Authenticate Microsoft users with MSAL Python

Bakar, Cem 281 Reputation points
2022-09-28T02:23:16.493+00:00

Greetings,
I have created a small app with Streamlit. I would like to add authentication to show correct data to correct user, I have followed this document
The idea is if there is no session, a window should popup and allow users to login with their accounts. If there is an active session, the app should read it and parse the user name.

However, the suggested class PublicClientApplication does not take credentials, Azure App Registration does not allow any communication without a client secret.
The other class I could use is called ConfidentialClientApplication which does not have a method to generate the login-popup

Thank you for your support,

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,478 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,442 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Azar 18,375 Reputation points
    2023-07-11T16:46:34.71+00:00

    Hi Bakar

    To add authentication to your Streamlit app and enable users to login with their accounts, you can make use of the Azure AD authentication flow. Here are the steps you can follow:

    Create an Azure App Registration: In the Azure portal, create an App Registration and configure it as a web application. Obtain the client ID for your app registration.

    Choose the appropriate client type: Based on your requirements, decide whether you want to use the PublicClientApplication or ConfidentialClientApplication class for authentication.

    PublicClientApplication: This client type is suitable for public client applications, such as single-page web apps or mobile apps. It does not require a client secret and can handle interactive authentication flows.

    ConfidentialClientApplication: This client type is intended for confidential client applications, such as web apps with server-side logic. It requires a client secret and can handle both interactive and non-interactive authentication flows.

    Implement authentication in your Streamlit app:

    a. Import the necessary libraries for Azure AD authentication. For example, you can use the MSAL (Microsoft Authentication Library) library for Python.

    b. Configure the client ID and other relevant parameters in your Streamlit app.

    c. Use the appropriate class (PublicClientApplication or ConfidentialClientApplication) to initiate the authentication process and handle the authentication flow. For the PublicClientApplication, you can use the acquire_token_interactive method to trigger the login-popup and authenticate the user.

    1. Once the user is authenticated, you can access their claims, such as the user name, from the token provided by Azure AD. 
                **[Azure Active Directory authentication with Streamlit](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-python-webapp-msal)**

    Kindy accept answer if it helps

    0 comments