Microsoft auth provider

At this time, Arcade does not offer a default Microsoft Auth Provider. To use Microsoft auth, you must create a custom Auth Provider with your own Microsoft OAuth 2.0 credentials as described below.

The Microsoft auth provider enables tools and agents to call the Microsoft Graph API on behalf of a user. Behind the scenes, the Arcade Engine and the Microsoft auth provider seamlessly manage Microsoft OAuth 2.0 authorization for your users.

What’s documented here

This page describes how to use and configure Microsoft auth with Arcade.

This auth provider is used by:

Your app code that needs to call Microsoft Graph APIs
Or, your custom tools that need to call Microsoft Graph APIs

Configuring Microsoft auth

In a production environment, you will most likely want to use your own Microsoft app credentials. This way, your users will see your application’s name requesting permission.

You can use your own Microsoft credentials in both the Arcade Cloud and in a self-hosted Arcade Engine instance.

Before showing how to configure your Microsoft app credentials, let’s go through the steps to create a Microsoft app.

Create a Microsoft app

Follow Microsoft’s guide to registering an app with the Microsoft identity platform
Choose the permissions (scopes) you need for your app
Set the redirect URL to: https://cloud.arcade.dev/api/v1/oauth/callback
Copy the client ID and client secret to use below

Next, add the Microsoft app to your Arcade Engine configuration. You can do this in the Arcade Dashboard, or by editing the engine.yaml file directly (for a self-hosted instance).

Configuring your own Microsoft Auth Provider in Arcade

There are two ways to configure your Microsoft app credentials in Arcade:

From the Arcade Dashboard GUI
By editing the engine.yaml file directly (for a self-hosted Arcade Engine)

We show both options step-by-step below.

Configure Microsoft Auth Using the Arcade Dashboard GUI

Access the Arcade Dashboard

To access the Arcade Cloud dashboard, go to api.arcade.dev/dashboard. If you are self-hosting, by default the dashboard will be available at http://localhost:9099/dashboard. Adjust the host and port number to match your environment.

Navigate to the OAuth Providers page

Under the OAuth section of the Arcade Dashboard left-side menu, click Providers.
Click Add OAuth Provider in the top right corner.
Select the Included Providers tab at the top.
In the Provider dropdown, select Microsoft.

Enter the provider details

Choose a unique ID for your provider (e.g. “my-microsoft-provider”).
Optionally enter a Description.
Enter the Client ID and Client Secret from your Microsoft app.

Create the provider

Hit the Create button and the provider will be ready to be used in the Arcade Engine.

When you use tools that require Microsoft auth using your Arcade account credentials, the Arcade Engine will automatically use this Microsoft OAuth provider. If you have multiple Microsoft providers, see using multiple auth providers of the same type for more information.

Using Microsoft auth in app code

Use the Microsoft auth provider in your own agents and AI apps to get a user token for Microsoft Graph APIs. See authorizing agents with Arcade to understand how this works.

Use client.auth.start() to get a user token for Microsoft Graph APIs:

from arcadepy import Arcade
 
client = Arcade()  # Automatically finds the `ARCADE_API_KEY` env variable
 
user_id = "user@example.com"
 
# Start the authorization process
auth_response = client.auth.start(
    user_id=user_id,
    provider="microsoft",
    scopes=["User.Read", "Files.Read"],
)
 
if auth_response.status != "completed":
    print("Please complete the authorization challenge in your browser:")
    print(auth_response.url)
 
# Wait for the authorization to complete
auth_response = client.auth.wait_for_completion(auth_response)
 
token = auth_response.context.token
# TODO: Do something interesting with the token...

Using Microsoft auth in custom tools

You can author your own custom tools that interact with Microsoft Graph APIs.

Use the Microsoft() auth class to specify that a tool requires authorization with Microsoft. The context.authorization.token field will be automatically populated with the user’s Microsoft token:

from typing import Annotated
 
import httpx
 
from arcade.sdk import ToolContext, tool
from arcade.sdk.auth import Microsoft
 
 
@tool(
    requires_auth=Microsoft(
        scopes=["User.Read", "Files.Read"],
    )
)
async def get_file_contents(
    context: ToolContext,
    file_id: Annotated[str, "The ID of the file to get the contents of"],
) -> Annotated[str, "The contents of the file"]:
    """Get the contents of a file from Microsoft Graph."""
    url = f"https://graph.microsoft.com/v1.0/me/drive/items/{file_id}"
    headers = {"Authorization": f"Bearer {context.authorization.token}"}
 
    async with httpx.AsyncClient() as client:
        response = await client.get(
            url=url,
            headers=headers,
        )
        response.raise_for_status()
        return response.json()

Linkedin Notion

Microsoft auth provider

What’s documented here

Configuring Microsoft auth

Create a Microsoft app

Configuring your own Microsoft Auth Provider in Arcade

Configure Microsoft Auth Using the Arcade Dashboard GUI

Access the Arcade Dashboard

Navigate to the OAuth Providers page

Enter the provider details

Create the provider

Configuring Microsoft auth in self-hosted Arcade Engine configuration

Set environment variables

Edit the Engine configuration

Using Microsoft auth in app code

Using Microsoft auth in custom tools