v.2.8.0

What's Changed

• Dependency versions upper bound removed #31

Full Changelog: v2.7.0...v.2.8.0

v2.7.0

What's Changed

Updated Fastapi dependency version constraint, it will now use any version above 0.111.0, but will not support major version change. Generic exception handler in _decode_token method is removed since it was returning response with details of the exception, this will be handled by raising HTTPException with generic message.

Changelog

• FastAPI dependecy version constraint changed from "^0.111.0" to ">=0.111.0,<1.0.0" to support newer versions of FastAPI.
• Exception handler in _decode_token method is removed, errors will return different message and won't turn exception details directly.

Full Changelog: v2.6.0...v2.7.0

v2.6.0

What's Changed

Library will now use httpx instead of aiohttp to retrieve JWKS from cognito userpool. Increased Async LRU cache for function that retrieves JWKS. Added support for settings JWKS_URL per userpool

Major changes

• aiohttp is removed as dependency, instead httpx will be used since aiohttp in some cases blocked async execution. #23

Changelog

• httpx library is being used instead of aiohttp
• Async LRU cache on cognito_jwt.decode.__get_keys_async is increased to 10 as temporal workaround to prevent application from retrieving JWKS with each request that uses different userpool than previous one. In the future there is idea to make this dynamic(either to set value through configuration or set it to length of userpools configuration field.).
• Added support for JWKS_URL configuration per userpool which allow setting explicit URL where JWKS can be found for that userpool.

Full Changelog: v2.5.0...v2.6.0

v2.5.0

What's Changed

Dependency cognito_jwt is removed since library is not maintained anymore and it was using python_jose(also not maintained), that was using ecdsa with critical vulnerability. Code related to retrieving public keys and validating tokens is now part of this library and only dependency is joserfc that is used to replace python_jose functionalities. Thanks to @YaraslauZhylko for pointing out this issue and suggestions in #19

Other changes were related to some minor improvements and fixes.

Changelog

• Moved to poetry
• Type of userpools field changed from dict to Dict - #17
• Added generic exception handling in fastapi_cognito._decode_token method. - #22
• Removed cognito_jwt library and implement it's functionalities in this library - #22
• Moved away from python_jose to joserfc #22
• Updating documentation - #22

Full Changelog: v2.4.2...v2.5.0

v2.4.2

What's Changed

• Updated model config settings to support Pydantic v2

Full Changelog: v2.4.1...v2.4.2

v2.4.1

• Fixed requests library import exception

Full Changelog: v2.4.0...v2.4.1

v2.4.0

What's Changed

• Updated Pydantic to v2
• Updated additional dependencies and their required versions
• cognitojwt library now uses decode_async method to decode Cognito JWT
• Custom token models should now be provided as param when creating CognitoAuth object instead of BaseSettings. Every CognitoAuth object can use different model if needed.

Full Changelog: v.2.3.0...v2.4.0

v.2.3.0

What's Changed

• Added support for multiple userpool app_client_ids

Full Changelog: v2.2.1...v.2.3.0

v2.2.1

What's Changed

• Added custom token models

Full Changelog: v.2.1.0...v2.2.1

v.2.1.0

What's Changed

• Added optional authentication
• event_id changed to Optional in CognitoToken pydantic model (prevents error when using hosted UI)
• Updated python-jose dependency to v.3.3.0

Full Changelog: v.2.0.5...v.2.1.0