Releases: AzureAD/microsoft-authentication-library-for-python
MSAL Python 1.28.0
MSAL Python 1.27.0
What's Changed
Release Notes:
- New feature:
remove_tokens_for_client()
will remove tokens acquired byacquire_token_for_client()
(#640, #650, #666) - Performance: Throughput of token-cache-hit happy path is roughly 2x faster (#644)
- Adjustment: MSAL no longer attempts to validate an ID token's time (#656, #657)
- Adjustment: Bump upstream broker dependency to 0.14.x
- Improvement: Better chance to remove accounts from broker (#651)
- Improvement: Cleaner console output when the http local server is visited in https protocol (#546)
- Improvement: Reduce a bare
except
clause (#667)
Note:
- The previous preview features in previous
1.27.0b2
requires more beta testing, so they did NOT make it to1.27.0
. If you want to beta test1.27.0b2
, follow its own instruction. - MSAL Python 1.27 is the last version that still runs on Python 2.7
New Contributors
- @Singletoned made their first contribution in #667
Full Changelog: 1.26.0...1.27.0
MSAL Python 1.27.0b2
This beta release is a preview for the broker-on-Mac support. You can install it by pip install msal==1.27.0b2
. Please refer to this staged API Reference Doc for how to opt into this new feature.
MSAL Python 1.26.0
MSAL Python 1.25.0
- Deprecation:
allow_broker
will be replaced byenable_broker_on_windows
(#613) - Bugfix: Device Code Flow (and Username Password Flow) and its subsequent silent request will automatically bypass broker and succeed. (#569)
- Enhancement:
acquire_token_interactive()
supports running inside Docker - Observability: Successful token response will contain a new
token_source
field to indicate where the token was obtained from:identity_provider
,cache
orbroker
. (#610)
MSAL Python 1.24.1
Includes minor adjustments on handling acquire_token_interactive(). The scope of the issue being addressed was limited to a short-lived sign-in attempt. The potential misuse vector complexity was high, therefore it is unlikely to be reproduced in standard usage scenarios; however, out of abundance of caution, this fix is shipped to align ourselves with Microsoft's policy of secure-by-default.
MSAL Python 1.24.0b2
Experimental: Building on top of 1.24.0b1 and includes some adjustment on handling acquire_token_interactive().
MSAL Python 1.24.0
- Enhancement: There may be a new
msal_telemetry
key available in MSAL's acquire token response, currently observed when broker is enabled. Its content and format are opaque to caller. This telemetry blob allows participating apps to collect them via telemetry, and it may help future troubleshooting. (#575) - Enhancement: A new
enable_pii_log
parameter is added intoClientApplication
constructor. When enabled, the broker component may include PII (Personal Identifiable Information) in logs. This may help troubleshooting. (#568, #590)
MSAL Python 1.24.0b1
Experimental: Surface msal telemetry as a long opaque string (#575). This behavior is useful if your app has your own telemetry mechanism and wants to also collect MSAL's telemetry.
MSAL Python 1.23.0
Improvements:
acquire_token_for_client()
will automatically look up tokens from cache (#577). (But all otheracquire_token_...()
methods still require an explicitacquire_token_silent()
in order to utilize token cache.)