From d9493a13f71557f461451e45508033b8810dd588 Mon Sep 17 00:00:00 2001 From: Sherman Ouko <12745944+SHERMANOUKO@users.noreply.github.com> Date: Thu, 29 Feb 2024 19:26:54 +0300 Subject: [PATCH 01/10] Update overview documentation --- msal-python-conceptual/index.md | 127 +++++++++++++++----------------- 1 file changed, 60 insertions(+), 67 deletions(-) diff --git a/msal-python-conceptual/index.md b/msal-python-conceptual/index.md index 03a21d6..bc0f2bf 100644 --- a/msal-python-conceptual/index.md +++ b/msal-python-conceptual/index.md @@ -1,22 +1,20 @@ --- title: Overview of the Microsoft Authentication Library (MSAL) for Python description: Get started with the Microsoft Authentication Library for Python to sign in users or apps with Microsoft identities." -author: Dickson-Mwendia +author: SHERMANOUKO manager: CelesteDG ms.service: msal ms.subservice: msal-python ms.topic: conceptual -ms.date: 02/07/2024 -ms.author: dmwendia -ms.reviewer: shermanouko, rayluo +ms.date: 02/29/2024 +ms.author: shermanouko +ms.reviewer: dmwendia, rayluo --- # Microsoft Authentication Library (MSAL) for Python -The Microsoft Authentication Library (MSAL) for Python library enables you to sign in users or apps with Microsoft identities ([Microsoft Entra ID](https://azure.microsoft.com/services/active-directory/), [Microsoft Accounts](https://account.microsoft.com), and [Azure AD B2C](https://azure.microsoft.com/services/active-directory-b2c/) accounts). Using MSAL Python, you can acquire tokens from Microsoft Entra ID to call protected web APIs such as [Microsoft Graph](https://graph.microsoft.io/), other Microsoft APIs, or your own APIs. - - +The Microsoft Authentication Library (MSAL) for Python library enables you to sign in users or apps with Microsoft identities. These identities include work and school accounts, personal microsoft accounts, social accounts, customer accounts and so on. Using MSAL Python, you can acquire tokens from Microsoft Entra to call protected web APIs such as [Microsoft Graph](https://graph.microsoft.io/), other Microsoft APIs, or your own APIs. MSAL Python supports a variety of application types, including public client applications (desktop and mobile) and confidential client applications (web apps, web APIs, and daemon applications). ## Prerequisites @@ -31,22 +29,36 @@ Install the MSAL for Python package. You can find MSAL Python on [PyPI](https:// pip install msal ``` -## Setting up +## Identity concepts + +MSAL Python is part of the [Microsoft identity platform](/entra/identity-platform/v2-overview) ecosystem. It's important to farmiliarize yourself with the following concepts to effectively use MSAL Python to protect your applications and APIs: + +- [Identity and access management](/entra/fundamentals/identity-fundamental-concepts) +- [Authentication and authorization](/entra/identity-platform/authentication-vs-authorization) +- [OAuth 2.0 and OpenID Connect (OIDC) in the Microsoft identity platform](/entra/identity-platform/v2-protocols) +- [Confidential and public client accounts in the Microsoft identity platform](/entra/identity-platform/msal-client-applications) +- [Security tokens](/entra/identity-platform/security-tokens) + +## Usage scenarios -Before using MSAL Python, make sure to [register your application](/azure/active-directory/develop/quickstart-v2-register-an-app) with the Microsoft identity platform. You will need to take note of your **client ID** and **tenant ID**. +To use MSAL Python, register an application with the Microsoft identity platform. You'll need an Azure account with an active subscription. [Create a free account](https://signup.azure.com/) if you don't have one. You can register your app in a [customer tenant](/entra/external-id/customers/quickstart-tenant-setup) or [workforce tenant](/entra/identity-platform/scenario-web-app-sign-user-app-registration?tabs=python). ->[!IMPORTANT] ->When registering the application, make sure that you set up **redirect URLs** within the **Authentication** blade. Redirect URLs vary depending on the target platform. -> ->![Screenshot showing redirect URLs in Azure Portal](./media/redirect-urls.png) -> ->For desktop and mobile applications, make sure you add `http://localhost` as redirect URL if you do not rely on authentication brokers. +MSAL Python can be used by applications to acquire tokens to access protected APIs. Tokens can be acquired by different **application types**. These app types include desktop applications, web applications, web APIs, and applications running on devices that don't have a browser (such as IoT devices). Different app types follow different auth flows. + +In MSAL Python, applications are categorized as follows: + +- [Public client applications](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1) (desktop and mobile). These types of apps cannot store app secrets securely. +- [Confidential client applications](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1) (web apps, web APIs, and daemon