microsoft-agents-authentication-msal 0.0.0__tar.gz

microsoft_agents_authentication_msal-0.0.0/PKG-INFO

@@ -0,0 +1,15 @@
+Metadata-Version: 2.4
+Name: microsoft-agents-authentication-msal
+Version: 0.0.0
+Summary: A msal-based authentication library for Microsoft Agents
+Author: Microsoft Corporation
+Project-URL: Homepage, https://github.com/microsoft/Agents
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.9
+Requires-Dist: microsoft-agents-hosting-core==0.0.0
+Requires-Dist: msal>=1.31.1
+Requires-Dist: requests>=2.32.3
+Requires-Dist: cryptography>=44.0.0
+Dynamic: requires-dist

microsoft_agents_authentication_msal-0.0.0/microsoft/agents/authentication/msal/__init__.py

@@ -0,0 +1,7 @@
+from .msal_auth import MsalAuth
+from .msal_connection_manager import MsalConnectionManager
+
+__all__ = [
+    "MsalAuth",
+    "MsalConnectionManager",
+]

microsoft_agents_authentication_msal-0.0.0/microsoft/agents/authentication/msal/msal_auth.py

@@ -0,0 +1,179 @@
+from __future__ import annotations
+
+import logging
+from typing import Optional
+from urllib.parse import urlparse, ParseResult as URI
+from msal import (
+    ConfidentialClientApplication,
+    ManagedIdentityClient,
+    UserAssignedManagedIdentity,
+    SystemAssignedManagedIdentity,
+)
+from requests import Session
+from cryptography.x509 import load_pem_x509_certificate
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes
+
+from microsoft.agents.hosting.core import (
+    AuthTypes,
+    AccessTokenProviderBase,
+    AgentAuthConfiguration,
+)
+
+logger = logging.getLogger(__name__)
+
+
+class MsalAuth(AccessTokenProviderBase):
+
+    _client_credential_cache = None
+
+    def __init__(self, msal_configuration: AgentAuthConfiguration):
+        self._msal_configuration = msal_configuration
+        logger.debug(
+            f"Initializing MsalAuth with configuration: {self._msal_configuration}"
+        )
+
+    async def get_access_token(
+        self, resource_url: str, scopes: list[str], force_refresh: bool = False
+    ) -> str:
+        logger.debug(
+            f"Requesting access token for resource: {resource_url}, scopes: {scopes}"
+        )
+        valid_uri, instance_uri = self._uri_validator(resource_url)
+        if not valid_uri:
+            raise ValueError("Invalid instance URL")
+
+        local_scopes = self._resolve_scopes_list(instance_uri, scopes)
+        msal_auth_client = self._create_client_application()
+
+        if isinstance(msal_auth_client, ManagedIdentityClient):
+            logger.info("Acquiring token using Managed Identity Client.")
+            auth_result_payload = msal_auth_client.acquire_token_for_client(
+                resource=resource_url
+            )
+        elif isinstance(msal_auth_client, ConfidentialClientApplication):
+            logger.info("Acquiring token using Confidential Client Application.")
+            auth_result_payload = msal_auth_client.acquire_token_for_client(
+                scopes=local_scopes
+            )
+
+        # TODO: Handling token error / acquisition failed
+        return auth_result_payload["access_token"]
+
+    async def aquire_token_on_behalf_of(
+        self, scopes: list[str], user_assertion: str
+    ) -> str:
+        """
+        Acquire a token on behalf of a user.
+        :param scopes: The scopes for which to get the token.
+        :param user_assertion: The user assertion token.
+        :return: The access token as a string.
+        """
+
+        msal_auth_client = self._create_client_application()
+        if isinstance(msal_auth_client, ManagedIdentityClient):
+            logger.error(
+                "Attempted on-behalf-of flow with Managed Identity authentication."
+            )
+            raise NotImplementedError(
+                "On-behalf-of flow is not supported with Managed Identity authentication."
+            )
+        elif isinstance(msal_auth_client, ConfidentialClientApplication):
+            # TODO: Handling token error / acquisition failed
+            return msal_auth_client.acquire_token_on_behalf_of(
+                user_assertion=user_assertion, scopes=scopes
+            )["access_token"]
+
+        logger.error(
+            f"On-behalf-of flow is not supported with the current authentication type: {msal_auth_client.__class__.__name__}"
+        )
+        raise NotImplementedError(
+            f"On-behalf-of flow is not supported with the current authentication type: {msal_auth_client.__class__.__name__}"
+        )
+
+    def _create_client_application(
+        self,
+    ) -> ManagedIdentityClient | ConfidentialClientApplication:
+        msal_auth_client = None
+
+        if self._msal_configuration.AUTH_TYPE == AuthTypes.user_managed_identity:
+            msal_auth_client = ManagedIdentityClient(
+                UserAssignedManagedIdentity(
+                    client_id=self._msal_configuration.CLIENT_ID
+                ),
+                http_client=Session(),
+            )
+
+        elif self._msal_configuration.AUTH_TYPE == AuthTypes.system_managed_identity:
+            msal_auth_client = ManagedIdentityClient(
+                SystemAssignedManagedIdentity(),
+                http_client=Session(),
+            )
+        else:
+            authority_path = self._msal_configuration.TENANT_ID or "botframework.com"
+            authority = f"https://login.microsoftonline.com/{authority_path}"
+
+            if self._client_credential_cache:
+                logger.info("Using cached client credentials for MSAL authentication.")
+                pass
+            elif self._msal_configuration.AUTH_TYPE == AuthTypes.client_secret:
+                self._client_credential_cache = self._msal_configuration.CLIENT_SECRET
+            elif self._msal_configuration.AUTH_TYPE == AuthTypes.certificate:
+                with open(self._msal_configuration.CERT_KEY_FILE) as file:
+                    logger.info(
+                        "Loading certificate private key for MSAL authentication."
+                    )
+                    private_key = file.read()
+
+                with open(self._msal_configuration.CERT_PEM_FILE) as file:
+                    logger.info("Loading public certificate for MSAL authentication.")
+                    public_certificate = file.read()
+
+                # Create an X509 object and calculate the thumbprint
+                logger.info("Calculating thumbprint for the public certificate.")
+                cert = load_pem_x509_certificate(
+                    data=bytes(public_certificate, "UTF-8"), backend=default_backend()
+                )
+                thumbprint = cert.fingerprint(hashes.SHA1()).hex()
+
+                self._client_credential_cache = {
+                    "thumbprint": thumbprint,
+                    "private_key": private_key,
+                }
+            else:
+                logger.error(
+                    f"Unsupported authentication type: {self._msal_configuration.AUTH_TYPE}"
+                )
+                raise NotImplementedError("Authentication type not supported")
+
+            msal_auth_client = ConfidentialClientApplication(
+                client_id=self._msal_configuration.CLIENT_ID,
+                authority=authority,
+                client_credential=self._client_credential_cache,
+            )
+
+        return msal_auth_client
+
+    @staticmethod
+    def _uri_validator(url_str: str) -> tuple[bool, Optional[URI]]:
+        try:
+            result = urlparse(url_str)
+            return all([result.scheme, result.netloc]), result
+        except AttributeError:
+            logger.error(f"URI parsing error for {url_str}")
+            return False, None
+
+    def _resolve_scopes_list(self, instance_url: URI, scopes=None) -> list[str]:
+        if scopes:
+            return scopes
+
+        temp_list: list[str] = []
+        for scope in self._msal_configuration.SCOPES:
+            scope_placeholder = scope
+            if "{instance}" in scope_placeholder.lower():
+                scope_placeholder = scope_placeholder.replace(
+                    "{instance}", f"{instance_url.scheme}://{instance_url.hostname}"
+                )
+            temp_list.append(scope_placeholder)
+        logger.debug(f"Resolved scopes: {temp_list}")
+        return temp_list

