0.7.2 (14/12/2021)

Features

Token revocation was only possible when using the client ID and Secret, to aid “logout” functionality from client applications. Although the admin interface (available via r.oauth_applications) displayed a “Revoke” button alongside tokens in the list page, this was not working. The RFC does allow for the use case of application administrators being able to manually revoke tokens (as a result of client support, for example), so this functionality was enabled (only for the oauth application owner, for now).

Bugfixes

Default scope usage related bugfixes:

OAuth Applications Management fixes: