# aiohttp_msal Python library
Authorization Code Flow Helper. Learn more about auth-code-flow at
<https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow>
Async based OAuth using the Microsoft Authentication Library (MSAL) for Python.
Blocking MSAL functions are executed in the executor thread.
Should be useful until such time as MSAL Python gets a true async version.
Tested with MSAL Python 1.21.0 onward - [MSAL Python docs](https://github.com/AzureAD/microsoft-authentication-library-for-python)
## AsycMSAL class
The AsyncMSAL class wraps the behavior in the following example app
<https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py#L76>
It is responsible to manage tokens & token refreshes and as a client to retrieve data using these tokens.
### Acquire the token
Firstly you should get the tokens via OAuth
1. `initiate_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
The caller is expected to:
1. somehow store this content, typically inside the current session of the server,
2. guide the end user (i.e. resource owner) to visit that auth_uri, typically with a redirect
3. and then relay this dict and subsequent auth response to
acquire_token_by_auth_code_flow().
**Step 1** and part of **Step 3** is stored by this class in the aiohttp_session
2. `acquire_token_by_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
### Use the token
Now you are free to make requests (typically from an aiohttp server)
```python
session = await get_session(request)
aiomsal = AsyncMSAL(session)
async with aiomsal.get("https://graph.microsoft.com/v1.0/me") as res:
res = await res.json()
```
## Example web server
Complete routes can be found in [routes.py](./aiohttp_msal/routes.py)
### Start the login process
```python
@ROUTES.get("/user/login")
async def user_login(request: web.Request) -> web.Response:
"""Redirect to MS login page."""
session = await new_session(request)
redir = AsyncMSAL(session).build_auth_code_flow(
redirect_uri=get_route(request, URI_USER_AUTHORIZED)
)
return web.HTTPFound(redir)
```
### Acquire the token after being redirected back to the server
```python
@ROUTES.post(URI_USER_AUTHORIZED)
async def user_authorized(request: web.Request) -> web.Response:
"""Complete the auth code flow."""
session = await get_session(request)
auth_response = dict(await request.post())
aiomsal = AsyncMSAL(session)
await aiomsal.async_acquire_token_by_auth_code_flow(auth_response)
```
## Helper methods
- `@ROUTES.get("/user/photo")`
Serve the user's photo from their Microsoft profile
- `get_user_info`
Get the user's email and display name from MS Graph
- `get_manager_info`
Get the user's manager info from MS Graph
## Redis tools to retrieve session tokens
```python
from aiohttp_msal import ENV, AsyncMSAL
from aiohttp_msal.redis_tools import get_session
def main()
# Uses the redis.asyncio driver to retrieve the current token
# Will update the token_cache if a RefreshToken was used
ases = asyncio.run(get_session(MYEMAIL))
client = GraphClient(ases.get_token)
# ...
# use the Graphclient
```
Raw data
{
"_id": null,
"home_page": "https://github.com/kellerza/aiohttp_msal",
"name": "aiohttp-msal",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "msal, oauth, aiohttp, asyncio",
"author": "Johann Kellerman",
"author_email": "kellerza@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/69/46/bd7dcde445e48573baf84075922438dbc93c41a17fef53505a81efeaeed4/aiohttp_msal-0.7.1.tar.gz",
"platform": null,
"description": "# aiohttp_msal Python library\n\nAuthorization Code Flow Helper. Learn more about auth-code-flow at\n<https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow>\n\nAsync based OAuth using the Microsoft Authentication Library (MSAL) for Python.\n\nBlocking MSAL functions are executed in the executor thread.\nShould be useful until such time as MSAL Python gets a true async version.\n\nTested with MSAL Python 1.21.0 onward - [MSAL Python docs](https://github.com/AzureAD/microsoft-authentication-library-for-python)\n\n## AsycMSAL class\n\nThe AsyncMSAL class wraps the behavior in the following example app\n<https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py#L76>\n\nIt is responsible to manage tokens & token refreshes and as a client to retrieve data using these tokens.