Avg Release Cycle
184 days ago
- 🛠 Fixes: 1.3.1 inadvertently uploaded to pypi with an extra migration (0003...) from a dev branch.
From the CHANGELOG:
- ➕ Add support for Python 3.7 & 3.8
- ➕ Add support for Django>=2.1,<3.1
- ➕ Add requirement for oauthlib>=3.0.1
- ➕ Add support for Proof Key for Code Exchange (PKCE, RFC 7636).
- ➕ Add support for custom token generators (e.g. to create JWT tokens).
- ➕ Add new
ACCESS_TOKEN_GENERATORto override the default access token generator.
REFRESH_TOKEN_GENERATORto override the default refresh token generator.
EXTRA_SERVER_KWARGSoptions dictionary for oauthlib's Server class.
PKCE_REQUIREDto require PKCE.
- ➕ Add
createapplicationmanagement command to create an application.
- ➕ Add
idin toolkit admin console applications list.
- ➕ Add nonstandard Google support for [urn:ietf:wg:oauth:2.0:oob]
for Google OAuth2 "manual copy/paste".
N.B. this feature appears to be deprecated and replaced with methods described in
RFC 8252: OAuth2 for Native Apps and may be deprecated and/or removed
🚀 from a future release of Django-oauth-toolkit.
- 🔄 Change this change log to use Keep a Changelog format.
- Backwards-incompatible squashed migrations:
🚀 If you are currently on a release < 1.2.0, you will need to first install 1.2.0 then
⬆️ upgrading to >= 1.3.0.
- 👌 Improved the tutorial.
- ✂ Remove support for Python 3.4
- ✂ Remove support for Django<=2.0
- ✂ Remove requirement for oauthlib<3.0
- 🛠 Fix a race condition in creation of AccessToken with external oauth2 server.
- 🛠 Fix several concurrency issues. (#638)
- 🛠 Fix to pass
- 👻 Fix missing
oauth2_errorproperty exception oauthlib_core.verify_request method raises exceptions in authenticate.
- 🛠 Fix "django.db.utils.NotSupportedError: FOR UPDATE cannot be applied to the nullable side of an outer join" for postgresql.
- 🛠 Fix to return a new refresh token during grace period rather than the recently-revoked one.
- 🛠 Fix a bug in refresh token revocation.
- Compatibility: Python 3.4 is the new minimum required version.
- Compatibility: Django 2.0 is the new minimum required version.
- 🆕 New feature: Added TokenMatchesOASRequirements Permissions.
- ⚡️ validators.URIValidator has been updated to match URLValidator behaviour more closely.
- 🚚 Moved
redirect_urisvalidation to the application clean() method.
v1.1.3October 12, 2018
- Return state with Authorization Denied error (RFC6749 section 220.127.116.11)
- 🛠 Fix a crash with malformed base64 authentication headers
- 🛠 Fix a crash with malformed IPv6 redirect URIs
- 🚑 Critical: Django OAuth Toolkit 1.1.0 contained a migration that would revoke all existing
0006_auto_20171214_2232). This release corrects the migration. If you have already ran it in production, please see the following issue for more details: https://github.com/jazzband/django-oauth-toolkit/issues/589
- 🚑 Critical: Django OAuth Toolkit 1.1.0 contained a migration that would revoke all existing RefreshTokens (
- 🔔 Notice: The Django OAuth Toolkit project is now hosted by JazzBand.
- Compatibility: Django 1.11 is the new minimum required version. Django 1.10 is no longer supported.
- Compatibility: This will be the last release to support Django 1.11 and Python 2.7.
- 🆕 New feature: Option for RFC 7662 external AS that uses HTTP Basic Auth.
- 🆕 New feature: Individual applications may now override the
ALLOWED_REDIRECT_URI_SCHEMESsetting by returning a list of allowed redirect uri schemes in
- 🆕 New feature: The new setting
ERROR_RESPONSE_WITH_SCOPEScan now be set to True to include required scopes when DRF authorization fails due to improper scopes.
- 🆕 New feature: The new setting
REFRESH_TOKEN_GRACE_PERIOD_SECONDScontrols a grace period during which refresh tokens may be re-used.
- 🚦 An
app_authorizedsignal is fired when a token is generated.
- 🆕 New feature: AccessToken, RefreshToken and Grant models are now swappable.
- 🆕 #477: New feature: Add support for RFC 7662 (IntrospectTokenView, introspect scope)
- Compatibility: Django 1.10 is the new minimum required version
- Compatibility: Django 1.11 is now supported
- Backwards-incompatible: The
oauth2_provider.ext.rest_frameworkmodule has been moved to
- #177: Changed
idfield on Application, AccessToken, RefreshToken and Grant to BigAutoField (bigint/bigserial)
- ⚡️ #321: Added
updatedauto fields to Application, AccessToken, RefreshToken and Grant
- #476: Disallow empty redirect URIs
- 🛠 Fixed bad
urlparameter in some error responses.
- 🛠 Django 2.0 compatibility fixes.
- The dependency on django-braces has been dropped.
- 📌 The oauthlib dependency is no longer pinned.
- 🆕 New feature: Class-based scopes backends. Listing scopes, available scopes and default scopes
is now done through the class that the
SCOPES_BACKEND_CLASSsetting points to. By default, this is set to
oauth2_provider.scopes.SettingsScopeswhich implements the legacy settings-based scope behaviour. No changes are necessary.
- ⬇️ Dropped support for Python 3.2 and Python 3.3, added support for Python 3.6
- 👌 Support for the
scopesquery parameter, deprecated in 0.6.1, has been dropped
- 👍 #448: Added support for customizing applications' allowed grant types
- #141: The
is_usable(request)method on the Application model can be overridden to dynamically enable or disable applications.
- #434: Relax URL patterns to allow for UUID primary keys
- 🆕 New feature: Class-based scopes backends. Listing scopes, available scopes and default scopes is now done through the class that the