# h*@4SrSSKrSSKrSSKrSSKrSSKrSSKrSSKrSSKrSr \R"5r \R"S5 Sr Sr\R"\RR SSS 9rS rS rS0S jrS S\S4Sjr\"S5r\R0"\(a \R2O \R4S9 SSKJr \"5 \R:"S5 Sr Sr!Sr"S1Sjr#Sr$Sr%Sr&SS\&S.r'S /r(S!r)S"r*S#r+\RX"\+S$S%.5r-S&\+\R\"\-R_S'55RaS'5RcS(5S.r2S)r3S*r4S+r5S,r6S-r7S.r8\9S/:Xa\8"5 gg!\a \R>"S5 Nf=f)2aMSAL Python Tester Usage 1: Run it on the fly. python -m msal Note: We choose to not define a console script to avoid name conflict. Usage 2: Build an all-in-one executable file for bug bash. shiv -e msal.__main__._main -o msaltest-on-os-name.pyz . Nzmsal_cache.binc[R(a1[[S5R [R 55$S$)Nw) global_cachehas_state_changedopen_token_cache_filenamewrite serialize?/var/www/html/env/lib/python3.13/site-packages/msal/__main__.pyrs;%% $**<+A+A+CD0+/0r z$04b07795-8ddb-461a-bbee-02f9e1bf7b46z$04f0c124-f2bc-4f59-8241-bf6df9866bbdzhttps://example.com/endpoint placeholder) http_methodurlnoncecB[[R"USSS95 g)NT)indent sort_keys)printjsondumps)blobs r print_jsonrs $**T!t 45r c<[SRU55S;$)Nz9{} (N/n/F/f or empty means False, otherwise it is True): )NnFf)inputformat)messages r _input_booleanr%"s% CJJ7S ) **r c`[URUS95R5=(d U$)N)default)r"r#strip)r$r's r _inputr)'s& 0 1 7 7 9 DWDr z Your options:z Your choice? Fc U(dS5eU(a [U5 [USS9H%upV[SRXS"U555 M' U(a [S5 [U5n[ U5nSUs=::a[ U5::a O OXS- $M:![ a U(a U(aUs$N f=f)Nzoptions must not be empty)startz {}: {}z' Or you can just type in your input.)r enumerater#r"intlen ValueError) optionsheaderfooteroption_rendereraccept_nonempty_stringioraw_datachoices r _select_optionsr:*s ///7  f '+ l!!!_Q%789, 78 = ]FF*c'l*z**+   2 s3#B!B!!C?CzEnable MSAL Python's DEBUG log?)level) load_dotenvz+Loaded environment variables from .env filezSpython-dotenv is not installed. You may need to set environment variables manually.c^[/SQSSS9R5nSU;a [S5eU$)N)z$https://graph.microsoft.com/.defaultz%https://management.azure.com/.defaultz User.ReadzUser.ReadBasic.Allz_Select a scope (multiple scopes can only be input by manually typing them, delimited by space):Tr2r54https://pas.windows.net/CheckMyAccess/Linux/.defaultz9SSH Cert scope shall be tested by its dedicated functions)r:splitr0scopess r _input_scopesrCJsA  q#  %' >GTUU Mr c`UR5nU(a [USSS9$[S5 g)Nc2SRUSUS5$)Nz{}, came from {}usernameaccount_source)r#as r r!_select_account..]s&8&?&?* qQaOb&cr z0Account(s) already signed in inside MSAL Python:r4r2zRNo account available inside MSAL Python. Use other methods to acquire token first.) get_accountsr:r)appaccountss r _select_accountrOXs4!H cE  bcr c [U5nU(aX[UR[5U[ S5UR 5(a[ S5(a[ OSS95 gg)zIacquire_token_silent() - with an account already signed into MSAL Python.!Bypass MSAL Python's token cache?Acquire AT POP via Broker?N)account force_refresh auth_scheme)rOracquire_token_silent_with_errorrCr%is_pop_supportedplaceholder_auth_schemerMrSs r _acquire_token_silentrZcsac"G366 O()LM''))n=Y.Z.Z0 7 r c [U[R5(deU=(d [5n[ SSS.SSS.SSS./SS S 9S nUS:XaSnOL[ S/UR 5Vs/sHoUS PM sn-S SS9n[U[ 5(aUS OUnURUURUR[[4;SX4U=(d 0UR5(a[S5(a[OSS9nU(aCSU;a=URS05RS5nX:wa[ R""SU5 [%U5 U$s snf)zUacquire_token_interactive() - User will be prompted if app opts to do select_account.NzRUnspecified. Proceed silently with a default account (if any), fallback to prompt.)value descriptionnonezEnone. Proceed silently with a default account (if any), or error