doorkeeper
https://github.com/doorkeeper-gem/doorkeeper
Ruby
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
3 Subscribers
Add a CodeTriage badge to doorkeeper
Help out
- Issues
- Doorkeeper's redirect_uri validation is not implemented according to specification
- Refresh Tokens as-implemented are susceptible to Refresh Token Reuse Attacks
- Access tokens should be revoked when multiple attempts are made to exchange the same authorization code
- Doorkeeper appears to be missing a way to validate client configuration before redirecting to the authentication page
- Make redirect_uri optional for Authorization request
- Different access grants return the same access token with `reuse_access_token` enabled
- Refreshing a token sending scopes separated by `+` does not work
- Doorkeeper::Errors::InvalidRedirectUri Raised When No Redirect URI Set
- Always requiring `redirect_uri` is not compliant to RFC 6749
- Better support for credential rotation
- Docs
- Doorkeeper::Rails::Routes#metadata_routes
- Doorkeeper::Config::Validations#validate_custom_metadata
- Doorkeeper::OAuth::MetadataResponse#config
- Doorkeeper::OAuth::MetadataResponse#headers
- Doorkeeper::OAuth::MetadataResponse#status
- Doorkeeper::OAuth::MetadataResponse#body
- Doorkeeper::OAuth::MetadataResponse#initialize
- Doorkeeper::OAuth::MetadataResponse#code_challenge_methods_supported
- Doorkeeper::OAuth::MetadataResponse#token_endpoint_auth_methods_supported
- Doorkeeper::OAuth::MetadataResponse#grant_types_supported