A FastAPI Plug-In to support authentication authorization using the Microsoft Authentication Library (MSAL)
FastAPI - https://github.com/tiangolo/fastapi FastAPI is a modern, fast (high-performance), web framework for building APIs based on standard Python type hints.
MSAL for Python - https://github.com/AzureAD/microsoft-authentication-library-for-python The Microsoft Authentication Library for Python enables applications to integrate with the Microsoft identity platform. It allows you to sign in users or apps with Microsoft identities and obtain tokens to call Microsoft APIs such as Microsoft Graph or your own APIs registered with the Microsoft identity platform. It is built using industry standard OAuth2 and OpenID Connect protocols
The fastapi_msal package was built to allow quick "out of the box" integration with MSAL. As a result the pacage was built around simplicity and ease of use on the expense of flexability and versatility.
pip install "fastapi_msal"
Or if you wish to have all the required packages straight forward
pipenv install "fastapi_msal[full]"
python-multipart, From FastAPI documentation: This is required since OAuth2 (Which MSAL is based upon) uses "form data" to send the credentials.
itsdangerous Used by Starlette session middleware
client_id
, tenant_id
and client_credential
(client secrets) - see images below:import uvicorn
from fastapi import FastAPI, Depends
from starlette.middleware.sessions import SessionMiddleware
from fastapi_msal import MSALAuthorization, UserInfo, MSALClientConfig
client_config: MSALClientConfig = MSALClientConfig()
client_config.client_id = "The client_id retrieved at step #1"
client_config.client_credential = "The client_credential retrieved at step #1"
client_config.tenant = "Your tenant_id retrieved at step #1"
app = FastAPI()
app.add_middleware(SessionMiddleware, secret_key="SOME_SSH_KEY_ONLY_YOU_KNOW") # replace with your own!!!
msal_auth = MSALAuthorization(client_config=client_config)
app.include_router(msal_auth.router)
@app.get("/users/me", response_model=UserInfo, response_model_exclude_none=True, response_model_by_alias=False)
async def read_users_me(current_user: UserInfo = Depends(msal_auth.scheme)) -> UserInfo:
return current_user
if __name__ == "__main__":
uvicorn.run("main:app", host="localhost", port=5000, reload=True)
(pipenv shell)$ python main.py
INFO: Uvicorn running on http://localhost:5000 (Press CTRL+C to quit)
INFO: Started reloader process [12785] using statreload
INFO: Started server process [12787]
INFO: Waiting for application startup.
INFO: Application startup complete.
Browse to http://localhost:5000/docs - this is the API docs generated by FastAPI (totaly cool!)
Using the "built-in" authenticaiton button (the little lock) you will be able to set the full authentication process (Igonre the cline_id and client_secret - they are not relevant for the process as you already set them)
After you complete the process you will get a confirmation popup
Trying out the ME api endpoint
If you wish to try out a working example, clone the following project and adjust it to your needs: https://github.com/dudil/ms-identity-python-webapp
NB! Make sure you are using the fastapi_msal branch!!!