Skip to content

MSAL Python 1.27 #669

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 32 commits into from
Feb 23, 2024
Merged

MSAL Python 1.27 #669

merged 32 commits into from
Feb 23, 2024

Conversation

rayluo
Copy link
Collaborator

@rayluo rayluo commented Feb 22, 2024

Release Notes:

Note:

  • The previous preview features in previous 1.27.0b2 requires more beta testing, so they did NOT make it to 1.27.0. If you want to beta test 1.27.0b2, follow its own instruction.
  • MSAL Python 1.27 is the last version that still runs on Python 2.7

rayluo and others added 30 commits December 5, 2023 16:20
@rayluo
Merge branch 'release-1.26.0' into dev
e6ebc37
@bgavrilMS @rayluo
Update issue templates (#642)
1ae2d19 
* Update issue templates

* Update feature_request.md

* Update feature_request.md

* Remove excess spaces, and rename .md to .yaml

---------

Co-authored-by: Ray Luo <[email protected]>
@rayluo
No more gibberish log from https request to mess up the current terminal
72b853d
@rayluo
Merge branch 'oauth2cli/dev' to close #546
dcedc10
@rayluo
AT POP with SHR is tested with Graph end-to-end
866ba2b
@rayluo
Sort scopes before writing to token cache
c1a0ce1
@rayluo
O(1) happy path for access token hits
313d721
@rayluo
Might as well refactor a _get_app_metadata()
5272fbd
@rayluo
Merge pull request #644 from AzureAD/order-scopes
804d529 
Order scopes on save, and optimize the happy path for access token read
@rayluo
Prevent crash on token_cache.find(..., query=None)
84bdfab
@rayluo
Merge branch 'order-scopes' into dev
7c4c4b5
@rayluo
Attempts account removal from broker first
49a9198
@rayluo
Adding docs for PopAuthScheme
c131b9b
@rayluo
Tested with latest cryptography 42.x
d7331f2
@rayluo
Mention instance_discovery instead of validate_authority in an error …
3e68838 
…message
@rayluo
Tolerate ID token time errors
d524595
@rayluo
Merge remote-tracking branch 'oauth2cli/dev' into oauth2
ba3cec0
@rayluo
Tolerate ID token time errors
386ea2e
@rayluo
Merge pull request #657 from AzureAD/id-token-adjustment
36a1267 
Tolerate ID token time errors
@rayluo
Provide examples for B2C and CIAM
1a19c4b
@rayluo
Give a hint on where the client_id came from
5d9b221
@rayluo
Merge pull request #661 from AzureAD/document-client-id
bb97af2 
Give a hint on where the client_id came from
@rayluo
Allow github action to write perf result into repo
4b34dd6 
This is needed because our org has transitioned to a read-only GITHUB_TOKEN for GitHub Action workflows.
This change fixes #653
@rayluo
Adding attributes that were not auto documented
b286540
@rayluo
Implement remove_tokens_for_client()
3b96de6
@rayluo
Remove premature int(...)
bb0e24a
@rayluo
MSAL's fallback-from-broker behavior remains a FAQ
0d8b2c2
@rayluo
Change back to use print(result) in error path
bf87155
@rayluo
CCA can be tested by: python -m msal
4f0e03d
@rayluo
Pick up latest PyMsalRuntime 0.14.x
59c3000
Singletoned and others added 2 commits February 22, 2024 09:35
@Singletoned
Don't use bare except when importing (#667)
9a866ca 
Using a bare except statement when importing hides other errors, which
then get lost when the next import fails.

Co-authored-by: Ed Singleton <[email protected]>
@rayluo
Releasing 1.27
7e04519
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 22, 2024
View reviewed changes
sample/confidential_client_certificate_sample.py
@@ -70,7 +70,7 @@
headers={'Authorization': 'Bearer ' + result['access_token']},).json()
print("Graph API call result: %s" % json.dumps(graph_data, indent=2))
else:
print("Token acquisition failed") # Examine result["error_description"] etc. to diagnose error
print("Token acquisition failed", result) # Examine result["error_description"] etc. to diagnose error

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This expression logs [sensitive data (secret)](1) as clear text.
sample/confidential_client_secret_sample.py
@@ -69,7 +69,7 @@
headers={'Authorization': 'Bearer ' + result['access_token']},).json()
print("Graph API call result: %s" % json.dumps(graph_data, indent=2))
else:
print("Token acquisition failed") # Examine result["error_description"] etc. to diagnose error
print("Token acquisition failed", result) # Examine result["error_description"] etc. to diagnose error

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This expression logs [sensitive data (secret)](1) as clear text.
sample/device_flow_sample.py
@@ -91,7 +91,7 @@
headers={'Authorization': 'Bearer ' + result['access_token']},).json()
print("Graph API call result: %s" % json.dumps(graph_data, indent=2))
else:
print("Token acquisition failed") # Examine result["error_description"] etc. to diagnose error
print("Token acquisition failed", result) # Examine result["error_description"] etc. to diagnose error

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This expression logs [sensitive data (secret)](1) as clear text.
sample/interactive_sample.py
@@ -86,7 +86,7 @@
headers={'Authorization': 'Bearer ' + result['access_token']},)
print("Graph API call result: %s ..." % graph_response.text[:100])
else:
print("Token acquisition failed") # Examine result["error_description"] etc. to diagnose error
print("Token acquisition failed", result) # Examine result["error_description"] etc. to diagnose error

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This expression logs [sensitive data (secret)](1) as clear text.
sample/username_password_sample.py
@@ -73,8 +75,7 @@
headers={'Authorization': 'Bearer ' + result['access_token']},).json()
print("Graph API call result: %s" % json.dumps(graph_data, indent=2))
else:
print("Token acquisition failed") # Examine result["error_description"] etc. to diagnose error
print(result)
print("Token acquisition failed", result) # Examine result["error_description"] etc. to diagnose error

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This expression logs [sensitive data (secret)](1) as clear text.
sample/vault_jwt_sample.py
@@ -132,7 +132,7 @@
headers={'Authorization': 'Bearer ' + result['access_token']},).json()
print("Graph API call result: %s" % json.dumps(graph_data, indent=2))
else:
print("Token acquisition failed") # Examine result["error_description"] etc. to diagnose error
print("Token acquisition failed", result) # Examine result["error_description"] etc. to diagnose error

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This expression logs [sensitive data (secret)](1) as clear text.
msal/__main__.py
Comment on lines +295 to +296
) if authority and not authority.startswith(
"https://login.microsoftonline.com") else None

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization

The string [https://login.microsoftonline.com](1) may be at an arbitrary position in the sanitized URL.
@jiasli jiasli mentioned this pull request Feb 23, 2024
Merged
@rayluo rayluo merged commit 09e9078 into main Feb 23, 2024
@rayluo rayluo deleted the release-1.27 branch February 23, 2024 18:59
@jiasli jiasli mentioned this pull request Mar 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rayluo @bgavrilMS @Singletoned