Django-oauth-toolkit

* **New feature**: AccessToken, RefreshToken and Grant models are now swappable.
* 477: **New feature**: Add support for RFC 7662 (IntrospectTokenView, introspect scope)
* **Compatibility**: Django 1.10 is the new minimum required version
* **Compatibility**: Django 1.11 is now supported
* **Backwards-incompatible**: The `oauth2_provider.ext.rest_framework` module
has been moved to `oauth2_provider.contrib.rest_framework`
* 177: Changed `id` field on Application, AccessToken, RefreshToken and Grant to BigAutoField (bigint/bigserial)
* 321: Added `created` and `updated` auto fields to Application, AccessToken, RefreshToken and Grant
* 476: Disallow empty redirect URIs
* Fixed bad `url` parameter in some error responses.
* Django 2.0 compatibility fixes.
* The dependency on django-braces has been dropped.
* The oauthlib dependency is no longer pinned.

* **New feature**: Class-based scopes backends. Listing scopes, available scopes and default scopes
is now done through the class that the `SCOPES_BACKEND_CLASS` setting points to.
By default, this is set to `oauth2_provider.scopes.SettingsScopes` which implements the
legacy settings-based scope behaviour. No changes are necessary.
* **Dropped support for Python 3.2 and Python 3.3**, added support for Python 3.6
* Support for the `scopes` query parameter, deprecated in 0.6.1, has been dropped
* 448: Added support for customizing applications' allowed grant types
* 141: The `is_usable(request)` method on the Application model can be overridden to dynamically
enable or disable applications.
* 434: Relax URL patterns to allow for UUID primary keys

* 315: AuthorizationView does not overwrite requests on get
* 425: Added support for Django 1.10
* 396: added an IsAuthenticatedOrTokenHasScope Permission
* 357: Support multiple-user clients by allowing User to be NULL for Applications
* 389: Reuse refresh tokens if enabled.

* **322: dropping support for python 2.6 and django 1.4, 1.5, 1.6**
* 310: Fixed error that could occur sometimes when checking validity of incomplete AccessToken/Grant
* 333: Added possibility to specify the default list of scopes returned when scope parameter is missing
* 325: Added management views of issued tokens
* 249: Added a command to clean expired tokens
* 323: Application registration view uses custom application model in form class
* 299: `server_class` is now pluggable through Django settings
* 309: Add the py35-django19 env to travis
* 308: Use compact syntax for tox envs
* 306: Django 1.9 compatibility
* 288: Put additional information when generating token responses
* 297: Fixed doc about SessionAuthenticationMiddleware
* 273: Generic read write scope by resource

* ``oauthlib_backend_class`` is now pluggable through Django settings
* 127: ``application/json`` Content-Type is now supported using ``JSONOAuthLibCore``
* 238: Fixed redirect uri handling in case of error
* 229: Invalidate access tokens when getting a new refresh token
* added support for oauthlib 1.0

* Fix the migrations to be two-step and allow upgrade from 0.7.2