search

AzureAD / microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
https://stackoverflow.com/questions/tagged/azure-ad-msal+python
Other
796 stars 200 forks source link

Generate access token for a Managed identity #548

Closed pievalentin closed 1 year ago

pievalentin commented 1 year ago

Bug description

I am an Azure costumer. I can't use MSAL to generate an access token for the scope of my app reg using my managed identity.

I have this setup:

It might be related to #58

To Reproduce

  1. Create an app reg with a custom role
  2. Create a managed identity
  3. Assign the custom role to the managed identity
  4. Create a compute instance and assigned it the managed identity
  5. In the compute instance run: 
    from azure.identity import ManagedIdentityCredential
cred = ManagedIdentityCredential(client_id="<managed-identity-client-id>")
token = cred.get_token("api://<app-reg-client-id>/.default")

    The code will run indefinitely

Expected behavior After running token = cred.get_token("api://<app-reg-client-id>/.default") the token should be generated

What you see instead image Code is still running and no token is generated.

The MSAL Python version you are using 1.21.0

rayluo commented 1 year ago

Hi @pievalentin , your code snippet is using a different library, Azure SDK for Python, so, you would want to create a similar github issue there.

This repo here is about Microsoft Authentication Library (MSAL) for Python. MSAL Python is currently implementing Managed Identity feature. If you are interested in trying out the bleeding edge, you can follow the instruction in #480 to try it out.

pievalentin commented 1 year ago

Oh my bad. Thanks a lot for the kind and fast help @rayluo. Will try what you suggested on my company laptop tomorrow morning!

pievalentin commented 1 year ago

My azureml environment is very restricted (SSL inspection), I have some trouble installing your draft PR. I am still working on it.

bgavrilMS commented 1 year ago

@rayluo - is this PR not merged? I though MSAL Py supports MI now. Can you please post a link to the sample and docs?