Add changelog for improved InvalidCredentials

indico · Feb 4, 2025 · b7a029d · b7a029d
1 parent 5d123c3
commit b7a029d
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -9,6 +9,8 @@ Version 0.7
 - Allow setting timeout for authlib token requests (default: 10 seconds)
 - Add new ``MULTIPASS_HIDE_NO_SUCH_USER`` config setting to convert ``NoSuchUser``
   exceptions to ``InvalidCredentials`` to avoid disclosing whether a username is valid
+- Include the username in the ``identifier`` attribute of the ``InvalidCredentials``
+  exception so applications can apply e.g. per-username rate limiting
 
 Version 0.6
 -----------