|
2 | 2 | # All rights reserved. |
3 | 3 | # |
4 | 4 | # This code is licensed under the MIT License. |
| 5 | +import datetime |
5 | 6 | import json |
6 | 7 | import logging |
7 | 8 | import os |
@@ -432,6 +433,29 @@ def _obtain_token(http_client, managed_identity, resource): |
432 | 433 | return _obtain_token_on_azure_vm(http_client, managed_identity, resource) |
433 | 434 |
|
434 | 435 |
|
| 436 | +def _parse_expires_on(raw: str) -> int: |
| 437 | + try: |
| 438 | + return int(raw) # It is typically an epoch time |
| 439 | + except ValueError: |
| 440 | + pass |
| 441 | + try: |
| 442 | + # '2024-10-18T19:51:37.0000000+00:00' was observed in |
| 443 | + # https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4963 |
| 444 | + # We support format(s) YYYY-MM-DD[*HH[:MM[:SS[.fff[fff]]]][+HH:MM[:SS[.ffffff]]]] |
| 445 | + return int(datetime.datetime.fromisoformat(raw).timestamp()) |
| 446 | + except ValueError: |
| 447 | + pass |
| 448 | + for format in ( |
| 449 | + "%m/%d/%Y %H:%M:%S +00:00", # Derived from https://github.com/Azure/azure-sdk-for-python/blob/azure-identity_1.21.0/sdk/identity/azure-identity/azure/identity/_credentials/azure_ml.py#L52 |
| 450 | + "%m/%d/%Y %H:%M:%S %p +00:00", # Derived from https://github.com/Azure/azure-sdk-for-python/blob/azure-identity_1.21.0/sdk/identity/azure-identity/azure/identity/_credentials/azure_ml.py#L51 |
| 451 | + ): |
| 452 | + try: |
| 453 | + return int(time.mktime(time.strptime(raw, format))) |
| 454 | + except ValueError: |
| 455 | + pass |
| 456 | + raise ManagedIdentityError(f"Cannot parse expires_on: {raw}") |
| 457 | + |
| 458 | + |
435 | 459 | def _adjust_param(params, managed_identity, types_mapping=None): |
436 | 460 | # Modify the params dict in place |
437 | 461 | id_name = (types_mapping or ManagedIdentity._types_mapping).get( |
@@ -504,7 +528,7 @@ def _obtain_token_on_app_service( |
504 | 528 | if payload.get("access_token") and payload.get("expires_on"): |
505 | 529 | return { # Normalizing the payload into OAuth2 format |
506 | 530 | "access_token": payload["access_token"], |
507 | | - "expires_in": int(payload["expires_on"]) - int(time.time()), |
| 531 | + "expires_in": _parse_expires_on(payload["expires_on"]) - int(time.time()), |
508 | 532 | "resource": payload.get("resource"), |
509 | 533 | "token_type": payload.get("token_type", "Bearer"), |
510 | 534 | } |
@@ -538,7 +562,7 @@ def _obtain_token_on_machine_learning( |
538 | 562 | if payload.get("access_token") and payload.get("expires_on"): |
539 | 563 | return { # Normalizing the payload into OAuth2 format |
540 | 564 | "access_token": payload["access_token"], |
541 | | - "expires_in": int(payload["expires_on"]) - int(time.time()), |
| 565 | + "expires_in": _parse_expires_on(payload["expires_on"]) - int(time.time()), |
542 | 566 | "resource": payload.get("resource"), |
543 | 567 | "token_type": payload.get("token_type", "Bearer"), |
544 | 568 | } |
|
0 commit comments