The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Auth handler no longer assumes the user model includes
first_nameandlast_namefields (#23). This introduces a breaking change as these fields are no longer populated on the model by default.
- Optional AAD attributes to be retrieved can be specified in the settings (#11).
- AAD attributes and ID token claims can be mapped to Django User model fields using a user-defined function (#23).
- Fixed login callback redirect bug caused by AAD
stateparameter being populated by Azure AD when empty (#30).
- Change post-login redirect mechanism to use the AAD
stateparameter rather than the Django user session (#28). - Include the redirect functionality for decorator-protected views, not just middleware-protected views (#28).
- Auth handler now checks the expiry of the ID token claims when authenticating a request, rather than requesting a token from MSAL on every request, massively reducing latency (#27).
- This changelog!
- Redirect to intended protected page after authentication and log in. Previously the user would always be redirected to the
LOGIN_REDIRECT_URL(#25).
- Bypass account selection during logout. Previously a user would have to manually choose which account to log out due to AAD default behaviour, even though only one account would be logged in (#22).