2.16.0 (2023-01-09)
- AwsCredentials should not call metadata server if security creds and region are retrievable through the environment variables (#1195) (5e27c8f)
- Wrap all python built-in exceptions into library excpetions (#1191) (a83af39)
- Allow get_project_id to take a request (#1203) (9a4d23a)
- Make OAUTH2.0 client resistant to string type 'expires_in' responses from non-compliant services (#1208) (9fc7b1c)
2.15.0 (2022-12-01)
- Add api_key credentials (#1184) (370293e)
- Introduce a way to provide scopes granted by user (#1189) (189f504)
- Allow mtls sts endpoint for external account token urls. (#1185) (c86dd69)
- CI broken by removal of py.path (#1194) (f719415)
- Ensure JWT segments have the right types (#1162) (fc843cd)
- Updated the lower bound of interactive timeout and fix the kwarg… (#1182) (50c0fd2)
2.14.1 (2022-11-07)
- Apply quota project for compute cred in adc (#1177) (b9aa92a)
- Update minimum required version of cryptography in pyopenssl extra (#1176) (e9e76d1)
- Validate url domain for aws metadata urls (#1174) (f9d7d77)
2.14.0 (2022-10-31)
- Add token_info_url to external account credentials (#1168) (9adee75)
- Read Quota Project from Environment Variable (#1163) (57b3e42)
2.13.0 (2022-10-14)
- Adds new external account authorized user credentials (#1160) (523f811)
- Implement pluggable auth interactive mode (#1131) (44a189f)
- Introduce the functionality to override token_uri in credentials (#1159) (73bc7e9)
- Adding one more pattern to relax the regex check for sts and impersonation url endpoints (#1158) (75326e3)
2.12.0 (2022-09-26)
- Modify RefreshError exception to use gcloud ADC command. (#1149) (059fd35)
- Revert "Update token refresh threshold from 20 seconds to 5 minutes". (186464b)
2.11.1 (2022-09-20)
- Fix socket leak in impersonated_credentials (#1123) (b1eb467), closes #1122
- Make pluggable auth tests work in all environments (#1114) (bb5c979)
- Skip oauth2client adapter tests if oauth2client is not installed (#1132) (d15092f)
- Update token refresh threshold from 20 seconds to 5 minutes (#1146) (261a561)
2.11.0 (2022-08-18)
2.10.0 (2022-08-05)
- add integration tests for pluggable auth (#1073) (f8d776a)
- support for configurable token lifetime (0dc6a9a)
- support for configurable token lifetime (#1079) (0dc6a9a)
- async certificate decoding (#1085) (741c6c6)
- Async system tests were not unwrapping async_generators (#1086) (29d248a)
- Fix IDTokenCredentials update bug (#1072) (b62c25c)
- make expiration_time optional in response schema (#1091) (032fb8d)
- refactor credential subclass parameters (#1095) (8d15f69)
2.9.1 (2022-07-12)
2.9.0 (2022-06-28)
2.8.0 (2022-06-14)
2.7.0 (2022-06-07)
- add experimental enterprise cert support (#1052) (dda7dda)
- add experimental GDCH support (#1022) (5367aac)
- Pluggable auth support (#995) (62daa73)
- pluggable auth support #995 (#1039) (513d999)
- revert experimental GDCH support (#1022) (#1042) (c720995)
2.6.6 (2022-04-21)
2.6.5 (2022-04-14)
2.6.4 (2022-04-12)
2.6.3 (2022-04-06)
- change requests lib import place (#1010) (c753c08)
- clean up HTTP session and pool during tear down phase (#1007) (d057376)
- pin click version and update sys test creds (#1008) (ae2804b)
2.6.2 (2022-03-16)
2.6.1 (2022-02-09)
2.6.0 (2022-01-31)
2.5.0 (2022-01-25)
2.4.1 (2022-01-21)
2.4.0 (2022-01-20)
- deps: allow cachetools 5.0 for python 3.7+ (#937) (1eae37d)
- fix the message format for metadata server exception (#916) (e756f08)
- fix intersphinx link for 'requests-oauthlib' (#921) (967be4f)
- note ValueError in
verify_oauth2_token
(#928) (82bc5f0)
2.3.3 (2021-11-01)
- add fetch_id_token_credentials (#866) (8f1e9cf)
- fix error in sign_bytes (#905) (ef31284)
