v1.8.0

What's Changed

Bug fixes

• Refactor and enhance Serializers by @guillp in #196
• Fix duplicate client_id body param in Pushed Authorization Requests by @haakontk in #220
• Typo fix pool -> poll by @saper in #173
• Fix acr_values handling in AuthorizationRequest and tests #212 by @guillp in #216
• Pass extra positional args from tox to pytest by @saper in #172
• linting fixes + deps update by @guillp in #192

Deps upgrades

• migrate from poetry to uv by @guillp in #215
• Bump pytest-mypy from 0.10.3 to 1.0.1 by @dependabot[bot] in #142
• Bump mkdocs-material from 9.6.9 to 9.6.11 by @dependabot[bot] in #141
• Bump virtualenv from 20.29.3 to 20.30.0 by @dependabot[bot] in #140
• chore/ruff by @guillp in #144
• Bump virtualenv from 20.30.0 to 20.31.2 by @dependabot[bot] in #146
• Bump mkdocs-material from 9.6.12 to 9.6.13 by @dependabot[bot] in #147
• Bump flask from 3.1.0 to 3.1.1 by @dependabot[bot] in #149
• Bump pytest-examples from 0.0.17 to 0.0.18 by @dependabot[bot] in #148
• Bump types-requests from 2.32.0.20250328 to 2.32.0.20250515 by @dependabot[bot] in #150
• Bump coverage from 7.8.0 to 7.8.2 by @dependabot[bot] in #154
• Bump mkdocs-material from 9.6.13 to 9.6.14 by @dependabot[bot] in #152
• Bump tornado from 6.4.2 to 6.5.1 by @dependabot[bot] in #153
• Bump tox from 4.25.0 to 4.26.0 by @dependabot[bot] in #151
• Bump types-requests from 2.32.0.20250515 to 2.32.0.20250602 by @dependabot[bot] in #155
• Bump mypy from 1.15.0 to 1.16.0 by @dependabot[bot] in #156
• Bump pytest-mock from 3.14.0 to 3.14.1 by @dependabot[bot] in #157
• Bump mkdocs-autorefs from 1.4.1 to 1.4.2 by @dependabot[bot] in #158
• Bump requests from 2.32.3 to 2.32.4 by @dependabot[bot] in #160
• Bump pytest from 8.3.5 to 8.4.0 by @dependabot[bot] in #159
• Bump types-requests from 2.32.0.20250602 to 2.32.4.20250611 by @dependabot[bot] in #161
• Bump pytest-cov from 6.1.1 to 6.2.1 by @dependabot[bot] in #162
• Bump coverage from 7.8.2 to 7.9.1 by @dependabot[bot] in #163
• Bump mkdocs-include-markdown-plugin from 7.1.5 to 7.1.6 by @dependabot[bot] in #164
• Bump urllib3 from 2.4.0 to 2.5.0 by @dependabot[bot] in #165
• Bump pytest from 8.4.0 to 8.4.1 by @dependabot[bot] in #166
• Bump tox from 4.26.0 to 4.27.0 by @dependabot[bot] in #167
• Bump mypy from 1.16.0 to 1.16.1 by @dependabot[bot] in #168
• Bump coverage from 7.9.1 to 7.9.2 by @dependabot[bot] in #170
• Bump mkdocs-material from 9.6.14 to 9.6.15 by @dependabot[bot] in #169
• Bump mkdocstrings from 0.29.1 to 0.30.0 by @dependabot[bot] in #179
• Bump mypy from 1.16.1 to 1.17.0 by @dependabot[bot] in #176
• Bump virtualenv from 20.31.2 to 20.32.0 by @dependabot[bot] in #175
• Bump tox from 4.27.0 to 4.28.3 by @dependabot[bot] in #178
• Bump coverage from 7.9.2 to 7.10.1 by @dependabot[bot] in #180
• Bump actions/checkout from 4 to 5 by @dependabot[bot] in #187
• Bump mkdocs-material from 9.6.18 to 9.6.19 by @dependabot[bot] in #193
• Bump actions/setup-python from 5 to 6 by @dependabot[bot] in #195
• Bump mypy from 1.17.1 to 1.18.1 by @dependabot[bot] in #197
• Bump types-requests from 2.32.4.20250809 to 2.32.4.20250913 by @dependabot[bot] in #198
• Bump mkdocs-material from 9.6.19 to 9.6.20 by @dependabot[bot] in #199
• Bump pytest-cov from 6.2.1 to 7.0.0 by @dependabot[bot] in #200
• Bump mkdocstrings from 0.30.0 to 0.30.1 by @dependabot[bot] in #204
• Bump pytest-mock from 3.15.0 to 3.15.1 by @dependabot[bot] in #203
• Bump coverage from 7.10.6 to 7.10.7 by @dependabot[bot] in #202
• Bump mypy from 1.18.1 to 1.18.2 by @dependabot[bot] in #201
• Bump mkdocs-include-markdown-plugin from 7.1.7 to 7.2.0 by @dependabot[bot] in #205
• Bump tox from 4.30.2 to 4.30.3 by @dependabot[bot] in #207
• Bump mkdocs-material from 9.6.20 to 9.6.21 by @dependabot[bot] in #208
• Bump attrs from 25.3.0 to 25.4.0 by @dependabot[bot] in #209
• Bump virtualenv from 20.34.0 to 20.35.3 by @dependabot[bot] in #210
• Bump actions/checkout from 5 to 6 by @dependabot[bot] in #217

