OAuthLib v3.2.1 Release Notes

Release Date: 2022-09-09 // 21 days ago
  • OAuth2.0 Provider:

    • ๐Ÿ“‡ #803: Metadata endpoint support of non-HTTPS
    • CVE-2022-36087

    OAuth1.0:

    • ๐Ÿ“œ #818: Allow IPv6 being parsed by signature

    General:

    • ๐Ÿ‘Œ Improved and fixed documentation warnings.
    • ๐Ÿ’„ Cosmetic changes based on isort

Previous changes from v3.2.0

  • OAuth2.0 Client:

    • ๐ŸŒ #795: Add Device Authorization Flow for Web Application
    • ๐Ÿ‘ #786: Add PKCE support for Client
    • #783: Fallback to none in case of wrong expires_at format.

    OAuth2.0 Provider:

    • ๐Ÿ“‡ #790: Add support for CORS to metadata endpoint.
    • ๐Ÿ‘ #791: Add support for CORS to token endpoint.
    • ๐Ÿšš #787: Remove comma after Bearer in WWW-Authenticate

    OAuth2.0 Provider - OIDC:

    • #755: Call save_token in Hybrid code flow
    • #751: OIDC add support of refreshing ID Tokens with refresh_id_token
    • #751: The RefreshTokenGrant modifiers now take the same arguments as the AuthorizationCodeGrant modifiers (token, token_handler, request).

    General:

    • Added Python 3.9, 3.10, 3.11
    • Improve Travis & Coverage