python-o365
python-o365 copied to clipboard
O365
Support for Certificate based Authentication
Hi, Is there a plan for supporting certification based auth as well?
Here is a link for an example implementation https://github.com/Azure-Samples/ms-identity-python-daemon/blob/master/2-Call-MsGraph-WithCertificate/confidential_client_certificate_sample.py
Seems like many folks are moving to cert based auth for the GRAPH API
Thanks!!
Hey @janscas , I think certificate based auth is an awesome way to help rid the world of wandering API keys and increase the trust of using this library. I would love to see this as part of the package :)
Thanks!
Hi, I am exploring adding this feature. @janscas , what do you think of adding msal as a dependency and using it for authentication?
@kwollaston Hi, any updates about the certificate based authentication feature? Thanks.
Hi, I am exploring adding this feature. @janscas , what do you think of adding msal as a dependency and using it for authentication?
I'm not against it.
Do you think it could be added without much changes?
@janscas I have gotten it working and with relatively minimal changes. The thing I was on last was adjusting the token backend to work with MSAL. I just had a new baby, so I don't have much time at the moment. I will try to get it on my fork and notify you all here.
Maybe you or someone else will be able to run with it if I can't find some time soon.
From: Alejandro Casanovas @.***> Sent: Wednesday, April 21, 2021, 4:24 PM To: O365/python-o365 Cc: Kyle Wollaston; Mention Subject: Re: [O365/python-o365] Support for Certificate based Authentication (#570)
Hi, I am exploring adding this feature. @janscashttps://github.com/janscas , what do you think of adding msalhttps://github.com/AzureAD/microsoft-authentication-library-for-python as a dependency and using it for authentication?
I'm not against it.
Do you think it could be added without much changes?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/O365/python-o365/issues/570#issuecomment-824428439, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAHQODZRQRWRNTOFJAIPSXTTJ5NEFANCNFSM4W63H53Q.
@janscas Should we create a MSAL branch?
Sent from my T-Mobile 4G LTE Device Get Outlook for Androidhttps://aka.ms/AAb9ysg
From: Kyle Wollaston @.> Sent: Wednesday, April 21, 2021 4:30:41 PM To: O365/python-o365 @.>; O365/python-o365 @.> Cc: Mention @.> Subject: Re: [O365/python-o365] Support for Certificate based Authentication (#570)
@janscas I have gotten it working and with relatively minimal changes. The thing I was on last was adjusting the token backend to work with MSAL. I just had a new baby, so I don't have much time at the moment. I will try to get it on my fork and notify you all here.
Maybe you or someone else will be able to run with it if I can't find some time soon.
From: Alejandro Casanovas @.***> Sent: Wednesday, April 21, 2021, 4:24 PM To: O365/python-o365 Cc: Kyle Wollaston; Mention Subject: Re: [O365/python-o365] Support for Certificate based Authentication (#570)
Hi, I am exploring adding this feature. @janscashttps://github.com/janscas , what do you think of adding msalhttps://github.com/AzureAD/microsoft-authentication-library-for-python as a dependency and using it for authentication?
I'm not against it.
Do you think it could be added without much changes?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/O365/python-o365/issues/570#issuecomment-824428439, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAHQODZRQRWRNTOFJAIPSXTTJ5NEFANCNFSM4W63H53Q.
@kwollaston I can help with the PR, did you create a branch for MSAL?
@DaniEzzeddine Please look at the commit here, I just dumped what I have in there. The branch is behind though https://github.com/kwollaston/python-o365/tree/msal
@kwollaston @DaniEzzeddine - thanks for taking this up. Can you share the usage instructions for the msal version that @kwollaston started? Thanks!
Hi @metalshanked, I will try to follow up this weekend!
-------- Original message -------- From: metalshanked @.> Date: 1/13/22 7:19 AM (GMT-08:00) To: O365/python-o365 @.> Cc: Kyle Wollaston @.>, Mention @.> Subject: Re: [O365/python-o365] Support for Certificate based Authentication (#570)
@kwollastonhttps://github.com/kwollaston @DaniEzzeddinehttps://github.com/DaniEzzeddine - thanks for taking this up? Can you share the usage instructions for the msal version that @kwollastonhttps://github.com/kwollaston started? Thanks!
— Reply to this email directly, view it on GitHubhttps://github.com/O365/python-o365/issues/570#issuecomment-1012234098, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAHQODYH5HCEQLK3L7KJG7LUV3UPXANCNFSM4W63H53Q. You are receiving this because you were mentioned.Message ID: @.***>
@metalshanked - Take a look at the diff for an idea, it wasn't a huge change although as mentioned we need to alter the token backend. MSAL uses it's own token cache
I was able to get it to work in the current state. Basically you set auth_flow_type to "certificate" and set credentials to a dict with keys "thumbprint", "private_key", and "client_id"
See here for more info.
Thanks @kwollaston ! Will check it out. What would be the implications of the token backend not working?
Would we would need to add some logic to check expiry and refresh the token manually? (I am using Filesystem token backend)
Any news here, possibly without requiring msal? Microsoft code just always feels so un-pythonic.
