Update dependency msal to v1.36.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
msal (changelog)	==1.23.0 → ==1.36.0

---

Release Notes

AzureAD/microsoft-authentication-library-for-python (msal)

v1.36.0

Compare Source

What's Changed

• Fix the PoP flow in the console app by @​PetarSDimov in #​887
• Add ADO CI, SDL, and release pipelines with e2e test enablement by @​RyAuld in #​890
• Add documentation for Managed Identity v2 Hackathon by @​gladjohn in #​885
• Potential fix for code scanning alert no. 74: Workflow does not contain permissions by @​Avery-Dunn in #​884
• Added withFmi method for cca app by @​4gust in #​876
• Use cryptographically secure randomness for PKCE, state, and nonce generation by @​ashok672 in #​894
• Fix OIDC issuer domain spoofing in B2C host validation by @​4gust in #​896

New Contributors

• @​PetarSDimov made their first contribution in #​887
• @​gladjohn made their first contribution in #​885

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.35.1...1.36.0

v1.35.1

Compare Source

What's Changed

• Instance discovery remains cloud local on known clouds by @​bgavrilMS in #​875

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.35.0...1.35.1

v1.35.0

Compare Source

What's Changed

• Set Redirect Uri for broker silent flow on Linux platform by @​xinyuxu1026 in #​846
• ROPC deprecation by @​Ugonnaak1 in #​855
• Update pymsalruntime version range to handle the latest 0.20.0 release by @​DharshanBJ in #​858
• Document how to enable sha256 for client credential by @​rayluo in #​833
• Remove the reliance on getfqdn() by @​rayluo in #​859
• Thumbprint for certificate made optional by @​vi7us in #​835
• Support Python 3.14 by @​rayluo in #​861
• Add form_post response mode support for system browser authentication by @​ashok672 in #​868
• Add OIDC issuer validation by @​Avery-Dunn in #​840
• Security: Remove unsafe PowerShell fallback in WSL by @​RinZ27 in #​866

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.34.0...1.35.0

v1.34.0: MSAL Python 1.34.0

Compare Source

This release includes:

• All the changes in 1.34.0b1, plus bumping the dependency cryptography upper bound, which also drops Python 3.7 support.
• Officially support Python 3.13

What's Changed

• ManagedIdentityClient(..., client_capabilities=["cp1"]).acquire_token_for_client(..., claims_challenge="...") by @​rayluo in #​791
• Update deprecated TokenCache API usage by @​pvaneck in #​805
• Enable broker support on Linux for WSL by @​DharshanBJ in #​766
• Fix username/password validation in broker test by @​emmanuel-ferdman in #​807
• Merge release 1.32.3 back to dev branch by @​rayluo in #​816
• Add dependency management suggestions by @​rayluo in #​819
• Remind developers about http_cache's unstable format by @​rayluo in #​821
• Properly throw MsalServiceError exception by @​rayluo in #​820
• Improve test cases to test header-less response by @​rayluo in #​822
• Upgrade dependency by @​rayluo in #​824
• Linux broker needs a specific redirect_uri by @​rayluo in #​826
• MSAL Python 1.33.0b1 release by @​rayluo in #​827
• Use lowercase environment value during searching by @​rayluo in #​831
• Add claims challenge parameter in initiate_device_flow by @​ashok672 in #​839
• MSAL Python 1.33.0 by @​rayluo in #​841
• Declare support for Python 3.13 by @​rayluo in #​851

New Contributors

• @​pvaneck made their first contribution in #​805
• @​emmanuel-ferdman made their first contribution in #​807
• @​ashok672 made their first contribution in #​839

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.32.3...1.34.0

v1.33.0: MSAL Python 1.33.0

Compare Source

Re-shipping beta release 1.33.0b1 as stable 1.33.0

Highlights

• Managed Identity on Service Fabric supports specifying client_capabilities and claims_challenge (#​791)
• Broker support on Linux and WSL. (#​766)
• A byproduct of this is that broker on all platforms will support Python 3.13. (#​823)

v1.32.3: MSAL Python 1.32.3

Compare Source

Fix a regression on Azure Arc / on-prem servers. (#​814, #​815)

v1.32.2: MSAL Python 1.32.2

Compare Source

Bugfix for Authentication Failed: MsalResponse object has no attribute 'headers' #​812

v1.32.1: MSAL Python 1.32.1

Compare Source

Optimization on cache.

v1.32.0: MSAL Python 1.32.0

Compare Source

Noticeable Changes

• New feature: Supports dSTS by ClientApplication(..., authority="https://...example.com/dstsv2/...") (#​767, #​772)
• New feature: Start to support POD Identity, configured by env var AZURE_POD_IDENTITY_AUTHORITY_HOST=http://ip:port (#​794, #​795)
• Bugfix: Support resource with the format of "GUID/.default" when running inside Cloud Shell. (#​784, #​785)

More details

• Refactor to allow adding new field into cache key and/or content by @​rayluo in #​751
• Warning when obsolete msal-extensions is detected by @​rayluo in #​752
• Add msal_cache.bin to .gitignore by @​DharshanBJ in #​753
• MSAL will use env var MSAL_FORCE_REGION by default by @​rayluo in #​756
• allow MI endpoint changing through environment variable by @​jimdigriz in #​754
• Revert "allow MI endpoint changing through environment variable" by @​rayluo in #​769
• Fix document for using SystemAssigned managed identity by @​jiasli in #​764
• Suppress a false positive CodeQL alarm by @​rayluo in #​783
• Pass Sku and Ver to MsalRuntime by @​Ugonnaak1 in #​786
• Try to suppress another verify=False by @​rayluo in #​788
• Supports dSTS by ClientApplication(..., authority="https://...example.com/dstsv2/...") by @​rayluo in #​772
• Add test case to show that OBO supports SP by @​rayluo in #​481
• Enable Issue-Sentinel to scan for similar issues by @​DharshanBJ in #​790
• Support pod identity by @​rayluo in #​795
• Scope to resource by @​rayluo in #​785

