- Removed the Dictective utility class, and replaced it with
werkzeug.datastructures.CallbackDict. It does the same thing, but it's better tested, and already a part of one of Flask-Dance's dependencies.
- Flask-Dance no longer checks for the existence of a
X-Forwarded-Protoheader to determine if generated URLs should use ahttps://scheme. If you are running your application behind a TLS termination proxy, use Werkzeug'sProxyFixmiddleware to inform Flask of that.
- Added the Dropbox pre-set configuration
- Added the Meetup pre-set configuration
- Added the Facebook pre-set configuration
- Flask-Dance now always passes the optional
redirect_uriparameter to the OAuth 2 authorization request, since Dropbox requires it. - Make Flask-Dance provide additional information in errors when providers fail to provide auth tokens
- Make the
authorizedproperty on bothOAuth1SessionandOAuth2Sessiondynamically load the token from the backend
- Redesigned token storage backend system: it now uses objects
Warning
This release is not backwards-compatible, due to the changes to how backends work. If you are using the SQLAlchemy backend, read the documentation to see how it works now!
- Added documentation about OAuth protocol
- Added quickstarts for Google, and for a multi-user SQLAlchemy system
- Added
reprompt_consentparameter to Google pre-set configuration - Added
oauth_errorsignal - If there is an error with the OAuth 2 authorization process, Flask-Dance
will now redirect the user anyway rather than letting the error bubble up
and cause a 500 status code. The
oauth_errorsignal will be fired with information about the error.
OAuth2ConsumerBlueprintnow accepts two new arguments to its constructor:authorization_url_paramsandtoken_url_params- When using the Google pre-set configuration, you can now request offline
access for your OAuth token by passing
offline=Trueto themake_google_blueprintfunction
- Added
anon_userargument toset_token_storage_sqlalchemy()method - Fire
oauth_authorizedsignal before setting token, so that a signal handler can set the logged-in user - You can now indicate that an OAuth token should not be stored by returning
Falsefrom any receiver function that is connected to theoauth_authorizedsignal
OAuth1SessionWithBaseURLhas been renamed toOAuth1Session. The old name still exists as an alias, for backwards compatibility.OAuth2SessionWithBaseURLhas been renamed toOAuth2Session. The old name still exists as an alias, for backwards compatibility.- You can now pass a
useroruser_idobject toblueprint.load_token. OAuth1SessionandOAuth2Sessionnow store a reference to the blueprint, so that you can also callsession.load_token, which is proxied to the blueprint. This method also takesuseroruser_idarguments.
- Renamed
assign_token_to_sessiontoload_token - Added a
from_configdict to OAuthConsumerBlueprint objects. The info in that dict is used to dynamically populate information on the blueprint at runtime from the configuration of the app that the blueprint is bound to. Also set up sensible configuration variable names for the pre-set configurations. - If neither
redirect_urlnorredirect_toare specified, default to redirecting the user to the root of the website (/). Previously, specifying one of these two options was required.
- Added a the Google pre-set configuration.
- Added a new
session_classparameter, so that you can specify a custom requests.Session subclass with custom behavior.
- Changed
OAuthConsumerMixin.created_ontoOAuthConsumerMixin.created_at, to reflect the fact that it is a DateTime, not a Date. If you are upgrading from an older version of Flask-Dance and usingOAuthConsumerMixin, this will require a database migration.
- Renamed
OAuthMixintoOAuthConsumerMixin
- Changed event sender from app to blueprint, to match docs
- Fixed packaging problems
- Added SQLAlchemy support
- Added Sphinx-based documentation
- Added support for Flask-Login and Flask-Cache
- Switch from
login_callbackdecorator to blinker signals
- Initial release