Release 1.6.1

Changed

• Note: Only Django 4.0.1+ is supported due to a regression in Django 4.0.0. Explanation

Fixed

• Miscellaneous 1.6.0 packaging issues.

Release 1.6.0

Added

#949 Provide django.contrib.auth.authenticate() with a request for compatibiity with more backends (like django-axes).
#968, #1039 Add support for Django 3.2 and 4.0.
#953 Allow loopback redirect URIs using random ports as described in RFC8252 section 7.3.
#972 Add Farsi/fa language support.
#978 OIDC: Add support for rotating multiple RSA private keys.
#978 OIDC: Add new OIDC_JWKS_MAX_AGE_SECONDS to improve jwks_uri caching.
#967 OIDC: Add additional claims beyond sub to the id_token.
#1041 Add a search field to the Admin UI (e.g. for search for tokens by email address).

Changed

#981 Require redirect_uri if multiple URIs are registered per RFC6749 section 3.1.2.3
#991 Update documentation of REFRESH_TOKEN_EXPIRE_SECONDS to indicate it may be int or datetime.timedelta.
#977 Update Tutorial to show required include.

Removed

#968 Remove support for Django 3.0 & 3.1 and Python 3.6
#1035 Removes default_app_config for Django Deprecation Warning
#1023 six should be dropped

Fixed

#963 Fix handling invalid hex values in client query strings with a 400 error rather than 500.
#973 Tutorial updated to use django-cors-headers.
#956 OIDC: Update documentation of get_userinfo_claims to add the missing argument.

Release 1.5.0

Adding support for OPENID

Release 1.4.1

1.4.1 release (#940)

Releae 1.4.0

Release 1.4.0 (#921)

Release 1.3.3

release 1.3.3 (#890)

Release 1.3.2

See release 1.3.1; no changes.

Release 1.3.1

Added

• #725: HTTP Basic Auth support for introspection (Fix issue #709)

Fixed

• #812: Reverts #643 pass wrong request object to authenticate function.
• Fix concurrency issue with refresh token requests (#810)
• #817: Reverts #734 tutorial documentation error.

Release 1.3.0

From the CHANGELOG:

[1.3.0] 2020-03-02

Added

• Add support for Python 3.7 & 3.8
• Add support for Django>=2.1,<3.1
• Add requirement for oauthlib>=3.0.1
• Add support for Proof Key for Code Exchange (PKCE, RFC 7636).
• Add support for custom token generators (e.g. to create JWT tokens).
• Add new OAUTH2_PROVIDER settings:
  • ACCESS_TOKEN_GENERATOR to override the default access token generator.
  • REFRESH_TOKEN_GENERATOR to override the default refresh token generator.
  • EXTRA_SERVER_KWARGS options dictionary for oauthlib's Server class.
  • PKCE_REQUIRED to require PKCE.
• Add createapplication management command to create an application.
• Add id in toolkit admin console applications list.
• Add nonstandard Google support for [urn:ietf:wg:oauth:2.0:oob] redirect_uri
  for Google OAuth2 "manual copy/paste".
  N.B. this feature appears to be deprecated and replaced with methods described in
  RFC 8252: OAuth2 for Native Apps and may be deprecated and/or removed
  from a future release of Django-oauth-toolkit.

Changed

• Change this change log to use Keep a Changelog format.
• Backwards-incompatible squashed migrations:
  If you are currently on a release < 1.2.0, you will need to first install 1.2.0 then manage.py migrate before
  upgrading to >= 1.3.0.
• Improved the tutorial.

Removed

• Remove support for Python 3.4
• Remove support for Django<=2.0
• Remove requirement for oauthlib<3.0

Fixed

• Fix a race condition in creation of AccessToken with external oauth2 server.
• Fix several concurrency issues. (#638)
• Fix to pass request to django.contrib.auth.authenticate() (#636)
• Fix missing oauth2_error property exception oauthlib_core.verify_request method raises exceptions in authenticate.
  (#633)
• Fix "django.db.utils.NotSupportedError: FOR UPDATE cannot be applied to the nullable side of an outer join" for postgresql.
  (#714)
• Fix to return a new refresh token during grace period rather than the recently-revoked one.
  (#702)
• Fix a bug in refresh token revocation.
  (#625)

Release 1.0.0

Release 1.0.0