I am baffled by the fact that Doorkeeper does not provide a utility method to get a list of Doorkeeper::Application that the resource owner has authorized. This information is needed for the very common use case of providing the user with a list of authorized applications that they can revoke consent for.
The method to revoke all access tokens for a specific application is:
Doorkeeper::AccessToken.revoke_all_for(application_id, resource_owner)
To get the application ids of currently authorized applications I have to do this:
application_ids = Doorkeeper::AccessToken.by_resource_owner(resource_owner).where(revoked_at: nil).pluck(:application_id).uniq
but am not sure this is enough since Doorkeeper allows the revoked_at to be set in the future and the above query might miss some applications.