Azure Login

The Azure login endpoint initiates an OAuth 2.0 authorization flow with Microsoft Azure Active Directory. Upon successful authentication, the user is redirected to the dashboard with an active session containing Azure account details and subscriptions.

Authentication Endpoint

Response

Redirects to Azure login page at https://login.microsoftonline.com/{tenant_id} with authorization request.

Query Parameters (Auto-generated)

client_id

string

required

Azure application (client) ID from environment configuration

redirect_uri

string

required

Callback URL: {APP_BASE_URL}/getAToken

scope

string

required

Requested permissions: https://management.azure.com/.default

Callback Endpoint

Query Parameters

code

string

required

Authorization code returned by Azure AD

Response

Redirects to http://localhost:3000/dashboard after successful authentication.

Session Data Created

user

object

Contains ID token claims from Azure AD

name

string

User’s display name

preferred_username

string

User’s preferred username or email

oid

string

User’s object ID in Azure AD

access_token

string

Azure management API access token

accounts

array

Array of connected cloud provider accounts

provider

string

Always “azure” for Azure accounts

tenantId

string

Azure tenant ID

displayName

string

User’s display name from ID token

subscriptions

array

List of Azure subscription IDs accessible by the authenticated user

Error Responses

error

string

Error message when authentication fails

401 Unauthorized

{
  "error": "Brak kodu"
}

Returned when the authorization code is missing from the callback.

Authentication Flow Details

User navigates to /api/login/azure, which redirects to Azure AD authorization endpoint. Example redirect URL:

https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize?
  client_id={client_id}
  &redirect_uri={app_base_url}/getAToken
  &response_type=code
  &scope=https://management.azure.com/.default

Step 2: User Authenticates

User logs in with Azure credentials and grants permissions.

Step 3: Callback Processing

Azure redirects back to /getAToken with authorization code:

Exchange code for tokens using MSAL (Microsoft Authentication Library)
Verify ID token and extract user claims
Store user info in session (session["user"], session["access_token"])

Retrieve Azure subscriptions using Azure SDK:

cred = ClientSecretCredential(
    tenant_id=tenant_id,
    client_id=client_id,
    client_secret=client_secret
)
sub_client = SubscriptionClient(cred)
subs = [s.subscription_id for s in sub_client.subscriptions.list()]

Create account object with provider info and subscriptions
Update session accounts (replaces existing Azure account if same tenant)
Redirect to dashboard at http://localhost:3000/dashboard

Environment Configuration

The following environment variables must be configured:

AZURE_TENANT_ID

string

required

Azure Active Directory tenant ID

AZURE_CLIENT_ID

string

required

Azure application (client) ID

AZURE_CLIENT_SECRET

string

required

Azure application client secret

APP_BASE_URL

string

default:"http://localhost:5000"

Base URL of the application for OAuth redirect URI

Code Reference

Implementation in backend/auth/azure_auth.py:24-87 MSAL Application Setup:

def build_msal_app():
    return msal.ConfidentialClientApplication(
        CLIENT_ID, 
        authority=AUTHORITY, 
        client_credential=CLIENT_SECRET
    )

Token Acquisition:

result = build_msal_app().acquire_token_by_authorization_code(
    code, 
    scopes=SCOPE, 
    redirect_uri=f"{APP_BASE_URL}{REDIRECT_PATH}"
)

Authentication

Azure Resources

GCP Resources

Authentication Endpoint

Response

Query Parameters (Auto-generated)

Callback Endpoint

Query Parameters

Response

Session Data Created

Error Responses

Authentication Flow Details

Step 2: User Authenticates

Step 3: Callback Processing

Environment Configuration

Code Reference

Build docs developers (and LLMs) love

Authentication

Azure Resources

GCP Resources

​Azure Login Flow

​Authentication Endpoint

​Response

​Query Parameters (Auto-generated)

​Callback Endpoint

​Query Parameters

​Response

​Session Data Created

​Error Responses

​Authentication Flow Details

​Step 1: Initiate Login

​Step 2: User Authenticates

​Step 3: Callback Processing

​Environment Configuration

​Code Reference

Build docs developers (and LLMs) love

Azure Login Flow

Authentication Endpoint

Response

Query Parameters (Auto-generated)

Callback Endpoint

Query Parameters

Response

Session Data Created

Error Responses

Authentication Flow Details

Step 1: Initiate Login

Step 2: User Authenticates

Step 3: Callback Processing

Environment Configuration

Code Reference