Sourced from authlib[fastapi]'s releases.

v1.6.4

What's Changed

• fix(jose): prevent public/unprotected header overwriting protected header by @​lepture in authlib/authlib#809
• Fix InsecureTransportError raising by @​azmeuk in authlib/authlib#810
• Add conventional-commits pre-commit hook by @​azmeuk in authlib/authlib#811
• Fix response_mode=form_post with Starlette client by @​azmeuk in authlib/authlib#812
• Specify README.md as project long description by @​EpicWink in authlib/authlib#817
• Migrate tests to pytest paradigm by @​azmeuk in authlib/authlib#813
• jose/jws: Reject unprotected ‘crit’ and enforce type; add tests by @​AL-Cybision in authlib/authlib#823
• Use explicit *.test urls in unit tests by @​azmeuk in authlib/authlib#824

New Contributors

• @​EpicWink made their first contribution in authlib/authlib#817
• @​AL-Cybision made their first contribution in authlib/authlib#823

Full Changelog: https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4

Sourced from authlib[fastapi]'s changelog.

Version 1.6.4

Released on Sep 17, 2025

• Fix InsecureTransportError error raising. :issue:795
• Fix response_mode=form_post with Starlette client. :issue:793
• Validate crit header value, reject unprotected header in crit header.

• 09a5185 chore: release 1.6.4
• 6b1813e chore: merge branch 'fix-jose-crit'
• 99e330f Merge pull request #824 from azmeuk/test-urls
• bd14be1 test: use explicit *.test url in unit tests
• 55e8517 fix(jose): Reject unprotected ‘crit’ and enforce type; add tests (#823)
• 06f0813 fix(jose): validate crit header when deserialize
• eb07119 fix(jose): validate crit header parameters
• 72a00e7 fix: typo in diff-cover GHA step
• 49d0f47 Merge pull request #813 from azmeuk/pytest-paradigm
• bafecc4 Merge pull request #817 from EpicWink/pyproject-readme
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)