* [Breaking change] Switch to HttpOnly cookies. This means that frontend apps can no longer access the tokens. * Drop support for Python 3.8.
0.7.0
------------------
* Building package with pyproject.toml
0.6.1
------------------
* Relax upper bounds on python-keycloak.
0.6.0
------------------
* Add support for nameko 3.0 RC.
0.5.0
------------------
* Add Secure=true flag to all cookies. This requires serving over HTTPS only, but you should be doing that already if you care about security.
0.4.0
Not secure
------------------
* [Breaking change] ``fetch_user`` callback now takes two arguments: email and token payload. This allows the clients to augment their User instances with arbitrary data encoded in the token.