+### 5.1 Token Leakage
+- **Threat:** Tokens exposed via logs, URLs, or insecure storage
+- **Mitigations:**
+  - Avoid logging sensitive tokens
+  - Use secure storage mechanisms
+  - Never expose tokens in URLs
+
+### 5.2 Token Replay and Forgery
+- **Threat:** Attackers reuse or forge tokens
+- **Mitigations:**
+  - Validate token signatures and claims
+  - Use short-lived tokens and refresh tokens
+  - Implement token revocation
+
+### 5.3 Insecure Communication
+- **Threat:** Data intercepted via MITM attacks
+- **Mitigations:**
+  - Enforce HTTPS for all communications
+  - Validate SSL/TLS certificates
+
+### 5.4 Client Secret Exposure
+- **Threat:** Client secrets leaked in code or version control
+- **Mitigations:**
+  - Store secrets in environment variables or secure vaults
+  - Never commit secrets to source control
+
+### 5.5 Dependency Vulnerabilities
+- **Threat:** Vulnerabilities in third-party libraries
+- **Mitigations:**
+  - Regularly update dependencies
+  - Use tools like `bundler-audit` for vulnerability scanning
+
+### 5.6 Improper Input Validation
+- **Threat:** Injection attacks via untrusted input
+- **Mitigations:**
+  - Validate and sanitize all inputs
+  - Use parameterized queries and safe APIs
+
+### 5.7 Insufficient Logging and Monitoring
+- **Threat:** Attacks go undetected
+- **Mitigations:**
+  - Log security-relevant events (without sensitive data)
+  - Monitor for suspicious activity
+
+## 6. Assumptions
+- The gem is used in a secure environment with up-to-date Ruby and dependencies
+- End-users are responsible for secure configuration and deployment
+
+## 7. Out of Scope
+- Security of external OAuth providers
+- Application-level business logic
+
+## 8. References
+- [OAuth 2.0 Threat Model and Security Considerations (RFC 6819)](https://tools.ietf.org/html/rfc6819)
+- [OWASP Top Ten](https://owasp.org/www-project-top-ten/)
+
+---
+This outline should be reviewed and updated regularly as the project evolves.
+

From b565429d2e3a610a253c489c766982e42accdad1 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" <peter.boling@gmail.com>
Date: Thu, 25 Sep 2025 11:48:16 -0600
Subject: [PATCH 2/3] =?UTF-8?q?=F0=9F=93=9D=20Threat=20Model?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 15f081c5..190f2420 100644
--- a/README.md
+++ b/README.md
@@ -129,19 +129,19 @@ If it seems like you are in the wrong place, you might try one of these:
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                        |
-|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] <br/> [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                        |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] <br/> [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                          |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                       |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] <br/> [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                            |
-| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                     |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                       |
-| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                        |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                    |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                 |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                                                                               |
+|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] <br/> [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                                                                               |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] <br/> [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                                                                                 |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                                                                              |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] <br/> [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                                                                                   |
+| Support & Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                            |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                                                                              |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                                                                               |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Threat Model][🔐threat-model-img]][🔐threat-model]  [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                                                                       |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                           |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                        |
 
 ### Compatibility
 
@@ -1325,7 +1325,7 @@ I’m developing a new library, [floss_funding][🖇floss-funding-gem], designed
 To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 
-For more see [SECURITY.md][🔐security] and [IRP.md][🔐irp].
+For more see [SECURITY.md][🔐security], [THREAT_MODEL.md][🔐threat-model], and [IRP.md][🔐irp].
 
 ## 🤝 Contributing
 
@@ -1649,7 +1649,9 @@ Thanks for RTFM. ☺️
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [🔐irp]: IRP.md
-[🔐irp-img]: https://img.shields.io/badge/irp-259D6C.svg?style=flat
+[🔐irp-img]: https://img.shields.io/badge/IRP-259D6C.svg?style=flat
+[🔐threat-model]: THREAT_MODEL.md
+[🔐threat-model-img]: https://img.shields.io/badge/threat-model-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
 [📄license]: LICENSE.txt
 [📄license-ref]: https://opensource.org/licenses/MIT

