- Minor fix for middleware initialization check inside decorators.
-
Raise
UnAuthorized
instead ofForbidden
#129. Thanks @rockwelln -
Added preflight (OPTIONS) request skip #139. Thanks @ckkz-it
-
Added
auth_scheme
option to middleware, that allows customization of authorization header prefix #77. By default value isBearer
. Thanks @gbarbaten -
Added explicit exception when decorators are used without proper middleware initialization & minor cleaning #85
-
Added support for class based views in decorators #52. Thanks @citijk for the report!
-
Cleanup a bit project structure
- Fixed issue with non bearer token scheme #14. Thanks @vikitikitavi
-
Added support for checking revoked tokens
Now users can pass
is_revoked
callback that should return bool value that indicates token status and in case of True, middleware will raise HTTPForbidden withToken is revoked
message. -
Better description for token decoding error.
-
Added more usage examples. Thanks @vikitikitavi
-
Refactored handling of broken provided token.
-
Revisited naming of certain properties and helpers.
ONE_OF
tomatch_any
ALL_IN
tomatch_all
strategy
tocomparison
-
Improved overall code test coverage.
-
Introduced check_permissions decorator for providing scope based permission model for your application handlers.
Permissions should be described as an array of strings inside the JWT token, or as a space-delimited OAuth 2.0 Access Token Scope string.
-
Introduced JWT middleware for encoding/verifying your JWT token and setting property on aiohttp.Request object.