Microsoft Authentication Library (MSAL) for Python

Get started with the Microsoft Authentication Library for Python to sign in users or apps with Microsoft identities (Azure AD, Microsoft Accounts and Azure AD B2C accounts) and obtain tokens to call Microsoft APIs such as Microsoft Graph or your own APIs registered with the Microsoft identity platform.

Follow steps to install the package and try out example code for basic tasks.

Quickstart | API reference documentation | Samples


Install the package

Install the MSAL for Python package. You can find MSAL Python on Pypi.

pip install msal

Setting up

Before using MSAL Python register your application with the Microsoft identity platform.


Acquiring tokens with MSAL Python follows this 3-step pattern. This is the high level conceptual pattern. There will be some variations for different flows. They are demonstrated in the runnable samples.

  1. MSAL proposes a clean separation between public client applications, and confidential client applications. Therefore, create either a PublicClientApplication or a ConfidentialClientApplication instance, and reuse it during the lifecycle of your app. The following example shows a PublicClientApplication:

    from msal import PublicClientApplication
    app = PublicClientApplication(

    Later, each time you would want an access token, you start by:

    result = None  # It is just an initial value. Please follow instructions below.
  2. The API model in MSAL provides you explicit control on how to utilize token cache. This cache part is technically optional, but we highly recommend you to harness the power of MSAL cache. It will automatically handle the token refresh for you.

    # We now check the cache to see
    # whether we already have some accounts that the end user already used to sign in before.
    accounts = app.get_accounts()
    if accounts:
        # If so, you could then somehow display these accounts and let end user choose
        print("Pick the account you want to use to proceed:")
        for a in accounts:
        # Assuming the end user chose this one
        chosen = accounts[0]
        # Now let's try to find a token in cache for this account
        result = app.acquire_token_silent(["your_scope"], account=chosen)
  3. If there is no suitable token in the cache or you've chosen to skip the previous step, send a request to Azure AD to get a token. There are different methods based on your client type and scenario. Here we demonstrate a placeholder flow.

    if not result:
        # So no suitable token exists in cache. Let's get a new one from Azure AD.
        result = app.acquire_token_by_one_of_the_actual_method(..., scopes=["User.Read"])
    if "access_token" in result:
        print(result["access_token"])  # Yay!
        print(result.get("correlation_id"))  # You may need this when reporting a bug

Refer to the Wiki on GitHub for more details on the MSAL Python functionality and usage.

Migrate from ADAL to MSAL

If your application is using ADAL Python, we recommend you update it to use MSAL Python. No new feature work will be done in ADAL Python.

See the ADAL to MSAL migration guide.

Next Steps