News
django-allauth 65.14.0 released
Posted by Raymond Penners on 2026-01-17
Note worthy changes Steam: the provider now supports initiating headless logins per redirect. Shopify: if email_verified is present in the user payload, it will be used to mark the email address retrieved as verified accordingly. IdP: added support for JWT based access tokens (see IDP_OIDC_ACCESS_TOKEN_FORMAT).
Read moredjango-allauth 65.13.1 released
Posted by Raymond Penners on 2025-11-20
Note worthy changes Django 6.0 is now officially supported. Fixes Internal imports related to headless token strategies were causing (harmless) deprecation warnings, fixed. Pending social signups stored in the session by allauth versions prior to 65.5.0 are not resumable by newer versions.
Read moredjango-allauth 65.13.0 released
Posted by Raymond Penners on 2025-10-31
Note worthy changes IdP: Added support for RP-Initiated Logout. Headless: added JWT token strategy. Added support for "Trust this browser?" functionality for logging in by code. See ACCOUNT_LOGIN_BY_CODE_TRUST_ENABLED. OpenID Connect: to avoid issues with client IDs containing colons, client_secret_post is now preferred above client_secret_basic.
Read moredjango-allauth 65.12.1 released
Posted by Raymond Penners on 2025-10-16
Security notice There was a flaw in the email verification process when using ACCOUNT_CHANGE_EMAIL = True. If you are using this configuration, you are advised to upgrade as soon as possible. Note that the default value is False.
django-allauth 65.12.0 released
Posted by Raymond Penners on 2025-10-05
Note worthy changes Updated VK urls from "vk.com" to "vk.ru". Added new socialaccount provider: Discogs. MediaWiki: you can now setup a custom user agent to avoid getting blocked, see: https://phabricator.wikimedia.org/T400119 IdP: Added optional support for wildcards in redirect URIs and CORS origins.
Read more