v1.6.0

This release mostly focuses on polishing and does not introduce any major feature.
It comes with quite a few potentially breaking changes.
Next step will be to add support for DPoP.

BREAKING CHANGES

• Removed the BearerAuth class. You can use a BearerToken directly as replacement.
• parameter bearer_token_class to OAuth2Client is renamed to token_class, if a custom token class is used.
• parameter url in ApiClient methods is now renamed to `path, since it only accepts a relative path. It was not meant to be used as kwargs anyway and is the 1st positional parameter, so chances are that it will not require any code change.
• class TokenEndpointPoolingJob has been renamed to BaseTokenEndpointPoolingJob.
• class ClientAssertionAuthenticationMethod has been renamed to BaseClientAssertionAuthenticationMethod.
• renamed some exceptions:
  • MismatchingAcr to MismatchingIdTokenAcr
  • MismatchingAudience to MismatchingIdTokenAudience
  • MismatchingAzp to MismatchingIdTokenAzp
  • MismatchingIssuer to MismatchingIdTokenIssuer
  • MismatchingNonce to MismatchingIdTokenNonce
• Most classes have been converted to attrs.frozen classes. This should not change their behaviors, but their attributes cannot be modified after creation anymore (which was unsupported anyway).
• renamed GrantType enum to GrantTypes
• renamed PkceUtils.code_verifier_re to code_verifier_pattern
• expires_at is now rounded down to the exact second (with 0 microseconds)
• expires_in is now rounded up to the next second

What Changed

• enable ALL ruff rules, implement fixes
• added authorization header class var in BearerToken, for #70
• introduced many custom exceptions, with better error messages and context
• introduced Endpoints, ResponseTypes and CodeChallengeMethods enums
• convert client authentication handlers to attrs classes
• convert requests auth handlers to attrs classes
• dependencies updated
• tests updated
• reviewed some docstrings
• tests now have 100% code coverage
• BearerToken.validate_id_token() now accepts a leeway for the expiration date and the auth_time validation

Pull Requests

• Bump requests from 2.31.0 to 2.32.0 by @dependabot in #63
• Bump jinja2 from 3.1.3 to 3.1.4 by @dependabot in #62
• Bump werkzeug from 3.0.2 to 3.0.3 by @dependabot in #61
• Bump tornado from 6.4 to 6.4.1 by @dependabot in #64
• Bump certifi from 2024.2.2 to 2024.7.4 by @dependabot in #67
• Bump urllib3 from 2.2.1 to 2.2.2 by @dependabot in #66
• Bump zipp from 3.18.1 to 3.19.1 by @dependabot in #68
• Bump setuptools from 69.5.1 to 70.0.0 by @dependabot in #69
• improvements for 1.6.0 by @guillp in #65
• Bump cryptography from 42.0.5 to 43.0.1 by @dependabot in #71
• more polishing by @guillp in #72

Full Changelog: v1.5.3...v1.6.0