pkgsrc.se | The NetBSD package collection

./security/py-oauthlib, Generic implementation of the OAuth request-signing logic

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 3.2.2, Package name: py310-oauthlib-3.2.2, Maintainer: imil

OAuth often seems complicated and difficult-to-implement. There are several
prominent libraries for handling OAuth requests, but they all suffer from one
or both of the following:

* They predate the OAuth 1.0 spec, AKA RFC 5849.
* They predate the OAuth 2.0 spec, AKA RFC 6749.
* They assume the usage of a specific HTTP request library.

OAuthLib is a generic utility which implements the logic of OAuth without
assuming a specific HTTP request object or web framework. Use it to graft OAuth
client support onto your favorite HTTP library, or provider support onto your
favourite web framework. If you're a maintainer of such a library, write a thin
veneer on top of OAuthLib and get OAuth support for very little effort.

Required to run:
[devel/py-setuptools] [devel/py-blinker] [security/py-cryptography] [textproc/py-JWT] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

https://files.pythonhosted.org/packages/source/o/oauthlib/ (Download)

Filesize: 173.195 KB

Version history: (Expand)

(2022-10-25) Updated to version: py310-oauthlib-3.2.2
(2022-09-13) Updated to version: py310-oauthlib-3.2.1
(2022-02-06) Updated to version: py39-oauthlib-3.2.0
(2022-01-05) Updated to version: py39-oauthlib-3.1.1nb1
(2021-10-07) Updated to version: py39-oauthlib-3.1.1
(2021-06-26) Updated to version: py38-oauthlib-3.1.1

CVS history: (Expand)

2022-10-25 09:26:58 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-oauthlib: updated to 3.2.2

3.2.2 (2022-10-17)
------------------
OAuth2.0 Provider:
* CVE-2022-36087

2022-10-19 15:56:34 by Nia Alarie | Files touched by this commit (26)

Log message:
fighting a losing battle against py-cryptography rustification, part 2

Switch users to versioned_dependencies.mk.

2022-09-13 14:32:55 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-oauthlib: updated to 3.2.1

3.2.1 (2022-09-09)
------------------
OAuth2.0 Provider:
* Metadata endpoint support of non-HTTPS
* CVE-2022-36087

OAuth1.0:
* Allow IPv6 being parsed by signature

General:
* Improved and fixed documentation warnings.
* Cosmetic changes based on isort

2022-02-06 20:00:51 by Adam Ciarcinski | Files touched by this commit (3) | Package updated

Log message:
py-oauthlib: updated to 3.2.0

3.2.0 (2022-01-29)
------------------
OAuth2.0 Client:
* Add Device Authorization Flow for Web Application
* Add PKCE support for Client
* Fallback to none in case of wrong expires_at format.

OAuth2.0 Provider:
* Add support for CORS to metadata endpoint.
* Add support for CORS to token endpoint.
* Remove comma after Bearer in WWW-Authenticate

OAuth2.0 Provider - OIDC:
  * Call save_token in Hybrid code flow
  * OIDC add support of refreshing ID Tokens with `refresh_id_token`
  * The RefreshTokenGrant modifiers now take the same arguments as the
    AuthorizationCodeGrant modifiers (`token`, `token_handler`, `request`).

General:
  * Added Python 3.9, 3.10, 3.11
  * Improve Travis & Coverage

2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595)

Log message:
*: bump PKGREVISION for egg.mk users

They now have a tool dependency on py-setuptools instead of a DEPENDS

2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)

Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2

2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)

Log message:
security: Remove SHA1 hashes for distfiles

2021-06-25 23:00:13 by Adam Ciarcinski | Files touched by this commit (3) | Package updated

Log message:
py-oauthlib: updated to 3.1.1

3.1.1 (2021-05-31)
------------------
OAuth2.0 Provider - Bugfixes

  * Fix acceptance of valid IPv6 addresses in URI validation

OAuth2.0 Client - Bugfixes

  * Base OAuth2 Client now has a consistent way of managing the `scope`: it \ 
consistently
    relies on the `scope` provided in the constructor if any, except if \ 
overridden temporarily
    in a method call. Note that in particular providing a non-None `scope` in
    `prepare_authorization_request` or `prepare_refresh_token` does not override \ 
anymore
    `self.scope` forever, it is just used temporarily.
  * MobileApplicationClient.prepare_request_uri and \ 
MobileApplicationClient.parse_request_uri_response,
    ServiceApplicationClient.prepare_request_body,
    and WebApplicationClient.prepare_request_uri now correctly use the default \ 
`scope` provided in
    constructor.
  * LegacyApplicationClient.prepare_request_body now correctly uses the default \ 
`scope` provided in constructor

OAuth2.0 Provider - Bugfixes
  * client_credentials grant: fix log message
  * OpenID Connect Hybrid - fix nonce not passed to add_id_token
  * Different prompt values are now handled according to spec (e.g. prompt=none)
  * OpenID Connect - fix Authorization: Basic parsing

General
  * improved skeleton validator for public vs private client
  * replace mock library with standard unittest.mock
  * build isort integration
  * python2 code removal
  * add python3.8 support
  * bump minimum versions of pyjwt and cryptography