Doorkeeper v5.5.0.rc1 Release NotesRelease Date: 2020-08-04 // about 2 years ago
[#1435] Make error response not redirectable when client is unauthorized
[#1426] Ensure ActiveRecord callbacks are executed on token revocation.
[#1407] Remove redundant and complex to support helpers froms tests (
[#1416] Don't add introspection route if token introspection completely disabled.
[#1410] Properly memoize
[#1415] Ignore PKCE params for non-PKCE grants.
[#1418] Add ability to register custom OAuth Grant Flows.
[#1420] Require client authentication for Resource Owner Password Grant as stated in OAuth RFC.
[IMPORTANT] you need to create a new OAuth client (
Doorkeeper::Application) if yoo didn't
have it before and use client credentials in HTTP Basic auth if you previously used this grant
flow without client authentication. For migration purposes you could enable
skip_client_authentication_for_password_grantconfiguration option to
true, but such behavior
🔧 (as well as configuration option) would be completely removed in a future version of Doorkeeper.
All the users of your provider application now need to include client credentials when they use
this grant flow.
[#1421] Add Resource Owner instance to authorization hook context for
🔧 configuration option to allow resource owner based Access Tokens TTL.