Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-msal for openSUSE:Factory 
checked in at 2023-08-14 22:36:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-msal (Old)
 and      /work/SRC/openSUSE:Factory/.python-msal.new.11712 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-msal"

Mon Aug 14 22:36:11 2023 rev:15 rq:1103887 version:1.24.0~b1

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-msal/python-msal.changes  2023-04-19 
17:44:48.524832059 +0200
+++ /work/SRC/openSUSE:Factory/.python-msal.new.11712/python-msal.changes       
2023-08-14 22:36:28.504689044 +0200
@@ -1,0 +2,11 @@
+Mon Aug 14 13:29:06 UTC 2023 - John Paul Adrian Glaubitz 
<adrian.glaub...@suse.com>
+
+- Update to version 1.24.0b1
+  + Experimental: Surface MSAL telemetry as a long opaque string (#575).
+    This behavior is useful if your app has your own telemetry mechanism
+    and wants to also collect MSAL's telemetry.
+- from version 1.23.0
+  + acquire_token_for_client() will automatically look up tokens from cache 
(#577)
+- Override upstream version with 1.24.0~b1
+
+-------------------------------------------------------------------

Old:
----
  msal-1.22.0.tar.gz

New:
----
  msal-1.24.0b1.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-msal.spec ++++++
--- /var/tmp/diff_new_pack.P2EZln/_old  2023-08-14 22:36:29.192693418 +0200
+++ /var/tmp/diff_new_pack.P2EZln/_new  2023-08-14 22:36:29.196693443 +0200
@@ -16,18 +16,20 @@
 #
 
 
+%define realversion 1.24.0b1
+
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %if 0%{?suse_version} >= 1500
 %define skip_python2 1
 %endif
 Name:           python-msal
-Version:        1.22.0
+Version:        1.24.0~b1
 Release:        0
 Summary:        Microsoft Authentication Library (MSAL) for Python
 License:        MIT
 Group:          Development/Languages/Python
 URL:            
https://github.com/AzureAD/microsoft-authentication-library-for-python
-Source:         
https://files.pythonhosted.org/packages/source/m/msal/msal-%{version}.tar.gz
+Source:         
https://files.pythonhosted.org/packages/source/m/msal/msal-%{realversion}.tar.gz
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  fdupes
@@ -49,7 +51,7 @@
 standard OAuth2 and OpenID Connect.
 
 %prep
-%setup -q -n msal-%{version}
+%setup -q -n msal-%{realversion}
 
 %build
 %python_build

++++++ msal-1.22.0.tar.gz -> msal-1.24.0b1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/msal-1.22.0/PKG-INFO new/msal-1.24.0b1/PKG-INFO
--- old/msal-1.22.0/PKG-INFO    2023-04-17 18:56:23.226273800 +0200
+++ new/msal-1.24.0b1/PKG-INFO  2023-07-24 11:38:52.279546500 +0200
@@ -1,14 +1,14 @@
 Metadata-Version: 2.1
 Name: msal
-Version: 1.22.0
-Summary: The Microsoft Authentication Library (MSAL) for Python library 
enables your app to access the Microsoft Cloud by supporting authentication of 
users with Microsoft Azure Active Directory accounts (AAD) and Microsoft 
Accounts (MSA) using industry standard OAuth2 and OpenID Connect.
+Version: 1.24.0b1
+Summary: The Microsoft Authentication Library (MSAL) for Python library
 Home-page: 
https://github.com/AzureAD/microsoft-authentication-library-for-python
 Author: Microsoft Corporation
 Author-email: nuget...@microsoft.com
 License: MIT
 Project-URL: Changelog, 
https://github.com/AzureAD/microsoft-authentication-library-for-python/releases
 Project-URL: Documentation, https://msal-python.readthedocs.io/
-Project-URL: Questions, https://stackoverflow.com/questions/tagged/msal+python
+Project-URL: Questions, 
https://stackoverflow.com/questions/tagged/azure-ad-msal+python
 Project-URL: Feature/Bug Tracker, 
https://github.com/AzureAD/microsoft-authentication-library-for-python/issues
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Programming Language :: Python
@@ -24,6 +24,7 @@
 Classifier: Programming Language :: Python :: 3.11
 Classifier: License :: OSI Approved :: MIT License
 Classifier: Operating System :: OS Independent
+Requires-Python: >=2.7
 Description-Content-Type: text/markdown
 Provides-Extra: broker
 License-File: LICENSE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/msal-1.22.0/msal/application.py 
new/msal-1.24.0b1/msal/application.py
--- old/msal-1.22.0/msal/application.py 2023-04-17 18:56:13.000000000 +0200
+++ new/msal-1.24.0b1/msal/application.py       2023-07-24 11:38:42.000000000 
+0200
@@ -25,7 +25,7 @@
 
