doorkeeper 4.4.0 → 5.6.6

data/README.md

@@ -1,427 +1,155 @@
-# Doorkeeper - awesome OAuth 2 provider for your Rails app.
+# Doorkeeper — awesome OAuth 2 provider for your Rails / Grape app.
 
 [![Gem Version](https://badge.fury.io/rb/doorkeeper.svg)](https://rubygems.org/gems/doorkeeper)
-[![Build Status](https://travis-ci.org/doorkeeper-gem/doorkeeper.svg?branch=master)](https://travis-ci.org/doorkeeper-gem/doorkeeper)
-[![Dependency Status](https://gemnasium.com/doorkeeper-gem/doorkeeper.svg?travis)](https://gemnasium.com/doorkeeper-gem/doorkeeper)
+[![CI](https://github.com/doorkeeper-gem/doorkeeper/actions/workflows/ci.yml/badge.svg)](https://github.com/doorkeeper-gem/doorkeeper/actions/workflows/ci.yml)
 [![Code Climate](https://codeclimate.com/github/doorkeeper-gem/doorkeeper.svg)](https://codeclimate.com/github/doorkeeper-gem/doorkeeper)
-[![Coverage Status](https://coveralls.io/repos/github/doorkeeper-gem/doorkeeper/badge.svg?branch=master)](https://coveralls.io/github/doorkeeper-gem/doorkeeper?branch=master)
-[![Security](https://hakiri.io/github/doorkeeper-gem/doorkeeper/master.svg)](https://hakiri.io/github/doorkeeper-gem/doorkeeper/master)
+[![Coverage Status](https://coveralls.io/repos/github/doorkeeper-gem/doorkeeper/badge.svg?branch=main)](https://coveralls.io/github/doorkeeper-gem/doorkeeper?branch=main)
+[![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
+[![GuardRails badge](https://badges.guardrails.io/doorkeeper-gem/doorkeeper.svg?token=66768ce8f6995814df81f65a2cff40f739f688492704f973e62809e15599bb62)](https://dashboard.guardrails.io/default/gh/doorkeeper-gem/doorkeeper)
+[![Dependabot](https://img.shields.io/badge/dependabot-enabled-success.svg)](https://dependabot.com)
 
-Doorkeeper is a gem that makes it easy to introduce OAuth 2 provider
-functionality to your Rails or Grape application.
+Doorkeeper is a gem (Rails engine) that makes it easy to introduce OAuth 2 provider
+functionality to your Ruby on Rails or Grape application.
 
 Supported features:
 
-- [The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749)
-  - [Authorization Code Flow](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.1)
-  - [Access Token Scopes](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.3)
-  - [Refresh token](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-1.5)
-  - [Implicit grant](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.2)
-  - [Resource Owner Password Credentials](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.3)
-  - [Client Credentials](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.4)
-- [OAuth 2.0 Token Revocation](http://tools.ietf.org/html/rfc7009)
-- [OAuth 2.0 Token Introspection](https://tools.ietf.org/html/rfc7662)
-
-## Documentation valid for `master` branch
-
-Please check the documentation for the version of doorkeeper you are using in:
-https://github.com/doorkeeper-gem/doorkeeper/releases
-
-- See the [wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki)
-- For general questions, please post in [Stack Overflow](http://stackoverflow.com/questions/tagged/doorkeeper)
-- See [SECURITY.md](SECURITY.md) for this project's security disclose
-  policy
+- [The OAuth 2.0 Authorization Framework](https://datatracker.ietf.org/doc/html/rfc6749)
+  - [Authorization Code Flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1)
+  - [Access Token Scopes](https://datatracker.ietf.org/doc/html/rfc6749#section-3.3)
+  - [Refresh token](https://datatracker.ietf.org/doc/html/rfc6749#section-1.5)
+  - [Implicit grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.2)
+  - [Resource Owner Password Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.3)
+  - [Client Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4)
+- [OAuth 2.0 Token Revocation](https://datatracker.ietf.org/doc/html/rfc7009)
+- [OAuth 2.0 Token Introspection](https://datatracker.ietf.org/doc/html/rfc7662)
+- [OAuth 2.0 Threat Model and Security Considerations](https://datatracker.ietf.org/doc/html/rfc6819)
+- [OAuth 2.0 for Native Apps](https://datatracker.ietf.org/doc/html/rfc8252)
+- [Proof Key for Code Exchange by OAuth Public Clients](https://datatracker.ietf.org/doc/html/rfc7636)
 
 ## Table of Contents
 
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 
+
+- [Documentation](#documentation)
 - [Installation](#installation)
-- [Configuration](#configuration)
-  - [ORM](#orm)
-    - [Active Record](#active-record)
-    - [MongoDB](#mongodb)
-    - [Sequel](#sequel)
-    - [Couchbase](#couchbase)
-  - [Routes](#routes)
-  - [Authenticating](#authenticating)
-  - [Internationalization (I18n)](#internationalization-i18n)
-- [Protecting resources with OAuth (a.k.a your API endpoint)](#protecting-resources-with-oauth-aka-your-api-endpoint)
-  - [Ruby on Rails controllers](#ruby-on-rails-controllers)
-  - [Grape endpoints](#grape-endpoints)
-  - [Route Constraints and other integrations](#route-constraints-and-other-integrations)
-  - [Access Token Scopes](#access-token-scopes)
-  - [Custom Access Token Generator](#custom-access-token-generator)
-  - [Authenticated resource owner](#authenticated-resource-owner)
-  - [Applications list](#applications-list)
-- [Other customizations](#other-customizations)
-- [Testing](#testing)
-- [Upgrading](#upgrading)
+  - [Ruby on Rails](#ruby-on-rails)
+  - [Grape](#grape)
+- [ORMs](#orms)
+- [Extensions](#extensions)
+- [Example Applications](#example-applications)
+- [Tutorials](#tutorials)
+- [Sponsors](#sponsors)
 - [Development](#development)
 - [Contributing](#contributing)
-- [Other resources](#other-resources)
-  - [Wiki](#wiki)
-  - [Screencast](#screencast)
-  - [Client applications](#client-applications)
-  - [Contributors](#contributors)
-  - [IETF Standards](#ietf-standards)
-  - [License](#license)
+- [Contributors](#contributors)
+- [License](#license)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
-## Installation
-
-Put this in your Gemfile:
-
-``` ruby
-gem 'doorkeeper'
-```
-
-Run the installation generator with:
-
-    rails generate doorkeeper:install
-
-This will install the doorkeeper initializer into `config/initializers/doorkeeper.rb`.
-
-## Configuration
-
-### ORM
-
-#### Active Record
-
-By default doorkeeper is configured to use Active Record, so to start you have
-to generate the migration tables (supports Rails >= 5 migrations versioning):
-
-    rails generate doorkeeper:migration
-
-You may want to add foreign keys to your migration. For example, if you plan on
-using `User` as the resource owner, add the following line to the migration file
-for each table that includes a `resource_owner_id` column:
-
-```ruby
-add_foreign_key :table_name, :users, column: :resource_owner_id
-```
-
-Then run migrations:
-
-```sh
-rake db:migrate
-```
-
-Remember to add associations to your model so the related records are deleted.
-If you don't do this an `ActiveRecord::InvalidForeignKey`-error will be raised
-when you try to destroy a model with related access grants or access tokens.
-
-```ruby
-class User < ApplicationRecord
-  has_many :access_grants, class_name: "Doorkeeper::AccessGrant",
-                           foreign_key: :resource_owner_id,
-                           dependent: :delete_all # or :destroy if you need callbacks
-
