Release Notes

Version 1.1.1

Released: October 11, 2025

Breaking Change

  • JWT_ALLAUTH_USER_ATTRIBUTES now expects a dictionary mapping output claim names to user attribute paths (e.g., {"organization_id": "organization.id"}) instead of a list of paths. This change prevents duplicate final attribute names (e.g., multiple id keys) in JWT payloads. The previous list format is still accepted for backward compatibility, but it is deprecated and may be removed in a future release.

Version 1.1.0

Released: October 7, 2025

New Features

  • Added support for including additional user attributes in refresh tokens via the JWT_ALLAUTH_USER_ATTRIBUTES setting, allowing flexible configuration of user data included in JWT payloads while maintaining the existing role assignment logic.

Bug Fixes

  • Fixed API endpoints that incorrectly required refresh token in request payload when JWT_ALLAUTH_REFRESH_TOKEN_AS_COOKIE was enabled, now properly extracting refresh tokens from cookies when configured.

  • Fixed a bug that caused migrations not to run correctly in some situations.

Version 1.0.3

Released: August 5, 2025

New Features

  • New load_user() decorator that loads the complete user object from the database for stateless JWT authentication.

  • Added JWT_ALLAUTH_COLLECT_USER_AGENT setting to control user agent data collection during token refresh.

  • Added support for refresh tokens via HTTP cookies with the new JWT_ALLAUTH_REFRESH_TOKEN_AS_COOKIE setting.

  • Enhanced token refresh security by moving user agent data collection from request payload to server-side context.

  • Compatibility with django-allauth 65.10.0, djangorestframework-simplejwt 5.5.1, and djangorestframework 3.16.0.

Bug Fixes

  • Improved security for token refresh operations

  • Fixed a bug that caused migrations not to run correctly in some situations.

Version 1.0.2

Released: April 16, 2025

This release introduces significant improvements to the role management system and authentication configuration.

New Features

  • Added automatic role assignment in UserManager:

    • create_superuser now automatically sets the role to STAFF_CODE

    • create_user automatically assigns roles based on user flags:

      • STAFF_CODE for staff users

      • SUPER_USER_CODE for superusers

  • Added database constraints to ensure role consistency:

    • Staff users must have STAFF_CODE role

    • Superusers must have SUPER_USER_CODE role

Minor Bug Fixes

  • Automatic configuration of DEFAULT_AUTHENTICATION_CLASSES was not working when using addiotional REST_FRAMEWORK settings.