Skip to content

Latest commit

 

History

History
151 lines (122 loc) · 6.61 KB

quickstart-v2-nodejs-webapp-msal.md

File metadata and controls

151 lines (122 loc) · 6.61 KB
Raw
title titleSuffix description services author manager ms.service ms.subservice ms.topic ms.workload ms.date ms.author ms.custom
Quickstart: Add authentication to a Node.js web app with MSAL Node | Azure
Microsoft identity platform
In this quickstart, you learn how to implement authentication with a Node.js web app and the Microsoft Authentication Library (MSAL) for Node.js.
active-directory
mmacy
celested
active-directory
develop
quickstart
identity
10/22/2020
marsma
aaddev, scenarios:getting-started, languages:js, devx-track-js

Quickstart: Sign in users and get an access token in a Node web app using the auth code flow

In this quickstart, you download and run a code sample that demonstrates how a Node.js web app can sign in users by using the authorization code flow. The code sample also demonstrates how to get an access token to call Microsoft Graph API.

See How the sample works for an illustration.

This quickstart uses the Microsoft Authentication Library for Node.js (MSAL Node) with the authorization code flow.

Prerequisites

[!div renderon="docs"]

Register and download your quickstart application

Step 1: Register your application

  1. Sign in to the Azure portal.
  2. If you have access to multiple tenants, use the Directory + subscription filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: to select the tenant in which you want to register an application.
  3. Under Manage, select App registrations > New registration.
  4. Enter a Name for your application. Users of your app might see this name, and you can change it later.
  5. Under Supported account types, select Accounts in any organizational directory and personal Microsoft accounts.
  6. Set the Redirect URI value to http://localhost:3000/redirect.
  7. Select Register.
  8. On the app Overview page, note the Application (client) ID value for later use.
  9. Under Manage, select Certificates & secrets > New client secret. Leave the description blank and default expiration, and then select Add.
  10. Note the value of Client secret for later use.

[!div class="sxs-lookup" renderon="portal"]

Step 1: Configure the application in Azure portal

For the code sample for this quickstart to work, you need to create a client secret and add the following reply URL: http://localhost:3000/redirect.

[!div renderon="portal" id="makechanges" class="nextstepaction"] Make this change for me

[!div id="appconfigured" class="alert alert-info"] Already configured Your application is configured with these attributes.

Step 2: Download the project

[!div renderon="docs"] To run the project with a web server by using Node.js, download the core project files.

[!div renderon="portal" class="sxs-lookup"] Run the project with a web server by using Node.js.

[!div renderon="portal" class="sxs-lookup" id="autoupdate" class="nextstepaction"] Download the code sample

[!div renderon="docs"]

Step 3: Configure your Node app

Extract the project, open the ms-identity-node-main folder, and then open the index.js file.

Set the clientID value with the application (client) ID, and then set the clientSecret value with the client secret.

const config = {
   auth: {
       clientId: "Enter_the_Application_Id_Here",
       authority: "https://login.microsoftonline.com/common",
       clientSecret: "Enter_the_Client_Secret_Here"
   },
    system{
        loggerOptions{
            loggerCallback(loglevel, message, containsPii) {
                console.log(message);
            },
            piiLoggingEnabled: false,
            logLevelmsal.LogLevel.Verbose,
        }
    }
};

[!div renderon="docs"]

Modify the values in the config section:

  • Enter_the_Application_Id_Here is the application (client) ID for the application you registered.

    To find the application (client) ID, go to the app registration's Overview page in the Azure portal.

  • Enter_the_Client_Secret_Here is the client secret for the application you registered.

    To retrieve or generate a new client secret, under Manage, select Certificates & secrets.

The default authority value represents the main (global) Azure cloud:

authority: "https://login.microsoftonline.com/common",

[!div class="sxs-lookup" renderon="portal"]

Step 3: Your app is configured and ready to run

[!div renderon="docs"]

Step 4: Run the project

Run the project by using Node.js.

  1. To start the server, run the following commands from within the project directory:

    npm install
npm start

  2. Go to http://localhost:3000/.

  3. Select Sign In to start the sign-in process.

    The first time you sign in, you're prompted to provide your consent to allow the application to access your profile and sign you in. After you're signed in successfully, you will see a log message in the command line.

More information

How the sample works

The sample hosts a web server on localhost, port 3000. When a web browser accesses this site, the sample immediately redirects the user to a Microsoft authentication page. Because of this, the sample does not contain any HTML or display elements. Authentication success displays the message "OK".

MSAL Node

The MSAL Node library signs in users and requests the tokens that are used to access an API that's protected by Microsoft identity platform. You can download the latest version by using the Node.js Package Manager (npm):

npm install @azure/msal-node

Next steps

[!div class="nextstepaction"] Adding Auth to an existing web app - GitHub code sample >