Search code examples
pythonazure-active-directoryadalazure-ad-msalmicrosoft-graph-mail

Microsoft Identity Platform with web application (In Python)***

I have been working with 'Integration of Microsoft Identity Platform with a Python web application' ( https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-python-webapp). I am trying to access the graph API by Microsoft with the help of a python web application.

To be quick , my problem is : After success acceptance of credentials of microsoft account, it's showing me this issue on web page : We're unable to complete your request:invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.

I tried looking at many solutions, but none of them worked. I tried this solution too - https://github.com/microsoftgraph/msgraph-training-uwp/issues/15

But it is not solving the issue for python. Issue remains the same.

I did everything as per the instructions -

  1. Download python project from microsoft graph api docs (https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-python-webapp)

  2. Registered in the Azure App registration.

  3. Authentication - Redirect Uri - http://localhost:5000/getAToken ( url suggested by docs) -> I added same url in azure, I also tried putting 'https' and 'http' both.

  4. Obtained the secret key. (under certificates and secret)

  5. Added the required permissions.

  6. I changed the app.config file taking all details from my azure app registration ( I am adding the code below ) 7.I did not change anything in my app.py file.

  7. Started Flask server and finally opened the required localhost address.

Please help me where I went wrong and what corrections I have to make. I'll really appreciate it. Thanking you in advance.

App.config

import os

CLIENT_SECRET = "my key" 

AUTHORITY = "https://login.microsoftonline.com/common"  # For multi-tenant app

CLIENT_ID = "my id here"

REDIRECT_PATH = "/getAToken"    

ENDPOINT = 'https://graph.microsoft.com/v1.0/users'  

SCOPE = ["User.ReadBasic.All"]

SESSION_TYPE = "filesystem"  # So token cache will be stored in server-side session
Solution

  • My problem got solved ,always check these :

    1. When you created the app registration, you need to select for supported account types: Accounts in any organizational directory (Any Azure AD Ddirectory-multitenant) and personal Microsoft accounts.

    2. Enter your redirect URI in Web configuration, I was doing in SPA which was wrong.

    3. Instead of typing http://127.0.0.1:5000/ type 'http://localhost:5000/' in browser. I know it's same but it made a difference for me.

    4. You cannot use a free microsoft account for Azure active directory, you have to use paid premium version. You can give card details and use it for a month for free.

    hope it helps. Thankyou