Releases: doorkeeper-gem/doorkeeper
v5.3.1
v.5.2.4
v5.3.0
-
[#1339] Validate Resource Owner in
PasswordAccessTokenRequest
againstnil
andfalse
values. -
[#1341] Fix
refresh_token_revoked_on_use
withhash_token_secrets
enabled. -
[#1343] Fix ruby 2.7 kwargs warning in InvalidTokenResponse.
-
[#1345] Allow to set custom classes for Doorkeeper models, extract reusable AR mixins.
-
[#1346] Refactor
Doorkeeper::Application#to_json
into convenient#as_json
(fix #1344). -
[#1349] Fix
Doorkeeper::Application
AR associations using an incorrect foreign key name when using a custom class. -
[#1318] Make existing token revocation for client credentials optional and disable it by default.
[IMPORTANT] This is a change compared to the behaviour of version 5.2. If you were relying on access tokens being revoked once the same client requested a new access token, reenable it with
revoke_previous_client_credentials_token
in Doorkeeper initialization file.
v5.2.3
v5.2.2
v5.2.1
v5.2.0
v5.2.0.rc3
- [#1298] Slice strong params so doesn't error with Rails forms.
- [#1300] Limiting access to attributes of pre_authorization.
- [#1296] Adding client_id to strong parameters.
- [#1293] Move ar specific redirect uri validator to ar orm directory.
- [#1288] Allow to pass attributes to the
Doorkeeper::OAuth::PreAuthorization#as_json
method to customize
the PreAuthorization response. - [#1286] Add ability to customize grant flows per application (OAuth client) (#1245 , #1207)
- [#1283] Allow to customize base class for
Doorkeeper::ApplicationMetalController
(new configuration
option calledbase_metal_controller
(fix #1273). - [#1277] Prevent requested scope be empty on authorization request, handle and add description for invalid request.
v5.2.0.rc2
- [#1270] Find matching tokens in batches for reuse_access_token option (fix #1193).
- [#1271] Reintroduce existing token revocation for client credentials.
- [#1269] Update initializer template documentation.
- [#1266] Use strong parameters within pre-authorization.
- [#1264] Add :before_successful_authorization and :after_successful_authorization hooks in TokensController
- [#1263] Response properly when introspection fails and fix configurations's user guide.
v5.2.0.rc1
- [#1260], [#1262] Improve Token Introspection configuration option (access to tokens, client).
- [#1257] Add constraint configuration when using client authentication on introspection endpoint.
- [#1252] Returning
unauthorized
when the revocation of the token should not be performed due to wrong permissions. - [#1249] Specify case sensitive uniqueness to remove Rails 6 deprecation message
- [#1248] Display the Application Secret in HTML after creating a new application even when
hash_application_secrets
is used. - [#1248] Return the unhashed Application Secret in the JSON response after creating new application even when
hash_application_secrets
is used. - [#1238] Better support for native app with support for custom scheme and localhost redirection.