Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add test case to show that OBO supports SP #481

Open
wants to merge 610 commits into
base: dev
Choose a base branch
from
Open

Add test case to show that OBO supports SP #481

wants to merge 610 commits into from

Conversation

rayluo
Copy link
Collaborator

@rayluo rayluo commented Jun 8, 2022

  • There is no code change to MSAL's implementation in this PR. This means the existing MSAL Python needs no change to support the OBO-for-SP scenario, perhaps since the initial OBO implementation.
  • This PR contains changes to MSAL's test case, to demonstrate that how OBO for SP could work. It is a matter of how the mid-tier app chooses to manage the potentially-more-than-one SP "accounts", which can be an open topic for discussion.
  • Currently, the test certificate is not committed, so, the new test case will not be run in CI. But it was manually run by PR author.

@rayluo
Merge pull request #282 from AzureAD/acquire-token-interactive-bugfix
b371055 
Fix a malfunction in yesterday's acquire_token_interactive() PR
@rayluo
Merge remote-tracking branch 'oauth2cli/dev' into dev
af1cebd
@rayluo
A sample for the new acquire_token_interactive()
1f7d503
@rayluo
Merge pull request #283 from AzureAD/acquire-token-interactive-sample
ea9d4ef 
A sample for the new acquire_token_interactive()
@rayluo
MSAL Python 1.7.0
0091a9f 
Bump version number
@rayluo
Merge pull request #285 from AzureAD/release-1.7.0
2cf06e1 
Merge MSAL Python 1.7.0 back to dev
@rayluo
Enables extra_scopes_to_consent in acquire_token_silent()
41e27d9
@rayluo
Merge pull request #286 from AzureAD/extra-scopes-to-consent
86c7ee8 
Enables extra_scopes_to_consent in acquire_token_silent()
@rayluo
Merge remote-tracking branch 'oauth2cli/dev' into acquire-token-inter…
38b68f4 
…active
@rayluo
Merge pull request #288 from AzureAD/acquire-token-interactive
2a54a8d 
Chanbge acquire_token_interactive to lazy import webbrowser
@rayluo
MSAL 1.8.0
9ca339a 
Bumping version number
@rayluo
Merge pull request #291 from AzureAD/release-1.8.0
add2ccf 
Merge MSAL 1.8.0 back to dev branch
@rayluo
Merge remote-tracking branch 'oauth2cli/dev' into compatible-with-pyj…
4715cc9 
…wt1_and_2
@rayluo
Merge pull request #296 from AzureAD/compatible-with-pyjwt1_and_2
736cd76 
Compatible with pyjwt1 and 2
@rayluo
The ssh-cert scope needs to be updated
0c9303d 
Switch to the new SSH cert scope
@rayluo
Merge branch 'update-ssh-cert-test-case' into dev
2b7a524
@rayluo
Show correlation_id when unittesting with -v param
de51404
@rayluo
Refactor SSH Cert test cases to represent test requirements, and offi…
56a6c27 
…cially support SSH Cert for SP
@rayluo
Merge pull request #300 from AzureAD/ssh-cert-tests
dbf30c2 
Ssh cert tests
@rayluo
Precise DeprecationWarning for auth code API
36c46bd
@rayluo
Merge pull request #303 from AzureAD/deprecates-auth-code
08c7a06 
Precise DeprecationWarning for auth code API
@rayluo
Trying github actions
615f632 
Enables Python 2.7 and 3.7 only, for now
@rayluo
Disable flake8 for now
7663cf0
@rayluo
Fake a TRAVIS env
edd6138
@rayluo
Use env vars to enable e2e tests
274cc00
@rayluo
Cache dependencies, although the gain is insignificant for this repo
d892384
@rayluo
Enable tests on all python versions we supported
61b4a28
@rayluo
Merge branch 'github-actions' into dev
dd5ebaa
@rayluo
Refine OBO test case's guidance message
bdda6cb
@rayluo
Merge pull request #305 from AzureAD/obo-test-message
93fca66 
Refine OBO test case's guidance message
rayluo and others added 24 commits February 14, 2022 12:40
@rayluo
Fine tune some inline comments
cec910a
@rayluo
Add an interactive console test script
599142f
@rayluo
Fine tune msaltest.py with prompt options
2ae2d2c
@eopeter @rayluo
implement response_mode (#469)
7d7a492 
* implement response_mode

oidc supports passing the response_mode to allow redirects to send callback parameters as POST for increased security.

