Skip to content

Releases: lepture/authlib

Version 1.0.0

15 Mar 10:18
@lepture lepture
v1.0.0
c73e2a8
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.0.0

We have dropped support for Python 2 in this release. We have removed
built-in SQLAlchemy integration.

OAuth Client Changes:

The whole framework client integrations have been restructured, if you are
using the client properly, e.g. oauth.register(...), it would work as
before.

OAuth Provider Changes:

In Flask OAuth 2.0 provider, we have removed the deprecated
OAUTH2_JWT_XXX configuration, instead, developers should define
.get_jwt_config on OpenID extensions and grant types.

SQLAlchemy integrations has been removed from Authlib. Developers
should define the database by themselves.

JOSE Changes

  • JWS has been renamed to JsonWebSignature
  • JWE has been renamed to JsonWebEncryption
  • JWK has been renamed to JsonWebKey
  • JWT has been renamed to JsonWebToken

The "Key" model has been re-designed, checkout the JSON Web Key for updates.

Added ES256K algorithm for JWS and JWT.

Breaking Changes: find how to solve the deprecate issues via https://git.io/JkY4f

Loading

Version 0.15.5

18 Oct 12:16
@lepture lepture
v0.15.5
d8e428c
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.15.5
  • Make Authlib compatible with latest httpx
  • Make Authlib compatible with latest werkzeug
  • Allow customize RFC7523 alg value
Loading

Version 0.15.4

17 Jul 03:08
@lepture lepture
v0.15.4
4570144
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.15.4

Security fix when JWT claims is None.

For example, JWT payload has iss=None:

{
  "iss": None,
  ...
}

But we need to decode it with claims:

claims_options = {
  'iss': {'essential': True, 'values': ['required']}
}
jwt.decode(token, key, claims_options=claims_options)

It didn't raise an error before this fix.

Loading

Version 0.15.3

15 Jan 13:59
@lepture lepture
v0.15.3
33aab02
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.15.3

Fixed .authorize_access_token for OAuth 1.0 services, via #308

Loading

Version 0.15.2

18 Oct 06:49
@lepture lepture
v0.15.2
1969b56
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.15.2

Fixed httpx authentication bug via #283

Loading

Version 0.15.1

14 Oct 12:58
@lepture lepture
v0.15.1
c70a805
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.15.1

Backward compitable fix for using JWKs in JWT, via #280.

Loading

Version 0.15

10 Oct 07:49
@lepture lepture
v0.15
4e501ce
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.15

This is the last release before v1.0. In this release, we added more RFCs
implementations and did some refactors for JOSE:

  • RFC8037: CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE)
  • RFC7638: JSON Web Key (JWK) Thumbprint

We also fixed bugs for integrations:

  • Fixed support for HTTPX>=0.14.3
  • Added OAuth clients of HTTPX back via #270
  • Fixed parallel token refreshes for HTTPX async OAuth 2 client
  • Raise OAuthError when callback contains errors via #275

Breaking Change:

  1. The parameter algorithms in JsonWebSignature and JsonWebEncryption
    are changed. Usually you don't have to care about it since you won't use it directly.
  2. Whole JSON Web Key is refactored, please check JSON Web Key (JWK)
Loading

Version 0.14.3

18 May 14:01
@lepture lepture
v0.14.3
ffdc437
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.14.3
  • Fix HTTPX integration via #232 and #233.
  • Add "bearer" as default token type for OAuth 2 Client.
  • JWS and JWE don't validate private headers by default.
  • Remove none auth method for authorization code by default.
  • Allow usage of user provided code_verifier via #216.
  • Add introspect_token method on OAuth 2 Client via #224.
Loading

Version 0.14.2

06 May 00:57
@lepture lepture
v0.14.2
ce8b46b
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.14.2
  • Fix OAuth 1.0 client for starlette.
  • Allow leeway option in client parse ID token via #228.
  • Fix OAuthToken when expires_at or expires_in is 0 via #227.
  • Fix auto refresh token logic.
  • Load server metadata before request.
Loading

Version 0.14.1

06 May 00:56
@lepture lepture
v0.14.1
8e8786b
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.14.1
  • Quick fix for legacy imports of Flask and Django clients
Loading