From 92ae206d83655473f9deb6ada0ec0734ba9c4ff9 Mon Sep 17 00:00:00 2001 From: Naga Nandyala Date: Wed, 11 Feb 2026 11:10:30 +1100 Subject: [PATCH 1/6] enable_broker_on_mac flag change --- src/azure-cli-core/azure/cli/core/_profile.py | 5 ++++- src/azure-cli-core/azure/cli/core/auth/identity.py | 6 ++++-- src/azure-cli-core/azure/cli/core/telemetry.py | 7 +++++-- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/azure-cli-core/azure/cli/core/_profile.py b/src/azure-cli-core/azure/cli/core/_profile.py index c1950d26c0e..bb771dbe642 100644 --- a/src/azure-cli-core/azure/cli/core/_profile.py +++ b/src/azure-cli-core/azure/cli/core/_profile.py @@ -908,8 +908,10 @@ def _create_identity_instance(cli_ctx, authority, tenant_id=None, client_id=None # On Windows, use core.enable_broker_on_windows=false to disable broker (WAM) for authentication. enable_broker_on_windows = cli_ctx.config.getboolean('core', 'enable_broker_on_windows', fallback=True) + # On macOS, use core.enable_broker_on_mac=true to enable broker for authentication. + enable_broker_on_mac = cli_ctx.config.getboolean('core', 'enable_broker_on_mac', fallback=False) from .telemetry import set_broker_info - set_broker_info(enable_broker_on_windows) + set_broker_info(enable_broker_on_windows, enable_broker_on_mac) # PREVIEW: In Azure Stack environment, use core.instance_discovery=false to disable MSAL's instance discovery. instance_discovery = cli_ctx.config.getboolean('core', 'instance_discovery', True) @@ -918,4 +920,5 @@ def _create_identity_instance(cli_ctx, authority, tenant_id=None, client_id=None encrypt=encrypt, use_msal_http_cache=use_msal_http_cache, enable_broker_on_windows=enable_broker_on_windows, + enable_broker_on_mac=enable_broker_on_mac, instance_discovery=instance_discovery) diff --git a/src/azure-cli-core/azure/cli/core/auth/identity.py b/src/azure-cli-core/azure/cli/core/auth/identity.py index 91629e89441..229731fd0d3 100644 --- a/src/azure-cli-core/azure/cli/core/auth/identity.py +++ b/src/azure-cli-core/azure/cli/core/auth/identity.py @@ -58,7 +58,7 @@ class Identity: # pylint: disable=too-many-instance-attributes _service_principal_store_instance = None def __init__(self, authority, tenant_id=None, client_id=None, encrypt=False, use_msal_http_cache=True, - enable_broker_on_windows=None, instance_discovery=None): + enable_broker_on_windows=None, enable_broker_on_mac=None, instance_discovery=None): """ :param authority: Authentication authority endpoint. For example, - AAD: https://login.microsoftonline.com @@ -74,6 +74,7 @@ def __init__(self, authority, tenant_id=None, client_id=None, encrypt=False, use self._encrypt = encrypt self._use_msal_http_cache = use_msal_http_cache self._enable_broker_on_windows = enable_broker_on_windows + self._enable_broker_on_mac = enable_broker_on_mac self._instance_discovery = instance_discovery # Build the authority in MSAL style @@ -111,9 +112,10 @@ def _msal_app_kwargs(self): @property def _msal_public_app_kwargs(self): """kwargs for creating PublicClientApplication.""" - # enable_broker_on_windows can only be used on PublicClientApplication. + # enable_broker_on_windows and enable_broker_on_mac can only be used on PublicClientApplication. return {**self._msal_app_kwargs, "enable_broker_on_windows": self._enable_broker_on_windows, + "enable_broker_on_mac": self._enable_broker_on_mac, "enable_pii_log": True} @property diff --git a/src/azure-cli-core/azure/cli/core/telemetry.py b/src/azure-cli-core/azure/cli/core/telemetry.py index 714bd751263..2bddd70cd86 100644 --- a/src/azure-cli-core/azure/cli/core/telemetry.py +++ b/src/azure-cli-core/azure/cli/core/telemetry.py @@ -78,6 +78,7 @@ def __init__(self, correlation_id=None, application=None): self.user_agent = None # authentication-related self.enable_broker_on_windows = None + self.enable_broker_on_mac = None self.msal_telemetry = None self.login_experience_v2 = None @@ -237,6 +238,7 @@ def _get_azure_cli_properties(self): set_custom_properties(result, 'SecretNames', ','.join(self.secret_names or [])) # authentication-related set_custom_properties(result, 'EnableBrokerOnWindows', str(self.enable_broker_on_windows)) + set_custom_properties(result, 'EnableBrokerOnMac', str(self.enable_broker_on_mac)) set_custom_properties(result, 'MsalTelemetry', self.msal_telemetry) set_custom_properties(result, 'LoginExperienceV2', str(self.login_experience_v2)) @@ -484,9 +486,10 @@ def set_region_identified(region_input, region_identified): # region authentication-related @decorators.suppress_all_exceptions() -def set_broker_info(enable_broker_on_windows): - # Log the value of `enable_broker_on_windows` +def set_broker_info(enable_broker_on_windows, enable_broker_on_mac=None): + # Log the value of `enable_broker_on_windows` and `enable_broker_on_mac` _session.enable_broker_on_windows = enable_broker_on_windows + _session.enable_broker_on_mac = enable_broker_on_mac @decorators.suppress_all_exceptions() From 17f27e7b544b39504f138b2b0bf6a759c1c6f27e Mon Sep 17 00:00:00 2001 From: Naga Nandyala Date: Wed, 11 Feb 2026 15:12:52 +1100 Subject: [PATCH 2/6] enable_broker_on_mac flag change --- src/azure-cli-core/setup.py | 4 ++-- src/azure-cli/requirements.py3.Darwin.txt | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/azure-cli-core/setup.py b/src/azure-cli-core/setup.py index 18bb7f3697f..0082874c9e2 100644 --- a/src/azure-cli-core/setup.py +++ b/src/azure-cli-core/setup.py @@ -55,8 +55,8 @@ 'knack~=0.11.0', 'microsoft-security-utilities-secret-masker~=1.0.0b4', 'msal-extensions==1.2.0', - 'msal[broker]==1.35.0b1; sys_platform == "win32"', - 'msal==1.35.0b1; sys_platform != "win32"', + 'msal[broker]==1.35.0b1; sys_platform == "win32" or sys_platform == "darwin"', + 'msal==1.35.0b1; sys_platform != "win32" and sys_platform != "darwin"', 'packaging>=20.9', 'pkginfo>=1.5.0.1', # psutil can't install on cygwin: https://github.com/Azure/azure-cli/issues/9399 diff --git a/src/azure-cli/requirements.py3.Darwin.txt b/src/azure-cli/requirements.py3.Darwin.txt index 5c0062e3d97..b61dd9d0741 100644 --- a/src/azure-cli/requirements.py3.Darwin.txt +++ b/src/azure-cli/requirements.py3.Darwin.txt @@ -109,7 +109,7 @@ jmespath==0.9.5 jsondiff==2.0.0 knack==0.11.0 msal-extensions==1.2.0 -msal==1.35.0b1 +msal[broker]==1.35.0b1 msrest==0.7.1 oauthlib==3.2.2 packaging==25.0 From 5210f77fa4d3c4868e350f061dbed6f12bec98f6 Mon Sep 17 00:00:00 2001 From: Naga Nandyala Date: Wed, 11 Feb 2026 15:42:58 +1100 Subject: [PATCH 3/6] enable_broker_on_mac flag change --- src/azure-cli-core/azure/cli/core/_profile.