1.31.0

Highlight

The Broker-on-Mac feature is also blogged here

What's Changed

• Integration with Broker-on-Mac in #596
• Change Managed Identity detection logic on Arc in #731
• Managed Identity supports CAE in #730
• Support Managed Identity on Azure Container Instance (ACI) with Resource id in #741
• Other refactoring in #740

Full Changelog: 1.30.0...1.31.0

1.30.0

What's Changed

• New feature: Support Subject Name/Issuer authentication when using .pfx certificate file. Documentation available in one of the recent purple boxes here. #718
• New feature: Automatically use SHA256 and PSS padding when using .pfx certificate on non-ADFS, non-OIDC authorities. #722
• New feature: Expose refresh_on (if any) to fresh or cached response, so that caller may choose to proactively call acquire_token_silent() early. #723
• Bugfix for token cache search. MSAL 1.27+ customers please upgrade to MSAL 1.30+. #717

Full Changelog: 1.29.0...1.30.0

MSAL Python 1.29.0

Highlight

The Managed Identity feature is also blogged here

What's Changed

• New feature: Supports Managed Identity for Azure VM, App Service (including Azure Functions, Azure Automation), Service Fabric, Azure Machine Learning, Arc, etc.. Comes with a sample, its configuration via ENV VAR, and its API documentation. (#58, #480, #634, #674)
• New feature: Support reading ConfidentialClientApplication's cert from a pfx file (#684, #699)
• New feature: TokenCache class has a new search() method which will return a generator of tokens. The old find() method still exists and returns a list, but MSAL 1.27+ will not call find() anymore. (#693, #644)
• Change: Re-enable the username password flow to go through broker, if available. (#712)

New Contributors

• @fengga made their first contribution in #712

Full Changelog: 1.28.1...1.29.0

MSAL Python 1.28.1

• Change: pip install msal[broker] will now pick up the latest PyMsalRuntime 0.16.x which contains a bugfix for being run as administrator. This release fixes #707.

MSAL Python 1.28.0

• New feature: PublicClientApplication and ConfidentialClientApplication have a new oidc_authority parameter that can be used to specify authority of any generic OpenID Connect authority, typically the customized domain for CIAM. (#676, #678)
• Dropping Python 2.7

MSAL Python 1.27.0

What's Changed

Release Notes:

• New feature: remove_tokens_for_client() will remove tokens acquired by acquire_token_for_client() (#640, #650, #666)
• Performance: Throughput of token-cache-hit happy path is roughly 2x faster (#644)
• Adjustment: MSAL no longer attempts to validate an ID token's time (#656, #657)
• Adjustment: Bump upstream broker dependency to 0.14.x
• Improvement: Better chance to remove accounts from broker (#651)
• Improvement: Cleaner console output when the http local server is visited in https protocol (#546)
• Improvement: Reduce a bare except clause (#667)

Note:

• The previous preview features in previous 1.27.0b2 requires more beta testing, so they did NOT make it to 1.27.0. If you want to beta test 1.27.0b2, follow its own instruction.
• MSAL Python 1.27 is the last version that still runs on Python 2.7

New Contributors

• @Singletoned made their first contribution in #667

Full Changelog: 1.26.0...1.27.0

MSAL Python 1.27.0b2

This beta release is a preview for the broker-on-Mac support. You can install it by pip install msal==1.27.0b2. Please refer to this staged API Reference Doc for how to opt into this new feature.

_{(Note to MSAL maintenance team: The tag was accidentally named "...b1", while the actual version number was "...b2". This is not a problem when we eventually do it right when shipping the stable "1.27.0" in the future.)}

MSAL Python 1.26.0

• Do not auto-detect region if app developer does not opt-in to region (#629, #630)
• Support Proof-of-Possession (PoP) for Public Client based on broker (#511)

MSAL Python 1.25.0

• Deprecation: allow_broker will be replaced by enable_broker_on_windows (#613)
• Bugfix: Device Code Flow (and Username Password Flow) and its subsequent silent request will automatically bypass broker and succeed. (#569)
• Enhancement: acquire_token_interactive() supports running inside Docker
• Observability: Successful token response will contain a new token_source field to indicate where the token was obtained from: identity_provider, cache or broker. (#610)

MSAL Python 1.24.1

Includes minor adjustments on handling acquire_token_interactive(). The scope of the issue being addressed was limited to a short-lived sign-in attempt. The potential misuse vector complexity was high, therefore it is unlikely to be reproduced in standard usage scenarios; however, out of abundance of caution, this fix is shipped to align ourselves with Microsoft's policy of secure-by-default.