Spaces:
Sleeping
Sleeping
Create app.py
Browse files
app.py
ADDED
|
@@ -0,0 +1,162 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
import os
|
| 2 |
+
import streamlit as st
|
| 3 |
+
import requests
|
| 4 |
+
import msal
|
| 5 |
+
import urllib.parse
|
| 6 |
+
import base64
|
| 7 |
+
import hashlib
|
| 8 |
+
import secrets
|
| 9 |
+
|
| 10 |
+
# π€ Load environment variables (Ensure these are set!)
|
| 11 |
+
APPLICATION_ID_KEY = os.getenv('APPLICATION_ID_KEY')
|
| 12 |
+
CLIENT_SECRET_KEY = os.getenv('CLIENT_SECRET_KEY')
|
| 13 |
+
AUTHORITY_URL = 'https://login.microsoftonline.com/common'
|
| 14 |
+
REDIRECT_URI = 'https://huggingface.co/spaces/awacke1/MSGraphAPI'
|
| 15 |
+
|
| 16 |
+
# Define product to scope mapping
|
| 17 |
+
PRODUCT_SCOPES = {
|
| 18 |
+
"π§ Outlook": ['Mail.Read', 'Mail.Send', 'Calendars.ReadWrite'],
|
| 19 |
+
"π OneNote": ['Notes.Read', 'Notes.Create'],
|
| 20 |
+
"π Excel": ['Files.ReadWrite.All'],
|
| 21 |
+
"π Word": ['Files.ReadWrite.All'],
|
| 22 |
+
"ποΈ SharePoint": ['Sites.Read.All', 'Sites.ReadWrite.All'],
|
| 23 |
+
"π
Teams": ['Team.ReadBasic.All', 'Channel.ReadBasic.All'],
|
| 24 |
+
"π¬ Viva": ['Analytics.Read'],
|
| 25 |
+
"π Power Platform": ['Flow.Read.All'],
|
| 26 |
+
"π§ Copilot": ['Cognitive.Read'],
|
| 27 |
+
"ποΈ OneDrive": ['Files.ReadWrite.All'],
|
| 28 |
+
"π‘ PowerPoint": ['Files.ReadWrite.All'],
|
| 29 |
+
"π Microsoft Bookings": ['Bookings.Read.All', 'Bookings.ReadWrite.All'],
|
| 30 |
+
"π Loop": ['Files.ReadWrite.All'],
|
| 31 |
+
"π£οΈ Translator": ['Translation.Read'],
|
| 32 |
+
"π To Do & Planner": ['Tasks.ReadWrite'],
|
| 33 |
+
"π Azure OpenAI Service": ['AzureAIServices.ReadWrite.All']
|
| 34 |
+
}
|
| 35 |
+
|
| 36 |
+
# Always include these base scopes
|
| 37 |
+
BASE_SCOPES = ['User.Read', 'openid', 'profile', 'offline_access']
|
| 38 |
+
|
| 39 |
+
# Function to generate PKCE code verifier and challenge
|
| 40 |
+
def generate_pkce_codes():
|
| 41 |
+
code_verifier = secrets.token_urlsafe(128)[:128]
|
| 42 |
+
code_challenge = base64.urlsafe_b64encode(hashlib.sha256(code_verifier.encode()).digest()).decode().rstrip('=')
|
| 43 |
+
return code_verifier, code_challenge
|
| 44 |
+
|
| 45 |
+
def get_msal_app(code_challenge=None):
|
| 46 |
+
return msal.PublicClientApplication(
|
| 47 |
+
client_id=APPLICATION_ID_KEY,
|
| 48 |
+
authority=AUTHORITY_URL
|
| 49 |
+
)
|
| 50 |
+
|
| 51 |
+
# Function to get access token
|
| 52 |
+
def get_access_token(code, code_verifier):
|
| 53 |
+
client_instance = get_msal_app()
|
| 54 |
+
|
| 55 |
+
try:
|
| 56 |
+
result = client_instance.acquire_token_by_authorization_code(
|
| 57 |
+
code=code,
|
| 58 |
+
scopes=st.session_state.get('scopes', BASE_SCOPES),
|
| 59 |
+
redirect_uri=REDIRECT_URI,
|
| 60 |
+
code_verifier=code_verifier
|
| 61 |
+
)
|
| 62 |
+
|
| 63 |
+
if 'access_token' in result:
|
| 64 |
+
return result['access_token']
|
| 65 |
+
else:
|
| 66 |
+
error_description = result.get('error_description', 'No error description provided')
|
| 67 |
+
raise Exception(f"Error acquiring token: {error_description}")
|
| 68 |
+
except Exception as e:
|
| 69 |
+
st.error(f"Exception in get_access_token: {str(e)}")
|
| 70 |
+
raise
|
| 71 |
+
|
| 72 |
+
# Main application function
|
| 73 |
+
def main():
|
| 74 |
+
st.title("π¦ MS Graph API with AI & Cloud Integration for M365")
|
| 75 |
+
|
| 76 |
+
# Sidebar for product selection
|
| 77 |
+
st.sidebar.title("π M365 Products")
|
| 78 |
+
st.sidebar.write("Select products to integrate:")
|
| 79 |
+
|
| 80 |
+
selected_products = {}
|
| 81 |
+
for product in PRODUCT_SCOPES.keys():
|
| 82 |
