Globus-action-provider-tools

===================

Bugfixes
--------

- Allow package consumers to run with Python optimizations enabled.

This is supported by replacing ``assert`` statements with ``raise AssertionError``.

Changes
-------

- Remove references to web browsers from HTTP 401 Unauthorized responses.

- Reduce I/O with Globus Auth when possible.

* If the action provider is visible to ``"public"``,
introspection requests are allowed without checking tokens.
* If the bearer token is missing, malformed, or is too short or long,
the incoming request is summarily rejected with HTTP 401
without introspecting the token.

.. _changelog-0.16.0:

===================

Features
--------

* Support CORS requests to introspection routes.

Bugfixes
--------

* Prevent ``TypeError``\s from occurring during pydantic error formatting.

This was caused by integer list indexes in pydantic error locations.

Documentation
-------------

* Fix failing documentation builds (locally, and in Read the Docs).
* Enforce reproducible documentation builds using full dependency locking.
* Bump the OpenAPI documentation version and build the documentation.

Development
-----------

* Test documentation builds in GitHub CI.

* Update ``make install`` so it can get developers up and running.
* Document that ``make install`` can get developers up and running.

Dependencies
------------

* Manage test, mypy, and doc dependencies using a consistent framework.
* Introduce a standard command, ``tox run -m update``, that can update dependencies.

.. _changelog-0.15.0:

===================

Bugfixes
--------

- Groups were not being properly considered in authorization checks.

Changes
-------

- Error descriptions in responses are now always strings (previously they could also
be lists of strings or lists of dictionaries).
- Input validation errors now use an HTTP response status code of 422.
- Validation errors no longer return input data in their description.

.. _changelog-0.14.1:

===================

Changes
-------

- Change the way that dependent token caching computes cache keys to improve
upstream cache busting

.. _changelog-0.14.0:

===================

Features
--------

- Added a CloudWatchEMFLogger ``RequestLifecycleHook`` class.
When attached to an ``ActionProviderBlueprint``, it will emit request count, latency,
and response category (2xxs, 4xxs, 5xxs) count metrics through CloudWatch EMF. Metrics
are emitted both for the aggregate AP dimension set and the individual route dimension
set.

- Classes may be provided at Blueprint instantiation time to register before, after,
and/or teardown functionality wrapping route invocation.

.. _changelog-0.13.0rc2:

======================

Python support
--------------

- Support Python 3.12.
- Drop support for Python 3.7.

Development
-----------

- Remove unused dependencies.

Dependencies
------------

- Raise the minimum Flask version to 2.3.0, which dropped support for Python 3.7.

.. _changelog-0.13.0rc1: