Spaces:

awacke1
/

MSGraphAPI

Sleeping

App Files Files Community

awacke1 commited on Oct 14, 2024

Commit

c3ac390

verified ·

1 Parent(s): 8a41b61

Update app.py

Browse files

Files changed (1) hide show

app.py +14 -25

app.py CHANGED Viewed

@@ -7,7 +7,7 @@ import base64
 import hashlib
 import secrets
-# 🤓 Load environment variables (Ensure these are set!)
 APPLICATION_ID_KEY = os.getenv('APPLICATION_ID_KEY')
 CLIENT_SECRET_KEY = os.getenv('CLIENT_SECRET_KEY')
 AUTHORITY_URL = 'https://login.microsoftonline.com/common'
@@ -33,29 +33,28 @@ PRODUCT_SCOPES = {
     "🔗 Azure OpenAI Service": ['AzureAIServices.ReadWrite.All']
 }
-# Always include these base scopes
-BASE_SCOPES = ['User.Read', 'openid', 'profile', 'offline_access']
-# Function to generate PKCE code verifier and challenge
 def generate_pkce_codes():
     code_verifier = secrets.token_urlsafe(128)[:128]
     code_challenge = base64.urlsafe_b64encode(hashlib.sha256(code_verifier.encode()).digest()).decode().rstrip('=')
     return code_verifier, code_challenge
-def get_msal_app(code_challenge=None):
     return msal.PublicClientApplication(
         client_id=APPLICATION_ID_KEY,
         authority=AUTHORITY_URL
     )
-# Function to get access token
 def get_access_token(code, code_verifier):
     client_instance = get_msal_app()
     try:
         result = client_instance.acquire_token_by_authorization_code(
             code=code,
-            scopes=st.session_state.get('scopes', BASE_SCOPES),
             redirect_uri=REDIRECT_URI,
             code_verifier=code_verifier
         )
@@ -69,11 +68,9 @@ def get_access_token(code, code_verifier):
         st.error(f"Exception in get_access_token: {str(e)}")
         raise
-# Main application function
 def main():
     st.title("🦄 MS Graph API with AI & Cloud Integration for M365")
-    # Sidebar for product selection
     st.sidebar.title("📝 M365 Products")
     st.sidebar.write("Select products to integrate:")
@@ -84,13 +81,14 @@ def main():
             selected_products[product] = True
     # Dynamically build scopes based on selected products
-    scopes = BASE_SCOPES.copy()
     for product in selected_products:
-        scopes.extend(PRODUCT_SCOPES[product])
-    scopes = list(set(scopes))  # Remove duplicates
-    st.session_state['scopes'] = scopes
-    # Authentication flow
     if 'access_token' not in st.session_state:
         if 'code_verifier' not in st.session_state:
             code_verifier, code_challenge = generate_pkce_codes()
@@ -101,14 +99,13 @@ def main():
         client_instance = get_msal_app()
         auth_url = client_instance.get_authorization_request_url(
-            scopes=scopes,
             redirect_uri=REDIRECT_URI,
             code_challenge=code_challenge,
             code_challenge_method="S256"
         )
         st.write('👋 Please [click here]({}) to log in and authorize the app.'.format(auth_url))
-        # Check for authorization code in query parameters
         query_params = st.query_params
         if 'code' in query_params:
             code = query_params.get('code')
@@ -123,15 +120,12 @@ def main():
                 st.error(f"Error acquiring access token: {str(e)}")
                 st.stop()
     else:
-        # User is authenticated, proceed with the app
         access_token = st.session_state['access_token']
-        # Greet the user
         user_info = get_user_info(access_token)
         if user_info:
             st.sidebar.write(f"👋 Hello, {user_info.get('displayName', 'User')}!")
-        # Handle selected products
         if selected_products:
             st.header("🧩 M365 Product Integrations")
             for product in selected_products:
@@ -140,7 +134,6 @@ def main():
         else:
             st.write("No products selected. Please select products from the sidebar.")
-# Function to get user info
 def get_user_info(access_token):
     headers = {'Authorization': f'Bearer {access_token}'}
     response = requests.get('https://graph.microsoft.com/v1.0/me', headers=headers)
@@ -150,13 +143,9 @@ def get_user_info(access_token):
         st.error('Failed to fetch user info.')
         return None
-# Function to handle product integration
 def handle_product_integration(access_token, product):
-    # Implement the integration logic for each product here
-    # This is a placeholder - you'll need to implement the actual API calls
     st.write(f"Integrating {product}...")
-    # Example: if product == "📧 Outlook": get_outlook_data(access_token)
-# Run the main function
 if __name__ == "__main__":
     main()

