python-o365 icon indicating copy to clipboard operation
python-o365 copied to clipboard
verified publisher icon O365

User Provided Authentication

Open PvanHengel opened this issue 2 years ago • 9 comments

Hi,

This library looks great, and the way it is plugged into langchain is super cool. Question: our users are already authenticated interactively through the front end of our app, and we have the access token required, is there a way we can bypass all the authentication logic, and just give the token? Ive been trying to fool it in the Account Setup, by passing a custom token backend seeded with the token, but pydantic and other places, do not allow it to work unless we call the authenticate function, which has a good amount of rigidity in its checks to get the user in various ways, but none let an external token /session to be provided. Any guidance would be great!

PvanHengel avatar Jul 20 '23 16:07 PvanHengel

Yep you can either use the default tokenbackend and store the token as json in a file or define your own tockendbacked that get and sets the token somehow (environment, databade, etc). There are some already done tockendbackends like firebase and more.

alejcas avatar Jul 20 '23 18:07 alejcas

agreed yes we can easily use different token stores, my issue is around how the token is acquired we have a react front end that does all the work and want to be able to pass the token to the python back end, basically no token store needed, the current flows as I understand it do not allow for the access token to be provided externally

PvanHengel avatar Jul 20 '23 20:07 PvanHengel

To acquire the token (if you are authenticating on behalf of a user) check:

https://github.com/O365/python-o365#different-authentication-interfaces

There's is an example on how to do it using a web app interface

alejcas avatar Jul 21 '23 07:07 alejcas

Thanks yea I saw that this flow assumes we are doing three legged and the back end, we are using pkce on front end so the token is maintained there using the msal library, we can pass the current token to the api on the back end when we make the request. This flow assumes the redirect and codes exchange for the token.

PvanHengel avatar Jul 21 '23 11:07 PvanHengel

I am trying to achieve a similar thing. I have a Streamlit application that users sign in via MSAL so a token is already held.

From there I am struggling to ascertain how to pass the existing token to call O365 functions without directly authenticating via O365.

djk1983 avatar Dec 10 '23 15:12 djk1983

It should be possible to load the msal token info into a O364 token class. It’s just json with the token info

i can look into it if you can extract this token info from msal

alejcas avatar Dec 10 '23 16:12 alejcas

That would be very helpful. I can access the token, which is currently held in memory. I would like to avoid writing to disk as I have not yet created secure storage.

djk1983 avatar Dec 11 '23 12:12 djk1983

I didn't have time for this. But if you have access to the msal token you can extract the token info and load it into a token class then use it in O365

alejcas avatar Jan 08 '24 08:01 alejcas

I have already authenticated my app with the Azur App Directory and obtained the necessary credentials. CLIENT_ID and CLIENT_SECRET. But, When I am trying to connect LangChain by specifying credentials, I am getting ERROR: AADSTS900971: No reply address provided.

akesh1235 avatar Mar 11 '24 08:03 akesh1235