django-oauth-toolkit v2.2.0 Release Notes
Release Date: 2022-10-18 // over 2 years ago-
โ WARNING
๐ Issues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before โฌ๏ธ performing a MAJOR upgrade to 2.x.
These issues both result in
{"error": "invalid_client"}:- The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.
0๏ธโฃ 2.
PKCE_REQUIREDis nowTrueby default. You should use PKCE with your client or setPKCE_REQUIRED=Falseif you are unable to fix the client.โ Added
- #1208 Add 'code_challenge_method' parameter to authorization call in documentation
- ๐ #1182 Add 'code_verifier' parameter to token requests in documentation
๐ Changed
- ๐ #1203 Support Django 4.1.
๐ Fixed
- ๐ #1203 Remove upper version bound on Django, to allow upgrading to Django 4.1.1 bugfix release.
- #1210 Handle oauthlib errors on create token requests
Previous changes from v2.1.0
-
โ WARNING
๐ Issues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before โฌ๏ธ performing a MAJOR upgrade to 2.x.
These issues both result in
{"error": "invalid_client"}:- The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.
0๏ธโฃ 2.
PKCE_REQUIREDis nowTrueby default. You should use PKCE with your client or setPKCE_REQUIRED=Falseif you are unable to fix the client.โ Added
- ๐ #1164 Support
prompt=loginfor the OIDC Authorization Code Flow end user Authentication Request. - ๐ #1163 Add French (fr) translations.
- ๐ #1166 Add Spanish (es) translations.
๐ Changed
- #1152
createapplicationmanagement command enhanced to display an auto-generated secret before it gets hashed. - ๐ #1172, #1159, #1158 documentation improvements.
๐ Fixed
- ๐ #1147 Fixed 2.0.0 implementation of hashed client secret to work with swapped models.