Changelog History
Page 3
-
v1.0.2 Changes
August 10, 2015- (Fix) Allow client secret to be null for public applications that do not mandate it's specification in the query parameters.
- (Fix) Encode request body before hashing in order to prevent encoding errors in Python 3.
-
v1.0.1 Changes
July 27, 2015- (Fix) Added token_type_hint to the list of default Request parameters.
-
v1.0.0 Changes
July 19, 2015- (Breaking Change) Replace pycrypto with cryptography from https://cryptography.io
- โก๏ธ (Breaking Change) Update jwt to 1.0.0 (which is backwards incompatible) no oauthlib api changes were made.
- (Breaking Change) Raise attribute error for non-existing attributes in the Request object.
- (Fix) Strip whitespace off of scope string.
- (Change) Don't require to return the state in the access token response.
- ๐ (Change) Hide password in logs.
- (Fix) Fix incorrect invocation of prepare_refresh_body in the OAuth2 client.
- (Fix) Handle empty/non-parsable query strings.
- (Fix) Check if an RSA key is actually needed before requiring it.
- (Change) Allow tuples for list_to_scope as well as sets and lists.
- (Change) Add code to determine if client authentication is required for OAuth2.
- (Fix) Fix error message on invalid Content-Type header for OAtuh1 signing.
- (Fix) Allow ! character in query strings.
- (Fix) OAuth1 now includes the body hash for requests that specify any content-type that isn't x-www-form-urlencoded.
- ๐ (Fix) Fixed error description in oauth1 endpoint.
- (Fix) Revocation endpoint for oauth2 will now return an empty string in the response body instead of 'None'.
- โ Increased test coverage.
- ๐ Performance improvements.
- ๐ Documentation improvements and fixes.
-
v0.7.2 Changes
November 13, 2014- (Quick fix) Unpushed locally modified files got included in the PyPI 0.7.1 release. Doing a new clean release to address this. Please upgrade quickly and report any issues you are running into.
-
v0.7.1 Changes
October 27, 2014- ๐ฒ (Quick fix) Add oauthlib.common.log object back in for libraries using it.
-
v0.7.0 Changes
October 27, 2014- โ (Change) OAuth2 clients will not raise a Warning on scope change if
the environment variable
OAUTHLIB_RELAX_TOKEN_SCOPE
is set. The token will now be available as an attribute on the error,error.token
. Token changes will now also be announced using blinker. - ๐ (Fix/Feature) Automatic fixes of non-compliant OAuth2 provider responses (e.g. Facebook).
- ๐ฒ (Fix) Logging is now tiered (per file) as opposed to logging all under
oauthlib
. - (Fix) Error messages should now include a description in their message.
- ๐ (Fix/Feature) Optional support for jsonp callbacks after token revocation.
- (Feature) Client side preparation of OAuth 2 token revocation requests.
- (Feature) New OAuth2 client API methods for preparing full requests.
- (Feature) OAuth1 SignatureOnlyEndpoint that only verifies signatures and client IDs.
- (Fix/Feature) Refresh token grant now allow optional refresh tokens.
- (Fix) add missing state param to OAuth2 errors.
- (Fix) add_params_to_uri now properly parse fragment.
- (Fix/Feature) All OAuth1 errors can now be imported from oauthlib.oauth1.
- ๐ (Fix/Security) OAuth2 logs will now strip client provided password, if present.
- ๐ Allow unescaped @ in urlencoded parameters.
- โ (Change) OAuth2 clients will not raise a Warning on scope change if
the environment variable
-
v0.6.3 Changes
June 10, 2014๐จ Quick fix. OAuth 1 client repr in 0.6.2 overwrote secrets when scrubbing for print.
-
v0.6.2 Changes
June 06, 2014Numerous OAuth2 provider errors now suggest a status code of 401 instead of 400 (#247.
Added support for JSON web tokens with oauthlib.common.generate_signed_token. Install extra dependency with oauthlibsignedtoken.
OAuth2 scopes can be arbitrary objects with str defined (#240).
OAuth 1 Clients can now register custom signature methods (#239).
Exposed new method oauthlib.oauth2.is_secure_transport that checks whether the given URL is HTTPS. Checks using this method can be disabled by setting the environment variable OAUTHLIB_INSECURE_TRANSPORT (#249).
OAuth1 clients now has repr and will be printed with secrets scrubbed.
OAuth1 Client.get_oauth_params now takes an oauthlib.Request as an argument.
urldecode will now raise a much more informative error message on incorrectly encoded strings.
๐ Plenty of typo and other doc fixes.
-
v0.6.1 Changes
January 20, 2014๐ Draft revocation endpoint features and numerous fixes including:
(OAuth 2 Provider) is_within_original_scope to check whether a refresh token is trying to acquire a new set of scopes that are a subset of the original scope.
(OAuth 2 Provider) expires_in token lifetime can be set per request.
(OAuth 2 Provider) client_authentication_required method added to differentiate between public and confidential clients.
(OAuth 2 Provider) rotate_refresh_token now indicates whether a new refresh token should be generated during token refresh or if old should be kept.
(OAuth 2 Provider) returned JSON headers no longer include charset.
(OAuth 2 Provider) validate_authorizatoin_request now also includes the internal request object in the returned dictionary. Note that this is not meant to be relied upon heavily and its interface might change.
๐ and many style and typo fixes.
-
v0.6.0 Changes
๐จ OAuth 1 & 2 provider API refactor with breaking changes:
All endpoint methods change contract to return 3 values instead of 4. The new signature is
headers
,body
,status code
where the initialredirect_uri
has been relocated to its rightful place inside headers asLocation
.OAuth 1 Access Token Endpoint has a new required validator method
invalidate_request_token
.OAuth 1 Authorization Endpoint now returns a 200 response instead of 302 on
oob
callbacks.