Changelog¶

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Deprecate

get_refresh_token get_access_token retrieve_scopes

Version 1.3.2 - 2019-05-16¶

Added

- Instant configuration into scoped decorator for inline config changes outside of protected.

Version 1.3.1 - 2019-04-25¶

Added

- Support for False and None scopes.

Changed
- Use request.args instead of request.query_args to resolve Depracation Warning.

Version 1.3.0 - 2019-04-24¶

Added
- #40. Page redirection for static page protection
- Support to be able to individually protect class-based view methods without the decorators property

Version 1.2.2 - 2019-03-14¶

Changed
- #148. Exception message on refresh token intialization

Fixed
- #147. protected decorator properly applied to built in views when initialized on a blueprint

Version 1.2.1 - 2018-12-04¶

Fixed
- #143. Security bug resolved on empty tokens

Version 1.2.0 - 2018-08-06¶

Added
- Custom claims
- Extra payload validation
- Configuration option: SANIC_JWT_DO_PROTECTION

Changed
- Invalid tokens now 401 instead of 403

Version 1.1.4 - 2018-08-06¶

Fixed
- Bug with _do_protect in @scoped decorator

Version 1.1.3 - 2018-08-06¶

Changed
- Exception handling to consistently have a exception and reasons key
- reasons in exception handling to be consistently formatted
- 400 responses for debug turned off, and 401 when turned on

Fixed
- #110. Preflight methods now properly handled
- #114. Proper use of utils.call to allow for sync and async retrieve_user functions
- #116. Proper error reporting on malformed tokens
- #118. Proper error reporting on expired token for /auth/me and /auth/refresh by applying @protected decorators

Version 1.1.2 - 2018-06-18¶

Added
- Ability to send authorization tokens via query string parameters

Version 1.1.1 - 2018-06-14¶

Changed
- Method of passing rquest object args and kwargs to scope handler

Version 1.1 - 2018-06-03¶

Added
- New handler method: override_scope_validator
- New handler method: destructure_scopes
- New decorator method: inject_user
- Decorator methods copied to Initialize class for convenience
- New convenience method for extracting user_id from request
- Feature for decoupling authentication mode for microservices
- Ability to have custom generated refresh tokens
- Subclasses are tested for consistency on Initialize

Changed
- Authentication.is_authenticated to Authentication._check_authentication
- Authentication.verify to Authentication._verify
- Authentication.get_access_token to Authentication.generate_access_token
- Authentication.get_refresh_token to Authentication.generate_refresh_token
- Authentication.retrieve_scopes to Authentication.extract_scopes
- Method for getting and setting configurations made dynamic

Fixed
- Verification that a custom payload extender supplies all of the enabled claims
- abort bug when using Sanic’s convenience method for exceptions

Version 1.0.2 - 2018-03-04¶

Fixed
- Typo in docs for refresh token page
- Custom endpoints passing parameters to BaseEndpoint

Version 1.0.1 - 2018-02-27¶

Added
- OPTIONS handler method for BaseEndpoint

Fixed
- Some tests for claims that were not using UTC timestamps
- Consistency of docs with class_views

Version 1.0.0 - 2018-02-25¶

Added
- Initialize class
- New methods for adding configuration settings
- Customizable components
- Customizable responses
- Ability to fallback to header based authentication if cookie based fails
- Initialize on a blueprint and isolate configuration

Fixed
- @protected implementation on class based views
- Usage of signing algorithms with public and private keys

Deprecated
- SANIC_JWT_PAYLOAD_HANDLER
- SANIC_JWT_HANDLER_PAYLOAD_EXTEND
- SANIC_JWT_HANDLER_PAYLOAD_SCOPES

Legend¶

Added for new features.
Changed for changes in existing functionality.
Deprecated for once-stable features removed in upcoming releases.
Removed for deprecated features removed in this release.
Fixed for any bug fixes.
Security to invite users to upgrade in case of vulnerabilities.