From 18e72f533b718868a8c5cfc6656ab1ef07bf07f6 Mon Sep 17 00:00:00 2001
From: Charles Lowell <chlowe@microsoft.com>
Date: Wed, 13 Nov 2019 11:45:11 -0800
Subject: [PATCH] InteractiveBrowserCredential prompts for account selection

---
 .../azure/identity/_credentials/browser.py         |  4 +++-
 .../tests/test_interactive_credential.py           | 14 ++++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/browser.py b/sdk/identity/azure-identity/azure/identity/_credentials/browser.py
index e4a6aa184a74..7f80e191987a 100644
--- a/sdk/identity/azure-identity/azure/identity/_credentials/browser.py
+++ b/sdk/identity/azure-identity/azure/identity/_credentials/browser.py
@@ -94,7 +94,9 @@ def _get_token_by_auth_code(self, scopes, **kwargs):
         scopes = list(scopes)  # type: ignore
         request_state = str(uuid.uuid4())
         app = self._get_app()
-        auth_url = app.get_authorization_request_url(scopes, redirect_uri=redirect_uri, state=request_state, **kwargs)
+        auth_url = app.get_authorization_request_url(
+            scopes, redirect_uri=redirect_uri, state=request_state, prompt="select_account", **kwargs
+        )
 
         # open browser to that url
         if not webbrowser.open(auth_url):
diff --git a/sdk/identity/azure-identity/tests/test_interactive_credential.py b/sdk/identity/azure-identity/tests/test_interactive_credential.py
index 0815d6ccaf8f..3a3cb3a4f894 100644
--- a/sdk/identity/azure-identity/tests/test_interactive_credential.py
+++ b/sdk/identity/azure-identity/tests/test_interactive_credential.py
@@ -11,7 +11,7 @@
 from azure.identity import InteractiveBrowserCredential
 from azure.identity._internal import AuthCodeRedirectServer
 import pytest
-from six.moves import urllib
+from six.moves import urllib, urllib_parse
 
 from helpers import build_aad_response, mock_response, Request, validating_transport
 
@@ -23,7 +23,7 @@
 
 @patch("azure.identity._credentials.browser.webbrowser.open")
 def test_interactive_credential(mock_open):
-    mock_open.return_value = True  # the real webbrowser.open returns a bool
+    mock_open.side_effect = _validate_auth_request_url
     oauth_state = "state"
     client_id = "client-id"
     expected_refresh_token = "refresh-token"
@@ -171,3 +171,13 @@ def test_no_browser():
     )
     with pytest.raises(ClientAuthenticationError, match=r".*browser.*"):
         credential.get_token("scope")
+
+
+def _validate_auth_request_url(url):
+    parsed_url = urllib_parse.urlparse(url)
+    params = urllib_parse.parse_qs(parsed_url.query)
+    assert params.get("prompt") == ["select_account"], "Auth code request doesn't specify 'prompt=select_account'."
+
+    # when used as a Mock's side_effect, this method's return value is the Mock's return value
+    # (the real webbrowser.open returns a bool)
+    return True