def __init__(self, client_id, client_credential=None, **kwargs):
# type: (str, Optional[Union[str, Dict]], **Any) -> None
authority = kwargs.pop("authority", None)
self._authority = normalize_authority(
authority) if authority else get_default_authority()
self._regional_authority = kwargs.pop(
"regional_authority",
os.environ.get(EnvironmentVariables.AZURE_REGIONAL_AUTHORITY_NAME))
self._tenant_id = kwargs.pop("tenant_id", None) or "organizations"
validate_tenant_id(self._tenant_id)
self._allow_multitenant = kwargs.pop(
"allow_multitenant_authentication", False)
self._client = MsalClient(**kwargs)
self._client_applications = {
} # type: Dict[str, msal.ClientApplication]
self._client_credential = client_credential
self._client_id = client_id
self._cache = kwargs.pop("_cache", None)
if not self._cache:
options = kwargs.pop("cache_persistence_options", None)
if options:
self._cache = _load_persistent_cache(options)
else:
self._cache = msal.TokenCache()
super(MsalCredential, self).__init__()
def __init__(self, client_id, client_credential=None, **kwargs):
# type: (str, Optional[Union[str, Mapping[str, str]]], **Any) -> None
authority = kwargs.pop("authority", None)
self._authority = normalize_authority(
authority) if authority else get_default_authority()
self._tenant_id = kwargs.pop("tenant_id", None) or "organizations"
validate_tenant_id(self._tenant_id)
self._client_credential = client_credential
self._client_id = client_id
self._cache = kwargs.pop("_cache", None) # internal, for use in tests
if not self._cache:
if kwargs.pop("enable_persistent_cache", False):
allow_unencrypted = kwargs.pop("allow_unencrypted_cache",
False)
self._cache = load_user_cache(allow_unencrypted)
else:
self._cache = msal.TokenCache()
self._client = MsalClient(**kwargs)
# postpone creating the wrapped application because its initializer uses the network
self._msal_app = None # type: Optional[msal.ClientApplication]
super(MsalCredential, self).__init__()
def __init__(self, tenant_id: str, client_id: str, client_secret: str,
**kwargs: "Any") -> None:
if not client_id:
raise ValueError(
"client_id should be the id of an Azure Active Directory application"
)
if not client_secret:
raise ValueError(
"secret should be an Azure Active Directory application's client secret"
)
if not tenant_id:
raise ValueError(
"tenant_id should be an Azure Active Directory tenant's id (also called its 'directory id')"
)
validate_tenant_id(tenant_id)
cache_options = kwargs.pop("cache_persistence_options", None)
if cache_options:
cache = _load_persistent_cache(cache_options)
else:
cache = msal.TokenCache()
self._client = AadClient(tenant_id, client_id, cache=cache, **kwargs)
self._client_id = client_id
self._secret = client_secret
super().__init__()
def __init__(self, **kwargs):
if kwargs.pop("enable_persistent_cache", False):
allow_unencrypted = kwargs.pop("allow_unencrypted_cache", False)
cache = load_service_principal_cache(allow_unencrypted)
else:
cache = msal.TokenCache()
super(ClientCredentialBase, self).__init__(_cache=cache, **kwargs)
def __init__(self, client_id, client_credential=None, **kwargs):
# type: (str, Optional[Union[str, dict]], **Any) -> None
authority = kwargs.pop("authority", None)
self._authority = normalize_authority(
authority) if authority else get_default_authority()
self._regional_authority = kwargs.pop(
"regional_authority",
os.environ.get(EnvironmentVariables.AZURE_REGIONAL_AUTHORITY_NAME))
self._tenant_id = kwargs.pop("tenant_id", None) or "organizations"
validate_tenant_id(self._tenant_id)
self._client_credential = client_credential
self._client_id = client_id
self._cache = kwargs.pop("_cache", None)
if not self._cache:
options = kwargs.pop("cache_persistence_options", None)
if options:
self._cache = _load_persistent_cache(options)
else:
self._cache = msal.TokenCache()
self._client = MsalClient(**kwargs)
# postpone creating the wrapped application because its initializer uses the network
self._msal_app = None # type: Optional[msal.ClientApplication]
super(MsalCredential, self).__init__()
def __init__(self, tenant_id, client_id, certificate_path=None, **kwargs):
# type: (str, str, Optional[str], **Any) -> None
validate_tenant_id(tenant_id)
client_credential = get_client_credential(certificate_path, **kwargs)
self._certificate = AadClientCertificate(
client_credential["private_key"],
password=client_credential.get("passphrase"))
cache_options = kwargs.pop("cache_persistence_options", None)
if cache_options:
cache = _load_persistent_cache(cache_options)
else:
cache = msal.TokenCache()
self._client = AadClient(tenant_id, client_id, cache=cache, **kwargs)
self._client_id = client_id
def __init__(self, client_id, client_credential=None, **kwargs):
# type: (str, Optional[Union[str, Mapping[str, str]]], **Any) -> None
authority = kwargs.pop("authority", None)
self._authority = normalize_authority(
authority) if authority else get_default_authority()
self._tenant_id = kwargs.pop("tenant_id", None) or "organizations"
self._client_credential = client_credential
self._client_id = client_id
self._cache = kwargs.pop("_cache", None) # internal, for use in tests
if not self._cache:
if kwargs.pop("enable_persistent_cache", False):
self._cache = _load_persistent_cache()
else:
self._cache = msal.TokenCache()
self._adapter = kwargs.pop("msal_adapter",
None) or MsalTransportAdapter(**kwargs)
# postpone creating the wrapped application because its initializer uses the network
self._msal_app = None # type: Optional[msal.ClientApplication]
def test_auth_code_credential():
client_id = "client id"
tenant_id = "tenant"
expected_code = "auth code"
redirect_uri = "https://localhost"
expected_access_token = "access"
expected_refresh_token = "refresh"
expected_scope = "scope"
auth_response = build_aad_response(access_token=expected_access_token, refresh_token=expected_refresh_token)
transport = validating_transport(
requests=[
Request( # first call should redeem the auth code
url_substring=tenant_id,
required_data={
"client_id": client_id,
"code": expected_code,
"grant_type": "authorization_code",
"redirect_uri": redirect_uri,
"scope": expected_scope,
},
),
Request( # third call should redeem the refresh token
url_substring=tenant_id,
required_data={
"client_id": client_id,
"grant_type": "refresh_token",
"refresh_token": expected_refresh_token,
"scope": expected_scope,
},
),
],
responses=[mock_response(json_payload=auth_response)] * 2,
)
cache = msal.TokenCache()
credential = AuthorizationCodeCredential(
client_id=client_id,
tenant_id=tenant_id,
authorization_code=expected_code,
redirect_uri=redirect_uri,
transport=transport,
cache=cache,
)
# first call should redeem the auth code
token = credential.get_token(expected_scope)
assert token.token == expected_access_token
assert transport.send.call_count == 1
# no auth code -> credential should return cached token
token = credential.get_token(expected_scope)
assert token.token == expected_access_token
assert transport.send.call_count == 1
# no auth code, no cached token -> credential should redeem refresh token
cached_access_token = cache.find(cache.CredentialType.ACCESS_TOKEN)[0]
cache.remove_at(cached_access_token)
token = credential.get_token(expected_scope)
assert token.token == expected_access_token
assert transport.send.call_count == 2
