**First and foremost, keep in mind that using SSO v2 is a permanent move. If you want to keep using SSO v1, consider using only EsiPy 0.5.x**
Warnings
* From this version EsiPy will only use SSOv2 (JWT). If you don't want to migrate to JWT tokens, you should keep using version 0.5.x, as migration to the new SSO is a permanent move.
* JWT tokens are really bigger than SSOv1 token, so keep this in mind when migrating if you store these tokens in databases.
Breaking Changes
* The following parameters have been removed from `EsiSecurity.__init__()`: `app`, `esi_url`, `sso_url`, `esi_datasource`.
* `EsiSecurity.__init__()` does not construct URLs from either given URL or swagger spec, but makes a request to SSO endpoint discovery.
* `EsiSecurity.__get_token_auth_header()` has been removed.
* `EsiSecurity.verify()` now uses JWT library [python-jose](https://github.com/mpdavis/python-jose) to get informations of the token instead of querying ESI `/verify` endpoint.
* `EsiSecurity.verify()` may raise exceptions if a token does not validate or if it is expired.
Changes
* `EsiSecurity.__init__()` has a new optional parameter `sso_endpoints_url` to provide the SSO discovery URL (which is different for Tranquility, Singularity and Serenity)
* `EsiSecurity.__init__()` has a new optional parameter `sso_endpoints` which can be used to give the content (cached by the user) of the SSO discovery URL. This will prevent `EsiSecurity` from making a request.
* `EsiSecurity.__init__()` has a new optional parameter `jwks_key` which can be used to give the content (cached by the user) of the JSON Web Key Set (JWKS). This will prevent `EsiSecurity` from making a request.
* `EsiSecurity.__init__()` has a new optional parameter `code_verifier` which can be used for PKCE flow.
* `EsiSecurity.refresh()` now accept `scope_list` parameter, a list of scope to only refresh a subset of scope for the token. (None by default to refresh everything)
* New utils functions have been added in the `esipy.utils` module:
* `generate_code_verifier(length)` to generate a code verifier for the PKCE flow that will respect the RFC requirements.
* `generate_code_challenge(code_verifier)` to generate the code_challenge to be used in the PKCE flow (used in `EsiSecurity`)
About PKCE
* If a secret key is provided, EsiSecurity will never use PKCE.
* If you want to use PKCE, you need to follow the 2 requirements while instanciating your `EsiSecurity` object:
* `secret_key` must be ignored or set to `None`
* `code_verifier` must be provided and must follow the [RFC 7636 format](https://tools.ietf.org/html/rfc7636#section-4.1)
*For a PKCE example, you can check the doc [here](https://kyria.github.io/EsiPy/getting_started/sso_authentification/#pkce)*