CHANGELOG
#########

This document describes changes between each past release.

0.8.1 (2025-05-01)
==================

- Fixes issue with BrowserID removal

0.8.0 (2025-04-29)
==================

- Remove BrowserID Support

0.7.9 (2024-09-26)
==================

- Python3 support
- Add support for v2 password hashes
- Updated to pyproject.toml
- Updated libraries

0.7.8 (2024-03-14)
==================

- Add retries to the APIClient session

0.7.7 (2020-07-17)
==================

- Fix incorrect validation of JWKs passed to oauth.Client constructor,
  which was actually *preventing* the caller from setting a correct value
  rather than checking that they did so.


0.7.6 (2020-07-10)
==================

- Add ability to configure a fixed list of JWT access token keys,
  by passing them as an argument to `oauth.Client()` rather than
  fetching them at runtime from the server.
- Fix verification of JWT access token `typ` header.
  (Thankfully it was failing closed rather than failing open).
- Fix verification of `scope` list obtained from a JWT access token.
  (Thankfully it was failing closed rather than failing open).


0.7.5 (2020-07-06)
==================

- Add support for `reason` and `verification_method` keyword arguments
  to the `login` method.


0.7.4 (2020-06-10)
==================

- Perform more complete checking of the `state` parameter when authorizing
  an OAuth code.
- When verifying OAuth access tokens, try to verify them locally as a JWT
  rather than passing them to the remote verification endpoint.


0.7.3 (2019-07-26)
==================

- Allow specifying a `ttl` when redeeming an authorization code.


0.7.2 (2019-06-03)
==================

- Several cleans for Python3 compatibility; thanks Tomáš Chvátal!
- Fix a bug could accidentally introduce multiple slashes into
  the result of oauth.Client.get_redirect_url.


0.7.1 (2019-03-18)
==================

- Fix test bustage due to session verification.


0.7.0 (2019-03-18)
==================

- Add support for TOTP.


0.6.0 (2018-05-04)
==================

- Add support for PKCE challenge and response in the OAuth flow.
- Add ability to supply `keys_jwk` when starting an OAuth flow.
- Improve scope-matching logic based on new FxA testcases,
  including handling of URL-format scopes.


0.5.0 (2018-01-12)
==================

- Add ability to login with unblock codes.
- Tell testrunners to ignore some test helper utilities.


0.4.0 (2017-??-??)
==================

- Use `pkg_resources` to handle package version. (#45)
- Add a shortcut for authorizing oauth codes directly from a core.Session,
  rater than requiring the caller to explicitly create an assertion.


0.3.0 (2016-09-07)
==================

- Add a ``verify_email_code(uid, code)`` method to the ``core.Client`` (#43).


0.2.0 (2016-05-11)
==================

- Make sure fxa.tests.utils can be used without installing PyFxA tests dependencies. (#41)


0.1.3 (2016-04-22)
==================

- Update the User-Agent so that we can detect PyFxA calls. (#40)


0.1.2 (2016-04-21)
==================

- Correctly send request to the Auth server.


0.1.1 (2016-01-13)
==================

- Correctly configure cert duration while generating BrowserID Assertion (#39)


0.1.0 (2016-01-07)
==================

- Add fxa-client CLI tool (#36)
- Remove support for Python 2.6 (#38)


0.0.9 (2015-08-15)
==================

- Remove the mention stating that PyFxA is still highly experimental (#31)
- Do not rely on the package to be installed in order to be used (#32)


0.0.8 (2015-08-14)
==================

- Update setup.py to handle utf-8 characters in README and CHANGES files (#29)
- Add cache functionality to the Auth plugins (#30)


0.0.7 (2015-07-23)
==================

- Use grequests if available to use PyFxA with the gevent ecosystem.
- Add the oauth /destroy operation.
- Profile fetch skips fields you don't have permission to read.
- Add the BrowserID requests Auth module and related HTTPie plugin.
- Add the BearerToken requests Auth module and related HTTPie plugin.
- Add PyOpenSSL support for secure SSL requests handling with Python 2.


0.0.6 (2015-03-20)
==================

- Expose unicode in oauth cache, not bytestrings.


0.0.5 (2015-03-19)
==================

- Specify minimum required version of `requests` dependency.


0.0.4 (2015-03-11)
==================

- Add a basic API for retrieving profile information
   with an OAuth token.


0.0.3 (2015-02-20)
==================

- Refacotor oauth.Client to take id/secret as constructor args.
- Add basic caching on oauth token verification.
- Accept option "/v1" suffix on server URLs.
- Add get_identity_assertion() method to core.Session.
- Add methods to oauth.Client for authorizing codes and tokens.
- Add a new error hierarchy for trust-related errors.
- Additional sanity-checking in oauth scope checks.


0.0.2 (2015-01-05)
==================

- Initial release; includes basic auth and oauth functionality.
