jayme-github/aads_oauth2.py

## aads_oauth2.py
import os
import jwt
import logging
from requests_oauthlib import OAuth2Session
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1' # For testing only
LOGFMT = '%(asctime)s (%(name)s.%(funcName)s) [%(levelname)s] %(message)s'
logging.basicConfig(format=LOGFMT, level=logging.DEBUG)


'''
* Log into Azure Management Portal <https://manage.windowsazure.com>
* Go to Active Directory -> Applications and click ADD at the bottom
* Select Add an application my organization is developing
* Name (SomeName), select WEB APPLICATION AND/OR WEB API
* Enter a redirect URL (e.g. http://localhost:10080/; does not need to be reachable and can be changed later)
* Enter a Microsoft endpoint URL for APP ID (e.g. https://mycorp.onmicrosoft.com/Somename; doesn't really matter, we wont use it, just have to be unique)
* Go to the Configuration page for the Application you just added
* Take note of the CLIENT ID that will be used as the client_id below
* Create a new key by selecting a duration anddaving the form. Make sure to copy down the value generated immediately as you will not be able to access it after leaving the page. This key will be the client_secret below
* Ensure that under permissions to other applications, "Windows Azure Active Directory" the "Sign on and read user profile" permission selected
* Add a REPLY URL  (e.g. http://localhost:10080/; does not need to be reachable and can be changed later)
* Save your changes, then click the VIEW ENDPOINTS button at the bottom
* Note the OAUTH2.0 endpoints, they will look like https://login.windows.net/<TENANT ID>/oauth2/token?api-version=1.0. Copy down the value you have for the <TENANT ID> part of the URL, this will be used as tenant_id below
'''

client_id = ''
client_secret = ''
tenant_id = ''
redirect_uri = 'http://localhost:10080/' # Needs to match the REDIRECT URL you've used above

resource_id = '00000002-0000-0000-c000-000000000000' # AADS resource
auth_endpoint = 'https://login.microsoftonline.com/%s/oauth2/authorize' % tenant_id
token_endpoint = 'https://login.microsoftonline.com/%s/oauth2/token' % tenant_id
scope = ['User.Read',]

oauth = OAuth2Session(client_id, redirect_uri=redirect_uri, scope=scope)
authorization_url, state = oauth.authorization_url(auth_endpoint)
print 'Please go to %s and authorize access.' % authorization_url
authorization_response = raw_input('Enter the full callback URL: ')


token = oauth.fetch_token(
  token_endpoint,
  authorization_response=authorization_response,
  resource=resource_id,
  client_secret=client_secret
)
token_data = jwt.decode(token.get('access_token'), None, False)
	import os
	import jwt
	import logging
	from requests_oauthlib import OAuth2Session
	os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1' # For testing only
	LOGFMT = '%(asctime)s (%(name)s.%(funcName)s) [%(levelname)s] %(message)s'
	logging.basicConfig(format=LOGFMT, level=logging.DEBUG)


	'''
	* Log into Azure Management Portal <https://manage.windowsazure.com>
	* Go to Active Directory -> Applications and click ADD at the bottom
	* Select Add an application my organization is developing
	* Name (SomeName), select WEB APPLICATION AND/OR WEB API
	* Enter a redirect URL (e.g. http://localhost:10080/; does not need to be reachable and can be changed later)
	* Enter a Microsoft endpoint URL for APP ID (e.g. https://mycorp.onmicrosoft.com/Somename; doesn't really matter, we wont use it, just have to be unique)
	* Go to the Configuration page for the Application you just added
	* Take note of the CLIENT ID that will be used as the client_id below
	* Create a new key by selecting a duration anddaving the form. Make sure to copy down the value generated immediately as you will not be able to access it after leaving the page. This key will be the client_secret below
	* Ensure that under permissions to other applications, "Windows Azure Active Directory" the "Sign on and read user profile" permission selected
	* Add a REPLY URL (e.g. http://localhost:10080/; does not need to be reachable and can be changed later)
	* Save your changes, then click the VIEW ENDPOINTS button at the bottom
	* Note the OAUTH2.0 endpoints, they will look like https://login.windows.net/<TENANT ID>/oauth2/token?api-version=1.0. Copy down the value you have for the <TENANT ID> part of the URL, this will be used as tenant_id below
	'''

	client_id = ''
	client_secret = ''
	tenant_id = ''
	redirect_uri = 'http://localhost:10080/' # Needs to match the REDIRECT URL you've used above

	resource_id = '00000002-0000-0000-c000-000000000000' # AADS resource
	auth_endpoint = 'https://login.microsoftonline.com/%s/oauth2/authorize' % tenant_id
	token_endpoint = 'https://login.microsoftonline.com/%s/oauth2/token' % tenant_id
	scope = ['User.Read',]

	oauth = OAuth2Session(client_id, redirect_uri=redirect_uri, scope=scope)
	authorization_url, state = oauth.authorization_url(auth_endpoint)
	print 'Please go to %s and authorize access.' % authorization_url
	authorization_response = raw_input('Enter the full callback URL: ')


	token = oauth.fetch_token(
	token_endpoint,
	authorization_response=authorization_response,
	resource=resource_id,
	client_secret=client_secret
	)
	token_data = jwt.decode(token.get('access_token'), None, False)