Bump django-oauth-toolkit from 1.7.1 to 2.3.0

[dependabot]

Bumps django-oauth-toolkit from 1.7.1 to 2.3.0.

Release notes

Sourced from django-oauth-toolkit's releases.

Release 2.3.0

[2.3.0] 2023-05-31

WARNING

Issues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before performing a MAJOR upgrade to 2.x.

These issues both result in {"error": "invalid_client"}:

1. The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.

2. PKCE_REQUIRED is now True by default. You should use PKCE with your client or set PKCE_REQUIRED=False if you are unable to fix the client.

Added

• Add Japanese(日本語) Language Support
• #1244 implement OIDC RP-Initiated Logout
• #1092 Allow Authorization Code flow without a client_secret per RFC 6749 2.3.1

Changed

• #1222 Remove expired ID tokens alongside access tokens in cleartokens management command
• #1267, #1253, #1251, #1250, #1224, #1212, #1211 Various documentation improvements

Release 2.2.0

[2.2.0] 2022-10-18

WARNING

Issues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before performing a MAJOR upgrade to 2.x.

These issues both result in {"error": "invalid_client"}:

1. The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.

2. PKCE_REQUIRED is now True by default. You should use PKCE with your client or set PKCE_REQUIRED=False if you are unable to fix the client.

Added

• #1208 Add 'code_challenge_method' parameter to authorization call in documentation
• #1182 Add 'code_verifier' parameter to token requests in documentation

Changed

• #1203 Support Django 4.1.

Fixed

• #1203 Remove upper version bound on Django, to allow upgrading to Django 4.1.1 bugfix release.
• #1210 Handle oauthlib errors on create token requests

... (truncated)

Changelog

Sourced from django-oauth-toolkit's changelog.

[2.3.0] 2023-05-31

WARNING

Issues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before performing a MAJOR upgrade to 2.x.

These issues both result in {"error": "invalid_client"}:

1. The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.

2. PKCE_REQUIRED is now True by default. You should use PKCE with your client or set PKCE_REQUIRED=False if you are unable to fix the client.

Added

• Add Japanese(日本語) Language Support
• #1244 implement OIDC RP-Initiated Logout
• #1092 Allow Authorization Code flow without a client_secret per RFC 6749 2.3.1

Changed

• #1222 Remove expired ID tokens alongside access tokens in cleartokens management command
• #1267, #1253, #1251, #1250, #1224, #1212, #1211 Various documentation improvements

[2.2.0] 2022-10-18

Added

• #1208 Add 'code_challenge_method' parameter to authorization call in documentation
• #1182 Add 'code_verifier' parameter to token requests in documentation

Changed

• #1203 Support Django 4.1.

Fixed

• #1203 Remove upper version bound on Django, to allow upgrading to Django 4.1.1 bugfix release.
• #1210 Handle oauthlib errors on create token requests

[2.1.0] 2022-06-19

Added

• #1164 Support prompt=login for the OIDC Authorization Code Flow end user Authentication Request.
• #1163 Add French (fr) translations.
• #1166 Add Spanish (es) translations.

Changed

• #1152 createapplication management command enhanced to display an auto-generated secret before it gets hashed.
• #1172, #1159, #1158 documentation improvements.

Fixed

• #1147 Fixed 2.0.0 implementation of hashed client secret to work with swapped models.

[2.0.0] 2022-04-24

... (truncated)

Commits

• 13a6143 Release 2.3.0 (#1279)
• 4c4da73 Revert "Pin flake8 version until flake8-quotes catches up." (#1278)
• 64faa9e Allow Authorization Code flow without a client_secret - Initial commit with P...
• 016c6c3 tests: Fix typo (#1271)
• 29da530 Fix RP-initiated Logout with expired Django session (#1270)
• 11294ab Implement OIDC RP-Initiated Logout (#1244)
• 25f6de5 Actualize docs about AuthenticationMiddleware (#1267)
• 9dd1033 Test on Django 4.2 (#1264)
• edc47bf [pre-commit.ci] pre-commit autoupdate (#1261)
• 769c0a2 Upgrade GitHub Actions (#1256)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

Superseded by #1040.