Add max_age support https://stackoverflow.microsoft.com/questions/267209#comment248855_267214

rayluo · rayluo · commit 52bf4c90a683 · 2021-08-03T08:57:44.000-07:00
diff --git a/msal/application.py b/msal/application.py
@@ -482,6 +482,7 @@ def initiate_auth_code_flow(
             login_hint=None,  # type: Optional[str]
             domain_hint=None,  # type: Optional[str]
             claims_challenge=None,
+            max_age=None,
             ):
         """Initiate an auth code flow.
 
@@ -512,6 +513,15 @@ def initiate_auth_code_flow(
             `here <https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code>`_ and
             `here <https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-oapx/86fb452d-e34a-494e-ac61-e526e263b6d8>`_.
 
+        :param int max_age:
+            OPTIONAL. Maximum Authentication Age.
+            Specifies the allowable elapsed time in seconds
+            since the last time the End-User was actively authenticated.
+            If the elapsed time is greater than this value,
+            Microsoft identity platform will actively re-authenticate the End-User.
+
+            New in version 1.14.
+
         :return:
             The auth code flow. It is a dict in this form::
 
@@ -541,6 +551,7 @@ def initiate_auth_code_flow(
             domain_hint=domain_hint,
             claims=_merge_claims_challenge_and_capabilities(
                 self._client_capabilities, claims_challenge),
+            max_age=max_age,
             )
         flow["claims_challenge"] = claims_challenge
         return flow
@@ -1323,6 +1334,7 @@ def acquire_token_interactive(
             timeout=None,
             port=None,
             extra_scopes_to_consent=None,
+            max_age=None,
             **kwargs):
         """Acquire token interactively i.e. via a local browser.
 
@@ -1368,6 +1380,15 @@ def acquire_token_interactive(
             in the same interaction, but for which you won't get back a
             token for in this particular operation.
 
+        :param int max_age:
+            OPTIONAL. Maximum Authentication Age.
+            Specifies the allowable elapsed time in seconds
+            since the last time the End-User was actively authenticated.
+            If the elapsed time is greater than this value,
+            Microsoft identity platform will actively re-authenticate the End-User.
+
+            New in version 1.14.
+
         :return:
             - A dict containing no "error" key,
               and typically contains an "access_token" key.
@@ -1386,6 +1407,7 @@ def acquire_token_interactive(
                 port=port or 0),
             prompt=prompt,
             login_hint=login_hint,
+            max_age=max_age,
             timeout=timeout,
             auth_params={
                 "claims": claims,