- use 'int.to_bytes' and 'int.from_bytes' for py3 (#904) (bd0ccc5)
2.3.2 (2021-10-26)
2.3.1 (2021-10-21)
2.3.0 (2021-10-07)
2.2.1 (2021-09-28)
2.2.0 (2021-09-21)
2.1.0 (2021-09-10)
- add SAML challenge to reauth (#819) (13aed5f)
- disable warning if quota project id provided to auth.default() (#856) (11ebaeb)
- rename CLOCK_SKEW and separate client/server user case (#863) (738611b)
2.0.2 (2021-08-25)
- use 'int.to_bytes' rather than deprecated crypto wrapper (#848) (b79b554)
- use int.from_bytes (#846) (466aed9)
2.0.1 (2021-08-17)
2.0.0 (2021-08-16)
- downscoping documentation bugs (#830) (da8bb13)
- Fix missing space in error message. (#821) (7b03988)
2.0.0b1 (2021-08-03)
1.34.0 (2021-07-23)
1.33.1 (2021-07-20)
1.33.0 (2021-07-14)
- define
CredentialAccessBoundary
classes (#793) (d883921) - define
google.auth.downscoped.Credentials
class (#801) (2f5c3a6) - service account is able to use a private token endpoint (#784) (0e26409)
1.32.1 (2021-06-30)
1.32.0 (2021-06-16)
1.31.0 (2021-06-09)
1.30.2 (2021-06-03)
- dependencies: add urllib3 and requests to aiohttp extra (#755) (a923442)
- enforce constraints during unit tests (#760) (1a6496a), closes #759
- session object was never used in aiohttp request (#700) (#701) (09e0389)
1.30.1 (2021-05-20)
- allow user to customize context aware metadata path in _mtls_helper (#754) (e697687)
- fix function name in signing error message (#751) (e9ca25f)
1.30.0 (2021-04-23)
- add reauth support to async user credentials for gcloud (#738) (9e10823). This internal feature is for gcloud developers only.
1.29.0 (2021-04-15)
- add reauth feature to user credentials for gcloud (#727) (82293fe). This internal feature is for gcloud developers only.
1.28.1 (2021-04-08)
1.28.0 (2021-03-16)
- allow the AWS_DEFAULT_REGION environment variable (#721) (199da47)
- expose library version at
google.auth.__version
(#683) (a2cbc32)
1.27.1 (2021-02-26)
- ignore gcloud warning when getting project id (#708) (3f2f3ea)
- use gcloud creds flow (#705) (333cb76)
1.27.0 (2021-02-16)
1.26.1 (2021-02-11)
- revert workload identity federation support (#691)
1.26.0 (2021-02-09)
1.25.0 (2021-02-03)
- support self-signed jwt in requests and urllib3 transports (#679) (7a94acb)
- use self-signed jwt for service account (#665) (bf5ce0c)
1.24.0 (2020-12-11)
1.23.0 (2020-10-29)
- deps: Revert "fix: pin 'aoihttp < 3.7.0dev' (#634)" (#632) (#640) (b790e65)
- pin 'aoihttp < 3.7.0dev' (#634) (05f9524)
- remove checks for ancient versions of Cryptography (#596) (6407258), closes /github.com/googleapis/google-auth-library-python/issues/595#issuecomment-683903062
1.22.1 (2020-10-05)
1.22.0 (2020-09-28)
1.21.3 (2020-09-22)
- fix expiry for
to_json()
(#589) (d0e0aba), closes /github.com/googleapis/oauth2client/blob/master/oauth2client/client.py#L55
1.21.2 (2020-09-08)
1.21.1 (2020-09-03)
1.21.0 (2020-08-27)
1.20.1 (2020-08-06)
- reduce refresh clock skew to 10 seconds (#581) (42321ba)
- set Content-Type header in the request to signBlob API to avoid Invalid JSON payload error (#439) (20f82e2)
1.20.0 (2020-07-23)
- Add debug logging that can help with diagnosing auth lib. path (#473) (ecd88d4)
- Show the transport exception that happened for GCE Metadata (#474) (23919bb)
- packaging: add support for Python 3.8 (#569) (1aad54a), closes #568
1.19.2 (2020-07-17)
1.19.1 (2020-07-15)
1.19.0 (2020-07-09)
- add quota project to base credentials class (#546) (3dda7b2)
- check 'iss' in
verify_oauth2_token
(#500) (c05b8b5)
1.18.0 (2020-06-18)
1.17.2 (2020-06-12)
1.17.1 (2020-06-11)
1.17.0 (2020-06-10)
1.16.1 (2020-06-04)
- fix impersonated cred exception doc (#521) (9d5a9a9)
- replace environment variable GCE_METADATA_ROOT with GCE_METADATA_HOST (#433) (8ffb4d3), closes #339
