Use unsigned redirect uri for mac broker flows

fengga · fengga · commit a40a5a22ad34 · 2026-04-15T17:08:15.000-07:00
diff --git a/msal/broker.py b/msal/broker.py
@@ -52,6 +52,8 @@ class TokenTypeError(ValueError):
     # so they have to use a generic placeholder anyway.
     # The v-team chose to combine two situations into using same placeholder.
 
+_redirect_uri_on_linux = "https://login.microsoftonline.com/common/oauth2/nativeclient"
+
 
 def _convert_error(error, client_id):
     context = error.get_context()  # Available since pymsalruntime 0.0.4
@@ -145,20 +147,19 @@ def _build_msal_runtime_auth_params(client_id, authority):
     params.set_additional_parameter("msal_client_ver", __version__)
     return params
 
-def _set_redirect_uri_for_linux(params):
+def _set_redirect_uri(params):
     if sys.platform == "linux":
-        # This is required by Linux Java Broker to set a non-empty valid redirect_uri
-        params.set_redirect_uri(
-            "https://login.microsoftonline.com/common/oauth2/nativeclient"
-        )
+        params.set_redirect_uri(_redirect_uri_on_linux)
+    elif sys.platform == "darwin":
+        params.set_redirect_uri(_redirect_uri_on_mac)
 
 def _signin_silently(
         authority, client_id, scopes, correlation_id=None, claims=None,
         enable_msa_pt=False,
         auth_scheme=None,
         **kwargs):
     params = _build_msal_runtime_auth_params(client_id, authority)
-    _set_redirect_uri_for_linux(params)
+    _set_redirect_uri(params)
     params.set_requested_scopes(scopes)
     if claims:
         params.set_decoded_claims(claims)
@@ -248,7 +249,7 @@ def _acquire_token_silently(
     if account is None:
         return
     params = _build_msal_runtime_auth_params(client_id, authority)
-    _set_redirect_uri_for_linux(params)
+    _set_redirect_uri(params)
     params.set_requested_scopes(scopes)
     if claims:
         params.set_decoded_claims(claims)
