Sourced from authlib's releases.

Version 1.6.3

What's Changed

• Add diff-cover check in GHA by @​azmeuk in authlib/authlib#803
• Run GHA unit tests with uv by @​azmeuk in authlib/authlib#805
• Move from pre-commit to prek by @​azmeuk in authlib/authlib#804
• Sign OIDC id_token according to id_token_signed_response_alg client metadata by @​azmeuk in authlib/authlib#802

Full Changelog: https://github.com/authlib/authlib/compare/v1.6.2...v1.6.3

Version 1.6.2

What's Changed

• Allow insecure transport for 127.0.0.1 for debugging by @​geigerzaehler in authlib/authlib#788
• Raise a MissingCodeError when code parameter is missing by @​lepture in authlib/authlib#786
• Temporarily restore OAuth2Request body parameter by @​azmeuk in authlib/authlib#791
• Raise MissingCodeException when code parameter is missing by @​lepture in authlib/authlib#794
• Fix id_token generation with EdDSA alg by @​azmeuk in authlib/authlib#800

Full Changelog: https://github.com/authlib/authlib/compare/v1.6.1...v1.6.2

Sourced from authlib's changelog.

Version 1.6.3

Released on Aug 26, 2025

• OIDC id_token are signed according to id_token_signed_response_alg client metadata. :issue:755

Version 1.6.2

Released on Aug 23, 2025

• Temporarily restore OAuth2Request body parameter. :issue:781 :pr:791
• Allow 127.0.0.1 in insecure transport mode. :pr:788
• Raise MissingCodeException when the code parameter is missing. :issue:793 :pr:794
• Fix id_token generation with EdDSA algs. :issue:799 :pr:800

• dbbfa9a chore: bump to 1.6.3
• bc71165 Merge pull request #802 from azmeuk/755-idtoken-metadata
• 40cfb4e Merge pull request #804 from azmeuk/prek
• d99c771 chore: move from pre-commit to prek
• 83de618 Merge pull request #805 from azmeuk/gha-uv
• b72ee3f chore: run GHA unit tests with uv
• 799fb2a Merge pull request #803 from azmeuk/diff
• 2ce4c7e chore: add diff-cover check in GHA
• 86b1b78 fix: OIDC id_token is signed according to id_token_signed_response_alg client...
• 0d03ee9 test: configure DJANGO_SETTINGS_MODULE with pytest-env
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)