microsoft-agents-authentication-msal 0.5.3__py3-none-any.whl → 0.6.0__py3-none-any.whl

microsoft_agents/authentication/msal/errors/__init__.py

@@ -0,0 +1,15 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+"""
+Error resources for Microsoft Agents Authentication MSAL package.
+"""
+
+from microsoft_agents.activity.errors import ErrorMessage
+
+from .error_resources import AuthenticationErrorResources
+
+# Singleton instance
+authentication_errors = AuthenticationErrorResources()
+
+__all__ = ["ErrorMessage", "AuthenticationErrorResources", "authentication_errors"]

microsoft_agents/authentication/msal/errors/error_resources.py

@@ -0,0 +1,67 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+"""
+Authentication error resources for Microsoft Agents SDK.
+
+Error codes are in the range -60000 to -60999.
+"""
+
+from microsoft_agents.activity.errors import ErrorMessage
+
+
+class AuthenticationErrorResources:
+    """
+    Error messages for authentication operations.
+
+    Error codes are organized in the range -60000 to -60999.
+    """
+
+    FailedToAcquireToken = ErrorMessage(
+        "Failed to acquire token. {0}",
+        -60012,
+    )
+
+    InvalidInstanceUrl = ErrorMessage(
+        "Invalid instance URL",
+        -60013,
+    )
+
+    OnBehalfOfFlowNotSupportedManagedIdentity = ErrorMessage(
+        "On-behalf-of flow is not supported with Managed Identity authentication.",
+        -60014,
+    )
+
+    OnBehalfOfFlowNotSupportedAuthType = ErrorMessage(
+        "On-behalf-of flow is not supported with the current authentication type: {0}",
+        -60015,
+    )
+
+    AuthenticationTypeNotSupported = ErrorMessage(
+        "Authentication type not supported",
+        -60016,
+    )
+
+    AgentApplicationInstanceIdRequired = ErrorMessage(
+        "Agent application instance Id must be provided.",
+        -60017,
+    )
+
+    FailedToAcquireAgenticInstanceToken = ErrorMessage(
+        "Failed to acquire agentic instance token or agent token for agent_app_instance_id {0}",
+        -60018,
+    )
+
+    AgentApplicationInstanceIdAndUserIdRequired = ErrorMessage(
+        "Agent application instance Id and agentic user Id must be provided.",
+        -60019,
+    )
+
+    FailedToAcquireInstanceOrAgentToken = ErrorMessage(
+        "Failed to acquire instance token or agent token for agent_app_instance_id {0} and agentic_user_id {1}",
+        -60020,
+    )
+
+    def __init__(self):
+        """Initialize AuthenticationErrorResources."""
+        pass

microsoft_agents/authentication/msal/msal_auth.py

@@ -19,27 +19,18 @@ from cryptography.x509 import load_pem_x509_certificate
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes
 
+from microsoft_agents.activity._utils import _DeferredString
+
 from microsoft_agents.hosting.core import (
     AuthTypes,
     AccessTokenProviderBase,
     AgentAuthConfiguration,
 )
+from microsoft_agents.authentication.msal.errors import authentication_errors
 
 logger = logging.getLogger(__name__)
 
 
-# this is deferred because jwt.decode is expensive and we don't want to do it unless we
-# have logging.DEBUG enabled
-class _DeferredLogOfBlueprintId:
-    def __init__(self, jwt_token: str):
-        self.jwt_token = jwt_token
-
-    def __str__(self):
-        payload = jwt.decode(self.jwt_token, options={"verify_signature": False})
-        agentic_blueprint_id = payload.get("xms_par_app_azp")
-        return f"Agentic blueprint id: {agentic_blueprint_id}"
-
-
 async def _async_acquire_token_for_client(msal_auth_client, *args, **kwargs):
     """MSAL in Python does not support async, so we use asyncio.to_thread to run it in
     a separate thread and avoid blocking the event loop
@@ -75,7 +66,7 @@ class MsalAuth(AccessTokenProviderBase):
         )
         valid_uri, instance_uri = self._uri_validator(resource_url)
         if not valid_uri:
-            raise ValueError("Invalid instance URL")
+            raise ValueError(str(authentication_errors.InvalidInstanceUrl))
 
         local_scopes = self._resolve_scopes_list(instance_uri, scopes)
         self._create_client_application()
@@ -96,7 +87,11 @@ class MsalAuth(AccessTokenProviderBase):
         res = auth_result_payload.get("access_token") if auth_result_payload else None
         if not res:
             logger.error("Failed to acquire token for resource %s", auth_result_payload)
-            raise ValueError(f"Failed to acquire token. {str(auth_result_payload)}")
+            raise ValueError(
+                authentication_errors.FailedToAcquireToken.format(
+                    str(auth_result_payload)
+                )
+            )
 
