MicrosoftDocs
diff --git a/‎python/docs-ref-autogen/msal/msal.application.ClientApplication.yml‎
Lines changed: 25 additions & 20 deletions b/‎python/docs-ref-autogen/msal/msal.application.ClientApplication.yml‎
Lines changed: 25 additions & 20 deletions
diff --git a/‎python/docs-ref-autogen/msal/msal.application.ConfidentialClientApplication.yml‎
Lines changed: 25 additions & 20 deletions b/‎python/docs-ref-autogen/msal/msal.application.ConfidentialClientApplication.yml‎
Lines changed: 25 additions & 20 deletions
diff --git a/‎python/docs-ref-autogen/msal/msal.application.PublicClientApplication.yml‎
Lines changed: 61 additions & 28 deletions b/‎python/docs-ref-autogen/msal/msal.application.PublicClientApplication.yml‎
Lines changed: 61 additions & 28 deletions
@@ -66,7 +66,7 @@ constructor:
       : [], \"backrefs\": [], \"xml:space\": \"preserve\", \"language\": \"default\"\
       , \"force\": false, \"linenos\": false} -->\n\n````default\n\n   {\n       \"\
       client_assertion\": \"...a JWT with claims aud, exp, iss, jti, nbf, and sub...\"\
-      \n   }\n   ````\n\n\n\n## Supporting reading client cerficates from PFX files*Added\
+      \n   }\n   ````\n\n\n\n## Supporting reading client certificates from PFX files*Added\
       \ in version 1.29.0*:\nFeed in a dictionary containing the path to a PFX file:\n\
       \n<!-- literal_block {\"ids\": [], \"classes\": [], \"names\": [], \"dupnames\"\
       : [], \"backrefs\": [], \"xml:space\": \"preserve\", \"language\": \"default\"\
@@ -267,25 +267,30 @@ constructor:
       \ in some situations.\n\nThis `http_cache` parameter accepts any dict-like object.\n\
       If not provided, MSAL will use an in-memory dict.\n\nIf your app is a command-line\
       \ app (CLI),\nyou would want to persist your http_cache across different CLI\
-      \ runs.\nThe following recipe shows a way to do so:\n\n<!-- literal_block {\"\
-      ids\": [], \"classes\": [], \"names\": [], \"dupnames\": [], \"backrefs\": [],\
-      \ \"xml:space\": \"preserve\", \"language\": \"default\", \"force\": false,\
-      \ \"linenos\": false} -->\n\n````default\n\n   # Just add the following lines\
-      \ at the beginning of your CLI script\n   import sys, atexit, pickle\n   http_cache_filename\
-      \ = sys.argv[0] + \".http_cache\"\n   try:\n       with open(http_cache_filename,\
-      \ \"rb\") as f:\n           persisted_http_cache = pickle.load(f)  # Take a\
-      \ snapshot\n   except (\n           FileNotFoundError,  # Or IOError in Python\
-      \ 2\n           pickle.UnpicklingError,  # A corrupted http cache file\n   \
-      \        ):\n       persisted_http_cache = {}  # Recover by starting afresh\n\
-      \   atexit.register(lambda: pickle.dump(\n       # When exit, flush it back\
-      \ to the file.\n       # It may occasionally overwrite another process's concurrent\
-      \ write,\n       # but that is fine. Subsequent runs will reach eventual consistency.\n\
-      \       persisted_http_cache, open(http_cache_file, \"wb\")))\n\n   # And then\
-      \ you can implement your app as you normally would\n   app = msal.PublicClientApplication(\n\
-      \       \"your_client_id\",\n       ...,\n       http_cache=persisted_http_cache,\
-      \  # Utilize persisted_http_cache\n       ...,\n       #token_cache=...,  #\
-      \ You may combine the old token_cache trick\n           # Please refer to token_cache\
-      \ recipe at\n           # https://msal-python.readthedocs.io/en/latest/#msal.SerializableTokenCache\n\
+      \ runs.\nThe persisted file's format may change due to, but not limited to,\n\
+      [unstable protocol](https://docs.python.org/3/library/pickle.html#data-stream-format),\n\
+      so your implementation shall tolerate unexpected loading errors.\nThe following\
+      \ recipe shows a way to do so:\n\n<!-- literal_block {\"ids\": [], \"classes\"\
