Update dependency django-oauth-toolkit to v3
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
django-oauth-toolkit | dependencies | major |
^2.0.0 -> ^3.0.0
|
Release Notes
jazzband/django-oauth-toolkit
v3.0.1
Fixed
- #1491 Fix migration error when there are pre-existing Access Tokens.
v3.0.0
WARNING - POTENTIAL BREAKING CHANGES
- Changes to the
AbstractAccessToken
model require doing amanage.py migrate
after upgrading. - If you use swappable models you will need to make sure your custom models are also updated (usually
manage.py makemigrations
). - Old Django versions below 4.2 are no longer supported.
- A few deprecations warned about in 2.4.0 (#1345) have been removed. See below.
Added
- #1366 Add Docker containerized apps for testing IDP and RP.
-
#1454 Added compatibility with
LoginRequiredMiddleware
introduced in Django 5.1.
Changed
- Many documentation and project internals improvements.
-
#1446 Use generic models
pk
instead ofid
. This enables, for example, custom swapped models to have a different primary key field. -
#1447 Update token to TextField from CharField. Removing the 255 character limit enables supporting JWT tokens with additional claims.
This adds a SHA-256
token_checksum
field that is used to validate tokens. - #1450 Transactions wrapping writes of the Tokens now rely on Django's database routers to determine the correct database to use instead of assuming that 'default' is the correct one.
- #1455 Changed minimum supported Django version to >=4.2.
Removed
-
#1425 Remove deprecated
RedirectURIValidator
,WildcardSet
per #1345;validate_logout_request
per #1274
Fixed
- #1444, #1476 Fix several 500 errors to instead raise appropriate errors.
-
#1469 Fix
ui_locales
request parameter triggersAttributeError
under certain circumstances
Security
-
#1452 Add a new setting
REFRESH_TOKEN_REUSE_MROTECTION
. In combination withROTATE_REFRESH_TOKEN
, this prevents refresh tokens from being used more than once. See more at OAuth 2.0 Security Best Current Practice - #1481 Bump oauthlib version required to 3.2.2 and above to address CVE-2022-36087.
Configuration
-
If you want to rebase/retry this MR, click this checkbox.
This MR has been generated by Renovate Bot.
Edited by Tine Wittler