Changelog

PyPI History

2.48.0 (2026-01-22)

Features

Bug Fixes

2.47.0 (2026-01-06)

Features

Bug Fixes

2.46.0 (2026-01-05)

Documentation

Features

Bug Fixes

2.45.0 (2025-12-15)

Features

2.44.0 (2025-12-13)

Features

Bug Fixes

2.43.0 (2025-11-05)

Features

  • Add public wrapper for _mtls_helper.check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected (#1859) Add public wrapper for check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected. Also, fix check_use_client_cert to return boolean value. Change #1848 added the check_use_client_cert method that helps know if client cert should be used for mTLS connection. However, that was in a private class, thus, created a public wrapper of the same function so that it can be used by python Client Libraries. Also, updated check_use_client_cert to return a boolean value instead of existing string value for better readability and future scope. --------- (1535eccbff0ad8f3fd6a9775316ac8b77dca66ba)
  • Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if the MWID/X.509 cert sources detected (#1848) The Python SDK will use a hybrid approach for mTLS enablement:
  • If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is set (either true or false), the SDK will respect that setting. This is necessary for test scenarios and users who need to explicitly control mTLS behavior.
  • If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not set, the SDK will automatically enable mTLS only if it detects Managed Workload Identity (MWID) or X.509 Workforce Identity Federation (WIF) certificate sources. In other cases where the variable is not set, mTLS will remain disabled. ** This change also adds the helper method check_use_client_cert and it's unit test, which will be used for checking the criteria for setting the mTLS to true ** This change is only for Auth-Library, other changes will be created for Client-Library use-cases. --------- (395e405b64b56ddb82ee639958c2e8056ad2e82b)

2.42.1 (2025-10-30)

Bug Fixes

2.42.0 (2025-10-24)

Features

  • Add trust boundary support for external accounts. (#1809) (36ecb1d)

Bug Fixes

  • Read scopes from ADC json for impersoanted cred (#1820) (62c0fc8)

2.41.1 (2025-09-30)

Bug Fixes

2.41.0 (2025-09-29)

Features

  • Add support for cachetools 6.0 (#1773) (af18060)
  • Add trust boundary support for service accounts and impersonation. (#1778) (99be2ce)

Bug Fixes

Documentation

  • Update user guide to include x509 feature. (#1802) (2d89ab4)

2.40.3 (2025-06-04)

Bug Fixes

2.40.2 (2025-05-21)

Bug Fixes

  • Remove sync response logs in AuthorizedSession (97ed1c8)
  • Update test to consider new error message from cryptography (#1765) (44e38b6)

2.40.1 (2025-05-06)

Bug Fixes

  • Disable logging response body for async logs (#1756) (2f0ddfe)

2.40.0 (2025-04-29)

Features

Bug Fixes

  • Correct webauthn JSON parsing to be compliant with standard. (#1658) (0c5ef36)

2.39.0 (2025-04-14)

Features

  • Adds GA support for X.509 workload identity federation (#1695) (7495960)

Bug Fixes

  • Add impersonated SA via local ADC support for fetch_id_token (#1740) (f249764)
  • Add missing packaging dependency for feature requiring urllib3 (#1732) (221f4a8)
  • Add request timeout for MDS requests (#1699) (9f7d3fa)
  • Explicitly declare support for Python 3.13 (#1741) (6fd04d5)

2.38.0 (2025-01-23)

Features

  • Adding domain-wide delegation flow in impersonated credential (#1624) (34ee3fe)

Documentation

  • Add warnings regarding consuming externally sourced credentials (d049370)

2.37.0 (2024-12-11)

Features

  • Allow users to use jwk keys for verifying ID token (#1641) (98c3ed9)

2.36.1 (2024-11-08)

Bug Fixes

  • Improve user guide for Impersonation and SA (#1627) (656307d)

2.36.0 (2024-10-30)

Features

  • IAM signblob retries (#1600) (484c8db)
  • Making iam endpoint universe-aware (#1604) (16c728d)
  • Support External Account Authorized User as a Source Credential for impersonated credentials in ADC (#1608) (875796c)

Bug Fixes

2.35.0 (2024-09-17)

Features

Bug Fixes

  • Remove token_info call from token refresh path (#1595) (afb9e5a)

2.34.0 (2024-08-13)

Features

  • auth: Update get_client_ssl_credentials to support X.509 workload certs (#1558) (18c2ec1)

Bug Fixes

  • Retry token request on retryable status code (#1563) (f858a15)

2.33.0 (2024-08-06)

Features

  • Implement async StaticCredentials using access tokens (#1559) (dc17dfc)
  • Implement base classes for credentials and request sessions (#1551) (036dac4)

