<feed xmlns='http://www.w3.org/2005/Atom'>
<title>pkgsrc/security/py-authlib/PLIST, branch trunk</title>
<subtitle>[no description]</subtitle>
<id>https://git.osdyson.ru/mirror/pkgsrc/atom?h=trunk</id>
<link rel='self' href='https://git.osdyson.ru/mirror/pkgsrc/atom?h=trunk'/>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/'/>
<updated>2022-10-14T09:06:36Z</updated>
<entry>
<title>py-authlib: updated to 1.1.0</title>
<updated>2022-10-14T09:06:36Z</updated>
<author>
<name>adam</name>
<email>adam@pkgsrc.org</email>
</author>
<published>2022-10-14T09:06:36Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=fddec3414a036e1ff4657953b1a40e9860059cec'/>
<id>urn:sha1:fddec3414a036e1ff4657953b1a40e9860059cec</id>
<content type='text'>
Version 1.1.0

This release contains breaking changes and security fixes.

Allow to pass claims_options to Framework OpenID Connect clients.
Fix .stream with context for HTTPX OAuth clients.
Fix Starlette OAuth client for cache store.

Breaking changes:

Raise InvalidGrantError for invalid code, redirect_uri and no user errors in OAuth 2.0 server.

The default authlib.jose.jwt would only work with JSON Web Signature algorithms, if you would like to use JWT with JWE algorithms, please pass the algorithms parameter:

jwt = JsonWebToken(['A128KW', 'A128GCM', 'DEF'])
Security fixes: CVE-2022-39175 and CVE-2022-39174, both related to JOSE.


Version 1.0.1

Fix authenticate_none method.
Allow to pass in alternative signing algorithm to RFC7523 authentication methods.
Fix missing_token for Flask OAuth client.
Allow openid in any place of the scope.
Security fix for validating essential value on blank value in JWT.


Version 1.0.0

We have dropped support for Python 2 in this release. We have removed built-in SQLAlchemy integration.

OAuth Client Changes:

The whole framework client integrations have been restructured, if you are using the client properly, e.g. oauth.register(...), it would work as before.

OAuth Provider Changes:

In Flask OAuth 2.0 provider, we have removed the deprecated OAUTH2_JWT_XXX configuration, instead, developers should define .get_jwt_config on OpenID extensions and grant types.

SQLAlchemy integrations has been removed from Authlib. Developers should define the database by themselves.

JOSE Changes

JWS has been renamed to JsonWebSignature
JWE has been renamed to JsonWebEncryption
JWK has been renamed to JsonWebKey
JWT has been renamed to JsonWebToken
The "Key" model has been re-designed, checkout the :ref:`jwk_guide` for updates.

Added ES256K algorithm for JWS and JWT.</content>
</entry>
<entry>
<title>py-authlib: updated to 0.15.1</title>
<updated>2020-10-15T13:46:35Z</updated>
<author>
<name>adam</name>
<email>adam@pkgsrc.org</email>
</author>
<published>2020-10-15T13:46:35Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=7c2e7717edb470d4d143a2c3fc098327ead367a6'/>
<id>urn:sha1:7c2e7717edb470d4d143a2c3fc098327ead367a6</id>
<content type='text'>
Version 0.15.1
Backward compitable fix for using JWKs in JWT</content>
</entry>
<entry>
<title>py-authlib: updated to 0.15</title>
<updated>2020-10-10T18:04:52Z</updated>
<author>
<name>adam</name>
<email>adam@pkgsrc.org</email>
</author>
<published>2020-10-10T18:04:52Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=ecba188dd6733379f3cd515c6dabd6f02351cb87'/>
<id>urn:sha1:ecba188dd6733379f3cd515c6dabd6f02351cb87</id>
<content type='text'>
Version 0.15

This is the last release before v1.0. In this release, we added more RFCs
implementations and did some refactors for JOSE:

RFC8037: CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE)
RFC7638: JSON Web Key (JWK) Thumbprint

We also fixed bugs for integrations:

Fixed support for HTTPX&gt;=0.14.3
Added OAuth clients of HTTPX back
Fixed parallel token refreshes for HTTPX async OAuth 2 client
Raise OAuthError when callback contains errors

Breaking Change:

The parameter algorithms in JsonWebSignature and JsonWebEncryption
are changed. Usually you don't have to care about it since you won't use it directly.
Whole JSON Web Key is refactored, please check JSON Web Key (JWK)</content>
</entry>
<entry>
<title>py-authlib: added version 0.9.1</title>
<updated>2020-06-11T14:24:49Z</updated>
<author>
<name>adam</name>
<email>adam@pkgsrc.org</email>
</author>
<published>2020-06-11T14:24:49Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=e535e788b253c4a0d49b428a75178856fc600d48'/>
<id>urn:sha1:e535e788b253c4a0d49b428a75178856fc600d48</id>
<content type='text'>
OAuth often seems complicated and difficult-to-implement. There are several
prominent libraries for handling OAuth requests, but they all suffer from one
or both of the following:

  *  They predate the OAuth 1.0 spec, AKA RFC 5849.
  *  They predate the OAuth 2.0 spec, AKA RFC 6749.
  *  They assume the usage of a specific HTTP request library.

OAuthLib is a generic utility which implements the logic of OAuth without
assuming a specific HTTP request object or web framework. Use it to graft OAuth
client support onto your favorite HTTP library, or provider support onto your
favourite web framework. If you're a maintainer of such a library, write a thin
veneer on top of OAuthLib and get OAuth support for very little effort.</content>
</entry>
</feed>
