Changelog

3.2

July 30th, 2023

• Added support for invalidating tokens on email change with the SESAME_INVALIDATE_ON_EMAIL_CHANGE setting.

• Supported overriding settings for testing.

3.1

July 28th, 2022

• Added the ability to select which field is used as a primary key in tokens with the SESAME_PRIMARY_KEY_FIELD setting.

• Supported the SECRET_KEY_FALLBACKS setting introduced in Django 4.1.

3.0

July 11th, 2022

Version 3.0 introduces a new documentation.

Notably, a tutorial and an API reference were added.

Enforced update_last_login as a keyword-only argument in get_user().

update_last_login was documented as a keyword argument. However, it could also be the first positional argument. If you were doing this, you will hit an exception.

Also:

• Added authenticate() to authenticate users.

• Added LoginView to log users in.

• Added compatibility with Django ≥ 4.0.

2.4

May 5th, 2021

• Added the ability to pass a token to get_user() instead of a request.

2.3

February 15th, 2021

• Supported overriding max_age. This feature is only available for v2 tokens.

2.2

January 16th, 2021

• Fixed crash when a v2 token is truncated.

2.1

November 1st, 2020

• Added scoped tokens. This feature is only available for v2 tokens.

2.0

June 6th, 2020

Version 2.0 introduces a faster and shorter token format (v2).

The new format (v2) is enabled by default for new tokens.

The original format (v1) is still supported for backwards-compatibility.

See Tokens design for details.

Changed the default name of the URL parameter to sesame.

If you need to preserve existing URLs, you can set the SESAME_TOKEN_NAME setting "url_auth_token".

Changed the argument expected by authenticate() to sesame.

You’re affected only if you call authenticate(url_auth_token=...) explicitly. If so, change this call to authenticate(sesame=...).

Also:

• Added get_token() to generate a token.

• SESAME_MAX_AGE can be a datetime.timedelta.

• Improved documentation.

1.8

May 11th, 2020

• Added compatibility with custom user models with most types of primary keys, including BigAutoField, SmallAutoField, other integer fields, CharField, and BinaryField.

• Added the ability to customize how primary keys are stored in tokens with the SESAME_PACKER setting.

• Added compatibility with Django ≥ 3.0.

1.7

June 8th, 2019

• Fixed invalidation of one-time tokens in get_user().

1.6

May 18th, 2019

• Fixed detection of Safari on iOS.

1.5

May 1st, 2019

• Added support for single-use tokens with the SESAME_ONE_TIME setting.

• Added support for not invalidating tokens on password change with the SESAME_INVALIDATE_ON_PASSWORD_CHANGE setting.

• Added compatibility with custom user models where the primary key is a UUIDField.

• Added the get_user() function to obtain a user instance from a request.

• Improved error message for preexisting tokens when changing the SESAME_MAX_AGE setting.

• Fixed authentication on Safari by disabling redirect.

1.4

April 29th, 2018

• Added a redirect to the same URL with the query string parameter removed.

1.3

December 2nd, 2017

• Added compatibility with Django ≥ 2.0.

1.2

August 19th, 2016

• Added the ability to rename the query string parameter with the SESAME_TOKEN_NAME setting.

• Added compatibility with Django ≥ 1.8.

1.1

September 17th, 2014

• Added support for expiring tokens with the SESAME_MAX_AGE setting.

1.0

July 3rd, 2014

• Initial release.