Experimental: Auto detect MSA-Passthrough

rayluo · rayluo · commit a457b729d84c · 2022-04-20T16:38:26.000-07:00
diff --git a/msal/broker.py b/msal/broker.py
@@ -104,6 +104,16 @@ def _get_new_correlation_id():
     return str(uuid.uuid4())
 
 
+def _enable_msa_pt_when_needed(params, client_id):
+    if client_id in [  # Experimental: Automatically enable MSA-PT mode for known MSA-PT apps
+			# More background of MSA-PT is available from this internal docs:
+			# https://microsoft.sharepoint.com/:w:/t/Identity-DevEx/EatIUauX3c9Ctw1l7AQ6iM8B5CeBZxc58eoQCE0IuZ0VFw?e=tgc3jP&CID=39c853be-76ea-79d7-ee73-f1b2706ede05
+            "04b07795-8ddb-461a-bbee-02f9e1bf7b46",  # Azure CLI
+            "04f0c124-f2bc-4f59-8241-bf6df9866bbd",  # Visual Studio
+            ]:
+        params.set_additional_parameter("msal_request_type", "consumer_passthrough")  # PyMsalRuntime 0.8+
+
+
 def _signin_silently(authority, client_id, scopes, correlation_id=None, claims=None, **kwargs):
     params = pymsalruntime.MSALRuntimeAuthParameters(client_id, authority)
     params.set_requested_scopes(scopes)
@@ -113,6 +123,7 @@ def _signin_silently(authority, client_id, scopes, correlation_id=None, claims=N
     for k, v in kwargs.items():  # This can be used to support domain_hint, max_age, etc.
         if v is not None:
             params.set_additional_parameter(k, str(v))
+    _enable_msa_pt_when_needed(params, client_id)
     pymsalruntime.signin_silently(
         params,
         correlation_id or _get_new_correlation_id(),
@@ -145,6 +156,7 @@ def _signin_interactively(
                 logger.warning("Using both select_account and login_hint is ambiguous. Ignoring login_hint.")
         else:
             logger.warning("prompt=%s is not supported by this module", prompt)
+    _enable_msa_pt_when_needed(params, client_id)
     for k, v in kwargs.items():  # This can be used to support domain_hint, max_age, etc.
         if v is not None:
             params.set_additional_parameter(k, str(v))
diff --git a/setup.py b/setup.py
@@ -91,7 +91,7 @@
             # The broker is defined as optional dependency,
             # so that downstream apps can opt in. The opt-in is needed, partially because
             # most existing MSAL Python apps do not have the redirect_uri needed by broker.
-            "pymsalruntime>=0.7,<0.8;python_version>='3.6' and platform_system=='Windows'",
+            "pymsalruntime>=0.8,<0.9;python_version>='3.6' and platform_system=='Windows'",
             ],
         },
 )

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@`
`91`	`91`	`# The broker is defined as optional dependency,`
`92`	`92`	`# so that downstream apps can opt in. The opt-in is needed, partially because`
`93`	`93`	`# most existing MSAL Python apps do not have the redirect_uri needed by broker.`
`94`		`- "pymsalruntime>=0.7,<0.8;python_version>='3.6' and platform_system=='Windows'",`
	`94`	`+ "pymsalruntime>=0.8,<0.9;python_version>='3.6' and platform_system=='Windows'",`
`95`	`95`	`],`
`96`	`96`	`},`
`97`	`97`	`)`