Using aad_client

aad_client requires an Azure Active Directory App Registration (from the Azure Active Directory you want the application to authenticate against), and these parameters should then be set in environment variables (or a .env environment file) within the environment that fastapi is being served from.

Configuring the Azure Active Directory App Registration

There are several parts of the App Registration to Configure, and this depends if you want to run as a Daemon application or an Interactive application. The daemon application will need Azure Active Directory admin credentials to approve.

Once your app registration is configured, you need to configure your local environment, this can be done either via the authorisation object or the environmnet variables.

The device code flow seems to need the msal redirect URI enabled (msal<client-id>://auth).

Configuring via environment variables

There are several key parameters:

  • AAD_CLIENT_ID: The Azure Active Directory App Registration Client ID

  • AAD_TENANT_ID: The Azure Active Directory App Registration Client ID

The AAD_CLIENT_SECRET parameter is needed if your application is a daemon client (Generated from the certificates and secrets section of the app registration) (see above).

Using within python

class aad_client.AADAuthentication(client_id: Optional[str] = None, tenant_id: Optional[str] = None, client_secret: Optional[str] = None, scopes: Optional[List[str]] = None, username: Optional[str] = None)[source]

AAD Authentication Handler.

Initialise AAD App for device code authentication.

This can run both as a public app (requiring user login) or as a daemon app (requires a secret).

Keyword Arguments

  • client_id (Optional[str]) -- The client id, defaults to AAD_CLIENT_ID (or servicePrincipalid) if not provided

  • tenant_id (Optional[str]) -- The tenant id, defaults to AAD_TENANT_ID (or tenantId) if not provided

  • client_secret (Optional[str]) -- The client secret, defaults to AAD_CLIENT_SECRET (or servicePrincipalKey) if not provided, signifies a daemon application

  • scopes (Optional[List[str]]) -- The scopes to request as default, can be overridden throught the get_token method

  • username (Optional[str]) -- The username to use when running as a desktop app

get_tokens(scopes=None)[source]

Get the token.

property session

Get a requests session with authentication.