Bug Fixes

  • metadata: Enhance retry logic for metadata server access in _metadata.py (#1545) (61c2432)

Documentation

  • Update argument for Credentials initialization (#1557) (40b9ed9)

2.32.0 (2024-07-08)

Features

  • Adds support for X509 workload credential type (#1541) (1270217)

2.31.0 (2024-06-27)

Features

Bug Fixes

2.30.0 (2024-06-06)

Features

  • Add WebAuthn plugin component to handle WebAuthn get assertion request (#1464) (e25f336)
  • ECP Provider drop cryptography requirement (#1524) (a821d71)
  • Enable webauthn plugin for security keys (#1528) (e2d5e63)

Bug Fixes

  • Fix id_token iam endpoint for non-gdu service credentials (#1506) (93d681e)
  • Makes default token_url universe aware (#1514) (045776e)

2.29.0 (2024-03-18)

Features

  • Adds support for custom suppliers in AWS and Identity Pool credentials (#1496) (3af1768)

Bug Fixes

  • Refactor tech debt in aws and identity pool credentials (#1501) (ce435b0)

2.28.2 (2024-03-08)

Bug Fixes

2.28.1 (2024-02-21)

Bug Fixes

  • Typo when setting the state for the pickle deserializer. (#1479) (08b5cc3)

2.28.0 (2024-02-15)

Features

  • Adding universe domain support for downscroped credentials (#1463) (fa8b7b2)

Bug Fixes

  • Change log level to debug for return_none_for_not_found_error (#1473) (a036b47)
  • Make requests import conditional for gce universe domain (#1476) (9bb64c8)

2.27.0 (2024-01-24)

Features

  • Add optional account association for Authorized User credentials. (#1458) (988153d)

Bug Fixes

  • Allow custom universe domain for gce creds (#1460) (7db5823)
  • Conditionally import requests only if no request was passed by the caller. (#1456) (9cd6742)

2.26.2 (2024-01-11)

Bug Fixes

  • Read universe_domain for external account authorized user (#1450) (1cc7df3)

2.26.1 (2024-01-03)

Bug Fixes

  • Ensure that refresh worker is pickle-able. (#1447) (421c184)

2.26.0 (2023-12-20)

Features

  • Add optional non blocking refresh for sync auth code (a6dc2c3)
  • Add optional non blocking refresh for sync auth code (#1368) (a6dc2c3)

Bug Fixes

  • External account user cred universe domain support (#1437) (75068f9)
  • Guard delete statements. Add default fallback for _use_non_blocking_refresh. (#1445) (776d634)

2.25.2 (2023-12-08)

Bug Fixes

2.25.1 (2023-12-06)

Bug Fixes

2.25.0 (2023-12-04)

Features

  • Add custom tls signer for ECP Provider. (39eb287)
  • Add custom tls signer for ECP Provider. (#1402) (39eb287)

Bug Fixes

  • Add with_universe_domain (#1408) (505910c)
  • Fixes issue where Python37DeprecationWarning cannot be filtered (#1428) (f22f767)
  • Remove broken link in Python37DeprecationWarning (#1430) (e2db602)

2.24.0 (2023-11-29)

Features

Bug Fixes

  • Add missing before request to async oauth2 credentials. (#1420) (8eaa878)
  • Auto create self signed jwt cred (#1418) (6c610a5)
  • Migrate datetime.utcnow for python 3.12 (#1413) (e4d9c27)

Documentation

2.23.4 (2023-10-31)

Bug Fixes

  • Export detect_gce_residency_linux function (#1403) (809da13)

2.23.3 (2023-10-05)

Bug Fixes

2.23.2 (2023-09-28)

Bug Fixes

2.23.1 (2023-09-26)

Bug Fixes

  • Less restrictive content-type header check for google authentication (ignores charset) (#1382) (7039beb)
  • Trust boundary meta header renaming and using the schema from backend team. (#1384) (2503d4a)
  • Update urllib3 to >= 2.0.5 (#1389) (a99f3bb)

2.23.0 (2023-09-11)

Features

  • Add get_bq_config_path() to _cloud_sdk.py (9f52f66)
  • Add get_bq_config_path() to _cloud_sdk.py (#1358) (9f52f66)

Bug Fixes

  • Expose universe domain in credentials (#1380) (8b8fce6)
  • Make external_account resistant to string type ‘expires_in’ responses from non-compliant services (#1379) (01d3770)
  • Missing ssj for impersonate cred (#1377) (7d453dc)
  • Skip checking projectid on cred if env var is set (#1349) (a4135a3)

2.22.0 (2023-07-06)

