django-oauth-toolkit v1.3.0 Release Notes
Release Date: 2020-03-02 // about 4 years ago-
From the CHANGELOG:
[1.3.0] 2020-03-02
➕ Added
- ➕ Add support for Python 3.7 & 3.8
- ➕ Add support for Django>=2.1,<3.1
- ➕ Add requirement for oauthlib>=3.0.1
- ➕ Add support for Proof Key for Code Exchange (PKCE, RFC 7636).
- ➕ Add support for custom token generators (e.g. to create JWT tokens).
- ➕ Add new
OAUTH2_PROVIDER
settings:ACCESS_TOKEN_GENERATOR
to override the default access token generator.REFRESH_TOKEN_GENERATOR
to override the default refresh token generator.EXTRA_SERVER_KWARGS
options dictionary for oauthlib's Server class.PKCE_REQUIRED
to require PKCE.
- ➕ Add
createapplication
management command to create an application. - ➕ Add
id
in toolkit admin console applications list. - ➕ Add nonstandard Google support for [urn:ietf:wg:oauth:2.0:oob]
redirect_uri
for Google OAuth2 "manual copy/paste".
N.B. this feature appears to be deprecated and replaced with methods described in
RFC 8252: OAuth2 for Native Apps and may be deprecated and/or removed
🚀 from a future release of Django-oauth-toolkit.
🔄 Changed
- 🔄 Change this change log to use Keep a Changelog format.
- Backwards-incompatible squashed migrations:
🚀 If you are currently on a release < 1.2.0, you will need to first install 1.2.0 thenmanage.py migrate
before
⬆️ upgrading to >= 1.3.0. - 👌 Improved the tutorial.
✂ Removed
- ✂ Remove support for Python 3.4
- ✂ Remove support for Django<=2.0
- ✂ Remove requirement for oauthlib<3.0
🛠 Fixed
- 🛠 Fix a race condition in creation of AccessToken with external oauth2 server.
- 🛠 Fix several concurrency issues. (#638)
- 🛠 Fix to pass
request
todjango.contrib.auth.authenticate()
(#636) - 👻 Fix missing
oauth2_error
property exception oauthlib_core.verify_request method raises exceptions in authenticate.
(#633) - 🛠 Fix "django.db.utils.NotSupportedError: FOR UPDATE cannot be applied to the nullable side of an outer join" for postgresql.
(#714) - 🛠 Fix to return a new refresh token during grace period rather than the recently-revoked one.
(#702) - 🛠 Fix a bug in refresh token revocation.
(#625)