Skip to content

Latest commit

 

History

History
1577 lines (796 loc) · 111 KB

CHANGELOG.md

File metadata and controls

1577 lines (796 loc) · 111 KB

Changelog

PyPI History

2.36.1 (2024-11-08)

Bug Fixes

  • Improve user guide for Impersonation and SA (#1627) (656307d)

2.36.0 (2024-10-30)

Features

  • IAM signblob retries (#1600) (484c8db)
  • Making iam endpoint universe-aware (#1604) (16c728d)
  • Support External Account Authorized User as a Source Credential for impersonated credentials in ADC (#1608) (875796c)

Bug Fixes

2.35.0 (2024-09-17)

Features

Bug Fixes

  • Remove token_info call from token refresh path (#1595) (afb9e5a)

2.34.0 (2024-08-13)

Features

  • auth: Update get_client_ssl_credentials to support X.509 workload certs (#1558) (18c2ec1)

Bug Fixes

  • Retry token request on retryable status code (#1563) (f858a15)

2.33.0 (2024-08-06)

Features

  • Implement async StaticCredentials using access tokens (#1559) (dc17dfc)
  • Implement base classes for credentials and request sessions (#1551) (036dac4)

Bug Fixes

  • metadata: Enhance retry logic for metadata server access in _metadata.py (#1545) (61c2432)

Documentation

  • Update argument for Credentials initialization (#1557) (40b9ed9)

2.32.0 (2024-07-08)

Features

  • Adds support for X509 workload credential type (#1541) (1270217)

2.31.0 (2024-06-27)

Features

Bug Fixes

2.30.0 (2024-06-06)

Features

  • Add WebAuthn plugin component to handle WebAuthn get assertion request (#1464) (e25f336)
  • ECP Provider drop cryptography requirement (#1524) (a821d71)
  • Enable webauthn plugin for security keys (#1528) (e2d5e63)

Bug Fixes

  • Fix id_token iam endpoint for non-gdu service credentials (#1506) (93d681e)
  • Makes default token_url universe aware (#1514) (045776e)

2.29.0 (2024-03-18)

Features

  • Adds support for custom suppliers in AWS and Identity Pool credentials (#1496) (3af1768)

Bug Fixes

  • Refactor tech debt in aws and identity pool credentials (#1501) (ce435b0)

2.28.2 (2024-03-08)

Bug Fixes

2.28.1 (2024-02-21)

Bug Fixes

  • Typo when setting the state for the pickle deserializer. (#1479) (08b5cc3)

2.28.0 (2024-02-15)

Features

  • Adding universe domain support for downscroped credentials (#1463) (fa8b7b2)

Bug Fixes

  • Change log level to debug for return_none_for_not_found_error (#1473) (a036b47)
  • Make requests import conditional for gce universe domain (#1476) (9bb64c8)

2.27.0 (2024-01-24)

Features

  • Add optional account association for Authorized User credentials. (#1458) (988153d)

Bug Fixes

  • Allow custom universe domain for gce creds (#1460) (7db5823)
  • Conditionally import requests only if no request was passed by the caller. (#1456) (9cd6742)

2.26.2 (2024-01-11)

Bug Fixes

  • Read universe_domain for external account authorized user (#1450) (1cc7df3)

2.26.1 (2024-01-03)

Bug Fixes

  • Ensure that refresh worker is pickle-able. (#1447) (421c184)

2.26.0 (2023-12-20)

Features

  • Add optional non blocking refresh for sync auth code (a6dc2c3)
  • Add optional non blocking refresh for sync auth code (#1368) (a6dc2c3)

Bug Fixes

  • External account user cred universe domain support (#1437) (75068f9)
  • Guard delete statements. Add default fallback for _use_non_blocking_refresh. (#1445) (776d634)

2.25.2 (2023-12-08)

Bug Fixes

2.25.1 (2023-12-06)

Bug Fixes

2.25.0 (2023-12-04)

Features

  • Add custom tls signer for ECP Provider. (39eb287)
  • Add custom tls signer for ECP Provider. (#1402) (39eb287)

Bug Fixes

  • Add with_universe_domain (#1408) (505910c)
  • Fixes issue where Python37DeprecationWarning cannot be filtered (#1428) (f22f767)
  • Remove broken link in Python37DeprecationWarning (#1430) (e2db602)

2.24.0 (2023-11-29)

Features

Bug Fixes

  • Add missing before request to async oauth2 credentials. (#1420) (8eaa878)
  • Auto create self signed jwt cred (#1418) (6c610a5)
  • Migrate datetime.utcnow for python 3.12 (#1413) (e4d9c27)

Documentation

2.23.4 (2023-10-31)

Bug Fixes

  • Export detect_gce_residency_linux function (#1403) (809da13)

2.23.3 (2023-10-05)

Bug Fixes

2.23.2 (2023-09-28)

Bug Fixes

2.23.1 (2023-09-26)

Bug Fixes

  • Less restrictive content-type header check for google authentication (ignores charset) (#1382) (7039beb)
  • Trust boundary meta header renaming and using the schema from backend team. (#1384) (2503d4a)
  • Update urllib3 to >= 2.0.5 (#1389) (a99f3bb)

2.23.0 (2023-09-11)

Features

  • Add get_bq_config_path() to _cloud_sdk.py (9f52f66)
  • Add get_bq_config_path() to _cloud_sdk.py (#1358) (9f52f66)

Bug Fixes

  • Expose universe domain in credentials (#1380) (8b8fce6)
  • Make external_account resistant to string type 'expires_in' responses from non-compliant services (#1379) (01d3770)
  • Missing ssj for impersonate cred (#1377) (7d453dc)
  • Skip checking projectid on cred if env var is set (#1349) (a4135a3)

2.22.0 (2023-07-06)

Features

  • Adding meta header for trust boundary (#1334) (908c8d1)
  • Introduce compatibility with native namespace packages (#1205) (2f75922)

Bug Fixes

2.21.0 (2023-06-26)

Features

Bug Fixes

2.20.0 (2023-06-12)

Features

  • Add public API load_credentials_from_dict (#1326) (5467ad7)

Bug Fixes

2.19.1 (2023-06-01)

Bug Fixes

  • Check id token error response (#1315) (2a71f7b)
  • Fix "AttributeError: 'str' object has no attribute 'get'" (dac7cc3)

Documentation

  • Replacing abc.com with example.com (dac7cc3)

2.19.0 (2023-05-25)

Features

2.18.1 (2023-05-17)

Bug Fixes

  • Self signed jwt token should be string type (#1294) (17356fd)

2.18.0 (2023-05-10)

Features

  • Add smbios check to detect GCE residency (#1276) (22d241b)
  • Universe domain support for service account (#1286) (821c1b6)

2.17.3 (2023-04-12)

Bug Fixes

  • Add useEmailAzp claim for id token iam flow (#1270) (7a9c6f2)

2.17.2 (2023-04-05)

Bug Fixes

  • Do not create new JWT credentials if they make the same claims as the existing. (#1267) (eebb7b6)

2.17.1 (2023-03-30)

Bug Fixes

  • Print out reauth plugin error and raise if challenge output is None (#1265) (08d22fe)

2.17.0 (2023-03-28)

Features

  • Experimental service account iam endpoint flow for id token (#1258) (8ff0de5)

Bug Fixes

2.16.3 (2023-03-24)

Bug Fixes

  • Read both applicationId and relyingPartyId. (#1246) (e125dfe)

2.16.2 (2023-03-02)

Bug Fixes

  • Call gcloud config get project to get project for user cred (#1243) (c078a13)
  • Do not use hardcoded string 'python', when you mean sys.executable. (#1233) (91ac8e6)
  • Don't retry if error or error_description is not string (#1241) (e2d263a)
  • Improve ADC related errors and warnings (#1237) (2dfa213)

2.16.1 (2023-02-17)

Bug Fixes

  • Add support for python 3.11 (#1212) (1fc95e3)
  • Remove 3PI config url validation (#1220) (8b95515)
  • Update the docs generator interpreter to unblock documentation build (#1218) (9d36c2f)

2.16.0 (2023-01-09)

Features

  • AwsCredentials should not call metadata server if security creds and region are retrievable through the environment variables (#1195) (5e27c8f)
  • Wrap all python built-in exceptions into library excpetions (#1191) (a83af39)

Bug Fixes

  • Allow get_project_id to take a request (#1203) (9a4d23a)
  • Make OAUTH2.0 client resistant to string type 'expires_in' responses from non-compliant services (#1208) (9fc7b1c)