 
 # The __init__.py will import this. Not the other way around.
-__version__ = "1.22.0"  # When releasing, also check and bump our 
dependencies's versions if needed
+__version__ = "1.24.0b1"  # When releasing, also check and bump our 
dependencies's versions if needed
 
 logger = logging.getLogger(__name__)
 _AUTHORITY_TYPE_CLOUDSHELL = "CLOUDSHELL"
@@ -65,8 +65,19 @@
         return raw
 
 
+def _pii_less_home_account_id(home_account_id):
+    parts = home_account_id.split(".")  # It could contain one or two parts
+    parts[0] = "********"
+    return ".".join(parts)
+
+
 def _clean_up(result):
     if isinstance(result, dict):
+        if "_msalruntime_telemetry" in result or "_msal_python_telemetry" in 
result:
+            result["msal_telemetry"] = json.dumps({  # Telemetry as an opaque 
string
+                "msalruntime_telemetry": result.get("_msalruntime_telemetry"),
+                "msal_python_telemetry": result.get("_msal_python_telemetry"),
+                }, separators=(",", ":"))
         return {
             k: result[k] for k in result
             if k != "refresh_in"  # MSAL handled refresh_in, customers need not
@@ -150,6 +161,9 @@
 
 
 class ClientApplication(object):
+    """You do not usually directly use this class. Use its subclasses instead:
+    :class:`PublicClientApplication` and 
:class:`ConfidentialClientApplication`.
+    """
     ACQUIRE_TOKEN_SILENT_ID = "84"
     ACQUIRE_TOKEN_BY_REFRESH_TOKEN = "85"
     ACQUIRE_TOKEN_BY_USERNAME_PASSWORD_ID = "301"
@@ -313,7 +327,7 @@
             to keep their traffic remain inside that region.
 
             As of 2021 May, regional service is only available for
-            ``acquire_token_for_client()`` sent by any of the following 
scenarios::
+            ``acquire_token_for_client()`` sent by any of the following 
scenarios:
 
             1. An app powered by a capable MSAL
                (MSAL Python 1.12+ will be provisioned)
@@ -444,6 +458,8 @@
             New in version 1.19.0.
 
         :param boolean allow_broker:
+            This parameter is NOT applicable to 
:class:`ConfidentialClientApplication`.
+
             A broker is a component installed on your device.
             Broker implicitly gives your device an identity. By using a broker,
             your device becomes a factor that can satisfy MFA (Multi-factor 
authentication).
@@ -756,9 +772,9 @@
             Can be one of "consumers" or "organizations" or your tenant domain 
"contoso.com".
             If included, it will skip the email-based discovery process that 
user goes
             through on the sign-in page, leading to a slightly more 
streamlined user experience.
-            More information on possible values
-            `here 
<https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code>`_
 and
-            `here 
<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-oapx/86fb452d-e34a-494e-ac61-e526e263b6d8>`_.
+            More information on possible values available in
+            `Auth Code Flow doc 
<https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code>`_
 and
+            `domain_hint doc 
<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-oapx/86fb452d-e34a-494e-ac61-e526e263b6d8>`_.
 
         :param int max_age:
             OPTIONAL. Maximum Authentication Age.
@@ -796,7 +812,7 @@
                     "...": "...",  // Everything else are reserved and internal
                 }
 
-            The caller is expected to::
+            The caller is expected to:
 
             1. somehow store this content, typically inside the current 
session,
             2. guide the end user (i.e. resource owner) to visit that auth_uri,
@@ -860,9 +876,9 @@
             Can be one of "consumers" or "organizations" or your tenant domain 
"contoso.com".
             If included, it will skip the email-based discovery process that 
user goes
             through on the sign-in page, leading to a slightly more 
streamlined user experience.
-            More information on possible values
-            `here 
<https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code>`_
 and
-            `here 
<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-oapx/86fb452d-e34a-494e-ac61-e526e263b6d8>`_.
+            More information on possible values available in
+            `Auth Code Flow doc 
<https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code>`_
 and
+            `domain_hint doc 
<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-oapx/86fb452d-e34a-494e-ac61-e526e263b6d8>`_.
         :param claims_challenge:
              The claims_challenge parameter requests specific claims requested 
by the resource provider
              in the form of a claims_challenge directive in the 
www-authenticate header to be
@@ -955,7 +971,7 @@
         self._validate_ssh_cert_input_data(kwargs.get("data", {}))
         telemetry_context = self._build_telemetry_context(
             self.ACQUIRE_TOKEN_BY_AUTHORIZATION_CODE_ID)
-        response =_clean_up(self.client.obtain_token_by_auth_code_flow(
+        response = _clean_up(self.client.obtain_token_by_auth_code_flow(
             auth_code_flow,
             auth_response,
             scope=self._decorate_scope(scopes) if scopes else None,
@@ -1198,32 +1214,24 @@
             **kwargs):
         """Acquire an access token for given account, without user interaction.
 
