Closed yoerankaniok closed 2 years ago
Many thanks @yoerankaniok, appreciate the PR 🥇 However, the original design was as intended since there are some case where you just want to parse the token without validate it. The main use case is when MSAL will present the token as expired but the session (when on multi node arch) has still a valid refresh token and we would like to use it without kicking out the user.
In these cases parsing the token (without validation) will allow us to do "silent refresh" of token. Given these use case would you like to think about a design when both options are still presented?
Another small request - please make sure to run black for formatting the code - thank you!
Hi @dudil, happy to help :)
I see, missed that use case, i'm sorry! Could not find a place where you called the function with validate false so figured defaulting to validating the token would be wise.
I've updated the code + ran black, please have a look
Kind regards, Yoeran
This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days.
This PR was closed because it has been stalled for 10 days with no activity.
MSALAuthCodeHandler.parse_id_token rewritten into different functions.
AsyncConfClient.validate_id_token raised uncaught RuntimeError from the msal package whenever a invalid token was presented.
Rearanged some things so there is a None for token_claims returned, as expected, instead of the the exception