# Authenticate with Azure AD

You can authenticate the Python SDK with Azure AD by using a token retrieved when a user authenticates or with a static client secret for long-running jobs like extractors.

In this article:

# Before you start

# Authenticate with user credentials

You can authenticate the Python SDK with Azure AD by using a token retrieved with user credentials.

# Authenticate with interactive login and token refresh

Use this flow to authenticate with user credentials using the Microsoft Authentication Library (MSAL) and a token refresh.

You need to reuse the PublicClientApplication, and give a Callable to the CogniteClient to make the SDK ask for a new token on each request. The token is served from a memory cache but refreshed if needed (without requiring a user login or device code for the refresh).

NOTE: To use this flow with the code sample below, make sure the app is registered in Azure AD as the type Mobile and desktop applications with http://localhost:53000 as the Redirect URI.

Code sample: sample_interactive_login_token_refresh.py (opens new window)

# Authenticate with user credentials and device code

If a browser is not available, for example, if you are logged into a terminal, use this flow to authenticate with user credentials and use a device code to refresh the token.

NOTE: To use this flow, you need to select Allow public client flows under Authentication when registering the app in Azure AD.

Code sample: sample_device_code_token_refresh.py (opens new window)

# Authenticate with client secret

The SDK supports using client secrets directly by providing the client directly to the CogniteClient with the token_client_secret, token_client_id, token_url, and token_scopes. Use this flow for long-running jobs like extractors.

NOTE: Make sure that you have not set the COGNITE_API_KEY environment variable. It will override the token setup.

Code sample: sample_client_secret.py (opens new window)

Last Updated: 8/19/2021, 6:29:18 AM