Merge branch 'dev' into wam

AzureAD · Jun 29, 2022 · c9a36e9 · c9a36e9
2 parents 46ef0e5 + bdbc23a
commit c9a36e9
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 4 deletions.
diff --git a/msal/application.py b/msal/application.py
@@ -566,8 +566,10 @@ def _get_regional_authority(self, central_authority):
         if region_to_use:
             regional_host = ("{}.r.login.microsoftonline.com".format(region_to_use)
                 if central_authority.instance in (
-                    # The list came from https://github.com/AzureAD/microsoft-authentication-library-for-python/pull/358/files#r629400328
+                    # The list came from point 3 of the algorithm section in this internal doc
+                    # https://identitydivision.visualstudio.com/DevEx/_git/AuthLibrariesApiReview?path=/PinAuthToRegion/AAD%20SDK%20Proposal%20to%20Pin%20Auth%20to%20region.md&anchor=algorithm&_a=preview
                     "login.microsoftonline.com",
+                    "login.microsoft.com",
                     "login.windows.net",
                     "sts.windows.net",
                     )
@@ -1421,7 +1423,7 @@ def _acquire_token_silent_by_finding_specific_refresh_token(
                 reverse=True):
             logger.debug("Cache attempts an RT")
             headers = telemetry_context.generate_headers()
-            if "home_account_id" in query:  # Then use it as CCS Routing info
+            if query.get("home_account_id"):  # Then use it as CCS Routing info
                 headers["X-AnchorMailbox"] = "Oid:{}".format(  # case-insensitive value
                     query["home_account_id"].replace(".", "@"))
             response = client.obtain_token_by_refresh_token(

diff --git a/msal/authority.py b/msal/authority.py
@@ -92,8 +92,9 @@ def __init__(self, authority_url, http_client, validate_authority=True):
             tenant_discovery_endpoint = payload['tenant_discovery_endpoint']
         else:
             tenant_discovery_endpoint = (
-                'https://{}{}{}/.well-known/openid-configuration'.format(
+                'https://{}:{}{}{}/.well-known/openid-configuration'.format(
                     self.instance,
+                    443 if authority.port is None else authority.port,
                     authority.path,  # In B2C scenario, it is "/tenant/policy"
                     "" if tenant == "adfs" else "/v2.0" # the AAD v2 endpoint
                     ))

diff --git a/tests/test_authority.py b/tests/test_authority.py
@@ -33,7 +33,8 @@ def _test_authority_builder(self, host, tenant):
     def test_wellknown_host_and_tenant(self):
         # Assert all well known authority hosts are using their own "common" tenant
         for host in WELL_KNOWN_AUTHORITY_HOSTS:
-            self._test_given_host_and_tenant(host, "common")
+            if host != AZURE_CHINA:  # It is prone to ConnectionError
+                self._test_given_host_and_tenant(host, "common")
 
     def test_wellknown_host_and_tenant_using_new_authority_builder(self):
         self._test_authority_builder(AZURE_PUBLIC, "consumers")