#1128 Documentation: Tutorial
on using Celery to automate clearing expired tokens.
Changed
#1129 (Breaking) Changed default value of PKCE_REQUIRED to True. This is a breaking change. Clients without
PKCE enabled will fail to authenticate. This breaks with section 5 of RFC7636
in favor of the OAuth2 Security Best Practices for Authorization Code Grants.
If you want to retain the pre-2.x behavior, set PKCE_REQUIRED = False in your settings.py
#1093 (Breaking) Changed to implement hashed
client_secret values. This is a breaking change that will migrate all your existing
cleartext application.client_secret values to be hashed with Django's default password hashing algorithm
and can not be reversed. When adding or modifying an Application in the Admin console, you must copy the
auto-generated or manually-entered client_secret before hitting Save.
#1108 OIDC: (Breaking) Add default configurable OIDC standard scopes that determine which claims are returned.
If you've customized OIDC responses
and want to retain the pre-2.x behavior, set oidc_claim_scope = None in your subclass of OAuth2Validator.
#1108 OIDC: Make the access_token available to get_oidc_claims when called from get_userinfo_claims.
#1132: Added --algorithm argument to createapplication management command
Fixed
#1108 OIDC: Fix validate_bearer_token() to properly set request.scopes to the list of granted scopes.
#1132: Fixed help text for --skip-authorization argument of the createapplication management command.
Removed
#1124 (Breaking, Security) Removes support for insecure urn:ietf:wg:oauth:2.0:oob and urn:ietf:wg:oauth:2.0:oob:auto which are replaced
by RFC 8252 "OAuth 2.0 for Native Apps" BCP. Google has
deprecated use of oob with
a final end date of 2022-10-03. If you still rely on oob support in django-oauth-toolkit, do not upgrade to this release.
[1.7.1] 2022-03-19
Removed
#1126 Reverts #1070 which incorrectly added Celery auto-discovery tasks.py (as described in #1123) and because it conflicts
with Huey's auto-discovery which also uses tasks.py as described in #1114. If you are using Celery or Huey, you'll need
to separately implement these tasks.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
2 years ago
Updates the requirements on django-oauth-toolkit to permit the latest version.
Release notes
Sourced from django-oauth-toolkit's releases.
Changelog
Sourced from django-oauth-toolkit's changelog.
... (truncated)
Commits
025cd1bRelease 2.0.0 (#1145)e8d0ee6Add help wanted to the README (#1144)ec34fe9Corrections to glossary terms and documentation links. (#1136)e506fcesphinx-lint (#1142)4a9039e[pre-commit.ci] pre-commit autoupdate (#1139)e647d51feat: Update PKCE_REQUIRED to true by default (#1129)c79eae2chore: .gitignore local development files (#1137)e8ffc9cAdd tutorial for Celery task setup. (#1128)c8eee2cUpdatecreateapplicationcommand (#1132)a62195bMissed updating master branch version to 1.7.1 (#1133)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)