Skip to content

duonghuuphuc/msgraph-sso-python

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Single Sign-on with Microsoft Graph API

This repository presents a Flask application that demonstrates the implementation of single sign-on based on Microsoft Graph. You can freely clone this project to implement the Sign in with Microsoft functionality.

API functionality demonstrated in this sample

  • Log-in users with Microsoft OAuth2
  • Retrieve users' information with Microsoft Azure Active Directory

Overview of SSO based on Microsoft Azure AD

Fig. 1. Overview of SSO based on Microsoft Azure Active Directory

Prerequisite

  • A Microsoft 365 account with an active subscription such as Home or Business plan
  • If you are trying this tutorial within an organization that subscribes to Microsoft 365 Business plan, you also need to have an Administrator account to grant permissions on the created application
  • You should have a background in Python programming language to understand the sample Flask project.

Step-by-step tutorials

There is an article that presents the procedure to implement the single sign-on functionality for users having either personal Microsoft accounts (Skype, Xbox, Live, and Hotmail) or work accounts. The procedure consists of four main steps, i.e., (1) create an application on Microsoft Azure, (2) issue credentials, (3) add API permissions to the application, and (4) run the demo program.

Read the article at https://www.duonghuuphuc.com/sites/dev/msgraph-sso-python-en.html

TL;DR

You can jump right into the demo by performing the following steps:

  1. Register an application on Microsoft Azure
  2. Create application credentials on Microsoft Azure
  3. Grant API permissions: User.Read and User.ReadBasic.All
  4. Clone the demo project from this repository
  5. Configure CLIENT_ID and CLIENT_SECRET in the env.sh file
  6. [Optional] Create a new Python environment to avoid any errors in your current working environment
  7. Install required packages by executing this command in an activated Python environment: pip install -r requirements.txt
  8. Run the project by executing this command: source env.sh

Note: step #7 is performed only one time.

Application screenshots

Fig. 2. Homepage of the demo Flask project for anonymous users

Fig. 3. Homepage of the demo Flask project for authenticated users

Fig. 4. Print the requested permissions of the application

Fig. 5. Application homepage (client side)

Fig. 6. Get and render the user profile with basic information such as email address, name, and user id obtained from Microsoft Azure Active Directory

Fig. 7. Get and render the Access Token on a web page

Known issues

  • If you run this sample project on a web server on a home network without a static IP address and/or without an assigned domain name, you may need to use a DDNS provider, and then forward the corresponding network ports to your web server.

Further Reading

Contributors