Azure Function App using python: how to get the principal name and ID information
I have set up the identity provider for my Function App. When I access the function URL:
https://myfunc-dev-we-01.azurewebsites.net/api/http_trigger
it correctly redirects me to the Microsoft authentication page, and authentication works fine.
However, my goal is to retrieve the authenticated user's email. I attempted to extract it using the X-MS-CLIENT-PRINCIPAL header, but I’m unable to get it to work.
Here’s my current Function App code:
import azure.functions as func
import logging
import base64
import json
app = func.FunctionApp(http_auth_level=func.AuthLevel.ANONYMOUS)
@app.route(route="http_trigger")
def http_trigger(req: func.HttpRequest) -> func.HttpResponse:
logging.info('Python HTTP trigger function processed a request.')
# Retrieve the X-MS-CLIENT-PRINCIPAL header
client_principal_header = req.headers.get('X-MS-CLIENT-PRINCIPAL')
logging.info(f"X-MS-CLIENT-PRINCIPAL header: {client_principal_header}")
user_name = None
if client_principal_header:
try:
# Decode the Base64-encoded header
decoded_header = base64.b64decode(client_principal_header).decode('utf-8')
logging.info(f"Decoded X-MS-CLIENT-PRINCIPAL: {decoded_header}")
client_principal = json.loads(decoded_header)
# Log the entire client principal for debugging
logging.info(f"Client Principal: {client_principal}")
# Extract the user's name from the claims
user_name = client_principal.get('userPrincipalName') or client_principal.get('name')
except Exception as e:
logging.error(f"Error decoding client principal: {e}")
if user_name:
return func.HttpResponse(f"Hello, {user_name}. This HTTP triggered function executed successfully.")
else:
return func.HttpResponse(
"This HTTP triggered function executed successfully. However, no authenticated user information was found.",
status_code=200
)
Issue:
I keep getting the response:
This HTTP triggered function executed successfully. However, no authenticated user information was found.
What am I missing?
Do I need to configure additional settings in Azure AD authentication for the email claim to be included?
Is there another way to retrieve the authenticated user’s email?
This is my authentication setup
As a side note:
I'm the guest user, and identities are as ExternalAzureAD 
And people from the company itself,
Could this be the issue?
I modified your code to use the claims array from the X-MS-CLIENT-PRINCIPAL header instead of relying on top-level keys like userPrincipalName and I successfully retrieved the email ID after authenticating to the Function App.
I have added below lines to the code.
for claim in claims:
if claim.get("typ") in [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"preferred_username",
"name"
]:
user_email = claim.get("val")
Complete Code:
import azure.functions as func
import logging
import base64
import json
app = func.FunctionApp(http_auth_level=func.AuthLevel.ANONYMOUS)
@app.route(route="http_trigger")
def http_trigger(req: func.HttpRequest) -> func.HttpResponse:
logging.info('Python HTTP trigger function processed a request.')
client_principal_header = req.headers.get('X-MS-CLIENT-PRINCIPAL')
user_email = None
if client_principal_header:
try:
decoded = base64.b64decode(client_principal_header).decode('utf-8')
client_principal = json.loads(decoded)
claims = client_principal.get("claims", [])
for claim in claims:
if claim.get("typ") in [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"preferred_username",
"name"
]:
user_email = claim.get("val")
break
except Exception as e:
logging.error(f"Failed to parse client principal: {e}")
if user_email:
return func.HttpResponse(f"Hello, {user_email}. You are authenticated.")
else:
return func.HttpResponse(
"No authenticated user information found. Please ensure authentication is configured.",
status_code=200
)
Output:
I successfully retrieved the email ID after authenticating to the Function App.
- Avoid to stop on first PDF file?
- torchaudio can't find FFmpeg
- How to create Python event that should invoke on before windows sleep mode
- Import error when using twine and wheel to upload python package to PYPI
- how to update / replace a file in a Django FileField()
- Dealing with HTTP and websocket connections on the backend
- Server port config lost?
- Is there a python implementation of websocket server over asyncore
- Gracefully terminating Autobahn ApplicationRunner().run() using signal.SIGINT
- Caller identification in Autobahn | Python
- How can I use a different version of python during NPM install?
- Importing PNG files into Numpy?
- Overwrite image in PIL instead of opening new window
- Running a python script in the background, then passing an event to end it after a given amount of time
- pyzbar not appear to have a `decode` function, receiving ImportError or AttributeError
- Python multiprocessing on a generator that reads files in
- python string to date ISO 8601
- (Python, Numpy: type hinting), How to correctly convert "integer" value to "_DType@clip"?
- How to select the column from a Polars Dataframe that has the largest sum?
- Is there a built in function for string natural sort?
- python asking me for installed modules
- Windows 10 Linux subsystem - Python - String to computer clipboard
- enforce arguments to a specific list of values
- How to run Python script without typing `python` in terminal?
- What is wrong with using a bare 'except'?
- "TypeError: 'tuple' object is not callable" error in Python while trying to get a object in tuple by indexing
- VS Code can't open ipynb file
- Convert relative URL to fully qualified URL using Python
- How can I find positive integers n,k,x such that a symmetric fourth-power equation is satisfied exactly?
- How do i connect all the dots on my circle so that it makes a pattern?