Merge pull request #590 from AzureAD/enable-pii

rayluo · web-flow · commit bba6b146d6fc · 2023-08-23T01:10:18.000-07:00
Add enable_pii_log and wire it up with MsalRuntime
diff --git a/msal/application.py b/msal/application.py
@@ -193,6 +193,7 @@ def __init__(
             http_cache=None,
             instance_discovery=None,
             allow_broker=None,
+            enable_pii_log=None,
             ):
         """Create an instance of application.
 
@@ -500,6 +501,13 @@ def __init__(
               * AAD and MSA accounts (i.e. Non-ADFS, non-B2C)
 
             New in version 1.20.0.
+
+        :param boolean enable_pii_log:
+            When enabled, logs may include PII (Personal Identifiable Information).
+            This can be useful in troubleshooting broker behaviors.
+            The default behavior is False.
+
+            New in version 1.24.0.
         """
         self.client_id = client_id
         self.client_credential = client_credential
@@ -576,6 +584,8 @@ def __init__(
             try:
                 from . import broker  # Trigger Broker's initialization
                 self._enable_broker = True
+                if enable_pii_log:
+                    broker._enable_pii_log()
             except RuntimeError:
                 logger.exception(
                     "Broker is unavailable on this platform. "
diff --git a/msal/broker.py b/msal/broker.py
@@ -236,3 +236,6 @@ def _signout_silently(client_id, account_id, correlation_id=None):
     if error:
         return _convert_error(error, client_id)
 
+def _enable_pii_log():
+    pymsalruntime.set_is_pii_enabled(1)  # New in PyMsalRuntime 0.13.0
+
diff --git a/setup.cfg b/setup.cfg
@@ -67,7 +67,7 @@ broker =
     # The broker is defined as optional dependency,
     # so that downstream apps can opt in. The opt-in is needed, partially because
     # most existing MSAL Python apps do not have the redirect_uri needed by broker.
-    # MSAL Python uses a subset of API from PyMsalRuntime 0.11.2+,
+    # MSAL Python uses a subset of API from PyMsalRuntime 0.13.0+,
     # but we still bump the lower bound to 0.13.2+ for its important bugfix (https://github.com/AzureAD/microsoft-authentication-library-for-cpp/pull/3244)
     pymsalruntime>=0.13.2,<0.14; python_version>='3.6' and platform_system=='Windows'
 
diff --git a/tests/msaltest.py b/tests/msaltest.py
@@ -161,6 +161,9 @@ def main():
         option_renderer=lambda a: a["name"],
         header="Impersonate this app (or you can type in the client_id of your own app)",
         accept_nonempty_string=True)
+    allow_broker = _input_boolean("Allow broker?")
+    enable_debug_log = _input_boolean("Enable MSAL Python's DEBUG log?")
+    enable_pii_log = _input_boolean("Enable PII in broker's log?") if allow_broker and enable_debug_log else False
     app = msal.PublicClientApplication(
         chosen_app["client_id"] if isinstance(chosen_app, dict) else chosen_app,
         authority=_select_options([
@@ -173,9 +176,10 @@ def main():
             header="Input authority (Note that MSA-PT apps would NOT use the /common authority)",
             accept_nonempty_string=True,
             ),
-        allow_broker=_input_boolean("Allow broker? (Azure CLI currently only supports @microsoft.com accounts when enabling broker)"),
+        allow_broker=allow_broker,
+        enable_pii_log=enable_pii_log,
         )
-    if _input_boolean("Enable MSAL Python's DEBUG log?"):
+    if enable_debug_log:
         logging.basicConfig(level=logging.DEBUG)
     while True:
         func = _select_options([
