nothing yet
1.4.0 (2019-02-22)
- "Backends" are now called "Storages", since the word "backend" means something different in the context of web development. This release is fully backwards-compatible, but deprecation warnings have been added anywhere that you import and use a backend (rather than a storage).
- Add
oauth_before_loginsignal - Add
reprompt_select_accountparameter to google blueprint
1.3.0 (2019-01-14)
- Add
authorization_requireddecorator - Added Authentiq pre-set configuration
1.2.0 (2018-12-05)
- Added
rerequest_declined_permissionsargument to facebook blueprint - Added Reddit pre-set configuration
1.1.0 (2018-09-12)
- Added
tenantargument tomake_azure_blueprint - Added
hosted_domainargument tomake_google_blueprint - Added Okta pre-set configuration
- Added Zoho pre-set configuration
- Updated Azure AD default scopes. See issue 149.
- Only set
auto_refresh_urlinmake_google_blueprintif a token of typeofflineis requested. See issues #143, #144 and #161 for background.
1.0.0 (2018-06-04)
- Flask-Cache is deprecated. Switch to Flask-Caching.
- When using the OAuth 1 blueprint with the SQLAlchemy backend and the
user_requiredargument set toTrue, the backend was trying to load tokens before any were set, causing an exception in the backend. Now, the backend will not attempt to load tokens until the OAuth dance is complete. - Added exception handler around
parse_authorization_responsein OAuth1
0.14.0 (2018-03-14)
- Accessing the
access_tokenproperty on an instance of theOAuth2Sessionclass will now query the token backend, instead of checking the client on the instance. - Pre-set configuration for GitLab provider
0.13.0 (2017-11-12)
- sphinxcontrib-napoleon is no longer required to build the Flask-Dance documentation.
- Added Spotify pre-set configuration
- Added Discord pre-set configuration
- Added an optional
user_requiredargument to the SQLAlchemy backend. When this is enabled, trying to set an OAuth object without an associated user will raise an error.
0.12.0 (2017-10-22)
- Updated the Dropbox configuration to use the v2 authentication URLs
- Added the "require_role" authentication parameter for Dropbox
- Documented all authentication parameters for Dropbox
0.11.1 (2017-07-31)
- Changed Nylas configuration to refer to "client_id" and "client_secret" rather than "api_id" and "api_secret".
0.11.0 (2017-07-24)
- Added the Nylas pre-set configuration
- Improve timezone handling for OAuth 2 token refreshing.
- Update tests and docs regarding
OAuthConsumerMixininheritance. - Fix Dropbox documentation regarding default
login_urlandauthorized_url
0.10.1 (2016-11-21)
- Fixed
make_google_blueprintto includeauto_refresh_urlso that token renewal is automatically handled byrequests-oauthlib
0.10.0 (2016-09-27)
- Added the Azure AD pre-set configuration
- Improve OAuth 2 token auto-refresh
0.9.0 (2016-07-1)
- Allowed an
oauth_authorizedevent handler to return aflask.Responseinstance. If so, that response will be sent to the requesting user.
0.8.3 (2016-05-18)
- Fixed an error that occurred if you were running an unreleased version of Flask, due to the version comparison code. See issue 53. Thanks, @ThiefMaster!
0.8.2 (2015-12-30)
- If the OAuth 1 token request is denied on accessing the login view,
Flask-Dance will now redirect the user and fire the
oauth_errorsignal. This matches the behavior of how Flask-Dance handles OAuth 2 errors.
0.8.1 (2015-12-28)
- Fixed a typo in the Slack configuration, where it would load the OAuth 2 client secret from a config variable named "SLLACK_OAUTH_CLIENT_SECRET" instead of "SLACK_OAUTH_CLIENT_SECRET"
0.8.0 (2015-12-28)
- Added the Slack pre-set configuration
- Fixed a subtle bug where setting the
client_idproperty on an instance ofOAuth2ConsumerBlueprintdid not update the value that theoauthliblibrary uses to create the redirect URL in the login step.client_idis now a dynamic property onOAuth2ConsumerBlueprint, which sets theclient_idproperty on the wrappedoauthlibclient automatically. - Added some debug log statements to
OAuth2ConsumerBlueprint - You can now define a
session_createdmethod on subclasses ofOAuth2ConsumerBlueprint. If you do, it will be called when a Requests session is dynamically created, so that the session can be modified before it is returned.
