{"id":359,"library":"msal","title":"Microsoft Authentication Library (MSAL) for Python","description":"The Microsoft Authentication Library (MSAL) for Python enables your app to access the Microsoft Cloud by supporting authentication with Microsoft Azure Active Directory (AAD) and Microsoft Accounts (MSA) using OAuth2 and OpenID Connect. Current version is 1.35.1, with regular updates addressing bugs and feature enhancements.","status":"active","version":"1.35.1","language":"python","source_language":"en","source_url":"https://github.com/AzureAD/microsoft-authentication-library-for-python","tags":["authentication","OAuth2","Microsoft","Azure","cloud"],"install":[{"cmd":"pip install msal","lang":"bash","label":"Install MSAL"}],"dependencies":[],"imports":[{"note":"Always use the correct module to prevent import errors.","symbol":"ConfidentialClientApplication","correct":"from msal import ConfidentialClientApplication"}],"quickstart":{"code":"import os\nfrom msal import ConfidentialClientApplication\n\nclient_id = os.environ.get('AZURE_CLIENT_ID', '')\nclient_secret = os.environ.get('AZURE_CLIENT_SECRET', '')\nauthority = 'https://login.microsoftonline.com/your_tenant_id'\napp = ConfidentialClientApplication(client_id, authority=authority, client_credential=client_secret)\ntoken_response = app.acquire_token_for_client(scopes=['https://graph.microsoft.com/.default'])\nprint(token_response)","lang":"python","description":"This example demonstrates how to acquire an access token for Azure AD."},"warnings":[{"fix":"Update your authentication flow to use authorization code flow or other supported options.","message":"Support for the Resource Owner Password Credentials (ROPC) flow is deprecated.","severity":"breaking","affected_versions":"< 1.35.0"},{"fix":"Always use uppercase letters for environment variables.","message":"Ensure environment variable names are correctly set (case-sensitive).","severity":"gotcha","affected_versions":"all"},{"fix":"Ensure the tenant ID or tenant name in the authority URL is correct and valid. Verify it against your Azure Active Directory / Microsoft Entra ID configuration. Double-check the format of the authority URL, e.g., 'https://login.microsoftonline.com/<tenant_id>' or 'https://login.microsoftonline.com/<tenant_name>.onmicrosoft.com'.","message":"Tenant ID or authority URL is incorrect or not found, leading to OIDC Discovery failure (AADSTS90002).","severity":"breaking","어를Affected_versions":"all"},{"fix":"Ensure the tenant ID or tenant name in the MSAL authority URL is correct and exists within the specified Microsoft Entra ID (Azure AD) cloud instance. Double-check the authority URL format. Examples include https://login.microsoftonline.com/your_tenant_id or https://tenant_name.ciamlogin.com or https://tenant_name.b2clogin.com/tenant.onmicrosoft.com/policy.","message":"Failed to get MSAL authority configuration due to an invalid or not found tenant ID in the provided authority URL.","severity":"breaking","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-05-12T13:16:44.538Z","next_check":"2026-06-27T00:00:00.000Z","problems":[{"fix":"Examine the 'error_description' field for specific AADSTS error codes and consult Microsoft Entra ID documentation for details. If Multi-Factor Authentication (MFA) is required, use an interactive token acquisition flow like `acquire_token_interactive`. Ensure your client secret or certificate is valid and not expired, and that your application's permissions and configuration in Azure AD are correct.","cause":"This general error indicates that the provided credentials or authorization grant is invalid, often due to expired credentials, MFA requirements, incorrect client secret/certificate, or misconfiguration of the application or tenant in Azure AD.","error":"{'error': 'invalid_grant', 'error_description': 'AADSTS...'