Update dependency django-oauth-toolkit to v3

This MR contains the following updates:

Package	Type	Update	Change
django-oauth-toolkit	dependencies	major	^2.0.0 -> ^3.0.0

---

Release Notes

jazzband/django-oauth-toolkit

v3.0.1

Compare Source

Fixed

• #​1491 Fix migration error when there are pre-existing Access Tokens.

v3.0.0

Compare Source

WARNING - POTENTIAL BREAKING CHANGES

• Changes to the AbstractAccessToken model require doing a manage.py migrate after upgrading.
• If you use swappable models you will need to make sure your custom models are also updated (usually manage.py makemigrations).
• Old Django versions below 4.2 are no longer supported.
• A few deprecations warned about in 2.4.0 (#​1345) have been removed. See below.

Added

• #​1366 Add Docker containerized apps for testing IDP and RP.
• #​1454 Added compatibility with LoginRequiredMiddleware introduced in Django 5.1.

Changed

• Many documentation and project internals improvements.
• #​1446 Use generic models pk instead of id. This enables, for example, custom swapped models to have a different primary key field.
• #​1447 Update token to TextField from CharField. Removing the 255 character limit enables supporting JWT tokens with additional claims. This adds a SHA-256 token_checksum field that is used to validate tokens.
• #​1450 Transactions wrapping writes of the Tokens now rely on Django's database routers to determine the correct database to use instead of assuming that 'default' is the correct one.
• #​1455 Changed minimum supported Django version to >=4.2.

Removed

• #​1425 Remove deprecated RedirectURIValidator, WildcardSet per #​1345; validate_logout_request per #​1274

Fixed

• #​1444, #​1476 Fix several 500 errors to instead raise appropriate errors.
• #​1469 Fix ui_locales request parameter triggers AttributeError under certain circumstances

Security

• #​1452 Add a new setting REFRESH_TOKEN_REUSE_MROTECTION. In combination with ROTATE_REFRESH_TOKEN, this prevents refresh tokens from being used more than once. See more at OAuth 2.0 Security Best Current Practice
• #​1481 Bump oauthlib version required to 3.2.2 and above to address CVE-2022-36087.

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, click this checkbox.

---

This MR has been generated by Renovate Bot.