v2.6

• Have htdecodetoken take advantage of new scitokens-verify ability to read from stdin, when available.
• Add support in htdestroytoken -f for getting a CA cert directory from ${X509_CERT_DIR:-/etc/grid-security/certificates} or from a --capath option, and to get a CA cert file from a --cafile option, mirroring the behavior of htgettoken.

v2.5

• Add htdestroytoken -f option to force a removal of a refresh token in vault.
• Add htgettoken --novaulttoken option as an alias for --noiodc, --nossh, and --nokerberos.
• Again fix --showbearerurl to work in combination with --nobearertoken. That was fixed in 1.17 but broke in 1.21 and 2.0.
• Fix httokensh to pay attention to htgettoken options in $HTGETTOKENOPTS.
• Fix httokensh to correctly locate the log file if a -o or --outfile is given, instead of writing to ".log" in the current directory.
• Fix httokensh to not pass on a --vaulttokenminttl option to the background htgettoken command, to make the vault token last as long as possible since it doesn't get renewed.

v2.4

• Add the new -s and -f options to the htdecodetoken usage summary.
• Add a -v option to htdecodetoken to show the token source.

v2.3

• Add -s and -f options to htdecodetoken and default it to -s when stdout is not a TTY. The -s option skips running scitokens-verify.

v2.2-2

• Add -I to the shebang on /usr/bin/htgettoken to ignore PYTHONPATH and user libraries.

v2.2

• Add BuildRequires python3-devel to generate correct Python metadata.
• Remove explicit Requires for python dependencies, rely on Python metadata.
• Always build with wheels.
• Remove Python root logger configuration.

v2.1

• Fix htdecodetoken to work with token files that do not end in a newline.
• Support args in htgettoken.main() Python entry point.

v1.21

This backports some of the fixes from 2.0 for situations where it's too much work to make the transition to the new packaging system.

• Fix the httokensh background process's check for its parent process. That is only a backup in case only the parent process is hard-killed, because normally the parent process kills the background process when the parent exits.
• Use newer sts secrets API for token exchanges.
• Fix the -o/--outfile option to work with relative paths.
• Change the --nobearertoken option to always get and save a vault token.

v2.0-2

• Fix broken httokendecode symlink.
• Use python wheels to build/install on el9. It didn't work on el8 so the use of wheels was removed at the last minute before the 2.0-1 release (without removing it from the changelog like it should have).

v2.0

• Replace use of m2crypto and pyOpenSSL with urllib3
• Replace use of pykerberos with gssapi
• Use standard Requires for Python modules instead of PyInstaller
• Add --vaultcertname option to specify an alternative certificate name. That used to be an additional optional meaning of the --vaultalias option, but urllib3 requires only one name to match.
• Add setuptools build infrastructure
• Refactor htgettoken script into module with entry point. This enables invoking htgettoken as htgettoken.main() from Python.
• Use wheels to build/install Python package, which simplified the entry points and improves (slightly) the metadata
• Fix the httokensh background process's check for its parent process. That is only a backup in case only the parent process is hard-killed, because normally the parent process kills the background process when the parent exits.
• Use newer sts secrets API for token exchanges.
• Fix the -o/--outfile option to work with relative paths.
• Change the --nobearertoken option to always get and save a vault token.