Changelog

PyPI History

2.3.3 (2021-11-01)

Bug Fixes

2.3.2 (2021-10-26)

Bug Fixes

  • add clock_skew_in_seconds to verify_token functions (#894) (8e95c1e)

2.3.1 (2021-10-21)

Bug Fixes

  • add back python 2.7 for gcloud usage only (#892) (5bd5ccf)

Documentation

2.3.0 (2021-10-07)

Features

Bug Fixes

2.2.1 (2021-09-28)

Bug Fixes

  • disable self signed jwt for domain wide delegation (#873) (0cd15e2)

2.2.0 (2021-09-21)

Features

  • add support for workforce pool credentials (#868) (993bab2)

2.1.0 (2021-09-10)

Features

Bug Fixes

  • add SAML challenge to reauth (#819) (13aed5f)
  • disable warning if quota project id provided to auth.default() (#856) (11ebaeb)
  • rename CLOCK_SKEW and separate client/server user case (#863) (738611b)

2.0.2 (2021-08-25)

Bug Fixes

  • use ‘int.to_bytes’ rather than deprecated crypto wrapper (#848) (b79b554)
  • use int.from_bytes (#846) (466aed9)

2.0.1 (2021-08-17)

Bug Fixes

  • normalize AWS paths correctly on windows (#842) (4e0fb1c)

2.0.0 (2021-08-16)

⚠ BREAKING CHANGES

Features

  • service account is able to use a private token endpoint (#835) (20b817a)

Bug Fixes

Documentation

  • update user guide/references for downscoped creds (#827) (d1840dc)

2.0.0b1 (2021-08-03)

⚠ BREAKING CHANGES

1.34.0 (2021-07-23)

Features

  • support refresh callable on google.oauth2.credentials.Credentials (#812) (ec2fb18)

Bug Fixes

  • do not use the GAE APIs on gen2+ runtimes (#807) (7f7d92d)

1.33.1 (2021-07-20)

Bug Fixes

  • fallback to source creds expiration in downscoped tokens (#805) (dfad661)

Reverts

  • revert “feat: service account is able to use a private token endpoint (#784)” (#808) (d94e65c)

1.33.0 (2021-07-14)

Features

  • define CredentialAccessBoundary classes (#793) (d883921)
  • define google.auth.downscoped.Credentials class (#801) (2f5c3a6)
  • service account is able to use a private token endpoint (#784) (0e26409)

Bug Fixes

  • fix fetch_id_token credential lookup order to match adc (#748) (c34452e)

Documentation

  • fix code block formatting in ‘user-guide.rst’ (#794) (4fd84bd)

1.32.1 (2021-06-30)

Bug Fixes

  • avoid leaking sub-session created for ‘_auth_request’ (#789) (2079ab5)

1.32.0 (2021-06-16)

Features

1.31.0 (2021-06-09)

Features

  • define useful properties on google.auth.external_account.Credentials (#770) (f97499c)

Bug Fixes

1.30.2 (2021-06-03)

Bug Fixes

  • dependencies: add urllib3 and requests to aiohttp extra (#755) (a923442)
  • enforce constraints during unit tests (#760) (1a6496a), closes #759
  • session object was never used in aiohttp request (#700) (#701) (09e0389)

1.30.1 (2021-05-20)

Bug Fixes

  • allow user to customize context aware metadata path in _mtls_helper (#754) (e697687)
  • fix function name in signing error message (#751) (e9ca25f)

1.30.0 (2021-04-23)

Features

  • add reauth support to async user credentials for gcloud (#738) (9e10823). This internal feature is for gcloud developers only.

1.29.0 (2021-04-15)

Features

  • add reauth feature to user credentials for gcloud (#727) (82293fe). This internal feature is for gcloud developers only.

Bug Fixes

  • Allow multiple audiences for id_token.verify_token (#733) (56c3946)

1.28.1 (2021-04-08)

Bug Fixes

  • support custom alg in jwt header for signing (#729) (0a83706)

1.28.0 (2021-03-16)

Features

  • allow the AWS_DEFAULT_REGION environment variable (#721) (199da47)
  • expose library version at google.auth.__version (#683) (a2cbc32)

Bug Fixes

1.27.1 (2021-02-26)

Bug Fixes

1.27.0 (2021-02-16)

Features

Bug Fixes

1.26.1 (2021-02-11)

Documentation

  • fix a typo in the user guide (avaiable -> available) (#680) (684457a)

Bug Fixes

  • revert workload identity federation support (#691)

1.26.0 (2021-02-09)

Features

1.25.0 (2021-02-03)

Features

  • support self-signed jwt in requests and urllib3 transports (#679) (7a94acb)
  • use self-signed jwt for service account (#665) (bf5ce0c)

1.24.0 (2020-12-11)

Features

  • add Python 3.9 support, drop Python 3.5 support (#655) (6de753d), closes #654

Bug Fixes

  • avoid losing the original ‘_include_email’ parameter in impersonated credentials (#626) (fd9b5b1)

Documentation

1.23.0 (2020-10-29)

Features

  • Add custom scopes for access tokens from the metadata service (#633) (0323cf3)

Bug Fixes

1.22.1 (2020-10-05)

Bug Fixes

  • move aiohttp to extra as it is currently internal surface (#619) (a924011), closes #618

1.22.0 (2020-09-28)

Features

1.21.3 (2020-09-22)

Bug Fixes

1.21.2 (2020-09-08)

Bug Fixes

  • migrate signBlob to iamcredentials.googleapis.com (#600) (694d83f)

1.21.1 (2020-09-03)

Bug Fixes

  • dummy commit to trigger a auto release (#597) (d32f7df)

1.21.0 (2020-08-27)

Features

  • add GOOGLE_API_USE_CLIENT_CERTIFICATE support (#592) (c0c995f)

1.20.1 (2020-08-06)

Bug Fixes

  • reduce refresh clock skew to 10 seconds (#581) (42321ba)
  • set Content-Type header in the request to signBlob API to avoid Invalid JSON payload error (#439) (20f82e2)

1.20.0 (2020-07-23)

Features

  • Add debug logging that can help with diagnosing auth lib. path (#473) (ecd88d4)
  • Show the transport exception that happened for GCE Metadata (#474) (23919bb)
  • packaging: add support for Python 3.8 (#569) (1aad54a), closes #568

1.19.2 (2020-07-17)

Bug fixes

  • Revert “fix: migrate signBlob to iamcredentials.googleapis.com” (#563) (a48b5b)

1.19.1 (2020-07-15)

Bug Fixes

1.19.0 (2020-07-09)

Features

  • add quota project to base credentials class (#546) (3dda7b2)
  • check ‘iss’ in verify_oauth2_token (#500) (c05b8b5)

Bug Fixes

  • migrate signBlob to iamcredentials.googleapis.com (#553) (038ae1b)

Documentation

  • remove 3.4 from supported versions list (#549) (8c84d0f)

1.18.0 (2020-06-18)

Features

  • make load_credentials_from_file a public method (#530) (15d5fa9)

Bug Fixes

  • no warning if quota_project_id is given (#537) (f30b45a)

1.17.2 (2020-06-12)

Bug Fixes

1.17.1 (2020-06-11)

Bug Fixes

  • narrow acceptable RSA versions to maintain Python 2 compatability (#528) (9434868)

1.17.0 (2020-06-10)

Features

  • add quota_project_id to service accounts; add with_quota_project methods (#519) (b12488c)

1.16.1 (2020-06-04)

Bug Fixes

  • fix impersonated cred exception doc (#521) (9d5a9a9)
  • replace environment variable GCE_METADATA_ROOT with GCE_METADATA_HOST (#433) (8ffb4d3), closes #339

1.16.0 (2020-05-28)

Features

  • add helper func to for default encrypted cert (#514) (f282aa4)

Bug Fixes

1.15.0 (2020-05-15)

Features

Bug Fixes

1.14.3 (2020-05-11)

Bug Fixes

1.14.2 (2020-05-07)

Bug Fixes

1.14.1 (2020-04-21)

Bug Fixes

1.14.0 (2020-04-13)

Features

1.13.1 (2020-04-01)

Bug Fixes

1.13.0 (2020-04-01)

Features

1.12.0 (2020-03-25)

Features

Bug Fixes

  • don't use threads for gRPC AuthMetadataPlugin (#467) (ee373f8)
  • make ThreadPoolExecutor a class var (#461) (b526473)

1.11.3 (2020-03-13)

Bug Fixes

  • fix the scopes so test can pass for a local run (#450) (b2dd77f)
  • only add IAM scope to credentials that can change scopes (#451) (82e224b)

1.11.2 (2020-02-14)

Reverts

  • Revert “fix: update _GOOGLE_OAUTH2_CERTS_URL (#365)” (#444) (901c259), closes #365 #444

1.11.1 (2020-02-13)

Bug Fixes

  • compute engine id token credentials “with_target_audience” method (#438) (bc0ec93)
  • update _GOOGLE_OAUTH2_CERTS_URL (#365) (054db75)

1.11.0 (2020-01-23)

Features

1.10.2 (2020-01-18)

Bug Fixes

  • make collections import compatible across Python versions (#419) (c5a3395), closes #418

1.10.1 (2020-01-10)

Bug Fixes

  • google.auth.compute_engine.metadata: add retry to google.auth.compute_engine._metadata.get() (#398) (af29c1a), closes #211 #323 #323 #211
  • always pass body of type bytes to google.auth.transport.Request (#421) (a57a770), closes #318

1.10.0 (2019-12-18)

Features

  • send quota project id in x-goog-user-project for OAuth2 credentials (#412) (32d71a5), closes #400

1.9.0 (2019-12-12)

Features

  • add timeout parameter to AuthorizedSession.request() (#406) (d86d7b8)

1.8.2 (2019-12-11)

Bug Fixes

  • revert “feat: send quota project id in x-goog-user-project header for OAuth2 credentials (#400)” (#407) (25ea942)

1.8.1 (2019-12-09)

Bug Fixes

  • revert “feat: add timeout to AuthorizedSession.request() (#397)” (#401) (451ecbd)

1.8.0 (2019-12-09)

Features

  • add to_json method to google.oauth2.credentials.Credentials (#367) (bfb1f8c)
  • add timeout to AuthorizedSession.request() (#397) (381dd40)
  • send quota project id in x-goog-user-project header for OAuth2 credentials (#400) (ab3dc1e)

1.7.2 (2019-12-02)

Bug Fixes

  • in token endpoint request, do not decode the response data if it is not encoded (#393) (3b5d3e2)
  • make gRPC auth plugin non-blocking + add default timeout value for requests transport (#390) (0c33e9c), closes #351

1.7.1 (2019-11-13)

Bug Fixes

  • change ‘internal_failure’ condition to also use `error' field (#387) (46bb58e)

1.7.0

10-30-2019 17:11 PDT

Implementation Changes

  • Add retry loop for fetching authentication token if any ‘Internal Failure’ occurs (#368)
  • Use cls parameter instead of class (#341)

New Features

  • Add support for impersonated_credentials.Sign, IDToken (#348)
  • Add downscoping to OAuth2 credentials (#309)

Dependencies

  • Update dependency cachetools to v3 (#357)
  • Update dependency rsa to v4 (#358)
  • Set an upper bound on dependencies version (#352)
  • Require a minimum version of setuptools (#322)

Documentation

  • Add busunkim96 as maintainer (#373)
  • Update user-guide.rst (#337)
  • Fix typo in jwt docs (#332)
  • Clarify which SA has Token Creator role (#330)

Internal / Testing Changes

  • Change ‘name’ to distribution name (#379)
  • Fix system tests, move to Kokoro (#372)
  • Blacken (#375)
  • Rename nox.py -> noxfile.py (#369)
  • Add initial renovate config (#356)
  • Use new pytest api to keep building with pytest 5 (#353)

1.6.3

02-15-2019 9:31 PST

Implementation Changes

  • follow rfc 7515 : strip padding from JWS segments (#324)
  • Add retry to _metadata.ping() (#323)

1.6.2

12-17-2018 10:51 PST

Documentation

  • Announce deprecation of Python 2.7 (#311)
  • Link all the PRs in CHANGELOG (#307)

1.6.1

11-12-2018 10:10 PST

Implementation Changes

  • Automatically refresh impersonated credentials (#304)

1.6.0

11-09-2018 11:07 PST

New Features

  • Add google.auth.impersonated_credentials (#299)

Documentation

  • Update link to documentation for default credentials (#296)
  • Update github issue templates (#300)
  • Remove punctuation which becomes part of the url (#284)

Internal / Testing Changes

  • Update trampoline.sh (302)
  • Enable static type checking with pytype (#298)
  • Make classifiers in setup.py an array. (#280)

1.5.1

  • Fix check for error text on Python 3.7. (#278)
  • Use new Auth URIs. (#281)
  • Add code-of-conduct document. (#270)
  • Fix some typos in test_urllib3.py (#268)

1.5.0

  • Warn when using user credentials from the Cloud SDK (#266)
  • Add compute engine-based IDTokenCredentials (#236)
  • Corrected some typos (#265)

1.4.2

  • Raise a helpful exception when trying to refresh credentials without a refresh token. (#262)
  • Fix links to README and CONTRIBUTING in docs/index.rst. (#260)
  • Fix a typo in credentials.py. (#256)
  • Use pytest instead of py.test per upstream recommendation, #dropthedot. (#255)
  • Fix typo on exemple of jwt usage (#245)

1.4.1

  • Added a check for the cryptography version before attempting to use it. (#243)

1.4.0

  • Added cryptography-based RSA signer and verifier. (#185)
  • Added google.oauth2.service_account.IDTokenCredentials. (#234)
  • Improved documentation around ID Tokens (#224)

1.3.0

  • Added google.oauth2.credentials.Credentials.from_authorized_user_file (#226)
  • Dropped direct pyasn1 dependency in favor of letting pyasn1-modules specify the right version. (#230)
  • default() now checks for the project ID environment var before warning about missing project ID. (#227)
  • Fixed the docstrings for has_scopes() and with_scopes(). (#228)
  • Fixed example in docstring for ReadOnlyScoped. (#219)
  • Made transport.requests use timeouts and retries to improve reliability. (#220)

1.2.1

  • Excluded compiled Python files in source distributions. (#215)
  • Updated docs for creating RSASigner from string. (#213)
  • Use six.raise_from wherever possible. (#212)
  • Fixed a typo in a comment seconds not sections. (#210)

1.2.0

  • Added google.auth.credentials.AnonymousCredentials. (#206)
  • Updated the documentation to link to the Google Cloud Platform Python setup guide (#204)

1.1.1

  • google.oauth.credentials.Credentials now correctly inherits from ReadOnlyScoped instead of Scoped. (#200)

1.1.0

  • Added service_account.Credentials.project_id. (#187)
  • Move read-only methods of credentials.Scoped into new interface credentials.ReadOnlyScoped. (#195, #196)
  • Make compute_engine.Credentials derive from ReadOnlyScoped instead of Scoped. (#195)
  • Fix App Engine's expiration calculation (#197)
  • Split crypt module into a package to allow alternative implementations. (#189)
  • Add error message to handle case of empty string or missing file for GOOGLE_APPLICATION_CREDENTIALS (#188)

1.0.2

  • Fixed a bug where the Cloud SDK executable could not be found on Windows, leading to project ID detection failing. (#179)
  • Fixed a bug where the timeout argument wasn't being passed through the httplib transport correctly. (#175)
  • Added documentation for using the library on Google App Engine standard. (#172)
  • Testing style updates. (#168)
  • Added documentation around the oauth2client deprecation. (#165)
  • Fixed a few lint issues caught by newer versions of pylint. (#166)

1.0.1

  • Fixed a bug in the clock skew accommodation logic where expired credentials could be used for up to 5 minutes. (#158)

1.0.0

Milestone release for v1.0.0. No significant changes since v0.10.0

0.10.0

  • Added jwt.OnDemandCredentials. (#142)
  • Added new public property id_token to oauth2.credentials.Credentials. (#150)
  • Added the ability to set the address used to communicate with the Compute Engine metadata server via the GCE_METADATA_ROOT and GCE_METADATA_IP environment variables. (#148)
  • Changed the way cloud project IDs are ascertained from the Google Cloud SDK. (#147)
  • Modified expiration logic to add a 5 minute clock skew accommodation. (#145)

