Version 1.1.0
This release contains breaking changes and security fixes.
- Allow to pass
claims_options
to Framework OpenID Connect clients, via #446 by @Galaxy102 - Fix
.stream
with context for HTTPX OAuth clients, via #465 by @bjoernmeier - Fix Starlette OAuth client for cache store, via #478 by @haggen
Breaking changes:
- Raise
InvalidGrantError
for invalid code, redirect_uri and no user errors in OAuth 2.0 server. - The default
authlib.jose.jwt
would only work with JSON Web Signature algorithms, if you would like to use JWT with JWE algorithms, please pass the algorithms parameter:
jwt = JsonWebToken(['A128KW', 'A128GCM', 'DEF'])
Security fixes for JOSE module
- CVE-2022-39175
- CVE-2022-39174