Skip to content

ROPC deprecation #855

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Sep 30, 2025
Merged

ROPC deprecation #855

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
2e8c9b3
ROPC deprecation
Ugonnaak1 Sep 25, 2025
f107a15
sample edit
Ugonnaak1 Sep 25, 2025
d79cba1
reenable e2e tests
Ugonnaak1 Sep 26, 2025
6cae429
reenable tests
Ugonnaak1 Sep 26, 2025
0961248
edit
Ugonnaak1 Sep 26, 2025
ff79ee2
remove import
Ugonnaak1 Sep 26, 2025
4b4c97e
fix wording
Ugonnaak1 Sep 29, 2025
4798680
edits
Ugonnaak1 Sep 30, 2025
2ac9057
add comment
Ugonnaak1 Sep 30, 2025
5e398c2
format
Ugonnaak1 Sep 30, 2025
ff536b0
docstring changes
Ugonnaak1 Sep 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion msal/__main__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,12 @@ def _acquire_token_interactive(app, scopes=None, data=None):
return result

def _acquire_token_by_username_password(app):
"""acquire_token_by_username_password() - See constraints here: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows#constraints-for-ropc"""
"""
[Deprecated] This API is deprecated for PublicClientApplication(PCA) flows and will be removed in a future release. Use a more secure flow instead.
Migration guide: https://aka.ms/msal-ropc-migration

acquire_token_by_username_password() - See constraints here: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows#constraints-for-ropc
"""
print_json(app.acquire_token_by_username_password(
_input("username: "), getpass.getpass("password: "), scopes=_input_scopes()))

Expand Down
11 changes: 10 additions & 1 deletion msal/application.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1815,7 +1815,11 @@ def acquire_token_by_username_password(
# because this ROPC won't work with MSA account anyway.
auth_scheme=None,
**kwargs):
"""Gets a token for a given resource via user credentials.
"""
[Deprecated] This API is deprecated for PublicClientApplication(PCA) flows and will be removed in a future release. Use a more secure flow instead.
Migration guide: https://aka.ms/msal-ropc-migration

Gets a token for a given resource via user credentials.

See this page for constraints of Username Password Flow.
https://github.com/AzureAD/microsoft-authentication-library-for-python/wiki/Username-Password-Authentication
Expand All @@ -1841,6 +1845,11 @@ def acquire_token_by_username_password(
- A successful response would contain "access_token" key,
- an error response would contain "error" and usually "error_description".
"""
is_confidential_app = self.client_credential or isinstance(
self, ConfidentialClientApplication)
if not is_confidential_app:
warnings.warn("This API has been deprecated for public client flows, please use a more secure flow. " \
"See https://aka.ms/msal-ropc-migration for migration guidance", DeprecationWarning)
claims = _merge_claims_challenge_and_capabilities(
self._client_capabilities, claims_challenge)
if self._enable_broker and sys.platform in ("win32", "darwin"):
Expand Down
Loading