Issues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before
performing a MAJOR upgrade to 2.x.
These issues both result in {"error": "invalid_client"}:
The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.
PKCE_REQUIRED is now True by default. You should use PKCE with your client or set PKCE_REQUIRED=False if you are unable to fix the client.
Issues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before
performing a MAJOR upgrade to 2.x.
These issues both result in {"error": "invalid_client"}:
The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.
PKCE_REQUIRED is now True by default. You should use PKCE with your client or set PKCE_REQUIRED=False if you are unable to fix the client.
#1128 Documentation: Tutorial
on using Celery to automate clearing expired tokens.
Changed
#1129 (Breaking) Changed default value of PKCE_REQUIRED to True. This is a breaking change. Clients without
PKCE enabled will fail to authenticate. This breaks with section 5 of RFC7636
in favor of the OAuth2 Security Best Practices for Authorization Code Grants.
If you want to retain the pre-2.x behavior, set PKCE_REQUIRED = False in your settings.py
#1093 (Breaking) Changed to implement hashed
client_secret values. This is a breaking change that will migrate all your existing
cleartext application.client_secret values to be hashed with Django's default password hashing algorithm
and can not be reversed. When adding or modifying an Application in the Admin console, you must copy the
auto-generated or manually-entered client_secret before hitting Save.
#1108 OIDC: (Breaking) Add default configurable OIDC standard scopes that determine which claims are returned.
If you've customized OIDC responses
and want to retain the pre-2.x behavior, set oidc_claim_scope = None in your subclass of OAuth2Validator.
#1108 OIDC: Make the access_token available to get_oidc_claims when called from get_userinfo_claims.
#1132: Added --algorithm argument to createapplication management command
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
rhaamo
commented
2 years ago
Bumps django-oauth-toolkit from 1.7.0 to 2.1.0.
Release notes
Sourced from django-oauth-toolkit's releases.
... (truncated)
Changelog
Sourced from django-oauth-toolkit's changelog.
... (truncated)
Commits
890657dRelease 2.1.0 (#1175)b94f69eAdded list_select_related to reduce duplicate SQL queries in admin UI (#1177)007a5c4[pre-commit.ci] pre-commit autoupdate (#1176)a12a56eRemove bulk_create due to changed behavior between dj32 and dj40. (#1171)f4136bf[pre-commit.ci] pre-commit autoupdate (#1174)40b0de1fixed typo which caused incorrect display of code block (#1172)155bef3Run hasher migration on swapped models (#1147)307d07dCorrected typo (#1158)7518956Adds french translation file (#1163)0f18817support prompt login (#1164)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)