Disable broker on Intel-based Macs#926
Open
ashok672 wants to merge 1 commit into
Open
Conversation
Broker on macOS is supported only on Apple Silicon (arm64). On Intel Macs (x86_64 / i386) MSAL Python will now force-disable broker in ClientApplication._decide_broker, regardless of whether a broker is installed on the device or whether the app opted in via enable_broker_on_mac=True. Apple Silicon Macs and all non-Mac platforms are unaffected. The check sits in the single broker-decision chokepoint and reuses the existing 'broker unavailable, falling back to non-broker' warning path. Tests: - tests/test_application.py::TestBrokerDisabledOnIntelMac covers the three architecture branches (arm64, x86_64, i386) by patching sys.platform and platform.machine, matching the existing broker-test pattern in this file. CI runs on ubuntu-latest only, so the mock is the only way to exercise the darwin branch. - tests/intel_mac_broker_smoke_test.py is a credential-free, no-UI manual smoke test that runs in a few seconds on real hardware (especially useful on an Intel Mac, which CI cannot cover).
Contributor
There was a problem hiding this comment.
Pull request overview
This PR enforces the product policy that MSAL Python’s macOS broker support is Apple-Silicon-only by force-disabling broker on Intel-based Macs (x86_64/i386) inside the central broker-decision path (ClientApplication._decide_broker). It adds unit coverage for the architecture branches and a small manual smoke-test script intended for real-hardware verification.
Changes:
- Force-disable broker on macOS when
platform.machine()reportsx86_64ori386, using the existing “fallback to non-broker” warning path. - Add unit tests that patch
sys.platformandplatform.machine()to validate arm64 vs Intel behavior. - Add a manual (credential-free) smoke test script for running the broker gate on real machines.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
msal/application.py |
Adds Intel-macOS architecture gate that disables broker and logs a warning before broker initialization. |
tests/test_application.py |
Adds unit tests covering arm64 vs Intel macOS broker enablement behavior via patching. |
tests/intel_mac_broker_smoke_test.py |
Adds a manual smoke test script to validate the gate on real hardware. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+52
to
+58
| app = msal.PublicClientApplication( | ||
| _CLIENT_ID, | ||
| authority=_AUTHORITY, | ||
| enable_broker_on_mac=True, | ||
| enable_broker_on_windows=True, | ||
| enable_broker_on_linux=True, | ||
| ) |
Comment on lines
+767
to
+778
| if ( | ||
| self._enable_broker | ||
| and sys.platform == "darwin" | ||
| and platform.machine() in ("x86_64", "i386") | ||
| ): | ||
| # Broker on macOS is supported only on Apple Silicon (arm64). | ||
| # Intel Macs are excluded by product policy, regardless of whether | ||
| # a broker is actually installed on the device. | ||
| self._enable_broker = False | ||
| logger.warning( | ||
| "Broker is not supported on Intel-based Macs. " | ||
| "We will fallback to non-broker.") |
fengga
reviewed
Jun 10, 2026
| and not self.authority.is_adfs | ||
| and not self.authority._is_b2c | ||
| ) | ||
| if ( |
Contributor
There was a problem hiding this comment.
Just curious, does broker stopped supporting Intel-chip mac?
I'm asking because several years ago it was supported.
fengga
approved these changes
Jun 10, 2026
Member
|
@ashok672 - pls have a look at the build failures |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Broker on macOS is supported only on Apple Silicon (arm64). On Intel Macs (x86_64 / i386) MSAL Python will now force-disable broker in ClientApplication._decide_broker, regardless of whether a broker is installed on the device or whether the app opted in via enable_broker_on_mac=True. Apple Silicon Macs and all non-Mac platforms are unaffected.
The check sits in the single broker-decision chokepoint and reuses the existing 'broker unavailable, falling back to non-broker' warning path.
Tests: