Fix regression on credential client grant

rayluo · rayluo · commit 6490e1826344 · 2019-07-19T18:37:54.000-07:00
diff --git a/msal/token_cache.py b/msal/token_cache.py
@@ -121,15 +121,16 @@ def add(self, event, now=None):
         id_token_claims = (
             decode_id_token(id_token, client_id=event["client_id"])
             if id_token else {})
-        client_info = (
-            json.loads(base64decode(response["client_info"]))
-            if "client_info" in response
-            else {  # ADFS scenario
+        client_info = {}
+        if "client_info" in response:  # We asked for it, and AAD will provide it
+            client_info = json.loads(base64decode(response["client_info"]))
+        elif id_token_claims:  # This would be an end user on ADFS-direct scenario
+            client_info = {
                 "uid": id_token_claims.get("sub"),
                 "utid": realm,  # which, in ADFS scenario, would typically be "adfs"
                 }
-            )
-        home_account_id = "{uid}.{utid}".format(**client_info)
+        home_account_id = (  # It would remain None in client_credentials flow
+            "{uid}.{utid}".format(**client_info) if client_info else None)
         target = ' '.join(event.get("scope", []))  # Per schema, we don't sort it
 
         with self._lock:
