Removed support for Python 3.8#910
Open
4gust wants to merge 3 commits into
Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates MSAL Python’s supported Python versions by dropping Python 3.8 across packaging and CI, and it enhances confidential-client authentication by allowing client_assertion to be provided as a callable (with AutoRefresher surfaced as a helper) while soft-deprecating static string/bytes assertions.
Changes:
- Dropped Python 3.8 support via
python_requires, trove classifiers, CI matrix, and dependency markers. - Added support and documentation for callable
client_assertion, plus a deprecation warning for static assertions. - Added unit tests for callable assertions /
AutoRefresherbehavior and warning expectations, and documented a Python version support policy.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
tests/test_application.py |
Adds tests covering callable client assertions, AutoRefresher caching, and deprecation warning behavior. |
setup.cfg |
Raises python_requires to >=3.9, removes the 3.8 classifier, updates dependency bounds/markers accordingly. |
msal/application.py |
Documents callable client_assertion usage and emits a deprecation warning for static assertions. |
msal/__init__.py |
Exposes AutoRefresher at the package level (from msal import AutoRefresher). |
doc/python_version_support_policy.md |
Introduces a written policy and support timeline tables for Python versions. |
contributing.md |
Points contributors to the new Python version support policy and sync requirements. |
.github/workflows/python-package.yml |
Removes Python 3.8 from the CI test matrix. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+45
to
+47
| | Python Version | PSF End of Support | MSAL Python End Of Support | | ||
| |----------------|--------------------|----------------------------| | ||
| | 3.9 ([PEP 596](https://peps.python.org/pep-0596/#lifespan)) | October 2025 | April 30, 2026 *(see note)* | |
Comment on lines
+64
to
+67
| | 3.8 ([PEP 569](https://peps.python.org/pep-0569/#lifespan)) | October 2024 | April 2026 | | ||
| | 3.7 ([PEP 537](https://peps.python.org/pep-0537/#lifespan)) | June 2023 | December 2023 | | ||
| | 3.6 ([PEP 494](https://peps.python.org/pep-0494/#lifespan)) | December 2021 | August 2022 | | ||
| | 2.7 ([PEP 373](https://peps.python.org/pep-0373/)) | April 2020 | January 2022 | |
Comment on lines
+854
to
+861
| warnings.warn( | ||
| "Passing a static string/bytes 'client_assertion' is " | ||
| "discouraged because the JWT will eventually expire. " | ||
| "Pass a no-arg callable instead (optionally wrapped in " | ||
| "msal.AutoRefresher) so MSAL can obtain a fresh " | ||
| "assertion on demand. " | ||
| "See https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/746", | ||
| DeprecationWarning, stacklevel=2) |
bgavrilMS
approved these changes
May 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request updates the supported Python versions for MSAL Python, formally documents the version support policy, and introduces support for dynamic client assertions via callables, including a new
AutoRefresherhelper. It also deprecates static string assertions for long-running applications and adds comprehensive tests for the new functionality.Python version support policy and enforcement:
setup.cfg, GitHub Actions matrix, and dependency markers to require Python 3.9+ and aligning with the upstream dependency (cryptography) support window.* Added a new documentation filedoc/python_version_support_policy.mddetailing the version support policy, end-of-support timelines, and rationale.contributing.mdto reference the new version support policy and clarify requirements for changing supported Python versions.Dynamic client assertion support and deprecation:
ConfidentialClientApplicationto accept a callable for theclient_assertioncredential, allowing dynamic JWT generation for long-running apps. Added usage documentation and guidance on using the newAutoRefresherhelper for memoization.client_assertionis provided, discouraging this pattern for long-lived workloads.Testing:
AutoRefresherhelper, backward compatibility for static assertions, and correct deprecation warnings.warningsin the test suite to facilitate deprecation warning checks.