Changed - Fix vulnerability; re-discover the authorization_endpoint and token_endpoint at each stage in the flow. Prevents a buggy or malicious authorization_endpoint from giving you credentials for another user's domain name.
0.2.1
Not secure
Changed - Updated setup.py, no functional changes
0.2.0
Not secure
Changed - Started keeping a changelog! - Added a separate 'authenticate' flow to provide explicit support for calling out to indieauth without requesting any sort of access token. - Redirect_url is now determined automatically based on the authenticated_handler or authorized_handler annotations