All Versions
95
Latest Version
Avg Release Cycle
61 days
Latest Release
-

Changelog History
Page 2

  • v5.3.1 Changes

    February 09, 2020
    • [#1360] Backport: Increase matching_token_for batch lookup size to 10 000 and make it configurable.
  • v5.3.0 Changes

    January 29, 2020

    [#1339] Validate Resource Owner in PasswordAccessTokenRequest against nil and false values.

    [#1341] Fix refresh_token_revoked_on_use with hash_token_secrets enabled.

    โš  [#1343] Fix ruby 2.7 kwargs warning in InvalidTokenResponse.

    [#1345] Allow to set custom classes for Doorkeeper models, extract reusable AR mixins.

    [#1346] Refactor Doorkeeper::Application#to_json into convenient #as_json (fix #1344).

    [#1349] Fix Doorkeeper::Application AR associations using an incorrect foreign key name when using a custom class.

    0๏ธโƒฃ [#1318] Make existing token revocation for client credentials optional and disable it by default.

    [IMPORTANT] This is a change compared to the behaviour of version 5.2. If you were relying on access tokens being revoked once the same client requested a new access token, reenable it with revoke_previous_client_credentials_token in Doorkeeper initialization file.

  • v5.2.6 Changes

    May 07, 2020
    • [#1404] Backport: Make Doorkeeper::Application#read_attribute_for_serialization public.
  • v5.2.5 Changes

    May 02, 2020
    • [#1371] Backport: Add #as_json method and attributes serialization restriction for Application model.
      ๐Ÿ›  Fixes information disclosure vulnerability (CVE-2020-10187).
  • v5.2.4 Changes

    February 09, 2020
    • [#1360] Backport: Increase matching_token_for batch lookup size to 10 000 and make it configurable.
  • v5.2.3 Changes

    December 12, 2019
    • [#1334] Remove application_secret flash helper and redirect_to keyword.
    • [#1331] Move redirect_uri_validator to where it is used (Application model).
    • [#1326] Move response_type check in pre_authorization to a method to be easily to override.
    • [#1329] Fix find_in_batches order warning.
  • v5.2.2 Changes

    November 10, 2019
    • [#1320] Call configured authenticate_resource_owner method once per request.
    • [#1315] Allow generation of new secret with Doorkeeper::Application#renew_secret.
    • [#1309] Allow Doorkeeper::Application#to_json to work without arguments.
  • v5.2.1 Changes

    September 17, 2019
    • [#1308] Fix flash types for api_only mode (no flashes for ActionController::API).
    • [#1306] Fix interpolation of missing_param i18n.
  • v5.2.0 Changes

    September 16, 2019
    • ๐Ÿ›  [#1305] Make Doorkeeper::ApplicationController to inherit from ActionController::API in cases when api_mode enabled (fixes #1302).
  • v5.2.0.rc3 Changes

    August 28, 2019
    • ๐Ÿš… [#1298] Slice strong params so doesn't error with Rails forms.
    • [#1300] Limiting access to attributes of pre_authorization.
    • [#1296] Adding client_id to strong parameters.
    • ๐Ÿšš [#1293] Move ar specific redirect uri validator to ar orm directory.
    • [#1288] Allow to pass attributes to the Doorkeeper::OAuth::PreAuthorization#as_json method to customize
      the PreAuthorization response.
    • [#1286] Add ability to customize grant flows per application (OAuth client) (#1245 , #1207)
    • ๐Ÿ”ง [#1283] Allow to customize base class for Doorkeeper::ApplicationMetalController (new configuration
      option called base_metal_controller (fix #1273).
    • [#1277] Prevent requested scope be empty on authorization request, handle and add description for invalid request.