Microsoft identity platform code samples (v2.0 endpoint)

You can use Microsoft identity platform to:

  • Add authentication and authorization to your web applications and web APIs.
  • Require an access token to access a protected web API.

This article briefly describes and provides you with links to samples for the Microsoft identity platform endpoint. These samples show you how it's done, and also provide code snippets that you can use in your applications. On the code sample page, you'll find detailed readme topics that help with requirements, installation, and setup. Comments within the code help you understand the critical sections.

Note

If you're interested in v1.0 samples, see Azure AD code samples (v1.0 endpoint).

To understand the basic scenario for each sample type, see App types for the Microsoft identity platform endpoint.

You can also contribute to the samples on GitHub. To learn how, see Microsoft Azure Active Directory samples and documentation.

Single-page applications

These samples show how to write a single-page application secured with Microsoft identity platform. These samples use one of the flavors of MSAL.js.

Platform Description Link
This image shows the JavaScript logo JavaScript (MSAL.js) SPA calls Microsoft Graph javascript-graphapi-v2
This image shows the JavaScript logo JavaScript (MSAL.js) SPA calls Microsoft Graph using Auth Code Flow w/ PKCE javascript-v2
This image shows the JavaScript logo JavaScript (MSAL.js) SPA calls B2C b2c-javascript-msal-singlepageapp
This image shows the Angular logo JavaScript (MSAL-Angular) SPA calls Microsoft Graph active-directory-javascript-singlepageapp-angular
This image shows the Angular logo Angular (MSAL-Angular) SPA calls custom Web API ms-identity-javascript-angular-spa-aspnetcore-webapi
This image shows the Angular logo Angular (MSAL-Angular) SPA calls B2C active-directory-b2c-javascript-angular-spa
This image shows the React logo React (MSAL.js) SPA calls custom Web API which in turn calls Microsoft Graph ms-identity-javascript-react-spa-dotnetcore-webapi-obo
This image shows the Angular logo Angular (MSAL-Angular) SPA calls custom Web API with App Roles and Security Groups ms-identity-javascript-angular-spa-dotnetcore-webapi-roles-groups

Web applications

The following samples illustrate web applications that sign in users. Some samples also demonstrate the application calling Microsoft Graph, or your own web API with the user's identity.

Platform Only signs in users Signs in users and calls Microsoft Graph
This image shows the ASP.NET Core logo

ASP.NET Core
ASP.NET Core WebApp signs-in users tutorial Same sample in the ASP.NET Core web app calls Microsoft Graph phase
This image shows the ASP.NET logo

ASP.NET
ASP.NET Quickstart

dotnet-webapp-openidconnect-v2
dotnet-admin-restricted-scopes-v2

msgraph-training-aspnetmvcapp
This image shows the Java logo ms-identity-java-webapp
This image shows the Python logo ms-identity-python-webapp
This image shows the Ruby logo msgraph-training-rubyrailsapp

Desktop and mobile public client apps

The following samples show public client applications (desktop or mobile applications) that access the Microsoft Graph API, or your own web API in the name of a user. Apart from the Desktop (Console) with WAM sample, all these client applications use Microsoft Authentication Library (MSAL).

Client application Platform Flow/grant Calls Microsoft Graph Calls an ASP.NET Core web API
Desktop (WPF) This image shows the .NET/C# logo Authorization code dotnet-desktop-msgraph-v2 dotnet-native-aspnetcore-v2
Desktop (Console) This image shows the .NET/C# (Desktop) logo Integrated Windows Authentication dotnet-iwa-v2
Desktop (Console) This image shows the Java logo Integrated Windows Authentication ms-identity-java-desktop
Desktop (Console) This image shows the .NET/C# (Desktop) logo Username/Password dotnetcore-up-v2
Desktop (Console) with WAM This image shows the .NET/C# (Desktop) logo Interactive with Web Account Manager (WAM) dotnet-native-uwp-wam
Desktop (Console) This image shows the Java logo Username/Password ms-identity-java-desktop
Desktop (Console) This image shows the Python logo Username/Password ms-identity-python-desktop
Mobile (Android, iOS, UWP) This image shows the .NET/C# (Xamarin) logo Authorization code xamarin-native-v2
Mobile (iOS) This image shows iOS/Objective-C or Swift Authorization code ios-swift-objc-native-v2

ios-native-nxoauth2-v2
Desktop (macOS) macOS Authorization code macOS-swift-objc-native-v2
Mobile (Android-Java) This image shows the Android logo Authorization code android-Java
Mobile (Android-Kotlin) This image shows the Android logo Authorization code android-Kotlin

Daemon applications

The following samples show an application that accesses the Microsoft Graph API with its own identity (with no user).

