MSAL Python 1.7.0 #284
Merged
MSAL Python 1.7.0 #284
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Merge MSAL Python 1.6.0 back to dev branch
Details: No longer display auth code in the result page Adds timeout behavior Use optional text parameter to toggle landing page Supports state validation Supports dynamic port Returns auth_response instead of auth_code Refactor internal API layers Carefully choose the address to listen to Use RuntimeError for timeout, and let it bubble up Conclude the research on IPv6 Expose minimal API from authcode module
They are implemented in both oauth2 and oidc client Disallow implicit grant and hybrid grant oidc.Client automatically includes "openid" scope
Reuse old rt data even if its key is different
New initialize_auth_code_flow() and acquire_token_by_auth_code_flow()
CVE-2020-26244 does not yet have detail info, but its fix on another library is available here CZ-NIC/pyoidc@62f8d75 More background info is available here: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
So, we ignore that error when it is running on Travis CI
With Telemetry docs also being updated at https://microsoft-my.sharepoint-df.com/:x:/p/sagonzal/EXSrr4vM1utAqQQfD6bMln4BYKwjrqh3cagiNJWPVNjLzw?e=G5FybL
Acquire token interactive using system browser
Fix a malfunction in yesterday's acquire_token_interactive() PR
A sample for the new acquire_token_interactive()
Bump version number
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Each of the features/bugfixes included in this release has been tested, reviewed and approved in their individual PR. The purpose of this all-in-one release PR is to organize the release process. Please review/proof-read the following release notes.
Release Notes:
initiate_auth_code_flow()&acquire_token_by_auth_code_flow()API, which automatically provides PKCE protection for you (New initialize_auth_code_flow() and acquire_token_by_auth_code_flow() #276, PKCE Support #255). (You are recommended to use these 2 new APIs to replace the previousget_authorization_request_url()andacquire_token_by_authorization_code().)acquire_token_interactive()(Interactive auth using system browser #138, Acquire token interactive using system browser #260, Fix a malfunction in yesterday's acquire_token_interactive() PR #282), comes with a sample (A sample for the new acquire_token_interactive() #283)If you prefer to, you can install this branch for your smoke testing: