doorkeeper 4.4.3 → 5.0.0

data/app/helpers/doorkeeper/dashboard_helper.rb

@@ -1,15 +1,15 @@
 module Doorkeeper
   module DashboardHelper
     def doorkeeper_errors_for(object, method)
-      if object.errors[method].present?
-        output = object.errors[method].map do |msg|
-          content_tag(:span, class: 'help-block') do
-            msg.capitalize
-          end
-        end
+      return if object.errors[method].blank?
 
-        safe_join(output)
+      output = object.errors[method].map do |msg|
+        content_tag(:span, class: 'form-text') do
+          msg.capitalize
+        end
       end
+
+      safe_join(output)
     end
 
     def doorkeeper_submit_path(application)

data/app/validators/redirect_uri_validator.rb

@@ -34,11 +34,12 @@ class RedirectUriValidator < ActiveModel::EachValidator
 
   def invalid_ssl_uri?(uri)
     forces_ssl = Doorkeeper.configuration.force_ssl_in_redirect_uri
+    non_https = uri.try(:scheme) == 'http'
 
     if forces_ssl.respond_to?(:call)
-      forces_ssl.call(uri)
+      forces_ssl.call(uri) && non_https
     else
-      forces_ssl && uri.try(:scheme) == 'http'
+      forces_ssl && non_https
     end
   end
 end

data/app/views/doorkeeper/applications/_delete_form.html.erb

@@ -1,4 +1,6 @@
 <%- submit_btn_css ||= 'btn btn-link' %>
 <%= form_tag oauth_application_path(application), method: :delete do %>
-  <%= submit_tag t('doorkeeper.applications.buttons.destroy'), onclick: "return confirm('#{ t('doorkeeper.applications.confirmations.destroy') }')", class: submit_btn_css %>
+  <%= submit_tag t('doorkeeper.applications.buttons.destroy'),
+                 onclick: "return confirm('#{ t('doorkeeper.applications.confirmations.destroy') }')",
+                 class: submit_btn_css %>
 <% end %>

data/app/views/doorkeeper/applications/_form.html.erb

@@ -1,58 +1,59 @@
-<%= form_for application, url: doorkeeper_submit_path(application), html: {class: 'form-horizontal', role: 'form'} do |f| %>
+<%= form_for application, url: doorkeeper_submit_path(application), html: { role: 'form' } do |f| %>
   <% if application.errors.any? %>
     <div class="alert alert-danger" data-alert><p><%= t('doorkeeper.applications.form.error') %></p></div>
   <% end %>
 
-  <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:name].present?}" do %>
-    <%= f.label :name, class: 'col-sm-2 control-label' %>
+  <div class="form-group row">
+    <%= f.label :name, class: 'col-sm-2 col-form-label font-weight-bold' %>
     <div class="col-sm-10">
-      <%= f.text_field :name, class: 'form-control' %>
+      <%= f.text_field :name, class: "form-control #{ 'is-invalid' if application.errors[:name].present? }", required: true %>
       <%= doorkeeper_errors_for application, :name %>
     </div>
-  <% end %>
+  </div>
 
-  <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:redirect_uri].present?}" do %>
-    <%= f.label :redirect_uri, class: 'col-sm-2 control-label' %>
+  <div class="form-group row">
+    <%= f.label :redirect_uri, class: 'col-sm-2 col-form-label font-weight-bold' %>
     <div class="col-sm-10">
-      <%= f.text_area :redirect_uri, class: 'form-control' %>
+      <%= f.text_area :redirect_uri, class: "form-control #{ 'is-invalid' if application.errors[:redirect_uri].present? }" %>
       <%= doorkeeper_errors_for application, :redirect_uri %>
-      <span class="help-block">
+      <span class="form-text text-secondary">
         <%= t('doorkeeper.applications.help.redirect_uri') %>
       </span>
+
       <% if Doorkeeper.configuration.native_redirect_uri %>
-          <span class="help-block">
-            <%= raw t('doorkeeper.applications.help.native_redirect_uri', native_redirect_uri: content_tag(:code) { Doorkeeper.configuration.native_redirect_uri }) %>
+          <span class="form-text text-secondary">
+            <%= raw t('doorkeeper.applications.help.native_redirect_uri', native_redirect_uri: content_tag(:code, class: 'bg-light') { Doorkeeper.configuration.native_redirect_uri }) %>
           </span>
       <% end %>
     </div>
-  <% end %>
+  </div>
 
