Quickstart: Add sign in using OpenID Connect to a Node.js web app

In this quickstart, you download and run a code sample that demonstrates how to set up OpenID Connect authentication in a web application built using Node.js with Express. The sample is designed to run on any platform.

Prerequisites

Register your application

  1. Sign in to the Azure portal.

  2. If you have access to multiple tenants, use the Directory + subscription filter in the top menu to select the tenant in which you want to register an application.

  3. Search for and select Azure Active Directory.

  4. Under Manage, select App registrations > New registration.

  5. Enter a Name for your application, for example MyWebApp. Users of your app might see this name, and you can change it later.

  6. In the Supported account types section, select Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox, Outlook.com).

    If there are more than one redirect URIs, add these from the Authentication tab later after the app has been successfully created.

  7. Select Register to create the app.

  8. On the app's Overview page, find the Application (client) ID value and record it for later. You'll need this value to configure the application later in this project.

  9. Under Manage, select Authentication.

  10. Select Add a platform > Web.

  11. In the Redirect URIs section, enter http://localhost:3000/auth/openid/return.

  12. Enter a Front-channel logout URL https://localhost:3000.

  13. In the Implicit grant and hybrid flows section, select ID tokens as this sample requires the Implicit grant flow to be enabled to sign-in the user.

  14. Select Configure.

  15. Under Manage, select Certificates & secrets > New client secret.

  16. Enter a key description (for instance app secret).

  17. Select a key duration of either In 1 year, In 2 years, or Never Expires.

  18. Select Add. The key value will be displayed. Copy the key value and save it in a safe location for later use.

Download the sample application and modules

Next, clone the sample repo and install the NPM modules.

From your shell or command line:

$ git clone git@github.com:AzureADQuickStarts/AppModelv2-WebApp-OpenIDConnect-nodejs.git

or

$ git clone https://github.com/AzureADQuickStarts/AppModelv2-WebApp-OpenIDConnect-nodejs.git

From the project root directory, run the command:

$ npm install

Configure the application

Provide the parameters in exports.creds in config.js as instructed.

  • Update <tenant_name> in exports.identityMetadata with the Azure AD tenant name of the format *.onmicrosoft.com.
  • Update exports.clientID with the Application ID noted from app registration.
  • Update exports.clientSecret with the Application secret noted from app registration.
  • Update exports.redirectUrl with the Redirect URI noted from app registration.

Optional configuration for production apps:

  • Update exports.destroySessionUrl in config.js, if you want to use a different post_logout_redirect_uri.

  • Set exports.useMongoDBSessionStore in config.js to true, if you want to use mongoDB or other compatible session stores. The default session store in this sample is express-session. The default session store is not suitable for production.

  • Update exports.databaseUri, if you want to use mongoDB session store and a different database URI.

  • Update exports.mongoDBSessionMaxAge. Here you can specify how long you want to keep a session in mongoDB. The unit is second(s).

Build and run the application

Start mongoDB service. If you are using mongoDB session store in this app, you have to install mongoDB and start the service first. If you are using the default session store, you can skip this step.

Run the app using the following command from your command line.

$ node app.js

Is the server output hard to understand?: We use bunyan for logging in this sample. The console won't make much sense to you unless you also install bunyan and run the server like above but pipe it through the bunyan binary:

$ npm install -g bunyan

$ node app.js | bunyan

You're done!

You will have a server successfully running on http://localhost:3000.

Help and support

If you need help, want to report an issue, or want to learn about your support options, see Help and support for developers.

Next steps

Learn more about the web app scenario that the Microsoft identity platform supports: