Skip to content

fix(deps): update dependency authlib to v1

renovate requested to merge renovate/authlib-1.x into master

This MR contains the following updates:

Package Change Age Adoption Passing Confidence
Authlib (source) ^0.15.5 -> ^1.0.0 age adoption passing confidence

Release Notes



Compare Source

  • Fix authenticate_none method, via #​438.
  • Allow to pass in alternative signing algorithm to RFC7523 authentication methods via #​447.
  • Fix missing_token for Flask OAuth client, via #​448.
  • Allow openid in any place of the scope, via #​449.
  • Security fix for validating essential value on blank value in JWT, via #​445.


Compare Source

We have dropped support for Python 2 in this release. We have removed built-in SQLAlchemy integration.

OAuth Client Changes:

The whole framework client integrations have been restructured, if you are using the client properly, e.g. oauth.register(...), it would work as before.

OAuth Provider Changes:

In Flask OAuth 2.0 provider, we have removed the deprecated OAUTH2_JWT_XXX configuration, instead, developers should define .get_jwt_config on OpenID extensions and grant types.

SQLAlchemy integrations has been removed from Authlib. Developers should define the database by themselves.

JOSE Changes

  • JWS has been renamed to JsonWebSignature
  • JWE has been renamed to JsonWebEncryption
  • JWK has been renamed to JsonWebKey
  • JWT has been renamed to JsonWebToken

The "Key" model has been re-designed, checkout the JSON Web Key for updates.

Added ES256K algorithm for JWS and JWT.

Breaking Changes: find how to solve the deprecate issues via


📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, click this checkbox.

This MR has been generated by Renovate Bot.

Edited by renovate

Merge request reports