Use case-sensitive scope, reference SerializableTokenCache, and log behaviors for debugging

Author: rayluo

sample/client_credential_sample.py

@@ -30,7 +30,8 @@
     config["client_id"], authority=config["authority"],
     client_credential=config["secret"],
     # token_cache=...  # Default cache is in memory only.
-                       # See SerializableTokenCache for more details.
+                       # You can learn how to use SerializableTokenCache from
+                       # https://msal-python.rtfd.io/en/latest/#msal.SerializableTokenCache
     )
 
 # The pattern to acquire a token looks like this.
@@ -42,7 +43,7 @@
 result = app.acquire_token_silent(config["scope"], account=None)
 
 if not result:
-    # So no suitable token exists in cache. Let's get a new one from AAD.
+    logging.info("No suitable token exists in cache. Let's get a new one from AAD.")
     result = app.acquire_token_for_client(scopes=config["scope"])
 
 if "access_token" in result:

sample/device_flow_sample.py

@@ -4,7 +4,7 @@
 {
     "authority": "https://login.microsoftonline.com/organizations",
     "client_id": "your_client_id",
-    "scope": ["user.read"]
+    "scope": ["User.Read"]
 }
 
 You can then run this sample with a JSON configuration file:
@@ -28,7 +28,8 @@
 app = msal.PublicClientApplication(
     config["client_id"], authority=config["authority"],
     # token_cache=...  # Default cache is in memory only.
-                       # See SerializableTokenCache for more details.
+                       # You can learn how to use SerializableTokenCache from
+                       # https://msal-python.rtfd.io/en/latest/#msal.SerializableTokenCache
     )
 
 # The pattern to acquire a token looks like this.
@@ -39,7 +40,7 @@
 # We now check the cache to see if we have some end users signed in before.
 accounts = app.get_accounts()
 if accounts:
-    # If so, you could then somehow display these accounts and let end user choose
+    logging.info("Account(s) exists in cache, probably with token too. Let's try.")
     print("Pick the account you want to use to proceed:")
     for a in accounts:
         print(a["username"])
@@ -49,7 +50,7 @@
     result = app.acquire_token_silent(config["scope"], account=chosen)
 
 if not result:
-    # So no suitable token exists in cache. Let's get a new one from AAD.
+    logging.info("No suitable token exists in cache. Let's get a new one from AAD.")
     flow = app.initiate_device_flow(scopes=config["scope"])
     print(flow["message"])
     # Ideally you should wait here, in order to save some unnecessary polling

sample/username_password_sample.py

@@ -5,7 +5,7 @@
     "authority": "https://login.microsoftonline.com/organizations",
     "client_id": "your_client_id",
     "username": "your_username@your_tenant.com",
-    "scope": ["user.read"],
+    "scope": ["User.Read"],
     "password": "This is a sample only. You better NOT persist your password."
 }
 
@@ -30,7 +30,8 @@
 app = msal.PublicClientApplication(
     config["client_id"], authority=config["authority"],
     # token_cache=...  # Default cache is in memory only.
-                       # See SerializableTokenCache for more details.
+                       # You can learn how to use SerializableTokenCache from
+                       # https://msal-python.rtfd.io/en/latest/#msal.SerializableTokenCache
     )
 
 # The pattern to acquire a token looks like this.
@@ -39,11 +40,11 @@
 # Firstly, check the cache to see if this end user has signed in before
 accounts = app.get_accounts(username=config["username"])
 if accounts:
-    # It means the account(s) exists in cache, probably with token too. Let's try.
+    logging.info("Account(s) exists in cache, probably with token too. Let's try.")
     result = app.acquire_token_silent(config["scope"], account=accounts[0])
 
 if not result:
-    # So no suitable token exists in cache. Let's get a new one from AAD.
+    logging.info("No suitable token exists in cache. Let's get a new one from AAD.")
     result = app.acquire_token_by_username_password(
         config["username"], config["password"], scopes=config["scope"])