Microsoft identity platform code samples

These code samples, built and maintained by Microsoft, demonstrate authentication and authorization by using Azure AD and the Microsoft identity platform in several application types, development languages, and frameworks.

  • Sign in users to web applications and provide authorized access to protected web APIs.
  • Protect a web API by requiring an access token to perform API operations.

Each code sample includes a README.md file that describes how to build the project (if applicable) and run the sample application. Comments in the code help you understand critical sections that implementing authentication and authorization using authentication libraries and the identity platform.

Single-page applications

These samples show how to write a single-page application secured with Microsoft identity platform. These samples use one of the flavors of MSAL.js.

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
Angular Sign in users
Sign in users (B2C)
Call Microsoft Graph
Call .NET Core web API
Call .NET Core web API (B2C)
Call Microsoft Graph via OBO
Call .NET Core web API using PoP
Use App Roles for access control
Use Security Groups for access control
Deploy to Azure Storage and App Service
MSAL Angular • Authorization code with PKCE
• On-behalf-of (OBO)
• Proof of Possession (PoP)
Blazor WebAssembly Sign in users
Sign in users (B2C)
Call Microsoft Graph
Deploy to Azure App Service
MSAL.js Implicit Flow
JavaScript Sign in users
Sign in users (B2C)
Call Microsoft Graph
Call Node.js web API
Call Node.js web API (B2C)
Call Microsoft Graph via OBO
Call Node.js web API via OBO and CA
Deploy to Azure Storage and App Service
MSAL.js • Authorization code with PKCE
• On-behalf-of (OBO)
• Conditional Access (CA)
React Sign in users
Sign in users (B2C)
Call Microsoft Graph
Call Node.js web API
Call Node.js web API (B2C)
Call Microsoft Graph via OBO
Call Node.js web API using PoP
Use App Roles for access control
Use Security Groups for access control
Deploy to Azure Storage and App Service
Deploy to Azure Static Web Apps
MSAL React • Authorization code with PKCE
• On-behalf-of (OBO)
• Conditional Access (CA)
• Proof of Possession (PoP)

Web applications

The following samples illustrate web applications that sign in users. Some samples also demonstrate the application calling Microsoft Graph, or your own web API with the user's identity.

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
ASP.NET Core ASP.NET Core Series
Sign in users
Sign in users (B2C)
Call Microsoft Graph
Customize token cache
Call Graph (multi-tenant)
Call Azure REST APIs
Protect web API
Protect web API (B2C)
Protect multi-tenant web API
Use App Roles for access control
Use Security Groups for access control
Deploy to Azure Storage and App Service
• MSAL.NET
• Microsoft.Identity.Web
• OpenID connect
• Authorization code
• On-Behalf-Of
Blazor Blazor Server Series
Sign in users
Sign in users (B2C)
Call Microsoft Graph
Call web API
Call web API (B2C)
MSAL.NET Authorization code Grant Flow
ASP.NET Core Advanced Token Cache Scenarios • MSAL.NET
• Microsoft.Identity.Web
On-Behalf-Of (OBO)
ASP.NET Core Use the Conditional Access auth context to perform step-up authentication • MSAL.NET
• Microsoft.Identity.Web
Authorization code
ASP.NET Core Active Directory FS to Azure AD migration MSAL.NET • SAML
• OpenID connect
ASP.NET Microsoft Graph Training Sample
Sign in users and call Microsoft Graph
Sign in users and call Microsoft Graph with admin restricted scope
Quickstart: Sign in users
MSAL.NET • OpenID connect
• Authorization code
Java

Spring
Azure AD Spring Boot Starter Series
Sign in users
Sign in users (B2C)
Call Microsoft Graph
Use App Roles for access control
Use Groups for access control
Deploy to Azure App Service
• MSAL Java
• Azure AD Boot Starter
Authorization code
Java

Servlets
Spring-less Servlet Series
Sign in users
Sign in users (B2C)
Call Microsoft Graph
Use App Roles for access control
Use Security Groups for access control
Deploy to Azure App Service
MSAL Java Authorization code
Java Sign in users and call Microsoft Graph MSAL Java Authorization code
Java

Spring
Sign in users and call Microsoft Graph via OBO

Web API
MSAL Java • Authorization code
• On-Behalf-Of (OBO)
Node.js

Express
Express web app series
Sign in users
Sign in users (B2C)
Call Microsoft Graph
Deploy to Azure App Service
Use App Roles for access control
Use Security Groups for access control
Web app that sign in users
MSAL Node Authorization code
Python

Flask
Flask Series
Sign in users
Sign in users (B2C)
Sign in users and call Microsoft Graph
Call Microsoft Graph
Deploy to Azure App Service
MSAL Python Authorization code
Python

Django
Django Series
Sign in users
Sign in users (B2C)
Call Microsoft Graph
Deploy to Azure App Service
MSAL Python Authorization code
Ruby Graph Training
Sign in users and call Microsoft Graph
OmniAuth OAuth2 Authorization code

Web API

The following samples show how to protect a web API with the Microsoft identity platform, and how to call a downstream API from the web API.

