- Update to version 1.12.0
+ New feature: MSAL Python supports ConfidentialClientApplication(..., azure_region=...).
If your app is deployed in Azure, you can use this new feature to pin a region.
(#295, #358)
+ New feature: Historically MSAL Python attempts to acquire a Refresh Token (RT) by
default. Since this version, MSAL Python supports ConfidentialClientApplication(...,
excluse_scopes=["offline_access"]) to opt out of RT (#207, #361)
+ Improvement: acquire_token_interactive(...) can also trigger browser when
running inside WSL (8d86917)
+ Adjustment: get_accounts(...) would automatically combine equivalent accounts,
so that your account selector widget could be easier to use (#349)
+ Document: MSAL Python has long been accepting acquire_token_interactive(..., prompt="create"),
now we officially documented it. (#356, #360)
- from version 1.11.0
+ Enhancement: ConfidentialClientApplication also supports
acquire_token_by_username_password() now. (#294, #344)
+ Enhancement: PublicClientApplication's acquire_token_interactive() also supports WSL Ubuntu
18.04 (#332, #333)
+ Enhancement: Enable a retry once behavior on connection error. (But this is only available
from the default http client. If your app supplies your customized http_client via MSAL
constructors, it is your http_client's job to decide whether retry.) (#326)
+ Enhancement: MSAL improves the internal telemetry mechanism. (#137, #175, #329, #345)
+ Bugfix: Better compatibility on handling SAML token when using
acquire_token_by_username_password() with ADFS. (#336)
OBS-URL: https://build.opensuse.org/request/show/903080
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:azure/python-msal?expand=0&rev=16
- Update to version 1.10.0
+ Enhancement: Proactive access token (AT) refreshing. Previously, an AT is
either valid or expired. If an AT expires and your network happens to have
a glitch, your app wouldn't be able to auth. Now, MSAL Python attempts to
refresh some AT (typically long-lived AT) half way towards their expiration,
and silently ignores the error and retries next time, so that your app would
be more resilient. All these happen automatically, without any code change
to your app. (#176, #312, #320)
+ Adjustment: MSAL Python will keep RT in token cache even when its usage
encounters an "invalid_grant" error, so that the RT would likely still
be used by other requests. (#314, #315)
- from version 1.9.0
+ Enhancement: Starting from this version, MSAL will be compatible with both
PyJWT 1.x and PyJWT 2.x (#293, #296)
+ Enhancement: Better support for upcoming Azure CLI's SSH extension (#300, #298)
+ Enhancement: Better deprecation message for get_authorization_request_url()
and acquire_token_by_authorization_code(). (#301, #303)
+ Enhancement: Better exception message when using incorrect case in client_id.
(#304, #307)
+ Other improvements. (forwarded request 881908 from glaubitz)
OBS-URL: https://build.opensuse.org/request/show/881988
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-msal?expand=0&rev=7
- Update to version 1.10.0
+ Enhancement: Proactive access token (AT) refreshing. Previously, an AT is
either valid or expired. If an AT expires and your network happens to have
a glitch, your app wouldn't be able to auth. Now, MSAL Python attempts to
refresh some AT (typically long-lived AT) half way towards their expiration,
and silently ignores the error and retries next time, so that your app would
be more resilient. All these happen automatically, without any code change
to your app. (#176, #312, #320)
+ Adjustment: MSAL Python will keep RT in token cache even when its usage
encounters an "invalid_grant" error, so that the RT would likely still
be used by other requests. (#314, #315)
- from version 1.9.0
+ Enhancement: Starting from this version, MSAL will be compatible with both
PyJWT 1.x and PyJWT 2.x (#293, #296)
+ Enhancement: Better support for upcoming Azure CLI's SSH extension (#300, #298)
+ Enhancement: Better deprecation message for get_authorization_request_url()
and acquire_token_by_authorization_code(). (#301, #303)
+ Enhancement: Better exception message when using incorrect case in client_id.
(#304, #307)
+ Other improvements.
OBS-URL: https://build.opensuse.org/request/show/881908
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:azure/python-msal?expand=0&rev=14
- Update to version 1.8.0
+ New feature: A new extra_scopes_to_consent parameter is introduced
to the acquire_token_interactive(...) API (#212, #286)
+ Adjustment to previous version 1.7.0: Lazy import webbrowser module
only when necessary (#287, #288)
- from version 1.7.0
+ New feature: A new initiate_auth_code_flow() & acquire_token_by_auth_code_flow()
API, which automatically provides PKCE protection for you (#276, #255).
(You are recommended to use these 2 new APIs to replace the previous
get_authorization_request_url() and acquire_token_by_authorization_code().)
