Skip to main content

Helper Library to use the Microsoft Authentication Library (MSAL) with aiohttp

Project description

aiohttp_msal Python library

Authorization Code Flow Helper. Learn more about auth-code-flow at https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow

Async based OAuth using the Microsoft Authentication Library (MSAL) for Python.

Blocking MSAL functions are executed in the executor thread. Should be useful until such time as MSAL Python gets a true async version.

Tested with MSAL Python 1.21.0 onward - MSAL Python docs

AsycMSAL class

The AsyncMSAL class wraps the behavior in the following example app https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py#L76

It is responsible to manage tokens & token refreshes and as a client to retrieve data using these tokens.

Acquire the token

Firstly you should get the tokens via OAuth

  1. initiate_auth_code_flow referernce

    The caller is expected to:

    1. somehow store this content, typically inside the current session of the server,
    2. guide the end user (i.e. resource owner) to visit that auth_uri, typically with a redirect
    3. and then relay this dict and subsequent auth response to acquire_token_by_auth_code_flow().

    Step 1 and part of Step 3 is stored by this class in the aiohttp_session

  2. acquire_token_by_auth_code_flow referernce

Use the token

Now you are free to make requests (typically from an aiohttp server)

session = await get_session(request)
aiomsal = AsyncMSAL(session)
async with aiomsal.get("https://graph.microsoft.com/v1.0/me") as res:
    res = await res.json()

Example web server

Complete routes can be found in routes.py

Start the login process

@ROUTES.get("/user/login")
async def user_login(request: web.Request) -> web.Response:
    """Redirect to MS login page."""
    session = await new_session(request)

    redir = AsyncMSAL(session).build_auth_code_flow(
        redirect_uri=get_route(request, URI_USER_AUTHORIZED)
    )

    return web.HTTPFound(redir)

Acquire the token after being redirected back to the server

@ROUTES.post(URI_USER_AUTHORIZED)
async def user_authorized(request: web.Request) -> web.Response:
    """Complete the auth code flow."""
    session = await get_session(request)
    auth_response = dict(await request.post())

    aiomsal = AsyncMSAL(session)
    await aiomsal.async_acquire_token_by_auth_code_flow(auth_response)

Helper methods

  • @ROUTES.get("/user/photo")

    Serve the user's photo from their Microsoft profile

  • get_user_info

    Get the user's email and display name from MS Graph

  • get_manager_info

    Get the user's manager info from MS Graph

Redis tools to retrieve session tokens

from aiohttp_msal import ENV, AsyncMSAL
from aiohttp_msal.redis_tools import get_session

def main()
    # Uses the redis.asyncio driver to retrieve the current token
    # Will update the token_cache if a RefreshToken was used
    ases = asyncio.run(get_session(MYEMAIL))
    client = GraphClient(ases.get_token)
    # ...
    # use the Graphclient

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aiohttp_msal-0.7.1.tar.gz (16.9 kB view details)

Uploaded Source

Built Distribution

aiohttp_msal-0.7.1-py3-none-any.whl (18.8 kB view details)

Uploaded Python 3

File details

Details for the file aiohttp_msal-0.7.1.tar.gz.

File metadata

  • Download URL: aiohttp_msal-0.7.1.tar.gz
  • Upload date:
  • Size: 16.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.0 CPython/3.12.5

File hashes

Hashes for aiohttp_msal-0.7.1.tar.gz
Algorithm Hash digest
SHA256 fe1286ca6c960fd139ed5d5f3f72d6ec85192bdec143b69c7eec61b85f501645
MD5 701b917ed6d84709528b0988a030dcd8
BLAKE2b-256 6946bd7dcde445e48573baf84075922438dbc93c41a17fef53505a81efeaeed4

See more details on using hashes here.

File details

Details for the file aiohttp_msal-0.7.1-py3-none-any.whl.

File metadata

  • Download URL: aiohttp_msal-0.7.1-py3-none-any.whl
  • Upload date:
  • Size: 18.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.0 CPython/3.12.5

File hashes

Hashes for aiohttp_msal-0.7.1-py3-none-any.whl
Algorithm Hash digest
SHA256 d4c4a91eac09d09d5198610d12863ee481d95edaeed5c466ea3c6fba3d2eb568
MD5 84f8b02c23a3e925165cc17974d8d617
BLAKE2b-256 e46589dd9d9b30d6c049384216d4e258014b5a563ad94db1a09c9b52f34966e8

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page