Sourced from doorkeeper's releases.

v5.8.1

• #1752 Bump the range of supported Ruby and Rails versions
• #1747 Fix unknown pkce method error when configured
• #1744 Allow for expired refresh tokens to be revoked
• #1754 Fix refresh tokens with dynamic scopes

v5.8.0

• #1739 Add support for dynamic scopes
• #1715 Fix token introspection invalid request reason
• #1714 Fix Doorkeeper::AccessToken.find_or_create_for with empty scopes which raises NoMethodError
• #1712 Add Pragma: no-cache to token response
• #1726 Refactor token introspection class.
• #1727 Allow to set null secret value for Applications if they are public.
• #1735 Add pkce_code_challenge_methods config option.

v5.7.1

• #1705 Add force_pkce option that requires non-confidential clients to use PKCE when requesting an access_token using an authorization code

v5.7.0

• #1696 Add missing #issued_token method to OAuth::TokenResponse
• #1697 Allow a TokenResponse body to be customized (memoize response body).
• #1702 Fix bugs for error response in the form_post and error view
• #1660 Custom access token attributes are now considered when finding matching tokens (fixes #1665). Introduce revoke_previous_client_credentials_token configuration option.

v5.6.9

• #1691 Make new Doorkeeper errors backward compatible with older extensions.

v5.6.8

• #1680 Fix handle_auth_errors :raise NotImplementedError

v5.6.7

• #1662 Specify uri_redirect validation class explicitly.
• #1652 Add custom attributes support to token generator.
• #1667 Pass client instead of grant.application to find_or_create_access_token.
• #1673 Honor custom_access_token_attributes in client credentials grant flow.
• #1676 Improve AuthorizationsController error response handling
• #1677 Fix URIHelper.valid_for_authorization? breaking for non url URIs.

v5.6.6

• #1644 Update HTTP headers.
• #1646 Block public clients automatic authorization skip.
• #1648 Add custom token attributes to Refresh Token Request.
• #1649 Fixed custom_access_token_attributes related errors.

v5.6.5

• #1602 Allow custom data to be stored inside access grants/tokens.
• #1634 Code refactoring for custom token attributes.
• #1639 Add grant type validation to avoid Internal Server Error for DELETE /oauth/authorize endpoint.

v5.6.4

... (truncated)

Sourced from doorkeeper's changelog.

5.8.1

• #1752 Bump the range of supported Ruby and Rails versions
• #1747 Fix unknown pkce method error when configured
• #1744 Allow for expired refresh tokens to be revoked
• #1754 Fix refresh tokens with dynamic scopes

5.8.0

• #1739 Add support for dynamic scopes
• #1715 Fix token introspection invalid request reason
• #1714 Fix Doorkeeper::AccessToken.find_or_create_for with empty scopes which raises NoMethodError
• #1712 Add Pragma: no-cache to token response
• #1726 Refactor token introspection class.
• #1727 Allow to set null secret value for Applications if they are public.
• #1735 Add pkce_code_challenge_methods config option.

5.7.1

• #1705 Add force_pkce option that requires non-confidential clients to use PKCE when requesting an access_token using an authorization code

5.7.0

• #1696 Add missing #issued_token method to OAuth::TokenResponse
• #1697 Allow a TokenResponse body to be customized (memoize response body).
• #1702 Fix bugs for error response in the form_post and error view
• #1660 Custom access token attributes are now considered when finding matching tokens (fixes #1665). Introduce revoke_previous_client_credentials_token configuration option.

5.6.9

• #1691 Make new Doorkeeper errors backward compatible with older extensions.

5.6.8

• #1680 Fix handle_auth_errors :raise NotImplementedError

5.6.7

• #1662 Specify uri_redirect validation class explicitly.
• #1652 Add custom attributes support to token generator.
• #1667 Pass client instead of grant.application to find_or_create_access_token.
• #1673 Honor custom_access_token_attributes in client credentials grant flow.
• #1676 Improve AuthorizationsController error response handling
• #1677 Fix URIHelper.valid_for_authorization? breaking for non url URIs.

5.6.6

• #1644 Update HTTP headers.
• #1646 Block public clients automatic authorization skip.

... (truncated)

Sourced from doorkeeper's upgrade guide.

See Upgrade Guides in the project Wiki.

• 0f0b6aa Release 5.8.1 🎉
• 36e41c1 Merge pull request #1754 from stanhu/sh-fix-refresh-token-with-dynamic-scopes
• e2b8dab Fix refresh tokens with dynamic scopes
• 9e91717 Merge pull request #1744 from ransombriggs/allow-refresh-tokens-to-be-revoked...
• d07cf32 Merge pull request #1752 from naitoh/add-rails-8.0-to-testing-matrix
• eab3e3b Allow for expired refresh tokens to be revoked
• 6cc750b Bump the range of supported Ruby and Rails versions
• 841a11e Merge pull request #1748 from doorkeeper-gem/dependabot/bundler/rails-gte-6.0...
• 97bccb7 Merge pull request #1750 from andrew/patch-1
• 29c8fe9 Add funding_uri to gemspec
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)