Data

Tools

Indexes

Applications

Experiments

Ruby

A summary of data about the Ruby ecosystem.

Recent Releases of https://github.com/doorkeeper-gem/doorkeeper

https://github.com/doorkeeper-gem/doorkeeper -

  • [#1755] Fix the error message for force_pkce
  • [#1761] Memoize authentication failure
  • [#1762] Allow missing client to trigger invalid client error when force_pkce is enabled
  • [#1767] Make sure error handling happens on a controller level opposed to action level to account for the controller being extended

- Ruby
Published by nbulaj 11 months ago

https://github.com/doorkeeper-gem/doorkeeper - v5.8.1

  • [#1752] Bump the range of supported Ruby and Rails versions
  • [#1747] Fix unknown pkce method error when configured
  • [#1744] Allow for expired refresh tokens to be revoked
  • [#1754] Fix refresh tokens with dynamic scopes

- Ruby
Published by nbulaj about 1 year ago

https://github.com/doorkeeper-gem/doorkeeper - v5.8.0

  • [#1739] Add support for dynamic scopes
  • [#1715] Fix token introspection invalid request reason
  • [#1714] Fix Doorkeeper::AccessToken.find_or_create_for with empty scopes which raises NoMethodError
  • [#1712] Add Pragma: no-cache to token response
  • [#1726] Refactor token introspection class.
  • [#1727] Allow to set null secret value for Applications if they are public.
  • [#1735] Add pkce_code_challenge_methods config option.

- Ruby
Published by nbulaj over 1 year ago

https://github.com/doorkeeper-gem/doorkeeper - v5.7.1

  • [#1705] Add force_pkce option that requires non-confidential clients to use PKCE when requesting an access_token using an authorization code

- Ruby
Published by nbulaj over 1 year ago

https://github.com/doorkeeper-gem/doorkeeper - v5.7.0

  • [#1696] Add missing #issued_token method to OAuth::TokenResponse
  • [#1697] Allow a TokenResponse body to be customized (memoize response body).
  • [#1702] Fix bugs for error response in the form_post and error view
  • [#1660] Custom access token attributes are now considered when finding matching tokens (fixes #1665). Introduce revoke_previous_client_credentials_token configuration option.

- Ruby
Published by nbulaj almost 2 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.6.9

  • [#1691] Make new Doorkeeper errors backward compatible with older extensions.

- Ruby
Published by nbulaj about 2 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.6.8

  • [#1680] Fix handle_auth_errors :raise NotImplementedError

- Ruby
Published by nbulaj over 2 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.6.7

  • [#1662] Specify uri_redirect validation class explicitly.
  • [#1652] Add custom attributes support to token generator.
  • [#1667] Pass client instead of grant.application to find_or_create_access_token.
  • [#1673] Honor custom_access_token_attributes in client credentials grant flow.
  • [#1676] Improve AuthorizationsController error response handling
  • [#1677] Fix URIHelper.valid_for_authorization? breaking for non url URIs.

- Ruby
Published by nbulaj over 2 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.6.6

  • [#1644] Update HTTP headers.
  • [#1646] Block public clients automatic authorization skip.
  • [#1648] Add custom token attributes to Refresh Token Request.
  • [#1649] Fixed custom_access_token_attributes related errors.

- Ruby
Published by nbulaj almost 3 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.6.5

  • [#1602] Allow custom data to be stored inside access grants/tokens.
  • [#1634] Code refactoring for custom token attributes.
  • [#1639] Add grant type validation to avoid Internal Server Error for DELETE /oauth/authorize endpoint.

- Ruby
Published by nbulaj about 3 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.6.4

  • [#1633] Apply ORM configuration in #to_prepare block to avoid autoloading errors.

- Ruby
Published by nbulaj about 3 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.6.3

  • [#1622] Drop support for Rubies 2.5 and 2.6
  • [#1605] Fix URI validation for Ruby 3.2+.
  • [#1625] Exclude endless access tokens from StaleRecordsCleaner.
  • [#1626] Remove deprecated active_record_options config option.
  • [#1631] Fix regression with redirect behavior after token lookup optimizations (redirect to app URI when found).
  • [#1630] Special case unique index creation for refresh_token on SQL Server.
  • [#1627] Lazy evaluate Doorkeeper config when loading files and executing initializers.

