From 2b603f5c9643ece12b40cfcaf1e4005cbca141e1 Mon Sep 17 00:00:00 2001
From: vgrem <vvgrem@gmail.com>
Date: Sat, 22 Jul 2023 17:12:18 +0300
Subject: [PATCH] #713: support for oauth2 device code auth introduced

---
 examples/sharepoint/connect_device_flow.py    |  15 ++
 generator/import_metadata.py                  |   4 +-
 generator/metadata/MicrosoftGraph.xml         | 135 +++++++++++++++++-
 generator/metadata/SharePoint.xml             |  24 +++-
 .../runtime/auth/authentication_context.py    |  36 +++++
 office365/sharepoint/client_context.py        |  11 ++
 6 files changed, 216 insertions(+), 9 deletions(-)
 create mode 100644 examples/sharepoint/connect_device_flow.py

diff --git a/examples/sharepoint/connect_device_flow.py b/examples/sharepoint/connect_device_flow.py
new file mode 100644
index 00000000..7972a779
--- /dev/null
+++ b/examples/sharepoint/connect_device_flow.py
@@ -0,0 +1,15 @@
+"""
+Demonstrates how to authenticate users on devices or operating systems that don't provide a web browser.
+Device code flow lets the user use another device such as a computer or a mobile phone to sign in interactively.
+
+https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code
+"""
+
+from office365.sharepoint.client_context import ClientContext
+from tests import test_tenant, test_client_id, test_site_url
+
+ctx = ClientContext(test_site_url).with_device_flow(test_tenant, test_client_id)
+me = ctx.web.current_user.get().execute_query()
+print(me.login_name)
+web = ctx.web.get().execute_query()
+print(web.title)
diff --git a/generator/import_metadata.py b/generator/import_metadata.py
index f55be611..6ade2f5e 100644
--- a/generator/import_metadata.py
+++ b/generator/import_metadata.py
@@ -15,9 +15,9 @@ def export_to_file(path, content):
 
 parser = ArgumentParser()
 parser.add_argument("-e", "--endpoint", dest="endpoint",
-                    help="Import metadata endpoint", default="sharepoint")
+                    help="Import metadata endpoint", default="microsoftgraph")
 parser.add_argument("-p", "--path",
-                    dest="path", default="./metadata/SharePoint.xml",
+                    dest="path", default="./metadata/MicrosoftGraph.xml",
                     help="Import metadata endpoint")
 
 args = parser.parse_args()
diff --git a/generator/metadata/MicrosoftGraph.xml b/generator/metadata/MicrosoftGraph.xml
index 7164e03c..3cd8efd9 100644
--- a/generator/metadata/MicrosoftGraph.xml
+++ b/generator/metadata/MicrosoftGraph.xml
@@ -25406,14 +25406,20 @@
          </ComplexType>
          <ComplexType Name="conditionalAccessAllExternalTenants" BaseType="graph.conditionalAccessExternalTenants"/>
          <ComplexType Name="conditionalAccessApplications">
+            <Property Name="applicationFilter" Type="graph.conditionalAccessFilter"/>
             <Property Name="excludeApplications" Type="Collection(Edm.String)" Nullable="false"/>
             <Property Name="includeApplications" Type="Collection(Edm.String)" Nullable="false"/>
             <Property Name="includeAuthenticationContextClassReferences" Type="Collection(Edm.String)" Nullable="false"/>
             <Property Name="includeUserActions" Type="Collection(Edm.String)" Nullable="false"/>
          </ComplexType>
+         <ComplexType Name="conditionalAccessFilter">
+            <Property Name="mode" Type="graph.filterMode" Nullable="false"/>
+            <Property Name="rule" Type="Edm.String" Nullable="false"/>
+         </ComplexType>
          <ComplexType Name="conditionalAccessClientApplications">
             <Property Name="excludeServicePrincipals" Type="Collection(Edm.String)" Nullable="false"/>
             <Property Name="includeServicePrincipals" Type="Collection(Edm.String)" Nullable="false"/>
+            <Property Name="servicePrincipalFilter" Type="graph.conditionalAccessFilter"/>
          </ComplexType>
          <ComplexType Name="conditionalAccessConditionSet">
             <Property Name="applications" Type="graph.conditionalAccessApplications"/>
@@ -25448,10 +25454,6 @@
             <Property Name="includeRoles" Type="Collection(Edm.String)" Nullable="false"/>
             <Property Name="includeUsers" Type="Collection(Edm.String)" Nullable="false"/>
          </ComplexType>
-         <ComplexType Name="conditionalAccessFilter">
-            <Property Name="mode" Type="graph.filterMode" Nullable="false"/>
-            <Property Name="rule" Type="Edm.String" Nullable="false"/>
-         </ComplexType>
          <ComplexType Name="conditionalAccessEnumeratedExternalTenants" BaseType="graph.conditionalAccessExternalTenants">
             <Property Name="members" Type="Collection(Edm.String)" Nullable="false"/>
          </ComplexType>
@@ -30510,9 +30512,13 @@
             <NavigationProperty Name="bot" Type="graph.teamworkBot" ContainsTarget="true"/>
          </EntityType>
          <EntityType Name="teamworkBot" BaseType="graph.entity"/>
+         <EntityType Name="teamsAppSettings" BaseType="graph.entity">
+            <Property Name="allowUserRequestsForAppAccess" Type="Edm.Boolean"/>
+         </EntityType>
          <EntityType Name="teamwork" BaseType="graph.entity">
             <NavigationProperty Name="workforceIntegrations" Type="Collection(graph.workforceIntegration)" ContainsTarget="true"/>
             <NavigationProperty Name="deletedTeams" Type="Collection(graph.deletedTeam)" ContainsTarget="true"/>
+            <NavigationProperty Name="teamsAppSettings" Type="graph.teamsAppSettings" ContainsTarget="true"/>
          </EntityType>
          <EntityType Name="workforceIntegration" BaseType="graph.changeTrackedEntity">
             <Property Name="apiVersion" Type="Edm.Int32"/>
@@ -36065,7 +36071,6 @@
             </EntitySet>
             <EntitySet Name="groupSettings" EntityType="microsoft.graph.groupSetting"/>
             <EntitySet Name="groupSettingTemplates" EntityType="microsoft.graph.groupSettingTemplate"/>
-            <EntitySet Name="localizations" EntityType="microsoft.graph.organizationalBrandingLocalization"/>
             <EntitySet Name="oauth2PermissionGrants" EntityType="microsoft.graph.oAuth2PermissionGrant"/>
             <EntitySet Name="organization" EntityType="microsoft.graph.organization">
                <NavigationPropertyBinding Path="certificateBasedAuthConfiguration" Target="certificateBasedAuthConfiguration"/>
@@ -36292,6 +36297,12 @@
             <Member Name="resolved" Value="8"/>
             <Member Name="unknownFutureValue" Value="31"/>
          </EnumType>
+         <EnumType Name="containerPortProtocol">
+            <Member Name="udp" Value="0"/>
+            <Member Name="tcp" Value="1"/>
+            <Member Name="sctp" Value="2"/>
+            <Member Name="unknownFutureValue" Value="3"/>
+         </EnumType>
          <EnumType Name="defenderAvStatus">
             <Member Name="notReporting" Value="0"/>
             <Member Name="disabled" Value="1"/>
@@ -36378,6 +36389,14 @@
             <Member Name="noThreatsFound" Value="3"/>
             <Member Name="unknownFutureValue" Value="4"/>
          </EnumType>
+         <EnumType Name="fileHashAlgorithm">
+            <Member Name="unknown" Value="0"/>
+            <Member Name="md5" Value="1"/>
+            <Member Name="sha1" Value="2"/>
+            <Member Name="sha256" Value="3"/>
+            <Member Name="sha256ac" Value="4"/>
+            <Member Name="unknownFutureValue" Value="5"/>
+         </EnumType>
          <EnumType Name="googleCloudLocationType">
             <Member Name="unknown" Value="0"/>
             <Member Name="regional" Value="1"/>
@@ -36393,6 +36412,22 @@
             <Member Name="unknownFutureValue" Value="127"/>
             <Member Name="awaitingAction" Value="128"/>
          </EnumType>
+         <EnumType Name="kubernetesPlatform">
+            <Member Name="unknown" Value="0"/>
+            <Member Name="aks" Value="1"/>
+            <Member Name="eks" Value="2"/>
+            <Member Name="gke" Value="3"/>
+            <Member Name="arc" Value="4"/>
+            <Member Name="unknownFutureValue" Value="5"/>
+         </EnumType>
+         <EnumType Name="kubernetesServiceType">
+            <Member Name="unknown" Value="0"/>
+            <Member Name="clusterIP" Value="1"/>
+            <Member Name="externalName" Value="2"/>
+            <Member Name="nodePort" Value="3"/>
+            <Member Name="loadBalancer" Value="4"/>
+            <Member Name="unknownFutureValue" Value="31"/>
+         </EnumType>
          <EnumType Name="onboardingStatus">
             <Member Name="insufficientInfo" Value="0"/>
             <Member Name="onboarded" Value="1"/>
@@ -36758,6 +36793,22 @@
             <Property Name="resourceName" Type="Edm.String"/>
             <Property Name="resourceType" Type="Edm.String"/>
          </ComplexType>
+         <ComplexType Name="blobContainerEvidence" BaseType="microsoft.graph.security.alertEvidence">
+            <Property Name="name" Type="Edm.String"/>
+            <Property Name="storageResource" Type="microsoft.graph.security.azureResourceEvidence"/>
+            <Property Name="url" Type="Edm.String"/>
+         </ComplexType>
+         <ComplexType Name="blobEvidence" BaseType="microsoft.graph.security.alertEvidence">
+            <Property Name="blobContainer" Type="microsoft.graph.security.blobContainerEvidence"/>
+            <Property Name="etag" Type="Edm.String"/>
+            <Property Name="fileHashes" Type="Collection(microsoft.graph.security.fileHash)"/>
+            <Property Name="name" Type="Edm.String"/>
+            <Property Name="url" Type="Edm.String"/>
+         </ComplexType>
+         <ComplexType Name="fileHash">
+            <Property Name="algorithm" Type="microsoft.graph.security.fileHashAlgorithm" Nullable="false"/>
+            <Property Name="value" Type="Edm.String"/>
+         </ComplexType>
          <ComplexType Name="cloudApplicationEvidence" BaseType="microsoft.graph.security.alertEvidence">
             <Property Name="appId" Type="Edm.Int64"/>
             <Property Name="displayName" Type="Edm.String"/>
@@ -36765,6 +36816,34 @@
             <Property Name="instanceName" Type="Edm.String"/>
             <Property Name="saasAppId" Type="Edm.Int64"/>
          </ComplexType>
+         <ComplexType Name="containerEvidence" BaseType="microsoft.graph.security.alertEvidence">
+            <Property Name="args" Type="Collection(Edm.String)"/>
+            <Property Name="command" Type="Collection(Edm.String)"/>
+            <Property Name="containerId" Type="Edm.String"/>
+            <Property Name="image" Type="microsoft.graph.security.containerImageEvidence"/>
+            <Property Name="isPrivileged" Type="Edm.Boolean" Nullable="false"/>
+            <Property Name="name" Type="Edm.String"/>
+            <Property Name="pod" Type="microsoft.graph.security.kubernetesPodEvidence"/>
+         </ComplexType>
+         <ComplexType Name="containerImageEvidence" BaseType="microsoft.graph.security.alertEvidence">
+            <Property Name="digestImage" Type="microsoft.graph.security.containerImageEvidence"/>
+            <Property Name="imageId" Type="Edm.String"/>
