Adopt latest identity 0.2.0

README.md

@@ -34,7 +34,7 @@ see [Authentication Scenarios for Azure AD](https://docs.microsoft.com/en-us/azu
 
 To run this sample, you'll need:
 
-> - [Python 2.7+](https://www.python.org/downloads/release/python-2713/) or [Python 3+](https://www.python.org/downloads/release/python-364/)
+> - [Python 3](https://www.python.org/downloads/)
 > - An Azure Active Directory (Azure AD) tenant. For more information on how to get an Azure AD tenant, see [how to get an Azure AD tenant.](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
 
 
@@ -46,7 +46,7 @@ From your shell or command line:
 git clone https://github.com/Azure-Samples/ms-identity-python-webapp.git
 ```
 
-or download and extract the repository .zip file.
+or download and extract [the repository .zip file](https://github.com/Azure-Samples/ms-identity-python-webapp/archive/refs/heads/master.zip).
 
 > Given that the name of the sample is quite long, you might want to clone it in a folder close to the root of your hard drive, to avoid file name length limitations when running on Windows.
 
@@ -137,7 +137,7 @@ In the steps below, "ClientID" is the same as "Application ID" or "AppId".
 $ pip install -r requirements.txt
 ```
 
-Run app.py from shell or command line. Note that the host and port values need to match what you've set up in your redirect_uri:
+Run Flask on this project's directory (where `app.py` locates). Note that the host and port values need to match what you've set up in your redirect_uri:
 
 ```Shell
 $ flask run --host localhost --port 5000

app.py

@@ -1,9 +1,7 @@
-import requests
 from flask import Flask, render_template, session, request, redirect, url_for
 from flask_session import Session  # https://pythonhosted.org/Flask-Session
-from werkzeug.exceptions import Unauthorized, Forbidden
-from identity import __version__
-from identity.web import Web, LifespanValidator
+import identity, identity.web
+import requests
 import app_config
 
 
@@ -18,50 +16,45 @@
 from werkzeug.middleware.proxy_fix import ProxyFix
 app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1)
 
-web = Web(
+auth = identity.web.Auth(
     session=session,
     authority=app.config.get("AUTHORITY"),
     client_id=app.config["CLIENT_ID"],
     client_credential=app.config["CLIENT_SECRET"],
-    redirect_uri="http://localhost:5000" + app.config["REDIRECT_PATH"],  # It must match your redirect_uri
-    validators=[LifespanValidator(seconds=3600, on_error=Unauthorized("Login expired"))],
     )
 
-@app.route("/")
-def index():
-    if not web.get_user():
-        return redirect(url_for("login"))
-    return render_template('index.html', user=web.get_user(), version=__version__)
-
 @app.route("/login")
 def login():
-    return render_template("login.html", version=__version__, **web.start_auth(scopes=app_config.SCOPE))
+    return render_template("login.html", version=identity.__version__, **auth.log_in(
+        scopes=app_config.SCOPE,  # Have user consent scopes during log-in
+        redirect_uri=url_for("auth_response", _external=True),  # Optional. If present, this absolute URL must match your app's redirect_uri registered in Azure Portal
+        ))
 
-@app.errorhandler(Unauthorized)
-def handler(error):
-    return redirect(url_for("login"))
-
-@app.route(app_config.REDIRECT_PATH)  # Its absolute URL must match your app's redirect_uri set in AAD
+@app.route(app_config.REDIRECT_PATH)
 def auth_response():
-    result = web.complete_auth(request.args)
-    if "error" in result:
-        return render_template("auth_error.html", result=result)
-    return redirect(url_for("index"))
+    result = auth.complete_log_in(request.args)
+    return render_template("auth_error.html", result=result) if "error" in result else redirect(url_for("index"))
 
 @app.route("/logout")
 def logout():
-    return redirect(web.sign_out(url_for("index", _external=True)))
+    return redirect(auth.log_out(url_for("index", _external=True)))
+
+@app.route("/")
+def index():
+    if not auth.get_user():
+        return redirect(url_for("login"))
+    return render_template('index.html', user=auth.get_user(), version=identity.__version__)
 
-@app.route("/graphcall")
-def graphcall():
-    token = web.get_token(app_config.SCOPE)
-    if not token:
+@app.route("/call_downstream_api")
+def call_downstream_api():
+    token = auth.get_token_for_user(app_config.SCOPE)
+    if "error" in token:
         return redirect(url_for("login"))
-    graph_data = requests.get(  # Use token to call downstream service
+    api_result = requests.get(  # Use token to call downstream api
         app_config.ENDPOINT,
         headers={'Authorization': 'Bearer ' + token['access_token']},
         ).json()
-    return render_template('display.html', result=graph_data)
+    return render_template('display.html', result=api_result)
 
 if __name__ == "__main__":
     app.run()

requirements.txt

@@ -12,7 +12,7 @@ werkzeug>=2
 
 flask-session>=0.3.2,<0.5
 requests>=2,<3
-identity>=0.1,<0.2
+identity>=0.2,<0.3
 
 # cachelib==0.1  # Only need this if you are running Python 2
 # Note: This sample does NOT directly depend on cachelib.

templates/display.html

@@ -5,7 +5,7 @@
 </head>
 <body>
     <a href="javascript:window.history.go(-1)">Back</a> <!-- Displayed on top of a potentially large JSON response, so it will remain visible -->
-    <h1>Graph API Call Result</h1>
+    <h1>Result of the downstream API Call</h1>
     <pre>{{ result |tojson(indent=4) }}</pre> <!-- Just a generic json viewer -->
 </body>
 </html>

templates/index.html

@@ -8,7 +8,7 @@ <h1>Microsoft Identity Python Web App</h1>
     <h2>Welcome {{ user.get("name") }}!</h2>
 
     {% if config.get("ENDPOINT") %}
-      <li><a href='/graphcall'>Call Microsoft Graph API</a></li>
+      <li><a href='/call_downstream_api'>Call a downstream API</a></li>
     {% endif %}
 
     {% if config.get("B2C_PROFILE_AUTHORITY") %}