v3.14.3

What's Changed

• Fixed handle provider config for dynamic discovery by @infohash in #166
• Fixed bug when server is behind a proxy by @GramThanos in #169

New Contributors

• @GramThanos made their first contribution in #169

Full Changelog: v3.14.2...v3.14.3

v3.14.1

What's Changed

• Bump oic dependency to fix pydantic incompatibility by @ThoreKr in #162

Full Changelog: v3.14.0...v3.14.1

v3.14.0

What's Changed

• replace _app_ctx_stack with g for context storage by @csfreak in #154
• Add Support for python 3.11 by @csfreak in #155

New Contributors

• @csfreak made their first contribution in #154

Full Changelog: v3.13.0...v3.14.0

v3.13.0

What's Changed

• Code cleanup: fix linting errors reported by Pylint. by @zamzterz in #152
• Add possibilityto to pass **kwargs to pyoidc by @h4ckd0tm3 in #148

New Contributors

• @h4ckd0tm3 made their first contribution in #148

Full Changelog: v3.12.1...v3.13.0

v3.12.1

What's Changed

• Drop support for Python 3.6. by @zamzterz in #140
• Specify exact version of pyoidc for compatibility. by @zamzterz in #149
• [Bug] Fixed Redirect URI corruption by @infohash in #142
• Add Github Actions workflow for automatically releasing new versions. by @zamzterz in #150

Full Changelog: v3.11.0...v3.12.1

v3.11.0

What's Changed

• Update docs in Quickstart and Configuration. by @zamzterz in #122
• Add very basic quickstart example to README. by @zamzterz in #125
• Added scope and extra keyword arguments that can be optionally passed to client credentials flow by @infohash in #127
• Use ProviderConfiguration.requests_session for all requests. by @zamzterz in #128
• Added test paramters for scope in client_credentials_grant by @infohash in #129
• Added authenticated dynamic client registration by @infohash in #123
• Support multiple logout views (multiple use of 'oidc_logout' decorator). by @zamzterz in #126
• Delegated all requests to pyoidc library by @infohash in #132

Full Changelog: v3.10.0...v3.11.0

v3.10.0

• Add token introspection and client credentials flow (#120). Huge kudos to @infohash for implementing, testing and documenting it.

v3.9.0

• Fix post_logout redirect_uri when using dynamic client registration (#117). Thanks @infohash for reporting and fixing it. 👏

v3.8.0

• Test fixes (#107). Thanks @Titotix 👏
• Documentation improvements (#103). Thanks @Titotix 👏
• Don't remove stored auth request from session prematurely. (#112) Thanks to @steveqx for reporting it. 👏
• Use default value for 'end_session_state' if it's not stored. (#114) Thanks to @enkelli for reporting it. 👏
• Fix deprecated collections import for python 3.10. (#111) Thanks to @ThoreKr. 👏

v3.7.0

Important security fixes

• Properly validate the ID token according to the OIDC specification.
  Use Client.verify_id_token from pyoidc to verify issuer, audience,
  expiry, nonce, acr_values and max_age.
• Upgrade to latest pyoidc version fixing security issues.