Add broker._signout_silently()

Author: rayluo

msal/broker.py

@@ -36,11 +36,11 @@ class RedirectUriError(ValueError):
 class _CallbackData:
     def __init__(self):
         self.signal = Event()
-        self.auth_result = None
+        self.result = None
 
-    def complete(self, auth_result):
+    def complete(self, result):
         self.signal.set()
-        self.auth_result = auth_result
+        self.result = result
 
 
 def _convert_error(error, client_id):
@@ -62,15 +62,16 @@ def _convert_error(error, client_id):
 
 
 def _read_account_by_id(account_id, correlation_id):
-    """Return the callback result which contains the account or error"""
+    """Return an instance of MSALRuntimeError or MSALRuntimeAccount, or None"""
     callback_data = _CallbackData()
     pymsalruntime.read_account_by_id(
         account_id,
         correlation_id,
         lambda result, callback_data=callback_data: callback_data.complete(result)
         )
     callback_data.signal.wait()
-    return callback_data.auth_result
+    return (callback_data.result.get_error() or callback_data.result.get_account()
+        or None)  # None happens when the account was not created by broker
 
 
 def _convert_result(result, client_id):  # Mimic an on-the-wire response from AAD
@@ -114,7 +115,7 @@ def _signin_silently(authority, client_id, scopes, correlation_id=None, claims=N
         correlation_id or _get_new_correlation_id(),
         lambda result, callback_data=callback_data: callback_data.complete(result))
     callback_data.signal.wait()
-    return _convert_result(callback_data.auth_result, client_id)
+    return _convert_result(callback_data.result, client_id)
 
 
 def _signin_interactively(
@@ -154,17 +155,16 @@ def _signin_interactively(
         login_hint,  # None value will be accepted since pymsalruntime 0.3+
         lambda result, callback_data=callback_data: callback_data.complete(result))
     callback_data.signal.wait()
-    return _convert_result(callback_data.auth_result, client_id)
+    return _convert_result(callback_data.result, client_id)
 
 
 def _acquire_token_silently(
         authority, client_id, account_id, scopes, claims=None, correlation_id=None):
     correlation_id = correlation_id or _get_new_correlation_id()
     account = _read_account_by_id(account_id, correlation_id)
-    error = account.get_error()
-    if error:
-        return _convert_error(error, client_id)
-    if not account.get_account():  # It happens when the account was not created by broker
+    if isinstance(account, pymsalruntime.MSALRuntimeError):
+        return _convert_error(account, client_id)
+    if account is None:
         return
     params = pymsalruntime.MSALRuntimeAuthParameters(client_id, authority)
     params.set_requested_scopes(scopes)
@@ -174,10 +174,10 @@ def _acquire_token_silently(
     pymsalruntime.acquire_token_silently(
         params,
         correlation_id,
-        account.get_account(),
+        account,
         lambda result, callback_data=callback_data: callback_data.complete(result))
     callback_data.signal.wait()
-    return _convert_result(callback_data.auth_result, client_id)
+    return _convert_result(callback_data.result, client_id)
 
 
 def _acquire_token_interactively(
@@ -195,9 +195,10 @@ def _acquire_token_interactively(
     raise NotImplementedError("We ended up not currently using this function")
     correlation_id = correlation_id or _get_new_correlation_id()
     account = _read_account_by_id(account_id, correlation_id)
-    error = account.get_error()
-    if error:
-        return _convert_error(error, client_id)
+    if isinstance(account, pymsalruntime.MSALRuntimeError):
+        return _convert_error(account, client_id)
+    if account is None:
+        return
     params = pymsalruntime.MSALRuntimeAuthParameters(client_id, authority)
     params.set_requested_scopes(scopes)
     params.set_redirect_uri("placeholder")  # pymsalruntime 0.1 requires non-empty str,
@@ -212,8 +213,27 @@ def _acquire_token_interactively(
         window or pymsalruntime.get_console_window() or pymsalruntime.get_desktop_window(),  # Since pymsalruntime 0.2+
         params,
         correlation_id,
-        account.get_account(),
+        account,
         lambda result, callback_data=callback_data: callback_data.complete(result))
     callback_data.signal.wait()
-    return callback_data.auth_result
+    return callback_data.result
+
+
+def _signout_silently(client_id, account_id, correlation_id=None):
+    correlation_id = correlation_id or _get_new_correlation_id()
+    account = _read_account_by_id(account_id, correlation_id)
+    if isinstance(account, pymsalruntime.MSALRuntimeError):
+        return _convert_error(account, client_id)
+    if account is None:
+        return
+    callback_data = _CallbackData()
+    pymsalruntime.signout_silently(  # New in PyMsalRuntime 0.7
+        client_id,
+        correlation_id,
+        account,
+        lambda result, callback_data=callback_data: callback_data.complete(result))
+    callback_data.signal.wait()
+    error = callback_data.result.get_error()
+    if error:
+        return _convert_error(error, client_id)
 

tests/test_broker.py

@@ -5,7 +5,9 @@
 if not sys.platform.startswith("win"):
     raise unittest.SkipTest("Currently, our broker supports Windows")
 from msal.broker import (  # Import them after the platform check
-    _signin_silently, _signin_interactively, _acquire_token_silently, RedirectUriError)
+    _signin_silently, _signin_interactively, _acquire_token_silently, RedirectUriError,
+    _signout_silently, _read_account_by_id,
+    )
 
 
 logging.basicConfig(level=logging.DEBUG)
@@ -20,15 +22,24 @@ class BrokerTestCase(unittest.TestCase):
     _authority = "https://login.microsoftonline.com/common"
     _scopes = ["https://graph.microsoft.com/.default"]
 
-    def test_signin_interactive_then_acquire_token_silent(self):
+    def test_signin_interactive_then_acquire_token_silent_then_signout(self):
         result = _signin_interactively(self._authority, self._client_id, self._scopes)
         self.assertIsNotNone(result.get("access_token"), result)
 
         account_id = result["_account_id"]
+        self.assertIsNotNone(_read_account_by_id(account_id, "correlation_id"))
         result = _acquire_token_silently(
                 self._authority, self._client_id, account_id, self._scopes)
         self.assertIsNotNone(result.get("access_token"), result)
 
+        signout_error = _signout_silently(self._client_id, account_id)
+        self.assertIsNone(signout_error, msg=signout_error)
+        account = _read_account_by_id(account_id, "correlation_id")
+        self.assertIsNotNone(account, msg="pymsalruntime still has this account")
+        result = _acquire_token_silently(
+                self._authority, self._client_id, account_id, self._scopes)
+        self.assertIn("Status_AccountUnusable", result.get("error_description", ""))
+
     def test_unconfigured_app_should_raise_exception(self):
         app_without_needed_redirect_uri = "289a413d-284b-4303-9c79-94380abe5d22"
         with self.assertRaises(RedirectUriError):