-  has_many :access_tokens, class_name: "Doorkeeper::AccessToken",
-                           foreign_key: :resource_owner_id,
-                           dependent: :delete_all # or :destroy if you need callbacks
-end
-```
-
-#### MongoDB
-
-See [doorkeeper-mongodb project] for Mongoid and MongoMapper support. Follow along
-the implementation in that repository to extend doorkeeper with other ORMs.
-
-[doorkeeper-mongodb project]: https://github.com/doorkeeper-gem/doorkeeper-mongodb
-
-#### Sequel
-
-If you are using [Sequel gem] then you can add [doorkeeper-sequel extension] to your project.
-Follow configuration instructions for setting up the necessary Doorkeeper ORM.
-
-[Sequel gem]: https://github.com/jeremyevans/sequel/
-[doorkeeper-sequel extension]: https://github.com/nbulaj/doorkeeper-sequel
-
-#### Couchbase
-
-Use [doorkeeper-couchbase] extension if you are using Couchbase database.
-
-[doorkeeper-couchbase]: https://github.com/acaprojects/doorkeeper-couchbase
-
-### Routes
-
-The installation script will also automatically add the Doorkeeper routes into
-your app, like this:
-
-``` ruby
-Rails.application.routes.draw do
-  use_doorkeeper
-  # your routes
-end
-```
-
-This will mount following routes:
-
-    GET       /oauth/authorize/native?code
-    GET       /oauth/authorize
-    POST      /oauth/authorize
-    DELETE    /oauth/authorize
-    POST      /oauth/token
-    POST      /oauth/revoke
-    POST      /oauth/introspect
-    resources /oauth/applications
-    GET       /oauth/authorized_applications
-    DELETE    /oauth/authorized_applications/:id
-    GET       /oauth/token/info
-
-For more information on how to customize routes, check out [this page on the
-wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes).
-
-### Authenticating
-
-You need to configure Doorkeeper in order to provide `resource_owner` model
-and authentication block in `config/initializers/doorkeeper.rb`:
-
-``` ruby
-Doorkeeper.configure do
-  resource_owner_authenticator do
-    User.find_by(id: session[:current_user_id]) || redirect_to(login_url)
-  end
-end
-```
-
-This code is run in the context of your application so you have access to your
-models, session or routes helpers. However, since this code is not run in the
-context of your application's `ApplicationController` it doesn't have access to
-the methods defined over there.
-
-You may want to check other ways of authentication
-[here](https://github.com/doorkeeper-gem/doorkeeper/wiki/Authenticating-using-Clearance-or-DIY).
-
-### Internationalization (I18n)
-
-See language files in [the I18n repository](https://github.com/doorkeeper-gem/doorkeeper-i18n).
-
-## Protecting resources with OAuth (a.k.a your API endpoint)
-
-### Ruby on Rails controllers
-
-To protect your controllers (usual one or `ActionController::API`) with OAuth,
-you just need to setup `before_action`s specifying the actions you want to
-protect. For example:
-
-``` ruby
-class Api::V1::ProductsController < Api::V1::ApiController
-  before_action :doorkeeper_authorize! # Require access token for all actions
-
-  # your actions
-end
-```
+## Documentation
 
-You can pass any option `before_action` accepts, such as `if`, `only`,
-`except`, and others.
+This documentation is valid for `main` branch. Please check the documentation for the version of doorkeeper you are using in:
+https://github.com/doorkeeper-gem/doorkeeper/releases.
 
-### Grape endpoints
+Additionally, other resources can be found on:
 
-Starting from version 2.2 Doorkeeper provides helpers for the
-[Grape framework] >= 0.10. One of them is `doorkeeper_authorize!` that
-can be used in a similar way as an example above to protect your API
-with OAuth. Note that you have to use `require 'doorkeeper/grape/helpers'`
-and `helpers Doorkeeper::Grape::Helpers` in your Grape API class.
-
-For more information about integration with Grape see the [Wiki].
-
-[Grape framework]: https://github.com/ruby-grape/grape
-[Wiki]: https://github.com/doorkeeper-gem/doorkeeper/wiki/Grape-Integration
-
-``` ruby
-require 'doorkeeper/grape/helpers'
-
-module API
-  module V1
-    class Users < Grape::API
-      helpers Doorkeeper::Grape::Helpers
-
-      before do
-        doorkeeper_authorize!
-      end
-
-      # route_setting :scopes, ['user:email'] - for old versions of Grape
-      get :emails, scopes: [:user, :write] do
-        [{'email' => current_user.email}]
-      end
-
-      # ...
-    end
-  end
-end
-```
-
-### Route Constraints and other integrations
-
-You can leverage the `Doorkeeper.authenticate` facade to easily extract a
-`Doorkeeper::OAuth::Token` based on the current request. You can then ensure
-that token is still good, find its associated `#resource_owner_id`, etc.
-
-```ruby
-module Constraint
-  class Authenticated
-
-    def matches?(request)
-      token = Doorkeeper.authenticate(request)
-      token && token.accessible?
-    end
-  end
-end
-```
-
-For more information about integration and other integrations, check out [the
-related wiki
-page](https://github.com/doorkeeper-gem/doorkeeper/wiki/ActionController::Metal-with-doorkeeper).
-
-### Access Token Scopes
-
-You can also require the access token to have specific scopes in certain
-actions:
-
-First configure the scopes in `initializers/doorkeeper.rb`
+- [Guides](https://doorkeeper.gitbook.io/guides/) with how-to get started and configuration documentation
+- See the [Wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki) with articles and other documentation
+- Screencast from [railscasts.com](http://railscasts.com/): [#353
+OAuth with
+Doorkeeper](http://railscasts.com/episodes/353-oauth-with-doorkeeper)
+- See [upgrade guides](https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions)
+- For general questions, please post on [Stack Overflow](http://stackoverflow.com/questions/tagged/doorkeeper)
+- See [SECURITY.md](SECURITY.md) for this project's security disclose
+  policy
 
-```ruby
-Doorkeeper.configure do
-  default_scopes :public # if no scope was requested, this will be the default
-  optional_scopes :admin, :write
-end
-```
+## Installation
 
-And in your controllers:
+Installation depends on the framework you're using. The first step is to add the following to your Gemfile:
 
 ```ruby
-class Api::V1::ProductsController < Api::V1::ApiController
-  before_action -> { doorkeeper_authorize! :public }, only: :index
-  before_action only: [:create, :update, :destroy] do
-    doorkeeper_authorize! :admin, :write
-  end
-end
+gem 'doorkeeper'
 ```
 
-Please note that there is a logical OR between multiple required scopes. In the
-above example, `doorkeeper_authorize! :admin, :write` means that the access
-token is required to have either `:admin` scope or `:write` scope, but does not
-need have both of them.
-
-If you want to require the access token to have multiple scopes at the same
-time, use multiple `doorkeeper_authorize!`, for example:
+And run `bundle install`. After this, check out the guide related to the framework you're using.
 
-```ruby
-class Api::V1::ProductsController < Api::V1::ApiController
-  before_action -> { doorkeeper_authorize! :public }, only: :index
-  before_action only: [:create, :update, :destroy] do
-    doorkeeper_authorize! :admin
-    doorkeeper_authorize! :write
-  end
-end
-```
+### Ruby on Rails
 
-In the above example, a client can call `:create` action only if its access token
-has both `:admin` and `:write` scopes.
+Doorkeeper currently supports Ruby on Rails >= 5.0. See the guide [here](https://doorkeeper.gitbook.io/guides/ruby-on-rails/getting-started).
 
-### Custom Access Token Generator
+### Grape
 
-By default a 128 bit access token will be generated. If you require a custom
-token, such as [JWT](http://jwt.io), specify an object that responds to
-`.generate(options = {})` and returns a string to be used as the token.
+Guide for integration with Grape framework can be found [here](https://doorkeeper.gitbook.io/guides/grape/grape).
 
-```ruby
-Doorkeeper.configure do
-  access_token_generator "Doorkeeper::JWT"
-end
-```
+## ORMs
 
-JWT token support is available with
-[Doorkeeper-JWT](https://github.com/chriswarren/doorkeeper-jwt).
+Doorkeeper supports Active Record by default, but can be configured to work with the following ORMs:
 
-### Custom Base Controller
+| ORM | Support via |
+| :--- | :--- |
+| Active Record | by default |
+| MongoDB | [doorkeeper-gem/doorkeeper-mongodb](https://github.com/doorkeeper-gem/doorkeeper-mongodb) |
+| Sequel | [nbulaj/doorkeeper-sequel](https://github.com/nbulaj/doorkeeper-sequel) |
+| Couchbase | [acaprojects/doorkeeper-couchbase](https://github.com/acaprojects/doorkeeper-couchbase) |
+| RethinkDB | [aca-labs/doorkeeper-rethinkdb](https://github.com/aca-labs/doorkeeper-rethinkdb) |
 
-By default Doorkeeper's main controller `Doorkeeper::ApplicationController`
-inherits from `ActionController::Base`. You may want to use your own
-controller to inherit from, to keep Doorkeeper controllers in the same
-context than the rest your app:
+## Extensions
 
-```ruby
-Doorkeeper.configure do
-  base_controller 'ApplicationController'
-end
-```
+Extensions that are not included by default and can be installed separately.
 
-### Authenticated resource owner
+|  | Link |
+| :--- | :--- |
+| OpenID Connect extension | [doorkeeper-gem/doorkeeper-openid\_connect](https://github.com/doorkeeper-gem/doorkeeper-openid_connect) |
+| JWT Token support | [doorkeeper-gem/doorkeeper-jwt](https://github.com/doorkeeper-gem/doorkeeper-jwt) |
+| Assertion grant extension | [doorkeeper-gem/doorkeeper-grants\_assertion](https://github.com/doorkeeper-gem/doorkeeper-grants_assertion) |
+| I18n translations | [doorkeeper-gem/doorkeeper-i18n](https://github.com/doorkeeper-gem/doorkeeper-i18n) |
+| CIBA - Client Initiated Backchannel Authentication Flow extension | [doorkeeper-ciba](https://github.com/autoseg/doorkeeper-ciba) |
+| Device Authorization Grant | [doorkeeper-device_authorization_grant](https://github.com/exop-group/doorkeeper-device_authorization_grant) |
 
-If you want to return data based on the current resource owner, in other
-words, the access token owner, you may want to define a method in your
-controller that returns the resource owner instance:
+## Example Applications
 
-``` ruby
-class Api::V1::CredentialsController < Api::V1::ApiController
-  before_action :doorkeeper_authorize!
-  respond_to    :json
+These applications show how Doorkeeper works and how to integrate with it. Start with the oAuth2 server and use the clients to connect with the server.
 
-  # GET /me.json
-  def me
-    respond_with current_resource_owner
-  end
+| Application | Link |
+| :--- | :--- |
+| OAuth2 Server with Doorkeeper | [doorkeeper-gem/doorkeeper-provider-app](https://github.com/doorkeeper-gem/doorkeeper-provider-app) |
+| Sinatra Client connected to Provider App | [doorkeeper-gem/doorkeeper-sinatra-client](https://github.com/doorkeeper-gem/doorkeeper-sinatra-client) |
+| Devise + Omniauth Client | [doorkeeper-gem/doorkeeper-devise-client](https://github.com/doorkeeper-gem/doorkeeper-devise-client) |
 
-  private
+You may want to create a client application to
+test the integration. Check out these [client
+examples](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications)
+in our wiki or follow this [tutorial
+here](https://github.com/doorkeeper-gem/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem).
 
-  # Find the user that owns the access token
-  def current_resource_owner
-    User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
-  end
-end
-```
+## Tutorials
 
-In this example, we're returning the credentials (`me.json`) of the access
-token owner.
+See [list of tutorials](https://github.com/doorkeeper-gem/doorkeeper/wiki#how-tos--tutorials) in order to learn how to use the gem or integrate it with other solutions / gems.
 