2.15.0 (2022-12-01)

Features

Bug Fixes

  • Allow mtls sts endpoint for external account token urls. (#1185) (c86dd69)
  • CI broken by removal of py.path (#1194) (f719415)
  • Ensure JWT segments have the right types (#1162) (fc843cd)
  • Updated the lower bound of interactive timeout and fix the kwarg… (#1182) (50c0fd2)

2.14.1 (2022-11-07)

Bug Fixes

  • Apply quota project for compute cred in adc (#1177) (b9aa92a)
  • Update minimum required version of cryptography in pyopenssl extra (#1176) (e9e76d1)
  • Validate url domain for aws metadata urls (#1174) (f9d7d77)

2.14.0 (2022-10-31)

Features

  • Add token_info_url to external account credentials (#1168) (9adee75)
  • Read Quota Project from Environment Variable (#1163) (57b3e42)

Bug Fixes

  • Adding more properties to external_account_authorized_user (#1169) (a12b96d)

2.13.0 (2022-10-14)

Features

  • Adds new external account authorized user credentials (#1160) (523f811)
  • Implement pluggable auth interactive mode (#1131) (44a189f)
  • Introduce the functionality to override token_uri in credentials (#1159) (73bc7e9)

Bug Fixes

  • Adding one more pattern to relax the regex check for sts and impersonation url endpoints (#1158) (75326e3)

2.12.0 (2022-09-26)

Features

Bug Fixes

  • Modify RefreshError exception to use gcloud ADC command. (#1149) (059fd35)
  • Revert "Update token refresh threshold from 20 seconds to 5 minutes". (186464b)

2.11.1 (2022-09-20)

Bug Fixes

  • Fix socket leak in impersonated_credentials (#1123) (b1eb467), closes #1122
  • Make pluggable auth tests work in all environments (#1114) (bb5c979)
  • Skip oauth2client adapter tests if oauth2client is not installed (#1132) (d15092f)
  • Update token refresh threshold from 20 seconds to 5 minutes (#1146) (261a561)

Documentation

2.11.0 (2022-08-18)

Features

  • add integration tests for configurable token lifespan (#1103) (124bae6)

Bug Fixes

2.10.0 (2022-08-05)

Features

  • add integration tests for pluggable auth (#1073) (f8d776a)
  • support for configurable token lifetime (0dc6a9a)
  • support for configurable token lifetime (#1079) (0dc6a9a)

Bug Fixes

2.9.1 (2022-07-12)

Bug Fixes

  • there was a raise missing for throwing exceptions (#1077) (d1f17b0)

2.9.0 (2022-06-28)

Features

2.8.0 (2022-06-14)

Features

2.7.0 (2022-06-07)

Features

Bug Fixes

Reverts

Documentation

2.6.6 (2022-04-21)

Bug Fixes

  • silence TypeError during tear down stage (#1027) (952a6aa)

2.6.5 (2022-04-14)

Bug Fixes

  • add additional missing import in _default.py (#1018) (638331b)

2.6.4 (2022-04-12)

Bug Fixes

2.6.3 (2022-04-06)

Bug Fixes

  • change requests lib import place (#1010) (c753c08)
  • clean up HTTP session and pool during tear down phase (#1007) (d057376)
  • pin click version and update sys test creds (#1008) (ae2804b)

2.6.2 (2022-03-16)

Bug Fixes

  • Rename aws imdsv2 url field and update token lifetime (#982) (818e6d2)

Miscellaneous Chores

  • let release-please finish the release (#991) (d2bdc9a)

2.6.1 (2022-02-09)

Bug Fixes

  • Add AWS session token to metadata requests (#958) (5c7f734)

2.6.0 (2022-01-31)

Features

  • ADC can load an impersonated service account credentials. (#962) (52c8ef9)

Bug Fixes

2.5.0 (2022-01-25)

Features

  • ADC can load an impersonated service account credentials. (#956) (a8eb4c8)

2.4.1 (2022-01-21)

Bug Fixes

2.4.0 (2022-01-20)

Features

Bug Fixes

  • deps: allow cachetools 5.0 for python 3.7+ (#937) (1eae37d)
  • fix the message format for metadata server exception (#916) (e756f08)

Documentation

  • fix intersphinx link for 'requests-oauthlib' (#921) (967be4f)
  • note ValueError in verify_oauth2_token (#928) (82bc5f0)

2.3.3 (2021-11-01)

Bug Fixes

2.3.2 (2021-10-26)

Bug Fixes

  • add clock_skew_in_seconds to verify_token functions (#894) (8e95c1e)

2.3.1 (2021-10-21)

Bug Fixes

  • add back python 2.7 for gcloud usage only (#892) (5bd5ccf)

Documentation

2.3.0 (2021-10-07)

Features

Bug Fixes

  • ADC with impersonated workforce pools (#877) (10bd9fb)

2.2.1 (2021-09-28)

Bug Fixes

  • disable self signed jwt for domain wide delegation (#873) (0cd15e2)

2.2.0 (2021-09-21)

Features

  • add support for workforce pool credentials (#868) (993bab2)

2.1.0 (2021-09-10)

Features

Bug Fixes

  • add SAML challenge to reauth (#819) (13aed5f)
  • disable warning if quota project id provided to auth.default() (#856) (11ebaeb)
  • rename CLOCK_SKEW and separate client/server user case (#863) (738611b)

2.0.2 (2021-08-25)

Bug Fixes

  • use 'int.to_bytes' rather than deprecated crypto wrapper (#848) (b79b554)
  • use int.from_bytes (#846) (466aed9)

2.0.1 (2021-08-17)

Bug Fixes

  • normalize AWS paths correctly on windows (#842) (4e0fb1c)

2.0.0 (2021-08-16)

⚠ BREAKING CHANGES

Features

  • service account is able to use a private token endpoint (#835) (20b817a)

Bug Fixes

Documentation

  • update user guide/references for downscoped creds (#827) (d1840dc)

2.0.0b1 (2021-08-03)

⚠ BREAKING CHANGES

1.34.0 (2021-07-23)

Features

  • support refresh callable on google.oauth2.credentials.Credentials (#812) (ec2fb18)

Bug Fixes

  • do not use the GAE APIs on gen2+ runtimes (#807) (7f7d92d)

1.33.1 (2021-07-20)

Bug Fixes

  • fallback to source creds expiration in downscoped tokens (#805) (dfad661)

Reverts

  • revert "feat: service account is able to use a private token endpoint (#784)" (#808) (d94e65c)

1.33.0 (2021-07-14)

Features

  • define CredentialAccessBoundary classes (#793) (d883921)
  • define google.auth.downscoped.Credentials class (#801) (2f5c3a6)
  • service account is able to use a private token endpoint (#784) (0e26409)

Bug Fixes

  • fix fetch_id_token credential lookup order to match adc (#748) (c34452e)

Documentation

  • fix code block formatting in 'user-guide.rst' (#794) (4fd84bd)

1.32.1 (2021-06-30)

Bug Fixes

  • avoid leaking sub-session created for '_auth_request' (#789) (2079ab5)

1.32.0 (2021-06-16)

Features

1.31.0 (2021-06-09)

Features

  • define useful properties on google.auth.external_account.Credentials (#770) (f97499c)

Bug Fixes

  • avoid deleting items while iterating (#772) (a5e6b65)

1.30.2 (2021-06-03)

Bug Fixes

  • dependencies: add urllib3 and requests to aiohttp extra (#755) (a923442)
  • enforce constraints during unit tests (#760) (1a6496a), closes #759
  • session object was never used in aiohttp request (#700) (#701) (09e0389)

1.30.1 (2021-05-20)

Bug Fixes

  • allow user to customize context aware metadata path in _mtls_helper (#754) (e697687)
  • fix function name in signing error message (#751) (e9ca25f)

1.30.0 (2021-04-23)

Features

  • add reauth support to async user credentials for gcloud (#738) (9e10823). This internal feature is for gcloud developers only.

1.29.0 (2021-04-15)

Features

  • add reauth feature to user credentials for gcloud (#727) (82293fe). This internal feature is for gcloud developers only.

Bug Fixes

  • Allow multiple audiences for id_token.verify_token (#733) (56c3946)

1.28.1 (2021-04-08)

Bug Fixes

  • support custom alg in jwt header for signing (#729) (0a83706)

1.28.0 (2021-03-16)

Features

  • allow the AWS_DEFAULT_REGION environment variable (#721) (199da47)
  • expose library version at google.auth.__version (#683) (a2cbc32)

Bug Fixes

  • fix unit tests so they can work in g3 (#714) (d80c85f)

1.27.1 (2021-02-26)

Bug Fixes

1.27.0 (2021-02-16)

Features

  • workload identity federation support (#698) (d4d7f38)

Bug Fixes

1.26.1 (2021-02-11)

Documentation

  • fix a typo in the user guide (avaiable -> available) (#680) (684457a)

Bug Fixes

  • revert workload identity federation support (#691)

1.26.0 (2021-02-09)

Features

  • workload identity federation support (#686) (5dcd2b1)

1.25.0 (2021-02-03)

Features

  • support self-signed jwt in requests and urllib3 transports (#679) (7a94acb)
  • use self-signed jwt for service account (#665) (bf5ce0c)

1.24.0 (2020-12-11)

Features

  • add Python 3.9 support, drop Python 3.5 support (#655) (6de753d), closes #654

Bug Fixes

  • avoid losing the original '_include_email' parameter in impersonated credentials (#626) (fd9b5b1)

Documentation

1.23.0 (2020-10-29)

Features

  • Add custom scopes for access tokens from the metadata service (#633) (0323cf3)

Bug Fixes

1.22.1 (2020-10-05)

Bug Fixes

  • move aiohttp to extra as it is currently internal surface (#619) (a924011), closes #618

1.22.0 (2020-09-28)

Features

1.21.3 (2020-09-22)

Bug Fixes

1.21.2 (2020-09-08)

Bug Fixes

  • migrate signBlob to iamcredentials.googleapis.com (#600) (694d83f)

1.21.1 (2020-09-03)

Bug Fixes

  • dummy commit to trigger a auto release (#597) (d32f7df)

1.21.0 (2020-08-27)

Features

  • add GOOGLE_API_USE_CLIENT_CERTIFICATE support (#592) (c0c995f)

1.20.1 (2020-08-06)

Bug Fixes

  • reduce refresh clock skew to 10 seconds (#581) (42321ba)
  • set Content-Type header in the request to signBlob API to avoid Invalid JSON payload error (#439) (20f82e2)

1.20.0 (2020-07-23)

Features

  • Add debug logging that can help with diagnosing auth lib. path (#473) (ecd88d4)
  • Show the transport exception that happened for GCE Metadata (#474) (23919bb)
  • packaging: add support for Python 3.8 (#569) (1aad54a), closes #568

1.19.2 (2020-07-17)

Bug fixes

  • Revert "fix: migrate signBlob to iamcredentials.googleapis.com" (#563) (a48b5b)

1.19.1 (2020-07-15)

Bug Fixes

1.19.0 (2020-07-09)

Features

  • add quota project to base credentials class (#546) (3dda7b2)
  • check 'iss' in verify_oauth2_token (#500) (c05b8b5)

Bug Fixes

  • migrate signBlob to iamcredentials.googleapis.com (#553) (038ae1b)

Documentation

  • remove 3.4 from supported versions list (#549) (8c84d0f)

1.18.0 (2020-06-18)

Features

  • make load_credentials_from_file a public method (#530) (15d5fa9)

Bug Fixes

  • no warning if quota_project_id is given (#537) (f30b45a)

1.17.2 (2020-06-12)

Bug Fixes

  • dependencies: Further restrict RSA versions (#532) (46677a0), closes #528

1.17.1 (2020-06-11)

Bug Fixes

  • narrow acceptable RSA versions to maintain Python 2 compatability (#528) (9434868)

1.17.0 (2020-06-10)

Features

  • add quota_project_id to service accounts; add with_quota_project methods (#519) (b12488c)

1.16.1 (2020-06-04)

Bug Fixes

  • fix impersonated cred exception doc (#521) (9d5a9a9)
  • replace environment variable GCE_METADATA_ROOT with GCE_METADATA_HOST (#433) (8ffb4d3), closes #339

1.16.0 (2020-05-28)

Features

  • add helper func to for default encrypted cert (#514) (f282aa4)

Bug Fixes

1.15.0 (2020-05-15)

Features

Bug Fixes

1.14.3 (2020-05-11)

Bug Fixes

1.14.2 (2020-05-07)

Bug Fixes

1.14.1 (2020-04-21)

Bug Fixes

1.14.0 (2020-04-13)

Features

1.13.1 (2020-04-01)

Bug Fixes

1.13.0 (2020-04-01)

Features

1.12.0 (2020-03-25)

Features

Bug Fixes

  • don't use threads for gRPC AuthMetadataPlugin (#467) (ee373f8)
  • make ThreadPoolExecutor a class var (#461) (b526473)

1.11.3 (2020-03-13)

Bug Fixes

  • fix the scopes so test can pass for a local run (#450) (b2dd77f)
  • only add IAM scope to credentials that can change scopes (#451) (82e224b)

1.11.2 (2020-02-14)

Reverts

  • Revert "fix: update _GOOGLE_OAUTH2_CERTS_URL (#365)" (#444) (901c259), closes #365 #444

1.11.1 (2020-02-13)

Bug Fixes

  • compute engine id token credentials "with_target_audience" method (#438) (bc0ec93)
  • update _GOOGLE_OAUTH2_CERTS_URL (#365) (054db75)

1.11.0 (2020-01-23)

Features

1.10.2 (2020-01-18)

Bug Fixes

  • make collections import compatible across Python versions (#419) (c5a3395), closes #418

1.10.1 (2020-01-10)

Bug Fixes

  • google.auth.compute_engine.metadata: add retry to google.auth.compute_engine._metadata.get() (#398) (af29c1a), closes #211 #323 #323 #211
  • always pass body of type bytes to google.auth.transport.Request (#421) (a57a770), closes #318

1.10.0 (2019-12-18)

Features

  • send quota project id in x-goog-user-project for OAuth2 credentials (#412) (32d71a5), closes #400

1.9.0 (2019-12-12)

Features

  • add timeout parameter to AuthorizedSession.request() (#406) (d86d7b8)

1.8.2 (2019-12-11)

Bug Fixes

  • revert "feat: send quota project id in x-goog-user-project header for OAuth2 credentials (#400)" (#407) (25ea942)

1.8.1 (2019-12-09)

Bug Fixes

  • revert "feat: add timeout to AuthorizedSession.request() (#397)" (#401) (451ecbd)

1.8.0 (2019-12-09)

Features

  • add to_json method to google.oauth2.credentials.Credentials (#367) (bfb1f8c)
  • add timeout to AuthorizedSession.request() (#397) (381dd40)
  • send quota project id in x-goog-user-project header for OAuth2 credentials (#400) (ab3dc1e)

1.7.2 (2019-12-02)

Bug Fixes

  • in token endpoint request, do not decode the response data if it is not encoded (#393) (3b5d3e2)
  • make gRPC auth plugin non-blocking + add default timeout value for requests transport (#390) (0c33e9c), closes #351

1.7.1 (2019-11-13)

Bug Fixes

  • change 'internal_failure' condition to also use `error' field (#387) (46bb58e)

1.7.0

10-30-2019 17:11 PDT

Implementation Changes

  • Add retry loop for fetching authentication token if any 'Internal Failure' occurs (#368)
  • Use cls parameter instead of class (#341)

New Features

  • Add support for impersonated_credentials.Sign, IDToken (#348)
  • Add downscoping to OAuth2 credentials (#309)

Dependencies

  • Update dependency cachetools to v3 (#357)
  • Update dependency rsa to v4 (#358)
  • Set an upper bound on dependencies version (#352)
  • Require a minimum version of setuptools (#322)

Documentation

  • Add busunkim96 as maintainer (#373)
  • Update user-guide.rst (#337)
  • Fix typo in jwt docs (#332)
  • Clarify which SA has Token Creator role (#330)

Internal / Testing Changes

  • Change 'name' to distribution name (#379)
  • Fix system tests, move to Kokoro (#372)
  • Blacken (#375)
  • Rename nox.py -> noxfile.py (#369)
  • Add initial renovate config (#356)
  • Use new pytest api to keep building with pytest 5 (#353)

1.6.3

02-15-2019 9:31 PST

Implementation Changes

  • follow rfc 7515 : strip padding from JWS segments (#324)
  • Add retry to _metadata.ping() (#323)

1.6.2

12-17-2018 10:51 PST

Documentation

  • Announce deprecation of Python 2.7 (#311)
  • Link all the PRs in CHANGELOG (#307)

1.6.1

11-12-2018 10:10 PST

Implementation Changes

  • Automatically refresh impersonated credentials (#304)

1.6.0

11-09-2018 11:07 PST

New Features

  • Add google.auth.impersonated_credentials (#299)

Documentation

  • Update link to documentation for default credentials (#296)
  • Update github issue templates (#300)
  • Remove punctuation which becomes part of the url (#284)

Internal / Testing Changes

  • Update trampoline.sh (302)
  • Enable static type checking with pytype (#298)
  • Make classifiers in setup.py an array. (#280)

1.5.1

  • Fix check for error text on Python 3.7. (#278)
  • Use new Auth URIs. (#281)
  • Add code-of-conduct document. (#270)
  • Fix some typos in test_urllib3.py (#268)

1.5.0

  • Warn when using user credentials from the Cloud SDK (#266)
  • Add compute engine-based IDTokenCredentials (#236)
  • Corrected some typos (#265)

1.4.2

  • Raise a helpful exception when trying to refresh credentials without a refresh token. (#262)
  • Fix links to README and CONTRIBUTING in docs/index.rst. (#260)
  • Fix a typo in credentials.py. (#256)
  • Use pytest instead of py.test per upstream recommendation, #dropthedot. (#255)
  • Fix typo on exemple of jwt usage (#245)

1.4.1

  • Added a check for the cryptography version before attempting to use it. (#243)

1.4.0

  • Added cryptography-based RSA signer and verifier. (#185)
  • Added google.oauth2.service_account.IDTokenCredentials. (#234)
  • Improved documentation around ID Tokens (#224)

1.3.0

  • Added google.oauth2.credentials.Credentials.from_authorized_user_file (#226)
  • Dropped direct pyasn1 dependency in favor of letting pyasn1-modules specify the right version. (#230)
  • default() now checks for the project ID environment var before warning about missing project ID. (#227)
  • Fixed the docstrings for has_scopes() and with_scopes(). (#228)
  • Fixed example in docstring for ReadOnlyScoped. (#219)
  • Made transport.requests use timeouts and retries to improve reliability. (#220)

1.2.1

  • Excluded compiled Python files in source distributions. (#215)
  • Updated docs for creating RSASigner from string. (#213)
  • Use six.raise_from wherever possible. (#212)
  • Fixed a typo in a comment seconds not sections. (#210)

1.2.0

  • Added google.auth.credentials.AnonymousCredentials. (#206)
  • Updated the documentation to link to the Google Cloud Platform Python setup guide (#204)

1.1.1

  • google.oauth.credentials.Credentials now correctly inherits from ReadOnlyScoped instead of Scoped. (#200)

1.1.0

  • Added service_account.Credentials.project_id. (#187)
  • Move read-only methods of credentials.Scoped into new interface credentials.ReadOnlyScoped. (#195, #196)
  • Make compute_engine.Credentials derive from ReadOnlyScoped instead of Scoped. (#195)
  • Fix App Engine's expiration calculation (#197)
  • Split crypt module into a package to allow alternative implementations. (#189)
  • Add error message to handle case of empty string or missing file for GOOGLE_APPLICATION_CREDENTIALS (#188)

1.0.2

  • Fixed a bug where the Cloud SDK executable could not be found on Windows, leading to project ID detection failing. (#179)
  • Fixed a bug where the timeout argument wasn't being passed through the httplib transport correctly. (#175)
  • Added documentation for using the library on Google App Engine standard. (#172)
  • Testing style updates. (#168)
  • Added documentation around the oauth2client deprecation. (#165)
  • Fixed a few lint issues caught by newer versions of pylint. (#166)

1.0.1

  • Fixed a bug in the clock skew accommodation logic where expired credentials could be used for up to 5 minutes. (#158)

1.0.0

Milestone release for v1.0.0. No significant changes since v0.10.0

0.10.0

  • Added jwt.OnDemandCredentials. (#142)
  • Added new public property id_token to oauth2.credentials.Credentials. (#150)
  • Added the ability to set the address used to communicate with the Compute Engine metadata server via the GCE_METADATA_ROOT and GCE_METADATA_IP environment variables. (#148)
  • Changed the way cloud project IDs are ascertained from the Google Cloud SDK. (#147)
  • Modified expiration logic to add a 5 minute clock skew accommodation. (#145)