* Fix error check logic and modify test_ccs to include response_mode

* Add more comments

* Apply suggestions from code review

Co-authored-by: Ray Luo <[email protected]>

* PR review comments addressed

* remove extraneous line

Co-authored-by: Emmanuel Oche <[email protected]>
Co-authored-by: Ray Luo <[email protected]>
@rayluo
Automatically populate login_hint for easier tests
0ef4a48
@rayluo
Merge branch 'msaltest' into dev
724746f
@rayluo
Emit warning when common or organizations is used in acquire_token_fo…
56d80c4 
…r_client()
@rayluo
Merge pull request #435 from AzureAD/warning-in-acquire-token-for-client
ead7d53 
Emit warning when common or organizations is used in acquire_token_for_client()
@rayluo
Acquire SSH cert from Cloud Shell IMDS
669ac85 
Cloud Shell Detection

PoC: Silent flow utilizes Cloud Shell IMDS

Introduce get_accounts(username=msal.CURRENT_USER)

A reasonable-effort to convert scope to resource

Replace get_accounts(username=msal.CURRENT_USER) by acquire_token_interactive(..., prompt="none")

Detect unsupported Portal so that AzCLI could fallback
@rayluo
MSAL Python 1.18.0b1
c644e57 
Bump cryptography
@OvervCW
Fix typo in code
366e758 
I stumbled upon this typo while investigating a different issue in this file.
@rayluo
Merge pull request #420 from AzureAD/cloudshell-imds
a61ca7e 
acquire_token_interactive(..., prompt="none") acquires token via Cloud Shell's IMDS-like interface
@rayluo
Merge pull request #475 from AzureAD/release-1.18.0b1
dd79e93 
Merge MSAL Python 1.18.0b1 back to dev
@rayluo
MSAL Python 1.18.0
8cb7f8b
@rayluo
Merge pull request #478 from AzureAD/release-1.18.0
2e36358 
Merge MSAL Python 1.18.0 back to dev
@rayluo
Document our findings on addressing CVE-2022-29217
a92a15b
@rayluo
Merge pull request #479 from AzureAD/pyjwt
589c0be 
Document our findings on addressing CVE-2022-29217
@rayluo
Disable test for China cloud
bbd75fd
@rayluo
Merge branch 'disable-test-for-chinacloud' into dev
89b9da9
@rayluo
Merge pull request #474 from OvervCW/patch-1
7f5bf64 
Fix typo in code
@rayluo
Merge remote-tracking branch 'oauth2cli/dev' into oauth2cli-dev
b74c08f
@rayluo
Merge branch 'oauth2cli-dev' into dev
a995c05
@rayluo
Tolerate home_account_id to be None
85f4f9e
@rayluo
Add test case to show that OBO supports SP
642ea65
@bgavrilMS
Copy link
Member

We have an E2E in MSAL.NET - please ping the .NET team to discuss about the certificate.

@micwoj92
Copy link
Contributor

This branch has conflicts that must be resolved.

@rayluo
Copy link
Collaborator Author

rayluo commented Nov 18, 2023

This branch has conflicts that must be resolved.

Thanks. We will be informed of this by github when we revisit this PR (possibly while attempting to solve the test cert topic mentioned above).

Meanwhile, assuming your interest on this topic was driven by your trying to find an OBO example for Service Principal, this PR in its current form (i.e., before merging) still worked as-is, and can serve its current purpose of showcasing how to do OBO with SP.

@bgavrilMS
Copy link
Member

@micwoj92 - just to set expectations here. OBO for service principals is currently being experimented on by some internal teams. There is not way for external customers to configure it.

@DharshanBJ DharshanBJ requested a review from a team as a code owner October 4, 2024 21:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.