Changelog for
python311-oauthlib-3.2.2-slfo.1.1.3.noarch.rpm :
* Fri Apr 21 2023 dmuellerAATTsuse.com- add sle15_python_module_pythons (jsc#PED-68)
* Thu Apr 13 2023 mceplAATTsuse.com- Make calling of %{sle15modernpython} optional.
* Sat Oct 22 2022 arunAATTgmx.de- update to version 3.2.2:
* OAuth2.0 Provider:
* CVE-2022-36087- Also remove the conditional definition of python_module.
* Mon Sep 12 2022 arunAATTgmx.de- specfile:
* update requirements- update to version 3.2.1:
* OAuth2.0 Provider:
* #803: Metadata endpoint support of non-HTTPS
* CVE-2022-36087, bugzilla # 1203333
* OAuth1.0:
* #818: Allow IPv6 being parsed by signature
* General:
* Improved and fixed documentation warnings.
* Cosmetic changes based on isort
* Thu Feb 03 2022 arunAATTgmx.de- specfile:
* update copyright year- update to version 3.2.0:
* OAuth2.0 Client:
* #795: Add Device Authorization Flow for Web Application
* #786: Add PKCE support for Client
* #783: Fallback to none in case of wrong expires_at format.
* OAuth2.0 Provider:
* #790: Add support for CORS to metadata endpoint.
* #791: Add support for CORS to token endpoint.
* #787: Remove comma after Bearer in WWW-Authenticate
* OAuth2.0 Provider - OIDC: + #755: Call save_token in Hybrid code flow + #751: OIDC add support of refreshing ID Tokens with refresh_id_token + #751: The RefreshTokenGrant modifiers now take the same arguments as the AuthorizationCodeGrant modifiers (token, token_handler, request).
* General: + Added Python 3.9, 3.10, 3.11 + Improve Travis & Coverage
* Sun Jun 06 2021 dmuellerAATTsuse.com- update to 3.1.1:
* #753: Fix acceptance of valid IPv6 addresses in URI validation
* #730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently relies on the `scope` provided in the constructor if any, except if overridden temporarily in a method call. Note that in particular providing a non-None `scope` in `prepare_authorization_request` or `prepare_refresh_token` does not override anymore `self.scope` forever, it is just used temporarily.
* #726: MobileApplicationClient.prepare_request_uri and MobileApplicationClient.parse_request_uri_response, ServiceApplicationClient.prepare_request_body, and WebApplicationClient.prepare_request_uri now correctly use the default `scope` provided in constructor.
* #725: LegacyApplicationClient.prepare_request_body now correctly uses the default `scope` provided in constructor
* #711: client_credentials grant: fix log message
* #746: OpenID Connect Hybrid - fix nonce not passed to add_id_token
* #756: Different prompt values are now handled according to spec (e.g. prompt=none)
* #759: OpenID Connect - fix Authorization: Basic parsing
* #716: improved skeleton validator for public vs private client
* #720: replace mock library with standard unittest.mock
* #727: build isort integration
* #734: python2 code removal
* #735, #750: add python3.8 support
* #749: bump minimum versions of pyjwt and cryptography- drop o_switch_to_unitest_mock.patch (upstream)
* Tue May 25 2021 pgajdosAATTsuse.com- %check: use %pyunittest rpm macro
* Thu Sep 24 2020 hpjAATTurpla.net- Fix patch numbering
* Wed Apr 29 2020 adrian.glaubitzAATTsuse.com- Add patch to switch from external mock to unittest.mock + o_switch_to_unitest_mock.patch
* Wed Sep 11 2019 tchvatalAATTsuse.com- Update to 3.1.0:
* OAuth2.0 Provider - Features
* #660: OIDC add support of nonce, c_hash, at_hash fields
* #677: OIDC add UserInfo endpoint - New RequestValidator.get_userinfo_claims method
* #666: Disabling query parameters for POST requests
* Sun Jul 21 2019 arunAATTgmx.de- specfile:
* be more specific in %files section- update to version 3.0.2:
* #650: Fixed space encoding in base string URI used in the signature base string.
