search

AzureAD / microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
https://stackoverflow.com/questions/tagged/azure-ad-msal+python
Other
756 stars 191 forks source link

2+ hrs AT will have refresh_in default to expires_in/2 #550

Closed rayluo closed 1 year ago

rayluo commented 1 year ago

@bgavrilMS , @gladjohn , looks like you have also started the work on expires_in. I figure I better also pick up the work at the same time, so that we will have same context while reviewing each other's PR.

The new behavior is "refresh_in = expires_in / 2 when and only when refresh_in is absent and expires_in > 7200".

Currently, as a proof-of-concept, this PR in MSAL Python tentatively brings such a new behavior to all ATs, not just managed identity. It feels harmless, because ESTS remains in control, as they can always emit an explicit refresh_in to override MSAL's default behavior.

P.S.: I'll also add a similar commit into my another work-in-progress Managed Identity PR.

rayluo commented 1 year ago

Discussed with @bgavrilMS offline. We chose to not add this logic for outside of Managed Identity scenarios. I'll close this PR here, and move this logic to the WIP managed identity PR.