function get_msal_app
Creates and returns a Microsoft Authentication Library (MSAL) PublicClientApplication instance configured for Azure AD authentication with the specified client and tenant IDs.
/tf/active/vicechatdev/mailsearch/example_script.py
22 - 24
simple
Purpose
This function initializes an MSAL PublicClientApplication object that can be used to authenticate users against Microsoft Azure Active Directory. It constructs the appropriate authority URL using the tenant ID and configures the application with the provided client ID. This is typically used as a prerequisite step before performing OAuth 2.0 authentication flows for Microsoft services.
Source Code
def get_msal_app(client_id: str, tenant_id: str) -> msal.PublicClientApplication:
authority = f"https://login.microsoftonline.com/{tenant_id}"
return msal.PublicClientApplication(client_id=client_id, authority=authority)Parameters
| Name | Type | Default | Kind |
|---|---|---|---|
client_id |
str | - | positional_or_keyword |
tenant_id |
str | - | positional_or_keyword |
Parameter Details
client_id: The Application (client) ID of the Azure AD app registration. This is a GUID that uniquely identifies your application in the Azure AD tenant. Can be found in the Azure Portal under App Registrations.
tenant_id: The Directory (tenant) ID of the Azure AD tenant. This is a GUID that identifies the Azure AD instance where the application is registered. Can also be 'common', 'organizations', or 'consumers' for multi-tenant scenarios.
Return Value
Type: msal.PublicClientApplication
Returns an instance of msal.PublicClientApplication configured with the specified client_id and authority URL. This object can be used to acquire tokens through various authentication flows such as interactive login, device code flow, or username/password authentication. The PublicClientApplication is designed for applications that cannot securely store client secrets (e.g., desktop apps, mobile apps).
Dependencies
msal
Required Imports
import msal
Usage Example
import msal
# Define your Azure AD application credentials
client_id = "12345678-1234-1234-1234-123456789abc"
tenant_id = "87654321-4321-4321-4321-cba987654321"
# Create the MSAL application instance
msal_app = get_msal_app(client_id, tenant_id)
# Use the app to acquire a token (example with device code flow)
scopes = ["User.Read"]
flow = msal_app.initiate_device_flow(scopes=scopes)
if "user_code" in flow:
print(flow["message"])
result = msal_app.acquire_token_by_device_flow(flow)
if "access_token" in result:
print("Authentication successful!")
access_token = result["access_token"]Best Practices
- Store client_id and tenant_id in environment variables or secure configuration files, not hardcoded in source code
- Use PublicClientApplication only for applications that cannot securely store secrets (desktop, mobile, CLI apps)
- For web applications or services, use ConfidentialClientApplication instead
- The tenant_id can be set to 'common' for multi-tenant applications, 'organizations' for any organizational account, or 'consumers' for personal Microsoft accounts
- Always validate that the returned msal_app object is properly initialized before attempting token acquisition
- Consider implementing token caching to avoid repeated authentication prompts
- Handle authentication errors gracefully and provide clear user feedback
Similar Components
AI-powered semantic similarity - components with related functionality:
-
function get_access_token 74.7% similar
-
function get_ms365_token_v1 69.0% similar
-
function get_ms365_token 67.7% similar
-
class AzureSSO_v1 61.8% similar
-
class AzureSSO 61.2% similar