* #652: Fixed OIDC /token response which wrongly returned \"&state=None\"
* #654: Doc: The value state must not be stored by the AS, only returned in /authorize response.
* #656: Fixed OIDC \"nonce\" checks: raise errors when it\'s mandatory
* Sun Feb 17 2019 jayvdbAATTgmail.com- Update to version 3.0.1
* Fixed regression introduced in 3.0.0 + Fixed Revocation & Introspection Endpoints when using Client Authentication with HTTP Basic Auth.- from 3.0.0
* General fixes: + Add support of python3.7 + $ and \' are allowed to be unencoded in query strings + Request attributes are no longer overriden by HTTP Headers + Removed unnecessary code for handling python2.6 + Several minors updates to setup.py and tox + Set pytest as the default unittest framework
* OAuth2.0 Provider - outstanding Features + OpenID Connect Core support + RFC7662 Introspect support + RFC8414 OAuth2.0 Authorization Server Metadata support + RFC7636 PKCE support
* OAuth2.0 Provider - API/Breaking Changes + Add \"request\" to confirm_redirect_uri + confirm_redirect_uri/get_default_redirect_uri has a bit changed + invalid_client is now a FatalError + Changed errors status code from 401 to 400: - invalid_grant: - invalid_scope: - access_denied/unauthorized_client/consent_required/login_required - 401 must have WWW-Authenticate HTTP Header set.
* OAuth2.0 Provider - Bugfixes + empty scopes no longer raise exceptions for implicit and authorization_code
* OAuth2.0 Client - Bugfixes / Changes: + expires_in in Implicit flow is now an integer + expires is no longer overriding expires_in + parse_request_uri_response is now required + Unknown error=xxx raised by OAuth2 providers was not understood + OAuth2\'s `prepare_token_request` supports sending an empty string for `client_id` + OAuth2\'s `WebApplicationClient.prepare_request_body` was refactored to better support sending or omitting the `client_id` via a new `include_client_id` kwarg. By default this is included. The method will also emit a DeprecationWarning if a `client_id` parameter is submitted; the already configured `self.client_id` is the preferred option.
* OAuth1.0 Client: + Support for HMAC-SHA256- Removed remove_unittest2.patch made redundant by v3.0.1- Set minumum version of python-PyJWT >= 1.0.0
* Tue Dec 04 2018 mceplAATTsuse.com- Remove superfluous devel dependency for noarch package
* Mon Aug 13 2018 mceplAATTsuse.comRemove dependency on unittest2 Add remove_unittest2.patch to facilitate that
* Wed May 23 2018 arunAATTgmx.de- specfile:
* fix fdupes call for single-spec- update to version 2.1.0:
* Fixed some copy and paste typos (#535)
* Use secrets module in Python 3.6 and later (#533)
* Add request argument to confirm_redirect_uri (#504)
* Avoid populating spurious token credentials (#542)
* Make populate attributes API public (#546)
* Mon Mar 26 2018 arunAATTgmx.de- specfile:
* ran spec-cleaner
* Sat Mar 24 2018 arunAATTgmx.de- specfile:
* update copyright year
* updated url- update to version 2.0.7:
* Moved oauthlib into new organization on GitHub.
* Include license file in the generated wheel package. (#494)
* When deploying a release to PyPI, include the wheel distribution. (#496)
* Check access token in self.token dict. (#500)
* Added bottle-oauthlib to docs. (#509)
* Update repository location in Travis. (#514)
* Updated docs for organization change. (#515)
* Replace G+ with Gitter. (#517)
* Update requirements. (#518)
* Add shields for Python versions, license and RTD. (#520)
* Fix ReadTheDocs build (#521).
* Fixed \"make\" command to test upstream with local oauthlib. (#522)
* Replace IRC notification with Gitter Hook. (#523)
* Added Github Releases deploy provider. (#523)
* Sat Oct 21 2017 arunAATTgmx.de- update to version 2.0.6:
* 2.0.5 contains breaking changes.