\n\n### Acquire the token\n\nFirstly you should get the tokens via OAuth\n\n1. `initiate_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)\n\n The caller is expected to:\n 1. somehow store this content, typically inside the current session of the server,\n 2. guide the end user (i.e. resource owner) to visit that auth_uri, typically with a redirect\n 3. and then relay this dict and subsequent auth response to\n acquire_token_by_auth_code_flow().\n\n **Step 1** and part of **Step 3** is stored by this class in the aiohttp_session\n\n2. `acquire_token_by_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)\n\n### Use the token\n\nNow you are free to make requests (typically from an aiohttp server)\n\n```python\nsession = await get_session(request)\naiomsal = AsyncMSAL(session)\nasync with aiomsal.get(\"https://graph.microsoft.com/v1.0/me\") as res:\n res = await res.json()\n```\n\n## Example web server\n\nComplete routes can be found in [routes.py](./aiohttp_msal/routes.py)\n\n### Start the login process\n\n```python\n@ROUTES.get(\"/user/login\")\nasync def user_login(request: web.Request) -> web.Response:\n \"\"\"Redirect to MS login page.\"\"\"\n session = await new_session(request)\n\n redir = AsyncMSAL(session).build_auth_code_flow(\n redirect_uri=get_route(request, URI_USER_AUTHORIZED)\n )\n\n return web.HTTPFound(redir)\n```\n\n### Acquire the token after being redirected back to the server\n\n```python\n@ROUTES.post(URI_USER_AUTHORIZED)\nasync def user_authorized(request: web.Request) -> web.Response:\n \"\"\"Complete the auth code flow.\"\"\"\n session = await get_session(request)\n auth_response = dict(await request.post())\n\n aiomsal = AsyncMSAL(session)\n await aiomsal.async_acquire_token_by_auth_code_flow(auth_response)\n```\n\n## Helper methods\n\n- `@ROUTES.get(\"/user/photo\")`\n\n Serve the user's photo from their Microsoft profile\n\n- `get_user_info`\n\n Get the user's email and display name from MS Graph\n\n- `get_manager_info`\n\n Get the user's manager info from MS Graph\n\n## Redis tools to retrieve session tokens\n\n```python\nfrom aiohttp_msal import ENV, AsyncMSAL\nfrom aiohttp_msal.redis_tools import get_session\n\ndef main()\n # Uses the redis.asyncio driver to retrieve the current token\n # Will update the token_cache if a RefreshToken was used\n ases = asyncio.run(get_session(MYEMAIL))\n client = GraphClient(ases.get_token)\n # ...\n # use the Graphclient\n```\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Helper Library to use the Microsoft Authentication Library (MSAL) with aiohttp",
"version": "0.7.1",
"project_urls": {
"Homepage": "https://github.com/kellerza/aiohttp_msal"
},
"split_keywords": [
"msal",
" oauth",
" aiohttp",
" asyncio"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "e46589dd9d9b30d6c049384216d4e258014b5a563ad94db1a09c9b52f34966e8",
"md5": "84f8b02c23a3e925165cc17974d8d617",
"sha256": "d4c4a91eac09d09d5198610d12863ee481d95edaeed5c466ea3c6fba3d2eb568"
},
"downloads": -1,
"filename": "aiohttp_msal-0.7.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "84f8b02c23a3e925165cc17974d8d617",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 18757,
"upload_time": "2024-08-15T15:26:56",
"upload_time_iso_8601": "2024-08-15T15:26:56.643179Z",
"url": "https://files.pythonhosted.org/packages/e4/65/89dd9d9b30d6c049384216d4e258014b5a563ad94db1a09c9b52f34966e8/aiohttp_msal-0.7.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "6946bd7dcde445e48573baf84075922438dbc93c41a17fef53505a81efeaeed4",
"md5": "701b917ed6d84709528b0988a030dcd8",
"sha256": "fe1286ca6c960fd139ed5d5f3f72d6ec85192bdec143b69c7eec61b85f501645"
},
"downloads": -1,
"filename": "aiohttp_msal-0.7.1.tar.gz",
"has_sig": false,
"md5_digest": "701b917ed6d84709528b0988a030dcd8",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 16881,
"upload_time": "2024-08-15T15:26:57",
"upload_time_iso_8601": "2024-08-15T15:26:57.879154Z",
"url": "https://files.pythonhosted.org/packages/69/46/bd7dcde445e48573baf84075922438dbc93c41a17fef53505a81efeaeed4/aiohttp_msal-0.7.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-08-15 15:26:57",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "kellerza",
"github_project": "aiohttp_msal",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "aiohttp-msal"
}
JSON
