Full Changelog: v1.6.10...v1.6.11

• Fix CSRF issue with starlette client

Full Changelog: v1.6.9...v1.6.10

• Fix redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError.

Full Changelog: v1.6.8...v1.6.9

Changes in jose module

• Not using header's jwk automatically
• Add ES256K into default jwt algorithms
• Remove deprecated algorithm from default registry
• Generate random cek when cek length doesn't match

Full Changelog: v1.6.7...v1.6.8

• Add EdDSA to default jwt instance.

Full Changelog: v1.6.6...v1.6.7

Set supported algorithms for the default jwt instance.

What's Changed

• fix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by @shc261392 in #778
• Fix: Use expires_in when expires_at is unparsable by @bendavis78 in #842
• get_jwt_config takes a client parameter. by @azmeuk in #844

New Contributors

• @shc261392 made their first contribution in #778
• @bendavis78 made their first contribution in #842

Full Changelog: v1.6.5...v1.6.6

What's Changed

• Add a request param to RFC7591 generate_client_info and generate_client_secret methods by @azmeuk in #825
• feat: support list params in prepare_grant_uri by @lisongmin in #827
• chore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by @dependabot[bot] in #828
• fix(jose): add max size for JWE zip=DEF decompression by @lepture in #830

New Contributors

• @lisongmin made their first contribution in #827
• @dependabot[bot] made their first contribution in #828

Full Changelog: v1.6.4...v1.6.5

What's Changed

• fix(jose): prevent public/unprotected header overwriting protected header by @lepture in #809
• Fix InsecureTransportError raising by @azmeuk in #810
• Add conventional-commits pre-commit hook by @azmeuk in #811
• Fix response_mode=form_post with Starlette client by @azmeuk in #812
• Specify README.md as project long description by @EpicWink in #817
• Migrate tests to pytest paradigm by @azmeuk in #813
• jose/jws: Reject unprotected ‘crit’ and enforce type; add tests by @AL-Cybision in #823
• Use explicit *.test urls in unit tests by @azmeuk in #824

New Contributors

• @EpicWink made their first contribution in #817
• @AL-Cybision made their first contribution in #823

Full Changelog: v1.6.3...v1.6.4

What's Changed

• Add diff-cover check in GHA by @azmeuk in #803
• Run GHA unit tests with uv by @azmeuk in #805
• Move from pre-commit to prek by @azmeuk in #804
• Sign OIDC id_token according to id_token_signed_response_alg client metadata by @azmeuk in #802

Full Changelog: v1.6.2...v1.6.3

What's Changed

• Allow insecure transport for 127.0.0.1 for debugging by @geigerzaehler in #788
• Raise a MissingCodeError when code parameter is missing by @lepture in #786
• Temporarily restore OAuth2Request body parameter by @azmeuk in #791
• Raise MissingCodeException when code parameter is missing by @lepture in #794
• Fix id_token generation with EdDSA alg by @azmeuk in #800

Full Changelog: v1.6.1...v1.6.2