AzureAD · rayluo · Jun 27, 2024 · Jun 21, 2024 · Jun 24, 2024 · Jun 26, 2024
@@ -6,6 +6,13 @@
 we can use this script to test it with a given version of MSAL Python.
 """
 import msal
+import getpass
+import os
+try:
+    from dotenv import load_dotenv  # Use this only in local dev machine
+    load_dotenv()  # take environment variables from .env.
+except:
+    pass
 
 _AZURE_CLI = "04b07795-8ddb-461a-bbee-02f9e1bf7b46"
 SCOPE_ARM = "https://management.azure.com/.default"
@@ -46,6 +53,16 @@ def interactive_and_silent(scopes, auth_scheme, data, expected_token_type):
         )
     _assert(result, expected_token_type)
 
+def test_broker_username_password(scopes, expected_token_type):
+    print("Testing broker username password flows by using accounts in local .env")
+    username = os.getenv("BROKER_TEST_ACCOUNT") or input("Input test account for broker test: ")
+    password = os.getenv("BROKER_TEST_ACCOUNT_PASSWORD") or getpass.getpass("Input test account's password: ")
+    assert(username and password, "You need to provide a test account and its password")
+    result = pca.acquire_token_by_username_password(username, password, scopes)
+    _assert(result, expected_token_type)
+    assert(result.get("token_source") == "broker")
+    print("Username password test succeeds.")
+
 def _assert(result, expected_token_type):
     assert result.get("access_token"), f"We should obtain a token. Got {result} instead."
     assert result.get("token_source") == "broker", "Token should be obtained via broker"
@@ -64,3 +81,4 @@ def _assert(result, expected_token_type):
     expected_token_type="ssh-cert",
     )
 
+test_broker_username_password(scopes=[SCOPE_ARM], expected_token_type="bearer")
@@ -46,20 +46,19 @@ def test_device_flow_and_its_silent_call_should_bypass_broker(self, _, mocked_br
         mocked_broker_ats.assert_not_called()
         self.assertEqual(result["token_source"], "identity_provider")
 
-    def test_ropc_flow_and_its_silent_call_should_bypass_broker(self, _, mocked_broker_ats):
+    def test_ropc_flow_and_its_silent_call_should_invoke_broker(self, _, mocked_broker_ats):
         app = msal.PublicClientApplication("client_id", enable_broker_on_windows=True)
-        with patch.object(app.authority, "user_realm_discovery", return_value={}):
+        with patch("msal.broker._signin_silently", return_value=dict(TOKEN_RESPONSE, _account_id="placeholder")):
             result = app.acquire_token_by_username_password(
                 "username", "placeholder", [SCOPE], post=_mock_post)
-        self.assertEqual(result["token_source"], "identity_provider")
+        self.assertEqual(result["token_source"], "broker")
 
         account = app.get_accounts()[0]
-        self.assertEqual(account["account_source"], "password")
+        self.assertEqual(account["account_source"], "broker")
 
         result = app.acquire_token_silent_with_error(
             [SCOPE], account, force_refresh=True, post=_mock_post)
-        mocked_broker_ats.assert_not_called()
-        self.assertEqual(result["token_source"], "identity_provider")
+        self.assertEqual(result["token_source"], "broker")
 
     def test_interactive_flow_and_its_silent_call_should_invoke_broker(self, _, mocked_broker_ats):
         app = msal.PublicClientApplication("client_id", enable_broker_on_windows=True)