Making changes on how userflow is passed to authority

AzureAD · abhidnya13 · Oct 14, 2019 · Oct 15, 2019 · Oct 17, 2019 · Oct 17, 2019
commit 2c26be54a82f12ed23bd6442a7b7427b8a38c866
@@ -140,7 +140,7 @@ def __init__(
         self.timeout = timeout
         self.authority = Authority(
                 authority or "https://login.microsoftonline.com/common/",
-                validate_authority, verify=verify, proxies=proxies, timeout=timeout, trust_framework_policy=trust_framework_policy)
+                validate_authority, verify=verify, proxies=proxies, timeout=timeout)
             # Here the self.authority is not the same type as authority in input
         self.token_cache = token_cache or TokenCache()
         self.client = self._build_client(client_credential, self.authority)

@@ -41,9 +41,16 @@ def __init__(self, authority_url, validate_authority=True,
         self.verify = verify
         self.proxies = proxies
         self.timeout = timeout
-        authority, self.instance, tenant = canonicalize(authority_url)
-        self.policy = trust_framework_policy
-        self.is_b2c = True if trust_framework_policy else False
+        if isinstance(authority_url, dict):
+            assert ("authority" in authority_url
+                    and "user_flow" in authority_url)
+            self.authority_url = authority_url["authority"]
+            self.user_flow = authority_url["user_flow"]
+        else:
+            self.authority_url = authority_url
+            self.user_flow = None
+        authority, self.instance, tenant = canonicalize(self.authority_url)
+        self.is_b2c = True if self.user_flow else False
         if (tenant != "adfs" and (not self.is_b2c) and validate_authority
                 and self.instance not in WELL_KNOWN_AUTHORITY_HOSTS):
             tenant_discovery_endpoint = instance_discovery(
@@ -55,7 +62,7 @@ def __init__(self, authority_url, validate_authority=True,
                 'https://{}{}{}{}/.well-known/openid-configuration'.format(
                     self.instance,
                     authority.path,  # In B2C scenario, it is "/tenant/policy"
-                    "/"+ self.policy if self.is_b2c else "",
+                    "/"+ self.user_flow if self.is_b2c else "",
                     "" if tenant == "adfs" else "/v2.0" # the AAD v2 endpoint
                     ))
         openid_config = tenant_discovery(

diff --git a/sample/authorization-code-flow-sample/flask_session/5a76ff2437d33014f8dfc69482a5b9cd b/sample/authorization-code-flow-sample/flask_session/5a76ff2437d33014f8dfc69482a5b9cd
@@ -17,12 +17,11 @@ def _get_app_and_auth_code(
         client_id,
         client_secret=None,
         authority="https://login.microsoftonline.com/common",
-        trust_framework_policy=None,
         port=44331,
         scopes=["https://graph.microsoft.com/.default"],  # Microsoft Graph
         ):
     from msal.oauth2cli.authcode import obtain_auth_code
-    app = msal.ClientApplication(client_id, client_secret, authority=authority, trust_framework_policy=trust_framework_policy)
+    app = msal.ClientApplication(client_id, client_secret, authority=authority,)
     redirect_uri = "http://localhost:%d" % port
     ac = obtain_auth_code(port, auth_uri=app.get_authorization_request_url(
         scopes, redirect_uri=redirect_uri))
@@ -87,7 +86,7 @@ def _test_username_password(self,
             authority=None, client_id=None, username=None, password=None, scope=None, trust_framework_policy=None,
             **ignored):
         assert authority and client_id and username and password and scope
-        self.app = msal.PublicClientApplication(client_id, authority=authority, trust_framework_policy=trust_framework_policy)
+        self.app = msal.PublicClientApplication(client_id, authority=authority,)
         result = self.app.acquire_token_by_username_password(
             username, password, scopes=scope)
         self.assertLoosely(result)
@@ -449,8 +448,8 @@ def test_b2c_acquire_token_by_auth_code(self):
         (self.app, ac, redirect_uri) = _get_app_and_auth_code(
             "b876a048-55a5-4fc5-9403-f5d90cb1c852",
             client_secret=self.get_lab_user_secret("MSIDLABB2C-MSAapp-AppSecret"),
-            authority="https://msidlabb2c.b2clogin.com/msidlabb2c.onmicrosoft.com",
-            trust_framework_policy="B2C_1_SignInPolicy",
+            authority={"authority": "https://msidlabb2c.b2clogin.com/msidlabb2c.onmicrosoft.com",
+                       "user_flow": "B2C_1_SignInPolicy"},
             port=3843,  # Lab defines 4 of them: [3843, 4584, 4843, 60000]
             scopes=scopes,
             )
@@ -472,8 +471,8 @@ def test_b2c_acquire_token_by_auth_code(self):
 
     def test_b2c_acquire_token_by_ropc(self):
         self._test_username_password(
-            authority = "https://msidlabb2c.b2clogin.com/msidlabb2c.onmicrosoft.com",
-            trust_framework_policy = "B2C_1_ROPC_Auth",
+            authority = {"authority":"https://msidlabb2c.b2clogin.com/msidlabb2c.onmicrosoft.com",
+                         "user_flow": "B2C_1_ROPC_Auth"},
             client_id="e3b9ad76-9763-4827-b088-80c7a7888f79",
             username="[email protected]",
             password=self.get_lab_user_secret("msidlabb2c"),