All Versions
44
Latest Version
Avg Release Cycle
78 days
Latest Release
163 days ago
Changelog History
Page 3
Changelog History
Page 3
-
v1.1.0 Changes
April 13, 2018- ๐ Notice: The Django OAuth Toolkit project is now hosted by JazzBand.
- Compatibility: Django 1.11 is the new minimum required version. Django 1.10 is no longer supported.
- Compatibility: This will be the last release to support Django 1.11 and Python 2.7.
- ๐ New feature: Option for RFC 7662 external AS that uses HTTP Basic Auth.
- ๐ New feature: Individual applications may now override the
ALLOWED_REDIRECT_URI_SCHEMES
setting by returning a list of allowed redirect uri schemes inApplication.get_allowed_schemes()
. - ๐ New feature: The new setting
ERROR_RESPONSE_WITH_SCOPES
can now be set to True to include required scopes when DRF authorization fails due to improper scopes. - ๐ New feature: The new setting
REFRESH_TOKEN_GRACE_PERIOD_SECONDS
controls a grace period during which refresh tokens may be re-used. - ๐ฆ An
app_authorized
signal is fired when a token is generated.
-
v1.0.0 Changes
June 07, 2017- ๐ New feature: AccessToken, RefreshToken and Grant models are now swappable.
- ๐ #477: New feature: Add support for RFC 7662 (IntrospectTokenView, introspect scope)
- Compatibility: Django 1.10 is the new minimum required version
- Compatibility: Django 1.11 is now supported
- Backwards-incompatible: The
oauth2_provider.ext.rest_framework
module has been moved tooauth2_provider.contrib.rest_framework
- #177: Changed
id
field on Application, AccessToken, RefreshToken and Grant to BigAutoField (bigint/bigserial) - โก๏ธ #321: Added
created
andupdated
auto fields to Application, AccessToken, RefreshToken and Grant - #476: Disallow empty redirect URIs
- ๐ Fixed bad
url
parameter in some error responses. - ๐ Django 2.0 compatibility fixes.
- The dependency on django-braces has been dropped.
- ๐ The oauthlib dependency is no longer pinned.
-
v0.12.0 Changes
February 24, 2017- ๐ New feature: Class-based scopes backends. Listing scopes, available scopes and default scopes
is now done through the class that the
SCOPES_BACKEND_CLASS
setting points to. By default, this is set tooauth2_provider.scopes.SettingsScopes
which implements the legacy settings-based scope behaviour. No changes are necessary. - โฌ๏ธ Dropped support for Python 3.2 and Python 3.3, added support for Python 3.6
- ๐ Support for the
scopes
query parameter, deprecated in 0.6.1, has been dropped - ๐ #448: Added support for customizing applications' allowed grant types
- #141: The
is_usable(request)
method on the Application model can be overridden to dynamically enable or disable applications. - #434: Relax URL patterns to allow for UUID primary keys
- ๐ New feature: Class-based scopes backends. Listing scopes, available scopes and default scopes
is now done through the class that the
-
v0.11.0 Changes
- #315: AuthorizationView does not overwrite requests on get
- ๐ #425: Added support for Django 1.10
- #396: added an IsAuthenticatedOrTokenHasScope Permission
- ๐ #357: Support multiple-user clients by allowing User to be NULL for Applications
- #389: Reuse refresh tokens if enabled.
-
v0.10.0 Changes
December 14, 2015- ๐ #322: dropping support for python 2.6 and django 1.4, 1.5, 1.6
- ๐ #310: Fixed error that could occur sometimes when checking validity of incomplete AccessToken/Grant
- 0๏ธโฃ #333: Added possibility to specify the default list of scopes returned when scope parameter is missing
- #325: Added management views of issued tokens
- #249: Added a command to clean expired tokens
- #323: Application registration view uses custom application model in form class
- #299:
server_class
is now pluggable through Django settings - #309: Add the py35-django19 env to travis
- #308: Use compact syntax for tox envs
- #306: Django 1.9 compatibility
- #288: Put additional information when generating token responses
- ๐ #297: Fixed doc about SessionAuthenticationMiddleware
- #273: Generic read write scope by resource
-
v0.9.0 Changes
July 28, 2015oauthlib_backend_class
is now pluggable through Django settings- ๐ #127:
application/json
Content-Type is now supported usingJSONOAuthLibCore
- ๐ #238: Fixed redirect uri handling in case of error
- #229: Invalidate access tokens when getting a new refresh token
- โ added support for oauthlib 1.0
-
v0.8.2 Changes
June 25, 2015- ๐ Fix the migrations to be two-step and allow upgrade from 0.7.2
-
v0.8.1 Changes
April 27, 2015- ๐ South migrations fixed. Added new django migrations.
-
v0.8.0 Changes
March 27, 2015- ๐ Several docs improvements and minor fixes
- ๐ #185: fixed vulnerabilities on Basic authentication
- #173: ProtectResourceMixin now allows OPTIONS requests
- Fixed
client_id
andclient_secret
characters set - #169: hide sensitive informations in error emails
- #161: extend search to all token types when revoking a token
- #160: return empty response on successful token revocation
- #157: skip authorization form with
skip_authorization_completely
class field - #155: allow custom uri schemes
- fixed
get_application_model
on Django 1.7 - ๐ fixed non rotating refresh tokens
- ๐ #137: fixed base template
- customized
client_secret
length - #38: create access tokens not bound to a user instance for client credentials flow
-
v0.7.2 Changes
July 02, 2014- ๐ Don't pin oauthlib