v1.6.0

This release mostly focuses on polishing and does not introduce any major feature.
It comes with quite a few potentially breaking changes.
Next step will be to add support for DPoP.

BREAKING CHANGES

• Removed the BearerAuth class. You can use a BearerToken directly as replacement.
• parameter bearer_token_class to OAuth2Client is renamed to token_class, if a custom token class is used.
• parameter url in ApiClient methods is now renamed to `path, since it only accepts a relative path. It was not meant to be used as kwargs anyway and is the 1st positional parameter, so chances are that it will not require any code change.
• class TokenEndpointPoolingJob has been renamed to BaseTokenEndpointPoolingJob.
• class ClientAssertionAuthenticationMethod has been renamed to BaseClientAssertionAuthenticationMethod.
• renamed some exceptions:
  • MismatchingAcr to MismatchingIdTokenAcr
  • MismatchingAudience to MismatchingIdTokenAudience
  • MismatchingAzp to MismatchingIdTokenAzp
  • MismatchingIssuer to MismatchingIdTokenIssuer
  • MismatchingNonce to MismatchingIdTokenNonce
• Most classes have been converted to attrs.frozen classes. This should not change their behaviors, but their attributes cannot be modified after creation anymore (which was unsupported anyway).
• renamed GrantType enum to GrantTypes
• renamed PkceUtils.code_verifier_re to code_verifier_pattern
• expires_at is now rounded down to the exact second (with 0 microseconds)
• expires_in is now rounded up to the next second

What Changed

• enable ALL ruff rules, implement fixes
• added authorization header class var in BearerToken, for #70
• introduced many custom exceptions, with better error messages and context
• introduced Endpoints, ResponseTypes and CodeChallengeMethods enums
• convert client authentication handlers to attrs classes
• convert requests auth handlers to attrs classes
• dependencies updated
• tests updated
• reviewed some docstrings
• tests now have 100% code coverage
• BearerToken.validate_id_token() now accepts a leeway for the expiration date and the auth_time validation

Pull Requests

• Bump requests from 2.31.0 to 2.32.0 by @dependabot in #63
• Bump jinja2 from 3.1.3 to 3.1.4 by @dependabot in #62
• Bump werkzeug from 3.0.2 to 3.0.3 by @dependabot in #61
• Bump tornado from 6.4 to 6.4.1 by @dependabot in #64
• Bump certifi from 2024.2.2 to 2024.7.4 by @dependabot in #67
• Bump urllib3 from 2.2.1 to 2.2.2 by @dependabot in #66
• Bump zipp from 3.18.1 to 3.19.1 by @dependabot in #68
• Bump setuptools from 69.5.1 to 70.0.0 by @dependabot in #69
• improvements for 1.6.0 by @guillp in #65
• Bump cryptography from 42.0.5 to 43.0.1 by @dependabot in #71
• more polishing by @guillp in #72

Full Changelog: v1.5.3...v1.6.0

v1.5.3

What's Changed

• fix for #57 by @guillp in #58
• deps update and internal fixes by @guillp in #59

Full Changelog: v1.5.2...v1.5.3

v1.5.2

What's Changed

• deps update by @guillp in #53

Full Changelog: v1.5.1...v1.5.2

v1.5.1

What's Changed

• add missing attrs dep, fixing #50 by @guillp in #51

Full Changelog: v1.5.0...v1.5.1

v1.5.0

What's Changed

• a lot of code refactoring, using attrs.frozen classes @guillp in #41
• Fix expires_in field as str, update tests (fixes #26) by @gerarar in #27
• include an Accept: application/json header on all backend requests (#28) by @guillp in #30
• Fix incorrect jwks_uri validation in OAuth2 client (Fixes #34) by @mtr in #35
• add ApiClient.auth to access the currently configured Auth Scheme for or an ApiClient by @guillp in #38
• add @OverRide decorators to Auth Handlers methods by @guillp in #39
• enforce endpoint uri validation by @guillp in #46 and #48
• deps update by @guillp in #49

Breaking changes:

• Endpoint urls passed to OAuth2Client are now validated (must use https, no custom port, must include a path, no fragment). Pass testing=True to disable those checks (might be useful for debugging an AS).
• ApiClient now requires a root url and will never send requests outside of this root url

New Contributors

• @gerarar made their first contribution in #27
• @mtr made their first contribution in #35

Full Changelog: v1.3.0...v1.5.0

v1.3.0

What's Changed

• Fix token expiration leeway which was reversed (fixes #22) by @amacleay-cohere in #23
• implement expiration leeway in Bearer Token based auth handlers, #18 by @guillp in #20
• switch to pytest-freezer by @guillp in #21
• add OAuth2ResourceOwnerPasswordAuth for #19 by @guillp in #24
• use pyupgrade and various housekeeping changes by @guillp in #25

New Contributors

• @amacleay-cohere who noticed and fixed the expiration leeway bug. Thanks Andrew!

Full Changelog: v1.2.0...v1.3.0

v1.2.0

What's Changed

• Improved support for the Authorization Code flow and OIDC ID Token validation
• Support for RFC9207 (issuer verification)
• Support for the JWT grant

Full Changelog: v1.1.0...v1.2.0

v1.1.0

What's Changed

• V1.1 by @guillp in #7

Full Changelog: v1.0.1...v1.1.0

v1.0.0

v1.0.0