🎭 Extract Microsoft OAuth tokens using Playwright browser automation.
Project description
🎭 Extract Microsoft OAuth tokens using Playwright browser automation.
📦 Installation
To install msauth-browser, you can use pip, pip3 or pipx. Either from pypi repository or from GitHub source. Prefer using pipx, since it install Python applications in isolated virtual environments.
From PyPI
pipx install msauth-browser
pip install msauth-browser
From GitHub
pip install "git+https://github.com/n3rada/msauth-browser"
pipx install "git+https://github.com/n3rada/msauth-browser"
Playwright
Ensure chromium playwright browser is available:
playwright install chromium
If installed with pipx:
- Windows PowerShell
& "$(pipx environment --value PIPX_LOCAL_VENVS)\msauth-browser\Scripts\playwright.exe" install chromium
If you are in a corporate environment with TLS inspection (e.g., using Zscaler):
$env:NODE_TLS_REJECT_UNAUTHORIZED = "0"
Usage
msauth-browser
Or, to have the right to send emails through Microsoft Graph API:
msauth-browser --add-scope "https://graph.microsoft.com/Mail.Send"
Options:
--add-scope <scope>: Add OpenID Connect (OIDC) scopes.--prt-cookie <JWT>: Use anx-ms-RefreshTokenCredentialPRT cookie for SSO-based login.--headless: Run Playwright in headless mode.
msauth-browser --headless --prt-cookie "<x-ms-RefreshTokenCredential>"
About the PRT Cookie
The PRT cookie is officially x-ms-RefreshTokenCredential and it is a JSON Web Token (JWT). The actual Primary Refresh Token (PRT) is encapsulated within the refresh_token, which is encrypted by a key under the control of Entra ID, rendering its contents opaque.
It can be used as a cookie wired to login.microsoftonline.com domain in order to use-it to authenticate to the service while skiping credential prompts.
Microsoft first-party apps
Microsoft first-party apps have hardcoded, pre-approved scopes.
You cannot simply add ChannelMessage.Read.All to the scope parameter of the Teams application, the request will fail.
Why not microsoft-authentication-library-for-python (MSAL)?
One major limitation is that it requires localhost redirect URIs.
It also does not support integrating PRT cookies.
Adding new app presets
- Drop a JSON file into
msauth_browser/configs/. - Provide the required fields:
nameclient_idredirect_uridefault_scopes(array of scopes) — optional; if omitted or empty, the tool defaults toopenidandoffline_access.
- Optionally include a
slugfield; otherwise the filename (without extension) becomes the lookup key.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file msauth_browser-0.2.3.tar.gz.
File metadata
- Download URL: msauth_browser-0.2.3.tar.gz
- Upload date:
- Size: 22.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.1 CPython/3.12.1 Linux/6.8.0-1030-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
95ed612cdc21ac77a827501b4808c98fd8e3da79523ab296ed356be0a77609a5
|
|
| MD5 |
15c75f6eab1fb185fb14d1f2f6e6f079
|
|
| BLAKE2b-256 |
97bcd1ba92bfbcaf6100e7974fbc6d93d654f8352f273d6f265cfc25b6886d15
|
File details
Details for the file msauth_browser-0.2.3-py3-none-any.whl.
File metadata
- Download URL: msauth_browser-0.2.3-py3-none-any.whl
- Upload date:
- Size: 25.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.1 CPython/3.12.1 Linux/6.8.0-1030-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1081113982f22168c9e5e4f51a330496e9b39e81934213d526903ab5f5650b17
|
|
| MD5 |
e1949d959ce6db350a9435eeec97e71e
|
|
| BLAKE2b-256 |
c942406fcb49731bdd8504e8e8147f5754e71ec940d10e7052b687697eace011
|
