v5.6.3

• [#1622] Drop support for Rubies 2.5 and 2.6
• [#1605] Fix URI validation for Ruby 3.2+.
• [#1625] Exclude endless access tokens from StaleRecordsCleaner.
• [#1626] Remove deprecated active_record_options config option.
• [#1631] Fix regression with redirect behavior after token lookup optimizations (redirect to app URI when found).
• [#1630] Special case unique index creation for refresh_token on SQL Server.
• [#1627] Lazy evaluate Doorkeeper config when loading files and executing initializers.

v5.6.2

• [#1604] Fix fetching of the application when custom application_class defined.

v5.6.1

• [#1593] Add support for Trilogy ActiveRecord adapter.
• [#1597] Add optional support to use the url path for the native authorization code flow. Ports forward [#1143] from 4.4.3
• [#1599] Remove unnecessarily re-fetch of application object when creating an access token.

v5.6.0

• [#1581] Consider token_type_hint when searching for access token in TokensController to avoid extra database calls.

v5.6.0.rc1

• [#1551] Change lazy loading for ORM to be Ruby standard autoload.

• [#1552] Remove duplicate IDs on Auth form to improve accessibility.

• [#1542] Improve performance of Doorkeeper::AccessToken#matching_token_for using database specific SQL time math.

  [IMPORTANT]: API of the Doorkeeper::AccessToken#matching_token_for method has changed and now it returns
  only active access tokens (previously they were just not revoked). Please remember that the idea of the
  reuse_access_token option is to check for existing active token (see configuration option description).

v5.5.4

• [#1535] Revert changes introduced in #1528 to allow query params in redirect_uri as per the spec.

v5.5.3

• [#1528] Don't allow extra query params in redirect_uri.
• [#1525] I18n source for forbidden token error is now doorkeeper.errors.messages.forbidden_token.missing_scope.
• [#1531] Disable strict-loading for Doorkeeper models by default.
• [#1532] Add support for Rails 7.

v5.5.2

• [#1502] Drop support for Ruby 2.4 because of EOL.
• [#1504] Updated the url fragment in the comment for code documentation.
• [#1512] Fix form behavior when response mode is form_post.
• [#1511] Fix that authorization code is returned by fragment if response_mode is fragament.

v5.5.1

• [#1496] Revoke old_refresh_token if previous_refresh_token is present.
• [#1495] Fix respond_to undefined in API-only mode
• [#1488] Verify client authentication for Resource Owner Password Grant when
  config.skip_client_authentication_for_password_grant is set and the client credentials
  are sent in a HTTP Basic auth header.

v5.5.0

• [#1482] Simplify TokenInfoController to be overridable (extract response rendering).
• [#1478] Fix ownership association and Rake tasks when custom models configured.
• [#1477] Respect ActiveRecord::Base.pluralize_table_names for Doorkeeper table names.