Prefer Edge when running on Linux

[rayluo]

Edge will soon become the first browser on Linux to support device-based conditional access policy. This PR has MSAL to prefer using Edge for acquire_token_interactive().

How to test this feature?

1. Install this feature branch by pip install git+https://github.com/AzureAD/microsoft-authentication-library-for-python.git@prefer-edge-on-linux.
2. Download the out-of-the-box interactive sample
3. Prepare a config.json file with content like this, and then run python interactive_sample.py config.json:

{
    "authority": "https://login.microsoftonline.com/common",
    "client_id": "289a413d-284b-4303-9c79-94380abe5d22",
    "scope": ["User.Read"],
    "endpoint": "https://graph.microsoft.com/v1.0/me",
    "placeholder": null
}

@chlowell @jiasli Please help review this feature.

[rayluo]

Before this PR, MSAL would always launch the default browser. After this PR, MSAL would launch Edge browser when running on Linux and when Edge is available. Here we document the different user experience of the two approaches when end user is on Linux and potentially accessing resources that are protected by device-based Conditional Access (CA) policy.

• If we launch default browser, which is typically not Edge.

1. For resources require no device-based CA, it would just work. And, typically user would already have a valid signed-in session (i.e. cookie) in their default browser, so, they even get SSO. This is the most ideal case.

2. For resources require device-based CA, user will be prompted during the sign-in experience. The suggestion of using Edge is currently in the fine print at the end of slide No.3 in this internal document: Enrollment - high level experience .pptx

   If you have already enrolled with Intune, use Microsoft Edge with your work or school profile to access this resource.​

3. Note that the error page above only mentions a vague "use Edge", it does NOT cover how to enable Edge for a specific app. And I doubt any MSAL-powered app would bother convey that instruction beforehand.

4. Even if the end user somehow figure out 2 & 3, he would repeatedly run into the same issue each time he is going to access that resource, which is annoying. To make the things worse, on Linux there is no universal way to specify a browser as default browser. The BROWSER=microsoft-edge way happens to work in Python, but end user may not know that. There would be some trial-and-error for the end user here.

• If we always launch Edge when it is available and when MSAL is running on Linux

1. For resources require no device-based CA, the very first time after Edge being installed into this desktop, the Edge will pop up, it contains no signed-in session, so that end user would need to sign in again. That is suboptimal, but at least it would be much easier than the 3 & 4 above. (However, there is currently a known issue: currently the sign-in experience does not (yet?) present a "Stay signed in?" option to end user from Linux. We started an internal conversation here.)

2. After the sign-in in situation 1 above, the situation 2 here would just work. The end users don't have to read those fine print.

3. Not applicable.

4. Not applicable.

UPDATE: We ended up using the second bullet point's approach.

[lulujrush]

I know this is long done and gone but my issue was the last one linked so I wanted to comment.

IMHO I found this unfortunate that you took away the Linux Users choice of default browser. This has led me to remove Edge from my system and will not be re-introduced.

[rayluo]

IMHO I found this unfortunate that you took away the Linux Users choice of default browser. This has led me to remove Edge from my system and will not be re-introduced.

Fair enough. In case you want to try Edge again but want to have MSAL Python (thus Azure CLI) honor your default browser, you can set an env var BROWSER=firefox_excutable_file.

[kitingChris]

Why is the standard browser explicitly ignored and instead it opens edge? This is totally unexpected Behaviour. Why do you not accept my decision on not making edge the standard browser?