From 1c9509b84523c463e88beeae6845a549d22af46c Mon Sep 17 00:00:00 2001
From: cdeler <serj.krotov@gmail.com>
Date: Wed, 21 Oct 2020 17:13:39 +0300
Subject: [PATCH] Added extra_headers to ClientApplication

Having enabled Auth Code Grant Flow for SPA, we broke Device Code flow
for the Azure app. The only way to fix this error is to pass an extra
"Origin" header to this endpoint
https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token

After that the app initialisation might look like:
>>> application = msal.PublicClientApplication(
...          client_id,
...          authority=authority,
...          extra_headers={"Origin": "http://example.com"})
>>> flow = application.initiate_device_flow(scopes=scopes)
---
 msal/application.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/msal/application.py b/msal/application.py
index 410086d1..b1e722af 100644
--- a/msal/application.py
+++ b/msal/application.py
@@ -109,7 +109,7 @@ def __init__(
             http_client=None,
             verify=True, proxies=None, timeout=None,
             client_claims=None, app_name=None, app_version=None,
-            client_capabilities=None):
+            client_capabilities=None, extra_headers=None):
         """Create an instance of application.
 
         :param str client_id: Your app has a client_id after you register it on AAD.
@@ -191,6 +191,11 @@ def __init__(
         :param app_version: (optional)
             You can provide your application version for Microsoft telemetry purposes.
             Default value is None, means it will not be passed to Microsoft.
+        :param dict extra_headers: (optional)
+            Allows you to pass extra headers to each OAuth client request,
+            adding them to the client session. msal uses requests.Session to requesting,
+            so more information you can find here:
+            https://requests.readthedocs.io/en/master/user/advanced/#session-objects
         :param list[str] client_capabilities: (optional)
             Allows configuration of one or more client capabilities, e.g. ["CP1"].
 
@@ -230,6 +235,7 @@ def __init__(
                 self.http_client, validate_authority=validate_authority)
             # Here the self.authority is not the same type as authority in input
         self.token_cache = token_cache or TokenCache()
+        self._extra_headers = extra_headers
         self.client = self._build_client(client_credential, self.authority)
         self.authority_groups = None
 
@@ -245,6 +251,10 @@ def _build_client(self, client_credential, authority):
             default_headers['x-app-name'] = self.app_name
         if self.app_version:
             default_headers['x-app-ver'] = self.app_version
+        if self._extra_headers:
+            for k, v in self._extra_headers.items():
+                if k not in default_headers:
+                    default_headers[k] = v
         default_body = {"client_info": 1}
         if isinstance(client_credential, dict):
             assert ("private_key" in client_credential