Changelog
All notable changes to this project will be documented in this file.
Unreleased
None
0.8.3
2024-12-06
Changed: Improved “OpenID Connect RP-Initiated Logout” implementation.
Fixed: Fix ID Tokens not including standard claims when using extra scope claims.
Fixed: RSA server keys random ordering.
Fixed: Example app working with Django 4.
0.8.2
2023-12-15
Added: Discovery endpoint response caching. Introducing OIDC_DISCOVERY_CACHE_ENABLE.
Fixed: ResponseType data migration.
Fixed: correctly verify PKCE secret in token endpoint.
0.8.1
2023-10-22
Changed: create_token and create_code are now methods on base classes to enable customization.
Changed: extract “is consent skip allowed” decision from the view to the endpoint.
Fixed: race condition in authorization code, parallel requests may reuse same token.
0.8.0
2023-05-05
Changed: now supporting latest versions of Django.
Changed: drop support for Python 2 and Django lower than 3.2.
Added: scope on token and introspection endpoints.
Changed: Use static instead of deprecated staticfiles template tag.
Fixed: example in docs for translatable scopes (ugettext).
0.7.0
2018-10-17
Added: support multiple response types per client.
Added: make version available in code.
Added: token introspection docs.
Changed: drop support for Django versions lower than 1.11.
Changed: create RSA key command. Increment key size to 2048.
Fixed: OIDC_IDTOKEN_INCLUDE_CLAIMS used with custom claims setting.
Fixed: bug in prompt parameter (with space-separated values).
0.6.2
2018-08-03
Added: support introspection on client credentials tokens.
Changed: accept lowercase “bearer” in Authorization header.
Fixed: ScopeClaims class.
Fixed: code is not zip safe.
0.6.1
2018-07-10
Added: token instrospection endpoint support (RFC7662).
Added: request in password grant authenticate call.
Changed: dropping support for Django versions before 1.8.
Changed: pass token and request to OIDC_IDTOKEN_PROCESSING_HOOK.
Fixed: CORS OPTIONS request blocked on userinfo request.
Fixed: settings to support falsy valued overrides.
Fixed: token introspection “aud” and “client_id” response.
Fixed: Token Model str() crashes when using client credentials grant.
0.6.0
2018-04-13
Added: OAuth2 grant_type client_credentials support.
Added: pep8 compliance and checker.
Added: Setting OIDC_IDTOKEN_INCLUDE_CLAIMS supporting claims inside id_token.
Changed: Test suit now uses pytest.
Fixed: Infinite callback loop in the check-session iframe.
0.5.3
2018-03-09
Fixed: Update project to support Django 2.0
0.5.2
2017-08-22
Fixed: infinite login loop if “prompt=login” (#198)
Fixed: Django 2.0 deprecation warnings (#185)
0.5.1
2017-07-11
Changed: Documentation template changed to Read The Docs.
Fixed: install_requires has not longer pinned versions.
Fixed: Removed infinity loop during authorization stage when prompt=login has been send.
Fixed: Changed prompt handling as set of options instead of regular string.
Fixed: Redirect URI must match exactly with given in query parameter.
Fixed: Stored user consent are useful for public clients too.
Fixed: documentation for custom scopes handling.
Fixed: Scopes during refresh and code exchange are being taken from authorization request and not from query parameters.
0.5.0
2017-05-18
Added: signals when user accept/decline the authorization page.
Added: OIDC_AFTER_END_SESSION_HOOK setting for additional business logic.
Added: feature granttype password.
Added: require_consent and reuse_consent are added to Client model.
Changed: OIDC_SKIP_CONSENT_ALWAYS and OIDC_SKIP_CONSENT_ENABLE are removed from settings.
Fixed: timestamps with unixtime (instead of django timezone).
Fixed: field refresh_token cannot be primary key if null.
Fixed: create_uri_exceptions are now being logged at Exception level not DEBUG.
0.4.4
2016-11-29
Fixed: Bug in Session Management middleware when using Python 3.
Fixed: Translations handling.
0.4.3
2016-11-02
Added: Session Management 1.0 support.
Added: post_logout_redirect_uris into admin.
Changed: Package url names.
Changed: Rename /logout/ url to /end-session/.
Fixed: bug when trying authorize with response_type id_token without openid scope.
0.4.2
2016-10-13
Added: support for client redirect URIs with query strings.
Fixed: bug when generating secret_key value using admin.
Changed: client is available to OIDC_EXTRA_SCOPE_CLAIMS implementations via self.client.
Changed: the constructor signature for ScopeClaims has changed, it now is called with the Token as its single argument.
0.4.1
2016-10-03
Changed: update pyjwkest to version 1.3.0.
Changed: use Cryptodome instead of Crypto lib.
0.4.0
2016-09-12
Added: support for Hybrid Flow.
Added: new attributes for Clients: Website url, logo, contact email, terms url.
Added: polish translations.
Added: examples section in documentation.
Fixed: CORS in discovery and userinfo endpoint.
Fixed: client type public bug when created using the admin.
Fixed: missing OIDC_TOKEN_EXPIRE setting on implicit flow.
