Releases: AzureAD/microsoft-authentication-library-for-python
Releases · AzureAD/microsoft-authentication-library-for-python
MSAL Python 1.12.0
- New feature: MSAL Python supports
ConfidentialClientApplication(..., azure_region=...). If your app is deployed in Azure, you can use this new feature to pin a region. (#295, #358) - New feature: Historically MSAL Python attempts to acquire a Refresh Token (RT) by default. Since this version, MSAL Python supports
ConfidentialClientApplication(..., excluse_scopes=["offline_access"])to opt out of RT (#207, #361)
UPDATE: There was a minor bug in this feature, which has been fixed now. We recommended all customers upgrading tomsal>=1.14.0,<2. - Improvement:
acquire_token_interactive(...)can also trigger browser when running inside WSL (8d86917) - Adjustment:
get_accounts(...)would automatically combine equivalent accounts, so that your account selector widget could be easier to use (#349) - Document: MSAL Python has long been accepting
acquire_token_interactive(..., prompt="create"), now we officially documented it. (#356, #360)
MSAL 1.11.0
- Enhancement:
ConfidentialClientApplicationalso supportsacquire_token_by_username_password()now. (#294, #344) - Enhancement:
PublicClientApplication'sacquire_token_interactive()also supports WSL Ubuntu 18.04 (#332, #333) - Enhancement: Enable a retry once behavior on connection error. (But this is only available from the default http client. If your app supplies your customized
http_clientvia MSAL constructors, it is yourhttp_client's job to decide whether retry.) (#326) - Enhancement: MSAL improves the internal telemetry mechanism. (#137, #175, #329, #345)
- Bugfix: Better compatibility on handling SAML token when using
acquire_token_by_username_password()with ADFS. (#336)
MSAL Python 1.10.0
- Enhancement: Proactive access token (AT) refreshing. Previously, an AT is either valid or expired. If an AT expires and your network happens to have a glitch, your app wouldn't be able to auth. Now, MSAL Python attempts to refresh some AT (typically long-lived AT) half way towards their expiration, and silently ignores the error and retries next time, so that your app would be more resilient. All these happen automatically, without any code change to your app. (#176, #312, #320)
- Adjustment: MSAL Python will keep RT in token cache even when its usage encounters an "invalid_grant" error, so that the RT would likely still be used by other requests. (#314, #315)
MSAL Python 1.9.0
- Enhancement: Starting from this version, MSAL will be compatible with both PyJWT 1.x and PyJWT 2.x (#293, #296)
- Enhancement: Better support for upcoming Azure CLI's SSH extension (#300, #298)
- Enhancement: Better deprecation message for
get_authorization_request_url()andacquire_token_by_authorization_code(). (#301, #303) - Enhancement: Better exception message when using incorrect case in
client_id. (#304, #307) - Other improvements.
MSAL Python 1.8.0
MSAL Python 1.7.0
This version contains a bugfix. We recommend all customers to upgrade to this version and upwards. msal>=1.7.0,<2.
- New feature: A new
initiate_auth_code_flow()&acquire_token_by_auth_code_flow()API, which automatically provides PKCE protection for you (#276, #255). (You are recommended to use these 2 new APIs to replace the previousget_authorization_request_url()andacquire_token_by_authorization_code().) - New feature: A new
acquire_token_interactive()(#138, #260, #282), comes with a sample (#283) - Bugfix: Now MSAL Python can properly access those Refresh Tokens which were keyed slightly differently by different apps. (#279, #280)
MSAL Python 1.6.0
MSAL Python 1.5.1
- Bugfix: We now cache tokens by specified environment, not by OIDC Discovery. This won't matter most of the time, but it can be needed when your tenant is in transitional state while migrating to a different cloud. (#247)
- Bugfix: We now make sure one app's sign-out operation would be successful even when another app is acquiring token from cache at the same time. (#258, #262)
