Remove token and Update to 1.7.0

.github/workflows/test.yml

@@ -9,17 +9,16 @@ jobs:
       fail-fast: false
       max-parallel: 5
       matrix:
-        python-version: ['3.9']
-
+        python-version: ['3.9', '3.10']
+        django-version: ['3.2']
     steps:
     - uses: actions/checkout@v2
 
-    - name: Set up Python ${{ matrix.python-version }}
+    - name: Set up Python ${{ matrix.python-version }} Django ${{ matrix.django-version }})
       uses: actions/setup-python@v2
       with:
         python-version: ${{ matrix.python-version }}
 
-
     - name: Get pip cache dir
       id: pip-cache
       run: |
@@ -42,6 +41,8 @@ jobs:
     - name: Tox tests
       run: |
         tox -v
+      env:
+        DJANGO: ${{ matrix.django-version }}
 
     - name: Upload coverage
       uses: codecov/codecov-action@v1

.pre-commit-config.yaml

@@ -1,11 +1,11 @@
 repos:
-  - repo: https://github.com/ambv/black
-    rev: 20.8b1
+  - repo: https://github.com/psf/black
+    rev: 21.12b0
     hooks:
       - id: black
         exclude: ^(oauth2_provider/migrations/|tests/migrations/)
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.2.0
+    rev: v4.1.0
     hooks:
       - id: check-ast
       - id: trailing-whitespace
@@ -16,12 +16,12 @@ repos:
       - id: mixed-line-ending
         args: ['--fix=lf']
   - repo: https://github.com/PyCQA/isort
-    rev: 5.6.3
+    rev: 5.10.1
     hooks:
       - id: isort
         exclude: ^(oauth2_provider/migrations/|tests/migrations/)
-  - repo: https://gitlab.com/pycqa/flake8
-    rev: 3.8.4
+  - repo: https://github.com/PyCQA/flake8
+    rev: 4.0.1
     hooks:
       - id: flake8
         exclude: ^(oauth2_provider/migrations/|tests/migrations/)

.readthedocs.yml

@@ -1,15 +1,29 @@
-# .readthedocs.yml
+# .readthedocs.yaml
 # Read the Docs configuration file
 # See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
 
 # Required
 version: 2
 
+# Set the version of Python and other tools you might need
+build:
+  os: ubuntu-20.04
+  tools:
+    python: "3.9"
+    # You can also specify other tool versions:
+    # nodejs: "16"
+    # rust: "1.55"
+    # golang: "1.17"
+
 # Build documentation in the docs/ directory with Sphinx
 sphinx:
-  configuration: docs/conf.py
+   configuration: docs/conf.py
+
+# If using Sphinx, optionally build your docs in additional formats such as PDF
+# formats:
+#    - pdf
 
+# Optionally declare the Python requirements required to build your docs
 python:
-  version: 3.7
-  install:
-    - requirements: docs/requirements.txt
+   install:
+   - requirements: docs/requirements.txt

AUTHORS

@@ -1,17 +1,19 @@
 Authors
-=======
+-------
 
 Massimiliano Pippi
 Federico Frenguelli
 
 Contributors
-============
+------------
 
 Abhishek Patel
 Alan Crosswell
 Aleksander Vaskevich
 Alessandro De Angelis
+Alex Szabó
 Allisson Azevedo
+Andrew Chen Wang
 Anvesh Agarwal
 Aristóbulo Meneses
 Aryan Iyappan
@@ -22,21 +24,32 @@ Bas van Oostveen
 Dave Burkholder
 David Fischer
 David Smith
+Dawid Wolski
 Diego Garcia
 Dulmandakh Sukhbaatar
 Dylan Giesler
+Dylan Tack
 Emanuele Palazzetti
 Federico Dolce
 Frederico Vieira
+Hasan Ramezani
+Hossein Shakiba
 Hiroki Kiyohara
 Jens Timmerman
 Jerome Leclanche
 Jim Graham
+Jonas Nygaard Pedersen
 Jonathan Steffan
+Jozef Knaperek
 Jun Zhou
 Kristian Rune Larsen
+Michael Howitz
+Paul Dekkers
 Paul Oswald
 Pavel Tvrdík
+Patrick Palacin
+Peter Carnesciali
+Petr Dlouhý
 Rodney Richardson
 Rustem Saiargaliev
 Sandro Rodrigues
@@ -46,5 +59,12 @@ Spencer Carroll
 Stéphane Raimbault
 Tom Evans
 Will Beaufoy
+Rustem Saiargaliev
+Jadiel Teófilo
 pySilver
 Łukasz Skarżyński
+Shaheed Haque
+Vinay Karanam
+Eduardo Oliveira
+Andrea Greco
+Dominik George

