1.16.1 (2020-06-04)
- fix impersonated cred exception doc (#521) (9d5a9a9)
- replace environment variable GCE_METADATA_ROOT with GCE_METADATA_HOST (#433) (8ffb4d3), closes #339
1.16.0 (2020-05-28)
1.15.0 (2020-05-15)
1.14.3 (2020-05-11)
1.14.2 (2020-05-07)
1.14.1 (2020-04-21)
1.14.0 (2020-04-13)
1.13.1 (2020-04-01)
1.13.0 (2020-04-01)
- add access token credentials (#476) (772dac6)
- add fetch_id_token to support id_token adc (#469) (506c565)
- consolidate mTLS channel errors (#480) (e83d446)
- Implement ES256 for JWT verification (#340) (e290a3d)
1.12.0 (2020-03-25)
- add mTLS ADC support for HTTP (#457) (bb9215a)
- add SslCredentials class for mTLS ADC (#448) (dafb41f)
- fetch id token from GCE metadata server (#462) (97e7700)
- don't use threads for gRPC AuthMetadataPlugin (#467) (ee373f8)
- make ThreadPoolExecutor a class var (#461) (b526473)
1.11.3 (2020-03-13)
- fix the scopes so test can pass for a local run (#450) (b2dd77f)
- only add IAM scope to credentials that can change scopes (#451) (82e224b)
1.11.2 (2020-02-14)
1.11.1 (2020-02-13)
- compute engine id token credentials "with_target_audience" method (#438) (bc0ec93)
- update
_GOOGLE_OAUTH2_CERTS_URL
(#365) (054db75)
1.11.0 (2020-01-23)
- add non-None default timeout to AuthorizedSession.request() (#435) (d274a3a), closes #434 googleapis/google-cloud-python#10182
- distinguish transport and execution time timeouts (#424) (52a733d), closes #423
1.10.2 (2020-01-18)
1.10.1 (2020-01-10)
- google.auth.compute_engine.metadata: add retry to google.auth.compute_engine._metadata.get() (#398) (af29c1a), closes #211 #323 #323 #211
- always pass body of type bytes to
google.auth.transport.Request
(#421) (a57a770), closes #318
1.10.0 (2019-12-18)
1.9.0 (2019-12-12)
1.8.2 (2019-12-11)
- revert "feat: send quota project id in x-goog-user-project header for OAuth2 credentials (#400)" (#407) (25ea942)
1.8.1 (2019-12-09)
1.8.0 (2019-12-09)
- add
to_json
method to google.oauth2.credentials.Credentials (#367) (bfb1f8c) - add timeout to AuthorizedSession.request() (#397) (381dd40)
- send quota project id in x-goog-user-project header for OAuth2 credentials (#400) (ab3dc1e)
1.7.2 (2019-12-02)
- in token endpoint request, do not decode the response data if it is not encoded (#393) (3b5d3e2)
- make gRPC auth plugin non-blocking + add default timeout value for requests transport (#390) (0c33e9c), closes #351
1.7.1 (2019-11-13)
10-30-2019 17:11 PDT
- Add retry loop for fetching authentication token if any 'Internal Failure' occurs (#368)
- Use cls parameter instead of class (#341)
- Add support for
impersonated_credentials.Sign
,IDToken
(#348) - Add downscoping to OAuth2 credentials (#309)
- Update dependency cachetools to v3 (#357)
- Update dependency rsa to v4 (#358)
- Set an upper bound on dependencies version (#352)
- Require a minimum version of setuptools (#322)
- Add busunkim96 as maintainer (#373)
- Update user-guide.rst (#337)
- Fix typo in jwt docs (#332)
- Clarify which SA has Token Creator role (#330)
- Change 'name' to distribution name (#379)
- Fix system tests, move to Kokoro (#372)
- Blacken (#375)
- Rename nox.py -> noxfile.py (#369)
- Add initial renovate config (#356)
- Use new pytest api to keep building with pytest 5 (#353)
02-15-2019 9:31 PST
12-17-2018 10:51 PST
11-12-2018 10:10 PST
- Automatically refresh impersonated credentials (#304)
11-09-2018 11:07 PST
- Add
google.auth.impersonated_credentials
(#299)
- Update link to documentation for default credentials (#296)
- Update github issue templates (#300)
- Remove punctuation which becomes part of the url (#284)
- Update trampoline.sh (302)
- Enable static type checking with pytype (#298)
- Make classifiers in setup.py an array. (#280)
- Fix check for error text on Python 3.7. (#278)
- Use new Auth URIs. (#281)
- Add code-of-conduct document. (#270)
- Fix some typos in test_urllib3.py (#268)
- Warn when using user credentials from the Cloud SDK (#266)
- Add compute engine-based IDTokenCredentials (#236)
- Corrected some typos (#265)
- Raise a helpful exception when trying to refresh credentials without a refresh token. (#262)
- Fix links to README and CONTRIBUTING in docs/index.rst. (#260)
- Fix a typo in credentials.py. (#256)
- Use pytest instead of py.test per upstream recommendation, #dropthedot. (#255)
- Fix typo on exemple of jwt usage (#245)
- Added a check for the cryptography version before attempting to use it. (#243)
- Added
cryptography
-based RSA signer and verifier. (#185) - Added
google.oauth2.service_account.IDTokenCredentials
. (#234) - Improved documentation around ID Tokens (#224)
- Added
google.oauth2.credentials.Credentials.from_authorized_user_file
(#226) - Dropped direct pyasn1 dependency in favor of letting
pyasn1-modules
specify the right version. (#230) default()
now checks for the project ID environment var before warning about missing project ID. (#227)- Fixed the docstrings for
has_scopes()
andwith_scopes()
. (#228) - Fixed example in docstring for
ReadOnlyScoped
. (#219) - Made
transport.requests
use timeouts and retries to improve reliability. (#220)
- Excluded compiled Python files in source distributions. (#215)
- Updated docs for creating RSASigner from string. (#213)
- Use
six.raise_from
wherever possible. (#212) - Fixed a typo in a comment
seconds
notsections
. (#210)
- Added
google.auth.credentials.AnonymousCredentials
. (#206) - Updated the documentation to link to the Google Cloud Platform Python setup guide (#204)
google.oauth.credentials.Credentials
now correctly inherits fromReadOnlyScoped
instead ofScoped
. (#200)
- Added
service_account.Credentials.project_id
. (#187) - Move read-only methods of
credentials.Scoped
into new interfacecredentials.ReadOnlyScoped
. (#195, #196) - Make
compute_engine.Credentials
derive fromReadOnlyScoped
instead ofScoped
. (#195) - Fix App Engine's expiration calculation (#197)
- Split
crypt
module into a package to allow alternative implementations. (#189) - Add error message to handle case of empty string or missing file for
GOOGLE_APPLICATION_CREDENTIALS
(#188)
- Fixed a bug where the Cloud SDK executable could not be found on Windows, leading to project ID detection failing. (#179)
- Fixed a bug where the timeout argument wasn't being passed through the httplib transport correctly. (#175)
- Added documentation for using the library on Google App Engine standard. (#172)
- Testing style updates. (#168)
- Added documentation around the oauth2client deprecation. (#165)
- Fixed a few lint issues caught by newer versions of pylint. (#166)
- Fixed a bug in the clock skew accommodation logic where expired credentials could be used for up to 5 minutes. (#158)
Milestone release for v1.0.0. No significant changes since v0.10.0
- Added
jwt.OnDemandCredentials
. (#142) - Added new public property
id_token
tooauth2.credentials.Credentials
. (#150) - Added the ability to set the address used to communicate with the Compute Engine metadata server via the
GCE_METADATA_ROOT
andGCE_METADATA_IP
environment variables. (#148) - Changed the way cloud project IDs are ascertained from the Google Cloud SDK. (#147)
- Modified expiration logic to add a 5 minute clock skew accommodation. (#145)
- Added
service_account.Credentials.with_claims
. (#140) - Moved
google.auth.oauthlib
andgoogle.auth.flow
to a new separate packagegoogle_auth_oauthlib
. (#137, #139, #135, #126) - Added
InstalledAppFlow
togoogle_auth_oauthlib
. (#128) - Fixed some packaging and documentation issues. (#131)
- Added a helpful error message when importing optional dependencies. (#125)
- Made all properties required to reconstruct
google.oauth2.credentials.Credentials
public. (#124) - Added official Python 3.6 support. (#102)
- Added
jwt.Credentials.from_signing_credentials
and removedservice_account.Credentials.to_jwt_credentials
. (#120)
- Removed one-time token behavior from
jwt.Credentials
, audience claim is now required and fixed. (#117) crypt.Signer
andcrypt.Verifier
are now abstract base classes. The concrete implementations have been renamed tocrypt.RSASigner
andcrypt.RSAVerifier
.app_engine.Signer
andiam.Signer
now inherit fromcrypt.Signer
. (#115)transport.grpc
now correctly callsCredentials.before_request
. (#116)
- Added
google.auth.iam.Signer
. (#108) - Fixed issue where
google.auth.app_engine.Signer
erroneously returns a tuple fromsign()
. (#109) - Added public property
google.auth.credentials.Signing.signer
. (#110)
- Added experimental integration with
requests-oauthlib
ingoogle.oauth2.oauthlib
andgoogle.oauth2.flow
. (#100, #105, #106) - Fixed typo in
google_auth_httplib2
's README. (#105)
- Added
app_engine.Signer
. (#97) - Added
crypt.Signer.from_service_account_file
. (#95) - Fixed error handling in the oauth2 client. (#96)
- Fixed the App Engine system tests.
transports.grpc.secure_authorized_channel
now passeskwargs
togrpc.secure_channel
. (#90)- Added new property
credentials.Singing.signer_email
which can be used to identify the signer of a message. (#89) - (google_auth_httplib2) Added a proxy to
httplib2.Http.connections
.
- Fixed an issue where an
ImportError
would occur ifgoogle.oauth2
was imported beforegoogle.auth
. (#88)
- Fixed a bug where non-padded base64 encoded strings were not accepted. (#87)
- Fixed a bug where ID token verification did not correctly call the HTTP request function. (#87)
- Added Google ID token verification helpers. (#82)
- Swapped the
target
andrequest
argument order forgrpc.secure_authorized_channel
. (#81) - Added a user's guide. (#79)
- Made
service_account_email
a public property on several credential classes. (#76) - Added a
scope
argument togoogle.auth.default
. (#75) - Added support for the
GCLOUD_PROJECT
environment variable. (#73)
- Added gRPC support. (#67)
- Added Requests support. (#66)
- Added
google.auth.credentials.with_scopes_if_required
helper. (#65) - Added private helper for oauth2client migration. (#70)
First release with core functionality available. This version is ready for initial usage and testing.
- Added
google.auth.credentials
, public interfaces for Credential types. (#8) - Added
google.oauth2.credentials
, credentials that use OAuth 2.0 access and refresh tokens (#24) - Added
google.oauth2.service_account
, credentials that use Service Account private keys to obtain OAuth 2.0 access tokens. (#25) - Added
google.auth.compute_engine
, credentials that use the Compute Engine metadata service to obtain OAuth 2.0 access tokens. (#22) - Added
google.auth.jwt.Credentials
, credentials that use a JWT as a bearer token. - Added
google.auth.app_engine
, credentials that use the Google App Engine App Identity service to obtain OAuth 2.0 access tokens. (#46) - Added
google.auth.default()
, an implementation of Google Application Default Credentials that supports automatic Project ID detection. (#32) - Added system tests for all credential types. (#51, #54, #56, #58, #59, #60, #61, #62)
- Added
google.auth.transports.urllib3.AuthorizedHttp
, an HTTP client that includes authentication provided by credentials. (#19) - Documentation style and formatting updates.
Initial release with foundational functionality for cryptography and JWTs.
google.auth.crypt
for creating and verifying cryptographic signatures.google.auth.jwt
for creating (encoding) and verifying (decoding) JSON Web tokens.