Microsoft Authentication Library (MSAL) for Python
Get started with the Microsoft Authentication Library for Python to sign in users or apps with Microsoft identities (Azure AD, Microsoft Accounts and Azure AD B2C accounts) and obtain tokens to call Microsoft APIs such as Microsoft Graph or your own APIs registered with the Microsoft identity platform.
Follow steps to install the package and try out example code for basic tasks.
Quickstart | API reference documentation | Samples
- An Azure account with an active subscription. Create a free account.
- Python 3.6+.
Install the package
Install the MSAL for Python package. You can find MSAL Python on Pypi.
pip install msal
Before using MSAL Python register your application with the Microsoft identity platform.
Acquiring tokens with MSAL Python follows this 3-step pattern. This is the high level conceptual pattern. There will be some variations for different flows. They are demonstrated in the runnable samples.
MSAL proposes a clean separation between public client applications, and confidential client applications. Therefore, create either a
ConfidentialClientApplicationinstance, and reuse it during the lifecycle of your app. The following example shows a
from msal import PublicClientApplication app = PublicClientApplication( "your_client_id", authority="https://login.microsoftonline.com/Enter_the_Tenant_Name_Here")
Later, each time you would want an access token, you start by:
result = None # It is just an initial value. Please follow instructions below.
The API model in MSAL provides you explicit control on how to utilize token cache. This cache part is technically optional, but we highly recommend you to harness the power of MSAL cache. It will automatically handle the token refresh for you.
# We now check the cache to see # whether we already have some accounts that the end user already used to sign in before. accounts = app.get_accounts() if accounts: # If so, you could then somehow display these accounts and let end user choose print("Pick the account you want to use to proceed:") for a in accounts: print(a["username"]) # Assuming the end user chose this one chosen = accounts # Now let's try to find a token in cache for this account result = app.acquire_token_silent(["your_scope"], account=chosen)
If there is no suitable token in the cache or you've chosen to skip the previous step, send a request to Azure AD to get a token. There are different methods based on your client type and scenario. Here we demonstrate a placeholder flow.
if not result: # So no suitable token exists in cache. Let's get a new one from Azure AD. result = app.acquire_token_by_one_of_the_actual_method(..., scopes=["User.Read"]) if "access_token" in result: print(result["access_token"]) # Yay! else: print(result.get("error")) print(result.get("error_description")) print(result.get("correlation_id")) # You may need this when reporting a bug
Refer to the Wiki on GitHub for more details on the MSAL Python functionality and usage.
Migrate from ADAL to MSAL
If your application is using ADAL Python, we recommend you update it to use MSAL Python. No new feature work will be done in ADAL Python.
See the ADAL to MSAL migration guide.
- Handle errors and exceptions in MSAL Python: Learn about the different types of errors and how to handle common sign-in errors.
- Logging in MSAL Python: Learn how to generate log messages that can help diagnose issues.
Submit and view feedback for