From c04db0821dd454fea4dd122c8ddab9b7838894e1 Mon Sep 17 00:00:00 2001
From: "Peter H. Boling" <peter.boling@gmail.com>
Date: Thu, 25 Sep 2025 11:50:48 -0600
Subject: [PATCH 3/3] =?UTF-8?q?=F0=9F=93=9D=20Update=20docs=20site?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/OAuth2.html                              |   2 +-
 docs/OAuth2/AccessToken.html                  |   2 +-
 docs/OAuth2/Authenticator.html                |   2 +-
 docs/OAuth2/Client.html                       |   2 +-
 docs/OAuth2/Error.html                        |   2 +-
 docs/OAuth2/FilteredAttributes.html           |   2 +-
 .../FilteredAttributes/ClassMethods.html      |   2 +-
 docs/OAuth2/Response.html                     |   2 +-
 docs/OAuth2/Strategy.html                     |   2 +-
 docs/OAuth2/Strategy/Assertion.html           |   2 +-
 docs/OAuth2/Strategy/AuthCode.html            |   2 +-
 docs/OAuth2/Strategy/Base.html                |   2 +-
 docs/OAuth2/Strategy/ClientCredentials.html   |   2 +-
 docs/OAuth2/Strategy/Implicit.html            |   2 +-
 docs/OAuth2/Strategy/Password.html            |   2 +-
 docs/OAuth2/Version.html                      |   2 +-
 docs/_index.html                              |  61 ++---
 docs/file.CHANGELOG.html                      |   2 +-
 docs/file.CITATION.html                       |   2 +-
 docs/file.CODE_OF_CONDUCT.html                |   2 +-
 docs/file.CONTRIBUTING.html                   |   2 +-
 docs/file.FUNDING.html                        |   2 +-
 docs/file.IRP.html                            |   9 +-
 docs/file.LICENSE.html                        |   2 +-
 docs/file.OIDC.html                           |   2 +-
 docs/file.README.html                         |  34 +--
 docs/file.REEK.html                           |   2 +-
 docs/file.RUBOCOP.html                        |   2 +-
 docs/file.SECURITY.html                       |   2 +-
 docs/file.THREAT_MODEL.html                   | 216 ++++++++++++++++++
 docs/file.access_token.html                   |   2 +-
 docs/file.authenticator.html                  |   2 +-
 docs/file.client.html                         |   2 +-
 docs/file.error.html                          |   2 +-
 docs/file.filtered_attributes.html            |   2 +-
 docs/file.oauth2-2.0.10.gem.html              |   2 +-
 docs/file.oauth2-2.0.11.gem.html              |   2 +-
 docs/file.oauth2-2.0.12.gem.html              |   2 +-
 docs/file.oauth2-2.0.13.gem.html              |   2 +-
 docs/file.oauth2-2.0.14.gem.html              |   2 +-
 docs/file.oauth2-2.0.15.gem.html              |   2 +-
 docs/file.oauth2-2.0.16.gem.html              |   2 +-
 docs/file.oauth2-2.0.17.gem.html              |   2 +-
 docs/file.oauth2.html                         |   2 +-
 docs/file.response.html                       |   2 +-
 docs/file.strategy.html                       |   2 +-
 docs/file.version.html                        |   2 +-
 docs/file_list.html                           |  61 ++---
 docs/index.html                               |  34 +--
 docs/top-level-namespace.html                 |   2 +-
 50 files changed, 367 insertions(+), 136 deletions(-)
 create mode 100644 docs/file.THREAT_MODEL.html

diff --git a/docs/OAuth2.html b/docs/OAuth2.html
index 1e3c3468..3ca5c041 100644
--- a/docs/OAuth2.html
+++ b/docs/OAuth2.html
@@ -415,7 +415,7 @@ <h3 class="signature first" id="configure-class_method">
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html
index f7d97474..7d07ab1e 100644
--- a/docs/OAuth2/AccessToken.html
+++ b/docs/OAuth2/AccessToken.html
@@ -3083,7 +3083,7 @@ <h3 class="signature " id="to_hash-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index 5f2dda28..0cb01dbe 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ <h3 class="signature first" id="apply-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 6bafad99..c50ad592 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ <h3 class="signature " id="token_url-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index c4633eda..2e23dff5 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ <h3 class="signature " id="response-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 06bf41be..93942485 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ <h3 class="signature first" id="inspect-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index fd1d9162..fc2ad592 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ <h3 class="signature " id="filtered_attributes-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index 8136150c..f2f77289 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ <h3 class="signature " id="status-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index c5eb1311..a75d5e8d 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ <h2>Defined Under Namespace</h2>
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index 8dcb69cb..8f3917bb 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ <h3 class="signature " id="get_token-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index 0d6bf5a3..9cf98f7c 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ <h3 class="signature " id="get_token-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index dbdc8af0..4b7954d8 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ <h3 class="signature first" id="initialize-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index c5ed61d8..32ccd5ca 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ <h3 class="signature " id="get_token-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 42064b4c..8c336a7e 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ <h3 class="signature " id="get_token-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 47344a51..c063b0a7 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ <h3 class="signature " id="get_token-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index c9814a83..3959a0a5 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -111,7 +111,7 @@ <h2>
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/_index.html b/docs/_index.html
index a97b0e0d..cd86d203 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -87,88 +87,91 @@ <h2>File Listing</h2>
     <li class="r1"><a href="file.SECURITY.html" title="SECURITY">SECURITY</a></li>
     
   
-    <li class="r2"><a href="file.LICENSE.html" title="LICENSE">LICENSE</a></li>
+    <li class="r2"><a href="file.THREAT_MODEL.html" title="THREAT_MODEL">THREAT_MODEL</a></li>
     
   
-    <li class="r1"><a href="file.CITATION.html" title="CITATION">CITATION</a></li>
+    <li class="r1"><a href="file.LICENSE.html" title="LICENSE">LICENSE</a></li>
     
   
-    <li class="r2"><a href="file.oauth2-2.0.10.gem.html" title="oauth2-2.0.10.gem">oauth2-2.0.10.gem</a></li>
+    <li class="r2"><a href="file.CITATION.html" title="CITATION">CITATION</a></li>
     
   
-    <li class="r1"><a href="file.oauth2-2.0.11.gem.html" title="oauth2-2.0.11.gem">oauth2-2.0.11.gem</a></li>
+    <li class="r1"><a href="file.oauth2-2.0.10.gem.html" title="oauth2-2.0.10.gem">oauth2-2.0.10.gem</a></li>
     