- Ruby
Published by nbulaj about 3 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.6.2

  • [#1604] Fix fetching of the application when custom application_class defined.

- Ruby
Published by nbulaj over 3 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.6.1

  • [#1593] Add support for Trilogy ActiveRecord adapter.
  • [#1597] Add optional support to use the url path for the native authorization code flow. Ports forward [#1143] from 4.4.3
  • [#1599] Remove unnecessarily re-fetch of application object when creating an access token.

- Ruby
Published by nbulaj over 3 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.6.0

  • [#1581] Consider token_type_hint when searching for access token in TokensController to avoid extra database calls.

- Ruby
Published by nbulaj over 3 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.6.0.rc1

  • [#1551] Change lazy loading for ORM to be Ruby standard autoload.

  • [#1552] Remove duplicate IDs on Auth form to improve accessibility.

  • [#1542] Improve performance of Doorkeeper::AccessToken#matching_token_for using database specific SQL time math.

    [IMPORTANT]: API of the Doorkeeper::AccessToken#matching_token_for method has changed and now it returns
    only active access tokens (previously they were just not revoked). Please remember that the idea of the
    reuse_access_token option is to check for existing active token (see configuration option description).

- Ruby
Published by nbulaj about 4 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.5.4

  • [#1535] Revert changes introduced in #1528 to allow query params in redirect_uri as per the spec.

- Ruby
Published by nbulaj over 4 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.5.3

  • [#1528] Don't allow extra query params in redirect_uri.
  • [#1525] I18n source for forbidden token error is now doorkeeper.errors.messages.forbidden_token.missing_scope.
  • [#1531] Disable strict-loading for Doorkeeper models by default.
  • [#1532] Add support for Rails 7.

- Ruby
Published by nbulaj over 4 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.5.2

  • [#1502] Drop support for Ruby 2.4 because of EOL.
  • [#1504] Updated the url fragment in the comment for code documentation.
  • [#1512] Fix form behavior when response mode is form_post.
  • [#1511] Fix that authorization code is returned by fragment if response_mode is fragament.

- Ruby
Published by nbulaj over 4 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.5.1

  • [#1496] Revoke old_refresh_token if previous_refresh_token is present.
  • [#1495] Fix respond_to undefined in API-only mode
  • [#1488] Verify client authentication for Resource Owner Password Grant when
    config.skip_client_authentication_for_password_grant is set and the client credentials
    are sent in a HTTP Basic auth header.

- Ruby
Published by nbulaj almost 5 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.5.0

  • [#1482] Simplify TokenInfoController to be overridable (extract response rendering).
  • [#1478] Fix ownership association and Rake tasks when custom models configured.
  • [#1477] Respect ActiveRecord::Base.pluralize_table_names for Doorkeeper table names.

- Ruby
Published by nbulaj about 5 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.5.0.rc2

  • [#1473] Enable Applications and AuthorizedApplications controllers in API mode.

    [IMPORTANT] you can still skip these controllers using skip_controllers in
    use_doorkeeper inside routes.rb. Please do it in case you don't need them.

  • [#1472] Fix establish_connection configuration for custom defined models.

  • [#1471] Add support for Ruby 3.0.

  • [#1469] Check if redirect_uri exists.

  • [#1465] Memoize nil doorkeeper_token.

  • [#1459] Use built-in Ruby option to remove padding in PKCE code challenge value.

  • [#1457] Make owner_id a bigint for newly-generated owner migrations

  • [#1452] Empty previous_refresh_token only if present.

  • [#1440] Validate empty host in redirect_uri.

  • [#1438] Add form post response mode.

  • [#1458] Make config.skip_client_authentication_for_password_grant a long term configuration option.

- Ruby
Published by nbulaj about 5 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.5.0.rc1

  • [#1435] Make error response not redirectable when client is unauthorized

  • [#1426] Ensure ActiveRecord callbacks are executed on token revocation.

  • [#1407] Remove redundant and complex to support helpers froms tests (should_have_json, etc).

  • [#1416] Don't add introspection route if token introspection completely disabled.

  • [#1410] Properly memoize current_resource_owner value (consider nil and false values).

  • [#1415] Ignore PKCE params for non-PKCE grants.

