identity

Identity library

This Identity library is an authentication/authorization library that:

• Suitable for apps that are targeting end users on Microsoft identity platform, a.k.a. Microsoft Entra ID (which includes Work or school accounts provisioned through Azure AD, and Personal Microsoft accounts such as Skype, Xbox, Outlook.com).
• Currently designed for web apps, regardless of which Python web framework you are using.
• Provides a set of high level API that is built on top of, and easier to be used than Microsoft's MSAL Python library.
• Written in Python, for Python apps.

DISCLAIMER: The code in this repo is not officially supported by Microsoft and is not intended for production use. The intention of this repo is to unblock customers who would like to use a higher level API, before such an API has been migrated to an Microsoft library with official support. Migration of this API to official support is not guaranteed and is not currently on the MSAL roadmap. Please ensure to fully test any code used from this repository to ensure it works in your environment.

Scenarios supported

	Microsoft Entra ID	Microsoft Entra External ID	Microsoft Entra External ID with Custom Domain	Azure AD B2C
App Registration	Following only the step 1, 2 and 3 of this Quickstart: Add sign-in with Microsoft to a Python web app	Follow only the page 1 of this Tutorial: Prepare your customer tenant ...	Coming soon.	Following only the step 1 and 2 (including 2.1 and 2.2) of this Configure authentication in a sample Python web app by using Azure AD B2C
After app registration, you shall obtain the following information: Your app's client_id, also known as application ID. (For example, if you are using Entra ID, you may follow this app registration document). Your app's credential, which can either be a secret string, or a certificate. (For example, if you are using Entra ID, you may follow this app credential document). The Identity library's client_credential parameter supports all formats supported by msal library's same name parameter. Your app's Redirect URI. You may prepare two, one of them looks like http://localhost:5000/redirect for local development, the other looks like https://your_website.com/redirect for your production. (For example, if you are using Entra ID, you may follow this redirect URI document).
Web App Sign In & Sign Out	By using this library, it will automatically renew signed-in session when the ID token expires. Sample written in Sample written in Sample written in Need support for more web frameworks? Upvote existing feature request or create a new one
How to customize the login page	The default login page will typically redirect users to your Identity Provider, so you don't have to customize it. But if the default login page is shown in your browser, you can read its HTML source code, and find the how-to instructions there.
Web App Calls a web API	This library supports: Incremental consent. If the user needs to consent to more permissions, the library will automatically redirect the user to the consent page. Automatically cache the access token and renew it when needed They are demonstrated by the same samples above.
Web API Calls another web API (On-behalf-of)	In roadmap.
How to build the samples above from scratch	Read our docs here
Other scenarios	Upvote existing feature request or create a new one

Installation

This package is available on PyPI. Choose the package declaration that matches your web framework:

Note: Make sure you put "identity[...]" in quotes to ensure it works in all terminals.

• Django: pip install "identity[django]"
• Flask: pip install "identity[flask]"
• Quart: pip install "identity[quart]"

Versions

This library follows Semantic Versioning. Your project should declare identity dependency with proper lower and upper bound.

You can find the changes for each version under Releases.