   
-    <li class="r2"><a href="file.oauth2-2.0.12.gem.html" title="oauth2-2.0.12.gem">oauth2-2.0.12.gem</a></li>
+    <li class="r2"><a href="file.oauth2-2.0.11.gem.html" title="oauth2-2.0.11.gem">oauth2-2.0.11.gem</a></li>
     
   
-    <li class="r1"><a href="file.oauth2-2.0.13.gem.html" title="oauth2-2.0.13.gem">oauth2-2.0.13.gem</a></li>
+    <li class="r1"><a href="file.oauth2-2.0.12.gem.html" title="oauth2-2.0.12.gem">oauth2-2.0.12.gem</a></li>
     
   
-    <li class="r2"><a href="file.oauth2-2.0.14.gem.html" title="oauth2-2.0.14.gem">oauth2-2.0.14.gem</a></li>
+    <li class="r2"><a href="file.oauth2-2.0.13.gem.html" title="oauth2-2.0.13.gem">oauth2-2.0.13.gem</a></li>
     
   
-    <li class="r1"><a href="file.oauth2-2.0.15.gem.html" title="oauth2-2.0.15.gem">oauth2-2.0.15.gem</a></li>
+    <li class="r1"><a href="file.oauth2-2.0.14.gem.html" title="oauth2-2.0.14.gem">oauth2-2.0.14.gem</a></li>
     
   
-    <li class="r2"><a href="file.oauth2-2.0.16.gem.html" title="oauth2-2.0.16.gem">oauth2-2.0.16.gem</a></li>
+    <li class="r2"><a href="file.oauth2-2.0.15.gem.html" title="oauth2-2.0.15.gem">oauth2-2.0.15.gem</a></li>
     
   
-    <li class="r1"><a href="file.oauth2-2.0.17.gem.html" title="oauth2-2.0.17.gem">oauth2-2.0.17.gem</a></li>
+    <li class="r1"><a href="file.oauth2-2.0.16.gem.html" title="oauth2-2.0.16.gem">oauth2-2.0.16.gem</a></li>
     
   
-    <li class="r2"><a href="file.oauth2-2.0.10.gem.html" title="oauth2-2.0.10.gem">oauth2-2.0.10.gem</a></li>
+    <li class="r2"><a href="file.oauth2-2.0.17.gem.html" title="oauth2-2.0.17.gem">oauth2-2.0.17.gem</a></li>
     
   
-    <li class="r1"><a href="file.oauth2-2.0.11.gem.html" title="oauth2-2.0.11.gem">oauth2-2.0.11.gem</a></li>
+    <li class="r1"><a href="file.oauth2-2.0.10.gem.html" title="oauth2-2.0.10.gem">oauth2-2.0.10.gem</a></li>
     
   
-    <li class="r2"><a href="file.oauth2-2.0.12.gem.html" title="oauth2-2.0.12.gem">oauth2-2.0.12.gem</a></li>
+    <li class="r2"><a href="file.oauth2-2.0.11.gem.html" title="oauth2-2.0.11.gem">oauth2-2.0.11.gem</a></li>
     
   
-    <li class="r1"><a href="file.oauth2-2.0.13.gem.html" title="oauth2-2.0.13.gem">oauth2-2.0.13.gem</a></li>
+    <li class="r1"><a href="file.oauth2-2.0.12.gem.html" title="oauth2-2.0.12.gem">oauth2-2.0.12.gem</a></li>
     
   
-    <li class="r2"><a href="file.oauth2-2.0.14.gem.html" title="oauth2-2.0.14.gem">oauth2-2.0.14.gem</a></li>
+    <li class="r2"><a href="file.oauth2-2.0.13.gem.html" title="oauth2-2.0.13.gem">oauth2-2.0.13.gem</a></li>
     
   
-    <li class="r1"><a href="file.oauth2-2.0.15.gem.html" title="oauth2-2.0.15.gem">oauth2-2.0.15.gem</a></li>
+    <li class="r1"><a href="file.oauth2-2.0.14.gem.html" title="oauth2-2.0.14.gem">oauth2-2.0.14.gem</a></li>
     
   
-    <li class="r2"><a href="file.oauth2-2.0.16.gem.html" title="oauth2-2.0.16.gem">oauth2-2.0.16.gem</a></li>
+    <li class="r2"><a href="file.oauth2-2.0.15.gem.html" title="oauth2-2.0.15.gem">oauth2-2.0.15.gem</a></li>
     
   
-    <li class="r1"><a href="file.oauth2-2.0.17.gem.html" title="oauth2-2.0.17.gem">oauth2-2.0.17.gem</a></li>
+    <li class="r1"><a href="file.oauth2-2.0.16.gem.html" title="oauth2-2.0.16.gem">oauth2-2.0.16.gem</a></li>
     
   
-    <li class="r2"><a href="file.REEK.html" title="REEK">REEK</a></li>
+    <li class="r2"><a href="file.oauth2-2.0.17.gem.html" title="oauth2-2.0.17.gem">oauth2-2.0.17.gem</a></li>
     
   
-    <li class="r1"><a href="file.access_token.html" title="access_token">access_token</a></li>
+    <li class="r1"><a href="file.REEK.html" title="REEK">REEK</a></li>
     
