• (Change) OAuth2 clients will not raise a Warning on scope change if
  the environment variable OAUTHLIB_RELAX_TOKEN_SCOPE is set. The token
  will now be available as an attribute on the error, error.token.
  Token changes will now also be announced using blinker.
• (Fix/Feature) Automatic fixes of non-compliant OAuth2 provider responses (e.g. Facebook).
• (Fix) Logging is now tiered (per file) as opposed to logging all under oauthlib.
• (Fix) Error messages should now include a description in their message.
• (Fix/Feature) Optional support for jsonp callbacks after token revocation.
• (Feature) Client side preparation of OAuth 2 token revocation requests.
• (Feature) New OAuth2 client API methods for preparing full requests.
• (Feature) OAuth1 SignatureOnlyEndpoint that only verifies signatures and client IDs.
• (Fix/Feature) Refresh token grant now allow optional refresh tokens.
• (Fix) add missing state param to OAuth2 errors.
• (Fix) add_params_to_uri now properly parse fragment.
• (Fix/Feature) All OAuth1 errors can now be imported from oauthlib.oauth1.
• (Fix/Security) OAuth2 logs will now strip client provided password, if present.
• Allow unescaped @ in urlencoded parameters.