Backwards-incompatible API change in OAuth2Validator in 1.6.0

[Natureshadow]

Describe the bug

PR #967 changed the API for OAuth2Validator.get_additional_claims in a backwards-incompatible way (and the project major version has not been bumped, which would have been required by semantic versioning).

Specifically, the request argument was removed, which we relied upon downstream. It seems that the functionality has remained (in a slightly more complex way), but such breakage is not expected between minor versions.

I propose to revert the change in 1.6.1, and make a new release 2.0.0 introducing the breaking change.

Expected behavior

We expect the (documented) API not to break backwords-incompatibly in minor versions.

Version
1.6.0

[Natureshadow]

Then again, reverting the change in a 1.6.1 release would be a breaking change compared to 1.6.0. So the situation cannot be fixed, unless a 1.6.1 release re-introduces the old API, but keeps the new API as well.

But I am afraid this is what needs to be done, because downstream, we cannot really fix this without breaking the API for our modules even further downstream, and pinning the dependency on django-oauth-toolkit to <1.6 will probably have us missing out on security fixes.

EDIT: OK, we actually can. For anyone interested in what a workaround for such a breaking change in a complex downstream app might look like, see here: https://edugit.org/AlekSIS/official/AlekSIS-Core/-/blob/5cae28a03b7bf9dec9390fcb53024600792f6c99/aleksis/core/util/auth_helpers.py#L47

[n2ygk]

Oh, that's not good.

I'd say we should put fixing this on the queue for 1.7.0 but then you'd say it's a major change and it should be 2.0. We've tried to adopt semver -- the project previously had not used it -- and it seems we missed this as being a breaking fix.

Need to research what happened here and come up with a plan. Meanwhile go ahead and temporarily pin <1.6.0.

[n2ygk]

I think we need to revert this PR and issue 1.6.2. That will require some git branch games as we've already merged a bunch of new 1.7.0 changes.

KISS: Adding this to 1.7.0 and will try to get it released quickly.