News
django-allauth 65.13.0 released
Posted by Raymond Penners on 2025-10-31
Note worthy changes IdP: Added support for RP-Initiated Logout. Headless: added JWT token strategy. Added support for "Trust this browser?" functionality for logging in by code. See ACCOUNT_LOGIN_BY_CODE_TRUST_ENABLED. OpenID Connect: to avoid issues with client IDs containing colons, client_secret_post is now preferred above client_secret_basic.
Read moredjango-allauth 65.12.1 released
Posted by Raymond Penners on 2025-10-16
Security notice There was a flaw in the email verification process when using ACCOUNT_CHANGE_EMAIL = True. If you are using this configuration, you are advised to upgrade as soon as possible. Note that the default value is False.
django-allauth 65.12.0 released
Posted by Raymond Penners on 2025-10-05
Note worthy changes Updated VK urls from "vk.com" to "vk.ru". Added new socialaccount provider: Discogs. MediaWiki: you can now setup a custom user agent to avoid getting blocked, see: https://phabricator.wikimedia.org/T400119 IdP: Added optional support for wildcards in redirect URIs and CORS origins.
Read moredjango-allauth 65.11.2 released
Posted by Raymond Penners on 2025-09-09
Fixes OpenID Connect: the OpenID Connect provider was using the wrong key lookup mechanism, resulting in login failures.
django-allauth 65.11.1 released
Posted by Raymond Penners on 2025-08-27
Security notice If you configured password to be optional (e.g. using ACCOUNT_SIGNUP_FIELDS = ["email*", "password1"]), then accounts would be created having a blank password instead of an unusable password. If you were using this configuration then you may need to manually set an unusable password for accounts created.
Read more