-  <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:confidential].present?}" do %>
-    <%= f.label :confidential, class: 'col-sm-2 control-label' %>
+  <div class="form-group row">
+    <%= f.label :confidential, class: 'col-sm-2 form-check-label font-weight-bold' %>
     <div class="col-sm-10">
-      <%= f.check_box :confidential, class: 'form-control', disabled: !Doorkeeper::Application.supports_confidentiality? %>
+      <%= f.check_box :confidential, class: "checkbox #{ 'is-invalid' if application.errors[:confidential].present? }" %>
       <%= doorkeeper_errors_for application, :confidential %>
-      <span class="help-block">
+      <span class="form-text text-secondary">
         <%= t('doorkeeper.applications.help.confidential') %>
       </span>
     </div>
-  <% end %>
+  </div>
 
-  <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:scopes].present?}" do %>
-    <%= f.label :scopes, class: 'col-sm-2 control-label' %>
+  <div class="form-group row">
+    <%= f.label :scopes, class: 'col-sm-2 col-form-label font-weight-bold' %>
     <div class="col-sm-10">
-      <%= f.text_field :scopes, class: 'form-control' %>
+      <%= f.text_field :scopes, class: "form-control #{ 'has-error' if application.errors[:scopes].present? }" %>
       <%= doorkeeper_errors_for application, :scopes %>
-      <span class="help-block">
+      <span class="form-text text-secondary">
         <%= t('doorkeeper.applications.help.scopes') %>
       </span>
     </div>
-  <% end %>
+  </div>
 
   <div class="form-group">
     <div class="col-sm-offset-2 col-sm-10">
-      <%= f.submit t('doorkeeper.applications.buttons.submit'), class: "btn btn-primary" %>
-      <%= link_to t('doorkeeper.applications.buttons.cancel'), oauth_applications_path, class: "btn btn-default" %>
+      <%= f.submit t('doorkeeper.applications.buttons.submit'), class: 'btn btn-primary' %>
+      <%= link_to t('doorkeeper.applications.buttons.cancel'), oauth_applications_path, class: 'btn btn-secondary' %>
     </div>
   </div>
 <% end %>

data/app/views/doorkeeper/applications/edit.html.erb

@@ -1,4 +1,4 @@
-<div class="page-header">
+<div class="border-bottom mb-4">
   <h1><%= t('.title') %></h1>
 </div>
 

data/app/views/doorkeeper/applications/index.html.erb

@@ -1,4 +1,4 @@
-<div class="page-header">
+<div class="border-bottom mb-4">
   <h1><%= t('.title') %></h1>
 </div>
 
@@ -10,18 +10,28 @@
     <th><%= t('.name') %></th>
     <th><%= t('.callback_url') %></th>
     <th><%= t('.confidential') %></th>
-    <th></th>
+    <th><%= t('.actions') %></th>
     <th></th>
   </tr>
   </thead>
   <tbody>
   <% @applications.each do |application| %>
     <tr id="application_<%= application.id %>">
-      <td><%= link_to application.name, oauth_application_path(application) %></td>
-      <td><%= application.redirect_uri %></td>
-      <td><%= application.confidential? ? t('doorkeeper.applications.index.confidentiality.yes') : t('doorkeeper.applications.index.confidentiality.no') %></td>
-      <td><%= link_to t('doorkeeper.applications.buttons.edit'), edit_oauth_application_path(application), class: 'btn btn-link' %></td>
-      <td><%= render 'delete_form', application: application %></td>
+      <td class="align-middle">
+        <%= link_to application.name, oauth_application_path(application) %>
+      </td>
+      <td class="align-middle">
+        <%= simple_format(application.redirect_uri) %>
+      </td>
+      <td class="align-middle">
+        <%= application.confidential? ? t('doorkeeper.applications.index.confidentiality.yes') : t('doorkeeper.applications.index.confidentiality.no') %>
+      </td>
+      <td class="align-middle">
+        <%= link_to t('doorkeeper.applications.buttons.edit'), edit_oauth_application_path(application), class: 'btn btn-link' %>
+      </td>
+      <td class="align-middle">
+        <%= render 'delete_form', application: application %>
+      </td>
     </tr>
   <% end %>
   </tbody>

