Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
matching_token_for
batch lookup size to 10 000 and make it configurable.[#1339] Validate Resource Owner in PasswordAccessTokenRequest
against nil
and false
values.
[#1341] Fix refresh_token_revoked_on_use
with hash_token_secrets
enabled.
[#1343] Fix ruby 2.7 kwargs warning in InvalidTokenResponse.
[#1345] Allow to set custom classes for Doorkeeper models, extract reusable AR mixins.
[#1346] Refactor Doorkeeper::Application#to_json
into convenient #as_json
(fix #1344).
[#1349] Fix Doorkeeper::Application
AR associations using an incorrect foreign key name when using a custom class.
[#1318] Make existing token revocation for client credentials optional and disable it by default.
[IMPORTANT] This is a change compared to the behaviour of version 5.2. If you were relying on access tokens being revoked once the same client requested a new access token, reenable it with revoke_previous_client_credentials_token
in Doorkeeper initialization file.
application_secret
flash helper and redirect_to
keyword.Application
model).find_in_batches
order warning.authenticate_resource_owner
method once per request.Doorkeeper::Application#renew_secret
.Doorkeeper::Application#to_json
to work without arguments.api_only
mode (no flashes for ActionController::API
).missing_param
i18n.Doorkeeper::ApplicationController
to inherit from ActionController::API
in cases when api_mode
enabled (fixes #1302).Doorkeeper::OAuth::PreAuthorization#as_json
method to customize
the PreAuthorization response.Doorkeeper::ApplicationMetalController
(new configuration
option called base_metal_controller
(fix #1273).unauthorized
when the revocation of the token should not be performed due to wrong permissions.hash_application_secrets
is used.hash_application_secrets
is used.See Upgrade guides for migration to a new version.
StaleRecordsCleaner
to properly work with big amount of records.custom_access_token_expires_in
configuration
option using Float::INIFINITY
return value.