-### Applications list
+## Sponsors
 
-By default, the applications list (`/oauth/applications`) is publicly available.
-To protect the endpoint you should uncomment these lines:
+[![OpenCollective](https://opencollective.com/doorkeeper-gem/backers/badge.svg)](#backers) 
+[![OpenCollective](https://opencollective.com/doorkeeper-gem/sponsors/badge.svg)](#sponsors)
 
-```ruby
-# config/initializers/doorkeeper.rb
-Doorkeeper.configure do
-  admin_authenticator do |routes|
-    Admin.find_by(id: session[:admin_id]) || redirect_to(routes.new_admin_session_url)
-  end
-end
-```
+Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/doorkeeper-gem#sponsor)]
 
-The logic is the same as the `resource_owner_authenticator` block. **Note:**
-since the application list is just a scaffold, it's recommended to either
-customize the controller used by the list or skip the controller all together.
-For more information see the page
-[in the wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes).
+<a href="https://codecademy.com/about/careers?utm_source=doorkeeper-gem" target="_blank"><img src="https://static-assets.codecademy.com/marketing/codecademy_logo_padded.png"/></a>
 
-## Other customizations
+> Codecademy supports open source as part of its mission to democratize tech. Come help us build the education the world deserves: [https://codecademy.com/about/careers](https://codecademy.com/about/careers?utm_source=doorkeeper-gem)
 
-- [Associate users to OAuth applications (ownership)](https://github.com/doorkeeper-gem/doorkeeper/wiki/Associate-users-to-OAuth-applications-%28ownership%29)
-- [CORS - Cross Origin Resource Sharing](https://github.com/doorkeeper-gem/doorkeeper/wiki/%5BCORS%5D-Cross-Origin-Resource-Sharing)
-- see more on [Wiki page](https://github.com/doorkeeper-gem/doorkeeper/wiki)
+<br>
 
-## Testing
+<a href="https://oauth.io/?utm_source=doorkeeper-gem" target="_blank"><img src="https://oauth.io/img/logo_text.png"/></a>
 
-You can use Doorkeeper models in your application test suite. Note that starting from
-Doorkeeper 4.3.0 it uses [ActiveSupport lazy loading hooks](http://api.rubyonrails.org/classes/ActiveSupport/LazyLoadHooks.html)
-to load models. There are [known issue](https://github.com/doorkeeper-gem/doorkeeper/issues/1043)
-with the `factory_bot_rails` gem (it executes factories building before `ActiveRecord::Base`
-is initialized using hooks in gem railtie, so you can catch a `uninitialized constant` error).
-It is recommended to use pure `factory_bot` gem to solve this problem. 
+> If you prefer not to deal with the gory details of OAuth 2, need dedicated customer support & consulting, try the cloud-based SaaS version: [https://oauth.io](https://oauth.io/?utm_source=doorkeeper-gem)
 
-## Upgrading
+<br>
 
-If you want to upgrade doorkeeper to a new version, check out the [upgrading
-notes](https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions)
-and take a look at the
-[changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/master/NEWS.md).
+<a href="https://www.wealthsimple.com/?utm_source=doorkeeper-gem" target="_blank"><img src="https://wealthsimple.s3.amazonaws.com/branding/medium-black.svg"/></a>
 
-Doorkeeper follows [semantic versioning](http://semver.org/).
+> Wealthsimple is a financial company on a mission to help everyone achieve financial freedom by providing products and advice that are accessible and affordable. Using smart technology, Wealthsimple takes financial services that are often confusing, opaque and expensive and makes them simple, transparent, and low-cost. See what Investing on Autopilot is all about: [https://www.wealthsimple.com](https://www.wealthsimple.com/?utm_source=doorkeeper-gem)
 
 ## Development
 
@@ -429,16 +157,19 @@ To run the local engine server:
 
 ```
 bundle install
-bundle exec rails server
+bundle exec rake doorkeeper:server
 ````
 
 By default, it uses the latest Rails version with ActiveRecord. To run the
-tests with a specific ORM and Rails version:
+tests with a specific Rails version:
 
 ```
-rails=4.2.0 orm=active_record bundle exec rake
+BUNDLE_GEMFILE=gemfiles/rails_6_0.gemfile bundle exec rake
 ```
 
+You can also experiment with the changes using `bin/console`. It uses in-memory SQLite database and default
+Doorkeeper config, but you can reestablish connection or reconfigure the gem if you need.
+
 ## Contributing
 
 Want to contribute and don't know where to start? Check out [features we're
@@ -447,41 +178,15 @@ create [example
 apps](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications),
 integrate the gem with your app and let us know!
 
