v3.45.0

Added

• The scope builder for SpecificFlowClient is now available for direct access and use via globus_sdk.scopes.SpecificFlowScopeBuilder. Callers can initialize this class with a flow_id to get a scope builder for a specific flow, e.g., SpecificFlowScopeBuilder(flow_id).user. SpecificFlowClient now uses this class internally. (#1030)

• TransferClient.add_app_data_access_scope now accepts iterables of collection IDs as an alternative to individual collection IDs. (#1034)

Experimental

• Added login(...), logout(...), and login_required(...) to the experimental GlobusApp construct. (#1041)

  • login(...) initiates a login flow if:

    • the current entity requires a login to satisfy local scope requirements or
    • auth_params/force=True is passed to the method.

  • logout(...) remove and revokes the current entity's app-associated tokens.

  • login_required(...) returns a boolean indicating whether the app believes
    a login is required to satisfy local scope requirements.

Removed

Experimental

• Made run_login_flow private in the experimental GlobusApp construct. Usage sites should be replaced with either app.login() or app.login(force=True). (#1041)

  • Old Usage

    app = UserApp("my-app", client_id="<my-client-id>")
    app.run_login_flow()
    

  • New Usage

    app = UserApp("my-app", client_id="<my-client-id>")
    app.login(force=True)
    

Changed

• The client for Globus Timers has been renamed to TimersClient. The prior name, TimerClient, has been retained as an alias. (#1032)

  • Similarly, the error and scopes classes have been renamed and aliased: TimersAPIError replaces TimerAPIError and TimersScopes replaces TimerScopes.

  • Internal module names have been changed to timers from timer where possible.

  • The service_name attribute is left as timer for now, as it is integrated into URL and _testing logic.

Experimental

• The experimental TokenStorageProvider and LoginFlowManagerProvider protocols have been updated to require keyword-only arguments for their for_globus_app methods. This protects against potential ordering confusion for their arguments. (#1028)

• The default_scope_requirements for globus_sdk.FlowsClient has been updated to list the Flows all scope. (#1029)

• The CommandLineLoginFlowManager now exposes print_authorize_url and prompt_for_code as methods, which replace the login_prompt and code_prompt parameters. Users who wish to customize prompting behavior now have a greater degree of control, and can effect this by subclassing the CommandLineLoginFlowManager. (#1039)

  Example usage, which uses the popular click library to handle the prompts:

  import click
  from globus_sdk.experimental.login_flow_manager import CommandLineLoginFlowManager
  
  class ClickLoginFlowManager(CommandLineLoginFlowManager):
    def print_authorize_url(self, authorize_url: str) -> None:
       click.echo(click.style("Login here for a code:", fg="yellow"))
       click.echo(authorize_url)
  
    def prompt_for_code(self) -> str:
       return click.prompt("Enter the code here:")
  

• GlobusApp.token_storage is now a public property, allowing users direct access to the ValidatingTokenStorage used by the app to build authorizers. (#1040)

• The experimental GlobusApp construct's scope exploration interface has changed from app.get_scope_requirements(resource_server: str) -> tuple[Scope] to app.scope_requirements. The new property will return a deep copy of the internal requirements dictionary mapping resource server to a list of Scopes. (#1042)

Deprecated

• TimerScopes is now a deprecated name. Use TimersScopes instead. (#1032)

Fixed

Experimental

• Container types in GlobusApp function argument annotations are now generally covariant collections like Mapping rather than invariant types like dict. (#1035)

Documentation

• The Globus Timers examples have been significantly enhanced and now leverage more modern usage patterns. (#1032)

v3.44.0

Added

• Added a reference to the new Flows all scope under
  globus_sdk.scopes.FlowsScopes.all. (#1016)

Experimental

• Added support for ScopeCollectionType to GlobusApp's __init__ and
  add_scope_requirements methods. (#1020)

Changed

• Updated ScopeCollectionType to be defined recursively. (#1020)

• TransferClient.add_app_data_access_scope now raises an error if it is
  given an invalid collection ID. (#1022)

Experimental

• Changed the experimental GlobusApp class in the following way (#1017):

  • app_name is no longer required (defaults to "Unnamed Globus App")

  • Token storage now defaults to including the client id in the path.

    • Old (unix) : ~/.globus/app/{app_name}/tokens.json

    • New (unix): ~/.globus/app/{client_id}/{app_name}/tokens.json

    • Old (win): ~\AppData\Local\globus\app\{app_name}\tokens.json

    • New (win): ~\AppData\Local\globus\app\{client_id}\{app_name}\tokens.json

  • GlobusAppConfig.token_storage now accepts shorthand string references:
    "json" to use a JSONTokenStorage, "sqlite" to use a
    SQLiteTokenStorage and "memory" to use a MemoryTokenStorage.

