Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
@bgavrilMS , @gladjohn , looks like you have also started the work on expires_in. I figure I better also pick up the work at the same time, so that we will have same context while reviewing each other's PR.
The new behavior is "refresh_in = expires_in / 2 when and only when refresh_in is absent and expires_in > 7200".
Currently, as a proof-of-concept, this PR in MSAL Python tentatively brings such a new behavior to all ATs, not just managed identity. It feels harmless, because ESTS remains in control, as they can always emit an explicit refresh_in to override MSAL's default behavior.
P.S.: I'll also add a similar commit into my another work-in-progress Managed Identity PR.
Discussed with @bgavrilMS offline. We chose to not add this logic for outside of Managed Identity scenarios. I'll close this PR here, and move this logic to the WIP managed identity PR.
@bgavrilMS , @gladjohn , looks like you have also started the work on expires_in. I figure I better also pick up the work at the same time, so that we will have same context while reviewing each other's PR.
The new behavior is "refresh_in = expires_in / 2 when and only when refresh_in is absent and expires_in > 7200".
Currently, as a proof-of-concept, this PR in MSAL Python tentatively brings such a new behavior to all ATs, not just managed identity. It feels harmless, because ESTS remains in control, as they can always emit an explicit refresh_in to override MSAL's default behavior.
P.S.: I'll also add a similar commit into my another work-in-progress Managed Identity PR.