doorkeeper is an OAuth 2 provider for Rails and Grape.
Affected versions of this package are vulnerable to Insufficient Token Expiration. All OAuth applications using
non-confidential authentication when interacting with Doorkeeper would attempt to authenticate the public OAuth client as if it were a
confidential app. This would cause the token to not be revoked from the endpoint, and the token could be used for the remainder of that token's lifetime.
Upgrade to version 4.4.0, 5.0.0.rc2 or higher