@@ -1046,6 +1046,15 @@ def _get_authority_aliases(self, instance):
10461046 def remove_account (self , account ):
10471047 """Sign me out and forget me from token cache"""
10481048 self ._forget_me (account )
1049+ if self ._enable_broker :
1050+ try :
1051+ from .broker import _signout_silently
1052+ except RuntimeError : # TODO: TBD
1053+ logger .debug ("Broker is unavailable on this platform. Fallback to non-broker." )
1054+ else :
1055+ error = _signout_silently (self .client_id , account ["local_account_id" ])
1056+ if error :
1057+ logger .debug ("_signout_silently() returns error: %s" , error )
10491058
10501059 def _sign_out (self , home_account ):
10511060 # Remove all relevant RTs and ATs from token cache
@@ -1656,6 +1665,7 @@ def acquire_token_interactive(
16561665 and typically contains an "access_token" key.
16571666 - A dict containing an "error" key, when token refresh failed.
16581667 """
1668+ self ._validate_ssh_cert_input_data (kwargs .get ("data" , {}))
16591669 claims = _merge_claims_challenge_and_capabilities (
16601670 self ._client_capabilities , claims_challenge )
16611671 if self ._enable_broker :
@@ -1672,30 +1682,37 @@ def acquire_token_interactive(
16721682 logger .debug (kwargs ["welcome_template" ]) # Experimental
16731683 authority = "https://{}/{}" .format (
16741684 self .authority .instance , self .authority .tenant )
1675- validate_authority = ("no"
1676- if self .authority ._validate_authority is False
1677- or self .authority .is_adfs or self .authority ._is_b2c
1685+ validate_authority = (
1686+ "no" if self .authority ._validate_authority is False
1687+ or self .authority .is_adfs or self .authority ._is_b2c
16781688 else None )
1679- if (prompt and prompt != "none" ) or login_hint :
1680- response = _signin_interactively (
1681- authority , self .client_id , scopes ,
1682- validateAuthority = validate_authority ,
1683- login_hint = login_hint ,
1684- prompt = prompt ,
1685- claims = claims ,
1686- max_age = max_age , # Broker may choose to trust the auth_time returned by AAD
1687- window = window ,
1688- )
1689- else :
1689+
1690+ # Call _signin_silently() and/or _signin_interactively()
1691+ if prompt == "none" or (not prompt and not login_hint ):
16901692 response = _signin_silently (
16911693 authority , self .client_id , scopes ,
16921694 validateAuthority = validate_authority ,
16931695 claims = claims ,
1694- max_age = max_age , # Broker may choose to trust the auth_time returned by AAD
1695- )
1696+ max_age = max_age ,
1697+ ** kwargs .get ("data" , {}))
1698+ import pymsalruntime
1699+ if prompt == "none" or response .get ("_broker_status" ) not in
1700+ pymsalruntime .Response_Status .Status_AccountUnusable ,
1701+ pymsalruntime .Response_Status .Status_InteractionRequired ,
1702+ ):
1703+ return self ._process_broker_response (
1704+ response , scopes , kwargs .get ("data" , {}))
1705+ response = _signin_interactively (
1706+ authority , self .client_id , scopes ,
1707+ validateAuthority = validate_authority ,
1708+ login_hint = login_hint ,
1709+ prompt = prompt ,
1710+ claims = claims ,
1711+ max_age = max_age ,
1712+ window = window ,
1713+ ** kwargs .get ("data" , {}))
16961714 return self ._process_broker_response (response , scopes , kwargs .get ("data" , {}))
16971715
1698- self ._validate_ssh_cert_input_data (kwargs .get ("data" , {}))
16991716 telemetry_context = self ._build_telemetry_context (
17001717 self .ACQUIRE_TOKEN_INTERACTIVE )
17011718 response = _clean_up (self .client .obtain_token_by_browser (
0 commit comments