Released on Sep 3, 2019.
Breaking Change: Authlib Grant system has been redesigned. If you
are creating OpenID Connect providers, please read the new documentation
for OpenID Connect.
Important Update: Django OAuth 2.0 server integration is ready now.
You can create OAuth 2.0 provider and OpenID Connect 1.0 with Django
framework.
RFC implementations and updates in this release:
- RFC6749: Fixed scope validation, omit the invalid scope
- RFC7521: Added a common
AssertionClient
for the assertion framework - RFC7662: Added
IntrospectionToken
for introspection token endpoint - OpenID Connect Discover: Added discovery model based on RFC8414
Refactor and bug fixes in this release:
- Breaking Change: add
RefreshTokenGrant.revoke_old_credential
method - Rewrite lots of code for
authlib.client
, no breaking changes - Refactor
OAuth2Request
, use explicit query and form - Change
requests
to optional dependency - Add
AsyncAssertionClient
for aiohttp
Deprecate Changes: find how to solve the deprecate issues via https://git.io/fjPsV
Code Changes: v0.11...v0.12