[7.0.1] - 2021-08-10¶
- Removed dropped
require_iatoptions from jwt.decode and instead used
requireoption with both
iat. For more info visit this: https://pyjwt.readthedocs.io/en/stable/changelog.html#dropped-deprecated-require-options-in-jwt-decode
- This fixes an error in previous release which had a multiple breaking changes
[7.0.0] - 2021-08-03¶
- BREAKING CHANGE:
generate_jwt_token: Now returns string (instead of bytes), and no longer requires decoding. This was to keep consistent with change to
jwt.encodein pyjwt upgrade (see below).
- BREAKING CHANGE: Upgraded dependency
pyjwt[crypto]to 2.1.0, which introduces its own breaking changes that may affect consumers of this library. Pay careful attention to the 2.0.0 breaking changes documented in https://pyjwt.readthedocs.io/en/stable/changelog.html#v2-0-0.
[6.5.0] - 2021-02-12¶
- Added a new custom attribute jwt_auth_failed to both monitor failures, and to help prepare for future refactors.
[6.2.0] - 2020-08-24¶
[6.1.2] - 2020-07-19¶
- _get_user_from_jwt no longer throws an UnsupportedMediaType error for failing to parse “new user” requests.
[6.1.1] - 2020-07-19¶
- Latest drf-jwt is throwing error in case of any other Authorization Header. Fixing that issue in JwtAuthentication class.
[6.1.0] - 2020-06-26¶
- Update drf-jwt to pull in new allow-list(they called it blacklist) feature.
[6.0.0] - 2020-05-05¶
- BREAKING CHANGE: Renamed ‘request_auth_type’ to ‘request_auth_type_guess’. This makes it more clear that this metric could report the wrong value in certain cases. This could break dashboards or alerts that relied on this metric.
- BREAKING CHANGE: Renamed value session-or-unknown to session-or-other. This name makes it more clear that it is the method of authentication that is in question, not whether or not the user is authenticated. This could break dashboards or alerts that relied on this metric.
- Added ‘jwt-cookie’ as new value for ‘request_auth_type_guess’.
- Added new ‘request_authenticated_user_found_in_middleware’ metric. Helps identify for what middleware step the request user was set, if it was set. Example values: ‘process_request’, ‘process_view’, ‘process_response’, or ‘process_exception’.
- Fixed/Added setting of authentication metrics for exceptions as well.
- Fixed ‘request_auth_type_guess’ to be more accurate when recording values of ‘unauthenticated’ and ‘no-user’.