azure-samples / ms-identity-python-flask-webapp-authentication Goto Github PK
View Code? Open in Web Editor NEWThis sample demonstrates a Python Flask webapp that signs in users in your tenant using Azure Active Directory
License: MIT License
This sample demonstrates a Python Flask webapp that signs in users in your tenant using Azure Active Directory
License: MIT License
x
)- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)
cd <project-root-directory> # the folder into which you cloned the code
python3 -m venv venv # only required if you don't have a venv already
source venv/bin/activate
pip install -r requirements.txt
. .\run.flask.dev.ps1
Traceback (most recent call last):
File "/prac-msgraph/ms-identity-python-flask-webapp-authentication/venv/bin/flask", line 5, in <module>
from flask.cli import main
File "/prac-msgraph/ms-identity-python-flask-webapp-authentication/venv/lib/python3.8/site-packages/flask/__init__.py", line 14, in <module>
from jinja2 import escape
File "/prac-msgraph/ms-identity-python-flask-webapp-authentication/venv/lib/python3.8/site-packages/jinja2/__init__.py", line 12, in <module>
from .environment import Environment
File "/prac-msgraph/ms-identity-python-flask-webapp-authentication/venv/lib/python3.8/site-packages/jinja2/environment.py", line 25, in <module>
from .defaults import BLOCK_END_STRING
File "/prac-msgraph/ms-identity-python-flask-webapp-authentication/venv/lib/python3.8/site-packages/jinja2/defaults.py", line 3, in <module>
from .filters import FILTERS as DEFAULT_FILTERS # noqa: F401
File "/prac-msgraph/ms-identity-python-flask-webapp-authentication/venv/lib/python3.8/site-packages/jinja2/filters.py", line 13, in <module>
from markupsafe import soft_unicode
ImportError: cannot import name 'soft_unicode' from 'markupsafe' (/prac-msgraph/ms-identity-python-flask-webapp-authentication/venv/lib/python3.8/site-packages/markupsafe/__init__.py)
The app could start succeessfully
Ubuntu Linux 20.04
I found the MarkupSafe package installed is of version 2.1.1
. After downgrading it to version 2.0.1
and restart the app, it works!
x
)- [x] bug report -> please search issues before submitting
when session is expired, I can copy another session=... value from an authentificated cookie which is not expired and from another used, paste it in my cookie and refresh, which then leads to a successful login.
implementation of this example with an app registration and other pre-requisites.
this should not work, or session authentification / authorization should not have been used as an exmaple.
I would like to use flask and msal with users from the same tenant, same roles etc, without this being possible.
azure app service (linux with gunicorn startup command) and locally with python flask run on windows machine. Happens in all kinds of browsers tried: firefox, edge, chrome
Thanks! We'll be in touch soon.
Please provide us with the following information:
x
)- [ ] bug report -> please search issues before submitting
- [x ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)
Log in microsoft account, close browser and reconnect
N/A
Is there a method to verify whether a user is still logged in, via a request with their token details? If a user logs in with their microsoft account, closes the browser and then reconnects to the flask app, I can't find a method to verify if they're still logged in. Such that, they will be in a different state if they choose to 'stay logged in' or not. Whereas, the flask app's g.identity_context_data variable still sees them as logged in, regardless. So i was hoping to find a way to send a request to verify whether the user's token details are still valid / check if they're still logged in.
N/A
N/A
Thanks! We'll be in touch soon.
Please provide us with the following information:
x
)- [ x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)
I went through the tutorial, line by line. When I got to the step of running the code, I got the expected splash screen in my browser, with a green button in the top left to Sign In. When I click on that button, I get an error noted below. I get the same error with both options "Yes" or "No" from the Azure portal configuration "Allow public client flows".
ms_identity_web.errors.TokenExchangeError: _process_result: auth failed: token request resulted in error
invalid_client: AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret' should be presented.
Trace ID: 594bc797-111f-440f-a6f5-319836c00201
Correlation ID: a5e8bdb2-f6c8-43e8-8b70-168facbe19a5
Timestamp: 2023-05-09 23:58:04Z
I would expect to be able to log in
Windows10
Thanks! We'll be in touch soon.
Please provide us with the following information:
x
)- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)
When leave the web open on browser after an hour, or open the browser; the web sometimes does GET //auth/redirect? and it shows an Internal Server Error.
| [2022-09-12 18:35:48,924] ERROR in init: process_auth_redirect: security violation ('Failed to match request state with session state',)
backend | [2022-09-12 18:35:48,925] ERROR in app: Exception on /auth/redirect [GET]
backend | Traceback (most recent call last):
backend | File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 2525, in wsgi_app
backend | response = self.full_dispatch_request()
backend | File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1822, in full_dispatch_request
backend | rv = self.handle_user_exception(e)
backend | File "/usr/local/lib/python3.8/site-packages/flask_cors/extension.py", line 165, in wrapped_function
backend | return cors_after_request(app.make_response(f(*args, **kwargs)))
backend | File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1820, in full_dispatch_request
backend | rv = self.dispatch_request()
backend | File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1796, in dispatch_request
backend | return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
backend | File "/usr/local/lib/python3.8/site-packages/ms_identity_web/flask_blueprint/init.py", line 44, in aad_redirect
backend | return id_web.process_auth_redirect(redirect_uri=url_for('.aad_redirect',_external=True),
backend | File "/usr/local/lib/python3.8/site-packages/ms_identity_web/init.py", line 40, in assert_adapter
backend | return f(self, *args, **kwargs)
backend | File "/usr/local/lib/python3.8/site-packages/ms_identity_web/init.py", line 127, in process_auth_redirect
backend | raise ase
backend | File "/usr/local/lib/python3.8/site-packages/ms_identity_web/init.py", line 105, in process_auth_redirect
backend | self._verify_state(req_params)
backend | File "/usr/local/lib/python3.8/site-packages/ms_identity_web/init.py", line 40, in assert_adapter
backend | return f(self, *args, **kwargs)
backend | File "/usr/local/lib/python3.8/site-packages/ms_identity_web/init.py", line 259, in _verify_state
backend | raise AuthSecurityError("Failed to match request state with session state")
backend | ms_identity_web.errors.AuthSecurityError: Failed to match request state with session state
backend | 150.172.230.173 - - [12/Sep/2022 18:35:48] "GET //auth/redirect?
Use the session cokies.
Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)
Thanks! We'll be in touch soon.
I enabled the require user assignment and restricted access to some users, works well with authorized users.
Not authorized users receive the "internal server error" page
this is the server log:
[2021-01-20 07:59:23,051] ERROR in app: Exception on /auth/redirect [GET]
Traceback (most recent call last):
File "C:\Program Files (x86)\Python37-32\lib\site-packages\flask\app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "C:\Program Files (x86)\Python37-32\lib\site-packages\flask\app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "C:\Program Files (x86)\Python37-32\lib\site-packages\flask\app.py", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "C:\Program Files (x86)\Python37-32\lib\site-packages\flask_compat.py", line 35, in reraise
raise value
File "C:\Program Files (x86)\Python37-32\lib\site-packages\flask\app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "C:\Program Files (x86)\Python37-32\lib\site-packages\flask\app.py", line 1799, in dispatch_request
return self.view_functionsrule.endpoint
File "C:\Program Files (x86)\Python37-32\lib\site-packages\ms_identity_web\flask_blueprint_init_.py", line 45, in aad_redirect
afterwards_go_to_url=post_sign_in_url)
File "C:\Program Files (x86)\Python37-32\lib\site-packages\ms_identity_web_init_.py", line 40, in assert_adapter
return f(self, *args, **kwargs)
File "C:\Program Files (x86)\Python37-32\lib\site-packages\ms_identity_web_init_.py", line 131, in process_auth_redirect
raise oae
File "C:\Program Files (x86)\Python37-32\lib\site-packages\ms_identity_web_init_.py", line 108, in process_auth_redirect
self.parse_redirect_errors(req_params)
File "C:\Program Files (x86)\Python37-32\lib\site-packages\ms_identity_web_init.py", line 213, in _parse_redirect_errors
raise OtherAuthError("Unknown error while parsing redirect")
ms_identity_web.errors.OtherAuthError: Unknown error while parsing redirect
x
)- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [X ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)
On Azure application properties Enable "User assignment required"
Page like "you don't have access to the application"
Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)
W10
python 3.7
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.