Enable broker support on Linux for WSL

[DharshanBJ]

No description provided.

[DharshanBJ]

/azp run MSAL-Python-SDL-CI

[fengga]

Thanks, this PR looks good to me. And please make sure get an approval from Ray.

[rayluo]

Thanks for a clean PR! Implementation wise, it looks good. I added some suggestions above, mostly in terms of our workflow. Please make corresponding changes and then wait for the PyMsalRuntime release.

[rayluo]

We will also need to change the precise dependency version error message here and a approximate version hint there

[DharshanBJ]

We will also need to change the precise dependency version error message here and a approximate version hint there

updated

[thomasaarholt]

@DharshanBJ, I would love to see this wrapped up.

I arrived here after trying to debug errors with using msal on WSL. This PR worked "as-advertised" and made my life a whole lot easier.

Before your PR, the following snippet kept returning a browser window with The redirect URI 'http://localhost:<some port number>' specified in the request does not match the redirect URIs configured for the application.

Testing with enable_broker_on_linux=True "just worked". 🚀

    app = PublicClientApplication(
        <client_id>,
        authority=<authority>,
        enable_broker_on_linux=True,
    )
    app.acquire_token_interactive(...)

[thomasaarholt]

This work enables Data Scientists at Microsoft to develop and debug their pipelines better. Some of our models are deployed on linux environments. We believe that it is crucial to develop and test our work on the same environment that we deploy on, which is why I highly approve of this PR 😊

@rayluo any chance you could take a look at the state of this PR when you have the time?

[thomasaarholt]

I have one oddity. When using the broker on Linux, I get the following text printed "{{\"ping\",\"success\"}}}"

This does not happen on Windows:

[DharshanBJ]

I have one oddity. When using the broker on Linux, I get the following text printed "{{\"ping\",\"success\"}}}"

This does not happen on Windows:

The "{{"ping","success"}}}" message is expected on WSL, it's from initializing the msal.wsl.proxy execuatble which is needed to talk to the windows broker on WSL.
On pure windows, msal.wsl.proxy is not needed and hence we dont see "{{"ping","success"}}}"

[rayluo]

I have one oddity. When using the broker on Linux, I get the following text printed "{{\"ping\",\"success\"}}}"

The "{{"ping","success"}}}" message is expected on WSL, it's from initializing the msal.wsl.proxy execuatble which is needed to talk to the windows broker on WSL. On pure windows, msal.wsl.proxy is not needed and hence we dont see "{{"ping","success"}}}"

@DharshanBJ , that feels like some sort of debug log. Could it be turned off or removed from that "msal.wsl.proxy"?

CC: @jiasli

[rayluo]

it is crucial to develop and test our work on the same environment that we deploy on, which is why I highly approve of this PR 😊

@thomasaarholt , we agree with that part. Is your work going to be deployed on WSL or on standalone Linux (which may or may not have Intune installed)?

Keep in mind that this PR is mainly targeting WSL. On standalone Linux, unless Intune is installed, MSAL Python will still fall back to browser-based UI. If your work after deployment will mainly run on standalone Linux without Intune, you might want to still focus testing the browser-based experience, for the same reason that you mentioned above.

FWIW, the default browser-based experience unfortunately deteriorates on WSL but technically still functions. In a freshly installed WSL ubuntu, it would end up with a message like this on the console "gio: http://localhost:1234/...: Operation not supported", but the app developer on WSL can still click on that url to bring up a browser page and completes the sign-in there. (Those are known issues here and there.) If your end user is mainly on standalone Linux, the browser will typically automatically pop up without issue.

[thomasaarholt]

Hi again!

Is your work going to be deployed on WSL or on standalone Linux (which may or may not have Intune installed)?

Deployment happens on standalone linux, but we don't use the broker path for authentication there, so I'm not worried here. We're using this only to improve the dev-experience.

[DharshanBJ]

I have one oddity. When using the broker on Linux, I get the following text printed "{{\"ping\",\"success\"}}}"

The "{{"ping","success"}}}" message is expected on WSL, it's from initializing the msal.wsl.proxy execuatble which is needed to talk to the windows broker on WSL. On pure windows, msal.wsl.proxy is not needed and hence we dont see "{{"ping","success"}}}"

@DharshanBJ , that feels like some sort of debug log. Could it be turned off or removed from that "msal.wsl.proxy"?

CC: @jiasli

Yes, this can be done, we'll remove this as part of the next msal.wsl.proxy release

[rayluo]

question
Hi @DharshanBJ , I realize that the in the current implementation, the enable_broker_on_wsl below is for WSL-only, which matches its name well. But the enable_broker_on_linux logic here actually covers all linux including WSL, meaning, an enable_broker_on_linux=True on WSL will also enable broker. Is that what we want?

In other words, does enable_broker_on_linux meant to imply "all linux including WSL", or do we meant to have an enable_broker_on_non_wsl_linux?

(After we clarify this in this conversation, we shall fine tune the parameter name or doc accordingly.)

CC: @iulico-1 , @jiasli

[DharshanBJ]

Hi @rayluo, yes, enable_broker_on_linux will enable broker on wsl and baremetal linux (all linux) and enable_broker_on_wsl enables broker only on wsl.

enable_broker_on_linux is meant to imply "all linux including WSL

[rayluo]

suggestion
Adding this clarification based on this conversation.

Suggested change

	This setting is only effective if your app is running on Linux.
	This setting is only effective if your app is running on Linux, including WSL.