  • [#1418] Add ability to register custom OAuth Grant Flows.

  • [#1420] Require client authentication for Resource Owner Password Grant as stated in OAuth RFC.

    [IMPORTANT] you need to create a new OAuth client (Doorkeeper::Application) if yoo didn't
    have it before and use client credentials in HTTP Basic auth if you previously used this grant
    flow without client authentication. For migration purposes you could enable
    skip_client_authentication_for_password_grant configuration option to true, but such behavior
    (as well as configuration option) would be completely removed in a future version of Doorkeeper.
    All the users of your provider application now need to include client credentials when they use
    this grant flow.

  • [#1421] Add Resource Owner instance to authorization hook context for custom_access_token_expires_in
    configuration option to allow resource owner based Access Tokens TTL.

- Ruby
Published by nbulaj over 5 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.4.0

  • [#1404] Make Doorkeeper::Application#read_attribute_for_serialization public.

- Ruby
Published by nbulaj almost 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.1.2

- Ruby
Published by nbulaj almost 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.2.6

- Ruby
Published by nbulaj almost 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.3.3

- Ruby
Published by nbulaj almost 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.0.3

  • [#1371] Backport: add #as_json method and attributes serialization restriction for Application model.
    Fixes information disclosure vulnerability (CVE-2020-10187).

- Ruby
Published by nbulaj almost 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.3.2

  • [#1371] Backport: Add #as_json method and attributes serialization restriction for Application model.
    Fixes information disclosure vulnerability (CVE-2020-10187).

- Ruby
Published by nbulaj almost 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.2.5

  • [#1371] Backport: Add #as_json method and attributes serialization restriction for Application model.
    Fixes information disclosure vulnerability (CVE-2020-10187).

- Ruby
Published by nbulaj almost 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.1.1

  • [#1371] Backport: Add #as_json method and attributes serialization restriction for Application model.
    Fixes information disclosure vulnerability (CVE-2020-10187).

- Ruby
Published by nbulaj almost 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.4.0.rc2

  • [#1371] Add #as_json method and attributes serialization restriction for Application model.
    Fixes information disclosure vulnerability (CVE-2020-10187).

    [IMPORTANT] you need to re-implement #as_json method for Doorkeeper Application model
    if you previously used #to_json serialization with custom options or attributes or rely on
    JSON response from /oauth/applications.json or /oauth/authorized_applications.json. This change
    is a breaking change which restricts serialized attributes to a very small set of columns.

  • [#1395] Fix NameError: uninitialized constant Doorkeeper::AccessToken for Rake tasks.

  • [#1397] Add as: :doorkeeper_application on Doorkeeper application form in order to support
    custom configured application model.

  • [#1400] Correctly yield the application instance to allow_grant_flow_for_client? config
    option (fixes #1398).

  • [#1402] Handle trying authorization with client credentials.

- Ruby
Published by nbulaj almost 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.4.0.rc1

  • [#1366] Sets expiry of token generated using refresh_token to that of original token. (Fixes #1364)

  • [#1354] Add authorize_resource_owner_for_client option to authorize the calling user to access an application.

  • [#1355] Allow to enable polymorphic Resource Owner association for Access Token & Grant
    models (use_polymorphic_resource_owner configuration option).

    [IMPORTANT] Review your custom patches or extensions for Doorkeeper internals if you
    have such - since now Doorkeeper passes Resource Owner instance to every objects and not
    just it's ID. See PR description for details.

  • [#1356] Remove duplicated scopes from Access Tokens and Grants on attribute assignment.

  • [#1357] Fix Doorkeeper::OAuth::PreAuthorization#as_json method causing
    Stack level too deep error with AMS (fix #1312).

  • [#1358] Deprecate active_record_options configuration option.

  • [#1359] Refactor Doorkeeper configuration options DSL to make it easy to reuse it
    in external extensions.

  • [#1360] Increase matching_token_for lookup size to 10 000 and make it configurable.

  • [#1371] Fix controllers to use valid classes in case Doorkeeper has custom models configured.

  • [#1370] Fix revocation response for invalid token and unauthorized requests to conform with RFC 7009 (fixes #1362).

    [IMPORTANT] now fully according to RFC 7009 nobody can do a revocation request without client_id
    (for public clients) and client_secret (for private clients). Please update your apps to include that
    info in the revocation request payload.

