fixup! Wire up verify and proxies for Authority

Author: rayluo

msal/application.py

@@ -97,7 +97,7 @@ def __init__(
         self.timeout = timeout
         self.authority = Authority(
                 authority or "https://login.microsoftonline.com/common/",
-                validate_authority, verify=self.verify, proxies=self.proxies)
+                validate_authority, verify=verify, proxies=proxies, timeout=timeout)
             # Here the self.authority is not the same type as authority in input
         self.token_cache = token_cache or TokenCache()
         self.client = self._build_client(client_credential, self.authority)
@@ -167,7 +167,8 @@ def get_authorization_request_url(
             sending them on the wire.)
         """
         the_authority = Authority(
-            authority, verify=self.verify, proxies=self.proxies,
+            authority,
+            verify=self.verify, proxies=self.proxies, timeout=self.timeout,
             ) if authority else self.authority
         client = Client(
             {"authorization_endpoint": the_authority.authorization_endpoint},
@@ -275,7 +276,8 @@ def acquire_token_silent(
         """
         assert isinstance(scopes, list), "Invalid parameter type"
         the_authority = Authority(
-            authority, verify=self.verify, proxies=self.proxies,
+            authority,
+            verify=self.verify, proxies=self.proxies, timeout=self.timeout,
             ) if authority else self.authority
 
         if not force_refresh:
@@ -393,7 +395,7 @@ def _acquire_token_by_username_password_federated(
         if user_realm_result.get("federation_metadata_url"):
             wstrust_endpoint = mex_send_request(
                 user_realm_result["federation_metadata_url"],
-                verify=self.verify, proxies=self.proxies)
+                verify=verify, proxies=proxies)
         logger.debug("wstrust_endpoint = %s", wstrust_endpoint)
         wstrust_result = wst_send_request(
             username, password, user_realm_result.get("cloud_audience_urn"),

msal/authority.py

@@ -22,7 +22,7 @@ class Authority(object):
     TODO: It will also cache the previously-validated authority instances.
     """
     def __init__(self, authority_url, validate_authority=True,
-            verify=True, proxies=None,
+            verify=True, proxies=None, timeout=None,
             ):
         """Creates an authority instance, and also validates it.
 
@@ -34,16 +34,18 @@ def __init__(self, authority_url, validate_authority=True,
         """
         self.verify = verify
         self.proxies = proxies
+        self.timeout = timeout
         canonicalized, self.instance, tenant = canonicalize(authority_url)
         tenant_discovery_endpoint = (  # Hard code a V2 pattern as default value
             'https://{}/{}/v2.0/.well-known/openid-configuration'
             .format(WORLD_WIDE, tenant))
         if validate_authority and self.instance not in WELL_KNOWN_AUTHORITY_HOSTS:
             tenant_discovery_endpoint = instance_discovery(
                 canonicalized + "/oauth2/v2.0/authorize",
-                verify=verify, proxies=proxies)
+                verify=verify, proxies=proxies, timeout=timeout)
         openid_config = tenant_discovery(
-            tenant_discovery_endpoint, verify=verify, proxies=proxies)
+            tenant_discovery_endpoint,
+            verify=verify, proxies=proxies, timeout=timeout)
         self.authorization_endpoint = openid_config['authorization_endpoint']
         self.token_endpoint = openid_config['token_endpoint']
         _, _, self.tenant = canonicalize(self.token_endpoint)  # Usually a GUID
@@ -54,7 +56,7 @@ def user_realm_discovery(self, username):
             "https://{netloc}/common/userrealm/{username}?api-version=1.0".format(
                 netloc=self.instance, username=username),
             headers={'Accept':'application/json'},
-            verify=self.verify, proxies=self.proxies)
+            verify=self.verify, proxies=self.proxies, timeout=self.timeout)
         resp.raise_for_status()
         return resp.json()
         # It will typically contain "ver", "account_type",
@@ -71,20 +73,20 @@ def canonicalize(url):
             "https://login.microsoftonline.com/<tenant_name>" % url)
     return match_object.group(0), match_object.group(1), match_object.group(2)
 
-def instance_discovery(url, response=None, verify=True, proxies=None):
+def instance_discovery(url, response=None, **kwargs):
     # Returns tenant discovery endpoint
     resp = requests.get(  # Note: This URL seemingly returns V1 endpoint only
         'https://{}/common/discovery/instance'.format(WORLD_WIDE),
         params={'authorization_endpoint': url, 'api-version': '1.0'},
-        verify=verify, proxies=proxies)
+        **kwargs)
     payload = response or resp.json()
     if 'tenant_discovery_endpoint' not in payload:
         raise MsalServiceError(status_code=resp.status_code, **payload)
     return payload['tenant_discovery_endpoint']
 
-def tenant_discovery(tenant_discovery_endpoint, verify=True, proxies=None):
+def tenant_discovery(tenant_discovery_endpoint, **kwargs):
     # Returns Openid Configuration
-    resp = requests.get(tenant_discovery_endpoint, verify=verify, proxies=proxies)
+    resp = requests.get(tenant_discovery_endpoint, **kwargs)
     payload = resp.json()
     if 'authorization_endpoint' in payload and 'token_endpoint' in payload:
         return payload