Client application Platform Flow/Grant Calls Microsoft Graph
Console This image shows the .NET Core logo

ASP.NET
Client Credentials dotnetcore-daemon-v2
Web app This image shows the ASP.NET logo

ASP.NET
Client Credentials dotnet-daemon-v2
Console This image shows the Java logo Client Credentials ms-identity-java-daemon
Console This image shows the Python logo Client Credentials ms-identity-python-daemon

Headless applications

The following sample shows a public client application running on a device without a web browser. The app can be a command-line tool, an app running on Linux or Mac, or an IoT application. The sample features an app accessing the Microsoft Graph API, in the name of a user who signs-in interactively on another device (such as a mobile phone). This client application uses Microsoft Authentication Library (MSAL).

Client application Platform Flow/Grant Calls Microsoft Graph
Desktop (Console) This image shows the .NET/C# (Desktop) logo Device code flow dotnetcore-devicecodeflow-v2
Desktop (Console) This image shows the Java logo Device code flow ms-identity-java-devicecodeflow
Desktop (Console) This image shows the Python logo Device code flow ms-identity-python-devicecodeflow

Multi-tenant SaaS applications

The following samples show how to configure your application to accept sign-ins from any Azure Active Directory (Azure AD) tenant. Configuring your application to be multi-tenant means that you can offer a Software as a Service (SaaS) application to many organizations, allowing their users to be able to sign-in to your application after consenting to use their account.

Platform Description Link
This image shows the JavaScript logo JavaScript (MSAL.js) Multi-tenant SPA calls Graph API ms-identity-javascript-angular-spa-aspnet-webapi-multitenant
This image shows the Angular logo Angular (MSAL-Angular) Multi-tenant SPA calls multi-tenant custom Web API ms-identity-javascript-angular-spa-aspnet-webapi-multitenant
This image shows the ASP.NET Core logo .NET Core (MSAL.NET) ASP.NET Core MVC web application calls Graph API active-directory-aspnetcore-webapp-openidconnect-v2
This image shows the ASP.NET Core logo .NET Core (MSAL.NET) ASP.NET Core MVC web application calls ASP.NET Core Web API active-directory-aspnetcore-webapp-openidconnect-v2

Web APIs

The following samples show how to protect a web API with the Microsoft identity platform endpoint, and how to call a downstream API from the web API.

Platform Sample
This image shows the ASP.NET Core logo

ASP.NET Core
ASP.NET Core web API (service) of dotnet-native-aspnetcore-v2
This image shows the ASP.NET logo

ASP.NET MVC
Web API (service) of ms-identity-aspnet-webapi-onbehalfof
This image shows the Java logo Web API (service) of ms-identity-java-webapi
This image shows the Node.js logo Web API (service) of active-directory-javascript-nodejs-webapi-v2
This image shows the Node.js logo B2C Web API (service) of active-directory-b2c-javascript-nodejs-webapi

Azure Functions as web APIs

The following samples show how to protect an Azure Function using HttpTrigger and exposing a web API with the Microsoft identity platform endpoint, and how to call a downstream API from the web API.

Platform Sample
This image shows the ASP.NET Core logo

ASP.NET Core
ASP.NET Core web API (service) Azure Function of dotnet-native-aspnetcore-v2
This image shows the Node.js logo

NodeJS
Web API (service) of NodeJS and passport-azure-ad
This image shows the Python logo

Python
Web API (service) of Python
This image shows the Node.js logo

NodeJS
Web API (service) of NodeJS and passport-azure-ad using on behalf of

Other Microsoft Graph samples

To learn about samples and tutorials that demonstrate different usage patterns for the Microsoft Graph API, including authentication with Azure AD, see Microsoft Graph Community samples & tutorials.

See also