data/app/views/doorkeeper/applications/new.html.erb

@@ -1,4 +1,4 @@
-<div class="page-header">
+<div class="border-bottom mb-4">
   <h1><%= t('.title') %></h1>
 </div>
 

data/app/views/doorkeeper/applications/show.html.erb

@@ -1,20 +1,20 @@
-<div class="page-header">
+<div class="border-bottom mb-4">
   <h1><%= t('.title', name: @application.name) %></h1>
 </div>
 
 <div class="row">
   <div class="col-md-8">
     <h4><%= t('.application_id') %>:</h4>
-    <p><code id="application_id"><%= @application.uid %></code></p>
+    <p><code class="bg-light" id="application_id"><%= @application.uid %></code></p>
 
     <h4><%= t('.secret') %>:</h4>
-    <p><code id="secret"><%= @application.secret %></code></p>
+    <p><code class="bg-light" id="secret"><%= @application.secret %></code></p>
 
     <h4><%= t('.scopes') %>:</h4>
-    <p><code id="scopes"><%= @application.scopes %></code></p>
+    <p><code class="bg-light" id="scopes"><%= @application.scopes.presence || raw('&nbsp;') %></code></p>
 
     <h4><%= t('.confidential') %>:</h4>
-    <p><code id="confidential"><%= @application.confidential? %></code></p>
+    <p><code class="bg-light" id="confidential"><%= @application.confidential? %></code></p>
 
     <h4><%= t('.callback_urls') %>:</h4>
 
@@ -22,7 +22,7 @@
       <% @application.redirect_uri.split.each do |uri| %>
         <tr>
           <td>
-            <code><%= uri %></code>
+            <code class="bg-light"><%= uri %></code>
           </td>
           <td>
             <%= link_to t('doorkeeper.applications.buttons.authorize'), oauth_authorization_path(client_id: @application.uid, redirect_uri: uri, response_type: 'code', scope: @application.scopes), class: 'btn btn-success', target: '_blank' %>

data/app/views/doorkeeper/authorizations/error.html.erb

@@ -1,4 +1,4 @@
-<div class="page-header">
+<div class="border-bottom mb-4">
   <h1><%= t('doorkeeper.authorizations.error.title') %></h1>
 </div>
 

data/app/views/doorkeeper/authorizations/new.html.erb

@@ -26,6 +26,8 @@
       <%= hidden_field_tag :state, @pre_auth.state %>
       <%= hidden_field_tag :response_type, @pre_auth.response_type %>
       <%= hidden_field_tag :scope, @pre_auth.scope %>
+      <%= hidden_field_tag :code_challenge, @pre_auth.code_challenge %>
+      <%= hidden_field_tag :code_challenge_method, @pre_auth.code_challenge_method %>
       <%= submit_tag t('doorkeeper.authorizations.buttons.authorize'), class: "btn btn-success btn-lg btn-block" %>
     <% end %>
     <%= form_tag oauth_authorization_path, method: :delete do %>
@@ -34,6 +36,8 @@
       <%= hidden_field_tag :state, @pre_auth.state %>
       <%= hidden_field_tag :response_type, @pre_auth.response_type %>
       <%= hidden_field_tag :scope, @pre_auth.scope %>
+      <%= hidden_field_tag :code_challenge, @pre_auth.code_challenge %>
+      <%= hidden_field_tag :code_challenge_method, @pre_auth.code_challenge_method %>
       <%= submit_tag t('doorkeeper.authorizations.buttons.deny'), class: "btn btn-danger btn-lg btn-block" %>
     <% end %>
   </div>

