Quickstart: Add sign-in with Microsoft to a Python web app

In this quickstart, you download and run a code sample that demonstrates how a Python web application can sign in users and get an access token to call the Microsoft Graph API. Users with a personal Microsoft Account or an account in any Azure Active Directory (Azure AD) organization can sign into the application.

See How the sample works for an illustration.


Register and download your quickstart app

You have two options to start your quickstart application: express (Option 1), and manual (Option 2)

Option 1: Register and auto configure your app and then download your code sample

  1. Go to the Azure portal - App registrations quickstart experience.
  2. Enter a name for your application and select Register.
  3. Follow the instructions to download and automatically configure your new application.

Option 2: Register and manually configure your application and code sample

Step 1: Register your application

To register your application and add the app's registration information to your solution manually, follow these steps:

  1. Sign in to the Azure portal.
  2. If you have access to multiple tenants, use the Directory + subscription filter in the top menu to select the tenant in which you want to register an application.
  3. Under Manage, select App registrations > New registration.
  4. Enter a Name for your application, for example python-webapp . Users of your app might see this name, and you can change it later.
  5. Under Supported account types, select Accounts in any organizational directory and personal Microsoft accounts.
  6. Select Register.
  7. On the app Overview page, note the Application (client) ID value for later use.
  8. Under Manage, select Authentication.
  9. Select Add a platform > Web.
  10. Add http://localhost:5000/getAToken as Redirect URIs.
  11. Select Configure.
  12. Under Manage, select the Certificates & secrets and from the Client secrets section, select New client secret.
  13. Type a key description (for instance app secret), leave the default expiration, and select Add.
  14. Note the Value of the Client Secret for later use.
  15. Under Manage, select API permissions > Add a permission.
  16. Ensure that the Microsoft APIs tab is selected.
  17. From the Commonly used Microsoft APIs section, select Microsoft Graph.
  18. From the Delegated permissions section, ensure that the right permissions are checked: User.ReadBasic.All. Use the search box if necessary.
  19. Select the Add permissions button.

Step 1: Configure your application in Azure portal

For the code sample in this quickstart to work:

  1. Add a reply URL as http://localhost:5000/getAToken.
  2. Create a Client Secret.
  3. Add Microsoft Graph API's User.ReadBasic.All delegated permission.

Already configured Your application is configured with this attribute

Step 2: Download your project

Download the project and extract the zip file to a local folder closer to the root folder - for example, C:\Azure-Samples



Step 3: Configure the Application

  1. Extract the zip file to a local folder closer to the root folder - for example, C:\Azure-Samples
  2. If you use an integrated development environment, open the sample in your favorite IDE (optional).
  3. Open the app_config.py file, which can be found in the root folder and replace with the following code snippet:
CLIENT_ID = "Enter_the_Application_Id_here"
CLIENT_SECRET = "Enter_the_Client_Secret_Here"
AUTHORITY = "https://login.microsoftonline.com/Enter_the_Tenant_Name_Here"


  • Enter_the_Application_Id_here - is the Application Id for the application you registered.
  • Enter_the_Client_Secret_Here - is the Client Secret you created in Certificates & Secrets for the application you registered.
  • Enter_the_Tenant_Name_Here - is the Directory (tenant) ID value of the application you registered.

Step 3: Run the code sample

Step 4: Run the code sample

  1. You will need to install MSAL Python library, Flask framework, Flask-Sessions for server-side session management and requests using pip as follows:

    pip install -r requirements.txt
  2. Run app.py from shell or command line:

    python app.py


    This quickstart application uses a client secret to identify itself as confidential client. Because the client secret is added as a plain-text to your project files, for security reasons, it is recommended that you use a certificate instead of a client secret before considering the application as production application. For more information on how to use a certificate, see these instructions.

More information

How the sample works

Shows how the sample app generated by this quickstart works

Getting MSAL

MSAL is the library used to sign in users and request tokens used to access an API protected by the Microsoft identity Platform. You can add MSAL Python to your application using Pip.

pip install msal

MSAL initialization

You can add the reference to MSAL Python by adding the following code to the top of the file where you will be using MSAL:

import msal

Help and support

If you need help, want to report an issue, or want to learn about your support options, see Help and support for developers.

Next steps

Learn more about web apps that sign in users in our multi-part scenario series.