New Contributors

• @saper made their first contribution in #172
• @haakontk made their first contribution in #220

Full Changelog: v1.7.0...v1.8.0

v1.7.0

What's Changed

• Support for DPoP by @guillp in #75
• Support for AS and RS provided DPoP nonces by @guillp in #92
• Allow using custom ports in endpoints without using testing=True, as discussed in #55 by @guillp in #74
• Support pushed_authorization_request_endpoint in from_discovery_document by @rcombs in #90
• Add cookies and headers parameters to ApiClient.__init__() by @guillp in #110
• Fix FlaskOAuth2ClientCredentialsAuth so that it supports the token kwarg by @snarfed in #126
• Add DPoP key support to AuthorizationRequestSerializer (#119) by @snarfed in #120

New Contributors

• @rcombs made their first contribution in #90
• @snarfed made their first contribution in #126

Full Changelog: v1.6.0...v1.7.0

v1.6.0

This release mostly focuses on polishing and does not introduce any major feature.
It comes with quite a few potentially breaking changes.
Next step will be to add support for DPoP.

BREAKING CHANGES

• Removed the BearerAuth class. You can use a BearerToken directly as replacement.
• parameter bearer_token_class to OAuth2Client is renamed to token_class, if a custom token class is used.
• parameter url in ApiClient methods is now renamed to `path, since it only accepts a relative path. It was not meant to be used as kwargs anyway and is the 1st positional parameter, so chances are that it will not require any code change.
• class TokenEndpointPoolingJob has been renamed to BaseTokenEndpointPoolingJob.
• class ClientAssertionAuthenticationMethod has been renamed to BaseClientAssertionAuthenticationMethod.
• renamed some exceptions:
  • MismatchingAcr to MismatchingIdTokenAcr
  • MismatchingAudience to MismatchingIdTokenAudience
  • MismatchingAzp to MismatchingIdTokenAzp
  • MismatchingIssuer to MismatchingIdTokenIssuer
  • MismatchingNonce to MismatchingIdTokenNonce
• Most classes have been converted to attrs.frozen classes. This should not change their behaviors, but their attributes cannot be modified after creation anymore (which was unsupported anyway).
• renamed GrantType enum to GrantTypes
• renamed PkceUtils.code_verifier_re to code_verifier_pattern
• expires_at is now rounded down to the exact second (with 0 microseconds)
• expires_in is now rounded up to the next second

What Changed

• enable ALL ruff rules, implement fixes
• added authorization header class var in BearerToken, for #70
• introduced many custom exceptions, with better error messages and context
• introduced Endpoints, ResponseTypes and CodeChallengeMethods enums
• convert client authentication handlers to attrs classes
• convert requests auth handlers to attrs classes
• dependencies updated
• tests updated
• reviewed some docstrings
• tests now have 100% code coverage
• BearerToken.validate_id_token() now accepts a leeway for the expiration date and the auth_time validation

Pull Requests

• Bump requests from 2.31.0 to 2.32.0 by @dependabot in #63
• Bump jinja2 from 3.1.3 to 3.1.4 by @dependabot in #62
• Bump werkzeug from 3.0.2 to 3.0.3 by @dependabot in #61
• Bump tornado from 6.4 to 6.4.1 by @dependabot in #64
• Bump certifi from 2024.2.2 to 2024.7.4 by @dependabot in #67
• Bump urllib3 from 2.2.1 to 2.2.2 by @dependabot in #66
• Bump zipp from 3.18.1 to 3.19.1 by @dependabot in #68
• Bump setuptools from 69.5.1 to 70.0.0 by @dependabot in #69
• improvements for 1.6.0 by @guillp in #65
• Bump cryptography from 42.0.5 to 43.0.1 by @dependabot in #71
• more polishing by @guillp in #72

Full Changelog: v1.5.3...v1.6.0

v1.5.3

What's Changed

• fix for #57 by @guillp in #58
• deps update and internal fixes by @guillp in #59

Full Changelog: v1.5.2...v1.5.3

v1.5.2

What's Changed

• deps update by @guillp in #53

Full Changelog: v1.5.1...v1.5.2

v1.5.1

What's Changed

• add missing attrs dep, fixing #50 by @guillp in #51

Full Changelog: v1.5.0...v1.5.1

v1.5.0

What's Changed

• a lot of code refactoring, using attrs.frozen classes @guillp in #41
• Fix expires_in field as str, update tests (fixes #26) by @gerarar in #27
• include an Accept: application/json header on all backend requests (#28) by @guillp in #30
• Fix incorrect jwks_uri validation in OAuth2 client (Fixes #34) by @mtr in #35
• add ApiClient.auth to access the currently configured Auth Scheme for or an ApiClient by @guillp in #38
• add @OverRide decorators to Auth Handlers methods by @guillp in #39
• enforce endpoint uri validation by @guillp in #46 and #48
• deps update by @guillp in #49

Breaking changes:

• Endpoint urls passed to OAuth2Client are now validated (must use https, no custom port, must include a path, no fragment). Pass testing=True to disable those checks (might be useful for debugging an AS).
• ApiClient now requires a root url and will never send requests outside of this root url

New Contributors

• @gerarar made their first contribution in #27
• @mtr made their first contribution in #35

Full Changelog: v1.3.0...v1.5.0

v1.3.0

What's Changed

• Fix token expiration leeway which was reversed (fixes #22) by @amacleay-cohere in #23
• implement expiration leeway in Bearer Token based auth handlers, #18 by @guillp in #20
• switch to pytest-freezer by @guillp in #21
• add OAuth2ResourceOwnerPasswordAuth for #19 by @guillp in #24
• use pyupgrade and various housekeeping changes by @guillp in #25

New Contributors

• @amacleay-cohere who noticed and fixed the expiration leeway bug. Thanks Andrew!

Full Changelog: v1.2.0...v1.3.0

v1.2.0

What's Changed

• Improved support for the Authorization Code flow and OIDC ID Token validation
• Support for RFC9207 (issuer verification)
• Support for the JWT grant

Full Changelog: v1.1.0...v1.2.0

v1.1.0

What's Changed

• V1.1 by @guillp in #7

Full Changelog: v1.0.1...v1.1.0