Skip to content

Version 1.1.0

Compare
Choose a tag to compare
@lepture lepture released this 09 Nov 05:13
· 168 commits to master since this release
2a8a226

This release contains breaking changes and security fixes.

  • Allow to pass claims_options to Framework OpenID Connect clients, via #446 by @Galaxy102
  • Fix .stream with context for HTTPX OAuth clients, via #465 by @bjoernmeier
  • Fix Starlette OAuth client for cache store, via #478 by @haggen

Breaking changes:

  • Raise InvalidGrantError for invalid code, redirect_uri and no user errors in OAuth 2.0 server.
  • The default authlib.jose.jwt would only work with JSON Web Signature algorithms, if you would like to use JWT with JWE algorithms, please pass the algorithms parameter:
jwt = JsonWebToken(['A128KW', 'A128GCM', 'DEF'])

Security fixes for JOSE module

  • CVE-2022-39175
  • CVE-2022-39174