  • [#1373] Make Doorkeeper routes mapper reusable in extensions.

  • [#1374] Revoke and issue client credentials token in a transaction with a row lock.

  • [#1384] Add context object with auth/pre_auth and issued_token for authorization hooks.

  • [#1387] Add AccessToken#create_for and use in RefreshTokenRequest.

  • [#1392] Fix enable_polymorphic_resource_owner migration template to have proper index name.

  • [#1393] Improve Applications #show page with more informative data on client secret and scopes.

  • [#1394] Use Ruby autoload feature to load Doorkeeper files.

- Ruby
Published by nbulaj almost 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.3.1

  • [#1360] Backport: Increase matching_token_for batch lookup size to 10 000 and make it configurable.

- Ruby
Published by nbulaj about 6 years ago

https://github.com/doorkeeper-gem/doorkeeper -

  • [#1360] Backport: Increase matching_token_for batch lookup size to 10 000 and make it configurable.

- Ruby
Published by nbulaj about 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.3.0

  • [#1339] Validate Resource Owner in PasswordAccessTokenRequest against nil and false values.

  • [#1341] Fix refresh_token_revoked_on_use with hash_token_secrets enabled.

  • [#1343] Fix ruby 2.7 kwargs warning in InvalidTokenResponse.

  • [#1345] Allow to set custom classes for Doorkeeper models, extract reusable AR mixins.

  • [#1346] Refactor Doorkeeper::Application#to_json into convenient #as_json (fix #1344).

  • [#1349] Fix Doorkeeper::Application AR associations using an incorrect foreign key name when using a custom class.

  • [#1318] Make existing token revocation for client credentials optional and disable it by default.

    [IMPORTANT] This is a change compared to the behaviour of version 5.2. If you were relying on access tokens being revoked once the same client requested a new access token, reenable it with revoke_previous_client_credentials_token in Doorkeeper initialization file.

- Ruby
Published by nbulaj about 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.2.3

  • [#1334] Remove application_secret flash helper and redirect_to keyword.
  • [#1331] Move redirect_uri_validator to where it is used (Application model).
  • [#1326] Move response_type check in pre_authorization to a method to be easily to override.
  • [#1329] Fix find_in_batches order warning.

- Ruby
Published by nbulaj about 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.2.2

  • [#1320] Call configured authenticate_resource_owner method once per request.
  • [#1315] Allow generation of new secret with Doorkeeper::Application#renew_secret.
  • [#1309] Allow Doorkeeper::Application#to_json to work without arguments.

- Ruby
Published by nbulaj over 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.2.1

  • [#1308] Fix flash types for api_only mode (no flashes for ActionController::API).
  • [#1306] Fix interpolation of missing_param i18n.

- Ruby
Published by nbulaj over 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.2.0

  • [#1305] Make Doorkeeper::ApplicationController to inherit from ActionController::API in cases when api_mode enabled (fixes #1302).

- Ruby
Published by nbulaj over 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.2.0.rc3

  • [#1298] Slice strong params so doesn't error with Rails forms.
  • [#1300] Limiting access to attributes of pre_authorization.
  • [#1296] Adding client_id to strong parameters.
  • [#1293] Move ar specific redirect uri validator to ar orm directory.
  • [#1288] Allow to pass attributes to the Doorkeeper::OAuth::PreAuthorization#as_json method to customize
    the PreAuthorization response.
  • [#1286] Add ability to customize grant flows per application (OAuth client) (#1245 , #1207)
  • [#1283] Allow to customize base class for Doorkeeper::ApplicationMetalController (new configuration
    option called base_metal_controller (fix #1273).
  • [#1277] Prevent requested scope be empty on authorization request, handle and add description for invalid request.

- Ruby
Published by nbulaj over 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.2.0.rc2

  • [#1270] Find matching tokens in batches for reuse_access_token option (fix #1193).
  • [#1271] Reintroduce existing token revocation for client credentials.
  • [#1269] Update initializer template documentation.
  • [#1266] Use strong parameters within pre-authorization.
  • [#1264] Add :before_successful_authorization and :after_successful_authorization hooks in TokensController
  • [#1263] Response properly when introspection fails and fix configurations's user guide.