-        It is done either by finding a valid access token from cache,
-        or by finding a valid refresh token from cache and then automatically
-        use it to redeem a new access token.
-
+        It has same parameters as the :func:`~acquire_token_silent_with_error`.
+        The difference is the behavior of the return value.
         This method will combine the cache empty and refresh error
         into one return value, `None`.
         If your app does not care about the exact token refresh error during
         token cache look-up, then this method is easier and recommended.
 
-        Internally, this method calls :func:`~acquire_token_silent_with_error`.
-
-        :param claims_challenge:
-            The claims_challenge parameter requests specific claims requested 
by the resource provider
-            in the form of a claims_challenge directive in the 
www-authenticate header to be
-            returned from the UserInfo Endpoint and/or in the ID Token and/or 
Access Token.
-            It is a string of a JSON object which contains lists of claims 
being requested from these locations.
-
         :return:
             - A dict containing no "error" key,
               and typically contains an "access_token" key,
               if cache lookup succeeded.
             - None when cache lookup does not yield a token.
         """
-        result = self.acquire_token_silent_with_error(
+        if not account:
+            return None  # A backward-compatible NO-OP to drop the 
account=None usage
+        result = _clean_up(self._acquire_token_silent_with_error(
             scopes, account, authority=authority, force_refresh=force_refresh,
-            claims_challenge=claims_challenge, **kwargs)
+            claims_challenge=claims_challenge, **kwargs))
         return result if result and "error" not in result else None
 
     def acquire_token_silent_with_error(
@@ -1247,9 +1255,10 @@
 
         :param list[str] scopes: (Required)
             Scopes requested to access a protected API (a resource).
-        :param account:
-            one of the account object returned by :func:`~get_accounts`,
-            or use None when you want to find an access token for this client.
+        :param account: (Required)
+            One of the account object returned by :func:`~get_accounts`.
+            Starting from MSAL Python 1.23,
+            a ``None`` input will become a NO-OP and always return ``None``.
         :param force_refresh:
             If True, it will skip Access Token look-up,
             and try to find a Refresh Token to obtain a new Access Token.
@@ -1265,6 +1274,20 @@
             - None when there is simply no token in the cache.
             - A dict containing an "error" key, when token refresh failed.
         """
+        if not account:
+            return None  # A backward-compatible NO-OP to drop the 
account=None usage
+        return _clean_up(self._acquire_token_silent_with_error(
+            scopes, account, authority=authority, force_refresh=force_refresh,
+            claims_challenge=claims_challenge, **kwargs))
+
+    def _acquire_token_silent_with_error(
+            self,
+            scopes,  # type: List[str]
+            account,  # type: Optional[Account]
+            authority=None,  # See get_authorization_request_url()
+            force_refresh=False,  # type: Optional[boolean]
+            claims_challenge=None,
+            **kwargs):
         assert isinstance(scopes, list), "Invalid parameter type"
         self._validate_ssh_cert_input_data(kwargs.get("data", {}))
         correlation_id = msal.telemetry._get_new_correlation_id()
@@ -1324,7 +1347,11 @@
             force_refresh=False,  # type: Optional[boolean]
             claims_challenge=None,
             correlation_id=None,
+            http_exceptions=None,
             **kwargs):
+        # This internal method has two calling patterns:
+        # it accepts a non-empty account to find token for a user,
+        # and accepts account=None to find a token for the current app.
         access_token_from_cache = None
         if not (force_refresh or claims_challenge):  # Bypass AT when desired 
or using claims
             query={
@@ -1361,6 +1388,10 @@
         else:
             refresh_reason = msal.telemetry.FORCE_REFRESH  # TODO: It could 
also mean claims_challenge
         assert refresh_reason, "It should have been established at this point"
+        if not http_exceptions:  # It can be a tuple of exceptions
+            # The exact HTTP exceptions are transportation-layer dependent
+            from requests.exceptions import RequestException  # Lazy load
+            http_exceptions = (RequestException,)
         try:
             data = kwargs.get("data", {})
             if account and account.get("authority_type") == 
_AUTHORITY_TYPE_CLOUDSHELL:
@@ -1380,14 +1411,19 @@
                 if response:  # The broker provided a decisive outcome, so we 
use it
                     return self._process_broker_response(response, scopes, 
data)
 
-            result = 
_clean_up(self._acquire_token_silent_by_finding_rt_belongs_to_me_or_my_family(
-                authority, self._decorate_scope(scopes), account,
-                refresh_reason=refresh_reason, 
claims_challenge=claims_challenge,
-                correlation_id=correlation_id,
-                **kwargs))
+            if account:
+                result = 
self._acquire_token_silent_by_finding_rt_belongs_to_me_or_my_family(
+                    authority, self._decorate_scope(scopes), account,
+                    refresh_reason=refresh_reason, 
claims_challenge=claims_challenge,
+                    correlation_id=correlation_id,
+                    **kwargs)
+            else:  # The caller is acquire_token_for_client()
+                result = self._acquire_token_for_client(
+                    scopes, refresh_reason, claims_challenge=claims_challenge,
+                    **kwargs)
             if (result and "error" not in result) or (not 
access_token_from_cache):
                 return result
-        except:  # The exact HTTP exception is transportation-layer dependent
+        except http_exceptions:
             # Typically network error. Potential AAD outage?
             if not access_token_from_cache:  # It means there is no fall back 
option
                 raise  # We choose to bubble up the exception
@@ -1458,7 +1494,10 @@
             self.token_cache.CredentialType.REFRESH_TOKEN,
             # target=scopes,  # AAD RTs are scope-independent
             query=query)
-        logger.debug("Found %d RTs matching %s", len(matches), query)
+        logger.debug("Found %d RTs matching %s", len(matches), {
+            k: _pii_less_home_account_id(v) if k == "home_account_id" and v 
else v
+            for k, v in query.items()
+        })
 
