use new msal auth code flow API

Azure · Jan 30, 2021 · 8d92e1f · 8d92e1f
1 parent 7da4fde
commit 8d92e1f
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 37 deletions.
diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/browser.py b/sdk/identity/azure-identity/azure/identity/_credentials/browser.py
@@ -3,7 +3,6 @@
 # Licensed under the MIT License.
 # ------------------------------------
 import socket
-import uuid
 import webbrowser
 
 from six.moves.urllib_parse import urlparse
@@ -21,7 +20,7 @@
 
 if TYPE_CHECKING:
     # pylint:disable=unused-import
-    from typing import Any, List, Mapping
+    from typing import Any
 
 
 class InteractiveBrowserCredential(InteractiveCredential):
@@ -94,14 +93,13 @@ def _request_token(self, *scopes, **kwargs):
 
         # get the url the user must visit to authenticate
         scopes = list(scopes)  # type: ignore
-        request_state = str(uuid.uuid4())
         app = self._get_app()
-        auth_url = app.get_authorization_request_url(
-            scopes, redirect_uri=redirect_uri, state=request_state, prompt="select_account", **kwargs
-        )
 
-        # open browser to that url
-        if not webbrowser.open(auth_url):
+        flow = app.initiate_auth_code_flow(scopes, redirect_uri=redirect_uri, prompt="select_account")
+        if "auth_uri" not in flow:
+            raise CredentialUnavailableError("Failed to begin authentication flow")
+
+        if not webbrowser.open(flow["auth_uri"]):
             raise CredentialUnavailableError(message="Failed to open a browser")
 
         # block until the server times out or receives the post-authentication redirect
@@ -112,30 +110,4 @@ def _request_token(self, *scopes, **kwargs):
             )
 
         # redeem the authorization code for a token
-        code = self._parse_response(request_state, response)
-        return app.acquire_token_by_authorization_code(code, scopes=scopes, redirect_uri=redirect_uri, **kwargs)
-
-    @staticmethod
-    def _parse_response(request_state, response):
-        # type: (str, Mapping[str, Any]) -> List[str]
-        """Validates ``response`` and returns the authorization code it contains, if authentication succeeded.
-
-        Raises :class:`azure.core.exceptions.ClientAuthenticationError`, if authentication failed or ``response`` is
-        malformed.
-        """
-
-        if "error" in response:
-            message = "Authentication failed: {}".format(response.get("error_description") or response["error"])
-            raise ClientAuthenticationError(message=message)
-        if "code" not in response:
-            # a response with no error or code is malformed; we don't know what to do with it
-            message = "Authentication server didn't send an authorization code"
-            raise ClientAuthenticationError(message=message)
-
-        # response must include the state sent in the auth request
-        if "state" not in response:
-            raise ClientAuthenticationError(message="Authentication response doesn't include OAuth state")
-        if response["state"][0] != request_state:
-            raise ClientAuthenticationError(message="Authentication response's OAuth state doesn't match the request's")
-
-        return response["code"]
+        return app.acquire_token_by_auth_code_flow(flow, response, scopes=scopes)
diff --git a/sdk/identity/azure-identity/azure/identity/_internal/auth_code_redirect_handler.py b/sdk/identity/azure-identity/azure/identity/_internal/auth_code_redirect_handler.py
@@ -27,8 +27,8 @@ def do_GET(self):
             return
 
         query = self.path.split("?", 1)[-1]
-        query = parse_qs(query, keep_blank_values=True)
-        self.server.query_params = query
+        parsed = parse_qs(query, keep_blank_values=True)
+        self.server.query_params = {k: v[0] if isinstance(v, list) and len(v) == 1 else v for k, v in parsed.items()}
 
         self.send_response(200)
         self.send_header("Content-Type", "text/html")