Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-msal for openSUSE:Factory checked in at 2023-02-09 16:22:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-msal (Old) and /work/SRC/openSUSE:Factory/.python-msal.new.4462 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-msal" Thu Feb 9 16:22:26 2023 rev:13 rq:1063879 version:1.21.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-msal/python-msal.changes 2022-10-14 15:43:11.255983353 +0200 +++ /work/SRC/openSUSE:Factory/.python-msal.new.4462/python-msal.changes 2023-02-09 16:22:40.190546936 +0100 @@ -1,0 +2,11 @@ +Wed Feb 8 12:26:12 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaub...@suse.com> + +- Update to version 1.21.0 + + Support getting an ssh certificate via broker (#515) + + Support B2C's usage pattern of using client id as a scope (#505, #530) + + MSAL's token cache helper can now be used to store tokens returned + by App Service's Managed Identity (#519) + + Switch to a new set of regional endpoints (#513) + + Test matrix covers Python 3.11 (#512) + +------------------------------------------------------------------- Old: ---- msal-1.20.0.tar.gz New: ---- msal-1.21.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-msal.spec ++++++ --- /var/tmp/diff_new_pack.krLvGO/_old 2023-02-09 16:22:40.638549244 +0100 +++ /var/tmp/diff_new_pack.krLvGO/_new 2023-02-09 16:22:40.642549265 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-msal # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %define skip_python2 1 %endif Name: python-msal -Version: 1.20.0 +Version: 1.21.0 Release: 0 Summary: Microsoft Authentication Library (MSAL) for Python License: MIT ++++++ msal-1.20.0.tar.gz -> msal-1.21.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.20.0/PKG-INFO new/msal-1.21.0/PKG-INFO --- old/msal-1.20.0/PKG-INFO 2022-10-07 07:22:32.308485300 +0200 +++ new/msal-1.21.0/PKG-INFO 2023-01-31 21:29:59.722866000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: msal -Version: 1.20.0 +Version: 1.21.0 Summary: The Microsoft Authentication Library (MSAL) for Python library enables your app to access the Microsoft Cloud by supporting authentication of users with Microsoft Azure Active Directory accounts (AAD) and Microsoft Accounts (MSA) using industry standard OAuth2 and OpenID Connect. Home-page: https://github.com/AzureAD/microsoft-authentication-library-for-python Author: Microsoft Corporation @@ -18,6 +18,7 @@ Classifier: Programming Language :: Python :: 3.8 Classifier: Programming Language :: Python :: 3.9 Classifier: Programming Language :: Python :: 3.10 +Classifier: Programming Language :: Python :: 3.11 Classifier: License :: OSI Approved :: MIT License Classifier: Operating System :: OS Independent Description-Content-Type: text/markdown diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.20.0/msal/application.py new/msal-1.21.0/msal/application.py --- old/msal-1.20.0/msal/application.py 2022-10-07 07:22:21.000000000 +0200 +++ new/msal-1.21.0/msal/application.py 2023-01-31 21:29:50.000000000 +0100 @@ -25,7 +25,7 @@ # The __init__.py will import this. Not the other way around. -__version__ = "1.20.0" # When releasing, also check and bump our dependencies's versions if needed +__version__ = "1.21.0" # When releasing, also check and bump our dependencies's versions if needed logger = logging.getLogger(__name__) _AUTHORITY_TYPE_CLOUDSHELL = "CLOUDSHELL" @@ -588,18 +588,9 @@ raise ValueError( "API does not accept {} value as user-provided scopes".format( reserved_scope)) - if self.client_id in scope_set: - if len(scope_set) > 1: - # We make developers pass their client id, so that they can express - # the intent that they want the token for themselves (their own - # app). - # If we do not restrict them to passing only client id then they - # could write code where they expect an id token but end up getting - # access_token. - raise ValueError("Client Id can only be provided as a single scope") - decorated = set(reserved_scope) # Make a writable copy - else: - decorated = scope_set | reserved_scope + + # client_id can also be used as a scope in B2C + decorated = scope_set | reserved_scope decorated -= self._exclude_scopes return list(decorated) @@ -622,7 +613,7 @@ else self._region_configured) # It will retain the None i.e. opted out logger.debug('Region to be used: {}'.format(repr(region_to_use))) if region_to_use: - regional_host = ("{}.r.login.microsoftonline.com".format(region_to_use) + regional_host = ("{}.login.microsoft.com".format(region_to_use) if central_authority.instance in ( # The list came