Skip to content

Releases: doorkeeper-gem/doorkeeper

v5.8.0

31 Oct 07:55
be58d6b
Compare
Choose a tag to compare
  • [#1739] Add support for dynamic scopes
  • [#1715] Fix token introspection invalid request reason
  • [#1714] Fix Doorkeeper::AccessToken.find_or_create_for with empty scopes which raises NoMethodError
  • [#1712] Add Pragma: no-cache to token response
  • [#1726] Refactor token introspection class.
  • [#1727] Allow to set null secret value for Applications if they are public.
  • [#1735] Add pkce_code_challenge_methods config option.

v5.7.1

25 Jun 14:54
1cd750b
Compare
Choose a tag to compare
  • [#1705] Add force_pkce option that requires non-confidential clients to use PKCE when requesting an access_token using an authorization code

v5.7.0

24 Apr 10:44
8626b85
Compare
Choose a tag to compare
  • [#1696] Add missing #issued_token method to OAuth::TokenResponse
  • [#1697] Allow a TokenResponse body to be customized (memoize response body).
  • [#1702] Fix bugs for error response in the form_post and error view
  • [#1660] Custom access token attributes are now considered when finding matching tokens (fixes #1665). Introduce revoke_previous_client_credentials_token configuration option.

v5.6.9

14 Feb 08:01
70e793b
Compare
Choose a tag to compare
  • [#1691] Make new Doorkeeper errors backward compatible with older extensions.

v5.6.8

01 Dec 16:03
c48fd2d
Compare
Choose a tag to compare
  • [#1680] Fix handle_auth_errors :raise NotImplementedError

v5.6.7

23 Nov 07:57
6692812
Compare
Choose a tag to compare
  • [#1662] Specify uri_redirect validation class explicitly.
  • [#1652] Add custom attributes support to token generator.
  • [#1667] Pass client instead of grant.application to find_or_create_access_token.
  • [#1673] Honor custom_access_token_attributes in client credentials grant flow.
  • [#1676] Improve AuthorizationsController error response handling
  • [#1677] Fix URIHelper.valid_for_authorization? breaking for non url URIs.

v5.6.6

29 Mar 07:20
986115c
Compare
Choose a tag to compare
  • [#1644] Update HTTP headers.
  • [#1646] Block public clients automatic authorization skip.
  • [#1648] Add custom token attributes to Refresh Token Request.
  • [#1649] Fixed custom_access_token_attributes related errors.

v5.6.5

22 Feb 09:01
dcce720
Compare
Choose a tag to compare
  • [#1602] Allow custom data to be stored inside access grants/tokens.
  • [#1634] Code refactoring for custom token attributes.
  • [#1639] Add grant type validation to avoid Internal Server Error for DELETE /oauth/authorize endpoint.

v5.6.4

31 Jan 07:24
3ad48e0
Compare
Choose a tag to compare
  • [#1633] Apply ORM configuration in #to_prepare block to avoid autoloading errors.

v5.6.3

30 Jan 12:01
6364c29
Compare
Choose a tag to compare
  • [#1622] Drop support for Rubies 2.5 and 2.6
  • [#1605] Fix URI validation for Ruby 3.2+.
  • [#1625] Exclude endless access tokens from StaleRecordsCleaner.
  • [#1626] Remove deprecated active_record_options config option.
  • [#1631] Fix regression with redirect behavior after token lookup optimizations (redirect to app URI when found).
  • [#1630] Special case unique index creation for refresh_token on SQL Server.
  • [#1627] Lazy evaluate Doorkeeper config when loading files and executing initializers.