MSAL Python 1.24.0b2

Experimental: Building on top of 1.24.0b1 and includes some adjustment on handling acquire_token_interactive().

MSAL Python 1.24.0

• Enhancement: There may be a new msal_telemetry key available in MSAL's acquire token response, currently observed when broker is enabled. Its content and format are opaque to caller. This telemetry blob allows participating apps to collect them via telemetry, and it may help future troubleshooting. (#575)
• Enhancement: A new enable_pii_log parameter is added into ClientApplication constructor. When enabled, the broker component may include PII (Personal Identifiable Information) in logs. This may help troubleshooting. (#568, #590)

MSAL Python 1.24.0b1

Experimental: Surface msal telemetry as a long opaque string (#575). This behavior is useful if your app has your own telemetry mechanism and wants to also collect MSAL's telemetry.

MSAL Python 1.23.0

Improvements:

• acquire_token_for_client() will automatically look up tokens from cache (#577). (But all other acquire_token_...() methods still require an explicit acquire_token_silent() in order to utilize token cache.)

MSAL Python 1.22.0

New feature:

• Support CIAM authorities in the form of "tenant.ciamlogin.com/*" (#520)

Known issue:
The following issues were discovered after this version's release: #563

MSAL Python 1.21.0

The API in this new version remains the same as the previous version.

Enhancements:

• Support getting an ssh certificate via broker (#515)
• Support B2C's usage pattern of using client id as a scope (#505, #530)
• MSAL's token cache helper can now be used to store tokens returned by App Service's Managed Identity (#519)
• Switch to a new set of regional endpoints (#513)
• Test matrix covers Python 3.11 (#512)

Known issue:
The following issues were discovered after this version's release: #563

MSAL Python 1.20.0

New feature:

If your app uses MSAL's acquire_token_interactive(), you can now opt in to use broker on Windows platform to achieve Single-Sign-On (SSO) and also obtain more secure tokens, all without switching the log-in experience to a browser. See details in this online doc, and try it out from this sample. (#451, #415)

For example, after utilizing this new feature, a command-line (CLI) app's login experience would look like this:

Known issue:

The following issues were discovered after this version's release: #563

MSAL Python 1.19.0

• New feature: A new ClientApplication(..., instance_discovery=False) parameter to turn off MSAL's Instance Discovery behavior. See more details in its full documentation. Also, ADFS authority will no longer trigger Instance Discovery. (#496)
• Enhancement: Use provided authority port when building the tenant discovery endpoint (#484)
• Bugfix: Fix a regression in regional endpoint which affects MSAL Python 1.14+ (#485)
• Enhancement: Tolerate home_account_id to be None

MSAL Python 1.20.0b1

New feature:

If your app uses MSAL's acquire_token_interactive(), you can now opt in to use broker on Windows platform to achieve Single-Sign-On (SSO) and also obtain more secure tokens, all without switching the log-in experience to a browser. See details in this online doc, and try it out from this sample. (#451, #415)

For example, after utilizing this new feature, a command-line (CLI) app's login experience would look like this:

MSAL Python 1.18.0

(The MSAL Python 1.18.0b1 has been stable in last 2 weeks, and we are now shipping it as 1.18.0)

• New feature: Optional initiate_auth_code_flow(..., response_mode="form_post") to allow the auth code being delivered to your app by form post, which is considered even more secure. (#396, #469)
• New feature: acquire_token_interactive(..., prompt="none") can obtain some tokens from within Cloud Shell, without any prompt. (#420)