Plain
Documentation
Docs plain-oauth plain oauth CHANGELOG.md

plain-oauth changelog

0.42.4 (2026-02-26)

What's changed

  • Auto-formatted config files with updated linter configuration (028bb95c3ae3)

Upgrade instructions

  • No changes required.

0.42.3 (2026-02-04)

What's changed

  • Added __all__ exports to exceptions, models, providers, and urls modules for explicit public API boundaries (f26a63a5c941)

Upgrade instructions

  • No changes required.

0.42.2 (2026-01-28)

What's changed

Upgrade instructions

  • No changes required.

0.42.1 (2026-01-22)

What's changed

  • Migration now uses settings.AUTH_USER_MODEL instead of hardcoded "users.user", enabling support for custom user models (76e28f6)

Upgrade instructions

  • No changes required.

0.42.0 (2026-01-15)

What's changed

  • Admin connections list view now includes a description for better context (0fc4dd3)

Upgrade instructions

  • No changes required

0.41.0 (2026-01-13)

What's changed

  • Documentation restructured to follow consistent style with improved organization and clearer examples (da37a78)

Upgrade instructions

  • No changes required

0.40.0 (2026-01-13)

What's changed

  • OAUTH_LOGIN_PROVIDERS setting is now marked as secret, preventing it from being exposed in error pages or debug output (eba56c4)
  • Documentation updated to reflect the new HTTPS_PROXY_HEADER setting format, which now uses a string like "X-Forwarded-Proto: https" instead of a tuple (7ac2a43)
  • Internal redirect responses now use RedirectResponse instead of the deprecated ResponseRedirect (fad5bf2)

Upgrade instructions

  • No changes required

0.39.0 (2025-12-04)

What's changed

  • Internal type improvements for accessing OAUTH_LOGIN_PROVIDERS setting (ac1eeb0)

Upgrade instructions

  • No changes required

0.38.0 (2025-11-24)

What's changed

  • OAuthConnectView and OAuthDisconnectView now inherit from AuthView instead of using AuthViewMixin (569afd6)
  • Form data access in OAuth providers now uses request.form_data instead of request.data (90332a9)

Upgrade instructions

  • No changes required

0.37.0 (2025-11-21)

What's changed

  • ForeignKey has been renamed to ForeignKeyField in the OAuthConnection model and migration (8010204)

Upgrade instructions

  • No changes required

0.36.1 (2025-11-17)

What's changed

  • Removed ClassVar annotation from the query attribute on OAuthConnection model, simplifying type annotations while maintaining type checker compatibility (1c624ff)

Upgrade instructions

  • No changes required

0.36.0 (2025-11-14)

What's changed

  • The related_name="oauth_connections" parameter has been removed from the user ForeignKey field, requiring explicit reverse relationship descriptors on user models (a4b6309)

Upgrade instructions

  • If user.oauth_connections was in use, a oauth_connections: types.ReverseForeignKey[OAuthConnection] = types.ReverseForeignKey(to="plainoauth.OAuthConnection", field="user") will be required on your User model

0.35.0 (2025-11-13)

What's changed

  • The OAuthConnection model now includes a query attribute with proper type annotations using ClassVar[models.QuerySet[OAuthConnection]], enabling better type checker inference (c3b00a6)
  • Type annotations updated to use forward references without quotes by adding from __future__ import annotations (c3b00a6)

Upgrade instructions

  • No changes required

0.34.0 (2025-11-13)

What's changed

  • Model fields now use the new type stubs pattern from plain.models.types, enabling better type checker inference for field attributes (c8f40fc)
  • Removed unnecessary cast() calls for datetime fields that now have proper type annotations (c8f40fc)

Upgrade instructions

  • No changes required

0.33.0 (2025-11-12)

What's changed

  • OAuthProvider is now an abstract base class (ABC) with @abstractmethod decorators on refresh_oauth_token(), get_oauth_token(), and get_oauth_user() (dd950c6)
  • Internal type improvements for better type checker compatibility (f4dbcef)

Upgrade instructions

  • If you have custom OAuth providers that inherit from OAuthProvider, ensure you implement all three required methods: refresh_oauth_token(), get_oauth_token(), and get_oauth_user(). Type checkers will now enforce this requirement.

0.32.1 (2025-11-11)

What's changed

  • Internal import paths updated to use more specific module imports (e.g., plain.models.aggregates.Count and plain.models.db.OperationalError) for better code organization (e9edf61)

Upgrade instructions

  • No changes required

0.32.0 (2025-11-03)

What's changed

  • OAuth errors are now logged as warnings instead of exceptions, reducing log noise while still capturing error messages (30b5705)

Upgrade instructions

  • No changes required

0.31.2 (2025-10-20)

What's changed

  • Internal packaging improvements for development dependencies (1b43a3a)

Upgrade instructions

  • No changes required

0.31.1 (2025-10-17)

What's changed

  • OAuthStateMissingError is now raised when OAuth state is not found in the session, providing clearer error messaging (72898275)
  • Updated error message to indicate possible causes like expired sessions or blocked cookies (72898275)

Upgrade instructions

  • No changes required

0.31.0 (2025-10-12)

What's changed

  • Preflight provider key check has been moved from the model to a standalone CheckOAuthProviderKeys preflight check class (fdc5aee)
  • Preflight check ID has been renamed from oauth.provider_in_db_not_in_settings to oauth.provider_settings_missing (fdc5aee)

Upgrade instructions

  • No changes required

0.30.0 (2025-10-07)

What's changed

  • Model metadata is now defined using model_options = models.Options(...) instead of class Meta (17a378d, 73ba469)

Upgrade instructions

  • No changes required

0.29.2 (2025-10-06)

What's changed

  • Added type annotations to improve IDE and type checker friendliness (35fb8c4)
  • Updated provider examples (Bitbucket, GitHub, GitLab) with proper type annotations (50463b0)

Upgrade instructions

  • No changes required

0.29.1 (2025-10-02)

What's changed

  • Updated documentation examples to use get_current_user() instead of request.user (f6278d9)

Upgrade instructions

  • No changes required

0.29.0 (2025-10-02)

What's changed

  • Removed direct access to request.user and request.session attributes in favor of using get_request_user() and get_request_session() functions (154ee10)
  • Removed dependency on AuthenticationMiddleware from test settings (154ee10)

Upgrade instructions

  • If you have custom OAuth providers or views that access request.user, update them to use get_request_user(request) from plain.auth
  • If you have custom OAuth providers that access request.session, update them to use get_request_session(request) from plain.sessions

0.28.0 (2025-09-30)

What's changed

  • HttpRequest has been renamed to Request throughout the OAuth provider classes (cd46ff2)

Upgrade instructions

  • If you have custom OAuth providers that override methods like get_authorization_url_params, get_oauth_token, get_callback_url, or any other methods that accept a request parameter, update the type hint from HttpRequest to Request
  • Update any imports of HttpRequest in custom OAuth provider code to import Request instead from plain.http

0.27.0 (2025-09-25)

What's changed

  • The OAuthConnection.check() method has been replaced with OAuthConnection.preflight() as part of the new preflight system (b0b610d)
  • Preflight check IDs have been renamed from numeric format (e.g., plain.oauth.E001) to descriptive names (e.g., oauth.provider_in_db_not_in_settings) (cd96c97)
  • Preflight messages now provide clearer fix instructions directly in the fix attribute (c7cde12)

Upgrade instructions

  • If you have custom code that calls OAuthConnection.check(), update it to use OAuthConnection.preflight() instead
  • If you have code that references specific preflight check IDs (e.g., plain.oauth.E001), update them to use the new descriptive format (e.g., oauth.provider_in_db_not_in_settings)

0.26.0 (2025-09-12)

What's changed

  • Model queries now use .query instead of .objects (037a239)
  • Minimum Python version increased to 3.13 (d86e307)

Upgrade instructions

  • Update any custom code that references OAuthConnection.objects to use OAuthConnection.query instead

0.25.1 (2025-08-22)

What's changed

  • Updated admin navigation to place icons on sections rather than individual items (5a6479a)

Upgrade instructions

  • No changes required

0.25.0 (2025-08-19)

What's changed

  • Removed requirement for manual {{ csrf_input }} in OAuth forms - CSRF protection now uses Sec-Fetch-Site headers automatically (9551508)

Upgrade instructions

  • Remove {{ csrf_input }} from any OAuth forms in your templates (login, connect, disconnect forms) - CSRF protection is now handled automatically

0.24.2 (2025-08-05)

What's changed

  • Updated documentation to use plain commands instead of python manage.py references (8071854)
  • Improved README with better structure, table of contents, and more comprehensive examples (4ebecd1)
  • Fixed router setup documentation in URLs section (48caf10)

Upgrade instructions

  • No changes required

0.24.1 (2025-07-23)

What's changed

  • Added a nav icon to the OAuth admin interface (9e9f8b0)

Upgrade instructions

  • No changes required

0.24.0 (2025-07-22)

What's changed

  • Migrations updated to use the new PrimaryKeyField instead of BigAutoField (4b8fa6a)

Upgrade instructions

  • No changes required.

0.23.0 (2025-07-18)

What's changed

  • Migrations have been restarted to consolidate the migration history into a single initial migration (484f1b6)

Upgrade instructions

  • Run plain migrate --prune plainoauth after upgrading to clean up old migration records

0.22.0 (2025-06-23)

What's changed

  • Updated OAuthConnection.check() to accept a single database argument instead of the older databases list, matching the new single DATABASE setting used across the Plain stack (d346d81)

Upgrade instructions

  • No changes required.