All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
- support for including arbitrary claims in fake/mock tokens #46
joserfc
dependency being a test rather than main dependency #45
- Required Flask version being too low (2.x and not allowing 3.x) #43
- Required Flask version being too high (3.0 instead of 2.3) #43
- CD publish step, incorrect Poetry repository flag #42
- Session support
- Support for version 1.0 access tokens
- Project rewrite to use
pyjwt
and AuthLib 1.x and adopting 'Entra' branding #35 🛡️
- Dependency updates
- Flask 2.x required (due to changes to Flask's HTTP Exception signature) #29
- Relicensing project under the MIT licence (from the UK Open Government Licence) #31 🛡️
- Examples of using the
current_token
proxy provided by AuthLib - Flake8 linters #34 🛡️
- Upgrading dependencies, including Flask and Authlib (but only to latest 0.14.x release) #29 🛡️
- Updated example application to use updated
msal
methods #36 🛡️ - Switched to Poetry for local development environments #30 🛡️
- Switched to
src/
package directory layout #32 🛡️ - Updating CI/CD configuration #33 🛡️
- Refactored classes for creating test JWKS and JWTs to a
flask_azure_oauth.mocks
module - Refactored references to the
TestJwks
class from non-test objects, patching during tests should now be used instead
- Support for access tokens from the Flask session (using
access_token
as a key) - Minimal support for custom signing keys (app specific JWKS)
- Example applications for internally verifying the behaviour of the provider against real application registrations
- Typo in 'invalid token signature' exception detail
- Correcting invalid
token.dumps()
calls in README examples - Support for version 1.0 tokens (issuer and audience claim values)
AZURE_OAUTH_CLIENT_APPLICATION_IDS
option andazp
claim checking made optional- Updating GitLab CI/CD
- Unit test JUnit support for use in GitLab CI
- Token introspection test case expanded to include RFC 7662 support
test
CLI command returns a non-zero exit code when tests fail
- Minimum required Python version lowered to 3.6 to allow users of other Python versions to use this package
- Unused
FlaskAzureOauth.reset_app()
method
- Bandit configuration file
- Sharing PyCharm test configuration through version control
- Adding GitLab release management
- Support for scopes from both
scp
androles
claims - Tests for internal introspection endpoint
- Support for RFC 7662 (token introspection) using
introspect_token_rfc7662()
- Signature of
FlaskAzureOauth.initapp(app=app)
changed to.initapp(app)
, no longer requiring named parameter - Ensuring scopes are always sorted in introspection methods to aid in stable tests
- Incorporating @maxgubler's contribution for Authlib 0.12
- Updating to Authlib 0.14.1
- Updating to Flask 1.1.2
- Updating to Requests 2.23.0
- Updating development dependencies
- Update project dates
- Switching to Poetry for dependency management and package publishing
- Switching to Black for code formatting/linting
- Switching to multi-stage Docker image
- Tidying up README
- Tidying up GitLab CI
- Synk support - too unreliable
- Upgraded to AuthLib 0.11
- Add exception for
urllib3
dependency https://app.snyk.io/vuln/SNYK-PYTHON-URLLIB3-174323 - Pinning
urllib3
dependency to later version to mitigate https://app.snyk.io/vuln/SNYK-PYTHON-URLLIB3-174464 - Simplifying Docker image name
- Simplifying release procedures
- Refactoring internal TestJwk and TestJwt classes to make some parts part of the main package
- Initial version based on middleware developed for the BAS People (Sensitive) API