django-allauth 65.14.0 released

Posted by Raymond Penners on 2026-01-17

Note worthy changes

Steam: the provider now supports initiating headless logins per redirect.
Shopify: if email_verified is present in the user payload, it will be used to mark the email address retrieved as verified accordingly.
IdP: added support for JWT based access tokens (see IDP_OIDC_ACCESS_TOKEN_FORMAT).
IdP: added support for pointing to a custom userinfo endpoint (see IDP_OIDC_USERINFO_ENDPOINT)
For OpenID Connect providers, you can now configure the field to be used as the account ID by setting "uid_field" in the relevant SocialApp.settings.
Headless: the JWT algorithm is now configurable, supporting HS256.

IdP: Access tokens without a user attached (client credentials) were no longer recognized in DRF/Ninja endpoints.
requests sessions are now disposed of after use to avoid resource leaks.