client_assertion can accept a callback

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,32 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: "[Bug] "
+labels: needs attention, untriaged
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to our [off-the-shelf samples](https://github.com/AzureAD/microsoft-authentication-library-for-python/tree/dev/sample) and pick one that is closest to your usage scenario. You should not need to modify the sample.
+2. Follow the description of the sample, typically at the beginning of it, to prepare a `config.json` containing your test configurations
+3. Run such sample, typically by `python sample.py config.json`
+4. See the error
+5. In this bug report, tell us the sample you choose, paste the content of the config.json with your test setup (which you can choose to skip your credentials, and/or mail it to our developer's email).
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**What you see instead**
+Paste the sample output, or add screenshots to help explain your problem.
+
+**The MSAL Python version you are using**
+Paste the output of this
+`python -c "import msal; print(msal.__version__)"`
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -0,0 +1,40 @@
+name: Feature request
+description: Suggest a new feature for MSAL Python.
+labels: ["feature request", "untriaged", "needs attention"]
+title : '[Feature Request] '
+body:
+- type: markdown
+  attributes:
+    value: |
+      ## Before submitting your feature request
+      Please make sure that your question or issue is not already covered in [MSAL documentation](https://learn.microsoft.com/entra/msal/python/) or [samples](https://learn.microsoft.com/azure/active-directory/develop/sample-v2-code?tabs=apptype).
+
+- type: markdown
+  attributes:
+    value: |
+      ## Feature request for MSAL Python
+
+- type: dropdown
+  attributes:
+    label: MSAL client type
+    description: Are you using Public Client (desktop apps, CLI apps) or Confidential Client (web apps, web APIs, service-to-service, managed identity)?
+    multiple: true
+    options: 
+      - "Public"
+      - "Confidential"      
+  validations:
+    required: true
+
+- type: textarea
+  attributes:
+    label: Problem Statement
+    description: "Describe the problem or context for this feature request."
+  validations: 
+    required: true
+
+- type: textarea
+  attributes:
+    label: Proposed solution
+    description: "Describe the solution you'd like."
+  validations: 
+    required: false

