All Versions
Latest Version
Avg Release Cycle
78 days
Latest Release
163 days ago

Changelog History
Page 3

  • v1.1.0 Changes

    April 13, 2018
    • ๐Ÿ”” Notice: The Django OAuth Toolkit project is now hosted by JazzBand.
    • Compatibility: Django 1.11 is the new minimum required version. Django 1.10 is no longer supported.
    • Compatibility: This will be the last release to support Django 1.11 and Python 2.7.
    • ๐Ÿ†• New feature: Option for RFC 7662 external AS that uses HTTP Basic Auth.
    • ๐Ÿ†• New feature: Individual applications may now override the ALLOWED_REDIRECT_URI_SCHEMES setting by returning a list of allowed redirect uri schemes in Application.get_allowed_schemes().
    • ๐Ÿ†• New feature: The new setting ERROR_RESPONSE_WITH_SCOPES can now be set to True to include required scopes when DRF authorization fails due to improper scopes.
    • ๐Ÿ†• New feature: The new setting REFRESH_TOKEN_GRACE_PERIOD_SECONDS controls a grace period during which refresh tokens may be re-used.
    • ๐Ÿšฆ An app_authorized signal is fired when a token is generated.
  • v1.0.0 Changes

    June 07, 2017
    • ๐Ÿ†• New feature: AccessToken, RefreshToken and Grant models are now swappable.
    • ๐Ÿ†• #477: New feature: Add support for RFC 7662 (IntrospectTokenView, introspect scope)
    • Compatibility: Django 1.10 is the new minimum required version
    • Compatibility: Django 1.11 is now supported
    • Backwards-incompatible: The oauth2_provider.ext.rest_framework module has been moved to oauth2_provider.contrib.rest_framework
    • #177: Changed id field on Application, AccessToken, RefreshToken and Grant to BigAutoField (bigint/bigserial)
    • โšก๏ธ #321: Added created and updated auto fields to Application, AccessToken, RefreshToken and Grant
    • #476: Disallow empty redirect URIs
    • ๐Ÿ›  Fixed bad url parameter in some error responses.
    • ๐Ÿ›  Django 2.0 compatibility fixes.
    • The dependency on django-braces has been dropped.
    • ๐Ÿ“Œ The oauthlib dependency is no longer pinned.
  • v0.12.0 Changes

    February 24, 2017
    • ๐Ÿ†• New feature: Class-based scopes backends. Listing scopes, available scopes and default scopes is now done through the class that the SCOPES_BACKEND_CLASS setting points to. By default, this is set to oauth2_provider.scopes.SettingsScopes which implements the legacy settings-based scope behaviour. No changes are necessary.
    • โฌ‡๏ธ Dropped support for Python 3.2 and Python 3.3, added support for Python 3.6
    • ๐Ÿ‘Œ Support for the scopes query parameter, deprecated in 0.6.1, has been dropped
    • ๐Ÿ‘ #448: Added support for customizing applications' allowed grant types
    • #141: The is_usable(request) method on the Application model can be overridden to dynamically enable or disable applications.
    • #434: Relax URL patterns to allow for UUID primary keys
  • v0.11.0 Changes

    • #315: AuthorizationView does not overwrite requests on get
    • ๐Ÿ‘ #425: Added support for Django 1.10
    • #396: added an IsAuthenticatedOrTokenHasScope Permission
    • ๐Ÿ‘ #357: Support multiple-user clients by allowing User to be NULL for Applications
    • #389: Reuse refresh tokens if enabled.
  • v0.10.0 Changes

    December 14, 2015
    • ๐Ÿ‘ #322: dropping support for python 2.6 and django 1.4, 1.5, 1.6
    • ๐Ÿ›  #310: Fixed error that could occur sometimes when checking validity of incomplete AccessToken/Grant
    • 0๏ธโƒฃ #333: Added possibility to specify the default list of scopes returned when scope parameter is missing
    • #325: Added management views of issued tokens
    • #249: Added a command to clean expired tokens
    • #323: Application registration view uses custom application model in form class
    • #299: server_class is now pluggable through Django settings
    • #309: Add the py35-django19 env to travis
    • #308: Use compact syntax for tox envs
    • #306: Django 1.9 compatibility
    • #288: Put additional information when generating token responses
    • ๐Ÿ›  #297: Fixed doc about SessionAuthenticationMiddleware
    • #273: Generic read write scope by resource
  • v0.9.0 Changes

    July 28, 2015
    • oauthlib_backend_class is now pluggable through Django settings
    • ๐Ÿ‘ #127: application/json Content-Type is now supported using JSONOAuthLibCore
    • ๐Ÿ›  #238: Fixed redirect uri handling in case of error
    • #229: Invalidate access tokens when getting a new refresh token
    • โž• added support for oauthlib 1.0
  • v0.8.2 Changes

    June 25, 2015
    • ๐Ÿ›  Fix the migrations to be two-step and allow upgrade from 0.7.2
  • v0.8.1 Changes

    April 27, 2015
    • ๐Ÿ›  South migrations fixed. Added new django migrations.
  • v0.8.0 Changes

    March 27, 2015
    • ๐Ÿ›  Several docs improvements and minor fixes
    • ๐Ÿ›  #185: fixed vulnerabilities on Basic authentication
    • #173: ProtectResourceMixin now allows OPTIONS requests
    • Fixed client_id and client_secret characters set
    • #169: hide sensitive informations in error emails
    • #161: extend search to all token types when revoking a token
    • #160: return empty response on successful token revocation
    • #157: skip authorization form with skip_authorization_completely class field
    • #155: allow custom uri schemes
    • fixed get_application_model on Django 1.7
    • ๐Ÿ›  fixed non rotating refresh tokens
    • ๐Ÿ›  #137: fixed base template
    • customized client_secret length
    • #38: create access tokens not bound to a user instance for client credentials flow
  • v0.7.2 Changes

    July 02, 2014
    • ๐Ÿ“Œ Don't pin oauthlib