data/app/views/layouts/doorkeeper/admin.html.erb

@@ -4,27 +4,27 @@
   <meta charset="utf-8">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Doorkeeper</title>
+  <title><%= t('doorkeeper.layouts.admin.title') %></title>
   <%= stylesheet_link_tag "doorkeeper/admin/application" %>
   <%= csrf_meta_tags %>
 </head>
 <body>
-<div class="navbar navbar-inverse navbar-static-top" role="navigation">
-  <div class="container-fluid">
-    <div class="navbar-header">
-      <%= link_to t('doorkeeper.layouts.admin.nav.oauth2_provider'), oauth_applications_path, class: 'navbar-brand' %>
-    </div>
-    <ul class="nav navbar-nav">
-      <%= content_tag :li, class: "#{'active' if request.path == oauth_applications_path}" do %>
-        <%= link_to t('doorkeeper.layouts.admin.nav.applications'), oauth_applications_path %>
-      <% end %>
-      <%= content_tag :li do %>
-        <%= link_to t('doorkeeper.layouts.admin.nav.home'), root_path %>
-      <% end %>
+<nav class="navbar navbar-expand-lg navbar-dark bg-dark mb-5">
+  <%= link_to t('doorkeeper.layouts.admin.nav.oauth2_provider'), oauth_applications_path, class: 'navbar-brand' %>
+
+  <div class="collapse navbar-collapse">
+    <ul class="navbar-nav mr-auto">
+      <li class="nav-item <%= 'active' if request.path == oauth_applications_path %>">
+        <%= link_to t('doorkeeper.layouts.admin.nav.applications'), oauth_applications_path, class: 'nav-link' %>
+      </li>
+      <li class="nav-item">
+        <%= link_to t('doorkeeper.layouts.admin.nav.home'), root_path, class: 'nav-link' %>
+      </li>
     </ul>
   </div>
-</div>
-<div class="container">
+</nav>
+
+<div class="doorkeeper-admin container">
   <%- if flash[:notice].present? %>
     <div class="alert alert-info">
       <%= flash[:notice] %>

data/config/locales/en.yml

@@ -14,6 +14,8 @@ en:
               relative_uri: 'must be an absolute URI.'
               secured_uri: 'must be an HTTPS/SSL URI.'
               forbidden_uri: 'is forbidden by the server.'
+            scopes:
+              not_match_configured: "doesn't match configured on the server."
 
   doorkeeper:
     applications:
@@ -40,6 +42,7 @@ en:
         name: 'Name'
         callback_url: 'Callback URL'
         confidential: 'Confidential?'
+        actions: 'Actions'
         confidentiality:
           'yes': 'Yes'
           'no': 'No'
@@ -47,7 +50,7 @@ en:
         title: 'New Application'
       show:
         title: 'Application: %{name}'
-        application_id: 'Application Id'
+        application_id: 'Application UID'
         secret: 'Secret'
         scopes: 'Scopes'
         confidential: 'Confidential'
@@ -78,6 +81,9 @@ en:
         created_at: 'Created At'
         date_format: '%Y-%m-%d %H:%M:%S'
 
+    pre_authorization:
+      status: 'Pre-authorization'
+
     errors:
       messages:
         # Common error messages
@@ -86,12 +92,14 @@ en:
         unauthorized_client: 'The client is not authorized to perform this request using this method.'
         access_denied: 'The resource owner or authorization server denied the request.'
         invalid_scope: 'The requested scope is invalid, unknown, or malformed.'
+        invalid_code_challenge_method: 'The code challenge method must be plain or S256.'
         server_error: 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.'
         temporarily_unavailable: 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.'
 
