micropub-flask-gitea/CHANGELOG.md

# Change Log
All notable changes to this project will be documented in this file.


## 0.2.7 - 2016-03-18
### Changed
- Allow all 2xx responses to indicate success.

## 0.2.6 - 2016-03-18
### Changed
- Support discovering endpoints from HTTP Link headers in addition
  to searching the body of the page.

## 0.2.5 - 2016-01-27
### Changed
- Bugfix: authorization_handler was burning the auth code by
  delegating to authentication_handler. This broke authorization for
  endpoints that only allow codes to be used once. A side effect of
  this is that authorization no longer falls back to authentication
  when there is no token_endpoint or the token_endpoint request fails.

## 0.2.4 - 2015-12-13
### Changed
- Replace `next_url` parameter with more general `state`
  (though we're keeping `next_url` for backward compatibility for now)

## 0.2.3
### Changed
- Fix; fall back to indieauth.com when no authorization_endpoint is
  specified (previous fix broke this).

## 0.2.2
### Changed
- Fix vulnerability; re-discover the authorization_endpoint and
  token_endpoint at each stage in the flow. Prevents a buggy or
  malicious authorization_endpoint from giving you credentials for
  another user's domain name.

## 0.2.1 - 2015-02-07
### Changed
- Updated setup.py, no functional changes

## 0.2.0 - 2015-02-07
### Changed
- Started keeping a changelog!
- Added a separate 'authenticate' flow to provide explicit support for
  calling out to indieauth without requesting any sort of access
  token.
- Redirect_url is now determined automatically based on the
  authenticated_handler or authorized_handler annotations
added authentication-only flow - Added a separate 'authenticate' flow to provide explicit support for calling out to indieauth without requesting any sort of access token. - Redirect_url is now determined automatically based on the authenticated_handler or authorized_handler annotations 2015-02-07 17:40:31 +00:00			`# Change Log`
			`All notable changes to this project will be documented in this file.`

update changelog 2016-03-18 19:28:00 +00:00
			`## 0.2.7 - 2016-03-18`
			`### Changed`
			`- Allow all 2xx responses to indicate success.`

Support discovering endpoints from HTTP Link headers in addition to searching the body of the page. 2016-03-18 16:30:49 +00:00			`## 0.2.6 - 2016-03-18`
			`### Changed`
			`- Support discovering endpoints from HTTP Link headers in addition`
			`to searching the body of the page.`

Do not burn auth codes by authenticating before requesting an access token This broke authorization for endpoints that only allow a code to be used once (e.g. Known). A side effect is that authorization no longer falls back to authentication if the token endpoint does not exist or returns an error. 2016-01-27 15:24:55 +00:00			`## 0.2.5 - 2016-01-27`
			`### Changed`
			`- Bugfix: authorization_handler was burning the auth code by`
			`delegating to authentication_handler. This broke authorization for`
			`endpoints that only allow codes to be used once. A side effect of`
			`this is that authorization no longer falls back to authentication`
			`when there is no token_endpoint or the token_endpoint request fails.`

Replace next_url parameter with the more general and useful state 2015-12-14 03:50:54 +00:00			`## 0.2.4 - 2015-12-13`
			`### Changed`
			- Replace `next_url` parameter with more general `state`
			(though we're keeping `next_url` for backward compatibility for now)

increment version 0.2.3 2015-06-22 06:40:44 +01:00			`## 0.2.3`
Replace next_url parameter with the more general and useful state 2015-12-14 03:50:54 +00:00			`### Changed`
increment version 0.2.3 2015-06-22 06:40:44 +01:00			`- Fix; fall back to indieauth.com when no authorization_endpoint is`
			`specified (previous fix broke this).`

do not cache endpoints Caching these would have allowed a malicious or buggy auth/token_endpoint combination to give you credentials for another user's domain name. 2015-05-31 17:16:40 +01:00			`## 0.2.2`
Replace next_url parameter with the more general and useful state 2015-12-14 03:50:54 +00:00			`### Changed`
do not cache endpoints Caching these would have allowed a malicious or buggy auth/token_endpoint combination to give you credentials for another user's domain name. 2015-05-31 17:16:40 +01:00			`- Fix vulnerability; re-discover the authorization_endpoint and`
			`token_endpoint at each stage in the flow. Prevents a buggy or`
			`malicious authorization_endpoint from giving you credentials for`
			`another user's domain name.`

			`## 0.2.1 - 2015-02-07`
Replace next_url parameter with the more general and useful state 2015-12-14 03:50:54 +00:00			`### Changed`
do not cache endpoints Caching these would have allowed a malicious or buggy auth/token_endpoint combination to give you credentials for another user's domain name. 2015-05-31 17:16:40 +01:00			`- Updated setup.py, no functional changes`

added authentication-only flow - Added a separate 'authenticate' flow to provide explicit support for calling out to indieauth without requesting any sort of access token. - Redirect_url is now determined automatically based on the authenticated_handler or authorized_handler annotations 2015-02-07 17:40:31 +00:00			`## 0.2.0 - 2015-02-07`
			`### Changed`
			`- Started keeping a changelog!`
			`- Added a separate 'authenticate' flow to provide explicit support for`
			`calling out to indieauth without requesting any sort of access`
			`token.`
			`- Redirect_url is now determined automatically based on the`
			`authenticated_handler or authorized_handler annotations`