Adjusting IdToken key, RT target behavior, and authority_type value

rayluo · rayluo · commit a0eab4e3e9f6 · 2019-03-01T11:58:53.000-08:00
diff --git a/msal/token_cache.py b/msal/token_cache.py
@@ -115,7 +115,9 @@ def add(self, event, now=None):
                     "local_account_id": decoded_id_token.get(
                         "oid", decoded_id_token.get("sub")),
                     "username": decoded_id_token.get("preferred_username"),
-                    "authority_type": "AAD",  # Always AAD?
+                    "authority_type":
+                        "ADFS" if realm == "adfs"
+                        else "MSSTS",  # MSSTS means AAD v2 for both AAD & MSA
                     # "client_info": response.get("client_info"),  # Optional
                     }
 
@@ -126,6 +128,7 @@ def add(self, event, now=None):
                     self.CredentialType.ID_TOKEN,
                     event.get("client_id", ""),
                     realm or "",
+                    ""  # Albeit irrelevant, schema requires an empty scope here
                     ]).lower()
                 self._cache.setdefault(self.CredentialType.ID_TOKEN, {})[key] = {
                     "credential_type": self.CredentialType.ID_TOKEN,
@@ -164,7 +167,7 @@ def _build_rt_key(
             cls.CredentialType.REFRESH_TOKEN,
             client_id or "",
             "",  # RT is cross-tenant in AAD
-	    target,
+	    target or "",  # raw value could be None if deserialized from other SDK
             ]).lower()
 
     def remove_rt(self, rt_item):
diff --git a/tests/test_token_cache.py b/tests/test_token_cache.py
@@ -72,7 +72,7 @@ def testAdd(self):
                 'realm': 'contoso',
                 'local_account_id': "object1234",
                 'username': "John Doe",
-                'authority_type': "AAD",
+                'authority_type': "MSSTS",
             },
             self.cache._cache["Account"].get('uid.utid-login.example.com-contoso')
             )
@@ -86,7 +86,7 @@ def testAdd(self):
                 'client_id': 'my_client_id',
             },
             self.cache._cache["IdToken"].get(
-                'uid.utid-login.example.com-idtoken-my_client_id-contoso')
+                'uid.utid-login.example.com-idtoken-my_client_id-contoso-')
             )
 
 