         # Configuration error messages
         credential_flow_not_configured: 'Resource Owner Password Credentials flow failed due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.'
         resource_owner_authenticator_not_configured: 'Resource Owner find failed due to Doorkeeper.configure.resource_owner_authenticator being unconfigured.'
+        admin_authenticator_not_configured: 'Access to admin panel is forbidden due to Doorkeeper.configure.admin_authenticator being unconfigured.'
 
         # Access grant errors
         unsupported_response_type: 'The authorization server does not support this response type.'
@@ -120,6 +128,7 @@ en:
 
     layouts:
       admin:
+        title: 'Doorkeeper'
         nav:
           oauth2_provider: 'OAuth2 Provider'
           applications: 'Applications'

data/doorkeeper.gemspec

@@ -1,32 +1,30 @@
-$LOAD_PATH.push File.expand_path("../lib", __FILE__)
+$LOAD_PATH.push File.expand_path('../lib', __FILE__)
 
-require "doorkeeper/version"
+require 'doorkeeper/version'
 
 Gem::Specification.new do |s|
-  s.name        = "doorkeeper"
+  s.name        = 'doorkeeper'
   s.version     = Doorkeeper.gem_version
-  s.authors     = ["Felipe Elias Philipp", "Tute Costa", "Jon Moss", "Nikita Bulai"]
+  s.authors     = ['Felipe Elias Philipp', 'Tute Costa', 'Jon Moss', 'Nikita Bulai']
   s.email       = %w(bulaj.nikita@gmail.com)
-  s.homepage    = "https://github.com/doorkeeper-gem/doorkeeper"
-  s.summary     = "OAuth 2 provider for Rails and Grape"
-  s.description = "Doorkeeper is an OAuth 2 provider for Rails and Grape."
+  s.homepage    = 'https://github.com/doorkeeper-gem/doorkeeper'
+  s.summary     = 'OAuth 2 provider for Rails and Grape'
+  s.description = 'Doorkeeper is an OAuth 2 provider for Rails and Grape.'
   s.license     = 'MIT'
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- spec/*`.split("\n")
-  s.require_paths = ["lib"]
+  s.require_paths = ['lib']
 
-  s.add_dependency "railties", ">= 4.2"
-  s.required_ruby_version = ">= 2.1"
+  s.add_dependency 'railties', '>= 4.2'
+  s.required_ruby_version = '>= 2.1'
 
-  s.add_development_dependency "capybara"
-  s.add_development_dependency "coveralls"
-  s.add_development_dependency "grape"
-  s.add_development_dependency "database_cleaner", "~> 1.6"
-  s.add_development_dependency "factory_bot", "~> 4.8"
-  s.add_development_dependency "generator_spec", "~> 0.9.3"
-  s.add_development_dependency "rake", ">= 11.3.0"
-  s.add_development_dependency "rspec-rails"
-
-  s.post_install_message = Doorkeeper::CVE_2018_1000211_WARNING
+  s.add_development_dependency 'capybara', '~> 2.18'
+  s.add_development_dependency 'coveralls'
+  s.add_development_dependency 'grape'
+  s.add_development_dependency 'database_cleaner', '~> 1.6'
+  s.add_development_dependency 'factory_bot', '~> 4.8'
+  s.add_development_dependency 'generator_spec', '~> 0.9.3'
+  s.add_development_dependency 'rake', '>= 11.3.0'
+  s.add_development_dependency 'rspec-rails'
 end

data/gemfiles/rails_5_2.gemfile

@@ -2,7 +2,7 @@
 
 source "https://rubygems.org"
 
