The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
Added
- Instant configuration into
- Instant configuration into
scoped
decorator for inline config changes outside of protected.Added
- Support for
- Support for
False
and None
scopes.Added
- #40. Page redirection for static page protection
- Support to be able to individually protect class-based view methods without the decorators property
- #40. Page redirection for static page protection
- Support to be able to individually protect class-based view methods without the decorators property
Fixed
- #147.
- #147.
protected
decorator properly applied to built in views when initialized on a blueprintAdded
- Custom claims
- Extra payload validation
- Configuration option:
- Custom claims
- Extra payload validation
- Configuration option:
SANIC_JWT_DO_PROTECTION
Changed
- Invalid tokens now
- Invalid tokens now
401
instead of 403
Fixed
- Bug with
- Bug with
_do_protect
in @scoped
decoratorChanged
- Exception handling to consistently have a
-
-
- Exception handling to consistently have a
exception
and reasons
key-
reasons
in exception handling to be consistently formatted-
400
responses for debug
turned off, and 401
when turned onFixed
- #110. Preflight methods now properly handled
- #114. Proper use of
- #116. Proper error reporting on malformed tokens
- #118. Proper error reporting on expired token for
- #110. Preflight methods now properly handled
- #114. Proper use of
utils.call
to allow for sync and async retrieve_user
functions- #116. Proper error reporting on malformed tokens
- #118. Proper error reporting on expired token for
/auth/me
and /auth/refresh
by applying @protected
decoratorsAdded
- Ability to send authorization tokens via query string parameters
- Ability to send authorization tokens via query string parameters
Changed
- Method of passing rquest object
- Method of passing rquest object
args
and kwargs
to scope handlerAdded
- New handler method:
- New handler method:
- New decorator method:
- Decorator methods copied to
- New convenience method for extracting
- Feature for decoupling authentication mode for microservices
- Ability to have custom generated refresh tokens
- Subclasses are tested for consistency on
- New handler method:
override_scope_validator
- New handler method:
destructure_scopes
- New decorator method:
inject_user
- Decorator methods copied to
Initialize
class for convenience- New convenience method for extracting
user_id
from request- Feature for decoupling authentication mode for microservices
- Ability to have custom generated refresh tokens
- Subclasses are tested for consistency on
Initialize
Changed
-
-
-
-
-
- Method for getting and setting configurations made dynamic
-
Authentication.is_authenticated
to Authentication._check_authentication
-
Authentication.verify
to Authentication._verify
-
Authentication.get_access_token
to Authentication.generate_access_token
-
Authentication.get_refresh_token
to Authentication.generate_refresh_token
-
Authentication.retrieve_scopes
to Authentication.extract_scopes
- Method for getting and setting configurations made dynamic
Fixed
- Verification that a custom payload extender supplies all of the enabled claims
-
- Verification that a custom payload extender supplies all of the enabled claims
-
abort
bug when using Sanic's convenience method for exceptionsFixed
- Typo in docs for refresh token page
- Custom endpoints passing parameters to
- Typo in docs for refresh token page
- Custom endpoints passing parameters to
BaseEndpoint
Added
-
-
OPTIONS
handler method for BaseEndpoint
Fixed
- Some tests for claims that were not using UTC timestamps
- Consistency of docs with
- Some tests for claims that were not using UTC timestamps
- Consistency of docs with
class_views
Added
-
- New methods for adding configuration settings
- Customizable components
- Customizable responses
- Ability to fallback to header based authentication if cookie based fails
- Initialize on a blueprint and isolate configuration
-
Initialize
class- New methods for adding configuration settings
- Customizable components
- Customizable responses
- Ability to fallback to header based authentication if cookie based fails
- Initialize on a blueprint and isolate configuration
Fixed
-
- Usage of signing algorithms with public and private keys
-
@protected
implementation on class based views- Usage of signing algorithms with public and private keys
Deprecated
-
-
-
-
SANIC_JWT_PAYLOAD_HANDLER
-
SANIC_JWT_HANDLER_PAYLOAD_EXTEND
-
SANIC_JWT_HANDLER_PAYLOAD_SCOPES
- Added for new features.
- Changed for changes in existing functionality.
- Deprecated for once-stable features removed in upcoming releases.
- Removed for deprecated features removed in this release.
- Fixed for any bug fixes.
- Security to invite users to upgrade in case of vulnerabilities.