Migration from Old Versions

The intent of this document is to make migration of breaking changes as easy as possible. This page follows the same convention as the core Doorkeeper gem.

Please also check the CHANGELOG.md for a full list of changes before finalizing the upgrade process.

From 1.9.x to 1.10.x

Breaking changes:

expires_in removed from pure id_token response (#254)

When using the Implicit Flow with response_type=id_token, the response body and redirect URI no longer include the expires_in parameter.

Per OpenID Connect Core 1.0 §3.2.2.5, expires_in represents the Access Token lifetime — but no access token is issued in a pure id_token response, so this value was always semantically incorrect.

Who is affected?

Only clients using response_type=id_token. The response_type=id_token token response is not affected — expires_in is still returned there alongside the access token.

What to do:

If your client was reading expires_in from a pure id_token response (e.g. to determine the ID Token’s lifetime), switch to the exp claim inside the ID Token itself, which is the authoritative expiration value per OIDC Core §2.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Migration from Old Versions

Migration from Old Versions

From 1.9.x to 1.10.x

Breaking changes:

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally