UNCLASSIFIED - NO CUI

Skip to content

Update dependency oauthlib to v3.2.1

renovate requested to merge renovate/oauthlib-3.x into development

This MR contains the following updates:

Package Type Update Change
oauthlib ironbank-pypi minor 3.1.0 -> 3.2.1

Release Notes

oauthlib/oauthlib

v3.2.1

Compare Source

OAuth2.0 Provider:

  • #​803: Metadata endpoint support of non-HTTPS
  • CVE-2022-36087

OAuth1.0:

  • #​818: Allow IPv6 being parsed by signature

General:

  • Improved and fixed documentation warnings.
  • Cosmetic changes based on isort

v3.2.0

Compare Source

OAuth2.0 Client:

  • #​795: Add Device Authorization Flow for Web Application
  • #​786: Add PKCE support for Client
  • #​783: Fallback to none in case of wrong expires_at format.

OAuth2.0 Provider:

  • #​790: Add support for CORS to metadata endpoint.
  • #​791: Add support for CORS to token endpoint.
  • #​787: Remove comma after Bearer in WWW-Authenticate

OAuth2.0 Provider - OIDC:

  • #​755: Call save_token in Hybrid code flow
  • #​751: OIDC add support of refreshing ID Tokens with refresh_id_token
  • #​751: The RefreshTokenGrant modifiers now take the same arguments as the AuthorizationCodeGrant modifiers (token, token_handler, request).

General:

  • Added Python 3.9, 3.10, 3.11
  • Improve Travis & Coverage

v3.1.1

Compare Source

OAuth2.0 Provider - Bugfixes

  • #​753: Fix acceptance of valid IPv6 addresses in URI validation

OAuth2.0 Client - Bugfixes

  • #​730: Base OAuth2 Client now has a consistent way of managing the scope: it consistently relies on the scope provided in the constructor if any, except if overridden temporarily in a method call. Note that in particular providing a non-None scope in prepare_authorization_request or prepare_refresh_token does not override anymore self.scope forever, it is just used temporarily.
  • #​726: MobileApplicationClient.prepare_request_uri and MobileApplicationClient.parse_request_uri_response, ServiceApplicationClient.prepare_request_body, and WebApplicationClient.prepare_request_uri now correctly use the default scope provided in constructor.
  • #​725: LegacyApplicationClient.prepare_request_body now correctly uses the default scope provided in constructor

OAuth2.0 Provider - Bugfixes

  • #​711: client_credentials grant: fix log message
  • #​746: OpenID Connect Hybrid - fix nonce not passed to add_id_token
  • #​756: Different prompt values are now handled according to spec (e.g. prompt=none)
  • #​759: OpenID Connect - fix Authorization: Basic parsing

General

  • #​716: improved skeleton validator for public vs private client
  • #​720: replace mock library with standard unittest.mock
  • #​727: build isort integration
  • #​734: python2 code removal
  • #​735, #​750: add python3.8 support
  • #​749: bump minimum versions of pyjwt and cryptography

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, click this checkbox.

This MR has been generated by Renovate Bot.

Merge request reports

UNCLASSIFIED - NO CUI