Skip to content

Adjusting token cache to work with ADFS2019 #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rayluo merged 11 commits into from
Jul 31, 2019
Merged

Adjusting token cache to work with ADFS2019 #77

Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
50da5f0
Adjusting token cache to work with ADFS2019
rayluo Jul 15, 2019
e0dc68f
Changing tenant discovery endpoint for adfs tenants
abhidnya13 Jul 19, 2019
6cd1ab2
Test case for ADFS-direct
rayluo Jul 19, 2019
10f7888
Adjusting token cache to work with ADFS2019
rayluo Jul 15, 2019
6490e18
Fix regression on credential client grant
rayluo Jul 20, 2019
05d2aa4
Changing tenant discovery endpoint for adfs tenants
abhidnya13 Jul 19, 2019
6e82d29
Refactor authority implementation
rayluo Jul 20, 2019
1e53642
Merging new changes
abhidnya13 Jul 22, 2019
25472a3
Changing home account id to sub from idtoken claims
abhidnya13 Jul 30, 2019
09c017e
Changing tests for the token cache change
abhidnya13 Jul 31, 2019
7b8f6f5
refactor
rayluo Jul 31, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Adjusting token cache to work with ADFS2019
  • Loading branch information
@rayluo
rayluo committed Jul 15, 2019
commit 50da5f0742b1f11e02a11ebf9f1b1e0e86e4e44a
33 changes: 20 additions & 13 deletions msal/token_cache.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,18 +111,25 @@ def add(self, event, now=None):
event, indent=4, sort_keys=True,
default=str, # A workaround when assertion is in bytes in Python 3
))
environment = realm = None
if "token_endpoint" in event:
_, environment, realm = canonicalize(event["token_endpoint"])
response = event.get("response", {})
access_token = response.get("access_token")
refresh_token = response.get("refresh_token")
id_token = response.get("id_token")
client_info = {}
home_account_id = None
if "client_info" in response:
client_info = json.loads(base64decode(response["client_info"]))
home_account_id = "{uid}.{utid}".format(**client_info)
environment = realm = None
if "token_endpoint" in event:
_, environment, realm = canonicalize(event["token_endpoint"])
id_token_claims = (
decode_id_token(id_token, client_id=event["client_id"])
if id_token else {})
client_info = (
json.loads(base64decode(response["client_info"]))
if "client_info" in response
else { # ADFS scenario
"uid": id_token_claims.get("sub"),
"utid": environment, # TBD
}
)
home_account_id = "{uid}.{utid}".format(**client_info)
target = ' '.join(event.get("scope", [])) # Per schema, we don't sort it

with self._lock:
Expand All @@ -148,15 +155,15 @@ def add(self, event, now=None):
self.modify(self.CredentialType.ACCESS_TOKEN, at, at)

if client_info:
decoded_id_token = decode_id_token(
id_token, client_id=event["client_id"]) if id_token else {}
account = {
"home_account_id": home_account_id,
"environment": environment,
"realm": realm,
"local_account_id": decoded_id_token.get(
"oid", decoded_id_token.get("sub")),
"username": decoded_id_token.get("preferred_username"),
"local_account_id": id_token_claims.get(
"oid", id_token_claims.get("sub")),
"username": id_token_claims.get("preferred_username") # AAD
or id_token_claims.get("upn") # ADFS 2019
or "", # The schema does not like null
"authority_type":
self.AuthorityType.ADFS if realm == "adfs"
else self.AuthorityType.MSSTS,
Expand Down