}"},{"fix":"Always implement a fallback mechanism to an interactive token acquisition flow (e.g., `acquire_token_interactive` or `acquire_token_by_authorization_code`) if `acquire_token_silent` returns `None`. For hanging issues, verify network connectivity and ensure the application is correctly configured for the specific deployment environment.","cause":"`acquire_token_silent` attempts to retrieve a token from the cache without user interaction. It returns `None` if no suitable token is found (e.g., the token expired, or an interactive step like MFA or consent is required). In some environments, like EC2, it might hang due to underlying network or configuration issues preventing silent acquisition.","error":"`app.acquire_token_silent` returns None or hangs"},{"fix":"Before accessing specific keys like 'expires_in', always check if the key exists in the result dictionary. MSAL's successful responses contain 'access_token', while error responses contain 'error' and 'error_description'.","cause":"This error occurs when an attempt is made to access the 'expires_in' key in a dictionary returned by an MSAL token acquisition method, but the key is not present. This usually happens if the token acquisition failed or the response object does not contain the expected 'expires_in' field due to an unexpected format or an error condition.","error":"KeyError: 'expires_in'"},{"fix":"Double-check the `authority` URL passed to your MSAL application. Ensure it is precisely formatted (e.g., `https://login.microsoftonline.com/{tenant_id}` or `https://login.microsoftonline.com/common`) and that the tenant ID or name is correct and valid for your Azure AD setup.","cause":"This `ValueError` indicates that the authority URL provided during MSAL application initialization (e.g., in `ConfidentialClientApplication`) does not correctly match the issuer URL discovered from the OpenID Connect metadata endpoint for that authority. This is typically caused by a typo in the authority URL, an incorrect tenant ID, or a mismatch in the Azure AD configuration.","error":"ValueError: The issuer '{iss}' does not match the authority '{auth}' or a known pattern."}],"ecosystem":"pypi","meta_description":null,"install_score":100,"install_tag":"verified","quickstart_score":0,"quickstart_tag":"stale","pypi_latest":null,"install_checks":{"last_tested":"2026-05-12","tag":"verified","tag_description":"installs cleanly on critical runtimes, fast import, recently tested","results":[{"runtime":"python:3.10-alpine","python_version":"3.10","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.23,"mem_mb":9.1,"disk_size":"37.6M"},{"runtime":"python:3.10-slim","python_version":"3.10","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.2,"mem_mb":9.1,"disk_size":"38M"},{"runtime":"python:3.11-alpine","python_version":"3.11","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.3,"mem_mb":9.6,"disk_size":"40.1M"},{"runtime":"python:3.11-slim","python_version":"3.11","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.26,"mem_mb":9.6,"disk_size":"40M"},{"runtime":"python:3.12-alpine","python_version":"3.12","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.25,"mem_mb":9.3,"disk_size":"31.8M"},{"runtime":"python:3.12-slim","python_version":"3.12","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.27,"mem_mb":9.3,"disk_size":"32M"},{"runtime":"python:3.13-alpine","python_version":"3.13","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.23,"mem_mb":9.3,"disk_size":"31.4M"},{"runtime":"python:3.13-slim","python_version":"3.13","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.23,"mem_mb":9.3,"disk_size":"32M"},{"runtime":"python:3.9-alpine","python_version":"3.9","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.2,"mem_mb":8.9,"disk_size":"37.7M"},{"runtime":"python:3.9-slim","python_version":"3.9","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.18,"mem_mb":8.9,"disk_size":"38M"}]},"quickstart_checks":{"last_tested":"2026-04-23","tag":"stale","tag_description":"widespread failures or data too old to trust","results":[{"runtime":"python:3.10-alpine","exit_code":1},{"runtime":"python:3.10-slim","exit_code":1},{"runtime":"python:3.11-alpine","exit_code":1},{"runtime":"python:3.11-slim","exit_code":1},{"runtime":"python:3.12-alpine","exit_code":1},{"runtime":"python:3.12-slim","exit_code":1},{"runtime":"python:3.13-alpine","exit_code":1},{"runtime":"python:3.13-slim","exit_code":1},{"runtime":"python:3.9-alpine","exit_code":1},{"runtime":"python:3.9-slim","exit_code":1}]}}