From f4036a38be7d0136383390422b98e9fe67082b93 Mon Sep 17 00:00:00 2001 From: Sarathy Sakshi <2991011+sarathys@users.noreply.github.com> Date: Tue, 14 Jun 2022 20:40:44 -0700 Subject: [PATCH 1/3] Use provided authority port when building the tenant discovery endpoint --- msal/authority.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/msal/authority.py b/msal/authority.py index 4fb6e829..976dea72 100644 --- a/msal/authority.py +++ b/msal/authority.py @@ -71,6 +71,14 @@ def __init__(self, authority_url, http_client, validate_authority=True): if isinstance(authority_url, AuthorityBuilder): authority_url = str(authority_url) authority, self.instance, tenant = canonicalize(authority_url) + + # extract authority port + parsedUrl = urlparse(authority_url) + authorityPort = parsedUrl.port + + if not authorityPort and parsedUrl.scheme == 'https': + authorityPort = 443 + parts = authority.path.split('/') is_b2c = any(self.instance.endswith("." + d) for d in WELL_KNOWN_B2C_HOSTS) or ( len(parts) == 3 and parts[2].lower().startswith("b2c_")) @@ -91,8 +99,9 @@ def __init__(self, authority_url, http_client, validate_authority=True): tenant_discovery_endpoint = payload['tenant_discovery_endpoint'] else: tenant_discovery_endpoint = ( - 'https://{}{}{}/.well-known/openid-configuration'.format( + 'https://{}:{}{}{}/.well-known/openid-configuration'.format( self.instance, + authorityPort, authority.path, # In B2C scenario, it is "/tenant/policy" "" if tenant == "adfs" else "/v2.0" # the AAD v2 endpoint )) From 1ecdb435870451ec29982c36ac059d8895888e5c Mon Sep 17 00:00:00 2001 From: Sarathy Sakshi <2991011+sarathys@users.noreply.github.com> Date: Sat, 18 Jun 2022 12:16:10 -0700 Subject: [PATCH 2/3] address PR comment --- msal/authority.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/msal/authority.py b/msal/authority.py index 976dea72..3c29a62b 100644 --- a/msal/authority.py +++ b/msal/authority.py @@ -73,10 +73,9 @@ def __init__(self, authority_url, http_client, validate_authority=True): authority, self.instance, tenant = canonicalize(authority_url) # extract authority port - parsedUrl = urlparse(authority_url) - authorityPort = parsedUrl.port + authorityPort = authority.port - if not authorityPort and parsedUrl.scheme == 'https': + if not authorityPort and authority.scheme == 'https': authorityPort = 443 parts = authority.path.split('/') From 89853ce9a7aa3ac6da86ed358159cd7bf6c898c1 Mon Sep 17 00:00:00 2001 From: Ray Luo Date: Tue, 28 Jun 2022 13:54:56 -0700 Subject: [PATCH 3/3] Polish the implementation --- msal/authority.py | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/msal/authority.py b/msal/authority.py index 3c29a62b..81788200 100644 --- a/msal/authority.py +++ b/msal/authority.py @@ -71,13 +71,6 @@ def __init__(self, authority_url, http_client, validate_authority=True): if isinstance(authority_url, AuthorityBuilder): authority_url = str(authority_url) authority, self.instance, tenant = canonicalize(authority_url) - - # extract authority port - authorityPort = authority.port - - if not authorityPort and authority.scheme == 'https': - authorityPort = 443 - parts = authority.path.split('/') is_b2c = any(self.instance.endswith("." + d) for d in WELL_KNOWN_B2C_HOSTS) or ( len(parts) == 3 and parts[2].lower().startswith("b2c_")) @@ -100,7 +93,7 @@ def __init__(self, authority_url, http_client, validate_authority=True): tenant_discovery_endpoint = ( 'https://{}:{}{}{}/.well-known/openid-configuration'.format( self.instance, - authorityPort, + 443 if authority.port is None else authority.port, authority.path, # In B2C scenario, it is "/tenant/policy" "" if tenant == "adfs" else "/v2.0" # the AAD v2 endpoint ))