Bump django-oauth-toolkit from 1.7.1 to 2.1.0

[dependabot]

Bumps django-oauth-toolkit from 1.7.1 to 2.1.0.

Release notes

Sourced from django-oauth-toolkit's releases.

Release 2.1.0

WARNING

Issues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before performing a MAJOR upgrade to 2.x.

These issues both result in {"error": "invalid_client"}:

1. The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.

2. PKCE_REQUIRED is now True by default. You should use PKCE with your client or set PKCE_REQUIRED=False if you are unable to fix the client.

Added

• #1164 Support prompt=login for the OIDC Authorization Code Flow end user Authentication Request.
• #1163 Add French (fr) translations.
• #1166 Add Spanish (es) translations.

Changed

• #1152 createapplication management command enhanced to display an auto-generated secret before it gets hashed.
• #1172, #1159, #1158 documentation improvements.

Fixed

• #1147 Fixed 2.0.0 implementation of hashed client secret to work with swapped models.

Release 2.0.0

What's Changed

• WIP: Hash application client secrets using Django password hashing by @​n2ygk in jazzband/django-oauth-toolkit#1093
• OIDC: Add "scopes_supported" to openid-configuration. by @​n2ygk in jazzband/django-oauth-toolkit#1106
• OIDC: Standard scopes to determine which claims are returned by @​n2ygk in jazzband/django-oauth-toolkit#1108
• Prevent the tests/migrations directory from getting packaged by @​brianhelba in jazzband/django-oauth-toolkit#1118
• Topic/1112 by @​daffyd in jazzband/django-oauth-toolkit#1113
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jazzband/django-oauth-toolkit#1109
• Fix broken import in doc by @​CarlSchwan in jazzband/django-oauth-toolkit#1121
• Security BCP: Remove OOB by @​n2ygk in jazzband/django-oauth-toolkit#1124
• Revert 1070 (Celery tasks.py) by @​n2ygk in jazzband/django-oauth-toolkit#1126
• Pin Jinja2 version per sphinx-doc/sphinx#10291 by @​n2ygk in jazzband/django-oauth-toolkit#1134
• Missed updating master branch version to 1.7.1 by @​n2ygk in jazzband/django-oauth-toolkit#1133
• Update createapplication command by @​vector-kerr in jazzband/django-oauth-toolkit#1132
• Add tutorial for Celery task setup. by @​n2ygk in jazzband/django-oauth-toolkit#1128
• chore: .gitignore local development files by @​dopry in jazzband/django-oauth-toolkit#1137
• feat: Update PKCE_REQUIRED to true by default by @​dopry in jazzband/django-oauth-toolkit#1129
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jazzband/django-oauth-toolkit#1139
• sphinx-lint by @​JulienPalard in jazzband/django-oauth-toolkit#1142
• Corrections to resource server documentation by @​n2ygk in jazzband/django-oauth-toolkit#1136
• Add help wanted to the README by @​n2ygk in jazzband/django-oauth-toolkit#1144
• Release 2.0.0 by @​n2ygk in jazzband/django-oauth-toolkit#1145

New Contributors

• @​brianhelba made their first contribution in jazzband/django-oauth-toolkit#1118

... (truncated)

Changelog

Sourced from django-oauth-toolkit's changelog.

[2.1.0] 2022-06-19

WARNING

Issues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before performing a MAJOR upgrade to 2.x.

These issues both result in {"error": "invalid_client"}:

1. The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.

2. PKCE_REQUIRED is now True by default. You should use PKCE with your client or set PKCE_REQUIRED=False if you are unable to fix the client.

Added

• #1164 Support prompt=login for the OIDC Authorization Code Flow end user Authentication Request.
• #1163 Add French (fr) translations.
• #1166 Add Spanish (es) translations.

Changed

• #1152 createapplication management command enhanced to display an auto-generated secret before it gets hashed.
• #1172, #1159, #1158 documentation improvements.

Fixed

• #1147 Fixed 2.0.0 implementation of hashed client secret to work with swapped models.

[2.0.0] 2022-04-24

This is a major release with BREAKING changes. Please make sure to review these changes before upgrading:

Added

• #1106 OIDC: Add "scopes_supported" to the ConnectDiscoveryInfoView. This completes the view to provide all the REQUIRED and RECOMMENDED OpenID Provider Metadata.
• #1128 Documentation: Tutorial on using Celery to automate clearing expired tokens.

Changed

• #1129 (Breaking) Changed default value of PKCE_REQUIRED to True. This is a breaking change. Clients without PKCE enabled will fail to authenticate. This breaks with section 5 of RFC7636 in favor of the OAuth2 Security Best Practices for Authorization Code Grants. If you want to retain the pre-2.x behavior, set PKCE_REQUIRED = False in your settings.py
• #1093 (Breaking) Changed to implement hashed client_secret values. This is a breaking change that will migrate all your existing cleartext application.client_secret values to be hashed with Django's default password hashing algorithm and can not be reversed. When adding or modifying an Application in the Admin console, you must copy the auto-generated or manually-entered client_secret before hitting Save.
• #1108 OIDC: (Breaking) Add default configurable OIDC standard scopes that determine which claims are returned. If you've customized OIDC responses and want to retain the pre-2.x behavior, set oidc_claim_scope = None in your subclass of OAuth2Validator.
• #1108 OIDC: Make the access_token available to get_oidc_claims when called from get_userinfo_claims.
• #1132: Added --algorithm argument to createapplication management command

... (truncated)

Commits

• 890657d Release 2.1.0 (#1175)
• b94f69e Added list_select_related to reduce duplicate SQL queries in admin UI (#1177)
• 007a5c4 [pre-commit.ci] pre-commit autoupdate (#1176)
• a12a56e Remove bulk_create due to changed behavior between dj32 and dj40. (#1171)
• f4136bf [pre-commit.ci] pre-commit autoupdate (#1174)
• 40b0de1 fixed typo which caused incorrect display of code block (#1172)
• 155bef3 Run hasher migration on swapped models (#1147)
• 307d07d Corrected typo (#1158)
• 7518956 Adds french translation file (#1163)
• 0f18817 support prompt login (#1164)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #618.