v4.1.0

• [#845] Allow customising the Doorkeeper::ApplicationController base controller

v4.0.0

[#834] Fix AssetNotPrecompiled error with Sprockets 4
[#843] Revert "Fix validation error messages"
[#847] Specify Null option to timestamps

v4.0.0.rc4

• [#777] Add support for public client in password grant flow
• [#823] Make configuration and specs ORM independent
• [#745] Add created_at timestamp to token generation options
• [#838] Drop Application#scopes generator and warning, introduced for
  upgrading doorkeeper from v2 to v3.
• [#801] Fix Rails 5 warning messages
• Test against Rails 5 RC1

v4.0.0.rc3

• [#769] Revoke refresh token on access token use. To make use of the new config
  add previous_refresh_token column to oauth_access_tokens:

  rails generate doorkeeper:previous_refresh_token
  

• [#811] Toughen parameters filter with exact match

• [#813] Applications admin bugfix

• [#799] Fix Ruby Warnings

• Drop attr_accessible from models

Backward incompatible changes

• [#730] Force all timezones to use UTC to prevent comparison issues.
• [#802] Remove config.i18n.fallbacks from engine

v4.0.0.rc2

• Fix optional belongs_to for Rails 5

v4.0.0.rc1

Backward incompatible changes

• Drops support for Rails 4.1 and earlier
• Drops support for Ruby 2.0
• [#778] Bug fix: use the remaining time that a token is still valid when
  building the redirect URI for the implicit grant flow

Other changes

• [#771] Validation error messages fixes
• Adds foreign key constraints in generated migrations between tokens and
  grants, and applications
• Support Rails 5

v3.1.0

• [#736] Existing valid tokens are now reused in client_credentials flow
• [#749] Allow user to raise authorization error with custom messages.
  Under resource_owner_authenticator block a user can
  raise Doorkeeper::Errors::DoorkeeperError.new('custom_message')
• [#762] Check doesn’t abort the actual migration, so it runs
• [#722] doorkeeper_forbidden_render_options now supports returning a 404 by
  specifying respond_not_found_when_forbidden: true in the
  doorkeeper_forbidden_render_options method.
• [#734] Simplify and remove duplication in request strategy classes

v3.0.1

• [#712] Wrap exchange of grant token for access token and access token refresh
  in transactions
• [#704] Allow applications scopes to be mass assigned
• [#707] Fixed order of Mixin inclusion and table_name configuration in models
• [#712] Wrap access token and refresh grants in transactions
• Adds JRuby support
• Specs, views and documentation adjustments

v3.0.0: Release version 3.0.0.

Backward incompatible changes

• [#678] Change application-specific scopes to take precedence over server-wide
  scopes. This removes the previous behavior where the intersection between
  application and server scopes was used.
• [#648] Extracts mongodb ORMs to
  https://github.com/doorkeeper-gem/doorkeeper-mongodb. If you use ActiveRecord
  you don’t need to do any change, otherwise you will need to install the new
  plugin.
• [#665] doorkeeper_unauthorized_render_options(error:) and
  doorkeeper_forbidden_render_options(error:) now accept error keyword
  argument.

Other changes

• [#671] Fixes NoMethodError - undefined method 'getlocal' when calling
  the /oauth/token path. Switch from using a DateTime object to update
  AR to using a Time object. (Issue #668)
• [#677] Support editing application-specific scopes via the standard forms
• [#682] Pass error hash to Grape error!
• [#683] Generate application secret/UID if fields are blank strings
• Removes doorkeeper_for deprecation notice.
• Remove applications.scopes upgrade notice.