applications). These type of apps securely store a secret registered with Microsoft Entra ID. + +For more information, see the documentation on [public client and confidential client apps](/entra/identity-platform/msal-client-applications) and the [different app types and their auth flows](/entra/identity-platform/authentication-flows-app-scenarios) in the Microsoft identity platform. + +After determining whether your application is a public or confidential client application, you can use MSAL Python to acquire tokens for different scenarios. ## Basic usage Acquiring tokens with MSAL Python follows a three-step pattern. There will be some variations for different flows. If you would like to see them in action, download our [samples](https://github.com/AzureAD/microsoft-authentication-library-for-python/tree/dev/sample). -1. MSAL relies on a clean separation between [public client and confidential client applications](https://tools.ietf.org/html/rfc6749#section-2.1). Therefore, create either a [`PublicClientApplication`](xref:msal.application.PublicClientApplication) or a [`ConfidentialClientApplication`](xref:msal.application.ConfidentialClientApplication) instance and reuse it during the lifecycle of your application. For example, for a public client application, the initalization code might look like this: +1. MSAL relies on a clean separation between public client and confidential client applications. Therefore, create either a [*PublicClientApplication*](xref:msal.application.PublicClientApplication) or a [*ConfidentialClientApplication*](xref:msal.application.ConfidentialClientApplication) instance and reuse it during the lifecycle of your application. For example, for a public client application, the initialization code might look like this: ```python from msal import PublicClientApplication @@ -56,33 +68,29 @@ Acquiring tokens with MSAL Python follows a three-step pattern. There will be so authority="https://login.microsoftonline.com/common") ``` - >[!NOTE] - >The authority is set to `/common` to allow sign ins with both organizaiton and personal Microsoft accounts. You can change it to `/organizations` to only allow sign ins with work and school accounts, `/consumers` to only allow personal Microsoft accounts, or with `/YOUR_TENANT_ID` to only allow sign ins from work and school accounts associated with your tenant. + The authority value varies depending on the type of accounts you are signing-in and the kind of tenant your app is registered in. For example, to sign-in both work and personal Microsoft accounts provisioned in workforce tenants (Microsoft Entra ID) you would use `https://login.microsoftonline.com/c/common`. For customer accounts provisioned in customer tenants, your authority will take a form like `https://.ciamlogin.com`. For more information, see [token issuer documentation](/entra/identity-platform/access-tokens#validate-the-issuer). - Instantiate a variable to hold the authentication result: +1. Try and obtain the tokens from the cache first. The API model in MSAL provides you explicit control on how to utilize the token cache. While the caching part is technically optional, we highly recommend you to use it in your application. Using the cache you can ensure that you're not making any extra API calls and handle the token refresh automatically. ```python - result = None # It is just an initial value. Please follow instructions below. + # initialize result variable to hole the token response + result = None + + # We now check the cache to see + # whether we already have some accounts that the end user already used to sign in before. + accounts = app.get_accounts() + if accounts: + # If so, you could then somehow display these accounts and let end user choose + print("Pick the account you want to use to proceed:") + for a in accounts: + print(a["username"]) + # Assuming the end user chose this one + chosen = accounts[0] + # Now let's try to find a token in cache for this account + result = app.acquire_token_silent(["User.Read"], account=chosen) ``` -2. Try and obtain the tokens from the cache first. The API model in MSAL provides you explicit control on how to utilize the token cache. While the caching part is technically optional, we highly recommend you to use it in your application. Using the cache you can ensure that you're not making any extra API calls and handle the token refresh automatically. - - ```python - # We now check the cache to see - # whether we already have some accounts that the end user already used to sign in before. - accounts = app.get_accounts() - if accounts: - # If so, you could then somehow display these accounts and let end user choose - print("Pick the account you want to use to proceed:") - for a in accounts: - print(a["username"]) - # Assuming the end user chose this one - chosen = accounts[0] - # Now let's try to find a token in cache for this account - result = app.acquire_token_silent(["User.Read"], account=chosen) - ``` - -3. If there is no suitable token