-gem "rails", "5.2.0.rc1"
+gem "rails", "5.2.0"
 gem "appraisal"
 gem "activerecord-jdbcsqlite3-adapter", platforms: :jruby
 gem "sqlite3", platforms: [:ruby, :mswin, :mingw, :x64_mingw]

data/gemfiles/rails_master.gemfile

@@ -9,6 +9,9 @@ gem "appraisal"
 gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
 gem "sqlite3", platform: [:ruby, :mswin, :mingw, :x64_mingw]
 gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
-gem "rspec-rails", "~> 3.7"
+
+%w[rspec-core rspec-expectations rspec-mocks rspec-rails rspec-support].each do |lib|
+  gem lib, git: "https://github.com/rspec/#{lib}.git", branch: 'master'
+end
 
 gemspec path: "../"

data/lib/doorkeeper/config.rb

@@ -15,19 +15,19 @@ module Doorkeeper
   end
 
   def self.configuration
-    @config || (fail MissingConfiguration)
+    @config || (raise MissingConfiguration)
   end
 
   def self.setup_orm_adapter
     @orm_adapter = "doorkeeper/orm/#{configuration.orm}".classify.constantize
-  rescue NameError => e
-    fail e, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.squish
-[doorkeeper] ORM adapter not found (#{configuration.orm}), or there was an error
-trying to load it.
-
-You probably need to add the related gem for this adapter to work with
-doorkeeper.
-      ERROR_MSG
+  rescue NameError => error
+    raise error, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.strip_heredoc
+      [doorkeeper] ORM adapter not found (#{configuration.orm}), or there was an error
+      trying to load it.
+
+      You probably need to add the related gem for this adapter to work with
+      doorkeeper.
+    ERROR_MSG
   end
 
   def self.setup_orm_models
@@ -90,7 +90,7 @@ doorkeeper.
       #
       # @param methods [Array] Define client credentials
       def client_credentials(*methods)
-        @config.instance_variable_set(:@client_credentials, methods)
+        @config.instance_variable_set(:@client_credentials_methods, methods)
       end
 
       # Change the way access token is authenticated from the request object.
@@ -103,9 +103,12 @@ doorkeeper.
         @config.instance_variable_set(:@access_token_methods, methods)
       end
 
-      # Issue access tokens with refresh token (disabled by default)
-      def use_refresh_token
-        @config.instance_variable_set(:@refresh_token_enabled, true)
+      # Issue access tokens with refresh token (disabled if not set)
+      def use_refresh_token(enabled = true, &block)
+        @config.instance_variable_set(
+          :@refresh_token_enabled,
+          block ? block : enabled
+        )
       end
 
       # Reuse access token for the same resource owner within an application
@@ -115,13 +118,23 @@ doorkeeper.
         @config.instance_variable_set(:@reuse_access_token, true)
       end
 
-      # Opt out of breaking api change to the native authorization code flow.
-      # Opting out sets the authorization code response route for native
-      # redirect uris to oauth/authorize/<code>. The default is
-      # oauth/authorize/native?code=<code>.
-      # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1143
-      def opt_out_native_route_change
-        @config.instance_variable_set(:@opt_out_native_route_change, true)
+      # Use an API mode for applications generated with --api argument
+      # It will skip applications controller, disable forgery protection
+      def api_only
+        @config.instance_variable_set(:@api_only, true)
+      end
+
+      # Forbids creating/updating applications with arbitrary scopes that are
+      # not in configuration, i.e. `default_scopes` or `optional_scopes`.
+      # (disabled by default)
+      def enforce_configured_scopes
+        @config.instance_variable_set(:@enforce_configured_scopes, true)
+      end
+
+      # Enforce request content type as the spec requires:
+      # disabled by default for backward compatibility.
+      def enforce_content_type
+        @config.instance_variable_set(:@enforce_content_type, true)
       end
     end
 
@@ -188,25 +201,39 @@ doorkeeper.
     option :resource_owner_authenticator,
            as: :authenticate_resource_owner,
            default: (lambda do |_routes|
-             ::Rails.logger.warn(I18n.t('doorkeeper.errors.messages.resource_owner_authenticator_not_configured'))
+             ::Rails.logger.warn(
+               I18n.t('doorkeeper.errors.messages.resource_owner_authenticator_not_configured')
+             )
+
              nil
            end)
 
     option :admin_authenticator,
            as: :authenticate_admin,
-           default: ->(_routes) {}
+           default: (lambda do |_routes|
+             ::Rails.logger.warn(
+               I18n.t('doorkeeper.errors.messages.admin_authenticator_not_configured')
+             )
+
+             head :forbidden
+           end)
 
