From 66c99bb14a35be556007d0bf7b123f139dabdd9e Mon Sep 17 00:00:00 2001 From: Ray Luo Date: Tue, 8 Dec 2020 12:14:38 -0800 Subject: [PATCH 1/3] Enables extra_scopes_to_consent in acquire_token_silent() --- msal/application.py | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/msal/application.py b/msal/application.py index 6d4eeb58..eb507656 100644 --- a/msal/application.py +++ b/msal/application.py @@ -376,7 +376,6 @@ def initiate_auth_code_flow( def get_authorization_request_url( self, scopes, # type: list[str] - # additional_scope=None, # type: Optional[list] login_hint=None, # type: Optional[str] state=None, # Recommended by OAuth2 for CSRF protection redirect_uri=None, @@ -425,14 +424,6 @@ def get_authorization_request_url( :return: The authorization url as a string. """ - """ # TBD: this would only be meaningful in a new acquire_token_interactive() - :param additional_scope: Additional scope is a concept only in AAD. - It refers to other resources you might want to prompt to consent - for in the same interaction, but for which you won't get back a - token for in this particular operation. - (Under the hood, we simply merge scope and additional_scope before - sending them on the wire.) - """ authority = kwargs.pop("authority", None) # Historically we support this if authority: warnings.warn( @@ -1007,6 +998,7 @@ def acquire_token_interactive( claims_challenge=None, timeout=None, port=None, + extra_scopes_to_consent=None, **kwargs): """Acquire token interactively i.e. via a local browser. @@ -1043,6 +1035,12 @@ def acquire_token_interactive( By default we will use a system-allocated port. (The rest of the redirect_uri is hard coded as ``http://localhost``.) + :param list extra_scopes_to_consent: + "Extra scopes to consent" is a concept only available in AAD. + It refers to other resources you might want to prompt to consent for, + in the same interaction, but for which you won't get back a + token for in this particular operation. + :return: - A dict containing no "error" key, and typically contains an "access_token" key, @@ -1054,6 +1052,7 @@ def acquire_token_interactive( self._client_capabilities, claims_challenge) return self.client.obtain_token_by_browser( scope=decorate_scope(scopes, self.client_id) if scopes else None, + extra_scope_to_consent=extra_scopes_to_consent, redirect_uri="http://localhost:{port}".format( # Hardcode the host, for now. AAD portal rejects 127.0.0.1 anyway port=port or 0), From 202138215b204882bba25d1b61b7dade74b7d4c1 Mon Sep 17 00:00:00 2001 From: Ray Luo Date: Mon, 14 Dec 2020 10:50:30 -0800 Subject: [PATCH 2/3] Lazy import webbrowser to accommondate OpenWrt distro --- oauth2cli/authcode.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauth2cli/authcode.py b/oauth2cli/authcode.py index f22194d9..9da47d32 100644 --- a/oauth2cli/authcode.py +++ b/oauth2cli/authcode.py @@ -5,7 +5,6 @@ It optionally opens a browser window to guide a human user to manually login. After obtaining an auth code, the web server will automatically shut down. """ -import webbrowser import logging import socket from string import Template @@ -35,6 +34,7 @@ def obtain_auth_code(listen_port, auth_uri=None): # Historically only used in t def _browse(auth_uri): + import webbrowser # Lazy import. Some distro may not have this. controller = webbrowser.get() # Get a default controller # Some Linux Distro does not setup default browser properly, # so we try to explicitly use some popular browser, if we found any. From 32edbb941f1ed68170bd315915571bfd42dae0d7 Mon Sep 17 00:00:00 2001 From: Ray Luo Date: Tue, 15 Dec 2020 12:06:27 -0800 Subject: [PATCH 3/3] MSAL 1.8.0 Bumping version number --- msal/application.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal/application.py b/msal/application.py index eb507656..fcd0d072 100644 --- a/msal/application.py +++ b/msal/application.py @@ -21,7 +21,7 @@ # The __init__.py will import this. Not the other way around. -__version__ = "1.7.0" +__version__ = "1.8.0" logger = logging.getLogger(__name__)