BIG NEWS: Authlib has changed its open source license from AGPL to BSD.
Important Changes: Authlib specs module has been split into jose, oauth1, oauth2, and oidc. Find how to solve the deprecate issues via https://git.io/fjvpt.
RFC implementations and updates in this release:
- RFC7518: Added A128GCMKW, A192GCMKW, A256GCMKW algorithms for JWE.
- RFC5849: Removed draft-eaton-oauth-bodyhash-00 spec for OAuth 1.0.
Small changes and bug fixes in this release:
- Fixed missing scope on password and client_credentials grant types of OAuth2Session via issue#96.
- Fixed Flask OAuth client cache detection via issue#98.
- Enabled ssl certificates for OAuth2Session via PR#100, thanks to pingz.
- Fixed error response for invalid/expired refresh token via issue#112.
- Fixed error handle for invalid redirect uri via issue#113.
- Fixed error response redirect to fragment via issue#114.
- Fixed non-compliant responses from RFC7009 via issue#119.
Experiment Features: There is an experiment aiohttp client for OAuth1 and OAuth2 in authlib.client.aiohttp.
Code Changes: v0.10...v0.11