+            <Property Name="registry" Type="microsoft.graph.security.containerRegistryEvidence"/>
+         </ComplexType>
+         <ComplexType Name="kubernetesPodEvidence" BaseType="microsoft.graph.security.alertEvidence">
+            <Property Name="containers" Type="Collection(microsoft.graph.security.containerEvidence)"/>
+            <Property Name="controller" Type="microsoft.graph.security.kubernetesControllerEvidence"/>
+            <Property Name="ephemeralContainers" Type="Collection(microsoft.graph.security.containerEvidence)"/>
+            <Property Name="initContainers" Type="Collection(microsoft.graph.security.containerEvidence)"/>
+            <Property Name="labels" Type="microsoft.graph.security.dictionary"/>
+            <Property Name="name" Type="Edm.String"/>
+            <Property Name="namespace" Type="microsoft.graph.security.kubernetesNamespaceEvidence"/>
+            <Property Name="podIp" Type="microsoft.graph.security.ipEvidence"/>
+            <Property Name="serviceAccount" Type="microsoft.graph.security.kubernetesServiceAccountEvidence"/>
+         </ComplexType>
+         <ComplexType Name="containerRegistryEvidence" BaseType="microsoft.graph.security.alertEvidence">
+            <Property Name="registry" Type="Edm.String"/>
+         </ComplexType>
          <ComplexType Name="deviceEvidence" BaseType="microsoft.graph.security.alertEvidence">
             <Property Name="azureAdDeviceId" Type="Edm.String"/>
             <Property Name="defenderAvStatus" Type="microsoft.graph.security.defenderAvStatus"/>
@@ -36793,6 +36872,7 @@
             <Property Name="subscriptionId" Type="Edm.String"/>
             <Property Name="vmId" Type="Edm.String"/>
          </ComplexType>
+         <ComplexType Name="dictionary" OpenType="true"/>
          <ComplexType Name="dynamicColumnValue" OpenType="true"/>
          <ComplexType Name="fileDetails">
             <Property Name="fileName" Type="Edm.String"/>
@@ -36830,6 +36910,51 @@
             <Property Name="countryLetterCode" Type="Edm.String"/>
             <Property Name="ipAddress" Type="Edm.String"/>
          </ComplexType>
+         <ComplexType Name="kubernetesClusterEvidence" BaseType="microsoft.graph.security.alertEvidence">
+            <Property Name="cloudResource" Type="microsoft.graph.security.alertEvidence"/>
+            <Property Name="distribution" Type="Edm.String"/>
+            <Property Name="name" Type="Edm.String"/>
+            <Property Name="platform" Type="microsoft.graph.security.kubernetesPlatform"/>
+            <Property Name="version" Type="Edm.String"/>
+         </ComplexType>
+         <ComplexType Name="kubernetesControllerEvidence" BaseType="microsoft.graph.security.alertEvidence">
+            <Property Name="labels" Type="microsoft.graph.security.dictionary"/>
+            <Property Name="name" Type="Edm.String"/>
+            <Property Name="namespace" Type="microsoft.graph.security.kubernetesNamespaceEvidence"/>
+            <Property Name="type" Type="Edm.String"/>
+         </ComplexType>
+         <ComplexType Name="kubernetesNamespaceEvidence" BaseType="microsoft.graph.security.alertEvidence">
+            <Property Name="cluster" Type="microsoft.graph.security.kubernetesClusterEvidence"/>
+            <Property Name="labels" Type="microsoft.graph.security.dictionary"/>
+            <Property Name="name" Type="Edm.String"/>
+         </ComplexType>
+         <ComplexType Name="kubernetesServiceAccountEvidence" BaseType="microsoft.graph.security.alertEvidence">
+            <Property Name="name" Type="Edm.String"/>
+            <Property Name="namespace" Type="microsoft.graph.security.kubernetesNamespaceEvidence"/>
+         </ComplexType>
+         <ComplexType Name="kubernetesSecretEvidence" BaseType="microsoft.graph.security.alertEvidence">
+            <Property Name="name" Type="Edm.String"/>
+            <Property Name="namespace" Type="microsoft.graph.security.kubernetesNamespaceEvidence"/>
+            <Property Name="secretType" Type="Edm.String"/>
+         </ComplexType>
+         <ComplexType Name="kubernetesServiceEvidence" BaseType="microsoft.graph.security.alertEvidence">
+            <Property Name="clusterIP" Type="microsoft.graph.security.ipEvidence"/>
+            <Property Name="externalIPs" Type="Collection(microsoft.graph.security.ipEvidence)"/>
+            <Property Name="labels" Type="microsoft.graph.security.dictionary"/>
+            <Property Name="name" Type="Edm.String"/>
+            <Property Name="namespace" Type="microsoft.graph.security.kubernetesNamespaceEvidence"/>
+            <Property Name="selector" Type="microsoft.graph.security.dictionary"/>
+            <Property Name="servicePorts" Type="Collection(microsoft.graph.security.kubernetesServicePort)"/>
+            <Property Name="serviceType" Type="microsoft.graph.security.kubernetesServiceType" Nullable="false"/>
+         </ComplexType>
+         <ComplexType Name="kubernetesServicePort">
+            <Property Name="appProtocol" Type="Edm.String"/>
+            <Property Name="name" Type="Edm.String"/>
+            <Property Name="nodePort" Type="Edm.Int32" Nullable="false"/>
+            <Property Name="port" Type="Edm.Int32" Nullable="false"/>
+            <Property Name="protocol" Type="microsoft.graph.security.containerPortProtocol"/>
+            <Property Name="targetPort" Type="Edm.String"/>
+         </ComplexType>
          <ComplexType Name="mailboxEvidence" BaseType="microsoft.graph.security.alertEvidence">
             <Property Name="displayName" Type="Edm.String"/>
             <Property Name="primaryAddress" Type="Edm.String"/>
diff --git a/generator/metadata/SharePoint.xml b/generator/metadata/SharePoint.xml
index df39f090..c94425c8 100644
--- a/generator/metadata/SharePoint.xml
+++ b/generator/metadata/SharePoint.xml
@@ -1857,6 +1857,7 @@
             <Property Name="ImagePath" Type="SP.ResourcePath"/>
             <Property Name="ImageUrl" Type="Edm.String"/>
             <Property Name="DefaultSensitivityLabelForLibrary" Type="Edm.String"/>
+            <Property Name="SensitivityLabelToEncryptOnDOwnloadForLibrary" Type="Edm.String"/>
             <Property Name="IrmEnabled" Type="Edm.Boolean" Nullable="false"/>
             <Property Name="IrmExpire" Type="Edm.Boolean" Nullable="false"/>
             <Property Name="IrmReject" Type="Edm.Boolean" Nullable="false"/>
@@ -5436,6 +5437,12 @@
                <Parameter Name="groupId" Type="Edm.Guid" Nullable="false"/>
             </FunctionImport>
             <FunctionImport Name="Microsoft_Office_Server_ContentCenter_SPMachineLearningHub" ReturnType="Microsoft.Office.Server.ContentCenter.SPMachineLearningHub" IsComposable="true" EntitySet="Machinelearnings"/>
+            <FunctionImport Name="CheckAIBuilderAccess" ReturnType="SP.FlowSynchronizationResult" IsComposable="true" IsBindable="true" EntitySet="FlowSynchronizationResults">
+               <Parameter Name="this" Type="Microsoft.Office.Server.ContentCenter.SPMachineLearningHub"/>
+               <Parameter Name="environmentName" Type="Edm.String"/>
+               <Parameter Name="isTestEnvironment" Type="Edm.Boolean" Nullable="false"/>
+               <Parameter Name="userId" Type="Edm.String"/>
+            </FunctionImport>
             <FunctionImport Name="GetByContentTypeId" ReturnType="Microsoft.Office.Server.ContentCenter.SyntexModelsLandingInfo" IsComposable="true" IsBindable="true" EntitySet="SyntexModelsLandingInfos">
