Skip to content

Version 1.1.0
Compare
Choose a tag to compare
@lepture lepture released this 09 Nov 05:13
· 138 commits to master since this release
v1.1.0
2a8a226
This commit was signed with the committer’s verified signature.
lepture Hsiaoming Yang
GPG key ID: 7E55E3E0118B2B4C
Learn about vigilant mode.

This release contains breaking changes and security fixes.

  • Allow to pass claims_options to Framework OpenID Connect clients, via #446 by @Galaxy102
  • Fix .stream with context for HTTPX OAuth clients, via #465 by @bjoernmeier
  • Fix Starlette OAuth client for cache store, via #478 by @haggen

Breaking changes:

  • Raise InvalidGrantError for invalid code, redirect_uri and no user errors in OAuth 2.0 server.
  • The default authlib.jose.jwt would only work with JSON Web Signature algorithms, if you would like to use JWT with JWE algorithms, please pass the algorithms parameter:
jwt = JsonWebToken(['A128KW', 'A128GCM', 'DEF'])

Security fixes for JOSE module

  • CVE-2022-39175
  • CVE-2022-39174

Contributors

haggen, bjoernmeier, and Galaxy102
Assets 2