Changelog
PyPI History
2.3.3 (2021-11-01)
Bug Fixes
2.3.2 (2021-10-26)
Bug Fixes
- add clock_skew_in_seconds to verify_token functions (#894) (8e95c1e)
2.3.1 (2021-10-21)
Bug Fixes
- add back python 2.7 for gcloud usage only (#892) (5bd5ccf)
Documentation
2.3.0 (2021-10-07)
Features
Bug Fixes
2.2.1 (2021-09-28)
Bug Fixes
- disable self signed jwt for domain wide delegation (#873) (0cd15e2)
2.2.0 (2021-09-21)
Features
- add support for workforce pool credentials (#868) (993bab2)
2.1.0 (2021-09-10)
Features
Bug Fixes
- add SAML challenge to reauth (#819) (13aed5f)
- disable warning if quota project id provided to auth.default() (#856) (11ebaeb)
- rename CLOCK_SKEW and separate client/server user case (#863) (738611b)
2.0.2 (2021-08-25)
Bug Fixes
2.0.1 (2021-08-17)
Bug Fixes
- normalize AWS paths correctly on windows (#842) (4e0fb1c)
2.0.0 (2021-08-16)
⚠ BREAKING CHANGES
Features
- service account is able to use a private token endpoint (#835) (20b817a)
Bug Fixes
Documentation
- update user guide/references for downscoped creds (#827) (d1840dc)
⚠ BREAKING CHANGES
1.34.0 (2021-07-23)
Features
- support refresh callable on google.oauth2.credentials.Credentials (#812) (ec2fb18)
Bug Fixes
- do not use the GAE APIs on gen2+ runtimes (#807) (7f7d92d)
1.33.1 (2021-07-20)
Bug Fixes
- fallback to source creds expiration in downscoped tokens (#805) (dfad661)
Reverts
- revert “feat: service account is able to use a private token endpoint (#784)” (#808) (d94e65c)
1.33.0 (2021-07-14)
Features
- define
CredentialAccessBoundary
classes (#793) (d883921) - define
google.auth.downscoped.Credentials
class (#801) (2f5c3a6) - service account is able to use a private token endpoint (#784) (0e26409)
Bug Fixes
- fix fetch_id_token credential lookup order to match adc (#748) (c34452e)
Documentation
- fix code block formatting in ‘user-guide.rst’ (#794) (4fd84bd)
1.32.1 (2021-06-30)
Bug Fixes
- avoid leaking sub-session created for ‘_auth_request’ (#789) (2079ab5)
1.32.0 (2021-06-16)
Features
1.31.0 (2021-06-09)
Features
- define useful properties on
google.auth.external_account.Credentials
(#770) (f97499c)
Bug Fixes
1.30.2 (2021-06-03)
Bug Fixes
- dependencies: add urllib3 and requests to aiohttp extra (#755) (a923442)
- enforce constraints during unit tests (#760) (1a6496a), closes #759
- session object was never used in aiohttp request (#700) (#701) (09e0389)
1.30.1 (2021-05-20)
Bug Fixes
- allow user to customize context aware metadata path in _mtls_helper (#754) (e697687)
- fix function name in signing error message (#751) (e9ca25f)
1.30.0 (2021-04-23)
Features
- add reauth support to async user credentials for gcloud (#738) (9e10823). This internal feature is for gcloud developers only.
1.29.0 (2021-04-15)
Features
- add reauth feature to user credentials for gcloud (#727) (82293fe). This internal feature is for gcloud developers only.
Bug Fixes
- Allow multiple audiences for id_token.verify_token (#733) (56c3946)
1.28.1 (2021-04-08)
Bug Fixes
- support custom alg in jwt header for signing (#729) (0a83706)
1.28.0 (2021-03-16)
Features
- allow the AWS_DEFAULT_REGION environment variable (#721) (199da47)
- expose library version at
google.auth.__version
(#683) (a2cbc32)
Bug Fixes
1.27.1 (2021-02-26)
Bug Fixes
1.27.0 (2021-02-16)
Features
Bug Fixes
1.26.1 (2021-02-11)
Documentation
- fix a typo in the user guide (avaiable -> available) (#680) (684457a)
Bug Fixes
- revert workload identity federation support (#691)
1.26.0 (2021-02-09)
Features
1.25.0 (2021-02-03)
Features
- support self-signed jwt in requests and urllib3 transports (#679) (7a94acb)
- use self-signed jwt for service account (#665) (bf5ce0c)
1.24.0 (2020-12-11)
Features
- add Python 3.9 support, drop Python 3.5 support (#655) (6de753d), closes #654
Bug Fixes
- avoid losing the original ‘_include_email’ parameter in impersonated credentials (#626) (fd9b5b1)
Documentation
1.23.0 (2020-10-29)
Features
- Add custom scopes for access tokens from the metadata service (#633) (0323cf3)
Bug Fixes
1.22.1 (2020-10-05)
Bug Fixes
- move aiohttp to extra as it is currently internal surface (#619) (a924011), closes #618
1.22.0 (2020-09-28)
Features
1.21.3 (2020-09-22)
Bug Fixes
1.21.2 (2020-09-08)
Bug Fixes
- migrate signBlob to iamcredentials.googleapis.com (#600) (694d83f)
1.21.1 (2020-09-03)
Bug Fixes
- dummy commit to trigger a auto release (#597) (d32f7df)
1.21.0 (2020-08-27)
Features
- add GOOGLE_API_USE_CLIENT_CERTIFICATE support (#592) (c0c995f)
1.20.1 (2020-08-06)
Bug Fixes
- reduce refresh clock skew to 10 seconds (#581) (42321ba)
- set Content-Type header in the request to signBlob API to avoid Invalid JSON payload error (#439) (20f82e2)
1.20.0 (2020-07-23)
Features
- Add debug logging that can help with diagnosing auth lib. path (#473) (ecd88d4)
- Show the transport exception that happened for GCE Metadata (#474) (23919bb)
- packaging: add support for Python 3.8 (#569) (1aad54a), closes #568
1.19.2 (2020-07-17)
Bug fixes
- Revert “fix: migrate signBlob to iamcredentials.googleapis.com” (#563) (a48b5b)
1.19.1 (2020-07-15)
Bug Fixes
1.19.0 (2020-07-09)
Features
- add quota project to base credentials class (#546) (3dda7b2)
- check ‘iss’ in
verify_oauth2_token
(#500) (c05b8b5)
Bug Fixes
- migrate signBlob to iamcredentials.googleapis.com (#553) (038ae1b)
Documentation
- remove 3.4 from supported versions list (#549) (8c84d0f)
1.18.0 (2020-06-18)
Features
- make
load_credentials_from_file
a public method (#530) (15d5fa9)
Bug Fixes
- no warning if quota_project_id is given (#537) (f30b45a)
1.17.2 (2020-06-12)
Bug Fixes
1.17.1 (2020-06-11)
Bug Fixes
- narrow acceptable RSA versions to maintain Python 2 compatability (#528) (9434868)
1.17.0 (2020-06-10)
Features
- add quota_project_id to service accounts; add with_quota_project methods (#519) (b12488c)
1.16.1 (2020-06-04)
Bug Fixes
- fix impersonated cred exception doc (#521) (9d5a9a9)
- replace environment variable GCE_METADATA_ROOT with GCE_METADATA_HOST (#433) (8ffb4d3), closes #339
1.16.0 (2020-05-28)
Features
- add helper func to for default encrypted cert (#514) (f282aa4)
Bug Fixes
1.15.0 (2020-05-15)
Features
Bug Fixes
1.14.3 (2020-05-11)
Bug Fixes
1.14.2 (2020-05-07)
Bug Fixes
1.14.1 (2020-04-21)
Bug Fixes
1.14.0 (2020-04-13)
Features
1.13.1 (2020-04-01)
Bug Fixes
1.13.0 (2020-04-01)
Features
1.12.0 (2020-03-25)
Features
Bug Fixes
- don't use threads for gRPC AuthMetadataPlugin (#467) (ee373f8)
- make ThreadPoolExecutor a class var (#461) (b526473)
1.11.3 (2020-03-13)
Bug Fixes
- fix the scopes so test can pass for a local run (#450) (b2dd77f)
- only add IAM scope to credentials that can change scopes (#451) (82e224b)
1.11.2 (2020-02-14)
Reverts
- Revert “fix: update
_GOOGLE_OAUTH2_CERTS_URL
(#365)” (#444) (901c259), closes #365 #444
1.11.1 (2020-02-13)
Bug Fixes
- compute engine id token credentials “with_target_audience” method (#438) (bc0ec93)
- update
_GOOGLE_OAUTH2_CERTS_URL
(#365) (054db75)
1.11.0 (2020-01-23)
Features
1.10.2 (2020-01-18)
Bug Fixes
- make collections import compatible across Python versions (#419) (c5a3395), closes #418
1.10.1 (2020-01-10)
Bug Fixes
- google.auth.compute_engine.metadata: add retry to google.auth.compute_engine._metadata.get() (#398) (af29c1a), closes #211 #323 #323 #211
- always pass body of type bytes to
google.auth.transport.Request
(#421) (a57a770), closes #318
1.10.0 (2019-12-18)
Features
- send quota project id in x-goog-user-project for OAuth2 credentials (#412) (32d71a5), closes #400
1.9.0 (2019-12-12)
Features
- add timeout parameter to
AuthorizedSession.request()
(#406) (d86d7b8)
1.8.2 (2019-12-11)
Bug Fixes
- revert “feat: send quota project id in x-goog-user-project header for OAuth2 credentials (#400)” (#407) (25ea942)
1.8.1 (2019-12-09)
Bug Fixes
- revert “feat: add timeout to AuthorizedSession.request() (#397)” (#401) (451ecbd)
1.8.0 (2019-12-09)
Features
- add
to_json
method to google.oauth2.credentials.Credentials (#367) (bfb1f8c) - add timeout to AuthorizedSession.request() (#397) (381dd40)
- send quota project id in x-goog-user-project header for OAuth2 credentials (#400) (ab3dc1e)
1.7.2 (2019-12-02)
Bug Fixes
- in token endpoint request, do not decode the response data if it is not encoded (#393) (3b5d3e2)
- make gRPC auth plugin non-blocking + add default timeout value for requests transport (#390) (0c33e9c), closes #351
1.7.1 (2019-11-13)
Bug Fixes
- change ‘internal_failure’ condition to also use `error' field (#387) (46bb58e)
1.7.0
10-30-2019 17:11 PDT
Implementation Changes
- Add retry loop for fetching authentication token if any ‘Internal Failure’ occurs (#368)
- Use cls parameter instead of class (#341)
New Features
- Add support for
impersonated_credentials.Sign
, IDToken
(#348) - Add downscoping to OAuth2 credentials (#309)
Dependencies
- Update dependency cachetools to v3 (#357)
- Update dependency rsa to v4 (#358)
- Set an upper bound on dependencies version (#352)
- Require a minimum version of setuptools (#322)
Documentation
- Add busunkim96 as maintainer (#373)
- Update user-guide.rst (#337)
- Fix typo in jwt docs (#332)
- Clarify which SA has Token Creator role (#330)
Internal / Testing Changes
- Change ‘name’ to distribution name (#379)
- Fix system tests, move to Kokoro (#372)
- Blacken (#375)
- Rename nox.py -> noxfile.py (#369)
- Add initial renovate config (#356)
- Use new pytest api to keep building with pytest 5 (#353)
1.6.3
02-15-2019 9:31 PST
Implementation Changes
- follow rfc 7515 : strip padding from JWS segments (#324)
- Add retry to
_metadata.ping()
(#323)
1.6.2
12-17-2018 10:51 PST
Documentation
- Announce deprecation of Python 2.7 (#311)
- Link all the PRs in CHANGELOG (#307)
1.6.1
11-12-2018 10:10 PST
Implementation Changes
- Automatically refresh impersonated credentials (#304)
1.6.0
11-09-2018 11:07 PST
New Features
- Add
google.auth.impersonated_credentials
(#299)
Documentation
- Update link to documentation for default credentials (#296)
- Update github issue templates (#300)
- Remove punctuation which becomes part of the url (#284)
Internal / Testing Changes
- Update trampoline.sh (302)
- Enable static type checking with pytype (#298)
- Make classifiers in setup.py an array. (#280)
1.5.1
- Fix check for error text on Python 3.7. (#278)
- Use new Auth URIs. (#281)
- Add code-of-conduct document. (#270)
- Fix some typos in test_urllib3.py (#268)
1.5.0
- Warn when using user credentials from the Cloud SDK (#266)
