- Fix token introspection auth method for clients. :pr:`662` - Optional ``typ`` claim in JWT tokens. :pr:`696` - JWT validation leeway. :pr:`689` - Implement server-side :rfc:`RFC9207 <9207>`. :issue:`700` :pr:`701` - ``generate_id_token`` can take a ``kid`` parameter. :pr:`702` - More detailed ``InvalidClientError``. :pr:`706` - OpenID Connect Dynamic Client Registration implementation. :pr:`707`
1.4.1
-------------
**Released on Jan 28, 2025**
- Improve garbage collection on OAuth clients. :issue:`698` - Fix client parameters for httpx. :issue:`694`
1.4.0
-------------
**Released on Dec 20, 2024**
- Fix ``id_token`` decoding when kid is null. :pr:`659` - Support for Python 3.13. :pr:`682` - Force login if the ``prompt`` parameter value is ``login``. :pr:`637` - Support for httpx 0.28, :pr:`695`
**Breaking changes**:
- Stop support for Python 3.8. :pr:`682`
1.3.2
-------------
**Released on Aug 30 2024**
- Prevent ever-growing session size for OAuth clients. - Revert ``quote`` client id and secret. - ``unquote`` basic auth header for authorization server.
1.3.1
-------------
**Released on June 4, 2024**
- Prevent ``OctKey`` to import ssh and PEM strings.