A login.html template, and a _build_auth_url()

rayluo · rayluo · commit 9535205c28e8 · 2019-11-06T13:11:04.000-08:00
diff --git a/app.py b/app.py
@@ -20,12 +20,10 @@ def index():
 @app.route("/login")
 def login():
     session["state"] = str(uuid.uuid4())
-    auth_url = _build_msal_app().get_authorization_request_url(
-        app_config.SCOPE,  # Technically we can use empty list [] to just sign in,
-                           # here we choose to also collect end user consent upfront
-        state=session["state"],
-        redirect_uri=url_for("authorized", _external=True))
-    return "<a href='%s'>Login with Microsoft Identity</a>" % auth_url
+    # Technically we could use empty list [] as scopes to do just sign in,
+    # here we choose to also collect end user consent upfront
+    auth_url = _build_auth_url(scopes=app_config.SCOPE, state=session["state"])
+    return render_template("login.html", auth_url=auth_url, version=msal.__version__)
 
 @app.route(app_config.REDIRECT_PATH)  # Its absolute URL must match your app's redirect_uri set in AAD
 def authorized():
@@ -74,11 +72,17 @@ def _save_cache(cache):
     if cache.has_state_changed:
         session["token_cache"] = cache.serialize()
 
-def _build_msal_app(cache=None):
+def _build_msal_app(cache=None, authority=None):
     return msal.ConfidentialClientApplication(
-        app_config.CLIENT_ID, authority=app_config.AUTHORITY,
+        app_config.CLIENT_ID, authority=authority or app_config.AUTHORITY,
         client_credential=app_config.CLIENT_SECRET, token_cache=cache)
 
+def _build_auth_url(authority=None, scopes=None, state=None):
+    return _build_msal_app(authority=authority).get_authorization_request_url(
+        scopes or [],
+        state=state or str(uuid.uuid4()),
+        redirect_uri=url_for("authorized", _external=True))
+
 def _get_token_from_cache(scope=None):
     cache = _load_cache()  # This web app maintains one cache per session
     cca = _build_msal_app(cache=cache)
@@ -88,6 +92,8 @@ def _get_token_from_cache(scope=None):
         _save_cache(cache)
         return result
 
+app.jinja_env.globals.update(_build_auth_url=_build_auth_url)  # Used in template
+
 if __name__ == "__main__":
     app.run()
 
diff --git a/templates/login.html b/templates/login.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+</head>
+<body>
+    <h1>Microsoft Identity Python Web App</h1>
+
+    <li><a href='{{ auth_url }}'>Sign In</a></li>
+
+    <hr>
+    <footer style="text-align: right">Powered by MSAL Python {{ version }}</footer>
+</body>
+</html>
+
