All Versions
Latest Version
Avg Release Cycle
78 days
Latest Release
184 days ago

Changelog History
Page 1

  • v1.3.2

    March 24, 2020

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixes: 1.3.1 inadvertently uploaded to pypi with an extra migration (0003...) from a dev branch.
  • v1.3.1

    March 23, 2020

    โž• Added

    • ๐Ÿ‘ #725: HTTP Basic Auth support for introspection (Fix issue #709)

    ๐Ÿ›  Fixed

    • โช #812: Reverts #643 pass wrong request object to authenticate function.
    • ๐Ÿ›  Fix concurrency issue with refresh token requests (#810)
    • ๐Ÿ“š #817: Reverts #734 tutorial documentation error.
  • v1.3.0

    March 02, 2020

    From the CHANGELOG:

    [1.3.0] 2020-03-02

    โž• Added

    • โž• Add support for Python 3.7 & 3.8
    • โž• Add support for Django>=2.1,<3.1
    • โž• Add requirement for oauthlib>=3.0.1
    • โž• Add support for Proof Key for Code Exchange (PKCE, RFC 7636).
    • โž• Add support for custom token generators (e.g. to create JWT tokens).
    • โž• Add new OAUTH2_PROVIDER settings:
      • ACCESS_TOKEN_GENERATOR to override the default access token generator.
      • REFRESH_TOKEN_GENERATOR to override the default refresh token generator.
      • EXTRA_SERVER_KWARGS options dictionary for oauthlib's Server class.
      • PKCE_REQUIRED to require PKCE.
    • โž• Add createapplication management command to create an application.
    • โž• Add id in toolkit admin console applications list.
    • โž• Add nonstandard Google support for [urn:ietf:wg:oauth:2.0:oob] redirect_uri
      for Google OAuth2 "manual copy/paste".
      N.B. this feature appears to be deprecated and replaced with methods described in
      RFC 8252: OAuth2 for Native Apps and may be deprecated and/or removed
      ๐Ÿš€ from a future release of Django-oauth-toolkit.

    ๐Ÿ”„ Changed

    • ๐Ÿ”„ Change this change log to use Keep a Changelog format.
    • Backwards-incompatible squashed migrations:
      ๐Ÿš€ If you are currently on a release < 1.2.0, you will need to first install 1.2.0 then migrate before
      โฌ†๏ธ upgrading to >= 1.3.0.
    • ๐Ÿ‘Œ Improved the tutorial.

    โœ‚ Removed

    • โœ‚ Remove support for Python 3.4
    • โœ‚ Remove support for Django<=2.0
    • โœ‚ Remove requirement for oauthlib<3.0

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fix a race condition in creation of AccessToken with external oauth2 server.
    • ๐Ÿ›  Fix several concurrency issues. (#638)
    • ๐Ÿ›  Fix to pass request to django.contrib.auth.authenticate() (#636)
    • ๐Ÿ‘ป Fix missing oauth2_error property exception oauthlib_core.verify_request method raises exceptions in authenticate.
    • ๐Ÿ›  Fix "django.db.utils.NotSupportedError: FOR UPDATE cannot be applied to the nullable side of an outer join" for postgresql.
    • ๐Ÿ›  Fix to return a new refresh token during grace period rather than the recently-revoked one.
    • ๐Ÿ›  Fix a bug in refresh token revocation.
  • v1.2.0

    June 03, 2018
    • Compatibility: Python 3.4 is the new minimum required version.
    • Compatibility: Django 2.0 is the new minimum required version.
    • ๐Ÿ†• New feature: Added TokenMatchesOASRequirements Permissions.
    • โšก๏ธ validators.URIValidator has been updated to match URLValidator behaviour more closely.
    • ๐Ÿšš Moved redirect_uris validation to the application clean() method.
  • v1.1.3

    October 12, 2018
  • v1.1.2

    May 12, 2018
    • Return state with Authorization Denied error (RFC6749 section
    • ๐Ÿ›  Fix a crash with malformed base64 authentication headers
    • ๐Ÿ›  Fix a crash with malformed IPv6 redirect URIs
  • v1.1.1

    May 08, 2018
    • ๐Ÿš‘ Critical: Django OAuth Toolkit 1.1.0 contained a migration that would revoke all existing RefreshTokens (0006_auto_20171214_2232). This release corrects the migration. If you have already ran it in production, please see the following issue for more details:
  • v1.1.0

    April 13, 2018
    • ๐Ÿ”” Notice: The Django OAuth Toolkit project is now hosted by JazzBand.
    • Compatibility: Django 1.11 is the new minimum required version. Django 1.10 is no longer supported.
    • Compatibility: This will be the last release to support Django 1.11 and Python 2.7.
    • ๐Ÿ†• New feature: Option for RFC 7662 external AS that uses HTTP Basic Auth.
    • ๐Ÿ†• New feature: Individual applications may now override the ALLOWED_REDIRECT_URI_SCHEMES setting by returning a list of allowed redirect uri schemes in Application.get_allowed_schemes().
    • ๐Ÿ†• New feature: The new setting ERROR_RESPONSE_WITH_SCOPES can now be set to True to include required scopes when DRF authorization fails due to improper scopes.
    • ๐Ÿ†• New feature: The new setting REFRESH_TOKEN_GRACE_PERIOD_SECONDS controls a grace period during which refresh tokens may be re-used.
    • ๐Ÿšฆ An app_authorized signal is fired when a token is generated.
  • v1.0.0

    June 07, 2017
    • ๐Ÿ†• New feature: AccessToken, RefreshToken and Grant models are now swappable.
    • ๐Ÿ†• #477: New feature: Add support for RFC 7662 (IntrospectTokenView, introspect scope)
    • Compatibility: Django 1.10 is the new minimum required version
    • Compatibility: Django 1.11 is now supported
    • Backwards-incompatible: The oauth2_provider.ext.rest_framework module has been moved to oauth2_provider.contrib.rest_framework
    • #177: Changed id field on Application, AccessToken, RefreshToken and Grant to BigAutoField (bigint/bigserial)
    • โšก๏ธ #321: Added created and updated auto fields to Application, AccessToken, RefreshToken and Grant
    • #476: Disallow empty redirect URIs
    • ๐Ÿ›  Fixed bad url parameter in some error responses.
    • ๐Ÿ›  Django 2.0 compatibility fixes.
    • The dependency on django-braces has been dropped.
    • ๐Ÿ“Œ The oauthlib dependency is no longer pinned.
  • v0.12.0

    February 24, 2017
    • ๐Ÿ†• New feature: Class-based scopes backends. Listing scopes, available scopes and default scopes is now done through the class that the SCOPES_BACKEND_CLASS setting points to. By default, this is set to oauth2_provider.scopes.SettingsScopes which implements the legacy settings-based scope behaviour. No changes are necessary.
    • โฌ‡๏ธ Dropped support for Python 3.2 and Python 3.3, added support for Python 3.6
    • ๐Ÿ‘Œ Support for the scopes query parameter, deprecated in 0.6.1, has been dropped
    • ๐Ÿ‘ #448: Added support for customizing applications' allowed grant types
    • #141: The is_usable(request) method on the Application model can be overridden to dynamically enable or disable applications.
    • #434: Relax URL patterns to allow for UUID primary keys