Skip to content

Handle different response outcome #390

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 4, 2021
Merged

Handle different response outcome #390

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 14 additions & 8 deletions msal/token_cache.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,19 @@ def wipe(dictionary, sensitive_fields): # Masks sensitive info
default=str, # A workaround when assertion is in bytes in Python 3
))

def __parse_account(self, response, id_token_claims):
"""Return client_info and home_account_id"""
if "client_info" in response: # It happens when client_info and profile are in request
client_info = json.loads(decode_part(response["client_info"]))
if "uid" in client_info and "utid" in client_info:
return client_info, "{uid}.{utid}".format(**client_info)
# https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/387
if id_token_claims: # This would be an end user on ADFS-direct scenario
sub = id_token_claims["sub"] # "sub" always exists, per OIDC specs
return {"uid": sub}, sub
# client_credentials flow will reach this code path
return {}, None

def __add(self, event, now=None):
# event typically contains: client_id, scope, token_endpoint,
# response, params, data, grant_type
Expand All @@ -138,14 +151,7 @@ def __add(self, event, now=None):
id_token_claims = (
decode_id_token(id_token, client_id=event["client_id"])
if id_token else {})
client_info = {}
home_account_id = None # It would remain None in client_credentials flow
if "client_info" in response: # We asked for it, and AAD will provide it
client_info = json.loads(decode_part(response["client_info"]))
home_account_id = "{uid}.{utid}".format(**client_info)
elif id_token_claims: # This would be an end user on ADFS-direct scenario
client_info["uid"] = id_token_claims.get("sub")
home_account_id = id_token_claims.get("sub")
client_info, home_account_id = self.__parse_account(response, id_token_claims)

target = ' '.join(event.get("scope") or []) # Per schema, we don't sort it

Expand Down