Added

#949 Provide django.contrib.auth.authenticate() with a request for compatibiity with more backends (like django-axes).
#968, #1039 Add support for Django 3.2 and 4.0.
#953 Allow loopback redirect URIs using random ports as described in RFC8252 section 7.3.
#972 Add Farsi/fa language support.
#978 OIDC: Add support for rotating multiple RSA private keys.
#978 OIDC: Add new OIDC_JWKS_MAX_AGE_SECONDS to improve jwks_uri caching.
#967 OIDC: Add additional claims beyond sub to the id_token.
#1041 Add a search field to the Admin UI (e.g. for search for tokens by email address).

Changed

#981 Require redirect_uri if multiple URIs are registered per RFC6749 section 3.1.2.3
#991 Update documentation of REFRESH_TOKEN_EXPIRE_SECONDS to indicate it may be int or datetime.timedelta.
#977 Update Tutorial to show required include.

Removed

#968 Remove support for Django 3.0 & 3.1 and Python 3.6
#1035 Removes default_app_config for Django Deprecation Warning
#1023 six should be dropped

Fixed

#963 Fix handling invalid hex values in client query strings with a 400 error rather than 500.
#973 Tutorial updated to use django-cors-headers.
#956 OIDC: Update documentation of get_userinfo_claims to add the missing argument.