Features

  • Adding meta header for trust boundary (#1334) (908c8d1)
  • Introduce compatibility with native namespace packages (#1205) (2f75922)

Bug Fixes

2.21.0 (2023-06-26)

Features

Bug Fixes

2.20.0 (2023-06-12)

Features

Bug Fixes

2.19.1 (2023-06-01)

Bug Fixes

  • Check id token error response (#1315) (2a71f7b)
  • Fix “AttributeError: ‘str’ object has no attribute ‘get’” (dac7cc3)

Documentation

  • Replacing abc.com with example.com (dac7cc3)

2.19.0 (2023-05-25)

Features

2.18.1 (2023-05-17)

Bug Fixes

  • Self signed jwt token should be string type (#1294) (17356fd)

2.18.0 (2023-05-10)

Features

2.17.3 (2023-04-12)

Bug Fixes

  • Add useEmailAzp claim for id token iam flow (#1270) (7a9c6f2)

2.17.2 (2023-04-05)

Bug Fixes

  • Do not create new JWT credentials if they make the same claims as the existing. (#1267) (eebb7b6)

2.17.1 (2023-03-30)

Bug Fixes

  • Print out reauth plugin error and raise if challenge output is None (#1265) (08d22fe)

2.17.0 (2023-03-28)

Features

  • Experimental service account iam endpoint flow for id token (#1258) (8ff0de5)

Bug Fixes

2.16.3 (2023-03-24)

Bug Fixes

  • Read both applicationId and relyingPartyId. (#1246) (e125dfe)

2.16.2 (2023-03-02)

Bug Fixes

  • Call gcloud config get project to get project for user cred (#1243) (c078a13)
  • Do not use hardcoded string ‘python’, when you mean sys.executable. (#1233) (91ac8e6)
  • Don't retry if error or error_description is not string (#1241) (e2d263a)
  • Improve ADC related errors and warnings (#1237) (2dfa213)

2.16.1 (2023-02-17)

Bug Fixes

  • Add support for python 3.11 (#1212) (1fc95e3)
  • Remove 3PI config url validation (#1220) (8b95515)
  • Update the docs generator interpreter to unblock documentation build (#1218) (9d36c2f)

2.16.0 (2023-01-09)

Features

  • AwsCredentials should not call metadata server if security creds and region are retrievable through the environment variables (#1195) (5e27c8f)
  • Wrap all python built-in exceptions into library excpetions (#1191) (a83af39)

Bug Fixes

  • Allow get_project_id to take a request (#1203) (9a4d23a)
  • Make OAUTH2.0 client resistant to string type ‘expires_in’ responses from non-compliant services (#1208) (9fc7b1c)

2.15.0 (2022-12-01)

Features

Bug Fixes

  • Allow mtls sts endpoint for external account token urls. (#1185) (c86dd69)
  • CI broken by removal of py.path (#1194) (f719415)
  • Ensure JWT segments have the right types (#1162) (fc843cd)
  • Updated the lower bound of interactive timeout and fix the kwarg… (#1182) (50c0fd2)

2.14.1 (2022-11-07)

Bug Fixes

  • Apply quota project for compute cred in adc (#1177) (b9aa92a)
  • Update minimum required version of cryptography in pyopenssl extra (#1176) (e9e76d1)
  • Validate url domain for aws metadata urls (#1174) (f9d7d77)

2.14.0 (2022-10-31)

Features

  • Add token_info_url to external account credentials (#1168) (9adee75)
  • Read Quota Project from Environment Variable (#1163) (57b3e42)

Bug Fixes

  • Adding more properties to external_account_authorized_user (#1169) (a12b96d)

2.13.0 (2022-10-14)

Features

  • Adds new external account authorized user credentials (#1160) (523f811)
  • Implement pluggable auth interactive mode (#1131) (44a189f)
  • Introduce the functionality to override token_uri in credentials (#1159) (73bc7e9)

Bug Fixes

  • Adding one more pattern to relax the regex check for sts and impersonation url endpoints (#1158) (75326e3)

2.12.0 (2022-09-26)

Features

Bug Fixes

  • Modify RefreshError exception to use gcloud ADC command. (#1149) (059fd35)
  • Revert “Update token refresh threshold from 20 seconds to 5 minutes”. (186464b)

2.11.1 (2022-09-20)

Bug Fixes

  • Fix socket leak in impersonated_credentials (#1123) (b1eb467), closes #1122
  • Make pluggable auth tests work in all environments (#1114) (bb5c979)
  • Skip oauth2client adapter tests if oauth2client is not installed (#1132) (d15092f)
  • Update token refresh threshold from 20 seconds to 5 minutes (#1146) (261a561)

