All Versions
99
Latest Version
Avg Release Cycle
61 days
Latest Release
-

Changelog History
Page 7

  • v2.1.3 Changes

    March 01, 2015
    • ๐Ÿ›  [#588] Fixes scopes_match? bug that skipped authorization form in some cases

  • v2.1.2 Changes

    February 25, 2015
    • โšก๏ธ [#574] Remove unused update authorization route.
    • ๐Ÿ”Š [#576] Filter out sensitive parameters from logs.
    • [#582] The Authorization HTTP header fields are now case insensitive.
    • ๐Ÿ›  [#583] Database connection bugfix in certain scenarios.
    • โœ… Testing improvements

  • v2.1.1 Changes

    February 06, 2015
    • Remove wildcard_redirect_url option
    • [#481] Customize token flow OAuth expirations with a config lambda
    • [#568] TokensController: Memoize strategy.authorize_response result to enable subclasses to use the response object.
    • ๐Ÿ”ง [#571] Fix database initialization issues in some configurations.
    • ๐Ÿ“š Documentation improvements

  • v2.1.0 Changes

    January 13, 2015
    • [#540] Include created_at in response.
    • [#538] Check application-level scopes in client_credentials and password flow.
    • ๐Ÿ›  [5596227] Check application scopes in AccessToken when present. Fixes a bug in doorkeeper 2.0.0 and 2.0.1 referring to application specific scopes.
    • [#534] Internationalizes doorkeeper views.
    • [#545] Ensure there is a connection to the database before checking for missing columns
    • [#546] Use Doorkeeper:: prefix when referencing Application to avoid possible application model name conflict.
    • โœ… [#538] Test with Rails ~> 4.2.

    Potentially backward incompatible changes

    • Enable by default authorization_code and client_credentials grant flows. Disables implicit and password grant flows by default.
    • ๐Ÿ›  [#510, #544, 722113f] Revoked refresh token response bugfix.

  • v2.0.1 Changes

    December 17, 2014
    • ๐Ÿ‘€ [#525, #526, #527] Fix ActiveRecord::NoDatabaseError on gem load.

  • v2.0.0 Changes

    December 16, 2014

    Backward incompatible changes

    • ๐Ÿšš [#448] Removes doorkeeper_for helper. Now we use before_action :doorkeeper_authorize!.
    • [#469] Allow client applications to restrict the set of allowable scopes. Fixes #317. oauth_applications relation needs a new scopes string column, non nullable, which defaults to an empty string. To add the column run:
      rails generate doorkeeper:application_scopes

    If youโ€™d rather do it by hand, your ActiveRecord migration should contain:

      add_column :oauth_applications, :scopes, :string, null: false, default: โ€˜โ€™

    โœ‚ Removed deprecations

    • Removes test_redirect_uri option. It is now called native_redirect_uri.
    • ๐Ÿšš [#446] Removes mount Doorkeeper::Engine. Now we use use_doorkeeper.

    Others

    • ๐ŸŽ [#484] Performance improvement - avoid performing order_by when not required.
    • [#450] When password is invalid in Password Credentials Grant, Doorkeeper returned 'invalid_resource_owner' instead of 'invalid_grant', as the spec declares. Fixes #444.
    • [#452] Allows revoked_at to be set in the future, for future expiry. Rationale: https://github.com/doorkeeper-gem/doorkeeper/pull/452#issuecomment-51431459
    • ๐Ÿ›  [#480] For Implicit grant flow, access tokens can now be reused. Fixes #421.
    • ๐Ÿ”จ [#491] Reworks of @jasl's #454 and #478. ORM refactor that allows doorkeeper to be extended more easily with unsupported ORMs. It also marks the boundaries between shared model code and ORM specifics inside of the gem.
    • โœ… [#496] Tests with Rails 4.2.
    • [#489] Adds force_ssl_in_redirect_uri to force the usage of the HTTPS protocol in non-native redirect uris.
    • [#516] SECURITY: Adds protect_from_forgery to Doorkeeper::ApplicationController
    • [#518] Fix random failures in mongodb.

  • v1.4.2 Changes

    March 02, 2015
    • ๐Ÿ”Š [#576] Filter out sensitive parameters from logs

  • v1.4.1 Changes

    December 17, 2014
    • [#516] SECURITY: Adds protect_from_forgery to Doorkeeper::ApplicationController

  • v1.4.0 Changes

    July 31, 2014
    • internals
      • [#427] Adds specs expectations.
      • [#428] Error response refactor.
      • [#417] Moves token validation into Access Token class.
      • [#439] Removes redundant module includes.
      • [#443] TokensController and TokenInfoController inherit from ActionController::Metal
    • ๐Ÿ› bug
      • [#418] fixes #243, requests with insufficient scope now respond 403 instead of 401. (API change)
      • [#438] fixes #398, native redirect for implicit token grant bug.
      • [#440] namespace fixes
    • โœจ enhancements
      • [#432] Keeps query parameters

  • v1.3.1 Changes

    July 06, 2014
    • โœจ enhancements
      • [#405] Adds facade to more easily get the token from a request in a route constraint.
      • [#415] Extend Doorkeeper TokenResponse with an after_successful_response callback that allows handling of response object.
    • internals
      • [#409] Deprecates test_redirect_uri in favor of native_redirect_uri. See discussion in: [#351].
      • [#411] Clean rspec deprecations. General test improvements.
      • [#412] rspec line width can go longer than 80 (hound CI config).
    • ๐Ÿ› bug
      • [#413] fixes #340, routing scope is now taken into account in redirect.
      • [#401] and [#425] application is not required any longer for access_token.