All Versions
99
Latest Version
Avg Release Cycle
61 days
Latest Release
-

Changelog History
Page 5

  • v4.4.0 Changes

    • ๐Ÿ”’ [#1120] Backport security fix from 5.x for token revocation when using public clients

    [IMPORTANT]: all the applications (clients) now are considered as private by default. You need to manually change confidential column to false if you are using public clients, in other case your mobile (or other) applications will not be able to authorize. See #1142 for more details.

  • v4.3.2 Changes

    • [#1053] Support authorizing with query params in the request redirect_uri if explicitly present in app's Application#redirect_uri

  • v4.3.1 Changes

    • โœ‚ Remove BaseRecord and introduce additional concern for ordering methods to fix braking changes for Doorkeeper models.
    • ๐Ÿ”จ [#1032] Refactor BaseRequest callbacks into configurable lambdas
    • [#1040] Clear mixins from ActiveRecord DSL and save only overridable API. It allows to use this mixins in Doorkeeper ORM extensions with minimum code boilerplate.

  • v4.3.0 Changes

    • [#976] Fix to invalidate the second redirect URI when the first URI is the native URI
    • [#1035] Allow Application#redirect_uri= to handle array of URIs.
    • [#1036] Allow to forbid Application redirect URI's with specific rules.
    • [#1029] Deprecate order_method and introduce ordered_by. Sort applications by created_at in index action.
    • [#1033] Allow Doorkeeper configuration option #force_ssl_in_redirect_uri to be a callable object.
    • ๐Ÿ›  Fix Grape integration & add specs for it
    • [#913] Deferred ORM (ActiveRecord) models loading
    • [#943] Fix Access Token token generation when certain errors occur in custom token generators
    • [#1026] Implement RFC7662 - OAuth 2.0 Token Introspection
    • ๐Ÿš… [#985] Generate valid migration files for Rails >= 5
    • [#972] Replace Struct subclassing with block-form initialization
    • [#1003] Use URL query param to pass through native redirect auth code so automated apps can find it.

    [IMPORTANT]: Previously authorization code response route was /oauth/authorize/<code>, now it is oauth/authorize/native?code=<code> (in order to help applications to automatically find the code value).

    • [#868] Scopes#& and Scopes#+ now take an array or any other enumerable object.
    • [#1019] Remove translation not in use: invalid_resource_owner.
    • ๐Ÿ’… Use Ruby 2 hash style syntax (min required Ruby version = 2.1)
    • [#948] Make Scopes.<=> work with any "other" value.
    • [#974] Redirect URI is checked without query params within AuthorizationCodeRequest.
    • [#1004] More explicit help text for native_redirect_uri.
    • โšก๏ธ [#1023] Update Ruby versions and test against 2.5.0 on Travis CI.
    • [#1024] Migrate from FactoryGirl to FactoryBot.
    • ๐Ÿ“š [#1025] Improve documentation for adding foreign keys
    • [#1028] Make it possible to have composite strategy names.

  • v4.2.6 Changes

    • [#970] Escape certain attributes in authorization forms.

  • v4.2.5 Changes

    • ๐Ÿ”ง [#936] Deprecate Doorkeeper#configured?, Doorkeeper#database_installed?, and Doorkeeper#installed?
    • [#909] Add InvalidTokenResponse#reason reader method to allow read the kind of invalid token error.
    • โœ… [#928] Test against more recent Ruby versions
    • ๐Ÿ”จ Small refactorings within the codebase
    • โœ… [#921] Switch to Appraisal, and test against Rails master
    • ๐Ÿ’Ž [#892] Add minimum Ruby version requirement

  • v4.2.0 Changes

    • ๐Ÿ”’ Security fix: Address CVE-2016-6582, implement token revocation according to spec (tokens might not be revoked if client follows the spec).
    • [#873] Add hooks to Doorkeeper::ApplicationMetalController
    • ๐Ÿ‘ [#871] Allow downstream users to better utilize doorkeeper spec factories by eliminating name conflict on :user factory.

  • v4.1.0 Changes

    • [#845] Allow customising the Doorkeeper::ApplicationController base controller

  • v4.0.0 Changes

    • [#834] Fix AssetNotPrecompiled error with Sprockets 4
    • โช [#843] Revert "Fix validation error messages"
    • [#847] Specify Null option to timestamps

  • v4.0.0.rc4 Changes

    • ๐Ÿ‘ [#777] Add support for public client in password grant flow
    • ๐Ÿ”ง [#823] Make configuration and specs ORM independent
    • [#745] Add created_at timestamp to token generation options
    • โš  [#838] Drop Application#scopes generator and warning, introduced for upgrading doorkeeper from v2 to v3.
    • โš  [#801] Fix Rails 5 warning messages
    • โœ… Test against Rails 5 RC1