+ New feature: A new acquire_token_interactive() (#138, #260, #282), comes with
a sample (#283)
+ Bugfix: Now MSAL Python can properly access those Refresh Tokens which were
keyed slightly differently by different apps. (#279, #280) (forwarded request 862389 from glaubitz)
OBS-URL: https://build.opensuse.org/request/show/862398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-msal?expand=0&rev=6
- Update to version 1.8.0
+ New feature: A new extra_scopes_to_consent parameter is introduced
to the acquire_token_interactive(...) API (#212, #286)
+ Adjustment to previous version 1.7.0: Lazy import webbrowser module
only when necessary (#287, #288)
- from version 1.7.0
+ New feature: A new initiate_auth_code_flow() & acquire_token_by_auth_code_flow()
API, which automatically provides PKCE protection for you (#276, #255).
(You are recommended to use these 2 new APIs to replace the previous
get_authorization_request_url() and acquire_token_by_authorization_code().)
+ New feature: A new acquire_token_interactive() (#138, #260, #282), comes with
a sample (#283)
+ Bugfix: Now MSAL Python can properly access those Refresh Tokens which were
keyed slightly differently by different apps. (#279, #280)
OBS-URL: https://build.opensuse.org/request/show/862389
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:azure/python-msal?expand=0&rev=12
- Update to version 1.6.0
+ New Feature: ```ConfidentialClientApplication``` accepts private
key encrypted by a passphrase. (#232, #270)
+ Enhancement: Provides different exception and messages while
encountering transient error during tenant discovery (#263, #269)
- from version 1.5.1
+ Bugfix: We now cache tokens by specified environment, not by OIDC Discovery.
This won't matter most of the time, but it can be needed when your tenant is
in transitional state while migrating to a different cloud. (#247)
+ Bugfix: We now make sure one app's sign-out operation would be successful even
when another app is acquiring token from cache at the same time. (#258, #262)
- Update Requires from setup.py
OBS-URL: https://build.opensuse.org/request/show/848335
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:azure/python-msal?expand=0&rev=8
- Update to version 1.4.3
+ Bugfix: A side effect in previous release prevented reading some
tokens from a different authority alias (#235, #236)
- from version 1.4.2
+ Bugfix: Changed case of messageID in WS-Trust Requests (#228 , #230 )
+ Bugfix: Removed content-type header sent in request to Mex endpoint (#226 , #227 )
+ Bugfix: Bypasses cache lookup for authority alias if no refresh token found (#223, #225 )
- from version 1.4.1
+ Reverts Application Initializer will not send network requests
introduced in MSAL Python 1.4.0 (#205, #216, #187)
- from version 1.4.0
+ Enhancement: Application initializer will not send network requests. (#205, #187)
+ Enhancement: Improved handling of errors in ADAL to MSAL token migration scenario. (#209, #208)
+ Added changelog in PYPI (#203, #202)
+ Other readme and reference docs adjustments (#200, #197)
OBS-URL: https://build.opensuse.org/request/show/830775
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:azure/python-msal?expand=0&rev=5
- Update to version 1.3.0
+ New feature: class ```ClientApplication``` accepts a new optional parameter
```http_client```. You can provide your own HTTP client to have different
behavior. (#169) Please refer to API Reference doc.
+ New feature: method ```get_authorization_request_url()``` accepts a new optional
parameter ```domain_hint```. (#158, #181)
Please refer to API Reference doc.
+ New feature: A new method ```acquire_token_by_refresh_token()``` to help migrating
refresh tokens from elsewhere to MSAL Python. (#193)
Its usage is demonstrated in this sample.
- from version 1.2.0
+ New ```nonce``` parameter is provided in ```both get_authorization_request_url(..., nonce=...)```
and ```acquire_token_by_authorization_code(..., nonce=...)``` method, so
that you can use them to mitigate replay attacks, per OIDC specs. (#128, #173).
- from version 1.1.0
+ New ```acquire_token_silent_with_error(...)``` method to expose conditional
access error classifications (#143, closes#57).
+ App developers can opt in to provide their app's name and version for Microsoft
Telemetry, so that we can understand your usage pattern and serve you better.
(#136closes#130)
+ Internally,
* Collect anonymous telemetry data to help us improve MSAL Python (#103)
* Test cases cover ADFS 2019 on-premise scenarios (#142, closes#132)
* Switched to our latest lab apis for better test infrastructure (#108, #133, #134, #135)
OBS-URL: https://build.opensuse.org/request/show/815251
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:azure/python-msal?expand=0&rev=3
