@@ -236,17 +236,21 @@ def get_accounts(self, username=None):
236236 Your app can choose to display those information to end user,
237237 and allow user to choose one of his/her accounts to proceed.
238238 """
239- # The following implementation finds accounts only from saved accounts,
240- # but does NOT correlate them with saved RTs. It probably won't matter,
241- # because in MSAL universe, there are always Accounts and RTs together.
242- accounts = self .token_cache .find (
239+ accounts = [a for a in self .token_cache .find ( # Find all useful accounts
243240 self .token_cache .CredentialType .ACCOUNT ,
244241 query = {"environment" : self .authority .instance })
242+ if a ["authority_type" ] in (
243+ TokenCache .AuthorityType .ADFS , TokenCache .AuthorityType .MSSTS )]
245244 if username :
246245 # Federated account["username"] from AAD could contain mixed case
247246 lowercase_username = username .lower ()
248247 accounts = [a for a in accounts
249248 if a ["username" ].lower () == lowercase_username ]
249+ # Does not further filter by existing RTs here. It probably won't matter.
250+ # Because in most cases Accounts and RTs co-exist.
251+ # Even in the rare case when an RT is revoked and then removed,
252+ # acquire_token_silent() would then yield no result,
253+ # apps would fall back to other acquire methods. This is the standard pattern.
250254 return accounts
251255
252256 def acquire_token_silent (
0 commit comments