Microsoft Graph Authentication using O365 python lib

Question

I'm adpting a basic script, that i did to send standardized emails to a list of emails, to use msal.

I used the msal python lib (v 1.21.0) like so:

import msal

redirect_url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize/"

tokens_dir = r"<PATH>"
token_filename = r"<TOKEN_FILENAME>"
scopes = ["Mail.Send","Mail.ReadWrite","User.Read"]

authority = f"https://login.microsoftonline.com/{tenant_id}/"
app = msal.ConfidentialClientApplication(client_id=client_id, client_credential=client_secret, authority=authority)

url = app.get_authorization_request_url(scopes=scopes, redirect_uri=redirect_url)

code = input("Token auth code:" )
app.acquire_token_by_authorization_code(code, scopes=scopes, redirect_uri=redirect_url)

For testing pourposes it's written on a ipython notebook. So I access the url given by the "get_authorization_request_url" method that was supposed to give me the authorization code.

But I'm getting this error AADSTS900144: The request body must contain the following parameter: 'client_id'. I found this post talking about this, but I don't know how to include the parameter on the body instead of the query.

Answer 1

I tried to reproduce the same in my environment and got below results:

I registered one Azure AD application and added API permissions as below:

In my case, I set redirect_url as https://jwt.ms for my application as below:

Now I ran same code in my Python notebook by modifying redirect_url and printing url to get code like below:

import msal

tenant_id = "3f5c7a77-062d-426c-8582-xxxxxxxxxxx"
client_id = "a26d7e57-0a26-4a0c-a756-xxxxxxxxxxx"
client_secret = "xxxxxxxxxxxxxxxxxxxxxx"
redirect_url = f"https://jwt.ms"

tokens_dir = r"<PATH>"
token_filename = r"<TOKEN_FILENAME>"
scopes = ["Mail.Send","Mail.ReadWrite","User.Read"]

authority = f"https://login.microsoftonline.com/{tenant_id}/"
app = msal.ConfidentialClientApplication(client_id=client_id, client_credential=client_secret, authority=authority)

url = app.get_authorization_request_url(scopes=scopes, redirect_uri=redirect_url)

print(url)

code = input("Token auth code:" )
app.acquire_token_by_authorization_code(code, scopes=scopes, redirect_uri=redirect_url)

Response:

When I clicked on the URL from response, it opened new tab to pick account like below:

After signing in, I got the consent screen with permissions like this:

After accepting the above consent, it took me to redirect_url with code in address bar like below:

When I entered this code in Token auth code: I got tokens successfully in response like this: