django-oauth-toolkit v2.2.0 Release Notes

Release Date: 2022-10-18 // over 1 year ago
  • โš  WARNING

    ๐Ÿš€ Issues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before โฌ†๏ธ performing a MAJOR upgrade to 2.x.

    These issues both result in {"error": "invalid_client"}:

    1. The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.

    0๏ธโƒฃ 2. PKCE_REQUIRED is now True by default. You should use PKCE with your client or set PKCE_REQUIRED=False if you are unable to fix the client.

    โž• Added

    • #1208 Add 'code_challenge_method' parameter to authorization call in documentation
    • ๐Ÿ“š #1182 Add 'code_verifier' parameter to token requests in documentation

    ๐Ÿ”„ Changed

    • ๐Ÿ‘ #1203 Support Django 4.1.

    ๐Ÿ›  Fixed

    • ๐Ÿ›  #1203 Remove upper version bound on Django, to allow upgrading to Django 4.1.1 bugfix release.
    • #1210 Handle oauthlib errors on create token requests

Previous changes from v2.1.0

  • โš  WARNING

    ๐Ÿš€ Issues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before โฌ†๏ธ performing a MAJOR upgrade to 2.x.

    These issues both result in {"error": "invalid_client"}:

    1. The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.

    0๏ธโƒฃ 2. PKCE_REQUIRED is now True by default. You should use PKCE with your client or set PKCE_REQUIRED=False if you are unable to fix the client.

    โž• Added

    • ๐Ÿ‘ #1164 Support prompt=login for the OIDC Authorization Code Flow end user Authentication Request.
    • ๐ŸŒ #1163 Add French (fr) translations.
    • ๐ŸŒ #1166 Add Spanish (es) translations.

    ๐Ÿ”„ Changed

    • #1152 createapplication management command enhanced to display an auto-generated secret before it gets hashed.
    • ๐Ÿ“š #1172, #1159, #1158 documentation improvements.

    ๐Ÿ›  Fixed

    • ๐Ÿ›  #1147 Fixed 2.0.0 implementation of hashed client secret to work with swapped models.