Hi @dmim , Thank you for reaching out. The following Python sample uses the client_credential flow of OAuth2.0, which means that it would fetch the Access-Token from AAD in the application's context and then use that access-token to make a graph API call.
So if you run this python app as it is after downloading, it would go by client-credential flow, and the access-token received by this app from AAD, won't have any user-related claims like upn or email, etc.
You can check the method called client_credential=config["secret"]
in the msal.ConfidentialClientApplication
class being passed, which clears that it uses client_credential flwo.
# Create a preferably long-lived app instance which maintains a token cache.
app = msal.ConfidentialClientApplication(
config["client_id"], authority=config["authority"],
client_credential=config["secret"],
# token_cache=... # Default cache is in memory only.
# You can learn how to use SerializableTokenCache from
# https://msal-python.rtfd.io/en/latest/#msal.SerializableTokenCache
)
To get the user details like upn, email, etc, you would get either an id_token or an access_token in the user's context, and to do that you would have to implement the auth-code-grant flow of OAuth.
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.