betterself icon indicating copy to clipboard operation
betterself copied to clipboard

Published 20 hours ago verified publisher icon jeffshek

Update oauthlib to 3.2.0

Open pyup-bot opened this issue 2 years ago • 0 comments

This PR updates oauthlib from 2.0.6 to 3.2.0.

Changelog

3.2.0

------------------
OAuth2.0 Client:
* 795: Add Device Authorization Flow for Web Application
* 786: Add PKCE support for Client
* 783: Fallback to none in case of wrong expires_at format.

OAuth2.0 Provider:
* 790: Add support for CORS to metadata endpoint.
* 791: Add support for CORS to token endpoint.
* 787: Remove comma after Bearer in WWW-Authenticate

OAuth2.0 Provider - OIDC:
* 755: Call save_token in Hybrid code flow
* 751: OIDC add support of refreshing ID Tokens with `refresh_id_token`
* 751: The RefreshTokenGrant modifiers now take the same arguments as the
 AuthorizationCodeGrant modifiers (`token`, `token_handler`, `request`).

General:
* Added Python 3.9, 3.10, 3.11
* Improve Travis & Coverage

3.1.1

------------------
OAuth2.0 Provider - Bugfixes

* 753: Fix acceptance of valid IPv6 addresses in URI validation

OAuth2.0 Client - Bugfixes

* 730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently
 relies on the `scope` provided in the constructor if any, except if overridden temporarily
 in a method call. Note that in particular providing a non-None `scope` in
 `prepare_authorization_request` or `prepare_refresh_token` does not override anymore
 `self.scope` forever, it is just used temporarily.
* 726: MobileApplicationClient.prepare_request_uri and MobileApplicationClient.parse_request_uri_response,
 ServiceApplicationClient.prepare_request_body,
 and WebApplicationClient.prepare_request_uri now correctly use the default `scope` provided in
 constructor.
* 725: LegacyApplicationClient.prepare_request_body now correctly uses the default `scope` provided in constructor

OAuth2.0 Provider - Bugfixes
* 711: client_credentials grant: fix log message
* 746: OpenID Connect Hybrid - fix nonce not passed to add_id_token
* 756: Different prompt values are now handled according to spec (e.g. prompt=none)
* 759: OpenID Connect - fix Authorization: Basic parsing

General
* 716: improved skeleton validator for public vs private client
* 720: replace mock library with standard unittest.mock
* 727: build isort integration
* 734: python2 code removal
* 735, 750: add python3.8 support
* 749: bump minimum versions of pyjwt and cryptography

3.1.0

------------------
OAuth2.0 Provider - Features

* 660: OIDC add support of `nonce`, `c_hash`, `at_hash fields`
   - New `RequestValidator.fill_id_token` method
   - Deprecated `RequestValidator.get_id_token` method
* 677: OIDC add `UserInfo` endpoint - New `RequestValidator.get_userinfo_claims` method

OAuth2.0 Provider - Security

 * 665: Enhance data leak to logs
     * New default to not expose request content in logs
     * New function `oauthlib.set_debug(True)`
 * 666: Disabling query parameters for POST requests

OAuth2.0 Provider - Bugfixes

* 670: Fix `validate_authorization_request` to return the new PKCE fields
* 674: Fix `token_type` to be case-insensitive (`bearer` and `Bearer`)

OAuth2.0 Client - Bugfixes

* 290: Fix Authorization Code's errors processing
* 603: BackendApplicationClient.prepare_request_body use the `scope` argument as intended.
* 672: Fix edge case when `expires_in=Null`

OAuth1.0 Client

* 669: Add case-insensitive headers to oauth1 `BaseEndpoint`

OAuth1.0

* 722: Added support for HMAC-SHA512, RSA-SHA256 and RSA-SHA512 signature methods.

3.0.2

------------------
* 650: Fixed space encoding in base string URI used in the signature base string.
* 652: Fixed OIDC /token response which wrongly returned "&state=None"
* 654: Doc: The value `state` must not be stored by the AS, only returned in /authorize response.
* 656: Fixed OIDC "nonce" checks: raise errors when it's mandatory

3.0.1

------------------
* Fixed OAuth2.0 regression introduced in 3.0.0: Revocation with Basic auth no longer possible 644

3.0.0

------------------
OAuth2.0 Provider - outstanding Features

* OpenID Connect Core support
* RFC7662 Introspect support
* RFC8414 OAuth2.0 Authorization Server Metadata support (605)
* RFC7636 PKCE support (617 624)

OAuth2.0 Provider - API/Breaking Changes

* Add "request" to confirm_redirect_uri 504
* confirm_redirect_uri/get_default_redirect_uri has a bit changed 445
* invalid_client is now a FatalError 606
* Changed errors status code from 401 to 400:
- invalid_grant: 264
- invalid_scope: 620
- access_denied/unauthorized_client/consent_required/login_required 623
- 401 must have WWW-Authenticate HTTP Header set. 623

OAuth2.0 Provider - Bugfixes

* empty scopes no longer raise exceptions for implicit and authorization_code 475 / 406

OAuth2.0 Client - Bugfixes / Changes:

* expires_in in Implicit flow is now an integer 569
* expires is no longer overriding expires_in 506
* parse_request_uri_response is now required 499
* Unknown error=xxx raised by OAuth2 providers was not understood 431
* OAuth2's `prepare_token_request` supports sending an empty string for `client_id` (585)
* OAuth2's `WebApplicationClient.prepare_request_body` was refactored to better
support sending or omitting the `client_id` via a new `include_client_id` kwarg.
By default this is included. The method will also emit a DeprecationWarning if
a `client_id` parameter is submitted; the already configured `self.client_id`
is the preferred option. (585)

OAuth1.0 Client:

* Support for HMAC-SHA256 498

General fixes:

* $ and ' are allowed to be unencoded in query strings 564
* Request attributes are no longer overriden by HTTP Headers 409
* Removed unnecessary code for handling python2.6
* Add support of python3.7 621
* Several minors updates to setup.py and tox
* Set pytest as the default unittest framework

2.1.0

------------------

* Fixed some copy and paste typos (535)
* Use secrets module in Python 3.6 and later (533)
* Add request argument to confirm_redirect_uri (504)
* Avoid populating spurious token credentials (542)
* Make populate attributes API public (546)

2.0.7

------------------

* Moved oauthlib into new organization on GitHub.
* Include license file in the generated wheel package. (494)
* When deploying a release to PyPI, include the wheel distribution. (496)
* Check access token in self.token dict. (500)
* Added bottle-oauthlib to docs. (509)
* Update repository location in Travis. (514)
* Updated docs for organization change. (515)
* Replace G+ with Gitter. (517)
* Update requirements. (518)
* Add shields for Python versions, license and RTD. (520)
* Fix ReadTheDocs build (521).
* Fixed "make" command to test upstream with local oauthlib. (522)
* Replace IRC notification with Gitter Hook. (523)
* Added Github Releases deploy provider. (523)
Links
  • PyPI: https://pypi.org/project/oauthlib
  • Changelog: https://pyup.io/changelogs/oauthlib/
  • Repo: https://github.com/oauthlib/oauthlib

pyup-bot avatar Jan 29 '22 23:01 pyup-bot