Skip to content

v5.5.0.rc1

Pre-release
Pre-release
Compare
Choose a tag to compare
@nbulaj nbulaj released this 04 Aug 07:18
· 0 commits to master since this release
v5.5.0.rc1
e48cb8d
This commit was signed with the committer’s verified signature.
nbulaj Nikita Bulai
GPG key ID: 0FA6B29441C25112
Learn about vigilant mode.

  • [#1435] Make error response not redirectable when client is unauthorized

  • [#1426] Ensure ActiveRecord callbacks are executed on token revocation.

  • [#1407] Remove redundant and complex to support helpers froms tests (should_have_json, etc).

  • [#1416] Don't add introspection route if token introspection completely disabled.

  • [#1410] Properly memoize current_resource_owner value (consider nil and false values).

  • [#1415] Ignore PKCE params for non-PKCE grants.

  • [#1418] Add ability to register custom OAuth Grant Flows.

  • [#1420] Require client authentication for Resource Owner Password Grant as stated in OAuth RFC.

    [IMPORTANT] you need to create a new OAuth client (Doorkeeper::Application) if yoo didn't
    have it before and use client credentials in HTTP Basic auth if you previously used this grant
    flow without client authentication. For migration purposes you could enable
    skip_client_authentication_for_password_grant configuration option to true, but such behavior
    (as well as configuration option) would be completely removed in a future version of Doorkeeper.
    All the users of your provider application now need to include client credentials when they use
    this grant flow.

  • [#1421] Add Resource Owner instance to authorization hook context for custom_access_token_expires_in
    configuration option to allow resource owner based Access Tokens TTL.

Assets 2
Loading