Integrations
Auth Providers
Microsoft

Microsoft auth provider

The Microsoft auth provider enables tools and agents to call the Microsoft Graph API on behalf of a user. Behind the scenes, the Arcade Engine and the Microsoft auth provider seamlessly manage Microsoft OAuth 2.0 authorization for your users.

What's documented here

This page describes how to use and configure Microsoft auth with Arcade AI.

This auth provider is used by:

  • Your app code that needs to call Microsoft Graph APIs
  • Or, your custom tools that need to call Microsoft Graph APIs

Configuring Microsoft auth

How you configure the Microsoft auth provider depends on whether you use the Arcade Cloud Engine or a self-hosted Engine.

With the Arcade Cloud Engine, you can start building and testing Microsoft auth without any configuration. Your users will see Arcade AI (demo) as the name of the application that's requesting permission.

When you are ready to go to production, you'll want to configure the Microsoft auth provider with your own Microsoft app credentials, so users see your app name when they authorize access.

Create a Microsoft app

Configuring Microsoft auth with the Arcade Cloud Engine

Coming soon! In 0.1.0-preview, the Arcade Cloud Engine does not yet support configuring auth providers.

Configuring Microsoft auth with a self-hosted Arcade Engine

Set environment variables

Set the following environment variables:

export MICROSOFT_CLIENT_ID="<your client ID>"
export MICROSOFT_CLIENT_SECRET="<your client secret>"

Or, you can set these values in a .env file:

MICROSOFT_CLIENT_ID="<your client ID>"
MICROSOFT_CLIENT_SECRET="<your client secret>"

See Engine configuration for more information on how to set environment variables and configure the Arcade Engine.

Edit the Engine configuration

Edit the engine.yaml file and add a microsoft item to the auth.providers section:

auth:
  providers:
    - id: microsoft
      client_id: ${env:MICROSOFT_CLIENT_ID}
      client_secret: ${env:MICROSOFT_CLIENT_SECRET}

Using Microsoft auth in app code

Use the Microsoft auth provider in your own agents and AI apps to get a user token for Microsoft Graph APIs. See authorizing agents with Arcade to understand how this works.

Use client.auth.start() to get a user token for Microsoft Graph APIs:

from arcadepy import Arcade
 
client = Arcade()  # Automatically finds the `ARCADE_API_KEY` env variable
 
user_id = "[email protected]"
 
# Start the authorization process
auth_response = client.auth.start(
    user_id=user_id,
    provider="microsoft",
    scopes=["User.Read", "Files.Read"],
)
 
if auth_response.status != "completed":
    print("Please complete the authorization challenge in your browser:")
    print(auth_response.authorization_url)
 
# Wait for the authorization to complete
auth_response = client.auth.wait_for_completion(auth_response)
 
token = auth_response.context.token
# TODO: Do something interesting with the token...

Using Microsoft auth in custom tools

The Arcade LLM API is a convenient way to call LLMs and automatically invoke tools. You can author your own custom tools that interact with Microsoft Graph APIs.

Use the Microsoft() auth class to specify that a tool requires authorization with Microsoft. The context.authorization.token field will be automatically populated with the user's Microsoft token:

from typing import Annotated
 
import httpx
 
from arcade.sdk import ToolContext, tool
from arcade.sdk.auth import Microsoft
 
 
@tool(
    requires_auth=Microsoft(
        scopes=["User.Read", "Files.Read"],
    )
)
async def get_file_contents(
    context: ToolContext,
    file_id: Annotated[str, "The ID of the file to get the contents of"],
) -> Annotated[str, "The contents of the file"]:
    """Get the contents of a file from Microsoft Graph."""
    url = f"https://graph.microsoft.com/v1.0/me/drive/items/{file_id}"
    headers = {"Authorization": f"Bearer {context.authorization.token}"}
 
    async with httpx.AsyncClient() as client:
        response = await client.get(
            url=url,
            headers=headers,
        )
        response.raise_for_status()
        return response.json()