                <Parameter Name="this" Type="Microsoft.Office.Server.ContentCenter.SPMachineLearningHub"/>
                <Parameter Name="contentTypeId" Type="Edm.String"/>
@@ -12712,12 +12719,15 @@
             <FunctionImport Name="SP_eSignInternal_CancelAgreement">
                <Parameter Name="cancelAgreement" Type="Microsoft.SharePoint.ESign.Models.Requests.CancelAgreementModel"/>
             </FunctionImport>
-            <FunctionImport Name="SP_eSignInternal_CompleteAgreement">
+            <FunctionImport Name="SP_eSignInternal_CompleteAgreement" ReturnType="Edm.DateTime">
                <Parameter Name="completeAgreement" Type="Microsoft.SharePoint.ESign.Models.Requests.CompleteAgreementModel"/>
             </FunctionImport>
             <FunctionImport Name="SP_eSignInternal_DeclineAgreement">
                <Parameter Name="declineAgreement" Type="Microsoft.SharePoint.ESign.Models.Requests.DeclineAgreementModel"/>
             </FunctionImport>
+            <FunctionImport Name="SP_eSignInternal_RemoveAuditTrailEntry">
+               <Parameter Name="removeAuditTrailEntry" Type="Microsoft.SharePoint.ESign.Models.Requests.RemoveAuditTrailEntryModel"/>
+            </FunctionImport>
             <FunctionImport Name="SP_eSignInternal_SignAgreement">
                <Parameter Name="signAgreement" Type="Microsoft.SharePoint.ESign.Models.Requests.SignAgreementModel"/>
             </FunctionImport>
@@ -14529,7 +14539,7 @@
                <Parameter Name="this" Type="SP.Site"/>
                <Parameter Name="requireUseRemoteAPIs" Type="Edm.Boolean" Nullable="false"/>
             </FunctionImport>
-            <FunctionImport Name="UpdateInactiveSiteProperties" IsBindable="true">
+            <FunctionImport Name="UpdateInactiveSiteProperties" ReturnType="Edm.String" IsBindable="true">
                <Parameter Name="this" Type="SP.Site"/>
                <Parameter Name="operation" Type="Edm.String"/>
                <Parameter Name="executionId" Type="Edm.Int32" Nullable="false"/>
@@ -90891,6 +90901,9 @@
          <Annotations Target="SP.ApiData/Microsoft_Office_Server_ContentCenter_SPMachineLearningHub()">
             <ValueAnnotation Term="Com.Microsoft.VisualStudio.CodeGen.IsBeta" Bool="true"/>
          </Annotations>
+         <Annotations Target="SP.ApiData/CheckAIBuilderAccess(Microsoft.Office.Server.ContentCenter.SPMachineLearningHub, Edm.String, Edm.Boolean, Edm.String)">
+            <ValueAnnotation Term="Com.Microsoft.VisualStudio.CodeGen.IsBeta" Bool="true"/>
+         </Annotations>
          <Annotations Target="SP.ApiData/GetByContentTypeId(Microsoft.Office.Server.ContentCenter.SPMachineLearningHub, Edm.String)">
             <ValueAnnotation Term="Com.Microsoft.VisualStudio.CodeGen.IsBeta" Bool="true"/>
          </Annotations>
@@ -92853,6 +92866,9 @@
          <Annotations Target="SP.ApiData/SP_eSignInternal_DeclineAgreement(Microsoft.SharePoint.ESign.Models.Requests.DeclineAgreementModel)">
             <ValueAnnotation Term="Com.Microsoft.VisualStudio.CodeGen.IsBeta" Bool="true"/>
          </Annotations>
+         <Annotations Target="SP.ApiData/SP_eSignInternal_RemoveAuditTrailEntry(Microsoft.SharePoint.ESign.Models.Requests.RemoveAuditTrailEntryModel)">
+            <ValueAnnotation Term="Com.Microsoft.VisualStudio.CodeGen.IsBeta" Bool="true"/>
+         </Annotations>
          <Annotations Target="SP.ApiData/SP_eSignInternal_SignAgreement(Microsoft.SharePoint.ESign.Models.Requests.SignAgreementModel)">
             <ValueAnnotation Term="Com.Microsoft.VisualStudio.CodeGen.IsBeta" Bool="true"/>
          </Annotations>
@@ -100324,6 +100340,10 @@
             <Property Name="documentId" Type="Edm.Guid" Nullable="false"/>
             <Property Name="reason" Type="Edm.String"/>
          </ComplexType>
+         <ComplexType Name="RemoveAuditTrailEntryModel">
+            <Property Name="auditTrailEntryId" Type="Edm.Guid" Nullable="false"/>
+            <Property Name="documentId" Type="Edm.Guid" Nullable="false"/>
+         </ComplexType>
          <ComplexType Name="SignAgreementModel">
             <Property Name="agreements" Type="Edm.String"/>
             <Property Name="documentId" Type="Edm.Guid" Nullable="false"/>
diff --git a/office365/runtime/auth/authentication_context.py b/office365/runtime/auth/authentication_context.py
index 14bc7de0..8139a938 100644
--- a/office365/runtime/auth/authentication_context.py
+++ b/office365/runtime/auth/authentication_context.py
@@ -1,3 +1,6 @@
+import json
+import sys
+
 from office365.runtime.auth.client_credential import ClientCredential
 from office365.runtime.auth.providers.acs_token_provider import ACSTokenProvider
 from office365.runtime.auth.providers.saml_token_provider import SamlTokenProvider
@@ -82,6 +85,39 @@ def _acquire_token():
         self.with_access_token(_acquire_token)
         return self
 
+    def with_device_flow(self, tenant, client_id, scopes=None):
+        """
+        Obtain token by a device flow object, with customizable polling effect.
+
+        :param str tenant: Tenant name, for example: contoso.onmicrosoft.com
+        :param str client_id: The OAuth client id of the calling application.
+        :param list[str] or None scopes:  Scopes requested to access a protected API (a resource)
+        """
+        if scopes is None:
+            resource = get_absolute_url(self.url)
+            scopes = ["{url}/.default".format(url=resource)]
+
+        def _acquire_token():
+            import msal
+            app = msal.PublicClientApplication(
+                client_id,
+                authority='https://login.microsoftonline.com/{0}'.format(tenant),
+                client_credential=None
+            )
+
+            flow = app.initiate_device_flow(scopes=scopes)
+            if "user_code" not in flow:
+                raise ValueError(
+                    "Failed to create device flow: %s" % json.dumps(flow, indent=4))
+
+            print(flow["message"])
+            sys.stdout.flush()
+
+            result = app.acquire_token_by_device_flow(flow)
+            return TokenResponse.from_json(result)
+        self.with_access_token(_acquire_token)
+        return self
+
     def with_access_token(self, token_func):
         """
         Initializes a client to acquire a token from a callback
diff --git a/office365/sharepoint/client_context.py b/office365/sharepoint/client_context.py
index 45dc2fc8..14e62db0 100644
--- a/office365/sharepoint/client_context.py
+++ b/office365/sharepoint/client_context.py
@@ -86,6 +86,17 @@ def with_interactive(self, tenant, client_id, scopes=None):
         self.authentication_context.with_interactive(tenant, client_id, scopes)
         return self
 
+    def with_device_flow(self, tenant, client_id, scopes=None):
+        """
+        Initializes a client to acquire a token via device flow auth.
+
+        :param str tenant: Tenant name, for example: contoso.onmicrosoft.com
+        :param str client_id: The OAuth client id of the calling application.
+        :param list[str] or None scopes:  Scopes requested to access a protected API (a resource)
+        """
+        self.authentication_context.with_device_flow(tenant, client_id, scopes)
+        return self
+
     def with_access_token(self, token_func):
         """
         Initializes a client to acquire a token from a callback