RubyGems - doorkeeper - Versions diffs - 5.2.6 → 5.3.0 - Mend

doorkeeper 5.2.6 → 5.3.0

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (126) hide show

checksums.yaml +4 -4
data/Appraisals +2 -2
data/CHANGELOG.md +15 -14
data/Gemfile +2 -2
data/app/controllers/doorkeeper/application_controller.rb +2 -2
data/app/controllers/doorkeeper/application_metal_controller.rb +2 -2
data/app/controllers/doorkeeper/applications_controller.rb +3 -3
data/app/controllers/doorkeeper/authorizations_controller.rb +2 -2
data/app/controllers/doorkeeper/authorized_applications_controller.rb +3 -3
data/gemfiles/rails_5_0.gemfile +2 -2
data/gemfiles/rails_5_1.gemfile +2 -2
data/gemfiles/rails_5_2.gemfile +2 -2
data/gemfiles/rails_6_0.gemfile +2 -2
data/gemfiles/rails_master.gemfile +2 -2
data/lib/doorkeeper.rb +2 -3
data/lib/doorkeeper/config.rb +71 -39
data/lib/doorkeeper/grape/helpers.rb +1 -1
data/lib/doorkeeper/helpers/controller.rb +10 -8
data/lib/doorkeeper/models/access_grant_mixin.rb +7 -6
data/lib/doorkeeper/models/access_token_mixin.rb +55 -18
data/lib/doorkeeper/models/application_mixin.rb +3 -3
data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
data/lib/doorkeeper/models/concerns/revocable.rb +0 -27
data/lib/doorkeeper/oauth/authorization/code.rb +4 -4
data/lib/doorkeeper/oauth/authorization/token.rb +9 -6
data/lib/doorkeeper/oauth/authorization_code_request.rb +13 -6
data/lib/doorkeeper/oauth/base_request.rb +8 -4
data/lib/doorkeeper/oauth/client.rb +7 -8
data/lib/doorkeeper/oauth/client_credentials/creator.rb +16 -9
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +7 -7
data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +4 -4
data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -1
data/lib/doorkeeper/oauth/code_response.rb +2 -2
data/lib/doorkeeper/oauth/error.rb +1 -1
data/lib/doorkeeper/oauth/error_response.rb +5 -5
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +7 -5
data/lib/doorkeeper/oauth/helpers/unique_token.rb +8 -5
data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -1
data/lib/doorkeeper/oauth/invalid_request_response.rb +3 -3
data/lib/doorkeeper/oauth/invalid_token_response.rb +5 -2
data/lib/doorkeeper/oauth/password_access_token_request.rb +3 -3
data/lib/doorkeeper/oauth/pre_authorization.rb +7 -5
data/lib/doorkeeper/oauth/refresh_token_request.rb +5 -5
data/lib/doorkeeper/oauth/token.rb +2 -2
data/lib/doorkeeper/oauth/token_introspection.rb +6 -6
data/lib/doorkeeper/orm/active_record.rb +3 -3
data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
data/lib/doorkeeper/orm/active_record/application.rb +3 -155
data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +53 -0
data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +47 -0
data/lib/doorkeeper/orm/active_record/mixins/application.rb +128 -0
data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +3 -3
data/lib/doorkeeper/rails/helpers.rb +4 -4
data/lib/doorkeeper/rails/routes.rb +5 -7
data/lib/doorkeeper/rake/db.rake +3 -3
data/lib/doorkeeper/request.rb +1 -1
data/lib/doorkeeper/request/authorization_code.rb +3 -3
data/lib/doorkeeper/request/client_credentials.rb +2 -2
data/lib/doorkeeper/request/password.rb +2 -2
data/lib/doorkeeper/request/refresh_token.rb +3 -3
data/lib/doorkeeper/server.rb +1 -1
data/lib/doorkeeper/stale_records_cleaner.rb +1 -1
data/lib/doorkeeper/version.rb +2 -2
data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
data/lib/generators/doorkeeper/migration_generator.rb +1 -1
data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +2 -2
data/lib/generators/doorkeeper/templates/initializer.rb +39 -8
data/spec/controllers/application_metal_controller_spec.rb +1 -1
data/spec/controllers/applications_controller_spec.rb +3 -2
data/spec/controllers/authorizations_controller_spec.rb +18 -18
data/spec/controllers/protected_resources_controller_spec.rb +25 -17
data/spec/controllers/token_info_controller_spec.rb +1 -1
data/spec/controllers/tokens_controller_spec.rb +1 -1
data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +3 -3
data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +1 -1
data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +1 -1
data/spec/generators/install_generator_spec.rb +1 -1
data/spec/generators/previous_refresh_token_generator_spec.rb +2 -2
data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
data/spec/lib/config_spec.rb +61 -21
data/spec/lib/doorkeeper_spec.rb +1 -1
data/spec/lib/models/revocable_spec.rb +3 -3
data/spec/lib/oauth/authorization_code_request_spec.rb +127 -125
data/spec/lib/oauth/base_request_spec.rb +160 -158
data/spec/lib/oauth/base_response_spec.rb +27 -29
data/spec/lib/oauth/client/credentials_spec.rb +1 -1
data/spec/lib/oauth/client_credentials/creator_spec.rb +42 -5
data/spec/lib/oauth/client_credentials/issuer_spec.rb +12 -12
data/spec/lib/oauth/client_credentials/validation_spec.rb +4 -4
data/spec/lib/oauth/client_credentials_integration_spec.rb +16 -18
data/spec/lib/oauth/client_credentials_request_spec.rb +78 -80
data/spec/lib/oauth/client_spec.rb +26 -26
data/spec/lib/oauth/code_request_spec.rb +34 -34
data/spec/lib/oauth/code_response_spec.rb +21 -25
data/spec/lib/oauth/error_response_spec.rb +42 -44
data/spec/lib/oauth/error_spec.rb +12 -14
data/spec/lib/oauth/forbidden_token_response_spec.rb +11 -13
data/spec/lib/oauth/helpers/scope_checker_spec.rb +30 -18
data/spec/lib/oauth/invalid_request_response_spec.rb +48 -50
data/spec/lib/oauth/invalid_token_response_spec.rb +32 -34
data/spec/lib/oauth/password_access_token_request_spec.rb +145 -147
data/spec/lib/oauth/pre_authorization_spec.rb +159 -161
data/spec/lib/oauth/refresh_token_request_spec.rb +138 -139
data/spec/lib/oauth/scopes_spec.rb +104 -106
data/spec/lib/oauth/token_request_spec.rb +115 -111
data/spec/lib/oauth/token_response_spec.rb +71 -73
data/spec/lib/oauth/token_spec.rb +121 -123
data/spec/models/doorkeeper/access_grant_spec.rb +3 -5
data/spec/models/doorkeeper/access_token_spec.rb +7 -7
data/spec/models/doorkeeper/application_spec.rb +295 -373
data/spec/requests/applications/applications_request_spec.rb +1 -1
data/spec/requests/endpoints/authorization_spec.rb +5 -3
data/spec/requests/flows/authorization_code_spec.rb +34 -22
data/spec/requests/flows/client_credentials_spec.rb +1 -1
data/spec/requests/flows/password_spec.rb +32 -12
data/spec/requests/flows/refresh_token_spec.rb +19 -19
data/spec/requests/flows/revoke_token_spec.rb +18 -12
data/spec/spec_helper.rb +1 -4
data/spec/support/shared/controllers_shared_context.rb +33 -23
data/spec/validators/redirect_uri_validator_spec.rb +1 -1
metadata +6 -5
data/spec/support/http_method_shim.rb +0 -29

