From dbc3cd09d84ab6e56a66873d250863fd0a35b5d2 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Wed, 13 Mar 2024 15:05:37 -0700 Subject: [PATCH 1/4] add using system account support --- .../azure-identity-broker/CHANGELOG.md | 2 ++ .../azure/identity/broker/_browser.py | 19 +++++++++++++++++++ .../tests/test_broker.py | 15 ++++++++++++++- 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/sdk/identity/azure-identity-broker/CHANGELOG.md b/sdk/identity/azure-identity-broker/CHANGELOG.md index 369c6a9397d4..e7a6e3b3b7a3 100644 --- a/sdk/identity/azure-identity-broker/CHANGELOG.md +++ b/sdk/identity/azure-identity-broker/CHANGELOG.md @@ -4,6 +4,8 @@ ### Features Added +- `InteractiveBrowserBrokerCredential` now supports a `use_operating_system_account` property to enable the use of the currently logged in operating system account for authentication rather than prompting for a credential. + ### Breaking Changes ### Bugs Fixed diff --git a/sdk/identity/azure-identity-broker/azure/identity/broker/_browser.py b/sdk/identity/azure-identity-broker/azure/identity/broker/_browser.py index 599cfe838ab7..461efd2a6237 100644 --- a/sdk/identity/azure-identity-broker/azure/identity/broker/_browser.py +++ b/sdk/identity/azure-identity-broker/azure/identity/broker/_browser.py @@ -37,6 +37,8 @@ class InteractiveBrowserBrokerCredential(_InteractiveBrowserCredential): :keyword int timeout: seconds to wait for the user to complete authentication. Defaults to 300 (5 minutes). :keyword int parent_window_handle: If your app is a GUI app running on a modern Windows system, you are required to also provide its window handle so that the sign in UI window will properly pop up on top of your window. + :keyword bool use_operation_system_account: Whether to authenticate with the currently signed in user instead of + prompting the user with a login dialog. Defaults to False. :keyword bool enable_msa_passthrough: Determines whether Microsoft Account (MSA) passthrough is enabled. Note, this is only needed for select legacy first-party applications. Defaults to False. :keyword bool disable_instance_discovery: Determines whether or not instance discovery is performed when attempting @@ -52,6 +54,7 @@ class InteractiveBrowserBrokerCredential(_InteractiveBrowserCredential): def __init__(self, **kwargs: Any) -> None: self._parent_window_handle = kwargs.pop("parent_window_handle", None) self._enable_msa_passthrough = kwargs.pop("enable_msa_passthrough", False) + self._use_operation_system_account = kwargs.pop("use_operation_system_account", False) super().__init__(**kwargs) @wrap_exceptions @@ -61,6 +64,22 @@ def _request_token(self, *scopes: str, **kwargs: Any) -> Dict: app = self._get_app(**kwargs) port = self._parsed_url.port if self._parsed_url else None + if self._use_operation_system_account: + try: + result = app.acquire_token_interactive( + scopes=scopes, + login_hint=self._login_hint, + claims_challenge=claims, + timeout=self._timeout, + prompt="none", + port=port, + parent_window_handle=self._parent_window_handle, + enable_msa_passthrough=self._enable_msa_passthrough, + ) + if "access_token" in result: + return result + except socket.error: + pass try: result = app.acquire_token_interactive( scopes=scopes, diff --git a/sdk/identity/azure-identity-broker/tests/test_broker.py b/sdk/identity/azure-identity-broker/tests/test_broker.py index db6af316b02a..226c146900bc 100644 --- a/sdk/identity/azure-identity-broker/tests/test_broker.py +++ b/sdk/identity/azure-identity-broker/tests/test_broker.py @@ -4,11 +4,24 @@ # ------------------------------------ import pytest import sys +from unittest.mock import patch, Mock from azure.identity.broker import InteractiveBrowserBrokerCredential -@pytest.mark.skip("Not compatible with identity 1.15.0b1") @pytest.mark.skipif(not sys.platform.startswith("win"), reason="tests Windows-specific behavior") def test_interactive_browser_broker_cred(): cred = InteractiveBrowserBrokerCredential() assert cred._get_app()._enable_broker + + +@pytest.mark.skipif(not sys.platform.startswith("win"), reason="tests Windows-specific behavior") +def test_interactive_browser_broker_cred_signed_in_account(): + with patch("msal.broker._signin_silently", Mock(return_value="token")) as mock_signin_silently: + try: + cred = InteractiveBrowserBrokerCredential( + parent_window_handle="window_handle", use_operation_system_account=True + ) + cred.get_token("scope") + except Exception: # msal raises TypeError which is expected. We are not testing msal here. + pass + assert mock_signin_silently.called From 4bb09b5d9a1a97a8a53dd17346958ba7b8e592bd Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Wed, 13 Mar 2024 16:07:12 -0700 Subject: [PATCH 2/4] update --- .vscode/cspell.