UNCLASSIFIED - NO CUI

Skip to content

Draft: Update dependency Authlib to v1.3.0

Ghost User requested to merge renovate/authlib-1.x into development

This MR contains the following updates:

Package Update Change
Authlib minor ==1.0.1 -> ==1.3.0

Release Notes

lepture/authlib (Authlib)

v1.3.0: Version 1.3.0

Compare Source

Bug fixes

Breaking changes

v1.2.1: Version 1.2.1

Compare Source

  • Apply headers in ClientSecretJWT.sign method, via #​552
  • Allow falsy but non-None grant uri params, via #​544
  • Fixed authorize_redirect for Starlette v0.26.0, via #​533
  • Removed has_client_secret method and documentation, via #​513
  • Removed request_invalid and token_revoked remaining occurences and documentation. #​514
  • Fixed RFC7591 grant_types and response_types default values, via #​509
  • Add support for python 3.12, via #​590

v1.2.0: Version 1.2.0

Compare Source

  • Not passing request.body to ResourceProtector, #​485.
  • Use flask.g instead of _app_ctx_stack, #​482.
  • Add headers parameter back to ClientSecretJWT, #​457.
  • Always passing realm parameter in OAuth 1 clients, #​339.
  • Implemented RFC7592 Dynamic Client Registration Management Protocol, #​505`
  • Add default_timeout for requests OAuth2Session and AssertionSession.
  • Deprecate jwk.loads and jwk.dumps

v1.1.0: Version 1.1.0

Compare Source

This release contains breaking changes and security fixes.

Breaking changes:

  • Raise InvalidGrantError for invalid code, redirect_uri and no user errors in OAuth 2.0 server.
  • The default authlib.jose.jwt would only work with JSON Web Signature algorithms, if you would like to use JWT with JWE algorithms, please pass the algorithms parameter:
jwt = JsonWebToken(['A128KW', 'A128GCM', 'DEF'])

Security fixes for JOSE module

  • CVE-2022-39175
  • CVE-2022-39174

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Merge request reports