lepture/authlib v1.1.0

Version 1.1.0

on GitHub

This release contains breaking changes and security fixes.

• Allow to pass claims_options to Framework OpenID Connect clients, via #446 by @Galaxy102
• Fix .stream with context for HTTPX OAuth clients, via #465 by @bjoernmeier
• Fix Starlette OAuth client for cache store, via #478 by @haggen

Breaking changes:

• Raise InvalidGrantError for invalid code, redirect_uri and no user errors in OAuth 2.0 server.
• The default authlib.jose.jwt would only work with JSON Web Signature algorithms, if you would like to use JWT with JWE algorithms, please pass the algorithms parameter:

jwt = JsonWebToken(['A128KW', 'A128GCM', 'DEF'])

Security fixes for JOSE module

• CVE-2022-39175
• CVE-2022-39174