Moauthlib

------------------

Quick fix. OAuth 1 client repr in 0.6.2 overwrote secrets when scrubbing for print.

------------------

* Numerous OAuth2 provider errors now suggest a status code of 401 instead
of 400 (247.

* Added support for JSON web tokens with oauthlib.common.generate_signed_token.
Install extra dependency with oauthlib[signedtoken] (237).

* OAuth2 scopes can be arbitrary objects with __str__ defined (240).

* OAuth 1 Clients can now register custom signature methods (239).

* Exposed new method oauthlib.oauth2.is_secure_transport that checks whether
the given URL is HTTPS. Checks using this method can be disabled by setting
the environment variable OAUTHLIB_INSECURE_TRANSPORT (249).

* OAuth1 clients now has __repr__ and will be printed with secrets scrubbed.

* OAuth1 Client.get_oauth_params now takes an oauthlib.Request as an argument.

* urldecode will now raise a much more informative error message on
incorrectly encoded strings.

* Plenty of typo and other doc fixes.

------------------

Draft revocation endpoint features and numerous fixes including:

* (OAuth 2 Provider) is_within_original_scope to check whether a refresh token
is trying to aquire a new set of scopes that are a subset of the original scope.

* (OAuth 2 Provider) expires_in token lifetime can be set per request.

* (OAuth 2 Provider) client_authentication_required method added to differentiate
between public and confidential clients.

* (OAuth 2 Provider) rotate_refresh_token now indicates whether a new refresh
token should be generated during token refresh or if old should be kept.

* (OAuth 2 Provider) returned JSON headers no longer include charset.

* (OAuth 2 Provider) validate_authorizatoin_request now also includes the
internal request object in the returned dictionary. Note that this is
not meant to be relied upon heavily and its interface might change.

* and many style and typo fixes.

-----

OAuth 1 & 2 provider API refactor with breaking changes:

* All endpoint methods change contract to return 3 values instead of 4. The new
signature is `headers`, `body`, `status code` where the initial `redirect_uri`
has been relocated to its rightful place inside headers as `Location`.

* OAuth 1 Access Token Endpoint has a new required validator method
`invalidate_request_token`.

* OAuth 1 Authorization Endpoint now returns a 200 response instead of 302 on
`oob` callbacks.

-----

OAuth 1 provider fix for incorrect token param in nonce validation.

-----

OAuth 1 provider refactor. OAuth 2 refresh token validation fix.