in the cache or you've chosen to skip the previous step, send a request to Microsoft Entra ID to get a token. There are different methods based on your client type and scenario, but for the purposes of the example we're showing how to use [`acquire_token_interactive`](xref:msal.application.PublicClientApplication.acquire_token_interactive) which will prompt the user to provide their credentials. +1. If there is no suitable token in the cache or you've chosen to skip the previous step, send a request to Microsoft Entra ID to get a token. There are different methods based on your client type and scenario, but for the purposes of the example we're showing how to use [`acquire_token_interactive`](xref:msal.application.PublicClientApplication.acquire_token_interactive) which will prompt the user to provide their credentials. ```python if not result: @@ -96,41 +104,26 @@ Acquiring tokens with MSAL Python follows a three-step pattern. There will be so print(result.get("correlation_id")) # You may need this when reporting a bug ``` -4. Save the code into a Python file locally, such as `msaltest.py`. -5. Run the code by executing `python .\msalpytest.py`. - ->[!NOTE] ->You can also download runnable samples from the [library repository](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/1.22.0/sample/interactive_sample.py). - -If the application was configured correctly, you should see a web browser window appear asking the user to sign in. - -![Example of an app prompting the user to sign in with their account](./media/basic-pca-app-prompt.gif) - -Once the authentication is completed and you closed the browser, you should be able to see the access token printed in the terminal. - -## Usage scenarios - -MSAL Python can be used by applications to acquire tokens to access protected APIs. Tokens can be acquired by different **application types**: desktop applications, web applications, web APIs, and applications running on devices that don't have a browser (such as IoT devices). In MSAL Python, applications are categorized as follows: +1. Save the code into a Python file locally, such as `msaltest.py`. +1. Run the code by executing `python .\msalpytest.py`. The following visual shows the sign-in experience for this example. -- **Public client applications (desktop and mobile)**. These types of apps cannot store app secrets securely. -- **Confidential client applications (web apps, web APIs, and daemon applications)**. These type of apps securely store a secret registered with Microsoft Entra ID. + ![Example of an app prompting the user to sign in with their account](./media/basic-pca-app-prompt.gif) -Learn more about instantiating and configuring the above in the [Client applications](./getting-started/client-applications.md) topic. +1. Once the authentication is completed and you closed the browser, you should be able to see the access token printed in the terminal. -MSAL Python supports acquiring tokens either in the name of a user or in the name of the application itself (without a user). In the latter case, a confidential client application must be used. +## Samples -MSAL Python can be used in applications running on different operating systems (Windows, Linux, macOS). +TRhere are several samples you can use to get started with MSAL Python. -Key scenarios supported by MSAL Python: +- Samples from the [library repository](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/1.22.0/sample/interactive_sample.py). +- A single repository with [samples used in our documentation](https://github.com/Azure-Samples/ms-identity-docs-code-python). These samples have supporting documentation to help you build and replicate them from scratch. -- [Web application that signs in users](/azure/active-directory/develop/scenario-web-app-sign-user-overview) -- [Web Application signing in a user and calling a Web API in the name of the user](/azure/active-directory/develop/scenario-web-app-call-api-overview) (note that MSAL only helps the web application to sign in and obtain tokens. To [protect a web API](/azure/active-directory/develop/scenario-protected-web-api-overview), you will need other libraries). -- [Desktop application calling a Web API in the name of the signed-in user](/azure/active-directory/develop/scenario-desktop-overview) -- [Desktop/service daemon application calling Web API without a user](/azure/active-directory/develop/scenario-daemon-overview) -- [Application without a browser, or IOT application calling an API in the name of the user](/azure/active-directory/develop/scenario-desktop-acquire-token?tabs=python#command-line-tool-without-web-browser) +## References -Can't find the scenario you are looking for? Check out the [supported scenarios and platforms](/azure/active-directory/develop/authentication-flows-app-scenarios#scenarios-and-supported-platforms-and-languages) across MSAL libraries. +- MSAL Python library repository on [GitHub](ttps://github.com/AzureAD/microsoft-authentication-library-for-pytho) +- [MSAL