browserless | efficient way to interact with a headless browser | Automation library

I am developing a simple prototype with Java + Playwright + Browserless. I was wondering if is possible avoid downloading the browsers in AWS.

Background: I am running a browserless application in python using the device code flow to authenticate with Azure Active Directory with token caching using the Python Microsoft Authentication Library (MSAL). I wrote the script based on this blog post. I intend to run this script on a cron job every day, but would like to reduce the time that the msal.acquire_token_by_device_flow() method waits to receive the token after successful authentication in browser. It appears the default value is about 5 hours. This specific use case is when the 90 day refresh token expires and the user needs to re-authenticate, I'd like the script to not hang for hours waiting for the user to reauthenticate.

What I've Tried: I tried to control this by using the inherited timeout argument (in seconds) when instantiating the PublicClientApplication() object, but it did not affect the timeout. I am not using the http_client argument (mentioned when using timeout). Specifically, I have tried both of the following instantiations:

I am trying to hit microsoft to do list api using python program.

Api : https://graph.microsoft.com/beta/me/todo/lists , which resulted in error : Access is denied due to invalid credentials. But when I tried the api : https://graph.microsoft.com/v1.0/users, I am getting the results properly. The documentation of the api (https://docs.microsoft.com/en-us/graph/api/resources/todo-overview?view=graph-rest-beta) says "Currently, the API supports only permissions delegated by the signed-in user". Currently I am trying to get auth code and then auth token and then hitting the API. To act as signed in user, what method should I follow in python? Please note I am not using a web frame work. When I tried using flask and then hitting the API , it works. Need to know how a browserless console python application can serve the purpose.

Thank youin advance for the help

I am developing a browserless app that needs access to two APIs - an Application API (read-only, e.g remote configuration) and a User API (read-write, e.g user preferences).

The app has the Client ID and Secret stored locally and therefore takes advantage of the Client Credentials flow to access the Application API. Now I need users to be able to access a User API and I'm wondering how to configure the backend (which in this case uses IdentityServer4) to do so. The API should be protected so that only authenticated users can access it and am planning on reading the Claims sent to identify the user.

Should I extend the existing Client ID to also allow the Device Flow grant type or create a separate Client just for this "user-only" flow?

I'm new to OAuth and want to make sure I'm doing this right so everything is kept secure.

I have two containers, one Puppeteer and one Browserless. I try to connect to Browserless, but it fails. Both containers are in the same network.

Here is my code:

I am currently trying to work with the Dart Puppeteer library. I have been running the following piece of code:

I wanted to know if anyone using Puppeteer-Cluster could elaborate on how the Cluster.Launch({settings}) protects against sharing of cookies and web data between pages in different context.

Do the browser contexts here, actually block cookies and user-data is not shared or tracked? Browserless' now infamous page seems to think no, here and that .launch({}) should be called on the task, not ahead of the queue.

So my question is, how do we know if puppeteer-cluster is sharing cookies / data between queued tasks? And what kind of options are in the library to lower the chances of being labeled a bot?

Setup: I am using page.authenticate with a proxy service, random user agent, and still getting blocked(403) occasionally by the site which I'm performing the test.