Changelog#

3.1#

July 28th, 2022

  • Added the ability to select which field is used as a primary key in tokens with the SESAME_PRIMARY_KEY_FIELD setting.

  • Supported the SECRET_KEY_FALLBACKS setting introduced in Django 4.1.

3.0#

July 11th, 2022

Version 3.0 introduces a new documentation.

Notably, a tutorial and an API reference were added.

Enforced update_last_login as a keyword-only argument in get_user().

update_last_login was documented as a keyword argument. However, it could also be the first positional argument. If you were doing this, you will hit an exception.

Also:

  • Added authenticate() to authenticate users.

  • Added LoginView to log users in.

  • Added compatibility with Django ≥ 4.0.

2.4#

May 5th, 2021

  • Added the ability to pass a token to get_user() instead of a request.

2.3#

February 15th, 2021

  • Supported overriding max_age. This feature is only available for v2 tokens.

2.2#

January 16th, 2021

  • Fixed crash when a v2 token is truncated.

2.1#

November 1st, 2020

  • Added scoped tokens. This feature is only available for v2 tokens.

2.0#

June 6th, 2020

Version 2.0 introduces a faster and shorter token format (v2).

The new format (v2) is enabled by default for new tokens.

The original format (v1) is still supported for backwards-compatibility.

See Tokens design for details.

Changed the default name of the URL parameter to sesame.

If you need to preserve existing URLs, you can set the SESAME_TOKEN_NAME setting "url_auth_token".

Changed the argument expected by authenticate() to sesame.

You’re affected only if you call authenticate(url_auth_token=...) explicitly. If so, change this call to authenticate(sesame=...).

Also:

1.8#

May 11th, 2020

  • Added compatibility with custom user models with most types of primary keys, including BigAutoField, SmallAutoField, other integer fields, CharField, and BinaryField.

  • Added the ability to customize how primary keys are stored in tokens with the SESAME_PACKER setting.

  • Added compatibility with Django ≥ 3.0.

1.7#

June 8th, 2019

  • Fixed invalidation of one-time tokens in get_user().

1.6#

May 18th, 2019

  • Fixed detection of Safari on iOS.

1.5#

May 1st, 2019

1.4#

April 29th, 2018

  • Added a redirect to the same URL with the query string parameter removed.

1.3#

December 2nd, 2017

  • Added compatibility with Django ≥ 2.0.

1.2#

August 19th, 2016

  • Added the ability to rename the query string parameter with the SESAME_TOKEN_NAME setting.

  • Added compatibility with Django ≥ 1.8.

1.1#

September 17th, 2014

1.0#

July 3rd, 2014

  • Initial release.