Skip to content
Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Azure Active Directory.
Python
Branch: dev
Clone or download
Latest commit 9e122ee Sep 12, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs Use msal.__version__ in doc Dec 21, 2018
msal
sample
tests
.gitignore
.travis.yml
LICENSE
README.md
contributing.md
requirements.txt
setup.py

README.md

Microsoft Authentication Library (MSAL) for Python Preview

The MSAL library for Python enables your app to access the Microsoft Cloud by supporting authentication of users with Microsoft Azure Active Directory accounts and Microsoft Accounts using industry standard OAuth2 and OpenID Connect. Soon MSAL Python will also support Azure AD B2C.

Not sure whether this is the SDK you are looking for? There are other Microsoft Identity SDKs here.

Important Note about the MSAL Preview

This library is suitable for use in a production environment. We provide the same production level support for this library as we do our current production libraries. During the preview we may make changes to the API, internal cache format, and other mechanisms of this library, which you will be required to take along with bug fixes or feature improvements. This may impact your application. For instance, a change to the cache format may impact your users, such as requiring them to sign in again. An API change may require you to update your code. When we provide the General Availability release we will require you to update to the General Availability version within six months, as applications written using a preview version of library may no longer work.

Installation

  1. If you haven't already, install and/or upgrade the pip of your Python environment to a recent version. We tested with pip 18.1.
  2. As usual, just run pip install msal.

Usage and Samples

Before using MSAL Python (or any MSAL SDKs, for that matter), you will have to register your application with the AAD 2.0 endpoint.

Acquiring tokens with MSAL Python need to follow this 3-step pattern.

  1. MSAL proposes a clean separation between public client applications, and confidential client applications. So you will first create either a PublicClientApplication or a ConfidentialClientApplication instance, and ideally reuse it during the lifecycle of your app. The following example shows a PublicClientApplication:

    from msal import PublicClientApplication
    app = PublicClientApplication("your_client_id", authority="...")

    Later, each time you would want an access token, you start by:

    result = None  # It is just an initial value. Please follow instructions below.
  2. The API model in MSAL provides you explicit control on how to utilize token cache. This cache part is technically optional, but we highly recommend you to harness the power of MSAL cache. It will automatically handle the token refresh for you.

    # We now check the cache to see
    # whether we already have some accounts that the end user already used to sign in before.
    accounts = app.get_accounts()
    if accounts:
        # If so, you could then somehow display these accounts and let end user choose
        print("Pick the account you want to use to proceed:")
        for a in accounts:
            print(a["username"])
        # Assuming the end user chose this one
        chosen = accounts[0]
        # Now let's try to find a token in cache for this account
        result = app.acquire_token_silent(config["scope"], account=chosen)
  3. Either there is no suitable token in the cache, or you chose to skip the previous step, now it is time to actually send a request to AAD to obtain a token. There are different methods based on your client type and scenario. Here we demonstrate a placeholder flow.

    if not result:
        # So no suitable token exists in cache. Let's get a new one from AAD.
        result = app.acquire_token_by_one_of_the_actual_method(..., scopes=["User.Read"])
    if "access_token" in result:
        print(result["access_token"])  # Yay!
    else:
        print(result.get("error"))
        print(result.get("error_description"))
        print(result.get("correlation_id"))  # You may need this when reporting a bug

That is the high level pattern. There will be some variations for different flows. They are demonstrated in samples hosted right in this repo.

Documentation

The generic documents on Auth Scenarios and Auth protocols are recommended reading.

There is the API reference of MSAL Python which documents every parameter of each public method.

More and more detail about MSAL Python functionality and usage will be documented in the Wiki.

Versions

This library follows Semantic Versioning.

You can find the changes for each version under Releases.

Community Help and Support

We leverage Stack Overflow to work with the community on supporting Azure Active Directory and its SDKs, including this one! We highly recommend you ask your questions on Stack Overflow (we're all on there!) Also browser existing issues to see if someone has had your question before.

We recommend you use the "msal" tag so we can see it! Here is the latest Q&A on Stack Overflow for MSAL: http://stackoverflow.com/questions/tagged/msal

Security Reporting

If you find a security issue with our libraries or services please report it to secure@microsoft.com with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.

Contributing

All code is licensed under the MIT license and we triage actively on GitHub. We enthusiastically welcome contributions and feedback. Please read the contributing guide before starting.

We Value and Adhere to the Microsoft Open Source Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

You can’t perform that action at this time.