1.0 KiB
1.0 KiB
Change Log
All notable changes to this project will be documented in this file.
0.2.4 - 2015-12-13
Changed
- Replace
next_url
parameter with more generalstate
(though we're keepingnext_url
for backward compatibility for now)
0.2.3
Changed
- Fix; fall back to indieauth.com when no authorization_endpoint is specified (previous fix broke this).
0.2.2
Changed
- Fix vulnerability; re-discover the authorization_endpoint and token_endpoint at each stage in the flow. Prevents a buggy or malicious authorization_endpoint from giving you credentials for another user's domain name.
0.2.1 - 2015-02-07
Changed
- Updated setup.py, no functional changes
0.2.0 - 2015-02-07
Changed
- Started keeping a changelog!
- Added a separate 'authenticate' flow to provide explicit support for calling out to indieauth without requesting any sort of access token.
- Redirect_url is now determined automatically based on the authenticated_handler or authorized_handler annotations