- When using the Discord configuration with
prompt
set toNone
, pass the string "none" in the URL, to follow the Discord developer documentation.
`7.1.0`_ (2024-03-05)
- Set
auto_refresh_url
automatically inmake_azure_blueprint
when theoffline_access
scope is included, thereby enabling automatic token refresh - Allow returning a custom response from a
oauth_error
signal handler.
`7.0.1`_ (2024-01-05)
- Support Werkzeug 3
7.0.0 (2023-05-10)
- Removed Twitter pre-set configuration
- Added Dexcom pre-set configuration
- Added support for authorization flow with PKCE
6.2.0 (2022-10-12)
- Added ORCID and ORCID sandbox provider
- Switched from setuptools to flit for packaging
6.1.1 (2022-08-22)
- Switched from
setup.cfg
topyproject.toml
- Added an "install_required" marker to the tests that require this project
to be installed before the tests can pass. To run all tests _except_ those,
run
pytest -m "not install_required"
.
6.1.0 (2022-08-05)
- Switched from deprecated
flask._app_ctx_stack
to storing app state onflask.g
instead. This should support Flask 2.3.0. - Added OpenStreetMap (OSM) provider
6.0.0 (2022-04-05)
- Added support for Flask 2.1 and Werkzeug 2.1
- Minimum supported version of Flask is now 2.0.3
- Codebase is now linted using isort
5.1.0 (2021-11-01)
- Added Fitbit pre-set configuration
5.0.0 (2020-05-12)
- Added support for Flask 2.0 and Werkzeug 2.0.
- Minimum supported version of Flask is now 1.0.4.
- BaseOAuthConsumerBlueprint now accepts a
rule_kwargs
parameter, which allows you to configure how the OAuth routes are configured. All of the pre-set configurations have been updated to also accept arule_kwargs
parameter as well. - The blueprint classes and the pre-set configurations now use keyword-only arguments, as defined in PEP-3102.
4.0.0 (2021-04-10)
- Dropped support for Python 2 and Python 3.5
- If you are using the SQLAlchemy token storage, this project now depends on
SQLAlchemy version 1.3.11 and above.
sqlalchemy-utils
is no longer necessary. - Added
verify_tls_certificates
option tomake_gitlab_blueprint
- Added Twitch pre-set configuration
3.3.1 (2021-03-01)
- Added
hostname
option to themake_salesforce_blueprint
- Added
is_sandbox
option to themake_salesforce_blueprint
- Changed base url for make_salesforce_blueprint
3.3.0 (2021-02-25)
- Added Atlassian pre-set configuration
- Added Salesforce pre-set configuration
- Added
offline
option tomake_dropbox_blueprint
- Added
prompt
option tomake_discord_blueprint
- Added
subdomain
option tomake_slack_blueprint
3.2.0 (2020-11-24)
Added Digital Ocean pre-set configuration
3.1.0 (2020-10-29)
- Updated Discord to use the new discord.com instead of the old discordapp.com
- Add Strava pre-set configuration
3.0.0 (2019-10-21)
- Updated Meetup and Nylas pre-set configurations
to include the
client_id
in the OAuth token request. - Removed Okta pre-set configuration, since it doesn't add any value over
using
OAuth2ConsumerBlueprint
directly. - Updated Azure to allow defining
authorization_url_params
2.2.0 (2019-06-04)
- Added Heroku pre-set configuration
2.1.0 (2019-05-15)
- Flask-Dance now provides a
betamax_record_flask_dance
testing fixture, for recording and replaying HTTP requests using Betamax. See the testing documentation for more information. - Added LinkedIn pre-set configuration
2.0.0 (2019-03-30)
- The backwards-compatible references to "backend" have been removed. Use "storage" instead.
- The columns defined in
OAuthConsumerMixin
now setnullable=False
. If you are using the SQLAlchemy storage and are upgrading from a previous version of Flask-Dance, you may want to do a database migration. - Previously, Flask-Dance had an undocumented
feature where it would automatically redirect based on a
next
parameter in the URL. This undocumented feature has been removed. - All pre-set configurations now use a consistent naming scheme for pulling client IDs and client secrets from the app config. The following configurations have changed: Dropbox, Meetup, Twitter, and Zoho.
- Replace
lazy
dependency with werkzeug.utils.cached_property
1.4.0 (2019-02-22)
- "Backends" are now called "Storages", since the word "backend" means something different in the context of web development. This release is fully backwards-compatible, but deprecation warnings have been added anywhere that you import and use a backend (rather than a storage).
