Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
In MSAL .NET, we build claims and capab with access_token and xms_cc, but with the new incoming claim, we fail to do a proper merge, instead just return the incoming claim without the capab.
All MSAL's need to check if this is being properly handled. This issue started happening in MSAL .NET when we moved to start using system.text.json and wrote our own merge logic.
We discovered an bug in MSAL .NET on how we merge the claims and capabilities json in CAE scenarios
Incoming claims :
And the merged claims and capab should be like this,
In MSAL .NET, we build claims and capab with
access_token
andxms_cc
, but with the new incoming claim, we fail to do a proper merge, instead just return the incoming claim without the capab.All MSAL's need to check if this is being properly handled. This issue started happening in MSAL .NET when we moved to start using system.text.json and wrote our own merge logic.
Please refer to MSAL .NET PR for the fix