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.vscode/cspell.json b/.vscode/cspell.json index 0cb757d24fc1..fd8ff9124bc2 100644 --- a/.vscode/cspell.json +++ b/.vscode/cspell.json @@ -576,6 +576,12 @@ "wammsa" ] }, + { + "filename": "sdk/identity/azure-identity-broker/tests/*.py", + "words": [ + "signin" + ] + }, { "filename": "sdk/tables/azure-data-tables/tests/**/*.py", "words": [ From 0edfb1f2c5c8e8e09d8db40d46ad830d28532ce4 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Thu, 14 Mar 2024 08:45:41 -0700 Subject: [PATCH 3/4] update --- .../azure/identity/broker/_browser.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sdk/identity/azure-identity-broker/azure/identity/broker/_browser.py b/sdk/identity/azure-identity-broker/azure/identity/broker/_browser.py index 461efd2a6237..5d176507a1f3 100644 --- a/sdk/identity/azure-identity-broker/azure/identity/broker/_browser.py +++ b/sdk/identity/azure-identity-broker/azure/identity/broker/_browser.py @@ -37,7 +37,7 @@ class InteractiveBrowserBrokerCredential(_InteractiveBrowserCredential): :keyword int timeout: seconds to wait for the user to complete authentication. Defaults to 300 (5 minutes). :keyword int parent_window_handle: If your app is a GUI app running on a modern Windows system, you are required to also provide its window handle so that the sign in UI window will properly pop up on top of your window. - :keyword bool use_operation_system_account: Whether to authenticate with the currently signed in user instead of + :keyword bool use_operating_system_account: Whether to authenticate with the currently signed in user instead of prompting the user with a login dialog. Defaults to False. :keyword bool enable_msa_passthrough: Determines whether Microsoft Account (MSA) passthrough is enabled. Note, this is only needed for select legacy first-party applications. Defaults to False. @@ -54,7 +54,7 @@ class InteractiveBrowserBrokerCredential(_InteractiveBrowserCredential): def __init__(self, **kwargs: Any) -> None: self._parent_window_handle = kwargs.pop("parent_window_handle", None) self._enable_msa_passthrough = kwargs.pop("enable_msa_passthrough", False) - self._use_operation_system_account = kwargs.pop("use_operation_system_account", False) + self._use_operating_system_account = kwargs.pop("use_operating_system_account", False) super().__init__(**kwargs) @wrap_exceptions @@ -64,14 +64,14 @@ def _request_token(self, *scopes: str, **kwargs: Any) -> Dict: app = self._get_app(**kwargs) port = self._parsed_url.port if self._parsed_url else None - if self._use_operation_system_account: + if self._use_operating_system_account: try: result = app.acquire_token_interactive( scopes=scopes, login_hint=self._login_hint, claims_challenge=claims, timeout=self._timeout, - prompt="none", + prompt=msal.Prompt.NONE, port=port, parent_window_handle=self._parent_window_handle, enable_msa_passthrough=self._enable_msa_passthrough, From aa80fa145042520dad90ea5664dd617c29d9a391 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Thu, 14 Mar 2024 09:16:41 -0700 Subject: [PATCH 4/4] update --- sdk/identity/azure-identity-broker/tests/test_broker.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/identity/azure-identity-broker/tests/test_broker.py b/sdk/identity/azure-identity-broker/tests/test_broker.py index 226c146900bc..595804500af1 100644 --- a/sdk/identity/azure-identity-broker/tests/test_broker.py +++ b/sdk/identity/azure-identity-broker/tests/test_broker.py @@ -19,7 +19,7 @@ def test_interactive_browser_broker_cred_signed_in_account(): with patch("msal.broker._signin_silently", Mock(return_value="token")) as mock_signin_silently: try: cred = InteractiveBrowserBrokerCredential( - parent_window_handle="window_handle", use_operation_system_account=True + parent_window_handle="window_handle", use_operating_system_account=True ) cred.get_token("scope") except Exception: # msal raises TypeError which is expected. We are not testing msal here.