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9f054b4619e2489e52e1e61a959878fa612ae5c42f7217d48f8b59173fb0c8da
-  data.tar.gz: 160f404b0c1e5eeffe97340c748e2f1f65d4bd6092367320ad573ad042f05ad1
+  metadata.gz: 13bf83a25959d2152f6508e2e3c07f393d2b13f78c9d1eacb0aa58aead6872bc
+  data.tar.gz: eb0ee49811f240ab19902d32a66d580fb8ea0d111cae312dbb207817d443034d
 SHA512:
-  metadata.gz: e8929470e2fd326bed639d35723f458799e9e868e8bdd27b35e4d667d9271edd38e0e3d1d14b0b7e0c7f36a474acfb9d5ee72cf84aa6a77a7f768fb0a898709c
-  data.tar.gz: 6fed1b0c2e7f6ffc141c22bd27974423bd80d3c81c90bbeff83964570b9e9158616cc56fefca1996c8da2018c098246691fc8a5b7f8ef6e6fcc2bd9b03488c38
+  metadata.gz: 8618a5f367b118059aef8bb970237ce83ed8fd056419523e15d71a59bdadc0bba1630774b116ca50f0f3bcf5300015bfcc3d7ecc6400207750fa823a50f459a2
+  data.tar.gz: f377fe495a2414754dcfa7090743d16c7a908e32c316b122f7bb7d993eb81780910bd5d2661f63b94acdeed867bf1effdae3f636a859fa4e24d29e948aeccdb1

