Skip to content

Latest commit

 

History

History
169 lines (115 loc) · 5.02 KB

README.rst

File metadata and controls

169 lines (115 loc) · 5.02 KB

msal-requests-auth

Authentication using python requests and MSAL. This uses the MSAL cache for repeated requests.

All Contributors https://pepy.tech/badge/msal_requests_auth https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white

Bugs/Questions

Usage

Compatible with:

Device Code Flow

Note

By default, DeviceCodeAuth copys the code to your clipboard and opens a webbrowser. To disable, either set headless=True when initializing DeviceCodeAuth or set the environment variable MSAL_REQUESTS_AUTH_HEADLESS to true.

  • New in version 0.2.0: headless
  • New in version 0.6.0: MSAL_REQUESTS_AUTH_HEADLESS environment variable
  • New in version 0.7.0: KeyringTokenCache
import requests
import msal
from msal_requests_auth.auth import DeviceCodeAuth
from msal_requests_auth.cache import KeyringTokenCache

client_id = "<client ID from Azure AD>"
tenant_id = "<tenant ID from Azure AD>"
application_id = "<client ID of application you want to get a token for from Azure AD>"

with KeyringTokenCache() as token_cache:
    app = msal.PublicClientApplication(
        client_id,
        authority=f"https://login.microsoftonline.com/{tenant_id}/",
        token_cache=token_cache,
    )
    auth = DeviceCodeAuth(
        client=app,
        scopes=[f"{application_id}/.default"],
    )
    response = requests.get(
        endpoint,
        auth=auth,
    )

Client Credentials Flow

import requests
import msal
from msal_requests_auth.auth import ClientCredentialAuth

client_id = "<client ID from Azure AD>"
client_secret = "<client secret for client in Azure AD>"
tenant_id = "<tenant ID from Azure AD>"
application_id = "<client ID of application you want to get a token for from Azure AD>"
app = msal.ConfidentialClientApplication(
    client_id,
    authority=(f"https://login.microsoftonline.com/{tenant_id}/"),
    client_credential=client_secret,
)
auth = ClientCredentialAuth(
    client=app,
    scopes=[f"{application_id}/.default"],
)
response = requests.get(
    endpoint,
    auth=auth,
)

Installation

To install msal-requests-auth, run this command in your terminal:

$ python -m pip install msal_requests_auth

If you use conda:

$ conda install -c conda-forge msal_requests_auth

Windows keyring backend

The Windows Credential Locker is used by default by keyring. However, its password length limitations often prevent storing tokens. An alternative backend may resolve this limitation. When choosing a backend, be sure you are aware of its limitations.

keyrings.alt is an alternative keyring backend to consider:

python -m pip install keyrings.alt

Here is an example of how to set an alternative backend for keyring:

import keyring

keyring.core._config_path().parent.mkdir(parents=True, exist_ok=True)
keyring.core._config_path().write_text(
    "[backend]\ndefault-keyring=keyrings.alt.Windows.EncryptedKeyring"
)

Credits

This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.