1.16.0 (2020-05-28)
1.15.0 (2020-05-15)
1.14.3 (2020-05-11)
1.14.2 (2020-05-07)
1.14.1 (2020-04-21)
1.14.0 (2020-04-13)
1.13.1 (2020-04-01)
1.13.0 (2020-04-01)
- add access token credentials (#476) (772dac6)
- add fetch_id_token to support id_token adc (#469) (506c565)
- consolidate mTLS channel errors (#480) (e83d446)
- Implement ES256 for JWT verification (#340) (e290a3d)
1.12.0 (2020-03-25)
- add mTLS ADC support for HTTP (#457) (bb9215a)
- add SslCredentials class for mTLS ADC (#448) (dafb41f)
- fetch id token from GCE metadata server (#462) (97e7700)
- don't use threads for gRPC AuthMetadataPlugin (#467) (ee373f8)
- make ThreadPoolExecutor a class var (#461) (b526473)
1.11.3 (2020-03-13)
- fix the scopes so test can pass for a local run (#450) (b2dd77f)
- only add IAM scope to credentials that can change scopes (#451) (82e224b)
1.11.2 (2020-02-14)
1.11.1 (2020-02-13)
- compute engine id token credentials "with_target_audience" method (#438) (bc0ec93)
- update
_GOOGLE_OAUTH2_CERTS_URL
(#365) (054db75)
1.11.0 (2020-01-23)
- add non-None default timeout to AuthorizedSession.request() (#435) (d274a3a), closes #434 googleapis/google-cloud-python#10182
- distinguish transport and execution time timeouts (#424) (52a733d), closes #423
1.10.2 (2020-01-18)
1.10.1 (2020-01-10)
- google.auth.compute_engine.metadata: add retry to google.auth.compute_engine._metadata.get() (#398) (af29c1a), closes #211 #323 #323 #211
- always pass body of type bytes to
google.auth.transport.Request
(#421) (a57a770), closes #318
1.10.0 (2019-12-18)
1.9.0 (2019-12-12)
1.8.2 (2019-12-11)
- revert "feat: send quota project id in x-goog-user-project header for OAuth2 credentials (#400)" (#407) (25ea942)
1.8.1 (2019-12-09)
1.8.0 (2019-12-09)
- add
to_json
method to google.oauth2.credentials.Credentials (#367) (bfb1f8c) - add timeout to AuthorizedSession.request() (#397) (381dd40)
- send quota project id in x-goog-user-project header for OAuth2 credentials (#400) (ab3dc1e)
1.7.2 (2019-12-02)
- in token endpoint request, do not decode the response data if it is not encoded (#393) (3b5d3e2)
- make gRPC auth plugin non-blocking + add default timeout value for requests transport (#390) (0c33e9c), closes #351
1.7.1 (2019-11-13)
10-30-2019 17:11 PDT
- Add retry loop for fetching authentication token if any 'Internal Failure' occurs (#368)
- Use cls parameter instead of class (#341)
- Add support for
impersonated_credentials.Sign
,IDToken
(#348) - Add downscoping to OAuth2 credentials (#309)
- Update dependency cachetools to v3 (#357)
- Update dependency rsa to v4 (#358)
- Set an upper bound on dependencies version (#352)
- Require a minimum version of setuptools (#322)
- Add busunkim96 as maintainer (#373)
- Update user-guide.rst (#337)
- Fix typo in jwt docs (#332)
- Clarify which SA has Token Creator role (#330)
- Change 'name' to distribution name (#379)
- Fix system tests, move to Kokoro (#372)
- Blacken (#375)
- Rename nox.py -> noxfile.py (#369)
- Add initial renovate config (#356)
- Use new pytest api to keep building with pytest 5 (#353)
02-15-2019 9:31 PST
12-17-2018 10:51 PST
11-12-2018 10:10 PST
- Automatically refresh impersonated credentials (#304)
11-09-2018 11:07 PST
- Add
google.auth.impersonated_credentials
(#299)
- Update link to documentation for default credentials (#296)
- Update github issue templates (#300)
- Remove punctuation which becomes part of the url (#284)
- Update trampoline.sh (302)
- Enable static type checking with pytype (#298)
- Make classifiers in setup.py an array. (#280)
- Fix check for error text on Python 3.7. (#278)
- Use new Auth URIs. (#281)
- Add code-of-conduct document. (#270)
- Fix some typos in test_urllib3.py (#268)
- Warn when using user credentials from the Cloud SDK (#266)
- Add compute engine-based IDTokenCredentials (#236)
- Corrected some typos (#265)
- Raise a helpful exception when trying to refresh credentials without a refresh token. (#262)
- Fix links to README and CONTRIBUTING in docs/index.rst. (#260)
- Fix a typo in credentials.py. (#256)
- Use pytest instead of py.test per upstream recommendation, #dropthedot. (#255)
- Fix typo on exemple of jwt usage (#245)
- Added a check for the cryptography version before attempting to use it. (#243)
- Added
cryptography
-based RSA signer and verifier. (#185) - Added
google.oauth2.service_account.IDTokenCredentials
. (#234) - Improved documentation around ID Tokens (#224)
- Added
google.oauth2.credentials.Credentials.from_authorized_user_file
(#226) - Dropped direct pyasn1 dependency in favor of letting
pyasn1-modules
specify the right version. (#230) default()
now checks for the project ID environment var before warning about missing project ID. (#227)- Fixed the docstrings for
has_scopes()
andwith_scopes()
. (#228) - Fixed example in docstring for
ReadOnlyScoped
. (#219) - Made
transport.requests
use timeouts and retries to improve reliability. (#220)
- Excluded compiled Python files in source distributions. (#215)
- Updated docs for creating RSASigner from string. (#213)
- Use
six.raise_from
wherever possible. (#212) - Fixed a typo in a comment
seconds
notsections
. (#210)
- Added
google.auth.credentials.AnonymousCredentials
. (#206) - Updated the documentation to link to the Google Cloud Platform Python setup guide (#204)
google.oauth.credentials.Credentials
now correctly inherits fromReadOnlyScoped
instead ofScoped
. (#200)
- Added
service_account.Credentials.project_id
. (#187) - Move read-only methods of
credentials.Scoped
into new interfacecredentials.ReadOnlyScoped
. (#195, #196) - Make
compute_engine.Credentials
derive fromReadOnlyScoped
instead ofScoped
. (#195) - Fix App Engine's expiration calculation (#197)
- Split
crypt
module into a package to allow alternative implementations. (#189) - Add error message to handle case of empty string or missing file for
GOOGLE_APPLICATION_CREDENTIALS
(#188)
- Fixed a bug where the Cloud SDK executable could not be found on Windows, leading to project ID detection failing. (#179)
- Fixed a bug where the timeout argument wasn't being passed through the httplib transport correctly. (#175)
- Added documentation for using the library on Google App Engine standard. (#172)
- Testing style updates. (#168)
- Added documentation around the oauth2client deprecation. (#165)
- Fixed a few lint issues caught by newer versions of pylint. (#166)
- Fixed a bug in the clock skew accommodation logic where expired credentials could be used for up to 5 minutes. (#158)
Milestone release for v1.0.0. No significant changes since v0.10.0
- Added
jwt.OnDemandCredentials
. (#142) - Added new public property
id_token
tooauth2.credentials.Credentials
. (#150) - Added the ability to set the address used to communicate with the Compute Engine metadata server via the
GCE_METADATA_ROOT
andGCE_METADATA_IP
environment variables. (#148) - Changed the way cloud project IDs are ascertained from the Google Cloud SDK. (#147)
- Modified expiration logic to add a 5 minute clock skew accommodation. (#145)
- Added
service_account.Credentials.with_claims
. (#140) - Moved
google.auth.oauthlib
andgoogle.auth.flow
to a new separate packagegoogle_auth_oauthlib
. (#137, #139, #135, #126) - Added
InstalledAppFlow
togoogle_auth_oauthlib
. (#128) - Fixed some packaging and documentation issues. (#131)
- Added a helpful error message when importing optional dependencies. (#125)
- Made all properties required to reconstruct
