Closed copdips closed 7 months ago
What scenarios are you trying to implement?
For a daemon app which uses acquire_token_for_client()
only, you won't need account in the first place. Please follow the samples.
And if you are using a web app which deals with human user accounts, you shall follow our Flask web app sample or Django web app sample.
@rayluo Thanks for your prompt reply, it seems that the msal code has been evoluated since last year. In my previous notes, I have code example like follows:
app = msal.ConfidentialClientApplication(
config["client_id"],
authority=config["authority"],
client_credential=config["client_secret"],
)
result = app.acquire_token_silent(scopes=config["scope"], account=None)
if not result:
result = app.acquire_token_for_client(scopes=config["scope"])
By your given example, it seems that acquire_token_for_client()
tries to get token from the cache firstly already, it's very good, that I can combine the last three lines into one.
BTW, could you please explain a little the difference between msal.ConfidentialClientApplication
and azure.identity.aio.ClientSecretCredential
, by checking its source code, its get_token()
function seems to get token from cache firstly too, if token not found, fallback to new token generation.
Forgot to reply your question, yes my use case is just like what you supposed, a web app flask or django that calls an backend azure api always from the same client id.
it seems that the msal code has been evoluated since last year
Sure thing. We keep adding new feature into MSAL and its samples. If you haven't already, please subscribe/watch this repo (and those sample repos that I mentioned in my earlier message).
could you please explain a little the difference between
msal.ConfidentialClientApplication
andazure.identity.aio.ClientSecretCredential
Azure Identity library is built on top of MSAL. The functionality shall be comparable, if not equivalent. And Azure Identity provides a different API style. You can ask similar question in the Azure Identity's repo and get a perspective from there.
yes my use case is just like what you supposed, a web app flask or django that calls an backend azure api always from the same client id.
Then you shall really look into our Flask web app sample or Django web app sample.
Thanks a lot, in the meantime, I also found some very helpful insights from this issue https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/299
Describe the bug Hello,
When I use ConfidentialClientApplication, app.get_accounts() returns an empty list, so I cannot use the cache later.
To Reproduce Steps to reproduce the behavior:
Expected behavior accounts is not empty
What you see instead
app.acquire_token_for_client(scopes=config["scope"])
will return the object containing the tokenThe MSAL Python version you are using
msal 1.26.0 msal-extensions 1.1.0
Additional context Add any other context about the problem here.