Documentation

2.11.0 (2022-08-18)

Features

  • add integration tests for configurable token lifespan (#1103) (124bae6)

Bug Fixes

2.10.0 (2022-08-05)

Features

  • add integration tests for pluggable auth (#1073) (f8d776a)
  • support for configurable token lifetime (0dc6a9a)
  • support for configurable token lifetime (#1079) (0dc6a9a)

Bug Fixes

2.9.1 (2022-07-12)

Bug Fixes

  • there was a raise missing for throwing exceptions (#1077) (d1f17b0)

2.9.0 (2022-06-28)

Features

2.8.0 (2022-06-14)

Features

2.7.0 (2022-06-07)

Features

Bug Fixes

Reverts

Documentation

2.6.6 (2022-04-21)

Bug Fixes

2.6.5 (2022-04-14)

Bug Fixes

  • add additional missing import in _default.py (#1018) (638331b)

2.6.4 (2022-04-12)

Bug Fixes

2.6.3 (2022-04-06)

Bug Fixes

  • change requests lib import place (#1010) (c753c08)
  • clean up HTTP session and pool during tear down phase (#1007) (d057376)
  • pin click version and update sys test creds (#1008) (ae2804b)

2.6.2 (2022-03-16)

Bug Fixes

  • Rename aws imdsv2 url field and update token lifetime (#982) (818e6d2)

Miscellaneous Chores

2.6.1 (2022-02-09)

Bug Fixes

  • Add AWS session token to metadata requests (#958) (5c7f734)

2.6.0 (2022-01-31)

Features

  • ADC can load an impersonated service account credentials. (#962) (52c8ef9)

Bug Fixes

2.5.0 (2022-01-25)

Features

  • ADC can load an impersonated service account credentials. (#956) (a8eb4c8)

2.4.1 (2022-01-21)

Bug Fixes

2.4.0 (2022-01-20)

Features

Bug Fixes

  • deps: allow cachetools 5.0 for python 3.7+ (#937) (1eae37d)
  • fix the message format for metadata server exception (#916) (e756f08)

Documentation

  • fix intersphinx link for ‘requests-oauthlib’ (#921) (967be4f)
  • note ValueError in verify_oauth2_token (#928) (82bc5f0)

2.3.3 (2021-11-01)

Bug Fixes

2.3.2 (2021-10-26)

Bug Fixes

  • add clock_skew_in_seconds to verify_token functions (#894) (8e95c1e)

2.3.1 (2021-10-21)

Bug Fixes

  • add back python 2.7 for gcloud usage only (#892) (5bd5ccf)

Documentation

2.3.0 (2021-10-07)

Features

Bug Fixes

2.2.1 (2021-09-28)

Bug Fixes

  • disable self signed jwt for domain wide delegation (#873) (0cd15e2)

2.2.0 (2021-09-21)

Features

  • add support for workforce pool credentials (#868) (993bab2)

2.1.0 (2021-09-10)

Features

Bug Fixes

  • add SAML challenge to reauth (#819) (13aed5f)
  • disable warning if quota project id provided to auth.default() (#856) (11ebaeb)
  • rename CLOCK_SKEW and separate client/server user case (#863) (738611b)

2.0.2 (2021-08-25)

Bug Fixes

  • use ‘int.to_bytes’ rather than deprecated crypto wrapper (#848) (b79b554)
  • use int.from_bytes (#846) (466aed9)

2.0.1 (2021-08-17)

Bug Fixes

  • normalize AWS paths correctly on windows (#842) (4e0fb1c)

2.0.0 (2021-08-16)

⚠ BREAKING CHANGES

Features

  • service account is able to use a private token endpoint (#835) (20b817a)

Bug Fixes

Documentation

  • update user guide/references for downscoped creds (#827) (d1840dc)

2.0.0b1 (2021-08-03)

⚠ BREAKING CHANGES

1.34.0 (2021-07-23)

Features

  • support refresh callable on google.oauth2.credentials.Credentials (#812) (ec2fb18)

Bug Fixes

  • do not use the GAE APIs on gen2+ runtimes (#807) (7f7d92d)

1.33.1 (2021-07-20)

Bug Fixes

  • fallback to source creds expiration in downscoped tokens (#805) (dfad661)

Reverts

  • revert “feat: service account is able to use a private token endpoint (#784)” (#808) (d94e65c)

1.33.0 (2021-07-14)

Features

  • define CredentialAccessBoundary classes (#793) (d883921)
  • define google.auth.downscoped.Credentials class (#801) (2f5c3a6)
  • service account is able to use a private token endpoint (#784) (0e26409)

