Consolidation

README.md

@@ -1,18 +1,77 @@
-# Microsoft identity platform product documentation backing code
+# Code samples for Microsoft identity platform documentation - Python
 
-This repo contains code used to directly support the product documentation for the [Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/). It is a mono-repo that contains all of the referenced tutorials relating to Python-based implementations using the [Microsoft Autentication Library (MSAL) for Python](https://github.com/AzureAD/microsoft-authentication-library-for-python).
+Welcome to the Microsoft Identity Platform Python Code Samples repository!
 
-## Content
+This repository provides a comprehensive set of end-to-end samples demonstrating how to integrate Microsoft Entra ID authentication and authorization into Python applications. The samples are organized by scenario and technology, making it easy to find the right starting point for your needs.
 
-This repo contains the following code to directly support the product docs:
+## 📁 Repository Structure
 
-* Coming Soon!
+The samples are grouped by application type and scenario:
 
-## Resources
+| Folder            | App description                                                                                  | Authentication libraries                      |
+|-------------------|-------------------------------------------------------------------------------------------------|-----------------------------------------------|
+| [flask-web-app](./flask-web-app)      | Multi-purpose Flask web application with Microsoft Entra sign-in, External ID, B2C support | ms-identity-python[flask]<br>MSAL Python        |
+| [django-web-app](./django-web-app)    | Multi-purpose Django web application with Microsoft Entra sign-in, External ID, B2C support | ms-identity-python[django]<br>MSAL Python       |
+| [console-app-device-code](./console-app-device-code) | Console application using device code flow for user authentication | MSAL Python |
+| [cli-access-protected-api](./cli-access-protected-api) | CLI application accessing protected APIs using client credentials | MSAL Python |
+| [protect-function-app](./protect-function-app) | Azure Function protected with Easy Auth and scope validation | Azure Functions |
+| [daemon-console-app](./daemon-console-app) | Daemon applications using client credentials (secret/certificate) | MSAL Python |
+| [on-behalf-of-flow](./on-behalf-of-flow) | Multi-tier application demonstrating On-Behalf-Of (OBO) flow | MSAL Python |
 
-- [Microsoft identity platform product documentation](https://docs.microsoft.com/azure/active-directory/develop/)
-- [Microsoft Authentication Library (MSAL) documentation](https://docs.microsoft.com/azure/active-directory/develop/msal-overview)
-- [Microsoft Authentication Library (MSAL) for Python](https://github.com/AzureAD/microsoft-authentication-library-for-python)
-- [msal on PyPI](https://pypi.org/project/msal/)
-- [Microsoft Authentication Library (MSAL) for Python SDK Docs](https://msal-python.readthedocs.io/en/latest/)
-- [MSAL for Python Roadmap](https://github.com/AzureAD/microsoft-authentication-library-for-python/wiki/Roadmap)
+---
+
+Each folder contains one or more samples, each with its own README and instructions.
+
+---
+
+## 🚀 Getting Started
+
+1. Browse the folders above to find the app type/scenario that matches your use case.
+2. Read the sample's README.md for prerequisites, setup instructions, and code walkthroughs.
+3. Clone and run the sample following the provided steps.
+
+All samples are built with Python 3.8+ and the latest Microsoft Authentication Library (MSAL) for Python.
+
+---
+
+## 📝 Configuration & Security
+
+- Configuration is managed via `.env` files and environment variables.
+- Each sample includes multiple `.env.sample` templates for different identity providers (Entra ID, External ID, B2C).
+- Secrets and credentials should never be committed to source control. Use environment variables or [Azure Key Vault](https://learn.microsoft.com/azure/key-vault/general/basic-concepts) for sensitive data.
+
+---
+
+## 🤝 Contributing
+
+We welcome contributions!  
+Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on submitting new samples or improvements.
+
+---
+
+## 📢 Support & Feedback
+
+- For questions, open an [issue](https://github.com/Azure-Samples/ms-identity-docs-code-python/issues).
+- For Microsoft identity platform documentation, visit [learn.microsoft.com/entra/identity-platform](https://learn.microsoft.com/entra/identity-platform).
+
+---
+
+## 📄 License
+
+This project is licensed under the [MIT License](LICENSE.md).
+
+---
+
+## 📚 Resources
+
+- Documentation on learn.microsoft.com
+  - [Microsoft identity platform product documentation](https://learn.microsoft.com/entra/identity-platform/)
+  - [Microsoft Authentication Library (MSAL) documentation](https://learn.microsoft.com/entra/identity-platform/msal-overview)
+- Authentication library source code on GitHub
+  - [Microsoft Authentication Library (MSAL) for Python](https://github.com/AzureAD/microsoft-authentication-library-for-python)
+  - [MSAL for Python SDK Docs](https://msal-python.readthedocs.io/en/latest/)
+- Python Package Index
+  - [msal on PyPI](https://pypi.org/project/msal/)
+  - [ms-identity-python on PyPI](https://pypi.org/project/identity/)
+
+---

daemon-console-app/.gitignore

@@ -0,0 +1,104 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/

daemon-console-app/CODE_OF_CONDUCT.md

@@ -0,0 +1,9 @@
+# Microsoft Open Source Code of Conduct
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+
+Resources:
+
+- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
+- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
+- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns

daemon-console-app/LICENSE

@@ -0,0 +1,21 @@
+    MIT License
+
+    Copyright (c) Microsoft Corporation.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE

daemon-console-app/README.md

@@ -0,0 +1,68 @@
+---
+page_type: sample
+languages:
+- python
+- powershell
+products:
+- azure-active-directory
+description: "This sample demonstrates a Python daemon console app calling the Microsoft Graph that is secured using the Microsoft identity platform."
+urlFragment: ms-identity-python-webapp
+---
+
+# A Python console daemon app calling Microsoft Graph
+
+<!--
+Guidelines on README format: https://review.docs.microsoft.com/help/onboard/admin/samples/concepts/readme-template?branch=master
+
+Guidance on onboarding samples to docs.microsoft.com/samples: https://review.docs.microsoft.com/help/onboard/admin/samples/process/onboarding?branch=master
+
+Taxonomies for products and languages: https://review.docs.microsoft.com/new-hope/information-architecture/metadata/taxonomies?branch=master
+-->
+
+## About this sample
+
+### Scenario
+
+You want to write a daemon application that consumes organizational data using Microsoft Graph and using **Microsoft Identity Platform** to acquire tokens.
+
+For details see [Daemon apps scenario](https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-overview).
+
+### Structure of the repository
+
+This repository contains a progressive tutorial made of two parts:
+
+Sub folder                    | Description
+----------------------------- | -----------
+[1-Call-MsGraph-WithSecret](https://github.com/Azure-Samples/ms-identity-python-daemon/tree/master/1-Call-MsGraph-WithSecret) | This sample application shows how to use the Microsoft identity platform endpoint to access the data of Microsoft business customers in a long-running, non-interactive process. The daemon application proves its identity using a **client secret**. It uses the OAuth 2 client credentials grant to acquire an access token, which can be used to call the Microsoft Graph and access organizational data </p> ![Topology](./1-Call-MsGraph-WithSecret/ReadmeFiles/topology.svg)
+[2-Call-MsGraph-WithCertificate](https://github.com/Azure-Samples/ms-identity-python-daemon/tree/master/2-Call-MsGraph-WithCertificate)  | This variation of the first sample shows how the application proves its identity using a **certificate**. </p>  ![Topology](./2-Call-MsGraph-WithCertificate/ReadmeFiles/topology.svg)
+
+## Prerequisites
+
+To run this sample, you'll need:
+
+> - [Python 2.7+](https://www.python.org/downloads/release/python-2713/) or [Python 3+](https://www.python.org/downloads/release/python-364/)
+> - An Microsoft Entra tenant. For more information on how to get an Microsoft Entra tenant, see [how to get an Microsoft Entra tenant.](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
+
+## Setup and run the sample
+
+Download and extract the repository .zip file or, from your shell or command line:
+
+```Shell
+git clone https://github.com/Azure-Samples/ms-identity-python-daemon.git
+```
+
+Then, see the readme of each sub-folder to understand how to setup and run the samples, and learn key concepts.
+
+## Contributing
+
+This project welcomes contributions and suggestions.  Most contributions require you to agree to a
+Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
+the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
+
+When you submit a pull request, a CLA bot will automatically determine whether you need to provide
+a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
+provided by the bot. You will only need to do this once across all repos using our CLA.
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
+contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.

daemon-console-app/SECURITY.md

@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.3 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets Microsoft's [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)) of a security vulnerability, please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->

flask-web-app/AppCreationScripts/AppCreationScripts.md

@@ -118,7 +118,7 @@ Note that the script will choose the tenant in which to create the applications,
 
 - Open the [Microsoft Entra admin center](https://entra.microsoft.com)
 - Select the Microsoft Entra ID you are interested in (in the combo-box below your name on the top right of the browser window)
-- Find the "Active Directory" object in this tenant
+- Find the "Microsoft Entra" object in this tenant
 - Go to **Properties** and copy the content of the **Directory Id** property
 - Then use the full syntax to run the scripts:
 

flask-web-app/AppCreationScripts/Cleanup.ps1

@@ -15,11 +15,11 @@ Function Cleanup {
 
     <#
     .Description
-    This function removes the Azure AD applications for the sample. These applications were created by the Configure.ps1 script
+    This function removes the Microsoft Entra applications for the sample. These applications were created by the Configure.ps1 script
     #>
 
-    # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant 
-    # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD. 
+    # $tenantId is the Microsoft Entra Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant 
+    # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Microsoft Entra. 
 
     # Connect to the Microsoft Graph API
     Write-Host "Connecting to Microsoft Graph"

flask-web-app/AppCreationScripts/Configure.ps1

@@ -7,8 +7,8 @@ param(
 )
 
 <#
- This script creates the Azure AD applications needed for this sample and updates the configuration files
- for the visual Studio projects from the data in the Azure AD applications.
+ This script creates the Microsoft Entra applications needed for this sample and updates the configuration files
+ for the visual Studio projects from the data in the Microsoft Entra applications.
  In case you don't have Microsoft.Graph.Applications already installed, the script will automatically install it for the current user
 
  There are two ways to run this script. For more information, read the AppCreationScripts.md file in the same folder as this script.
@@ -56,7 +56,7 @@ Function ConfigureApplications {
     $isOpenSSl = 'N' #temporary disable open certificate creation 
 
     <#.Description
-       This function creates the Azure AD applications for the sample in the provided Azure AD tenant and updates the
+       This function creates the Microsoft Entra applications for the sample in the provided Microsoft Entra tenant and updates the
        configuration files in the client and service project  of the visual studio solution (App.Config and Web.Config)
        so that they are consistent with the Applications parameters
     #>