v3.51.0

Added

• Most client classes now have their __doc__ attribute modified at runtime to provide better help() and sphinx documentation. (#1131)

• Introduce globus_sdk.IDTokenDecoder, which implements id_token decoding. (#1136)

  • For integration with GlobusApp, a new builder protocol is defined, IDTokenDecoderProvider. This defines instantiation within the context of an app.

  • When OAuthTokenResponse.decode_id_token is called, it now internally instantiates an IDTokenDecoder and uses it to perform the decode.

  • IDTokenDecoder objects cache OpenID configuration data and JWKs after looking them up. If a decoder is used multiple times, it will reuse the cached data.

  • Token storage constructs can now contain an IDTokenDecoder in their id_token_decoder attribute. The decoder is used preferentially when trying to read the sub field from an id_token to store.

  • GlobusAppConfig can now contain id_token_decoder, an IDTokenDecoder or IDTokenDecoderProvider. The default is IDTokenDecoder.

  • GlobusApp initialization will now use the config's id_token_decoder and attach the IDTokenDecoder to the token storage which is used.

• ConnectorTable has a new classmethod, extend which allows users to add new connectors to the mapping. ConnectorTable.extend() returns a new connector table subclass and does not modify the original. (#1021)

• Add ComputeClientV3.register_function() method. (#1142)

Changed

• The SDK now defaults JWT leeway to 300 seconds when decoding id_token\s; the previous leeway was 0.5 seconds. Users should find that they are much less prone to validation errors when working in VMs or other scenarios which can cause significant clock drift. (#1135)

v3.50.0

Added

• Subclasses of BaseClient may now specify base_url as class attribute. (#1125)

Fixed

• Fixed an incorrect URL path in ComputeClient.get_task_batch. (#1117)

• Fix a bug in StorageGatewayDocument which stored any allowed_domains argument under an "allow_domains" key instead of the correct key, "allowed_domains". (#1120)

Documentation

• Updated GlobusAppConfig docs to explain how to disable auto-login. (#1127)

v3.49.0

Added

• Add filter_entity_type keyword argument on TransferClient.endpoint_search(). (#1109)

• Added the ComputeClientV3.register_endpoint(), ComputeClientV3.update_endpoint(), ComputeClientV3.lock_endpoint(), and ComputeClientV3.get_endpoint_allowlist() methods. (#1113)

• Added the ComputeClientV2.get_version() and ComputeClientV2.get_result_amqp_url() methods. (#1114)

v3.48.0

Fixed

• Fixed a bug that would cause ClientApp token refreshes to fail. (#1111)

Added

• Added the ComputeClientV2.register_endpoint(), ComputeClientV2.get_endpoint()
ComputeClientV2.get_endpoint_status(), ComputeClientV2.get_endpoints(),
  ComputeClientV2.delete_endpoint(), and ComputeClientV2.lock_endpoint()
  methods. (#1110)

Changed

• Removed identity ID consistency validation from ClientApp. (#1111)

v3.47.0

Added

• Add TimersClient.add_app_transfer_data_access_scope for TimersClient
  instances which are integrated with GlobusApp. This method registers the
  nested scope dependency for a data_access requirement for a transfer
  timer. (#1074)

• SearchQueryV1 is a new class for submitting complex queries replacing
  the legacy SearchQuery class. A deprecation warning has been added to the
  SearchQuery class. (#1079)

• Created ComputeClientV2 and ComputeClientV3 classes to support Globus Compute
  API versions 2 and 3, respectively. The canonical ComputeClient is now a subclass
  of ComputeClientV2, preserving backward compatibility. (#1096)

• Added the ComputeClientV3.submit(), ComputeClientV2.submit(),
  ComputeClientV2.get_task(), ComputeClientV2.get_task_batch(),
  and ComputeClientV2.get_task_group() methods. (#1094)

Changed

• Improved error messaging around EOF errors when prompting for code during a command
  line login flow (#1093)

