diff options
author | Ib Lundgren <ib.lundgren@gmail.com> | 2014-10-23 19:40:48 +0100 |
---|---|---|
committer | Ib Lundgren <ib.lundgren@gmail.com> | 2014-10-23 19:40:48 +0100 |
commit | 62ee76f22e8b0a53b2eda4a88e2891ed6578083b (patch) | |
tree | 881da90c152b0afd7dd1d3a81070a44f0217c7dd /CHANGELOG.rst | |
parent | e4a27e70d9855d42112016c62afbb1c82fd35fd6 (diff) | |
download | oauthlib-62ee76f22e8b0a53b2eda4a88e2891ed6578083b.tar.gz |
Move changelog into its own file.
Diffstat (limited to 'CHANGELOG.rst')
-rw-r--r-- | CHANGELOG.rst | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst new file mode 100644 index 0000000..29aeadf --- /dev/null +++ b/CHANGELOG.rst @@ -0,0 +1,125 @@ +Changelog +========= + +0.7.0: + +* (Change) OAuth2 clients will not raise a Warning on scope change if + the environment variable ``OAUTHLIB_RELAX_TOKEN_SCOPE`` is set. The token + will now be available as an attribute on the error, ``error.token``. + Token changes will now also be announced using blinker. +* (Fix/Feature) Automatic fixes of non-compliant OAuth2 provider responses (e.g. Facebook). +* (Fix) Logging is now tiered (per file) as opposed to logging all under ``oauthlib``. +* (Fix) Error messages should now include a description in their message. +* (Fix/Feature) Optional support for jsonp callbacks after token revocation. +* (Feature) Client side preparation of OAuth 2 token revocation requests. +* (Feature) New OAuth2 client API methods for preparing full requests. +* (Feature) OAuth1 SignatureOnlyEndpoint that only verifies signatures and client IDs. +* (Fix/Feature) Refresh token grant now allow optional refresh tokens. +* (Fix) add missing state param to OAuth2 errors. +* (Fix) add_params_to_uri now properly parse fragment. +* (Fix/Feature) All OAuth1 errors can now be imported from oauthlib.oauth1. +* (Fix/Security) OAuth2 logs will now strip client provided password, if present. +* Allow unescaped @ in urlencoded parameters. + +0.6.3: Quick fix. OAuth 1 client repr in 0.6.2 overwrote secrets when + scrubbing for print. + +0.6.2: + +* Numerous OAuth2 provider errors now suggest a status code of 401 instead + of 400 (#247. + +* Added support for JSON web tokens with oauthlib.common.generate_signed_token. + Install extra dependency with oauthlib[signedtoken] (#237). + +* OAuth2 scopes can be arbitrary objects with __str__ defined (#240). + +* OAuth 1 Clients can now register custom signature methods (#239). + +* Exposed new method oauthlib.oauth2.is_secure_transport that checks whether + the given URL is HTTPS. Checks using this method can be disabled by setting + the environment variable OAUTHLIB_INSECURE_TRANSPORT (#249). + +* OAuth1 clients now has __repr__ and will be printed with secrets scrubbed. + +* OAuth1 Client.get_oauth_params now takes an oauthlib.Request as an argument. + +* urldecode will now raise a much more informative error message on + incorrectly encoded strings. + +* Plenty of typo and other doc fixes. + +0.6.1: Draft revocation endpoint features and numerous fixes including + +* (OAuth 2 Provider) is_within_original_scope to check whether a refresh token + is trying to aquire a new set of scopes that are a subset of the original scope. + +* (OAuth 2 Provider) expires_in token lifetime can be set per request. + +* (OAuth 2 Provider) client_authentication_required method added to differentiate + between public and confidential clients. + +* (OAuth 2 Provider) rotate_refresh_token now indicates whether a new refresh + token should be generated during token refresh or if old should be kept. + +* (OAuth 2 Provider) returned JSON headers no longer include charset. + +* (OAuth 2 Provider) validate_authorizatoin_request now also includes the + internal request object in the returned dictionary. Note that this is + not meant to be relied upon heavily and its interface might change. + +* and many style and typo fixes. + +0.6.0: OAuth 1 & 2 provider API refactor with breaking changes + +* All endpoint methods change contract to return 3 values instead of 4. The new + signature is `headers`, `body`, `status code` where the initial `redirect_uri` + has been relocated to its rightful place inside headers as `Location`. + +* OAuth 1 Access Token Endpoint has a new required validator method + `invalidate_request_token`. + +* OAuth 1 Authorization Endpoint now returns a 200 response instead of 302 on + `oob` callbacks. + +0.5.1: OAuth 1 provider fix for incorrect token param in nonce validation. + +0.5.0: OAuth 1 provider refactor. OAuth 2 refresh token validation fix. + +0.4.2: OAuth 2 draft to RFC. Removed OAuth 2 framework decorators. + +0.4.1: Documentation corrections and various small code fixes. + +0.4.0: OAuth 2 Provider support (experimental). + +0.3.8: OAuth 2 Client now uses custom errors and raise on expire + +0.3.7: OAuth 1 optional encoding of Client.sign return values + +0.3.6: Revert default urlencoding. + +0.3.5: Default unicode conversion (utf-8) and urlencoding of input. + +0.3.4: A number of small features and bug fixes. + +0.3.3: OAuth 1 Provider verify now return useful params + +0.3.2: Fixed #62, all Python 3 tests pass. + +0.3.1: Python 3.1, 3.2, 3.3 support (experimental) + +0.3.0: Initial OAuth 2 client support + +0.2.1: Exclude non urlencoded bodies during request verification + +0.2.0: OAuth provider support + +0.1.4: soft dependency on PyCrypto + +0.1.3: use python-rsa instead of pycrypto. + +0.1.1 / 0.1.2: Fix installation of pycrypto dependency. + +0.1.0: OAuth 1 client functionality seems to be working. Hooray! + +0.0.x: In the beginning, there was the word. |