Globus-action-provider-tools

=====================

Python support
--------------

- Add support for Python 3.11.
- Drop support for Python 3.6.

Bugfixes
--------

- Fix a crash that will occur if a non-object JSON document is submitted.
For example, this will happen if the incoming JSON document is ``"string"``
or ``["array"]``.

- Fix a crash that occurs when an HTTP 400 "invalid grant" error is received
from Globus Auth while getting an authorizer for a given scope.

This is now caught by ``AuthState.get_authorizer_for_scope()`` and ``None`` is returned.

Changes
-------

- Remove the ``__version__`` attribute.

The ``importlib.metadata`` module in Python 3.8 and higher
(or the backported ``importlib_metadata`` package)
can be used to query the version of installed packages if needed.

- ``jsonschema>=4.17,<5`` is now required by action-provider-tools.

Consumers of the library will have to update to a more recent version of ``jsonschema``
if they are using it explicitly.

===================

*No changes from 0.12.0b1.*

=====================

Features
--------

- Upgrade to use major version 3 of the `Globus SDK
<https://github.com/globus/globus-sdk-python>`_. If you are using Action
Provider Tools in an environment which is currently using an earlier version
of the Globus SDK, then you will need to upgrade first in order for this
version to be compatible.

Bugfixes
--------

- Fixes an issue where the `ActionProviderBlueprint` decorators were not
returning the decorated functions. This meant that the registered functions
were loaded onto the Action Provider correctly but were `None` in the module
in which they were defined.

===================

Documentation
-------------

- Add a CHANGELOG and include it in the documentation.
- Use scriv for CHANGELOG management.

Added
-----

- Improved logging around the authentication module's cache hits and misses.

Fixed
-----

* Fixed handling of missing refresh tokens in dependent token grants. Now, even if a refresh token is expected in a dependent grant, it falls back to just using the access token up until the time the access token expires. We also shorten the dependent token grant cache to be less than the expected lifetime of an access token and, thus, from cache, we should not retrieve an access token which is already expired.

===================

Features
--------

- Adds caching to the following Globus Auth operations: token introspection,
group membership, dependent token grants.

Documentation
-------------

- Adds documentation around the new caching behavior:
https://action-provider-tools.readthedocs.io/en/latest/toolkit/caching.html

===================

Features
--------

- Bumps globus-sdk version dependency.