Next | Query returned 29 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2022-10-25 09:26:58 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-oauthlib: updated to 3.2.2

3.2.2 (2022-10-17)
------------------
OAuth2.0 Provider:
* CVE-2022-36087
   2022-10-19 15:56:34 by Nia Alarie | Files touched by this commit (26)
Log message:
fighting a losing battle against py-cryptography rustification, part 2

Switch users to versioned_dependencies.mk.
   2022-09-13 14:32:55 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-oauthlib: updated to 3.2.1

3.2.1 (2022-09-09)
------------------
OAuth2.0 Provider:
* Metadata endpoint support of non-HTTPS
* CVE-2022-36087

OAuth1.0:
* Allow IPv6 being parsed by signature

General:
* Improved and fixed documentation warnings.
* Cosmetic changes based on isort
   2022-02-06 20:00:51 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-oauthlib: updated to 3.2.0

3.2.0 (2022-01-29)
------------------
OAuth2.0 Client:
* Add Device Authorization Flow for Web Application
* Add PKCE support for Client
* Fallback to none in case of wrong expires_at format.

OAuth2.0 Provider:
* Add support for CORS to metadata endpoint.
* Add support for CORS to token endpoint.
* Remove comma after Bearer in WWW-Authenticate

OAuth2.0 Provider - OIDC:
  * Call save_token in Hybrid code flow
  * OIDC add support of refreshing ID Tokens with `refresh_id_token`
  * The RefreshTokenGrant modifiers now take the same arguments as the
    AuthorizationCodeGrant modifiers (`token`, `token_handler`, `request`).

General:
  * Added Python 3.9, 3.10, 3.11
  * Improve Travis & Coverage
   2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595)
Log message:
*: bump PKGREVISION for egg.mk users

They now have a tool dependency on py-setuptools instead of a DEPENDS
   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2021-06-25 23:00:13 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-oauthlib: updated to 3.1.1

3.1.1 (2021-05-31)
------------------
OAuth2.0 Provider - Bugfixes

  * Fix acceptance of valid IPv6 addresses in URI validation

OAuth2.0 Client - Bugfixes

  * Base OAuth2 Client now has a consistent way of managing the `scope`: it \ 
consistently
    relies on the `scope` provided in the constructor if any, except if \ 
overridden temporarily
    in a method call. Note that in particular providing a non-None `scope` in
    `prepare_authorization_request` or `prepare_refresh_token` does not override \ 
anymore
    `self.scope` forever, it is just used temporarily.
  * MobileApplicationClient.prepare_request_uri and \ 
MobileApplicationClient.parse_request_uri_response,
    ServiceApplicationClient.prepare_request_body,
    and WebApplicationClient.prepare_request_uri now correctly use the default \ 
`scope` provided in
    constructor.
  * LegacyApplicationClient.prepare_request_body now correctly uses the default \ 
`scope` provided in constructor

OAuth2.0 Provider - Bugfixes
  * client_credentials grant: fix log message
  * OpenID Connect Hybrid - fix nonce not passed to add_id_token
  * Different prompt values are now handled according to spec (e.g. prompt=none)
  * OpenID Connect - fix Authorization: Basic parsing

General
  * improved skeleton validator for public vs private client
  * replace mock library with standard unittest.mock
  * build isort integration
  * python2 code removal
  * add python3.8 support
  * bump minimum versions of pyjwt and cryptography
   2021-03-07 18:16:19 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
py-oauthlib: mark as incompatible with Python 2.7
   2019-08-12 09:45:23 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-oauthlib: updated to 3.1.0

3.1.0:

OAuth2.0 Provider - Features
OIDC add support of nonce, c_hash, at_hash fields
New RequestValidator.fill_id_token method
Deprecated RequestValidator.get_id_token method
OIDC add UserInfo endpoint
New RequestValidator.get_userinfo_claims method

OAuth2.0 Provider - Security
Enhance data leak to logs
New default to not expose request content in logs
New function oauthlib.set_debug(True)
Disabling query parameters for POST requests

OAuth2.0 Provider - Bugfixes
Fix validate_authorization_request to return the new PKCE fields
Fix token_type to be case-insensitive (bearer and Bearer)

OAuth2.0 Client - Bugfixes
Fix Authorization Code's errors processing
BackendApplication.Client.prepare_request_body use the "scope" \ 
argument as intended.
Fix edge case when expires_in=Null

OAuth1.0 Client
Add case-insensitive headers to oauth1 BaseEndpoint

Next | Query returned 29 messages, browsing 1 to 10 | Previous