Bump oauthlib from 3.0.2 to 3.1.1

[dependabot-preview]

Bumps oauthlib from 3.0.2 to 3.1.1.

Release notes

Sourced from oauthlib's releases.

3.1.0 is an feature release including improvement to OIDC and security enhancements. Check-it out !

OAuth2.0 Provider - Features

• #660: OIDC add support of nonce, c_hash, at_hash fields
  • New RequestValidator.fill_id_token method
  • Deprecated RequestValidator.get_id_token method
• #677: OIDC add UserInfo endpoint
  • New RequestValidator.get_userinfo_claims method

OAuth2.0 Provider - Security

• #665: Enhance data leak to logs
  • New default to not expose request content in logs
  • New function oauthlib.set_debug(True)
• #666: Disabling query parameters for POST requests

OAuth2.0 Provider - Bugfixes

• #670: Fix validate_authorization_request to return the new PKCE fields
• #674: Fix token_type to be case-insensitive (bearer and Bearer)

OAuth2.0 Client - Bugfixes

• #290: Fix Authorization Code's errors processing
• #603: BackendApplication.Client.prepare_request_body use the "scope" argument as intended.
• #672: Fix edge case when expires_in=Null

OAuth1.0 Client

• #669: Add case-insensitive headers to oauth1 BaseEndpoint

Changelog

Sourced from oauthlib's changelog.

3.1.1 (2021-05-31)

OAuth2.0 Provider - Bugfixes

• #753: Fix acceptance of valid IPv6 addresses in URI validation

OAuth2.0 Client - Bugfixes

• #730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently relies on the scope provided in the constructor if any, except if overridden temporarily in a method call. Note that in particular providing a non-None scope in prepare_authorization_request or prepare_refresh_token does not override anymore self.scope forever, it is just used temporarily.
• #726: MobileApplicationClient.prepare_request_uri and MobileApplicationClient.parse_request_uri_response, ServiceApplicationClient.prepare_request_body, and WebApplicationClient.prepare_request_uri now correctly use the default scope provided in constructor.
• #725: LegacyApplicationClient.prepare_request_body now correctly uses the default scope provided in constructor

OAuth2.0 Provider - Bugfixes

: - #711: client_credentials grant: fix log message - #746: OpenID Connect Hybrid - fix nonce not passed to add_id_token - #756: Different prompt values are now handled according to spec (e.g. prompt=none) - #759: OpenID Connect - fix Authorization: Basic parsing

General

: - #716: improved skeleton validator for public vs private client - #720: replace mock library with standard unittest.mock - #727: build isort integration - #734: python2 code removal - #735, #750: add python3.8 support - #749: bump minimum versions of pyjwt and cryptography

3.1.0 (2019-08-06)

OAuth2.0 Provider - Features

[#660](https://github.com/oauthlib/oauthlib/issues/660): OIDC add support of nonce, c\_hash, at\_hash fields
:   -   New RequestValidator.fill_id_token method
-   Deprecated RequestValidator.get_id_token method

• #677: OIDC add UserInfo endpoint - New RequestValidator.get_userinfo_claims method

OAuth2.0 Provider - Security

[#665](https://github.com/oauthlib/oauthlib/issues/665): Enhance data leak to logs
:   -   New default to not expose request content in logs

... (truncated)

Commits

• 71d0690 Merge branch 'master' into 3.1.1-release
• dd1f01d Fix readme check basde on .tox result
• b112d48 Removed pypy2 support
• 4424d69 Fix italic sentence in rst format
• 6c473c1 Restore docs, readme, bandit to the CI/CD
• fd890ff Merge pull request #764 from oauthlib/3.1.1
• 817f97b 3.1.1 release
• e634ab9 Merge pull request #760 from n2ygk/issue759/check_authz_type
• 5c78975 per @​JonathanHuot use existing get_token_from_header()
• 9f2e8ff handle another case of assuming the token starts after 'Bearer '
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)