c95497dbd9
There is no need to pass in the scope parameter separately, since the scope is available via the token parameter already.
338 lines
7.9 KiB
ReStructuredText
338 lines
7.9 KiB
ReStructuredText
.. _changelog:
|
|
|
|
Changelog
|
|
#########
|
|
|
|
All notable changes to this project will be documented in this file.
|
|
|
|
Unreleased
|
|
==========
|
|
|
|
* Added: token instrospection endpoint support (RFC7662).
|
|
* Added: request in password grant authenticate call.
|
|
* Changed: dropping support for Django versions before 1.8.
|
|
* Changed: pass token and request to OIDC_IDTOKEN_PROCESSING_HOOK.
|
|
|
|
0.6.0
|
|
=====
|
|
|
|
*2018-04-13*
|
|
|
|
* Added: OAuth2 grant_type client_credentials support.
|
|
* Added: pep8 compliance and checker.
|
|
* Added: Setting OIDC_IDTOKEN_INCLUDE_CLAIMS supporting claims inside id_token.
|
|
* Changed: Test suit now uses pytest.
|
|
* Fixed: Infinite callback loop in the check-session iframe.
|
|
|
|
0.5.3
|
|
=====
|
|
|
|
*2018-03-09*
|
|
|
|
* Fixed: Update project to support Django 2.0
|
|
|
|
0.5.2
|
|
=====
|
|
|
|
*2017-08-22*
|
|
|
|
* Fixed: infinite login loop if "prompt=login" (#198)
|
|
* Fixed: Django 2.0 deprecation warnings (#185)
|
|
|
|
0.5.1
|
|
=====
|
|
|
|
*2017-07-11*
|
|
|
|
* Changed: Documentation template changed to Read The Docs.
|
|
* Fixed: install_requires has not longer pinned versions.
|
|
* Fixed: Removed infinity loop during authorization stage when prompt=login has been send.
|
|
* Fixed: Changed prompt handling as set of options instead of regular string.
|
|
* Fixed: Redirect URI must match exactly with given in query parameter.
|
|
* Fixed: Stored user consent are useful for public clients too.
|
|
* Fixed: documentation for custom scopes handling.
|
|
* Fixed: Scopes during refresh and code exchange are being taken from authorization request and not from query parameters.
|
|
|
|
0.5.0
|
|
=====
|
|
|
|
*2017-05-18*
|
|
|
|
* Added: signals when user accept/decline the authorization page.
|
|
* Added: OIDC_AFTER_END_SESSION_HOOK setting for additional business logic.
|
|
* Added: feature granttype password.
|
|
* Added: require_consent and reuse_consent are added to Client model.
|
|
* Changed: OIDC_SKIP_CONSENT_ALWAYS and OIDC_SKIP_CONSENT_ENABLE are removed from settings.
|
|
* Fixed: timestamps with unixtime (instead of django timezone).
|
|
* Fixed: field refresh_token cannot be primary key if null.
|
|
* Fixed: create_uri_exceptions are now being logged at Exception level not DEBUG.
|
|
|
|
0.4.4
|
|
=====
|
|
|
|
*2016-11-29*
|
|
|
|
* Fixed: Bug in Session Management middleware when using Python 3.
|
|
* Fixed: Translations handling.
|
|
|
|
0.4.3
|
|
=====
|
|
|
|
*2016-11-02*
|
|
|
|
* Added: Session Management 1.0 support.
|
|
* Added: post_logout_redirect_uris into admin.
|
|
* Changed: Package url names.
|
|
* Changed: Rename /logout/ url to /end-session/.
|
|
* Fixed: bug when trying authorize with response_type id_token without openid scope.
|
|
|
|
0.4.2
|
|
=====
|
|
|
|
*2016-10-13*
|
|
|
|
* Added: support for client redirect URIs with query strings.
|
|
* Fixed: bug when generating secret_key value using admin.
|
|
* Changed: client is available to OIDC_EXTRA_SCOPE_CLAIMS implementations via self.client.
|
|
* Changed: the constructor signature for ScopeClaims has changed, it now is called with the Token as its single argument.
|
|
|
|
0.4.1
|
|
=====
|
|
|
|
*2016-10-03*
|
|
|
|
* Changed: update pyjwkest to version 1.3.0.
|
|
* Changed: use Cryptodome instead of Crypto lib.
|
|
|
|
0.4.0
|
|
=====
|
|
|
|
*2016-09-12*
|
|
|
|
* Added: support for Hybrid Flow.
|
|
* Added: new attributes for Clients: Website url, logo, contact email, terms url.
|
|
* Added: polish translations.
|
|
* Added: examples section in documentation.
|
|
* Fixed: CORS in discovery and userinfo endpoint.
|
|
* Fixed: client type public bug when created using the admin.
|
|
* Fixed: missing OIDC_TOKEN_EXPIRE setting on implicit flow.
|
|
|
|
0.3.7
|
|
=====
|
|
|
|
*2016-08-31*
|
|
|
|
* Added: support for Django 1.10.
|
|
* Added: initial translation files (ES, FR).
|
|
* Added: support for at_hash parameter.
|
|
* Fixed: empty address dict in userinfo response.
|
|
|
|
0.3.6
|
|
=====
|
|
|
|
*2016-07-07*
|
|
|
|
* Changed: OIDC_USERINFO setting.
|
|
|
|
0.3.5
|
|
=====
|
|
|
|
*2016-06-21*
|
|
|
|
* Added: field date_given in UserConsent model.
|
|
* Added: verbose names to all model fields.
|
|
* Added: customize scopes names and descriptions on authorize template.
|
|
* Changed: OIDC_EXTRA_SCOPE_CLAIMS setting.
|
|
|
|
0.3.4
|
|
=====
|
|
|
|
*2016-06-10*
|
|
|
|
* Changed: Make SITE_URL setting optional.
|
|
* Fixed: Missing migration.
|
|
|
|
0.3.3
|
|
=====
|
|
|
|
*2016-05-03*
|
|
|
|
* Fixed: Important bug with PKCE and form submit in Auth Request.
|
|
|
|
0.3.2
|
|
=====
|
|
|
|
*2016-04-26*
|
|
|
|
* Added: choose type of client on creation.
|
|
* Added: implement Proof Key for Code Exchange by OAuth Public Clients.
|
|
* Added: support for prompt parameter.
|
|
* Added: support for different client JWT tokens algorithm.
|
|
* Fixed: not auto-approve requests for non-confidential clients (publics).
|
|
|
|
0.3.1
|
|
=====
|
|
|
|
*2016-03-09*
|
|
|
|
* Fixed: response_type was not being validated (OpenID request).
|
|
|
|
0.3.0
|
|
=====
|
|
|
|
*2016-02-23*
|
|
|
|
* Added: support OAuth2 requests.
|
|
* Added: decorator for protecting views with OAuth2.
|
|
* Added: setting OIDC_IDTOKEN_PROCESSING_HOOK.
|
|
|
|
0.2.5
|
|
=====
|
|
|
|
*2016-02-03*
|
|
|
|
* Added: Setting OIDC_SKIP_CONSENT_ALWAYS.
|
|
* Changed: Removing OIDC_RSA_KEY_FOLDER setting. Moving RSA Keys to the database.
|
|
* Changed: Update pyjwkest to version 1.1.0.
|
|
* Fixed: Nonce parameter missing on the decide form.
|
|
* Fixed: Set Allow-Origin header to jwks endpoint.
|
|
|
|
0.2.4
|
|
=====
|
|
|
|
*2016-01-20*
|
|
|
|
* Added: Auto-generation of client ID and SECRET using the admin.
|
|
* Added: Validate nonce parameter when using Implicit Flow.
|
|
* Fixed: generating RSA key by ignoring value of OIDC_RSA_KEY_FOLDER.
|
|
* Fixed: make OIDC_AFTER_USERLOGIN_HOOK and OIDC_IDTOKEN_SUB_GENERATOR to be lazy imported by the location of the function.
|
|
* Fixed: problem with a function that generate urls for the /.well-known/openid-configuration/ endpoint.
|
|
|
|
0.2.3
|
|
=====
|
|
|
|
*2016-01-06*
|
|
|
|
* Added: Make user and client unique on UserConsent model.
|
|
* Added: Support for URL's without end slash.
|
|
* Changed: Upgrade pyjwkest to version 1.0.8.