+
selected = st.sidebar.checkbox(product)
|
| 83 |
+
if selected:
|
| 84 |
+
selected_products[product] = True
|
| 85 |
+
|
| 86 |
+
# Dynamically build scopes based on selected products
|
| 87 |
+
scopes = BASE_SCOPES.copy()
|
| 88 |
+
for product in selected_products:
|
| 89 |
+
scopes.extend(PRODUCT_SCOPES[product])
|
| 90 |
+
scopes = list(set(scopes)) # Remove duplicates
|
| 91 |
+
st.session_state['scopes'] = scopes
|
| 92 |
+
|
| 93 |
+
# Authentication flow
|
| 94 |
+
if 'access_token' not in st.session_state:
|
| 95 |
+
if 'code_verifier' not in st.session_state:
|
| 96 |
+
code_verifier, code_challenge = generate_pkce_codes()
|
| 97 |
+
st.session_state['code_verifier'] = code_verifier
|
| 98 |
+
else:
|
| 99 |
+
code_verifier = st.session_state['code_verifier']
|
| 100 |
+
code_challenge = base64.urlsafe_b64encode(hashlib.sha256(code_verifier.encode()).digest()).decode().rstrip('=')
|
| 101 |
+
|
| 102 |
+
client_instance = get_msal_app()
|
| 103 |
+
auth_url = client_instance.get_authorization_request_url(
|
| 104 |
+
scopes=scopes,
|
| 105 |
+
redirect_uri=REDIRECT_URI,
|
| 106 |
+
code_challenge=code_challenge,
|
| 107 |
+
code_challenge_method="S256"
|
| 108 |
+
)
|
| 109 |
+
st.write('π Please [click here]({}) to log in and authorize the app.'.format(auth_url))
|
| 110 |
+
|
| 111 |
+
# Check for authorization code in query parameters
|
| 112 |
+
query_params = st.query_params
|
| 113 |
+
if 'code' in query_params:
|
| 114 |
+
code = query_params.get('code')
|
| 115 |
+
st.write('π Authorization Code Obtained:', code[:10] + '...')
|
| 116 |
+
|
| 117 |
+
try:
|
| 118 |
+
access_token = get_access_token(code, code_verifier)
|
| 119 |
+
st.session_state['access_token'] = access_token
|
| 120 |
+
st.success("Access token acquired successfully!")
|
| 121 |
+
st.rerun()
|
| 122 |
+
except Exception as e:
|
| 123 |
+
st.error(f"Error acquiring access token: {str(e)}")
|
| 124 |
+
st.stop()
|
| 125 |
+
else:
|
| 126 |
+
# User is authenticated, proceed with the app
|
| 127 |
+
access_token = st.session_state['access_token']
|
| 128 |
+
|
| 129 |
+
# Greet the user
|
| 130 |
+
user_info = get_user_info(access_token)
|
| 131 |
+
if user_info:
|
| 132 |
+
st.sidebar.write(f"π Hello, {user_info.get('displayName', 'User')}!")
|
| 133 |
+
|
| 134 |
+
# Handle selected products
|
| 135 |
+
if selected_products:
|
| 136 |
+
st.header("𧩠M365 Product Integrations")
|
| 137 |
+
for product in selected_products:
|
| 138 |
+
st.subheader(f"{product}")
|
| 139 |
+
handle_product_integration(access_token, product)
|
| 140 |
+
else:
|
| 141 |
+
st.write("No products selected. Please select products from the sidebar.")
|
| 142 |
+
|
| 143 |
+
# Function to get user info
|
| 144 |
+
def get_user_info(access_token):
|
| 145 |
+
headers = {'Authorization': f'Bearer {access_token}'}
|
| 146 |
+
response = requests.get('https://graph.microsoft.com/v1.0/me', headers=headers)
|
| 147 |
+
if response.status_code == 200:
|
| 148 |
+
return response.json()
|
| 149 |
+
else:
|
| 150 |
+
st.error('Failed to fetch user info.')
|
| 151 |
+
return None
|
| 152 |
+
|
| 153 |
+
# Function to handle product integration
|
| 154 |
+
def handle_product_integration(access_token, product):
|
| 155 |
+
# Implement the integration logic for each product here
|
| 156 |
+
# This is a placeholder - you'll need to implement the actual API calls
|
| 157 |
+
st.write(f"Integrating {product}...")
|
| 158 |
+
# Example: if product == "π§ Outlook": get_outlook_data(access_token)
|
| 159 |
+
|
| 160 |
+
# Run the main function
|
| 161 |
+
if __name__ == "__main__":
|
| 162 |
+
main()
|