django-allauth 65.5.0 released
Posted by Raymond Penners on 2025-03-14
Note worthy changes
- Added support for phone (SMS) authentication.
- Added support for resetting passwords by code, instead of a link (ACCOUNT_PASSWORD_RESET_BY_CODE_ENABLED).
- Added support for Tumblr OAuth2.
- Simplified signup form configuration. The following settings all controlled signup form: ACCOUNT_EMAIL_REQUIRED, ACCOUNT_USERNAME_REQUIRED, ACCOUNT_SIGNUP_EMAIL_ENTER_TWICE, ACCOUNT_SIGNUP_PASSWORD_ENTER_TWICE. This setup had its issues. For example, when email was not required it was still available as an optional field, whereas the username field disappeared when not required. Also, for phone/SMS support, additional settings would have been required. The settings are now all deprecated, and replaced by one new setting: ACCOUNT_SIGNUP_FIELDS, which can be configured to e.g. ['username*', 'email', 'password1*', 'password2*'] to indicate which fields are present and required ('*'). This change is performed in a backwards compatible manner.
- Headless: if, while signing up using a third-party provider account, there is insufficient information received from the provider to automatically complete the signup process, an additional step is needed to complete the missing data before the user is fully signed up and authenticated. You can now perform a GET request to /_allauth/{client}/v1/auth/provider/signup to obtain information on the pending signup.
- Headless: OpenID Connect providers now support token authentication.
- The "Forgot your password?" help text can now be more easily customized by providing your own "account/password_reset_help_text.html" template.
- Removed inline scripts, so that it becomes possible to use a strong Content Security Policy.
- Headless: The OpenAPI specification now dynamically reflects the ACCOUNT_SIGNUP_FIELDS configuration, as well as any custom fields you have in ACCOUNT_SIGNUP_FORM_CLASS.
- Added official support for Python 3.13.
Fixes
- Headless: In case you had multiple apps of the same provider configured, you could run into a MultipleObjectsReturned. Fixed.
Next: django-allauth 65.6.0 released Previous: django-allauth 65.4.1 released