def __init__(self, client_id, client_credential=None, **kwargs): # type: (str, Optional[Union[str, Dict]], **Any) -> None authority = kwargs.pop("authority", None) self._authority = normalize_authority( authority) if authority else get_default_authority() self._regional_authority = kwargs.pop( "regional_authority", os.environ.get(EnvironmentVariables.AZURE_REGIONAL_AUTHORITY_NAME)) self._tenant_id = kwargs.pop("tenant_id", None) or "organizations" validate_tenant_id(self._tenant_id) self._allow_multitenant = kwargs.pop( "allow_multitenant_authentication", False) self._client = MsalClient(**kwargs) self._client_applications = { } # type: Dict[str, msal.ClientApplication] self._client_credential = client_credential self._client_id = client_id self._cache = kwargs.pop("_cache", None) if not self._cache: options = kwargs.pop("cache_persistence_options", None) if options: self._cache = _load_persistent_cache(options) else: self._cache = msal.TokenCache() super(MsalCredential, self).__init__()
def __init__(self, client_id, client_credential=None, **kwargs): # type: (str, Optional[Union[str, Mapping[str, str]]], **Any) -> None authority = kwargs.pop("authority", None) self._authority = normalize_authority( authority) if authority else get_default_authority() self._tenant_id = kwargs.pop("tenant_id", None) or "organizations" validate_tenant_id(self._tenant_id) self._client_credential = client_credential self._client_id = client_id self._cache = kwargs.pop("_cache", None) # internal, for use in tests if not self._cache: if kwargs.pop("enable_persistent_cache", False): allow_unencrypted = kwargs.pop("allow_unencrypted_cache", False) self._cache = load_user_cache(allow_unencrypted) else: self._cache = msal.TokenCache() self._client = MsalClient(**kwargs) # postpone creating the wrapped application because its initializer uses the network self._msal_app = None # type: Optional[msal.ClientApplication] super(MsalCredential, self).__init__()
def __init__(self, tenant_id: str, client_id: str, client_secret: str, **kwargs: "Any") -> None: if not client_id: raise ValueError( "client_id should be the id of an Azure Active Directory application" ) if not client_secret: raise ValueError( "secret should be an Azure Active Directory application's client secret" ) if not tenant_id: raise ValueError( "tenant_id should be an Azure Active Directory tenant's id (also called its 'directory id')" ) validate_tenant_id(tenant_id) cache_options = kwargs.pop("cache_persistence_options", None) if cache_options: cache = _load_persistent_cache(cache_options) else: cache = msal.TokenCache() self._client = AadClient(tenant_id, client_id, cache=cache, **kwargs) self._client_id = client_id self._secret = client_secret super().__init__()
def __init__(self, **kwargs): if kwargs.pop("enable_persistent_cache", False): allow_unencrypted = kwargs.pop("allow_unencrypted_cache", False) cache = load_service_principal_cache(allow_unencrypted) else: cache = msal.TokenCache() super(ClientCredentialBase, self).__init__(_cache=cache, **kwargs)
def __init__(self, client_id, client_credential=None, **kwargs): # type: (str, Optional[Union[str, dict]], **Any) -> None authority = kwargs.pop("authority", None) self._authority = normalize_authority( authority) if authority else get_default_authority() self._regional_authority = kwargs.pop( "regional_authority", os.environ.get(EnvironmentVariables.AZURE_REGIONAL_AUTHORITY_NAME)) self._tenant_id = kwargs.pop("tenant_id", None) or "organizations" validate_tenant_id(self._tenant_id) self._client_credential = client_credential self._client_id = client_id self._cache = kwargs.pop("_cache", None) if not self._cache: options = kwargs.pop("cache_persistence_options", None) if options: self._cache = _load_persistent_cache(options) else: self._cache = msal.TokenCache() self._client = MsalClient(**kwargs) # postpone creating the wrapped application because its initializer uses the network self._msal_app = None # type: Optional[msal.ClientApplication] super(MsalCredential, self).__init__()
def __init__(self, tenant_id, client_id, certificate_path=None, **kwargs): # type: (str, str, Optional[str], **Any) -> None validate_tenant_id(tenant_id) client_credential = get_client_credential(certificate_path, **kwargs) self._certificate = AadClientCertificate( client_credential["private_key"], password=client_credential.get("passphrase")) cache_options = kwargs.pop("cache_persistence_options", None) if cache_options: cache = _load_persistent_cache(cache_options) else: cache = msal.TokenCache() self._client = AadClient(tenant_id, client_id, cache=cache, **kwargs) self._client_id = client_id
def __init__(self, client_id, client_credential=None, **kwargs): # type: (str, Optional[Union[str, Mapping[str, str]]], **Any) -> None authority = kwargs.pop("authority", None) self._authority = normalize_authority( authority) if authority else get_default_authority() self._tenant_id = kwargs.pop("tenant_id", None) or "organizations" self._client_credential = client_credential self._client_id = client_id self._cache = kwargs.pop("_cache", None) # internal, for use in tests if not self._cache: if kwargs.pop("enable_persistent_cache", False): self._cache = _load_persistent_cache() else: self._cache = msal.TokenCache() self._adapter = kwargs.pop("msal_adapter", None) or MsalTransportAdapter(**kwargs) # postpone creating the wrapped application because its initializer uses the network self._msal_app = None # type: Optional[msal.ClientApplication]
def test_auth_code_credential(): client_id = "client id" tenant_id = "tenant" expected_code = "auth code" redirect_uri = "https://localhost" expected_access_token = "access" expected_refresh_token = "refresh" expected_scope = "scope" auth_response = build_aad_response(access_token=expected_access_token, refresh_token=expected_refresh_token) transport = validating_transport( requests=[ Request( # first call should redeem the auth code url_substring=tenant_id, required_data={ "client_id": client_id, "code": expected_code, "grant_type": "authorization_code", "redirect_uri": redirect_uri, "scope": expected_scope, }, ), Request( # third call should redeem the refresh token url_substring=tenant_id, required_data={ "client_id": client_id, "grant_type": "refresh_token", "refresh_token": expected_refresh_token, "scope": expected_scope, }, ), ], responses=[mock_response(json_payload=auth_response)] * 2, ) cache = msal.TokenCache() credential = AuthorizationCodeCredential( client_id=client_id, tenant_id=tenant_id, authorization_code=expected_code, redirect_uri=redirect_uri, transport=transport, cache=cache, ) # first call should redeem the auth code token = credential.get_token(expected_scope) assert token.token == expected_access_token assert transport.send.call_count == 1 # no auth code -> credential should return cached token token = credential.get_token(expected_scope) assert token.token == expected_access_token assert transport.send.call_count == 1 # no auth code, no cached token -> credential should redeem refresh token cached_access_token = cache.find(cache.CredentialType.ACCESS_TOKEN)[0] cache.remove_at(cached_access_token) token = credential.get_token(expected_scope) assert token.token == expected_access_token assert transport.send.call_count == 2