Authlib

-------------

**Released on Jan 28, 2025**

- Improve garbage collection on OAuth clients. :issue:`698`
- Fix client parameters for httpx. :issue:`694`

-------------

**Released on Dec 20, 2024**

- Fix ``id_token`` decoding when kid is null. :pr:`659`
- Support for Python 3.13. :pr:`682`
- Force login if the ``prompt`` parameter value is ``login``. :pr:`637`
- Support for httpx 0.28, :pr:`695`

**Breaking changes**:

- Stop support for Python 3.8. :pr:`682`

-------------

**Released on Aug 30 2024**

- Prevent ever-growing session size for OAuth clients.
- Revert ``quote`` client id and secret.
- ``unquote`` basic auth header for authorization server.

-------------

**Released on June 4, 2024**

- Prevent ``OctKey`` to import ssh and PEM strings.

-------------

**Released on Dec 17, 2023**

- Restore ``AuthorizationServer.create_authorization_response`` behavior, via :PR:`558`
- Include ``leeway`` in ``validate_iat()`` for JWT, via :PR:`565`
- Fix ``encode_client_secret_basic``, via :PR:`594`
- Use single key in JWK if JWS does not specify ``kid``, via :PR:`596`
- Fix error when RFC9068 JWS has no scope field, via :PR:`598`
- Get werkzeug version using importlib, via :PR:`591`

**New features**:

- RFC9068 implementation, via :PR:`586`, by azmeuk.

**Breaking changes**:

- End support for python 3.7

-------------

**Released on Jun 25, 2023**

- Apply headers in ``ClientSecretJWT.sign`` method, via :PR:`552`
- Allow falsy but non-None grant uri params, via :PR:`544`
- Fixed ``authorize_redirect`` for Starlette v0.26.0, via :PR:`533`
- Removed ``has_client_secret`` method and documentation, via :PR:`513`
- Removed ``request_invalid`` and ``token_revoked`` remaining occurences
and documentation. :PR:`514`
- Fixed RFC7591 ``grant_types`` and ``response_types`` default values, via :PR:`509`.
- Add support for python 3.12, via :PR:`590`.