microsoft-authentication-library-for-python icon indicating copy to clipboard operation
microsoft-authentication-library-for-python copied to clipboard
verified publisher icon AzureAD

[FEATURE-REQUEST] Add ability to provide tenant as a parameter when calling acquire Token

Open g2vinay opened this issue 4 years ago • 3 comments

Hi,

Feature Requested:

We're looking to pass in authority URL and tenant to the MSAL clients as parameters to acquire/get token calls to both Confidential and Public Clients. Currently, the authority URL gets locked in when the Confidential and Public Clients are constructed/instantiated and cannot be changed without constructing another instance of the MSAL clients.

It would simplify things if the user could override the authority URL and tenant as part of the parameters passed to the acquire token calls of the MSAL clients.

.NET MSAL supports this feature, it would be great if Python MSAL supports this too.

g2vinay avatar May 21 '21 21:05 g2vinay

Algorithm for resolving authority in MSAL .NET is encapsulated here

bgavrilMS avatar May 24 '21 12:05 bgavrilMS

@bgavrilMS is there an ETA for this feature?

jeevanbalanmanoj avatar Oct 18 '21 04:10 jeevanbalanmanoj

Just a small update on this one. In MSAL.NET we're deprecating this feature, and replacing it with:

  • an API to change just the tenant, not the whole authority
  • use a static cache across all instances of "application" objects (to enable app developers to simply create a new app object on each request).

The reason for deprecation is that it is not logical for the app and the request to target different environments (e.g. app targes public cloud, request targets DE cloud). Adding validation around these corner case scenarios is quite difficult and perf intensive. Changing only tenant ID is simpler.

bgavrilMS avatar Oct 18 '21 10:10 bgavrilMS