Adal for Flask WebApp Azure will not work

Question

I'm at my wit's end here trying to get Azure Active Directory user authentication for my Flask webapp. Before trying any of the user authentication stuff, it was working, but now I've followed all the examples I could find and I don't know what I'm doing wrong. Maybe I'm headed down the wrong path completely, but I could use some feedback if anyone can tell what I'm doing wrong. It won't work either on the local host or on the website itself. On the website, I just get a 500 error that the request timed out. On the local host, it'll get me the sign in request, but then it returns an error after that.

I've followed this documentation step by step:

https://github.com/Azure-Samples/active-directory-python-webapp-graphapi

I registered my webapp in the Azure Active Directory and I set the App IDU URI to:

https://{company_domain.com}/{appname}

Home Page URL to:

https://{appname}.azurewebsites.net

Reply URLs to:

https://{appname}.azurewebsites.net

Required Permissions to allow Delegated Permissions to "Sign in and read user profile"

In my code, I created a config.py file that looks like this:

RESOURCE = "https://{app_name}.azurewebsites.net"
TENANT = "{company_domain_name.com}"
AUTHORITY_HOST_URL = "https://login.microsoftonline.com"
CLIENT_ID = "{client_id}"  # copy the Application ID of your app from your Azure portal
CLIENT_SECRET = "{client_secret_key}"  # copy the value of key you generated when setting up the application

Then in my init.py file I have the following code:

from flask import Flask, render_template, Response, session, request, url_for, redirect
import adal
import config
import requests
import uuid

AUTHORITY_URL = config.AUTHORITY_HOST_URL + '/' + config.TENANT
REDIRECT_URI = 'https://{appname}.azurewebsites.net/getAtoken'
TEMPLATE_AUTHZ_URL = ('https://login.microsoftonline.com/{}/oauth2/authorize?' +
                      'response_type=code&client_id={}&redirect_uri={}&' +
                      'state={}&resource={}')
@app.route("/")
def main():
    login_url = 'http://<app_name>.azurewebsites.net/login'
    resp = Response(status=307)
    resp.headers['location'] = login_url
    return resp

@app.route("/login")
def login():
    auth_state = str(uuid.uuid4())
    session['state'] = auth_state
    authorization_url = TEMPLATE_AUTHZ_URL.format(
        config.TENANT,
        config.CLIENT_ID,
        REDIRECT_URI,
        auth_state,
        config.RESOURCE)
    resp = Response(status=307)
    resp.headers['location'] = authorization_url
    return resp

@app.route("/getAToken")
def main_logic():
    code = request.args['code']
    state = request.args['state']
    if state != session['state']:
        raise ValueError("State does not match")
    auth_context = adal.AuthenticationContext(AUTHORITY_URL)
    token_response = auth_context.acquire_token_with_authorization_code(code, REDIRECT_URI, config.RESOURCE,
                                                                        config.CLIENT_ID, config.CLIENT_SECRET)
    Flask.session['access_token'] = token_response['accessToken']

    return Flask.redirect('/index')

@app.route('/index')
def index():
    if 'access_token' not in session:
        return redirect(url_for('login'))
    endpoint = config.RESOURCE + '/' + config.API_VERSION + '/me/'
    http_headers = {'Authorization': session.get('access_token'),
                    'User-Agent': 'adal-python-sample',
                    'Accept': 'application/json',
                    'Content-Type': 'application/json',
                    'client-request-id': str(uuid.uuid4())}
    return render_template('index.html')

Answer 1

On the local host, it'll get me the sign in request, but then it returns an error after that.

It indicates that the reply url is not matched. you could add the reply url (http://localhost:5000/getAToken) for registered Azure AD WebApp. If you want to run it in the local and azure platform, you could add both of then in the reply urls.

Test it locally

On the website, I just get a 500 error that the request timed out

It seems that the WebApp is not developed correctly. For more information about how to set up a Python environment on Azure App Service, please refer to this tutorial.