Update dependency doorkeeper-openid_connect to v1.8.9

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
doorkeeper-openid_connect	1.6.2 -> 1.8.9

---

Release Notes

doorkeeper-gem/doorkeeper-openid_connect (doorkeeper-openid_connect)

v1.8.9

• Support Doorkeeper 5.7

v1.8.8

Compare Source

• [#​201] Add back typ=JWT to header

v1.8.7

Compare Source

• [#​198] Fully qualify JWT::JWK::Thumbprint constant with :: (thanks to @​stanhu)

v1.8.6

Compare Source

• [#​194] Default to RFC 7638 kid fingerprint generation (thanks to @​stanhu).

v1.8.5

Compare Source

• [#​186] Simplify gem configuration reusing Doorkeeper configuration option DSL (thanks to @​nbulaj).
• [#​182] Drop support for Ruby 2.6 and Rails 5 (thanks to @​sato11).
• [#​188] Fix dookeeper-jwt compatibility (thanks to @​zavan).

v1.8.4

Compare Source

Note that v1.8.4 changed the default kid fingerprint generation from RFC 7638 to a format
based on the SHA256 digest of the key element. To restore the previous behavior, upgrade to v1.8.6.

• [#​177] Replace json-jwt with ruby-jwt to align with doorkeeper-jwt (thanks to @​kristof-mattei).
• [#​185] Don't call active_record_options for Doorkeeper >= 5.6.3 (thanks to @​zavan).
• [#​183] Stop render consent screen when user is not logged-in (thanks to @​nov).

v1.8.3

Compare Source

• [#​180] Add PKCE support to OpenID discovery endpoint (thanks to @​stanhu).

v1.8.2

Compare Source

• [#​168] Allow to use custom doorkeeper access grant model (thanks @​nov).
• [#​170] Controllers inherit Doorkeeper::AppliactionMetalController (thanks @​sato11).
• [#​171] Correctly override AuthorizationsController params (thanks to @​nbulaj).

v1.8.1

Compare Source

• [#​153] Fix ArgumentError caused by client credential validation introduced in Doorkeeper 5.5.1 (thanks to @​CircumnavigatingFlatEarther)
• [#​161] Fix .well-known/openid-connect issuer (respond to block if provided) (thanks to @​fkowal).
• [#​152] Expose oauth-authorization-server in routes (thanks to @​mitar)

v1.8.0

Compare Source

No changes from v1.8.0-rc1.

v1.7.5

Compare Source

Changes

• [#​126] Add discovery_url_options option for discovery endpoints URL generation (thanks to @​phlegx)

Bugfixes

• [#​123] Remove reference to ApplicationRecord (thanks to @​wheeyls)
• [#​124] Clone doorkeeper.grant_flows array before appending 'refresh_token' (thanks to @​davidbasalla)
• [#​129] Avoid to use the config alias while supporting Doorkeeper 5.2 (thanks to @​kymmt90)

v1.7.4

Compare Source

• [#​119] Execute end_session_endpoint in the controllers context (thanks to @​joeljunstrom)

v1.7.3

Compare Source

• [#​111] Add configuration callback select_account_for_resource_owner to support the prompt=select_account param
• [#​112] Add grant_types_supported to discovery response
• [#​114] Fix user_info endpoint when used in api mode
• [#​116] Support Doorkeeper API (> 5.4) for registering custom grant flows.
• [#​117] Fix migration template to use Rails migrations DSL for association.
• [#​118] Use fragment urls for implicit flow error redirects (thanks to @​joeljunstrom)

v1.7.2

Compare Source

Changes

• [#​108] Add support for Doorkeeper 5.4
• [#​103] Add support for end_session_endpoint
• [#​109] Test against Ruby 2.7 & Rails 6.x

v1.7.1

Compare Source

Upgrading

This version adds on_delete: :cascade to the migration template for the oauth_openid_requests table, in order to fix #​82.

For existing installations, you should add a new migration in your application to drop the existing foreign key and replace it with a new one with on_delete: :cascade included. Depending on the database you're using and the size of your application this might bring up some concerns, but in most cases the following should be sufficient:

class UpdateOauthOpenIdRequestsForeignKeys < ActiveRecord::Migration[5.2]
  def up
    remove_foreign_key(:oauth_openid_requests, column: :access_grant_id)
    add_foreign_key(:oauth_openid_requests, :oauth_access_grants, column: :access_grant_id, on_delete: :cascade)
  end

  def down
    remove_foreign_key(:oauth_openid_requests, column: :access_grant_id)
    add_foreign_key(:oauth_openid_requests, :oauth_access_grants, column: :access_grant_id)
  end
end

Bugfixes

• [#​96] Bump json-jwt because of CVE-2019-18848 (thanks to @​leleabhinav)
• [#​97] Fixes for compatibility with Doorkeeper 5.2 (thanks to @​linhdangduy)
• [#​98] Cascade deletes from oauth_openid_requests to oauth_access_grants (thanks to @​manojmj92)
• [#​99] Fix audience claim when application is not set on access token (thanks to @​ionut998)

v1.7.0

Compare Source

Changes

• [#​85] This gem now requires Doorkeeper 5.2, Rails 5, and Ruby 2.4

v1.6.3

Compare Source

Changes

• [#​81] Allow silent authentication without user consent (thanks to @​jarosan)
• Don't support Doorkeeper >= 5.2 due to breaking changes

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled because a matching PR was automerged previously.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Code Coverage Report: Only Changed Files listed

Package	Coverage
Overall Coverage	🟢 85%

Minimum allowed coverage is 0%, this run produced 85%