Releases: AzureAD/microsoft-authentication-library-for-python
MSAL Python 1.22.0
MSAL Python 1.21.0
The API in this new version remains the same as the previous version.
Enhancements:
- Support getting an ssh certificate via broker (#515)
- Support B2C's usage pattern of using client id as a scope (#505, #530)
- MSAL's token cache helper can now be used to store tokens returned by App Service's Managed Identity (#519)
- Switch to a new set of regional endpoints (#513)
- Test matrix covers Python 3.11 (#512)
Known issue:
The following issues were discovered after this version's release: #563
MSAL Python 1.20.0
New feature:
If your app uses MSAL's acquire_token_interactive(), you can now opt in to use broker on Windows platform to achieve Single-Sign-On (SSO) and also obtain more secure tokens, all without switching the log-in experience to a browser. See details in this online doc, and try it out from this sample. (#451, #415)
For example, after utilizing this new feature, a command-line (CLI) app's login experience would look like this:
Known issue:
The following issues were discovered after this version's release: #563
MSAL Python 1.19.0
- New feature: A new
ClientApplication(..., instance_discovery=False)parameter to turn off MSAL's Instance Discovery behavior. See more details in its full documentation. Also, ADFS authority will no longer trigger Instance Discovery. (#496) - Enhancement: Use provided authority port when building the tenant discovery endpoint (#484)
- Bugfix: Fix a regression in regional endpoint which affects MSAL Python 1.14+ (#485)
- Enhancement: Tolerate home_account_id to be None
MSAL Python 1.20.0b1
New feature:
If your app uses MSAL's acquire_token_interactive(), you can now opt in to use broker on Windows platform to achieve Single-Sign-On (SSO) and also obtain more secure tokens, all without switching the log-in experience to a browser. See details in this online doc, and try it out from this sample. (#451, #415)
For example, after utilizing this new feature, a command-line (CLI) app's login experience would look like this:
MSAL Python 1.18.0
(The MSAL Python 1.18.0b1 has been stable in last 2 weeks, and we are now shipping it as 1.18.0)
- New feature: Optional
initiate_auth_code_flow(..., response_mode="form_post")to allow the auth code being delivered to your app by form post, which is considered even more secure. (#396, #469) - New feature:
acquire_token_interactive(..., prompt="none")can obtain some tokens from within Cloud Shell, without any prompt. (#420)
MSAL Python 1.18.0b1
- New feature: Optional
initiate_auth_code_flow(..., response_mode="form_post")to allow the auth code being delivered to your app by form post, which is considered even more secure. (#396, #469) - New feature:
acquire_token_interactive(..., prompt="none")can obtain some tokens from within Cloud Shell, without any prompt. (#420)
MSAL Python 1.17.0
- New: Define some Cloud Instance constants and the usage pattern of using them (#221, #433)
- Enhancement: Lazy-load dependencies so that the start-up and run time will usually be faster. (#423, #454)
- Enhancement: Bubble up token refresh exceptions (#431, #434)
- Enhancement: Documents a simpler
http_cacheusage pattern (#439) - Enhancement: Expose authority discovery error for troubleshooting (#443)
- Enhancement: Actionable exception message when local machine time error is detected (#446, #449, #453)
- Enhancement: Actionable exception message when username password flow encounters errors with ADFS (#456, #458)
MSAL Python 1.16.0
- New feature: Introducing a new
http_cacheparameter, whose documentation is available by searchinghttp_cache (dict)from our API Reference Doc (Implementation #407). If an app utilizes this feature, it will also address #80 & #334. - Improvement: Prevent concurrent interactive flows listening on same port when running on Windows (#427)
- Improvement: Detecting Region/Regional Endpoint from env var. Also ensure the entire regional endpoint behavior needs to opt in. (#425)
MSAL Python 1.15.0
- New feature: Now both
initiate_auth_code_flow()andacquire_token_interactive()accept a new optional parametermax_agewhich is the allowable elapsed time in seconds since the last time the End-User was actively authenticated. If the elapsed time is greater than this value, Microsoft identity platform will actively re-authenticate the End-User. (#381, #389) - Improvement: MSAL will now automatically utilize a backup authentication system, to provide better resiliency. (#376, #395, #409)
- Improvement: Previously,
acquire_token_interactive()was not able to be aborted by CTRL+C when running on Windows. It is now fixed. (#393, #404) - Bugfix: The http cache feature shipped in #379 came with an unexpected side effect to slow down the Device Code Flow. Now fixed. (#408, #410)
- Change: Adopting
cryptography 35.0.0(#414)