Assertion in bytes in python3 #16
Conversation
msal/application.py
Outdated
| @@ -405,7 +405,7 @@ def _acquire_token_by_username_password_federated( | |||
| raise RuntimeError( | |||
| "RSTR returned unknown token type: %s", wstrust_result.get("type")) | |||
| return self.client.obtain_token_by_assertion( | |||
| b64encode(wstrust_result["token"]), | |||
| urlsafe_b64encode(wstrust_result["token"]).strip(b'='), | |||
There was a problem hiding this comment.
nit, i believe rstrip is enough as = is only used as padding at the end. If correct, you can also update similar code below
There was a problem hiding this comment.
This turns out becoming an interesting journey.
Yes rstrip(...) would be enough, and now I use it in the underlying implementation. Thanks for the suggestion!
And then it becomes the last straw that I realize we should not have forced the caller to do such tricky ad-hoc encoding in the first place (even though we documented it). We should have wrapped it inside a helper instead, and do the right behavior by default. Which is what we do now in this updated PR. And, as a byproduct, the grant_type parameter is no longer optional, because we removed that hacky if b"." in assertion thing, which also makes the original issue of this PR goes away.
None of the above boring details matters in the MSAL public API acquire_token_by_username_password(), because this refactoring is just implementation details.
I'll merge this PR soon. Happy refactoring!
This PR is a superset of existing PR #11.
The major part is equivalent, but here it is done the otherway around, i.e.UPDATE: Based on the latest conversation in this PR, we head to a new direction by avoiding such trickyb"." in data_in_bytesrather than"." in data_in_bytes.decode(). This way we deal withbytesdirectly, and save an ad-hoc type conversion. (On a side note, another alternative is to normalize the input intostringat the very beginning and keep it, that would bring some handy benefit when later we want to log it. But the major drawback is the underlying requests library is technically expecting bytes (per their documentation), and actually converting strings into bytes under the hood. So normalizing-to-string would be a double performance penalty.) This PR also applies the same fix on acquire_token_by_assertion(), which is used in ADFS federated scenario.if b"." in assertionin the first place.Lastly, we fine tune the relevant logging behavior.
You can test this PR by: