OAuthLib v3.0.0 Release Notes

Release Date: 2019-01-01 // almost 3 years ago
  • ๐Ÿš€ This is a major release containing API Breaking changes, and new major features. See the full list below:

    OAuth2.0 Provider - outstanding Features

    • ๐Ÿ‘ OpenID Connect Core support
    • ๐Ÿ‘ RFC7662 Introspect support
    • ๐Ÿ“‡ RFC8414 OAuth2.0 Authorization Server Metadata support (#605)
    • ๐Ÿ‘ RFC7636 PKCE support (#617 #624)

    OAuth2.0 Provider - API/Breaking Changes

    • Add "request" to confirm_redirect_uri #504
    • confirm_redirect_uri/get_default_redirect_uri has a bit changed #445
    • invalid_client is now a FatalError #606
    • ๐Ÿ”„ Changed errors status code from 401 to 400:

    • invalid_grant: #264

    • invalid_scope: #620

    • access_denied/unauthorized_client/consent_required/login_required #623

    • 401 must have WWW-Authenticate HTTP Header set. #623

    ๐Ÿ›  OAuth2.0 Provider - Bugfixes

    • empty scopes no longer raise exceptions for implicit and authorization_code #475 / #406

    ๐Ÿ›  OAuth2.0 Client - Bugfixes / Changes:

    • expires_in in Implicit flow is now an integer #569
    • expires is no longer overriding expires_in #506
    • parse_request_uri_response is now required #499
    • Unknown error=xxx raised by OAuth2 providers was not understood #431
    • OAuth2's prepare_token_request supports sending an empty string for client_id (#585)
    • OAuth2's WebApplicationClient.prepare_request_body was refactored to better
      support sending or omitting the client_id via a new include_client_id kwarg.
      ๐Ÿ—„ By default this is included. The method will also emit a DeprecationWarning if
      ๐Ÿ”ง a client_id parameter is submitted; the already configured self.client_id
      is the preferred option. (#585)

    OAuth1.0 Client:

    • ๐Ÿ‘Œ Support for HMAC-SHA256 #498

    ๐Ÿ›  General fixes:

    • $ and ' are allowed to be unencoded in query strings #564
    • Request attributes are no longer overriden by HTTP Headers #409
    • โœ‚ Removed unnecessary code for handling python2.6
    • โž• Add support of python3.7 #621
    • โšก๏ธ Several minors updates to setup.py and tox
    • โœ… Set pytest as the default unittest framework