o i@@sdZddlZddlZddlZddlZddlZddlZddlZddlZdZ e Z e dddZ dZejejjdd d Zd d Zd dZdCddZddedfddZedZejer^ejnejdzddlmZeedWneyedYnwddZ ddZ!dd Z"dDd!d"Z#d#d$Z$d%d&Z%d'Z&d(d)e&d*Z'd+gZ(d,d-Z)d.d/Z*d0Z+e,e+d1d2Z-d3e+e.e-/d40d41d5d*Z2d6d7Z3d8d9Z4d:d;Z5dd?Z7d@dAZ8e9dBkre8dSdS)EaMSAL Python Tester Usage 1: Run it on the fly. python -m msal Note: We choose to not define a console script to avoid name conflict. Usage 2: Build an all-in-one executable file for bug bash. shiv -e msal.__main__._main -o msaltest-on-os-name.pyz . Nzmsal_cache.bincCstjr ttdtSdS)Nw) global_cacheZhas_state_changedopen_token_cache_filenamewrite serializerrD/home/app/Keep/.python/lib/python3.10/site-packages/msal/__main__.pysr z$04b07795-8ddb-461a-bbee-02f9e1bf7b46z$04f0c124-f2bc-4f59-8241-bf6df9866bbdzhttps://example.com/endpoint placeholder)Z http_methodurlnoncecCsttj|ddddS)NT)indent sort_keys)printjsondumps)Zblobrrr print_jsonrcCstd|dvS)Nz9{} (N/n/F/f or empty means False, otherwise it is True): )NnFf)inputformat)messagerrr _input_boolean"s rcCst|j|dp |S)N)default)rrstrip)rrrrr _input'rr!z Your options:z Your choice? Fc Cs|sJd|r t|t|ddD]\}}td|||q|r'td t|}zt|}d|kr=t|krFnn||dWSWntyX|rV|rV|YSYnwq()Nzoptions must not be empty)startz {}: {}z' Or you can just type in your input.)r enumeraterrintlen ValueError) optionsheaderfooteroption_rendereraccept_nonempty_stringioraw_datachoicerrr _select_options*s(  r1zEnable MSAL Python's DEBUG log?)level) load_dotenvz+Loaded environment variables from .env filezSpython-dotenv is not installed. You may need to set environment variables manually.cCs*tgdddd}d|vrtd|S)N)z$https://graph.microsoft.com/.defaultz%https://management.azure.com/.defaultz User.ReadzUser.ReadBasic.Allz_Select a scope (multiple scopes can only be input by manually typing them, delimited by space):Tr)r,4https://pas.windows.net/CheckMyAccess/Linux/.defaultz9SSH Cert scope shall be tested by its dedicated functions)r1splitr'scopesrrr _input_scopesJs r9cCs*|}|rt|ddddStddS)NcSsd|d|dS)Nz{}, came from {}usernameZaccount_source)rarrr r ]z!_select_account..z0Account(s) already signed in inside MSAL Python:r+r)zRNo account available inside MSAL Python. Use other methods to acquire token first.) get_accountsr1r)appZaccountsrrr _select_accountXs rAcCsDt|}|r t|jt|td|rtdrtndddSdS)zIacquire_token_silent() - with an account already signed into MSAL Python.!Bypass MSAL Python's token cache?Acquire AT POP via Broker?N)account force_refresh auth_scheme)rArZacquire_token_silent_with_errorr9ris_pop_supportedplaceholder_auth_schemer@rDrrr _acquire_token_silentcs rJc Cs t|tjsJ|p t}tdddddddddgdd d d d }|dkr+d}ntdgd d|Dddd}t|trE|dn|}|j||j|j t t fvd|||pXi| rbt drbtndd}|rd|vr|did}||krtd|t||S)zUacquire_token_interactive() - User will be prompted if app opts to do select_account.NzRUnspecified. Proceed silently with a default account (if any), fallback to prompt.)value descriptionnonezEnone. Proceed silently with a default account (if any), or error out.Zselect_accountz.select_account. Prompt with an account picker.cS|dS)NrLrr.rrr r yz,_acquire_token_interactive..zPrompt behavior?r>rKcSsg|]}|dqS)r:r).0r<rrr r=z._acquire_token_interactive..zlogin_hint? (If you have multiple signed-in sessions in browser/broker, and you specify a login_hint to match one of them, you will bypass the account picker.)Tr4r:irC)Zparent_window_handleZenable_msa_passthroughportprompt login_hintdatarFZid_token_claimsZpreferred_usernamez-Signed-in user "%s" does not match login_hint) isinstancemsalPublicClientApplicationr9r1r?dictZacquire_token_interactiveZCONSOLE_WINDOW_HANDLE client_id _AZURE_CLI_VISUAL_STUDIOrGrrHgetloggingwarningr)r@r8rVrTrUZraw_login_hintresultZsigned_in_userrrr _acquire_token_interactivepsP    rbcCs$t|jtdtdtddS)zacquire_token_by_username_password() - See constraints here: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows#constraints-for-ropcz username: z password: r7N)rZ"acquire_token_by_username_passwordr!getpassr9r@rrr #_acquire_token_by_username_passwords recCsRt|tjsJ|jtd}t|dtjt d| |}t |dS)zNacquire_token_by_device_flow() - Note that this one does not go through brokerr7rzNAfter you completed the step above, press ENTER in this console to continue...N) rWrXrYZinitiate_device_flowr9rsysstdoutflushrZacquire_token_by_device_flowr)r@Zflowrarrr _acquire_token_by_device_flows    riaw{"kty":"RSA", "n":"2tNr73xwcj6lH7bqRZrFzgSLj7OeLfbn8216uOMDHuaZ6TEUBDN8Uz0ve8jAlKsP9CQFCSVoSNovdE-fs7c15MxEGHjDcNKLWonznximj8pDGZQjVdfK-7mG6P6z-lgVcLuYu5JcWU_PeEqIKg5llOaz-qeQ4LEDS4T1D2qWRGpAra4rJX1-kmrWmX_XIamq30C9EIO0gGuT4rc2hJBWQ-4-FnE1NXmy125wfT3NdotAJGq5lMIfhjfglDbJCwhc8Oe17ORjO3FsB5CLuBRpYmP7Nzn66lRY3Fe11Xz8AEBl3anKFSJcTvlMnFtu3EpD-eiaHfTgRBU7CztGQqVbiQ", "e":"AQAB"}ssh-certkey1) token_typeZkey_idZreq_cnfr5cCsft|tjsJt|}|r-|jt|ttdd}t||r/| ddkr1t ddSdSdSdS)zFAcquire an SSH Cert silently- This typically only works with Azure CLIrB)rVrErlrjzUnable to acquire an ssh-cert.N) rWrXrYrAZacquire_token_silent_SSH_CERT_SCOPE_SSH_CERT_DATArrr^r_error)r@rDrarrr _acquire_ssh_cert_silentlysrpcCs>t|tjsJt|ttd}|ddkrtddSdS)zLAcquire an SSH Cert interactively - This typically only works with Azure CLIr8rVrlrjzUnable to acquire an ssh-certN) rWrXrYrbrmrnr^r_ro)r@rarrr _acquire_ssh_cert_interactives rrz+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-AAAAAAAAsw)kidZxms_kslpopzutf-8=cCsLt|tjsJdg}t||td}t||ddkr$tddSdS)zLAcquire a POP token interactively - This typically only works with Azure CLIz-6256c85f-0aad-4d50-b960-e6e9b21efe35/.defaultrqrlruzUnable to acquire a pop tokenN) rWrXrYrb _POP_DATArr^r_ro)r@Z POP_SCOPErarrr _acquire_pop_token_interactivesrxcCs0t|}|r||td|ddSdS)zoremove_account() - Invalidate account and/or token(s) from cache, so that acquire_token_silent() would be resetz@Account "{}" and/or its token(s) are signed out from MSAL Pythonr:N)rAZremove_accountrrrIrrr _remove_accounts  rycCs&t|tjsJt|jtddS)zKCCA.acquire_token_for_client() - Rerun this will get same token from cache.r7N)rWrXConfidentialClientApplicationrZacquire_token_for_clientr9rdrrr _acquire_token_for_clientsr{cCst|tjsJ|dS)zECCA.remove_tokens_for_client() - Run this to evict tokens from cache.N)rWrXrzZremove_tokens_for_clientrdrrr _remove_tokens_for_clients r|cCs(|jrdnd}td|tdS)ZExitzjhttps://identitydivision.visualstudio.com/Engineering/_queries/query/79b3a352-a775-406f-87cd-a487c382a8ed/zXhttps://github.com/AzureAD/microsoft-authentication-library-for-python/issues/new/choosez2Bye. If you found a bug, please report it here: {}N)Z_enable_brokerrrrfexit)r@Zbug_linkrrr _exits  r~c Csvtdtjtdddddtdgddd d d }|d dkr?tjtr?z t t td  Wn t y>Ynwttddtdddddtdtdddgddddd }t|tohd|v}|rw|drs|dswtd| o}td}|rtrtdnd }tgdd dd!}|r|d"std#nd}|stjt|tr|dn||||||||t d$ ntj|d|d|||t d%}tgt|tjrtttttgngtt gt|tjrt!t"gng} t|t#gd&dd'd(} z| |Wn>ty} z t$%d)| WYd} ~ n*d} ~ wt&y!td*Ynt'y9} z t$%d+| WYd} ~ nd} ~ wwq),Nz4Welcome to the Msal Python {} Tester (Experimental) emptyz.z1What token cache state do you want to begin with?F)r+r)r,r0rz+Azure CLI (Correctly configured for MSA-PT))r[namez/Visual Studio (Correctly configured for MSA-PT)z$95de633a-083e-42f5-b444-a4295d8e9314zAWhiteboard Services (Non MSA-PT app. Accepts AAD & MSA accounts.)Z CLIENT_IDZ CLIENT_SECRETzoA confidential client app (CCA) whose settings are defined in environment variables CLIENT_ID and CLIENT_SECRET)r[ client_secretrcSrN)Nrrr;rrr r rPzUImpersonate this app (or you can type in the client_id of your own public client app)Trr[zAYou need to set environment variables CLIENT_ID and CLIENT_SECRETzYEnable broker? (It will error out later if your app has not registered some redirect URI)zEnable PII in broker's log?)z(https://login.microsoftonline.com/commonz/https://login.microsoftonline.com/organizationsz;https://login.microsoftonline.com/microsoft.onmicrosoft.comz:https://login.microsoftonline.com/msidlab4.onmicrosoft.comz+https://login.microsoftonline.com/consumerszKInput authority (Note that MSA-PT apps would NOT use the /common authority)r4z!https://login.microsoftonline.comzYou input an unusual authority which might fail the Instance Discovery. Now, do you want to perform Instance Discovery on your input authority?) authorityinstance_discoveryZenable_broker_on_windowsZenable_broker_on_macZenable_broker_on_linuxZenable_broker_on_wslenable_pii_log token_cache)Zclient_credentialrrrrcSs|jSN)__doc__)rrrr r OszMSAL Python APIs:r>zInvalid input: %sZAbortedz Error: %s)(rrrX __version__r1rospathexistsrZ deserializerreadIOErrorr\r]getenvrWrZr'renable_debug_log startswithrYrzrJrbrirprrrxreryr{r|r~r_roKeyboardInterrupt Exception) Z cache_choiceZ chosen_appZis_ccaZ enable_brokerrrrr@Zmethods_to_be_testedfuncerrr _mains          r__main__r)NN):rbase64rcrr_rfratexitrXrZSerializableTokenCacherregisterr\r]Z PopAuthSchemeZHTTP_GETrHrrr!strr1r basicConfigDEBUGINFOZdotenvr3info ImportErrorr`r9rArJrbreriZ_JWK1rnrmrprrZ _POP_KEY_IDrZ _RAW_REQ_CNFurlsafe_b64encodeencodedecoderstriprwrxryr{r|r~r__name__rrrr sn@      '   l