| Name | reflex-azure-auth JSON |
| Version |
0.1.0
JSON |
| download |
| home_page | None |
| Summary | Integration with Azure (Microsoft identity platform) OpenID Connect |
| upload_time | 2025-08-20 21:40:47 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | <4.0,>=3.10 |
| license | None |
| keywords |
python
reflex
reflex-enterprise
|
| VCS |
|
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# reflex-azure-auth
This package requires the `reflex_enterprise` package to be installed.
## Installation
```bash
pip install reflex-azure-auth
```
## Usage
### Set Up an Azure (Microsoft identity platform) Application
Create a new Application (App Registration) in the Azure portal and set up a .env file with the following variables:
```env
AZURE_CLIENT_ID=your_client_id
AZURE_CLIENT_SECRET=your_client_secret
AZURE_ISSUER_URI=your tenant issuer or authority URL
```
Reflex will need to access these variables to authenticate users via OpenID Connect on the Microsoft identity platform.
#### Step-by-step: App Registration
1. Sign in to the Azure portal and open "Azure Active Directory" → "App registrations".
2. Click "New registration".
- Name: choose a friendly name (example: "Reflex Demo App").
- Supported account types: choose the tenant(s) you want (single or multi-tenant).
- Redirect URI: add the authorization callback path for your app, e.g. `https://your-app.example.com/authorization-code/callback` (use `http://localhost:3000/authorization-code/callback` for local development).
3. Register the app and copy the "Application (client) ID" → this is `AZURE_CLIENT_ID`.
4. Under "Certificates & secrets" create a new client secret and copy the value → this is `AZURE_CLIENT_SECRET`.
5. Under "Expose an API" or "API permissions" add the scopes your app needs. For typical OpenID Connect sign-in, request the `openid`, `profile`, and `email` scopes.
6. Determine your issuer (authority) URL as `AZURE_ISSUER_URI` env var.
- For a single tenant: `https://login.microsoftonline.com/<your-tenant-id>/v2.0`
- For common/multi-tenant flows: `https://login.microsoftonline.com/common/v2.0`
7. For multi-tenant apps, you can use the `AZURE_VALID_TENANT_IDS` env var to specify which comma-separated tenant IDs are allowed.
Example .env (local development):
```env
AZURE_CLIENT_ID=00000000-0000-0000-0000-000000000000
AZURE_CLIENT_SECRET=very-secret-value
AZURE_ISSUER_URI=https://login.microsoftonline.com/consumers/v2.0
AZURE_VALID_TENANT_IDS=00000000-0000-0000-0000-000000000000,9188040d-6c67-4c5b-b112-36a304b66dad
```
Notes:
- Redirect URIs must match exactly. For Reflex demo pages running locally, use the full local URL including the `/authorization-code/callback` path.
- Use `openid email profile` in the authorization request to receive an ID token containing standard claims (sub, name, email).
- When testing with a real tenant, use the tenant-specific issuer URL (recommended for production).
### Register Auth Callback
```python
from reflex_enterprise import App
from reflex_azure_auth import register_auth_endpoints
...
app = App()
register_auth_endpoints(app)
```
### Check `AzureAuthState.userinfo` for user identity/validity
To fully support embedded/iframe apps, be sure to wrap your login button with `azure_login_button`.
```python
import reflex as rx
from reflex_azure_auth import AzureAuthState, azure_login_button
@rx.page()
def index():
return rx.container(
rx.vstack(
rx.heading("Azure (Microsoft) Auth Demo"),
rx.cond(
rx.State.is_hydrated,
rx.cond(
AzureAuthState.userinfo,
rx.vstack(
rx.text(f"Welcome, {AzureAuthState.userinfo["name"]}!"),
rx.text(AzureAuthState.userinfo.to_string()),
rx.button("Logout", on_click=AzureAuthState.redirect_to_logout),
),
azure_login_button(
rx.button("Log In with Microsoft"),
),
),
rx.spinner(),
),
),
)
```
### Validate the Tokens
tokens to ensure they have not been tampered with. Use
Before performing privileged backend operations, it is important to validate the
tokens to ensure they have not been tampered with. Use
`AzureAuthState._validate_tokens()` helper method to validate the tokens.
### Customize the UI
The `register_auth_endpoints` function accepts 3 optional UI callables:
#### `loading_page`
This is the page displayed before and after redirecting to the Azure authorization endpoint.
The default implementation uses `rx.cond(~rx.State.is_hydrated | ~AzureAuthState.userinfo, ...)`
to show a different message based on whether the user info was fetched or not.
#### `popup_login_page`
When the app is within an iframe, the normal redirect flow cannot be used, so
the authentication is handled within a popup window. This callable returns the
page displayed in the popup window before and after redirecting to the Azure
authorization endpoint.
#### `popup_logout_page`
When the app is within an iframe, the normal redirect flow cannot be used, so
the authentication is handled within a popup window. This callable returns the
page displayed in the popup window before redirecting to the Azure
logout endpoint.
Raw data
{
"_id": null,
"home_page": null,
"name": "reflex-azure-auth",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.10",
"maintainer_email": null,
"keywords": "python, reflex, reflex-enterprise",
"author": null,
"author_email": "Masen Furer <masen@reflex.dev>",
"download_url": null,
"platform": null,
"description": "# reflex-azure-auth\n\nThis package requires the `reflex_enterprise` package to be installed.\n\n## Installation\n\n```bash\npip install reflex-azure-auth\n```\n\n## Usage\n\n### Set Up an Azure (Microsoft identity platform) Application\n\nCreate a new Application (App Registration) in the Azure portal and set up a .env file with the following variables:\n\n```env\nAZURE_CLIENT_ID=your_client_id\nAZURE_CLIENT_SECRET=your_client_secret\nAZURE_ISSUER_URI=your tenant issuer or authority URL\n```\n\nReflex will need to access these variables to authenticate users via OpenID Connect on the Microsoft identity platform.\n\n#### Step-by-step: App Registration\n\n1. Sign in to the Azure portal and open \"Azure Active Directory\" \u2192 \"App registrations\".\n2. Click \"New registration\".\n - Name: choose a friendly name (example: \"Reflex Demo App\").\n - Supported account types: choose the tenant(s) you want (single or multi-tenant).\n - Redirect URI: add the authorization callback path for your app, e.g. `https://your-app.example.com/authorization-code/callback` (use `http://localhost:3000/authorization-code/callback` for local development).\n3. Register the app and copy the \"Application (client) ID\" \u2192 this is `AZURE_CLIENT_ID`.\n4. Under \"Certificates & secrets\" create a new client secret and copy the value \u2192 this is `AZURE_CLIENT_SECRET`.\n5. Under \"Expose an API\" or \"API permissions\" add the scopes your app needs. For typical OpenID Connect sign-in, request the `openid`, `profile`, and `email` scopes.\n6. Determine your issuer (authority) URL as `AZURE_ISSUER_URI` env var.\n - For a single tenant: `https://login.microsoftonline.com/<your-tenant-id>/v2.0`\n - For common/multi-tenant flows: `https://login.microsoftonline.com/common/v2.0`\n7. For multi-tenant apps, you can use the `AZURE_VALID_TENANT_IDS` env var to specify which comma-separated tenant IDs are allowed.\n\nExample .env (local development):\n\n```env\nAZURE_CLIENT_ID=00000000-0000-0000-0000-000000000000\nAZURE_CLIENT_SECRET=very-secret-value\nAZURE_ISSUER_URI=https://login.microsoftonline.com/consumers/v2.0\nAZURE_VALID_TENANT_IDS=00000000-0000-0000-0000-000000000000,9188040d-6c67-4c5b-b112-36a304b66dad\n```\n\nNotes:\n- Redirect URIs must match exactly. For Reflex demo pages running locally, use the full local URL including the `/authorization-code/callback` path.