   
-    <li class="r2"><a href="file.authenticator.html" title="authenticator">authenticator</a></li>
+    <li class="r2"><a href="file.access_token.html" title="access_token">access_token</a></li>
     
   
-    <li class="r1"><a href="file.client.html" title="client">client</a></li>
+    <li class="r1"><a href="file.authenticator.html" title="authenticator">authenticator</a></li>
     
   
-    <li class="r2"><a href="file.error.html" title="error">error</a></li>
+    <li class="r2"><a href="file.client.html" title="client">client</a></li>
     
   
-    <li class="r1"><a href="file.filtered_attributes.html" title="filtered_attributes">filtered_attributes</a></li>
+    <li class="r1"><a href="file.error.html" title="error">error</a></li>
     
   
-    <li class="r2"><a href="file.response.html" title="response">response</a></li>
+    <li class="r2"><a href="file.filtered_attributes.html" title="filtered_attributes">filtered_attributes</a></li>
     
   
-    <li class="r1"><a href="file.strategy.html" title="strategy">strategy</a></li>
+    <li class="r1"><a href="file.response.html" title="response">response</a></li>
     
   
-    <li class="r2"><a href="file.version.html" title="version">version</a></li>
+    <li class="r2"><a href="file.strategy.html" title="strategy">strategy</a></li>
     
   
-    <li class="r1"><a href="file.oauth2.html" title="oauth2">oauth2</a></li>
+    <li class="r1"><a href="file.version.html" title="version">version</a></li>
+    
+  
+    <li class="r2"><a href="file.oauth2.html" title="oauth2">oauth2</a></li>
     
   
   </ul>
@@ -393,7 +396,7 @@ <h2>Namespace Listing A-Z</h2>
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:25 2025 by
+  Generated on Thu Sep 25 11:50:26 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index eac16fe4..43671ea7 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -1290,7 +1290,7 @@ <h2 id="001---2010-04-22">
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index f5619201..6667e4a7 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 4b2c9cff..4e34bb2e 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ <h2 id="attribution">Attribution</h2>
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 892243e0..69803d2c 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -308,7 +308,7 @@ <h4 id="manual-process">Manual process</h4>
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index dddb80ee..aab97aa9 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ <h1 id="another-way-to-support-open-source-software">Another Way to Support Open
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.IRP.html b/docs/file.IRP.html
index 1272fe95..b2fb8145 100644
--- a/docs/file.IRP.html
+++ b/docs/file.IRP.html
@@ -62,12 +62,14 @@
 <p>Status: Draft</p>
 
 <h2 id="purpose">Purpose</h2>
+
 <p>This Incident Response Plan (IRP) defines the steps the project maintainer(s) will follow when handling security incidents related to the <code>oauth2</code> gem. It is written for a small project with a single primary maintainer and is intended to be practical, concise, and actionable.</p>
 
 <h2 id="scope">Scope</h2>
+
 <p>Applies to security incidents that affect the <code>oauth2</code> codebase, releases (gems), CI/CD infrastructure related to building and publishing the gem, repository credentials, or any compromise of project infrastructure that could impact users.</p>
 
-<p>Key assumptions</p>
+<h2 id="key-assumptions">Key assumptions</h2>
 <ul>
   <li>This project is maintained primarily by a single maintainer.</li>
   <li>Public vulnerability disclosure is handled via Tidelift (see <code>SECURITY.md</code>).</li>
@@ -75,12 +77,13 @@ <h2 id="scope">Scope</h2>
 </ul>
 
 <h2 id="contact--roles">Contact &amp; Roles</h2>
+
 <ul>
   <li>Incident Commander: Primary maintainer (repo owner). Responsible for coordinating triage, remediation, and communications.</li>
   <li>Secondary Contact: (optional) A trusted collaborator or organization contact if available.</li>
 </ul>
 
-<p>If you are an external reporter</p>
+<h3 id="if-you-are-an-external-reporter">If you are an external reporter</h3>
 <ul>
   <li>Do not publicly disclose details of an active vulnerability before coordination via Tidelift.</li>
   <li>See <code>SECURITY.md</code> for Tidelift disclosure instructions. If the reporter has questions and cannot use Tidelift, they may open a direct encrypted report as described in <code>SECURITY.md</code> (if available) or email the maintainer contact listed in the repository.</li>
@@ -208,7 +211,7 @@ <h2 id="appendix-example-checklist-for-an-incident">Appendix: Example checklist
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 4d29fd40..db020c50 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       <div id="content"><div id='filecontents'>MIT License<br><br>Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors<br>Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.<br><br>Permission is hereby granted, free of charge, to any person obtaining a copy<br>of this software and associated documentation files (the "Software"), to deal<br>in the Software without restriction, including without limitation the rights<br>to use, copy, modify, merge, publish, distribute, sublicense, and/or sell<br>copies of the Software, and to permit persons to whom the Software is<br>furnished to do so, subject to the following conditions:<br><br>The above copyright notice and this permission notice shall be included in all<br>copies or substantial portions of the Software.<br><br>THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR<br>IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,<br>FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE<br>AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER<br>LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,<br>OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br>SOFTWARE.</div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index acaec720..60f480af 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ <h2 id="raw-oidc-with-ruby-oauthoauth2">Raw OIDC with ruby-oauth/oauth2</h2>
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.README.html b/docs/file.README.html
index bd7449c0..1801f9bb 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -181,19 +181,19 @@ <h3 id="quick-examples">Quick Examples</h3>
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                        |
-|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] <br> [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                        |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] <br> [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                          |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                       |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] <br> [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                            |
-| Support &amp; Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                     |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                       |
-| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                        |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                    |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                 |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                                                                               |
+|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] <br> [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                                                                               |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] <br> [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                                                                                 |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                                                                              |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] <br> [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                                                                                   |
+| Support &amp; Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                            |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                                                                              |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                                                                               |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Threat Model][🔐threat-model-img]][🔐threat-model]  [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                                                                       |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                           |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                        |
 
 ### Compatibility
 
@@ -1377,7 +1377,7 @@ <h3 id="quick-examples">Quick Examples</h3>
 To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 
-For more see [SECURITY.md][🔐security] and [IRP.md][🔐irp].
+For more see [SECURITY.md][🔐security], [THREAT_MODEL.md][🔐threat-model], and [IRP.md][🔐irp].
 
 ## 🤝 Contributing
 
@@ -1701,7 +1701,9 @@ <h3 id="quick-examples">Quick Examples</h3>
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [🔐irp]: IRP.md
-[🔐irp-img]: https://img.shields.io/badge/irp-259D6C.svg?style=flat
+[🔐irp-img]: https://img.shields.io/badge/IRP-259D6C.svg?style=flat
+[🔐threat-model]: THREAT_MODEL.md
+[🔐threat-model-img]: https://img.shields.io/badge/threat-model-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
 [📄license]: LICENSE.txt
 [📄license-ref]: https://opensource.org/licenses/MIT
@@ -1733,7 +1735,7 @@ <h3 id="quick-examples">Quick Examples</h3>
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index 9fc5bb19..bc4f2767 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index b3ea38b7..f8f449c1 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ <h2 id="benefits-of-rubocop_gradual">Benefits of rubocop_gradual</h2>
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index 8763dd03..21f8e0dd 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -93,7 +93,7 @@ <h2 id="additional-support">Additional Support</h2>
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.THREAT_MODEL.html b/docs/file.THREAT_MODEL.html
new file mode 100644
index 00000000..eabbf1c6
--- /dev/null
+++ b/docs/file.THREAT_MODEL.html
@@ -0,0 +1,216 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>
+  File: THREAT_MODEL
+  
+    &mdash; Documentation by YARD 0.9.37
+  
+</title>
+
+  <link rel="stylesheet" href="css/style.css" type="text/css" />
+
+  <link rel="stylesheet" href="css/common.css" type="text/css" />
+
+<script type="text/javascript">
+  pathId = "THREAT_MODEL";
+  relpath = '';
+</script>
+
+
+  <script type="text/javascript" charset="utf-8" src="js/jquery.js"></script>
+
+  <script type="text/javascript" charset="utf-8" src="js/app.js"></script>
+
+
+  </head>
+  <body>
+    <div class="nav_wrap">
+      <iframe id="nav" src="file_list.html?1"></iframe>
+      <div id="resizer"></div>
+    </div>
+
+    <div id="main" tabindex="-1">
+      <div id="header">
+        <div id="menu">
+  
+    <a href="_index.html">Index</a> &raquo; 
+    <span class="title">File: THREAT_MODEL</span>
+  
+</div>
+
+        <div id="search">
+  
+    <a class="full_list_link" id="class_list_link"
+        href="class_list.html">
+
+        <svg width="24" height="24">
+          <rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
+          <rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
+          <rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
+        </svg>
+    </a>
+  
+</div>
+        <div class="clear"></div>
+      </div>
+
+      <div id="content"><div id='filecontents'><h1 id="threat-model-outline-for-oauth2-ruby-gem">Threat Model Outline for oauth2 Ruby Gem</h1>
+
+<h2 id="1-overview">1. Overview</h2>
+<p>This document outlines the threat model for the <code>oauth2</code> Ruby gem, which implements OAuth 2.0, 2.1, and OIDC Core protocols. The gem is used to facilitate secure authorization and authentication in Ruby applications.</p>
+
+<h2 id="2-assets-to-protect">2. Assets to Protect</h2>
+<ul>
+  <li>OAuth access tokens, refresh tokens, and ID tokens</li>
+  <li>User credentials (if handled)</li>
+  <li>Client secrets and application credentials</li>
+  <li>Sensitive user data accessed via OAuth</li>
+  <li>Private keys and certificates (for signing/verifying tokens)</li>
+</ul>
+
+<h2 id="3-potential-threat-actors">3. Potential Threat Actors</h2>
+<ul>
+  <li>External attackers (internet-based)</li>
+  <li>Malicious OAuth clients or resource servers</li>
+  <li>Insiders (developers, maintainers)</li>
+  <li>Compromised dependencies</li>
+</ul>
+
+<h2 id="4-attack-surfaces">4. Attack Surfaces</h2>
+<ul>
+  <li>OAuth endpoints (authorization, token, revocation, introspection)</li>
+  <li>HTTP request/response handling</li>
+  <li>Token storage and management</li>
+  <li>Configuration files and environment variables</li>
+  <li>Dependency supply chain</li>
+</ul>
+
+<h2 id="5-threats-and-mitigations">5. Threats and Mitigations</h2>
+
+<h3 id="51-token-leakage">5.1 Token Leakage</h3>
+<ul>
+  <li>
+<strong>Threat:</strong> Tokens exposed via logs, URLs, or insecure storage</li>
+  <li>
+<strong>Mitigations:</strong>
+    <ul>
+      <li>Avoid logging sensitive tokens</li>
+      <li>Use secure storage mechanisms</li>
+      <li>Never expose tokens in URLs</li>
+    </ul>
+  </li>
+</ul>
+
+<h3 id="52-token-replay-and-forgery">5.2 Token Replay and Forgery</h3>
+<ul>
+  <li>
+<strong>Threat:</strong> Attackers reuse or forge tokens</li>
+  <li>
+<strong>Mitigations:</strong>
+    <ul>
+      <li>Validate token signatures and claims</li>
+      <li>Use short-lived tokens and refresh tokens</li>
+      <li>Implement token revocation</li>
+    </ul>
+  </li>
+</ul>
+
+<h3 id="53-insecure-communication">5.3 Insecure Communication</h3>
+<ul>
+  <li>
+<strong>Threat:</strong> Data intercepted via MITM attacks</li>
+  <li>
+<strong>Mitigations:</strong>
+    <ul>
+      <li>Enforce HTTPS for all communications</li>
+      <li>Validate SSL/TLS certificates</li>
+    </ul>
+  </li>
+</ul>
+
+<h3 id="54-client-secret-exposure">5.4 Client Secret Exposure</h3>
+<ul>
+  <li>
+<strong>Threat:</strong> Client secrets leaked in code or version control</li>
+  <li>
+<strong>Mitigations:</strong>
+    <ul>
+      <li>Store secrets in environment variables or secure vaults</li>
+      <li>Never commit secrets to source control</li>
+    </ul>
+  </li>
+</ul>
+
+<h3 id="55-dependency-vulnerabilities">5.5 Dependency Vulnerabilities</h3>
+<ul>
+  <li>
+<strong>Threat:</strong> Vulnerabilities in third-party libraries</li>
+  <li>
+<strong>Mitigations:</strong>
+    <ul>
+      <li>Regularly update dependencies</li>
+      <li>Use tools like <code>bundler-audit</code> for vulnerability scanning</li>
+    </ul>
+  </li>
+</ul>
+
+<h3 id="56-improper-input-validation">5.6 Improper Input Validation</h3>
+<ul>
+  <li>
+<strong>Threat:</strong> Injection attacks via untrusted input</li>
+  <li>
+<strong>Mitigations:</strong>
+    <ul>
+      <li>Validate and sanitize all inputs</li>
+      <li>Use parameterized queries and safe APIs</li>
+    </ul>
+  </li>
+</ul>
+
+<h3 id="57-insufficient-logging-and-monitoring">5.7 Insufficient Logging and Monitoring</h3>
+<ul>
+  <li>
+<strong>Threat:</strong> Attacks go undetected</li>
+  <li>
+<strong>Mitigations:</strong>
+    <ul>
+      <li>Log security-relevant events (without sensitive data)</li>
+      <li>Monitor for suspicious activity</li>
+    </ul>
+  </li>
+</ul>
+
+<h2 id="6-assumptions">6. Assumptions</h2>
+<ul>
+  <li>The gem is used in a secure environment with up-to-date Ruby and dependencies</li>
+  <li>End-users are responsible for secure configuration and deployment</li>
+</ul>
+
+<h2 id="7-out-of-scope">7. Out of Scope</h2>
+<ul>
+  <li>Security of external OAuth providers</li>
+  <li>Application-level business logic</li>
+</ul>
+
+<h2 id="8-references">8. References</h2>
+<ul>
+  <li><a href="https://tools.ietf.org/html/rfc6819">OAuth 2.0 Threat Model and Security Considerations (RFC 6819)</a></li>
+  <li><a href="https://owasp.org/www-project-top-ten/">OWASP Top Ten</a></li>
+</ul>
+
+<hr>
+<p>This outline should be reviewed and updated regularly as the project evolves.</p>
+</div></div>
+
+      <div id="footer">
+  Generated on Thu Sep 25 11:50:27 2025 by
+  <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
+  0.9.37 (ruby-3.4.5).
+</div>
+
+    </div>
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 5b4ea704..e6fc7b16 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index 36909ab7..24436d9e 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.client.html b/docs/file.client.html
index 05e0a9ec..c9691758 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.error.html b/docs/file.error.html
index 2d42cc43..0934c7fd 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index c9d17c11..3b36819a 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index c7402d40..b00e56e9 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index 4d374ab8..11369457 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index ba1fdecd..c691479c 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index 122a6b38..6119b737 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
index 5c6374e8..39830f8f 100644
--- a/docs/file.oauth2-2.0.14.gem.html
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -61,7 +61,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.oauth2-2.0.15.gem.html b/docs/file.oauth2-2.0.15.gem.html
index c36a51d9..af525d3c 100644
--- a/docs/file.oauth2-2.0.15.gem.html
+++ b/docs/file.oauth2-2.0.15.gem.html
@@ -61,7 +61,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.oauth2-2.0.16.gem.html b/docs/file.oauth2-2.0.16.gem.html
index 51482042..70c1903d 100644
--- a/docs/file.oauth2-2.0.16.gem.html
+++ b/docs/file.oauth2-2.0.16.gem.html
@@ -61,7 +61,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.oauth2-2.0.17.gem.html b/docs/file.oauth2-2.0.17.gem.html
index 14f91e33..555bded1 100644
--- a/docs/file.oauth2-2.0.17.gem.html
+++ b/docs/file.oauth2-2.0.17.gem.html
@@ -61,7 +61,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index f18ae0ac..ca8fc1ff 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.response.html b/docs/file.response.html
index ead0732d..2966fd2c 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 13d2a1bc..94941ce1 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file.version.html b/docs/file.version.html
index 3f1b157d..3a21b7b8 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/file_list.html b/docs/file_list.html
index bbcfd557..883a283c 100644
--- a/docs/file_list.html
+++ b/docs/file_list.html
@@ -92,142 +92,147 @@ <h1 id="full_list_header">File List</h1>
   </li>
   
 
-  <li id="object_LICENSE" class="even">
+  <li id="object_THREAT_MODEL" class="even">
+    <div class="item"><span class="object_link"><a href="file.THREAT_MODEL.html" title="THREAT_MODEL">THREAT_MODEL</a></span></div>
+  </li>
+  
+
+  <li id="object_LICENSE" class="odd">
     <div class="item"><span class="object_link"><a href="file.LICENSE.html" title="LICENSE">LICENSE</a></span></div>
   </li>
   
 
-  <li id="object_CITATION" class="odd">
+  <li id="object_CITATION" class="even">
     <div class="item"><span class="object_link"><a href="file.CITATION.html" title="CITATION">CITATION</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.10.gem" class="even">
+  <li id="object_oauth2-2.0.10.gem" class="odd">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.10.gem.html" title="oauth2-2.0.10.gem">oauth2-2.0.10.gem</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.11.gem" class="odd">
+  <li id="object_oauth2-2.0.11.gem" class="even">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.11.gem.html" title="oauth2-2.0.11.gem">oauth2-2.0.11.gem</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.12.gem" class="even">
+  <li id="object_oauth2-2.0.12.gem" class="odd">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.12.gem.html" title="oauth2-2.0.12.gem">oauth2-2.0.12.gem</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.13.gem" class="odd">
+  <li id="object_oauth2-2.0.13.gem" class="even">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.13.gem.html" title="oauth2-2.0.13.gem">oauth2-2.0.13.gem</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.14.gem" class="even">
+  <li id="object_oauth2-2.0.14.gem" class="odd">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.14.gem.html" title="oauth2-2.0.14.gem">oauth2-2.0.14.gem</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.15.gem" class="odd">
+  <li id="object_oauth2-2.0.15.gem" class="even">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.15.gem.html" title="oauth2-2.0.15.gem">oauth2-2.0.15.gem</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.16.gem" class="even">
+  <li id="object_oauth2-2.0.16.gem" class="odd">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.16.gem.html" title="oauth2-2.0.16.gem">oauth2-2.0.16.gem</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.17.gem" class="odd">
+  <li id="object_oauth2-2.0.17.gem" class="even">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.17.gem.html" title="oauth2-2.0.17.gem">oauth2-2.0.17.gem</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.10.gem" class="even">
+  <li id="object_oauth2-2.0.10.gem" class="odd">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.10.gem.html" title="oauth2-2.0.10.gem">oauth2-2.0.10.gem</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.11.gem" class="odd">
+  <li id="object_oauth2-2.0.11.gem" class="even">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.11.gem.html" title="oauth2-2.0.11.gem">oauth2-2.0.11.gem</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.12.gem" class="even">
+  <li id="object_oauth2-2.0.12.gem" class="odd">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.12.gem.html" title="oauth2-2.0.12.gem">oauth2-2.0.12.gem</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.13.gem" class="odd">
+  <li id="object_oauth2-2.0.13.gem" class="even">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.13.gem.html" title="oauth2-2.0.13.gem">oauth2-2.0.13.gem</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.14.gem" class="even">
+  <li id="object_oauth2-2.0.14.gem" class="odd">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.14.gem.html" title="oauth2-2.0.14.gem">oauth2-2.0.14.gem</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.15.gem" class="odd">
+  <li id="object_oauth2-2.0.15.gem" class="even">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.15.gem.html" title="oauth2-2.0.15.gem">oauth2-2.0.15.gem</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.16.gem" class="even">
+  <li id="object_oauth2-2.0.16.gem" class="odd">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.16.gem.html" title="oauth2-2.0.16.gem">oauth2-2.0.16.gem</a></span></div>
   </li>
   
 
-  <li id="object_oauth2-2.0.17.gem" class="odd">
+  <li id="object_oauth2-2.0.17.gem" class="even">
     <div class="item"><span class="object_link"><a href="file.oauth2-2.0.17.gem.html" title="oauth2-2.0.17.gem">oauth2-2.0.17.gem</a></span></div>
   </li>
   
 
-  <li id="object_REEK" class="even">
+  <li id="object_REEK" class="odd">
     <div class="item"><span class="object_link"><a href="file.REEK.html" title="REEK">REEK</a></span></div>
   </li>
   
