v1.0.2

• Raises a more specific exception ForbiddenError when the user of an
  operation is authenticated properly, but authorization fails.
  This enables better handling of authorization errors, differentiating when the
  user context is missing or invalid, and when the context is valid but the
  user has no rights to do a certain operation. See #371.

v1.0.1

• Improves the automatic rotation of JWKS: when validating JWTs, JWKS are
  refreshed automatically if an unknown kid is encountered, and JWKS were
  last fetched more than refresh_time seconds ago (by default 120 seconds).
• Corrects an inconsistency in how claims are read in the User class.

v1.0.0

• Adds built-in support for dependency injection, using the new ContainerProtocol
  in rodi v2.
• Partially removes the synchronous code API, maintaining only the asynchronous code API for AuthenticationStrategy.authenticate and AuthorizationStrategy.authorize (authentication handlers and authorization requirements can still be synchronous).
• Replaces setup.py with pyproject.toml.
• Reduces imports verbosity.
• Improves the identity_getter code API.
• Corrects Identity.__getitem__ to raise KeyError if a claim is missing.

⚠️ Contains breaking changes

v0.0.2-alpha.1

Test release for the new package using the new name neoteroi-auth and the new namespace.
Please refer to the CHANGELOG for more information.

v0.0.9

• Adds sub, access_token, and refresh_token properties to the Identity
  class
• Adds py.typed file

v0.0.8

• Adds classes to handle JWTs validation, but only for RSA keys
• Includes Python 3.10 in the CI/CD matrix
• Enforces black and isort in the CI pipeline
• Fixes issue (wrong arrangement in test) #5

v0.0.7

v0.0.7 :grapes:

v0.0.6

v0.0.6 :octocat: