Mozilla-django-oidc

Latest version: v4.0.1

Safety actively analyzes 682404 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 4

1.0.0

===================

* Add OIDC_AUTHENTICATION_CALLBACK_URL as a new configuration parameter
* Fail earlier when JWS algorithm does not OIDC_RP_SIGN_ALGO.
Thanks `anlutro <https://github.com/anlutro>`_
* RS256 verification through ``settings.OIDC_OP_JWKS_ENDPOINT``
Thanks `GermanoGuerrini <https://github.com/GermanoGuerrini>`_
* Refactor OIDCAuthenticationBackend so that token retrieval methods can be overridden in a subclass when you need to.

Backwards-incompatible changes:

* ``OIDC_OP_LOGOUT_URL_METHOD`` takes a ``request`` parameter now.
* Changed name of ``RefreshIDToken`` middleware to ``SessionRefresh``.


.. _`anlutro`: https://github.com/anlutro

0.6.0

===================

* Add e2e tests and automation
* Add caching for exempt URLs
* Fix logout when session refresh fails

0.5.0

===================

* Add Django 2.0 support
* Fix tox configuration

Backwards-incompatible changes:

* Drop Django 1.10 support

0.4.2

===================

* Fix OIDC_USERNAME_ALGO to actually load dotted import path of callback.
* Add verify_claims method for advanced authentication checks

0.4.1

===================

* Send bytes to josepy. Fixes python3 support.

0.4.0

===================

Security issues:

* **High**: Replace python-jose with josepy and use pyca/cryptography instead of pycrypto (CVE-2013-7459).

Backwards-incompatible changes:

* ``OIDC_RP_IDP_SIGN_KEY`` no longer uses the JWK json as ``dict`` but PEM or DER keys instead.

Page 3 of 4

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.