{"id":6062,"library":"pymsalruntime","title":"PyMSALRuntime","description":"PyMSALRuntime is the Python interop package for the Microsoft Authentication Library (MSAL) Runtime. It acts as a low-level bridge, enabling Python applications, primarily through the MSAL Python library, to interact with the underlying OS-level authentication broker for enhanced security and single sign-on experiences. The current version is 0.20.2, released on January 9, 2026, with frequent updates to align with the MSAL ecosystem.","status":"active","version":"0.20.2","language":"en","source_language":"en","source_url":"https://github.com/AzureAD/microsoft-authentication-library-for-python","tags":["authentication","microsoft","azuread","msal","oauth2","openid-connect","broker","sso"],"install":[{"cmd":"pip install pymsalruntime","lang":"bash","label":"Install PyMSALRuntime"}],"dependencies":[{"reason":"PyMSALRuntime is primarily an internal dependency of the 'msal' Python library, specifically used when 'msal' is configured to leverage the OS authentication broker.","package":"msal"}],"imports":[{"note":"While this import is technically possible, direct interaction with `pymsalruntime` is generally not intended for end-user applications. It serves as an interop layer primarily consumed by the `msal` library for broker functionality. Most users will interact with `msal` directly.","symbol":"MsalRuntime","correct":"from pymsalruntime._pymsalruntime import MsalRuntime"}],"quickstart":{"code":"import os\nfrom msal import PublicClientApplication\n\n# Configure your application\n# You would typically get CLIENT_ID from your Azure AD application registration\n# You might also need a 'tenant_id' or 'authority' depending on your scenario\nCLIENT_ID = os.environ.get('MSAL_CLIENT_ID', 'YOUR_CLIENT_ID_HERE')\nAUTHORITY = os.environ.get('MSAL_AUTHORITY', 'https://login.microsoftonline.com/common')\n\n# Initialize a PublicClientApplication with broker enabled\n# PyMSALRuntime is leveraged under the hood when 'enable_broker=True' on Windows/macOS\napp = PublicClientApplication(CLIENT_ID, authority=AUTHORITY, enable_broker=True)\n\n# Define the scope(s) for which you want to acquire a token\nscopes = ['User.Read']\n\n# Acquire a token silently (if a cached token exists and is valid)\nresult = app.acquire_token_silent(scopes, account=None)\n\nif not result:\n    # If no token is cached or it's expired, acquire it interactively (will open a browser/broker window)\n    print(\"No cached token found or expired. Acquiring interactively...\")\n    flow = app.initiate_auth_code_flow(scopes=scopes)\n    print(f\"Please go to this URL and authorize: {flow['auth_uri']}\")\n    result = app.acquire_token_by_auth_code_flow(flow, {\n        'code': input('Enter the authorization code: ')\n    })\n\nif 'access_token' in result:\n    print(\"Access token acquired successfully!\")\n    print(f\"Token expires on: {result.get('expires_on')}\")\n    # You can now use result['access_token'] to call protected APIs\nelse:\n    print(f\"Token acquisition failed: {result.get('error_description', result.get('error'))}\")\n","lang":"python","description":"PyMSALRuntime is an internal dependency of MSAL Python. The most common way to 'use' PyMSALRuntime is indirectly by enabling the authentication broker functionality in the MSAL Python library. This quickstart demonstrates how to acquire a token using `msal.PublicClientApplication` with `enable_broker=True`. When running on Windows or macOS, and a compatible broker is installed, `msal` will attempt to use PyMSALRuntime to interact with it, providing single sign-on capabilities and enhanced security. Ensure `MSAL_CLIENT_ID` is set as an environment variable or replaced directly. This code will attempt silent token acquisition and fall back to an interactive flow if needed."},"warnings":[{"fix":"Ensure you are using a Python version/OS architecture combination for which pre-built wheels are available on PyPI. If not, install the necessary C/C++ build tools for your platform to compile from source. For Windows, this means installing 'Microsoft C++ Build Tools' from Visual Studio.","message":"PyMSALRuntime is a native extension. If pre-built wheels are not available for your specific Python version and operating system architecture (e.g., Windows ARM64), `pip install` may fail, requiring C/C++ build tools (like Microsoft Visual C++ Build Tools on Windows).","severity":"gotcha","affected_versions":"All versions, particularly on less common architectures or newer Python versions for which wheels might not yet be published."},{"fix":"Upgrade your `msal` library to a version that supports and installs `pymsalruntime` 0.18.1 or newer (e.g., `msal>=1.33.0` which picks up `pymsalruntime 0.20.*`).","message":"Older versions of PyMSALRuntime (e.g., <0.18.1) might have compatibility issues or lack pre-built wheels for newer Python versions like 3.13. If you are using an older `msal` version that pins to an older `pymsalruntime`, this could cause installation failures.","severity":"breaking","affected_versions":"<0.18.1"},{"fix":"Install `libwebkitgtk` on your Linux distribution. For Debian/Ubuntu, this might involve `sudo apt-get install libwebkit2gtk-4.0-3` or similar packages depending on the exact version required.","message":"On Linux, `PyMsalRuntime` v0.20.0 has been noted to require `libwebkitgtk`. If this library is missing, applications using `pymsalruntime` (via `msal`) for interactive flows on Linux might encounter errors or unexpected behavior.","severity":"gotcha","affected_versions":">=0.20.0 (potentially others)"}],"env_vars":null,"last_verified":"2026-04-14T00:00:00.000Z","next_check":"2026-07-13T00:00:00.000Z"}