0.9.0

  • Added service_account.Credentials.with_claims. (#140)
  • Moved google.auth.oauthlib and google.auth.flow to a new separate package google_auth_oauthlib. (#137, #139, #135, #126)
  • Added InstalledAppFlow to google_auth_oauthlib. (#128)
  • Fixed some packaging and documentation issues. (#131)
  • Added a helpful error message when importing optional dependencies. (#125)
  • Made all properties required to reconstruct google.oauth2.credentials.Credentials public. (#124)
  • Added official Python 3.6 support. (#102)
  • Added jwt.Credentials.from_signing_credentials and removed service_account.Credentials.to_jwt_credentials. (#120)

0.8.0

  • Removed one-time token behavior from jwt.Credentials, audience claim is now required and fixed. (#117)
  • crypt.Signer and crypt.Verifier are now abstract base classes. The concrete implementations have been renamed to crypt.RSASigner and crypt.RSAVerifier. app_engine.Signer and iam.Signer now inherit from crypt.Signer. (#115)
  • transport.grpc now correctly calls Credentials.before_request. (#116)

0.7.0

  • Added google.auth.iam.Signer. (#108)
  • Fixed issue where google.auth.app_engine.Signer erroneously returns a tuple from sign(). (#109)
  • Added public property google.auth.credentials.Signing.signer. (#110)

0.6.0

  • Added experimental integration with requests-oauthlib in google.oauth2.oauthlib and google.oauth2.flow. (#100, #105, #106)
  • Fixed typo in google_auth_httplib2's README. (#105)

0.5.0

  • Added app_engine.Signer. (#97)
  • Added crypt.Signer.from_service_account_file. (#95)
  • Fixed error handling in the oauth2 client. (#96)
  • Fixed the App Engine system tests.

0.4.0

  • transports.grpc.secure_authorized_channel now passes kwargs to grpc.secure_channel. (#90)
  • Added new property credentials.Singing.signer_email which can be used to identify the signer of a message. (#89)
  • (google_auth_httplib2) Added a proxy to httplib2.Http.connections.

0.3.2

  • Fixed an issue where an ImportError would occur if google.oauth2 was imported before google.auth. (#88)

0.3.1

  • Fixed a bug where non-padded base64 encoded strings were not accepted. (#87)
  • Fixed a bug where ID token verification did not correctly call the HTTP request function. (#87)

0.3.0

  • Added Google ID token verification helpers. (#82)
  • Swapped the target and request argument order for grpc.secure_authorized_channel. (#81)
  • Added a user's guide. (#79)
  • Made service_account_email a public property on several credential classes. (#76)
  • Added a scope argument to google.auth.default. (#75)
  • Added support for the GCLOUD_PROJECT environment variable. (#73)

0.2.0

  • Added gRPC support. (#67)
  • Added Requests support. (#66)
  • Added google.auth.credentials.with_scopes_if_required helper. (#65)
  • Added private helper for oauth2client migration. (#70)

0.1.0

First release with core functionality available. This version is ready for initial usage and testing.

  • Added google.auth.credentials, public interfaces for Credential types. (#8)
  • Added google.oauth2.credentials, credentials that use OAuth 2.0 access and refresh tokens (#24)
  • Added google.oauth2.service_account, credentials that use Service Account private keys to obtain OAuth 2.0 access tokens. (#25)
  • Added google.auth.compute_engine, credentials that use the Compute Engine metadata service to obtain OAuth 2.0 access tokens. (#22)
  • Added google.auth.jwt.Credentials, credentials that use a JWT as a bearer token.
  • Added google.auth.app_engine, credentials that use the Google App Engine App Identity service to obtain OAuth 2.0 access tokens. (#46)
  • Added google.auth.default(), an implementation of Google Application Default Credentials that supports automatic Project ID detection. (#32)
  • Added system tests for all credential types. (#51, #54, #56, #58, #59, #60, #61, #62)
  • Added google.auth.transports.urllib3.AuthorizedHttp, an HTTP client that includes authentication provided by credentials. (#19)
  • Documentation style and formatting updates.

0.0.1

Initial release with foundational functionality for cryptography and JWTs.

  • google.auth.crypt for creating and verifying cryptographic signatures.
  • google.auth.jwt for creating (encoding) and verifying (decoding) JSON Web tokens.