Implement authorization code flow by chlowell · Pull Request #7379 · Azure/azure-sdk-for-python

chlowell · 2019-09-20T17:18:22Z

Implementing the authorization code flow with AuthorizationCodeCredential, a credential that redeems a previously acquired authorization code for an access token. Authorization codes are single-use but AAD typically provides a refresh token when one is redeemed, so when an access token expires the credential redeems the refresh token for a new one.

Rather than further extend the just-enough-features OAuth client used by other credentials, I've added a thin wrapper around MSAL's OAuth client. Wrapping MSAL's OAuth client is easier than wrapping its applications because a client instance holds and consistently uses an easily-patched requests session. I plan to refactor other credentials to use the new wrapper so I can stop maintaining a redundant OAuth client.

Closes #7235

adxsdk6 · 2019-09-20T17:18:25Z

Can one of the admins verify this patch?

sdk/identity/azure-identity/azure/identity/__init__.py

bryevdv · 2019-09-26T17:20:18Z

Modulo my relative ignorance of the detail of MSAL, LGTM

chlowell added Client This issue points to a problem in the data-plane of the library. Azure.Identity labels Sep 20, 2019

chlowell requested a review from bryevdv September 20, 2019 17:18

chlowell requested a review from schaabs as a code owner September 20, 2019 17:18

chlowell self-assigned this Sep 20, 2019

chlowell requested a review from johanste September 20, 2019 17:18

chlowell force-pushed the auth-code branch from 94647e9 to d9be6e6 Compare September 20, 2019 22:18

bryevdv reviewed Sep 23, 2019

View reviewed changes

sdk/identity/azure-identity/azure/identity/__init__.py Outdated Show resolved Hide resolved

chlowell added 10 commits September 26, 2019 07:42

synchronous AAD client wrapping MSAL's oauth2 client

2645ed7

synchronous AuthorizationCodeCredential

d299401

async wrapper for requests Session

55e2da5

async AuthorizationCodeCredential

5343e2f

aiohttp is a dev requirement

a591a77

tests

15735f2

update HISTORY

6370135

factor out secret scrubbing

afb7d71

configurable authority

0d301ad

paint it black

40961ce

chlowell force-pushed the auth-code branch from 293bf4f to 40961ce Compare September 26, 2019 14:50

bryevdv approved these changes Sep 26, 2019

View reviewed changes

chlowell added 4 commits September 30, 2019 12:48

test URLs more thoroughly

7a62498

obtain_token_by_refresh_token must pass kwargs

4cea49f

ensure loop is passed in kwargs

600c61f

return a passable mock response

f7c50bc

chlowell merged commit 0a39aa3 into Azure:master Sep 30, 2019

chlowell deleted the auth-code branch September 30, 2019 23:42

YijunXieMS pushed a commit to YijunXieMS/azure-sdk-for-python that referenced this pull request Oct 9, 2019

AuthorizationCodeCredential (Azure#7379)

c6a0cca

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implement authorization code flow#7379

Implement authorization code flow#7379
chlowell merged 14 commits intoAzure:masterfrom
chlowell:auth-code

chlowell commented Sep 20, 2019

Uh oh!

adxsdk6 commented Sep 20, 2019

Uh oh!

Uh oh!

bryevdv commented Sep 26, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

chlowell commented Sep 20, 2019

Uh oh!

adxsdk6 commented Sep 20, 2019

Uh oh!

Uh oh!

bryevdv commented Sep 26, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants