MSAL - ConfidentialClient - acquire token by username and password

Question

I am trying to access Sharepoint via API and download/upload files to a site

I created an application in Azure Portal. Created client secret. Gave delegated permissions to user.

I am using msal module. I am unable to get token when i m using username and password(Error: Authentication failed)

--Code
import msal
app = msal.ConfidentialClientApplication(client_id, client_credential=client_secret, authority='https://login.microsoftonline.com/{tenant}',validate_authority=True)
-- able to get access token with below. But since the application has only delegated access. This token will not be useful to authorize sharepoint
app.acquire_token_for_client(scopes=["https://{tenant}.sharepoint.com/.default"])

--authenticatication failed with below code
app.acquire_token_by_username_password(username, password, ["https://{tenant}.sharepoint.com/.default"])

Please help me

Answer 1

Hi @Pravallika · Thank you for reaching out.

As documented here, for confidential clients, recommended authentication flows are Client_Credentials, On-behalf-of, and Authorization_code. As you want to acquire token under user context, I would suggest you to go with Authorization_code flow rather than Password (ROPC) flow.

Please refer to below code to acquire token using Authorization_code and call a web API, which you can replace with your SharePoint API.

https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/4-WebApp-your-API/4-1-MyOrg

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.