Azure Function App using python: how to get the principal name and ID information
I have set up the identity provider for my Function App. When I access the function URL:
https://myfunc-dev-we-01.azurewebsites.net/api/http_trigger
it correctly redirects me to the Microsoft authentication page, and authentication works fine.
However, my goal is to retrieve the authenticated user's email. I attempted to extract it using the X-MS-CLIENT-PRINCIPAL header, but I’m unable to get it to work.
Here’s my current Function App code:
import azure.functions as func
import logging
import base64
import json
app = func.FunctionApp(http_auth_level=func.AuthLevel.ANONYMOUS)
@app.route(route="http_trigger")
def http_trigger(req: func.HttpRequest) -> func.HttpResponse:
logging.info('Python HTTP trigger function processed a request.')
# Retrieve the X-MS-CLIENT-PRINCIPAL header
client_principal_header = req.headers.get('X-MS-CLIENT-PRINCIPAL')
logging.info(f"X-MS-CLIENT-PRINCIPAL header: {client_principal_header}")
user_name = None
if client_principal_header:
try:
# Decode the Base64-encoded header
decoded_header = base64.b64decode(client_principal_header).decode('utf-8')
logging.info(f"Decoded X-MS-CLIENT-PRINCIPAL: {decoded_header}")
client_principal = json.loads(decoded_header)
# Log the entire client principal for debugging
logging.info(f"Client Principal: {client_principal}")
# Extract the user's name from the claims
user_name = client_principal.get('userPrincipalName') or client_principal.get('name')
except Exception as e:
logging.error(f"Error decoding client principal: {e}")
if user_name:
return func.HttpResponse(f"Hello, {user_name}. This HTTP triggered function executed successfully.")
else:
return func.HttpResponse(
"This HTTP triggered function executed successfully. However, no authenticated user information was found.",
status_code=200
)
Issue:
I keep getting the response:
"This HTTP triggered function executed successfully. However, no authenticated user information was found."
What am I missing?
Do I need to configure additional settings in Azure AD authentication for the email claim to be included?
Is there another way to retrieve the authenticated user’s email?
EDIT: For more information this is my authenication setup
AS a side note:
Im the guest user, and identities are as ExternalAzureAD 
And poeple from company itself,
COULD THIS BE THE ISSUE?
I modified your code to use the claims array from the X-MS-CLIENT-PRINCIPAL header instead of relying on top-level keys like userPrincipalName and I successfully retrieved the email ID after authenticating to the Function App.
I have added below lines to the code.
for claim in claims:
if claim.get("typ") in [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"preferred_username",
"name"
]:
user_email = claim.get("val")
Comeplete Code :
import azure.functions as func
import logging
import base64
import json
app = func.FunctionApp(http_auth_level=func.AuthLevel.ANONYMOUS)
@app.route(route="http_trigger")
def http_trigger(req: func.HttpRequest) -> func.HttpResponse:
logging.info('Python HTTP trigger function processed a request.')
client_principal_header = req.headers.get('X-MS-CLIENT-PRINCIPAL')
user_email = None
if client_principal_header:
try:
decoded = base64.b64decode(client_principal_header).decode('utf-8')
client_principal = json.loads(decoded)
claims = client_principal.get("claims", [])
for claim in claims:
if claim.get("typ") in [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"preferred_username",
"name"
]:
user_email = claim.get("val")
break
except Exception as e:
logging.error(f"Failed to parse client principal: {e}")
if user_email:
return func.HttpResponse(f"Hello, {user_email}. You are authenticated.")
else:
return func.HttpResponse(
"No authenticated user information found. Please ensure authentication is configured.",
status_code=200
)
Output :
I successfully retrieved the email ID after authenticating to the Function App.
- Multiple artificial neural networks
- Are Python flask order of routes defined?
- Concatenate rows for two columns in panda dataframe
- Get list from pandas dataframe column or row?
- How to find probability distribution and parameters for real data?
- Does requests.codes.ok include a 304?
- How to define a Bash variable from Python EOF
- Gamma Function in Python
- Python: Convert 2-digit / 4-digit year
- How to flatten a mapping constructed from a tagged scalar using ruamel.yaml
- Why only one warning in a loop?
- pprint(): how to use double quotes to display strings?
- module 'numpy' has no attribute '_no_nep50_warning'
- Python Decorator class with arguments
- How to tell flake8 to ignore comments
- How do I find the duplicates in a list and create another list with them?
- Python: AttributeError: '_io.TextIOWrapper' object has no attribute 'split'
- Work with bytes in python
- Snakemake in cluster different ways
- Accessing class variables from a list comprehension in the class definition
- use vpn with python requests
- Python insert UTF8 string into SQLite
- How to get the origin URL in FastAPI?
- Error : File-like object does not have a 'write' method, required for mode 'ostream'
- How to run a Python 3 tkinter app without opening any Terminal windows in Mac OS X?
- Deleting multiple indexes from a list at once - python
- Python: can I modify a Tuple?
- Why can tuples contain mutable items?
- Using Python's Selenium, a page displays blank although it's displayed correctly using normal browsing
- What is the "endpoint" in flask's .add_url_rule()?