azure/Kqlmagic/my_aad_helper.py [831:881]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - elif self._current_authentication_method == self._authentication_method: authority = self._authority_uri elif self._current_token is not None: authority = self._get_authority_from_token(self._current_token) else: authority = authority or self._current_authentication_method if authority is None: if self._current_authentication_method in [AuthenticationMethod.managed_service_identity, AuthenticationMethod.azcli_login_subscription, AuthenticationMethod.aux_token]: authority = self._current_authentication_method else: authority = self._authority_uri kwargs["authority"] = authority kwargs["authentication_method"] = self._current_authentication_method kwargs["resource"] = self._resource return kwargs def _get_token_claims(self, jwt_token:str)->dict: "get the claims from the token. To optimize it caches the last token/claims" claims_token, claims = self._token_claims_cache if jwt_token == claims_token: return claims claims = {} if jwt_token: try: base64_header, base64_claims, _ = jwt_token.split('.') # pylint: disable=unused-variable json_claims = self.base64url_decode(base64_claims) claims = json.loads(json_claims) except Exception as e: # this print is not for debug print(f"claims error: {e}") pass self._token_claims_cache = (jwt_token, claims) return claims def base64url_decode(self, url_str:str)->str: size = len(url_str) % 4 if size != 0: padding_size = 4 - size if padding_size == 2: url_str += '==' elif padding_size == 1: url_str += '=' else: raise ValueError(f"Invalid base64 url string: {url_str}") return urlsafe_b64decode(url_str.encode('utf-8')).decode('utf-8') - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - azure/Kqlmagic/my_aad_helper_msal.py [1201:1250]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - elif self._current_authentication_method == self._authentication_method: authority = self._authority_uri elif self._current_token is not None: authority = self._get_authority_from_token(self._current_token) else: authority = authority or self._current_authentication_method if authority is None: if self._current_authentication_method in [AuthenticationMethod.managed_service_identity, AuthenticationMethod.azcli_login_subscription, AuthenticationMethod.aux_token]: authority = self._current_authentication_method else: authority = self._authority_uri kwargs["authority"] = authority kwargs["authentication_method"] = self._current_authentication_method kwargs["resource"] = self._resource return kwargs def _get_token_claims(self, jwt_token:str)->dict: "get the claims from the token. To optimize it caches the last token/claims" claims_token, claims = self._token_claims_cache if jwt_token == claims_token: return claims claims = {} if jwt_token: try: base64_header, base64_claims, _ = jwt_token.split('.') # pylint: disable=unused-variable json_claims = self.base64url_decode(base64_claims) claims = json.loads(json_claims) except Exception as e: # this print is not for debug print(f"claims error: {e}") pass self._token_claims_cache = (jwt_token, claims) return claims def base64url_decode(self, url_str:str)->str: size = len(url_str) % 4 if size != 0: padding_size = 4 - size if padding_size == 2: url_str += '==' elif padding_size == 1: url_str += '=' else: raise ValueError(f"Invalid base64 url string: {url_str}") return urlsafe_b64decode(url_str.encode('utf-8')).decode('utf-8') - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -