Skip to content

add using system account support #34754

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
xiangyan99 merged 4 commits into from
Mar 14, 2024
Merged

add using system account support #34754

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
dbc3cd0
add using system account support
xiangyan99 Mar 13, 2024
4bb09b5
update
xiangyan99 Mar 13, 2024
0edfb1f
update
xiangyan99 Mar 14, 2024
aa80fa1
update
xiangyan99 Mar 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .vscode/cspell.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -576,6 +576,12 @@
"wammsa"
]
},
{
"filename": "sdk/identity/azure-identity-broker/tests/*.py",
"words": [
"signin"
]
},
{
"filename": "sdk/tables/azure-data-tables/tests/**/*.py",
"words": [
Expand Down
2 changes: 2 additions & 0 deletions sdk/identity/azure-identity-broker/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@

### Features Added

- `InteractiveBrowserBrokerCredential` now supports a `use_operating_system_account` property to enable the use of the currently logged in operating system account for authentication rather than prompting for a credential.

### Breaking Changes

### Bugs Fixed
Expand Down
19 changes: 19 additions & 0 deletions sdk/identity/azure-identity-broker/azure/identity/broker/_browser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ class InteractiveBrowserBrokerCredential(_InteractiveBrowserCredential):
:keyword int timeout: seconds to wait for the user to complete authentication. Defaults to 300 (5 minutes).
:keyword int parent_window_handle: If your app is a GUI app running on a modern Windows system, you are required to
also provide its window handle so that the sign in UI window will properly pop up on top of your window.
:keyword bool use_operating_system_account: Whether to authenticate with the currently signed in user instead of
prompting the user with a login dialog. Defaults to False.
:keyword bool enable_msa_passthrough: Determines whether Microsoft Account (MSA) passthrough is enabled. Note, this
is only needed for select legacy first-party applications. Defaults to False.
:keyword bool disable_instance_discovery: Determines whether or not instance discovery is performed when attempting
Expand All @@ -52,6 +54,7 @@ class InteractiveBrowserBrokerCredential(_InteractiveBrowserCredential):
def __init__(self, **kwargs: Any) -> None:
self._parent_window_handle = kwargs.pop("parent_window_handle", None)
self._enable_msa_passthrough = kwargs.pop("enable_msa_passthrough", False)
self._use_operating_system_account = kwargs.pop("use_operating_system_account", False)
super().__init__(**kwargs)

@wrap_exceptions
Expand All @@ -61,6 +64,22 @@ def _request_token(self, *scopes: str, **kwargs: Any) -> Dict:
app = self._get_app(**kwargs)
port = self._parsed_url.port if self._parsed_url else None

if self._use_operating_system_account:
try:
result = app.acquire_token_interactive(
scopes=scopes,
login_hint=self._login_hint,
claims_challenge=claims,
timeout=self._timeout,
prompt=msal.Prompt.NONE,
port=port,
parent_window_handle=self._parent_window_handle,
enable_msa_passthrough=self._enable_msa_passthrough,
)
if "access_token" in result:
return result
except socket.error:
pass
try:
result = app.acquire_token_interactive(
scopes=scopes,
Expand Down
15 changes: 14 additions & 1 deletion sdk/identity/azure-identity-broker/tests/test_broker.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,24 @@
# ------------------------------------
import pytest
import sys
from unittest.mock import patch, Mock
from azure.identity.broker import InteractiveBrowserBrokerCredential


@pytest.mark.skip("Not compatible with identity 1.15.0b1")
@pytest.mark.skipif(not sys.platform.startswith("win"), reason="tests Windows-specific behavior")
def test_interactive_browser_broker_cred():
cred = InteractiveBrowserBrokerCredential()
assert cred._get_app()._enable_broker


@pytest.mark.skipif(not sys.platform.startswith("win"), reason="tests Windows-specific behavior")
def test_interactive_browser_broker_cred_signed_in_account():
with patch("msal.broker._signin_silently", Mock(return_value="token")) as mock_signin_silently:
try:
cred = InteractiveBrowserBrokerCredential(
parent_window_handle="window_handle", use_operating_system_account=True
)
cred.get_token("scope")
except Exception: # msal raises TypeError which is expected. We are not testing msal here.
pass
assert mock_signin_silently.called