• Files Changed
• Browse Source

- Update to version 1.30.0
  * New feature: Support Subject Name/Issuer authentication when using
    .pfx certificate file. Documentation available in one of the recent
    purple boxes here. (#718)
  * New feature: Automatically use SHA256 and PSS padding when using
    .pfx certificate on non-ADFS, non-OIDC authorities. (#722)
  * New feature: Expose refresh_on (if any) to fresh or cached response,
    so that caller may choose to proactively call acquire_token_silent()
    early. (#723)
  * Bugfix for token cache search. MSAL 1.27+ customers please upgrade
    to MSAL 1.30+. (#717) (forwarded request 1190661 from glaubitz)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Update to version 1.28.0
  * New feature: PublicClientApplication and ConfidentialClientApplication
    have a new oidc_authority parameter that can be used to specify authority
    of any generic OpenID Connect authority, typically the customized domain
    for CIAM. (#676, #678)
  * Dropping Python 2.7
- from version 1.27.0
  * New feature: remove_tokens_for_client() will remove tokens acquired
    by acquire_token_for_client() (#640, #650, #666)
  * Performance: Throughput of token-cache-hit happy path is roughly 2x faster (#644)
  * Adjustment: MSAL no longer attempts to validate an ID token's time (#656, #657)
  * Adjustment: Bump upstream broker dependency to 0.14.x
  * Improvement: Better chance to remove accounts from broker (#651)
  * Improvement: Cleaner console output when the http local server
    is visited in https protocol (#546)
  * Improvement: Reduce a bare except clause (#667) (forwarded request 1166290 from glaubitz)

• Files Changed
• Browse Source

- Switch package to modern Python Stack on SLE-15
  + Use Python 3.11 on SLE-15 by default
  + Add Obsoletes for old python3 package on SLE-15
  + Drop support for older Python versions
- Switch build system from setuptools to pyproject.toml
  + Add python-pip and python-wheel to BuildRequires
  + Replace %python_build with %pyproject_wheel
  + Replace %python_install with %pyproject_install
  + Update name for dist directory in %files section (forwarded request 1164951 from glaubitz)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Update to version 1.25.0
  + Deprecation: allow_broker will be replaced by enable_broker_on_windows (#613)
  + Bugfix: Device Code Flow (and Username Password Flow) and its subsequent silent
    request will automatically bypass broker and succeed. (#569)
  + Enhancement: acquire_token_interactive() supports running inside Docker
  + Observability: Successful token response will contain a new token_source field
    to indicate where the token was obtained from: identity_provider, cache or broker.
    (#610) (forwarded request 1128530 from glaubitz)

• Files Changed
• Browse Source

- Update to version 1.24.1
  + Includes minor adjustments on handling acquire_token_interactive().
    The scope of the issue being addressed was limited to a short-lived
    sign-in attempt. The potential misuse vector complexity was high,
    therefore it is unlikely to be reproduced in standard usage scenarios;
    however, out of abundance of caution, this fix is shipped to align
    ourselves with Microsoft's policy of secure-by-default.
- from version 1.24.0
  + Enhancement: There may be a new msal_telemetry key available in MSAL's
    acquire token response, currently observed when broker is enabled. Its
    content and format are opaque to caller. This telemetry blob allows
    participating apps to collect them via telemetry, and it may help
    future troubleshooting. (#575)
  + Enhancement: A new enable_pii_log parameter is added into ClientApplication
    constructor. When enabled, the broker component may include PII (Personal
    Identifiable Information) in logs. This may help troubleshooting. (#568, #590)
- Remove temporary version override (forwarded request 1116418 from glaubitz)

• Files Changed
• Browse Source

- Update to version 1.24.0b1
  + Experimental: Surface MSAL telemetry as a long opaque string (#575).
    This behavior is useful if your app has your own telemetry mechanism
    and wants to also collect MSAL's telemetry.
- from version 1.23.0
  + acquire_token_for_client() will automatically look up tokens from cache (#577)
- Override upstream version with 1.24.0~b1 (forwarded request 1103883 from glaubitz)

• Files Changed
• Browse Source

- Update to version 1.22.0
  + New feature: Support CIAM authorities in the
    form of "tenant.ciamlogin.com/*" (#520) (forwarded request 1080273 from glaubitz)

• Files Changed
• Browse Source

- Update to version 1.21.0
  + Support getting an ssh certificate via broker (#515)
  + Support B2C's usage pattern of using client id as a scope (#505, #530)
  + MSAL's token cache helper can now be used to store tokens returned
    by App Service's Managed Identity (#519)
  + Switch to a new set of regional endpoints (#513)
  + Test matrix covers Python 3.11 (#512) (forwarded request 1063813 from glaubitz)

