Releases · doorkeeper-gem/doorkeeper

[#1781] Honor handle_auth_errors :raise in AuthorizationsController#authorize_response
[#1795] Fix: detailed error 'insufficient_scope' in protected resources 403s
[#1797] Fix doorkeeper:db:cleanup rake task failure on PostgreSQL
[#1800] Set @grant_type in ClientCredentialsRequest and RefreshTokenRequest constructors so request.grant_type returns
the correct value in hooks like before_successful_strategy_response.
[#1802] Fix filter_parameters not applied when Doorkeeper.configure is called inside to_prepare.
[#1804] Use ActiveSupport.on_load(:active_record) in ORM hooks to prevent loading ActiveRecord models too early
[#1806] Fix token revocation bypass for public clients (RFC 7009)
[#1815] Expose current_resource_owner as a view helper in Doorkeeper::ApplicationController.
[#1818] Fix token introspection returning exp: 0 for non-expiring tokens.
[#1784] Remove hardcoded colons from view templates, move punctuation to i18n translation strings.

[IMPORTANT]: if you have customized Doorkeeper views (authorizations/new, authorizations/show,
applications/show) or overridden the default en.yml translations, you may need to update them.
Colons are no longer hardcoded in the views — they are now part of the translation strings.
Update the doorkeeper-i18n gem to get the
updated translations for all locales.
[#1820] Remove dead wildcard presence check in Scopes#dynamic_scope_match? (internal cleanup, no behavior change).
[#1822] Update Rubocop config, auto-corrections.
[#1823] Update Rubocop config, part 2.
[#1825] Update Rubocop config, part 3.
[#1821] Fix noisy Could not find command "no_previous_refresh_token_column?" Thor output during the
PreviousRefreshTokenGenerator spec by stubbing the underlying DB column check instead of the generator's
private method (test-only change).

[#1791] Add support for Rails read replicas with automatic role switching via enable_multiple_database_roles configuration option
[#1792] Consider expires_in when clear expired tokens with StaleRecordsCleaner.
[#1790] Fix race condition in refresh token revocation check by moving InvalidGrantReuse check inside the lock block
[#1788] Fix regex for basic auth to be case-insensitive
[#1775] Fix Applications Secret Not Null Constraint generator
[#1779] Only lock previous access token model when creating a new token from its refresh token if revoke_previous_refresh_token_on_use is false
[#1778] Ensure that token revocation is idempotent by checking that that token has not already been revoked before revoking.

[#1755] Fix the error message for force_pkce
[#1761] Memoize authentication failure
[#1762] Allow missing client to trigger invalid client error when force_pkce is enabled
[#1767] Make sure error handling happens on a controller level opposed to action level to account for the controller being extended

[#1752] Bump the range of supported Ruby and Rails versions
[#1747] Fix unknown pkce method error when configured
[#1744] Allow for expired refresh tokens to be revoked
[#1754] Fix refresh tokens with dynamic scopes

[#1739] Add support for dynamic scopes
[#1715] Fix token introspection invalid request reason
[#1714] Fix Doorkeeper::AccessToken.find_or_create_for with empty scopes which raises NoMethodError
[#1712] Add Pragma: no-cache to token response
[#1726] Refactor token introspection class.
[#1727] Allow to set null secret value for Applications if they are public.
[#1735] Add pkce_code_challenge_methods config option.

[#1705] Add force_pkce option that requires non-confidential clients to use PKCE when requesting an access_token using an authorization code

[#1696] Add missing #issued_token method to OAuth::TokenResponse
[#1697] Allow a TokenResponse body to be customized (memoize response body).
[#1702] Fix bugs for error response in the form_post and error view
[#1660] Custom access token attributes are now considered when finding matching tokens (fixes #1665). Introduce revoke_previous_client_credentials_token configuration option.

[#1691] Make new Doorkeeper errors backward compatible with older extensions.

[#1680] Fix handle_auth_errors :raise NotImplementedError

[#1662] Specify uri_redirect validation class explicitly.
[#1652] Add custom attributes support to token generator.
[#1667] Pass client instead of grant.application to find_or_create_access_token.
[#1673] Honor custom_access_token_attributes in client credentials grant flow.
[#1676] Improve AuthorizationsController error response handling
[#1677] Fix URIHelper.valid_for_authorization? breaking for non url URIs.

Uh oh!

Releases: doorkeeper-gem/doorkeeper

v5.9.1

Uh oh!

v.5.9.0

Uh oh!

v5.8.2

Uh oh!

v5.8.1

Uh oh!

v5.8.0

Uh oh!

v5.7.1

Uh oh!

v5.7.0

Uh oh!

v5.6.9

Uh oh!

v5.6.8

Uh oh!

v5.6.7

Uh oh!