Bug Fixes

  • fix fetch_id_token credential lookup order to match adc (#748) (c34452e)

Documentation

  • fix code block formatting in ‘user-guide.rst’ (#794) (4fd84bd)

1.32.1 (2021-06-30)

Bug Fixes

  • avoid leaking sub-session created for ‘_auth_request’ (#789) (2079ab5)

1.32.0 (2021-06-16)

Features

1.31.0 (2021-06-09)

Features

  • define useful properties on google.auth.external_account.Credentials (#770) (f97499c)

Bug Fixes

1.30.2 (2021-06-03)

Bug Fixes

  • dependencies: add urllib3 and requests to aiohttp extra (#755) (a923442)
  • enforce constraints during unit tests (#760) (1a6496a), closes #759
  • session object was never used in aiohttp request (#700) (#701) (09e0389)

1.30.1 (2021-05-20)

Bug Fixes

  • allow user to customize context aware metadata path in _mtls_helper (#754) (e697687)
  • fix function name in signing error message (#751) (e9ca25f)

1.30.0 (2021-04-23)

Features

  • add reauth support to async user credentials for gcloud (#738) (9e10823). This internal feature is for gcloud developers only.

1.29.0 (2021-04-15)

Features

  • add reauth feature to user credentials for gcloud (#727) (82293fe). This internal feature is for gcloud developers only.

Bug Fixes

  • Allow multiple audiences for id_token.verify_token (#733) (56c3946)

1.28.1 (2021-04-08)

Bug Fixes

  • support custom alg in jwt header for signing (#729) (0a83706)

1.28.0 (2021-03-16)

Features

  • allow the AWS_DEFAULT_REGION environment variable (#721) (199da47)
  • expose library version at google.auth.__version (#683) (a2cbc32)

Bug Fixes

1.27.1 (2021-02-26)

Bug Fixes

1.27.0 (2021-02-16)

Features

Bug Fixes

1.26.1 (2021-02-11)

Documentation

  • fix a typo in the user guide (avaiable -> available) (#680) (684457a)

Bug Fixes

  • revert workload identity federation support (#691)

1.26.0 (2021-02-09)

Features

1.25.0 (2021-02-03)

Features

  • support self-signed jwt in requests and urllib3 transports (#679) (7a94acb)
  • use self-signed jwt for service account (#665) (bf5ce0c)

1.24.0 (2020-12-11)

Features

  • add Python 3.9 support, drop Python 3.5 support (#655) (6de753d), closes #654

Bug Fixes

  • avoid losing the original ‘_include_email’ parameter in impersonated credentials (#626) (fd9b5b1)

Documentation

1.23.0 (2020-10-29)

Features

  • Add custom scopes for access tokens from the metadata service (#633) (0323cf3)

Bug Fixes

1.22.1 (2020-10-05)

Bug Fixes

  • move aiohttp to extra as it is currently internal surface (#619) (a924011), closes #618

1.22.0 (2020-09-28)

Features

1.21.3 (2020-09-22)

Bug Fixes

1.21.2 (2020-09-08)

Bug Fixes

  • migrate signBlob to iamcredentials.googleapis.com (#600) (694d83f)

1.21.1 (2020-09-03)

Bug Fixes

  • dummy commit to trigger a auto release (#597) (d32f7df)

1.21.0 (2020-08-27)

Features

  • add GOOGLE_API_USE_CLIENT_CERTIFICATE support (#592) (c0c995f)

1.20.1 (2020-08-06)

Bug Fixes

  • reduce refresh clock skew to 10 seconds (#581) (42321ba)
  • set Content-Type header in the request to signBlob API to avoid Invalid JSON payload error (#439) (20f82e2)

1.20.0 (2020-07-23)

Features

  • Add debug logging that can help with diagnosing auth lib. path (#473) (ecd88d4)
  • Show the transport exception that happened for GCE Metadata (#474) (23919bb)
  • packaging: add support for Python 3.8 (#569) (1aad54a), closes #568

1.19.2 (2020-07-17)

Bug fixes

  • Revert “fix: migrate signBlob to iamcredentials.googleapis.com” (#563) (a48b5b)

1.19.1 (2020-07-15)

Bug Fixes

1.19.0 (2020-07-09)

Features

  • add quota project to base credentials class (#546) (3dda7b2)
  • check ‘iss’ in verify_oauth2_token (#500) (c05b8b5)

Bug Fixes

  • migrate signBlob to iamcredentials.googleapis.com (#553) (038ae1b)

Documentation

  • remove 3.4 from supported versions list (#549) (8c84d0f)

1.18.0 (2020-06-18)

Features

  • make load_credentials_from_file a public method (#530) (15d5fa9)

