Skip to content

v0.2.0b2

Choose a tag to compare

View all tags
@github-actions github-actions released this 08 May 19:18
· 244 commits to current since this release
v0.2.0b2
dac93b1

Fixed

  • manage.py oidc_audit_tokens --help (and the three sibling commands
    oidc_create_app, oidc_revoke_user_tokens, oidc_rotate_secret)
    raised TypeError: expected string or bytes-like object, got '__proxy__' on Python 3.12+. argparse's HelpFormatter._fill_text
    now passes the description / argument-help straight into re.sub,
    which refuses to coerce the gettext_lazy proxy object that the
    commands had been using. The four commands switched to non-lazy
    gettext; the active language is fixed at process start for
    short-lived management commands, so lazy evaluation bought nothing.
    # type: ignore[assignment] casts that papered over the
    BaseCommand.help: str mismatch are no longer needed and were
    removed.

Documentation

  • README OAUTH2_PROVIDER example and key reference now recommend
    ACCESS_TOKEN_EXPIRE_SECONDS = 3600 instead of 60. The test-suite
    literal 60 (used by tests/test_settingsAA4.py to exercise expiry
    paths without sleeps) was inappropriate as a production starter:
    passport-openidconnect-based RPs (Wiki.js, Outline, etc.) reject
    sub-minute access-token lifetimes outright, and even tolerant clients
    race the user's /userinfo round-trip against the TTL when network
    latency creeps up. New value matches the production defaults of
    Auth0 / Keycloak / Google.
  • WikiJS integration section expanded: full URL set (authorization /
    token / userinfo / issuer / logout), explicit warning that
    Skip User Profile must stay off — otherwise WikiJS reads claims
    out of id_token only and fails with "Missing or invalid email
    address from profile" because we now follow OIDC Core 1.0 §5.4
    strictly (scope-bound claims live at /userinfo, not in id_token).
    Strategy choice (Generic OpenID Connect / OAuth 2.0 vs. Generic
    OAuth 2.0) documented with the trade-off.

Changed

  • AA-version test stacks declared as PEP 735 dependency groups
    (aa4, aa5) in pyproject.toml instead of being hard-coded inside
    the tests_aa4 nox session body. The session now installs via
    uv pip install -e . --group aa4, letting uv intersect the package's
    allianceauth>=4,<6 contract with the group's <5 narrowing. No
    user-visible changes; the matrix runs the same combinations.
    uv tree --group aaN now enumerates each supported stack from
    pyproject.toml directly.
Assets 4
Loading