         return res
 
@@ -116,7 +111,7 @@ class MsalAuth(AccessTokenProviderBase):
                 "Attempted on-behalf-of flow with Managed Identity authentication."
             )
             raise NotImplementedError(
-                "On-behalf-of flow is not supported with Managed Identity authentication."
+                str(authentication_errors.OnBehalfOfFlowNotSupportedManagedIdentity)
             )
         elif isinstance(self._msal_auth_client, ConfidentialClientApplication):
             # TODO: Handling token error / acquisition failed
@@ -133,7 +128,9 @@ class MsalAuth(AccessTokenProviderBase):
                 logger.error(
                     f"Failed to acquire token on behalf of user: {user_assertion}"
                 )
-                raise ValueError(f"Failed to acquire token. {str(token)}")
+                raise ValueError(
+                    authentication_errors.FailedToAcquireToken.format(str(token))
+                )
 
             return token["access_token"]
 
@@ -141,7 +138,9 @@ class MsalAuth(AccessTokenProviderBase):
             f"On-behalf-of flow is not supported with the current authentication type: {self._msal_auth_client.__class__.__name__}"
         )
         raise NotImplementedError(
-            f"On-behalf-of flow is not supported with the current authentication type: {self._msal_auth_client.__class__.__name__}"
+            authentication_errors.OnBehalfOfFlowNotSupportedAuthType.format(
+                self._msal_auth_client.__class__.__name__
+            )
         )
 
     def _create_client_application(self) -> None:
@@ -197,7 +196,9 @@ class MsalAuth(AccessTokenProviderBase):
                 logger.error(
                     f"Unsupported authentication type: {self._msal_configuration.AUTH_TYPE}"
                 )
-                raise NotImplementedError("Authentication type not supported")
+                raise NotImplementedError(
+                    str(authentication_errors.AuthenticationTypeNotSupported)
+                )
 
             self._msal_auth_client = ConfidentialClientApplication(
                 client_id=self._msal_configuration.CLIENT_ID,
@@ -243,7 +244,9 @@ class MsalAuth(AccessTokenProviderBase):
         """
 
         if not agent_app_instance_id:
-            raise ValueError("Agent application instance Id must be provided.")
+            raise ValueError(
+                str(authentication_errors.AgentApplicationInstanceIdRequired)
+            )
 
         logger.info(
             "Attempting to get agentic application token from agent_app_instance_id %s",
@@ -277,7 +280,9 @@ class MsalAuth(AccessTokenProviderBase):
         """
 
         if not agent_app_instance_id:
-            raise ValueError("Agent application instance Id must be provided.")
+            raise ValueError(
+                str(authentication_errors.AgentApplicationInstanceIdRequired)
+            )
 
         logger.info(
             "Attempting to get agentic instance token from agent_app_instance_id %s",
@@ -293,7 +298,9 @@ class MsalAuth(AccessTokenProviderBase):
                 agent_app_instance_id,
             )
             raise Exception(
-                f"Failed to acquire agentic instance token or agent token for agent_app_instance_id {agent_app_instance_id}"
+                authentication_errors.FailedToAcquireAgenticInstanceToken.format(
+                    agent_app_instance_id
+                )
             )
 
         authority = (
@@ -316,7 +323,9 @@ class MsalAuth(AccessTokenProviderBase):
                 agent_app_instance_id,
             )
             raise Exception(
-                f"Failed to acquire agentic instance token or agent token for agent_app_instance_id {agent_app_instance_id}"
+                authentication_errors.FailedToAcquireAgenticInstanceToken.format(
+                    agent_app_instance_id
+                )
             )
 
         # future scenario where we don't know the blueprint id upfront
@@ -326,9 +335,20 @@ class MsalAuth(AccessTokenProviderBase):
             logger.error(
                 "Failed to acquire agentic instance token, %s", agentic_instance_token
             )
-            raise ValueError(f"Failed to acquire token. {str(agentic_instance_token)}")
+            raise ValueError(
+                authentication_errors.FailedToAcquireToken.format(
+                    str(agentic_instance_token)
+                )
+            )
 
-        logger.debug(_DeferredLogOfBlueprintId(token))
+        logger.debug(
+            "Agentic blueprint id: %s",
+            _DeferredString(
+                lambda: jwt.decode(token, options={"verify_signature": False}).get(
+                    "xms_par_app_azp"
+                )
+            ),
+        )
 
         return agentic_instance_token["access_token"], agent_token_result
 
@@ -348,7 +368,7 @@ class MsalAuth(AccessTokenProviderBase):
         """
         if not agent_app_instance_id or not agentic_user_id:
             raise ValueError(
-                "Agent application instance Id and agentic user Id must be provided."
+                str(authentication_errors.AgentApplicationInstanceIdAndUserIdRequired)
             )
 
         logger.info(
@@ -367,7 +387,9 @@ class MsalAuth(AccessTokenProviderBase):
                 agentic_user_id,
             )
             raise Exception(
-                f"Failed to acquire instance token or agent token for agent_app_instance_id {agent_app_instance_id} and agentic_user_id {agentic_user_id}"
+                authentication_errors.FailedToAcquireInstanceOrAgentToken.format(
+                    agent_app_instance_id, agentic_user_id
+                )
             )
 
         authority = (

{microsoft_agents_authentication_msal-0.5.3.dist-info → microsoft_agents_authentication_msal-0.6.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: microsoft-agents-authentication-msal
-Version: 0.5.3
+Version: 0.6.0
 Summary: A msal-based authentication library for Microsoft Agents
 Author: Microsoft Corporation
 License-Expression: MIT
@@ -15,7 +15,7 @@ Classifier: Operating System :: OS Independent
 Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: microsoft-agents-hosting-core==0.5.3
+Requires-Dist: microsoft-agents-hosting-core==0.6.0
 Requires-Dist: msal>=1.31.1
 Requires-Dist: requests>=2.32.3
 Requires-Dist: cryptography>=44.0.0

microsoft_agents_authentication_msal-0.6.0.dist-info/RECORD

@@ -0,0 +1,10 @@
+microsoft_agents/authentication/msal/__init__.py,sha256=hjPpakL4zyqeCTEBOUCcHaRnSpG80q-L0csG5HMalYI,151
+microsoft_agents/authentication/msal/msal_auth.py,sha256=iWXAFYYv0MoxK_mvuRq_cren8fJZWrBbW7hsSGmTDLQ,17057
+microsoft_agents/authentication/msal/msal_connection_manager.py,sha256=v7o0ONzjId1G6Ta7IjHc1NtSeM3NWH4t7YilrwJzvYg,5713
+microsoft_agents/authentication/msal/errors/__init__.py,sha256=9dbI_fGa0J4-qq6mTwdAIjaDADDFypenn4ZcsK-F4nE,449
+microsoft_agents/authentication/msal/errors/error_resources.py,sha256=BIZNjhKLNZmyggblBkyQ3R2pGq3VkllEoni6QgBI4hw,1849
+microsoft_agents_authentication_msal-0.6.0.dist-info/licenses/LICENSE,sha256=ws_MuBL-SCEBqPBFl9_FqZkaaydIJmxHrJG2parhU4M,1141
+microsoft_agents_authentication_msal-0.6.0.dist-info/METADATA,sha256=rqi1LLuE9nuKYbpFnzwDQLsw62c9iP8TsWqOB35eouM,8363
+microsoft_agents_authentication_msal-0.6.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+microsoft_agents_authentication_msal-0.6.0.dist-info/top_level.txt,sha256=lWKcT4v6fTA_NgsuHdNvuMjSrkiBMXohn64ApY7Xi8A,17
+microsoft_agents_authentication_msal-0.6.0.dist-info/RECORD,,

microsoft_agents_authentication_msal-0.5.3.dist-info/RECORD

@@ -1,8 +0,0 @@
-microsoft_agents/authentication/msal/__init__.py,sha256=hjPpakL4zyqeCTEBOUCcHaRnSpG80q-L0csG5HMalYI,151
-microsoft_agents/authentication/msal/msal_auth.py,sha256=MI5WNAUL7QyY6MOkstJIibTO0i2yR34FUwhiVRQtiaI,16720
-microsoft_agents/authentication/msal/msal_connection_manager.py,sha256=v7o0ONzjId1G6Ta7IjHc1NtSeM3NWH4t7YilrwJzvYg,5713
-microsoft_agents_authentication_msal-0.5.3.dist-info/licenses/LICENSE,sha256=ws_MuBL-SCEBqPBFl9_FqZkaaydIJmxHrJG2parhU4M,1141
-microsoft_agents_authentication_msal-0.5.3.dist-info/METADATA,sha256=V32swLgZ4seO3dM8zoNd1eijDq5pA202m57yjnbL7Hg,8363
-microsoft_agents_authentication_msal-0.5.3.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-microsoft_agents_authentication_msal-0.5.3.dist-info/top_level.txt,sha256=lWKcT4v6fTA_NgsuHdNvuMjSrkiBMXohn64ApY7Xi8A,17
-microsoft_agents_authentication_msal-0.5.3.dist-info/RECORD,,