Skip to content

Commit a60ce8d

Browse files
committed
add support for force refresh in broker layer
1 parent 4afbd8d commit a60ce8d

File tree

4 files changed

+88
-1
lines changed

4 files changed

+88
-1
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,7 @@ src/build
4949
docs/_build/
5050
# Visual Studio Files
5151
/.vs/*
52+
.vscode/*
5253
/tests/.vs/*
5354

5455
# vim files

msal/application.py

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1556,6 +1556,21 @@ def _acquire_token_silent_from_cache_and_possibly_refresh_it(
15561556
account_was_established_by_broker = account.get(
15571557
"account_source") == _GRANT_TYPE_BROKER
15581558
broker_attempt_succeeded_just_now = "error" not in response
1559+
1560+
if (response.get("access_token") and force_refresh):
1561+
at_to_renew = response.get("access_token")
1562+
response = _acquire_token_silently(
1563+
"https://{}/{}".format(self.authority.instance, self.authority.tenant),
1564+
self.client_id,
1565+
account["local_account_id"],
1566+
scopes,
1567+
claims=_merge_claims_challenge_and_capabilities(
1568+
self._client_capabilities, claims_challenge),
1569+
correlation_id=correlation_id,
1570+
auth_scheme=auth_scheme,
1571+
at_to_renew= at_to_renew,
1572+
**data)
1573+
15591574
if account_was_established_by_broker or broker_attempt_succeeded_just_now:
15601575
return self._process_broker_response(response, scopes, data)
15611576

msal/broker.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -214,7 +214,7 @@ def _signin_interactively(
214214

215215
def _acquire_token_silently(
216216
authority, client_id, account_id, scopes, claims=None, correlation_id=None,
217-
auth_scheme=None,
217+
auth_scheme=None, at_to_renew=None,
218218
**kwargs):
219219
# For MSA PT scenario where you use the /organizations, yes,
220220
# acquireTokenSilently is expected to fail. - Sam Wilson
@@ -224,6 +224,8 @@ def _acquire_token_silently(
224224
return
225225
params = pymsalruntime.MSALRuntimeAuthParameters(client_id, authority)
226226
params.set_requested_scopes(scopes)
227+
if at_to_renew:
228+
params.set_access_token_to_renew(at_to_renew)
227229
if claims:
228230
params.set_decoded_claims(claims)
229231
if auth_scheme:

tests/test_force_refresh.py

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
from tests import unittest
2+
import msal
3+
import logging
4+
import sys
5+
6+
# from tests.test_e2e import LabBasedTestCase
7+
8+
if not sys.platform.startswith("win"):
9+
raise unittest.SkipTest("Currently, our broker supports Windows")
10+
11+
SCOPE_ARM = "https://management.azure.com/.default"
12+
_AZURE_CLI = "04b07795-8ddb-461a-bbee-02f9e1bf7b46"
13+
pca = msal.PublicClientApplication(
14+
_AZURE_CLI,
15+
authority="https://login.microsoftonline.com/organizations",
16+
enable_broker_on_mac=True,
17+
enable_broker_on_windows=True)
18+
19+
20+
# class ForceRefreshTestCase(LabBasedTestCase):
21+
# def test_silent_with_force_refresh(self):
22+
# # acquire token using username and password
23+
# print("Testing silent flow with force_refresh=True")
24+
# config = self.get_lab_user(usertype="cloud")
25+
# config["password"] = self.get_lab_user_secret(config["lab_name"])
26+
# result = pca.acquire_token_by_username_password(username=config["lab_name"], password=config["password"], scopes=config["scope"])
27+
# # assert username and password, "You need to provide a test account and its password"
28+
29+
# ropcToken = result.get("access_token")
30+
# accounts = pca.get_accounts()
31+
# account = accounts[0]
32+
# assert account, "The logged in account should have been established by interactive flow"
33+
34+
# result = pca.acquire_token_silent(
35+
# config["scope"],
36+
# account=account,
37+
# force_refresh=False,
38+
# auth_scheme=None, data=None)
39+
40+
# assert result.get("access_token") == ropcToken, "Token should not be refreshed"
41+
42+
43+
class ForceRefreshTestCase(unittest.TestCase):
44+
def test_silent_with_force_refresh(self):
45+
# acquire token using username and password
46+
print("Testing silent flow with force_refresh=True")
47+
result = pca.acquire_token_interactive(scopes=[SCOPE_ARM], prompt="select_account", parent_window_handle=pca.CONSOLE_WINDOW_HANDLE, enable_msa_passthrough=True)
48+
accounts = pca.get_accounts()
49+
account = accounts[0]
50+
assert account, "The logged in account should have been established by interactive flow"
51+
oldToken = result.get("access_token")
52+
53+
54+
result = pca.acquire_token_silent(
55+
scopes=[SCOPE_ARM],
56+
account=account,
57+
force_refresh=False)
58+
59+
# This token should be recieved from cache
60+
assert result.get("access_token") == oldToken, "Token should not be refreshed"
61+
62+
63+
result = pca.acquire_token_silent(
64+
scopes=[SCOPE_ARM],
65+
account=account,
66+
force_refresh=True)
67+
68+
# Token will be different proving it is not from cache and was renewed
69+
assert result.get("access_token") != oldToken, "Token should be refreshed"

0 commit comments

Comments
 (0)