Skip to content

Releases: lepture/authlib

Version 1.5.0

27 Feb 15:47
@azmeuk azmeuk
v1.5.0
This tag was signed with the committer’s verified signature.
azmeuk Éloi Rivard
GPG key ID: 7EDA204EA57DD184
Verified
Learn about vigilant mode.
2d0396e
This commit was signed with the committer’s verified signature.
azmeuk Éloi Rivard
GPG key ID: 7EDA204EA57DD184
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.5.0 Latest
Latest
  • Fix token introspection auth method for clients. #662
  • Optional typ claim in JWT tokens. #696
  • JWT validation leeway. #689
  • Implement server-side RFC9207. #700 #701
  • generate_id_token can take a kid parameter. #702
  • More detailed InvalidClientError. #706
  • OpenID Connect Dynamic Client Registration implementation. #707
Assets 2
Loading

Version 1.4.1

28 Jan 13:42
@lepture lepture
v1.4.1
0e8f480
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.4.1
  • Improve garbage collection on OAuth clients. #698
  • Fix client parameters for httpx. #694
Loading

Version 1.4.0

28 Jan 13:42
@lepture lepture
v1.4.0
eb34edf
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.4.0

Bugfixes

  • Fix id_token decoding when kid is null. #659
  • Support for Python 3.13. #682
  • Force login if the prompt parameter value is login. #637
  • Support for httpx 0.28. #695

Breaking changes

  • Stop support for Python 3.8. #682
Loading

Version 1.3.2

30 Aug 14:26
@lepture lepture
v1.3.2
d7db2c3
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.3.2
  • Prevent ever-growing session size for OAuth clients.
  • Revert quote client id and secret.
  • unquote basic auth header for authorization server.
Loading

Version 1.3.1

04 Jun 02:48
@lepture lepture
v1.3.1
df226ab
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.3.1

Prevent OctKey to import ssh and PEM strings.

Loading

Version 1.3.0

17 Dec 12:54
@lepture lepture
v1.3.0
a7d68b4
Compare
Choose a tag to compare
Version 1.3.0

Bug fixes

  • Restore AuthorizationServer.create_authorization_response behavior, via #558 by @TurnrDev
  • Include leeway in validate_iat() for JWT, via #565 by @dhallam
  • Fix encode_client_secret_basic, via #594 by @Prilkop
  • Use single key in JWK if JWS does not specify kid, via #596 by @dklimpel
  • Fix error when RFC9068 JWS has no scope field, via #598 by @tanguilp
  • Get werkzeug version using importlib, via #591 by @Sparrow0hawk

Breaking changes

Contributors

azmeuk, dhallam, and 5 other contributors
Loading

Version 1.2.1

21 Nov 13:51
@lepture lepture
v1.2.1
a18d0a5
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.2.1
  • Apply headers in ClientSecretJWT.sign method, via #552
  • Allow falsy but non-None grant uri params, via #544
  • Fixed authorize_redirect for Starlette v0.26.0, via #533
  • Removed has_client_secret method and documentation, via #513
  • Removed request_invalid and token_revoked remaining occurences
    and documentation. #514
  • Fixed RFC7591 grant_types and response_types default values, via #509
  • Add support for python 3.12, via #590
Loading

Version 1.2.0

06 Dec 08:43
@lepture lepture
v1.2.0
7575ea3
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.2.0
  • Not passing request.body to ResourceProtector, #485.
  • Use flask.g instead of _app_ctx_stack, #482.
  • Add headers parameter back to ClientSecretJWT, #457.
  • Always passing realm parameter in OAuth 1 clients, #339.
  • Implemented RFC7592 Dynamic Client Registration Management Protocol, #505`
  • Add default_timeout for requests OAuth2Session and AssertionSession.
  • Deprecate jwk.loads and jwk.dumps
Loading

Version 1.1.0

09 Nov 05:13
@lepture lepture
v1.1.0
2a8a226
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.1.0

This release contains breaking changes and security fixes.

  • Allow to pass claims_options to Framework OpenID Connect clients, via #446 by @Galaxy102
  • Fix .stream with context for HTTPX OAuth clients, via #465 by @bjoernmeier
  • Fix Starlette OAuth client for cache store, via #478 by @haggen

Breaking changes:

  • Raise InvalidGrantError for invalid code, redirect_uri and no user errors in OAuth 2.0 server.
  • The default authlib.jose.jwt would only work with JSON Web Signature algorithms, if you would like to use JWT with JWE algorithms, please pass the algorithms parameter:
jwt = JsonWebToken(['A128KW', 'A128GCM', 'DEF'])

Security fixes for JOSE module

  • CVE-2022-39175
  • CVE-2022-39174

Contributors

haggen, bjoernmeier, and Galaxy102
Loading

Version 1.0.1

06 Apr 11:56
@lepture lepture
v1.0.1
2e721aa
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.0.1
  • Fix authenticate_none method, via #438.
  • Allow to pass in alternative signing algorithm to RFC7523 authentication methods via #447.
  • Fix missing_token for Flask OAuth client, via #448.
  • Allow openid in any place of the scope, via #449.
  • Security fix for validating essential value on blank value in JWT, via #445.
Loading