Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update oauthlib to 3.2.2 #152

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update oauthlib to 3.2.2 #152

wants to merge 1 commit into from

Conversation

pyup-bot
Copy link
Collaborator

This PR updates oauthlib from 3.1.0 to 3.2.2.

Changelog

3.2.1

------------------
OAuth2.0 Provider:
* 803: Metadata endpoint support of non-HTTPS
* CVE-2022-36087

OAuth1.0:
* 818: Allow IPv6 being parsed by signature

General:
* Improved and fixed documentation warnings.
* Cosmetic changes based on isort

3.2.0

------------------
OAuth2.0 Client:
* 795: Add Device Authorization Flow for Web Application
* 786: Add PKCE support for Client
* 783: Fallback to none in case of wrong expires_at format.

OAuth2.0 Provider:
* 790: Add support for CORS to metadata endpoint.
* 791: Add support for CORS to token endpoint.
* 787: Remove comma after Bearer in WWW-Authenticate

OAuth2.0 Provider - OIDC:
* 755: Call save_token in Hybrid code flow
* 751: OIDC add support of refreshing ID Tokens with `refresh_id_token`
* 751: The RefreshTokenGrant modifiers now take the same arguments as the
 AuthorizationCodeGrant modifiers (`token`, `token_handler`, `request`).

General:
* Added Python 3.9, 3.10, 3.11
* Improve Travis & Coverage

3.1.1

------------------
OAuth2.0 Provider - Bugfixes

* 753: Fix acceptance of valid IPv6 addresses in URI validation

OAuth2.0 Client - Bugfixes

* 730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently
 relies on the `scope` provided in the constructor if any, except if overridden temporarily
 in a method call. Note that in particular providing a non-None `scope` in
 `prepare_authorization_request` or `prepare_refresh_token` does not override anymore
 `self.scope` forever, it is just used temporarily.
* 726: MobileApplicationClient.prepare_request_uri and MobileApplicationClient.parse_request_uri_response,
 ServiceApplicationClient.prepare_request_body,
 and WebApplicationClient.prepare_request_uri now correctly use the default `scope` provided in
 constructor.
* 725: LegacyApplicationClient.prepare_request_body now correctly uses the default `scope` provided in constructor

OAuth2.0 Provider - Bugfixes
* 711: client_credentials grant: fix log message
* 746: OpenID Connect Hybrid - fix nonce not passed to add_id_token
* 756: Different prompt values are now handled according to spec (e.g. prompt=none)
* 759: OpenID Connect - fix Authorization: Basic parsing

General
* 716: improved skeleton validator for public vs private client
* 720: replace mock library with standard unittest.mock
* 727: build isort integration
* 734: python2 code removal
* 735, 750: add python3.8 support
* 749: bump minimum versions of pyjwt and cryptography
Links

@pyup-bot pyup-bot mentioned this pull request Oct 17, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pyup-bot