Django-oauth-toolkit

Added
* 949 Provide django.contrib.auth.authenticate() with a `request` for compatibility with more backends (like django-axes).
* 968, 1039 Add support for Django 3.2 and 4.0.
* 953 Allow loopback redirect URIs using random ports as described in [RFC8252 section 7.3](https://datatracker.ietf.org/doc/html/rfc8252#section-7.3).
* 972 Add Farsi/fa language support.
* 978 OIDC: Add support for [rotating multiple RSA private keys](https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#rotating-the-rsa-private-key).
* 978 OIDC: Add new [OIDC_JWKS_MAX_AGE_SECONDS](https://django-oauth-toolkit.readthedocs.io/en/latest/settings.html#oidc-jwks-max-age-seconds) to improve `jwks_uri` caching.
* 967 OIDC: Add [additional claims](https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#adding-claims-to-the-id-token) beyond `sub` to the id_token.
* 1041 Add a search field to the Admin UI (e.g. for search for tokens by email address).

Changed
* 981 Require redirect_uri if multiple URIs are registered per [RFC6749 section 3.1.2.3](https://datatracker.ietf.org/doc/html/rfc6749#section-3.1.2.3)
* 991 Update documentation of [REFRESH_TOKEN_EXPIRE_SECONDS](https://django-oauth-toolkit.readthedocs.io/en/latest/settings.html#refresh-token-expire-seconds) to indicate it may be `int` or `datetime.timedelta`.
* 977 Update [Tutorial](https://django-oauth-toolkit.readthedocs.io/en/stable/tutorial/tutorial_01.html#) to show required `include`.

Removed
* 968 Remove support for Django 3.0 & 3.1 and Python 3.6
* 1035 Removes default_app_config for Django Deprecation Warning
* 1023 six should be dropped

Fixed
* 963 Fix handling invalid hex values in client query strings with a 400 error rather than 500.
* 973 [Tutorial](https://django-oauth-toolkit.readthedocs.io/en/latest/tutorial/tutorial_01.html#start-your-app) updated to use `django-cors-headers`.
* 956 OIDC: Update documentation of [get_userinfo_claims](https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#adding-information-to-the-userinfo-service) to add the missing argument.

Added
* 915 Add optional OpenID Connect support.

Changed
* 942 Help via defunct Google group replaced with using GitHub issues

Changed
* 925 OAuth2TokenMiddleware converted to new style middleware, and no longer extends MiddlewareMixin.

Removed
* 936 Remove support for Python 3.5

Added
* 917 Documentation improvement for Access Token expiration.
* 916 (for DOT contributors) Added `tox -e livedocs` which launches a local web server on `localhost:8000`
to display Sphinx documentation with live updates as you edit.
* 891 (for DOT contributors) Added [details](https://django-oauth-toolkit.readthedocs.io/en/latest/contributing.html)
on how best to contribute to this project.
* 884 Added support for Python 3.9
* 898 Added the ability to customize classes for django admin
* 690 Added pt-PT translations to HTML templates. This enables adding additional translations.

Fixed
* 906 Made token revocation not apply a limit to the `select_for_update` statement (impacts Oracle 12c database).
* 903 Disable `redirect_uri` field length limit for `AbstractGrant`

Added
* added `select_related` in intospect view for better query performance
* 831 Authorization token creation now can receive an expire date
* 831 Added a method to override Grant creation
* 825 Bump oauthlib to 3.1.0 to introduce PKCE
* Support for Django 3.1

Fixed
* 847: Fix inappropriate message when response from authentication server is not OK.

Changed
* few smaller improvements to remove older django version compatibility 830, 861, 862, 863

Fixed
* Fixes: 1.3.1 inadvertently uploaded to pypi with an extra migration (0003...) from a dev branch.