- Ruby
Published by nbulaj over 6 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.2.0.rc1

  • [#1260], [#1262] Improve Token Introspection configuration option (access to tokens, client).
  • [#1257] Add constraint configuration when using client authentication on introspection endpoint.
  • [#1252] Returning unauthorized when the revocation of the token should not be performed due to wrong permissions.
  • [#1249] Specify case sensitive uniqueness to remove Rails 6 deprecation message
  • [#1248] Display the Application Secret in HTML after creating a new application even when hash_application_secrets is used.
  • [#1248] Return the unhashed Application Secret in the JSON response after creating new application even when hash_application_secrets is used.
  • [#1238] Better support for native app with support for custom scheme and localhost redirection.

- Ruby
Published by nbulaj almost 7 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.1.0

See Upgrade guides for migration to a new version.

  • [#1243]: Add nil check operator in token checking at token introspection.
  • [#1241] Explaining foreign key options for resource owner in a single place
  • [#1237] Allow to set blank redirect URI if Doorkeeper configured to use redirect URI-less grant flows.
  • [#1234] Fix StaleRecordsCleaner to properly work with big amount of records.
  • [#1228] Allow to explicitly set non-expiring tokens in custom_access_token_expires_in configuration
    option using Float::INIFINITY return value.
  • [#1224] Do not try to store token if not found by fallback hashing strategy.
  • [#1223] Update Hound/Rubocop rules, correct Doorkeeper codebase to follow style-guides.
  • [#1220] Drop Rails 4.2 & Ruby < 2.4 support.

- Ruby
Published by nbulaj almost 7 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.1.0.rc2

  • [#1208] Unify hashing implementation into secret storing strategies

    [IMPORTANT]: If you have been using the master branch of doorkeeper with bcrypt in your Gemfile.lock,
    your application secrets have been hashed using BCrypt. To restore this behavior, use the initializer option
    use_application_hashing using: 'Doorkeeper::SecretStoring::BCrypt.

  • [#1216] Add nil check to expires_at method.

  • [#1215] Fix deprecates for Rails 6.

  • [#1214] Scopes field accepts array.

  • [#1209] Fix tokens validation for Token Introspection request.

  • [#1202] Use correct HTTP status codes for error responses.

    [IMPORTANT]: this change might break your application if you were relying on the previous
    401 status codes, this is now a 400 by default, or a 401 for invalid_client and invalid_token errors.

  • [#1201] Fix custom TTL block client parameter to always be an Doorkeeper::Application instance.

    [IMPORTANT]: those who defined custom_access_token_expires_in configuration option need to check
    their block implementation: if you are using oauth_client.application to get Doorkeeper::Application
    instance, then you need to replace it with just oauth_client.

  • [#1200] Increase default Doorkeeper access token value complexity (urlsafe_base64 instead of just hex)
    matching RFC6749/RFC6750.

    [IMPORTANT]: this change have possible side-effects in case you have custom database constraints for
    access token value, application secrets, refresh tokens or you patched Doorkeeper models and introduced
    token value validations, or you are using database with case-insensitive WHERE clause like MySQL
    (you can face some collisions). Before this change access token value matched [a-f0-9] regex, and now
    it matches [a-zA-Z0-9\-_]. In case you have such restrictions and your don't use custom token generator
    please change configuration option default_generator_method to :hex.

  • [#1195] Allow to customize Token Introspection response (fixes #1194).

  • [#1189] Option to set token_reuse_limit.

  • [#1191] Try to load bcrypt for hashing of application secrets, but add fallback.

- Ruby
Published by nbulaj almost 7 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.1.0.rc1

  • [#1188] Use params instead of request.POST in tokens controller (fixes #1183).
  • [#1182] Fix loopback IP redirect URIs to conform with RFC8252, p. 7.3 (fixes #1170).
  • [#1179] Authorization Code Grant Flow without client id returns invalid_client error.
  • [#1177] Allow to limit scopes for certain grant_types
  • [#1176] Fix test factory support for factory_bot_rails
  • [#1175] Internal refactor: use scopes_string inside scopes.
  • [#1168] Allow optional hashing of tokens and secrets.
  • [#1164] Fix error when root_path is not defined.
  • [#1162] Fix enforce_content_type for requests without body.

