0.23.1 (2025-01-07)

Fixed

• Test suite should now run even if port 5000 is used by another process. Thanks to commonism.

0.23.0 (2025-01-07)

Fixed

• Bearer tokens with nested JSON string are now properly handled. Thanks to Patrick Rodrigues.
• Client credentials auth instances will now use credentials (client_id and client_secret) as well to distinguish tokens. This was an issue when the only parameters changing were the credentials.

Changed

• Requires httpx==0.28.*
• Exceptions issued by httpx_auth are now inheriting from httpx_auth.HttpxAuthException, itself inheriting from httpx.HTTPError, instead of Exception.

Added

• Explicit support for python 3.13.

0.22.0 (2024-03-02)

Changed

• Requires httpx==0.27.*
• httpx_auth.JsonTokenFileCache and httpx_auth.TokenMemoryCache get_token method does not handle kwargs anymore, the on_missing_token callable does not expect any arguments anymore.

0.21.0 (2024-02-19)

Added

• Publicly expose httpx_auth.SupportMultiAuth, allowing multiple authentication support for every httpx authentication class that exists.
• Publicly expose httpx_auth.TokenMemoryCache, allowing to create custom Oauth2 token cache based on this default implementation.
• You can now provide your own HTML success (success_html) and failure (failure_html) display via the new OAuth2.display shared setting. Refer to documentation for more details.
• Support for refresh tokens in the Resource Owner Password Credentials flow.
• Support for refresh tokens in the Authorization code (with and without PKCE) flow.
• Thanks to the new redirect_uri_domain parameter on Authorization code (with and without PKCE) and Implicit flows, you can now provide the FQDN to use in the redirect_uri when localhost (the default) is not allowed.

Changed

• Except for httpx_auth.testing, only direct access via httpx_auth. was considered publicly exposed. This is now explicit, as inner packages are now using private prefix (_).
  If you were relying on some classes or functions that are now internal, feel free to open an issue.
• Browser display settings have been moved to a shared setting, see documentation for more information on httpx_auth.OAuth2.display.
  The failure page will be displayed for 10 seconds by default instead of 5 seconds previously.
  As a result the following classes no longer expose success_display_time and failure_display_time parameters.
  • httpx_auth.OAuth2AuthorizationCode.
  • httpx_auth.OktaAuthorizationCode.
  • httpx_auth.WakaTimeAuthorizationCode.
  • httpx_auth.OAuth2AuthorizationCodePKCE.
  • httpx_auth.OktaAuthorizationCodePKCE.
  • httpx_auth.OAuth2Implicit.
  • httpx_auth.AzureActiveDirectoryImplicit.
  • httpx_auth.AzureActiveDirectoryImplicitIdToken.
  • httpx_auth.OktaImplicit.
  • httpx_auth.OktaImplicitIdToken.
• The authentication success and failure displayed in the browser were revamped to be more user-friendly. httpx_auth.testing was modified to accommodate this change:
  • tab.assert_success expected_message parameter was removed.
  • tab.assert_failure expected_message parameter should not be prefixed with Unable to properly perform authentication: anymore and \n in the message should be replaced with <br>.
• httpx_auth.JsonTokenFileCache does not expose tokens_path or last_save_time attributes anymore and is also allowing pathlib.Path instances as cache location.
• httpx_auth.TokenMemoryCache does not expose forbid_concurrent_cache_access or forbid_concurrent_missing_token_function_call attributes anymore.
• httpx_auth.JsonTokenFileCache and httpx_auth.TokenMemoryCache get_token method now handles a new optional parameter named on_expired_token.

Fixed

• httpx_auth.OktaClientCredentials scope parameter is now mandatory and does not default to openid anymore.
• httpx_auth.OktaClientCredentials will now display a more user-friendly error message in case Okta instance is not provided.
• Tokens cache DEBUG logs will not display tokens anymore.

0.20.0 (2024-02-12)

Fixed

• Remove deprecation warnings due to usage of utcnow and utcfromtimestamp. Thanks to Raphael Krupinski.
• httpx_auth.AWS4Auth.default_include_headers value kept growing in size every time a new httpx_auth.AWS4Auth instance was created with security_token parameter provided. Thanks to Miikka Koskinen.
• httpx_auth.AWS4Auth is now based almost entirely on AWS documentation, diverging from the original implementation based on requests-aws4auth and solving implementation issues in the process.
  • As the AWS documentation might be wrong or not exhaustive enough, feel free to open issues, should you encounter edge cases.

Changed

• httpx_auth.AWS4Auth.default_include_headers is not available anymore, use httpx_auth.AWS4Auth include_headers parameter instead to include additional headers if the default does not fit your need (refer to documentation for an exhaustive list).
• httpx_auth.AWS4Auth include_headers values will not be stripped anymore, meaning that you can now include headers prefixed and/or suffixed with blank spaces.
• httpx_auth.AWS4Auth does not includes date header by default anymore. You will have to provide it via include_headers yourself if you need to.
  • Note that it should not be required as httpx_auth.AWS4Auth is sending x-amz-date by default and AWS documentation states that the request date can be specified by using either the HTTP Date or the x-amz-date header. If both headers are present, x-amz-date takes precedence.
• httpx_auth.AWS4Auth include_headers does not needs to include host, content-type or x-amz-* anymore as those headers will always be included. It is now expected to be provided as a list of additional headers.
• httpx_auth.AWS4Auth will not modify the headers values spaces when computing the canonical headers, only trim leading and trailing whitespaces as per AWS documentation.

0.19.0 (2024-01-09)

Added

• Explicit support for Python 3.12

Changed

• Requires httpx==0.26.*
  • Note that this changes the signature sent via AWS auth for URLs containing %. Feel free to open an issue if this is one.

0.18.0 (2023-09-11)

Changed

• Requires httpx==0.25.*

Removed

• Python 3.8 is no longer supported.

0.17.0 (2023-04-26)

Changed

• httpx_auth.OAuth2ResourceOwnerPasswordCredentials does not send basic authentication by default.

Added

• client_auth as a parameter of httpx_auth.OAuth2ResourceOwnerPasswordCredentials. Allowing to provide any kind of optional authentication.
• httpx_auth.OktaResourceOwnerPasswordCredentials providing Okta resource owner password credentials flow easy setup.

0.16.0 (2023-04-25)

Changed

• Requires httpx==0.24.*

Fixed

• Handle text/html; charset=utf-8 content-type in token responses. Thanks to Marcelo Trylesinski.

Added

• httpx_auth.WakaTimeAuthorizationCode handling access to the WakaTime API.

Removed

• Python 3.7 is no longer supported.

0.15.0 (2022-06-01)

Changed

• Requires httpx==0.23.*