- Add
oauth_before_login
signal - Add
reprompt_select_account
parameter to google blueprint
1.3.0 (2019-01-14)
- Add
authorization_required
decorator - Added Authentiq pre-set configuration
1.2.0 (2018-12-05)
- Added
rerequest_declined_permissions
argument to facebook blueprint - Added Reddit pre-set configuration
1.1.0 (2018-09-12)
- Added
tenant
argument tomake_azure_blueprint
- Added
hosted_domain
argument tomake_google_blueprint
- Added Okta pre-set configuration
- Added Zoho pre-set configuration
- Updated Azure AD default scopes. See issue 149.
- Only set
auto_refresh_url
inmake_google_blueprint
if a token of typeoffline
is requested. See issues #143, #144 and #161 for background.
1.0.0 (2018-06-04)
- Flask-Cache is deprecated. Switch to Flask-Caching.
- When using the OAuth 1 blueprint with the SQLAlchemy backend and the
user_required
argument set toTrue
, the backend was trying to load tokens before any were set, causing an exception in the backend. Now, the backend will not attempt to load tokens until the OAuth dance is complete. - Added exception handler around
parse_authorization_response
in OAuth1
0.14.0 (2018-03-14)
- Accessing the
access_token
property on an instance of theOAuth2Session
class will now query the token backend, instead of checking the client on the instance. - Pre-set configuration for GitLab provider
0.13.0 (2017-11-12)
- sphinxcontrib-napoleon is no longer required to build the Flask-Dance documentation.
- Added Spotify pre-set configuration
- Added Discord pre-set configuration
- Added an optional
user_required
argument to the SQLAlchemy backend. When this is enabled, trying to set an OAuth object without an associated user will raise an error.
0.12.0 (2017-10-22)
- Updated the Dropbox configuration to use the v2 authentication URLs
- Added the "require_role" authentication parameter for Dropbox
- Documented all authentication parameters for Dropbox
0.11.1 (2017-07-31)
- Changed Nylas configuration to refer to "client_id" and "client_secret" rather than "api_id" and "api_secret".
0.11.0 (2017-07-24)
- Added the Nylas pre-set configuration
- Improve timezone handling for OAuth 2 token refreshing.
- Update tests and docs regarding
OAuthConsumerMixin
inheritance. - Fix Dropbox documentation regarding default
login_url
andauthorized_url
0.10.1 (2016-11-21)
- Fixed
make_google_blueprint
to includeauto_refresh_url
so that token renewal is automatically handled byrequests-oauthlib
0.10.0 (2016-09-27)
- Added the Azure AD pre-set configuration
- Improve OAuth 2 token auto-refresh
0.9.0 (2016-07-1)
- Allowed an
oauth_authorized
event handler to return aflask.Response
instance. If so, that response will be sent to the requesting user.
0.8.3 (2016-05-18)
- Fixed an error that occurred if you were running an unreleased version of Flask, due to the version comparison code. See issue 53. Thanks, @ThiefMaster!
0.8.2 (2015-12-30)
- If the OAuth 1 token request is denied on accessing the login view,
Flask-Dance will now redirect the user and fire the
oauth_error
signal. This matches the behavior of how Flask-Dance handles OAuth 2 errors.
0.8.1 (2015-12-28)
- Fixed a typo in the Slack configuration, where it would load the OAuth 2 client secret from a config variable named "SLLACK_OAUTH_CLIENT_SECRET" instead of "SLACK_OAUTH_CLIENT_SECRET"
0.8.0 (2015-12-28)
- Added the Slack pre-set configuration
- Fixed a subtle bug where setting the
client_id
property on an instance ofOAuth2ConsumerBlueprint
did not update the value that theoauthlib
library uses to create the redirect URL in the login step.client_id
is now a dynamic property onOAuth2ConsumerBlueprint
, which sets theclient_id
property on the wrappedoauthlib
client automatically. - Added some debug log statements to
OAuth2ConsumerBlueprint
- You can now define a
session_created
method on subclasses ofOAuth2ConsumerBlueprint
. If you do, it will be called when a Requests session is dynamically created, so that the session can be modified before it is returned.
0.7.1 (2015-12-12)
- Removed the Dictective utility class, and replaced it with
werkzeug.datastructures.CallbackDict
. It does the same thing, but it's better tested, and already a part of one of Flask-Dance's dependencies. - If the user hits the
authorized
view without having a "state" variable set in the browser cookies, Flask-Dance will now redirect the user back to thelogin
view to start the OAuth dance all over again, rather than raising aKeyError
.
0.7.0 (2015-08-21)
- Flask-Dance no longer checks for the existence of a
X-Forwarded-Proto
header to determine if generated URLs should use ahttps://
scheme. If you are running your application behind a TLS termination proxy, use Werkzeug'sProxyFix
middleware to inform Flask of that.
0.6.0 (2015-05-12)
- Added the Dropbox pre-set configuration
- Added the Meetup pre-set configuration
- Added the Facebook pre-set configuration
- Flask-Dance now always passes the optional
redirect_uri
parameter to the OAuth 2 authorization request, since Dropbox requires it. - Make Flask-Dance provide additional information in errors when providers fail to provide auth tokens
0.5.1 (2015-04-28)
- Make the
authorized
property on bothOAuth1Session
andOAuth2Session
dynamically load the token from the backend
0.5.0 (2015-04-20)
- Redesigned token storage backend system: it now uses objects
Warning
This release is not backwards-compatible, due to the changes to how backends work. If you are using the SQLAlchemy backend, read the documentation to see how it works now!
- Added documentation about OAuth protocol
- Added quickstarts for Google, and for a multi-user SQLAlchemy system
- Added
reprompt_consent
parameter to Google pre-set configuration - Added
oauth_error
signal - If there is an error with the OAuth 2 authorization process, Flask-Dance
will now redirect the user anyway rather than letting the error bubble up
and cause a 500 status code. The
oauth_error
signal will be fired with information about the error.
0.4.3 (2015-03-09)
OAuth2ConsumerBlueprint
now accepts two new arguments to its constructor:authorization_url_params
andtoken_url_params
- When using the Google pre-set configuration, you can now request offline
access for your OAuth token by passing
offline=True
to themake_google_blueprint
function
0.4.2 (2015-03-01)
- Added
anon_user
argument toset_token_storage_sqlalchemy()
method - Fire
oauth_authorized
signal before setting token, so that a signal handler can set the logged-in user - You can now indicate that an OAuth token should not be stored by returning
False
from any receiver function that is connected to theoauth_authorized
signal
0.4.1 (2015-02-28)
OAuth1SessionWithBaseURL
has been renamed toOAuth1Session
. The old name still exists as an alias, for backwards compatibility.OAuth2SessionWithBaseURL
has been renamed toOAuth2Session
. The old name still exists as an alias, for backwards compatibility.- You can now pass a
user
oruser_id
object toblueprint.load_token
. OAuth1Session
andOAuth2Session
now store a reference to the blueprint, so that you can also callsession.load_token
, which is proxied to the blueprint. This method also takesuser
oruser_id
arguments.
0.4.0 (2015-02-12)
- Renamed
assign_token_to_session
toload_token
- Added a
from_config
dict to OAuthConsumerBlueprint objects. The info in that dict is used to dynamically populate information on the blueprint at runtime from the configuration of the app that the blueprint is bound to. Also set up sensible configuration variable names for the pre-set configurations. - If neither
redirect_url
norredirect_to
are specified, default to redirecting the user to the root of the website (/
). Previously, specifying one of these two options was required.
0.3.2 (2015-01-06)
- Added a the Google pre-set configuration.
0.3.1 (2014-12-16)
- Added a new
session_class
parameter, so that you can specify a custom requests.Session subclass with custom behavior.
0.3.0 (2014-12-15)
- Changed
OAuthConsumerMixin.created_on
toOAuthConsumerMixin.created_at
, to reflect the fact that it is a DateTime, not a Date. If you are upgrading from an older version of Flask-Dance and usingOAuthConsumerMixin
, this will require a database migration.
0.2.3 (2014-10-13)
- Renamed
OAuthMixin
toOAuthConsumerMixin
0.2.2 (2014-10-13)
- Changed event sender from app to blueprint, to match docs
0.2.1 (2014-10-13)
- Fixed packaging problems
0.2 (2014-10-12)
- Added SQLAlchemy support
- Added Sphinx-based documentation
- Added support for Flask-Login and Flask-Cache
- Switch from
login_callback
decorator to blinker signals
0.1 (2014-09-15)
- Initial release