Skip to content

Releases: GeoNode/geonode-oauth-toolkit

2.2.2.2

30 May 14:04
@giohappy giohappy
2.2.2.2
d9720cd
Compare
Choose a tag to compare
2.2.2.2 Latest
Latest 
bump forked version
Assets 2

2.2.1

28 May 08:39
@afabiani afabiani
2.2.1
944a4f2
Compare
Choose a tag to compare
2.2.1

[2.2.1] 2021-05-28

Fixed unique UUID gives throws error when running migrations

Assets 5

2.2.0

10 May 10:40
@afabiani afabiani
2.2.0
df5deaf
Compare
Choose a tag to compare
2.2.0

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

[unreleased]

  • Remove support for Django 3.0
  • Add support for Django 3.2

Added

  • #712, #636, #808. Calls to django.contrib.auth.authenticate() now pass a request
    to provide compatibility with backends that need one.

Fixed

  • #524 Restrict usage of timezone aware expire dates to Django projects with USE_TZ set to True.
  • #955 Avoid doubling of oauth2_provider urls mountpath in json response for OIDC view ConnectDiscoveryInfoView.
    Breaks existing OIDC discovery output
  • #953 Allow loopback redirect URIs with random ports using http scheme, localhost address and no explicit port
    configuration in the allowed redirect_uris for Oauth2 Applications (RFC8252)

[2.2.0] 2021-05-10

Aligned to django-oauth-toolkit 1.5.0

Added

  • #915 Add optional OpenID Connect support.

Changed

  • #942 Help via defunct Google group replaced with using GitHub issues

[2.1.1] 2021-03-12

Changed

  • #925 OAuth2TokenMiddleware converted to new style middleware, and no longer extends MiddlewareMixin.

Removed

  • #936 Remove support for Python 3.5

[2.1.0] 2021-02-08

Added

  • #917 Documentation improvement for Access Token expiration.
  • #916 (for DOT contributors) Added tox -e livedocs which launches a local web server on locahost:8000
    to display Sphinx documentation with live updates as you edit.
  • #891 (for DOT contributors) Added details
    on how best to contribute to this project.
  • #884 Added support for Python 3.9
  • #898 Added the ability to customize classes for django admin
  • #690 Added pt-PT translations to HTML templates. This enables adding additional translations.

Fixed

  • #906 Made token revocation not apply a limit to the select_for_update statement (impacts Oracle 12c database).
  • #903 Disable redirect_uri field length limit for AbstractGrant

[1.3.3] 2020-10-16

Added

  • added select_related in intospect view for better query performance
  • #831 Authorization token creation now can receive an expire date
  • #831 Added a method to override Grant creation
  • #825 Bump oauthlib to 3.1.0 to introduce PKCE
  • Support for Django 3.1

Fixed

  • #847: Fix inappropriate message when response from authentication server is not OK.

Changed

  • few smaller improvements to remove older django version compatibility #830, #861, #862, #863

[1.3.2] 2020-03-24

Fixed

  • Fixes: 1.3.1 inadvertently uploaded to pypi with an extra migration (0003...) from a dev branch.

[1.3.1] 2020-03-23

Added

  • #725: HTTP Basic Auth support for introspection (Fix issue #709)

Fixed

  • #812: Reverts #643 pass wrong request object to authenticate function.
  • Fix concurrency issue with refresh token requests (#810)
  • #817: Reverts #734 tutorial documentation error.

[1.3.0] 2020-03-02

Added

  • Add support for Python 3.7 & 3.8
  • Add support for Django>=2.1,<3.1
  • Add requirement for oauthlib>=3.0.1
  • Add support for Proof Key for Code Exchange (PKCE, RFC 7636).
  • Add support for custom token generators (e.g. to create JWT tokens).
  • Add new OAUTH2_PROVIDER settings:
    • ACCESS_TOKEN_GENERATOR to override the default access token generator.
    • REFRESH_TOKEN_GENERATOR to override the default refresh token generator.
    • EXTRA_SERVER_KWARGS options dictionary for oauthlib's Server class.
    • PKCE_REQUIRED to require PKCE.
  • Add createapplication management command to create an application.
  • Add id in toolkit admin console applications list.
  • Add nonstandard Google support for [urn:ietf:wg:oauth:2.0:oob] redirect_uri
    for Google OAuth2 "manual copy/paste".
    N.B. this feature appears to be deprecated and replaced with methods described in
    RFC 8252: OAuth2 for Native Apps and may be deprecated and/or removed
    from a future release of Django-oauth-toolkit.

Changed

  • Change this change log to use Keep a Changelog format.
  • Backwards-incompatible squashed migrations:
    If you are currently on a release < 1.2.0, you will need to first install 1.2.0 then manage.py migrate before
    upgrading to >= 1.3.0.
  • Improved the tutorial.

Removed

  • Remove support for Python 3.4
  • Remove support for Django<=2.0
  • Remove requirement for oauthlib<3.0

Fixed

  • Fix a race condition in creation of AccessToken with external oauth2 server.
  • Fix several concurrency issues. (#638)
  • Fix to pass request to django.contrib.auth.authenticate() (#636)
  • Fix missing oauth2_error property exception oauthlib_core.verify_request method raises exceptions in authenticate.
    (#633)
  • Fix "django.db.utils.NotSupportedError: FOR UPDATE cannot be applied to the nullable side of an outer join" for postgresql.
    (#714)
  • Fix to return a new refresh token during grace period rather than the recently-revoked one.
    (#702)
  • Fix a bug in refresh token revocation.
    (#625)

1.2.0 [2018-06-03]

  • Compatibility: Python 3.4 is the new minimum required version.
  • Compatibility: Django 2.0 is the new minimum required version.
  • New feature: Added TokenMatchesOASRequirements Permissions.
  • validators.URIValidator has been updated to match URLValidator behaviour more closely.
  • Moved redirect_uris validation to the application clean() method.

