Emelia Smith

I mean, create a migration that can be applied (like adding PKCE) that drops the not-null constrain on client_secret, since it's currently marked as not-null, and we can say that...

In [this Mastodon pull request](https://github.com/mastodon/mastodon/pull/31129), I've worked around this by extending Doorkeeper's `Doorkeeper::OAuth::PreAuthorization`

@nbulaj would you be interested in a pull request to add said `code_challenge_methods_supported` configuration option?

(Now I just need to figure out #1721 such that I can contribute this feature change)

I'm saying I can't get the tests passing in either local environment OR devcontainer, that means I cannot work on the doorkeeper-gem codebase, because I cannot get the tests passing...

Have now been able to open a PR for this: #1735

Looks like the failures for JSON.parse are due to: https://guides.rubyonrails.org/configuring.html#actiondispatch-hostauthorization So we likely need something like `Rails.application.config.hosts = [ 'www.example.com' ]`, as all the tests are using that, and the...

With this diff I was able to significantly reduce the failures down to 1196 examples, 6 failures: ```diff diff --git a/spec/dummy/config/environments/development.rb b/spec/dummy/config/environments/development.rb index 0702a8b1..87d65102 100644 --- a/spec/dummy/config/environments/development.rb +++ b/spec/dummy/config/environments/development.rb @@...

Whilst docker-based development experience isn't fantastic (rebuilds are quiet slow) the changes in #1732 do at least unblock me, and if those were merged, then we could consider this closed.

I don't think this change alone would be enough, as often with hosts that require SSL mode, you need to pass not just `ssl.rejectUnauthorized` as `false` but also need to...