Quickstart: Sign in users and get an access token in a Node web app using the auth code flow

In this quickstart, you download and run a code sample that demonstrates how a Node.js web app can sign in users using the authorization code flow. The code sample also demonstrates how to get an access token to call Microsoft Graph API.

See How the sample works for an illustration.

This quickstart uses the Microsoft Authentication Library for Node.js (MSAL Node) with the authorization code flow.

Prerequisites

Register and download your quickstart application

Step 1: Register your application

  1. Sign in to the Azure portal.
  2. If you have access to multiple tenants, use the Directory + subscription filter in the top menu to select the tenant in which you want to register an application.
  3. Under Manage, select App registrations > New registration.
  4. Enter a Name for your application. Users of your app might see this name, and you can change it later.
  5. Under Supported account types, select Accounts in any organizational directory and personal Microsoft accounts.
  6. Set the Redirect URI value to http://localhost:3000/redirect.
  7. Select Register.
  8. On the app Overview page, note the Application (client) ID value for later use.
  9. Under Manage, select Certificates & secrets > New client secret. Leave the description blank and default expiration, and then select Add.
  10. Note the Value of the Client Secret for later use.

Step 1: Configure the application in Azure portal

For the code sample for this quickstart to work, you need to create a client secret and add a reply URL as http://localhost:3000/redirect.

Already configured Your application is configured with these attributes.

Step 2: Download the project

To run the project with a web server by using Node.js, download the core project files.

Run the project with a web server by using Node.js

Step 3: Configure your Node app

Extract the project, and open the folder ms-identity-node-main, then open the index.js file. Set the clientID with the Application (client) ID. Set the clientSecret with the Value of the Client secret.

const config = {
   auth: {
       clientId: "Enter_the_Application_Id_Here",
       authority: "https://login.microsoftonline.com/common",
       clientSecret: "Enter_the_Client_Secret_Here"
   },
    system: {
        loggerOptions: {
            loggerCallback(loglevel, message, containsPii) {
                console.log(message);
            },
            piiLoggingEnabled: false,
            logLevel: msal.LogLevel.Verbose,
        }
    }
};

Modify the values in the config section as described here:

  • Enter_the_Application_Id_Here is the Application (client) ID for the application you registered.

    To find the value of Application (client) ID, go to the app registration's Overview page in the Azure portal.

  • Enter_the_Client_Secret_Here is the Value of the Client secret for the application you registered.

    To retrieve or generate a new Client secret, under Manage, select Certificates & secrets.

The default authority value represents the main (global) Azure cloud:

authority: "https://login.microsoftonline.com/common",

Step 3: Your app is configured and ready to run

Step 4: Run the project

Run the project by using Node.js:

  1. To start the server, run the following commands from within the project directory:

    npm install
    npm start
    
  2. Browse to http://localhost:3000/.

  3. Select Sign In to start the sign-in process.

    The first time you sign in, you're prompted to provide your consent to allow the application to access your profile and sign you in. After you're signed in successfully, you will see a log message in the command line.

More information

How the sample works

The sample, when run, hosts a web server on localhost, port 3000. When a web browser accesses this site, the sample immediately redirects the user to a Microsoft authentication page. Because of this, the sample does not contain any html or display elements. Authentication success displays the message, "OK".

MSAL Node

The MSAL Node library signs in users and requests the tokens that are used to access an API that's protected by Microsoft identity platform. You can download the latest version by using the Node.js Package Manager (npm):

npm install @azure/msal-node

Next steps