What type of app/authentication flow should I select to read my cloud OneNote content using a Python script and a personal Microsoft account?

Question

I am completely new to MS Identity services and I am overwhelmed by the many options I have for what I need to do

Here is what I am trying to achieve: I have a OneNote personal account and notes stored in the MS Cloud (OneDrive I guess). I need to be able to run a Python script, get the content of my notes, do some processing and save them back. This will be from the command line on a home Windows10 computer

My question: what type of application should I register in MS AD and what type of authentication flow should I used for the above?

I have tried many things and this is as far as I could get:
-I registered an app with Azure AD (tried both personal and AD app)
-I configured the app as Windows App -I selected a device authentication flow

I tried this code with both types of app

import requests
import json
from msal import PublicClientApplication
tenant = "5fae6798-ca1a-49d4-a5fb-xxxxxxx" ◄ regular app
client_id = "d03a79d3-1de0-494c-8eb0-xxx"  ◄ personal app
#client_id="bbd3d6df-f5f3-4206-8bd5-xxxxxx"

scopes=["Notes.ReadWrite.All","Notes.Read.All","Notes.Read","Notes.Create","Notes.ReadWrite",
        "Notes.ReadWrite.CreatedByApp","Notes.Read","Notes.Create","Notes.ReadWrite",
        "Notes.ReadWrite.CreatedByApp","Notes.Read.All","Notes.ReadWrite.All"]

endpoint= "https://graph.microsoft.com/v1.0/me"
authority = "https://login.microsoftonline.com/" + tenant

app=PublicClientApplication(client_id=client_id, authority=authority)
flow = app.initiate_device_flow(scopes=scopes)
if "user_code" not in flow:
        raise ValueError(
            "Fail to create device flow. Err: %s" % json.dumps(flow, indent=4))
print(flow["message"])

result = app.acquire_token_by_device_flow(flow)


endpoint= "https://graph.microsoft.com/v1.0/users/c5af8759-4785-4abf-9434-xxxx/onenote/notebooks"
if "access_token" in result:
    # Calling graph using the access token
    graph_data = requests.get(  # Use token to call downstream service
        endpoint,
        headers={'Authorization': 'Bearer ' + result['access_token']},).json()
    print("Graph API call result: %s" % json.dumps(graph_data, indent=2))
else:
    print(result.get("error"))
    print(result.get("error_description"))
    print(result.get("correlation_id"))  # You may need this when reporting a bug

Regular application

To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code AH2UHFDXB to authenticate.

Graph API call result: {
  "error": {
    "code": "30108",
    "message": "OneDrive for Business for this user account cannot be retrieved.",
    "innerError": {
      "request-id": "016910d2-c193-4e3f-9d51-52fce86bfc72",
      "date": "2020-05-14T16:45:44"
    }
  }
}

Personal application output

Fail to create device flow. Err: {
    "error": "invalid_request",
    "error_description": "AADSTS9002331: Application 'bbd3d6df-f5f3-4206-8bd5-xxxxxxx'(OneNotePersonal) is configured for use by Microsoft Account users only. Please use the /consumers endpoint to serve this request.\r\nTrace ID: 1c4047e6-98a8-4615-9a0c-4b0dc9ba5600\r\nCorrelation ID: a6733520-6df9-422a-a6b4-e8f4e2de1265\r\nTimestamp: 2020-05-14 16:56:27Z",
    "error_codes": [
        9002331
    ],
    "timestamp": "2020-05-14 16:56:27Z",
    "trace_id": "1c4047e6-98a8-4615-9a0c-4b0dc9ba5600",
    "correlation_id": "a6733520-6df9-422a-a6b4-e8f4e2de1265",
    "interval": 5,
    "expires_in": 1800,
    "expires_at": 1589477187.9909642,
    "_correlation_id": "a6733520-6df9-422a-a6b4-e8f4e2de1265"
}

Answer 1

This was solved this way

That error message suggests you to create your authority string as   
authority = "https://login.microsoftonline.com/consumers",  

because you were using the client_id of a "personal app". Change that authority, and you can proceed.