All Versions
Latest Version
Avg Release Cycle
61 days
Latest Release
961 days ago

Changelog History
Page 1

  • v0.15.2 Changes

    October 18, 2020

    ๐Ÿ›  Fixed httpx authentication bug via #283

  • v0.15.1 Changes

    October 14, 2020

    Backward compitable fix for using JWKs in JWT, via #280.

  • v0.15 Changes

    October 10, 2020

    ๐Ÿš€ This is the last release before v1.0. In this release, we added more RFCs
    ๐Ÿ”จ implementations and did some refactors for JOSE:

    • RFC8037: CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE)
    • ๐Ÿ–จ RFC7638: JSON Web Key (JWK) Thumbprint

    ๐Ÿ›  We also fixed bugs for integrations:

    • ๐Ÿ›  Fixed support for HTTPX>=0.14.3
    • โž• Added OAuth clients of HTTPX back via #270
    • ๐Ÿ›  Fixed parallel token refreshes for HTTPX async OAuth 2 client
    • Raise OAuthError when callback contains errors via #275

    ๐Ÿ’ฅ Breaking Change :

    1. The parameter algorithms in JsonWebSignature and JsonWebEncryption
      are changed. Usually you don't have to care about it since you won't use it directly. ๐Ÿ”จ 2. Whole JSON Web Key is refactored, please check JSON Web Key (JWK)
  • v0.14.3 Changes

    May 18, 2020
    • ๐Ÿ›  Fix HTTPX integration via #232 and #233.
    • โž• Add "bearer" as default token type for OAuth 2 Client.
    • 0๏ธโƒฃ JWS and JWE don't validate private headers by default.
    • โœ‚ Remove none auth method for authorization code by default.
    • ๐Ÿ‘ Allow usage of user provided code_verifier via #216.
    • โž• Add introspect_token method on OAuth 2 Client via #224.
  • v0.14.2 Changes

    May 06, 2020
    • ๐Ÿ›  Fix OAuth 1.0 client for starlette.
    • ๐Ÿ‘ Allow leeway option in client parse ID token via #228.
    • Fix OAuthToken when expires_at or expires_in is 0 via #227.
    • ๐Ÿ›  Fix auto refresh token logic.
    • ๐Ÿ“‡ Load server metadata before request.
  • v0.14.1

    February 12, 2020
  • v0.14 Changes

    February 11, 2020

    ๐Ÿš€ In this release, Authlib has introduced a new way to write framework integrations for clients.

    ๐Ÿ› Bug fixes and enhancements in this release:

    • ๐Ÿ›  Fix HTTPX integrations due to HTTPX breaking changes
    • ๐Ÿ›  Fix ES algorithms for JWS
    • ๐Ÿ‘ Allow user given nonce via #180.
    • ๐Ÿ›  Fix OAuth errors get_headers leak.
    • ๐Ÿ›  Fix code_verifier via #165.

    ๐Ÿ’ฅ Breaking Change : drop sync OAuth clients of HTTPX.

  • v0.13 Changes

    November 11, 2019

    ๐Ÿš€ This is the release that makes Authlib one more step close to v1.0. We did a huge refactor on our integrations. Authlib believes in monolithic design, it enables us to design the API to integrate with every framework in the best way. In this release, Authlib has re-organized the folder structure, moving every integration into the integrations folder. It makes Authlib to add more integrations easily in the future.

    RFC implementations and updates in this release:

    • RFC7591: OAuth 2.0 Dynamic Client Registration Protocol
    • RFC8628: OAuth 2.0 Device Authorization Grant

    ๐Ÿ†• New integrations and changes in this release:

    • ๐Ÿ”€ HTTPX OAuth 1.0 and OAuth 2.0 clients in both sync and async way
    • Starlette OAuth 1.0 and OAuth 2.0 client registry
    • ๐Ÿšš The experimental authlib.client.aiohttp has been removed

    ๐Ÿ› Bug fixes and enhancements in this release:

    • โž• Add custom client authentication methods for framework integrations.
    • Refresh token automatically for client_credentials grant type.
    • โœจ Enhancements on JOSE, specifying alg values easily for JWS and JWE.
    • โž• Add PKCE into requests OAuth2Session and HTTPX OAuth2Client.

    ๐Ÿ—„ Deprecate Changes : find how to solve the deprecate issues via

  • v0.12.1 Changes

    September 12, 2019

    ๐Ÿ›  This is a bug fix version. Here are the fixes:

    ๐Ÿ‘ 1. ensure client.get_allowed_scope on every grant types

    1. add request.client before validate_requested_scope
  • v0.12 Changes

    September 03, 2019

    Released on Sep 3, 2019.

    ๐Ÿ’ฅ Breaking Change : Authlib Grant system has been redesigned. If you
    ๐Ÿ“š are creating OpenID Connect providers, please read the new documentation
    for OpenID Connect.

    โšก๏ธ Important Update : Django OAuth 2.0 server integration is ready now.
    You can create OAuth 2.0 provider and OpenID Connect 1.0 with Django

    ๐Ÿš€ RFC implementations and updates in this release:

    • ๐Ÿ›  RFC6749: Fixed scope validation, omit the invalid scope
    • RFC7521: Added a common AssertionClient for the assertion framework
    • RFC7662: Added IntrospectionToken for introspection token endpoint
    • OpenID Connect Discover: Added discovery model based on RFC8414

    ๐Ÿš€ Refactor and bug fixes in this release:

    • ๐Ÿ’ฅ Breaking Change : add RefreshTokenGrant.revoke_old_credential method
    • Rewrite lots of code for authlib.client, no breaking changes
    • ๐Ÿ”จ Refactor OAuth2Request, use explicit query and form
    • ๐Ÿ”„ Change requests to optional dependency
    • โž• Add AsyncAssertionClient for aiohttp

    ๐Ÿ—„ Deprecate Changes : find how to solve the deprecate issues via

    Code Changes: v0.11...v0.12