Path to this page:
./
security/py-authlib,
Ultimate Python library in building OAuth and OpenID Connect servers
Branch: CURRENT,
Version: 1.3.2,
Package name: py312-authlib-1.3.2,
Maintainer: pkgsrc-usersOAuth often seems complicated and difficult-to-implement. There are several
prominent libraries for handling OAuth requests, but they all suffer from one
or both of the following:
* They predate the OAuth 1.0 spec, AKA RFC 5849.
* They predate the OAuth 2.0 spec, AKA RFC 6749.
* They assume the usage of a specific HTTP request library.
OAuthLib is a generic utility which implements the logic of OAuth without
assuming a specific HTTP request object or web framework. Use it to graft OAuth
client support onto your favorite HTTP library, or provider support onto your
favourite web framework. If you're a maintainer of such a library, write a thin
veneer on top of OAuthLib and get OAuth support for very little effort.
Required to run:[
devel/py-setuptools] [
security/py-cryptography] [
lang/python37]
Required to build:[
pkgtools/cwrappers]
Master sites:
Filesize: 143.86 KB
Version history: (Expand)
- (2024-08-26) Updated to version: py312-authlib-1.3.2
- (2024-06-07) Updated to version: py311-authlib-1.3.1
- (2024-01-05) Updated to version: py311-authlib-1.3.0
- (2023-06-27) Updated to version: py310-authlib-1.2.1
- (2022-12-09) Updated to version: py310-authlib-1.2.0
- (2022-10-14) Updated to version: py310-authlib-1.1.0
CVS history: (Expand)
2024-11-11 08:29:31 by Thomas Klausner | Files touched by this commit (862) |
Log message:
py-*: remove unused tool dependency
py-setuptools includes the py-wheel functionality nowadays
|
2024-08-26 16:55:44 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-authlib: updated to 1.3.2
Version 1.3.2
Prevent ever-growing session size for OAuth clients.
Revert quote client id and secret.
unquote basic auth header for authorization server.
|
2024-06-07 22:54:53 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-authlib: updated to 1.3.1
1.3.1
Prevent OctKey to import ssh and PEM strings.
|
2024-01-05 13:10:46 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
py-authlib: updated to 1.3.0
Version 1.3.0
Bug fixes
Restore AuthorizationServer.create_authorization_response behavior
Include leeway in validate_iat() for JWT
Fix encode_client_secret_basic
Use single key in JWK if JWS does not specify kid
Fix error when RFC9068 JWS has no scope field
Get werkzeug version using importlib
Breaking changes
RFC9068 implementation
|
2023-06-27 13:44:54 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
py-authlib: updated to 1.2.1
Version 1.2.1
Released on Jun 25, 2023
Apply headers in ClientSecretJWT.sign method
Allow falsy but non-None grant uri params
Fixed authorize_redirect for Starlette v0.26.0
Removed has_client_secret method and documentation
Removed request_invalid and token_revoked remaining occurences and documentation
Fixed RFC7591 grant_types and response_types default values
|
2022-12-09 12:20:02 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-authlib: updated to 1.2.0
Version 1.2.0
Not passing request.body to ResourceProtector
Use flask.g instead of _app_ctx_stack
Add headers parameter back to ClientSecretJWT
Always passing realm parameter in OAuth 1 clients
Implemented RFC7592 Dynamic Client Registration Management Protocol
Add default_timeout for requests OAuth2Session and AssertionSession.
Deprecate jwk.loads and jwk.dumps
|
2022-10-14 11:06:36 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
py-authlib: updated to 1.1.0
Version 1.1.0
This release contains breaking changes and security fixes.
Allow to pass claims_options to Framework OpenID Connect clients.
Fix .stream with context for HTTPX OAuth clients.
Fix Starlette OAuth client for cache store.
Breaking changes:
Raise InvalidGrantError for invalid code, redirect_uri and no user errors in \
OAuth 2.0 server.
The default authlib.jose.jwt would only work with JSON Web Signature algorithms, \
if you would like to use JWT with JWE algorithms, please pass the algorithms \
parameter:
jwt = JsonWebToken(['A128KW', 'A128GCM', 'DEF'])
Security fixes: CVE-2022-39175 and CVE-2022-39174, both related to JOSE.
Version 1.0.1
Fix authenticate_none method.
Allow to pass in alternative signing algorithm to RFC7523 authentication methods.
Fix missing_token for Flask OAuth client.
Allow openid in any place of the scope.
Security fix for validating essential value on blank value in JWT.
Version 1.0.0
We have dropped support for Python 2 in this release. We have removed built-in \
SQLAlchemy integration.
OAuth Client Changes:
The whole framework client integrations have been restructured, if you are using \
the client properly, e.g. oauth.register(...), it would work as before.
OAuth Provider Changes:
In Flask OAuth 2.0 provider, we have removed the deprecated OAUTH2_JWT_XXX \
configuration, instead, developers should define .get_jwt_config on OpenID \
extensions and grant types.
SQLAlchemy integrations has been removed from Authlib. Developers should define \
the database by themselves.
JOSE Changes
JWS has been renamed to JsonWebSignature
JWE has been renamed to JsonWebEncryption
JWK has been renamed to JsonWebKey
JWT has been renamed to JsonWebToken
The "Key" model has been re-designed, checkout the :ref:`jwk_guide` \
for updates.
Added ES256K algorithm for JWS and JWT.
|
2022-04-21 13:00:02 by Thomas Klausner | Files touched by this commit (18) |
Log message:
*: convert to versioned_dependencies for py-cryptography
|