+      : [], \"names\": [], \"dupnames\": [], \"backrefs\": [], \"xml:space\": \"preserve\"\
+      , \"language\": \"default\", \"force\": false, \"linenos\": false} -->\n\n````default\n\
+      \n   # Just add the following lines at the beginning of your CLI script\n  \
+      \ import sys, atexit, pickle, logging\n   http_cache_filename = sys.argv[0]\
+      \ + \".http_cache\"\n   try:\n       with open(http_cache_filename, \"rb\")\
+      \ as f:\n           persisted_http_cache = pickle.load(f)  # Take a snapshot\n\
+      \   except (\n           FileNotFoundError,  # Or IOError in Python 2\n    \
+      \       pickle.UnpicklingError,  # A corrupted http cache file\n           AttributeError,\
+      \  # Cache created by a different version of MSAL\n           ):\n       persisted_http_cache\
+      \ = {}  # Recover by starting afresh\n   except:  # Unexpected exceptions\n\
+      \       logging.exception(\"You may want to debug this\")\n       persisted_http_cache\
+      \ = {}  # Recover by starting afresh\n   atexit.register(lambda: pickle.dump(\n\
+      \       # When exit, flush it back to the file.\n       # It may occasionally\
+      \ overwrite another process's concurrent write,\n       # but that is fine.\
+      \ Subsequent runs will reach eventual consistency.\n       persisted_http_cache,\
+      \ open(http_cache_file, \"wb\")))\n\n   # And then you can implement your app\
+      \ as you normally would\n   app = msal.PublicClientApplication(\n       \"your_client_id\"\
+      ,\n       ...,\n       http_cache=persisted_http_cache,  # Utilize persisted_http_cache\n\
+      \       ...,\n       #token_cache=...,  # You may combine the old token_cache\
+      \ trick\n           # Please refer to token_cache recipe at\n           # https://msal-python.readthedocs.io/en/latest/#msal.SerializableTokenCache\n\
       \       )\n   app.acquire_token_interactive([\"your\", \"scope\"], ...)\n  \
       \ ````\n\nContent inside `http_cache` are cheap to obtain.\nThere is no need\
       \ to share them among different apps.\n\nContent inside `http_cache` will contain\
 
@@ -66,7 +66,7 @@ constructor:
       : [], \"backrefs\": [], \"xml:space\": \"preserve\", \"language\": \"default\"\
       , \"force\": false, \"linenos\": false} -->\n\n````default\n\n   {\n       \"\
       client_assertion\": \"...a JWT with claims aud, exp, iss, jti, nbf, and sub...\"\
-      \n   }\n   ````\n\n\n\n## Supporting reading client cerficates from PFX files*Added\
+      \n   }\n   ````\n\n\n\n## Supporting reading client certificates from PFX files*Added\
       \ in version 1.29.0*:\nFeed in a dictionary containing the path to a PFX file:\n\
       \n<!-- literal_block {\"ids\": [], \"classes\": [], \"names\": [], \"dupnames\"\
       : [], \"backrefs\": [], \"xml:space\": \"preserve\", \"language\": \"default\"\
@@ -267,25 +267,30 @@ constructor:
       \ in some situations.\n\nThis `http_cache` parameter accepts any dict-like object.\n\
       If not provided, MSAL will use an in-memory dict.\n\nIf your app is a command-line\
       \ app (CLI),\nyou would want to persist your http_cache across different CLI\
-      \ runs.\nThe following recipe shows a way to do so:\n\n<!-- literal_block {\"\
-      ids\": [], \"classes\": [], \"names\": [], \"dupnames\": [], \"backrefs\": [],\
-      \ \"xml:space\": \"preserve\", \"language\": \"default\", \"force\": false,\
-      \ \"linenos\": false} -->\n\n````default\n\n   # Just add the following lines\
-      \ at the beginning of your CLI script\n   import sys, atexit, pickle\n   http_cache_filename\
-      \ = sys.argv[0] + \".http_cache\"\n   try:\n       with open(http_cache_filename,\
-      \ \"rb\") as f:\n           persisted_http_cache = pickle.load(f)  # Take a\
-      \ snapshot\n   except (\n           FileNotFoundError,  # Or IOError in Python\