data/Appraisals CHANGED

@@ -23,7 +23,7 @@ appraise "rails-6-0" do
   gem "rspec-core", github: "rspec/rspec-core"
   gem "rspec-expectations", github: "rspec/rspec-expectations"
   gem "rspec-mocks", github: "rspec/rspec-mocks"
-  gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-dev"
+  gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-maintenance"
   gem "rspec-support", github: "rspec/rspec-support"
 end
@@ -35,6 +35,6 @@ appraise "rails-master" do
   gem "rspec-core", github: "rspec/rspec-core"
   gem "rspec-expectations", github: "rspec/rspec-expectations"
   gem "rspec-mocks", github: "rspec/rspec-mocks"
-  gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-dev"
+  gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-maintenance"
   gem "rspec-support", github: "rspec/rspec-support"
 end

data/CHANGELOG.md CHANGED

@@ -5,23 +5,24 @@ upgrade guides.
 User-visible changes worth mentioning.
-## 5.2.6
+## master
-- [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
+- [#PR ID] Your PR short description here.
-## 5.2.5
+## 5.3.0
-- [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
-  Fixes information disclosure vulnerability (CVE-2020-10187).
-  **[IMPORTANT]** you need to re-implement `#as_json` method for Doorkeeper Application model
-  if you previously used `#to_json` serialization with custom options or attributes or rely on
-  JSON response from /oauth/applications.json or /oauth/authorized_applications.json. This change
-  is a breaking change which restricts serialized attributes to a very small set of columns.
+- [#1339] Validate Resource Owner in `PasswordAccessTokenRequest` against `nil` and `false` values.
+- [#1341] Fix `refresh_token_revoked_on_use` with `hash_token_secrets` enabled.
+- [#1343] Fix ruby 2.7 kwargs warning in InvalidTokenResponse.
+- [#1345] Allow to set custom classes for Doorkeeper models, extract reusable AR mixins.
+- [#1346] Refactor `Doorkeeper::Application#to_json` into convenient `#as_json` (fix #1344).
+- [#1349] Fix `Doorkeeper::Application` AR associations using an incorrect foreign key name when using a custom class.
+- [#1318] Make existing token revocation for client credentials optional and disable it by default.
-## 5.2.4
-- [#1360] Increase `matching_token_for` batch lookup size to 10 000 and make it configurable.
+  **[IMPORTANT]** This is a change compared to the behaviour of version 5.2.
+  If you were relying on access tokens being revoked once the same client
+  requested a new access token, reenable it with `revoke_previous_client_credentials_token` in Doorkeeper
+  initialization file.
 ## 5.2.3
@@ -101,7 +102,7 @@ User-visible changes worth mentioning.
   **[IMPORTANT]** If you have been using the master branch of doorkeeper with bcrypt in your Gemfile.lock,
   your application secrets have been hashed using BCrypt. To restore this behavior, use the initializer option
-  `use_application_hashing using: 'Doorkeeper::SecretStoring::BCrypt`.
+  `hash_application_secrets using: 'Doorkeeper::SecretStoring::BCrypt`.
 - [#1216] Add nil check to `expires_at` method.
 - [#1215] Fix deprecates for Rails 6.

data/Gemfile CHANGED

@@ -11,10 +11,10 @@ gem "rails", "~> 6.0.0"
 gem "rspec-core", github: "rspec/rspec-core"
 gem "rspec-expectations", github: "rspec/rspec-expectations"
 gem "rspec-mocks", github: "rspec/rspec-mocks"
-gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-maintenance"
+gem "rspec-rails", "4.0.0.beta3"
 gem "rspec-support", github: "rspec/rspec-support"
-gem "rubocop", "~> 0.66"
+gem "rubocop", "~> 0.75"
 gem "rubocop-performance"
 gem "bcrypt", "~> 3.1", require: false

data/app/controllers/doorkeeper/application_controller.rb CHANGED

@@ -2,10 +2,10 @@
 module Doorkeeper
   class ApplicationController <
-    Doorkeeper.configuration.resolve_controller(:base)
+    Doorkeeper.config.resolve_controller(:base)
     include Helpers::Controller
-    unless Doorkeeper.configuration.api_only
+    unless Doorkeeper.config.api_only
       protect_from_forgery with: :exception
       helper "doorkeeper/dashboard"
     end

data/app/controllers/doorkeeper/application_metal_controller.rb CHANGED

@@ -2,11 +2,11 @@
 module Doorkeeper
   class ApplicationMetalController <
-    Doorkeeper.configuration.resolve_controller(:base_metal)
+    Doorkeeper.config.resolve_controller(:base_metal)
     include Helpers::Controller
     before_action :enforce_content_type,
-                  if: -> { Doorkeeper.configuration.enforce_content_type }
+                  if: -> { Doorkeeper.config.enforce_content_type }
     ActiveSupport.run_load_hooks(:doorkeeper_metal_controller, self)
   end

data/app/controllers/doorkeeper/applications_controller.rb CHANGED

@@ -19,7 +19,7 @@ module Doorkeeper
     def show
       respond_to do |format|
         format.html
-        format.json { render json: @application, as_owner: true }
+        format.json { render json: @application }
       end
     end
@@ -36,7 +36,7 @@ module Doorkeeper
         respond_to do |format|
           format.html { redirect_to oauth_application_url(@application) }
-          format.json { render json: @application, as_owner: true }
+          format.json { render json: @application }
         end
       else
         respond_to do |format|
@@ -58,7 +58,7 @@ module Doorkeeper
         respond_to do |format|
           format.html { redirect_to oauth_application_url(@application) }
-          format.json { render json: @application, as_owner: true }
+          format.json { render json: @application }
         end
       else
         respond_to do |format|

data/app/controllers/doorkeeper/authorizations_controller.rb CHANGED

@@ -45,7 +45,7 @@ module Doorkeeper
       AccessToken.matching_token_for(
         pre_auth.client,
         current_resource_owner.id,
-        pre_auth.scopes
+        pre_auth.scopes,
       )
     end
@@ -54,7 +54,7 @@ module Doorkeeper
         if Doorkeeper.configuration.api_only
           render(
             json: { status: :redirect, redirect_uri: auth.redirect_uri },
-            status: auth.status
+            status: auth.status,
           )
         else
           redirect_to auth.redirect_uri