- Add compute engine-based IDTokenCredentials (#236)
- Corrected some typos (#265)
1.4.2
- Raise a helpful exception when trying to refresh credentials without a refresh token. (#262)
- Fix links to README and CONTRIBUTING in docs/index.rst. (#260)
- Fix a typo in credentials.py. (#256)
- Use pytest instead of py.test per upstream recommendation, #dropthedot. (#255)
- Fix typo on exemple of jwt usage (#245)
1.4.1
- Added a check for the cryptography version before attempting to use it. (#243)
1.4.0
- Added
cryptography
-based RSA signer and verifier. (#185) - Added
google.oauth2.service_account.IDTokenCredentials
. (#234) - Improved documentation around ID Tokens (#224)
1.3.0
- Added
google.oauth2.credentials.Credentials.from_authorized_user_file
(#226) - Dropped direct pyasn1 dependency in favor of letting
pyasn1-modules
specify the right version. (#230) default()
now checks for the project ID environment var before warning about missing project ID. (#227)- Fixed the docstrings for
has_scopes()
and with_scopes()
. (#228) - Fixed example in docstring for
ReadOnlyScoped
. (#219) - Made
transport.requests
use timeouts and retries to improve reliability. (#220)
1.2.1
- Excluded compiled Python files in source distributions. (#215)
- Updated docs for creating RSASigner from string. (#213)
- Use
six.raise_from
wherever possible. (#212) - Fixed a typo in a comment
seconds
not sections
. (#210)
1.2.0
- Added
google.auth.credentials.AnonymousCredentials
. (#206) - Updated the documentation to link to the Google Cloud Platform Python setup guide (#204)
1.1.1
google.oauth.credentials.Credentials
now correctly inherits from ReadOnlyScoped
instead of Scoped
. (#200)
1.1.0
- Added
service_account.Credentials.project_id
. (#187) - Move read-only methods of
credentials.Scoped
into new interface credentials.ReadOnlyScoped
. (#195, #196) - Make
compute_engine.Credentials
derive from ReadOnlyScoped
instead of Scoped
. (#195) - Fix App Engine's expiration calculation (#197)
- Split
crypt
module into a package to allow alternative implementations. (#189) - Add error message to handle case of empty string or missing file for
GOOGLE_APPLICATION_CREDENTIALS
(#188)
1.0.2
- Fixed a bug where the Cloud SDK executable could not be found on Windows, leading to project ID detection failing. (#179)
- Fixed a bug where the timeout argument wasn't being passed through the httplib transport correctly. (#175)
- Added documentation for using the library on Google App Engine standard. (#172)
- Testing style updates. (#168)
- Added documentation around the oauth2client deprecation. (#165)
- Fixed a few lint issues caught by newer versions of pylint. (#166)
1.0.1
- Fixed a bug in the clock skew accommodation logic where expired credentials could be used for up to 5 minutes. (#158)
1.0.0
Milestone release for v1.0.0. No significant changes since v0.10.0
0.10.0
- Added
jwt.OnDemandCredentials
. (#142) - Added new public property
id_token
to oauth2.credentials.Credentials
. (#150) - Added the ability to set the address used to communicate with the Compute Engine metadata server via the
GCE_METADATA_ROOT
and GCE_METADATA_IP
environment variables. (#148) - Changed the way cloud project IDs are ascertained from the Google Cloud SDK. (#147)
- Modified expiration logic to add a 5 minute clock skew accommodation. (#145)
0.9.0
- Added
service_account.Credentials.with_claims
. (#140) - Moved
google.auth.oauthlib
and google.auth.flow
to a new separate package google_auth_oauthlib
. (#137, #139, #135, #126) - Added
InstalledAppFlow
to google_auth_oauthlib
. (#128) - Fixed some packaging and documentation issues. (#131)
- Added a helpful error message when importing optional dependencies. (#125)
- Made all properties required to reconstruct
google.oauth2.credentials.Credentials
public. (#124) - Added official Python 3.6 support. (#102)
- Added
jwt.Credentials.from_signing_credentials
and removed service_account.Credentials.to_jwt_credentials
. (#120)
0.8.0
- Removed one-time token behavior from
jwt.Credentials
, audience claim is now required and fixed. (#117) crypt.Signer
and crypt.Verifier
are now abstract base classes. The concrete implementations have been renamed to crypt.RSASigner
and crypt.RSAVerifier
. app_engine.Signer
and iam.Signer
now inherit from crypt.Signer
. (#115)transport.grpc
now correctly calls Credentials.before_request
. (#116)
0.7.0
- Added
google.auth.iam.Signer
. (#108) - Fixed issue where
google.auth.app_engine.Signer
erroneously returns a tuple from sign()
. (#109) - Added public property
google.auth.credentials.Signing.signer
. (#110)
0.6.0
- Added experimental integration with
requests-oauthlib
in google.oauth2.oauthlib
and google.oauth2.flow
. (#100, #105, #106) - Fixed typo in
google_auth_httplib2
's README. (#105)
0.5.0
- Added
app_engine.Signer
. (#97) - Added
crypt.Signer.from_service_account_file
. (#95) - Fixed error handling in the oauth2 client. (#96)
- Fixed the App Engine system tests.
0.4.0
transports.grpc.secure_authorized_channel
now passes kwargs
to grpc.secure_channel
. (#90)- Added new property
credentials.Singing.signer_email
which can be used to identify the signer of a message. (#89) - (google_auth_httplib2) Added a proxy to
httplib2.Http.connections
.
0.3.2
- Fixed an issue where an
ImportError
would occur if google.oauth2
was imported before google.auth
. (#88)
0.3.1
- Fixed a bug where non-padded base64 encoded strings were not accepted. (#87)
- Fixed a bug where ID token verification did not correctly call the HTTP request function. (#87)
0.3.0
- Added Google ID token verification helpers. (#82)
- Swapped the
target
and request
argument order for grpc.secure_authorized_channel
. (#81) - Added a user's guide. (#79)
- Made
service_account_email
a public property on several credential classes. (#76) - Added a
scope
argument to google.auth.default
. (#75) - Added support for the
GCLOUD_PROJECT
environment variable. (#73)
0.2.0
- Added gRPC support. (#67)
- Added Requests support. (#66)
- Added
google.auth.credentials.with_scopes_if_required
helper. (#65) - Added private helper for oauth2client migration. (#70)
0.1.0
First release with core functionality available. This version is ready for initial usage and testing.
- Added
google.auth.credentials
, public interfaces for Credential types. (#8) - Added
google.oauth2.credentials
, credentials that use OAuth 2.0 access and refresh tokens (#24) - Added
google.oauth2.service_account
, credentials that use Service Account private keys to obtain OAuth 2.0 access tokens. (#25) - Added
google.auth.compute_engine
, credentials that use the Compute Engine metadata service to obtain OAuth 2.0 access tokens. (#22) - Added
google.auth.jwt.Credentials
, credentials that use a JWT as a bearer token. - Added
google.auth.app_engine
, credentials that use the Google App Engine App Identity service to obtain OAuth 2.0 access tokens. (#46) - Added
google.auth.default()
, an implementation of Google Application Default Credentials that supports automatic Project ID detection. (#32) - Added system tests for all credential types. (#51, #54, #56, #58, #59, #60, #61, #62)
- Added
google.auth.transports.urllib3.AuthorizedHttp
, an HTTP client that includes authentication provided by credentials. (#19) - Documentation style and formatting updates.
0.0.1
Initial release with foundational functionality for cryptography and JWTs.
google.auth.crypt
for creating and verifying cryptographic signatures.google.auth.jwt
for creating (encoding) and verifying (decoding) JSON Web tokens.