out.select_accountz.select_account. Prompt with an account picker.c US$)Nr]r r7s r r,_acquire_token_interactive..ys !M"2r zPrompt behavior?rKr\rFzlogin_hint? (If you have multiple signed-in sessions in browser/broker, and you specify a login_hint to match one of them, you will bypass the account picker.)Tr>irR)parent_window_handleenable_msa_passthroughportprompt login_hintdatarUid_token_claimspreferred_usernamez-Signed-in user "%s" does not match login_hint) isinstancemsalPublicClientApplicationrCr:rLdictacquire_token_interactiveCONSOLE_WINDOW_HANDLE client_id _AZURE_CLI_VISUAL_STUDIOrWr%rXgetloggingwarningr) rMrBrhrfrgrIraw_login_hintresultsigned_in_users r _acquire_token_interactiverzps c477 8 88 8  &}F '{|)pq"3cd 3! # $+ ,F!! ( FS-=-=-?@-? m-?@ @u#' 4>nd3S3S^J/Yg  * * 66"}} 1 4:2##%%.9U*V*V,+  F'61$5r:>>?ST  ' OOK^ \v M-As2E& c[UR[S5[R"S5[ 5S95 g)zacquire_token_by_username_password() - See constraints here: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows#constraints-for-ropcz username: z password: rAN)r"acquire_token_by_username_passwordr)getpassrCrMs r #_acquire_token_by_username_passwordrs5s55|gool;MO6UVr c[U[R5(deUR[ 5S9n[ US5 [ RR5 [S5 URU5n[U5 g)zNacquire_token_by_device_flow() - Note that this one does not go through brokerrAr$zNAfter you completed the step above, press ENTER in this console to continue...N) rkrlrminitiate_device_flowrCrsysstdoutflushr"acquire_token_by_device_flowr)rMflowrxs r _acquire_token_by_device_flowrsm c477 8 88 8  # #=? # ;D $y/JJ Z[  - -d 3Fvr aw{"kty":"RSA", "n":"2tNr73xwcj6lH7bqRZrFzgSLj7OeLfbn8216uOMDHuaZ6TEUBDN8Uz0ve8jAlKsP9CQFCSVoSNovdE-fs7c15MxEGHjDcNKLWonznximj8pDGZQjVdfK-7mG6P6z-lgVcLuYu5JcWU_PeEqIKg5llOaz-qeQ4LEDS4T1D2qWRGpAra4rJX1-kmrWmX_XIamq30C9EIO0gGuT4rc2hJBWQ-4-FnE1NXmy125wfT3NdotAJGq5lMIfhjfglDbJCwhc8Oe17ORjO3FsB5CLuBRpYmP7Nzn66lRY3Fe11Xz8AEBl3anKFSJcTvlMnFtu3EpD-eiaHfTgRBU7CztGQqVbiQ", "e":"AQAB"}ssh-certkey1) token_typekey_idreq_cnfr?c0[U[R5(de[U5nU(acUR [ U[ [S5S9n[U5 U(a-URS5S:wa[R"S5 gggg)zFAcquire an SSH Cert silently- This typically only works with Azure CLIrQ)rhrTrrzUnable to acquire an ssh-cert.N) rkrlrmrOacquire_token_silent_SSH_CERT_SCOPE_SSH_CERT_DATAr%rrtruerror)rMrSrxs r _acquire_ssh_cert_silentlyrs c477 8 88 8c"G))  ()LM * 6 fjj.*< MM: ;=6r c[U[R5(de[U[[ S9nUR S5S:wa[R"S5 gg)zLAcquire an SSH Cert interactively - This typically only works with Azure CLIrBrhrrzUnable to acquire an ssh-certN) rkrlrmrzrrrtrur)rMrxs r _acquire_ssh_cert_interactiversL c477 8 88 8 'O. YF zz,:- 56.r z+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-AAAAAAAAsw)kidxms_kslpopzutf-8=c[U[R5(deS/n[X[S9n[ U5 UR S5S:wa[R"S5 gg)zLAcquire a POP token interactively - This typically only works with Azure CLIz-6256c85f-0aad-4d50-b960-e6e9b21efe35/.defaultrrrzUnable to acquire a pop tokenN) rkrlrmrz _POP_DATArrtrur)rM POP_SCOPErxs r _acquire_pop_token_interactiversZ c477 8 88 8@AI 'I NFv zz,5( 56)r c[U5nU(a/URU5 [SRUS55 gg)zoremove_account() - Invalidate account and/or token(s) from cache, so that acquire_token_silent() would be resetz@Account "{}" and/or its token(s) are signed out from MSAL PythonrFN)rOremove_accountrr#rYs r _remove_accountrs=c"G 7# PWWX_`jXklmr c[U[R5(de[UR [ 5S95 g)zKCCA.acquire_token_for_client() - Rerun this will get same token from cache.rAN)rkrlConfidentialClientApplicationracquire_token_for_clientrCr~s r _acquire_token_for_clientrs3 c4== > >> >s++=?