         response = None  # A distinguishable value to mean cache is empty
         if not matches:  # Then exit early to avoid expensive operations
@@ -1671,6 +1710,9 @@
     CONSOLE_WINDOW_HANDLE = object()
 
     def __init__(self, client_id, client_credential=None, **kwargs):
+        """Same as :func:`ClientApplication.__init__`,
+        except that ``client_credential`` parameter shall remain ``None``.
+        """
         if client_credential is not None:
             raise ValueError("Public Client should not possess credentials")
         super(PublicClientApplication, self).__init__(
@@ -1711,9 +1753,9 @@
             Can be one of "consumers" or "organizations" or your tenant domain 
"contoso.com".
             If included, it will skip the email-based discovery process that 
user goes
             through on the sign-in page, leading to a slightly more 
streamlined user experience.
-            More information on possible values
-            `here 
<https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code>`_
 and
-            `here 
<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-oapx/86fb452d-e34a-494e-ac61-e526e263b6d8>`_.
+            More information on possible values available in
+            `Auth Code Flow doc 
<https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code>`_
 and
+            `domain_hint doc 
<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-oapx/86fb452d-e34a-494e-ac61-e526e263b6d8>`_.
 
         :param claims_challenge:
             The claims_challenge parameter requests specific claims requested 
by the resource provider
@@ -1983,10 +2025,16 @@
 
 
 class ConfidentialClientApplication(ClientApplication):  # server-side web app
+    """Same as :func:`ClientApplication.__init__`,
+    except that ``allow_broker`` parameter shall remain ``None``.
+    """
 
     def acquire_token_for_client(self, scopes, claims_challenge=None, 
**kwargs):
         """Acquires token for the current confidential client, not for an end 
user.
 
+        Since MSAL Python 1.23, it will automatically look for token from 
cache,
+        and only send request to Identity Provider when cache misses.
+
         :param list[str] scopes: (Required)
             Scopes requested to access a protected API (a resource).
         :param claims_challenge:
@@ -2000,7 +2048,20 @@
             - A successful response would contain "access_token" key,
             - an error response would contain "error" and usually 
"error_description".
         """
-        # TBD: force_refresh behavior
+        if kwargs.get("force_refresh"):
+            raise ValueError(  # We choose to disallow force_refresh
+                "Historically, this method does not support force_refresh 
behavior. "
+            )
+        return _clean_up(self._acquire_token_silent_with_error(
+            scopes, None, claims_challenge=claims_challenge, **kwargs))
+
+    def _acquire_token_for_client(
+        self,
+        scopes,
+        refresh_reason,
+        claims_challenge=None,
+        **kwargs
+    ):
         if self.authority.tenant.lower() in ["common", "organizations"]:
             warnings.warn(
                 "Using /common or /organizations authority "
@@ -2008,16 +2069,16 @@
                 "Please use a specific tenant instead.", DeprecationWarning)
         self._validate_ssh_cert_input_data(kwargs.get("data", {}))
         telemetry_context = self._build_telemetry_context(
-            self.ACQUIRE_TOKEN_FOR_CLIENT_ID)
+            self.ACQUIRE_TOKEN_FOR_CLIENT_ID, refresh_reason=refresh_reason)
         client = self._regional_client or self.client
-        response = _clean_up(client.obtain_token_for_client(
+        response = client.obtain_token_for_client(
             scope=scopes,  # This grant flow requires no scope decoration
             headers=telemetry_context.generate_headers(),
             data=dict(
                 kwargs.pop("data", {}),
                 claims=_merge_claims_challenge_and_capabilities(
                     self._client_capabilities, claims_challenge)),
-            **kwargs))
+            **kwargs)
         telemetry_context.update_telemetry(response)
         return response
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/msal-1.22.0/msal/broker.py 
new/msal-1.24.0b1/msal/broker.py
--- old/msal-1.22.0/msal/broker.py      2023-04-17 18:56:13.000000000 +0200
+++ new/msal-1.24.0b1/msal/broker.py    2023-07-24 11:38:42.000000000 +0200
@@ -23,8 +23,7 @@
 except (ImportError, AttributeError):  # AttributeError happens when a prior 
pymsalruntime uninstallation somehow leaved an empty folder behind
     # PyMsalRuntime currently supports these Windows versions, listed in this 
MSFT internal link
     # 
https://github.com/AzureAD/microsoft-authentication-library-for-cpp/pull/2406/files
-    raise ImportError(  # TODO: Remove or adjust this line right before 
merging this PR
-        'You need to install dependency by: pip install 
"msal[broker]>=1.20,<2"')
+    raise ImportError('You need to install dependency by: pip install 
"msal[broker]>=1.20,<2"')
 # It could throw RuntimeError when running on ancient versions of Windows
 
 
@@ -84,9 +83,11 @@
 
 
 def _convert_result(result, client_id, expected_token_type=None):  # Mimic an 
on-the-wire response from AAD
+    telemetry = result.get_telemetry_data()
+    telemetry.pop("wam_telemetry", None)  # In pymsalruntime 0.13, it contains 
PII "account_id"
     error = result.get_error()
     if error:
-        return _convert_error(error, client_id)
+        return dict(_convert_error(error, client_id), 
_msalruntime_telemetry=telemetry)
     id_token_claims = json.loads(result.get_id_token()) if 
result.get_id_token() else {}
     account = result.get_account()
     assert account, "Account is expected to be always available"
@@ -107,7 +108,7 @@
     granted_scopes = result.get_granted_scopes()  # New in pymsalruntime 0.3.x
     if granted_scopes:
         return_value["scope"] = " ".join(granted_scopes)  # Mimic the 
on-the-wire data format
-    return return_value
+    return dict(return_value, _msalruntime_telemetry=telemetry)
 
 
 def _get_new_correlation_id():
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/msal-1.22.0/msal/oauth2cli/http.py 
new/msal-1.24.0b1/msal/oauth2cli/http.py
--- old/msal-1.22.0/msal/oauth2cli/http.py      2023-04-17 18:56:13.000000000 
+0200
+++ new/msal-1.24.0b1/msal/oauth2cli/http.py    2023-07-24 11:38:42.000000000 
+0200
@@ -58,6 +58,11 @@
         # but a `text` would be more generic,
         # when downstream packages would potentially access some XML endpoints.
 
+    headers = {}  # Duplicated headers are expected to be combined into one 
header
+                  # with its value as a comma-separated string.
+                  # https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.2
+                  # Popular HTTP libraries model it as a case-insensitive dict.
+
     def raise_for_status(self):
         """Raise an exception when http response status contains error"""
         raise NotImplementedError("Your implementation should provide this")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/msal-1.22.0/msal/token_cache.py 
new/msal-1.24.0b1/msal/token_cache.py
--- old/msal-1.22.0/msal/token_cache.py 2023-04-17 18:56:13.000000000 +0200
+++ new/msal-1.24.0b1/msal/token_cache.py       2023-07-24 11:38:42.000000000 
+0200
@@ -102,7 +102,6 @@
                 ]
 
     def add(self, event, now=None):
-        # type: (dict) -> None
         """Handle a token obtaining event, and add tokens into cache."""
         def make_clean_copy(dictionary, sensitive_fields):  # Masks sensitive 
info
             return {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/msal-1.22.0/msal.egg-info/PKG-INFO 
new/msal-1.24.0b1/msal.egg-info/PKG-INFO
--- old/msal-1.22.0/msal.egg-info/PKG-INFO      2023-04-17 18:56:23.000000000 
+0200
+++ new/msal-1.24.0b1/msal.egg-info/PKG-INFO    2023-07-24 11:38:52.000000000 
+0200
@@ -1,14 +1,14 @@
 Metadata-Version: 2.1
 Name: msal
-Version: 1.22.0
-Summary: The Microsoft Authentication Library (MSAL) for Python library 
enables your app to access the Microsoft Cloud by supporting authentication of 
users with Microsoft Azure Active Directory accounts (AAD) and Microsoft 
Accounts (MSA) using industry standard OAuth2 and OpenID Connect.
+Version: 1.24.0b1
+Summary: The Microsoft Authentication Library (MSAL) for Python library
 Home-page: 
https://github.com/AzureAD/microsoft-authentication-library-for-python
 Author: Microsoft Corporation
 Author-email: nuget...@microsoft.com
 License: MIT
 Project-URL: Changelog, 
https://github.com/AzureAD/microsoft-authentication-library-for-python/releases
 Project-URL: Documentation, https://msal-python.readthedocs.io/
-Project-URL: Questions, https://stackoverflow.com/questions/tagged/msal+python
+Project-URL: Questions, 
https://stackoverflow.com/questions/tagged/azure-ad-msal+python
 Project-URL: Feature/Bug Tracker, 
https://github.com/AzureAD/microsoft-authentication-library-for-python/issues
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Programming Language :: Python
@@ -24,6 +24,7 @@
 Classifier: Programming Language :: Python :: 3.11
 Classifier: License :: OSI Approved :: MIT License
 Classifier: Operating System :: OS Independent
+Requires-Python: >=2.7
 Description-Content-Type: text/markdown
 Provides-Extra: broker
 License-File: LICENSE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/msal-1.22.0/msal.egg-info/requires.txt 
new/msal-1.24.0b1/msal.egg-info/requires.txt
--- old/msal-1.22.0/msal.egg-info/requires.txt  2023-04-17 18:56:23.000000000 
+0200
+++ new/msal-1.24.0b1/msal.egg-info/requires.txt        2023-07-24 
11:38:52.000000000 +0200
@@ -1,6 +1,6 @@
 requests<3,>=2.0.0
 PyJWT[crypto]<3,>=1.0.0
-cryptography<43,>=0.6
+cryptography<44,>=0.6
 
 [:python_version < "3.3"]
 mock
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/msal-1.22.0/setup.cfg new/msal-1.24.0b1/setup.cfg
--- old/msal-1.22.0/setup.cfg   2023-04-17 18:56:23.226273800 +0200
+++ new/msal-1.24.0b1/setup.cfg 2023-07-24 11:38:52.279546500 +0200
@@ -2,12 +2,62 @@
 universal = 1
 
 [metadata]
+name = msal
+version = attr: msal.__version__
+description = 
+       The Microsoft Authentication Library (MSAL) for Python library
+       enables your app to access the Microsoft Cloud
+       by supporting authentication of users with
+       Microsoft Azure Active Directory accounts (AAD) and Microsoft Accounts 
(MSA)
+       using industry standard OAuth2 and OpenID Connect.
+long_description = file: README.md
+long_description_content_type = text/markdown
+license = MIT
+author = Microsoft Corporation
+author_email = nuget...@microsoft.com
+url = https://github.com/AzureAD/microsoft-authentication-library-for-python
+classifiers = 
+       Development Status :: 5 - Production/Stable
+       Programming Language :: Python
+       Programming Language :: Python :: 2
+       Programming Language :: Python :: 2.7
+       Programming Language :: Python :: 3
+       Programming Language :: Python :: 3.5
+       Programming Language :: Python :: 3.6
+       Programming Language :: Python :: 3.7
+       Programming Language :: Python :: 3.8
+       Programming Language :: Python :: 3.9
+       Programming Language :: Python :: 3.10
+       Programming Language :: Python :: 3.11
+       License :: OSI Approved :: MIT License
+       Operating System :: OS Independent
 project_urls = 
        Changelog = 
https://github.com/AzureAD/microsoft-authentication-library-for-python/releases
        Documentation = https://msal-python.readthedocs.io/
-       Questions = https://stackoverflow.com/questions/tagged/msal+python
+       Questions = 
https://stackoverflow.com/questions/tagged/azure-ad-msal+python
        Feature/Bug Tracker = 
https://github.com/AzureAD/microsoft-authentication-library-for-python/issues
 
