Changelog¶
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
- Deprecate
- get_refresh_token get_access_token retrieve_scopes
Version 1.3.2 - 2019-05-16¶
Added
- Instant configuration into
scoped
decorator for inline config changes outside of protected.Version 1.3.1 - 2019-04-25¶
Added
- Support for
False
and None
scopes.Version 1.3.0 - 2019-04-24¶
Added
- #40. Page redirection for static page protection
- Support to be able to individually protect class-based view methods without the decorators property
Version 1.2.2 - 2019-03-14¶
Fixed
- #147.
protected
decorator properly applied to built in views when initialized on a blueprintVersion 1.2.0 - 2018-08-06¶
Added
- Custom claims
- Extra payload validation
- Configuration option:
SANIC_JWT_DO_PROTECTION
Changed
- Invalid tokens now
401
instead of 403
Version 1.1.4 - 2018-08-06¶
Fixed
- Bug with
_do_protect
in @scoped
decoratorVersion 1.1.3 - 2018-08-06¶
Changed
- Exception handling to consistently have a
exception
and reasons
key-
reasons
in exception handling to be consistently formatted-
400
responses for debug
turned off, and 401
when turned onVersion 1.1.2 - 2018-06-18¶
Added
- Ability to send authorization tokens via query string parameters
Version 1.1.1 - 2018-06-14¶
Changed
- Method of passing rquest object
args
and kwargs
to scope handlerVersion 1.1 - 2018-06-03¶
Added
- New handler method:
override_scope_validator
- New handler method:
destructure_scopes
- New decorator method:
inject_user
- Decorator methods copied to
Initialize
class for convenience- New convenience method for extracting
user_id
from request- Feature for decoupling authentication mode for microservices
- Ability to have custom generated refresh tokens
- Subclasses are tested for consistency on
Initialize
Changed
-
Authentication.is_authenticated
to Authentication._check_authentication
-
Authentication.verify
to Authentication._verify
-
Authentication.get_access_token
to Authentication.generate_access_token
-
Authentication.get_refresh_token
to Authentication.generate_refresh_token
-
Authentication.retrieve_scopes
to Authentication.extract_scopes
- Method for getting and setting configurations made dynamic
Fixed
- Verification that a custom payload extender supplies all of the enabled claims
-
abort
bug when using Sanic’s convenience method for exceptionsVersion 1.0.2 - 2018-03-04¶
Fixed
- Typo in docs for refresh token page
- Custom endpoints passing parameters to
BaseEndpoint
Version 1.0.1 - 2018-02-27¶
Added
-
OPTIONS
handler method for BaseEndpoint
Fixed
- Some tests for claims that were not using UTC timestamps
- Consistency of docs with
class_views
Version 1.0.0 - 2018-02-25¶
Added
-
Initialize
class- New methods for adding configuration settings
- Customizable components
- Customizable responses
- Ability to fallback to header based authentication if cookie based fails
- Initialize on a blueprint and isolate configuration
Fixed
-
@protected
implementation on class based views- Usage of signing algorithms with public and private keys
Deprecated
-
SANIC_JWT_PAYLOAD_HANDLER
-
SANIC_JWT_HANDLER_PAYLOAD_EXTEND
-
SANIC_JWT_HANDLER_PAYLOAD_SCOPES
Legend¶
- Added for new features.
- Changed for changes in existing functionality.
- Deprecated for once-stable features removed in upcoming releases.
- Removed for deprecated features removed in this release.
- Fixed for any bug fixes.
- Security to invite users to upgrade in case of vulnerabilities.