AuthenticationContext Class

Retrieves authentication tokens from Azure Active Directory.

For usages, check out the "sample" folder at: https://github.com/AzureAD/azure-activedirectory-library-for-python

Creates a new AuthenticationContext object.

By default the authority will be checked against a list of known Azure Active Directory authorities. If the authority is not recognized as one of these well known authorities then token acquisition will fail. This behavior can be turned off via the validate_authority parameter below.

Inheritance
builtins.object
AuthenticationContext

Constructor

AuthenticationContext(authority, validate_authority=None, cache=None, api_version=None, timeout=None, enable_pii=False, verify_ssl=None, proxies=None)

Parameters

Name Description
authority
Required
str

A URL that identifies a token authority. It should be of the format https://login.microsoftonline.com/your_tenant

validate_authority

(optional) Turns authority validation on or off. This parameter default to true.

Default value: None
cache

(optional) Sets the token cache used by this AuthenticationContext instance. If this parameter is not set, then a default is used. Cache instances is only used by that instance of the AuthenticationContext and are not shared unless it has been manually passed during the construction of other AuthenticationContexts.

Default value: None
api_version

(optional) Specifies API version using on the wire. Historically it has a hardcoded default value as "1.0". Developers have been encouraged to set it as None explicitly, which means the underlying API version will be automatically chosen. Starting from ADAL Python 1.0, this default value becomes None.

Default value: None
timeout

(optional) requests timeout. How long to wait for the server to send data before giving up, as a float, or a (connect timeout, read timeout) tuple.

Default value: None
enable_pii

(optional) Unless this is set to True, there will be no Personally Identifiable Information (PII) written in log.

Default value: False
verify_ssl

(optional) requests verify. Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use. If this value is not provided, and ADAL_PYTHON_SSL_NO_VERIFY env varaible is set, behavior is equivalent to verify_ssl=False.

Default value: None
proxies

(optional) requests proxies. Dictionary mapping protocol to the URL of the proxy. See http://docs.python-requests.org/en/master/user/advanced/#proxies for details.

Default value: None

Methods

acquire_token

Gets a token for a given resource via cached tokens.

acquire_token_with_authorization_code

Gets a token for a given resource via authorization code for a server app.

acquire_token_with_client_certificate

Gets a token for a given resource via certificate credentials

acquire_token_with_client_credentials

Gets a token for a given resource via client credentials.

acquire_token_with_device_code

Gets a new access token using via a device code.

acquire_token_with_refresh_token

Gets a token for a given resource via refresh tokens

acquire_token_with_username_password

Gets a token for a given resource via user credentails.

acquire_user_code

Gets the user code info which contains user_code, device_code for authenticating user on device.

cancel_request_to_get_token_with_device_code

Cancels the polling request to get token with device code.

acquire_token

Gets a token for a given resource via cached tokens.

acquire_token(resource, user_id, client_id)

Parameters

Name Description
resource
Required
str

A URI that identifies the resource for which the token is valid.

user_id
Required
str

The username of the user on behalf this application is authenticating.

client_id
Required
str

The OAuth client id of the calling application.

Returns

Type Description

dic with several keys, include "accessToken" and "refreshToken".

acquire_token_with_authorization_code

Gets a token for a given resource via authorization code for a server app.

acquire_token_with_authorization_code(authorization_code, redirect_uri, resource, client_id, client_secret=None, code_verifier=None)

Parameters

Name Description
authorization_code
Required
str

An authorization code returned from a client.

redirect_uri
Required
str

the redirect uri that was used in the authorize call.

resource
Required
str

A URI that identifies the resource for which the token is valid.

client_id
Required
str

The OAuth client id of the calling application.

client_secret
str

(only for confidential clients)The OAuth client secret of the calling application. This parameter if not set, defaults to None

Default value: None
code_verifier
str

(optional)The code verifier that was used to obtain authorization code if PKCE was used in the authorization code grant request.(usually used by public clients) This parameter if not set, defaults to None

Default value: None

Returns

Type Description

dict with several keys, include "accessToken" and "refreshToken".

acquire_token_with_client_certificate

Gets a token for a given resource via certificate credentials

acquire_token_with_client_certificate(resource, client_id, certificate, thumbprint, public_certificate=None)

Parameters

Name Description
resource
Required
str

A URI that identifies the resource for which the token is valid.

client_id
Required
str

The OAuth client id of the calling application.

certificate
Required
str

A PEM encoded certificate private key.

thumbprint
Required
str

hex encoded thumbprint of the certificate.

public_certificate

if not None, it will be sent to the service for subject name and issuer based authentication, which is to support cert auto rolls. The value must match the certificate private key parameter.

Default value: None

Returns

Type Description

dict with several keys, include "accessToken".

acquire_token_with_client_credentials

Gets a token for a given resource via client credentials.

acquire_token_with_client_credentials(resource, client_id, client_secret)

Parameters

Name Description
resource
Required
str

A URI that identifies the resource for which the token is valid.

client_id
Required
str

The OAuth client id of the calling application.

client_secret
Required
str

The OAuth client secret of the calling application.

Returns

Type Description

dict with several keys, include "accessToken".

acquire_token_with_device_code

Gets a new access token using via a device code.

acquire_token_with_device_code(resource, user_code_info, client_id)

Parameters

Name Description
resource
Required
str

A URI that identifies the resource for which the token is valid.

user_code_info
Required

The code info from the invocation of "acquire_user_code"

client_id
Required
str

The OAuth client id of the calling application.

Returns

Type Description

dict with several keys, include "accessToken" and "refreshToken".

acquire_token_with_refresh_token

Gets a token for a given resource via refresh tokens

acquire_token_with_refresh_token(refresh_token, client_id, resource, client_secret=None)

Parameters

Name Description
refresh_token
Required
str

A refresh token returned in a tokne response from a previous invocation of acquireToken.

client_id
Required
str

The OAuth client id of the calling application.

resource
Required
str

A URI that identifies the resource for which the token is valid.

client_secret
str

(optional)The OAuth client secret of the calling application.

Default value: None

Returns

Type Description

dict with several keys, include "accessToken" and "refreshToken".

acquire_token_with_username_password

Gets a token for a given resource via user credentails.

acquire_token_with_username_password(resource, username, password, client_id)

Parameters

Name Description
resource
Required
str

A URI that identifies the resource for which the token is valid.

username
Required
str

The username of the user on behalf this application is authenticating.

password
Required
str

The password of the user named in the username parameter.

client_id
Required
str

The OAuth client id of the calling application.

Returns

Type Description

dict with several keys, include "accessToken" and "refreshToken".

acquire_user_code

Gets the user code info which contains user_code, device_code for authenticating user on device.

acquire_user_code(resource, client_id, language=None)

Parameters

Name Description
resource
Required
str

A URI that identifies the resource for which the device_code and user_code is valid for.

client_id
Required
str

The OAuth client id of the calling application.

language
str

The language code specifying how the message should be localized to.

Default value: None

Returns

Type Description

dict contains code and uri for users to login through browser.

cancel_request_to_get_token_with_device_code

Cancels the polling request to get token with device code.

cancel_request_to_get_token_with_device_code(user_code_info)

Parameters

Name Description
user_code_info
Required

The code info from the invocation of "acquire_user_code"

Returns

Type Description

None

Attributes

options