Switching to Lab App for OBO testing #163
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -412,22 +412,21 @@ def test_adfs2019_onprem_acquire_token_by_auth_code(self): | |
| self.assertCacheWorksForUser(result, scopes, username=None) | ||
|
|
||
| @unittest.skipUnless( | ||
| os.getenv("LAB_OBO_CLIENT_SECRET"), "OBO app secret not found") | ||
| def test_acquire_token_obo(self): | ||
| # Some hardcoded, pre-defined settings | ||
|
Contributor
There was a problem hiding this comment. Per our earlier discussion, have we investigated why our previous test setup suddenly failed in the first place? Most of those previous settings were obtained from MSAL .Net's OBO test case, which seems to be still working?
Contributor
Author
There was a problem hiding this comment. MSAL .Nets OBO test case is an app set up in Travis's personal tenant. He had preconfigured the apps to work with the lab account we use. There was a change in the cloud accounts returned by lab api recently. The account we end up using to run these tests was not consented on Travis's app. While we can grant this consent for the first app using interactive auth, we will have to rely on Travis to add consent to this account for the second confidential client app in this test case. |
||
| obo_client_id = "f4aa5217-e87c-42b2-82af-5624dd14ee72" | ||
| downstream_scopes = ["https://graph.microsoft.com/.default"] | ||
| config = self.get_lab_user(usertype="cloud") | ||
|
|
||
| # 1. An app obtains a token representing a user, for our mid-tier service | ||
| pca = msal.PublicClientApplication( | ||
| "c0485386-1e9a-4663-bc96-7ab30656de7f", authority=config.get("authority")) | ||
| pca_result = pca.acquire_token_by_username_password( | ||
| config["username"], | ||
| self.get_lab_user_secret(config["lab_name"]), | ||
| scopes=[ # The OBO app's scope. Yours might be different. | ||
| "api://%s/read" % obo_client_id], | ||
| ) | ||
| self.assertIsNotNone( | ||
| pca_result.get("access_token"), | ||
|
|
@@ -436,7 +435,7 @@ def test_acquire_token_obo(self): | |
| # 2. Our mid-tier service uses OBO to obtain a token for downstream service | ||
| cca = msal.ConfidentialClientApplication( | ||
| obo_client_id, | ||
| client_credential=os.getenv("LAB_OBO_CLIENT_SECRET"), | ||
| authority=config.get("authority"), | ||
| # token_cache= ..., # Default token cache is all-tokens-store-in-memory. | ||
| # That's fine if OBO app uses short-lived msal instance per session. | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is OK to switch to a different set of test setup, but then I would suggest to follow the previous implementation, to leave some hint for future troubleshooting (in case the test case would somehow fail again), and/or for auditing (i.e. to understand where those test settings come from).