CHANGELOG.md

@@ -14,6 +14,75 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Security
   -->
 
+## [1.7.0] 2022-01-23
+
+### Added
+* #969 Add batching of expired token deletions in `cleartokens` management command and `models.clear_expired()`
+  to improve performance for removal of large numers of expired tokens. Configure with
+  [`CLEAR_EXPIRED_TOKENS_BATCH_SIZE`](https://django-oauth-toolkit.readthedocs.io/en/latest/settings.html#clear-expired-tokens-batch-size) and
+  [`CLEAR_EXPIRED_TOKENS_BATCH_INTERVAL`](https://django-oauth-toolkit.readthedocs.io/en/latest/settings.html#clear-expired-tokens-batch-interval).
+* #1070 Add a Celery task for clearing expired tokens, e.g. to be scheduled as a [periodic task](https://docs.celeryproject.org/en/stable/userguide/periodic-tasks.html).
+* #1062 Add Brazilian Portuguese (pt-BR) translations.
+* #1069 OIDC: Add an alternate form of
+  [get_additional_claims()](https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#adding-claims-to-the-id-token)
+  which makes the list of additional `claims_supported` available at the OIDC auto-discovery endpoint (`.well-known/openid-configuration`).
+
+### Fixed
+* #1012 Return 200 status code with `{"active": false}` when introspecting a nonexistent token
+  per [RFC 7662](https://datatracker.ietf.org/doc/html/rfc7662#section-2.2). It had been incorrectly returning 401.
+
+## [1.6.3] 2022-01-11
+
+### Fixed
+* #1085 Fix for #1083 admin UI search for idtoken results in `django.core.exceptions.FieldError: Cannot resolve keyword 'token' into field.`
+
+### Added
+* #1085 Add admin UI search fields for additional models.
+
+## [1.6.2] 2022-01-06
+
+**NOTE: This release reverts an inadvertently-added breaking change.**
+
+### Fixed
+
+* #1056 Add missing migration triggered by [Django 4.0 changes to the migrations autodetector](https://docs.djangoproject.com/en/4.0/releases/4.0/#migrations-autodetector-changes).
+* #1068 Revert #967 which incorrectly changed an API. See #1066.
+
+## [1.6.1] 2021-12-23
+
+### Changed
+* Note: Only Django 4.0.1+ is supported due to a regression in Django 4.0.0. [Explanation](https://github.com/jazzband/django-oauth-toolkit/pull/1046#issuecomment-998015272)
+
+### Fixed
+* Miscellaneous 1.6.0 packaging issues.
+
+## [1.6.0] 2021-12-19
+### Added
+* #949 Provide django.contrib.auth.authenticate() with a `request` for compatibiity with more backends (like django-axes).
+* #968, #1039 Add support for Django 3.2 and 4.0.
+* #953 Allow loopback redirect URIs using random ports as described in [RFC8252 section 7.3](https://datatracker.ietf.org/doc/html/rfc8252#section-7.3).
+* #972 Add Farsi/fa language support.
+* #978 OIDC: Add support for [rotating multiple RSA private keys](https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#rotating-the-rsa-private-key).
+* #978 OIDC: Add new [OIDC_JWKS_MAX_AGE_SECONDS](https://django-oauth-toolkit.readthedocs.io/en/latest/settings.html#oidc-jwks-max-age-seconds) to improve `jwks_uri` caching.
+* #967 OIDC: Add [additional claims](https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#adding-claims-to-the-id-token) beyond `sub` to the id_token.
+* #1041 Add a search field to the Admin UI (e.g. for search for tokens by email address).
+
+### Changed
+* #981 Require redirect_uri if multiple URIs are registered per [RFC6749 section 3.1.2.3](https://datatracker.ietf.org/doc/html/rfc6749#section-3.1.2.3)
+* #991 Update documentation of [REFRESH_TOKEN_EXPIRE_SECONDS](https://django-oauth-toolkit.readthedocs.io/en/latest/settings.html#refresh-token-expire-seconds) to indicate it may be `int` or `datetime.timedelta`.
+* #977 Update [Tutorial](https://django-oauth-toolkit.readthedocs.io/en/stable/tutorial/tutorial_01.html#) to show required `include`.
+
+### Removed
+* #968 Remove support for Django 3.0 & 3.1 and Python 3.6
+* #1035 Removes default_app_config for Django Deprecation Warning
+* #1023 six should be dropped
+
+### Fixed
+* #963 Fix handling invalid hex values in client query strings with a 400 error rather than 500.
+* #973 [Tutorial](https://django-oauth-toolkit.readthedocs.io/en/latest/tutorial/tutorial_01.html#start-your-app) updated to use `django-cors-headers`.
+* #956 OIDC: Update documentation of [get_userinfo_claims](https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#adding-information-to-the-userinfo-service) to add the missing argument.
+
+
 ## [1.5.0] 2021-03-18
 
