-
Notifications
You must be signed in to change notification settings - Fork 202
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add test case to show that OBO supports SP #481
base: dev
Are you sure you want to change the base?
Conversation
rayluo
commented
Jun 8, 2022
- There is no code change to MSAL's implementation in this PR. This means the existing MSAL Python needs no change to support the OBO-for-SP scenario, perhaps since the initial OBO implementation.
- This PR contains changes to MSAL's test case, to demonstrate that how OBO for SP could work. It is a matter of how the mid-tier app chooses to manage the potentially-more-than-one SP "accounts", which can be an open topic for discussion.
- Currently, the test certificate is not committed, so, the new test case will not be run in CI. But it was manually run by PR author.
Fix a malfunction in yesterday's acquire_token_interactive() PR
A sample for the new acquire_token_interactive()
Bump version number
Merge MSAL Python 1.7.0 back to dev
Enables extra_scopes_to_consent in acquire_token_silent()
Chanbge acquire_token_interactive to lazy import webbrowser
Bumping version number
Merge MSAL 1.8.0 back to dev branch
Compatible with pyjwt1 and 2
Switch to the new SSH cert scope
…cially support SSH Cert for SP
Ssh cert tests
Precise DeprecationWarning for auth code API
Enables Python 2.7 and 3.7 only, for now
Refine OBO test case's guidance message
* implement response_mode oidc supports passing the response_mode to allow redirects to send callback parameters as POST for increased security. * Fix error check logic and modify test_ccs to include response_mode * Add more comments * Apply suggestions from code review Co-authored-by: Ray Luo <[email protected]> * PR review comments addressed * remove extraneous line Co-authored-by: Emmanuel Oche <[email protected]> Co-authored-by: Ray Luo <[email protected]>
Emit warning when common or organizations is used in acquire_token_for_client()
Cloud Shell Detection PoC: Silent flow utilizes Cloud Shell IMDS Introduce get_accounts(username=msal.CURRENT_USER) A reasonable-effort to convert scope to resource Replace get_accounts(username=msal.CURRENT_USER) by acquire_token_interactive(..., prompt="none") Detect unsupported Portal so that AzCLI could fallback
Bump cryptography
I stumbled upon this typo while investigating a different issue in this file.
acquire_token_interactive(..., prompt="none") acquires token via Cloud Shell's IMDS-like interface
Merge MSAL Python 1.18.0b1 back to dev
Merge MSAL Python 1.18.0 back to dev
Document our findings on addressing CVE-2022-29217
Fix typo in code
We have an E2E in MSAL.NET - please ping the .NET team to discuss about the certificate. |
This branch has conflicts that must be resolved. |
Thanks. We will be informed of this by github when we revisit this PR (possibly while attempting to solve the test cert topic mentioned above). Meanwhile, assuming your interest on this topic was driven by your trying to find an OBO example for Service Principal, this PR in its current form (i.e., before merging) still worked as-is, and can serve its current purpose of showcasing how to do OBO with SP. |
@micwoj92 - just to set expectations here. OBO for service principals is currently being experimented on by some internal teams. There is not way for external customers to configure it. |