Skip to content

Commit

Permalink
Refactor
Browse files Browse the repository at this point in the history
  • Loading branch information
@rayluo
rayluo committed Oct 2, 2024
1 parent c380781 commit c10ace1
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 48 deletions.
35 changes: 17 additions & 18 deletions msal/application.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1542,31 +1542,30 @@ def _acquire_token_silent_from_cache_and_possibly_refresh_it(
None, # Unknown data from older MSAL. Broker might still work.
):
from .broker import _acquire_token_silently
_authority = "https://{}/{}".format(
self.authority.instance, self.authority.tenant)
claims = _merge_claims_challenge_and_capabilities(
self._client_capabilities, claims_challenge)
response = _acquire_token_silently(
"https://{}/{}".format(self.authority.instance, self.authority.tenant),
_authority,
self.client_id,
account["local_account_id"],
scopes,
claims=_merge_claims_challenge_and_capabilities(
self._client_capabilities, claims_challenge),
claims=claims,
correlation_id=correlation_id,
auth_scheme=auth_scheme,
**data)

if (force_refresh and response.get("access_token")):
at_to_renew = response.get("access_token")
response = _acquire_token_silently(
"https://{}/{}".format(self.authority.instance, self.authority.tenant),
self.client_id,
account["local_account_id"],
scopes,
claims=_merge_claims_challenge_and_capabilities(
self._client_capabilities, claims_challenge),
correlation_id=correlation_id,
auth_scheme=auth_scheme,
at_to_renew= at_to_renew,
**data)

if force_refresh and response.get("access_token"):
response = _acquire_token_silently(
_authority,
self.client_id,
account["local_account_id"],
scopes,
claims=claims,
correlation_id=correlation_id,
auth_scheme=auth_scheme,
at_to_renew=response.get("access_token"),
**data)
if response: # Broker provides a decisive outcome
account_was_established_by_broker = account.get(
"account_source") == _GRANT_TYPE_BROKER
Expand Down
3 changes: 2 additions & 1 deletion msal/broker.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,8 @@ def _signin_interactively(

def _acquire_token_silently(
authority, client_id, account_id, scopes, claims=None, correlation_id=None,
auth_scheme=None, at_to_renew=None,
auth_scheme=None,
at_to_renew=None,
**kwargs):
# For MSA PT scenario where you use the /organizations, yes,
# acquireTokenSilently is expected to fail. - Sam Wilson
Expand Down
2 changes: 1 addition & 1 deletion tests/test_account_source.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,6 @@ def test_interactive_flow_and_its_silent_call_should_invoke_broker(self, _, mock

result = app.acquire_token_silent_with_error(
[SCOPE], account, force_refresh=True, post=_mock_post)
mocked_broker_ats.assert_called_once()
mocked_broker_ats.assert_called()
self.assertEqual(result["token_source"], "broker")

57 changes: 29 additions & 28 deletions tests/test_force_refresh.py
View file
Original file line number Diff line number Diff line change
@@ -1,42 +1,43 @@
from tests import unittest
import msal
import logging
import sys

if not sys.platform.startswith("win"):
raise unittest.SkipTest("Currently, our broker supports Windows")

SCOPE_ARM = "https://management.azure.com/.default"
if sys.platform not in ("win32", "darwin"):
raise unittest.SkipTest(f"Our broker does not support {sys.platform}")

SCOPES = ["https://management.azure.com/.default"]
_AZURE_CLI = "04b07795-8ddb-461a-bbee-02f9e1bf7b46"
pca = msal.PublicClientApplication(
_AZURE_CLI,
authority="https://login.microsoftonline.com/organizations",
enable_broker_on_mac=True,
enable_broker_on_windows=True)
enable_broker_on_windows=True,
)


class ForceRefreshTestCase(unittest.TestCase):
def test_silent_with_force_refresh(self):
print("Testing silent flow with force_refresh=True")
result = pca.acquire_token_interactive(scopes=[SCOPE_ARM], prompt="select_account", parent_window_handle=pca.CONSOLE_WINDOW_HANDLE, enable_msa_passthrough=True)
def test_silent_with_force_refresh_should_return_a_new_token(self):
result = pca.acquire_token_interactive(
scopes=SCOPES,
prompt="select_account",
parent_window_handle=pca.CONSOLE_WINDOW_HANDLE,
enable_msa_passthrough=True,
)
accounts = pca.get_accounts()
self.assertNotEqual(
[], accounts,
"Interactive flow should have established a logged-in account")
account = accounts[0]
assert account, "The logged in account should have been established by interactive flow"
oldToken = result.get("access_token")


result = pca.acquire_token_silent(
scopes=[SCOPE_ARM],
account=account,
force_refresh=False)

# This token should have been recieved from cache
assert result.get("access_token") == oldToken, "Token should not be refreshed"


result = pca.acquire_token_silent(
scopes=[SCOPE_ARM],
account=account,
force_refresh=True)

# Token will be different proving it is not token from cache and was renewed
assert result.get("access_token") != oldToken, "Token should be refreshed"
old_token = result.get("access_token")

result = pca.acquire_token_silent(SCOPES, account)
assertion = "This token should have been received from cache"
self.assertEqual(result.get("access_token"), old_token, assertion)
self.assertEqual(result.get("token_source"), "cache", assertion)

result = pca.acquire_token_silent(SCOPES, account, force_refresh=True)
assertion = "A new token should have been received from broker"
self.assertNotEqual(result.get("access_token"), old_token, assertion)
self.assertEqual(result.get("token_source"), "broker", assertion)

0 comments on commit c10ace1

Please sign in to comment.