Skip to content

Latest commit

 

History

History
74 lines (50 loc) · 3.27 KB

enable-authentication-python-web-app-options.md

File metadata and controls

74 lines (50 loc) · 3.27 KB
Raw
title description author manager ms.service ms.topic ms.date ms.author ms.subservice ms.custom
Enable Python web application options by using Azure Active Directory B2C
This article shows you how to enable the use of Python web application options.
kengaderdus
CelesteDG
active-directory
reference
01/11/2024
kengaderdus
B2C
b2c-support, devx-track-python

Enable authentication options in a Python web app by using Azure AD B2C

This article describes how to enable, customize, and enhance the Azure Active Directory B2C (Azure AD B2C) authentication experience for your Python web application.

Before you start, it's important to familiarize yourself with how to Configure authentication in a sample Python web app by using Azure AD B2C.

[!INCLUDE active-directory-b2c-app-integration-custom-domain]

To use a custom domain and your tenant ID in the authentication URL:

  1. Follow the guidance in Enable custom domains.
  2. In the app_config.py file, update the authority_template class member with your custom domain.

The following Python code shows the app settings before the change:

authority_template = "https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{user_flow}"

The following Python code shows the app settings after the change:

authority_template = "https://custom.domain.com/00000000-0000-0000-0000-000000000000/{user_flow}"

[!INCLUDE active-directory-b2c-app-integration-login-hint]

  1. If you're using a custom policy, add the required input claim as described in Set up direct sign-in.
  2. Find the initiate_auth_code_flow method, and then add the login_hint parameter with the identity provider domain name (for example, facebook.com).
def _build_auth_code_flow(authority=None, scopes=None):
    return _build_msal_app(authority=authority).initiate_auth_code_flow(
        scopes or [],
        redirect_uri=url_for("authorized", _external=True),
        login_hint="bob@contoso.com")

[!INCLUDE active-directory-b2c-app-integration-domain-hint]

  1. Check the domain name of your external identity provider. For more information, see Redirect sign-in to a social provider.

  2. Find the initiate_auth_code_flow method, and then add the domain_hint parameter with the login hint.

    def _build_auth_code_flow(authority=None, scopes=None):
    return _build_msal_app(authority=authority).initiate_auth_code_flow(
        scopes or [],
        redirect_uri=url_for("authorized", _external=True),
        domain_hint="facebook.com")

Next steps