Bug Fixes

  • no warning if quota_project_id is given (#537) (f30b45a)

1.17.2 (2020-06-12)

Bug Fixes

1.17.1 (2020-06-11)

Bug Fixes

  • narrow acceptable RSA versions to maintain Python 2 compatability (#528) (9434868)

1.17.0 (2020-06-10)

Features

  • add quota_project_id to service accounts; add with_quota_project methods (#519) (b12488c)

1.16.1 (2020-06-04)

Bug Fixes

  • fix impersonated cred exception doc (#521) (9d5a9a9)
  • replace environment variable GCE_METADATA_ROOT with GCE_METADATA_HOST (#433) (8ffb4d3), closes #339

1.16.0 (2020-05-28)

Features

  • add helper func to for default encrypted cert (#514) (f282aa4)

Bug Fixes

1.15.0 (2020-05-15)

Features

Bug Fixes

1.14.3 (2020-05-11)

Bug Fixes

1.14.2 (2020-05-07)

Bug Fixes

1.14.1 (2020-04-21)

Bug Fixes

1.14.0 (2020-04-13)

Features

1.13.1 (2020-04-01)

Bug Fixes

1.13.0 (2020-04-01)

Features

1.12.0 (2020-03-25)

Features

Bug Fixes

  • don't use threads for gRPC AuthMetadataPlugin (#467) (ee373f8)
  • make ThreadPoolExecutor a class var (#461) (b526473)

1.11.3 (2020-03-13)

Bug Fixes

  • fix the scopes so test can pass for a local run (#450) (b2dd77f)
  • only add IAM scope to credentials that can change scopes (#451) (82e224b)

1.11.2 (2020-02-14)

Reverts

  • Revert “fix: update _GOOGLE_OAUTH2_CERTS_URL (#365)” (#444) (901c259), closes #365 #444

1.11.1 (2020-02-13)

Bug Fixes

  • compute engine id token credentials “with_target_audience” method (#438) (bc0ec93)
  • update _GOOGLE_OAUTH2_CERTS_URL (#365) (054db75)

1.11.0 (2020-01-23)

Features

1.10.2 (2020-01-18)

Bug Fixes

  • make collections import compatible across Python versions (#419) (c5a3395), closes #418

1.10.1 (2020-01-10)

Bug Fixes

  • google.auth.compute_engine.metadata: add retry to google.auth.compute_engine._metadata.get() (#398) (af29c1a), closes #211 #323 #323 #211
  • always pass body of type bytes to google.auth.transport.Request (#421) (a57a770), closes #318

1.10.0 (2019-12-18)

Features

  • send quota project id in x-goog-user-project for OAuth2 credentials (#412) (32d71a5), closes #400

1.9.0 (2019-12-12)

Features

  • add timeout parameter to AuthorizedSession.request() (#406) (d86d7b8)

1.8.2 (2019-12-11)

Bug Fixes

  • revert “feat: send quota project id in x-goog-user-project header for OAuth2 credentials (#400)” (#407) (25ea942)

1.8.1 (2019-12-09)

Bug Fixes

  • revert “feat: add timeout to AuthorizedSession.request() (#397)” (#401) (451ecbd)

1.8.0 (2019-12-09)

Features

  • add to_json method to google.oauth2.credentials.Credentials (#367) (bfb1f8c)
  • add timeout to AuthorizedSession.request() (#397) (381dd40)
  • send quota project id in x-goog-user-project header for OAuth2 credentials (#400) (ab3dc1e)

1.7.2 (2019-12-02)

Bug Fixes

  • in token endpoint request, do not decode the response data if it is not encoded (#393) (3b5d3e2)
  • make gRPC auth plugin non-blocking + add default timeout value for requests transport (#390) (0c33e9c), closes #351

1.7.1 (2019-11-13)

Bug Fixes

  • change ‘internal_failure’ condition to also use `error' field (#387) (46bb58e)

1.7.0

10-30-2019 17:11 PDT

Implementation Changes

  • Add retry loop for fetching authentication token if any ‘Internal Failure’ occurs (#368)
  • Use cls parameter instead of class (#341)

New Features

  • Add support for impersonated_credentials.Sign, IDToken (#348)
  • Add downscoping to OAuth2 credentials (#309)

Dependencies

  • Update dependency cachetools to v3 (#357)
  • Update dependency rsa to v4 (#358)
  • Set an upper bound on dependencies version (#352)
  • Require a minimum version of setuptools (#322)

Documentation

  • Add busunkim96 as maintainer (#373)
  • Update user-guide.rst (#337)
  • Fix typo in jwt docs (#332)
  • Clarify which SA has Token Creator role (#330)