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
ASP.NET Call Microsoft Graph MSAL.NET On-Behalf-Of (OBO)
ASP.NET Core Sign in users and call Microsoft Graph MSAL.NET On-Behalf-Of (OBO)
Java Sign in users MSAL Java On-Behalf-Of (OBO)
Node.js Protect a Node.js web API
Protect a Node.js Web API with Azure AD B2C
MSAL Node Authorization bearer

Desktop

The following samples show public client desktop applications that access the Microsoft Graph API, or your own web API in the name of the user. Apart from the Desktop (Console) with Workspace Application Manager (WAM) sample, all these client applications use the Microsoft Authentication Library (MSAL).

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
.NET Core Call Microsoft Graph
Call Microsoft Graph with token cache
Call Micrsoft Graph with custom web UI HTML
Call Microsoft Graph with custom web browser
Sign in users with device code flow
MSAL.NET • Authorization code with PKCE
• Device code
.NET Call Microsoft Graph with daemon console
Call web API with daemon console
MSAL.NET Authorization code with PKCE
.NET Invoke protected API with integrated Windows authentication MSAL.NET Integrated Windows authentication
Java Call Microsoft Graph MSAL Java Integrated Windows authentication
Node.js Sign in users MSAL Node Authorization code with PKCE
Powershell Call Microsoft Graph by signing in users using username/password MSAL.NET Resource owner password credentials
Python Sign in users MSAL Python Authorization code with PKCE
Universal Window Platform (UWP) Call Microsoft Graph MSAL.NET Web account manager
Windows Presentation Foundation (WPF) Sign in users and call Microsoft Graph MSAL.NET Authorization code with PKCE
XAML Sign in users and call ASP.NET core web API
Sign in users and call Microsoft Graph
MSAL.NET Authorization code with PKCE

Mobile

The following samples show public client mobile applications that access the Microsoft Graph API, or your own web API in the name of the user. These client applications use the Microsoft Authentication Library (MSAL).

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
iOS Call Microsoft Graph native
Call Microsoft Graph with Azure AD nxoauth
MSAL iOS Authorization code with PKCE
Java Sign in users and call Microsoft Graph MSAL Android Authorization code with PKCE
Kotlin Sign in users and call Microsoft Graph MSAL Android Authorization code with PKCE
Xamarin Sign in users and call Microsoft Graph
Sign in users with broker and call Microsoft Graph
MSAL.NET Authorization code with PKCE

Service / daemon

The following samples show an application that accesses the Microsoft Graph API with its own identity (with no user).

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
ASP.NET Call Microsoft Graph
Call web API
Call own web API
Using managed identity and Azure key vault
Multi-tenant with Microsoft identity platform endpoint
MSAL.NET Client credentials grant
Java Call Microsoft Graph MSAL Java Client credentials grant
Node.js Sign in users and call web API MSAL Node Client credentials grant
Python Call Microsoft Graph with secret
Call Microsoft Graph with certificate
MSAL Python Client credentials grant

Azure Functions as web APIs

The following samples show how to protect an Azure Function using HttpTrigger and exposing a web API with the Microsoft identity platform, and how to call a downstream API from the web API.

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
.NET .NET Azure function web API secured by Azure AD MSAL.NET Authorization code
Node.js Node.js Azure function web API secured by Azure AD MSAL Node Authorization bearer
Node.js Call Microsoft Graph API on behalf of a user MSAL Node On-Behalf-Of (OBO)
Python Python Azure function web API secured by Azure AD MSAL Python Authorization code

Headless

The following sample shows a public client application running on a device without a web browser. The app can be a command-line tool, an app running on Linux or Mac, or an IoT application. The sample features an app accessing the Microsoft Graph API, in the name of a user who signs-in interactively on another device (such as a mobile phone). This client application uses the Microsoft Authentication Library (MSAL).

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
.NET core Invoke protected API from text-only device MSAL.NET Device code
Java Sign in users and invoke protected API MSAL Java Device code
Python Call Microsoft Graph MSAL Python Device code

Multi-tenant SaaS

The following samples show how to configure your application to accept sign-ins from any Azure Active Directory (Azure AD) tenant. Configuring your application to be multi-tenant means that you can offer a Software as a Service (SaaS) application to many organizations, allowing their users to be able to sign-in to your application after providing consent.

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
ASP.NET Core ASP.NET Core MVC web application calls Microsoft Graph API MSAL.NET OpenID connect
ASP.NET Core ASP.NET Core MVC web application calls ASP.NET Core Web API MSAL.NET Authorization code

Next steps

If you'd like to delve deeper into more sample code, see: