diff -Nru ruby-rack-oauth2-1.9.2/debian/changelog ruby-rack-oauth2-1.9.3/debian/changelog
--- ruby-rack-oauth2-1.9.2/debian/changelog	2018-08-28 12:38:48.000000000 +0000
+++ ruby-rack-oauth2-1.9.3/debian/changelog	2019-09-02 18:48:55.000000000 +0000
@@ -1,3 +1,23 @@
+ruby-rack-oauth2 (1.9.3-2) unstable; urgency=medium
+
+  * Team upload
+  * Re-upload to unstable
+  * Add salsa-ci.yml
+  * Bump Standards-Version to 4.4.0
+  * Bump debhelper-compat to 12
+
+ -- Utkarsh Gupta <guptautkarsh2102@gmail.com>  Tue, 03 Sep 2019 00:18:55 +0530
+
+ruby-rack-oauth2 (1.9.3-1) experimental; urgency=medium
+
+  * Team upload
+  * New upstream version 1.9.3
+  * Bump Standards-Version to 4.3.0 (no changes needed)
+  * Bump debhelper compatibility level to 11
+  * Update d/control and d/rules
+
+ -- Utkarsh Gupta <guptautkarsh2102@gmail.com>  Sat, 11 May 2019 21:15:13 +0530
+
 ruby-rack-oauth2 (1.9.2-1) experimental; urgency=medium
 
   * Team upload.
@@ -40,7 +60,7 @@
 ruby-rack-oauth2 (1.2.1-1) unstable; urgency=medium
 
   * Upstream update (Closes: #802132)
-  * Bump debhelper compatibility to 9 
+  * Bump debhelper compatibility to 9
 
  -- Balasankar C <balasankarc@autistici.org>  Thu, 19 Nov 2015 21:46:28 +0530
 
diff -Nru ruby-rack-oauth2-1.9.2/debian/compat ruby-rack-oauth2-1.9.3/debian/compat
--- ruby-rack-oauth2-1.9.2/debian/compat	2018-08-28 12:38:48.000000000 +0000
+++ ruby-rack-oauth2-1.9.3/debian/compat	1970-01-01 00:00:00.000000000 +0000
@@ -1 +0,0 @@
-11
diff -Nru ruby-rack-oauth2-1.9.2/debian/control ruby-rack-oauth2-1.9.3/debian/control
--- ruby-rack-oauth2-1.9.2/debian/control	2018-08-28 12:38:48.000000000 +0000
+++ ruby-rack-oauth2-1.9.3/debian/control	2019-09-02 18:48:55.000000000 +0000
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
 Uploaders: Balasankar C <balasankarc@autistici.org>
-Build-Depends: debhelper (>= 11),
+Build-Depends: debhelper-compat (= 12),
                gem2deb,
                rake,
                ruby-activesupport (>= 2.3),
@@ -15,7 +15,7 @@
                ruby-rspec,
                ruby-rspec-its,
                ruby-webmock
-Standards-Version: 4.2.1
+Standards-Version: 4.4.0
 Vcs-Git: https://salsa.debian.org/ruby-team/ruby-rack-oauth2.git
 Vcs-Browser: https://salsa.debian.org/ruby-team/ruby-rack-oauth2
 Homepage: https://github.com/nov/rack-oauth2
@@ -32,8 +32,7 @@
          ruby-json-jwt (>= 1.9.0),
          ruby-multi-json (>= 1.3.6),
          ruby-rack (>= 1.1),
-         ${misc:Depends},
-         ${shlibs:Depends}
+         ${misc:Depends}
 Description: Rack interface for an OAuth 2.0
  This gem provides a Rack interface for an OAuth 2.0 Server & Client Library.
  It supports both Bearer and MAC token types. Rack provides a minimal, modular,
diff -Nru ruby-rack-oauth2-1.9.2/debian/rules ruby-rack-oauth2-1.9.3/debian/rules
--- ruby-rack-oauth2-1.9.2/debian/rules	2018-08-28 12:38:48.000000000 +0000
+++ ruby-rack-oauth2-1.9.3/debian/rules	2019-09-02 18:48:14.000000000 +0000
@@ -5,4 +5,3 @@
 
 %:
 	dh $@ --buildsystem=ruby --with ruby
-
diff -Nru ruby-rack-oauth2-1.9.2/debian/salsa-ci.yml ruby-rack-oauth2-1.9.3/debian/salsa-ci.yml
--- ruby-rack-oauth2-1.9.2/debian/salsa-ci.yml	1970-01-01 00:00:00.000000000 +0000
+++ ruby-rack-oauth2-1.9.3/debian/salsa-ci.yml	2019-09-02 18:48:14.000000000 +0000
@@ -0,0 +1,4 @@
+---
+include:
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
diff -Nru ruby-rack-oauth2-1.9.2/lib/rack/oauth2/access_token/bearer.rb ruby-rack-oauth2-1.9.3/lib/rack/oauth2/access_token/bearer.rb
--- ruby-rack-oauth2-1.9.2/lib/rack/oauth2/access_token/bearer.rb	2018-08-28 12:26:21.000000000 +0000
+++ ruby-rack-oauth2-1.9.3/lib/rack/oauth2/access_token/bearer.rb	2018-12-26 05:36:30.000000000 +0000
@@ -5,7 +5,14 @@
         def authenticate(request)
           request.header["Authorization"] = "Bearer #{access_token}"
         end
+
+        def to_mtls(attributes = {})
+          (required_attributes + optional_attributes).each do |key|
+            attributes[key] = self.send(key)
+          end
+          MTLS.new attributes
+        end
       end
     end
   end
-end
\ No newline at end of file
+end
diff -Nru ruby-rack-oauth2-1.9.2/lib/rack/oauth2/access_token/mtls.rb ruby-rack-oauth2-1.9.3/lib/rack/oauth2/access_token/mtls.rb
--- ruby-rack-oauth2-1.9.2/lib/rack/oauth2/access_token/mtls.rb	1970-01-01 00:00:00.000000000 +0000
+++ ruby-rack-oauth2-1.9.3/lib/rack/oauth2/access_token/mtls.rb	2018-12-26 05:36:30.000000000 +0000
@@ -0,0 +1,16 @@
+module Rack
+  module OAuth2
+    class AccessToken
+      class MTLS < Bearer
+        attr_required :private_key, :certificate
+
+        def initialize(attributes = {})
+          super
+          self.token_type = :bearer
+          httpclient.ssl_config.client_key = private_key
+          httpclient.ssl_config.client_cert = certificate
+        end
+      end
+    end
+  end
+end
diff -Nru ruby-rack-oauth2-1.9.2/lib/rack/oauth2/access_token.rb ruby-rack-oauth2-1.9.3/lib/rack/oauth2/access_token.rb
--- ruby-rack-oauth2-1.9.2/lib/rack/oauth2/access_token.rb	2018-08-28 12:26:21.000000000 +0000
+++ ruby-rack-oauth2-1.9.3/lib/rack/oauth2/access_token.rb	2018-12-26 05:36:30.000000000 +0000
@@ -38,3 +38,4 @@
 require 'rack/oauth2/access_token/bearer'
 require 'rack/oauth2/access_token/mac'
 require 'rack/oauth2/access_token/legacy'
+require 'rack/oauth2/access_token/mtls'
diff -Nru ruby-rack-oauth2-1.9.2/lib/rack/oauth2/client.rb ruby-rack-oauth2-1.9.3/lib/rack/oauth2/client.rb
--- ruby-rack-oauth2-1.9.2/lib/rack/oauth2/client.rb	2018-08-28 12:26:21.000000000 +0000
+++ ruby-rack-oauth2-1.9.3/lib/rack/oauth2/client.rb	2018-12-26 05:36:30.000000000 +0000
@@ -3,7 +3,7 @@
     class Client
       include AttrRequired, AttrOptional
       attr_required :identifier
-      attr_optional :secret, :private_key, :redirect_uri, :scheme, :host, :port, :authorization_endpoint, :token_endpoint
+      attr_optional :secret, :private_key, :certificate, :redirect_uri, :scheme, :host, :port, :authorization_endpoint, :token_endpoint
 
       def initialize(attributes = {})
         (required_attributes + optional_attributes).each do |key|
@@ -70,6 +70,7 @@
 
       def access_token!(*args)
         headers, params = {}, @grant.as_json
+        http_client = Rack::OAuth2.http_client
 
         # NOTE:
         #  Using Array#estract_options! for backward compatibility.
@@ -106,6 +107,12 @@
           params.merge!(
             client_assertion_type: URN::ClientAssertionType::SAML2_BEARER
           )
+        when :mtls
+          params.merge!(
+            client_id: identifier
+          )
+          http_client.ssl_config.client_key = private_key
+          http_client.ssl_config.client_cert = certificate
         else
           params.merge!(
             client_id: identifier,
@@ -113,7 +120,7 @@
           )
         end
         handle_response do
-          Rack::OAuth2.http_client.post(
+          http_client.post(
             absolute_uri_for(token_endpoint),
             Util.compact_hash(params),
             headers
diff -Nru ruby-rack-oauth2-1.9.2/VERSION ruby-rack-oauth2-1.9.3/VERSION
--- ruby-rack-oauth2-1.9.2/VERSION	2018-08-28 12:26:21.000000000 +0000
+++ ruby-rack-oauth2-1.9.3/VERSION	2018-12-26 05:36:30.000000000 +0000
@@ -1 +1 @@
-1.9.2
\ No newline at end of file
+1.9.3