Last Update: 2024-05-20 13:30:12 +0000

0.7.2 (14/12/2021)


  • Revoking tokens from the OAuth Application management interface (@muellerj)

Token revocation was only possible when using the client ID and Secret, to aid “logout” functionality from client applications. Although the admin interface (available via r.oauth_applications) displayed a “Revoke” button alongside tokens in the list page, this was not working. The RFC does allow for the use case of application administrators being able to manually revoke tokens (as a result of client support, for example), so this functionality was enabled (only for the oauth application owner, for now).


Default scope usage related bugfixes:

  • Improved default scope conversion to avoid nested arrays (@muellerj);

  • Authorize form shows a disabled checkbox and POST’s no scope when default scope is to be used (@muellerj);

  • example default scope fixed for example authorization server (should be string) (@muellerj);

  • several param fixes in view templates (@muellerj);

OAuth Applications Management fixes:

  • Access to OAuth Application page is now restricted to app owner;

  • OAuth Applications page now lists the only the applications owned by the logged in user;