Merge branch 'refactor'

Author: rayluo

README.md

@@ -138,9 +138,9 @@ In the steps below, "ClientID" is the same as "Application ID" or "AppId".
 $ pip install -r requirements.txt
 ```
 
-Run app.py from shell or command line:
+Run app.py from shell or command line. Note that the port needs to match what you've set up in your redirect_uri:
 ```Shell
-$ python app.py
+$ flask run --port 5000
 ```
 
 ## Community Help and Support

app.py

@@ -27,27 +27,26 @@ def login():
         redirect_uri=url_for("authorized", _external=True))
     return "<a href='%s'>Login with Microsoft Identity</a>" % auth_url
 
-@app.route("/getAToken")  # Its absolute URL must match your app's redirect_uri set in AAD
+@app.route(app_config.REDIRECT_PATH)  # Its absolute URL must match your app's redirect_uri set in AAD
 def authorized():
-    if request.args['state'] != session.get("state"):
-        return redirect(url_for("login"))
-    cache = _load_cache()
-    result = _build_msal_app(cache).acquire_token_by_authorization_code(
-        request.args['code'],
-        scopes=app_config.SCOPE,  # Misspelled scope would cause an HTTP 400 error here
-        redirect_uri=url_for("authorized", _external=True))
-    if "error" in result:
-        return "Login failure: %s, %s" % (
-            result["error"], result.get("error_description"))
-    session["user"] = result.get("id_token_claims")
-    _save_cache(cache)
+    if request.args.get('state') == session.get("state"):
+        cache = _load_cache()
+        result = _build_msal_app(cache=cache).acquire_token_by_authorization_code(
+            request.args['code'],
+            scopes=app_config.SCOPE,  # Misspelled scope would cause an HTTP 400 error here
+            redirect_uri=url_for("authorized", _external=True))
+        if "error" in result:
+            return "Login failure: %s, %s" % (
+                result["error"], result.get("error_description"))
+        session["user"] = result.get("id_token_claims")
+        _save_cache(cache)
     return redirect(url_for("index"))
 
 @app.route("/logout")
 def logout():
     session.clear()  # Wipe out user and its token cache from session
-    return redirect(  # Also need to logout from Microsoft Identity platform
-        "https://login.microsoftonline.com/common/oauth2/v2.0/logout"
+    return redirect(  # Also logout from your tenant's web session
+        app_config.AUTHORITY + "/oauth2/v2.0/logout" +
         "?post_logout_redirect_uri=" + url_for("index", _external=True))
 
 @app.route("/graphcall")
@@ -79,7 +78,7 @@ def _build_msal_app(cache=None):
 
 def _get_token_from_cache(scope=None):
     cache = _load_cache()  # This web app maintains one cache per session
-    cca = _build_msal_app(cache)
+    cca = _build_msal_app(cache=cache)
     accounts = cca.get_accounts()
     if accounts:  # So all account(s) belong to the current signed-in user
         result = cca.acquire_token_silent(scope, account=accounts[0])

app_config.py

@@ -13,6 +13,9 @@
 
 CLIENT_ID = "Enter_the_Application_Id_here"
 
+REDIRECT_PATH = "/getAToken"  # It will be used to form an absolute URL
+    # And that absolute URL must match your app's redirect_uri set in AAD
+
 # You can find more Microsoft Graph API endpoints from Graph Explorer
 # https://developer.microsoft.com/en-us/graph/graph-explorer
 ENDPOINT = 'https://graph.microsoft.com/v1.0/users'  # This resource requires no admin consent

templates/index.html

@@ -5,10 +5,15 @@
 </head>
 <body>
     <h1>Microsoft Identity Python Web App</h1>
-    <h2>Powered by MSAL Python {{ version }}</h2>
-    Welcome {{ user.get("name") }}!
-    <li><a href='/graphcall'>Call Microsoft Graph API</a></li>
+    <h2>Welcome {{ user.get("name") }}!</h2>
+
+    {% if config.get("ENDPOINT") %}
+      <li><a href='/graphcall'>Call Microsoft Graph API</a></li>
+    {% endif %}
+
     <li><a href="/logout">Logout</a></li>
+    <hr>
+    <footer style="text-align: right">Powered by MSAL Python {{ version }}</footer>
 </body>
 </html>