Merge branch 'dev' into release-1.34.0

rayluo · web-flow · commit 1c4148a027fa · 2025-09-22T16:14:57.000-07:00
diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml
@@ -119,15 +119,15 @@ jobs:
     - name: |
         Publish to TestPyPI when pushing to release-* branch.
         You better test with a1, a2, b1, b2 releases first.
-      uses: pypa/gh-action-pypi-publish@v1.4.2
+      uses: pypa/gh-action-pypi-publish@v1.13.0
       if: startsWith(github.ref, 'refs/heads/release-')
       with:
         user: __token__
         password: ${{ secrets.TEST_PYPI_API_TOKEN }}
         repository_url: https://test.pypi.org/legacy/
     - name: Publish to PyPI when tagged
       if: startsWith(github.ref, 'refs/tags')
-      uses: pypa/gh-action-pypi-publish@v1.4.2
+      uses: pypa/gh-action-pypi-publish@v1.13.0
       with:
         user: __token__
         password: ${{ secrets.PYPI_API_TOKEN }}
diff --git a/msal/broker.py b/msal/broker.py
@@ -145,12 +145,20 @@ def _build_msal_runtime_auth_params(client_id, authority):
     params.set_additional_parameter("msal_client_ver", __version__)
     return params
 
+def _set_redirect_uri_for_linux(params):
+    if sys.platform == "linux":
+        # This is required by Linux Java Broker to set a non-empty valid redirect_uri
+        params.set_redirect_uri(
+            "https://login.microsoftonline.com/common/oauth2/nativeclient"
+        )
+
 def _signin_silently(
         authority, client_id, scopes, correlation_id=None, claims=None,
         enable_msa_pt=False,
         auth_scheme=None,
         **kwargs):
     params = _build_msal_runtime_auth_params(client_id, authority)
+    _set_redirect_uri_for_linux(params)
     params.set_requested_scopes(scopes)
     if claims:
         params.set_decoded_claims(claims)
@@ -240,6 +248,7 @@ def _acquire_token_silently(
     if account is None:
         return
     params = _build_msal_runtime_auth_params(client_id, authority)
+    _set_redirect_uri_for_linux(params)
     params.set_requested_scopes(scopes)
     if claims:
         params.set_decoded_claims(claims)
diff --git a/tests/test_e2e.py b/tests/test_e2e.py
@@ -841,14 +841,14 @@ def test_user_account(self):
 
 
 class WorldWideTestCase(LabBasedTestCase):
-    _ADFS_LABS_DECOMMISSIONED = "ADFS labs were decommissioned since July 2025 until further notice"
+    _ADFS_LABS_UNAVAILABLE = "ADFS labs were temporarily down since July 2025 until further notice"
 
     def test_aad_managed_user(self):  # Pure cloud
         config = self.get_lab_user(usertype="cloud")
         config["password"] = self.get_lab_user_secret(config["lab_name"])
         self._test_username_password(**config)
 
-    @unittest.skip(_ADFS_LABS_DECOMMISSIONED)
+    @unittest.skip(_ADFS_LABS_UNAVAILABLE)
     def test_adfs4_fed_user(self):
         config = self.get_lab_user(usertype="federated", federationProvider="ADFSv4")
         config["password"] = self.get_lab_user_secret(config["lab_name"])
@@ -866,7 +866,7 @@ def test_adfs2_fed_user(self):
         config["password"] = self.get_lab_user_secret(config["lab_name"])
         self._test_username_password(**config)
 
-    @unittest.skip(_ADFS_LABS_DECOMMISSIONED)
+    @unittest.skip(_ADFS_LABS_UNAVAILABLE)
     def test_adfs2019_fed_user(self):
         try:
             config = self.get_lab_user(usertype="federated", federationProvider="ADFSv2019")
@@ -895,7 +895,7 @@ def test_msa_pt_app_signin_via_organizations_authority_without_login_hint(self):
             prompt="select_account",  # In MSAL Python, this resets login_hint
             ))
 
-    @unittest.skip(_ADFS_LABS_DECOMMISSIONED)
+    @unittest.skip(_ADFS_LABS_UNAVAILABLE)
     def test_ropc_adfs2019_onprem(self):
         # Configuration is derived from https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/4.7.0/tests/Microsoft.Identity.Test.Common/TestConstants.cs#L250-L259
         config = self.get_lab_user(usertype="onprem", federationProvider="ADFSv2019")
@@ -904,7 +904,7 @@ def test_ropc_adfs2019_onprem(self):
         config["password"] = self.get_lab_user_secret(config["lab_name"])
         self._test_username_password(**config)
 
-    @unittest.skip(_ADFS_LABS_DECOMMISSIONED)
+    @unittest.skip(_ADFS_LABS_UNAVAILABLE)
     def test_adfs2019_onprem_acquire_token_by_auth_code(self):
         """When prompted, you can manually login using this account:
 
@@ -918,7 +918,7 @@ def test_adfs2019_onprem_acquire_token_by_auth_code(self):
         config["port"] = 8080
         self._test_acquire_token_by_auth_code(**config)
 
-    @unittest.skip(_ADFS_LABS_DECOMMISSIONED)
+    @unittest.skip(_ADFS_LABS_UNAVAILABLE)
     def test_adfs2019_onprem_acquire_token_by_auth_code_flow(self):
         config = self.get_lab_user(usertype="onprem", federationProvider="ADFSv2019")
         self._test_acquire_token_by_auth_code_flow(**dict(
@@ -928,7 +928,7 @@ def test_adfs2019_onprem_acquire_token_by_auth_code_flow(self):
             port=8080,
             ))
 
-    @unittest.skip(_ADFS_LABS_DECOMMISSIONED)
+    @unittest.skip(_ADFS_LABS_UNAVAILABLE)
     def test_adfs2019_onprem_acquire_token_interactive(self):
         config = self.get_lab_user(usertype="onprem", federationProvider="ADFSv2019")
         self._test_acquire_token_interactive(**dict(
