Bump requests-auth from 7.0.0 to 8.0.0

[dependabot[bot]]

Bumps requests-auth from 7.0.0 to 8.0.0.

Release notes

Sourced from requests-auth's releases.

8.0.0 (2024-06-18)

Added

• Adding explicit support for Python 3.12.
• Publicly expose requests_auth.SupportMultiAuth, allowing multiple authentication support for every requests authentication class that exists.
• Publicly expose requests_auth.TokenMemoryCache, allowing to create custom Oauth2 token cache based on this default implementation.
• You can now provide your own HTML success (success_html) and failure (failure_html) display via the new OAuth2.display shared setting. Refer to documentation for more details.
• Thanks to the new redirect_uri_domain parameter on Authorization code (with and without PKCE) and Implicit flows, you can now provide the FQDN to use in the redirect_uri when localhost (the default) is not allowed.
• requests_auth.WakaTimeAuthorizationCode handling access to the WakaTime API.

Changed

• Except for requests_auth.testing, only direct access via requests_auth. was considered publicly exposed. This is now explicit, as inner packages are now using private prefix (_). If you were relying on some classes or functions that are now internal, feel free to open an issue.
• requests_auth.JsonTokenFileCache and requests_auth.TokenMemoryCache get_token method does not handle kwargs anymore, the on_missing_token callable does not expect any arguments anymore.
• requests_auth.JsonTokenFileCache does not expose tokens_path or last_save_time attributes anymore and is also allowing pathlib.Path instances as cache location.
• requests_auth.TokenMemoryCache does not expose forbid_concurrent_cache_access or forbid_concurrent_missing_token_function_call attributes anymore.
• Browser display settings have been moved to a shared setting, see documentation for more information on requests_auth.OAuth2.display. The failure page will be displayed for 10 seconds by default instead of 5 seconds previously. As a result the following classes no longer expose success_display_time and failure_display_time parameters.
  • requests_auth.OAuth2AuthorizationCode.
  • requests_auth.OktaAuthorizationCode.
  • requests_auth.WakaTimeAuthorizationCode.
  • requests_auth.OAuth2AuthorizationCodePKCE.
  • requests_auth.OktaAuthorizationCodePKCE.
  • requests_auth.OAuth2Implicit.
  • requests_auth.AzureActiveDirectoryImplicit.
  • requests_auth.AzureActiveDirectoryImplicitIdToken.
  • requests_auth.OktaImplicit.
  • requests_auth.OktaImplicitIdToken.
• The authentication success and failure displayed in the browser were revamped to be more user-friendly. requests_auth.testing was modified to accommodate this change:
  • tab.assert_success expected_message parameter was removed.
  • tab.assert_failure expected_message parameter should not be prefixed with Unable to properly perform authentication: anymore and \n in the message should be replaced with <br>.
• Exceptions issued by requests_auth are now inheriting from requests_auth.RequestsAuthException, itself inheriting from requests.RequestException, instead of Exception.

Fixed

• Type information is now provided following PEP 561.
• Remove deprecation warnings due to usage of utcnow and utcfromtimestamp.
• requests_auth.OktaClientCredentials scope parameter is now mandatory and does not default to openid anymore.
• requests_auth.OktaClientCredentials will now display a more user-friendly error message in case Okta instance is not provided.
• Tokens cache DEBUG logs will not display tokens anymore.
• Handle text/html; charset=utf-8 content-type in token responses.

Removed

• Removing support for Python 3.7.
• Deprecated requests_auth.Auths class has been removed.

Changelog

Sourced from requests-auth's changelog.

[8.0.0] - 2024-06-18

Added

• Adding explicit support for Python 3.12.
• Publicly expose requests_auth.SupportMultiAuth, allowing multiple authentication support for every requests authentication class that exists.
• Publicly expose requests_auth.TokenMemoryCache, allowing to create custom Oauth2 token cache based on this default implementation.
• You can now provide your own HTML success (success_html) and failure (failure_html) display via the new OAuth2.display shared setting. Refer to documentation for more details.
• Thanks to the new redirect_uri_domain parameter on Authorization code (with and without PKCE) and Implicit flows, you can now provide the FQDN to use in the redirect_uri when localhost (the default) is not allowed.
• requests_auth.WakaTimeAuthorizationCode handling access to the WakaTime API.

Changed

• Except for requests_auth.testing, only direct access via requests_auth. was considered publicly exposed. This is now explicit, as inner packages are now using private prefix (_). If you were relying on some classes or functions that are now internal, feel free to open an issue.
• requests_auth.JsonTokenFileCache and requests_auth.TokenMemoryCache get_token method does not handle kwargs anymore, the on_missing_token callable does not expect any arguments anymore.
• requests_auth.JsonTokenFileCache does not expose tokens_path or last_save_time attributes anymore and is also allowing pathlib.Path instances as cache location.
• requests_auth.TokenMemoryCache does not expose forbid_concurrent_cache_access or forbid_concurrent_missing_token_function_call attributes anymore.
• Browser display settings have been moved to a shared setting, see documentation for more information on requests_auth.OAuth2.display. The failure page will be displayed for 10 seconds by default instead of 5 seconds previously. As a result the following classes no longer expose success_display_time and failure_display_time parameters.
  • requests_auth.OAuth2AuthorizationCode.
  • requests_auth.OktaAuthorizationCode.
  • requests_auth.WakaTimeAuthorizationCode.
  • requests_auth.OAuth2AuthorizationCodePKCE.
  • requests_auth.OktaAuthorizationCodePKCE.
  • requests_auth.OAuth2Implicit.
  • requests_auth.AzureActiveDirectoryImplicit.
  • requests_auth.AzureActiveDirectoryImplicitIdToken.
  • requests_auth.OktaImplicit.
  • requests_auth.OktaImplicitIdToken.
• The authentication success and failure displayed in the browser were revamped to be more user-friendly. requests_auth.testing was modified to accommodate this change:
  • tab.assert_success expected_message parameter was removed.
  • tab.assert_failure expected_message parameter should not be prefixed with Unable to properly perform authentication: anymore and \n in the message should be replaced with <br>.
• Exceptions issued by requests_auth are now inheriting from requests_auth.RequestsAuthException, itself inheriting from requests.RequestException, instead of Exception.

Fixed

• Type information is now provided following PEP 561.
• Remove deprecation warnings due to usage of utcnow and utcfromtimestamp.
• requests_auth.OktaClientCredentials scope parameter is now mandatory and does not default to openid anymore.
• requests_auth.OktaClientCredentials will now display a more user-friendly error message in case Okta instance is not provided.
• Tokens cache DEBUG logs will not display tokens anymore.
• Handle text/html; charset=utf-8 content-type in token responses.

Removed

• Removing support for Python 3.7.
• Deprecated requests_auth.Auths class has been removed.

Commits

• 1630f81 Release version 8.0.0 (#88)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[wiz-inc-572fc38784[bot]]

Wiz Scan Summary

IaC Misconfigurations
Vulnerabilities
Sensitive Data
Total
Secrets

[wiz-inc-572fc38784[bot]]

Wiz Scan Summary

IaC Misconfigurations
Vulnerabilities
Sensitive Data
Total
Secrets

[Andy-Grigg]

Will be fixed by #640

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.