Breaking change
---------------
The underlying password hashing library has been changed from `passlib` to `pwdlib`. This change is breaking only if you were using a custom `CryptContext`. Otherwise, you can upgrade without any changes.
Improvements
------------
* Python 3.12 support
* Password are now hashed using the Argon2 algorithm by default. Passwords created with the previous default algorithm (bcrypt) will still be verified correctly and upgraded to Argon2 when the user logs in.
* Bump dependencies
* `python-multipart ==0.0.9`
Bug fixes
---------
* Fix a bug when trying to update user with a `None` password. Thanks @fotinakis 🎉
* Fix static type checking error with `AccessTokenProtocol`. Thanks @Nerixjk 🎉
Improvements
------------
* Bump dependencies
* `redis >=4.3.3,<6.0.0`
Pydantic V2 support
-------------------
This version brings Pydantic V2 support. Like FastAPI, it keeps backward-compatibility with Pydantic V1, so you can upgrade safely and at your own pace.
Apart your own Pydantic schemas, no changes are needed to your FastAPI Users setup.
Thanks @AdamIsrael for the initial work and research 🎉
Breaking changes
----------------
* Transport classes now always build full response objects instead of using the implicit FastAPI `Response` object.
* If you were not implementing your own custom transport classes, you will have nothing to do.
* If you implemented custom classes, you should adapt them so they return a `Response` object. [[Example](8959a12d56/fastapi_users/authentication/transport/bearer.py)]
* Cookie transport now returns a proper `204 No Content` response on logout, which should please OpenAPI Generators. Thanks @caniko 🎉
New features
------------
* `on_after_login` method now accepts `response` in argument, which is the `Response` object built by the transport. [[Documentation](https://fastapi-users.github.io/fastapi-users/latest/configuration/user-manager/#on_after_login)] Thanks @sorasful 🎉
Bug fixes
---------
* Fix#1166: add type hint to /users/{id} routes. Thanks @gegnew 🎉
* Fix `/verify` route returning `null` user ID with Beanie. Thanks @jankadel 🎉
Improvements
------------
* Ensure the reset password token can be used only once.
* Change JWT access token structure to use standard `sub` claim instead of `user_id`.
* ⚠ Existing JWT will be invalidated
* Change verify and reset password tokens structure to use standard `sub` claim instead of `user_id`.
Improvements
------------
* Bump `httpx-oauth >=0.4,<0.11`
* With `httpx-oauth >= 0.10`, the OAuth2 client may be not able to return an email address depending on the OAuth Provider. In this case, the error `OAUTH_NOT_AVAILABLE_EMAIL` is raised during `/callback`. [[Documentation](https://fastapi-users.github.io/fastapi-users/10.2/usage/routes/#get-callback)]
* Enable Python 3.11 support in CI
New features
------------
* Trigger custom logic after user login with `on_after_login`. [[Documentation]()] Thanks @antont 🎉
Improvements
------------
* Bump dependencies:
* `email-validator >=1.1.0,<1.4`
* `pyjwt[crypto] ==2.5.0`
* Use Hatch for environment and package management
* Use a generic Protocol model for User instead of Pydantic
* Remove UserDB Pydantic schema
* Harmonize schema variable naming to avoid confusions
* Revamp OAuth account model management
* Revamp AccessToken DB strategy to adopt generic model approach
* Make ID a generic instead of forcing UUIDs
* Improve generic typing
* Improve Strategy typing
* Tweak base DB typing
* Don't set Pydantic schemas on FastAPIUsers class: pass it directly on router creation
* Add IntegerIdMixin and export related classes
* Start to revamp doc for V10
* Revamp OAuth documentation
* Fix code highlights
* Write the 9.x.x ➡️ 10.x.x migration doc
* Fix pyproject.toml
