快速入门:向 Python Web 应用添加 Microsoft 登录功能Quickstart: Add sign-in with Microsoft to a Python web app

适用于:Applies to:
  • Microsoft 标识平台终结点Microsoft identity platform endpoint

本快速入门介绍如何将 Python Web 应用程序与 Microsoft 标识平台集成。In this quickstart, you'll learn how to integrate a Python web application with the Microsoft identity platform. 应用会将用户登录,获取用于调用 Microsoft Graph API 的访问令牌,并针对 Microsoft Graph API 发出请求。Your app will sign in a user, get an access token to call the Microsoft Graph API, and make a request to the Microsoft Graph API.

完成本指南后,该应用程序将接受任何公司或组织中使用 Azure Active Directory 的工作或学校帐户进行登录。When you've completed the guide, your application will accept sign-ins of work or school accounts from any company or organization that uses Azure Active Directory.

显示本快速入门生成的示例应用的工作原理

先决条件Prerequisites

若要运行此示例,需要:To run this sample, you will need:

注册并下载快速入门应用Register and download your quickstart app

可以使用两个选项来启动快速入门应用程序:“快速”(选项 1)和“手动”(选项 2)You have two options to start your quickstart application: express (Option 1), and manual (Option 2)

选项 1:注册并自动配置应用,然后下载代码示例Option 1: Register and auto configure your app and then download your code sample

  1. 访问 Azure 门户 - 应用注册Go to the Azure portal - App registrations.
  2. 选择“新注册”。 Select New registration.
  3. 输入应用程序的名称并选择“注册” 。Enter a name for your application and select Register.
  4. 遵照说明下载内容,系统会自动配置新应用程序。Follow the instructions to download and automatically configure your new application.

选项 2:注册并手动配置应用程序和代码示例Option 2: Register and manually configure your application and code sample

步骤 1:注册应用程序Step 1: Register your application

若要手动注册应用程序并将应用的注册信息添加到解决方案,请执行以下步骤:To register your application and add the app's registration information to your solution manually, follow these steps:

  1. 使用工作或学校帐户登录到 Azure 门户Sign in to the Azure portal using a work or school account.

  2. 如果你的帐户有权访问多个租户,请在右上角选择该帐户,并将门户会话设置为所需的 Azure AD 租户。If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the desired Azure AD tenant.

  3. 导航到面向开发人员的 Microsoft 标识平台的应用注册页。Navigate to the Microsoft identity platform for developers App registrations page.

  4. 选择“新注册”。 Select New registration.

  5. 出现“注册应用程序”页后,请输入应用程序的注册信息: When the Register an application page appears, enter your application's registration information:

    • 在“名称” 部分输入一个会显示给应用用户的有意义的应用程序名称,例如 python-webappIn the Name section, enter a meaningful application name that will be displayed to users of the app, for example python-webapp.
    • 在“支持的帐户类型”下,选择“任何组织目录中的帐户”。 Under Supported account types, select Accounts in any organizational directory.
    • 在“重定向 URI”部分的下拉列表中,选择“Web”平台,然后将值设置为 http://localhost:5000/getATokenUnder the Redirect URI section, in the drop-down list, select the Web platform, and then set the value to http://localhost:5000/getAToken.
    • 选择“注册” 。Select Register. 在应用的“概述”页上,记下“应用程序(客户端) ID”值,供稍后使用 。On the app Overview page, note the Application (client) ID value for later use.
  6. 在左侧菜单中选择“证书和机密”,然后在“客户端机密”部分单击“新建客户端机密”: On the left hand menu, choose Certificates & secrets and click on New client secret in the Client Secrets section:

    • 键入(实例应用机密)的密钥说明。Type a key description (of instance app secret).
    • 选择密钥持续时间“1 年”。 Select a key duration of In 1 year.
    • 单击“添加”时,将显示密钥值。 When you click on Add, the key value will be displayed.
    • 复制密钥的值。Copy the value of the key. 稍后需要用到此值。You will need it later.

步骤 1:在 Azure 门户中配置应用程序Step 1: Configure your application in Azure portal

若要正常运行本快速入门中的代码示例,需要:For the code sample for this quickstart to work, you need to:

  1. 将答复 URL 添加为 http://localhost:5000/getATokenAdd a reply URL as http://localhost:5000/getAToken.
  2. 创建客户端机密。Create a Client Secret.

已配置 应用程序已使用此属性进行配置Already configured Your application is configured with this attribute

步骤 2:下载项目Step 2: Download your project

下载代码示例Download the Code Sample

步骤 3:配置应用程序Step 3: Configure the Application

  1. 将 zip 文件提取到更靠近根文件夹的本地文件夹(例如,C:\Azure-SamplesExtract the zip file to a local folder closer to the root folder - for example, C:\Azure-Samples
  2. 如果使用集成开发环境,请在偏好的 IDE 中打开示例(可选)。If you use an integrated development environment, open the sample in your favorite IDE (optional).
  3. 打开 app_config.py 文件,该文件可以在根文件夹中找到,并替换为以下代码片段:Open the app_config.py file, which can be found in the root folder and replace with the following code snippet:
AUTHORITY = "https://login.partner.microsoftonline.cn/Enter_the_Tenant_Name_Here"
CLIENT_ID = "Enter_the_Application_Id_here"
CLIENT_SECRET = "Enter_the_Client_Secret_Here"
SCOPE = ["https://microsoftgraph.chinacloudapi.cn/User.Read"]
REDIRECT_URI = "http://localhost:5000/getAToken"

其中:Where:

  • Enter_the_Application_Id_here - 是已注册应用程序的应用程序 ID。Enter_the_Application_Id_here - is the Application Id for the application you registered.
  • Enter_the_Tenant_Info_Here - 是下述选项之一:Enter_the_Tenant_Info_Here - is one of the options below:
    • 如果应用程序支持“仅我的组织”, 请将该值替换为租户 ID租户名称(例如 contoso.partner.onmschina.cn)If your application supports My organization only, replace this value with the Tenant Id or Tenant name (for example, contoso.partner.onmschina.cn)
    • 如果应用程序支持“任何组织目录中的帐户”,请将该值替换为 organizationsIf your application supports Accounts in any organizational directory, replace this value with organizations
  • Enter_the_Client_Secret_Here - 是你在“证书和机密” 中为注册的应用程序创建的客户端密码Enter_the_Client_Secret_Here - is the Client Secret you created in Certificates & Secrets for the application you registered.

步骤 4:运行代码示例Step 4: Run the code sample

  • 需要安装 MSAL Python 库、Flask 框架、Flask-Sessions,以便使用 pip 进行服务器端会话管理和请求,如下所示:You will need to install MSAL Python library, Flask framework, Flask-Sessions for server-side session management and requests using pip as follows:
pip install msal
pip install flask
pip install Flask-Session
pip install requests
  • 如果已设置 Flask 的环境变量:从 shell 或命令行运行 app.py:If the environment variable for Flask is already set: Run app.py from shell or command line:
python app.py
  • 如果未设置 Flask 的环境变量:If the environment variable for Flask is not set:

    1. 通过导航到项目目录,在 shell 或命令行中键入以下命令:Type the following commands on shell or command line by navigating to the project directory:
export FLASK_APP=app.py
export FLASK_DEBUG=1
flask run

帮助和支持Help and support

如果需要帮助、需要报告问题,或者需要详细了解支持选项,请参阅以下文章:If you need help, want to report an issue, or want to learn more about your support options, see the following article: