I need my oauth grants/tokens to belong to organizations and not to individuals. Could there be any problem with the internals of this library if applications and grants/tokens use different schemas as resource_owner?

No there's no problem. The application owner is distinctly different from the resource owner of grants/tokens (it's also called owner rather than resource_owner for this reason).

Good to know. I was mostly wondering because all schemas use the resource_owner configuration for its foreign key field.

the application_owner: App.Users.User configuration option seems to be designed for this. Problem is, I don't think it's actually used anywhere.

Yea, I get the following error when I try to supply a different module as the owner for an Application

(ArgumentError) expected changeset data to be a Elixir.Clockk.Accounts.Customer struct, got: %Clockk.Accounts.IntegrationListing{...

Here is my config:

config :clockk, ExOauth2Provider,
  repo: Clockk.Repo,
  resource_owner: Clockk.Accounts.Customer,
  application_owner: Clockk.Accounts.IntegrationListing

By looking through the code base, I am not seeing where the application_owner config option is being used. It seems like the value for resource_owner gets used in the Application changeset.

Closed in #73. Sorry for the delay answering this, got busy over the holidays and first had time to get back to this now.

I've updated the PR to support this type of override:

defmodule MyApp.OauthApplications.OauthApplication do
  use Ecto.Schema
  use ExOauth2Provider.Applications.Application

  schema "oauth_applications" do
    belongs_to :owner, MyApp.Users.User

    application_fields()

    timestamps()
  end
end

Can you increase the version to 0.5.6 so that I don't have to reference the git repo in my list of dependencies? I think Hex has your package cached based on the version number. Otherwise, this works great! Thanks!

Yeah, v0.5.6 released 🚀