🎭 Extract Microsoft OAuth tokens using Playwright browser automation.
Project description
msauth-browser
🎭 Extract Microsoft OAuth tokens using Playwright browser automation.
Installation
pip install "git+https://github.com/n3rada/msauth-browser"
Install with pipx to keep the environment isolated:
pipx install "git+https://github.com/n3rada/msauth-browser"
Playwright
Ensure chromium playwright browser is available:
playwright install chromium
If installed with pipx:
- Windows PowerShell
$env:NODE_TLS_REJECT_UNAUTHORIZED = "0"
& "$env:USERPROFILE\pipx\venvs\msauth-browser\Scripts\playwright.exe" install chromium
Usage
msauth-browser
Options:
--prt-cookie <JWT>: Use anx-ms-RefreshTokenCredentialPRT cookie for SSO-based login.--headless: Run Playwright in headless mode.
msauth-browser --headless --prt-cookie "<x-ms-RefreshTokenCredential>"
About the PRT Cookie
The PRT cookie is officially x-ms-RefreshTokenCredential and it is a JSON Web Token (JWT). The actual Primary Refresh Token (PRT) is encapsulated within the refresh_token, which is encrypted by a key under the control of Entra ID, rendering its contents opaque.
It can be used as a cookie wired to login.microsoftonline.com domain in order to use-it to authenticate to the service while skiping credential prompts.
Microsoft first-party apps
Microsoft first-party apps have hardcoded, pre-approved scopes.
You cannot simply add ChannelMessage.Read.All to the scope parameter of the Teams application, the request will fail.
Why not microsoft-authentication-library-for-python (MSAL)?
One major limitation is that it requires localhost redirect URIs.
It also does not support integrating PRT cookies.
Adding new app presets
- Drop a JSON file into
msauth_browser/configs/. - Provide the required fields:
nameclient_idredirect_uridefault_scopes(array of scopes) — optional; if omitted or empty, the tool defaults toopenidandoffline_access.
- Optionally include a
slugfield; otherwise the filename (without extension) becomes the lookup key.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file msauth_browser-0.1.0.tar.gz.
File metadata
- Download URL: msauth_browser-0.1.0.tar.gz
- Upload date:
- Size: 21.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.3 CPython/3.13.7 Linux/6.16.8+kali-amd64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
91954298ad19a07d4e3101f5a517c2a2846cfe00bca4bf7c5402c752198813d7
|
|
| MD5 |
42ef02ed90983281fe21d2ebaa78626e
|
|
| BLAKE2b-256 |
542b3cf6b4eb205e678e7357d992aae07fb2144ca31aa956dd52cd292a6b2892
|
File details
Details for the file msauth_browser-0.1.0-py3-none-any.whl.
File metadata
- Download URL: msauth_browser-0.1.0-py3-none-any.whl
- Upload date:
- Size: 24.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.3 CPython/3.13.7 Linux/6.16.8+kali-amd64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2ecfce65a2c878813dc64c9df3907082363b1259be6ba785612cc3f04a535a67
|
|
| MD5 |
d392d91896a4cc7a69e40c8d46c1c443
|
|
| BLAKE2b-256 |
46b5de108747444a1f9482140b3b82684c7a7e769d8a0f31ae8ea1d60aac1c58
|