\n- Use `openid email profile` in the authorization request to receive an ID token containing standard claims (sub, name, email).\n- When testing with a real tenant, use the tenant-specific issuer URL (recommended for production).\n\n### Register Auth Callback\n\n```python\nfrom reflex_enterprise import App\nfrom reflex_azure_auth import register_auth_endpoints\n\n...\n\napp = App()\nregister_auth_endpoints(app)\n```\n\n### Check `AzureAuthState.userinfo` for user identity/validity\n\nTo fully support embedded/iframe apps, be sure to wrap your login button with `azure_login_button`.\n\n```python\nimport reflex as rx\nfrom reflex_azure_auth import AzureAuthState, azure_login_button\n\n@rx.page()\ndef index():\n return rx.container(\n rx.vstack(\n rx.heading(\"Azure (Microsoft) Auth Demo\"),\n rx.cond(\n rx.State.is_hydrated,\n rx.cond(\n AzureAuthState.userinfo,\n rx.vstack(\n rx.text(f\"Welcome, {AzureAuthState.userinfo[\"name\"]}!\"),\n rx.text(AzureAuthState.userinfo.to_string()),\n rx.button(\"Logout\", on_click=AzureAuthState.redirect_to_logout),\n ),\n azure_login_button(\n rx.button(\"Log In with Microsoft\"),\n ),\n ),\n rx.spinner(),\n ),\n ),\n )\n```\n\n### Validate the Tokens\n\ntokens to ensure they have not been tampered with. Use\nBefore performing privileged backend operations, it is important to validate the\ntokens to ensure they have not been tampered with. Use\n`AzureAuthState._validate_tokens()` helper method to validate the tokens.\n\n### Customize the UI\n\nThe `register_auth_endpoints` function accepts 3 optional UI callables:\n\n#### `loading_page`\n\nThis is the page displayed before and after redirecting to the Azure authorization endpoint.\n\nThe default implementation uses `rx.cond(~rx.State.is_hydrated | ~AzureAuthState.userinfo, ...)`\nto show a different message based on whether the user info was fetched or not.\n\n#### `popup_login_page`\n\nWhen the app is within an iframe, the normal redirect flow cannot be used, so\nthe authentication is handled within a popup window. This callable returns the\npage displayed in the popup window before and after redirecting to the Azure\nauthorization endpoint.\n\n#### `popup_logout_page`\n\nWhen the app is within an iframe, the normal redirect flow cannot be used, so\nthe authentication is handled within a popup window. This callable returns the\npage displayed in the popup window before redirecting to the Azure\nlogout endpoint.",
"bugtrack_url": null,
"license": null,
"summary": "Integration with Azure (Microsoft identity platform) OpenID Connect",
"version": "0.1.0",
"project_urls": {
"documentation": "https://enterprise.reflex.dev",
"homepage": "https://reflex.dev/"
},
"split_keywords": [
"python",
" reflex",
" reflex-enterprise"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "1c9ed35a33e41d5e77970b3c3ceefb490433320964afa64b79432a9ee967fcd8",
"md5": "eb960627311c64cc12fec042fc9321f3",
"sha256": "7e535c432bfe01d49198f3d9c44bc8d097fc9b7427a016b9fced02f2973bde91"
},
"downloads": -1,
"filename": "reflex_azure_auth-0.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "eb960627311c64cc12fec042fc9321f3",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.10",
"size": 13959,
"upload_time": "2025-08-20T21:40:47",
"upload_time_iso_8601": "2025-08-20T21:40:47.181893Z",
"url": "https://files.pythonhosted.org/packages/1c/9e/d35a33e41d5e77970b3c3ceefb490433320964afa64b79432a9ee967fcd8/reflex_azure_auth-0.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-08-20 21:40:47",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "reflex-azure-auth"
}
