Add claims challenge parameter in initiate_device_flow (#839)

* Add claims challenge parameter in initiate_device_flow

* Update msal/application.py

Co-authored-by: Ray Luo <[email protected]>

* Update msal/oauth2cli/oauth2.py

Co-authored-by: Ray Luo <[email protected]>

* Update msal/application.py

Co-authored-by: Ray Luo <[email protected]>

* Update oauth2.py

* Update oauth2.py

---------

Co-authored-by: Ray Luo <[email protected]>

Author: ashok672

msal/application.py

@@ -2326,7 +2326,7 @@ def _acquire_token_interactive_via_broker(
             auth_scheme=auth_scheme,
             **data)
 
-    def initiate_device_flow(self, scopes=None, **kwargs):
+    def initiate_device_flow(self, scopes=None, *, claims_challenge=None, **kwargs):
         """Initiate a Device Flow instance,
         which will be used in :func:`~acquire_token_by_device_flow`.
 
@@ -2341,6 +2341,8 @@ def initiate_device_flow(self, scopes=None, **kwargs):
         flow = self.client.initiate_device_flow(
             scope=self._decorate_scope(scopes or []),
             headers={msal.telemetry.CLIENT_REQUEST_ID: correlation_id},
+            data={"claims": _merge_claims_challenge_and_capabilities(
+                    self._client_capabilities, claims_challenge)},
             **kwargs)
         flow[self.DEVICE_FLOW_CORRELATION_ID] = correlation_id
         return flow

msal/oauth2cli/oauth2.py

@@ -305,7 +305,7 @@ class Client(BaseClient):  # We choose to implement all 4 grants in 1 class
     grant_assertion_encoders = {GRANT_TYPE_SAML2: BaseClient.encode_saml_assertion}
 
 
-    def initiate_device_flow(self, scope=None, **kwargs):
+    def initiate_device_flow(self, scope=None, *, data=None, **kwargs):
         # type: (list, **dict) -> dict
         # The naming of this method is following the wording of this specs
         # https://tools.ietf.org/html/draft-ietf-oauth-device-flow-12#section-3.1
@@ -323,8 +323,11 @@ def initiate_device_flow(self, scope=None, **kwargs):
         DAE = "device_authorization_endpoint"
         if not self.configuration.get(DAE):
             raise ValueError("You need to provide device authorization endpoint")
+        _data = {"client_id": self.client_id, "scope": self._stringify(scope or [])}
+        if isinstance(data, dict):
+            _data.update(data)
         resp = self._http_client.post(self.configuration[DAE],
-            data={"client_id": self.client_id, "scope": self._stringify(scope or [])},
+            data=_data,
             headers=dict(self.default_headers, **kwargs.pop("headers", {})),
             **kwargs)
         flow = json.loads(resp.text)