Skip to content

{Core} Directly call acquire_token_for_client to acquire access token for service principal #27002

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 3, 2023
Merged

{Core} Directly call acquire_token_for_client to acquire access token for service principal #27002

merged 1 commit into from
Nov 3, 2023

Conversation

jiasli
Copy link
Member

@jiasli jiasli commented Jul 26, 2023

Related command
az login

Description
MSAL 1.23.0 (AzureAD/microsoft-authentication-library-for-python#581) changed the behavior of acquire_token_for_client so that it will automatically look up access tokens from cache, so there is no need to call acquire_token_silent and check the result manually then call acquire_token_for_client.

The MSAL example also reflects the same:

https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/95df6086ec186e395186e097f8c9103c4ee74d83/sample/confidential_client_secret_sample.py#L53-L55

# Since MSAL 1.23, acquire_token_for_client(...) will automatically look up
# a token from cache, and fall back to acquire a fresh token when needed.
result = app.acquire_token_for_client(scopes=config["scope"])

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Jul 26, 2023
edited
Loading

🔄AzureCLI-FullTest
️✔️acr
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️acs
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️advisor
️✔️latest
️✔️3.11
️✔️3.9
️✔️ams
️✔️latest
️✔️3.11
️✔️3.9
️✔️apim
️✔️latest
️✔️3.11
️✔️3.9
️✔️appconfig
️✔️latest
️✔️3.11
️✔️3.9
️✔️appservice
️✔️latest
️✔️3.11
️✔️3.9
️✔️aro
️✔️latest
️✔️3.11
️✔️3.9
️✔️backup
️✔️latest
️✔️3.11
️✔️3.9
️✔️batch
️✔️latest
️✔️3.11
️✔️3.9
️✔️batchai
️✔️latest
️✔️3.11
️✔️3.9
️✔️billing
️✔️latest
️✔️3.11
️✔️3.9
️✔️botservice
️✔️latest
️✔️3.11
️✔️3.9
️✔️cdn
️✔️latest
️✔️3.11
️✔️3.9
️✔️cloud
️✔️latest
️✔️3.11
️✔️3.9
️✔️cognitiveservices
️✔️latest
️✔️3.11
️✔️3.9
️✔️config
️✔️latest
️✔️3.11
️✔️3.9
️✔️configure
️✔️latest
️✔️3.11
️✔️3.9
️✔️consumption
️✔️latest
️✔️3.11
️✔️3.9
️✔️container
️✔️latest
️✔️3.11
️✔️3.9
🔄containerapp
🔄latest
️✔️3.11
🔄3.9
️✔️core
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️cosmosdb
️✔️latest
️✔️3.11
️✔️3.9
️✔️databoxedge
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️dla
️✔️latest
️✔️3.11
️✔️3.9
️✔️dls
️✔️latest
️✔️3.11
️✔️3.9
️✔️dms
️✔️latest
️✔️3.11
️✔️3.9
️✔️eventgrid
️✔️latest
️✔️3.11
️✔️3.9
️✔️eventhubs
️✔️latest
️✔️3.11
️✔️3.9
️✔️feedback
️✔️latest
️✔️3.11
️✔️3.9
️✔️find
️✔️latest
️✔️3.11
️✔️3.9
️✔️hdinsight
️✔️latest
️✔️3.11
️✔️3.9
️✔️identity
️✔️latest
️✔️3.11
️✔️3.9
️✔️iot
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️keyvault
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️kusto
️✔️latest
️✔️3.11
️✔️3.9
️✔️lab
️✔️latest
️✔️3.11
️✔️3.9
️✔️managedservices
️✔️latest
️✔️3.11
️✔️3.9
️✔️maps
️✔️latest
️✔️3.11
️✔️3.9
️✔️marketplaceordering
️✔️latest
️✔️3.11
️✔️3.9
️✔️monitor
️✔️latest
️✔️3.11
️✔️3.9
️✔️mysql
️✔️latest
️✔️3.11
️✔️3.9
️✔️netappfiles
️✔️latest
️✔️3.11
️✔️3.9
️✔️network
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️policyinsights
️✔️latest
️✔️3.11
️✔️3.9
️✔️privatedns
️✔️latest
️✔️3.11
️✔️3.9
️✔️profile
️✔️latest
️✔️3.11
️✔️3.9
️✔️rdbms
️✔️latest
️✔️3.11
️✔️3.9
️✔️redis
️✔️latest
️✔️3.11
️✔️3.9
️✔️relay
️✔️latest
️✔️3.11
️✔️3.9
️✔️resource
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️role
️✔️latest
️✔️3.11
️✔️3.9
️✔️search
️✔️latest
️✔️3.11
️✔️3.9
️✔️security
️✔️latest
️✔️3.11
️✔️3.9
️✔️servicebus
️✔️latest
️✔️3.11
️✔️3.9
️✔️serviceconnector
️✔️latest
️✔️3.11
️✔️3.9
️✔️servicefabric
️✔️latest
️✔️3.11
️✔️3.9
️✔️signalr
️✔️latest
️✔️3.11
️✔️3.9
️✔️sql
️✔️latest
️✔️3.11
️✔️3.9
️✔️sqlvm
️✔️latest
️✔️3.11
️✔️3.9
️✔️storage
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️synapse
️✔️latest
️✔️3.11
️✔️3.9
️✔️telemetry
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️util
️✔️latest
️✔️3.11
️✔️3.9
️✔️vm
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Jul 26, 2023
edited
Loading

️✔️AzureCLI-BreakingChangeTest
️✔️Non Breaking Changes

@ghost ghost added Auto-Assign Auto assign by bot Core CLI core infrastructure labels Jul 26, 2023
@yonzhan
Copy link
Collaborator

yonzhan commented Jul 26, 2023

Core

@ghost ghost assigned jiasli Jul 26, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot added the Account az login/account label Jul 26, 2023
@jiasli jiasli requested a review from MoChilia July 26, 2023 08:08
jiasli
jiasli commented Jul 26, 2023
View reviewed changes
src/azure-cli-core/azure/cli/core/auth/msal_authentication.py
result = self.acquire_token_silent(scopes, None, **kwargs)
if not result:
result = self.acquire_token_for_client(scopes, **kwargs)
result = self.acquire_token_for_client(scopes, **kwargs)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is purely for code cleanliness.

MSAL 1.24.0b1 installed by #26980 will also include this functionality, as calling acquire_token_silent with account=None is now a no-op:

https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/95df6086ec186e395186e097f8c9103c4ee74d83/msal/application.py#L1272-L1273

        if not account:
            return None  # A backward-compatible NO-OP to drop the account=None usage

evelyn-ys
evelyn-ys previously approved these changes Jul 26, 2023
View reviewed changes
MoChilia
MoChilia previously approved these changes Jul 26, 2023
View reviewed changes
@jiasli jiasli dismissed stale reviews from MoChilia and evelyn-ys via 523de5f July 27, 2023 02:00
@jiasli
Copy link
Member Author

jiasli commented Nov 1, 2023

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 3 pipeline(s).

@jiasli jiasli merged commit ca3c902 into Azure:dev Nov 3, 2023
@jiasli jiasli deleted the msal-client branch November 3, 2023 08:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bebound bebound bebound approved these changes

@evelyn-ys evelyn-ys evelyn-ys approved these changes

@MoChilia MoChilia MoChilia left review comments

@calvinhzy calvinhzy Awaiting requested review from calvinhzy

@jsntcy jsntcy Awaiting requested review from jsntcy

@kairu-ms kairu-ms Awaiting requested review from kairu-ms

@zhoxing-ms zhoxing-ms Awaiting requested review from zhoxing-ms

@necusjz necusjz Awaiting requested review from necusjz

@yonzhan yonzhan Awaiting requested review from yonzhan

Assignees

@jiasli jiasli

Labels
Account az login/account Auto-Assign Auto assign by bot Core CLI core infrastructure
Projects
None yet
Milestone
October 2023 (2023-11-14)❗ Breaking c...
Development

Successfully merging this pull request may close these issues.
5 participants
@jiasli @yonzhan @bebound @evelyn-ys @MoChilia