- Numerous OAuth2 provider errors now suggest a status code of 401 instead
of 400 (#247). - Added support for JSON web tokens with oauthlib.common.generate_signed_token.
Install extra dependency with oauthlibsignedtoken. - OAuth2 scopes can be arbitrary objects with str defined (#240).
- OAuth 1 Clients can now register custom signature methods (#239).
- Exposed new method oauthlib.oauth2.is_secure_transport that checks whether
the given URL is HTTPS. Checks using this method can be disabled by setting
the environment variable OAUTHLIB_INSECURE_TRANSPORT (#249). - OAuth1 clients now has repr and will be printed with secrets scrubbed.
- OAuth1 Client.get_oauth_params now takes an oauthlib.Request as an argument.
- urldecode will now raise a much more informative error message on
incorrectly encoded strings. - Plenty of typo and other doc fixes.