Python releases on GitHub](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases). -## Releases +## See also -Refer to [MSAL Python releases on GitHub](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases). +- [Instantiate your application](./getting-started/client-applications.md) using MSAL Python +- [Acquire tokens](./getting-started/acquire_token.md) using MSAL Python From 1730b3805ee521263670205c9c6d3061842a3eae Mon Sep 17 00:00:00 2001 From: Sherman Ouko <12745944+SHERMANOUKO@users.noreply.github.com> Date: Thu, 29 Feb 2024 19:30:37 +0300 Subject: [PATCH 02/10] Update overview documentation --- msal-python-conceptual/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/msal-python-conceptual/index.md b/msal-python-conceptual/index.md index bc0f2bf..598080b 100644 --- a/msal-python-conceptual/index.md +++ b/msal-python-conceptual/index.md @@ -120,10 +120,10 @@ TRhere are several samples you can use to get started with MSAL Python. ## References -- MSAL Python library repository on [GitHub](ttps://github.com/AzureAD/microsoft-authentication-library-for-pytho) +- MSAL Python library repository on [GitHub](https://github.com/AzureAD/microsoft-authentication-library-for-python) - [MSAL Python releases on GitHub](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases). ## See also - [Instantiate your application](./getting-started/client-applications.md) using MSAL Python -- [Acquire tokens](./getting-started/acquire_token.md) using MSAL Python +- [Acquire tokens](./getting-started/acquiring-tokens.md) using MSAL Python From 614fc3e686b82e5be42309577ec743c7fde42cad Mon Sep 17 00:00:00 2001 From: Sherman Ouko <12745944+SHERMANOUKO@users.noreply.github.com> Date: Thu, 29 Feb 2024 19:58:13 +0300 Subject: [PATCH 03/10] Update overview documentation --- msal-python-conceptual/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/msal-python-conceptual/index.md b/msal-python-conceptual/index.md index 598080b..73b08ec 100644 --- a/msal-python-conceptual/index.md +++ b/msal-python-conceptual/index.md @@ -43,7 +43,7 @@ MSAL Python is part of the [Microsoft identity platform](/entra/identity-platfor To use MSAL Python, register an application with the Microsoft identity platform. You'll need an Azure account with an active subscription. [Create a free account](https://signup.azure.com/) if you don't have one. You can register your app in a [customer tenant](/entra/external-id/customers/quickstart-tenant-setup) or [workforce tenant](/entra/identity-platform/scenario-web-app-sign-user-app-registration?tabs=python). -MSAL Python can be used by applications to acquire tokens to access protected APIs. Tokens can be acquired by different **application types**. These app types include desktop applications, web applications, web APIs, and applications running on devices that don't have a browser (such as IoT devices). Different app types follow different auth flows. +MSAL Python can be used by applications to acquire tokens to access protected APIs. Tokens can be acquired by different application types. These app types include desktop applications, web applications, web APIs, and applications running on devices that don't have a browser (such as IoT devices). Different app types follow different auth flows. In MSAL Python, applications are categorized as follows: @@ -68,7 +68,7 @@ Acquiring tokens with MSAL Python follows a three-step pattern. There will be so authority="https://login.microsoftonline.com/common") ``` - The authority value varies depending on the type of accounts you are signing-in and the kind of tenant your app is registered in. For example, to sign-in both work and personal Microsoft accounts provisioned in workforce tenants (Microsoft Entra ID) you would use `https://login.microsoftonline.com/c/common`. For customer accounts provisioned in customer tenants, your authority will take a form like `https://.ciamlogin.com`. For more information, see [token issuer documentation](/entra/identity-platform/access-tokens#validate-the-issuer). + The authority value varies depending on the type of accounts you are signing-in and the kind of tenant your app is registered in. For example, to sign-in both work and personal Microsoft accounts provisioned in workforce tenants (Microsoft Entra ID) you would use `https://login.microsoftonline.com/common`. For customer accounts provisioned in customer tenants, your authority will take a form like `https://.ciamlogin.com`. For more information, see [token issuer documentation](/entra/identity-platform/access-tokens#validate-the-issuer). 1. Try and obtain the tokens from the cache first. The API model in MSAL provides you explicit control on how to utilize the token cache. While the caching part is technically optional, we highly recommend you to use it in your application. Using the cache you can ensure that you're not making any extra API calls and handle the token refresh automatically. From 544b404423bf6cd92c78e5a49479e75b8432296c Mon Sep 17 00:00:00 2001 From: Sherman Ouko <12745944+SHERMANOUKO@users.noreply.github.com> Date: Thu, 29 Feb 2024 19:59:43 +0300 Subject: [PATCH 04/10] Update overview documentation --- msal-python-conceptual/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal-python-conceptual/index.md b/msal-python-conceptual/index.md index 73b08ec..4ec699c 100644 --- a/msal-python-conceptual/index.md +++ b/msal-python-conceptual/index.md @@ -121,7 +121,7 @@ TRhere are several samples you can use to get started with MSAL Python. ## References - MSAL Python library repository on [GitHub](https://github.com/AzureAD/microsoft-authentication-library-for-python) -- [MSAL Python releases on GitHub](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases). +- MSAL Python releases on [GitHub](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases). ## See also From 69e947e624c9247909c5c20a439ee04f9327fbc0 Mon Sep 17 00:00:00 2001 From: Den Delimarsky <53200638+localden@users.noreply.github.com> Date: Fri, 15 Mar 2024 20:19:19 -0700 Subject: [PATCH 05/10] Update msal-python-conceptual/index.md Co-authored-by: Dickson Mwendia <64727760+Dickson-Mwendia@users.noreply.github.com> --- msal-python-conceptual/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal-python-conceptual/index.md b/msal-python-conceptual/index.md index 4ec699c..d794bd1 100644 --- a/msal-python-conceptual/index.md +++ b/msal-python-conceptual/index.md @@ -115,7 +115,7 @@ Acquiring tokens with MSAL Python follows a three-step pattern. There will be so TRhere are several samples you can use to get started with MSAL Python. -- Samples from the [library repository](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/1.22.0/sample/interactive_sample.py). +- Samples from the [library repository](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/1.22.0/sample). These samples demonstrate the different configurations and auth flows that you implement using MSAL Python. - A single repository with [samples used in our documentation](https://github.com/Azure-Samples/ms-identity-docs-code-python). These samples have supporting documentation to help you build and replicate them from scratch. ## References From 094b1bee7eafcdd2a2646a69b40a9ea7efb52135 Mon Sep 17 00:00:00 2001 From: Den Delimarsky <53200638+localden@users.noreply.github.com> Date: Fri, 15 Mar 2024 20:19:25 -0700 Subject: [PATCH 06/10] Update msal-python-conceptual/index.md Co-authored-by: Dickson Mwendia <64727760+Dickson-Mwendia@users.noreply.github.com> --- msal-python-conceptual/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal-python-conceptual/index.md b/msal-python-conceptual/index.md index d794bd1..25e8086 100644 --- a/msal-python-conceptual/index.md +++ b/msal-python-conceptual/index.md @@ -113,7 +113,7 @@ Acquiring tokens with MSAL Python follows a three-step pattern. There will be so ## Samples -TRhere are several samples you can use to get started with MSAL Python. +There are several samples you can use to get started with MSAL Python. - Samples from the [library repository](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/1.22.0/sample). These samples demonstrate the different configurations and auth flows that you implement using MSAL Python. - A single repository with [samples used in our documentation](https://github.com/Azure-Samples/ms-identity-docs-code-python). These samples have supporting documentation to help you build and replicate them from scratch. From 86fd4c90f9ef3f8b8ec029c7a33f1193528121a3 Mon Sep 17 00:00:00 2001 From: Den Delimarsky <53200638+localden@users.noreply.github.com> Date: Fri, 15 Mar 2024 20:19:30 -0700 Subject: [PATCH 07/10] Update msal-python-conceptual/index.md Co-authored-by: Dickson Mwendia <64727760+Dickson-Mwendia@users.noreply.github.com> --- msal-python-conceptual/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal-python-conceptual/index.md b/msal-python-conceptual/index.md index 25e8086..68b3f89 100644 --- a/msal-python-conceptual/index.md +++ b/msal-python-conceptual/index.md @@ -14,7 +14,7 @@ ms.reviewer: dmwendia, rayluo # Microsoft Authentication Library (MSAL) for Python -The Microsoft Authentication Library (MSAL) for Python library enables you to sign in users or apps with Microsoft identities. These identities include work and school accounts, personal microsoft accounts, social accounts, customer accounts and so on. Using MSAL Python, you can acquire tokens from Microsoft Entra to call protected web APIs such as [Microsoft Graph](https://graph.microsoft.io/), other Microsoft APIs, or your own APIs. MSAL Python supports a variety of application types, including public client applications (desktop and mobile) and confidential client applications (web apps, web APIs, and daemon applications). +The Microsoft Authentication Library (MSAL) for Python library enables you to sign in users or apps with Microsoft identities. These identities include work and school accounts, personal Microsoft accounts, social accounts, customer accounts, and so on. Using MSAL