Internal / Testing Changes

  • Change ‘name’ to distribution name (#379)
  • Fix system tests, move to Kokoro (#372)
  • Blacken (#375)
  • Rename nox.py -> noxfile.py (#369)
  • Add initial renovate config (#356)
  • Use new pytest api to keep building with pytest 5 (#353)

1.6.3

02-15-2019 9:31 PST

Implementation Changes

  • follow rfc 7515 : strip padding from JWS segments (#324)
  • Add retry to _metadata.ping() (#323)

1.6.2

12-17-2018 10:51 PST

Documentation

  • Announce deprecation of Python 2.7 (#311)
  • Link all the PRs in CHANGELOG (#307)

1.6.1

11-12-2018 10:10 PST

Implementation Changes

  • Automatically refresh impersonated credentials (#304)

1.6.0

11-09-2018 11:07 PST

New Features

  • Add google.auth.impersonated_credentials (#299)

Documentation

  • Update link to documentation for default credentials (#296)
  • Update github issue templates (#300)
  • Remove punctuation which becomes part of the url (#284)

Internal / Testing Changes

  • Update trampoline.sh (302)
  • Enable static type checking with pytype (#298)
  • Make classifiers in setup.py an array. (#280)

1.5.1

  • Fix check for error text on Python 3.7. (#278)
  • Use new Auth URIs. (#281)
  • Add code-of-conduct document. (#270)
  • Fix some typos in test_urllib3.py (#268)

1.5.0

  • Warn when using user credentials from the Cloud SDK (#266)
  • Add compute engine-based IDTokenCredentials (#236)
  • Corrected some typos (#265)

1.4.2

  • Raise a helpful exception when trying to refresh credentials without a refresh token. (#262)
  • Fix links to README and CONTRIBUTING in docs/index.rst. (#260)
  • Fix a typo in credentials.py. (#256)
  • Use pytest instead of py.test per upstream recommendation, #dropthedot. (#255)
  • Fix typo on exemple of jwt usage (#245)

1.4.1

  • Added a check for the cryptography version before attempting to use it. (#243)

1.4.0

  • Added cryptography-based RSA signer and verifier. (#185)
  • Added google.oauth2.service_account.IDTokenCredentials. (#234)
  • Improved documentation around ID Tokens (#224)

1.3.0

  • Added google.oauth2.credentials.Credentials.from_authorized_user_file (#226)
  • Dropped direct pyasn1 dependency in favor of letting pyasn1-modules specify the right version. (#230)
  • default() now checks for the project ID environment var before warning about missing project ID. (#227)
  • Fixed the docstrings for has_scopes() and with_scopes(). (#228)
  • Fixed example in docstring for ReadOnlyScoped. (#219)
  • Made transport.requests use timeouts and retries to improve reliability. (#220)

1.2.1

  • Excluded compiled Python files in source distributions. (#215)
  • Updated docs for creating RSASigner from string. (#213)
  • Use six.raise_from wherever possible. (#212)
  • Fixed a typo in a comment seconds not sections. (#210)

1.2.0

  • Added google.auth.credentials.AnonymousCredentials. (#206)
  • Updated the documentation to link to the Google Cloud Platform Python setup guide (#204)

1.1.1

  • google.oauth.credentials.Credentials now correctly inherits from ReadOnlyScoped instead of Scoped. (#200)

1.1.0

  • Added service_account.Credentials.project_id. (#187)
  • Move read-only methods of credentials.Scoped into new interface credentials.ReadOnlyScoped. (#195, #196)
  • Make compute_engine.Credentials derive from ReadOnlyScoped instead of Scoped. (#195)
  • Fix App Engine's expiration calculation (#197)
  • Split crypt module into a package to allow alternative implementations. (#189)
  • Add error message to handle case of empty string or missing file for GOOGLE_APPLICATION_CREDENTIALS (#188)

1.0.2

  • Fixed a bug where the Cloud SDK executable could not be found on Windows, leading to project ID detection failing. (#179)
  • Fixed a bug where the timeout argument wasn't being passed through the httplib transport correctly. (#175)
  • Added documentation for using the library on Google App Engine standard. (#172)
  • Testing style updates. (#168)
  • Added documentation around the oauth2client deprecation. (#165)
  • Fixed a few lint issues caught by newer versions of pylint. (#166)

1.0.1

  • Fixed a bug in the clock skew accommodation logic where expired credentials could be used for up to 5 minutes. (#158)

