Quickstart: Add sign-in with Microsoft to a Python web app
In this quickstart, you download and run a code sample that demonstrates how a Python web application can sign in users and get an access token to call the Microsoft Graph API. Users with a personal Microsoft Account or an account in any Azure Active Directory (Azure AD) organization can sign into the application.
See How the sample works for an illustration.
- An Azure account with an active subscription. Create an account for free.
- Python 2.7+ or Python 3+
- Flask, Flask-Session, requests
- MSAL Python
Register and download your quickstart app
You have two options to start your quickstart application: express (Option 1), and manual (Option 2)
Option 1: Register and auto configure your app and then download your code sample
- Go to the Azure portal - App registrations quickstart experience.
- Enter a name for your application and select Register.
- Follow the instructions to download and automatically configure your new application.
Option 2: Register and manually configure your application and code sample
Step 1: Register your application
To register your application and add the app's registration information to your solution manually, follow these steps:
- Sign in to the Azure portal.
- If you have access to multiple tenants, use the Directory + subscription filter in the top menu to select the tenant in which you want to register an application.
- Under Manage, select App registrations > New registration.
- Enter a Name for your application, for example
python-webapp. Users of your app might see this name, and you can change it later.
- Under Supported account types, select Accounts in any organizational directory and personal Microsoft accounts.
- Select Register.
- On the app Overview page, note the Application (client) ID value for later use.
- Under Manage, select Authentication.
- Select Add a platform > Web.
http://localhost:5000/getATokenas Redirect URIs.
- Select Configure.
- Under Manage, select the Certificates & secrets and from the Client secrets section, select New client secret.
- Type a key description (for instance app secret), leave the default expiration, and select Add.
- Note the Value of the Client Secret for later use.
- Under Manage, select API permissions > Add a permission.
- Ensure that the Microsoft APIs tab is selected.
- From the Commonly used Microsoft APIs section, select Microsoft Graph.
- From the Delegated permissions section, ensure that the right permissions are checked: User.ReadBasic.All. Use the search box if necessary.
- Select the Add permissions button.
Step 1: Configure your application in Azure portal
For the code sample in this quickstart to work:
- Add a reply URL as
- Create a Client Secret.
- Add Microsoft Graph API's User.ReadBasic.All delegated permission.
Your application is configured with this attribute
Step 2: Download your project
Download the project and extract the zip file to a local folder closer to the root folder - for example, C:\Azure-Samples
Step 3: Configure the Application
- Extract the zip file to a local folder closer to the root folder - for example, C:\Azure-Samples
- If you use an integrated development environment, open the sample in your favorite IDE (optional).
- Open the app_config.py file, which can be found in the root folder and replace with the following code snippet:
CLIENT_ID = "Enter_the_Application_Id_here" CLIENT_SECRET = "Enter_the_Client_Secret_Here" AUTHORITY = "https://login.microsoftonline.com/Enter_the_Tenant_Name_Here"
Enter_the_Application_Id_here- is the Application Id for the application you registered.
Enter_the_Client_Secret_Here- is the Client Secret you created in Certificates & Secrets for the application you registered.
Enter_the_Tenant_Name_Here- is the Directory (tenant) ID value of the application you registered.
Step 3: Run the code sample
Step 4: Run the code sample
You will need to install MSAL Python library, Flask framework, Flask-Sessions for server-side session management and requests using pip as follows:
pip install -r requirements.txt
Run app.py from shell or command line:
This quickstart application uses a client secret to identify itself as confidential client. Because the client secret is added as a plain-text to your project files, for security reasons, it is recommended that you use a certificate instead of a client secret before considering the application as production application. For more information on how to use a certificate, see these instructions.
How the sample works
MSAL is the library used to sign in users and request tokens used to access an API protected by the Microsoft identity Platform. You can add MSAL Python to your application using Pip.
pip install msal
You can add the reference to MSAL Python by adding the following code to the top of the file where you will be using MSAL:
Help and support
If you need help, want to report an issue, or want to learn about your support options, see Help and support for developers.
Learn more about web apps that sign in users in our multi-part scenario series.