Enable broker support on Linux

msal/__main__.py

@@ -300,6 +300,7 @@ def _main():
         instance_discovery=instance_discovery,
         enable_broker_on_windows=enable_broker,
         enable_broker_on_mac=enable_broker,
+        enable_broker_on_linux=enable_broker,
         enable_pii_log=enable_pii_log,
         token_cache=global_cache,
         ) if not is_cca else msal.ConfidentialClientApplication(

msal/application.py

@@ -672,6 +672,7 @@ def _decide_broker(self, allow_broker, enable_pii_log):
                 "allow_broker is deprecated. "
                 "Please use PublicClientApplication(..., "
                 "enable_broker_on_windows=True, "
+                "enable_broker_on_linux=True, "
                 "enable_broker_on_mac=...)",
                 DeprecationWarning)
         opted_in_for_broker = (
@@ -1921,7 +1922,7 @@ def __init__(self, client_id, client_credential=None, **kwargs):
 
         .. note::
 
-            You may set enable_broker_on_windows and/or enable_broker_on_mac to True.
+            You may set enable_broker_on_windows and/or enable_broker_on_mac and/or enable_broker_on_linux to True.
 
             **What is a broker, and why use it?**
 
@@ -1989,6 +1990,12 @@ def __init__(self, client_id, client_credential=None, **kwargs):
             This parameter defaults to None, which means MSAL will not utilize a broker.
 
             New in MSAL Python 1.31.0.
+            
+        :param boolean enable_broker_on_linux:
+            This setting is only effective if your app is running on Linux.
+            This parameter defaults to None, which means MSAL will not utilize a broker.
+            
+            New in MSAL Python 1.32.0. 
         """
         if client_credential is not None:
             raise ValueError("Public Client should not possess credentials")

sample/interactive_sample.py

@@ -47,7 +47,8 @@
     oidc_authority=os.getenv('OIDC_AUTHORITY'),  # For External ID with custom domain
     #enable_broker_on_windows=True,  # Opted in. You will be guided to meet the prerequisites, if your app hasn't already
     #enable_broker_on_mac=True,  # Opted in. You will be guided to meet the prerequisites, if your app hasn't already
-
+    #enable_broker_on_linux=True,  # Opted in. You will be guided to meet the prerequisites, if your app hasn't already
+
     token_cache=global_token_cache,  # Let this app (re)use an existing token cache.
         # If absent, ClientApplication will create its own empty token cache
     )

setup.cfg

@@ -62,9 +62,11 @@ broker =
     # most existing MSAL Python apps do not have the redirect_uri needed by broker.
     #
     # We need pymsalruntime.CallbackData introduced in PyMsalRuntime 0.14
-    pymsalruntime>=0.14,<0.18; python_version>='3.6' and platform_system=='Windows'
+    pymsalruntime>=0.14,<0.19; python_version>='3.6' and platform_system=='Windows'
     # On Mac, PyMsalRuntime 0.17+ is expected to support SSH cert and ROPC
-    pymsalruntime>=0.17,<0.18; python_version>='3.8' and platform_system=='Darwin'
+    pymsalruntime>=0.17,<0.19; python_version>='3.8' and platform_system=='Darwin'
+    # PyMsalRuntime 0.18+ is expected to support broker on Linux
+    pymsalruntime>=0.18,<0.19; python_version>='3.8' and platform_system=='Linux'
 
 [options.packages.find]
 exclude =

tests/broker-test.py

@@ -39,7 +39,8 @@
     _AZURE_CLI,
     authority="https://login.microsoftonline.com/organizations",
     enable_broker_on_mac=True,
-    enable_broker_on_windows=True)
+    enable_broker_on_windows=True,
+    enable_broker_on_linux=True)
 
 def interactive_and_silent(scopes, auth_scheme, data, expected_token_type):
     print("An account picker shall be pop up, possibly behind this console. Continue from there.")

tests/test_e2e.py

@@ -200,6 +200,7 @@ def _build_app(cls,
                 http_client=http_client or MinimalHttpClient(),
                 enable_broker_on_windows=broker_available,
                 enable_broker_on_mac=broker_available,
+                enable_broker_on_linux=broker_available,
                 )
 
     def _test_username_password(self,