  • GlobusAppConfig.token_storage also now accepts a TokenStorageProvider,
    a class with a for_globus_app(...) -> TokenStorage class method.

  • Renamed the experimental FileTokenStorage attribute .filename to
    .filepath.

• Changed the experimental GlobusApp class in the following ways (#1018):

  • LoginFlowManagers now insert GlobusApp.app_name into any native
    client login flows as the prefill_named_grant.

  • GlobusAppConfig now accepts a login_redirect_uri parameter to specify
    the redirect URI for a login flow.

    • Invalid when used with a LocalServerLoginFlowManager.

    • Defaults to "https://auth.globus.org/v2/web/auth-code" for native
      client flows. Raises an error if not set for confidential ones.

  • UserApp now allows for the use of confidential client flows with the use of
    either a LocalServerLoginFlowManager or a configured login_redirect_uri.

  • GlobusAppConfig.login_flow_manager now accepts shorthand string references
    "command-line" to use a CommandLineLoginFlowManager and
    "local-server" to use a LocalServerLoginFlowManager.

  • GlobusAppConfig.login_flow_manager also now accepts a
    LoginFlowManagerProvider, a class with a
    for_globus_app(...) -> LoginFlowManager class method.

Development

• Added a scope normalization function globus_sdk.scopes.scopes_to_scope_list to
  translate from ScopeCollectionType to a list of Scope objects.
  (#1020)

v3.43.0

Added

• The TransferClient.task_list method now supports orderby as a
  parameter. (#1011)

Changed

• The SQLiteTokenStorage component in globus_sdk.experimental has been
  changed in several ways to improve its interface. (#1004)

  • :memory: is no longer accepted as a database name. Attempts to use it
    will trigger errors directing users to use MemoryTokenStorage instead.

  • Parent directories for a target file are automatically created, and this
    behavior is inherited from the FileTokenStorage base class. (This was
    previously a feature only of the JSONTokenStorage.)

  • The config_storage table has been removed from the generated database
    schema, the schema version number has been incremented to 2, and
    methods and parameters related to manipulation of config_storage have
    been removed.

Documentation

• Added a new experimental "Updated Examples" section which rewrites and reorders
  many examples to aid in discovery. (#1008)

• GlobusApp, UserApp, and ClientApp class reference docs. (#1013)

• Added a narrative example titled Using a GlobusApp detailing the basics of
  constructing and using a GlobusApp. (#1013)

• Remove unwritten example updates from toctree. (#1014)

v3.42.0

Python Support

• Remove support for Python 3.7. (#997)

Added

• Add globus_sdk.ConnectorTable which provides information on supported Globus Connect Server connectors. This object maps names to IDs and vice versa. (#955)

• Support adding query parameters to ConfidentialAppAuthClient.oauth2_token_introspect via a query_params argument. (#984)

• Add get_gcs_info as a helper method to GCSClient for getting information from a Globus Connect Server's info API route.

• Add endpoint_client_id as a property to GCSClient.

• Clients will now emit a X-Globus-Client-Info header which reports the version of the globus-sdk which was used to send a request. Users may customize this header further by modifying the globus_client_info object attached to the transport object. (#990)

Experimental

• Add a new abstract class, TokenStorage, to experimental. TokenStorage expands the functionality of StorageAdapter but is not fully backwards compatible. (#980)

  • FileTokenStorage, JSONTokenStorage, MemoryTokenStorage and SQLiteTokenStorage are new concrete implementations of TokenStorage.

• Add ValidatingStorageAdapter to experimental, which validates that identity is maintained and scope requirements are met on token storage/retrieval. (#978, #980)

• Add a new abstract class, AuthorizerFactory to experimental. AuthorizerFactory provides an interface for getting a GlobusAuthorizer from a ValidatingTokenStorage. (#985)

  • AccessTokenAuthorizerFactory, RefreshTokenAuthorizerFactory, and ClientCredentialsAuthorizerFactory are new concrete implementations of AuthorizerFactory.

• Add a new abstract class, GlobusApp to experimental. A GlobusApp is an abstraction which allows users to define their authorization requirements implicitly and explicitly, attach that state to their various clients, and drive login flows. (#986)

  • UserApp and ClientApp are new implementations of GlobusApp which handle authentications for user-login and client-credentials.

  • GlobusAppConfig is an object which can be used to control GlobusApp behaviors.

• Add app as an optional argument to BaseClient which will accept a GlobusApp to handle authentication, token validation, and token storage when using the client.

• Add default_scope_requirements as a property to BaseClient for subclasses to define scopes to automatically be used with a GlobusApp. The default implementation raises a NotImplementedError.

• Add add_app_scope to BaseClient as an interface for adding additional scope requirements to its app.

• AuthClient, FlowsClient, GCSClient, GroupsClient, SearchClient, TimerClient, and TransferClient all add app as an optional argument and define default_scope_requirements so that they can be used with a GlobusApp.

• Add add_app_data_access_scope to TransferClient as an interface for adding a dependent data access scope requirements needed for interacting with standard Globus Connect Server mapped collections to its app.

• Auto-login (overridable in config) GlobusApp login retry on token validation error. (#994)

• Added the configuration parameter GlobusAppConfig.environment. (#1001)

Changed

• GCSClient instances now have a non-None resource_server property.

• GlobusAuthorizationParameters no longer enforces that at least one field is set. (#989)

• Improved the validation and checking used inside of globus_sdk.tokenstorage.SimpleJSONFileAdapter and globus_sdk.experimental.tokenstorage.JSONTokenStorage. (#997)

Deprecated

• GCSClient.connector_id_to_name has been deprecated. Use ConnectorTable.lookup instead. (#955)

Fixed

Experimental

• When a JSONTokenStorage is used, the containing directory will be automatically be created if it doesn't exist. (#998)

• GlobusApp.add_scope_requirements now has the side effect of clearing the authorizer cache for any referenced resource servers. (#1000)

• GlobusAuthorizer.scope_requirements was made private and a new method for accessing scope requirements was added at GlobusAuthorizer.get_scope_requirements. (#1000)

• A GlobusApp will now auto-create an Auth consent client for dependent scope evaluation against consents as a part of instantiation. (#1000)

• Fixed a bug where specifying dependent tokens in a new GlobusApp would cause the app to infinitely prompt for log in. (#1002)

• Fixed a GlobusApp bug which would cause LocalServerLoginFlowManager to error on MacOS when versions earlier than Python 3.11. (#1003)

Documentation

• Document how to manage Globus SDK warnings. (#988)

v3.41.0

Added

• Added a new AuthClient method get_consents and supporting local data objects.
  These allows a client to poll and interact with the current Globus Auth consent state
  of a particular identity rooted at their client. (#971)

• Added LoginFlowManager and CommandLineLoginFLowManager to experimental (#972)

• Added LocalServerLoginFlowManager to experimental (#977)

• Added support to FlowsClient for the validate_flow operation of the
  Globus Flows service. (#979)

v3.40.0

Added

• Add globus_sdk.tokenstorage.MemoryAdapter for the simplest possible in-memory token storage mechanism. (#964)

• ConfidentialAppAuthClient.oauth2_get_dependent_tokens now supports the scope parameter as a string or iterable of strings. (#965)

• Moved scope parsing out of experimental. The Scope construct is now importable from the top level globus_sdk module. (#966)

• Support updating subscriptions assigned to flows in the Flows service. (#974)

Development

• Fix concurrency problems in the test suite caused by isort's .isorted temporary files. (#973)

v3.39.0

Added

• Added TransferClient.operation_stat helper method for getting the status of a path on a collection (#961)

v3.38.0

Added

• IterableGCSResponse and UnpackingGCSResponse are now available as top-level exported names. (#956)

• Add GroupsClient.get_group_by_subscription_id for resolving subscriptions to groups. This also expands the _testing data for get_group to include a subscription group case. (#957)

• Added prompt to the recognized Globus Authorization Requirements Error authorization_parameters fields. (#958)

v3.37.0

Added

• All of the basic HTTP methods of BaseClient and its derived classes which accept a data parameter for a request body, e.g. TransferClient.post or GroupsClient.put, now allow the data to be passed in the form of already encoded bytes. (#951)

Fixed

• Update ensure_datatype to work with documents that set DATA_TYPE to MISSING instead of omitting it (#952)

v3.36.0

Added

• Added support for GCS endpoint get & update operations. (#933)

  • gcs_client.get_endpoint()
  • gcs_client.update_endpoint(EndpointDocument(...))

• TransferClient.endpoint_manager_task_list() now supports filter_endpoint_use as a parameter. (#948)

• FlowsClient.create_flow now supports subscription_id as a parameter. (#949)