- version update to 1.0.1
### Fixed
- [#341] Using constant time comparison for password verification
- [#598] Move alabaster from runtime dependencies to docs
- [#398] Do not echo cookies that do not belong to us
- [#607] Fixed key recovery on encryption of payload
- [#618] Prettified `client_management.py` CLI and wrapped it as
a setup.py console script `oic-client-management`
- [#615] Fix ROPC grant in the extensions provider
- [#640] Use more secure random generator for client_secret
- [#639] Make sure symmetric keys are available after server restart
- [#146] Make SessionDB storage conductive with multi-session
### Changed
- [#578] Dropped python 2.7 support
- [#612] Dropped python 3.4 support
- [#588] Switch to defusedxml for XML parsing
- [#605] Message.c_param dictionary values have to be a ParamDefinition namedtuple type
- [#56] Updated README, CLI help texts, pip requirements.txt and such for OP2,
making it into a stand-alone example easy for beginners to take on
- [#624] token_endpoint implementation and kwargs have been changed
- [#629] Duplicated methods in oic.oic classes were removed.
- [#642] Deprecated `bearer_auth` method.
- [#631] Refactored message type handling in Client/Provider.
- [#644] refresh_db kwarg in SessionDB has been deprecated
### Added
- [#655] Host can be forced on webfinger discovery
- [#441] CookieDealer now accepts secure and httponly params
- [#638] Moved `providerinfo_endpoint` from `oic.extensions` to `oic.oauth2`
- [#664] Messages needed for Single-Sign-Out Support
* python3 only package