Release 1.8.0

msal/application.py

@@ -21,7 +21,7 @@
 
 
 # The __init__.py will import this. Not the other way around.
-__version__ = "1.7.0"
+__version__ = "1.8.0"
 
 logger = logging.getLogger(__name__)
 
@@ -376,7 +376,6 @@ def initiate_auth_code_flow(
     def get_authorization_request_url(
             self,
             scopes,  # type: list[str]
-            # additional_scope=None,  # type: Optional[list]
             login_hint=None,  # type: Optional[str]
             state=None,  # Recommended by OAuth2 for CSRF protection
             redirect_uri=None,
@@ -425,14 +424,6 @@ def get_authorization_request_url(
 
         :return: The authorization url as a string.
         """
-        """ # TBD: this would only be meaningful in a new acquire_token_interactive()
-        :param additional_scope: Additional scope is a concept only in AAD.
-            It refers to other resources you might want to prompt to consent
-            for in the same interaction, but for which you won't get back a
-            token for in this particular operation.
-            (Under the hood, we simply merge scope and additional_scope before
-            sending them on the wire.)
-        """
         authority = kwargs.pop("authority", None)  # Historically we support this
         if authority:
             warnings.warn(
@@ -1007,6 +998,7 @@ def acquire_token_interactive(
             claims_challenge=None,
             timeout=None,
             port=None,
+            extra_scopes_to_consent=None,
             **kwargs):
         """Acquire token interactively i.e. via a local browser.
 
@@ -1043,6 +1035,12 @@ def acquire_token_interactive(
             By default we will use a system-allocated port.
             (The rest of the redirect_uri is hard coded as ``http://localhost``.)
 
+        :param list extra_scopes_to_consent:
+            "Extra scopes to consent" is a concept only available in AAD.
+            It refers to other resources you might want to prompt to consent for,
+            in the same interaction, but for which you won't get back a
+            token for in this particular operation.
+
         :return:
             - A dict containing no "error" key,
               and typically contains an "access_token" key,
@@ -1054,6 +1052,7 @@ def acquire_token_interactive(
             self._client_capabilities, claims_challenge)
         return self.client.obtain_token_by_browser(
             scope=decorate_scope(scopes, self.client_id) if scopes else None,
+            extra_scope_to_consent=extra_scopes_to_consent,
             redirect_uri="http://localhost:{port}".format(
                 # Hardcode the host, for now. AAD portal rejects 127.0.0.1 anyway
                 port=port or 0),

msal/oauth2cli/authcode.py

@@ -5,7 +5,6 @@
 It optionally opens a browser window to guide a human user to manually login.
 After obtaining an auth code, the web server will automatically shut down.
 """
-import webbrowser
 import logging
 import socket
 from string import Template
@@ -35,6 +34,7 @@ def obtain_auth_code(listen_port, auth_uri=None):  # Historically only used in t
 
 
 def _browse(auth_uri):
+    import webbrowser  # Lazy import. Some distro may not have this.
     controller = webbrowser.get()  # Get a default controller
     # Some Linux Distro does not setup default browser properly,
     # so we try to explicitly use some popular browser, if we found any.