Unable to acquire token using client certificate authentication in Python
To obtain a token with client secret authentication, we followed these steps:
- Registered an application in the Azure portal and got the client ID and client secret.
- Added Microsoft Graph permissions with administrator consent
from msal import ConfidentialClientApplication
client_id = "xxxxxx"
client_secret = "yyyyyyy"
tenant_id = "zzzzzzz"
authority_url = f"https://login.microsoftonline.com/{tenant_id}"
app = ConfidentialClientApplication(
client_id=client_id,
client_credential=client_secret,
authority=authority_url
)
scope = "https://graph.microsoft.com/.default"
result = app.acquire_token_for_client(scopes=scope)
access_token = result.get("access_token")
print(access_token)
We are looking for a way to use client certificate authentication instead of client secret, but we cannot find any Python code that works.
Solution
I registered one Entra ID application and added permissions with consent as below:
Now, I ran below commands to create private key and certificate like this:
openssl genrsa -out sridemo.pem 2048
openssl req -new -key sridemo.pem -out sridemo.csr
openssl x509 -req -days 365 -in sridemo.csr -signkey sridemo.pem -out sridemo.crt
Response:
When I checked the folder in that path, files created successfully like this:
Now, upload sridemo.crt file to your Entra ID app registration and note thumbprint value:
To generate the access token using client certificate, make use of below sample Python code:
from msal import ConfidentialClientApplication
tenant_id = "your_tenant_id"
client_id = "your_client_id"
authority = f"https://login.microsoftonline.com/{tenant_id}"
certificate_path = "path/to/your/certificate.pem"
certificate_thumbprint = "your_certificate_thumbprint"
scope = "https://graph.microsoft.com/.default"
app = ConfidentialClientApplication(
client_id,
authority=authority,
client_credential={"thumbprint": certificate_thumbprint, "private_key": open(certificate_path).read()},
)
token_response = app.acquire_token_for_client(scopes=[scope])
access_token = token_response.get("access_token")
print("Access Token:", access_token)
Response:
When I decoded the above token in jwt.ms, I got aud and roles claims with valid values like this:
Reference: Client credentials - Microsoft Authentication Library for Python | Microsoft
- ImproperlyConfigured: You're using the staticfiles app without having set the STATIC_ROOT setting to a filesystem path
- With Pydantic V2 and model_validate, how can I create a "computed field" from an attribute of an ORM model that IS NOT part of the Pydantic model
- Simple log filtering with Flask
- How can I access different Anaconda environment from Pycharm (on Windows 10)
- Create regex-like (run length encoding) of string s for blocks of a given length k
- Failed scipy install using pip on Windows [Preparing metadata (pyproject.toml) did not run successfully]
- How to form tuple column from two columns in Pandas
- Filtering dictionary elements by few initial values
- Filter DataFrame events not in time windows DataFrame
- PyTorch .to(torch.device("cuda")) slow when first called?
- Finding many strings in directory
- How to set the default of a JSONField to empty list in Django and django-jsonfield?
- How to solve "OSError: telling position disabled by next() call"
- How can I stream a response from LangChain's OpenAI using Flask API?
- cannot import name 'randn_tensor' from 'diffusers.utils'
- Pylance doesn't catch all deprecated functions or classes
- Python: Cannot get attribute from superclass
- Python tkinter - grid configuration
- How do I override __getattr__ without breaking the default behavior?
- Algorithm for transformation of an 1-D-gradient into a special form of a 2-D-gradient
- Communication link failure with pyodbc
- Python - how to overwrite output from Markdown library
- Convert string based NaN's to numpy NaN's
- Selenium-Python returning empty text for one specific class or tag in HTML but not visible on webpage
- Referencing columns by assigned name in numpy array
- Pretty-print indices/coordinates of 2D Numpy array
- Can I force array numpy to keep its uint32 type?
- Reshape dataframe into a timeseries when time information is split into columns and index?
- Simple math addition
- Docker: ModuleNotFoundError: No module named 'tabulate'