Skip to content
This repository has been archived by the owner on Jul 11, 2024. It is now read-only.

chore(deps): bump httpx-auth from 0.19.0 to 0.21.0 #10

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

chore(deps): bump httpx-auth from 0.19.0 to 0.21.0 #10

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Feb 19, 2024

Bumps httpx-auth from 0.19.0 to 0.21.0.

Release notes

Sourced from httpx-auth's releases.

0.21.0 (2024-02-19)

Added

  • Publicly expose httpx_auth.SupportMultiAuth, allowing multiple authentication support for every httpx authentication class that exists.
  • Publicly expose httpx_auth.TokenMemoryCache, allowing to create custom Oauth2 token cache based on this default implementation.
  • You can now provide your own HTML success (success_html) and failure (failure_html) display via the new OAuth2.display shared setting. Refer to documentation for more details.
  • Support for refresh tokens in the Resource Owner Password Credentials flow.
  • Support for refresh tokens in the Authorization code (with and without PKCE) flow.
  • Thanks to the new redirect_uri_domain parameter on Authorization code (with and without PKCE) and Implicit flows, you can now provide the FQDN to use in the redirect_uri when localhost (the default) is not allowed.

Changed

  • Except for httpx_auth.testing, only direct access via httpx_auth. was considered publicly exposed. This is now explicit, as inner packages are now using private prefix (_). If you were relying on some classes or functions that are now internal, feel free to open an issue.
  • Browser display settings have been moved to a shared setting, see documentation for more information on httpx_auth.OAuth2.display. The failure page will be displayed for 10 seconds by default instead of 5 seconds previously. As a result the following classes no longer expose success_display_time and failure_display_time parameters.
    • httpx_auth.OAuth2AuthorizationCode.
    • httpx_auth.OktaAuthorizationCode.
    • httpx_auth.WakaTimeAuthorizationCode.
    • httpx_auth.OAuth2AuthorizationCodePKCE.
    • httpx_auth.OktaAuthorizationCodePKCE.
    • httpx_auth.OAuth2Implicit.
    • httpx_auth.AzureActiveDirectoryImplicit.
    • httpx_auth.AzureActiveDirectoryImplicitIdToken.
    • httpx_auth.OktaImplicit.
    • httpx_auth.OktaImplicitIdToken.
  • The authentication success and failure displayed in the browser were revamped to be more user-friendly. httpx_auth.testing was modified to accommodate this change:
    • tab.assert_success expected_message parameter was removed.
    • tab.assert_failure expected_message parameter should not be prefixed with Unable to properly perform authentication: anymore and \n in the message should be replaced with <br>.
  • httpx_auth.JsonTokenFileCache does not expose tokens_path or last_save_time attributes anymore and is also allowing pathlib.Path instances as cache location.
  • httpx_auth.TokenMemoryCache does not expose forbid_concurrent_cache_access or forbid_concurrent_missing_token_function_call attributes anymore.
  • httpx_auth.JsonTokenFileCache and httpx_auth.TokenMemoryCache get_token method now handles a new optional parameter named on_expired_token.

Fixed

  • httpx_auth.OktaClientCredentials scope parameter is now mandatory and does not default to openid anymore.
  • httpx_auth.OktaClientCredentials will now display a more user-friendly error message in case Okta instance is not provided.
  • Tokens cache DEBUG logs will not display tokens anymore.

0.20.0 (2024-02-12)

Fixed

  • Remove deprecation warnings due to usage of utcnow and utcfromtimestamp. Thanks to Raphael Krupinski.
  • httpx_auth.AWS4Auth.default_include_headers value kept growing in size every time a new httpx_auth.AWS4Auth instance was created with security_token parameter provided. Thanks to Miikka Koskinen.
  • httpx_auth.AWS4Auth is now based almost entirely on AWS documentation, diverging from the original implementation based on requests-aws4auth and solving implementation issues in the process.
    • As the AWS documentation might be wrong or not exhaustive enough, feel free to open issues, should you encounter edge cases.

Changed

  • httpx_auth.AWS4Auth.default_include_headers is not available anymore, use httpx_auth.AWS4Auth include_headers parameter instead to include additional headers if the default does not fit your need (refer to documentation for an exhaustive list).
  • httpx_auth.AWS4Auth include_headers values will not be stripped anymore, meaning that you can now include headers prefixed and/or suffixed with blank spaces.
  • httpx_auth.AWS4Auth does not includes date header by default anymore. You will have to provide it via include_headers yourself if you need to.
    • Note that it should not be required as httpx_auth.AWS4Auth is sending x-amz-date by default and AWS documentation states that the request date can be specified by using either the HTTP Date or the x-amz-date header. If both headers are present, x-amz-date takes precedence.
  • httpx_auth.AWS4Auth include_headers does not needs to include host, content-type or x-amz-* anymore as those headers will always be included. It is now expected to be provided as a list of additional headers.

... (truncated)

Changelog

Sourced from httpx-auth's changelog.

[0.21.0] - 2024-02-19

Added

  • Publicly expose httpx_auth.SupportMultiAuth, allowing multiple authentication support for every httpx authentication class that exists.
  • Publicly expose httpx_auth.TokenMemoryCache, allowing to create custom Oauth2 token cache based on this default implementation.
  • You can now provide your own HTML success (success_html) and failure (failure_html) display via the new OAuth2.display shared setting. Refer to documentation for more details.
  • Support for refresh tokens in the Resource Owner Password Credentials flow.
  • Support for refresh tokens in the Authorization code (with and without PKCE) flow.
  • Thanks to the new redirect_uri_domain parameter on Authorization code (with and without PKCE) and Implicit flows, you can now provide the FQDN to use in the redirect_uri when localhost (the default) is not allowed.

