Non-MsalRuntime accounts will fallback gracefully

Author: rayluo

msal/broker.py

@@ -71,16 +71,22 @@ def _convert_error(error, client_id):
 
 
 def _read_account_by_id(account_id, correlation_id):
-    """Return an instance of MSALRuntimeError or MSALRuntimeAccount, or None"""
+    """Return an instance of MSALRuntimeAccount, or log error and return None"""
     callback_data = _CallbackData()
     pymsalruntime.read_account_by_id(
         account_id,
         correlation_id,
         lambda result, callback_data=callback_data: callback_data.complete(result)
         )
     callback_data.signal.wait()
-    return (callback_data.result.get_error() or callback_data.result.get_account()
-        or None)  # None happens when the account was not created by broker
+    error = callback_data.result.get_error()
+    if error:
+        logger.debug("read_account_by_id() error: %s", _convert_error(error, None))
+        return None
+    account = callback_data.result.get_account()
+    if account:
+        return account
+    return None  # None happens when the account was not created by broker
 
 
 def _convert_result(result, client_id, expected_token_type=None):  # Mimic an on-the-wire response from AAD
@@ -195,8 +201,6 @@ def _acquire_token_silently(
     # acquireTokenSilently is expected to fail.  - Sam Wilson
     correlation_id = correlation_id or _get_new_correlation_id()
     account = _read_account_by_id(account_id, correlation_id)
-    if isinstance(account, pymsalruntime.MSALRuntimeError):
-        return _convert_error(account, client_id)
     if account is None:
         return
     params = pymsalruntime.MSALRuntimeAuthParameters(client_id, authority)
@@ -220,8 +224,6 @@ def _acquire_token_silently(
 def _signout_silently(client_id, account_id, correlation_id=None):
     correlation_id = correlation_id or _get_new_correlation_id()
     account = _read_account_by_id(account_id, correlation_id)
-    if isinstance(account, pymsalruntime.MSALRuntimeError):
-        return _convert_error(account, client_id)
     if account is None:
         return
     callback_data = _CallbackData()

tests/msaltest.py

@@ -59,7 +59,7 @@ def acquire_token_silent(app):
     """acquire_token_silent() - with an account already signed into MSAL Python."""
     account = _select_account(app)
     if account:
-        pprint.pprint(app.acquire_token_silent(
+        pprint.pprint(app.acquire_token_silent_with_error(
             _input_scopes(),
             account=account,
             force_refresh=_input_boolean("Bypass MSAL Python's token cache?"),
@@ -103,6 +103,15 @@ def acquire_token_by_username_password(app):
     pprint.pprint(app.acquire_token_by_username_password(
         _input("username: "), getpass.getpass("password: "), scopes=_input_scopes()))
 
+def acquire_token_by_device_flow(app):
+    """acquire_token_by_device_flow() - Note that this one does not go through broker"""
+    flow = app.initiate_device_flow(scopes=_input_scopes())
+    print(flow["message"])
+    sys.stdout.flush()  # Some terminal needs this to ensure the message is shown
+    input("After you completed the step above, press ENTER in this console to continue...")
+    result = app.acquire_token_by_device_flow(flow)  # By default it will block
+    pprint.pprint(result)
+
 _JWK1 = """{"kty":"RSA", "n":"2tNr73xwcj6lH7bqRZrFzgSLj7OeLfbn8216uOMDHuaZ6TEUBDN8Uz0ve8jAlKsP9CQFCSVoSNovdE-fs7c15MxEGHjDcNKLWonznximj8pDGZQjVdfK-7mG6P6z-lgVcLuYu5JcWU_PeEqIKg5llOaz-qeQ4LEDS4T1D2qWRGpAra4rJX1-kmrWmX_XIamq30C9EIO0gGuT4rc2hJBWQ-4-FnE1NXmy125wfT3NdotAJGq5lMIfhjfglDbJCwhc8Oe17ORjO3FsB5CLuBRpYmP7Nzn66lRY3Fe11Xz8AEBl3anKFSJcTvlMnFtu3EpD-eiaHfTgRBU7CztGQqVbiQ", "e":"AQAB"}"""
 SSH_CERT_DATA = {"token_type": "ssh-cert", "key_id": "key1", "req_cnf": _JWK1}
 SSH_CERT_SCOPE = ["https://pas.windows.net/CheckMyAccess/Linux/.default"]
@@ -176,6 +185,7 @@ def main():
             acquire_token_silent,
             acquire_token_interactive,
             acquire_token_by_username_password,
+            acquire_token_by_device_flow,
             acquire_ssh_cert_silently,
             acquire_ssh_cert_interactive,
             remove_account,