Safety vulnerability ID: 51645
The information on this page was manually curated by our Cybersecurity Intelligence Team.
[This advisory has been limited. Please create a free account to view the full advisory.]
Latest version: 1.6.6
The ultimate Python library in building OAuth and OpenID Connect servers and clients.
[This affected versions has been limited. Please create a free account to view the full affected versions.]
[This fixed versions has been limited. Please create a free account to view the full fixed versions.]
-------------
**Released on Sep 13, 2022**
This release contains breaking changes and security fixes.
- Allow to pass ``claims_options`` to Framework OpenID Connect clients, via :gh:`PR446`.
- Fix ``.stream`` with context for HTTPX OAuth clients, via :gh:`PR465`.
- Fix Starlette OAuth client for cache store, via :gh:`PR478`.
**Breaking changes**:
- Raise ``InvalidGrantError`` for invalid code, redirect_uri and no user errors in OAuth
2.0 server.
- The default ``authlib.jose.jwt`` would only work with JSON Web Signature algorithms, if
you would like to use JWT with JWE algorithms, please pass the algorithms parameter::
jwt = JsonWebToken(['A128KW', 'A128GCM', 'DEF'])
**Security fixes**: CVE-2022-39175 and CVE-2022-39174, both related to JOSE.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application