From alpha to beta. This is a huge release with lots of deprecating changes and some breaking changes. And finally, OpenID Connect server is supported by now, because Authlib has added these specifications:
- RFC7515: JSON Web Signature (JWS)
- RFC7517: JSON Web Key (JWK)
- RFC7518: JSON Web Algorithms (JWA)
- RFC7519: JSON Web Token (JWT)
The specifications are not completed yet, but they are ready to use. The missing RFC7516 (JWE) is going to be implemented in next version. Open ID Connect 1.0 is added with:
- Authentication using the Code Flow
- Authentication using the Implicit Flow
- Authentication using the Hybrid Flow
- ID Token Validation
Besides that, there are more changes:
- Implementation of RFC7662: OAuth 2.0 Token Introspection via #36.
- Use the
token_endpoint_auth_methodconcept defined in RFC7591. - Signal feature for Flask integration of OAuth 2.0 server.
- Bug fixes for OAuth client parts, thanks for the instruction by Lukas Schink.
Breaking Changes:
- the columns in
authlib.flask.oauth2.sqlahas been changed a lot. If you are using it, you need to upgrade your database. - use
register_token_validatoron ResourceProtector. authlib.client.oauth1.OAuth1has been renamed toauthlib.client.oauth1.OAuth1Auth.
Deprecate Changes: find how to solve the deprecate issues via https://git.io/vAAUK
Code Changes: v0.5.1...v0.6