News
django-allauth 0.55.0 released
Posted by Raymond Penners on 2023-08-22
Note worthy changes Introduced a new setting ACCOUNT_PASSWORD_RESET_TOKEN_GENERATOR that allows you to specify the token generator for password resets. Dropped support for Django 2.x and 3.0. Officially support Django 4.2. New providers: Miro, Questrade It is now possible to manage OpenID Connect providers via the Django admin.
Read moredjango-allauth 0.54.0 released
Posted by Raymond Penners on 2023-03-31
Note worthy changes Dropped support for EOL Python versions (3.5, 3.6). Security notice Even when account enumeration prevention was turned on, it was possible for an attacker to infer whether or not a given account exists based upon the response time of an authentication attempt.
Read moredjango-allauth 0.53.1 released
Posted by Raymond Penners on 2023-03-20
Note worthy changes Example base template was missing {% load i18n %}, fixed.
django-allauth 0.53.0 released
Posted by Raymond Penners on 2023-03-16
Note worthy changes You can now override the use of the UserTokenForm over at the PasswordResetFromKeyView by configuring ACCOUNT_FORMS["user_token"] to allow the change of the password reset token generator. The Google API URLs are now configurable via the provider setting which enables use-cases such as overriding the endpoint during integration tests to talk to a mocked version of the API.
Read moredjango-allauth 0.52.0 released
Posted by Raymond Penners on 2022-12-29
Note worthy changes Officially support Django 4.1. New providers: OpenID Connect, Twitter (OAuth2), Wahoo, DingTalk. Introduced a new provider setting OAUTH_PKCE_ENABLED that enables the PKCE-enhanced Authorization Code Flow for OAuth 2.0 providers. When ACCOUNT_PREVENT_ENUMERATION is turned on, enumeration is now also prevented during signup, provided you are using mandatory email verification.
Read more