ROPC deprecation #855
ROPC deprecation #855
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR deprecates the ROPC (Resource Owner Password Credentials) API across the MSAL Python library by adding deprecation warnings and skipping related tests. The deprecation includes updating documentation, adding warning messages, and providing migration guidance.
- Add deprecation warnings to ROPC-related methods in application.py and main.py
- Skip all ROPC-related tests across multiple test files using @unittest.skip decorator
- Update sample code to log deprecation information
- Remove ROPC function from the interactive CLI menu
Reviewed Changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| msal/application.py | Add deprecation warning and updated docstring for acquire_token_by_username_password method |
| msal/main.py | Add deprecation warning to ROPC function and remove it from CLI menu |
| sample/username_password_sample.py | Add logging message indicating the flow is deprecated |
| tests/test_e2e.py | Skip ROPC-related tests with deprecation message |
| tests/test_ccs.py | Skip ROPC test method |
| tests/test_application.py | Skip ROPC-related test methods |
| tests/test_account_source.py | Skip ROPC test method |
| tests/broker-test.py | Add unittest import and skip ROPC test function |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
msal/application.py
Outdated
| - A successful response would contain "access_token" key, | ||
| - an error response would contain "error" and usually "error_description". | ||
| """ | ||
| warnings.warn("This API has been deprecated, please use a more secure flow. See https://aka.ms/msal-ropc-migration for migration guidance", DeprecationWarning) |
There was a problem hiding this comment.
- First of all, the ROPC flow was available for both public client application (PCA) and confidential client application (CCA). The work item in PR description does not provide any detail on its scope, either. Assuming this PR means for PCA only (because the ROPC deprecation in CCA is still TBD), we must add this warning conditionally.
- [Nitpick] The line length is recommended to be less than 79 characters. You may use the multi-line string technique here.
| warnings.warn("This API has been deprecated, please use a more secure flow. See https://aka.ms/msal-ropc-migration for migration guidance", DeprecationWarning) | |
| warnings.warn("This API has been deprecated, please use a more secure flow. | |
| See https://aka.ms/msal-ropc-migration for migration guidance""", DeprecationWarning) |
- In fact, one
warnings.warn(...)in this code path is the only needed treatment in this PR. We shall revert all other changes in this PR because, until we actually remove ropc in the next major version bump, the feature needs to exist, and all the tests are therefore still useful.
There was a problem hiding this comment.
Understood! I've made these changes
msal/__main__.py
Outdated
| acquire_token_by_username_password() - See constraints here: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows#constraints-for-ropc | ||
| """ | ||
| warnings.warn("This API has been deprecated, please use a more secure flow. See https://aka.ms/msal-ropc-migration for migration guidance", DeprecationWarning) |
There was a problem hiding this comment.
Is this an untested PR? You shall test your PR manually to see ALL of your change(s) taking effect.
Given that this PR currently removes line 325, all these inline docs and the warning become dead code, and nobody would see those doc and warning in runtime. So, why do we still make this change here?
There was a problem hiding this comment.
I added back line 325 and have ran tests locally to make sure the change is taking effect
AB#3385891