get_accounts(username='CaseInsensitiveUserName')

Author: rayluo

msal/application.py

@@ -184,18 +184,29 @@ def acquire_token_by_authorization_code(
                 data={"scope": decorate_scope(scopes, self.client_id)},
             )
 
-    def get_accounts(self):
-        """Returns a list of account objects that can later be used to find token.
+    def get_accounts(self, username=None):
+        """Get a list of accounts which previously signed in, i.e. exists in cache.
 
-        Each account object is a dict containing a "username" field (among others)
-        which can use to determine which account to use.
+        An account can later be used in acquire_token_silent() to find its tokens.
+        Each account is a dict. For now, we only document its "username" field.
+        Your app can choose to display those information to end user,
+        and allow them to choose one of them to proceed.
+
+        :param username:
+            Filter accounts with this username only. Case insensitive.
         """
         # The following implementation finds accounts only from saved accounts,
         # but does NOT correlate them with saved RTs. It probably won't matter,
         # because in MSAL universe, there are always Accounts and RTs together.
-        return self.token_cache.find(
-                self.token_cache.CredentialType.ACCOUNT,
-                query={"environment": self.authority.instance})
+        accounts = self.token_cache.find(
+            self.token_cache.CredentialType.ACCOUNT,
+            query={"environment": self.authority.instance})
+        if username:
+            # Federated account["username"] from AAD could contain mixed case
+            lowercase_username = username.lower()
+            accounts = [a for a in accounts
+                if a["username"].lower() == lowercase_username]
+        return accounts
 
     def acquire_token_silent(
             self, scopes,

tests/test_application.py

@@ -37,20 +37,21 @@ def assertLoosely(self, response, assertion=None,
 
     def assertCacheWorks(self, result_from_wire):
         result = result_from_wire
-        # Going to test acquire_token_silent(...) to locate an AT from cache
-        # In practice, you may want to filter based on its "username" field
-        accounts = self.app.get_accounts()
+        # You can filter by predefined username, or let end user to choose one
+        accounts = self.app.get_accounts(username=CONFIG.get("username"))
         self.assertNotEqual(0, len(accounts))
+        account = accounts[0]
+        # Going to test acquire_token_silent(...) to locate an AT from cache
         result_from_cache = self.app.acquire_token_silent(
-                CONFIG["scope"], account=accounts[0])
+                CONFIG["scope"], account=account)
         self.assertIsNotNone(result_from_cache)
         self.assertEqual(result['access_token'], result_from_cache['access_token'],
                 "We should get a cached AT")
 
         # Going to test acquire_token_silent(...) to obtain an AT by a RT from cache
         self.app.token_cache._cache["AccessToken"] = {}  # A hacky way to clear ATs
         result_from_cache = self.app.acquire_token_silent(
-                CONFIG["scope"], account=accounts[0])
+                CONFIG["scope"], account=account)
         self.assertIsNotNone(result_from_cache,
                 "We should get a result from acquire_token_silent(...) call")
         self.assertNotEqual(result['access_token'], result_from_cache['access_token'],