 
-  <li id="object_access_token" class="odd">
+  <li id="object_access_token" class="even">
     <div class="item"><span class="object_link"><a href="file.access_token.html" title="access_token">access_token</a></span></div>
   </li>
   
 
-  <li id="object_authenticator" class="even">
+  <li id="object_authenticator" class="odd">
     <div class="item"><span class="object_link"><a href="file.authenticator.html" title="authenticator">authenticator</a></span></div>
   </li>
   
 
-  <li id="object_client" class="odd">
+  <li id="object_client" class="even">
     <div class="item"><span class="object_link"><a href="file.client.html" title="client">client</a></span></div>
   </li>
   
 
-  <li id="object_error" class="even">
+  <li id="object_error" class="odd">
     <div class="item"><span class="object_link"><a href="file.error.html" title="error">error</a></span></div>
   </li>
   
 
-  <li id="object_filtered_attributes" class="odd">
+  <li id="object_filtered_attributes" class="even">
     <div class="item"><span class="object_link"><a href="file.filtered_attributes.html" title="filtered_attributes">filtered_attributes</a></span></div>
   </li>
   
 
-  <li id="object_response" class="even">
+  <li id="object_response" class="odd">
     <div class="item"><span class="object_link"><a href="file.response.html" title="response">response</a></span></div>
   </li>
   
 
-  <li id="object_strategy" class="odd">
+  <li id="object_strategy" class="even">
     <div class="item"><span class="object_link"><a href="file.strategy.html" title="strategy">strategy</a></span></div>
   </li>
   
 
-  <li id="object_version" class="even">
+  <li id="object_version" class="odd">
     <div class="item"><span class="object_link"><a href="file.version.html" title="version">version</a></span></div>
   </li>
   
 
-  <li id="object_oauth2" class="odd">
+  <li id="object_oauth2" class="even">
     <div class="item"><span class="object_link"><a href="file.oauth2.html" title="oauth2">oauth2</a></span></div>
   </li>
   
diff --git a/docs/index.html b/docs/index.html
index d57a8f07..aa7dfaf6 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -181,19 +181,19 @@ <h3 id="quick-examples">Quick Examples</h3>
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                        |
-|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] <br> [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                        |
-| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] <br> [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                          |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                       |
-| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] <br> [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                            |
-| Support &amp; Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                     |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                       |
-| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                        |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
-| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                |
-| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                    |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                 |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                                                                               |
+|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | ![JRuby 9.1 Compat][💎jruby-9.1i] ![JRuby 9.2 Compat][💎jruby-9.2i] ![JRuby 9.3 Compat][💎jruby-9.3i] <br> [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                                                                               |
+| Works with Truffle Ruby | ![Truffle Ruby 22.3 Compat][💎truby-22.3i] ![Truffle Ruby 23.0 Compat][💎truby-23.0i] <br> [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf]                                                                                                                                                                                                                                                                 |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                                                                              |
+| Works with MRI Ruby 2   | ![Ruby 2.2 Compat][💎ruby-2.2i] <br> [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                                                                                   |
+| Support &amp; Community     | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                            |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                                                                              |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog] [![GitLab Wiki][📜gl-wiki-img]][📜gl-wiki] [![GitHub Wiki][📜gh-wiki-img]][📜gh-wiki]                                                                                                                                                                                               |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![Compatible with Apache Software Projects: Verified by SkyWalking Eyes][📄license-compat-img]][📄license-compat] [![📄ilo-declaration-img]][📄ilo-declaration] [![Incident Response Plan][🔐irp-img]][🔐irp] [![Security Policy][🔐security-img]][🔐security] [![Threat Model][🔐threat-model-img]][🔐threat-model]  [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![Compatibility appraised by: appraisal2][💎appraisal2-img]][💎appraisal2]                                                                                                                                                                                                                       |
+| Maintainer 🎖️          | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                           |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                        |
 
 ### Compatibility
 
@@ -1377,7 +1377,7 @@ <h3 id="quick-examples">Quick Examples</h3>
 To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 
-For more see [SECURITY.md][🔐security] and [IRP.md][🔐irp].
+For more see [SECURITY.md][🔐security], [THREAT_MODEL.md][🔐threat-model], and [IRP.md][🔐irp].
 
 ## 🤝 Contributing
 
@@ -1701,7 +1701,9 @@ <h3 id="quick-examples">Quick Examples</h3>
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [🔐irp]: IRP.md
-[🔐irp-img]: https://img.shields.io/badge/irp-259D6C.svg?style=flat
+[🔐irp-img]: https://img.shields.io/badge/IRP-259D6C.svg?style=flat
+[🔐threat-model]: THREAT_MODEL.md
+[🔐threat-model-img]: https://img.shields.io/badge/threat-model-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
 [📄license]: LICENSE.txt
 [📄license-ref]: https://opensource.org/licenses/MIT
@@ -1733,7 +1735,7 @@ <h3 id="quick-examples">Quick Examples</h3>
 </div></div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:25 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index a62d59a0..0040754f 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ <h2>Defined Under Namespace</h2>
 </div>
 
       <div id="footer">
-  Generated on Thu Sep 25 08:47:26 2025 by
+  Generated on Thu Sep 25 11:50:27 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>