page_type: sample languages:
- python products:
-
microsoft-entra-id description: "This sample demonstrates a Python web application calling a Microsoft Graph that is secured using Microsoft Entra ID." urlFragment: ms-identity-python-webapp
Integrating Microsoft Entra ID with a Python web application written in Flask
This is a multi-purpose Flask web app sample. Write your app like this once, and the same implementation will support 4x2=8 scenarios.
| Microsoft Entra ID | External ID | External ID with Custom Domain | Azure Active Directory B2C | |
|---|---|---|---|---|
| Web App Sign-In & Sign-Out | ✓ | ✓ | ✓ | ✓ |
| Web App Calls a web API | ✓ | ✓ | ✓ | ✓ |
Getting Started
Prerequisites
- Have Python 3.8+ installed
- Clone from its repo or download its zip package, and then start using it or build on top of it.
cd project_name- Run
pip install -r requirements.txtto install dependencies - Run
flask run -h localhostand then browse to http://localhost:5000 You may need to change to a different port to match your redirect_uri setup.
How to configure and use this sample
| Microsoft Entra ID | Microsoft Entra External ID | Microsoft Entra External ID with Custom Domain | Azure Active Directory B2C | |
|---|---|---|---|---|
| App Registration | Following only the step 1, 2 and 3 of this [Quickstart: Add sign-in with Microsoft to a Python web app](https://learn.microsoft.com/entra/identity-platform/quickstart-web-app-python-sign-in?tabs=windows) | Follow only the page 1 of this [Tutorial: Prepare your customer tenant ...](https://learn.microsoft.com/entra/external-id/customers/tutorial-web-app-python-flask-prepare-tenant) | Coming soon. | Following only the step 1 and 2 (including 2.1 and 2.2) of this [Configure authentication in a sample Python web app by using Azure Active Directory B2C](https://learn.microsoft.com/azure/active-directory-b2c/configure-authentication-sample-python-web-app?tabs=linux) |
| Configuration | Copy this [Entra ID template](.env.sample.entra-id) as `.env` and then modify `.env` with your app's settings. | Copy this [External ID template](.env.sample.external-id) as `.env` and then modify `.env` with your app's settings. | Copy this [External ID with Custom Domain template](.env.sample.external-id-custom-domain) as `.env` and then modify `.env` with your app's settings. | Copy this [Azure Active Directory B2C template](.env.sample.b2c) as `.env` and then modify `.env` with your app's settings. |
| Do not reverse the order of the configuration steps above. If you put your app credentials into the template and then copy it into `.env`, you risk accidentally committing your templates with credentials into Version Control System. | ||||
| Web App Sign In & Sign Out | With the basic configuration above, you can now browse to the index page of this sample to try the sign-in/sign-out experience. | |||
| Web App Calls a web API | Add the web API's *endpoint* into your `.env` file. Also add the *scopes* it needs, separated by space. The following example is the settings needed to call the Microsoft Graph API. You may need to replace the their values with your own API endpoint and its scope.. ```ini ENDPOINT=https://graph.microsoft.com/v1.0/me SCOPE=User.Read ``` Now restart this sample and try its "Call API" experience. | |||
| Deploy to [Azure App Service](https://azure.microsoft.com/en-us/products/app-service) | * Follow the ["Quickstart: Deploy a Python (Django or Flask) web app to Azure App Service"](https://learn.microsoft.com/en-us/azure/app-service/quickstart-python), but replace its sample app (which does not do user sign-in) with this web app. * [Configure your app's settings](https://learn.microsoft.com/en-us/azure/app-service/configure-common?tabs=portal#configure-app-settings) to define environment variables mentioned in the **Configuration** row of this table. * If your `app_config.py` contains `SESSION_TYPE = "filesystem"`, you shall turn on "session affinity" (a.k.a. "ARR affinity") in your [App Service Web App's Configuration](https://learn.microsoft.com/en-us/azure/app-service/configure-common?tabs=portal#configure-general-settings) | |||
How to build this sample (or a new web project) from scratch
You can follow the instructions for Flask, from the underlying library.
You can refer to the
source code of this full sample here
to pick up other minor details, such as how to modify app.py accordingly,
and how to add templates for the new view (and for the existing index() view).
Contributing
If you find a bug in the sample, please raise the issue on GitHub Issues.
If you'd like to contribute to this sample, see CONTRIBUTING.MD.
This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.