.github/workflows/python-package.yml

@@ -0,0 +1,133 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+
+name: CI/CD
+
+on:
+  push:
+  pull_request:
+    branches: [ dev ]
+
+    # This guards against unknown PR until a community member vet it and label it.
+    types: [ labeled ]
+
+jobs:
+  ci:
+    env:
+      # Fake a TRAVIS env so that the pre-existing test cases would behave like before
+      TRAVIS: true
+      LAB_APP_CLIENT_ID: ${{ secrets.LAB_APP_CLIENT_ID }}
+      LAB_APP_CLIENT_SECRET: ${{ secrets.LAB_APP_CLIENT_SECRET }}
+      LAB_APP_CLIENT_CERT_BASE64: ${{ secrets.LAB_APP_CLIENT_CERT_BASE64 }}
+      LAB_APP_CLIENT_CERT_PFX_PATH: lab_cert.pfx
+      LAB_OBO_CLIENT_SECRET: ${{ secrets.LAB_OBO_CLIENT_SECRET }}
+      LAB_OBO_CONFIDENTIAL_CLIENT_ID: ${{ secrets.LAB_OBO_CONFIDENTIAL_CLIENT_ID }}
+      LAB_OBO_PUBLIC_CLIENT_ID: ${{ secrets.LAB_OBO_PUBLIC_CLIENT_ID }}
+
+    # Derived from https://docs.github.com/en/actions/guides/building-and-testing-python#starting-with-the-python-workflow-template
+    runs-on: ubuntu-latest  # It switched to 22.04 shortly after 2022-Nov-8
+    strategy:
+      matrix:
+        python-version: [3.7, 3.8, 3.9, "3.10", "3.11", "3.12"]
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      # It automatically takes care of pip cache, according to
+      # https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#about-caching-workflow-dependencies
+      with:
+        python-version: ${{ matrix.python-version }}
+        cache: 'pip'
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        python -m pip install flake8 pytest
+        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+    - name: Populate lab cert.pfx
+      # https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#storing-base64-binary-blobs-as-secrets
+      run: echo $LAB_APP_CLIENT_CERT_BASE64 | base64 -d > $LAB_APP_CLIENT_CERT_PFX_PATH
+    - name: Test with pytest
+      run: pytest --benchmark-skip
+    - name: Lint with flake8
+      run: |
+        # stop the build if there are Python syntax errors or undefined names
+        #flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+        # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+        #flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+
+  cb:
+    # Benchmark only after the correctness has been tested by CI,
+    # and then run benchmark only once (sampling with only one Python version).
+    needs: ci
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python 3.9
+      uses: actions/setup-python@v5
+      with:
+        python-version: 3.9
+        cache: 'pip'
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+    - name: Setup an updatable cache for Performance Baselines
+      uses: actions/cache@v4
+      with:
+        path: .perf.baseline
+        key: ${{ runner.os }}-performance-${{ hashFiles('tests/test_benchmark.py') }}
+        restore-keys: ${{ runner.os }}-performance-
+    - name: Run benchmark
+      run: pytest --benchmark-only --benchmark-json benchmark.json --log-cli-level INFO tests/test_benchmark.py
+    - name: Render benchmark result
+      uses: benchmark-action/github-action-benchmark@v1
+      with:
+        tool: 'pytest'
+        output-file-path: benchmark.json
+        fail-on-alert: true
+    - name: Publish Gibhub Pages
+      run: git push origin gh-pages
+
+  cd:
+    needs: ci
+    # Note: github.event.pull_request.draft == false WON'T WORK in "if" statement,
+    # because the triggered event is a push, not a pull_request.
+    # This means each commit will trigger a release on TestPyPI.
+    # Those releases will only succeed when each push has a new version number: a1, a2, a3, etc.
+    if: |
+      github.event_name == 'push' &&
+      (
+        startsWith(github.ref, 'refs/tags') ||
+        startsWith(github.ref, 'refs/heads/release-')
+      )
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python 3.9
+      uses: actions/setup-python@v5
+      with:
+        python-version: 3.9
+        cache: 'pip'
+    - name: Build a package for release
+      run: |
+        python -m pip install build --user
+        python -m build --sdist --wheel --outdir dist/ .
+    - name: |
+        Publish to TestPyPI when pushing to release-* branch.
+        You better test with a1, a2, b1, b2 releases first.
+      uses: pypa/[email protected]
+      if: startsWith(github.ref, 'refs/heads/release-')
+      with:
+        user: __token__
+        password: ${{ secrets.TEST_PYPI_API_TOKEN }}
+        repository_url: https://test.pypi.org/legacy/
+    - name: Publish to PyPI when tagged
+      if: startsWith(github.ref, 'refs/tags')
+      uses: pypa/[email protected]
+      with:
+        user: __token__
+        password: ${{ secrets.PYPI_API_TOKEN }}

.gitignore

@@ -45,7 +45,8 @@ src/build
 
 # Virtual Environments
 /env*
-
+.venv/
+docs/_build/
 # Visual Studio Files
 /.vs/*
 /tests/.vs/*
@@ -56,3 +57,6 @@ src/build
 # The test configuration file(s) could potentially contain credentials
 tests/config.json
 
+
+.env
+.perf.baseline

.readthedocs.yaml

@@ -0,0 +1,22 @@
+# .readthedocs.yaml
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Required
+version: 2
+
+# Set the version of Python and other tools you might need
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.12"
+
+# Build documentation in the docs/ directory with Sphinx
+sphinx:
+  configuration: docs/conf.py
+
+# We recommend specifying your dependencies to enable reproducible builds:
+# https://docs.readthedocs.io/en/stable/guides/reproducible-builds.html
+python:
+  install:
+  - requirements: docs/requirements.txt

