django-allauth 65.2.0 released

Posted by Raymond Penners on 2024-11-08

Note worthy changes

OIDC: You can now configure whether or not PKCE is enabled per app by including "oauth_pkce_enabled": True in the app settings.
The OpenStreetMap provider is deprecated. You can set it up as an OpenID Connect provider instead.

A NoReverseMatch could occur when using ACCOUNT_LOGIN_BY_CODE_REQUIRED = True while ACCOUNT_LOGIN_BY_CODE_ENABLED = False, fixed.
The PasswordResetDoneView did not behave correctly when using Django's LoginRequiredMiddleware, as it was not properly marked as @login_not_required.
When verifying an email address by code, the success URL was hardcoded to the email management view, instead of calling the get_email_verification_redirect_url() adapter method.

Headless: settings.ACCOUNT_EMAIL_VERIFICATION_BY_CODE_MAX_ATTEMPTS was not enforced, fixed. Note that the related verification endpoint will return a 409 in case the maximum limit is exceeded, as at that point the pending email verification stage is aborted.