Bump authlib from 1.5.2 to 1.6.3
Open
Number: #15
Type: Pull Request
State: Open
Type: Pull Request
State: Open
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: None
Comments: 0
dependabot[bot]Association: None
Comments: 0
Created:
August 27, 2025 at 07:07 AM UTC
(about 1 month ago)
(about 1 month ago)
Updated:
August 27, 2025 at 07:07 AM UTC
(about 1 month ago)
(about 1 month ago)
Labels:
dependencies python
dependencies python
Description:
Bumps authlib from 1.5.2 to 1.6.3.
Release notes
Sourced from authlib's releases.
Version 1.6.3
What's Changed
- Add diff-cover check in GHA by
@azmeukin authlib/authlib#803- Run GHA unit tests with uv by
@azmeukin authlib/authlib#805- Move from pre-commit to prek by
@azmeukin authlib/authlib#804- Sign OIDC id_token according to
id_token_signed_response_algclient metadata by@azmeukin authlib/authlib#802Full Changelog: https://github.com/authlib/authlib/compare/v1.6.2...v1.6.3
Version 1.6.2
What's Changed
- Allow insecure transport for 127.0.0.1 for debugging by
@geigerzaehlerin authlib/authlib#788- Raise a MissingCodeError when code parameter is missing by
@lepturein authlib/authlib#786- Temporarily restore OAuth2Request body parameter by
@azmeukin authlib/authlib#791- Raise MissingCodeException when code parameter is missing by
@lepturein authlib/authlib#794- Fix id_token generation with EdDSA alg by
@azmeukin authlib/authlib#800Full Changelog: https://github.com/authlib/authlib/compare/v1.6.1...v1.6.2
Version 1.6.1
- Filter key set with additional "alg" and "use" parameters.
Version 1.6.0
- Fix issue when RFC9207 is enabled and the authorization endpoint response is not a redirection. [pull request #733](authlib/authlib#733)
- Fix missing state parameter in authorization error responses. [issue #525](authlib/authlib#525)
- Support for acr and amr claims in id_token. [issue #734](authlib/authlib#734)
- Support for the none JWS algorithm.
- Fix response_types strict order during dynamic client registration. [issue #760](authlib/authlib#760)
- Implement RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR). [issue #723](authlib/authlib#723)
- OIDC UserInfo endpoint support. [issue #459](authlib/authlib#459)
Changelog
Sourced from authlib's changelog.
Version 1.6.3
Released on Aug 26, 2025
- OIDC
id_tokenare signed according toid_token_signed_response_algclient metadata. :issue:755Version 1.6.2
Released on Aug 23, 2025
- Temporarily restore
OAuth2Requestbodyparameter. :issue:781:pr:791- Allow
127.0.0.1in insecure transport mode. :pr:788- Raise
MissingCodeExceptionwhen thecodeparameter is missing. :issue:793:pr:794- Fix
id_tokengeneration withEdDSAalgs. :issue:799:pr:800Version 1.6.1
Released on Jul 20, 2025
- Filter key set with additional "alg" and "use" parameters.
- Restore and deprecate
OAuth2Requestbodyparameter. :issue:781Version 1.6.0
Released on May 22, 2025
- Fix issue when :rfc:
RFC9207 <9207>is enabled and the authorization endpoint response is not a redirection. :pr:733- Fix missing
stateparameter in authorization error responses. :issue:525- Support for
acrandamrclaims inid_token. :issue:734- Support for the
noneJWS algorithm.- Fix
response_typesstrict order during dynamic client registration. :issue:760- Implement :rfc:
RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) <9101>. :issue:723- OIDC :class:
UserInfo endpoint <authlib.oidc.core.userinfo.UserInfoEndpoint>support. :issue:459
Commits
dbbfa9achore: bump to 1.6.3bc71165Merge pull request #802 from azmeuk/755-idtoken-metadata40cfb4eMerge pull request #804 from azmeuk/prekd99c771chore: move from pre-commit to prek83de618Merge pull request #805 from azmeuk/gha-uvb72ee3fchore: run GHA unit tests with uv799fb2aMerge pull request #803 from azmeuk/diff2ce4c7echore: add diff-cover check in GHA86b1b78fix: OIDC id_token is signed according to id_token_signed_response_alg client...0d03ee9test: configure DJANGO_SETTINGS_MODULE with pytest-env- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Pull Request Statistics
Commits:
1
1
Files Changed:
1
1
Additions:
+1
+1
Deletions:
-1
-1
Package Dependencies
Technical Details
| ID: | 5863960 |
| UUID: | 2777395148 |
| Node ID: | PR_kwDOOp-ZZM6li6_M |
| Host: | GitHub |
| Repository: | auth0/auth0-api-python |
| Merge State: | Unknown |