0.9.0

  • Added service_account.Credentials.with_claims. (#140)
  • Moved google.auth.oauthlib and google.auth.flow to a new separate package google_auth_oauthlib. (#137, #139, #135, #126)
  • Added InstalledAppFlow to google_auth_oauthlib. (#128)
  • Fixed some packaging and documentation issues. (#131)
  • Added a helpful error message when importing optional dependencies. (#125)
  • Made all properties required to reconstruct google.oauth2.credentials.Credentials public. (#124)
  • Added official Python 3.6 support. (#102)
  • Added jwt.Credentials.from_signing_credentials and removed service_account.Credentials.to_jwt_credentials. (#120)

0.8.0

  • Removed one-time token behavior from jwt.Credentials, audience claim is now required and fixed. (#117)
  • crypt.Signer and crypt.Verifier are now abstract base classes. The concrete implementations have been renamed to crypt.RSASigner and crypt.RSAVerifier. app_engine.Signer and iam.Signer now inherit from crypt.Signer. (#115)
  • transport.grpc now correctly calls Credentials.before_request. (#116)

0.7.0

  • Added google.auth.iam.Signer. (#108)
  • Fixed issue where google.auth.app_engine.Signer erroneously returns a tuple from sign(). (#109)
  • Added public property google.auth.credentials.Signing.signer. (#110)

0.6.0

  • Added experimental integration with requests-oauthlib in google.oauth2.oauthlib and google.oauth2.flow. (#100, #105, #106)
  • Fixed typo in google_auth_httplib2's README. (#105)

0.5.0

  • Added app_engine.Signer. (#97)
  • Added crypt.Signer.from_service_account_file. (#95)
  • Fixed error handling in the oauth2 client. (#96)
  • Fixed the App Engine system tests.

0.4.0

  • transports.grpc.secure_authorized_channel now passes kwargs to grpc.secure_channel. (#90)
  • Added new property credentials.Singing.signer_email which can be used to identify the signer of a message. (#89)
  • (google_auth_httplib2) Added a proxy to httplib2.Http.connections.

0.3.2

  • Fixed an issue where an ImportError would occur if google.oauth2 was imported before google.auth. (#88)

0.3.1

  • Fixed a bug where non-padded base64 encoded strings were not accepted. (#87)
  • Fixed a bug where ID token verification did not correctly call the HTTP request function. (#87)

0.3.0

  • Added Google ID token verification helpers. (#82)
  • Swapped the target and request argument order for grpc.secure_authorized_channel. (#81)
  • Added a user's guide. (#79)
  • Made service_account_email a public property on several credential classes. (#76)
  • Added a scope argument to google.auth.default. (#75)
  • Added support for the GCLOUD_PROJECT environment variable. (#73)

0.2.0

  • Added gRPC support. (#67)
  • Added Requests support. (#66)
  • Added google.auth.credentials.with_scopes_if_required helper. (#65)
  • Added private helper for oauth2client migration. (#70)

0.1.0

First release with core functionality available. This version is ready for initial usage and testing.

  • Added google.auth.credentials, public interfaces for Credential types. (#8)
  • Added google.oauth2.credentials, credentials that use OAuth 2.0 access and refresh tokens (#24)
  • Added google.oauth2.service_account, credentials that use Service Account private keys to obtain OAuth 2.0 access tokens. (#25)
  • Added google.auth.compute_engine, credentials that use the Compute Engine metadata service to obtain OAuth 2.0 access tokens. (#22)
  • Added google.auth.jwt.Credentials, credentials that use a JWT as a bearer token.
  • Added google.auth.app_engine, credentials that use the Google App Engine App Identity service to obtain OAuth 2.0 access tokens. (#46)
  • Added google.auth.default(), an implementation of Google Application Default Credentials that supports automatic Project ID detection. (#32)
  • Added system tests for all credential types. (#51, #54, #56, #58, #59, #60, #61, #62)
  • Added google.auth.transports.urllib3.AuthorizedHttp, an HTTP client that includes authentication provided by credentials. (#19)
  • Documentation style and formatting updates.

0.0.1

Initial release with foundational functionality for cryptography and JWTs.

  • google.auth.crypt for creating and verifying cryptographic signatures.
  • google.auth.jwt for creating (encoding) and verifying (decoding) JSON Web tokens.