- Update to 1.6.5 (fixes CVE-2025-61920, bsc#1251921)
* RFC7591 generate_client_info and generate_client_secret take a request
parameter.
* Add size limitation when decode JWS/JWE to prevent DoS.
* Add size limitation for DEF JWE zip algorithm.
- Update to 1.6.4
* fix(jose): prevent public/unprotected header overwriting protected header
by @lepture in #809
* Fix InsecureTransportError raising by @azmeuk in #810
* Add conventional-commits pre-commit hook by @azmeuk in #811
* Fix response_mode=form_post with Starlette client by @azmeuk in #812
* Specify README.md as project long description by @EpicWink in #817
* Migrate tests to pytest paradigm by @azmeuk in #813
* jose/jws: Reject unprotected ‘crit’ and enforce type; add tests
by @AL-Cybision in #823
* Use explicit *.test urls in unit tests by @azmeuk in #824
- Update to 1.6.3
* Add diff-cover check in GHA by @azmeuk in #803
* Run GHA unit tests with uv by @azmeuk in #805
* Move from pre-commit to prek by @azmeuk in #804
* Sign OIDC id_token according to id_token_signed_response_alg client
metadata by @azmeuk in #802
- Update to 1.6.2
* Allow insecure transport for 127.0.0.1 for debugging
by @geigerzaehler in #788
* Raise a MissingCodeError when code parameter is missing by @lepture in #786
* Temporarily restore OAuth2Request body parameter by @azmeuk in #791
* Raise MissingCodeException when code parameter is missing
by @lepture in #794
* Fix id_token generation with EdDSA alg by @azmeuk in #800
- Update test requirements (forwarded request 1311035 from nkrapp)
OBS-URL: https://build.opensuse.org/request/show/1311065
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Authlib?expand=0&rev=26
* RFC7591 generate_client_info and generate_client_secret take a request
parameter.
* Add size limitation when decode JWS/JWE to prevent DoS.
* Add size limitation for DEF JWE zip algorithm.
- Update to 1.6.4
* fix(jose): prevent public/unprotected header overwriting protected header
by @lepture in #809
* Fix InsecureTransportError raising by @azmeuk in #810
* Add conventional-commits pre-commit hook by @azmeuk in #811
* Fix response_mode=form_post with Starlette client by @azmeuk in #812
* Specify README.md as project long description by @EpicWink in #817
* Migrate tests to pytest paradigm by @azmeuk in #813
* jose/jws: Reject unprotected ‘crit’ and enforce type; add tests
by @AL-Cybision in #823
* Use explicit *.test urls in unit tests by @azmeuk in #824
- Update to 1.6.3
* Add diff-cover check in GHA by @azmeuk in #803
* Run GHA unit tests with uv by @azmeuk in #805
* Move from pre-commit to prek by @azmeuk in #804
* Sign OIDC id_token according to id_token_signed_response_alg client
metadata by @azmeuk in #802
- Update to 1.6.2
* Allow insecure transport for 127.0.0.1 for debugging
by @geigerzaehler in #788
* Raise a MissingCodeError when code parameter is missing by @lepture in #786
* Temporarily restore OAuth2Request body parameter by @azmeuk in #791
* Raise MissingCodeException when code parameter is missing
by @lepture in #794
* Fix id_token generation with EdDSA alg by @azmeuk in #800
- Update test requirements
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Authlib?expand=0&rev=54
Forwarded request #1282104 from glaubitz
- Update to 1.6.2
* Fix issue when RFC9207 is enabled and the authorization endpoint
response is not a redirection. pull request #733
* Fix missing state parameter in authorization error responses.
issue #525
* Support for acr and amr claims in id_token. issue #734
* Support for the none JWS algorithm.
* Fix response_types strict order during dynamic client
registration. issue #760
* Implement RFC9101 The OAuth 2.0 Authorization Framework:
JWT-Secured Authorization Request (JAR). issue #723
* OIDC UserInfo endpoint support. issue #459
- Drop 767-skip-xc20p-tests.patch, merged upstream
OBS-URL: https://build.opensuse.org/request/show/1282354
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Authlib?expand=0&rev=24
* Fix issue when RFC9207 is enabled and the authorization endpoint
response is not a redirection. pull request #733
* Fix missing state parameter in authorization error responses.
issue #525
* Support for acr and amr claims in id_token. issue #734
* Support for the none JWS algorithm.
* Fix response_types strict order during dynamic client
registration. issue #760
* Implement RFC9101 The OAuth 2.0 Authorization Framework:
JWT-Secured Authorization Request (JAR). issue #723
* OIDC UserInfo endpoint support. issue #459
- Drop 767-skip-xc20p-tests.patch, merged upstream
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Authlib?expand=0&rev=50
* Fix id_token decoding when kid is null. :pr:`659`
* Support for Python 3.13. :pr:`682`
* Force login if the prompt parameter value is login. :pr:`637`
* Support for httpx 0.28, :pr:`695`
* Breaking changes:
- Stop support for Python 3.8. :pr:`682`
- Drop py313-tests.patch, because now in upstream.
- Drop httpx028.patch, because now in upstream.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Authlib?expand=0&rev=36
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
