./security/py-oauthlib, Generic implementation of the OAuth request-signing logic

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.1.0, Package name: py37-oauthlib-3.1.0, Maintainer: imil

OAuth often seems complicated and difficult-to-implement. There are several
prominent libraries for handling OAuth requests, but they all suffer from one
or both of the following:

* They predate the OAuth 1.0 spec, AKA RFC 5849.
* They predate the OAuth 2.0 spec, AKA RFC 6749.
* They assume the usage of a specific HTTP request library.

OAuthLib is a generic utility which implements the logic of OAuth without
assuming a specific HTTP request object or web framework. Use it to graft OAuth
client support onto your favorite HTTP library, or provider support onto your
favourite web framework. If you're a maintainer of such a library, write a thin
veneer on top of OAuthLib and get OAuth support for very little effort.


Required to run:
[devel/py-setuptools] [devel/py-blinker] [security/py-cryptography] [textproc/py-JWT] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: a61703d89f11dd35ec76dd8097aa8ce3a5373e00
RMD160: 9f860862bed7fda84d53f2882cef33dc15133dc8
Filesize: 151.721 KB

Version history: (Expand)


CVS history: (Expand)


   2019-08-12 09:45:23 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-oauthlib: updated to 3.1.0

3.1.0:

OAuth2.0 Provider - Features
OIDC add support of nonce, c_hash, at_hash fields
New RequestValidator.fill_id_token method
Deprecated RequestValidator.get_id_token method
OIDC add UserInfo endpoint
New RequestValidator.get_userinfo_claims method

OAuth2.0 Provider - Security
Enhance data leak to logs
New default to not expose request content in logs
New function oauthlib.set_debug(True)
Disabling query parameters for POST requests

OAuth2.0 Provider - Bugfixes
Fix validate_authorization_request to return the new PKCE fields
Fix token_type to be case-insensitive (bearer and Bearer)

OAuth2.0 Client - Bugfixes
Fix Authorization Code's errors processing
BackendApplication.Client.prepare_request_body use the "scope" \ 
argument as intended.
Fix edge case when expires_in=Null

OAuth1.0 Client
Add case-insensitive headers to oauth1 BaseEndpoint
   2019-07-07 00:44:47 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-oauthlib: updated to 3.0.2

3.0.2:
* Fixed space encoding in base string URI used in the signature base string.
* Fixed OIDC /token response which wrongly returned "&state=None"
* Doc: The value `state` must not be stored by the AS, only returned in \ 
/authorize response.
* Fixed OIDC "nonce" checks: raise errors when it's mandatory
   2019-01-25 13:28:32 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-oauthlib: updated to 3.0.1

3.0.1:
Fixed Revocation & Introspection Endpoints when using Client Authentication \ 
with HTTP Basic Auth.
   2019-01-16 10:36:21 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-oauthlib: updated to 3.0.0

3.0.0 (2019-01-01)

OAuth2.0 Provider - outstanding Features
OpenID Connect Core support
RFC7662 Introspect support
RFC8414 OAuth2.0 Authorization Server Metadata support
RFC7636 PKCE support

OAuth2.0 Provider - API/Breaking Changes
Add "request" to confirm_redirect_uri
confirm_redirect_uri/get_default_redirect_uri has a bit changed
invalid_client is now a FatalError
Changed errors status code from 401 to 400:
invalid_grant:
invalid_scope:
access_denied/unauthorized_client/consent_required/login_required
401 must have WWW-Authenticate HTTP Header set

OAuth2.0 Provider - Bugfixes
empty scopes no longer raise exceptions for implicit and authorization_code

OAuth2.0 Client - Bugfixes / Changes:
expires_in in Implicit flow is now an integer
expires is no longer overriding expires_in
parse_request_uri_response is now required
Unknown error=xxx raised by OAuth2 providers was not understood
OAuth2's prepare_token_request supports sending an empty string for client_id
OAuth2's WebApplicationClient.prepare_request_body was refactored to better \ 
support sending or omitting the client_id via a new include_client_id kwarg. By \ 
default this is included. The method will also emit a DeprecationWarning if a \ 
client_id parameter is submitted; the already configured self.client_id is the \ 
preferred option.

OAuth1.0 Client:
Support for HMAC-SHA256

General fixes:
$ and ' are allowed to be unencoded in query strings
Request attributes are no longer overriden by HTTP Headers
Removed unnecessary code for handling python2.6
Add support of python3.7
Several minors updates to setup.py and tox
Set pytest as the default unittest framework
   2018-05-27 14:24:56 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
py-oauthlib: update to 2.1.0.

2.1.0 (2018-05-21)
------------------

* Fixed some copy and paste typos (#535)
* Use secrets module in Python 3.6 and later (#533)
* Add request argument to confirm_redirect_uri (#504)
* Avoid populating spurious token credentials (#542)
* Make populate attributes API public (#546)
   2018-04-03 13:00:16 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
py-oauthlib: changed LICENSE to modified-bsd
   2018-04-03 12:02:50 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-oauthlib: updated to 2.0.7

2.0.7:
Moved oauthlib into new organization on GitHub.
Include license file in the generated wheel package.
When deploying a release to PyPI, include the wheel distribution.
Check access token in self.token dict.
Added bottle-oauthlib to docs.
Update repository location in Travis.
Updated docs for organization change.
Replace G+ with Gitter.
Update requirements.
Add shields for Python versions, license and RTD.
Fix ReadTheDocs build
Fixed "make" command to test upstream with local oauthlib.
Replace IRC notification with Gitter Hook.
Added Github Releases deploy provider.
   2017-10-22 22:29:56 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-oauthlib: update to 2.0.6

2.0.6:
* 2.0.5 contains breaking changes.