I'm using msal library for python and i have completed all registration on Microsoft Azure including set http://localhost as a redirection url in the active directory to be able to use the acquire_token_interactive function to fetch the token
import logging
from pprint import pprint
import msal
import requests
config = {
"authority": "https://login.microsoftonline.com/organizations",
"client_id": "XXXXXXXXXXXXXXX",
"username": "[email protected]",
"client_secret": "XXXXXXXXXXXXXXXXX",
"scope": ["User.ReadBasic.All"],
"endpoint": "https://graph.microsoft.com/v1.0/users"
}
app = msal.PublicClientApplication(
config["client_id"], authority=config["authority"],
# allow_broker=True, # If opted in, you will be guided to meet the prerequisites, when applicable
# See also: https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-desktop-acquire-token-wam#wam-value-proposition
# token_cache=... # Default cache is in memory only.
# You can learn how to use SerializableTokenCache from
# https://msal-python.readthedocs.io/en/latest/#msal.SerializableTokenCache
)
result = None
accounts = app.get_accounts(username=config.get("username"))
if accounts:
logging.info("Account(s) exists in cache, probably with token too. Let's try.")
print("Account(s) already signed in:")
for a in accounts:
print(a["username"])
chosen = accounts[0] # Assuming the end user chose this one to proceed
print("Proceed with account: %s" % chosen["username"])
# Now let's try to find a token in cache for this account
result = app.acquire_token_silent(config["scope"], account=chosen)
if not result:
logging.info("No suitable token exists in cache. Let's get a new one from AAD.")
print("A local browser window will be open for you to sign in. CTRL C to cancel.")
result = app.acquire_token_interactive(
port=5001,
# Only works if your app is registered with redirect_uri as http://localhost
scopes=config["scope"],
# parent_window_handle=..., # If broker is enabled, you will be guided to provide a window handle
login_hint=config.get("username"), # Optional.
# If you know the username ahead of time, this parameter can pre-fill
# the username (or email address) field of the sign-in page for the user,
# Often, apps use this parameter during reauthentication,
# after already extracting the username from an earlier sign-in
# by using the preferred_username claim from returned id_token_claims.
on_before_launching_ui=lambda ui="browser", **kwargs: print(
"A {} will be launched you can close the the tab".format(ui))
# prompt=msal.Prompt.SELECT_ACCOUNT, # Or simply "select_account". Optional. It forces to show account selector page
# prompt=msal.Prompt.CREATE, # Or simply "create". Optional. It brings user to a self-service sign-up flow.
# Prerequisite: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/self-service-sign-up-user-flow
)
if "access_token" in result:
# print(result["access_token"])
pprint(result)
# Calling graph using the access token
graph_response = requests.get( # Use token to call downstream service
config["endpoint"],
headers={'Authorization': 'Bearer ' result['access_token']}, )
# print("Graph API call result: %s ..." % graph_response.text)
# pprint(graph_response.json())
else:
print(result.get("error"))
print(result.get("error_description"))
print(result.get("correlation_id")) # You may need this when reporting a bug
The content of redirection after successful authentication: Authentication completed. You can close this window now. with link: localhost:XXX/?code=0.ATAXXXXXX&session_state=8beXXXXXX
how I can close the localhost tab automatically Is there a way to automate this process?
CodePudding user response:
After investigation, I have found the
success_template param
We need to add it to the acquire_token_interactive() function
And I have injected the JS code into it after 3 seconds the window will be closed
success_template="""<html><body><script>setTimeout(function(){window.close()}, 3000);</script></body></html> """