Doorkeeper v5.5.0.rc1 Release Notes

Release Date: 2020-08-04 // about 2 years ago

    [#1435] Make error response not redirectable when client is unauthorized

    [#1426] Ensure ActiveRecord callbacks are executed on token revocation.

    [#1407] Remove redundant and complex to support helpers froms tests (should_have_json, etc).

    [#1416] Don't add introspection route if token introspection completely disabled.

    [#1410] Properly memoize current_resource_owner value (consider nil and false values).

    [#1415] Ignore PKCE params for non-PKCE grants.

    [#1418] Add ability to register custom OAuth Grant Flows.

    [#1420] Require client authentication for Resource Owner Password Grant as stated in OAuth RFC.

    [IMPORTANT] you need to create a new OAuth client (Doorkeeper::Application) if yoo didn't
    have it before and use client credentials in HTTP Basic auth if you previously used this grant
    flow without client authentication. For migration purposes you could enable
    skip_client_authentication_for_password_grant configuration option to true, but such behavior
    🔧 (as well as configuration option) would be completely removed in a future version of Doorkeeper.
    All the users of your provider application now need to include client credentials when they use
    this grant flow.

    [#1421] Add Resource Owner instance to authorization hook context for custom_access_token_expires_in
    🔧 configuration option to allow resource owner based Access Tokens TTL.