How to connect to Azure AD using MSAL python when behind an authenticated proxy

[msjunyao]

We have MSAL python code. When it runs behind the authenticated proxy, it receives the error as follows: Getting error requests.exceptions.ProxyError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /b44900f1-2def-4c3b-9ec6-9020d604e19e/v2.0/.well-known/openid-configuration (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 403 Forbidden')));

Questions:

1. Does MSAL python supports invocation of API from behind authenticated proxy server? If yes, how to make the call successfully?
2. When the account authenticates to proxy server, the password includes special characters, such as '@','&'. How to allow these special characters in the call?

What we have tried the following methods but none of them can help on the above two questions.

1. Following up the suggestion in https://docs.microsoft.com/en-us/azure/developer/python/sdk/azure-sdk-configure-proxy?tabs=cmd, we tried both approaches of using os.environ and proxies in publicclientapplication class. It doesn't help on the problem.
2. We also tried URL encoding of special characters like @, & etc… but still get 403 error.

ps: the relevant code we have tried are: proxies = {

            'http': 'http://(username):(password)@10.***.***.1:8080',

            'https': 'http://(username):(password)@10.***.***.2:8080',

            'no_proxy' : 'sts01.***.com,****.net'

        }

app = PublicClientApplication(

client_id = client_id,

authority = 'https://login.microsoftonline.com/' + tenant_id,

proxies = proxies

)

[rayluo]

MSAL Python just wires up the proxies parameter to its underlying requests. We do not have much firsthand experience on that usage, but perhaps you can find some troubleshooting in python's Requests library?