News In 2025
django-allauth 65.7.0 released
Posted by Raymond Penners on 2025-04-03
Note worthy changes Officially support Django 5.2. Headless: the URL to the OpenID configuration of the provider is now exposed in the provider config. Fixes Headless: when multiple login methods were enabled (e.g. both username and email), the login endpoint would incorrectly return a 400 invalid_login.
Read moredjango-allauth 65.6.0 released
Posted by Raymond Penners on 2025-03-27
Note worthy changes MFA: Added support for "Trust this browser?" functionality, which presents users with MFA enabled the choice to trust their browser allowing them to skip authenticating per MFA on each login. Fixes A check is in place to verify that ACCOUNT_LOGIN_METHODS is aligned with ACCOUNT_SIGNUP_FIELDS.
Read moredjango-allauth 65.5.0 released
Posted by Raymond Penners on 2025-03-14
Note worthy changes Added support for phone (SMS) authentication. Added support for resetting passwords by code, instead of a link (ACCOUNT_PASSWORD_RESET_BY_CODE_ENABLED). Added support for Tumblr OAuth2. Simplified signup form configuration. The following settings all controlled signup form: ACCOUNT_EMAIL_REQUIRED, ACCOUNT_USERNAME_REQUIRED, ACCOUNT_SIGNUP_EMAIL_ENTER_TWICE, ACCOUNT_SIGNUP_PASSWORD_ENTER_TWICE.
Read moredjango-allauth 65.4.1 released
Posted by Raymond Penners on 2025-02-07
Fixes To make way for a future "phone" method, AUTHENTICATION_METHOD was removed in favor of a new LOGIN_METHODS. While this change was done in a backwards compatible manner within allauth scope, other packages accessing allauth.account.app_settings.AUTHENTICATION_METHOD would break. Fixed.
django-allauth 65.4.0 released
Posted by Raymond Penners on 2025-02-06
Note worthy changes The setting ACCOUNT_AUTHENTICATION_METHOD: str (with values "username", "username_email", "email") has been replaced by ACCOUNT_LOGIN_METHODS: set[str]. which is a set of values including "username" or "email". This change is performed in a backwards compatible manner. Headless: when HEADLESS_SERVE_SPECIFICATION is set to True, the API specification will be served dynamically, over at /_allauth/openapi.
Read more