Skip to content

Releases: vimalloc/flask-jwt-extended

2.1.0

27 May 17:34
@vimalloc vimalloc
2.1.0
f86cf67
Compare
Choose a tag to compare
2.1.0
Assets 2
Loading

2.0.0

08 May 16:43
@vimalloc vimalloc
2.0.0
319f2a4
Compare
Choose a tag to compare
2.0.0
  • Fix import error when using older versions of pyjwt (refs #42)
  • Make cryptography an optional dependency (see http://flask-jwt-extended.readthedocs.io/en/latest/installation.html for installation instructions)
  • Add JWT_SECRET_KEY option. It will check this first, then fall back to using app.secret_key if it isn't set. Only used on symmetric signing algorithms, such as the HS* ones.
  • Add JWT_PRIVATE_KEY option in place of app.secret_key for asymmetric (public/private key) signing algorithms. It now uses this option instead of app.secret_key, and is a breaking change from version 1.5.0.
  • Update requirements.txt to use newest version of pyjwt
Assets 2
Loading

1.5.0

05 May 16:56
@vimalloc vimalloc
1.5.0
3241868
Compare
Choose a tag to compare
1.5.0
  • Adds support for asymmetric cryptography (#40)
Assets 2
Loading

1.4.2

26 Apr 22:26
@vimalloc vimalloc
1.4.2
fb3e932
Compare
Choose a tag to compare
1.4.2
  • Fixes an issue where decoding a JWT would use the algorithm that was defined in the JWT instead of the algorithm that was defined in app.config['JWT_ALGORITHM'] (refs #39)
Assets 2
Loading

1.4.1

15 Apr 05:37
@vimalloc vimalloc
1.4.1
6d66b8f
Compare
Choose a tag to compare
1.4.1
  • Add JWT_COOKIE_DOMAIN option, to control the cross-domain cookie setting for the underlying flask set_cookie call.
Assets 2
Loading

1.4.0

10 Apr 18:44
@vimalloc vimalloc
1.4.0
a69ecff
Compare
Choose a tag to compare
1.4.0
  • Big refactoring of code behind the scenes. Shouldn't cause any breaking problems with existing applications
  • Depreciate JWT_CSRF_HEADER_NAME and add JWT_ACCESS_CSRF_HEADER_NAME and JWT_REFRESH_CSRF_HEADER_NAME (refs #37)
  • Add options to change the cookie paths for JWT_ACCESS_CSRF_COOKIE_NAME and JWT_REFRESH_CSRF_COOKIE_NAME via JWT_ACCESS_CSRF_COOKIE_PATH and JWT_ACCESS_CSRF_COOKIE_PATH (refs #33)
  • Add option to not store csrf double submit values in addition cookies via JWT_CSRF_IN_COOKIES and add get_csrf_token(encoded_token) method so you could grab the CSRF double submit values out of a created token, and return them another way (for example, in the resulting JSON of a request). (refs #33)
Assets 2
Loading

1.3.2

05 Apr 00:21
@vimalloc vimalloc
1.3.2
21345d8
Compare
Choose a tag to compare
1.3.2
  • Adds option to use expires cookies instead of session cookies (#35)
  • Properly deletes csrf cookies in the unset_jwt_cookies method
Assets 2
Loading

1.3.1

05 Mar 18:28
@vimalloc vimalloc
1.3.1
2672ca7
Compare
Choose a tag to compare
1.3.1
  • Raises helpful error messages when attempting to use cookie methods without this extension being configured to use cookies (ref #31)
Assets 2
Loading

1.3.0

02 Feb 17:41
@vimalloc vimalloc
1.3.0
8337bc1
Compare
Choose a tag to compare
1.3.0
  • Preserve CSRF errors when using headers and cookies together
  • Allow only specified request types to need CSRF protection, when using cookies with CSRF protection enabled. Defaults to ['PUT', 'PATCH', 'POST, 'DELETE'], and can be change with the app.config['JWT_CSRF_METHODS'] option
Assets 2
Loading

1.2.1

01 Feb 20:35
@vimalloc vimalloc
1.2.1
be6d548
Compare
Choose a tag to compare
1.2.1
  • Fixes bug with using @user_identity_loader with refresh tokens (#27)
Assets 2
Loading