CHANGELOG.md

v0.6.1

• Minor fix for middleware initialization check inside decorators.

v0.6.0

• Raise UnAuthorized instead of Forbidden #129. Thanks @rockwelln

• Added preflight (OPTIONS) request skip #139. Thanks @ckkz-it

v0.5.0

• Switched to new style aiohttp middleware #94. Thanks @Ranc58

v0.4.0

• Added issue and audience claims support #80 . Thanks @idegree

v0.3.0

• Added auth_scheme option to middleware, that allows customization of authorization header prefix #77. By default value is Bearer. Thanks @gbarbaten

• Added explicit exception when decorators are used without proper middleware initialization & minor cleaning #85

v0.2.0

• Added support for class based views in decorators #52. Thanks @citijk for the report!

• Cleanup a bit project structure

v0.1.1

• Fixed issue with non bearer token scheme #14. Thanks @vikitikitavi

v0.1.0

• Added support for checking revoked tokens

  Now users can pass is_revoked callback that should return bool value that indicates token status and in case of True, middleware will raise HTTPForbidden with Token is revoked message.

• Better description for token decoding error.

• Added more usage examples. Thanks @vikitikitavi

v0.0.2

• Refactored handling of broken provided token.

• Revisited naming of certain properties and helpers.

  • ONE_OF to match_any
  • ALL_IN to match_all
  • strategy to comparison

• Improved overall code test coverage.

v0.0.1 (Initial release)

• Introduced check_permissions decorator for providing scope based permission model for your application handlers.

  Permissions should be described as an array of strings inside the JWT token, or as a space-delimited OAuth 2.0 Access Token Scope string.

• Introduced JWT middleware for encoding/verifying your JWT token and setting property on aiohttp.Request object.