     option :resource_owner_from_credentials,
            default: (lambda do |_routes|
-             ::Rails.logger.warn(I18n.t('doorkeeper.errors.messages.credential_flow_not_configured'))
+             ::Rails.logger.warn(
+               I18n.t('doorkeeper.errors.messages.credential_flow_not_configured')
+             )
+
              nil
            end)
+    option :before_successful_authorization, default: ->(_context) {}
+    option :after_successful_authorization, default: ->(_context) {}
     option :before_successful_strategy_response, default: ->(_request) {}
     option :after_successful_strategy_response,
            default: ->(_request, _response) {}
     option :skip_authorization,             default: ->(_routes) {}
     option :access_token_expires_in,        default: 7200
-    option :custom_access_token_expires_in, default: ->(_app) { nil }
+    option :custom_access_token_expires_in, default: ->(_context) { nil }
     option :authorization_code_expires_in,  default: 600
     option :orm,                            default: :active_record
     option :native_redirect_uri,            default: 'urn:ietf:wg:oauth:2.0:oob'
@@ -241,7 +268,6 @@ doorkeeper.
     #
     option :force_ssl_in_redirect_uri,      default: !Rails.env.development?
 
-
     # Use a custom class for generating the access token.
     # https://github.com/doorkeeper-gem/doorkeeper#custom-access-token-generator
     #
@@ -260,20 +286,35 @@ doorkeeper.
            default: 'ActionController::Base'
 
     attr_reader :reuse_access_token
+    attr_reader :api_only
+    attr_reader :enforce_content_type
+
+    def api_only
+      @api_only ||= false
+    end
+
+    def enforce_content_type
+      @enforce_content_type ||= false
+    end
 
     def refresh_token_enabled?
-      @refresh_token_enabled ||= false
-      !!@refresh_token_enabled
+      if defined?(@refresh_token_enabled)
+        @refresh_token_enabled
+      else
+        false
+      end
+    end
+
+    def enforce_configured_scopes?
+      !!(defined?(@enforce_configured_scopes) && @enforce_configured_scopes)
     end
 
     def enable_application_owner?
-      @enable_application_owner ||= false
-      !!@enable_application_owner
+      !!(defined?(@enable_application_owner) && @enable_application_owner)
     end
 
     def confirm_application_owner?
-      @confirm_application_owner ||= false
-      !!@confirm_application_owner
+      !!(defined?(@confirm_application_owner) && @confirm_application_owner)
     end
 
     def default_scopes
@@ -289,7 +330,7 @@ doorkeeper.
     end
 
     def client_credentials_methods
-      @client_credentials ||= %i[from_basic from_params]
+      @client_credentials_methods ||= %i[from_basic from_params]
     end
 
     def access_token_methods
@@ -297,16 +338,11 @@ doorkeeper.
     end
 
     def authorization_response_types
-      @authorization_response_types ||= calculate_authorization_response_types
+      @authorization_response_types ||= calculate_authorization_response_types.freeze
     end
 
     def token_grant_types
-      @token_grant_types ||= calculate_token_grant_types
-    end
-
-    def native_authorization_code_route
-      @opt_out_native_route_change ||= false
-      @opt_out_native_route_change ? '/:code' : '/native'
+      @token_grant_types ||= calculate_token_grant_types.freeze
     end
 
     private

data/lib/doorkeeper/engine.rb

@@ -17,6 +17,10 @@ module Doorkeeper
 
     if defined?(Sprockets) && Sprockets::VERSION.chr.to_i >= 4
       initializer 'doorkeeper.assets.precompile' do |app|
+        # Force users to use:
+        #    //= link doorkeeper/admin/application.css
+        # in Doorkeeper 5 for Sprockets 4 instead of precompile.
+        # Add note to official docs & Wiki
         app.config.assets.precompile += %w[
           doorkeeper/application.css
           doorkeeper/admin/application.css