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/azure-cli-core/azure/cli/core/_profile.py b/src/azure-cli-core/azure/cli/core/_profile.py index bb771dbe642..325046135a4 100644 --- a/src/azure-cli-core/azure/cli/core/_profile.py +++ b/src/azure-cli-core/azure/cli/core/_profile.py @@ -908,8 +908,8 @@ def _create_identity_instance(cli_ctx, authority, tenant_id=None, client_id=None # On Windows, use core.enable_broker_on_windows=false to disable broker (WAM) for authentication. enable_broker_on_windows = cli_ctx.config.getboolean('core', 'enable_broker_on_windows', fallback=True) - # On macOS, use core.enable_broker_on_mac=true to enable broker for authentication. - enable_broker_on_mac = cli_ctx.config.getboolean('core', 'enable_broker_on_mac', fallback=False) + # On macOS, use core.enable_broker_on_mac=false to disable broker for authentication. + enable_broker_on_mac = cli_ctx.config.getboolean('core', 'enable_broker_on_mac', fallback=True) from .telemetry import set_broker_info set_broker_info(enable_broker_on_windows, enable_broker_on_mac) From 2d6b72a83e9d0f106b899816f42d842a75694ca6 Mon Sep 17 00:00:00 2001 From: Naga Nandyala Date: Thu, 19 Feb 2026 14:24:36 +1100 Subject: [PATCH 4/6] Add requirements.py3.MacOS.txt based on Darwin requirements --- src/azure-cli/requirements.py3.MacOS.txt | 138 +++++++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 src/azure-cli/requirements.py3.MacOS.txt diff --git a/src/azure-cli/requirements.py3.MacOS.txt b/src/azure-cli/requirements.py3.MacOS.txt new file mode 100644 index 00000000000..b61dd9d0741 --- /dev/null +++ b/src/azure-cli/requirements.py3.MacOS.txt @@ -0,0 +1,138 @@ +antlr4-python3-runtime==4.13.1 +applicationinsights==0.11.9 +argcomplete==3.5.2 +asn1crypto==0.24.0 +azure-appconfiguration==1.7.2 +azure-batch==15.0.0b1 +azure-cli-core==2.83.0 +azure-cli-telemetry==1.1.0 +azure-cli==2.83.0 +azure-common==1.1.22 +azure-core==1.38.0 +azure-cosmos==3.2.0 +azure-data-tables==12.4.0 +azure-datalake-store==1.0.1 +azure-keyvault-administration==4.4.0 +azure-keyvault-certificates==4.7.0 +azure-keyvault-keys==4.11.0 +azure-keyvault-secrets==4.7.0 +azure-keyvault-securitydomain==1.0.0b1 +azure-mgmt-advisor==9.0.0 +azure-mgmt-apimanagement==4.0.0 +azure-mgmt-appconfiguration==5.0.0 +azure-mgmt-appcontainers==2.0.0 +azure-mgmt-applicationinsights==1.0.0 +azure-mgmt-authorization==5.0.0b1 +azure-mgmt-batch==17.3.0 +azure-mgmt-batchai==7.0.0b1 +azure-mgmt-billing==6.0.0 +azure-mgmt-botservice==2.0.0b3 +azure-mgmt-cdn==12.0.0 +azure-mgmt-cognitiveservices==14.1.0 +azure-mgmt-compute==34.1.0 +azure-mgmt-containerinstance==10.2.0b1 +azure-mgmt-containerregistry==14.1.0b1 +azure-mgmt-containerservice==40.2.0 +azure-mgmt-core==1.6.0 +azure-mgmt-cosmosdb==9.9.0 +azure-mgmt-datalake-nspkg==3.0.1 +azure-mgmt-datalake-store==1.1.0b1 +azure-mgmt-datamigration==10.0.0 +azure-mgmt-eventgrid==10.2.0b2 +azure-mgmt-eventhub==12.0.0b1 +azure-mgmt-extendedlocation==1.0.0b2 +azure-mgmt-hdinsight==9.1.0b2 +azure-mgmt-imagebuilder==1.3.0 +azure-mgmt-iotcentral==10.0.0b1 +azure-mgmt-iothub==5.0.0b1 +azure-mgmt-iothubprovisioningservices==1.1.0 +azure-mgmt-keyvault==13.0.0 +azure-mgmt-loganalytics==13.0.0b4 +azure-mgmt-managementgroups==1.0.0 +azure-mgmt-maps==2.0.0 +azure-mgmt-marketplaceordering==1.1.0 +azure-mgmt-media==9.0.0 +azure-mgmt-monitor==7.0.0b1 +azure-mgmt-msi==7.1.0 +azure-mgmt-netapp==10.1.0 +azure-mgmt-policyinsights==1.1.0b4 +azure-mgmt-postgresqlflexibleservers==2.0.0 +azure-mgmt-privatedns==1.0.0 +azure-mgmt-rdbms==10.2.0b17 +azure-mgmt-mysqlflexibleservers==1.1.0b2 +azure-mgmt-recoveryservices==4.0.0 +azure-mgmt-recoveryservicesbackup==9.2.0 +azure-mgmt-redhatopenshift==1.5.0 +azure-mgmt-redis==14.5.0 +azure-mgmt-resource==23.3.0 +azure-mgmt-resource-deployments==1.0.0b1 +azure-mgmt-resource-deploymentscripts==1.0.0b1 +azure-mgmt-resource-deploymentstacks==1.0.0b1 +azure-mgmt-resource-templatespecs==1.0.0b1 +azure-mgmt-search==9.0.0 +azure-mgmt-security==6.0.0 +azure-mgmt-servicebus==10.0.0b1 +azure-mgmt-servicefabric==2.1.0 +azure-mgmt-servicefabricmanagedclusters==2.1.0b1 +azure-mgmt-servicelinker==1.2.0b3 +azure-mgmt-sql==4.0.0b22 +azure-mgmt-signalr==2.0.0b2 +azure-mgmt-sqlvirtualmachine==1.0.0b5 +azure-mgmt-storage==24.0.0 +azure-mgmt-synapse==2.1.0b5 +azure-mgmt-trafficmanager==1.0.0 +azure-mgmt-web==9.0.0 +azure-monitor-query==1.2.0 +azure-nspkg==3.0.2 +azure-storage-common==1.4.2 +azure-storage-blob==12.28.0b1 +azure-storage-file-datalake==12.23.0b1 +azure-storage-file-share==12.24.0b1 +azure-storage-queue==12.15.0b1 +azure-synapse-accesscontrol==0.5.0 +azure-synapse-artifacts==0.21.0 +azure-synapse-managedprivateendpoints==0.4.0 +azure-synapse-spark==0.7.0 +bcrypt==3.2.0 +certifi==2024.7.4 +cffi==2.0.0 +chardet==5.2.0 +colorama==0.4.6 +cryptography==44.0.1 +fabric==3.2.2 +humanfriendly==10.0 +idna==3.7 +invoke==2.2.0 +isodate==0.6.1 +javaproperties==0.5.1 +jmespath==0.9.5 +jsondiff==2.0.0 +knack==0.11.0 +msal-extensions==1.2.0 +msal[broker]==1.35.0b1 +msrest==0.7.1 +oauthlib==3.2.2 +packaging==25.0 +paramiko==3.5.0 +pbr==7.0.3 +pkginfo==1.8.2 +portalocker==2.3.2 +psutil==6.1.0 +pycomposefile==0.0.34 +PyGithub==1.55 +PyJWT==2.10.1 +PyNaCl==1.6.2 +pyOpenSSL==25.0.0 +PySocks==1.7.1 +python-dateutil==2.8.0 +requests-oauthlib==1.2.0 +requests==2.32.4 +scp==0.13.2 +semver==3.0.4 +six==1.16.0 +sshtunnel==0.1.5 +tabulate==0.8.9 +urllib3==2.6.3 +wcwidth==0.1.7 +websocket-client==1.8.0 +xmltodict==0.12.0 From 985517d7f7bd46587368b2c8f9fa5e5666309edb Mon Sep 17 00:00:00 2001 From: Naga Nandyala Date: Thu, 19 Feb 2026 14:25:39 +1100 Subject: [PATCH 5/6] Revert requirements.py3.Darwin.txt to dev branch version --- src/azure-cli/requirements.py3.Darwin.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/azure-cli/requirements.py3.Darwin.txt b/src/azure-cli/requirements.py3.Darwin.txt index b61dd9d0741..5c0062e3d97 100644 --- a/src/azure-cli/requirements.py3.Darwin.txt +++ b/src/azure-cli/requirements.py3.Darwin.txt @@ -109,7 +109,7 @@ jmespath==0.9.5 jsondiff==2.0.0 knack==0.11.0 msal-extensions==1.2.0 -msal[broker]==1.35.0b1 +msal==1.35.0b1 msrest==0.7.1 oauthlib==3.2.2 packaging==25.0 From a52ca9a8532bed4853c080e707938fe0345e18c6 Mon Sep 17 00:00:00 2001 From: Naga Nandyala Date: Thu, 19 Feb 2026 14:28:45 +1100 Subject: [PATCH 6/6] maintaining old requjirment file for homembrew-core --- src/azure-cli/requirements.py3.Darwin.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/azure-cli/requirements.py3.Darwin.txt b/src/azure-cli/requirements.py3.Darwin.txt index 5c0062e3d97..a98d2e0d8b2 100644 --- a/src/azure-cli/requirements.py3.Darwin.txt +++ b/src/azure-cli/requirements.py3.Darwin.txt @@ -109,6 +109,8 @@ jmespath==0.9.5 jsondiff==2.0.0 knack==0.11.0 msal-extensions==1.2.0 +# macOS/Darwin: standard msal without broker support. (this is for homebrew-core parallel run for next few months). +# For broker support, use requirements.py3.MacOS.txt msal==1.35.0b1 msrest==0.7.1 oauthlib==3.2.2