All notable changes to this project will be documented in this file.
The format is based on the KeepAChangeLog project.
- #534 Fixed a bug in client_secret_basic authentication
- #503 Fix error on UserInfo endpoint for removed clients
- #508 JWT now uses verify keys for JWT verification
- #502 IntrospectionEndpoint now returns False if it encounters any error as per specs
- #481 Loading AuthnEvent from session
- #492 Do not verify JWT signature on distributed claims
- #526 Cleaned up extra claims from UserInfo with distributed claims
- #528 Fix faulty redirect_uri with query
- #532 Fix userinfo endpoint without auhtn_event in session
- #528 Fix faulty redirect_uri with query
- #498 Clean up replaced tokens on refresh and add Client.clean_tokens to clean old and replaced tokens
- #494 Methods and functions deprecated in previous releases have been removed
- #507 Altered structure of client_db. It no longer stores mapping of
registration_access_token
toclient_id
- #481 AuthnEvent in session is now represented as JSON
- #496 Ability to specify additional supported scopes for oic.Provider
- #432 Ability to specify Initial Access Token for
Client.register
- #515: Fix arguments to WSGI start_response
- #493 grant_types specification should follow the response_types specification in a client registration request.
- #469 Allow endpoints to have query parts
- #443 Ability to specify additional supported claims for oic.Provider
- #134 Added method kwarg to registration_endpoint that enables the client to read/modify registration
- #478 Addedd base-class for Client databases
oic.utils.clientdb.BaseClientDatabase
- #334 Ability to specify custom template rendering function for form_post and verify_logout
- #134
l_registration_enpoint
has been deprecated, usecreate_registration
instead - #457 pyldap is now an optional dependency.
oic.utils.authn.ldapc
andoic.utils.userinfo.ldap_info
raiseImportError
on import ifpyldap
is not present - #471
ca_certs
option has been removed, useverify_ssl
instead - #483
oic.oauth2.uril.verify_header
now raisesValueError
insteaad ofAssertionError
. - #491
oic.utils.http_util.Response.status
is deprecated in favor ofstatus_code
- #491 Some functions and kwargs in
oic.oauth2
module are deprecated
- #334 Removed template_lookup and template kwargs from oic.Provider
- #430 Audience of a client assertion is endpoint dependent.
- #427 Made matching for response_types order independent for authorization requests
- #399 Matching response_types for authz requests is too strict
- #436 Fixed client.read_registration
- #446 Fixed provider.read_registration
- #449 Fixed creation of error_response on client registration
- #445 Fixed get_client_id
- #421 Fixed handling of unicode in sanitize function
- #145 Successful token endpoint responses have correct no-cache headers
- #352 Fixed broken windows test for
test_provider_key_setup
. - #475
get_verify_key
returns inactivesig
keys for verification - #429 An expired token is not possible to use.
- #485 Skip import of improperly defined keys
- #370 Use oic.oic.Provider.endp instead of dynamic provider.endpoints in examples
- #486 SystemRandom is not imported correctly, so various secrets get initialized with bad randomness
- #405: Fix generation of endpoint urls
- #411: Empty lists not indexable
- #413: Fix error when wrong response_mode requested
- #418: Made phone_number_claim be boolean and fixed a bug when importing JSON (non-boolean where boolean expected)
- #318:
oic.utils.authn.saml
raisesImportError
on import if optionalsaml2
dependency is not present. - #324: Make the Provider
symkey
argument optional. - #325:
oic.oic.claims_match
implementation refactored. - #368:
oic.oauth2.Client.construct_AccessTokenRequest()
as well asoic.oic.Client
are now able to perform proper Resource Owner Password Credentials Grant - #374: Made the to_jwe/from_jwe methods of Message accept list of keys value of parameter keys.
- #387: Refactored the
oic.utils.sdb.SessionDB
constructor API. - #380: Made cookie_path and cookie_domain configurable via Provider like the cookie_name.
- #386: An exception will now be thrown if a sub claim received from the userinfo endpoint is not the same as a sub claim previously received in an ID Token.
- #392: Made sid creation simpler and faster
- #317: Resolved an
AttibuteError
exception under Python 2. - #313: Catch exception correctly
- #319: Fix sanitize on strings starting with "B" or "U"
- #330: Fix client_management user input being eval'd under Python 2
- #358: Fixed claims_match
- #362: Fix bad package settings URL
- #369: The AuthnEvent object is now serialized to JSON for the session.
- #373: Made the standard way the default when dealing with signed JWTs without 'kid'. Added the possibility to override this behavior if necessary.
- #401: Fixed message decoding and verifying errors.
- #349: Changed crypto algorithm used by
oic.utils.sdb.Crypt
for token encryption to Fernet. Old stored tokens are incompatible. - #363: Fixed IV reuse for CookieDealer class. Replaced the encrypt-then-mac construction with a proper AEAD (AES-SIV).
- #291: Testing more relevant Python versions.
- #296:
parse_qs
import fromfuture.backports
tofuture.moves
. - #188: Added
future
dependency, updated dependecies - #305: Some import were removed from
oic.oauth2
andoic.oic.provider
, please import them from respective modules (oic.oath2.message
andoic.exception
).
- #294: Generating code indices in documentation.
- #295: Access token issuance and typo/exception handling.
- #273: Allow webfinger accept
kwargs
.
- #286: Account for missing code in the SessionDB.
No change log folks. Sorry.