| page_type | languages | products | description | urlFragment | |||
|---|---|---|---|---|---|---|---|
sample |
|
|
This sample demonstrates a Python web application calling a web api that is secured using Azure Active Directory. |
ms-identity-python-webapp |
This sample was initially developed as a web app to demonstrate how to Integrate Microsoft Identity Platform with a Python web application. The same code base can also be used to demonstrate how to Integrate B2C of Microsoft identity platform with a Python web application. All you need is some different steps to register your app in your own B2C tenant, and then feed those different settings into the configuration file of this sample.
This sample covers the following:
- Update the application in Azure AD B2C
- Configure the sample to use the application
- Enable authentication in a web application using Azure Active Directory B2C
- Access a web API using Azure Active Directory B2C
This sample demonstrates a Python web application that signs-in users with the Microsoft identity platform and calls another web api.
- The python web application uses the Microsoft Authentication Library (MSAL) to obtain an access token from the Microsoft identity platform (formerly Azure AD v2.0):
- The access token is used as a bearer token to authenticate the user when calling the web api.
- Create an Azure Active Directory B2C tenant
- Register an application in Azure Active Directory B2C.
- Create user flows in Azure Active Directory B2C
- Have Python 2.7+ or Python 3+ installed
In the tutorial that you completed as part of the prerequisites, you added a web application in Azure AD B2C. To enable communication with the sample in this tutorial, you need to add a redirect URI to that application in Azure AD B2C.
- Modify an existing or add a new Reply URL, for example
http://localhost:5000/getATokenorhttps://your_domain.com:5000/getAToken. You could use any port or any path. Later we will set this sample to match what you register here. - On the properties page, record the application ID that you'll use when you configure the web application.
- Also generate a key (client secret) for your web application. Record the key that you'll use when you configure this sample.
From your shell or command line:
git clone https://github.com/Azure-Samples/ms-identity-python-webapp.gitor download and extract the repository .zip file.
Given that the name of the sample is quite long, you might want to clone it in a folder close to the root of your hard drive, to avoid file name length limitations when running on Windows.
Install the dependencies using pip:
$ pip install -r requirements.txtIn the steps below, "ClientID" is the same as "Application ID" or "AppId".
Note: if you used the setup scripts, the changes below may have been applied for you
-
Use the
app_config_b2c.pytemplate to replaceapp_config.py. -
Open the (now replaced)
app_config.pyfile- Update the value of
b2c_tenantwith the name of the Azure AD B2C tenant that you created. For example, replacefabrikamb2cwithcontoso. - Replace the value of
CLIENT_IDwith the application ID that you recorded. - Replace the value of
CLIENT_SECRETwith the key that you recorded. - Replace the value of
signupsignin_user_flowwithb2c_1_signupsignin1. - Replace the value of
editprofile_user_flowwithb2c_1_profileediting1. - Replace the value of
resetpassword_user_flowwithb2c_1_passwordreset1. - Replace the value of
REDIRECT_PATHwith the path part you set up in Reply URL. For example,/getAToken. It will be used by this sample app to form an absolute URL which matches your full Reply URL. - You do not have to configure the
ENDPOINTandSCOPEright now
- Update the value of
Run app.py from shell or command line. Note that the port needs to match what you've set up in your Reply URL:
$ flask run --port 5000You should now be able to visit http://localhost:5000 and use the sign-in feature.
This is how you enable authentication in a web application using Azure Active Directory B2C.
This sample itself does not act as a web API. Here we assume you already have your web API up and running elsewhere in your B2C tenant, with a specific endpoint, protected by a specific scope, and your sample app is already granted permission to access that web API.
Now you can configure this sample to access that web API.
- Open the (now replaced)
app_config.pyfile- Replace the value of
ENDPOINTwith the actual endpoint of your web API. - Replace the value of
SCOPEwith a list of the actual scopes of your web API. For example, write them as["demo.read", "demo.write"].
- Replace the value of
Now, re-run your web app sample, and you will find a new link showed up, and you can access the web API using Azure Active Directory B2C.
Use Stack Overflow to get support from the community.
Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before.
Make sure that your questions or comments are tagged with [azure-active-directory adal msal python].
If you find a bug in the sample, please raise the issue on GitHub Issues.
To provide a recommendation, visit the following User Voice page.
If you'd like to contribute to this sample, see CONTRIBUTING.MD.
This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
For more information, see MSAL.Python's conceptual documentation:
For more information about web apps scenarios on the Microsoft identity platform see Scenario: Web app that calls web APIs
For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see Authentication Scenarios for Azure AD.