* Fri Oct 20 2017 arunAATTgmx.de- update to version 2.0.5:
* Fix OAuth2Error.response_mode for #463.
* Documentation improvement.
* Mon Sep 25 2017 arunAATTgmx.de- update to version 2.0.4:
* Fixed typo that caused OAuthlib to crash because of the fix in \"Address missing OIDC errors and fix a typo in the AccountSelectionRequired exception\".- changes from version 2.0.3:
* Address missing OIDC errors and fix a typo in the AccountSelectionRequired exception.
* Update proxy keys on CaseInsensitiveDict.update().
* Redirect errors according to OIDC\'s response_mode.
* Added universal wheel support.
* Added log statements to except clauses.
* According to RC7009 Section 2.1, a client should include authentication credentials when revoking its tokens. As discussed in #339, this is not make sense for public clients. However, in that case, the public client should still be checked that is infact a public client (authenticate_client_id).
* Improved prompt parameter validation.
* Added two error codes from RFC 6750.
* Hybrid response types are now be fragment-encoded.
* Added Python 3.6 to Travis CI testing and trove classifiers.
* Fixed BytesWarning issued when using a string placeholder for bytes object.
* Documented PyJWT dependency and improved logging and exception messages.
* Documentation improvements and fixes.
* Mon Aug 21 2017 tbechtoldAATTsuse.com- update to 2.0.2:
* Dropped support for Python 2.6, 3.2 & 3.3.
* (FIX) `OpenIDConnector` will no longer raise an AttributeError when calling `openid_authorization_validator()` twice.
* Sun May 07 2017 pousaduarteAATTgmail.com- Convert to singlespec
* Mon Jan 02 2017 tbechtoldAATTsuse.com- Use pypi.io and htttps as Source
* Sun Jan 01 2017 michaelAATTstroeder.com- update to 2.0.1: too many changes to be listed herein (see /usr/share/doc/packages/python-oauthlib/CHANGELOG.rst)- removed obsolete pycrypto.patch because changes were made upstream
* Thu Sep 15 2016 rjschweiAATTsuse.com- Include in SLES 12 (FATE#321371, bsc#998103)
* Wed Apr 22 2015 mciharAATTsuse.cz- Update to 0.7.2:
* (Quick fix) Unpushed locally modified files got included in the PyPI 0.7.1 release. Doing a new clean release to address this. Please upgrade quickly and report any issues you are running into.
* (Quick fix) Add oauthlib.common.log object back in for libraries using it.
* (Change) OAuth2 clients will not raise a Warning on scope change if the environment variable ``OAUTHLIB_RELAX_TOKEN_SCOPE`` is set. The token will now be available as an attribute on the error, ``error.token``. Token changes will now also be announced using blinker.
* (Fix/Feature) Automatic fixes of non-compliant OAuth2 provider responses (e.g. Facebook).
* (Fix) Logging is now tiered (per file) as opposed to logging all under ``oauthlib``.
* (Fix) Error messages should now include a description in their message.
* (Fix/Feature) Optional support for jsonp callbacks after token revocation.
* (Feature) Client side preparation of OAuth 2 token revocation requests.
* (Feature) New OAuth2 client API methods for preparing full requests.
* (Feature) OAuth1 SignatureOnlyEndpoint that only verifies signatures and client IDs.
* (Fix/Feature) Refresh token grant now allow optional refresh tokens.
* (Fix) add missing state param to OAuth2 errors.
* (Fix) add_params_to_uri now properly parse fragment.
* (Fix/Feature) All OAuth1 errors can now be imported from oauthlib.oauth1.
* (Fix/Security) OAuth2 logs will now strip client provided password, if present.
* Allow unescaped AATT in urlencoded parameters.- New dependency on python-blinker- Add pycrypto.patch to be compatible with latest PyJWT
* Wed Jul 23 2014 mciharAATTsuse.cz- Update to version 0.6.3: + 0.6.3:
* Quick fix. OAuth 1 client repr in 0.6.2 overwrote secrets when scrubbing for print. + 0.6.2:
* Numerous OAuth2 provider errors now suggest a status code of 401 instead of 400 (#247.
* Added support for JSON web tokens with oauthlib.common.generate_signed_token. Install extra dependency with oauthlib[signedtoken] (#237).
* OAuth2 scopes can be arbitrary objects with __str__ defined (#240).
* OAuth 1 Clients can now register custom signature methods (#239).
* Exposed new method oauthlib.oauth2.is_secure_transport that checks whether the given URL is HTTPS. Checks using this method can be disabled by setting the environment variable OAUTHLIB_INSECURE_TRANSPORT (#249).
* OAuth1 clients now has __repr__ and will be printed with secrets scrubbed.
* OAuth1 Client.get_oauth_params now takes an oauthlib.Request as an argument.
* urldecode will now raise a much more informative error message on incorrectly encoded strings.
* Plenty of typo and other doc fixes.- new dependency on PyJWT
* Sun Apr 13 2014 p.drouandAATTgmail.com- Update to version 0.6.1 + (OAuth 2 Provider) is_within_original_scope to check whether a refresh token is trying to aquire a new set of scopes that are a subset of the original scope. + (OAuth 2 Provider) expires_in token lifetime can be set per request. + (OAuth 2 Provider) client_authentication_required method added to differentiate between public and confidential clients. + (OAuth 2 Provider) rotate_refresh_token now indicates whether a new refresh token should be generated during token refresh or if old should be kept. + (OAuth 2 Provider) returned JSON headers no longer include charset. + (OAuth 2 Provider) validate_authorizatoin_request now also includes the internal request object in the returned dictionary. Note that this is not meant to be relied upon heavily and its interface might change. + many style and typo fixes.
* Tue Jan 21 2014 dmuellerAATTsuse.com- use pycrypto, not python-rsa
* Mon Jan 20 2014 speilickeAATTsuse.com- Add pycrypto requirement for \"rsa\" submodule
* Fri Nov 01 2013 p.drouandAATTgmail.com- Update to version 0.6.0 + All endpoint methods change contract to return 3 values instead of 4. The new signature is `headers`, `body`, `status code` where the initial `redirect_uri` has been relocated to its rightful place inside headers as `Location`. + OAuth 1 Access Token Endpoint has a new required validator method `invalidate_request_token`. + OAuth 1 Authorization Endpoint now returns a 200 response instead of 302 on `oob` callbacks.- Changes from version 0.5.1 + OAuth 1 provider fix for incorrect token param in nonce validation.- Changes from version 0.5.0 + OAuth 1 provider refactor. OAuth 2 refresh token validation fix.- Changes from version 0.4.2 + OAuth 2 draft to RFC. Removed OAuth 2 framework decorators.- Changes from version 0.4.1 + Documentation corrections and various small code fixes.- Changes from version 0.4.0 + OAuth 2 Provider support (experimental).- Changes from version 0.3.8 + OAuth 2 Client now uses custom errors and raise on expire- Changes from version 0.3.7 + OAuth 1 optional encoding of Client.sign return values- Changes from version 0.3.6 + Revert default urlencoding.- Changes from version 0.3.5 + Default unicode conversion (utf-8) and urlencoding of input.
* Thu Oct 24 2013 speilickeAATTsuse.com- Require python-setuptools instead of distribute (upstreams merged)
* Fri Nov 23 2012 saschpeAATTsuse.de- Update to version 0.3.4: + A number of small features and bug fixes.- Changes from version 0.3.3: + OAuth 1 Provider verify now return useful params- Changes from version 0.3.2: + Fixed #62, all Python 3 tests pass.- Changes from version 0.3.1: + Python 3.1, 3.2, 3.3 support (experimental)- Changes from version 0.3.0: + Initial OAuth 2 client support- Changes from version 0.2.1: + Exclude non urlencoded bodies during request verification- Changes from version 0.2.0: + OAuth provider support- Changes from version 0.1.4: + soft dependency on PyCrypto
* Fri May 18 2012 jfunkAATTfunktronics.ca- Initial release