Python ADAL acquire_token_with_client_credentials refresh token? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Data science time! April 2019 and salary with experience Should we burninate the [wrap] tag? The Ask Question Wizard is Live!Calling an external command in PythonWhat are metaclasses in Python?Is there a way to run Python on Android?Finding the index of an item given a list containing it in PythonDifference between append vs. extend list methods in PythonHow can I safely create a nested directory in Python?Does Python have a ternary conditional operator?How to get the current time in PythonHow can I make a time delay in Python?Does Python have a string 'contains' substring method?
English words in a non-english sci-fi novel
Coloring maths inside a tcolorbox
Resolving to minmaj7
In predicate logic, does existential quantification (∃) include universal quantification (∀), i.e. can 'some' imply 'all'?
Why did the IBM 650 use bi-quinary?
When do you get frequent flier miles - when you buy, or when you fly?
String `!23` is replaced with `docker` in command line
How to answer "Have you ever been terminated?"
How widely used is the term Treppenwitz? Is it something that most Germans know?
Why aren't air breathing engines used as small first stages
How does the particle を relate to the verb 行く in the structure「A を + B に行く」?
How to call a function with default parameter through a pointer to function that is the return of another function?
How to find out what spells would be useless to a blind NPC spellcaster?
Dating a Former Employee
Why didn't this character "real die" when they blew their stack out in Altered Carbon?
List of Python versions
Withdrew £2800, but only £2000 shows as withdrawn on online banking; what are my obligations?
Can an alien society believe that their star system is the universe?
Why is my conclusion inconsistent with the van't Hoff equation?
How would the world control an invulnerable immortal mass murderer?
Identifying polygons that intersect with another layer using QGIS?
Can a non-EU citizen traveling with me come with me through the EU passport line?
How to bypass password on Windows XP account?
Generate an RGB colour grid
Python ADAL acquire_token_with_client_credentials refresh token?
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
Data science time! April 2019 and salary with experience
Should we burninate the [wrap] tag?
The Ask Question Wizard is Live!Calling an external command in PythonWhat are metaclasses in Python?Is there a way to run Python on Android?Finding the index of an item given a list containing it in PythonDifference between append vs. extend list methods in PythonHow can I safely create a nested directory in Python?Does Python have a ternary conditional operator?How to get the current time in PythonHow can I make a time delay in Python?Does Python have a string 'contains' substring method?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
Is there a reason why the Python ADAL library's authentication method acquire_token_with_client_credentials does not return a refresh token? I suppose Daemon apps do not need to use a refresh token each time they run but it seemed odd to me that the other authentication methods do return one.
Code sample:
class AzureActiveDirectory_Helper:
_config = Configuration()
_resource = _config.Resource
_graph_api_endpoint = _config.Graph_API_Endpoint
_authority = _config.Authority
def __init__(self):
self.Context = adal.AuthenticationContext(self._authority)
self.Token = self.Context.acquire_token_with_client_credentials(
resource=self._resource,
client_id=self._config.Client_ID,
client_secret="thisIsASuperSecretKey!!"
)
self.Headers =
'Authorization' : f'Bearer self.Token["accessToken"]',
'Accept' : 'application/json',
'Content-Type' : 'application/json'
The values in self.Token do have a accessToken value and that token does allow me to do what I need against the Azure AD app but isn't it best practice to use a refresh token instead of acquiring a fresh Token every run?
python adal
asked Mar 8 at 17:15
general-goudageneral-gouda
83
add a comment |
Is there a reason why the Python ADAL library's authentication method acquire_token_with_client_credentials does not return a refresh token? I suppose Daemon apps do not need to use a refresh token each time they run but it seemed odd to me that the other authentication methods do return one.
