Release v3.4.0 changes (#522)

- Added Change log for the release 3.4.0.
- Updated versions from 3.3.0 to 3.4.0 for release.

Author: BinoyOza-okta

CHANGELOG.md

@@ -1,5 +1,29 @@
 # Okta Python SDK Changelog
 
+# 3.4.0
+
+## Added
+* Implemented Demonstrating Proof-of-Possession (DPoP) for OAuth 2.0 (RFC 9449 compliant) to cryptographically bind access tokens to client keys and prevent token theft and replay attacks.
+* Added a thread-safe `DPoPProofGenerator` class featuring automatic key rotation, nonce management with auto-retry, and access token hash computation.
+* Introduced a new `get_oauth_token()` method that returns a 3-tuple including `token_type`.
+* Added support for a new tuple-based file upload format `[(field_name, (filename, filedata, mimetype))]` for multipart requests.
+* Added `Pillow` as an optional dependency, allowing users to install it via `pip install okta[images]`.
+* Added the `CAA` DNS record type to the `DNSRecordTypeDomains` enum to support custom domain operations returning CAA records.
+
+## Changed
+* Maintained backward compatibility for the legacy `get_access_token()` method, which continues to return a 2-tuple.
+* Replaced bare `except` clauses with specific exceptions and swapped bypassable `assert` statements for proper security exceptions.
+* Updated Mustache templates to preserve DPoP configurations in code generation.
+
+## Fixed
+* Fixed multipart file upload handling (such as theme image uploads) by removing the manual `Content-Type` header, which allows `aiohttp` to automatically set the proper boundary parameters.
+* Removed the `minLength: 5` constraint from `UserProfile.secondEmail` in the OpenAPI spec and Pydantic models to correctly deserialize user profiles with empty string secondary emails.
+* Fixed critical Pydantic validation errors on custom domain API endpoints (`create`, `get`, `replace`, `verify`, and `list`) by properly deserializing `CAA` records.
+* Fixed a bug where the `request_executor` timeout returned a raw string instead of an `Exception`.
+* Fixed invalid default parameter usage in `cache.get()` and restored cache cleanup logic to prevent the reuse of expired tokens.
+* Removed `threading.RLock` to prevent `asyncio` deadlocks and consolidated duplicate access token hash computations.
+* Fixed a redundant `get_dpop_error_message()` call in the `oauth` module.
+
 # 3.3.0
 
 ## Features & Enhancements

okta/__init__.py

@@ -21,7 +21,7 @@
 """  # noqa: E501
 
 
-__version__ = "3.3.0"
+__version__ = "3.4.0"
 
 import importlib as _importlib
 import threading as _threading

openapi/config.yaml

@@ -1,7 +1,7 @@
 templateDir: ./templates
 outputDir: ..
 packageName: okta
-packageVersion: 3.3.0
+packageVersion: 3.4.0
 useOneOfDiscriminatorLookup: true
 files:
   okta/okta_configuration.mustache:

openapi/templates/setup.mustache

@@ -70,7 +70,7 @@ setup(
         "Topic :: Software Development :: Libraries :: Python Modules",
     ],
     name=NAME,
-    version="3.3.0",
+    version="3.4.0",
     description="Python SDK for the Okta Management API",
     author="Okta, Inc.",
     author_email="developer-community-products@okta.com",

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "okta"
-version = "3.3.0"
+version = "3.4.0"
 description = "Okta Admin Management"
 authors = ["Okta Developer Team <devex-public@okta.com>"]
 license = "Apache-2.0"

setup.py

@@ -70,7 +70,7 @@ def get_version():
         "Topic :: Software Development :: Libraries :: Python Modules",
     ],
     name=NAME,
-    version="3.3.0",
+    version="3.4.0",
     description="Python SDK for the Okta Management API",
     author="Okta, Inc.",
     author_email="developer-community-products@okta.com",