 ### Added

CODE_OF_CONDUCT.md

@@ -0,0 +1,46 @@
+# Code of Conduct
+
+As contributors and maintainers of the Jazzband projects, and in the interest of
+fostering an open and welcoming community, we pledge to respect all people who
+contribute through reporting issues, posting feature requests, updating documentation,
+submitting pull requests or patches, and other activities.
+
+We are committed to making participation in the Jazzband a harassment-free experience
+for everyone, regardless of the level of experience, gender, gender identity and
+expression, sexual orientation, disability, personal appearance, body size, race,
+ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+- The use of sexualized language or imagery
+- Personal attacks
+- Trolling or insulting/derogatory comments
+- Public or private harassment
+- Publishing other's private information, such as physical or electronic addresses,
+  without explicit permission
+- Other unethical or unprofessional conduct
+
+The Jazzband roadies have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are not
+aligned to this Code of Conduct, or to ban temporarily or permanently any contributor
+for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+By adopting this Code of Conduct, the roadies commit themselves to fairly and
+consistently applying these principles to every aspect of managing the jazzband
+projects. Roadies who do not follow or enforce the Code of Conduct may be permanently
+removed from the Jazzband roadies.
+
+This code of conduct applies both within project spaces and in public spaces when an
+individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by
+contacting the roadies at `[email protected]`. All complaints will be reviewed and
+investigated and will result in a response that is deemed necessary and appropriate to
+the circumstances. Roadies are obligated to maintain confidentiality with regard to the
+reporter of an incident.
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version
+1.3.0, available at [https://contributor-covenant.org/version/1/3/0/][version]
+
+[homepage]: https://contributor-covenant.org
+[version]: https://contributor-covenant.org/version/1/3/0/

LICENSE

@@ -2,13 +2,13 @@ Copyright (c) 2013, Massimiliano Pippi, Federico Frenguelli and contributors
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met: 
+modification, are permitted provided that the following conditions are met:
 
 1. Redistributions of source code must retain the above copyright notice, this
-   list of conditions and the following disclaimer. 
+   list of conditions and the following disclaimer.
 2. Redistributions in binary form must reproduce the above copyright notice,
    this list of conditions and the following disclaimer in the documentation
-   and/or other materials provided with the distribution. 
+   and/or other materials provided with the distribution.
 
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
@@ -22,5 +22,5 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 The views and conclusions contained in the software and documentation are those
-of the authors and should not be interpreted as representing official policies, 
+of the authors and should not be interpreted as representing official policies,
 either expressed or implied, of the FreeBSD Project.

README.rst

@@ -18,6 +18,14 @@ Django OAuth Toolkit
    :target: https://codecov.io/gh/jazzband/django-oauth-toolkit
    :alt: Coverage
 
+.. image:: https://img.shields.io/pypi/pyversions/django-oauth-toolkit.svg
+   :target: https://pypi.org/project/django-oauth-toolkit/
+   :alt: Supported Python versions
+
+.. image:: https://img.shields.io/pypi/djversions/django-oauth-toolkit.svg
+   :target: https://pypi.org/project/django-oauth-toolkit/
+   :alt: Supported Django versions
+
 If you are facing one or more of the following:
  * Your Django app exposes a web API you want to protect with OAuth2 authentication,
  * You need to implement an OAuth2 authorization server to provide tokens management for your infrastructure,
@@ -27,6 +35,10 @@ capabilities to your Django projects. Django OAuth Toolkit makes extensive use o
 `OAuthLib <https://github.com/idan/oauthlib>`_, so that everything is
 `rfc-compliant <http://tools.ietf.org/html/rfc6749>`_.
 
+Note: If you have issues installing Django 4.0.0, it is because we only support
+Django 4.0.1+ due to a regression in Django 4.0.0. Besides 4.0.0, Django 2.2+ is supported.
+`Explanation <https://github.com/jazzband/django-oauth-toolkit/pull/1046#issuecomment-998015272>`_.
+
 Contributing
 ------------
 
@@ -41,8 +53,8 @@ Please report any security issues to the JazzBand security team at <security@jaz
 Requirements
 ------------
 
-* Python 3.6+
-* Django 2.1+
+* Python 3.7+
+* Django 2.2, 3.2, or >=4.0.1
 * oauthlib 3.1+
 
 Installation