This repository contains a set of code that is shared amongst the various Python samples for the Microsoft Identity Platform. This is a work in progress and we'd love to hear your feedback, comments and contributions.

The code present makes available or aims to make available the following features to the developers:

• Allow for (but not require) automatic Flask/Django/other framework integration (implemented)
• Allow for (but not require) automatic endpoint protection (implemented)
• Catch AAD errors and handle them properly, e.g.:
  • password reset flow and edit profile flow (implemented)
  • insufficient / incremental consent (needs implementation)
• Token cache handling (implemeted)
• authN enforcement by decorator (implemented)
• Allow multiple identity sessions per user browser session (i.e., multiple logged in users in one browser session) (not yet implemented)
• Abstract authN and authZ implementation details away from developer (implemented)
• authZ enforcement by decorator (not yet implented)

• Python 3.8
• A virtual env for your own webapp project
• A flask project or django project (impelemented) or other web framework (not yet implemented) or desktop app (not yet implemented)

# go to your web app directory on dev machinecd your-flask-app-root-directory python3 -m venv path-to-venv # only required if you don't have a venv already# activate your virtual envsource path-to-venv/bin/activate

# go to your web app directory on dev machine cd your-flask-app-root-directory python3 -m venv path-to-venv # only required if you don't have a venv alreadySet-ExecutionPolicy-ExecutionPolicy RemoteSigned -Scope Process-Force . path-to-venv\Scripts\Activate.ps1 pip install -r requirements.txt

Use only one of the following two options:

• via https://

pip install git+https://github.com/azure-samples/ms-identity-python-samples-common 

• via ssh://

pip install git+ssh://[email protected]/azure-samples/ms-identity-python-samples-common 

don't forget to import the required modules into your application as necessary:

from ms_identity_web import IdentityWebPython from ms_identity_web.adapters import FlaskContextAdapter from ms_identity_web.configuration import AADConfig 

hook up the utils to your flask app:

adapter = FlaskContextAdapter(app) # we are using flask ms_identity_web = IdentityWebPython(AADConfig.parse_json('aad.config.json'), adapter) # instantiate utils 

add the @ms_identity_web.login_required decorator to protect your routes:

@app.route('/my_protected_route') @ms_identity_web.login_required # <-- developer only needs to hook up this decorator to any login_required endpoint like this def my_protected_route(): return render_template('my_protected_route.html') 

see: https://github.com/azure-samples/ms-identity-python-flask-tutorial or https://github.com/azure-samples/ms-identity-python-django-tutorial for a demo with any of the apps there

• main common code API is here.

• FlaskContextAdapter for handling interaction between the API and flask context (e.g. session, request)
• An ABC defining the interface for writing more adapters
• Should be re-organised into folders on a per-framework basis?

• a class that implements all aad-specific endpoints. support for multiple instances with different prefixes if necessary
• all bindings are automatic with flaskcontextadapter

• django.adapter is used to integrate with Django apps
• need to use django.middleware as middleware in Django apps

• django.msal_views_and_urls.py implements all aad-specific endpoints. support for multiple instances with different prefixes if necessary

• IdentityContext class that holds ID-specific info (simple class with attributes and has_changed function for write-to-session decision)

• simple configuration parser and sanity checker

• AAD constants

• AAd error classes