Microsoft identity platform code samples (v2.0 endpoint)

You can use the Microsoft identity platform to:

  • Add authentication and authorization to your web applications and web APIs.
  • Require an access token to access a protected web API.

This article briefly describes and provides you with links to samples for the Microsoft identity platform. These samples show you how it's done, and also provide code snippets that you can use in your applications. On the code sample page, you'll find detailed readme topics that help with requirements, installation, and setup. Comments within the code help you understand the critical sections.

To understand the basic scenario for each sample type, see App types for the Microsoft identity platform.

You can also contribute to the samples on GitHub. To learn how, see Microsoft Azure Active Directory samples and documentation.

Single-page applications

These samples show how to write a single-page application secured with Microsoft identity platform. These samples use one of the flavors of MSAL.js.

Language/
Platform
Code sample Description Auth libraries Auth flow
Angular GitHub repo • Signs in users with AAD
• Calls Microsoft Graph
MSAL Angular Auth code flow (with PKCE)
Angular GitHub repo Signs in users
Signs in users (B2C)
Calls Microsoft Graph
Calls .NET Core web API
Calls .NET Core web API (B2C)
Calls Microsoft Graph via OBO
Calls .NET Core web API using PoP
Uses App Roles for access control
Uses Security Groups for access control
Deploys to Azure Storage & App Service
MSAL Angular • Auth code flow (with PKCE)
• On-behalf-of (OBO) flow
• Proof of Possession (PoP)
Blazor WebAssembly GitHub repo • Signs in users
• Calls Microsoft Graph
MSAL.js Auth code flow (with PKCE)
JavaScript GitHub repo • Signs in users
• Calls Microsoft Graph
MSAL.js Auth code flow (with PKCE)
JavaScript GitHub repo • Signs in users (B2C)
• Calls Node.js web API
MSAL.js Auth code flow (with PKCE)
JavaScript GitHub repo Signs in users
Signs in users (B2C)
Calls Microsoft Graph
Calls Node.js web API
Calls Node.js web API (B2C)
Calls Microsoft Graph via OBO
Calls Node.js web API via OBO & CA
Deploys to Azure Storage & App Service
MSAL.js • Auth code flow (with PKCE)
• On-behalf-of (OBO) flow
• Conditional Access (CA)
React GitHub repo • Signs in users
• Calls Microsoft Graph
MSAL React Auth code flow (with PKCE)
React GitHub repo Signs in users
Signs in users (B2C)
Calls Microsoft Graph
Calls Node.js web API
Calls Node.js web API (B2C)
Calls Microsoft Graph via OBO
Calls Node.js web API using PoP
Uses App Roles for access control
Uses Security Groups for access control
Deploys to Azure Storage & App Service
Deploys to Azure Static Web Apps
MSAL React • Auth code flow (with PKCE)
• On-behalf-of (OBO) flow
• Conditional Access (CA)
• Proof of Possession (PoP)

Web applications

The following samples illustrate web applications that sign in users. Some samples also demonstrate the application calling Microsoft Graph, or your own web API with the user's identity.

Platform Only signs in users Signs in users and calls Microsoft Graph
This image shows the ASP.NET Core logo

ASP.NET Core
ASP.NET Core WebApp signs-in users tutorial Same sample in the ASP.NET Core web app calls Microsoft Graph phase

Advanced sample Accessing the logged-in user's token cache from background apps, APIs and services
This image shows the ASP.NET Framework logo

ASP.NET Core
AD FS to Azure AD application migration playbook for developers to learn how to safely and securely migrate your applications integrated with Active Directory Federation Services (AD FS) to Azure Active Directory (Azure AD)
This image shows the ASP.NET Framework logo

ASP.NET
ASP.NET Quickstart

dotnet-webapp-openidconnect-v2
dotnet-admin-restricted-scopes-v2

msgraph-training-aspnetmvcapp
This image shows the Java logo Java Servlet Tutorial - Chapter 1.1 Sign in with AAD
This image shows the Java logo Java Servlet Tutorial - Chapter 1.2 Sign in with B2C
This image shows the Java logo Java Servlet Tutorial - Chapter 2.1 Sign in with AAD and call Graph
This image shows the Java logo Java Servlet Tutorial - Chapter 3.1 Sign in with AAD and control access with Roles claim
This image shows the Java logo Java Servlet Tutorial - Chapter 3.2 Sign in with AAD and control access with Groups claim
This image shows the Java logo Java Servlet Tutorial - Chapter 4.1 Deploy to Azure App Service
This image shows the Java logo ms-identity-java-webapp
This image shows the Java logo ms-identity-b2c-java-servlet-webapp-authentication
This image shows the Node.js logo

Node.js (MSAL Node)
Express web app signs-in users tutorial
This image shows the Python logo Python Flask Tutorial - Chapter 1.1 Sign in with AAD
This image shows the Python logo Python Flask Tutorial - Chapter 1.2 Sign in with B2C
This image shows the Python logo Python Flask Tutorial - Chapter 2.1 Sign in with AAD and Call Graph
This image shows the Python logo Python Flask Tutorial - Chapter 3.1 Deploy to Azure App Service
This image shows the Python logo Python Django Tutorial - Chapter 1.1 Sign in with AAD
This image shows the Python logo Python Django Tutorial - Chapter 1.2 Sign in with B2C
This image shows the Python logo Python Django Tutorial - Chapter 2.1 Sign in with AAD and Call Graph
This image shows the Python logo Python Django Tutorial - Chapter 3.1 Deploy to Azure App Service
This image shows the Python logo Python Flask web app
This image shows the Ruby logo msgraph-training-rubyrailsapp
This image shows the Blazor logo

Blazor Server
Blazor Server app signs-in users tutorial Blazor Server app calls Microsoft Graph

Chapterwise Tutorial: Blazor Server app to sign-in users and call APIs with Azure Active Directory

Desktop and mobile public client apps

The following samples show public client applications (desktop or mobile applications) that access the Microsoft Graph API, or your own web API in the name of a user. Apart from the Desktop (Console) with WAM sample, all these client applications use the Microsoft Authentication Library (MSAL).

Client application Platform Flow/grant Calls Microsoft Graph Calls an ASP.NET Core web API
Desktop tutorial (.NET Core) - Optionally using:

- the cross platform token cache

- custom web UI
This image shows the .NET/C# logo Authorization code ms-identity-dotnet-desktop-tutorial
Desktop (WPF) This image shows the .NET desktop/C# logo Authorization code dotnet-desktop-msgraph-v2 dotnet-native-aspnetcore-v2
Desktop (Console) Image that shows the .NET/C# (Desktop) logo Integrated Windows Authentication dotnet-iwa-v2
Desktop (Console) Image that shows the .NET/C# (Desktop) logo Authorization code active-directory-dotnetcore-daemon-v2 active-directory-dotnetcore-daemon-v2
Desktop (Console)
Use certificates instead of secrets
Image that shows the .NET/C# (Desktop) logo Authorization code active-directory-dotnetcore-daemon-v2 active-directory-dotnetcore-daemon-v2
Desktop (Console) This image shows the Java logo Integrated Windows Authentication ms-identity-java-desktop
Desktop (Console) This is the .NET/C# (Desktop) logo Username/Password dotnetcore-up-v2
Desktop (Console) with WAM This is the logo for .NET/C# (Desktop) Interactive with Web Account Manager (WAM) dotnet-native-uwp-wam
Desktop (Console) This image shows the Java logo Username/Password ms-identity-java-desktop
Desktop (Console) This image shows the Python logo Username/Password ms-identity-python-desktop
Desktop (Electron) This image shows the Node.js logo

Node.js (MSAL Node)
Authorization code (PKCE) ms-identity-javascript-nodejs-desktop
Mobile (Android, iOS, UWP) This image shows the .NET/C# (Xamarin) logo Authorization code xamarin-native-v2
Mobile (iOS) This image shows iOS/Objective-C or Swift Authorization code ios-swift-objc-native-v2

ios-native-nxoauth2-v2
Desktop (macOS) macOS Authorization code macOS-swift-objc-native-v2
Mobile (Android-Java) This image shows the Android logo Authorization code android-Java
Mobile (Android-Kotlin) This image shows the Android logo Authorization code android-Kotlin

Daemon applications

The following samples show an application that accesses the Microsoft Graph API with its own identity (with no user).

Client application Platform Flow/Grant Calls Microsoft Graph
Console This image shows the .NET Core logo

ASP.NET
Client Credentials dotnetcore-daemon-v2
Web app Screenshot that shows the ASP.NET logo.

ASP.NET
Client Credentials dotnet-daemon-v2
Console This image shows the Java logo Client Credentials ms-identity-java-daemon
Console This image shows the Node.js logo

Node.js (MSAL Node)
Client Credentials ms-identity-javascript-nodejs-console
Console This image shows the Python logo Client Credentials ms-identity-python-daemon

Headless applications

The following sample shows a public client application running on a device without a web browser. The app can be a command-line tool, an app running on Linux or Mac, or an IoT application. The sample features an app accessing the Microsoft Graph API, in the name of a user who signs-in interactively on another device (such as a mobile phone). This client application uses the Microsoft Authentication Library (MSAL).

Client application Platform Flow/Grant Calls Microsoft Graph
Desktop (Console) This image shows the .NET/C# (Desktop) logo Device code flow dotnetcore-devicecodeflow-v2
Desktop (Console) This image shows the Java logo Device code flow ms-identity-java-devicecodeflow
Desktop (Console) This image shows the Python logo Device code flow ms-identity-python-devicecodeflow

Multi-tenant SaaS applications

The following samples show how to configure your application to accept sign-ins from any Azure Active Directory (Azure AD) tenant. Configuring your application to be multi-tenant means that you can offer a Software as a Service (SaaS) application to many organizations, allowing their users to be able to sign-in to your application after providing consent.

Platform Description Link
This image shows the Angular logo Angular (MSAL Angular 2.0) Multi-tenant SPA calls multi-tenant custom web API ms-identity-javascript-angular-spa-aspnet-webapi-multitenant
This image shows the ASP.NET Core logo .NET Core (MSAL.NET) ASP.NET Core MVC web application calls Graph API active-directory-aspnetcore-webapp-openidconnect-v2
This image shows the ASP.NET Core logo .NET Core (MSAL.NET) ASP.NET Core MVC web application calls ASP.NET Core Web API active-directory-aspnetcore-webapp-openidconnect-v2

Web APIs

The following samples show how to protect a web API with the Microsoft identity platform, and how to call a downstream API from the web API.

Platform Sample
This image shows the ASP.NET Core logo

ASP.NET Core
ASP.NET Core web API (service) of dotnet-native-aspnetcore-v2
This image shows the ASP.NET logo

ASP.NET MVC
Web API (service) of ms-identity-aspnet-webapi-onbehalfof
This image shows the Java logo Web API (service) of ms-identity-java-webapi
This image shows the Node.js logo

Node.js (Passport.js)
Web API (service) of active-directory-javascript-nodejs-webapi-v2
This image shows the Node.js logo

Node.js (Passport.js)
B2C Web API (service) of active-directory-b2c-javascript-nodejs-webapi

Azure Functions as web APIs

The following samples show how to protect an Azure Function using HttpTrigger and exposing a web API with the Microsoft identity platform, and how to call a downstream API from the web API.

Platform Sample
This image shows the ASP.NET Core logo

ASP.NET Core
ASP.NET Core web API (service) Azure Function of dotnet-native-aspnetcore-v2
This image shows the Python logo

Python
Web API (service) of Python
This image shows the Node.js logo

Node.js (Passport.js)
Web API (service) of Node.js and passport-azure-ad
This image shows the Node.js logo

Node.js (Passport.js)
Web API (service) of Node.js and passport-azure-ad using on behalf of

Other Microsoft Graph samples

To learn about samples and tutorials that demonstrate different usage patterns for the Microsoft Graph API, including authentication with Azure AD, see Microsoft Graph Community samples & tutorials.

See also

Microsoft Graph API conceptual and reference