Added
* Add support for Python 3.7 & 3.8
* Add support for Django>=2.1,<3.1
* Add requirement for oauthlib>=3.0.1
* Add support for [Proof Key for Code Exchange (PKCE, RFC 7636)](https://tools.ietf.org/html/rfc7636).
* Add support for custom token generators (e.g. to create JWT tokens).
* Add new `OAUTH2_PROVIDER` [settings](https://django-oauth-toolkit.readthedocs.io/en/latest/settings.html):
- `ACCESS_TOKEN_GENERATOR` to override the default access token generator.
- `REFRESH_TOKEN_GENERATOR` to override the default refresh token generator.
- `EXTRA_SERVER_KWARGS` options dictionary for oauthlib's Server class.
- `PKCE_REQUIRED` to require PKCE.
* Add `createapplication` management command to create an application.
* Add `id` in toolkit admin console applications list.
* Add nonstandard Google support for [urn:ietf:wg:oauth:2.0:oob] `redirect_uri`
for [Google OAuth2](https://developers.google.com/identity/protocols/OAuth2InstalledApp) "manual copy/paste".
**N.B.** this feature appears to be deprecated and replaced with methods described in
[RFC 8252: OAuth2 for Native Apps](https://tools.ietf.org/html/rfc8252) and *may* be deprecated and/or removed
from a future release of Django-oauth-toolkit.
Changed
* Change this change log to use [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) format.
* **Backwards-incompatible** squashed migrations:
If you are currently on a release < 1.2.0, you will need to first install 1.2.0 then `manage.py migrate` before
upgrading to >= 1.3.0.
* Improved the [tutorial](https://django-oauth-toolkit.readthedocs.io/en/latest/tutorial/tutorial.html).
Removed
* Remove support for Python 3.4
* Remove support for Django<=2.0
* Remove requirement for oauthlib<3.0
Fixed
* Fix a race condition in creation of AccessToken with external oauth2 server.
* Fix several concurrency issues. ([638](https://github.com/jazzband/django-oauth-toolkit/issues/638))
* Fix to pass `request` to `django.contrib.auth.authenticate()` ([636](https://github.com/jazzband/django-oauth-toolkit/issues/636))
* Fix missing `oauth2_error` property exception oauthlib_core.verify_request method raises exceptions in authenticate.
([633](https://github.com/jazzband/django-oauth-toolkit/issues/633))
* Fix "django.db.utils.NotSupportedError: FOR UPDATE cannot be applied to the nullable side of an outer join" for postgresql.
([714](https://github.com/jazzband/django-oauth-toolkit/issues/714))
* Fix to return a new refresh token during grace period rather than the recently-revoked one.
([702](https://github.com/jazzband/django-oauth-toolkit/issues/702))
* Fix a bug in refresh token revocation.
([625](https://github.com/jazzband/django-oauth-toolkit/issues/625))