News In 2025
django-allauth 65.11.2 released
Posted by Raymond Penners on 2025-09-09
Fixes OpenID Connect: the OpenID Connect provider was using the wrong key lookup mechanism, resulting in login failures.
django-allauth 65.11.1 released
Posted by Raymond Penners on 2025-08-27
Security notice If you configured password to be optional (e.g. using ACCOUNT_SIGNUP_FIELDS = ["email*", "password1"]), then accounts would be created having a blank password instead of an unusable password. If you were using this configuration then you may need to manually set an unusable password for accounts created.
Read moredjango-allauth 65.11.0 released
Posted by Raymond Penners on 2025-08-15
Note worthy changes OpenID Connect: using fetch_userinfo=False you can now skip the additional call to the userinfo endpoint. Instead, the ID token will be used. Fixes Headless: passwordless signup was not supported, fixed. Headless: when serializing the user nested dataclasses, as well as optional types ended up as string type, fixed.
Read moredjango-allauth 65.10.0 released
Posted by Raymond Penners on 2025-07-10
Note worthy changes IdP: Added support for the device authorization grant. Headless: custom user payloads can now be properly reflected in the OpenAPI specification by provider a user dataclass. See the newly introduced get_user_dataclass() and user_as_dataclass() adapter methods. Added a new signal (authentication_step_completed) that is emitted when an individual authentication step is completed.
Read moredjango-allauth 65.9.0 released
Posted by Raymond Penners on 2025-06-01
Note worthy changes Added allauth.idp to the project, offering out of the box OpenID Connect provider support, as well as integration with Django REST framework and Django Ninja. Headless: the OpenAPI specification now more accurately reflects single client configurations set via HEADLESS_CLIENTS.
Read more