Adopting PyMsalRuntime 0.7

rayluo · rayluo · commit 457f20bb3192 · 2022-03-23T16:16:31.000-07:00
diff --git a/msal/application.py b/msal/application.py
@@ -1660,7 +1660,7 @@ def acquire_token_interactive(
             self._client_capabilities, claims_challenge)
         if self._enable_broker:
             try:
-                from .broker import _signin_interactively
+                from .broker import _signin_interactively, _signin_silently
             except RuntimeError:  # TODO: TBD
                 logger.debug("Broker is unavailable on this platform. Fallback to non-broker.")
             else:
@@ -1670,20 +1670,29 @@ def acquire_token_interactive(
                         "which is not supported on current platform")
                 if "welcome_template" in kwargs:
                     logger.debug(kwargs["welcome_template"])  # Experimental
-                response = _signin_interactively(
-                    "https://{}/{}".format(self.authority.instance, self.authority.tenant),
-                    self.client_id,
-                    scopes,
-                    validateAuthority="no"
-                        if self.authority._validate_authority is False
-                        or self.authority.is_adfs or self.authority._is_b2c
-                        else None,
-                    login_hint=login_hint,
-                    prompt=prompt,
-                    claims=claims,
-                    max_age=max_age,  # Broker may choose to trust the auth_time returned by AAD
-                    window=window,
-                    )
+                authority = "https://{}/{}".format(
+                    self.authority.instance, self.authority.tenant)
+                validate_authority = ("no"
+                    if self.authority._validate_authority is False
+                    or self.authority.is_adfs or self.authority._is_b2c
+                    else None)
+                if (prompt and prompt != "none") or login_hint:
+                    response = _signin_interactively(
+                        authority, self.client_id, scopes,
+                        validateAuthority=validate_authority,
+                        login_hint=login_hint,
+                        prompt=prompt,
+                        claims=claims,
+                        max_age=max_age,  # Broker may choose to trust the auth_time returned by AAD
+                        window=window,
+                        )
+                else:
+                    response = _signin_silently(
+                        authority, self.client_id, scopes,
+                        validateAuthority=validate_authority,
+                        claims=claims,
+                        max_age=max_age,  # Broker may choose to trust the auth_time returned by AAD
+                        )
                 return self._process_broker_response(response, scopes, kwargs.get("data", {}))
 
         self._validate_ssh_cert_input_data(kwargs.get("data", {}))
diff --git a/msal/broker.py b/msal/broker.py
@@ -11,7 +11,7 @@
 try:
     import pymsalruntime  # ImportError would be raised on unsupported platforms such as Windows 8
     # Its API description is available in site-packages/pymsalruntime/PyMsalRuntime.pyi
-    pymsalruntime.set_logging_callback(lambda message, level: {  # New in pymsalruntime 0.5.0
+    pymsalruntime.register_logging_callback(lambda message, level: {  # New in pymsalruntime 0.7
         pymsalruntime.LogLevel.TRACE: logger.debug,  # Python has no TRACE level
         pymsalruntime.LogLevel.DEBUG: logger.debug,
         # Let broker's excess info, warning and error logs map into default DEBUG, for now
@@ -99,9 +99,11 @@ def _get_new_correlation_id():
     return str(uuid.uuid4())
 
 
-def _signin_silently(authority, client_id, scopes, correlation_id=None, **kwargs):
+def _signin_silently(authority, client_id, scopes, correlation_id=None, claims=None, **kwargs):
     params = pymsalruntime.MSALRuntimeAuthParameters(client_id, authority)
     params.set_requested_scopes(scopes)
+    if claims:
+        params.set_decoded_claims(claims)
     callback_data = _CallbackData()
     for k, v in kwargs.items():  # This can be used to support domain_hint, max_age, etc.
         if v is not None:
@@ -136,8 +138,6 @@ def _signin_interactively(
                 # https://identitydivision.visualstudio.com/Engineering/_workitems/edit/1744492
                 login_hint = None  # Mimicing the AAD behavior
                 logger.warning("Using both select_account and login_hint is ambiguous. Ignoring login_hint.")
-            params.set_select_account_option(
-                pymsalruntime.SelectAccountOption.SHOWLOCALACCOUNTSCONTROL)
         else:
             logger.warning("prompt=%s is not supported by this module", prompt)
     for k, v in kwargs.items():  # This can be used to support domain_hint, max_age, etc.
diff --git a/setup.py b/setup.py
@@ -91,7 +91,7 @@
             # The broker is defined as optional dependency,
             # so that downstream apps can opt in. The opt-in is needed, partially because
             # most existing MSAL Python apps do not have the redirect_uri needed by broker.
-            "pymsalruntime>=0.5,<0.6;python_version>='3.6' and platform_system=='Windows'",
+            "pymsalruntime>=0.7,<0.8;python_version>='3.6' and platform_system=='Windows'",
             ],
         },
 )
diff --git a/tests/test_broker.py b/tests/test_broker.py
@@ -5,7 +5,7 @@
 if not sys.platform.startswith("win"):
     raise unittest.SkipTest("Currently, our broker supports Windows")
 from msal.broker import (  # Import them after the platform check
-    _signin_interactively, _acquire_token_silently, RedirectUriError)
+    _signin_silently, _signin_interactively, _acquire_token_silently, RedirectUriError)
 
 
 logging.basicConfig(level=logging.DEBUG)
@@ -20,7 +20,7 @@ class BrokerTestCase(unittest.TestCase):
     _authority = "https://login.microsoftonline.com/common"
     _scopes = ["https://graph.microsoft.com/.default"]
 
-    def test_interactive_then_silent(self):
+    def test_signin_interactive_then_acquire_token_silent(self):
         result = _signin_interactively(self._authority, self._client_id, self._scopes)
         self.assertIsNotNone(result.get("access_token"), result)
 
@@ -45,3 +45,7 @@ def test_signin_interactively_and_select_account(self):
             result["access_token"] = "********"
         import pprint; pprint.pprint(result)
 
+    def test_signin_silently(self):
+        result = _signin_silently(self._authority, self._client_id, self._scopes)
+        self.assertIsNotNone(result.get("access_token"), result)
+

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@`
`91`	`91`	`# The broker is defined as optional dependency,`
`92`	`92`	`# so that downstream apps can opt in. The opt-in is needed, partially because`
`93`	`93`	`# most existing MSAL Python apps do not have the redirect_uri needed by broker.`
`94`		`- "pymsalruntime>=0.5,<0.6;python_version>='3.6' and platform_system=='Windows'",`
	`94`	`+ "pymsalruntime>=0.7,<0.8;python_version>='3.6' and platform_system=='Windows'",`
`95`	`95`	`],`
`96`	`96`	`},`
`97`	`97`	`)`