Doorkeeper v5.4.0.rc1 Release Notes
Release Date: 2020-04-08 // about 4 years ago-
๐ [#1366] Sets expiry of token generated using
refresh_token
to that of original token. (Fixes #1364)[#1354] Add
authorize_resource_owner_for_client
option to authorize the calling user to access an application.[#1355] Allow to enable polymorphic Resource Owner association for Access Token & Grant
models (use_polymorphic_resource_owner
configuration option).[IMPORTANT] Review your custom patches or extensions for Doorkeeper internals if you
have such - since now Doorkeeper passes Resource Owner instance to every objects and not
๐ just it's ID. See PR description for details.๐ [#1356] Remove duplicated scopes from Access Tokens and Grants on attribute assignment.
[#1357] Fix
Doorkeeper::OAuth::PreAuthorization#as_json
method causing
Stack level too deep
error with AMS (fix #1312).[#1358] Deprecate
active_record_options
configuration option.๐จ [#1359] Refactor Doorkeeper configuration options DSL to make it easy to reuse it
in external extensions.[#1360] Increase
matching_token_for
lookup size to 10 000 and make it configurable.๐ง [#1371] Fix controllers to use valid classes in case Doorkeeper has custom models configured.
๐ [#1370] Fix revocation response for invalid token and unauthorized requests to conform with RFC 7009 (fixes #1362).
[IMPORTANT] now fully according to RFC 7009 nobody can do a revocation request without
client_id
โก๏ธ (for public clients) andclient_secret
(for private clients). Please update your apps to include that
๐ฐ info in the revocation request payload.[#1373] Make Doorkeeper routes mapper reusable in extensions.
๐ [#1374] Revoke and issue client credentials token in a transaction with a row lock.
[#1384] Add context object with auth/pre_auth and issued_token for authorization hooks.
[#1387] Add
AccessToken#create_for
and use inRefreshTokenRequest
.[#1392] Fix
enable_polymorphic_resource_owner
migration template to have proper index name.[#1393] Improve Applications #show page with more informative data on client secret and scopes.
๐ [#1394] Use Ruby
autoload
feature to load Doorkeeper files.