Here you can see the full list of changes between each Authlib release.
Released on Nov 11, 2019. Go Async
This is the release that makes Authlib one more step close to v1.0. We
did a huge refactor on our integrations. Authlib believes in monolithic
design, it enables us to design the API to integrate with every framework
in the best way. In this release, Authlib has re-organized the folder
structure, moving every integration into the integrations
folder. It
makes Authlib to add more integrations easily in the future.
RFC implementations and updates in this release:
New integrations and changes in this release:
authlib.client.aiohttp
has been removedBug fixes and enhancements in this release:
alg
values easily for JWS and JWE.Deprecate Changes: find how to solve the deprecate issues via https://git.io/Jeclj
Released on Sep 3, 2019.
Breaking Change: Authlib Grant system has been redesigned. If you are creating OpenID Connect providers, please read the new documentation for OpenID Connect.
Important Update: Django OAuth 2.0 server integration is ready now. You can create OAuth 2.0 provider and OpenID Connect 1.0 with Django framework.
RFC implementations and updates in this release:
AssertionClient
for the assertion frameworkIntrospectionToken
for introspection token endpointRefactor and bug fixes in this release:
RefreshTokenGrant.revoke_old_credential
methodauthlib.client
, no breaking changesOAuth2Request
, use explicit query and formrequests
to optional dependencyAsyncAssertionClient
for aiohttpDeprecate Changes: find how to solve the deprecate issues via https://git.io/fjPsV
Released on Apr 6, 2019.
BIG NEWS: Authlib has changed its open source license from AGPL to BSD.
Important Changes: Authlib specs module has been split into jose, oauth1, oauth2, and oidc. Find how to solve the deprecate issues via https://git.io/fjvpt
RFC implementations and updates in this release:
Small changes and bug fixes in this release:
OAuth2Session
via issue#96.OAuth2Session
via PR#100, thanks
to pingz.Experiment Features: There is an experiment aiohttp
client for OAuth1
and OAuth2 in authlib.client.aiohttp
.
Released on Oct 12, 2018.
The most important change in this version is grant extension system. When registering a grant, developers can pass extensions to the grant:
authorization_server.register_grant(GrantClass, [extension])
Find Flask Grant Extensions implementation.
RFC implementations and updates in this release:
Besides that, there are other improvements:
save_authorize_state
method on Flask and Django clientfetch_token
to Django OAuth client@require_oauth
Multiple ScopesDeprecate Changes: find how to solve the deprecate issues via https://git.io/fAmW1
Released on Aug 12, 2018. Fun Dive.
There is no big break changes in this version. The very great improvement is adding JWE support. But the JWA parts of JWE are not finished yet, use with caution.
RFC implementations in this release:
Other Changes:
authlib.client.apps
from v0.7 has been dropped.Released on Jun 17, 2018. Try Django.
Authlib has tried to introduce Django OAuth server implementation in this version. It turns out that it is not that easy. In this version, only Django OAuth 1.0 server is provided.
As always, there are also RFC features added in this release, here is what’s in version 0.8:
response_mode=form_post
support for OpenID Connect.Improvement in this release:
AuthlibBaseError
.authlib.flask.oauth2.sqla
via issue#57.require_oauth.acquire
with statement, get example on Flask OAuth 2.0 Server.Deprecate Changes: find how to solve the deprecate issues via https://git.io/vhL75
OAUTH2_EXPIRES_IN
to OAUTH2_TOKEN_EXPIRES_IN
.create_expires_generator
to
create_token_expires_in_generator
Released on Apr 28, 2018. Better Beta.
Authlib has changed its license from LGPL to AGPL. This is not a huge release like v0.6, but it still contains some deprecate changes, the good news is they are compatible, they won’t break your project. Authlib can’t go further without these deprecate changes.
As always, Authlib is adding specification implementations. Here is what’s in version 0.7:
JWS
, make it a full implementation.AssertionSession
, only works with RFC7523.JWTBearerGrant
, read the guide in
RFC7523: JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants.Besides that, there are more changes:
overwrite
parameter for framework integrations clients.response_mode=query
for OpenID Connect implicit and hybrid flow.authlib.client.apps
. Use Loginpass instead.Deprecate Changes: find how to solve the deprecate issues via https://git.io/vpCH5
Released on Mar 20, 2018. Going Beta!
From alpha to beta. This is a huge release with lots of deprecating changes and some breaking changes. And finally, OpenID Connect server is supported by now, because Authlib has added these specifications:
The specifications are not completed yet, but they are ready to use. The missing RFC7516 (JWE) is going to be implemented in next version. Open ID Connect 1.0 is added with:
Besides that, there are more changes:
token_endpoint_auth_method
concept defined in RFC7591.Breaking Changes:
authlib.flask.oauth2.sqla
has been changed a lot.
If you are using it, you need to upgrade your database.register_token_validator
on
ResourceProtector.authlib.client.oauth1.OAuth1
has been renamed to
authlib.client.oauth1.OAuth1Auth
.Deprecate Changes: find how to solve the deprecate issues via https://git.io/vAAUK
Find old changelog at https://github.com/lepture/authlib/releases