This repository presents a Flask application that demonstrates the implementation of single sign-on based on Microsoft Graph. You can freely clone this project to implement the Sign in with Microsoft functionality.
- Log-in users with Microsoft OAuth2
- Retrieve users' information with Microsoft Azure Active Directory
- A Microsoft 365 account with an active subscription such as Home or Business plan
- If you are trying this tutorial within an organization that subscribes to Microsoft 365 Business plan, you also need to have an Administrator account to grant permissions on the created application
- You should have a background in Python programming language to understand the sample Flask project.
There is an article that presents the procedure to implement the single sign-on functionality for users having either personal Microsoft accounts (Skype, Xbox, Live, and Hotmail) or work accounts. The procedure consists of four main steps, i.e., (1) create an application on Microsoft Azure, (2) issue credentials, (3) add API permissions to the application, and (4) run the demo program.
Read the article at https://www.duonghuuphuc.com/sites/dev/msgraph-sso-python-en.html
You can jump right into the demo by performing the following steps:
- Register an application on Microsoft Azure
- Create application credentials on Microsoft Azure
- Grant API permissions:
User.Read
andUser.ReadBasic.All
- Clone the demo project from this repository
- Configure
CLIENT_ID
andCLIENT_SECRET
in the env.sh file - [Optional] Create a new Python environment to avoid any errors in your current working environment
- Install required packages by executing this command in an activated Python environment:
pip install -r requirements.txt
- Run the project by executing this command:
source env.sh
Note: step #7 is performed only one time.
- If you run this sample project on a web server on a home network without a static IP address and/or without an assigned domain name, you may need to use a DDNS provider, and then forward the corresponding network ports to your web server.
- Tutorial: Microsoft Graph — Send Mail API
- Tutorial: Microsoft Graph — Single Sign-on
- Microsoft Azure - Authentication vs. authorization
- Microsoft Authentication Library (MSAL) for Python
- Azure Active Directory B2C
- Phuc H. Duong / www.duonghuuphuc.com /
dhpit [at] m.dhpit.com