Office365-REST-Python-Client icon indicating copy to clipboard operation
Office365-REST-Python-Client copied to clipboard
verified publisher icon vgrem

Modern Authentication - OAuth

Open naomicrosthwaite opened this issue 3 years ago • 4 comments

With Microsoft moving away from "Basic/Legacy" Authentication and towards Modern Authentication using OAuth, I was wondering what the roadmap was for this library to support OAuth in the near future? Thanks! 🙂

naomicrosthwaite avatar Feb 09 '22 10:02 naomicrosthwaite

Hello,

I would like to confirm OAuth is supported. By default The Microsoft Authentication Library (MSAL) for Python library comes as a dependency to obtain tokens to call Microsoft Graph API.

Here is an example which demonstrate how to initialize GraphClient for calling OneDrive API endpoint where token is aquired via client credentials flow:

import msal
from office365.graph_client import GraphClient

def acquire_token():
    """
    Acquire token via MSAL
    """
    authority_url = 'https://login.microsoftonline.com/{tenant_id_or_name}'
    app = msal.ConfidentialClientApplication(
        authority=authority_url,
        client_id='{client_id}',
        client_credential='{client_secret}'
    )
    token = app.acquire_token_for_client(scopes=["https://graph.microsoft.com/.default"])
    return token

client = GraphClient(acquire_token)
drives = client.drives.get().execute_query()

Another OAuth spec compliant libraries such as adal are supported as well. Here is the similar example but token is acquired via acquire_token_with_client_credentials method:

Prerequisite: adal needs to be installed first, for instance: pip install adal

import adal
from office365.graph_client import GraphClient

def acquire_token_func():
    authority_url = 'https://login.microsoftonline.com/{tenant_id_or_name}'
    auth_ctx = adal.AuthenticationContext(authority_url)
    token = auth_ctx.acquire_token_with_client_credentials(
        "https://graph.microsoft.com",
        "{client_id}",
        "{client_secret}")
    return token

client = GraphClient(acquire_token_func)
drives = client.drives.get().execute_query()

vgrem avatar Feb 09 '22 21:02 vgrem

@vgrem Could you share an example with sharepoint as well?

lschaupp avatar Feb 22 '22 13:02 lschaupp

Hi thank you for this, I am however having an issue:

When I provide a method to obtain a bearer token I get an error in auth_token_provider.py line :

    def _get_authorization_header(self):
        return '{token_type} {access_token}'.format(token_type=self._cached_token.tokenType,
                                                    access_token=self._cached_token.accessToken)

I am providing a bearer headert :

{'token_type': 'Bearer', 'expires_in': 3599, 'ext_expires_in': 3599, 'access_token': ''}

The code fails to recognize this fact and fails at this point as it tries to build one.

JasonF-BJSS avatar Apr 01 '22 10:04 JasonF-BJSS

@vgrem Could you share an example with sharepoint as well?

bump

C-monC avatar Jun 14 '23 08:06 C-monC