- Drop support for Python 3.8 (3.8 is EOL since Oct 2024)
- Remove upper version pins of dependencies
- Support friendly names for SAML assertions (set
'saml_friendly_names': True
in the auth provider settings) - Include more verbose authentication data in
IdentityRetrievalFailed
exception details
- Reject invalid
next
URLs with backslashes that could be used to trick browsers into redirecting to an otherwise disallowed host when doing client-side redirects
- Ensure only valid schemas (http and https) can be used when validating the
next
URL - Deprecate the
flask_multipass.__version__
attribute
- Skip LDAP users that do not have the specified
uid
attribute set instead of failing with an error
- Skip LDAP group members that do not have the specified
uid
attribute set instead of failing with an error
- Add
ldap_or_authinfo
identity provider which behaves exactly like theldap
provider, but if the user cannot be found in LDAP, it falls back to the data from the auth provider (typically shibboleth)
- Fix compatibility with Python 3.8 and 3.9
- Drop support for Python 3.7 and older (3.7 is EOL since June 2023)
- Declare explicit compatibility with Python 3.11
- Support werkzeug 3.0
- Fail more gracefully if Authlib (OIDC) login provider is down
- Support authlib 1.1 (remove upper version pin)
- Fix LDAP TLS configuration
- Declare explicit compatibility with Python 3.10
- Support authlib 1.0.0rc1 (up to 1.0.x)
- Log details when getting oauth token fails
- Support authlib 1.0.0b2
- Add
saml
provider which supports SAML without the need for Shibboleth and Apache
- Fix LDAP group membership checks on servers that are not using
ad_group_style
- Support authlib 1.0.0a2
- Drop support for Python 2; Python 3.6+ is now required
- Validate
next
URL to avoid having an open redirector
- Fix authlib dependency to work with 1.0.0a1 (which no longer has a
client
extra)
- Add missing dependencies for
ldap
andsqlalchemy
extras - Add support for authlib 1.0.0a1
- Add explicit support for Python 3.9
- Require a recent
python-ldap
version when enabling theldap
extra.
- Add
search_identities_ex
which allows more a flexible search with the option to specify the max number of results to return while also returning the total number of found identities.
- Breaking change: Replace
oauth
provider withauthlib
. - Breaking change: Drop support for Python 3.4 and 3.5.
- The new authlib provider supports OIDC (OpenID-Connect) in addition to regular OAuth.
- Make
ldap
provider compatible with Python 3.
- Add option to get all groups for an identity.
- Initial release