-Also, check out our [contributing guidelines
-page](https://github.com/doorkeeper-gem/doorkeeper/wiki/Contributing).
-
-## Other resources
+Also, check out our [contributing guidelines page](CONTRIBUTING.md).
 
-### Wiki
-
-You can find everything about Doorkeeper in our [wiki
-here](https://github.com/doorkeeper-gem/doorkeeper/wiki).
-
-### Screencast
-
-Check out this screencast from [railscasts.com](http://railscasts.com/): [#353
-OAuth with
-Doorkeeper](http://railscasts.com/episodes/353-oauth-with-doorkeeper)
-
-### Client applications
-
-After you set up the provider, you may want to create a client application to
-test the integration. Check out these [client
-examples](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications)
-in our wiki or follow this [tutorial
-here](https://github.com/doorkeeper-gem/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem).
-
-### Contributors
+## Contributors
 
 Thanks to all our [awesome
 contributors](https://github.com/doorkeeper-gem/doorkeeper/graphs/contributors)!
 
-### IETF Standards
-
-* [The OAuth 2.0 Authorization Framework](http://tools.ietf.org/html/rfc6749)
-* [OAuth 2.0 Threat Model and Security Considerations](http://tools.ietf.org/html/rfc6819)
-* [OAuth 2.0 Token Revocation](http://tools.ietf.org/html/rfc7009)
+<a href="https://github.com/doorkeeper-gem/doorkeeper/graphs/contributors"><img src="https://opencollective.com/doorkeeper-gem/contributors.svg?width=890&button=false" /></a>
 
-### License
+## License
 
-MIT License. Copyright 2011 Applicake.
+MIT License. Created in Applicake. Maintained by the community.

data/app/assets/stylesheets/doorkeeper/admin/application.css

@@ -5,6 +5,6 @@
  *= require_tree .
 */
 
-td {
-  vertical-align: middle !important;
+.doorkeeper-admin .form-group > .field_with_errors {
+  width: 16.66667%;
 }

data/app/controllers/doorkeeper/application_controller.rb

@@ -1,11 +1,14 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   class ApplicationController <
-    Doorkeeper.configuration.base_controller.constantize
-
+    Doorkeeper.config.resolve_controller(:base)
     include Helpers::Controller
+    include ActionController::MimeResponds if Doorkeeper.config.api_only
 
-    protect_from_forgery with: :exception
-
-    helper 'doorkeeper/dashboard'
+    unless Doorkeeper.config.api_only
+      protect_from_forgery with: :exception
+      helper "doorkeeper/dashboard"
+    end
   end
 end

data/app/controllers/doorkeeper/application_metal_controller.rb

@@ -1,16 +1,12 @@
+# frozen_string_literal: true
+
 module Doorkeeper
-  class ApplicationMetalController < ActionController::Metal
-    MODULES = [
-      ActionController::Instrumentation,
-      AbstractController::Rendering,
-      ActionController::Rendering,
-      ActionController::Renderers::All,
-      Helpers::Controller
-    ].freeze
+  class ApplicationMetalController <
+    Doorkeeper.config.resolve_controller(:base_metal)
+    include Helpers::Controller
 
-    MODULES.each do |mod|
-      include mod
-    end
+    before_action :enforce_content_type,
+                  if: -> { Doorkeeper.config.enforce_content_type }
 
     ActiveSupport.run_load_hooks(:doorkeeper_metal_controller, self)
   end