doorkeeper
https://github.com/doorkeeper-gem/doorkeeper
Ruby
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
3 Subscribers
Add a CodeTriage badge to doorkeeper
Help out
- Issues
- Issue: Configuring Active Record to Use Different Base Classes for Sharded and Non-Sharded Models
- Introspecting a token should behave the same wrt "revoke on use"
- How to implement using multi-database like Makara
- Refresh token not issued when multiple scopes are requested
- There is no way to refresh an access token without revoking the previous access token
- Support for RFC 9207 - OAuth 2.0 Authorization Server Issuer Identification
- Doorkeeper's redirect_uri validation is not implemented according to specification
- Refresh Tokens as-implemented are susceptible to Refresh Token Reuse Attacks
- Access tokens should be revoked when multiple attempts are made to exchange the same authorization code
- Doorkeeper appears to be missing a way to validate client configuration before redirecting to the authentication page
- Docs
- Doorkeeper::Config::Builder#deprecated
- Doorkeeper::Config::Builder#client_authentication
- Doorkeeper::Config#client_authentication
- Doorkeeper::Config#client_authentication_methods
- Doorkeeper::Request.client_authentication_methods
- Doorkeeper::Request.client_authentication_method
- Doorkeeper::Server#client_authentication_method_for_request
- Doorkeeper::Config::Validations#validate_client_authentication_registered
- Doorkeeper::Config::Validations#validate_client_authentication_conflict
- Doorkeeper::ClientAuthentication.legacy_extractor_or_nil