tessl/pypi-adal
Azure Active Directory Authentication Library for Python that provides OAuth2/OpenID Connect authentication flows and token management for accessing Azure AD protected resources
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-adal@1.2.0index.mddocs/
ADAL (Azure Active Directory Authentication Library)
A Python library that makes it easy for applications to authenticate to Azure Active Directory (AAD) in order to access AAD protected web resources. ADAL provides OAuth2 and OpenID Connect authentication flows with comprehensive token management, caching, and refresh capabilities.
Note: This library is legacy. Microsoft recommends migrating to MSAL Python for new projects.
Package Information
- Package Name: adal
- Version: 1.2.7
- Language: Python
- Installation:
pip install adal - License: MIT
- Dependencies: PyJWT, requests, python-dateutil, cryptography
Core Imports
import adalMost common usage pattern:
from adal import AuthenticationContext, TokenCache, AdalErrorIndividual imports:
from adal import (
AuthenticationContext,
TokenCache,
AdalError,
set_logging_options,
get_logging_options,
ADAL_LOGGER_NAME,
__version__
)Basic Usage
import adal
# Create authentication context
authority_url = 'https://login.microsoftonline.com/your-tenant-id'
context = adal.AuthenticationContext(authority_url)
# Authenticate using client credentials flow
resource = 'https://management.azure.com/'
client_id = 'your-client-id'
client_secret = 'your-client-secret'
token = context.acquire_token_with_client_credentials(
resource,
client_id,
client_secret
)
print("Access token:", token['accessToken'])
print("Token expires on:", token['expiresOn'])Architecture
ADAL follows a context-based architecture centered around the AuthenticationContext class:
- AuthenticationContext: Main entry point that manages authentication flows and token acquisition
- TokenCache: Thread-safe token storage with serialization/deserialization capabilities
- Authority: Validates and discovers OAuth2 endpoints for Azure AD tenants
- Token Management: Automatic refresh handling and cache integration
The library supports multiple OAuth2 flows including authorization code, client credentials, resource owner password credentials, refresh token, certificate-based authentication, and device code flows.
Capabilities
Authentication Flows
Core authentication functionality supporting all major OAuth2 flows for Azure Active Directory integration. Includes client credentials, username/password, authorization code, refresh token, certificate-based, and device code authentication methods.
class AuthenticationContext:
def __init__(self, authority, validate_authority=None, cache=None,
api_version=None, timeout=None, enable_pii=False,
verify_ssl=None, proxies=None): ...
@property
def options(self): ...
@options.setter
def options(self, val): ...
def acquire_token(self, resource, user_id, client_id): ...
def acquire_token_with_username_password(self, resource, username, password, client_id): ...
def acquire_token_with_client_credentials(self, resource, client_id, client_secret): ...
def acquire_token_with_authorization_code(self, authorization_code, redirect_uri,
resource, client_id, client_secret=None,
code_verifier=None): ...
def acquire_token_with_refresh_token(self, refresh_token, client_id, resource,
client_secret=None): ...
def acquire_token_with_client_certificate(self, resource, client_id, certificate,
thumbprint, public_certificate=None): ...Device Code Authentication
Specialized OAuth2 device code flow for applications running on devices without web browsers or with limited input capabilities, such as IoT devices, CLI tools, or applications on smart TVs.
class AuthenticationContext:
def acquire_user_code(self, resource, client_id, language=None): ...
def acquire_token_with_device_code(self, resource, user_code_info, client_id): ...
def cancel_request_to_get_token_with_device_code(self, user_code_info): ...Token Caching
Thread-safe token storage and management with serialization capabilities for persistent caching across application sessions. Supports token lookup, storage, removal, and automatic cleanup.
class TokenCache:
def __init__(self, state=None): ...
def find(self, query): ...
def add(self, entries): ...
def remove(self, entries): ...
def serialize(self): ...
def deserialize(self, state): ...
def read_items(self): ...
@property
def has_state_changed(self): ...Logging and Error Handling
Comprehensive logging system with PII scrubbing capabilities and custom exception handling for authentication errors. Includes correlation ID support and configurable log levels.
def set_logging_options(options=None): ...
def get_logging_options(): ...
class AdalError(Exception):
def __init__(self, error_msg, error_response=None): ...Types
Authentication Response
# Return type for all acquire_token_* methods
AuthenticationResult = dict[str, Any] # Contains:
# "accessToken": str - JWT access token
# "refreshToken": str - Refresh token (if available)
# "tokenType": str - Token type (usually "Bearer")
# "expiresIn": int - Seconds until expiration
# "expiresOn": str - ISO 8601 expiration timestamp
# "resource": str - Resource URI
# "userId": str - User identifier
# "userInfo": dict - User profile informationCache Query
# Query parameters for TokenCache.find()
CacheQuery = dict[str, Any] # Optional keys:
# "_clientId": str - OAuth client ID (note underscore prefix)
# "userId": str - User identifier
# "isMRRT": bool - Match multi-resource refresh tokensDevice Code Response
# Return type for acquire_user_code()
DeviceCodeResult = dict[str, Any] # Contains:
# "userCode": str - Code for user to enter
# "deviceCode": str - Device code for token requests
# "verificationUrl": str - URL where user enters code
# "expiresIn": int - Seconds until code expires
# "interval": int - Polling interval in seconds
# "message": str - Instructions for userConstants
__version__: str # Package version: "1.2.7"
ADAL_LOGGER_NAME: str # Logger name: "adal-python"