-      \ 2\n           pickle.UnpicklingError,  # A corrupted http cache file\n   \
-      \        ):\n       persisted_http_cache = {}  # Recover by starting afresh\n\
-      \   atexit.register(lambda: pickle.dump(\n       # When exit, flush it back\
-      \ to the file.\n       # It may occasionally overwrite another process's concurrent\
-      \ write,\n       # but that is fine. Subsequent runs will reach eventual consistency.\n\
-      \       persisted_http_cache, open(http_cache_file, \"wb\")))\n\n   # And then\
-      \ you can implement your app as you normally would\n   app = msal.PublicClientApplication(\n\
-      \       \"your_client_id\",\n       ...,\n       http_cache=persisted_http_cache,\
-      \  # Utilize persisted_http_cache\n       ...,\n       #token_cache=...,  #\
-      \ You may combine the old token_cache trick\n           # Please refer to token_cache\
-      \ recipe at\n           # https://msal-python.readthedocs.io/en/latest/#msal.SerializableTokenCache\n\
+      \ runs.\nThe persisted file's format may change due to, but not limited to,\n\
+      [unstable protocol](https://docs.python.org/3/library/pickle.html#data-stream-format),\n\
+      so your implementation shall tolerate unexpected loading errors.\nThe following\
+      \ recipe shows a way to do so:\n\n<!-- literal_block {\"ids\": [], \"classes\"\
+      : [], \"names\": [], \"dupnames\": [], \"backrefs\": [], \"xml:space\": \"preserve\"\
+      , \"language\": \"default\", \"force\": false, \"linenos\": false} -->\n\n````default\n\
+      \n   # Just add the following lines at the beginning of your CLI script\n  \
+      \ import sys, atexit, pickle, logging\n   http_cache_filename = sys.argv[0]\
+      \ + \".http_cache\"\n   try:\n       with open(http_cache_filename, \"rb\")\
+      \ as f:\n           persisted_http_cache = pickle.load(f)  # Take a snapshot\n\
+      \   except (\n           FileNotFoundError,  # Or IOError in Python 2\n    \
+      \       pickle.UnpicklingError,  # A corrupted http cache file\n           AttributeError,\
+      \  # Cache created by a different version of MSAL\n           ):\n       persisted_http_cache\
+      \ = {}  # Recover by starting afresh\n   except:  # Unexpected exceptions\n\
+      \       logging.exception(\"You may want to debug this\")\n       persisted_http_cache\
+      \ = {}  # Recover by starting afresh\n   atexit.register(lambda: pickle.dump(\n\
+      \       # When exit, flush it back to the file.\n       # It may occasionally\
+      \ overwrite another process's concurrent write,\n       # but that is fine.\
+      \ Subsequent runs will reach eventual consistency.\n       persisted_http_cache,\
+      \ open(http_cache_file, \"wb\")))\n\n   # And then you can implement your app\
+      \ as you normally would\n   app = msal.PublicClientApplication(\n       \"your_client_id\"\
+      ,\n       ...,\n       http_cache=persisted_http_cache,  # Utilize persisted_http_cache\n\
+      \       ...,\n       #token_cache=...,  # You may combine the old token_cache\
+      \ trick\n           # Please refer to token_cache recipe at\n           # https://msal-python.readthedocs.io/en/latest/#msal.SerializableTokenCache\n\
       \       )\n   app.acquire_token_interactive([\"your\", \"scope\"], ...)\n  \
       \ ````\n\nContent inside `http_cache` are cheap to obtain.\nThere is no need\
       \ to share them among different apps.\n\nContent inside `http_cache` will contain\
 
@@ -4,34 +4,38 @@ name: PublicClientApplication
 fullName: msal.application.PublicClientApplication
 module: msal.application
 summary: "Same as <xref:ClientApplication.__init__>,\nexcept that `client_credential`\
-  \ parameter shall remain `None`.\n\n> [!NOTE]\n> You may set enable_broker_on_windows\
-  \ and/or enable_broker_on_mac to True.\n>\n> \n>\n> What is a broker, and why use\
-  \ it?\n>\n> \n>\n> A broker is a component installed on your device.\n>\n> Broker\
-  \ implicitly gives your device an identity. By using a broker,\n>\n> your device\
-  \ becomes a factor that can satisfy MFA (Multi-factor authentication).\n>\n> This\
-  \ factor would become mandatory\n>\n> if a tenant's admin enables a corresponding\
-  \ Conditional Access (CA) policy.\n>\n> The broker's presence allows Microsoft identity\
-  \ platform\n>\n> to have higher confidence that the tokens are being issued to your\
-  \ device,\n>\n> and that is more secure.\n>\n> \n>\n> An additional benefit of broker\
-  \ is,\n>\n> it runs as a long-lived process with your device's OS,\n>\n> and maintains\
+  \ parameter shall remain `None`.\n\n> [!NOTE]\n> What is a broker, and why use it?\n\
+  >\n> \n>\n> A broker is a component installed on your device.\n>\n> Broker implicitly\
+  \ gives your device an identity. By using a broker,\n>\n> your device becomes a\
+  \ factor that can satisfy MFA (Multi-factor authentication).\n>\n> This factor would\
+  \ become mandatory\n>\n> if a tenant's admin enables a corresponding Conditional\
+  \ Access (CA) policy.\n>\n> The broker's presence allows Microsoft identity platform\n\
+  >\n> to have higher confidence that the tokens are being issued to your device,\n\
+  >\n> and that is more secure.\n>\n> \n>\n> An additional benefit of broker is,\n\
+  >\n> it runs as a long-lived process with your device's OS,\n>\n> and maintains\
   \ its own cache,\n>\n> so that your broker-enabled apps (even a CLI)\n>\n> could\
   \ automatically SSO from a previously established signed-in session.\n>\n> \n>\n\
-  > You shall only enable broker when your app:\n>\n> \n>\n> is running on supported\
-  \ platforms,\n>\n> and already registered their corresponding redirect_uri\n>\n\
-  > \n>\n> ms-appx-web://Microsoft.AAD.BrokerPlugin/your_client_id\n>\n> if your app\
-  \ is expected to run on Windows 10+\n>\n> \n>\n> msauth.com.msauth.unsignedapp://auth\n\
-  >\n> if your app is expected to run on Mac\n>\n> \n>\n> installed broker dependency,\n\
-  >\n> e.g. pip install msal[broker]>=1.31,<2.\n>\n> \n>\n> tested with acquire_token_interactive()\
-  \ and acquire_token_silent().\n>\n> \n>\n> The fallback behaviors of MSAL Python's\
-  \ broker support\n>\n> \n>\n> MSAL will either error out, or silently fallback to\
-  \ non-broker flows.\n>\n> \n>\n> MSAL will ignore the enable_broker_... and bypass\
-  \ broker\n>\n> on those auth flows that are known to be NOT supported by broker.\n\
-  >\n> This includes ADFS, B2C, etc..\n>\n> For other \"could-use-broker\" scenarios,\
-  \ please see below.\n>\n> \n>\n> MSAL errors out when app developer opted-in to\
-  \ use broker\n>\n> but a direct dependency \"mid-tier\" package is not installed.\n\
-  >\n> Error message guides app developer to declare the correct dependency\n>\n>\
-  \ msal[broker].\n>\n> We error out here because the error is actionable to app developers.\n\
-  >\n> \n>\n> MSAL silently \"deactivates\" the broker and fallback to non-broker,\n\
+  > How to opt in to use broker?\n>\n> \n>\n> You can set any combination of the following\
+  \ opt-in parameters to true:\n>\n> \n>\n> \n>\n> \n>\n> \n>\n> \n>\n> \n>\n> \n\
+  >\n> Opt-in flag\n>\n> \n>\n> If app will run on\n>\n> \n>\n> App has registered\
+  \ this as a Desktop platform redirect URI in Azure Portal\n>\n> \n>\n> enable_broker_on_windows\n\
+  >\n> \n>\n> Windows 10+\n>\n> \n>\n> ms-appx-web://Microsoft.AAD.BrokerPlugin/your_client_id\n\
+  >\n> \n>\n> enable_broker_on_wsl\n>\n> \n>\n> WSL\n>\n> \n>\n> ms-appx-web://Microsoft.AAD.BrokerPlugin/your_client_id\n\
+  >\n> \n>\n> enable_broker_on_mac\n>\n> \n>\n> Mac with Company Portal installed\n\
+  >\n> \n>\n> msauth.com.msauth.unsignedapp://auth\n>\n> \n>\n> enable_broker_on_linux\n\
+  >\n> \n>\n> Linux with Intune installed\n>\n> \n>\n> https://login.microsoftonline.com/common/oauth2/nativeclient\
+  \ (MUST be enabled)\n>\n> \n>\n> Install broker dependency,\n>\n> e.g. pip install\
+  \ msal[broker]>=1.33,<2.\n>\n> \n>\n> Test with acquire_token_interactive() and\
+  \ acquire_token_silent().\n>\n> \n>\n> The fallback behaviors of MSAL Python's broker\
+  \ support\n>\n> \n>\n> MSAL will either error out, or silently fallback to non-broker\
+  \ flows.\n>\n> \n>\n> MSAL will ignore the enable_broker_... and bypass broker\n\
+  >\n> on those auth flows that are known to be NOT supported by broker.\n>\n> This\
+  \ includes ADFS, B2C, etc..\n>\n> For other \"could-use-broker\" scenarios, please\
+  \ see below.\n>\n> \n>\n> MSAL errors out when app developer opted-in to use broker\n\
+  >\n> but a direct dependency \"mid-tier\" package is not installed.\n>\n> Error\
+  \ message guides app developer to declare the correct dependency\n>\n> msal[broker].\n\
+  >\n> We error out here because the error is actionable to app developers.\n>\n>\
+  \ \n>\n> MSAL silently \"deactivates\" the broker and fallback to non-broker,\n\
   >\n> when opted-in, dependency installed yet failed to initialize.\n>\n> We anticipate\
   \ this would happen on a device whose OS is too old\n>\n> or the underlying broker\
   \ component is somehow unavailable.\n>\n> There is not much an app developer or\
@@ -41,7 +45,8 @@ summary: "Same as <xref:ClientApplication.__init__>,\nexcept that `client_creden
   \ failed.\n>"
 constructor:
   syntax: PublicClientApplication(client_id, client_credential=None, *, enable_broker_on_windows=None,
-    enable_broker_on_mac=None, **kwargs)
+    enable_broker_on_mac=None, enable_broker_on_linux=None, enable_broker_on_wsl=None,
+    **kwargs)
   parameters:
   - name: enable_broker_on_windows
     description: 'This setting is only effective if your app is running on Windows
@@ -64,6 +69,27 @@ constructor:
     isRequired: true
     types:
     - <xref:boolean>
+  - name: enable_broker_on_linux
+    description: 'This setting is only effective if your app is running on Linux,
+      including WSL.
+
+      This parameter defaults to None, which means MSAL will not utilize a broker.
+
+
+      New in MSAL Python 1.33.0.'
+    isRequired: true
+    types:
+    - <xref:boolean>
+  - name: enable_broker_on_wsl
+    description: 'This setting is only effective if your app is running on WSL.
+
+      This parameter defaults to None, which means MSAL will not utilize a broker.
+
+
+      New in MSAL Python 1.33.0.'
+    isRequired: true
+    types:
+    - <xref:boolean>
   - name: client_id
     isRequired: true
   - name: client_credential
@@ -73,6 +99,10 @@ constructor:
     defaultValue: None
   - name: enable_broker_on_mac
     defaultValue: None
+  - name: enable_broker_on_linux
+    defaultValue: None
+  - name: enable_broker_on_wsl
+    defaultValue: None
 methods:
 - uid: msal.application.PublicClientApplication.acquire_token_by_device_flow
   name: acquire_token_by_device_flow
@@ -268,13 +298,16 @@ methods:
   summary: 'Initiate a Device Flow instance,
 
     which will be used in <xref:msal.application.PublicClientApplication.acquire_token_by_device_flow>.'
-  signature: initiate_device_flow(scopes=None, **kwargs)
+  signature: initiate_device_flow(scopes=None, *, claims_challenge=None, **kwargs)
   parameters:
   - name: scopes
     description: Scopes requested to access a protected API (a resource).
     defaultValue: None
     types:
     - <xref:list>[<xref:str>]
+  keywordOnlyParameters:
+  - name: claims_challenge
+    defaultValue: None
   return:
     description: "A dict representing a newly created Device Flow object.\n\n* A successful\
       \ response would contain \"user_code\" key, among others \n\n* an error response\