search

AzureAD / microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
https://stackoverflow.com/questions/tagged/azure-ad-msal+python
Other
788 stars 194 forks source link

response_mode in authorization code flow #396

Closed uta-pmizilin closed 2 years ago

uta-pmizilin commented 3 years ago

Is form_post response_mode supported for authorization code flow (ConfidentialClientApplication)? Looking at application.py it seems like response_mode parameter is not implemented at all.

msal==1.13.0

rayluo commented 3 years ago

It is true that MSAL Python does not currently expose the response_mode parameter, because the use of response_mode parameter was "not recommended" per the original specs. But we can add it, per newer guidance.

Marking this issue as an enhancement.

uta-pmizilin commented 3 years ago

@rayluo Thanks for the quick response; I assume the newer guidance is the reason why https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc recommends form_post for web applications:

response_mode - Recommended Specifies the method that should be used to send the resulting authorization code back to your app. Can be form_post or fragment. For web applications, we recommend using response_mode=form_post, to ensure the most secure transfer of tokens to your application.

ndrsn commented 2 years ago

Has any progress been made on this issue?

If not, would a pull request implementing response_mode be welcome, and would you have any pointers as to where to start — based on a cursory glance through the code, it looks like initiate_auth_code_flow would be the place to add/support this parameter?