Code sample:
class AzureActiveDirectory_Helper:
_config = Configuration()
_resource = _config.Resource
_graph_api_endpoint = _config.Graph_API_Endpoint
_authority = _config.Authority
def __init__(self):
self.Context = adal.AuthenticationContext(self._authority)
self.Token = self.Context.acquire_token_with_client_credentials(
resource=self._resource,
client_id=self._config.Client_ID,
client_secret="thisIsASuperSecretKey!!"
)
self.Headers =
'Authorization' : f'Bearer self.Token["accessToken"]',
'Accept' : 'application/json',
'Content-Type' : 'application/json'
The values in self.Token do have a accessToken value and that token does allow me to do what I need against the Azure AD app but isn't it best practice to use a refresh token instead of acquiring a fresh Token every run?
python adal
asked Mar 8 at 17:15
general-goudageneral-gouda
83
add a comment |
Is there a reason why the Python ADAL library's authentication method acquire_token_with_client_credentials does not return a refresh token? I suppose Daemon apps do not need to use a refresh token each time they run but it seemed odd to me that the other authentication methods do return one.
Code sample:
class AzureActiveDirectory_Helper:
_config = Configuration()
_resource = _config.Resource
_graph_api_endpoint = _config.Graph_API_Endpoint
_authority = _config.Authority
def __init__(self):
self.Context = adal.AuthenticationContext(self._authority)
self.Token = self.Context.acquire_token_with_client_credentials(
resource=self._resource,
client_id=self._config.Client_ID,
client_secret="thisIsASuperSecretKey!!"
)
self.Headers =
'Authorization' : f'Bearer self.Token["accessToken"]',
'Accept' : 'application/json',
'Content-Type' : 'application/json'
The values in self.Token do have a accessToken value and that token does allow me to do what I need against the Azure AD app but isn't it best practice to use a refresh token instead of acquiring a fresh Token every run?
python adal
asked Mar 8 at 17:15
general-goudageneral-gouda
83
Is there a reason why the Python ADAL library's authentication method acquire_token_with_client_credentials does not return a refresh token? I suppose Daemon apps do not need to use a refresh token each time they run but it seemed odd to me that the other authentication methods do return one.
Code sample:
class AzureActiveDirectory_Helper:
_config = Configuration()
_resource = _config.Resource
_graph_api_endpoint = _config.Graph_API_Endpoint
_authority = _config.Authority
def __init__(self):
self.Context = adal.AuthenticationContext(self._authority)
self.Token = self.Context.acquire_token_with_client_credentials(
resource=self._resource,
client_id=self._config.Client_ID,
client_secret="thisIsASuperSecretKey!!"
)
self.Headers =
'Authorization' : f'Bearer self.Token["accessToken"]',
'Accept' : 'application/json',
'Content-Type' : 'application/json'
The values in self.Token do have a accessToken value and that token does allow me to do what I need against the Azure AD app but isn't it best practice to use a refresh token instead of acquiring a fresh Token every run?
python adal
python adal
asked Mar 8 at 17:15
general-goudageneral-gouda
83
asked Mar 8 at 17:15
general-goudageneral-gouda
83
asked Mar 8 at 17:15
general-goudageneral-gouda
83
asked Mar 8 at 17:15
general-goudageneral-gouda
83
asked Mar 8 at 17:15
general-goudageneral-gouda
83
83
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Yes, I agree that it's a best practice to use a refresh token instead of acquiring a new fresh token every time.
The issuance of a refresh token with the client credential grant has no benefit. That is why the RFC6749 section 4.4.3 indicates A refresh token SHOULD NOT be included.
As per the document,"acquire_token_with_client_credentials" returns only access token.
So to use refresh token, python adal library supports other authentication method like:
"acquire_token", "acquire_token_with_refresh_token" etc. You can check the documentation.
Below are the documentation links:
https://docs.microsoft.com/en-us/python/api/adal/adal.authentication_context.authenticationcontext?view=azure-python#acquire-token-with-client-credentials-resource--client-id--client-secret-
https://adal-python.readthedocs.io/en/latest/
answered Mar 11 at 7:30
MohitDhingra-MSFTMohitDhingra-MSFT
1113
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55067990%2fpython-adal-acquire-token-with-client-credentials-refresh-token%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Yes, I agree that it's a best practice to use a refresh token instead of acquiring a new fresh token every time.
The issuance of a refresh token with the client credential grant has no benefit. That is why the RFC6749 section 4.4.3 indicates A refresh token SHOULD NOT be included.
As per the document,"acquire_token_with_client_credentials" returns only access token.
So to use refresh token, python adal library supports other authentication method like:
"acquire_token", "acquire_token_with_refresh_token" etc. You can check the documentation.
Below are the documentation links:
https://docs.microsoft.com/en-us/python/api/adal/adal.authentication_context.authenticationcontext?view=azure-python#acquire-token-with-client-credentials-resource--client-id--client-secret-
https://adal-python.readthedocs.io/en/latest/
answered Mar 11 at 7:30
MohitDhingra-MSFTMohitDhingra-MSFT
1113
add a comment |
Yes, I agree that it's a best practice to use a refresh token instead of acquiring a new fresh token every time.
The issuance of a refresh token with the client credential grant has no benefit. That is why the RFC6749 section 4.4.3 indicates A refresh token SHOULD NOT be included.
As per the document,"acquire_token_with_client_credentials" returns only access token.
So to use refresh token, python adal library supports other authentication method like:
"acquire_token", "acquire_token_with_refresh_token" etc. You can check the documentation.
Below are the documentation links:
https://docs.microsoft.com/en-us/python/api/adal/adal.authentication_context.authenticationcontext?view=azure-python#acquire-token-with-client-credentials-resource--client-id--client-secret-
https://adal-python.readthedocs.io/en/latest/
answered Mar 11 at 7:30
MohitDhingra-MSFTMohitDhingra-MSFT
1113
add a comment |
Yes, I agree that it's a best practice to use a refresh token instead of acquiring a new fresh token every time.
The issuance of a refresh token with the client credential grant has no benefit. That is why the RFC6749 section 4.4.3 indicates A refresh token SHOULD NOT be included.
As per the document,"acquire_token_with_client_credentials" returns only access token.
So to use refresh token, python adal library supports other authentication method like:
"acquire_token", "acquire_token_with_refresh_token" etc. You can check the documentation.
Below are the documentation links:
https://docs.microsoft.com/en-us/python/api/adal/adal.authentication_context.authenticationcontext?view=azure-python#acquire-token-with-client-credentials-resource--client-id--client-secret-
https://adal-python.readthedocs.io/en/latest/
answered Mar 11 at 7:30
MohitDhingra-MSFTMohitDhingra-MSFT
1113
Yes, I agree that it's a best practice to use a refresh token instead of acquiring a new fresh token every time.
The issuance of a refresh token with the client credential grant has no benefit. That is why the RFC6749 section 4.4.3 indicates A refresh token SHOULD NOT be included.
As per the document,"acquire_token_with_client_credentials" returns only access token.
So to use refresh token, python adal library supports other authentication method like:
"acquire_token", "acquire_token_with_refresh_token" etc. You can check the documentation.
Below are the documentation links:
https://docs.microsoft.com/en-us/python/api/adal/adal.authentication_context.authenticationcontext?view=azure-python#acquire-token-with-client-credentials-resource--client-id--client-secret-
https://adal-python.readthedocs.io/en/latest/
answered Mar 11 at 7:30
MohitDhingra-MSFTMohitDhingra-MSFT
1113
edited Mar 11 at 7:57
answered Mar 11 at 7:30
MohitDhingra-MSFTMohitDhingra-MSFT
1113
answered Mar 11 at 7:30
MohitDhingra-MSFTMohitDhingra-MSFT
1113
answered Mar 11 at 7:30
MohitDhingra-MSFTMohitDhingra-MSFT
1113
1113
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55067990%2fpython-adal-acquire-token-with-client-credentials-refresh-token%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
