Skip to content

Added withFmi method for cca app#876

Open
4gust wants to merge 1 commit intodevfrom
4gust/with-fmi
Open

Added withFmi method for cca app#876
4gust wants to merge 1 commit intodevfrom
4gust/with-fmi

Conversation

@4gust
Copy link
Contributor

@4gust 4gust commented Feb 20, 2026

Add acquire_token_for_client_with_fmi_path() for FMI support

Adds a new method to ConfidentialClientApplication for acquiring tokens with a Federated Managed Identity (FMI) path. It wraps acquire_token_for_client(), injecting fmi_path into the request body while preserving all existing caching, telemetry, and regional endpoint behavior.

Usage

import msal

app = msal.ConfidentialClientApplication(
    "your-client-id",
    client_credential={"private_key_pfx_path": "/path/to/cert.pfx", "public_certificate": True},
    authority="https://login.microsoftonline.com/your-tenant-id",
)

result = app.acquire_token_for_client_with_fmi_path(
    scopes=["api://resource/.default"],
    fmi_path="SomeFmiPath/FmiCredentialPath",
)

E2E test

Added E2E test to msid client

@4gust 4gust requested a review from a team as a code owner February 20, 2026 11:38
bgavrilMS
bgavrilMS reviewed Feb 20, 2026
View reviewed changes
msal/application.py
- an error response would contain "error" and usually "error_description".
"""
data = kwargs.pop("data", {})
data["fmi_path"] = fmi_path
Copy link
Member

@bgavrilMS bgavrilMS Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are the tokens cached like in MSAL .NET and MSAL GO? I don't think they are.

I see a PR here that look at proper caching #759 but I am not sure it is compliant with the rest.

bgavrilMS
bgavrilMS reviewed Feb 20, 2026
View reviewed changes
msal/application.py
self.token_cache.remove_at(at)
# acquire_token_for_client() obtains no RTs, so we have no RT to remove

def acquire_token_for_client_with_fmi_path(self, scopes, fmi_path, claims_challenge=None, **kwargs):
Copy link
Member

@bgavrilMS bgavrilMS Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we have FMI path as one of the kwargs instead? Creating an entire new API seems pretty heavy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bgavrilMS bgavrilMS bgavrilMS left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@4gust @bgavrilMS

Comments