- Ruby
Published by nbulaj about 7 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.0.2

  • [#1158] Fix initializer template: change handle_auth_errors option
  • [#1157] Remove redundant index from migration template.

- Ruby
Published by nbulaj over 7 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.0.1

  • [#1140] Allow rendering custom errors from exceptions (issue #844). Originally opened as [#944].
  • [#1138] Revert regression bug (check for token expiration in Authorizations controller so authorization
    triggers every time)
  • [#1149] Fix for URIChecker#valid_for_authorization? false negative when query is blank, but ? present.
  • [#1151] Fix Refresh Token strategy: add proper validation of client credentials both for Public & Private clients.
  • [#1152] Fix migration template: change resource owner data type from integer to Rails generic references
  • [#1154] Refactor StaleRecordsCleaner to be ORM agnostic.

- Ruby
Published by nbulaj over 7 years ago

https://github.com/doorkeeper-gem/doorkeeper - v4.4.3

- Ruby
Published by nbulaj over 7 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.0.0

  • [#1127] Change the token_type initials of the Banner Token to uppercase to comply with the RFC6750 specification.

- Ruby
Published by nbulaj over 7 years ago

https://github.com/doorkeeper-gem/doorkeeper - v4.4.2

  • [#1130] Backport fix for native redirect_uri from 5.x.

- Ruby
Published by nbulaj over 7 years ago

https://github.com/doorkeeper-gem/doorkeeper - v4.4.1

  • [#1127] Backport token type to comply with the RFC6750 specification.
  • [#1125] Backport Quote surround I18n yes/no keys

- Ruby
Published by nbulaj over 7 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.0.0.rc2

  • [#1106] Restrict access to AdminController with 'Forbidden 403' if admin_authenticator is not
    configured by developers..
  • [#1108] Simple formating of callback URLs when listing oauth applications
  • [#1116] AccessGrants will now be revoked along with AccessTokens when
    hitting the AuthorizedApplicationController#destroy route.
  • [#1114] Make token info endpoint's attributes consistent with token creation
  • [#1119] Fix token revocation for OAuth apps using "implicit" grant flow
  • [#1122] Fix AuthorizationsController#new error response to be in JSON format

- Ruby
Published by nbulaj over 7 years ago

https://github.com/doorkeeper-gem/doorkeeper - v4.4.0

  • [#1120] Backport security fix from 5.x for token revocation when using public clients

- Ruby
Published by nbulaj over 7 years ago

https://github.com/doorkeeper-gem/doorkeeper - v5.0.0.rc1

  • [#1103] Allow customizing use_refresh_token
  • [#1089] Removed enable_pkce_without_secret configuration option
  • [#1102] Expiration time based on scopes
  • [#1099] All the configuration variables in Doorkeeper.configuration now
    always return a non-nil value (true or false)
  • [#1099] ORM / Query optimization: Do not revoke the refresh token if it is not enabled
    in doorkeeper.rb
  • [#996] Expiration Time Base On Grant Type
  • [#997] Allow PKCE authorization_code flow as specified in RFC7636
  • [#907] Fix lookup for matching tokens in certain edge-cases
  • [#992] Add API option to use Doorkeeper without management views for API only
    Rails applications (api_only)
  • [#1045] Validate redirect_uri as the native URI when making authorization code requests
  • [#1048] Remove deprecated Doorkeeper#configured?, Doorkeeper#database_installed?, and
    Doorkeeper#installed? method
  • [#1031] Allow public clients to authenticate without client_secret. Define an app as
    either public or private/confidential
  • [#1010] Add configuration to enforce configured scopes (default_scopes and
    optional_scopes) for applications
  • [#1060] Ensure that the native redirect_uri parameter matches with redirect_uri of the client
  • [#1064] Add :before_successful_authorization and :after_successful_authorization hooks
  • [#1069] Upgrade Bootstrap to 4 for Admin
  • [#1068] Add rake task to cleanup databases that can become large over time
  • [#1072] AuthorizationsController: Memoize strategy.authorize_response result to enable
    subclasses to use the response object.
  • [#1075] Call before_successful_authorization and after_successful_authorization hooks
    on create action as well as new
  • [#1082] Fix #916: remember routes mapping and use it required places (fix error with
    customized Token Info route).
  • [#1086, #1088] Fix bug with receiving default scopes in the token even if they are
    not present in the application scopes (use scopes intersection).
  • [#1076] Add config to enforce content type to application/x-www-form-urlencoded
  • Fix bug with force_ssl_in_redirect_uri when it breaks existing applications with an
    SSL redirect_uri.

