All notable changes to this project will be documented in this file.
The format is based on the KeepAChangeLog project.
- #430 Skip keys that are of unknown type or under defined.
- #430 Audience of a client assertion is endpoint dependent.
- #427 Made matching for response_types order independent for authorization requests
- #399 Matching response_types for authz requests is too strict
- #405: Fix generation of endpoint urls
- #411: Empty lists not indexable
- #413: Fix error when wrong response_mode requested
- #418: Made phone_number_claim be boolean and fixed a bug when importing JSON (non-boolean where boolean expected)
- #318:
oic.utils.authn.saml
raisesImportError
on import if optionalsaml2
dependency is not present. - #324: Make the Provider
symkey
argument optional. - #325:
oic.oic.claims_match
implementation refactored. - #368:
oic.oauth2.Client.construct_AccessTokenRequest()
as well asoic.oic.Client
are now able to perform proper Resource Owner Password Credentials Grant - #374: Made the to_jwe/from_jwe methods of Message accept list of keys value of parameter keys.
- #387: Refactored the
oic.utils.sdb.SessionDB
constructor API. - #380: Made cookie_path and cookie_domain configurable via Provider like the cookie_name.
- #386: An exception will now be thrown if a sub claim received from the userinfo endpoint is not the same as a sub claim previously received in an ID Token.
- #392: Made sid creation simpler and faster
- #317: Resolved an
AttibuteError
exception under Python 2. - #313: Catch exception correctly
- #319: Fix sanitize on strings starting with "B" or "U"
- #330: Fix client_management user input being eval'd under Python 2
- #358: Fixed claims_match
- #362: Fix bad package settings URL
- #369: The AuthnEvent object is now serialized to JSON for the session.
- #373: Made the standard way the default when dealing with signed JWTs without 'kid'. Added the possibility to override this behavior if necessary.
- #401: Fixed message decoding and verifying errors.
- #349: Changed crypto algorithm used by
oic.utils.sdb.Crypt
for token encryption to Fernet. Old stored tokens are incompatible. - #363: Fixed IV reuse for CookieDealer class. Replaced the encrypt-then-mac construction with a proper AEAD (AES-SIV).
- #291: Testing more relevant Python versions.
- #296:
parse_qs
import fromfuture.backports
tofuture.moves
. - #188: Added
future
dependency, updated dependecies - #305: Some import were removed from
oic.oauth2
andoic.oic.provider
, please import them from respective modules (oic.oath2.message
andoic.exception
).
- #294: Generating code indices in documentation.
- #295: Access token issuance and typo/exception handling.
- #273: Allow webfinger accept
kwargs
.
- #286: Account for missing code in the SessionDB.
No change log folks. Sorry.