Bump authlib from 1.3.1 to 1.5.1

[dependabot[bot]]

Bumps authlib from 1.3.1 to 1.5.1.

Release notes

Sourced from authlib's releases.

Version 1.5.0

• Fix token introspection auth method for clients. #662
• Optional typ claim in JWT tokens. #696
• JWT validation leeway. #689
• Implement server-side RFC9207. #700 #701
• generate_id_token can take a kid parameter. #702
• More detailed InvalidClientError. #706
• OpenID Connect Dynamic Client Registration implementation. #707

Version 1.4.1

• Improve garbage collection on OAuth clients. #698
• Fix client parameters for httpx. #694

Version 1.4.0

Bugfixes

• Fix id_token decoding when kid is null. #659
• Support for Python 3.13. #682
• Force login if the prompt parameter value is login. #637
• Support for httpx 0.28. #695

Breaking changes

• Stop support for Python 3.8. #682

Version 1.3.2

• Prevent ever-growing session size for OAuth clients.
• Revert quote client id and secret.
• unquote basic auth header for authorization server.

Changelog

Sourced from authlib's changelog.

Version 1.5.1

Released on Feb 28, 2025

• Fix RFC9207 iss parameter. :pr:715

Version 1.5.0

Released on Feb 25, 2025

• Fix token introspection auth method for clients. :pr:662
• Optional typ claim in JWT tokens. :pr:696
• JWT validation leeway. :pr:689
• Implement server-side :rfc:RFC9207 <9207>. :issue:700 :pr:701
• generate_id_token can take a kid parameter. :pr:702
• More detailed InvalidClientError. :pr:706
• OpenID Connect Dynamic Client Registration implementation. :pr:707

Version 1.4.1

Released on Jan 28, 2025

• Improve garbage collection on OAuth clients. :issue:698
• Fix client parameters for httpx. :issue:694

Version 1.4.0

Released on Dec 20, 2024

• Fix id_token decoding when kid is null. :pr:659
• Support for Python 3.13. :pr:682
• Force login if the prompt parameter value is login. :pr:637
• Support for httpx 0.28, :pr:695

Breaking changes:

• Stop support for Python 3.8. :pr:682

Version 1.3.2

Released on Aug 30 2024

• Prevent ever-growing session size for OAuth clients.
• Revert quote client id and secret.
• unquote basic auth header for authorization server.

Commits

• 4eafdc2 chore: release 1.5.1
• 0e7e344 Merge pull request #715 from azmeuk/rfc9207
• b57932b fix: RFC9207 iss parameter
• 7833a88 Merge pull request #713 from geigerzaehler/full-entropy
• 642dfa3 doc: fix an example import for rfc9207
• 5c507a8 fix: Use full entropy from specified oct key size
• 2d0396e chore: release 1.5.0
• da87c8b doc: update changelog
• b79d868 Merge pull request #662 from AdamWill/oauth2-fix-introspect-endpoint
• 24c2bd8 chore: add a dependency group for the documentation
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)