Quickstart: Add sign-in with Microsoft to a Java web app

Applies to:
  • Microsoft identity platform endpoint

In this quickstart, you'll learn how to integrate a Java web application with the Microsoft identity platform. Your app will sign in a user, get an access token to call the Microsoft Graph API, and make a request to the Microsoft Graph API.

When you've completed this quickstart, your application will accept sign-ins of personal Microsoft accounts (including outlook.com, live.com, and others) and work or school accounts from any company or organization that uses Azure Active Directory.

Shows how the sample app generated by this quickstart works


To run this sample you will need:

Register and download your quickstart app

You have two options to start your quickstart application: express (Option 1), or manual (Option 2)

Option 1: Register and auto configure your app and then download your code sample

  1. Go to the Azure portal - App registrations.
  2. Enter a name for your application and select Register.
  3. Follow the instructions to download and automatically configure your new application.

Option 2: Register and manually configure your application and code sample

Step 1: Register your application

To register your application and manually add the app's registration information to your solution, follow these steps:

  1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.

  2. If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the desired Azure AD tenant.

  3. Navigate to the Microsoft identity platform for developers App registrations page.

  4. Select New registration.

  5. When the Register an application page appears, enter your application's registration information:

    • In the Name section, enter a meaningful application name that will be displayed to users of the app, for example java-webapp.
    • Leave Redirect URI blank for now, and select Register.
  6. On the Overview page, find the Application (client) ID and the Directory (tenant) ID values of the application. Copy these values for later.

  7. Select the Authentication from the menu, and then add the following information:

    • In Redirect URIs, add http://localhost:8080/msal4jsamples/secure/aad and http://localhost:8080/msal4jsamples/graph/me.
    • Select Save.
  8. Select the Certificates & secrets from the menu and in the Client secrets section, click on New client secret:

    • Type a key description (for instance app secret).
    • Select a key duration In 1 year.
    • The key value will display when you select Add.
    • Copy the value of the key for later. This key value will not be displayed again, nor retrievable by any other means, so record it as soon as it is visible from the Azure portal.

Step 1: Configure your application in the Azure portal

For the code sample for this quickstart to work, you need to:

  1. Add reply URLs as http://localhost:8080/msal4jsamples/secure/aad and http://localhost:8080/msal4jsamples/graph/me.
  2. Create a Client Secret.

Already configured Your application is configured with these attributes.

Step 2: Download the code sample

Download the Code Sample

Step 3: Configure the code sample

  1. Extract the zip file to a local folder.

  2. If you use an integrated development environment, open the sample in your favorite IDE (optional).

  3. Open the application.properties file, which can be found in src/main/resources/ folder and replace the value of the fields aad.clientId, aad.authority and aad.secretKey with the respective values of Application Id, Tenant Id and Client Secret as the following:



  • Enter_the_Application_Id_here - is the Application Id for the application you registered.
  • Enter_the_Client_Secret_Here - is the Client Secret you created in Certificates & Secrets for the application you registered.
  • Enter_the_Tenant_Info_Here - is the Directory (tenant) ID value of the application you registered.

Step 4: Run the code sample

To run the project, you can either:

Run it directly from your IDE by using the embedded spring boot server or package it to a WAR file using maven and deploy it to a J2EE container solution such as Apache Tomcat.

Running from IDE

If you are running the web application from an IDE, click on run, then navigate to the home page of the project. For this sample, the standard home page URL is http://localhost:8080

  1. On the front page, select the Login button to redirect to Azure Active Directory and prompt the user for their credentials.

  2. After the user is authenticated, they are redirected to http://localhost:8080/msal4jsamples/secure/aad. They are now signed in, and the page will show information about the signed-in account. The sample UI has the following buttons:

    • Sign Out: Signs the current user out of the application and redirects them to the home page.
    • Show User Info: Acquires a token for Microsoft Graph and calls Microsoft Graph with a request containing the token, which returns basic information about the signed-in user.


This quickstart application uses a client secret to identify itself as confidential client. Because the client secret is added as a plain-text to your project files, for security reasons it is recommended that you use a certificate instead of a client secret before considering the application as production application. For more information on how to use a certificate, see Certificate credentials for application authentication.

More information

Getting MSAL

MSAL for Java (MSAL4J) is the Java library used to sign in users and request tokens used to access an API protected by the Microsoft identity Platform.

Add MSAL4J to your application by using Maven or Gradle to manage your dependencies by making the following changes to the application's pom.xml (Maven) or build.gradle (Gradle) file.

compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.0.0'

MSAL initialization

Add a reference to MSAL for Java by adding the following code to the top of the file where you will be using MSAL4J:

import com.microsoft.aad.msal4j.*;

Next Steps

Learn more about permissions and consent:

To know more about the auth flow for this scenario, see the Oauth 2.0 authorization code flow:

Help us improve the Microsoft identity platform. Tell us what you think by completing a short two-question survey.

Help and support

If you need help, want to report an issue, or want to learn more about your support options, see the following article: