MSAL Python 1.20.0

New feature:

If your app uses MSAL's acquire_token_interactive(), you can now opt in to use broker on Windows platform to achieve Single-Sign-On (SSO) and also obtain more secure tokens, all without switching the log-in experience to a browser. See details in this online doc, and try it out from this sample. (#451, #415)

For example, after utilizing this new feature, a command-line (CLI) app's login experience would look like this:

Known issue:

The following issues were discovered after this version's release: #563

MSAL Python 1.19.0

• New feature: A new ClientApplication(..., instance_discovery=False) parameter to turn off MSAL's Instance Discovery behavior. See more details in its full documentation. Also, ADFS authority will no longer trigger Instance Discovery. (#496)
• Enhancement: Use provided authority port when building the tenant discovery endpoint (#484)
• Bugfix: Fix a regression in regional endpoint which affects MSAL Python 1.14+ (#485)
• Enhancement: Tolerate home_account_id to be None

MSAL Python 1.20.0b1

New feature:

If your app uses MSAL's acquire_token_interactive(), you can now opt in to use broker on Windows platform to achieve Single-Sign-On (SSO) and also obtain more secure tokens, all without switching the log-in experience to a browser. See details in this online doc, and try it out from this sample. (#451, #415)

For example, after utilizing this new feature, a command-line (CLI) app's login experience would look like this:

MSAL Python 1.18.0

(The MSAL Python 1.18.0b1 has been stable in last 2 weeks, and we are now shipping it as 1.18.0)

• New feature: Optional initiate_auth_code_flow(..., response_mode="form_post") to allow the auth code being delivered to your app by form post, which is considered even more secure. (#396, #469)
• New feature: acquire_token_interactive(..., prompt="none") can obtain some tokens from within Cloud Shell, without any prompt. (#420)

MSAL Python 1.18.0b1

• New feature: Optional initiate_auth_code_flow(..., response_mode="form_post") to allow the auth code being delivered to your app by form post, which is considered even more secure. (#396, #469)
• New feature: acquire_token_interactive(..., prompt="none") can obtain some tokens from within Cloud Shell, without any prompt. (#420)

MSAL Python 1.17.0

• New: Define some Cloud Instance constants and the usage pattern of using them (#221, #433)
• Enhancement: Lazy-load dependencies so that the start-up and run time will usually be faster. (#423, #454)
• Enhancement: Bubble up token refresh exceptions (#431, #434)
• Enhancement: Documents a simpler http_cache usage pattern (#439)
• Enhancement: Expose authority discovery error for troubleshooting (#443)
• Enhancement: Actionable exception message when local machine time error is detected (#446, #449, #453)
• Enhancement: Actionable exception message when username password flow encounters errors with ADFS (#456, #458)

MSAL Python 1.16.0

• New feature: Introducing a new http_cache parameter, whose documentation is available by searching http_cache (dict) from our API Reference Doc (Implementation #407). If an app utilizes this feature, it will also address #80 & #334.
• Improvement: Prevent concurrent interactive flows listening on same port when running on Windows (#427)
• Improvement: Detecting Region/Regional Endpoint from env var. Also ensure the entire regional endpoint behavior needs to opt in. (#425)

MSAL Python 1.15.0

• New feature: Now both initiate_auth_code_flow() and acquire_token_interactive() accept a new optional parameter max_age which is the allowable elapsed time in seconds since the last time the End-User was actively authenticated. If the elapsed time is greater than this value, Microsoft identity platform will actively re-authenticate the End-User. (#381, #389)
• Improvement: MSAL will now automatically utilize a backup authentication system, to provide better resiliency. (#376, #395, #409)
• Improvement: Previously, acquire_token_interactive() was not able to be aborted by CTRL+C when running on Windows. It is now fixed. (#393, #404)
• Bugfix: The http cache feature shipped in #379 came with an unexpected side effect to slow down the Device Code Flow. Now fixed. (#408, #410)
• Change: Adopting cryptography 35.0.0 (#414)

MSAL Python 1.14.0

UPDATE: There was a bug in this version, being fixed in subsequent 1.15.0. We recommend everyone to upgrade to msal>=1.15.0,<2.

There is no API-level change in this MSAL release. So, all existing apps do not need any code changes. Just upgrade, and your app will gain the following behaviors.

• Behavior Change: By default, MSAL Python will launch Edge browser when running on Linux, when Edge is installed on current desktop. (#388)
• Behavior Change: MSAL Python will use an in-memory http-level cache. This would improve the latency in normal cases, and improve responsiveness for invalid requests and outage. (#159, #379)
• Behavior Change: MSAL Python will no longer use env var REGION_NAME as the Azure region name. (#394, #382)
• Bugfix: MSAL Python will no longer throw exception when your app excludes the profile scope. (#387, #390)

MSAL Python 1.13.0

• New feature: MSAL supports a confidential client being authenticated by a pre-signed assertion. Usage:

  cca = ConfidentialClientApplication(
      ...,
      client_credential={"client_assertion": "...a JWT with claims aud, exp, iss, jti, nbf, and sub..."},
      ...)

  This can be useful for where the signing takes place externally for example using Azure Key Vault (AKV).
  AKV sample included (#161, #271).

• Improvement: Skip unnecessary and repetitive region detection. (#372, #373)