OAuth2 goodies for the Djangonauts!
Issues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before performing a MAJOR upgrade to 2.x.
These issues both result in {"error": "invalid_client"}
:
The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.
PKCE_REQUIRED
is now True
by default. You should use PKCE with your client or set PKCE_REQUIRED=False
if you are unable to fix the client.
cleartokens
management commandIssues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before performing a MAJOR upgrade to 2.x.
These issues both result in {"error": "invalid_client"}
:
The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.
PKCE_REQUIRED
is now True
by default. You should use PKCE with your client or set PKCE_REQUIRED=False
if you are unable to fix the client.
Issues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before performing a MAJOR upgrade to 2.x.
These issues both result in {"error": "invalid_client"}
:
The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.
PKCE_REQUIRED
is now True
by default. You should use PKCE with your client or set PKCE_REQUIRED=False
if you are unable to fix the client.
prompt=login
for the OIDC Authorization Code Flow end user Authentication Request.createapplication
management command enhanced to display an auto-generated secret before it gets hashed.createapplication
command by @vector-kerr in https://github.com/jazzband/django-oauth-toolkit/pull/1132
Full Changelog: https://github.com/jazzband/django-oauth-toolkit/compare/1.7.0...2.0.0
cleartokens
management command and models.clear_expired()
to improve performance for removal of large numers of expired tokens. Configure with
CLEAR_EXPIRED_TOKENS_BATCH_SIZE
and
CLEAR_EXPIRED_TOKENS_BATCH_INTERVAL
.claims_supported
available at the OIDC auto-discovery endpoint (.well-known/openid-configuration
).{"active": false}
when introspecting a nonexistent token
per RFC 7662. It had been incorrectly returning 401.NOTE: This release reverts an inadvertently-added breaking change.
#949 Provide django.contrib.auth.authenticate() with a request for compatibiity with more backends (like django-axes). #968, #1039 Add support for Django 3.2 and 4.0. #953 Allow loopback redirect URIs using random ports as described in RFC8252 section 7.3. #972 Add Farsi/fa language support. #978 OIDC: Add support for rotating multiple RSA private keys. #978 OIDC: Add new OIDC_JWKS_MAX_AGE_SECONDS to improve jwks_uri caching. #967 OIDC: Add additional claims beyond sub to the id_token. #1041 Add a search field to the Admin UI (e.g. for search for tokens by email address).
#981 Require redirect_uri if multiple URIs are registered per RFC6749 section 3.1.2.3 #991 Update documentation of REFRESH_TOKEN_EXPIRE_SECONDS to indicate it may be int or datetime.timedelta. #977 Update Tutorial to show required include.
#968 Remove support for Django 3.0 & 3.1 and Python 3.6 #1035 Removes default_app_config for Django Deprecation Warning #1023 six should be dropped
#963 Fix handling invalid hex values in client query strings with a 400 error rather than 500. #973 Tutorial updated to use django-cors-headers. #956 OIDC: Update documentation of get_userinfo_claims to add the missing argument.
Adding support for OPENID