aleph icon indicating copy to clipboard operation
aleph copied to clipboard

Published 20 hours ago verified publisher icon alephdata

Bump authlib from 0.15.5 to 1.0.1

Open dependabot[bot] opened this issue 2 years ago • 0 comments

Bumps authlib from 0.15.5 to 1.0.1.

Release notes

Sourced from authlib's releases.

Version 1.0.1

  • Fix authenticate_none method, via #438.
  • Allow to pass in alternative signing algorithm to RFC7523 authentication methods via #447.
  • Fix missing_token for Flask OAuth client, via #448.
  • Allow openid in any place of the scope, via #449.
  • Security fix for validating essential value on blank value in JWT, via #445.

Version 1.0.0

We have dropped support for Python 2 in this release. We have removed built-in SQLAlchemy integration.

OAuth Client Changes:

The whole framework client integrations have been restructured, if you are using the client properly, e.g. oauth.register(...), it would work as before.

OAuth Provider Changes:

In Flask OAuth 2.0 provider, we have removed the deprecated OAUTH2_JWT_XXX configuration, instead, developers should define .get_jwt_config on OpenID extensions and grant types.

SQLAlchemy integrations has been removed from Authlib. Developers should define the database by themselves.

JOSE Changes

  • JWS has been renamed to JsonWebSignature
  • JWE has been renamed to JsonWebEncryption
  • JWK has been renamed to JsonWebKey
  • JWT has been renamed to JsonWebToken

The "Key" model has been re-designed, checkout the JSON Web Key for updates.

Added ES256K algorithm for JWS and JWT.

Breaking Changes: find how to solve the deprecate issues via https://git.io/JkY4f

Changelog

Sourced from authlib's changelog.

Version 1.0.1

Released on April 6, 2022

  • Fix authenticate_none method, via :gh:issue#438.
  • Allow to pass in alternative signing algorithm to RFC7523 authentication methods via :gh:PR#447.
  • Fix missing_token for Flask OAuth client, via :gh:issue#448.
  • Allow openid in any place of the scope, via :gh:issue#449.
  • Security fix for validating essential value on blank value in JWT, via :gh:issue#445.

Version 1.0.0

Released on Mar 15, 2022.

We have dropped support for Python 2 in this release. We have removed built-in SQLAlchemy integration.

OAuth Client Changes:

The whole framework client integrations have been restructured, if you are using the client properly, e.g. oauth.register(...), it would work as before.

OAuth Provider Changes:

In Flask OAuth 2.0 provider, we have removed the deprecated OAUTH2_JWT_XXX configuration, instead, developers should define .get_jwt_config on OpenID extensions and grant types.

SQLAlchemy integrations has been removed from Authlib. Developers should define the database by themselves.

JOSE Changes

  • JWS has been renamed to JsonWebSignature
  • JWE has been renamed to JsonWebEncryption
  • JWK has been renamed to JsonWebKey
  • JWT has been renamed to JsonWebToken

The "Key" model has been re-designed, checkout the :ref:jwk_guide for updates.

Added ES256K algorithm for JWS and JWT.

Breaking Changes: find how to solve the deprecate issues via https://git.io/JkY4f

Commits
  • 2e721aa Version bump 1.0.1
  • b953036 Fix GitHub workflow for coverage
  • f735578 Fix tests, restructure tests
  • 45ceb49 Raise InvalidClaimError for None value
  • 436e3f9 Fix validate jwt essential logic
  • 1c7a2c4 Allow openid scope anywhere
  • b28f037 Fix missing_token for Flask client
  • 6058a35 Merge pull request #447 from mikemonteith-livi/master
  • 1f6aea6 allow to pass in alternative signing algoritm to RFC7523 authentication methods
  • 1735d03 Fix docs for OpenIDCode via #439
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Apr 07 '22 01:04 dependabot[bot]