Authlib

Authlib has changed its license from LGPL to AGPL. This is not a huge release like v0.6, but it still contains some deprecate changes, the good news is they are compatible, they won’t break your project. Authlib can’t go further without these deprecate changes.

As always, Authlib is adding specification implementations. Here is what’s new in version 0.7:

- RFC7515: Refactored JWS, make it a full implementation.
- RFC7521: Add [`AssertionSession`](https://docs.authlib.org/en/latest/api/client.html#authlib.client.AssertionSession), only works with RFC7523.
- RFC7523: Add [`JWTBearerGrant`](https://docs.authlib.org/en/latest/specs/rfc7523.html#authlib.specs.rfc7523.JWTBearerGrant), read the guide in **[JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants](https://docs.authlib.org/en/latest/specs/rfc7523.html)**.

Besides that, there are more changes:

- Add `overwrite` parameter for framework integrations clients.
- Add `response_mode=query` for OpenID Connect implicit and hybrid flow.
- Bug fix and documentation fix via issue42, issue43.
- Dropping authlib.client.apps. Use [loginpass](https://github.com/authlib/loginpass) instead.

**Deprecate Changes**: find how to solve the deprecate issues via <https://git.io/vpCH5>

Code Changes: <https://github.com/lepture/authlib/compare/v0.6...v0.7>

**From alpha to beta**. This is a huge release with lots of deprecating changes and some breaking changes. And finally, **OpenID Connect** server is supported by now, because Authlib has added these specifications:

- RFC7515: JSON Web Signature (JWS)
- RFC7517: JSON Web Key (JWK)
- RFC7518: JSON Web Algorithms (JWA)
- RFC7519: JSON Web Token (JWT)

The specifications are not completed yet, but they are ready to use. The missing RFC7516 (JWE) is going to be implemented in next version. Open ID Connect 1.0 is added with:

- Authentication using the [Code Flow](https://docs.authlib.org/en/v0.6/flask/oidc.html#flask-odic-code)
- Authentication using the [Implicit Flow](https://docs.authlib.org/en/v0.6/flask/oidc.html#flask-odic-implicit)
- Authentication using the [Hybrid Flow](https://docs.authlib.org/en/v0.6/flask/oidc.html#flask-odic-hybrid)
- ID Token Validation

Besides that, there are more changes:

- Implementation of RFC7662: OAuth 2.0 Token Introspection via 36.
- Use the `token_endpoint_auth_method` concept defined in RFC7591.
- Signal feature for Flask integration of OAuth 2.0 server.
- Bug fixes for OAuth client parts, thanks for the instruction by Lukas Schink.

**Breaking Changes:**

1. the columns in `authlib.flask.oauth2.sqla` has been changed a lot. If you are using it, you need to upgrade your database.
2. use `register_token_validator` on ResourceProtector.
3. `authlib.client.oauth1.OAuth1` has been renamed to `authlib.client.oauth1.OAuth1Auth`.

**Deprecate Changes:** find how to solve the deprecate issues via <https://git.io/vAAUK>

Code Changes: <https://github.com/lepture/authlib/compare/v0.5.1...v0.6>

Just a quick bug fix release.

- Fixed `OAuth2Session.request` with auth.

Make it compatible with Authlib >= 0.14.3. This release also changed the way to register flask blueprint.

**This is a quick bug fix version.**

- Fixed missing code params when fetching access token. This bug is introduced when fixing [issue16](https://github.com/lepture/authlib/issues/16).

- **New backend**: Battle.net by Corey Burmeister
- Fixed AzureAD for v2
- Upgraded LinkedIn for v2 API
- Bug fix for VK
- Bug fix for Yandex