Fixing tests and reverting instance discovery to return tenant discov…

…ery endpoint
AzureAD · abhidnya13 · Oct 14, 2019 · Oct 15, 2019 · Oct 17, 2019 · Oct 17, 2019
commit 1d1d8ac892a539fa3881b73b58b4442521ac779b
@@ -46,11 +46,10 @@ def __init__(self, authority_url, validate_authority=True,
         self.is_b2c = True if trust_framework_policy else False
         if (tenant != "adfs" and (not self.is_b2c) and validate_authority
                 and self.instance not in WELL_KNOWN_AUTHORITY_HOSTS):
-            payload = instance_discovery(
+            tenant_discovery_endpoint = instance_discovery(
                 "https://{}{}/oauth2/v2.0/authorize".format(
                     self.instance, authority.path),
                 verify=verify, proxies=proxies, timeout=timeout)
-            tenant_discovery_endpoint = payload['tenant_discovery_endpoint']
         else:
             tenant_discovery_endpoint = (
                 'https://{}{}{}{}/.well-known/openid-configuration'.format(
@@ -97,15 +96,19 @@ def canonicalize(authority_url):
             % authority_url)
     return authority, authority.netloc, parts[1]
 
-def instance_discovery(url, **kwargs):
-    return requests.get(  # Note: This URL seemingly returns V1 endpoint only
+def instance_discovery(url, response=None, **kwargs):
+    resp = requests.get(  # Note: This URL seemingly returns V1 endpoint only
         'https://{}/common/discovery/instance'.format(
             WORLD_WIDE  # Historically using WORLD_WIDE. Could use self.instance too
                 # See https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/4.0.0/src/Microsoft.Identity.Client/Instance/AadInstanceDiscovery.cs#L101-L103
                 # and https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/4.0.0/src/Microsoft.Identity.Client/Instance/AadAuthority.cs#L19-L33
             ),
         params={'authorization_endpoint': url, 'api-version': '1.0'},
-        **kwargs).json()
+        **kwargs)
+    payload = response or resp.json()
+    if 'tenant_discovery_endpoint' not in payload:
+        raise MsalServiceError(status_code=resp.status_code, **payload)
+    return payload['tenant_discovery_endpoint']
 
 def tenant_discovery(tenant_discovery_endpoint, **kwargs):
     # Returns Openid Configuration

@@ -29,7 +29,7 @@ def test_lessknown_host_will_return_a_set_of_v1_endpoints(self):
         self.assertNotIn('v2.0', a.token_endpoint)
 
     def test_unknown_host_wont_pass_instance_discovery(self):
-        with self.assertRaisesRegexp(ValueError, "invalid_instance"):
+        with self.assertRaisesRegexp(MsalServiceError, "invalid_instance"):
             Authority('https://unknown.host/tenant_doesnt_matter_in_this_case')
 
     def test_invalid_host_skipping_validation_meets_connection_error_down_the_road(self):

@@ -83,7 +83,7 @@ def assertCacheWorksForApp(self, result_from_wire, scope):
             "We should get a cached AT")
 
     def _test_username_password(self,
-            authority=None, client_id=None, username=None, password=None, scope=None, trust_framework_policy=None
+            authority=None, client_id=None, username=None, password=None, scope=None, trust_framework_policy=None,
             **ignored):
         assert authority and client_id and username and password and scope
         self.app = msal.PublicClientApplication(client_id, authority=authority, trust_framework_policy= trust_framework_policy)