MSAL Python 1.33.0b1

Highlights

• Managed Identity on Service Fabric supports specifying client_capabilities and claims_challenge (#791)
• Broker support on Linux and WSL. (#766)
• A byproduct of this is that broker on all platforms will support Python 3.13. (#823)

What's Changed

• ManagedIdentityClient(..., client_capabilities=["cp1"]).acquire_token_for_client(..., claims_challenge="...") by @rayluo in #791
• Update deprecated TokenCache API usage by @pvaneck in #805
• Enable broker support on Linux for WSL by @DharshanBJ in #766
• Fix username/password validation in broker test by @emmanuel-ferdman in #807
• Merge release 1.32.3 back to dev branch by @rayluo in #816
• Add dependency management suggestions by @rayluo in #819
• Remind developers about http_cache's unstable format by @rayluo in #821
• Properly throw MsalServiceError exception by @rayluo in #820
• Improve test cases to test header-less response by @rayluo in #822
• Upgrade dependency by @rayluo in #824
• Linux broker needs a specific redirect_uri by @rayluo in #826
• MSAL Python 1.33.0b1 release by @rayluo in #827

New Contributors

• @pvaneck made their first contribution in #805
• @emmanuel-ferdman made their first contribution in #807

Full Changelog: 1.32.3...1.33.0b1

MSAL Python 1.32.3

Fix a regression on Azure Arc / on-prem servers. (#814, #815)

MSAL Python 1.32.2

Bugfix for Authentication Failed: MsalResponse object has no attribute 'headers' #812

MSAL Python 1.32.1

Optimization on cache.

MSAL Python 1.32.0

Noticeable Changes

• New feature: Supports dSTS by ClientApplication(..., authority="https://...example.com/dstsv2/...") (#767, #772)
• New feature: Start to support POD Identity, configured by env var AZURE_POD_IDENTITY_AUTHORITY_HOST=http://ip:port (#794, #795)
• Bugfix: Support resource with the format of "GUID/.default" when running inside Cloud Shell. (#784, #785)

More details

• Refactor to allow adding new field into cache key and/or content by @rayluo in #751
• Warning when obsolete msal-extensions is detected by @rayluo in #752
• Add msal_cache.bin to .gitignore by @DharshanBJ in #753
• MSAL will use env var MSAL_FORCE_REGION by default by @rayluo in #756
• allow MI endpoint changing through environment variable by @jimdigriz in #754
• Revert "allow MI endpoint changing through environment variable" by @rayluo in #769
• Fix document for using SystemAssigned managed identity by @jiasli in #764
• Suppress a false positive CodeQL alarm by @rayluo in #783
• Pass Sku and Ver to MsalRuntime by @Ugonnaak1 in #786
• Try to suppress another verify=False by @rayluo in #788
• Supports dSTS by ClientApplication(..., authority="https://...example.com/dstsv2/...") by @rayluo in #772
• Add test case to show that OBO supports SP by @rayluo in #481
• Enable Issue-Sentinel to scan for similar issues by @DharshanBJ in #790
• Support pod identity by @rayluo in #795
• Scope to resource by @rayluo in #785

New Contributors

• @DharshanBJ made their first contribution in #753
• @jimdigriz made their first contribution in #754
• @Ugonnaak1 made their first contribution in #786

Full Changelog: 1.31.1...1.32.0

1.31.2b1

• acquire_token_interactive(...) supports scope with the shape of "GUID/.default" when running inside Cloud Shell (#784, #785)

1.31.1

• Bugfix: The Managed Identity detection logic on Arc (#731) had a bug #762, now fixed in PR #763 

Full Changelog: 1.31.0...1.31.1

1.31.0

Highlight

The Broker-on-Mac feature is also blogged here

What's Changed

• Integration with Broker-on-Mac in #596
• Change Managed Identity detection logic on Arc in #731
• Managed Identity supports CAE in #730
• Support Managed Identity on Azure Container Instance (ACI) with Resource id in #741
• Other refactoring in #740

Full Changelog: 1.30.0...1.31.0

1.30.0

What's Changed

• New feature: Support Subject Name/Issuer authentication when using .pfx certificate file. Documentation available in one of the recent purple boxes here. #718
• New feature: Automatically use SHA256 and PSS padding when using .pfx certificate on non-ADFS, non-OIDC authorities. #722
• New feature: Expose refresh_on (if any) to fresh or cached response, so that caller may choose to proactively call acquire_token_silent() early. #723
• Bugfix for token cache search. MSAL 1.27+ customers please upgrade to MSAL 1.30+. #717

Full Changelog: 1.29.0...1.30.0

MSAL Python 1.29.0

Highlight

The Managed Identity feature is also blogged here

What's Changed

• New feature: Supports Managed Identity for Azure VM, App Service (including Azure Functions, Azure Automation), Service Fabric, Azure Machine Learning, Arc, etc.. Comes with a sample, its configuration via ENV VAR, and its API documentation. (#58, #480, #634, #674)
• New feature: Support reading ConfidentialClientApplication's cert from a pfx file (#684, #699)
• New feature: TokenCache class has a new search() method which will return a generator of tokens. The old find() method still exists and returns a list, but MSAL 1.27+ will not call find() anymore. (#693, #644)
• Change: Re-enable the username password flow to go through broker, if available. (#712)

New Contributors

• @fengga made their first contribution in #712

Full Changelog: 1.28.1...1.29.0