Refactor

Author: rayluo

msal/application.py

@@ -1542,31 +1542,30 @@ def _acquire_token_silent_from_cache_and_possibly_refresh_it(
                 None,  # Unknown data from older MSAL. Broker might still work.
             ):
                 from .broker import _acquire_token_silently
+                _authority = "https://{}/{}".format(
+                    self.authority.instance, self.authority.tenant)
+                claims = _merge_claims_challenge_and_capabilities(
+                    self._client_capabilities, claims_challenge)
                 response = _acquire_token_silently(
-                    "https://{}/{}".format(self.authority.instance, self.authority.tenant),
+                    _authority,
                     self.client_id,
                     account["local_account_id"],
                     scopes,
-                    claims=_merge_claims_challenge_and_capabilities(
-                        self._client_capabilities, claims_challenge),
+                    claims=claims,
                     correlation_id=correlation_id,
                     auth_scheme=auth_scheme,
                     **data)
-                
-                if (force_refresh and response.get("access_token")):
-                        at_to_renew = response.get("access_token")
-                        response = _acquire_token_silently(
-                            "https://{}/{}".format(self.authority.instance, self.authority.tenant),
-                            self.client_id,
-                            account["local_account_id"],
-                            scopes,
-                            claims=_merge_claims_challenge_and_capabilities(
-                                self._client_capabilities, claims_challenge),
-                            correlation_id=correlation_id,
-                            auth_scheme=auth_scheme,
-                            at_to_renew= at_to_renew,
-                            **data)
-                
+                if force_refresh and response.get("access_token"):
+                    response = _acquire_token_silently(
+                        _authority,
+                        self.client_id,
+                        account["local_account_id"],
+                        scopes,
+                        claims=claims,
+                        correlation_id=correlation_id,
+                        auth_scheme=auth_scheme,
+                        at_to_renew=response.get("access_token"),
+                        **data)
                 if response:  # Broker provides a decisive outcome
                     account_was_established_by_broker = account.get(
                         "account_source") == _GRANT_TYPE_BROKER

msal/broker.py

@@ -214,7 +214,8 @@ def _signin_interactively(
 
 def _acquire_token_silently(
         authority, client_id, account_id, scopes, claims=None, correlation_id=None,
-        auth_scheme=None, at_to_renew=None,
+        auth_scheme=None,
+        at_to_renew=None,
         **kwargs):
     # For MSA PT scenario where you use the /organizations, yes,
     # acquireTokenSilently is expected to fail.  - Sam Wilson

tests/test_account_source.py

@@ -73,6 +73,6 @@ def test_interactive_flow_and_its_silent_call_should_invoke_broker(self, _, mock
 
         result = app.acquire_token_silent_with_error(
             [SCOPE], account, force_refresh=True, post=_mock_post)
-        mocked_broker_ats.assert_called_once()
+        mocked_broker_ats.assert_called()
         self.assertEqual(result["token_source"], "broker")
 

tests/test_force_refresh.py

@@ -1,42 +1,43 @@
 from tests import unittest
 import msal
-import logging
 import sys
 
-if not sys.platform.startswith("win"):
-    raise unittest.SkipTest("Currently, our broker supports Windows")
 
-SCOPE_ARM = "https://management.azure.com/.default"
+if sys.platform not in ("win32", "darwin"):
+    raise unittest.SkipTest(f"Our broker does not support {sys.platform}")
+
+SCOPES = ["https://management.azure.com/.default"]
 _AZURE_CLI = "04b07795-8ddb-461a-bbee-02f9e1bf7b46"
 pca = msal.PublicClientApplication(
     _AZURE_CLI,
     authority="https://login.microsoftonline.com/organizations",
     enable_broker_on_mac=True,
-    enable_broker_on_windows=True) 
+    enable_broker_on_windows=True,
+    )
+
 
 class ForceRefreshTestCase(unittest.TestCase):
-    def test_silent_with_force_refresh(self):
-        print("Testing silent flow with force_refresh=True")
-        result = pca.acquire_token_interactive(scopes=[SCOPE_ARM], prompt="select_account", parent_window_handle=pca.CONSOLE_WINDOW_HANDLE, enable_msa_passthrough=True)
+    def test_silent_with_force_refresh_should_return_a_new_token(self):
+        result = pca.acquire_token_interactive(
+            scopes=SCOPES,
+            prompt="select_account",
+            parent_window_handle=pca.CONSOLE_WINDOW_HANDLE,
+            enable_msa_passthrough=True,
+            )
         accounts = pca.get_accounts()
+        self.assertNotEqual(
+            [], accounts,
+            "Interactive flow should have established a logged-in account")
         account = accounts[0]
-        assert account, "The logged in account should have been established by interactive flow"
-        oldToken = result.get("access_token")
-        
-        
-        result = pca.acquire_token_silent(
-            scopes=[SCOPE_ARM],
-            account=account,
-            force_refresh=False) 
-
-        # This token should have been recieved from cache
-        assert result.get("access_token") == oldToken, "Token should not be refreshed" 
-
-
-        result = pca.acquire_token_silent(
-            scopes=[SCOPE_ARM],
-            account=account,
-            force_refresh=True)
-        
-        # Token will be different proving it is not token from cache and was renewed
-        assert result.get("access_token") != oldToken, "Token should be refreshed"
+        old_token = result.get("access_token")
+
+        result = pca.acquire_token_silent(SCOPES, account)
+        assertion = "This token should have been received from cache"
+        self.assertEqual(result.get("access_token"), old_token, assertion)
+        self.assertEqual(result.get("token_source"), "cache", assertion)
+
+        result = pca.acquire_token_silent(SCOPES, account, force_refresh=True)
+        assertion = "A new token should have been received from broker"
+        self.assertNotEqual(result.get("access_token"), old_token, assertion)
+        self.assertEqual(result.get("token_source"), "broker", assertion)
+