Test acquire_token_silent()

rayluo · rayluo · commit 27bbe6076e34 · 2021-11-08T16:40:11.000-08:00
diff --git a/msal/wam.py b/msal/wam.py
@@ -4,6 +4,7 @@
 https://github.com/AzureAD/microsoft-authentication-library-for-cpp/pull/2406/files
 """
 from threading import Event
+import json
 import logging
 
 import pymsalruntime  # See https://github.com/AzureAD/microsoft-authentication-library-for-cpp/pull/2419/files#diff-d5ea5122ff04e14411a4f695895c923daba73c117d6c8ceb19c4fa3520c3c08a
@@ -31,8 +32,9 @@ def _read_account_by_id(account_id):
     callback_data.signal.wait()
     return callback_data.auth_result
 
-def _signin_silently(authority, client_id):
+def _signin_silently(authority, client_id, scope):
     params = pymsalruntime.MSALRuntimeAuthParameters(client_id, authority)
+    params.set_requested_scopes(scope or "https://graph.microsoft.com/.default")
     callback_data = _CallbackData()
     pymsalruntime.signin_silently(
         params,
@@ -49,15 +51,25 @@ def _signin_interactively():
     callback_data.signal.wait()
     return callback_data.auth_result
 
-def _acquire_token_silently(authority, client_id, account):
+def _acquire_token_silently(authority, client_id, account, scope):
     params = pymsalruntime.MSALRuntimeAuthParameters(client_id, authority)
+    params.set_requested_scopes(scope)
     callback_data = _CallbackData()
     pymsalruntime.signin_silently(
         params,
         "correlation", # TODO
         lambda result, callback_data=callback_data: callback_data.complete(result))
     callback_data.signal.wait()
-    return callback_data.auth_result
+    result = callback_data.auth_result
+    return {k: v for k, v in {
+        "error": result.get_error(),
+        "access_token": result.get_access_token(),
+        #"expires_in": result.get_access_token_expiry_time(),  # TODO
+        #"scope": result.get_granted_scopes(),  # TODO
+        "id_token_claims": json.loads(result.get_id_token())
+            if result.get_id_token() else None,
+        "account": result.get_account(),
+        }.items() if v}
 
 def _acquire_token_interactive(
         authority,
@@ -95,18 +107,19 @@ def acquire_token_interactive(
         scopes,  # type: list[str]
         **kwargs):
     """MSAL Python's acquire_token_interactive() will call this"""
+    scope = " ".join(scopes)
     result = _signin_silently(authority, client_id)
-    logger.debug("%s, %s, %s", result, dir(result), result.get_error())
+    logger.debug("%s, %s, %s, %s, %s", client_id, scope, result, dir(result), result.get_error())
     if not result.get_account():
         result = _signin_interactively(authority, client_id)
     if not result.get_account():
         return {"error": result.get_error()}  # TODO
 
     result = _acquire_token_silently(
-        authority, client_id, account, scopes, **kwargs)
+        authority, client_id, account, scope, **kwargs)
     if not result.get_access_token():
         result = _acquire_token_interactive(
-            authority, client_id, account, scopes, **kwargs)
+            authority, client_id, account, scope, **kwargs)
     if not result.get_access_token():
         return {"error": result.get_error()}  # TODO
     # TODO: Also store the tokens and account into MSAL's token cache
@@ -123,9 +136,13 @@ def acquire_token_silent(
         authority,  # type: str
         client_id,  # type: str
         scopes,  # type: list[str]
-        account,
+        account=None,  # TBD
         ):
-    wam_account = _read_account_by_id(account["some_sort_of_id"])  # TODO
+    scope = " ".join(scopes)
+    if account:
+        wam_account = _read_account_by_id(account["some_sort_of_id"])  # TODO
+    else:
+        wam_account = _signin_silently(authority, client_id, scope).get_account()
     if wam_account:
-        return _acquire_token_silently(authority, client_id, scopes, wam_account)
+        return _acquire_token_silently(authority, client_id, wam_account, scope)
 
diff --git a/tests/test_wam.py b/tests/test_wam.py
@@ -7,19 +7,26 @@
 logging.basicConfig(level=logging.DEBUG)
 
 class TestWam(unittest.TestCase):
+    client_id = "04b07795-8ddb-461a-bbee-02f9e1bf7b46"  # A well-known app
 
+    @unittest.skip("Not yet implemented")
     def test_acquire_token_interactive(self):
         acquire_token_interactive(
             "https://login.microsoftonline.com/common",
-            "my_client_id",
-            ["foo", "bar"],
+            #"my_client_id",
+            "26a7ee05-5602-4d76-a7ba-eae8b7b67941",
+            #["foo", "bar"],
+            ["https://graph.microsoft.com/.default"],
             )
 
-    @unittest.skip("Not yet implemented")
     def test_acquire_token_silent(self):
-        acquire_token_silent(
+        result = acquire_token_silent(
             "https://login.microsoftonline.com/common",
-            "my_client_id",
-            ["foo", "bar"],
-            {"some_sort_of_id": "placeholder"},
+            #"my_client_id",
+            #self.client_id,
+            "26a7ee05-5602-4d76-a7ba-eae8b7b67941",
+            ["https://graph.microsoft.com/.default"],
+            #{"some_sort_of_id": "placeholder"},  # TODO
             )
+        self.assertIsNotNone(result.get("access_token"))
+
