Feature request: Support MSA passthrough for Web Account Manager scenarios

[billwert]

azure-identity has a feature request to support MSA passthrough for WAM scenarios. In MSAL C#, for example, there is an option for this. (Though the comment suggests it is of experimental nature.) We need parity from MSAL so we can offer feature parity at the Identity level.

[bgavrilMS]

Hi @billwert - all MSAL libraries should support MSA-PT by using the ExtraQueryParameters option - the extra parameters are sent to WAM directly.

C# has a convenience API for this, but the consistent way to enable this feature is by doing:

extraQueryParams["msal_request_type"] = "consumer_passthrough"

As always, keep the authority to "login.microsoftonline.com/organzations" and check both interactive and silent flows.

• @rayluo - please confirm MSAL PY supports passing extra query params
• Java - added recently via https://github.com/AzureAD/microsoft-authentication-library-for-java/commit/88949fca12a0186018c3bdc1bb2ff25ab75e6261. @Avery-Dunn to confirm if extra query params are injected into WAM.
• JS - @tnorling to confirm if extra query params are injected into WAM

[rayluo]

MSAL Python supports this scenario by accepting an enable_msa_passthrough boolean parameter. See the usage pattern in our test app.

[Avery-Dunn]

As of MSAL Java 1.13.6 we support ExtraQueryParameters, but don't have an dedicated parameter for MSA passthrough like .NET and Python seem to have.

As of MSAL Java 1.14.1-beta and MSAL Java Brokers 1.0.2-beta we have support for sending ExtraQueryParameters to WAM via MSALRuntime, but again no dedicated API for just MSA-PT.

[bgavrilMS]

@rayluo - I added https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/576 to track support for Extra Query Params