 import hashlib
 import secrets
+# Configuration
 APPLICATION_ID_KEY = os.getenv('APPLICATION_ID_KEY')
 CLIENT_SECRET_KEY = os.getenv('CLIENT_SECRET_KEY')
 AUTHORITY_URL = 'https://login.microsoftonline.com/common'
     "🔗 Azure OpenAI Service": ['AzureAIServices.ReadWrite.All']
 }
+# Separate reserved scopes
+RESERVED_SCOPES = ['openid', 'profile', 'offline_access']
+BASE_SCOPES = ['User.Read']  # Non-reserved base scopes
 def generate_pkce_codes():
     code_verifier = secrets.token_urlsafe(128)[:128]
     code_challenge = base64.urlsafe_b64encode(hashlib.sha256(code_verifier.encode()).digest()).decode().rstrip('=')
     return code_verifier, code_challenge
+def get_msal_app():
     return msal.PublicClientApplication(
         client_id=APPLICATION_ID_KEY,
         authority=AUTHORITY_URL
     )
 def get_access_token(code, code_verifier):
     client_instance = get_msal_app()
     try:
         result = client_instance.acquire_token_by_authorization_code(
             code=code,
+            scopes=st.session_state.get('all_scopes', BASE_SCOPES + RESERVED_SCOPES),
             redirect_uri=REDIRECT_URI,
             code_verifier=code_verifier
         )
         st.error(f"Exception in get_access_token: {str(e)}")
         raise
 def main():
     st.title("🦄 MS Graph API with AI & Cloud Integration for M365")
     st.sidebar.title("📝 M365 Products")
     st.sidebar.write("Select products to integrate:")
             selected_products[product] = True
     # Dynamically build scopes based on selected products
+    request_scopes = BASE_SCOPES.copy()
     for product in selected_products:
+        request_scopes.extend(PRODUCT_SCOPES[product])
+    request_scopes = list(set(request_scopes))  # Remove duplicates
+    # Store all scopes (including reserved) for token acquisition
+    st.session_state['all_scopes'] = request_scopes + RESERVED_SCOPES
     if 'access_token' not in st.session_state:
         if 'code_verifier' not in st.session_state:
             code_verifier, code_challenge = generate_pkce_codes()
         client_instance = get_msal_app()
         auth_url = client_instance.get_authorization_request_url(
+            scopes=request_scopes,  # Use only non-reserved scopes for the auth request
             redirect_uri=REDIRECT_URI,
             code_challenge=code_challenge,
             code_challenge_method="S256"
         )
         st.write('👋 Please [click here]({}) to log in and authorize the app.'.format(auth_url))
         query_params = st.query_params
         if 'code' in query_params:
             code = query_params.get('code')
                 st.error(f"Error acquiring access token: {str(e)}")
                 st.stop()
     else:
         access_token = st.session_state['access_token']
         user_info = get_user_info(access_token)
         if user_info:
             st.sidebar.write(f"👋 Hello, {user_info.get('displayName', 'User')}!")
         if selected_products:
             st.header("🧩 M365 Product Integrations")
             for product in selected_products:
         else:
             st.write("No products selected. Please select products from the sidebar.")
 def get_user_info(access_token):
     headers = {'Authorization': f'Bearer {access_token}'}
     response = requests.get('https://graph.microsoft.com/v1.0/me', headers=headers)
         st.error('Failed to fetch user info.')
         return None
 def handle_product_integration(access_token, product):
     st.write(f"Integrating {product}...")
+    # Implement product-specific API calls here
 if __name__ == "__main__":
     main()