• Files Changed
• Browse Source

- Update to version 1.20.0
  + New feature: If your app uses MSAL's acquire_token_interactive(), you can
    now opt in to use broker on Windows platform to achieve Single-Sign-On (SSO)
    and also obtain more secure tokens, all without switching the log-in experience
    to a browser. See details in this online doc, and try it out from this sample.
    (#451, #415)
- from version 1.19.0
  + New feature: A new ClientApplication(..., instance_discovery=False) parameter
    to turn off MSAL's Instance Discovery behavior. See more details in its full
    documentation. Also, ADFS authority will no longer trigger Instance Discovery. (#496)
  + Enhancement: Use provided authority port when building the tenant discovery endpoint (#484)
  + Bugfix: Fix a regression in regional endpoint which affects MSAL Python 1.14+ (#485)
  + Enhancement: Tolerate home_account_id to be None
- from version 1.18.0
  + New feature: Optional initiate_auth_code_flow(..., response_mode="form_post")
    to allow the auth code being delivered to your app by form post, which is
    considered even more secure. (#396, #469)
  + New feature: acquire_token_interactive(..., prompt="none") can obtain some
    tokens from within Cloud Shell, without any prompt. (#420) (forwarded request 1010424 from glaubitz)

• Files Changed
• Browse Source

- Update to version 1.18.0b1
  + New feature: Optional initiate_auth_code_flow(..., response_mode="form_post")
    to allow the auth code being delivered to your app by form post, which is
    considered even more secure. (#396, #469)
  + New feature: acquire_token_interactive(..., prompt="none") can obtain some
    tokens from within Cloud Shell, without any prompt. (#420) (forwarded request 978928 from glaubitz)

• Files Changed
• Browse Source

- Update to version 1.17.0
  + New: Define some Cloud Instance constants and the usage
    pattern of using them (#221, #433)
  + Enhancement: Lazy-load dependencies so that the start-up
    and run time will usually be faster. (#423, #454)
  + Enhancement: Bubble up token refresh exceptions (#431, #434)
  + Enhancement: Documents a simpler http_cache usage pattern (#439)
  + Enhancement: Expose authority discovery error for troubleshooting (#443)
  + Enhancement: Actionable exception message when local machine
    time error is detected (#446, #449, #453)
  + Enhancement: Actionable exception message when username
    password flow encounters errors with ADFS (#456, #458) (forwarded request 967331 from glaubitz)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Update to version 1.10.0
  + Enhancement: Proactive access token (AT) refreshing. Previously, an AT is
    either valid or expired. If an AT expires and your network happens to have
    a glitch, your app wouldn't be able to auth. Now, MSAL Python attempts to
    refresh some AT (typically long-lived AT) half way towards their expiration,
    and silently ignores the error and retries next time, so that your app would
    be more resilient. All these happen automatically, without any code change
    to your app. (#176, #312, #320)
  + Adjustment: MSAL Python will keep RT in token cache even when its usage
    encounters an "invalid_grant" error, so that the RT would likely still
    be used by other requests. (#314, #315)
- from version 1.9.0
  + Enhancement: Starting from this version, MSAL will be compatible with both
    PyJWT 1.x and PyJWT 2.x (#293, #296)
  + Enhancement: Better support for upcoming Azure CLI's SSH extension (#300, #298)
  + Enhancement: Better deprecation message for get_authorization_request_url()
    and acquire_token_by_authorization_code(). (#301, #303)
  + Enhancement: Better exception message when using incorrect case in client_id.
    (#304, #307)
  + Other improvements. (forwarded request 881908 from glaubitz)

• Files Changed
• Browse Source

- Update to version 1.8.0
  + New feature: A new extra_scopes_to_consent parameter is introduced
    to the acquire_token_interactive(...) API (#212, #286)
  + Adjustment to previous version 1.7.0: Lazy import webbrowser module
    only when necessary (#287, #288)
- from version 1.7.0
  + New feature: A new initiate_auth_code_flow() & acquire_token_by_auth_code_flow()
    API, which automatically provides PKCE protection for you (#276, #255).
    (You are recommended to use these 2 new APIs to replace the previous
    get_authorization_request_url() and acquire_token_by_authorization_code().)
  + New feature: A new acquire_token_interactive() (#138, #260, #282), comes with
    a sample (#283)
  + Bugfix: Now MSAL Python can properly access those Refresh Tokens which were
    keyed slightly differently by different apps. (#279, #280) (forwarded request 862389 from glaubitz)

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source