9i@,dZddlZddlZddlZddlZddlZddlZddlZddlZdZ ejZ ejddZ dZejejj dd Zd Zd Zd0d Zd dedfdZedZej0er ej2n ej4 ddlmZeej:ddZ dZ!dZ"d1dZ#dZ$dZ%dZ&dde&dZ'd gZ(d!Z)d"Z*d#Z+ejXe+d$d%Z-d&e+ej\e-j_d'jad'jcd(dZ2d)Z3d*Z4d+Z5d,Z6d-Z7d.Z8e9d/k(re8yy#e$rej>dYwxYw)2aMSAL Python Tester Usage 1: Run it on the fly. python -m msal Note: We choose to not define a console script to avoid name conflict. Usage 2: Build an all-in-one executable file for bug bash. shiv -e msal.__main__._main -o msaltest-on-os-name.pyz . Nzmsal_cache.binctjr1ttdj tj SdS)Nw) global_cachehas_state_changedopen_token_cache_filenamewrite serialize@/var/www/html/venv/lib/python3.12/site-packages/msal/__main__.pyrs=%% $**<+A+A+CD,0r z$04b07795-8ddb-461a-bbee-02f9e1bf7b46z$04f0c124-f2bc-4f59-8241-bf6df9866bbdzhttps://example.com/endpoint placeholder) http_methodurlnoncecFttj|ddy)NT)indent sort_keys)printjsondumps)blobs r print_jsonrs $**T!t 45r c:tdj|dvS)Nz9{} (N/n/F/f or empty means False, otherwise it is True): )NnFf)inputformat)messages r _input_booleanr%"s% CJJ7S ) **r c\t|j|jxs|S)N)default)r"r#strip)r$r's r _inputr)'s& 0 1 7 7 9 DWDr z Your options:z Your choice? Fc R|sJd|r t|t|dD]&\}}tdj|||(|r td t|} t |}d|cxkrt |kr nn||dz S7#t $r |r|r|cYSYwxYw)Nzoptions must not be empty)startz {}: {}z' Or you can just type in your input.)r enumerater#r"intlen ValueError) optionsheaderfooteroption_rendereraccept_nonempty_stringioraw_datachoices r _select_optionsr:*s ///7  f '+:1 l!!!_Q%789: 78 = ]FF*c'l*vz**   2 s')BB&%B&zEnable MSAL Python's DEBUG log?)level) load_dotenvz+Loaded environment variables from .env filezSpython-dotenv is not installed. You may need to set environment variables manually.c`tgdddj}d|vr td|S)N)z$https://graph.microsoft.com/.defaultz%https://management.azure.com/.defaultz User.ReadzUser.ReadBasic.Allz_Select a scope (multiple scopes can only be input by manually typing them, delimited by space):Tr2r54https://pas.windows.net/CheckMyAccess/Linux/.defaultz9SSH Cert scope shall be tested by its dedicated functions)r:splitr0scopess r _input_scopesrCJsA  q#  %' >GTUU Mr c\|j}|rt|ddStdy)Nc2dj|d|dS)Nz{}, came from {}usernameaccount_source)r#as r rz!_select_account..]s&8&?&?* qQaOb&cr z0Account(s) already signed in inside MSAL Python:r4r2zRNo account available inside MSAL Python. Use other methods to acquire token first.) get_accountsr:r)appaccountss r _select_accountrNXs4!H cE  bcr c t|}|rQt|jt|t d|j rt drt ndyy)zIacquire_token_silent() - with an account already signed into MSAL Python.!Bypass MSAL Python's token cache?Acquire AT POP via Broker?N)account force_refresh auth_scheme)rNracquire_token_silent_with_errorrCr%is_pop_supportedplaceholder_auth_schemerLrRs r _acquire_token_silentrYcs[c"G366 O()LM'')n=Y.Z0 7 r c t|tjsJ|xs t}t dddddddddgdd d }|dk(rd}nHt dg|j Dcgc]}|d  c}zd d}t|t r|d n|}|j||j|jttfvd|||xsi|jrtdrtnd}|r@d|vr<|jdijd}||k7rt!j"d|t%||Scc}w)zUacquire_token_interactive() - User will be prompted if app opts to do select_account.NzRUnspecified. Proceed silently with a default account (if any), fallback to prompt.)value descriptionnonezEnone. Proceed silently with a default account (if any), or error out.select_accountz.select_account. Prompt with an account picker.c |dS)Nr\r r7s r rz,_acquire_token_interactive..ys !M"2r zPrompt behavior?rJr[rFzlogin_hint? (If you have multiple signed-in sessions in browser/broker, and you specify a login_hint to match one of them, you will bypass the account picker.)Tr>irQ)parent_window_handleenable_msa_passthroughportprompt login_hintdatarTid_token_claimspreferred_usernamez-Signed-in user "%s" does not match login_hint) isinstancemsalPublicClientApplicationrCr:rKdictacquire_token_interactiveCONSOLE_WINDOW_HANDLE client_id _AZURE_CLI_VISUAL_STUDIOrVr%rWgetloggingwarningr) rLrBrfrdrerIraw_login_hintresultsigned_in_users r _acquire_token_interactiverxpst c477 88 8  &}F '{|)pq"3cd 3! # $+ ,F!! ( FS-=-=-?@a m@ @u#' 4>nd3S^J/Yg  * * 66"}} 1 *4:2##%.9U*V,+  F'61$5r:>>?ST Z ' OOK^ \v M-As* E ct|jtdtjdt y)zacquire_token_by_username_password() - See constraints here: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows#constraints-for-ropcz username: z password: rAN)r"acquire_token_by_username_passwordr)getpassrCrLs r #_acquire_token_by_username_passwordr}s5s55|gool;MO6UVr ct|tjsJ|jt }t |dt jjtd|j|}t|y)zNacquire_token_by_device_flow() - Note that this one does not go through brokerrAr$zNAfter you completed the step above, press ENTER in this console to continue...N) rirjrkinitiate_device_flowrCrsysstdoutflushr"acquire_token_by_device_flowr)rLflowrvs r _acquire_token_by_device_flowrsj c477 88 8  # #=? # ;D $y/JJ Z[  - -d 3Fvr aw{"kty":"RSA", "n":"2tNr73xwcj6lH7bqRZrFzgSLj7OeLfbn8216uOMDHuaZ6TEUBDN8Uz0ve8jAlKsP9CQFCSVoSNovdE-fs7c15MxEGHjDcNKLWonznximj8pDGZQjVdfK-7mG6P6z-lgVcLuYu5JcWU_PeEqIKg5llOaz-qeQ4LEDS4T1D2qWRGpAra4rJX1-kmrWmX_XIamq30C9EIO0gGuT4rc2hJBWQ-4-FnE1NXmy125wfT3NdotAJGq5lMIfhjfglDbJCwhc8Oe17ORjO3FsB5CLuBRpYmP7Nzn66lRY3Fe11Xz8AEBl3anKFSJcTvlMnFtu3EpD-eiaHfTgRBU7CztGQqVbiQ", "e":"AQAB"}ssh-certkey1) token_typekey_idreq_cnfr?ct|tjsJt|}|r_|j t |t td}t||r+|jddk7rtjdyyyy)zFAcquire an SSH Cert silently- This typically only works with Azure CLIrP)rfrSrrzUnable to acquire an ssh-cert.N) rirjrkrNacquire_token_silent_SSH_CERT_SCOPE_SSH_CERT_DATAr%rrrrserror)rLrRrvs r _acquire_ssh_cert_silentlyrs c477 88 8c"G))  ()LM * 6 fjj.*< MM: ;=6r ct|tjsJt|tt }|j ddk7rtjdyy)zLAcquire an SSH Cert interactively - This typically only works with Azure CLIrBrfrrzUnable to acquire an ssh-certN) rirjrkrxrrrrrsr)rLrvs r _acquire_ssh_cert_interactiversI c477 88 8 'O. YF zz,:- 56.r z+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-AAAAAAAAsw)kidxms_kslpopzutf-8=ct|tjsJdg}t||t}t ||j ddk7rtjdyy)zLAcquire a POP token interactively - This typically only works with Azure CLIz-6256c85f-0aad-4d50-b960-e6e9b21efe35/.defaultrrrzUnable to acquire a pop tokenN) rirjrkrx _POP_DATArrrrsr)rL POP_SCOPErvs r _acquire_pop_token_interactiversY c477 88 8@AI 'II NFv zz,5( 56)r c|t|}|r/|j|tdj|dyy)zoremove_account() - Invalidate account and/or token(s) from cache, so that acquire_token_silent() would be resetz@Account "{}" and/or its token(s) are signed out from MSAL PythonrFN)rNremove_accountrr#rXs r _remove_accountrs=c"G 7# PWWX_`jXklmr ct|tjsJt|j t y)zKCCA.acquire_token_for_client() - Rerun this will get same token from cache.rAN)rirjConfidentialClientApplicationracquire_token_for_clientrCr|s r _acquire_token_for_clientrs0 c4== >> >s++=?+CDr c\t|tjsJ|jy)zECCA.remove_tokens_for_client() - Run this to evict tokens from cache.N)rirjrremove_tokens_for_clientr|s r _remove_tokens_for_clientrs$ c4== >> >  "r c|jrdnd}tdj|tjy)Exitzjhttps://identitydivision.visualstudio.com/Engineering/_queries/query/79b3a352-a775-406f-87cd-a487c382a8ed/zXhttps://github.com/AzureAD/microsoft-authentication-library-for-python/issues/new/choosez2Bye. If you found a bug, please report it here: {}N)_enable_brokerrr#rexit)rLbug_links r _exitrs:    ub  > E Eh OPHHJr c tdjtjt dddddjt dgddd }|d dk(rUt jjt r2 tjtt d jt td dtdddddt j dt j dddgddd }t#|t$xrd|v}|r|dr|ds t'd| xr t)d}|rt*r t)dnd }t gddd }|r|j-d!s t)d"nd}|s7tj.t#|t$r|dn||||||||t# n$tj0|d|d|||t$}t2gt#|tj.rt4t6t8t:t<gngzt>t@gzt#|tj0r tBtDgngz} t |tFgzd%d&'} | |!#t$rYwxYw#t&$r } tIjJd(| Yd} ~ 5d} ~ wtL$rtd)YNwxYw)*Nz4Welcome to the Msal Python {} Tester (Experimental) emptyz. !F)r z1What token cache state do you want to begin with?F)r4r2r5r9rz+Azure CLI (Correctly configured for MSA-PT))ronamez/Visual Studio (Correctly configured for MSA-PT)z$95de633a-083e-42f5-b444-a4295d8e9314zAWhiteboard Services (Non MSA-PT app. Accepts AAD & MSA accounts.) CLIENT_ID CLIENT_SECRETzoA confidential client app (CCA) whose settings are defined in environment variables CLIENT_ID and CLIENT_SECRET)ro client_secretrc |dS)Nrr rHs r rz_main..rr zUImpersonate this app (or you can type in the client_id of your own public client app)TrrozAYou need to set environment variables CLIENT_ID and CLIENT_SECRETzYEnable broker? (It will error out later if your app has not registered some redirect URI)zEnable PII in broker's log?)z(https://login.microsoftonline.com/commonz/https://login.microsoftonline.com/organizationsz;https://login.microsoftonline.com/microsoft.onmicrosoft.comz:https://login.microsoftonline.com/msidlab4.onmicrosoft.comz+https://login.microsoftonline.com/consumerszKInput authority (Note that MSA-PT apps would NOT use the /common authority)r>z!https://login.microsoftonline.comzYou input an unusual authority which might fail the Instance Discovery. Now, do you want to perform Instance Discovery on your input authority?) authorityinstance_discoveryenable_broker_on_windowsenable_broker_on_macenable_broker_on_linuxenable_broker_on_wslenable_pii_log token_cache)client_credentialrrrrc|jSN)__doc__)r s r rz_main..Os aiir zMSAL Python APIs:rJzInvalid input: %sAborted)'rr#rj __version__r:rospathexistsr deserializerreadIOErrorrprqgetenvrirlr0r%enable_debug_log startswithrkrrYrxrrrrr}rrrrrsrKeyboardInterrupt) cache_choice chosen_appis_cca enable_brokerrrrrLmethods_to_be_testedfunces r _mainrs A H HIYIY Z["!V  "KKQ6-L/   $ ,B$&L H(RWW^^ ' ) & ) *  EG   0    C!C!CD & %KM "  E7 */8KM  I U   ` 2 MM-q 1 1   )  s01I7.J7 JJ KJ++KK__main__r)NN):rbase64r{rrsrratexitrjrSerializableTokenCacherregisterrprq PopAuthSchemeHTTP_GETrWrr%r)strr:r basicConfigDEBUGINFOdotenvr<info ImportErrorrtrCrNrYrxr}r_JWK1rrrr _POP_KEY_IDr _RAW_REQ_CNFurlsafe_b64encodeencodedecoderstriprrrrrrr__name__r r r rs=<<<(*t**, 0 4 7,$,,""++&  6* E(0CUX$ *""CD+;'--N?"MGLL>?  d %NV  F *fOIJ <7< tzz+$?@ 'v'' (;(;G(DELLWU\\]`a  7nE # hT z Ge?GOO >??s<E99FF