Releases: Colin-b/httpx_auth
Releases · Colin-b/httpx_auth
0.23.1 (2025-01-07)
0.23.0 (2025-01-07)
Fixed
- Bearer tokens with nested JSON string are now properly handled. Thanks to
Patrick Rodrigues
. - Client credentials auth instances will now use credentials (client_id and client_secret) as well to distinguish tokens. This was an issue when the only parameters changing were the credentials.
Changed
- Requires
httpx
==0.28.* - Exceptions issued by
httpx_auth
are now inheriting fromhttpx_auth.HttpxAuthException
, itself inheriting fromhttpx.HTTPError
, instead ofException
.
Added
- Explicit support for python
3.13
.
0.22.0 (2024-03-02)
Changed
- Requires
httpx
==0.27.* httpx_auth.JsonTokenFileCache
andhttpx_auth.TokenMemoryCache
get_token
method does not handle kwargs anymore, theon_missing_token
callable does not expect any arguments anymore.
0.21.0 (2024-02-19)
Added
- Publicly expose
httpx_auth.SupportMultiAuth
, allowing multiple authentication support for everyhttpx
authentication class that exists. - Publicly expose
httpx_auth.TokenMemoryCache
, allowing to create custom Oauth2 token cache based on this default implementation. - You can now provide your own HTML success (
success_html
) and failure (failure_html
) display via the newOAuth2.display
shared setting. Refer to documentation for more details. - Support for refresh tokens in the Resource Owner Password Credentials flow.
- Support for refresh tokens in the Authorization code (with and without PKCE) flow.
- Thanks to the new
redirect_uri_domain
parameter on Authorization code (with and without PKCE) and Implicit flows, you can now provide the FQDN to use in theredirect_uri
whenlocalhost
(the default) is not allowed.
Changed
- Except for
httpx_auth.testing
, only direct access viahttpx_auth.
was considered publicly exposed. This is now explicit, as inner packages are now using private prefix (_
).
If you were relying on some classes or functions that are now internal, feel free to open an issue. - Browser display settings have been moved to a shared setting, see documentation for more information on
httpx_auth.OAuth2.display
.
The failure page will be displayed for 10 seconds by default instead of 5 seconds previously.
As a result the following classes no longer exposesuccess_display_time
andfailure_display_time
parameters.httpx_auth.OAuth2AuthorizationCode
.httpx_auth.OktaAuthorizationCode
.httpx_auth.WakaTimeAuthorizationCode
.httpx_auth.OAuth2AuthorizationCodePKCE
.httpx_auth.OktaAuthorizationCodePKCE
.httpx_auth.OAuth2Implicit
.httpx_auth.AzureActiveDirectoryImplicit
.httpx_auth.AzureActiveDirectoryImplicitIdToken
.httpx_auth.OktaImplicit
.httpx_auth.OktaImplicitIdToken
.
- The authentication success and failure displayed in the browser were revamped to be more user-friendly.
httpx_auth.testing
was modified to accommodate this change:tab.assert_success
expected_message
parameter was removed.tab.assert_failure
expected_message
parameter should not be prefixed withUnable to properly perform authentication:
anymore and\n
in the message should be replaced with<br>
.
httpx_auth.JsonTokenFileCache
does not exposetokens_path
orlast_save_time
attributes anymore and is also allowingpathlib.Path
instances as cache location.httpx_auth.TokenMemoryCache
does not exposeforbid_concurrent_cache_access
orforbid_concurrent_missing_token_function_call
attributes anymore.httpx_auth.JsonTokenFileCache
andhttpx_auth.TokenMemoryCache
get_token
method now handles a new optional parameter namedon_expired_token
.
Fixed
httpx_auth.OktaClientCredentials
scope
parameter is now mandatory and does not default toopenid
anymore.httpx_auth.OktaClientCredentials
will now display a more user-friendly error message in case Okta instance is not provided.- Tokens cache
DEBUG
logs will not display tokens anymore.
0.20.0 (2024-02-12)
Fixed
- Remove deprecation warnings due to usage of
utcnow
andutcfromtimestamp
. Thanks toRaphael Krupinski
. httpx_auth.AWS4Auth.default_include_headers
value kept growing in size every time a newhttpx_auth.AWS4Auth
instance was created withsecurity_token
parameter provided. Thanks toMiikka Koskinen
.httpx_auth.AWS4Auth
is now based almost entirely on AWS documentation, diverging from the original implementation based onrequests-aws4auth
and solving implementation issues in the process.- As the AWS documentation might be wrong or not exhaustive enough, feel free to open issues, should you encounter edge cases.
Changed
httpx_auth.AWS4Auth.default_include_headers
is not available anymore, usehttpx_auth.AWS4Auth
include_headers
parameter instead to include additional headers if the default does not fit your need (refer to documentation for an exhaustive list).httpx_auth.AWS4Auth
include_headers
values will not be stripped anymore, meaning that you can now include headers prefixed and/or suffixed with blank spaces.httpx_auth.AWS4Auth
does not includesdate
header by default anymore. You will have to provide it viainclude_headers
yourself if you need to.- Note that it should not be required as
httpx_auth.AWS4Auth
is sendingx-amz-date
by default and AWS documentation states that the request date can be specified by using either the HTTPDate
or thex-amz-date
header. If both headers are present,x-amz-date
takes precedence.
- Note that it should not be required as
httpx_auth.AWS4Auth
include_headers
does not needs to includehost
,content-type
orx-amz-*
anymore as those headers will always be included. It is now expected to be provided as a list of additional headers.httpx_auth.AWS4Auth
will not modify the headers values spaces when computing the canonical headers, only trim leading and trailing whitespaces as per AWS documentation.
0.19.0 (2024-01-09)
Added
- Explicit support for Python 3.12
Changed
- Requires
httpx
==0.26.*- Note that this changes the signature sent via AWS auth for URLs containing %. Feel free to open an issue if this is one.
0.18.0 (2023-09-11)
0.17.0 (2023-04-26)
Changed
httpx_auth.OAuth2ResourceOwnerPasswordCredentials
does not send basic authentication by default.
Added
client_auth
as a parameter ofhttpx_auth.OAuth2ResourceOwnerPasswordCredentials
. Allowing to provide any kind of optional authentication.httpx_auth.OktaResourceOwnerPasswordCredentials
providing Okta resource owner password credentials flow easy setup.
0.16.0 (2023-04-25)
Changed
- Requires
httpx
==0.24.*
Fixed
- Handle
text/html; charset=utf-8
content-type in token responses. Thanks toMarcelo Trylesinski
.
Added
httpx_auth.WakaTimeAuthorizationCode
handling access to the WakaTime API.
Removed
- Python 3.7 is no longer supported.
0.15.0 (2022-06-01)
Changed
- Requires
httpx
==0.23.*