.travis.yml

@@ -4,7 +4,43 @@ python:
   - "2.7"
   - "3.5"
   - "3.6"
+# Borrowed from https://github.com/travis-ci/travis-ci/issues/9815
+# Enable 3.7 without globally enabling sudo and dist: xenial for other build jobs
+matrix:
+  include:
+    - python: 3.7
+      dist: xenial
+      sudo: true
+    - python: 3.8
+      dist: xenial
+      sudo: true
+
 install:
   - pip install -r requirements.txt
 script:
   - python -m unittest discover -s tests
+
+deploy:
+  - # test pypi
+    provider: pypi
+    distributions: "sdist bdist_wheel"
+    server: https://test.pypi.org/legacy/
+    user: "nugetaad"
+    password:
+      secure: KkjKySJujYxx31B15mlAZr2Jo4P99LcrMj3uON/X/WMXAqYVcVsYJ6JSzUvpNnCAgk+1hc24Qp6nibQHV824yiK+eG4qV+lpzkEEedkRx6NOW/h09OkT+pOSVMs0kcIhz7FzqChpl+jf6ZZpb13yJpQg2LoZIA4g8UdYHHFidWt4m5u1FZ9LPCqQ0OT3gnKK4qb0HIDaECfz5GYzrelLLces0PPwj1+X5eb38xUVtbkA1UJKLGKI882D8Rq5eBdbnDGsfDnF6oU+EBnGZ7o6HVQLdBgagDoVdx7yoXyntULeNxTENMTOZJEJbncQwxRgeEqJWXTTEW57O6Jo5uiHEpJA9lAePlRbS+z6BPDlnQogqOdTsYS0XMfOpYE0/r3cbtPUjETOmGYQxjQzfrFBfM7jaWnUquymZRYqCQ66VDo3I/ykNOCoM9qTmWt5L/MFfOZyoxLHnDThZBdJ3GXHfbivg+v+vOfY1gG8e2H2lQY+/LIMIJibF+MS4lJgrB81dcNdBzyxMNByuWQjSL1TY7un0QzcRcZz2NLrFGg8+9d67LQq4mK5ySimc6zdgnanuROU02vGr1EApT6D/qUItiulFgWqInNKrFXE9q74UP/WSooZPoLa3Du8y5s4eKerYYHQy5eSfIC8xKKDU8MSgoZhwQhCUP46G9Nsty0PYQc=
+    on:
+      branch: master
+      tags: false
+      condition: $TRAVIS_PYTHON_VERSION = "2.7"
+
+  - # production pypi
+    provider: pypi
+    distributions: "sdist bdist_wheel"
+    user: "nugetaad"
+    password:
+      secure: KkjKySJujYxx31B15mlAZr2Jo4P99LcrMj3uON/X/WMXAqYVcVsYJ6JSzUvpNnCAgk+1hc24Qp6nibQHV824yiK+eG4qV+lpzkEEedkRx6NOW/h09OkT+pOSVMs0kcIhz7FzqChpl+jf6ZZpb13yJpQg2LoZIA4g8UdYHHFidWt4m5u1FZ9LPCqQ0OT3gnKK4qb0HIDaECfz5GYzrelLLces0PPwj1+X5eb38xUVtbkA1UJKLGKI882D8Rq5eBdbnDGsfDnF6oU+EBnGZ7o6HVQLdBgagDoVdx7yoXyntULeNxTENMTOZJEJbncQwxRgeEqJWXTTEW57O6Jo5uiHEpJA9lAePlRbS+z6BPDlnQogqOdTsYS0XMfOpYE0/r3cbtPUjETOmGYQxjQzfrFBfM7jaWnUquymZRYqCQ66VDo3I/ykNOCoM9qTmWt5L/MFfOZyoxLHnDThZBdJ3GXHfbivg+v+vOfY1gG8e2H2lQY+/LIMIJibF+MS4lJgrB81dcNdBzyxMNByuWQjSL1TY7un0QzcRcZz2NLrFGg8+9d67LQq4mK5ySimc6zdgnanuROU02vGr1EApT6D/qUItiulFgWqInNKrFXE9q74UP/WSooZPoLa3Du8y5s4eKerYYHQy5eSfIC8xKKDU8MSgoZhwQhCUP46G9Nsty0PYQc=
+    on:
+      branch: master
+      tags: true
+      condition: $TRAVIS_PYTHON_VERSION = "2.7"
+

CODEOWNERS

@@ -0,0 +1 @@
+* @AzureAD/id4s-msal-team

LICENSE

@@ -0,0 +1,24 @@
+The MIT License (MIT)
+
+Copyright (c) Microsoft Corporation. 
+All rights reserved.
+
+This code is licensed under the MIT License.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files(the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions :
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.