1.0.0

Milestone release for v1.0.0. No significant changes since v0.10.0

0.10.0

  • Added jwt.OnDemandCredentials. (#142)
  • Added new public property id_token to oauth2.credentials.Credentials. (#150)
  • Added the ability to set the address used to communicate with the Compute Engine metadata server via the GCE_METADATA_ROOT and GCE_METADATA_IP environment variables. (#148)
  • Changed the way cloud project IDs are ascertained from the Google Cloud SDK. (#147)
  • Modified expiration logic to add a 5 minute clock skew accommodation. (#145)

0.9.0

  • Added service_account.Credentials.with_claims. (#140)
  • Moved google.auth.oauthlib and google.auth.flow to a new separate package google_auth_oauthlib. (#137, #139, #135, #126)
  • Added InstalledAppFlow to google_auth_oauthlib. (#128)
  • Fixed some packaging and documentation issues. (#131)
  • Added a helpful error message when importing optional dependencies. (#125)
  • Made all properties required to reconstruct google.oauth2.credentials.Credentials public. (#124)
  • Added official Python 3.6 support. (#102)
  • Added jwt.Credentials.from_signing_credentials and removed service_account.Credentials.to_jwt_credentials. (#120)

0.8.0

  • Removed one-time token behavior from jwt.Credentials, audience claim is now required and fixed. (#117)
  • crypt.Signer and crypt.Verifier are now abstract base classes. The concrete implementations have been renamed to crypt.RSASigner and crypt.RSAVerifier. app_engine.Signer and iam.Signer now inherit from crypt.Signer. (#115)
  • transport.grpc now correctly calls Credentials.before_request. (#116)

0.7.0

  • Added google.auth.iam.Signer. (#108)
  • Fixed issue where google.auth.app_engine.Signer erroneously returns a tuple from sign(). (#109)
  • Added public property google.auth.credentials.Signing.signer. (#110)

0.6.0

  • Added experimental integration with requests-oauthlib in google.oauth2.oauthlib and google.oauth2.flow. (#100, #105, #106)
  • Fixed typo in google_auth_httplib2's README. (#105)

0.5.0

  • Added app_engine.Signer. (#97)
  • Added crypt.Signer.from_service_account_file. (#95)
  • Fixed error handling in the oauth2 client. (#96)
  • Fixed the App Engine system tests.

0.4.0

  • transports.grpc.secure_authorized_channel now passes kwargs to grpc.secure_channel. (#90)
  • Added new property credentials.Singing.signer_email which can be used to identify the signer of a message. (#89)
  • (google_auth_httplib2) Added a proxy to httplib2.Http.connections.

0.3.2

  • Fixed an issue where an ImportError would occur if google.oauth2 was imported before google.auth. (#88)

0.3.1

  • Fixed a bug where non-padded base64 encoded strings were not accepted. (#87)
  • Fixed a bug where ID token verification did not correctly call the HTTP request function. (#87)

0.3.0

  • Added Google ID token verification helpers. (#82)
  • Swapped the target and request argument order for grpc.secure_authorized_channel. (#81)
  • Added a user's guide. (#79)
  • Made service_account_email a public property on several credential classes. (#76)
  • Added a scope argument to google.auth.default. (#75)
  • Added support for the GCLOUD_PROJECT environment variable. (#73)

0.2.0

  • Added gRPC support. (#67)
  • Added Requests support. (#66)
  • Added google.auth.credentials.with_scopes_if_required helper. (#65)
  • Added private helper for oauth2client migration. (#70)

0.1.0

First release with core functionality available. This version is ready for initial usage and testing.

  • Added google.auth.credentials, public interfaces for Credential types. (#8)
  • Added google.oauth2.credentials, credentials that use OAuth 2.0 access and refresh tokens (#24)
  • Added google.oauth2.service_account, credentials that use Service Account private keys to obtain OAuth 2.0 access tokens. (#25)
  • Added google.auth.compute_engine, credentials that use the Compute Engine metadata service to obtain OAuth 2.0 access tokens. (#22)
  • Added google.auth.jwt.Credentials, credentials that use a JWT as a bearer token.
  • Added google.auth.app_engine, credentials that use the Google App Engine App Identity service to obtain OAuth 2.0 access tokens. (#46)
  • Added google.auth.default(), an implementation of Google Application Default Credentials that supports automatic Project ID detection. (#32)
  • Added system tests for all credential types. (#51, #54, #56, #58, #59, #60, #61, #62)
  • Added google.auth.transports.urllib3.AuthorizedHttp, an HTTP client that includes authentication provided by credentials. (#19)
  • Documentation style and formatting updates.

0.0.1

Initial release with foundational functionality for cryptography and JWTs.

  • google.auth.crypt for creating and verifying cryptographic signatures.
  • google.auth.jwt for creating (encoding) and verifying (decoding) JSON Web tokens.