Microsoft Azure Active Directory Authentication Library (ADAL) for Python

The ADAL for python library makes it easy for python applications to authenticate to AAD in order to access AAD protected web resources.



To support 'service principal' with certificate, ADAL depends on the 'cryptography' package. For smooth installation, some suggestions:

  • For Windows and macOS

Upgrade to the latest pip (8.1.2 as of June 2016) and just do pip install adal.

  • For Linux

Upgrade to the latest pip (8.1.2 as of June 2016).

You'll need a C compiler, libffi + its development headers, and openssl + its development headers. Refer to cryptography installation

  • To install from source:

Upgrade to the latest pip (8.1.2 as of June 2016). Before run python install, to avoid dealing with compilation errors from cryptography, run pip install cryptography first to use statically-linked wheels. If you still like build from source, refer to cryptography installation.

For more context, starts with this stackoverflow thread.

Acquire Token with Client Credentials

In order to use this token acquisition method, you need to configure a service principal. Please follow this walkthrough.

See the sample.

import adal

context = adal.AuthenticationContext('')
RESOURCE = '00000002-0000-0000-c000-000000000000' #AAD graph resource
token = context.acquire_token_with_client_credentials(

Acquire Token with client certificate

A service principal is also required. See the sample.

import adal
context = adal.AuthenticationContext('')
RESOURCE = '00000002-0000-0000-c000-000000000000' #AAD graph resource
token = context.acquire_token_with_client_certificate(

Acquire Token with Refresh Token

See the sample.

import adal
context = adal.AuthenticationContext('')
RESOURCE = '00000002-0000-0000-c000-000000000000' #AAD graph resource
token = context.acquire_token_with_username_password(

refresh_token = token['refreshToken']
token = context.acquire_token_with_refresh_token(

Acquire Token with device code

See the sample.

context = adal.AuthenticationContext('')
RESOURCE = '00000002-0000-0000-c000-000000000000' #AAD graph resource
code = context.acquire_user_code(RESOURCE, 'yourClientIdHere')
token = context.acquire_token_with_device_code(RESOURCE, code, 'yourClientIdHere')

Acquire Token with authorization code

See the sample for a complete bare bones web site that makes use of the code below.

context = adal.AuthenticationContext('')
RESOURCE = '00000002-0000-0000-c000-000000000000' #AAD graph resource
return context.acquire_token_with_authorization_code(

Samples and Documentation

We provide a full suite of sample applications on GitHub and an Azure AD developer landing page to help you get started with learning the Azure Identity system. This includes tutorials for native clients and web applications. We also provide full walkthroughs for authentication flows such as OAuth2, OpenID Connect and for calling APIs such as the Graph API.

It is recommended to read the Auth Scenarios doc, specifically the Scenarios section. For some topics about registering/integrating an app, checkout this doc. And finally, we have a great topic on the Auth protocols you would be using and how they play with Azure AD in this doc.

While Python-specific samples will be added into the aforementioned documents as an on-going effort, you can always find most relevant samples just inside this library repo.

Community Help and Support

We leverage Stack Overflow to work with the community on supporting Azure Active Directory and its SDKs, including this one! We highly recommend you ask your questions on Stack Overflow (we're all on there!) Also browser existing issues to see if someone has had your question before.

We recommend you use the "adal" tag so we can see it! Here is the latest Q&A on Stack Overflow for ADAL:

Security Reporting

If you find a security issue with our libraries or services please report it to with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.


All code is licensed under the MIT license and we triage actively on GitHub. We enthusiastically welcome contributions and feedback. You can clone the repo and start contributing now.

We Value and Adhere to the Microsoft Open Source Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact with any additional questions or comments.

Quick Start


$ pip install adal

http tracing/proxy

If need to bypass self-signed certificates, turn on the environment variable of ADAL_PYTHON_SSL_NO_VERIFY


Changes on 'client_id' and 'resource' arguments after 0.1.0

The convinient methods in 0.1.0 have been removed, and now your application should provide parameter values to client_id and resource.

2 Reasons:

  • Each adal client should have an Application ID representing an valid application registered in a tenant. The old methods borrowed the client-id of azure-cli, which is never right. It is simple to register your application and get a client id. Many walkthroughs exist. You can follow one of those. Do check out if you are new to AAD.

  • The old method defaults the resource argument to '', now you can just supply this value explictly. Please note, there are lots of different azure resources you can acquire tokens through adal though, for example, the samples in the repository acquire for the 'graph' resource. Because it is not an appropriate assumption to be made at the library level, we removed the old defaults.