AuthenticationContext Class
Retrieves authentication tokens from Azure Active Directory.
For usages, check out the "sample" folder at: https://github.com/AzureAD/azure-activedirectory-library-for-python
Creates a new AuthenticationContext object.
By default the authority will be checked against a list of known Azure Active Directory authorities. If the authority is not recognized as one of these well known authorities then token acquisition will fail. This behavior can be turned off via the validate_authority parameter below.
- Inheritance
-
builtins.objectAuthenticationContext
Constructor
AuthenticationContext(authority, validate_authority=None, cache=None, api_version=None, timeout=None, enable_pii=False, verify_ssl=None, proxies=None)Parameters
| Name | Description |
|---|---|
|
authority
Required
|
A URL that identifies a token authority. It should be of the format https://login.microsoftonline.com/your_tenant |
|
validate_authority
|
(optional) Turns authority validation on or off. This parameter default to true. default value: None
|
|
cache
|
(optional) Sets the token cache used by this AuthenticationContext instance. If this parameter is not set, then a default is used. Cache instances is only used by that instance of the AuthenticationContext and are not shared unless it has been manually passed during the construction of other AuthenticationContexts. default value: None
|
|
api_version
|
(optional) Specifies API version using on the wire. Historically it has a hardcoded default value as "1.0". Developers have been encouraged to set it as None explicitly, which means the underlying API version will be automatically chosen. Starting from ADAL Python 1.0, this default value becomes None. default value: None
|
|
timeout
|
(optional) requests timeout. How long to wait for the server to send data before giving up, as a float, or a (connect timeout, read timeout) tuple. default value: None
|
|
enable_pii
|
(optional) Unless this is set to True, there will be no Personally Identifiable Information (PII) written in log. default value: False
|
|
verify_ssl
|
(optional) requests verify. Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use. If this value is not provided, and ADAL_PYTHON_SSL_NO_VERIFY env varaible is set, behavior is equivalent to verify_ssl=False. default value: None
|
|
proxies
|
(optional) requests proxies. Dictionary mapping protocol to the URL of the proxy. See http://docs.python-requests.org/en/master/user/advanced/#proxies for details. default value: None
|
Methods
| acquire_token |
Gets a token for a given resource via cached tokens. |
| acquire_token_with_authorization_code |
Gets a token for a given resource via authorization code for a server app. |
| acquire_token_with_client_certificate |
Gets a token for a given resource via certificate credentials |
| acquire_token_with_client_credentials |
Gets a token for a given resource via client credentials. |
| acquire_token_with_device_code |
Gets a new access token using via a device code. |
| acquire_token_with_refresh_token |
Gets a token for a given resource via refresh tokens |
| acquire_token_with_username_password |
Gets a token for a given resource via user credentails. |
| acquire_user_code |
Gets the user code info which contains user_code, device_code for authenticating user on device. |
| cancel_request_to_get_token_with_device_code |
Cancels the polling request to get token with device code. |
acquire_token
Gets a token for a given resource via cached tokens.
acquire_token(resource, user_id, client_id)Parameters
| Name | Description |
|---|---|
|
resource
Required
|
A URI that identifies the resource for which the token is valid. |
|
user_id
Required
|
The username of the user on behalf this application is authenticating. |
|
client_id
Required
|
The OAuth client id of the calling application. |
Returns
| Type | Description |
|---|---|
|
dic with several keys, include "accessToken" and "refreshToken". |
acquire_token_with_authorization_code
Gets a token for a given resource via authorization code for a server app.
acquire_token_with_authorization_code(authorization_code, redirect_uri, resource, client_id, client_secret=None, code_verifier=None)Parameters
| Name | Description |
|---|---|
|
authorization_code
Required
|
An authorization code returned from a client. |
|
redirect_uri
Required
|
the redirect uri that was used in the authorize call. |
|
resource
Required
|
A URI that identifies the resource for which the token is valid. |
|
client_id
Required
|
The OAuth client id of the calling application. |
|
client_secret
|
(only for confidential clients)The OAuth client secret of the calling application. This parameter if not set, defaults to None default value: None
|
|
code_verifier
|
(optional)The code verifier that was used to obtain authorization code if PKCE was used in the authorization code grant request.(usually used by public clients) This parameter if not set, defaults to None default value: None
|
Returns
| Type | Description |
|---|---|
|
dict with several keys, include "accessToken" and "refreshToken". |
acquire_token_with_client_certificate
Gets a token for a given resource via certificate credentials
acquire_token_with_client_certificate(resource, client_id, certificate, thumbprint, public_certificate=None)Parameters
| Name | Description |
|---|---|
|
resource
Required
|
A URI that identifies the resource for which the token is valid. |
|
client_id
Required
|
The OAuth client id of the calling application. |
|
certificate
Required
|
A PEM encoded certificate private key. |
|
thumbprint
Required
|
hex encoded thumbprint of the certificate. |
|
public_certificate
|
if not None, it will be sent to the service for subject name and issuer based authentication, which is to support cert auto rolls. The value must match the certificate private key parameter. default value: None
|
Returns
| Type | Description |
|---|---|
|
dict with several keys, include "accessToken". |
acquire_token_with_client_credentials
Gets a token for a given resource via client credentials.
acquire_token_with_client_credentials(resource, client_id, client_secret)Parameters
| Name | Description |
|---|---|
|
resource
Required
|
A URI that identifies the resource for which the token is valid. |
|
client_id
Required
|
The OAuth client id of the calling application. |
|
client_secret
Required
|
The OAuth client secret of the calling application. |
Returns
| Type | Description |
|---|---|
|
dict with several keys, include "accessToken". |
acquire_token_with_device_code
Gets a new access token using via a device code.
acquire_token_with_device_code(resource, user_code_info, client_id)Parameters
| Name | Description |
|---|---|
|
resource
Required
|
A URI that identifies the resource for which the token is valid. |
|
user_code_info
Required
|
The code info from the invocation of "acquire_user_code" |
|
client_id
Required
|
The OAuth client id of the calling application. |
Returns
| Type | Description |
|---|---|
|
dict with several keys, include "accessToken" and "refreshToken". |
acquire_token_with_refresh_token
Gets a token for a given resource via refresh tokens
acquire_token_with_refresh_token(refresh_token, client_id, resource, client_secret=None)Parameters
| Name | Description |
|---|---|
|
refresh_token
Required
|
A refresh token returned in a tokne response from a previous invocation of acquireToken. |
|
client_id
Required
|
The OAuth client id of the calling application. |
|
resource
Required
|
A URI that identifies the resource for which the token is valid. |
|
client_secret
|
(optional)The OAuth client secret of the calling application. default value: None
|
Returns
| Type | Description |
|---|---|
|
dict with several keys, include "accessToken" and "refreshToken". |
acquire_token_with_username_password
Gets a token for a given resource via user credentails.
acquire_token_with_username_password(resource, username, password, client_id)Parameters
| Name | Description |
|---|---|
|
resource
Required
|
A URI that identifies the resource for which the token is valid. |
|
username
Required
|
The username of the user on behalf this application is authenticating. |
|
password
Required
|
The password of the user named in the username parameter. |
|
client_id
Required
|
The OAuth client id of the calling application. |
Returns
| Type | Description |
|---|---|
|
dict with several keys, include "accessToken" and "refreshToken". |
acquire_user_code
Gets the user code info which contains user_code, device_code for authenticating user on device.
acquire_user_code(resource, client_id, language=None)Parameters
| Name | Description |
|---|---|
|
resource
Required
|
A URI that identifies the resource for which the device_code and user_code is valid for. |
|
client_id
Required
|
The OAuth client id of the calling application. |
|
language
|
The language code specifying how the message should be localized to. default value: None
|
Returns
| Type | Description |
|---|---|
|
dict contains code and uri for users to login through browser. |
cancel_request_to_get_token_with_device_code
Cancels the polling request to get token with device code.
cancel_request_to_get_token_with_device_code(user_code_info)Parameters
| Name | Description |
|---|---|
|
user_code_info
Required
|
The code info from the invocation of "acquire_user_code" |
Returns
| Type | Description |
|---|---|
|
None |
Attributes
options
Azure SDK for Python
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for