google.oauth2.credentials.Credentials
public. (#124) - Added official Python 3.6 support. (#102)
- Added
jwt.Credentials.from_signing_credentials
and removedservice_account.Credentials.to_jwt_credentials
. (#120)
- Removed one-time token behavior from
jwt.Credentials
, audience claim is now required and fixed. (#117) crypt.Signer
andcrypt.Verifier
are now abstract base classes. The concrete implementations have been renamed tocrypt.RSASigner
andcrypt.RSAVerifier
.app_engine.Signer
andiam.Signer
now inherit fromcrypt.Signer
. (#115)transport.grpc
now correctly callsCredentials.before_request
. (#116)
- Added
google.auth.iam.Signer
. (#108) - Fixed issue where
google.auth.app_engine.Signer
erroneously returns a tuple fromsign()
. (#109) - Added public property
google.auth.credentials.Signing.signer
. (#110)
- Added experimental integration with
requests-oauthlib
ingoogle.oauth2.oauthlib
andgoogle.oauth2.flow
. (#100, #105, #106) - Fixed typo in
google_auth_httplib2
's README. (#105)
- Added
app_engine.Signer
. (#97) - Added
crypt.Signer.from_service_account_file
. (#95) - Fixed error handling in the oauth2 client. (#96)
- Fixed the App Engine system tests.
transports.grpc.secure_authorized_channel
now passeskwargs
togrpc.secure_channel
. (#90)- Added new property
credentials.Singing.signer_email
which can be used to identify the signer of a message. (#89) - (google_auth_httplib2) Added a proxy to
httplib2.Http.connections
.
- Fixed an issue where an
ImportError
would occur ifgoogle.oauth2
was imported beforegoogle.auth
. (#88)
- Fixed a bug where non-padded base64 encoded strings were not accepted. (#87)
- Fixed a bug where ID token verification did not correctly call the HTTP request function. (#87)
- Added Google ID token verification helpers. (#82)
- Swapped the
target
andrequest
argument order forgrpc.secure_authorized_channel
. (#81) - Added a user's guide. (#79)
- Made
service_account_email
a public property on several credential classes. (#76) - Added a
scope
argument togoogle.auth.default
. (#75) - Added support for the
GCLOUD_PROJECT
environment variable. (#73)
- Added gRPC support. (#67)
- Added Requests support. (#66)
- Added
google.auth.credentials.with_scopes_if_required
helper. (#65) - Added private helper for oauth2client migration. (#70)
First release with core functionality available. This version is ready for initial usage and testing.
- Added
google.auth.credentials
, public interfaces for Credential types. (#8) - Added
google.oauth2.credentials
, credentials that use OAuth 2.0 access and refresh tokens (#24) - Added
google.oauth2.service_account
, credentials that use Service Account private keys to obtain OAuth 2.0 access tokens. (#25) - Added
google.auth.compute_engine
, credentials that use the Compute Engine metadata service to obtain OAuth 2.0 access tokens. (#22) - Added
google.auth.jwt.Credentials
, credentials that use a JWT as a bearer token. - Added
google.auth.app_engine
, credentials that use the Google App Engine App Identity service to obtain OAuth 2.0 access tokens. (#46) - Added
google.auth.default()
, an implementation of Google Application Default Credentials that supports automatic Project ID detection. (#32) - Added system tests for all credential types. (#51, #54, #56, #58, #59, #60, #61, #62)
- Added
google.auth.transports.urllib3.AuthorizedHttp
, an HTTP client that includes authentication provided by credentials. (#19) - Documentation style and formatting updates.
Initial release with foundational functionality for cryptography and JWTs.
google.auth.crypt
for creating and verifying cryptographic signatures.google.auth.jwt
for creating (encoding) and verifying (decoding) JSON Web tokens.