Skip to content

3.1.0
Compare
Choose a tag to compare
@JonathanHuot JonathanHuot released this 06 Aug 14:48
v3.1.0
31cae75
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

3.1.0 is an feature release including improvement to OIDC and security enhancements. Check-it out !

OAuth2.0 Provider - Features

  • #660: OIDC add support of nonce, c_hash, at_hash fields
    • New RequestValidator.fill_id_token method
    • Deprecated RequestValidator.get_id_token method
  • #677: OIDC add UserInfo endpoint
    • New RequestValidator.get_userinfo_claims method

OAuth2.0 Provider - Security

  • #665: Enhance data leak to logs
    • New default to not expose request content in logs
    • New function oauthlib.set_debug(True)
  • #666: Disabling query parameters for POST requests

OAuth2.0 Provider - Bugfixes

  • #670: Fix validate_authorization_request to return the new PKCE fields
  • #674: Fix token_type to be case-insensitive (bearer and Bearer)

OAuth2.0 Client - Bugfixes

  • #290: Fix Authorization Code's errors processing
  • #603: BackendApplication.Client.prepare_request_body use the "scope" argument as intended.
  • #672: Fix edge case when expires_in=Null

OAuth1.0 Client

  • #669: Add case-insensitive headers to oauth1 BaseEndpoint
Assets 2