Azure Functions Python App - enable IdentityModelEventSource.ShowPII Property

Victor Seifert 151 Reputation points
2022-11-29T11:50:33.667+00:00

I'm having some issues with the AAD authentication of my Python API which is hosted in Azure Functions.

The official documentation suggests to "enable PII to see the values removed from the message" in order to be able to check the Issuer & ValidIssuer. The documentation only references the .NET extension however. The search on learn.microsoft.com also only shows hits for .NET developers. How can I activate it for my Python API application?

Crosspost from Stackoverflow.

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,644 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Mike Urnun 9,786 Reputation points Microsoft Employee
    2022-12-08T06:51:39.217+00:00

    Hello @Victor Seifert - Thanks for reaching out!

    The IdentityModelEventSource.ShowPII property is part of Azure SDK for .NET and the same for Python would be MSAL for Python. And it doesn't seem possible to enable it as this doc states the following about the logging of PII data:

    MSAL for Python does not log personal data or organizational data. There is no property to turn personal or organization data logging on or off.

    Despite the above, you should still be able to use the standard Python logging for validating the claims included in the JWT tokens.

    That aside, in looking at the codes included in your Stackoverflow post, I didn't see any code for authentication - could you share more details on this part? More on MSAL for Python is as follows: https://github.com/AzureAD/microsoft-authentication-library-for-python/wiki

    Lastly, if you just need a good starting point, here's the official sample (uses Flask) which might help: Python Azure Function Web API secured by Azure AD

    -------------------------------------------------------------------------------

    Please consider contributing to MS Q&A by marking 'Accepted Answer' and ‘Upvoting’ as applicable.