rodauth-oauth 0.8.2 has been released.
Project page: https://gitlab.com/honeyryderchuck/rodauth-oauth
rodauth-oauth is an implementation of the OAuth 2.0 framework on top of
rodauth to build OAuth authorization servers.
# as simple as
It provides the following features:
* Authorization grant flow;
* Access Token generation;
* Access Token refresh;
* Token revocation;
* Implicit grant (off by default);
* Access Type-enabled Grants (online and offline);
* OAuth application and token management dashboards (optional);
* Rails support (through rodauth-rails);
* Implementation of PKCE by OAuth Public Clients (
* Implementation of grants using "access_type" and "approval_prompt"
([similar to what Google OAuth 2.0 API does](
* Store token/refresh token hashes in the database, instead of the "plain"
* Client secret hashed by default, and provided by the application owner;
* usage of client secret for authorizing the generation of tokens, as the
spec mandates (and refraining from them when doing PKCE).