Skip to content

Enables extra_scopes_to_consent in acquire_token_silent() #286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Dec 8, 2020
Merged

Enables extra_scopes_to_consent in acquire_token_silent() #286

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 8 additions & 9 deletions msal/application.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -376,7 +376,6 @@ def initiate_auth_code_flow(
def get_authorization_request_url(
self,
scopes, # type: list[str]
# additional_scope=None, # type: Optional[list]
login_hint=None, # type: Optional[str]
state=None, # Recommended by OAuth2 for CSRF protection
redirect_uri=None,
Expand Down Expand Up @@ -425,14 +424,6 @@ def get_authorization_request_url(

:return: The authorization url as a string.
"""
""" # TBD: this would only be meaningful in a new acquire_token_interactive()
:param additional_scope: Additional scope is a concept only in AAD.
It refers to other resources you might want to prompt to consent
for in the same interaction, but for which you won't get back a
token for in this particular operation.
(Under the hood, we simply merge scope and additional_scope before
sending them on the wire.)
"""
authority = kwargs.pop("authority", None) # Historically we support this
if authority:
warnings.warn(
Expand Down Expand Up @@ -1007,6 +998,7 @@ def acquire_token_interactive(
claims_challenge=None,
timeout=None,
port=None,
extra_scopes_to_consent=None,
**kwargs):
"""Acquire token interactively i.e. via a local browser.

Expand Down Expand Up @@ -1043,6 +1035,12 @@ def acquire_token_interactive(
By default we will use a system-allocated port.
(The rest of the redirect_uri is hard coded as ``http://localhost``.)

:param list extra_scopes_to_consent:
"Extra scopes to consent" is a concept only available in AAD.
It refers to other resources you might want to prompt to consent for,
in the same interaction, but for which you won't get back a
token for in this particular operation.

:return:
- A dict containing no "error" key,
and typically contains an "access_token" key,
Expand All @@ -1054,6 +1052,7 @@ def acquire_token_interactive(
self._client_capabilities, claims_challenge)
return self.client.obtain_token_by_browser(
scope=decorate_scope(scopes, self.client_id) if scopes else None,
extra_scope_to_consent=extra_scopes_to_consent,
redirect_uri="http://localhost:{port}".format(
# Hardcode the host, for now. AAD portal rejects 127.0.0.1 anyway
port=port or 0),
Expand Down