Changed

  • Except for httpx_auth.testing, only direct access via httpx_auth. was considered publicly exposed. This is now explicit, as inner packages are now using private prefix (_). If you were relying on some classes or functions that are now internal, feel free to open an issue.
  • Browser display settings have been moved to a shared setting, see documentation for more information on httpx_auth.OAuth2.display. The failure page will be displayed for 10 seconds by default instead of 5 seconds previously. As a result the following classes no longer expose success_display_time and failure_display_time parameters.
    • httpx_auth.OAuth2AuthorizationCode.
    • httpx_auth.OktaAuthorizationCode.
    • httpx_auth.WakaTimeAuthorizationCode.
    • httpx_auth.OAuth2AuthorizationCodePKCE.
    • httpx_auth.OktaAuthorizationCodePKCE.
    • httpx_auth.OAuth2Implicit.
    • httpx_auth.AzureActiveDirectoryImplicit.
    • httpx_auth.AzureActiveDirectoryImplicitIdToken.
    • httpx_auth.OktaImplicit.
    • httpx_auth.OktaImplicitIdToken.
  • The authentication success and failure displayed in the browser were revamped to be more user-friendly. httpx_auth.testing was modified to accommodate this change:
    • tab.assert_success expected_message parameter was removed.
    • tab.assert_failure expected_message parameter should not be prefixed with Unable to properly perform authentication: anymore and \n in the message should be replaced with <br>.
  • httpx_auth.JsonTokenFileCache does not expose tokens_path or last_save_time attributes anymore and is also allowing pathlib.Path instances as cache location.
  • httpx_auth.TokenMemoryCache does not expose forbid_concurrent_cache_access or forbid_concurrent_missing_token_function_call attributes anymore.
  • httpx_auth.JsonTokenFileCache and httpx_auth.TokenMemoryCache get_token method now handles a new optional parameter named on_expired_token.

Fixed

  • httpx_auth.OktaClientCredentials scope parameter is now mandatory and does not default to openid anymore.
  • httpx_auth.OktaClientCredentials will now display a more user-friendly error message in case Okta instance is not provided.
  • Tokens cache DEBUG logs will not display tokens anymore.

[0.20.0] - 2024-02-12

Fixed

  • Remove deprecation warnings due to usage of utcnow and utcfromtimestamp. Thanks to Raphael Krupinski.
  • httpx_auth.AWS4Auth.default_include_headers value kept growing in size every time a new httpx_auth.AWS4Auth instance was created with security_token parameter provided. Thanks to Miikka Koskinen.
  • httpx_auth.AWS4Auth is now based almost entirely on AWS documentation, diverging from the original implementation based on requests-aws4auth and solving implementation issues in the process.
    • As the AWS documentation might be wrong or not exhaustive enough, feel free to open issues, should you encounter edge cases.

Changed

  • httpx_auth.AWS4Auth.default_include_headers is not available anymore, use httpx_auth.AWS4Auth include_headers parameter instead to include additional headers if the default does not fit your need (refer to documentation for an exhaustive list).
  • httpx_auth.AWS4Auth include_headers values will not be stripped anymore, meaning that you can now include headers prefixed and/or suffixed with blank spaces.
  • httpx_auth.AWS4Auth does not includes date header by default anymore. You will have to provide it via include_headers yourself if you need to.
    • Note that it should not be required as httpx_auth.AWS4Auth is sending x-amz-date by default and AWS documentation states that the request date can be specified by using either the HTTP Date or the x-amz-date header. If both headers are present, x-amz-date takes precedence.
  • httpx_auth.AWS4Auth include_headers does not needs to include host, content-type or x-amz-* anymore as those headers will always be included. It is now expected to be provided as a list of additional headers.

... (truncated)

Commits
  • 22ff327 Merge pull request #83 from Colin-b/develop
  • 0bd9b23 Merge pull request #82 from Colin-b/bugfix/fqdn
  • beada40 Keep the number of tests up to date
  • 7cd4091 Release 0.21.0 today
  • d69be88 Allow to provide a custom FQDN for redirect
  • 3ff5c3a Allow to provide a custom FQDN for redirect
  • fc71015 Split browser specifics into their own file
  • f6a8313 Add refresh token support
  • 09dc0d0 Keep number of test cases up to date
  • b038011 Drop python 3.13 until time-machine supports it
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump httpx-auth from 0.19.0 to 0.21.0
636e213 
Bumps [httpx-auth](https://github.com/Colin-b/httpx_auth) from 0.19.0 to 0.21.0.
- [Release notes](https://github.com/Colin-b/httpx_auth/releases)
- [Changelog](https://github.com/Colin-b/httpx_auth/blob/develop/CHANGELOG.md)
- [Commits](Colin-b/httpx_auth@v0.19.0...v0.21.0)

---
updated-dependencies:
- dependency-name: httpx-auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 19, 2024
@dependabot dependabot bot mentioned this pull request Feb 19, 2024
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@alexandreteles alexandreteles

Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@alexandreteles