News
django-allauth 65.4.1 released
Posted by Raymond Penners on 2025-02-07
Fixes To make way for a future "phone" method, AUTHENTICATION_METHOD was removed in favor of a new LOGIN_METHODS. While this change was done in a backwards compatible manner within allauth scope, other packages accessing allauth.account.app_settings.AUTHENTICATION_METHOD would break. Fixed.
django-allauth 65.4.0 released
Posted by Raymond Penners on 2025-02-06
Note worthy changes The setting ACCOUNT_AUTHENTICATION_METHOD: str (with values "username", "username_email", "email") has been replaced by ACCOUNT_LOGIN_METHODS: set[str]. which is a set of values including "username" or "email". This change is performed in a backwards compatible manner. Headless: when HEADLESS_SERVE_SPECIFICATION is set to True, the API specification will be served dynamically, over at /_allauth/openapi.
Read moredjango-allauth 65.3.1 released
Posted by Raymond Penners on 2024-12-25
Fixes Headless: When using email verification by code, you could incorrectly encounter a 409 when attempting to add a new email address while logged in. Headless: In contrast to the headed version, it was possible to remove the last 3rd party account from a user that has no usable password.
Read moredjango-allauth 65.3.0 released
Posted by Raymond Penners on 2024-11-30
Note worthy changes Added support for TOTP code tolerance (see MFA_TOTP_TOLERANCE). Security notice Authentication by email/password was vulnerable to account enumeration by means of a timing attack. Thanks to Julie Rymer for the report and the patch.
django-allauth 65.2.0 released
Posted by Raymond Penners on 2024-11-08
Note worthy changes OIDC: You can now configure whether or not PKCE is enabled per app by including "oauth_pkce_enabled": True in the app settings. The OpenStreetMap provider is deprecated. You can set it up as an OpenID Connect provider instead.
Read more