- Ruby
Published by nbulaj over 7 years ago

https://github.com/doorkeeper-gem/doorkeeper - v4.3.2

  • [#1053] Support authorizing with query params in the request redirect_uri if explicitly present in app's Application#redirect_uri

- Ruby
Published by nbulaj almost 8 years ago

https://github.com/doorkeeper-gem/doorkeeper - v4.3.1

  • Remove BaseRecord and introduce additional concern for ordering methods to fix
    braking changes for Doorkeeper models.
  • [#1032] Refactor BaseRequest callbacks into configurable lambdas
  • [#1040] Clear mixins from ActiveRecord DSL and save only overridable API. It
    allows to use this mixins in Doorkeeper ORM extensions with minimum code boilerplate.

- Ruby
Published by nbulaj about 8 years ago

https://github.com/doorkeeper-gem/doorkeeper - v4.2.6

  • [#970] Escape certain attributes in authorization forms.

- Ruby
Published by nbulaj about 8 years ago

https://github.com/doorkeeper-gem/doorkeeper - v4.3.0

  • [#976] Fix to invalidate the second redirect URI when the first URI is the native URI
  • [#1035] Allow Application#redirect_uri= to handle array of URIs.
  • [#1036] Allow to forbid Application redirect URI's with specific rules.
  • [#1029] Deprecate order_method and introduce ordered_by. Sort applications
    by created_at in index action.
  • [#1033] Allow Doorkeeper configuration option #force_ssl_in_redirect_uri to be a callable object.
  • Fix Grape integration & add specs for it
  • [#913] Deferred ORM (ActiveRecord) models loading
  • [#943] Fix Access Token token generation when certain errors occur in custom token generators
  • [#1026] Implement RFC7662 - OAuth 2.0 Token Introspection
  • [#985] Generate valid migration files for Rails >= 5
  • [#972] Replace Struct subclassing with block-form initialization
  • [#1003] Use URL query param to pass through native redirect auth code so automated apps can find it.
  • [#868] Scopes#& and Scopes#+ now take an array or any other enumerable
    object.
  • [#1019] Remove translation not in use: invalid_resource_owner.
  • Use Ruby 2 hash style syntax (min required Ruby version = 2.1)
  • [#948] Make Scopes.<=> work with any "other" value.
  • [#974] Redirect URI is checked without query params within AuthorizationCodeRequest.
  • [#1004] More explicit help text for native_redirect_uri.
  • [#1023] Update Ruby versions and test against 2.5.0 on Travis CI.
  • [#1024] Migrate from FactoryGirl to FactoryBot.
  • [#1025] Improve documentation for adding foreign keys
  • [#1028] Make it possible to have composit strategy names.

- Ruby
Published by nbulaj about 8 years ago

https://github.com/doorkeeper-gem/doorkeeper - v4.2.5

  • [#936] Deprecate Doorkeeper#configured?, Doorkeeper#database_installed?, and
    Doorkeeper#installed?
  • [#909] Add InvalidTokenResponse#reason reader method to allow read the kind
    of invalid token error.
  • [#928] Test against more recent Ruby versions
  • Small refactorings within the codebase
  • [#921] Switch to Appraisal, and test against Rails master
  • [#892] Add minimum Ruby version requirement

- Ruby
Published by maclover7 almost 9 years ago

https://github.com/doorkeeper-gem/doorkeeper -

  • Security fix: Address CVE-2016-6582, implement token revocation according to
    spec (tokens might not be revoked if client follows the spec).
  • [#873] Add hooks to Doorkeeper::ApplicationMetalController
  • [#871] Allow downstream users to better utilize doorkeeper spec factories by
    eliminating name conflict on :user factory.

- Ruby
Published by tute over 9 years ago

https://github.com/doorkeeper-gem/doorkeeper -

  • [#845] Allow customising the Doorkeeper::ApplicationController base controller

- Ruby
Published by tute over 9 years ago

https://github.com/doorkeeper-gem/doorkeeper -

[#834] Fix AssetNotPrecompiled error with Sprockets 4
[#843] Revert "Fix validation error messages"
[#847] Specify Null option to timestamps

- Ruby
Published by tute over 9 years ago

https://github.com/doorkeeper-gem/doorkeeper -

  • [#777] Add support for public client in password grant flow
  • [#823] Make configuration and specs ORM independent
  • [#745] Add created_at timestamp to token generation options
  • [#838] Drop Application#scopes generator and warning, introduced for
    upgrading doorkeeper from v2 to v3.
  • [#801] Fix Rails 5 warning messages
  • Test against Rails 5 RC1

- Ruby
Published by tute almost 10 years ago

https://github.com/doorkeeper-gem/doorkeeper -

  • [#769] Revoke refresh token on access token use. To make use of the new config
    add previous_refresh_token column to oauth_access_tokens:

    rails generate doorkeeper:previous_refresh_token

  • [#811] Toughen parameters filter with exact match

  • [#813] Applications admin bugfix

  • [#799] Fix Ruby Warnings

  • Drop attr_accessible from models

Backward incompatible changes

  • [#730] Force all timezones to use UTC to prevent comparison issues.
  • [#802] Remove config.i18n.fallbacks from engine

- Ruby
Published by tute almost 10 years ago

https://github.com/doorkeeper-gem/doorkeeper -

Backward incompatible changes

  • [#678] Change application-specific scopes to take precedence over server-wide
    scopes. This removes the previous behavior where the intersection between
    application and server scopes was used.
  • [#648] Extracts mongodb ORMs to
    https://github.com/doorkeeper-gem/doorkeeper-mongodb. If you use ActiveRecord
    you don’t need to do any change, otherwise you will need to install the new
    plugin.
  • [#665] doorkeeper_unauthorized_render_options(error:) and
    doorkeeper_forbidden_render_options(error:) now accept error keyword
    argument.

Other changes

  • [#671] Fixes NoMethodError - undefined method 'getlocal' when calling
    the /oauth/token path. Switch from using a DateTime object to update
    AR to using a Time object. (Issue #668)
  • [#677] Support editing application-specific scopes via the standard forms
  • [#682] Pass error hash to Grape error!
  • [#683] Generate application secret/UID if fields are blank strings
  • Removes doorkeeper_for deprecation notice.
  • Remove applications.scopes upgrade notice.

- Ruby
Published by tute almost 10 years ago

https://github.com/doorkeeper-gem/doorkeeper -

  • Fix optional belongs_to for Rails 5

- Ruby
Published by tute almost 10 years ago

https://github.com/doorkeeper-gem/doorkeeper -

Backward incompatible changes

  • Drops support for Rails 4.1 and earlier
  • Drops support for Ruby 2.0
  • [#778] Bug fix: use the remaining time that a token is still valid when
    building the redirect URI for the implicit grant flow

Other changes

  • [#771] Validation error messages fixes
  • Adds foreign key constraints in generated migrations between tokens and
    grants, and applications
  • Support Rails 5

- Ruby
Published by tute about 10 years ago

https://github.com/doorkeeper-gem/doorkeeper -

  • [#712] Wrap exchange of grant token for access token and access token refresh
    in transactions
  • [#704] Allow applications scopes to be mass assigned
  • [#707] Fixed order of Mixin inclusion and table_name configuration in models
  • [#712] Wrap access token and refresh grants in transactions
  • Adds JRuby support
  • Specs, views and documentation adjustments

- Ruby
Published by tute about 10 years ago

https://github.com/doorkeeper-gem/doorkeeper -

  • [#736] Existing valid tokens are now reused in client_credentials flow
  • [#749] Allow user to raise authorization error with custom messages.
    Under resource_owner_authenticator block a user can
    raise Doorkeeper::Errors::DoorkeeperError.new('custom_message')
  • [#762] Check doesn’t abort the actual migration, so it runs
  • [#722] doorkeeper_forbidden_render_options now supports returning a 404 by
    specifying respond_not_found_when_forbidden: true in the
    doorkeeper_forbidden_render_options method.
  • [#734] Simplify and remove duplication in request strategy classes

- Ruby
Published by tute about 10 years ago