# Python

{% hint style="info" %}
<https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-python-adfs-support>
{% endhint %}

Example code below with help from Microsoft that got us through via federated account without the requirement to enable the public flow option on Azure App

```python
# https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/dev/sample/username_password_sample.py

import sys  # For simplicity, we'll read config file from 1st CLI param sys.argv[1]
import json
import logging

import requests
import msal


# Optional logging
# logging.basicConfig(level=logging.DEBUG)  # Enable DEBUG log for entire script
# logging.getLogger("msal").setLevel(logging.INFO)  # Optionally disable MSAL DEBUG logs

#config = json.load(open(sys.argv[1]))

# Create a preferably long-lived app instance which maintains a token cache.
app = msal.ClientApplication(
    client_id='8c*****-****-****-****-****b05****2', 
    authority='https://login.microsoftonline.com/*****b21-****-****-****-*****b7f0f3b',
    client_credential='b************Rc.**********wCwR**********',
    # token_cache=...  # Default cache is in memory only.
                       # You can learn how to use SerializableTokenCache from
                       # https://msal-python.readthedocs.io/en/latest/#msal.SerializableTokenCache
    )

# The pattern to acquire a token looks like this.
result = None

# Firstly, check the cache to see if this end user has signed in before
accounts = app.get_accounts(username='')
if accounts:
    logging.info("Account(s) exists in cache, probably with token too. Let's try.")
    result = app.acquire_token_silent(scope='user.read', account=accounts[0])

if not result:
    logging.info("No suitable token exists in cache. Let's get a new one from AAD.")
    # See this page for constraints of Username Password Flow.
    # https://github.com/AzureAD/microsoft-authentication-library-for-python/wiki/Username-Password-Authentication
    result = app.acquire_token_by_username_password(
        username='wen*****_khor@j***l.com', password='*****WSX****', scopes=['user.read'])
    print(result)
#if "access_token" in result:
#    # Calling graph using the access token
#    graph_data = requests.get(  # Use token to call downstream service
#       url='https://graph.microsoft.com/v1.0/users',
#        headers={'Authorization': 'Bearer ' + result['access_token']},).json()
#    print("Graph API call result: %s" % json.dumps(graph_data, indent=2))
else:
    print(result.get("error"))
    print(result.get("error_description"))
    print(result.get("correlation_id"))  # You may need this when reporting a bug
    if 65001 in result.get("error_codes", []):  # Not mean to be coded programatically, but...
        # AAD requires user consent for U/P flow
        print("Visit this to consent:", app.get_authorization_request_url(User.Read))

```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.jianny.net/work/azure/app-registration-auths/graph-ropc-federated-account/python.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.