Removed ClassVar annotation from the query attribute on OAuthConnection model, simplifying type annotations while maintaining type checker compatibility (1c624ff)
The related_name="oauth_connections" parameter has been removed from the user ForeignKey field, requiring explicit reverse relationship descriptors on user models (a4b6309)
Upgrade instructions
If user.oauth_connections was in use, a oauth_connections: types.ReverseForeignKey[OAuthConnection] = types.ReverseForeignKey(to="plainoauth.OAuthConnection", field="user") will be required on your User model
The OAuthConnection model now includes a query attribute with proper type annotations using ClassVar[models.QuerySet[OAuthConnection]], enabling better type checker inference (c3b00a6)
Type annotations updated to use forward references without quotes by adding from __future__ import annotations (c3b00a6)
OAuthProvider is now an abstract base class (ABC) with @abstractmethod decorators on refresh_oauth_token(), get_oauth_token(), and get_oauth_user() (dd950c6)
Internal type improvements for better type checker compatibility (f4dbcef)
Upgrade instructions
If you have custom OAuth providers that inherit from OAuthProvider, ensure you implement all three required methods: refresh_oauth_token(), get_oauth_token(), and get_oauth_user(). Type checkers will now enforce this requirement.
Internal import paths updated to use more specific module imports (e.g., plain.models.aggregates.Count and plain.models.db.OperationalError) for better code organization (e9edf61)
Removed direct access to request.user and request.session attributes in favor of using get_request_user() and get_request_session() functions (154ee10)
Removed dependency on AuthenticationMiddleware from test settings (154ee10)
Upgrade instructions
If you have custom OAuth providers or views that access request.user, update them to use get_request_user(request) from plain.auth
If you have custom OAuth providers that access request.session, update them to use get_request_session(request) from plain.sessions
HttpRequest has been renamed to Request throughout the OAuth provider classes (cd46ff2)
Upgrade instructions
If you have custom OAuth providers that override methods like get_authorization_url_params, get_oauth_token, get_callback_url, or any other methods that accept a request parameter, update the type hint from HttpRequest to Request
Update any imports of HttpRequest in custom OAuth provider code to import Request instead from plain.http
The OAuthConnection.check() method has been replaced with OAuthConnection.preflight() as part of the new preflight system (b0b610d)
Preflight check IDs have been renamed from numeric format (e.g., plain.oauth.E001) to descriptive names (e.g., oauth.provider_in_db_not_in_settings) (cd96c97)
Preflight messages now provide clearer fix instructions directly in the fix attribute (c7cde12)
Upgrade instructions
If you have custom code that calls OAuthConnection.check(), update it to use OAuthConnection.preflight() instead
If you have code that references specific preflight check IDs (e.g., plain.oauth.E001), update them to use the new descriptive format (e.g., oauth.provider_in_db_not_in_settings)
Updated OAuthConnection.check() to accept a single database argument instead of the older databases list, matching the new single DATABASE setting used across the Plain stack (d346d81)