Here you can see the full list of changes between each Authlib release.
Version 0.10: Kluke¶
Released on Oct 12, 2018.
The most important change in this version is grant extension system. When registering a grant, developers can pass extensions to the grant:
Find Flask Grant Extensions implementation.
RFC implementations and updates in this release:
- RFC8414: OAuth 2.0 Authorization Server Metadata
- RFC7636: make CodeChallenge a grant extension RFC7636: Proof Key for Code Exchange by OAuth Public Clients
- OIDC: make OpenIDCode a grant extension
Besides that, there are other improvements:
save_authorize_statemethod on Flask and Django client
fetch_tokento Django OAuth client
- Add scope operator for
- Fix two OAuth clients in the same Flask route PR#85
Deprecate Changes: find how to solve the deprecate issues via https://git.io/fAmW1
Version 0.9: Ponyo¶
Released on Aug 12, 2018. Fun Dive.
There is no big break changes in this version. The very great improvement is adding JWE support. But the JWA parts of JWE are not finished yet, use with caution.
RFC implementations in this release:
- RFC7636: client and server implementation of RFC7636: Proof Key for Code Exchange by OAuth Public Clients.
- RFC7523: easy integration of Using JWTs Client Assertion in OAuth2Session.
- RFC7516: JWE compact serialization and deserialization.
- RFC7519: JWT with JWE encode and decode.
- Fixed the lazy initialization of Flask OAuth 2.0 provider.
authlib.client.appsfrom v0.7 has been dropped.
Version 0.8: Arutoria¶
Released on Jun 17, 2018. Try Django.
Authlib has tried to introduce Django OAuth server implementation in this version. It turns out that it is not that easy. In this version, only Django OAuth 1.0 server is provided.
As always, there are also RFC features added in this release, here is what’s in version 0.8:
- RFC7523: Add JWTs for Client Authentication of RFC7523: JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants.
- OIDC: Add
response_mode=form_postsupport for OpenID Connect.
Improvement in this release:
- A new redesigned error system. All errors are subclasses of a
- I18N support for error descriptions.
- Separate AuthorizationCodeMixin in
- Add context information when generate token via issue#58.
- Improve JWT key handles, auto load JWK and JWK set.
require_oauth.acquirewith statement, get example on Flask OAuth 2.0 Server.
Deprecate Changes: find how to solve the deprecate issues via https://git.io/vhL75
- Rename config key
- Rename Flask OAuth 2.0
Version 0.7: Honami¶
Released on Apr 28, 2018. Better Beta.
Authlib has changed its license from LGPL to AGPL. This is not a huge release like v0.6, but it still contains some deprecate changes, the good news is they are compatible, they won’t break your project. Authlib can’t go further without these deprecate changes.
As always, Authlib is adding specification implementations. Here is what’s in version 0.7:
- RFC7515: Refactored
JWS, make it a full implementation.
- RFC7521: Add
AssertionSession, only works with RFC7523.
- RFC7523: Add
JWTBearerGrant, read the guide in RFC7523: JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants.
Besides that, there are more changes:
overwriteparameter for framework integrations clients.
response_mode=queryfor OpenID Connect implicit and hybrid flow.
- Bug fix and documentation fix via issue#42, issue#43.
authlib.client.apps. Use Loginpass instead.
Deprecate Changes: find how to solve the deprecate issues via https://git.io/vpCH5
Version 0.6: Matoi¶
Released on Mar 20, 2018. Going Beta!
From alpha to beta. This is a huge release with lots of deprecating changes and some breaking changes. And finally, OpenID Connect server is supported by now, because Authlib has added these specifications:
- RFC7515: JSON Web Signature (JWS)
- RFC7517: JSON Web Key (JWK)
- RFC7518: JSON Web Algorithms (JWA)
- RFC7519: JSON Web Token (JWT)
The specifications are not completed yet, but they are ready to use. The missing RFC7516 (JWE) is going to be implemented in next version. Open ID Connect 1.0 is added with:
- Authentication using the Code Flow
- Authentication using the Implicit Flow
- Authentication using the Hybrid Flow
- ID Token Validation
Besides that, there are more changes:
- Implementation of RFC7662: OAuth 2.0 Token Introspection via PR#36.
- Use the
token_endpoint_auth_methodconcept defined in RFC7591.
- Signal feature for Flask integration of OAuth 2.0 server.
- Bug fixes for OAuth client parts, thanks for the instruction by Lukas Schink.
- the columns in
authlib.flask.oauth2.sqlahas been changed a lot. If you are using it, you need to upgrade your database.
authlib.client.oauth1.OAuth1has been renamed to
Deprecate Changes: find how to solve the deprecate issues via https://git.io/vAAUK
Released on Feb 11, 2018.
Just a quick bug fix release.
Version 0.5: Kirie¶
Released on Feb 11, 2018. Breaking Changes!
This version breaks a lot of things. There are many redesigns in order to get a better stable API. It is still in Alpha stage, with these breaking changes, I hope Authlib will go into Beta in the next version.
register_error_uri()and its Flask integration.
OAuth2Sessionsupports more grant types.
- Deprecate built-in cache. Read more on issue#23.
- Redesigned OAuth 1 Flask server. Read the docs Flask OAuth 1.0 Server.
client_model. Read more on issue#27.
- Breaking change on
AuthorizationCodeGrant.create_authorization_code, last parameter is changed to an OAuth2Request instance.
Released on Feb 2, 2018. A Quick Bugfix
- Fixed missing code params when fetching access token. This bug is introduced when fixing issue#16.
Version 0.4: Tsukino¶
Released on Jan 31, 2018. Enjoy the Super Blue Blood Moon!
This is a feature releasing for OAuth 1 server. Things are not settled yet, there will still be breaking changes in the future. Some of the breaking changes are compatible with deprecated messages, a few are not. I’ll keep the deprecated message for 2 versions. Here is the main features:
- RFC5847, OAuth 1 client and server
- Flask implementation of OAuth 1 authorization server and resource protector.
- Mixin of SQLAlchemy models for easy integration with OAuth 1.
In version 0.4, there is also several bug fixes. Thanks for the early contributors.
- Allow Flask OAuth register
- Bug fix for OAuthClient when
refresh_token_paramsis None via PR#14.
- Don’t pass everything in request args for Flask OAuth client via issue#16.
- Bug fix for
There are parameters naming changes in the client part:
client_keyhas been changed to
resource_owner_keyhas been changed to
resource_owner_secrethas been changed to
Currently, they are backward compatible. You will be notified by warnings.
Version 0.3: Nagato¶
Released on Dec 24, 2017. Merry Christmas!
This is a feature releasing for OAuth 2 server. Since this is the first release of the server implementation, you would expect that there are bugs, security vulnerabilities, and uncertainties. Try it bravely.
- Version 0.2.1: Released on Dec 6, 2017
- Version 0.2: Released on Nov 25, 2017
- Version 0.1: Released on Nov 18, 2017