Changelog History
Page 1
-
v5.6.0 Changes
- [#1581] Consider
token_type_hint
when searching for access token in TokensController to avoid extra database calls.
- [#1581] Consider
-
v5.6.0.rc1 Changes
- ๐ [#1551] Change lazy loading for ORM to be Ruby standard autoload.
- ๐ [#1552] Remove duplicate IDs on Auth form to improve accessibility.
- [#1542] Improve performance of
Doorkeeper::AccessToken#matching_token_for
using database specific SQL time math.
[IMPORTANT]: API of the
Doorkeeper::AccessToken#matching_token_for
method has changed and now it returns only active access tokens (previously they were just not revoked). Please remember that the idea of thereuse_access_token
option is to check for existing active token (see configuration option description). -
v5.5.4 Changes
- โช [#1535] Revert changes introduced in #1528 to allow query params in
redirect_uri
as per the spec.
- โช [#1535] Revert changes introduced in #1528 to allow query params in
-
v5.5.3 Changes
- [#1528] Don't allow extra query params in redirect_uri.
- [#1525] I18n source for forbidden token error is now
doorkeeper.errors.messages.forbidden_token.missing_scope
. - 0๏ธโฃ [#1531] Disable
strict-loading
for Doorkeeper models by default. - ๐ [#1532] Add support for Rails 7.
-
v5.5.2 Changes
- ๐ [#1502] Drop support for Ruby 2.4 because of EOL.
- ๐ [#1504] Updated the url fragment in the comment for code documentation.
- [#1512] Fix form behavior when response mode is form_post.
- [#1511] Fix that authorization code is returned by fragment if response_mode is fragament.
-
v5.5.1 Changes
- [#1496] Revoke
old_refresh_token
ifprevious_refresh_token
is present. - [#1495] Fix
respond_to
undefined in API-only mode - [#1488] Verify client authentication for Resource Owner Password Grant when
config.skip_client_authentication_for_password_grant
is set and the client credentials are sent in a HTTP Basic auth header.
- [#1496] Revoke
-
v5.5.0 Changes
- [#1482] Simplify
TokenInfoController
to be overridable (extract response rendering). - ๐ง [#1478] Fix ownership association and Rake tasks when custom models configured.
- [#1477] Respect
ActiveRecord::Base.pluralize_table_names
for Doorkeeper table names.
- [#1482] Simplify
-
v5.5.0.rc2 Changes
- [#1473] Enable
Applications
andAuthorizedApplications
controllers in API mode.
[IMPORTANT] you can still skip these controllers using
skip_controllers
inuse_doorkeeper
insideroutes.rb
. Please do it in case you don't need them.- ๐ง [#1472] Fix
establish_connection
configuration for custom defined models. - ๐ [#1471] Add support for Ruby 3.0.
- [#1469] Check if
redirect_uri
exists. - [#1465] Memoize nil doorkeeper_token.
- ๐ [#1459] Use built-in Ruby option to remove padding in PKCE code challenge value.
- [#1457] Make owner_id a bigint for newly-generated owner migrations
- [#1452] Empty previous_refresh_token only if present.
- [#1440] Validate empty host in redirect_uri.
- [#1438] Add form post response mode.
- [#1458] Make
config.skip_client_authentication_for_password_grant
a long term configuration option.
- [#1473] Enable
-
v5.5.0.rc1 Changes
August 04, 2020[#1435] Make error response not redirectable when client is unauthorized
[#1426] Ensure ActiveRecord callbacks are executed on token revocation.
[#1407] Remove redundant and complex to support helpers froms tests (
should_have_json
, etc).[#1416] Don't add introspection route if token introspection completely disabled.
[#1410] Properly memoize
current_resource_owner
value (considernil
andfalse
values).[#1415] Ignore PKCE params for non-PKCE grants.
[#1418] Add ability to register custom OAuth Grant Flows.
[#1420] Require client authentication for Resource Owner Password Grant as stated in OAuth RFC.
[IMPORTANT] you need to create a new OAuth client (
Doorkeeper::Application
) if yoo didn't
have it before and use client credentials in HTTP Basic auth if you previously used this grant
flow without client authentication. For migration purposes you could enable
skip_client_authentication_for_password_grant
configuration option totrue
, but such behavior
๐ง (as well as configuration option) would be completely removed in a future version of Doorkeeper.
All the users of your provider application now need to include client credentials when they use
this grant flow.[#1421] Add Resource Owner instance to authorization hook context for
custom_access_token_expires_in
๐ง configuration option to allow resource owner based Access Tokens TTL. -
v5.4.0 Changes
May 11, 2020- [#1404] Make
Doorkeeper::Application#read_attribute_for_serialization
public.
- [#1404] Make