data/app/controllers/doorkeeper/authorized_applications_controller.rb CHANGED

@@ -9,20 +9,20 @@ module Doorkeeper
       respond_to do |format|
         format.html
-        format.json { render json: @applications, current_resource_owner: current_resource_owner }
+        format.json { render json: @applications }
       end
     end
     def destroy
       Application.revoke_tokens_and_grants_for(
         params[:id],
-        current_resource_owner
+        current_resource_owner,
       )
       respond_to do |format|
         format.html do
           redirect_to oauth_authorized_applications_url, notice: I18n.t(
-            :notice, scope: %i[doorkeeper flash authorized_applications destroy]
+            :notice, scope: %i[doorkeeper flash authorized_applications destroy],
           )
         end

data/gemfiles/rails_5_0.gemfile CHANGED

@@ -6,9 +6,9 @@ gem "rails", "~> 5.0.0"
 gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
 gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
 gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
-gem "rspec-rails", branch: "4-0-dev", git: "https://github.com/rspec/rspec-rails.git"
+gem "rspec-rails", "4.0.0.beta3"
 gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
-gem "rubocop", "~> 0.66"
+gem "rubocop", "~> 0.75"
 gem "rubocop-performance"
 gem "bcrypt", "~> 3.1", require: false
 gem "activerecord-jdbcsqlite3-adapter", platform: :jruby

data/gemfiles/rails_5_1.gemfile CHANGED

@@ -6,9 +6,9 @@ gem "rails", "~> 5.1.0"
 gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
 gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
 gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
-gem "rspec-rails", branch: "4-0-dev", git: "https://github.com/rspec/rspec-rails.git"
+gem "rspec-rails", "4.0.0.beta3"
 gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
-gem "rubocop", "~> 0.66"
+gem "rubocop", "~> 0.75"
 gem "rubocop-performance"
 gem "bcrypt", "~> 3.1", require: false
 gem "activerecord-jdbcsqlite3-adapter", platform: :jruby

data/gemfiles/rails_5_2.gemfile CHANGED

@@ -6,9 +6,9 @@ gem "rails", "~> 5.2.0"
 gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
 gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
 gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
-gem "rspec-rails", branch: "4-0-dev", git: "https://github.com/rspec/rspec-rails.git"
+gem "rspec-rails", "4.0.0.beta3"
 gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
-gem "rubocop", "~> 0.66"
+gem "rubocop", "~> 0.75"
 gem "rubocop-performance"
 gem "bcrypt", "~> 3.1", require: false
 gem "activerecord-jdbcsqlite3-adapter", platform: :jruby

data/gemfiles/rails_6_0.gemfile CHANGED

@@ -6,9 +6,9 @@ gem "rails", "~> 6.0.0"
 gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
 gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
 gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
-gem "rspec-rails", branch: "4-0-dev", git: "https://github.com/rspec/rspec-rails.git"
+gem "rspec-rails", "4.0.0.beta3"
 gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
-gem "rubocop", "~> 0.66"
+gem "rubocop", "~> 0.75"
 gem "rubocop-performance"
 gem "bcrypt", "~> 3.1", require: false
 gem "activerecord-jdbcsqlite3-adapter", platform: :jruby

data/gemfiles/rails_master.gemfile CHANGED

@@ -6,9 +6,9 @@ gem "rails", git: "https://github.com/rails/rails"
 gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
 gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
 gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
-gem "rspec-rails", branch: "4-0-dev", git: "https://github.com/rspec/rspec-rails.git"
+gem "rspec-rails", "4.0.0.beta3"
 gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
-gem "rubocop", "~> 0.66"
+gem "rubocop", "~> 0.75"
 gem "rubocop-performance"
 gem "bcrypt", "~> 3.1", require: false
 gem "activerecord-jdbcsqlite3-adapter", platform: :jruby

data/lib/doorkeeper.rb CHANGED

@@ -38,10 +38,9 @@ require "doorkeeper/oauth/authorization_code_request"
 require "doorkeeper/oauth/refresh_token_request"
 require "doorkeeper/oauth/password_access_token_request"
-require "doorkeeper/oauth/client_credentials/validation"
+require "doorkeeper/oauth/client_credentials/validator"
 require "doorkeeper/oauth/client_credentials/creator"
 require "doorkeeper/oauth/client_credentials/issuer"
-require "doorkeeper/oauth/client_credentials/validation"
 require "doorkeeper/oauth/client/credentials"
 require "doorkeeper/oauth/client_credentials_request"
@@ -85,7 +84,7 @@ require "doorkeeper/orm/active_record"
 # Main Doorkeeper namespace.
 #
 module Doorkeeper
-  def self.authenticate(request, methods = Doorkeeper.configuration.access_token_methods)
+  def self.authenticate(request, methods = Doorkeeper.config.access_token_methods)
     OAuth::Token.authenticate(request, *methods)
   end
 end

data/lib/doorkeeper/config.rb CHANGED

@@ -11,36 +11,40 @@ module Doorkeeper
     end
   end
-  def self.configure(&block)
-    @config = Config::Builder.new(&block).build
-    setup_orm_adapter
-    setup_orm_models
-    setup_application_owner if @config.enable_application_owner?
-    @config
-  end
+  class << self
+    def configure(&block)
+      @config = Config::Builder.new(&block).build
+      setup_orm_adapter
+      setup_orm_models
+      setup_application_owner if @config.enable_application_owner?
+      @config
+    end
-  def self.configuration
-    @config || (raise MissingConfiguration)
-  end
+    def configuration
+      @config || (raise MissingConfiguration)
+    end
-  def self.setup_orm_adapter
-    @orm_adapter = "doorkeeper/orm/#{configuration.orm}".classify.constantize
-  rescue NameError => e
-    raise e, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.strip_heredoc
-      [doorkeeper] ORM adapter not found (#{configuration.orm}), or there was an error
-      trying to load it.
+    alias config configuration
-      You probably need to add the related gem for this adapter to work with
-      doorkeeper.
-    ERROR_MSG
-  end
+    def setup_orm_adapter
+      @orm_adapter = "doorkeeper/orm/#{configuration.orm}".classify.constantize
+    rescue NameError => e
+      raise e, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.strip_heredoc
+        [doorkeeper] ORM adapter not found (#{configuration.orm}), or there was an error
+        trying to load it.
-  def self.setup_orm_models
-    @orm_adapter.initialize_models!
-  end
+        You probably need to add the related gem for this adapter to work with
+        doorkeeper.
+      ERROR_MSG
+    end
+    def setup_orm_models
+      @orm_adapter.initialize_models!
+    end
-  def self.setup_application_owner
-    @orm_adapter.initialize_application_owner!
+    def setup_application_owner
+      @orm_adapter.initialize_application_owner!
+    end
   end
   class Config
@@ -120,7 +124,7 @@ module Doorkeeper
       def use_refresh_token(enabled = true, &block)
         @config.instance_variable_set(
           :@refresh_token_enabled,
-          block || enabled
+          block || enabled,
         )
       end
@@ -140,6 +144,14 @@ module Doorkeeper
         @config.instance_variable_set(:@token_reuse_limit, percentage)
       end
+      # TODO: maybe make it more generic for other flows too?
+      # Only allow one valid access token obtained via client credentials
+      # per client. If a new access token is obtained before the old one
+      # expired, the old one gets revoked (disabled by default)
+      def revoke_previous_client_credentials_token
+        @config.instance_variable_set(:@revoke_previous_client_credentials_token, true)
+      end
       # Use an API mode for applications generated with --api argument
       # It will skip applications controller, disable forgery protection
       def api_only
@@ -195,8 +207,7 @@ module Doorkeeper
       def configure_secrets_for(type, using:, fallback:)
         raise ArgumentError, "Invalid type #{type}" if %i[application token].exclude?(type)
-        @config.instance_variable_set(:"@#{type}_secret_strategy",
-                                      using.constantize)
+        @config.instance_variable_set(:"@#{type}_secret_strategy", using.constantize)
         if fallback.nil?
           return
@@ -204,8 +215,7 @@ module Doorkeeper
           fallback = "::Doorkeeper::SecretStoring::Plain"
         end
-        @config.instance_variable_set(:"@#{type}_secret_fallback_strategy",
-                                      fallback.constantize)
+        @config.instance_variable_set(:"@#{type}_secret_fallback_strategy", fallback.constantize)
       end
     end
@@ -215,7 +225,7 @@ module Doorkeeper
            as: :authenticate_resource_owner,
            default: (lambda do |_routes|
              ::Rails.logger.warn(
-               I18n.t("doorkeeper.errors.messages.resource_owner_authenticator_not_configured")
+               I18n.t("doorkeeper.errors.messages.resource_owner_authenticator_not_configured"),
              )
              nil
@@ -225,7 +235,7 @@ module Doorkeeper
            as: :authenticate_admin,
            default: (lambda do |_routes|
              ::Rails.logger.warn(
-               I18n.t("doorkeeper.errors.messages.admin_authenticator_not_configured")
+               I18n.t("doorkeeper.errors.messages.admin_authenticator_not_configured"),
              )
              head :forbidden
@@ -234,7 +244,7 @@ module Doorkeeper
     option :resource_owner_from_credentials,
            default: (lambda do |_routes|
              ::Rails.logger.warn(
-               I18n.t("doorkeeper.errors.messages.credential_flow_not_configured")
+               I18n.t("doorkeeper.errors.messages.credential_flow_not_configured"),
              )
              nil
@@ -258,7 +268,6 @@ module Doorkeeper
     option :active_record_options,          default: {}
     option :grant_flows,                    default: %w[authorization_code client_credentials]
     option :handle_auth_errors,             default: :render
-    option :token_lookup_batch_size,        default: 10_000
     # Allows to customize OAuth grant flows that +each+ application support.
     # You can configure a custom block (or use a class respond to `#call`) that must
@@ -348,6 +357,15 @@ module Doorkeeper
     option :base_metal_controller,
            default: "ActionController::API"
+    option :access_token_class,
+           default: "Doorkeeper::AccessToken"
+    option :access_grant_class,
+           default: "Doorkeeper::AccessGrant"
+    option :application_class,
+           default: "Doorkeeper::Application"
     # Allows to set blank redirect URIs for Applications in case
     # server configured to use URI-less grant flows.
     #
@@ -387,9 +405,7 @@ module Doorkeeper
              end
            end)
-    attr_reader :api_only,
-                :enforce_content_type,
-                :reuse_access_token,
+    attr_reader :reuse_access_token,
                 :token_secret_fallback_strategy,
                 :application_secret_fallback_strategy
@@ -400,6 +416,18 @@ module Doorkeeper
       validate_secret_strategies
     end
+    def access_token_model
+      @access_token_model ||= access_token_class.constantize
+    end
+    def access_grant_model
+      @access_grant_model ||= access_grant_class.constantize
+    end
+    def application_model
+      @application_model ||= application_class.constantize
+    end
     def api_only
       @api_only ||= false
     end
@@ -420,6 +448,10 @@ module Doorkeeper
       @token_reuse_limit ||= 100
     end
+    def revoke_previous_client_credentials_token
+      @revoke_previous_client_credentials_token || false
+    end
     def resolve_controller(name)
       config_option = public_send(:"#{name}_controller")
       controller_name = if config_option.respond_to?(:call)
@@ -547,7 +579,7 @@ module Doorkeeper
       ::Rails.logger.warn(
         "You have configured both reuse_access_token " \
         "AND strategy strategy '#{strategy}' that cannot restore tokens. " \
-        "This combination is unsupported. reuse_access_token will be disabled"
+        "This combination is unsupported. reuse_access_token will be disabled",
       )
       @reuse_access_token = false
     end
@@ -565,7 +597,7 @@ module Doorkeeper
       ::Rails.logger.warn(
         "You have configured an invalid value for token_reuse_limit option. " \
-        "It will be set to default 100"
+        "It will be set to default 100",
       )
       @token_reuse_limit = 100
     end