Python, you can acquire tokens from Microsoft Entra to call protected web APIs such as [Microsoft Graph](https://graph.microsoft.io/), other Microsoft APIs, or your own APIs. MSAL Python supports various application types, including public client applications (desktop and mobile) and confidential client applications (web apps, web APIs, and daemon applications). ## Prerequisites From 5ff0303447ed8fdc9d17311232c28168a893a480 Mon Sep 17 00:00:00 2001 From: Den Delimarsky <53200638+localden@users.noreply.github.com> Date: Fri, 15 Mar 2024 20:19:35 -0700 Subject: [PATCH 08/10] Update msal-python-conceptual/index.md Co-authored-by: Dickson Mwendia <64727760+Dickson-Mwendia@users.noreply.github.com> --- msal-python-conceptual/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal-python-conceptual/index.md b/msal-python-conceptual/index.md index 68b3f89..0c549b5 100644 --- a/msal-python-conceptual/index.md +++ b/msal-python-conceptual/index.md @@ -90,7 +90,7 @@ Acquiring tokens with MSAL Python follows a three-step pattern. There will be so result = app.acquire_token_silent(["User.Read"], account=chosen) ``` -1. If there is no suitable token in the cache or you've chosen to skip the previous step, send a request to Microsoft Entra ID to get a token. There are different methods based on your client type and scenario, but for the purposes of the example we're showing how to use [`acquire_token_interactive`](xref:msal.application.PublicClientApplication.acquire_token_interactive) which will prompt the user to provide their credentials. +1. If there's no suitable token in the cache or you chose to skip the previous step, send a request to Microsoft Entra ID to get a token. There are different methods based on your client type and scenario, but for the purposes of the example we're showing how to use [`acquire_token_interactive`](xref:msal.application.PublicClientApplication.acquire_token_interactive), which prompts the user to provide their credentials. ```python if not result: From 9d803b1591823d68db739fde71a8f7a33d1a46ee Mon Sep 17 00:00:00 2001 From: Den Delimarsky <53200638+localden@users.noreply.github.com> Date: Fri, 15 Mar 2024 20:19:40 -0700 Subject: [PATCH 09/10] Update msal-python-conceptual/index.md Co-authored-by: Dickson Mwendia <64727760+Dickson-Mwendia@users.noreply.github.com> --- msal-python-conceptual/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal-python-conceptual/index.md b/msal-python-conceptual/index.md index 0c549b5..6c004ea 100644 --- a/msal-python-conceptual/index.md +++ b/msal-python-conceptual/index.md @@ -43,7 +43,7 @@ MSAL Python is part of the [Microsoft identity platform](/entra/identity-platfor To use MSAL Python, register an application with the Microsoft identity platform. You'll need an Azure account with an active subscription. [Create a free account](https://signup.azure.com/) if you don't have one. You can register your app in a [customer tenant](/entra/external-id/customers/quickstart-tenant-setup) or [workforce tenant](/entra/identity-platform/scenario-web-app-sign-user-app-registration?tabs=python). -MSAL Python can be used by applications to acquire tokens to access protected APIs. Tokens can be acquired by different application types. These app types include desktop applications, web applications, web APIs, and applications running on devices that don't have a browser (such as IoT devices). Different app types follow different auth flows. +Applications can use MSAL Python to acquire tokens for accessing protected APIs. Different app types acquire tokens using different auth flows. The supported app types include desktop applications, web applications, web APIs, and applications running on devices that don't have a browser (such as IoT devices). In MSAL Python, applications are categorized as follows: From 56f1a878e178d40fc357fa65de23676cc9061f04 Mon Sep 17 00:00:00 2001 From: Den Delimarsky <53200638+localden@users.noreply.github.com> Date: Fri, 15 Mar 2024 21:04:01 -0700 Subject: [PATCH 10/10] Update index.md --- msal-python-conceptual/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal-python-conceptual/index.md b/msal-python-conceptual/index.md index 6c004ea..d26d76c 100644 --- a/msal-python-conceptual/index.md +++ b/msal-python-conceptual/index.md @@ -31,7 +31,7 @@ pip install msal ## Identity concepts -MSAL Python is part of the [Microsoft identity platform](/entra/identity-platform/v2-overview) ecosystem. It's important to farmiliarize yourself with the following concepts to effectively use MSAL Python to protect your applications and APIs: +MSAL Python is part of the [Microsoft identity platform](/entra/identity-platform/v2-overview) ecosystem. It's important to familiarize yourself with the following concepts to effectively use MSAL Python to protect your applications and APIs: - [Identity and access management](/entra/fundamentals/identity-fundamental-concepts) - [Authentication and authorization](/entra/identity-platform/authentication-vs-authorization)