add using system account support (Azure#34754)

* add using system account support * update * update * update
azure-sdk · Mar 14, 2024 · f0a7ed4 · f0a7ed4
1 parent feeefb0
commit f0a7ed4
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 1 deletion.
diff --git a/.vscode/cspell.json b/.vscode/cspell.json
@@ -576,6 +576,12 @@
         "wammsa"
       ]
     },
+    {
+      "filename": "sdk/identity/azure-identity-broker/tests/*.py",
+      "words": [
+        "signin"
+      ]
+    },
     {
       "filename": "sdk/tables/azure-data-tables/tests/**/*.py",
       "words": [

diff --git a/sdk/identity/azure-identity-broker/CHANGELOG.md b/sdk/identity/azure-identity-broker/CHANGELOG.md
@@ -4,6 +4,8 @@
 
 ### Features Added
 
+- `InteractiveBrowserBrokerCredential` now supports a `use_operating_system_account` property to enable the use of the currently logged in operating system account for authentication rather than prompting for a credential.
+
 ### Breaking Changes
 
 ### Bugs Fixed

diff --git a/sdk/identity/azure-identity-broker/azure/identity/broker/_browser.py b/sdk/identity/azure-identity-broker/azure/identity/broker/_browser.py
@@ -37,6 +37,8 @@ class InteractiveBrowserBrokerCredential(_InteractiveBrowserCredential):
     :keyword int timeout: seconds to wait for the user to complete authentication. Defaults to 300 (5 minutes).
     :keyword int parent_window_handle: If your app is a GUI app running on a modern Windows system, you are required to
         also provide its window handle so that the sign in UI window will properly pop up on top of your window.
+    :keyword bool use_operating_system_account: Whether to authenticate with the currently signed in user instead of
+        prompting the user with a login dialog. Defaults to False.
     :keyword bool enable_msa_passthrough: Determines whether Microsoft Account (MSA) passthrough is enabled. Note, this
         is only needed for select legacy first-party applications. Defaults to False.
     :keyword bool disable_instance_discovery: Determines whether or not instance discovery is performed when attempting
@@ -52,6 +54,7 @@ class InteractiveBrowserBrokerCredential(_InteractiveBrowserCredential):
     def __init__(self, **kwargs: Any) -> None:
         self._parent_window_handle = kwargs.pop("parent_window_handle", None)
         self._enable_msa_passthrough = kwargs.pop("enable_msa_passthrough", False)
+        self._use_operating_system_account = kwargs.pop("use_operating_system_account", False)
         super().__init__(**kwargs)
 
     @wrap_exceptions
@@ -61,6 +64,22 @@ def _request_token(self, *scopes: str, **kwargs: Any) -> Dict:
         app = self._get_app(**kwargs)
         port = self._parsed_url.port if self._parsed_url else None
 
+        if self._use_operating_system_account:
+            try:
+                result = app.acquire_token_interactive(
+                    scopes=scopes,
+                    login_hint=self._login_hint,
+                    claims_challenge=claims,
+                    timeout=self._timeout,
+                    prompt=msal.Prompt.NONE,
+                    port=port,
+                    parent_window_handle=self._parent_window_handle,
+                    enable_msa_passthrough=self._enable_msa_passthrough,
+                )
+                if "access_token" in result:
+                    return result
+            except socket.error:
+                pass
         try:
             result = app.acquire_token_interactive(
                 scopes=scopes,

diff --git a/sdk/identity/azure-identity-broker/tests/test_broker.py b/sdk/identity/azure-identity-broker/tests/test_broker.py
@@ -4,11 +4,24 @@
 # ------------------------------------
 import pytest
 import sys
+from unittest.mock import patch, Mock
 from azure.identity.broker import InteractiveBrowserBrokerCredential
 
 
-@pytest.mark.skip("Not compatible with identity 1.15.0b1")
 @pytest.mark.skipif(not sys.platform.startswith("win"), reason="tests Windows-specific behavior")
 def test_interactive_browser_broker_cred():
     cred = InteractiveBrowserBrokerCredential()
     assert cred._get_app()._enable_broker
+
+
+@pytest.mark.skipif(not sys.platform.startswith("win"), reason="tests Windows-specific behavior")
+def test_interactive_browser_broker_cred_signed_in_account():
+    with patch("msal.broker._signin_silently", Mock(return_value="token")) as mock_signin_silently:
+        try:
+            cred = InteractiveBrowserBrokerCredential(
+                parent_window_handle="window_handle", use_operating_system_account=True
+            )
+            cred.get_token("scope")
+        except Exception:  # msal raises TypeError which is expected. We are not testing msal here.
+            pass
+        assert mock_signin_silently.called