Adding sample for certificate credential flow (#36)

Author: abhidnya13

sample/confidential_client_certificate_sample.py

@@ -0,0 +1,64 @@
+"""
+The configuration file would look like this (sans those // comments):
+
+{
+    "authority": "https://login.microsoftonline.com/organizations",
+    "client_id": "your_client_id",
+    "scope": ["https://graph.microsoft.com/.default"],
+        // For more information about scopes for an app, refer:
+        // https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#second-case-access-token-request-with-a-certificate"
+
+    "thumbprint": "790E... The thumbprint generated by AAD when you upload your public cert",
+    "private_key_file": "filename.pem"
+        // For information about generating thumbprint and private key file, refer:
+        // https://github.com/AzureAD/microsoft-authentication-library-for-python/wiki/Client-Credentials#client-credentials-with-certificate
+}
+
+You can then run this sample with a JSON configuration file:
+
+    python sample.py parameters.json
+"""
+
+import sys  # For simplicity, we'll read config file from 1st CLI param sys.argv[1]
+import json
+import logging
+
+import msal
+
+
+# Optional logging
+# logging.basicConfig(level=logging.DEBUG)
+
+config = json.load(open(sys.argv[1]))
+
+# Create a preferably long-lived app instance which maintains a token cache.
+app = msal.ConfidentialClientApplication(
+    config["client_id"], authority=config["authority"],
+    client_credential={"thumbprint": config["thumbprint"], "private_key": open(config['private_key_file']).read()},
+    # token_cache=...  # Default cache is in memory only.
+                       # You can learn how to use SerializableTokenCache from
+                       # https://msal-python.rtfd.io/en/latest/#msal.SerializableTokenCache
+    )
+
+# The pattern to acquire a token looks like this.
+result = None
+
+# Firstly, looks up a token from cache
+# Since we are looking for token for the current app, NOT for an end user,
+# notice we give account parameter as None.
+result = app.acquire_token_silent(config["scope"], account=None)
+
+if not result:
+    logging.info("No suitable token exists in cache. Let's get a new one from AAD.")
+    result = app.acquire_token_for_client(scopes=config["scope"])
+
+if "access_token" in result:
+    print(result["access_token"])
+    print(result["token_type"])
+    print(result["expires_in"])  # You don't normally need to care about this.
+                                 # It will be good for at least 5 minutes.
+else:
+    print(result.get("error"))
+    print(result.get("error_description"))
+    print(result.get("correlation_id"))  # You may need this when reporting a bug
+

sample/client_credential_sample.py renamed to sample/confidential_client_secret_sample.py

@@ -1,11 +1,17 @@
 """
-The configuration file would look like this:
+The configuration file would look like this (sans those // comments):
 
 {
     "authority": "https://login.microsoftonline.com/organizations",
     "client_id": "your_client_id",
     "scope": ["https://graph.microsoft.com/.default"],
-    "secret": "This is a sample only. You better NOT persist your password."
+        // For more information about scopes for an app, refer:
+        // https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#second-case-access-token-request-with-a-certificate"
+
+    "secret": "The secret generated by AAD during your confidential app registration"
+        // For information about generating client secret, refer:
+        // https://github.com/AzureAD/microsoft-authentication-library-for-python/wiki/Client-Credentials#registering-client-secrets-using-the-application-registration-portal
+
 }
 
 You can then run this sample with a JSON configuration file: