Skip to content

Latest commit

 

History

History
241 lines (197 loc) · 10.5 KB

CHANGELOG.md

File metadata and controls

241 lines (197 loc) · 10.5 KB

Change Log

All notable changes to this project will be documented in this file.

The format is based on the KeepAChangeLog project.

0.X.X [Unreleased]

Fixed

  • #534 Fixed a bug in client_secret_basic authentication
  • #503 Fix error on UserInfo endpoint for removed clients
  • #508 JWT now uses verify keys for JWT verification
  • #502 IntrospectionEndpoint now returns False if it encounters any error as per specs
  • #481 Loading AuthnEvent from session
  • #492 Do not verify JWT signature on distributed claims
  • #526 Cleaned up extra claims from UserInfo with distributed claims
  • #528 Fix faulty redirect_uri with query
  • #532 Fix userinfo endpoint without auhtn_event in session
  • #528 Fix faulty redirect_uri with query
  • #498 Clean up replaced tokens on refresh and add Client.clean_tokens to clean old and replaced tokens

Removed

  • #494 Methods and functions deprecated in previous releases have been removed

Changed

  • #507 Altered structure of client_db. It no longer stores mapping of registration_access_token to client_id
  • #481 AuthnEvent in session is now represented as JSON

Added

  • #496 Ability to specify additional supported scopes for oic.Provider
  • #432 Ability to specify Initial Access Token for Client.register

0.13.1 [2018-04-06]

Fixed

  • #515: Fix arguments to WSGI start_response

0.13.0 [2018-02-19]

Added

  • #493 grant_types specification should follow the response_types specification in a client registration request.
  • #469 Allow endpoints to have query parts
  • #443 Ability to specify additional supported claims for oic.Provider
  • #134 Added method kwarg to registration_endpoint that enables the client to read/modify registration
  • #478 Addedd base-class for Client databases oic.utils.clientdb.BaseClientDatabase
  • #334 Ability to specify custom template rendering function for form_post and verify_logout

Changed

  • #134 l_registration_enpoint has been deprecated, use create_registration instead
  • #457 pyldap is now an optional dependency. oic.utils.authn.ldapc and oic.utils.userinfo.ldap_info raise ImportError on import if pyldap is not present
  • #471 ca_certs option has been removed, use verify_ssl instead
  • #483 oic.oauth2.uril.verify_header now raises ValueError insteaad of AssertionError.
  • #491 oic.utils.http_util.Response.status is deprecated in favor of status_code
  • #491 Some functions and kwargs in oic.oauth2 module are deprecated

Removed

  • #334 Removed template_lookup and template kwargs from oic.Provider

Fixed

  • #430 Audience of a client assertion is endpoint dependent.
  • #427 Made matching for response_types order independent for authorization requests
  • #399 Matching response_types for authz requests is too strict
  • #436 Fixed client.read_registration
  • #446 Fixed provider.read_registration
  • #449 Fixed creation of error_response on client registration
  • #445 Fixed get_client_id
  • #421 Fixed handling of unicode in sanitize function
  • #145 Successful token endpoint responses have correct no-cache headers
  • #352 Fixed broken windows test for test_provider_key_setup.
  • #475 get_verify_key returns inactive sig keys for verification
  • #429 An expired token is not possible to use.
  • #485 Skip import of improperly defined keys
  • #370 Use oic.oic.Provider.endp instead of dynamic provider.endpoints in examples

Security

  • #486 SystemRandom is not imported correctly, so various secrets get initialized with bad randomness

0.12.0 [2017-09-25]

Fixed

  • #419: Inconsistent release numbers/tags
  • #420: Distributed claims

0.11.1.0 [2017-08-26]

Fixed

  • #405: Fix generation of endpoint urls
  • #411: Empty lists not indexable
  • #413: Fix error when wrong response_mode requested
  • #418: Made phone_number_claim be boolean and fixed a bug when importing JSON (non-boolean where boolean expected)

0.11.0.0 [2017-07-07]

Changed

  • #318: oic.utils.authn.saml raises ImportError on import if optional saml2 dependency is not present.
  • #324: Make the Provider symkey argument optional.
  • #325: oic.oic.claims_match implementation refactored.
  • #368: oic.oauth2.Client.construct_AccessTokenRequest() as well as oic.oic.Client are now able to perform proper Resource Owner Password Credentials Grant
  • #374: Made the to_jwe/from_jwe methods of Message accept list of keys value of parameter keys.
  • #387: Refactored the oic.utils.sdb.SessionDB constructor API.
  • #380: Made cookie_path and cookie_domain configurable via Provider like the cookie_name.
  • #386: An exception will now be thrown if a sub claim received from the userinfo endpoint is not the same as a sub claim previously received in an ID Token.
  • #392: Made sid creation simpler and faster

Fixed

  • #317: Resolved an AttibuteError exception under Python 2.
  • #313: Catch exception correctly
  • #319: Fix sanitize on strings starting with "B" or "U"
  • #330: Fix client_management user input being eval'd under Python 2
  • #358: Fixed claims_match
  • #362: Fix bad package settings URL
  • #369: The AuthnEvent object is now serialized to JSON for the session.
  • #373: Made the standard way the default when dealing with signed JWTs without 'kid'. Added the possibility to override this behavior if necessary.
  • #401: Fixed message decoding and verifying errors.

Security

  • #349: Changed crypto algorithm used by oic.utils.sdb.Crypt for token encryption to Fernet. Old stored tokens are incompatible.
  • #363: Fixed IV reuse for CookieDealer class. Replaced the encrypt-then-mac construction with a proper AEAD (AES-SIV).

0.10.0.0 [2017-03-28]

Changed

  • #291: Testing more relevant Python versions.
  • #296: parse_qs import from future.backports to future.moves.
  • #188: Added future dependency, updated dependecies
  • #305: Some import were removed from oic.oauth2 and oic.oic.provider, please import them from respective modules (oic.oath2.message and oic.exception).

Removed

  • #294: Generating code indices in documentation.

Fixed

  • #295: Access token issuance and typo/exception handling.

0.9.5.0 [2017-03-22]

Added

  • #276: Use a Change log for change history.
  • #277: Use pip-tools for dependency management.

Removed

Changed

  • #273: Allow webfinger accept kwargs.

Fixed

  • #286: Account for missing code in the SessionDB.

0.9.4.0 [2016-12-22]

No change log folks. Sorry.