1.1.2 [2018-05-12]

  • Return state with Authorization Denied error (RFC6749 section 4.1.2.1)
  • Fix a crash with malformed base64 authentication headers
  • Fix a crash with malformed IPv6 redirect URIs

1.1.1 [2018-05-08]

  • Critical: Django OAuth Toolkit 1.1.0 contained a migration that would revoke all existing
    RefreshTokens (0006_auto_20171214_2232). This release corrects the migration.
    If you have already ran it in production, please see the following issue for more details:
    jazzband/django-oauth-toolkit#589

1.1.0 [2018-04-13]

  • Notice: The Django OAuth Toolkit project is now hosted by JazzBand.
  • Compatibility: Django 1.11 is the new minimum required version. Django 1.10 is no longer supported.
  • Compatibility: This will be the last release to support Django 1.11 and Python 2.7.
  • New feature: Option for RFC 7662 external AS that uses HTTP Basic Auth.
  • New feature: Individual applications may now override the ALLOWED_REDIRECT_URI_SCHEMES
    setting by returning a list of allowed redirect uri schemes in Application.get_allowed_schemes().
  • New feature: The new setting ERROR_RESPONSE_WITH_SCOPES can now be set to True to include required
    scopes when DRF authorization fails due to improper scopes.
  • New feature: The new setting REFRESH_TOKEN_GRACE_PERIOD_SECONDS controls a grace period during which
    refresh tokens may be re-used.
  • An app_authorized signal is fired when a token is generated.

1.0.0 [2017-06-07]

  • New feature: AccessToken, RefreshToken and Grant models are now swappable.
  • #477: New feature: Add support for RFC 7662 (IntrospectTokenView, introspect scope)
  • Compatibility: Django 1.10 is the new minimum required version
  • Compatibility: Django 1.11 is now supported
  • Backwards-incompatible: The oauth2_provider.ext.rest_framework module
    has been moved to oauth2_provider.contrib.rest_framework
  • #177: Changed id field on Application, AccessToken, RefreshToken and Grant to BigAutoField (bigint/bigserial)
  • #321: Added created and updated auto fields to Application, AccessToken, RefreshToken and Grant
  • #476: Disallow empty redirect URIs
  • Fixed bad url parameter in some error responses.
  • Django 2.0 compatibility fixes.
  • The dependency on django-braces has been dropped.
  • The oauthlib dependency is no longer pinned.

0.12.0 [2017-02-24]

  • New feature: Class-based scopes backends. Listing scopes, available scopes and default scopes
    is now done through the class that the SCOPES_BACKEND_CLASS setting points to.
    By default, this is set to oauth2_provider.scopes.SettingsScopes which implements the
    legacy settings-based scope behaviour. No changes are necessary.
  • Dropped support for Python 3.2 and Python 3.3, added support for Python 3.6
  • Support for the scopes query parameter, deprecated in 0.6.1, has been dropped
  • #448: Added support for customizing applications' allowed grant types
  • #141: The is_usable(request) method on the Application model can be overridden to dynamically
    enable or disable applications.
  • #434: Relax URL patterns to allow for UUID primary keys

0.11.0 [2016-12-1]

  • #315: AuthorizationView does not overwrite requests on get
  • #425: Added support for Django 1.10
  • #396...
Read more
Assets 5

2.1.1

20 Jan 17:04
@afabiani afabiani
2.1.1
5b502e6
Compare
Choose a tag to compare
2.1.1 
 - Bump to version = 2.1.1
Assets 2

2.0.0

15 Jul 15:30
@afabiani afabiani
2.0.0
2243ab0
Compare
Choose a tag to compare
2.0.0

2.0.0 [2020-07-15]

  • 2020-07-15: afabiani Drop Django 1 / Python 2 support
Assets 5

1.1.5.1

31 Mar 07:29
@afabiani afabiani
1.1.5.1
307ac15
Compare
Choose a tag to compare
1.1.5.1

pip install geonode-oauth-toolkit==1.1.5.1

1.1.5 [2020-03-31]

Assets 8

1.1.4.6

05 Sep 09:13
@afabiani afabiani
1.1.4.6
81d6501
Compare
Choose a tag to compare
1.1.4.6
  • Only OAUth2 requests are validated; fall back to other validators instead
  • Bump to version = 1.1.4.6
Assets 5

1.1.4.5

19 Aug 09:45
@afabiani afabiani
1.1.4.5
7f76c4b
Compare
Choose a tag to compare
1.1.4.5
Assets 5

1.1.4.4

16 Aug 18:27
@afabiani afabiani
1.1.4.4
ebeabc5
Compare
Choose a tag to compare
1.1.4.4
Assets 5

1.1.4.3

16 Aug 17:44
@afabiani afabiani
1.1.4.3
47402b7
Compare
Choose a tag to compare
1.1.4.3
Assets 5