Skip to content

Adjusting token cache to work with ADFS2019 #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rayluo merged 11 commits into from
Jul 31, 2019
Merged

Adjusting token cache to work with ADFS2019 #77

Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
50da5f0
Adjusting token cache to work with ADFS2019
rayluo Jul 15, 2019
e0dc68f
Changing tenant discovery endpoint for adfs tenants
abhidnya13 Jul 19, 2019
6cd1ab2
Test case for ADFS-direct
rayluo Jul 19, 2019
10f7888
Adjusting token cache to work with ADFS2019
rayluo Jul 15, 2019
6490e18
Fix regression on credential client grant
rayluo Jul 20, 2019
05d2aa4
Changing tenant discovery endpoint for adfs tenants
abhidnya13 Jul 19, 2019
6e82d29
Refactor authority implementation
rayluo Jul 20, 2019
1e53642
Merging new changes
abhidnya13 Jul 22, 2019
25472a3
Changing home account id to sub from idtoken claims
abhidnya13 Jul 30, 2019
09c017e
Changing tests for the token cache change
abhidnya13 Jul 31, 2019
7b8f6f5
refactor
rayluo Jul 31, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Fix regression on credential client grant
  • Loading branch information
@rayluo
rayluo committed Jul 20, 2019
commit 6490e1826344854465ed4c5265c42df70f941ccf
13 changes: 7 additions & 6 deletions msal/token_cache.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,15 +121,16 @@ def add(self, event, now=None):
id_token_claims = (
decode_id_token(id_token, client_id=event["client_id"])
if id_token else {})
client_info = (
json.loads(base64decode(response["client_info"]))
if "client_info" in response
else { # ADFS scenario
client_info = {}
if "client_info" in response: # We asked for it, and AAD will provide it
client_info = json.loads(base64decode(response["client_info"]))
elif id_token_claims: # This would be an end user on ADFS-direct scenario
client_info = {
"uid": id_token_claims.get("sub"),
"utid": realm, # which, in ADFS scenario, would typically be "adfs"
}
)
home_account_id = "{uid}.{utid}".format(**client_info)
home_account_id = ( # It would remain None in client_credentials flow
"{uid}.{utid}".format(**client_info) if client_info else None)
target = ' '.join(event.get("scope", [])) # Per schema, we don't sort it

with self._lock:
Expand Down