2121
2222
2323# The __init__.py will import this. Not the other way around.
24- __version__ = "1.5.0 "
24+ __version__ = "1.5.1 "
2525
2626logger = logging .getLogger (__name__ )
2727
@@ -193,6 +193,18 @@ def __init__(
193193 Default value is None, means it will not be passed to Microsoft.
194194 :param list[str] client_capabilities: (optional)
195195 Allows configuration of one or more client capabilities, e.g. ["CP1"].
196+
197+ Client capability is meant to inform the Microsoft identity platform
198+ (STS) what this client is capable for,
199+ so STS can decide to turn on certain features.
200+ For example, if client is capable to handle *claims challenge*,
201+ STS can then issue CAE access tokens to resources
202+ knowing when the resource emits *claims challenge*
203+ the client will be capable to handle.
204+
205+ Implementation details:
206+ Client capability is implemented using "claims" parameter on the wire,
207+ for now.
196208 MSAL will combine them into
197209 `claims parameter <https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter`_
198210 which you will later provide via one of the acquire-token request.
@@ -264,7 +276,8 @@ def _build_client(self, client_credential, authority):
264276 default_body = default_body ,
265277 client_assertion = client_assertion ,
266278 client_assertion_type = client_assertion_type ,
267- on_obtaining_tokens = self .token_cache .add ,
279+ on_obtaining_tokens = lambda event : self .token_cache .add (dict (
280+ event , environment = authority .instance )),
268281 on_removing_rt = self .token_cache .remove_rt ,
269282 on_updating_rt = self .token_cache .update_rt )
270283
@@ -275,7 +288,7 @@ def get_authorization_request_url(
275288 login_hint = None , # type: Optional[str]
276289 state = None , # Recommended by OAuth2 for CSRF protection
277290 redirect_uri = None ,
278- response_type = "code" , # Can be "token" if you use Implicit Grant
291+ response_type = "code" , # Could be "token" if you use Implicit Grant
279292 prompt = None ,
280293 nonce = None ,
281294 domain_hint = None , # type: Optional[str]
@@ -292,7 +305,11 @@ def get_authorization_request_url(
292305 Address to return to upon receiving a response from the authority.
293306 :param str response_type:
294307 Default value is "code" for an OAuth2 Authorization Code grant.
295- You can use other content such as "id_token".
308+
309+ You could use other content such as "id_token" or "token",
310+ which would trigger an Implicit Grant, but that is
311+ `not recommended <https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow#is-the-implicit-grant-suitable-for-my-app>`_.
312+
296313 :param str prompt:
297314 By default, no prompt value will be sent, not even "none".
298315 You will have to specify a value explicitly.
@@ -735,6 +752,11 @@ def _acquire_token_silent_by_finding_specific_refresh_token(
735752 response = client .obtain_token_by_refresh_token (
736753 entry , rt_getter = lambda token_item : token_item ["secret" ],
737754 on_removing_rt = rt_remover or self .token_cache .remove_rt ,
755+ on_obtaining_tokens = lambda event : self .token_cache .add (dict (
756+ event ,
757+ environment = authority .instance ,
758+ skip_account_creation = True , # To honor a concurrent remove_account()
759+ )),
738760 scope = scopes ,
739761 headers = {
740762 CLIENT_REQUEST_ID : correlation_id or _get_new_correlation_id (),
@@ -936,7 +958,8 @@ def _acquire_token_by_username_password_federated(
936958 "https://github.com/AzureAD/microsoft-authentication-library-for-python/wiki/Username-Password-Authentication" )
937959 logger .debug ("wstrust_endpoint = %s" , wstrust_endpoint )
938960 wstrust_result = wst_send_request (
939- username , password , user_realm_result .get ("cloud_audience_urn" ),
961+ username , password ,
962+ user_realm_result .get ("cloud_audience_urn" , "urn:federation:MicrosoftOnline" ),
940963 wstrust_endpoint .get ("address" ,
941964 # Fallback to an AAD supplied endpoint
942965 user_realm_result .get ("federation_active_auth_url" )),
0 commit comments