from point 3 of the algorithm section in this internal doc # https://identitydivision.visualstudio.com/DevEx/_git/AuthLibrariesApiReview?path=/PinAuthToRegion/AAD%20SDK%20Proposal%20to%20Pin%20Auth%20to%20region.md&anchor=algorithm&_a=preview @@ -1375,7 +1366,7 @@ if account and account.get("authority_type") == _AUTHORITY_TYPE_CLOUDSHELL: return self._acquire_token_by_cloud_shell(scopes, data=data) - if self._enable_broker and account is not None and data.get("token_type") != "ssh-cert": + if self._enable_broker and account is not None: from .broker import _acquire_token_silently response = _acquire_token_silently( "https://{}/{}".format(self.authority.instance, self.authority.tenant), @@ -1799,7 +1790,7 @@ return self._acquire_token_by_cloud_shell(scopes, data=data) claims = _merge_claims_challenge_and_capabilities( self._client_capabilities, claims_challenge) - if self._enable_broker and data.get("token_type") != "ssh-cert": + if self._enable_broker: if parent_window_handle is None: raise ValueError( "parent_window_handle is required when you opted into using broker. " diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.20.0/msal/token_cache.py new/msal-1.21.0/msal/token_cache.py --- old/msal-1.20.0/msal/token_cache.py 2022-10-07 07:22:21.000000000 +0200 +++ new/msal-1.21.0/msal/token_cache.py 2023-01-31 21:29:50.000000000 +0100 @@ -164,8 +164,11 @@ now = int(time.time() if now is None else now) if access_token: + default_expires_in = ( # https://www.rfc-editor.org/rfc/rfc6749#section-5.1 + int(response.get("expires_on")) - now # Some Managed Identity emits this + ) if response.get("expires_on") else 600 expires_in = int( # AADv1-like endpoint returns a string - response.get("expires_in", 3599)) + response.get("expires_in", default_expires_in)) ext_expires_in = int( # AADv1-like endpoint returns a string response.get("ext_expires_in", expires_in)) at = { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.20.0/msal.egg-info/PKG-INFO new/msal-1.21.0/msal.egg-info/PKG-INFO --- old/msal-1.20.0/msal.egg-info/PKG-INFO 2022-10-07 07:22:32.000000000 +0200 +++ new/msal-1.21.0/msal.egg-info/PKG-INFO 2023-01-31 21:29:59.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: msal -Version: 1.20.0 +Version: 1.21.0 Summary: The Microsoft Authentication Library (MSAL) for Python library enables your app to access the Microsoft Cloud by supporting authentication of users with Microsoft Azure Active Directory accounts (AAD) and Microsoft Accounts (MSA) using industry standard OAuth2 and OpenID Connect. Home-page: https://github.com/AzureAD/microsoft-authentication-library-for-python Author: Microsoft Corporation @@ -18,6 +18,7 @@ Classifier: Programming Language :: Python :: 3.8 Classifier: Programming Language :: Python :: 3.9 Classifier: Programming Language :: Python :: 3.10 +Classifier: Programming Language :: Python :: 3.11 Classifier: License :: OSI Approved :: MIT License Classifier: Operating System :: OS Independent Description-Content-Type: text/markdown diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.20.0/msal.egg-info/requires.txt new/msal-1.21.0/msal.egg-info/requires.txt --- old/msal-1.20.0/msal.egg-info/requires.txt 2022-10-07 07:22:32.000000000 +0200 +++ new/msal-1.21.0/msal.egg-info/requires.txt 2023-01-31 21:29:59.000000000 +0100 @@ -8,4 +8,4 @@ [broker] [broker:python_version >= "3.6" and platform_system == "Windows"] -pymsalruntime<0.14,>=0.11.2 +pymsalruntime<0.14,>=0.13.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.20.0/setup.py new/msal-1.21.0/setup.py --- old/msal-1.20.0/setup.py 2022-10-07 07:22:21.000000000 +0200 +++ new/msal-1.21.0/setup.py 2023-01-31 21:29:50.000000000 +0100 @@ -64,6 +64,7 @@ 'Programming Language :: Python :: 3.8', 'Programming Language :: Python :: 3.9', 'Programming Language :: Python :: 3.10', + 'Programming Language :: Python :: 3.11', 'License :: OSI Approved :: MIT License', 'Operating System :: OS Independent', ], @@ -91,7 +92,9 @@ # The broker is defined as optional dependency, # so that downstream apps can opt in. The opt-in is needed, partially because # most existing MSAL Python apps do not have the redirect_uri needed by broker. - "pymsalruntime>=0.11.2,<0.14;python_version>='3.6' and platform_system=='Windows'", + # MSAL Python uses a subset of API from PyMsalRuntime 0.11.2+, + # but we still bump the lower bound to 0.13.2+ for its important bugfix (https://github.com/AzureAD/microsoft-authentication-library-for-cpp/pull/3244) + "pymsalruntime>=0.13.2,<0.14;python_version>='3.6' and platform_system=='Windows'", ], }, )
