• Fix caches to add timeout everywhere and prevent unlimited growth of cache / need to manual cleanup. (Fix #57)
• Add no_etag_body to EsiClient.init() (see docs) to set the HTTP 304 behavior standard (Fix: #53). This means:
  • status_code = 304
  • response body = empty (res.data = None and res.raw = '')
• Add catch to Exception to prevent crashes from HTTP 504 html response from load balancer (should only happen in this case). (Fix: #49)
• Auto retry when EsiApp is not able to get the swagger.json file (max 3 times) to avoid unnecessary HTTP errors. (Fix #51)

Version 1.0.0 - SSOv2 / PKCE

First and foremost, keep in mind that using SSO v2 is a permanent move. If you want to keep using SSO v1, consider using only EsiPy 0.5.x

Warnings

• From this version EsiPy will only use SSOv2 (JWT). If you don't want to migrate to JWT tokens, you should keep using version 0.5.x, as migration to the new SSO is a permanent move.
• JWT tokens are really bigger than SSOv1 token, so keep this in mind when migrating if you store these tokens in databases.

Breaking Changes

• The following parameters have been removed from EsiSecurity.__init__(): app, esi_url, sso_url, esi_datasource.
• EsiSecurity.__init__() does not construct URLs from either given URL or swagger spec, but makes a request to SSO endpoint discovery.
• EsiSecurity.__get_token_auth_header() has been removed.
• EsiSecurity.verify() now uses JWT library python-jose to get informations of the token instead of querying ESI /verify endpoint.
• EsiSecurity.verify() may raise exceptions if a token does not validate or if it is expired.

Changes

• EsiSecurity.__init__() has a new optional parameter sso_endpoints_url to provide the SSO discovery URL (which is different for Tranquility, Singularity and Serenity)
• EsiSecurity.__init__() has a new optional parameter sso_endpoints which can be used to give the content (cached by the user) of the SSO discovery URL. This will prevent EsiSecurity from making a request.
• EsiSecurity.__init__() has a new optional parameter jwks_key which can be used to give the content (cached by the user) of the JSON Web Key Set (JWKS). This will prevent EsiSecurity from making a request.
• EsiSecurity.__init__() has a new optional parameter code_verifier which can be used for PKCE flow.
• EsiSecurity.refresh() now accept scope_list parameter, a list of scope to only refresh a subset of scope for the token. (None by default to refresh everything)
• New utils functions have been added in the esipy.utils module:
  • generate_code_verifier(length) to generate a code verifier for the PKCE flow that will respect the RFC requirements.
  • generate_code_challenge(code_verifier) to generate the code_challenge to be used in the PKCE flow (used in EsiSecurity)

About PKCE

• If a secret key is provided, EsiSecurity will never use PKCE.
• If you want to use PKCE, you need to follow the 2 requirements while instanciating your EsiSecurity object:
  • secret_key must be ignored or set to None
  • code_verifier must be provided and must follow the RFC 7636 format

For a PKCE example, you can check the doc here

Version 0.5.0

Changes

• Fix the typo for the warning in EsiSecurity when headers didn't have "User-Agent"
• Add revoke() in EsiSecurity to be able to revoke the current tokens
• Remove support to python 3.3.x as pyswagger dropped support.

• Fix ValueError/JSONDecodeError when ESI/SSO is not returning valid JSON data (ie. it returns plain HTML)
• Changed the content of APIException.response to be a string (containing either the HTML or JSON message) instead of being a json dict.
• updated minimal version required for pyswagger, to make sure some bug are fixed (case insensitive headers for example).

Change:

• Fix UnboundLocalError in EsiApp
• Fix the check for invalidate cache, as it was checking self.expire instead of cache_expire

• Fix header name that were overwritten when 304 to make sure they still have the capital E for expires and D for date. (until pyswagger is not anymore case sensitive for this)
• Fix EsiApp cache that wasn't updated when we had HTTP 304

Version 0.4.0

Cache - Possible breaking change

• All cache have lost the timeout parameter in set() method.
• If you have a custom cache with timeout, you should remove it, as it will not allow the Etag process to be used. If you keep it with a default value, it will continue to work.

EsiClient

• Do not cache POST, PUT and DELETE requests anymore
• Support for head requests
• Add Etag mechanism in the cache management
• Allow to set a raise_on_error flag in EsiClient.request() to get an exception when status is not 2XX.
• Add a timeout value for requests in the EsiClient.__init__() to force timeout requests (default is None)
• Allow to define a custom Signal to replace API_CALL_STATS using signal_api_call_stats when initializing the client.

EsiSecurity

• Allow to define a custom Signal to replace AFTER_TOKEN_REFRESH using signal_token_updated when initializing the client.
• Add a token identifier that will be returned to the AFTER_TOKEN_REFRESH signal listeners, so it can identify a token

APIException

• Added request_param and response_header to the Exception, to have more precise data for error management

EsiApp

• cache_time parameter value has changed. Number and 0 will still behave like before (forcing a cache time or no expiration with 0), None will disable forced cache time and use Expires header from swagger specifications. Default is still 1d caching.
• While getting swagger spec (meta or any version), EsiApp will make sure to deal correctly with caching (headers Expires and Etag) by doing a HEAD request before (due to how App object works).
• Add a datasource argument on initialization, to be able to get swagger spec for specific datasource (tranquility by default, or singularity)

• Change the ESI URL esi.tech.ccp.is to esi.evetech.net
• Added warning if the user does not provide User-Agent headers to EsiClient and EsiSecurity

• Fix EsiSecurity.verify() when not using tranquility. (@akakjs #30)

• Allow the user to set a custom cache_prefix when creating EsiApp so the prefix are controlled by the user. Default value is still esipy
• Renamed EsiApp.force_update() into EsiApp.clear_cached_endpoints(prefix=None). Now clear_cached_endpoints only clear cache for the cache_prefix (either the one defined when creating EsiApp or the one given as parameter. All endpoints objects are recreated upon next call automatically.