Changelog

Here you can see the full list of changes between each Flask-OAuthlib release.

Version 0.9.5

Released on May 16, 2018

  • Fix error handlers
  • Update supported OAuthlib
  • Add support for string type token

Version 0.9.4

Released on Jun 9, 2017

  • Handle HTTP Basic Auth for client’s access to token endpoint (#301)
  • Allow having access tokens without expiration date (#311)
  • Log exception traceback. (#281)

Version 0.9.3

Released on Jun 2, 2016

  • Revert the wrong implement of non credential oauth2 require auth
  • Catch all exceptions in OAuth2 providers
  • Bugfix for examples, docs and other things

Version 0.9.2

Released on Nov 3, 2015

  • Bugfix in client parse_response when body is none.
  • Update contrib client by @tonyseek
  • Typo fix for OAuth1 provider
  • Fix OAuth2 provider on non credential clients by @Fleurer

Version 0.9.1

Released on Mar 9, 2015

  • Improve on security.
  • Fix on contrib client.

Version 0.9.0

Released on Feb 3, 2015

  • New feature for contrib client, which will become the official client in the future via #136 and #176.
  • Add appropriate headers when making POST request for access toke via #169.
  • Use a local copy of instance ‘request_token_params’ attribute to avoid side effects via #177.
  • Some minor fixes of contrib by Hsiaoming Yang.

Version 0.8.0

Released on Dec 3, 2014

  • New feature for generating refresh tokens
  • Add new function OAuth2Provider.verify_request() for non vanilla Flask projects
  • Some small bugfixes

Version 0.7.0

Released on Aug 20, 2014

Version 0.6.0

Released on Jul 29, 2014

  • Compatible with OAuthLib 0.6.2 and 0.6.3
  • Add invalid_response decorator to handle invalid request
  • Add error_message for OAuthLib Request.

Version 0.5.0

Released on May 13, 2014

  • Add contrib.apps module, thanks for tonyseek via #94.
  • Status code changed to 401 for invalid access token via #93.
  • Security bug for access token via #92.
  • Fix for client part, request token params for OAuth1 via #91.
  • API change for oauth.require_oauth via #89.
  • Fix for OAuth2 provider, support client authentication for authorization-code grant type via #86.
  • Fix client_credentials logic in validate_grant_type via #85.
  • Fix for client part, pass access token method via #83.
  • Fix for OAuth2 provider related to confidential client via #82.

Upgrade From 0.4.x to 0.5.0

API for OAuth providers oauth.require_oauth has changed.

Before the change, you would write code like:

@app.route('/api/user')
@oauth.require_oauth('email')
def user(req):
    return jsonify(req.user)

After the change, you would write code like:

from flask import request

@app.route('/api/user')
@oauth.require_oauth('email')
def user():
    return jsonify(request.oauth.user)

Thanks Stian Prestholdt and Jiangge Zhang.

Version 0.4.3

Released on Feb 18, 2014

  • OAuthlib released 0.6.1, which caused a bug in oauth2 provider.
  • Validation for scopes on oauth2 right via #72.
  • Handle empty response for application/json via #69.

Version 0.4.2

Released on Jan 3, 2014

Happy New Year!

  • Add param state in authorize method via #63.
  • Bugfix for encoding error in Python 3 via #65.

Version 0.4.1

Released on Nov 25, 2013

  • Add access_token on request object via #53.
  • Bugfix for lazy loading configuration via #55.

Version 0.4.0

Released on Nov 12, 2013

  • Redesign contrib library.
  • A new way for lazy loading configuration via #51.
  • Some bugfixes.

Version 0.3.4

Released on Oct 31, 2013

  • Bugfix for client missing a string placeholder via #49.
  • Bugfix for client property getter via #48.

Version 0.3.3

Released on Oct 4, 2013

  • Support for token generator in OAuth2 Provider via #42.
  • Improve client part, improve test cases.
  • Fix scope via #44.

Version 0.3.2

Released on Sep 13, 2013

  • Upgrade oauthlib to 0.6
  • A quick bugfix for request token params via #40.

Version 0.3.1

Released on Aug 22, 2013

  • Add contrib module via #15. We are still working on it, take your own risk.
  • Add example of linkedin via #35.
  • Compatible with new proposals of oauthlib.
  • Bugfix for client part.
  • Backward compatible for lower version of Flask via #37.

Version 0.3.0

Released on July 10, 2013.

  • OAuth1 Provider available. Documentation at OAuth1 Server. :)
  • Add before_request and after_request via #22.
  • Lazy load configuration for client via #23. Documentation at Lazy Configuration.
  • Python 3 compatible now.

Version 0.2.0

Released on June 19, 2013.

  • OAuth2 Provider available. Documentation at OAuth2 Server. :)
  • Make client part testable.
  • Change extension name of client from oauth-client to oauthlib.client.

Version 0.1.1

Released on May 23, 2013.

  • Fix setup.py

Version 0.1.0

First public preview release on May 18, 2013.