|
|
* Fixed: String format error in models.
|
|
* Fixed: Redirect to non http urls fail (for Mobile Apps).
|
|
|
|
0.2.1
|
|
=====
|
|
|
|
*2015-10-21*
|
|
|
|
* Added: refresh token flow.
|
|
* Changed: upgrade pyjwkest to version >= 1.0.6.
|
|
* Fixed: Unicode error in Client model.
|
|
* Fixed: Bug in creatersakey command (when using Python 3).
|
|
* Fixed: Bug when updating pyjwkest version.
|
|
|
|
0.2.0
|
|
=====
|
|
|
|
*2015-09-25*
|
|
|
|
* Changed: UserInfo model was removed. Now you can add your own model using OIDC_USERINFO setting.
|
|
* Fixed: ID token does NOT contain kid.
|
|
|
|
0.1.2
|
|
=====
|
|
|
|
*2015-08-04*
|
|
|
|
* Added: add token_endpoint_auth_methods_supported to discovery.
|
|
* Fixed: missing commands folder in setup file.
|
|
|
|
0.1.1
|
|
=====
|
|
|
|
*2015-07-31*
|
|
|
|
* Added: sending access_token as query string parameter in UserInfo Endpoint.
|
|
* Added: support HTTP Basic client authentication.
|
|
* Changed: use models setting instead of User.
|
|
* Fixed: in python 2: "aud" and "nonce" parameters didn't appear in id_token.
|
|
|
|
0.1.0
|
|
=====
|
|
|
|
*2015-07-17*
|
|
|
|
* Added: now id tokens are signed/encrypted with RS256.
|
|
* Added: command for easily generate random RSA key.
|
|
* Added: jwks uri to discovery endpoint.
|
|
* Added: id_token_signing_alg_values_supported to discovery endpoint.
|
|
* Fixed: nonce support for both Code and Implicit flow.
|
|
|
|
0.0.7
|
|
=====
|
|
|
|
*2015-07-06*
|
|
|
|
****
|
|
|
|
* Added: support for Python 3.
|
|
* Added: way of remember user consent and skipt it (OIDC_SKIP_CONSENT_ENABLE).
|
|
* Added: setting OIDC_SKIP_CONSENT_EXPIRE.
|
|
* Changed: now OIDC_EXTRA_SCOPE_CLAIMS must be a string, to be lazy imported.
|
|
|
|
0.0.6
|
|
=====
|
|
|
|
*2015-06-16*
|
|
|
|
* Added: better naming for models in the admin.
|
|
* Changed: now tests run without the need of a project configured.
|
|
* Fixed: error when returning address_formatted claim.
|
|
|
|
0.0.5
|
|
=====
|
|
|
|
*2015-05-09*
|
|
|
|
* Added: support for Django 1.8.
|
|
* Fixed: validation of scope in UserInfo endpoint.
|
|
|
|
0.0.4
|
|
=====
|
|
|
|
*2015-04-22*
|
|
|
|
* Added: initial migrations.
|
|
* Fixed: important bug with id_token when using implicit flow.
|
|
* Fixed: validate Code expiration in Auth Code Flow.
|
|
* Fixed: validate Access Token expiration in UserInfo endpoint.
|
|
|
|
0.0.3
|
|
=====
|
|
|
|
*2015-04-15*
|
|
|
|
* Added: normalize gender field in UserInfo.
|
|
* Changed: make address_formatted a property inside UserInfo.
|
|
* Fixed: important bug in claims response.
|
|
|
|
0.0.2
|
|
=====
|
|
|
|
*2015-03-26*
|
|
|
|
* Added: setting OIDC_AFTER_USERLOGIN_HOOK.
|
|
* Fixed: tests failing because an incorrect tag in one template.
|
|
|
|
0.0.1
|
|
=====
|
|
|
|
*2015-03-13*
|
|
|
|
* Added: provider Configuration Information endpoint.
|
|
* Added: setting OIDC_IDTOKEN_SUB_GENERATOR.
|
|
* Changed: now use setup in OIDC_EXTRA_SCOPE_CLAIMS setting.
|
|
|
|
0.0.0
|
|
=====
|
|
|
|
*2015-02-26*
|