Deprecated

• Deprecated the ComputeFunctionDocument and ComputeFunctionMetadata classes.
  This change reflects an early design adjustment to better align with the existing
  Globus Compute SDK. (#1092)

Development

• Introduce a toxfile.py to ensure clean builds during development. (#1098)

• The lazy importer used for the top-level globus_sdk module has been rewritten.
  It produces identical results to the previous system. (#1100)

v3.46.0

Python Support

• Support Python 3.13. (#1058)

Added

• Added an initial Globus Compute client class, globus_sdk.ComputeClient. (#1071)

  • Application errors are raised as a globus_sdk.ComputeAPIError.

  • A single method, ComputeClient.get_function is included initially to get
    information about a registered function.

  • Compute scopes are defined at globus_sdk.scopes.ComputeScopes or
    globus_sdk.ComputeClient.scopes.

• Added the ComputeClient.register_function() and ComputeClient.delete_function() methods. (#1085)

  • ComputeClient.register_function() introduces new data model classes:
    ComputeFunctionDocument and ComputeFunctionMetadata.

• Added the TransferClient.set_subscription_id() method. (#1073)

• Added a new error type, globus_sdk.ValidationError, used in certain cases of ValueError\s caused by invalid content. (#1044)

Removed

• Removed the skip_error_handling optional kwarg from the GlobusApp.get_authorizer(...) method interface. (#1060)

Changed

• All previously experimental modules have been moved into main module namespaces and are no longer experimental. Aliases will remain in the experimental namespaces with a deprecation warning until SDKv4.

  • Globus Auth Requirement Errors (GAREs) have been moved from globus_sdk.experimental.auth_requirements_error to globus_sdk.gare. (#1048)

    • The primary document type has been renamed from GlobusAuthRequirementsError to GARE.

    • The functions provided by this interface have been renamed to use gare in their naming: to_gare, is_gare, has_gares, and to_gares.

  • GlobusApps have been moved from globus_sdk.experimental.globus_app to globus_sdk and globus_sdk.globus_app. (#1085)

  • LoginFlowManagers have been moved from globus_sdk.experimental.login_flow_managers to globus_sdk.login_flows. (#1057)

  • TokenStorages have been moved from globus_sdk.experimental.tokenstorage to globus_sdk.tokenstorage. (#1065)

  • Consents have been moved from globus_sdk.experimental.consents to globus_sdk.scopes.consents. (#1047)

• The response classes for OAuth2 token grants now vary by the grant type. For example, a refresh_token-type grant now produces a globus_sdk.OAuthRefreshTokenResponse. This allows code handling responses to more easily identify which grant type produced a response. (#1051)

  • The following new classes have been introduced: globus_sdk.OAuthRefreshTokenResponse, globus_sdk.OAuthAuthorizationCodeResponse, and globus_sdk.OAuthClientCredentialsResponse.

  • The RenewingAuthorizer class is now a generic over the response type which it handles, and the subtypes of authorizers are specialized for their types of responses. e.g., class RefreshTokenAuthorizer(RenewingAuthorizer[OAuthRefreshTokenResponse]).

• The mechanisms of token data validation inside of GlobusApp are now more modular and extensible. The ValidatingTokenStorage class does not define built-in validation behaviors, but instead contains a list of validator objects, which can be extended and otherwise altered. (#1061)

  • These changes allow more validation criteria around token data to be handled within the ValidatingTokenStorage. This changes error behaviors to avoid situations in which multiple errors are raised serially by different layers of GlobusApp.

• LoginFlowManagers built with GlobusApp now generate a more appropriate value for prefill_named_grant, using the current hostname if possible. (#1075)

• Imports of globus_sdk.exc now defer importing requests so as to reduce import-time performance impact the library is not needed. (#1044)

  The following error classes are now lazily loaded even when globus_sdk.exc is imported: GlobusConnectionError, GlobusConnectionTimeoutError, GlobusTimeoutError, and NetworkError.

Fixed

• Fixed the typing-time attributes of globus_sdk so that mypy and other type checkers won't erroneously suppress errors about missing attributes. (#1052)

• Fixed the handling of Dependent Token and Refresh Token responses in TokenStorage and ValidatingTokenStorage such that id_token is only parsed when appropriate. (#1055)

• Fixed a bug where upgrading from access token to refresh token mode in a GlobusApp could result in multiple login prompts. (#1060)

v3.45.0

Added

• The scope builder for SpecificFlowClient is now available for direct access and use via globus_sdk.scopes.SpecificFlowScopeBuilder. Callers can initialize this class with a flow_id to get a scope builder for a specific flow, e.g., SpecificFlowScopeBuilder(flow_id).user. SpecificFlowClient now uses this class internally. (#1030)

• TransferClient.add_app_data_access_scope now accepts iterables of collection IDs as an alternative to individual collection IDs. (#1034)

Experimental

• Added login(...), logout(...), and login_required(...) to the experimental GlobusApp construct. (#1041)

  • login(...) initiates a login flow if:

    • the current entity requires a login to satisfy local scope requirements or
    • auth_params/force=True is passed to the method.

  • logout(...) remove and revokes the current entity's app-associated tokens.

  • login_required(...) returns a boolean indicating whether the app believes
    a login is required to satisfy local scope requirements.

Removed

Experimental

• Made run_login_flow private in the experimental GlobusApp construct. Usage sites should be replaced with either app.login() or app.login(force=True). (#1041)

  • Old Usage

    app = UserApp("my-app", client_id="<my-client-id>")
    app.run_login_flow()
    

  • New Usage

    app = UserApp("my-app", client_id="<my-client-id>")
    app.login(force=True)
    

Changed

• The client for Globus Timers has been renamed to TimersClient. The prior name, TimerClient, has been retained as an alias. (#1032)

  • Similarly, the error and scopes classes have been renamed and aliased: TimersAPIError replaces TimerAPIError and TimersScopes replaces TimerScopes.

  • Internal module names have been changed to timers from timer where possible.

  • The service_name attribute is left as timer for now, as it is integrated into URL and _testing logic.

Experimental

• The experimental TokenStorageProvider and LoginFlowManagerProvider protocols have been updated to require keyword-only arguments for their for_globus_app methods. This protects against potential ordering confusion for their arguments. (#1028)

• The default_scope_requirements for globus_sdk.FlowsClient has been updated to list the Flows all scope. (#1029)

• The CommandLineLoginFlowManager now exposes print_authorize_url and prompt_for_code as methods, which replace the login_prompt and code_prompt parameters. Users who wish to customize prompting behavior now have a greater degree of control, and can effect this by subclassing the CommandLineLoginFlowManager. (#1039)

  Example usage, which uses the popular click library to handle the prompts:

  import click
  from globus_sdk.experimental.login_flow_manager import CommandLineLoginFlowManager
  
  class ClickLoginFlowManager(CommandLineLoginFlowManager):
    def print_authorize_url(self, authorize_url: str) -> None:
       click.echo(click.style("Login here for a code:", fg="yellow"))
       click.echo(authorize_url)
  
    def prompt_for_code(self) -> str:
       return click.prompt("Enter the code here:")
  

• GlobusApp.token_storage is now a public property, allowing users direct access to the ValidatingTokenStorage used by the app to build authorizers. (#1040)

• The experimental GlobusApp construct's scope exploration interface has changed from app.get_scope_requirements(resource_server: str) -> tuple[Scope] to app.scope_requirements. The new property will return a deep copy of the internal requirements dictionary mapping resource server to a list of Scopes. (#1042)

Deprecated

• TimerScopes is now a deprecated name. Use TimersScopes instead. (#1032)

Fixed

Experimental

• Container types in GlobusApp function argument annotations are now generally covariant collections like Mapping rather than invariant types like dict. (#1035)

Documentation

• The Globus Timers examples have been significantly enhanced and now leverage more modern usage patterns. (#1032)

v3.44.0

Added

• Added a reference to the new Flows all scope under
  globus_sdk.scopes.FlowsScopes.all. (#1016)

Experimental

• Added support for ScopeCollectionType to GlobusApp's __init__ and
  add_scope_requirements methods. (#1020)

Changed

• Updated ScopeCollectionType to be defined recursively. (#1020)

• TransferClient.add_app_data_access_scope now raises an error if it is
  given an invalid collection ID. (#1022)

Experimental

• Changed the experimental GlobusApp class in the following way (#1017):

  • app_name is no longer required (defaults to "Unnamed Globus App")

  • Token storage now defaults to including the client id in the path.

    • Old (unix) : ~/.globus/app/{app_name}/tokens.json

    • New (unix): ~/.globus/app/{client_id}/{app_name}/tokens.json

    • Old (win): ~\AppData\Local\globus\app\{app_name}\tokens.json

    • New (win): ~\AppData\Local\globus\app\{client_id}\{app_name}\tokens.json

  • GlobusAppConfig.token_storage now accepts shorthand string references:
    "json" to use a JSONTokenStorage, "sqlite" to use a
    SQLiteTokenStorage and "memory" to use a MemoryTokenStorage.

  • GlobusAppConfig.token_storage also now accepts a TokenStorageProvider,
    a class with a for_globus_app(...) -> TokenStorage class method.

  • Renamed the experimental FileTokenStorage attribute .filename to
    .filepath.

• Changed the experimental GlobusApp class in the following ways (#1018):

  • LoginFlowManagers now insert GlobusApp.app_name into any native
    client login flows as the prefill_named_grant.

  • GlobusAppConfig now accepts a login_redirect_uri parameter to specify
    the redirect URI for a login flow.

    • Invalid when used with a LocalServerLoginFlowManager.

    • Defaults to "https://auth.globus.org/v2/web/auth-code" for native
      client flows. Raises an error if not set for confidential ones.

  • UserApp now allows for the use of confidential client flows with the use of
    either a LocalServerLoginFlowManager or a configured login_redirect_uri.

  • GlobusAppConfig.login_flow_manager now accepts shorthand string references
    "command-line" to use a CommandLineLoginFlowManager and
    "local-server" to use a LocalServerLoginFlowManager.

  • GlobusAppConfig.login_flow_manager also now accepts a
    LoginFlowManagerProvider, a class with a
    for_globus_app(...) -> LoginFlowManager class method.

Development

• Added a scope normalization function globus_sdk.scopes.scopes_to_scope_list to
  translate from ScopeCollectionType to a list of Scope objects.
  (#1020)

v3.43.0

Added

• The TransferClient.task_list method now supports orderby as a
  parameter. (#1011)

Changed

• The SQLiteTokenStorage component in globus_sdk.experimental has been
  changed in several ways to improve its interface. (#1004)

  • :memory: is no longer accepted as a database name. Attempts to use it
    will trigger errors directing users to use MemoryTokenStorage instead.

  • Parent directories for a target file are automatically created, and this
    behavior is inherited from the FileTokenStorage base class. (This was
    previously a feature only of the JSONTokenStorage.)

  • The config_storage table has been removed from the generated database
    schema, the schema version number has been incremented to 2, and
    methods and parameters related to manipulation of config_storage have
    been removed.

Documentation

• Added a new experimental "Updated Examples" section which rewrites and reorders
  many examples to aid in discovery. (#1008)

• GlobusApp, UserApp, and ClientApp class reference docs. (#1013)

• Added a narrative example titled Using a GlobusApp detailing the basics of
  constructing and using a GlobusApp. (#1013)

• Remove unwritten example updates from toctree. (#1014)

v3.42.0

Python Support

• Remove support for Python 3.7. (#997)

Added

• Add globus_sdk.ConnectorTable which provides information on supported Globus Connect Server connectors. This object maps names to IDs and vice versa. (#955)

• Support adding query parameters to ConfidentialAppAuthClient.oauth2_token_introspect via a query_params argument. (#984)

• Add get_gcs_info as a helper method to GCSClient for getting information from a Globus Connect Server's info API route.

• Add endpoint_client_id as a property to GCSClient.

• Clients will now emit a X-Globus-Client-Info header which reports the version of the globus-sdk which was used to send a request. Users may customize this header further by modifying the globus_client_info object attached to the transport object. (#990)

Experimental

• Add a new abstract class, TokenStorage, to experimental. TokenStorage expands the functionality of StorageAdapter but is not fully backwards compatible. (#980)

  • FileTokenStorage, JSONTokenStorage, MemoryTokenStorage and SQLiteTokenStorage are new concrete implementations of TokenStorage.

• Add ValidatingStorageAdapter to experimental, which validates that identity is maintained and scope requirements are met on token storage/retrieval. (#978, #980)

• Add a new abstract class, AuthorizerFactory to experimental. AuthorizerFactory provides an interface for getting a GlobusAuthorizer from a ValidatingTokenStorage. (#985)

  • AccessTokenAuthorizerFactory, RefreshTokenAuthorizerFactory, and ClientCredentialsAuthorizerFactory are new concrete implementations of AuthorizerFactory.

• Add a new abstract class, GlobusApp to experimental. A GlobusApp is an abstraction which allows users to define their authorization requirements implicitly and explicitly, attach that state to their various clients, and drive login flows. (#986)

  • UserApp and ClientApp are new implementations of GlobusApp which handle authentications for user-login and client-credentials.

  • GlobusAppConfig is an object which can be used to control GlobusApp behaviors.

• Add app as an optional argument to BaseClient which will accept a GlobusApp to handle authentication, token validation, and token storage when using the client.

• Add default_scope_requirements as a property to BaseClient for subclasses to define scopes to automatically be used with a GlobusApp. The default implementation raises a NotImplementedError.

• Add add_app_scope to BaseClient as an interface for adding additional scope requirements to its app.

• AuthClient, FlowsClient, GCSClient, GroupsClient, SearchClient, TimerClient, and TransferClient all add app as an optional argument and define default_scope_requirements so that they can be used with a GlobusApp.

• Add add_app_data_access_scope to TransferClient as an interface for adding a dependent data access scope requirements needed for interacting with standard Globus Connect Server mapped collections to its app.

• Auto-login (overridable in config) GlobusApp login retry on token validation error. (#994)

• Added the configuration parameter GlobusAppConfig.environment. (#1001)

Changed

• GCSClient instances now have a non-None resource_server property.

• GlobusAuthorizationParameters no longer enforces that at least one field is set. (#989)

• Improved the validation and checking used inside of globus_sdk.tokenstorage.SimpleJSONFileAdapter and globus_sdk.experimental.tokenstorage.JSONTokenStorage. (#997)

Deprecated

• GCSClient.connector_id_to_name has been deprecated. Use ConnectorTable.lookup instead. (#955)

Fixed

Experimental

• When a JSONTokenStorage is used, the containing directory will be automatically be created if it doesn't exist. (#998)

• GlobusApp.add_scope_requirements now has the side effect of clearing the authorizer cache for any referenced resource servers. (#1000)

• GlobusAuthorizer.scope_requirements was made private and a new method for accessing scope requirements was added at GlobusAuthorizer.get_scope_requirements. (#1000)

• A GlobusApp will now auto-create an Auth consent client for dependent scope evaluation against consents as a part of instantiation. (#1000)

• Fixed a bug where specifying dependent tokens in a new GlobusApp would cause the app to infinitely prompt for log in. (#1002)

• Fixed a GlobusApp bug which would cause LocalServerLoginFlowManager to error on MacOS when versions earlier than Python 3.11. (#1003)

Documentation

• Document how to manage Globus SDK warnings. (#988)