+CDr cf[U[R5(deUR5 g)zECCA.remove_tokens_for_client() - Run this to evict tokens from cache.N)rkrlrremove_tokens_for_clientr~s r _remove_tokens_for_clientrs' c4== > >> >  "r cUR(aSOSn[SRU55 [R"5 g)Exitzjhttps://identitydivision.visualstudio.com/Engineering/_queries/query/79b3a352-a775-406f-87cd-a487c382a8ed/zXhttps://github.com/AzureAD/microsoft-authentication-library-for-python/issues/new/choosez2Bye. If you found a bug, please report it here: {}N)_enable_brokerrr#rexit)rMbug_links r _exitrs:    ub  > E Eh OPHHJr c [SR[R55 [ SSS.SSR[ 5S./SSS S 9nUS S:XaZ[ RR[ 5(a2[R[[ S 5R55 [ [S S.[SS.SSS.[ R "S5[ R "S5SS./SSSS 9n[#U[$5=(a SU;nU(aUS(a US(d ['S5eU(+=(a [)S5nU(a[*(a [)S5OS n[ /SQSSS 9nU(a!UR-S!5(d [)S"5OSnU(d8[R."[#U[$5(aUSOUUUUUU[S#9O"[R0"USUSUUU[S$9n[2/[#U[R.5(a[4[6[8[:[</O/-[>[@/-[#U[R05(a [B[D/O/-n[ U[F/-S%S&S'9n U "U5 M![a GN f=f![&a!n [HRJ"S(U 5 Sn A N9Sn A f[La [S)5 NSf=f)*Nz4Welcome to the Msal Python {} Tester (Experimental) emptyz.!F)r z1What token cache state do you want to begin with?F)r4r2r5r9rz+Azure CLI (Correctly configured for MSA-PT))rqnamez/Visual Studio (Correctly configured for MSA-PT)z$95de633a-083e-42f5-b444-a4295d8e9314zAWhiteboard Services (Non MSA-PT app. Accepts AAD & MSA accounts.) CLIENT_ID CLIENT_SECRETzoA confidential client app (CCA) whose settings are defined in environment variables CLIENT_ID and CLIENT_SECRET)rq client_secretrc US$)Nrr rHs r rrrr zUImpersonate this app (or you can type in the client_id of your own public client app)TrrqzAYou need to set environment variables CLIENT_ID and CLIENT_SECRETzYEnable broker? (It will error out later if your app has not registered some redirect URI)zEnable PII in broker's log?)z(https://login.microsoftonline.com/commonz/https://login.microsoftonline.com/organizationsz;https://login.microsoftonline.com/microsoft.onmicrosoft.comz:https://login.microsoftonline.com/msidlab4.onmicrosoft.comz+https://login.microsoftonline.com/consumerszKInput authority (Note that MSA-PT apps would NOT use the /common authority)r>z!https://login.microsoftonline.comzYou input an unusual authority which might fail the Instance Discovery. Now, do you want to perform Instance Discovery on your input authority?) authorityinstance_discoveryenable_broker_on_windowsenable_broker_on_macenable_pii_log token_cache)client_credentialrrrrcUR$N)__doc__)r s r rrMsaiir zMSAL Python APIs:rKzInvalid input: %sAborted)'rr#rl __version__r:rospathexistsr deserializerreadIOErrorrrrsgetenvrkrnr0r%enable_debug_log startswithrmrrZrzrrrrrrrrrrurKeyboardInterrupt) cache_choice chosen_appis_cca enable_brokerrrrrMmethods_to_be_testedfunces r _mainrs) A H HIYIY Z["!V  "KKQ6-L/   $ ,B$&L H(RWW^^> ' ) & ) *  EG   0    C!C!CDD & %KM "  E7 */8KM  I Q   \ 2 MM-q 1 1   )  s01J4*K4 KK LK++LL__main__r)NN):rbase64r}rrurratexitrlrSerializableTokenCacherregisterrrrs PopAuthSchemeHTTP_GETrXrr%r)strr:r basicConfigDEBUGINFOdotenvr<info ImportErrorrvrCrOrZrzrr_JWK1rrrr _POP_KEY_IDr _RAW_REQ_CNFurlsafe_b64encodeencodedecoderstriprrrrrrr__name__r r r rs=<<<(**, 0 4 7,,""++&  6* E(0CUX$ *""CD+;'--N?"M LL>?  d %NV  F *fOIJ <7< zz+$?@ '' (;(;G(DELLWU\\]`a  7nE # fP z Ga? OO >??s=E<<FF