doorkeeper
https://github.com/doorkeeper-gem/doorkeeper
Ruby
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
3 Subscribers
Add a CodeTriage badge to doorkeeper
Help out
- Issues
- Refresh Tokens as-implemented are susceptible to Refresh Token Reuse Attacks
- Access tokens should be revoked when multiple attempts are made to exchange the same authorization code
- Doorkeeper appears to be missing a way to validate client configuration before redirecting to the authentication page
- Make redirect_uri optional for Authorization request
- Different access grants return the same access token with `reuse_access_token` enabled
- Refreshing a token sending scopes separated by `+` does not work
- Doorkeeper::Errors::InvalidRedirectUri Raised When No Redirect URI Set
- Always requiring `redirect_uri` is not compliant to RFC 6749
- Better support for credential rotation
- It is not possible to revoke refresh token bound to the expired access token
- Docs
- Doorkeeper::Config::Builder#deprecated
- Doorkeeper::Config::Builder#client_authentication
- Doorkeeper::Config#client_authentication
- Doorkeeper::Config#client_authentication_methods
- Doorkeeper::Request.client_authentication_methods
- Doorkeeper::Request.client_authentication_method
- Doorkeeper::Server#client_authentication_method_for_request
- Doorkeeper::Config::Validations#validate_client_authentication_registered
- Doorkeeper::Config::Validations#validate_client_authentication_conflict
- Doorkeeper::ClientAuthentication.legacy_extractor_or_nil