+[options]
+include_package_data = False  # We used to ship LICENSE, but our __init__.py 
already mentions MIT
+packages = find:
+python_requires = >=2.7
+install_requires = 
+       requests>=2.0.0,<3
+       
+       PyJWT[crypto]>=1.0.0,<3
+       
+       cryptography>=0.6,<44
+       
+       mock; python_version<'3.3'
+
+[options.extras_require]
+broker = 
+       pymsalruntime>=0.13.2,<0.14; python_version>='3.6' and 
platform_system=='Windows'
+
+[options.packages.find]
+exclude = 
+       tests
+
 [egg_info]
 tag_build = 
 tag_date = 0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/msal-1.22.0/setup.py new/msal-1.24.0b1/setup.py
--- old/msal-1.22.0/setup.py    2023-04-17 18:56:13.000000000 +0200
+++ new/msal-1.24.0b1/setup.py  2023-07-24 11:38:42.000000000 +0200
@@ -1,101 +1,3 @@
-#!/usr/bin/env python
-#------------------------------------------------------------------------------
-#
-# Copyright (c) Microsoft Corporation.
-# All rights reserved.
-#
-# This code is licensed under the MIT License.
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files(the "Software"), to deal
-# in the Software without restriction, including without limitation the rights
-# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
-# copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions :
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-# THE SOFTWARE.
-#
-#------------------------------------------------------------------------------
-
-from setuptools import setup, find_packages
-import re, io
-
-# setup.py shall not import main package
-__version__ = re.search(
-    r'__version__\s*=\s*[\'"]([^\'"]*)[\'"]',  # It excludes inline comment too
-    io.open('msal/application.py', encoding='utf_8_sig').read()
-    ).group(1)
-
-long_description = open('README.md').read()
-
-setup(
-    name='msal',
-    version=__version__,
-    description=' '.join(
-        """The Microsoft Authentication Library (MSAL) for Python library
-        enables your app to access the Microsoft Cloud
-        by supporting authentication of users with
-        Microsoft Azure Active Directory accounts (AAD) and Microsoft Accounts 
(MSA)
-        using industry standard OAuth2 and OpenID Connect.""".split()),
-    long_description=long_description,
-    long_description_content_type="text/markdown",
-    license='MIT',
-    author='Microsoft Corporation',
-    author_email='nuget...@microsoft.com',
-    
url='https://github.com/AzureAD/microsoft-authentication-library-for-python',
-    classifiers=[
-        'Development Status :: 5 - Production/Stable',
-        'Programming Language :: Python',
-        'Programming Language :: Python :: 2',
-        'Programming Language :: Python :: 2.7',
-        'Programming Language :: Python :: 3',
-        'Programming Language :: Python :: 3.5',
-        'Programming Language :: Python :: 3.6',
-        'Programming Language :: Python :: 3.7',
-        'Programming Language :: Python :: 3.8',
-        'Programming Language :: Python :: 3.9',
-        'Programming Language :: Python :: 3.10',
-        'Programming Language :: Python :: 3.11',
-        'License :: OSI Approved :: MIT License',
-        'Operating System :: OS Independent',
-    ],
-    packages=find_packages(exclude=["tests"]),
-    package_data={'': ['LICENSE']},  # Do not use data_files=[...],
-        # which would cause the LICENSE being copied to /usr/local,
-        # and tend to fail because of insufficient permission.
-        # See https://stackoverflow.com/a/14211600/728675 for more detail
-    install_requires=[
-        'requests>=2.0.0,<3',
-        'PyJWT[crypto]>=1.0.0,<3',  # MSAL does not use jwt.decode(), 
therefore is insusceptible to CVE-2022-29217 so no need to bump to PyJWT 2.4+
-
-        'cryptography>=0.6,<43',
-            # load_pem_private_key() is available since 0.6
-            # 
https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst#06---2014-09-29
-            #
-            # And we will use the cryptography (X+3).0.0 as the upper bound,
-            # based on their latest deprecation policy
-            # https://cryptography.io/en/latest/api-stability/#deprecation
-
-        "mock;python_version<'3.3'",
-        ],
-    extras_require={  # It does not seem to work if being defined inside 
setup.cfg
-        "broker": [
-            # The broker is defined as optional dependency,
-            # so that downstream apps can opt in. The opt-in is needed, 
partially because
-            # most existing MSAL Python apps do not have the redirect_uri 
needed by broker.
-            # MSAL Python uses a subset of API from PyMsalRuntime 0.11.2+,
-            # but we still bump the lower bound to 0.13.2+ for its important 
bugfix 
(https://github.com/AzureAD/microsoft-authentication-library-for-cpp/pull/3244)
-            "pymsalruntime>=0.13.2,<0.14;python_version>='3.6' and 
platform_system=='Windows'",
-            ],
-        },
-)
+from setuptools import setup
+setup()
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/msal-1.22.0/tests/test_application.py 
new/msal-1.24.0b1/tests/test_application.py
--- old/msal-1.22.0/tests/test_application.py   2023-04-17 18:56:13.000000000 
+0200
+++ new/msal-1.24.0b1/tests/test_application.py 2023-07-24 11:38:42.000000000 
+0200
@@ -382,8 +382,8 @@
         old_at = "old AT"
         self.populate_cache(access_token=old_at, expires_in=3599, 
refresh_in=-1)
         def mock_post(url, headers=None, *args, **kwargs):
-            self.assertEqual("4|84,2|", (headers or 
{}).get(CLIENT_CURRENT_TELEMETRY))
-            return MinimalResponse(status_code=400, text=json.dumps({"error": 
error}))
+            self.assertEqual("4|84,4|", (headers or 
{}).get(CLIENT_CURRENT_TELEMETRY))
+            return MinimalResponse(status_code=400, text=json.dumps({"error": 
"foo"}))
         result = self.app.acquire_token_silent(['s1'], self.account, 
post=mock_post)
         self.assertEqual(old_at, result.get("access_token"))
 
@@ -549,12 +549,31 @@
             authority="https://login.microsoftonline.com/common";)
 
