MSAL Python 1.32.0

Noticeable Changes

• New feature: Supports dSTS by ClientApplication(..., authority="https://...example.com/dstsv2/...") (#767, #772)
• New feature: Start to support POD Identity, configured by env var AZURE_POD_IDENTITY_AUTHORITY_HOST=http://ip:port (#794, #795)
• Bugfix: Support resource with the format of "GUID/.default" when running inside Cloud Shell. (#784, #785)

More details

• Refactor to allow adding new field into cache key and/or content by @rayluo in #751
• Warning when obsolete msal-extensions is detected by @rayluo in #752
• Add msal_cache.bin to .gitignore by @DharshanBJ in #753
• MSAL will use env var MSAL_FORCE_REGION by default by @rayluo in #756
• allow MI endpoint changing through environment variable by @jimdigriz in #754
• Revert "allow MI endpoint changing through environment variable" by @rayluo in #769
• Fix document for using SystemAssigned managed identity by @jiasli in #764
• Suppress a false positive CodeQL alarm by @rayluo in #783
• Pass Sku and Ver to MsalRuntime by @Ugonnaak1 in #786
• Try to suppress another verify=False by @rayluo in #788
• Supports dSTS by ClientApplication(..., authority="https://...example.com/dstsv2/...") by @rayluo in #772
• Add test case to show that OBO supports SP by @rayluo in #481
• Enable Issue-Sentinel to scan for similar issues by @DharshanBJ in #790
• Support pod identity by @rayluo in #795
• Scope to resource by @rayluo in #785

New Contributors

• @DharshanBJ made their first contribution in #753
• @jimdigriz made their first contribution in #754
• @Ugonnaak1 made their first contribution in #786

Full Changelog: 1.31.1...1.32.0

1.31.2b1

• acquire_token_interactive(...) supports scope with the shape of "GUID/.default" when running inside Cloud Shell (#784, #785)

1.31.1

• Bugfix: The Managed Identity detection logic on Arc (#731) had a bug #762, now fixed in PR #763 

Full Changelog: 1.31.0...1.31.1

1.31.0

Highlight

The Broker-on-Mac feature is also blogged here

What's Changed

• Integration with Broker-on-Mac in #596
• Change Managed Identity detection logic on Arc in #731
• Managed Identity supports CAE in #730
• Support Managed Identity on Azure Container Instance (ACI) with Resource id in #741
• Other refactoring in #740

Full Changelog: 1.30.0...1.31.0

1.30.0

What's Changed

• New feature: Support Subject Name/Issuer authentication when using .pfx certificate file. Documentation available in one of the recent purple boxes here. #718
• New feature: Automatically use SHA256 and PSS padding when using .pfx certificate on non-ADFS, non-OIDC authorities. #722
• New feature: Expose refresh_on (if any) to fresh or cached response, so that caller may choose to proactively call acquire_token_silent() early. #723
• Bugfix for token cache search. MSAL 1.27+ customers please upgrade to MSAL 1.30+. #717

Full Changelog: 1.29.0...1.30.0

MSAL Python 1.29.0

Highlight

The Managed Identity feature is also blogged here

What's Changed

• New feature: Supports Managed Identity for Azure VM, App Service (including Azure Functions, Azure Automation), Service Fabric, Azure Machine Learning, Arc, etc.. Comes with a sample, its configuration via ENV VAR, and its API documentation. (#58, #480, #634, #674)
• New feature: Support reading ConfidentialClientApplication's cert from a pfx file (#684, #699)
• New feature: TokenCache class has a new search() method which will return a generator of tokens. The old find() method still exists and returns a list, but MSAL 1.27+ will not call find() anymore. (#693, #644)
• Change: Re-enable the username password flow to go through broker, if available. (#712)

New Contributors

• @fengga made their first contribution in #712

Full Changelog: 1.28.1...1.29.0

MSAL Python 1.28.1

• Change: pip install msal[broker] will now pick up the latest PyMsalRuntime 0.16.x which contains a bugfix for being run as administrator. This release fixes #707.

MSAL Python 1.28.0

• New feature: PublicClientApplication and ConfidentialClientApplication have a new oidc_authority parameter that can be used to specify authority of any generic OpenID Connect authority, typically the customized domain for CIAM. (#676, #678)
• Dropping Python 2.7

MSAL Python 1.27.0

What's Changed

Release Notes:

• New feature: remove_tokens_for_client() will remove tokens acquired by acquire_token_for_client() (#640, #650, #666)
• Performance: Throughput of token-cache-hit happy path is roughly 2x faster (#644)
• Adjustment: MSAL no longer attempts to validate an ID token's time (#656, #657)
• Adjustment: Bump upstream broker dependency to 0.14.x
• Improvement: Better chance to remove accounts from broker (#651)
• Improvement: Cleaner console output when the http local server is visited in https protocol (#546)
• Improvement: Reduce a bare except clause (#667)

Note:

• The previous preview features in previous 1.27.0b2 requires more beta testing, so they did NOT make it to 1.27.0. If you want to beta test 1.27.0b2, follow its own instruction.
• MSAL Python 1.27 is the last version that still runs on Python 2.7

New Contributors

• @Singletoned made their first contribution in #667

Full Changelog: 1.26.0...1.27.0

MSAL Python 1.27.0b2

This beta release is a preview for the broker-on-Mac support. You can install it by pip install msal==1.27.0b2. Please refer to this staged API Reference Doc for how to opt into this new feature.

_{(Note to MSAL maintenance team: The tag was accidentally named "...b1", while the actual version number was "...b2". This is not a problem when we eventually do it right when shipping the stable "1.27.0" in the future.)}