New Contributors

• @​DharshanBJ made their first contribution in #​753
• @​jimdigriz made their first contribution in #​754
• @​Ugonnaak1 made their first contribution in #​786

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.31.1...1.32.0

v1.31.1

Compare Source

• Bugfix: The Managed Identity detection logic on Arc (#​731) had a bug #​762, now fixed in PR #​763 

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.31.0...1.31.1

v1.31.0

Compare Source

Highlight

The Broker-on-Mac feature is also blogged here

What's Changed

• Integration with Broker-on-Mac in #​596
• Change Managed Identity detection logic on Arc in #​731
• Managed Identity supports CAE in #​730
• Support Managed Identity on Azure Container Instance (ACI) with Resource id in #​741
• Other refactoring in #​740

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.30.0...1.31.0

v1.30.0

Compare Source

What's Changed

• New feature: Support Subject Name/Issuer authentication when using .pfx certificate file. Documentation available in one of the recent purple boxes here. #​718
• New feature: Automatically use SHA256 and PSS padding when using .pfx certificate on non-ADFS, non-OIDC authorities. #​722
• New feature: Expose refresh_on (if any) to fresh or cached response, so that caller may choose to proactively call acquire_token_silent() early. #​723
• Bugfix for token cache search. MSAL 1.27+ customers please upgrade to MSAL 1.30+. #​717

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.29.0...1.30.0

v1.29.0: MSAL Python 1.29.0

Compare Source

Highlight

The Managed Identity feature is also blogged here

What's Changed

• New feature: Supports Managed Identity for Azure VM, App Service (including Azure Functions, Azure Automation), Service Fabric, Azure Machine Learning, Arc, etc.. Comes with a sample, its configuration via ENV VAR, and its API documentation. (#​58, #​480, #​634, #​674)
• New feature: Support reading ConfidentialClientApplication's cert from a pfx file (#​684, #​699)
• New feature: TokenCache class has a new search() method which will return a generator of tokens. The old find() method still exists and returns a list, but MSAL 1.27+ will not call find() anymore. (#​693, #​644)
• Change: Re-enable the username password flow to go through broker, if available. (#​712)

New Contributors

• @​fengga made their first contribution in #​712

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.28.1...1.29.0

v1.28.1: MSAL Python 1.28.1

Compare Source

• Change: pip install msal[broker] will now pick up the latest PyMsalRuntime 0.16.x which contains a bugfix for being run as administrator. This release fixes #​707.

v1.28.0: MSAL Python 1.28.0

Compare Source

• New feature: PublicClientApplication and ConfidentialClientApplication have a new oidc_authority parameter that can be used to specify authority of any generic OpenID Connect authority, typically the customized domain for CIAM. (#​676, #​678)
• Dropping Python 2.7

v1.27.0: MSAL Python 1.27.0

Compare Source

What's Changed

Release Notes:

• New feature: remove_tokens_for_client() will remove tokens acquired by acquire_token_for_client() (#​640, #​650, #​666)
• Performance: Throughput of token-cache-hit happy path is roughly 2x faster (#​644)
• Adjustment: MSAL no longer attempts to validate an ID token's time (#​656, #​657)
• Adjustment: Bump upstream broker dependency to 0.14.x
• Improvement: Better chance to remove accounts from broker (#​651)
• Improvement: Cleaner console output when the http local server is visited in https protocol (#​546)
• Improvement: Reduce a bare except clause (#​667)

Note:

• The previous preview features in previous 1.27.0b2 requires more beta testing, so they did NOT make it to 1.27.0. If you want to beta test 1.27.0b2, follow its own instruction.
• MSAL Python 1.27 is the last version that still runs on Python 2.7

New Contributors

• @​Singletoned made their first contribution in #​667

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.26.0...1.27.0

v1.26.0: MSAL Python 1.26.0

Compare Source

• Do not auto-detect region if app developer does not opt-in to region (#​629, #​630)
• Support Proof-of-Possession (PoP) for Public Client based on broker (#​511)

v1.25.0: MSAL Python 1.25.0

Compare Source

• Deprecation: allow_broker will be replaced by enable_broker_on_windows (#​613)
• Bugfix: Device Code Flow (and Username Password Flow) and its subsequent silent request will automatically bypass broker and succeed. (#​569)
• Enhancement: acquire_token_interactive() supports running inside Docker
• Observability: Successful token response will contain a new token_source field to indicate where the token was obtained from: identity_provider, cache or broker. (#​610)

v1.24.1: MSAL Python 1.24.1

Compare Source

Includes minor adjustments on handling acquire_token_interactive(). The scope of the issue being addressed was limited to a short-lived sign-in attempt. The potential misuse vector complexity was high, therefore it is unlikely to be reproduced in standard usage scenarios; however, out of abundance of caution, this fix is shipped to align ourselves with Microsoft's policy of secure-by-default.

v1.24.0: MSAL Python 1.24.0

Compare Source

• Enhancement: There may be a new msal_telemetry key available in MSAL's acquire token response, currently observed when broker is enabled. Its content and format are opaque to caller. This telemetry blob allows participating apps to collect them via telemetry, and it may help future troubleshooting. (#​575)
• Enhancement: A new enable_pii_log parameter is added into ClientApplication constructor. When enabled, the broker component may include PII (Personal Identifiable Information) in logs. This may help troubleshooting. (#​568, #​590)

---

Configuration

📅 Schedule: (in timezone Europe/London)

• Branch creation
  • "after 7am and before 11am every weekday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.