Releases · doorkeeper-gem/doorkeeper

[#1791] Add support for Rails read replicas with automatic role switching via enable_multiple_database_roles configuration option
[#1792] Consider expires_in when clear expired tokens with StaleRecordsCleaner.
[#1790] Fix race condition in refresh token revocation check by moving InvalidGrantReuse check inside the lock block
[#1788] Fix regex for basic auth to be case-insensitive
[#1775] Fix Applications Secret Not Null Constraint generator
[#1779] Only lock previous access token model when creating a new token from its refresh token if revoke_previous_refresh_token_on_use is false
[#1778] Ensure that token revocation is idempotent by checking that that token has not already been revoked before revoking.

[#1755] Fix the error message for force_pkce
[#1761] Memoize authentication failure
[#1762] Allow missing client to trigger invalid client error when force_pkce is enabled
[#1767] Make sure error handling happens on a controller level opposed to action level to account for the controller being extended

[#1739] Add support for dynamic scopes
[#1715] Fix token introspection invalid request reason
[#1714] Fix Doorkeeper::AccessToken.find_or_create_for with empty scopes which raises NoMethodError
[#1712] Add Pragma: no-cache to token response
[#1726] Refactor token introspection class.
[#1727] Allow to set null secret value for Applications if they are public.
[#1735] Add pkce_code_challenge_methods config option.

[#1705] Add force_pkce option that requires non-confidential clients to use PKCE when requesting an access_token using an authorization code

[#1696] Add missing #issued_token method to OAuth::TokenResponse
[#1697] Allow a TokenResponse body to be customized (memoize response body).
[#1702] Fix bugs for error response in the form_post and error view
[#1660] Custom access token attributes are now considered when finding matching tokens (fixes #1665). Introduce revoke_previous_client_credentials_token configuration option.

[#1662] Specify uri_redirect validation class explicitly.
[#1652] Add custom attributes support to token generator.
[#1667] Pass client instead of grant.application to find_or_create_access_token.
[#1673] Honor custom_access_token_attributes in client credentials grant flow.
[#1676] Improve AuthorizationsController error response handling
[#1677] Fix URIHelper.valid_for_authorization? breaking for non url URIs.

Releases: doorkeeper-gem/doorkeeper