microsoft_agents_authentication_msal-0.0.0/microsoft/agents/authentication/msal/msal_connection_manager.py

@@ -0,0 +1,72 @@
+from typing import Dict, List, Optional
+from microsoft.agents.hosting.core.authorization import (
+    AgentAuthConfiguration,
+    AccessTokenProviderBase,
+    ClaimsIdentity,
+    Connections,
+)
+
+from .msal_auth import MsalAuth
+
+
+class MsalConnectionManager(Connections):
+
+    def __init__(
+        self,
+        connections_configurations: Dict[str, AgentAuthConfiguration] = None,
+        connections_map: List[Dict[str, str]] = None,
+        **kwargs
+    ):
+        self._connections: Dict[str, MsalAuth] = {}
+        self._connections_map = connections_map or kwargs.get("CONNECTIONS_MAP", {})
+        self._service_connection_configuration: AgentAuthConfiguration = None
+
+        if connections_configurations:
+            for (
+                connection_name,
+                connection_settings,
+            ) in connections_configurations.items():
+                self._connections[connection_name] = MsalAuth(
+                    AgentAuthConfiguration(**connection_settings)
+                )
+        else:
+            raw_configurations: Dict[str, Dict] = kwargs.get("CONNECTIONS", {})
+            for connection_name, connection_settings in raw_configurations.items():
+                parsed_configuration = AgentAuthConfiguration(
+                    **connection_settings.get("SETTINGS", {})
+                )
+                self._connections[connection_name] = MsalAuth(parsed_configuration)
+                if connection_name == "SERVICE_CONNECTION":
+                    self._service_connection_configuration = parsed_configuration
+
+        if not self._connections.get("SERVICE_CONNECTION", None):
+            raise ValueError("No service connection configuration provided.")
+
+    def get_connection(self, connection_name: Optional[str]) -> AccessTokenProviderBase:
+        """
+        Get the OAuth connection for the agent.
+        """
+        return self._connections.get(connection_name, None)
+
+    def get_default_connection(self) -> AccessTokenProviderBase:
+        """
+        Get the default OAuth connection for the agent.
+        """
+        return self._connections.get("SERVICE_CONNECTION", None)
+
+    def get_token_provider(
+        self, claims_identity: ClaimsIdentity, service_url: str
+    ) -> AccessTokenProviderBase:
+        """
+        Get the OAuth token provider for the agent.
+        """
+        if not self._connections_map:
+            return self.get_default_connection()
+
+        # TODO: Implement logic to select the appropriate connection based on the connection map
+
+    def get_default_connection_configuration(self) -> AgentAuthConfiguration:
+        """
+        Get the default connection configuration for the agent.
+        """
+        return self._service_connection_configuration

microsoft_agents_authentication_msal-0.0.0/microsoft_agents_authentication_msal.egg-info/PKG-INFO

@@ -0,0 +1,15 @@
+Metadata-Version: 2.4
+Name: microsoft-agents-authentication-msal
+Version: 0.0.0
+Summary: A msal-based authentication library for Microsoft Agents
+Author: Microsoft Corporation
+Project-URL: Homepage, https://github.com/microsoft/Agents
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.9
+Requires-Dist: microsoft-agents-hosting-core==0.0.0
+Requires-Dist: msal>=1.31.1
+Requires-Dist: requests>=2.32.3
+Requires-Dist: cryptography>=44.0.0
+Dynamic: requires-dist

microsoft_agents_authentication_msal-0.0.0/microsoft_agents_authentication_msal.egg-info/SOURCES.txt

@@ -0,0 +1,10 @@
+pyproject.toml
+setup.py
+microsoft/agents/authentication/msal/__init__.py
+microsoft/agents/authentication/msal/msal_auth.py
+microsoft/agents/authentication/msal/msal_connection_manager.py
+microsoft_agents_authentication_msal.egg-info/PKG-INFO
+microsoft_agents_authentication_msal.egg-info/SOURCES.txt
+microsoft_agents_authentication_msal.egg-info/dependency_links.txt
+microsoft_agents_authentication_msal.egg-info/requires.txt
+microsoft_agents_authentication_msal.egg-info/top_level.txt

microsoft_agents_authentication_msal-0.0.0/microsoft_agents_authentication_msal.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

microsoft_agents_authentication_msal-0.0.0/microsoft_agents_authentication_msal.egg-info/requires.txt

@@ -0,0 +1,4 @@
+microsoft-agents-hosting-core==0.0.0
+msal>=1.31.1
+requests>=2.32.3
+cryptography>=44.0.0

microsoft_agents_authentication_msal-0.0.0/microsoft_agents_authentication_msal.egg-info/top_level.txt

@@ -0,0 +1 @@
+microsoft

microsoft_agents_authentication_msal-0.0.0/pyproject.toml

@@ -0,0 +1,18 @@
+[build-system]
+requires = ["setuptools>=64"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "microsoft-agents-authentication-msal"
+dynamic = ["version", "dependencies"]
+description = "A msal-based authentication library for Microsoft Agents"
+authors = [{name = "Microsoft Corporation"}]
+requires-python = ">=3.9"
+classifiers = [
+    "Programming Language :: Python :: 3",
+    "License :: OSI Approved :: MIT License",
+    "Operating System :: OS Independent",
+]
+
+[project.urls]
+"Homepage" = "https://github.com/microsoft/Agents"

microsoft_agents_authentication_msal-0.0.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

microsoft_agents_authentication_msal-0.0.0/setup.py

@@ -0,0 +1,14 @@
+from os import environ
+from setuptools import setup
+
+package_version = environ.get("PackageVersion", "0.0.0")
+
+setup(
+    version=package_version,
+    install_requires=[
+        f"microsoft-agents-hosting-core=={package_version}",
+        "msal>=1.31.1",
+        "requests>=2.32.3",
+        "cryptography>=44.0.0",
+    ],
+)