0.3.7
2016-08-31
Added: support for Django 1.10.
Added: initial translation files (ES, FR).
Added: support for at_hash parameter.
Fixed: empty address dict in userinfo response.
0.3.6
2016-07-07
Changed: OIDC_USERINFO setting.
0.3.5
2016-06-21
Added: field date_given in UserConsent model.
Added: verbose names to all model fields.
Added: customize scopes names and descriptions on authorize template.
Changed: OIDC_EXTRA_SCOPE_CLAIMS setting.
0.3.4
2016-06-10
Changed: Make SITE_URL setting optional.
Fixed: Missing migration.
0.3.3
2016-05-03
Fixed: Important bug with PKCE and form submit in Auth Request.
0.3.2
2016-04-26
Added: choose type of client on creation.
Added: implement Proof Key for Code Exchange by OAuth Public Clients.
Added: support for prompt parameter.
Added: support for different client JWT tokens algorithm.
Fixed: not auto-approve requests for non-confidential clients (publics).
0.3.1
2016-03-09
Fixed: response_type was not being validated (OpenID request).
0.3.0
2016-02-23
Added: support OAuth2 requests.
Added: decorator for protecting views with OAuth2.
Added: setting OIDC_IDTOKEN_PROCESSING_HOOK.
0.2.5
2016-02-03
Added: Setting OIDC_SKIP_CONSENT_ALWAYS.
Changed: Removing OIDC_RSA_KEY_FOLDER setting. Moving RSA Keys to the database.
Changed: Update pyjwkest to version 1.1.0.
Fixed: Nonce parameter missing on the decide form.
Fixed: Set Allow-Origin header to jwks endpoint.
0.2.4
2016-01-20
Added: Auto-generation of client ID and SECRET using the admin.
Added: Validate nonce parameter when using Implicit Flow.
Fixed: generating RSA key by ignoring value of OIDC_RSA_KEY_FOLDER.
Fixed: make OIDC_AFTER_USERLOGIN_HOOK and OIDC_IDTOKEN_SUB_GENERATOR to be lazy imported by the location of the function.
Fixed: problem with a function that generate urls for the /.well-known/openid-configuration/ endpoint.
0.2.3
2016-01-06
Added: Make user and client unique on UserConsent model.
Added: Support for URL’s without end slash.
Changed: Upgrade pyjwkest to version 1.0.8.
Fixed: String format error in models.
Fixed: Redirect to non http urls fail (for Mobile Apps).
0.2.1
2015-10-21
Added: refresh token flow.
Changed: upgrade pyjwkest to version >= 1.0.6.
Fixed: Unicode error in Client model.
Fixed: Bug in creatersakey command (when using Python 3).
Fixed: Bug when updating pyjwkest version.
0.2.0
2015-09-25
Changed: UserInfo model was removed. Now you can add your own model using OIDC_USERINFO setting.
Fixed: ID token does NOT contain kid.
0.1.2
2015-08-04
Added: add token_endpoint_auth_methods_supported to discovery.
Fixed: missing commands folder in setup file.
0.1.1
2015-07-31
Added: sending access_token as query string parameter in UserInfo Endpoint.
Added: support HTTP Basic client authentication.
Changed: use models setting instead of User.
Fixed: in python 2: “aud” and “nonce” parameters didn’t appear in id_token.
0.1.0
2015-07-17
Added: now id tokens are signed/encrypted with RS256.
Added: command for easily generate random RSA key.
Added: jwks uri to discovery endpoint.
Added: id_token_signing_alg_values_supported to discovery endpoint.
Fixed: nonce support for both Code and Implicit flow.
0.0.7
2015-07-06
Added: support for Python 3.
Added: way of remember user consent and skipt it (OIDC_SKIP_CONSENT_ENABLE).
Added: setting OIDC_SKIP_CONSENT_EXPIRE.
Changed: now OIDC_EXTRA_SCOPE_CLAIMS must be a string, to be lazy imported.
0.0.6
2015-06-16
Added: better naming for models in the admin.
Changed: now tests run without the need of a project configured.
Fixed: error when returning address_formatted claim.
0.0.5
2015-05-09
Added: support for Django 1.8.
Fixed: validation of scope in UserInfo endpoint.
0.0.4
2015-04-22
Added: initial migrations.
Fixed: important bug with id_token when using implicit flow.
Fixed: validate Code expiration in Auth Code Flow.
Fixed: validate Access Token expiration in UserInfo endpoint.
0.0.3
2015-04-15
Added: normalize gender field in UserInfo.
Changed: make address_formatted a property inside UserInfo.
Fixed: important bug in claims response.
0.0.2
2015-03-26
Added: setting OIDC_AFTER_USERLOGIN_HOOK.
Fixed: tests failing because an incorrect tag in one template.
0.0.1
2015-03-13
Added: provider Configuration Information endpoint.
Added: setting OIDC_IDTOKEN_SUB_GENERATOR.
Changed: now use setup in OIDC_EXTRA_SCOPE_CLAIMS setting.
0.0.0
2015-02-26