Authorization code flow sample

[abhidnya13]

• Python Flask Web Application acquiring token using authorization code flow

[rayluo]

Thanks Abhi for this attempt! It gives us better understanding in this area. As discussed off-line, let's break this work into several phases.

1. Remove the acquire_token_silent() call in this sample (it won't work in the way we currently use it), and then re-organize the code to make it become a functionally equivalent to this accessing graph with adal sample, and then we will send out a PR to that repo. (Their sample repo has more stars and forks than ours; if you can't beat them, join them. :-) )

2. The samples in that Graph sample repo did not utilize the cache. We will revisit this, and figure out a way to demonstrate how to persist msal token cache in a web app, so that end user would not need to re-authenticate in every hour.

[abhidnya13]

Hey Ray,

1. You are right about acquire token silent not working for the Web App. I have made that change and as you mentioned we can revisit storing it in the session storage or some way to make sure they don't have to authenticate every other hour.

2. The code is already structured very similar to the repo you mentioned because I referred it when I started developing this for our ADAL sample that uses Microsoft Graph. I think we should still have this sample here and not in the repo you mentioned mainly because that is a particular use case of using Graph. We would want to show the process of acquiring a token as the base case here for any resource just like how all our other samples do in this repo. For this, we can add a task to create a sample in Azure Samples like we did for ADAL that demonstrates how we can display information specifically from Microsoft Graph.

[rayluo]

OK. Added some minor suggestions, and then we will add this sample into our built-in samples lineup. :-)

[henrik-me]

Does the wiki reference the list of samples including notes on how to run those and what they achieve? Perhaps the code should also reference that wiki page?

[rayluo]

Q: Does the wiki reference the list of samples including notes on how to run those and what they achieve? Perhaps the code should also reference that wiki page?

A: Historically we do not have a wiki reference the list of samples. We have only one place referencing the list of built-in samples, and that is buried deep at THE END OF this section inside the README, because we were assuming new comers would start from that "Usage and Samples" section in README, and then naturally discover and follow that link. Now on a second thought, we should probably also have a wiki page (and now we do!) referencing to the list of samples, just to capture audiences coming from a different "entrance".

But then I understand your comment was more about "how to configure/run such specific sample". That kind of information should be inside our self-contained samples. Recently we've been adding more descriptions into our existing samples, right at each configuration setting where a new dev would ask questions. That approach would also address what David mentioned yesterday that new app devs would tend to ask "client secret? what is that? where do I get one?", that sorts of questions. In that sense, we may want to add this url into our "redirect_url" setting.

[rayluo]

Thanks for your tireless effort on improving this PR!