     def test_acquire_token_for_client(self):
-        at = "this is an access token"
         def mock_post(url, headers=None, *args, **kwargs):
-            self.assertEqual("4|730,0|", (headers or 
{}).get(CLIENT_CURRENT_TELEMETRY))
-            return MinimalResponse(status_code=200, 
text=json.dumps({"access_token": at}))
+            self.assertEqual("4|730,2|", (headers or 
{}).get(CLIENT_CURRENT_TELEMETRY))
+            return MinimalResponse(status_code=200, text=json.dumps({
+                "access_token": "AT 1",
+                "expires_in": 0,
+                }))
         result = self.app.acquire_token_for_client(["scope"], post=mock_post)
-        self.assertEqual(at, result.get("access_token"))
+        self.assertEqual("AT 1", result.get("access_token"), "Shall get a new 
token")
+
+        def mock_post(url, headers=None, *args, **kwargs):
+            self.assertEqual("4|730,3|", (headers or 
{}).get(CLIENT_CURRENT_TELEMETRY))
+            return MinimalResponse(status_code=200, text=json.dumps({
+                "access_token": "AT 2",
+                "expires_in": 3600,
+                "refresh_in": -100,  # A hack to make sure it will attempt 
refresh
+                }))
+        result = self.app.acquire_token_for_client(["scope"], post=mock_post)
+        self.assertEqual("AT 2", result.get("access_token"), "Shall get a new 
token")
+
+        def mock_post(url, headers=None, *args, **kwargs):
+            # 1/0  # TODO: Make sure this was called
+            self.assertEqual("4|730,4|", (headers or 
{}).get(CLIENT_CURRENT_TELEMETRY))
+            return MinimalResponse(status_code=400, text=json.dumps({"error": 
"foo"}))
+        result = self.app.acquire_token_for_client(["scope"], post=mock_post)
+        self.assertEqual("AT 2", result.get("access_token"), "Shall get aging 
token")
 
     def test_acquire_token_on_behalf_of(self):
         at = "this is an access token"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/msal-1.22.0/tests/test_e2e.py 
new/msal-1.24.0b1/tests/test_e2e.py
--- old/msal-1.22.0/tests/test_e2e.py   2023-04-17 18:56:13.000000000 +0200
+++ new/msal-1.24.0b1/tests/test_e2e.py 2023-07-24 11:38:42.000000000 +0200
@@ -146,17 +146,15 @@
             json.dumps(self.app.token_cache._cache, indent=4),
             json.dumps(result_from_wire.get("id_token_claims"), indent=4),
             )
-        # Going to test acquire_token_silent(...) to locate an AT from cache
-        result_from_cache = self.app.acquire_token_silent(scope, account=None)
+        self.assertIsNone(
+            self.app.acquire_token_silent(scope, account=None),
+            "acquire_token_silent(..., account=None) shall always return None")
+        # Going to test acquire_token_for_client(...) to locate an AT from 
cache
+        result_from_cache = self.app.acquire_token_for_client(scope)
         self.assertIsNotNone(result_from_cache)
         self.assertEqual(
             result_from_wire['access_token'], 
result_from_cache['access_token'],
             "We should get a cached AT")
-        self.app.acquire_token_silent(
-            # Result will typically be None, because client credential grant 
returns no RT.
-            # But we care more on this call should succeed without exception.
-            scope, account=None,
-            force_refresh=True)  # Mimic the AT already expires
 
     @classmethod
     def _build_app(cls,
@@ -925,10 +923,16 @@
             client_secret=self.get_lab_user_secret(
                 self.app_config["clientSecret"].split("=")[-1]),
             authority=self.app_config["authority"],
-            scope=["{}/.default".format(self.app_config["appId"])],  # App 
permission
+            #scope=["{}/.default".format(self.app_config["appId"])],  # 
AADSTS500207: The account type can't be used for the resource you're trying to 
access.
+            #scope=["api://{}/.default".format(self.app_config["appId"])],  # 
AADSTS500011: The resource principal named 
api://ced781e7-bdb0-4c99-855c-d3bacddea88a was not found in the tenant named 
MSIDLABCIAM2. This can happen if the application has not been installed by the 
administrator of the tenant or consented to by any user in the tenant. You 
might have sent your authentication request to the wrong tenant.
+            scope=self.app_config["scopes"],  # It shall ends with "/.default"
             )
 
     def test_ciam_acquire_token_by_ropc(self):
+        """CIAM does not officially support ROPC, especially not for external 
emails.
+
+        We keep this test case for now, because the test data will use a local 
email.
+        """
         # Somehow, this would only work after creating a secret for the test 
app
         # and enabling "Allow public client flows".
         # Otherwise it would hit AADSTS7000218.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/msal-1.22.0/tests/test_throttled_http_client.py 
new/msal-1.24.0b1/tests/test_throttled_http_client.py
--- old/msal-1.22.0/tests/test_throttled_http_client.py 2023-04-17 
18:56:13.000000000 +0200
+++ new/msal-1.24.0b1/tests/test_throttled_http_client.py       2023-07-24 
11:38:42.000000000 +0200
@@ -11,19 +11,13 @@
 logging.basicConfig(level=logging.DEBUG)
 
 
-class DummyHttpResponse(MinimalResponse):
-    def __init__(self, headers=None, **kwargs):
-        self.headers = {} if headers is None else headers
-        super(DummyHttpResponse, self).__init__(**kwargs)
-
-
 class DummyHttpClient(object):
     def __init__(self, status_code=None, response_headers=None):
         self._status_code = status_code
         self._response_headers = response_headers
 
     def _build_dummy_response(self):
-        return DummyHttpResponse(
+        return MinimalResponse(
             status_code=self._status_code,
             headers=self._response_headers,
             text=random(),  # So that we'd know whether a new response is 
received

Reply via email to