0.7.1 (2015-12-12)
- Removed the Dictective utility class, and replaced it with
werkzeug.datastructures.CallbackDict. It does the same thing, but it's better tested, and already a part of one of Flask-Dance's dependencies. - If the user hits the
authorizedview without having a "state" variable set in the browser cookies, Flask-Dance will now redirect the user back to theloginview to start the OAuth dance all over again, rather than raising aKeyError.
0.7.0 (2015-08-21)
- Flask-Dance no longer checks for the existence of a
X-Forwarded-Protoheader to determine if generated URLs should use ahttps://scheme. If you are running your application behind a TLS termination proxy, use Werkzeug'sProxyFixmiddleware to inform Flask of that.
0.6.0 (2015-05-12)
- Added the Dropbox pre-set configuration
- Added the Meetup pre-set configuration
- Added the Facebook pre-set configuration
- Flask-Dance now always passes the optional
redirect_uriparameter to the OAuth 2 authorization request, since Dropbox requires it. - Make Flask-Dance provide additional information in errors when providers fail to provide auth tokens
0.5.1 (2015-04-28)
- Make the
authorizedproperty on bothOAuth1SessionandOAuth2Sessiondynamically load the token from the backend
0.5.0 (2015-04-20)
- Redesigned token storage backend system: it now uses objects
Warning
This release is not backwards-compatible, due to the changes to how backends work. If you are using the SQLAlchemy backend, read the documentation to see how it works now!
- Added documentation about OAuth protocol
- Added quickstarts for Google, and for a multi-user SQLAlchemy system
- Added
reprompt_consentparameter to Google pre-set configuration - Added
oauth_errorsignal - If there is an error with the OAuth 2 authorization process, Flask-Dance
will now redirect the user anyway rather than letting the error bubble up
and cause a 500 status code. The
oauth_errorsignal will be fired with information about the error.
0.4.3 (2015-03-09)
OAuth2ConsumerBlueprintnow accepts two new arguments to its constructor:authorization_url_paramsandtoken_url_params- When using the Google pre-set configuration, you can now request offline
access for your OAuth token by passing
offline=Trueto themake_google_blueprintfunction
0.4.2 (2015-03-01)
- Added
anon_userargument toset_token_storage_sqlalchemy()method - Fire
oauth_authorizedsignal before setting token, so that a signal handler can set the logged-in user - You can now indicate that an OAuth token should not be stored by returning
Falsefrom any receiver function that is connected to theoauth_authorizedsignal
0.4.1 (2015-02-28)
OAuth1SessionWithBaseURLhas been renamed toOAuth1Session. The old name still exists as an alias, for backwards compatibility.OAuth2SessionWithBaseURLhas been renamed toOAuth2Session. The old name still exists as an alias, for backwards compatibility.- You can now pass a
useroruser_idobject toblueprint.load_token. OAuth1SessionandOAuth2Sessionnow store a reference to the blueprint, so that you can also callsession.load_token, which is proxied to the blueprint. This method also takesuseroruser_idarguments.
0.4.0 (2015-02-12)
- Renamed
assign_token_to_sessiontoload_token - Added a
from_configdict to OAuthConsumerBlueprint objects. The info in that dict is used to dynamically populate information on the blueprint at runtime from the configuration of the app that the blueprint is bound to. Also set up sensible configuration variable names for the pre-set configurations. - If neither
redirect_urlnorredirect_toare specified, default to redirecting the user to the root of the website (/). Previously, specifying one of these two options was required.
0.3.2 (2015-01-06)
- Added a the Google pre-set configuration.
0.3.1 (2014-12-16)
- Added a new
session_classparameter, so that you can specify a custom requests.Session subclass with custom behavior.
0.3.0 (2014-12-15)
- Changed
OAuthConsumerMixin.created_ontoOAuthConsumerMixin.created_at, to reflect the fact that it is a DateTime, not a Date. If you are upgrading from an older version of Flask-Dance and usingOAuthConsumerMixin, this will require a database migration.
0.2.3 (2014-10-13)
- Renamed
OAuthMixintoOAuthConsumerMixin
0.2.2 (2014-10-13)
- Changed event sender from app to blueprint, to match docs
0.2.1 (2014-10-13)
- Fixed packaging problems
0.2 (2014-10-12)
- Added SQLAlchemy support
- Added Sphinx-based documentation
- Added support for Flask-Login and Flask-Cache
- Switch from
login_callbackdecorator to blinker signals
0.1 (2014-09-15)
- Initial release