Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
Even though redirect_uri is an HTTP URL http://localhost:61886/, we switch the protocol to HTTPS https://localhost:61886/ and visit it in the browser. In the real world, the protocol may be changed by the browser's policy (https://github.com/Azure/azure-cli/issues/10426#issuecomment-528308713).
Then the browser will show ERR_SSL_PROTOCOL_ERROR:
In the terminal, MSAL shows gibberish characters because these are actually HTTPS-encrypted binary stream.
Expected behavior
MSAL can consider capturing such error and warn the user incorrect protocol is used. I haven't deep dived into the implementation of http.server yet, but it is totally possible that this can't be achieved by MSAL.
Describe the bug MSAL shows gibberish (mojibake) if
localhost
is accessed using HTTPS.To Reproduce Run
The login URL is
Even though
redirect_uri
is an HTTP URLhttp://localhost:61886/
, we switch the protocol to HTTPShttps://localhost:61886/
and visit it in the browser. In the real world, the protocol may be changed by the browser's policy (https://github.com/Azure/azure-cli/issues/10426#issuecomment-528308713).Then the browser will show
ERR_SSL_PROTOCOL_ERROR
:In the terminal, MSAL shows gibberish characters because these are actually HTTPS-encrypted binary stream.
This issue is reported by https://github.com/Azure/azure-cli/issues/25935, and the solution is https://github.com/Azure/azure-cli/issues/10426#issuecomment-528308713.
Expected behavior MSAL can consider capturing such error and warn the user incorrect protocol is used. I haven't deep dived into the implementation of
http.server
yet, but it is totally possible that this can't be achieved by MSAL.