ms-identity-javascript-nodejs-console
ms-identity-javascript-nodejs-console copied to clipboard
A Node.js console daemon application secured by MSAL Node and calling Microsoft Graph API via OAuth 2.0 client credentials flow
page_type: sample languages:
- javascript products:
- nodejs
- ms-graph
- azure-active-directory description: "Demonstrates how to use MSAL Node to acquire an access token for a protected resource such as Microsoft Graph in a console daemon application using the application's own identity (client credentials flow)" urlFragment: "ms-identity-javascript-nodejs-console"
A Node.js console daemon application secured by MSAL Node on Microsoft identity platform
This sample demonstrates how to use MSAL Node to acquire an access token for a protected resource such as Microsoft Graph in a console daemon application using the application's own identity with the (client credentials flow).
[!CAUTION] This sample is intended as a daemon application - an application that securely runs on a server. You should not use this sample for any public client scenarios. Distributing client secrets with your applications can lead to exfiltration and misuse of the credentials.
Features
This sample demonstrates the following MSAL Node concepts:
- Configuration
- Acquiring an access token
- Calling a web API
Contents
File/folder | Description |
---|---|
AppCreationScripts/ |
Contains Powershell scripts for automating app registration. |
bin/index.js |
Application entry. |
bin/auth.js |
Main authentication logic resides here. |
bin/fetch.js |
Contains an Axios HTTP client for calling endpoints. |
.env |
Environment variables of authentication parameters. |
Getting Started
Prerequisites
- Node.js must be installed to run this sample.
- Visual Studio Code is recommended for running and editing this sample.
Setup
-
Register a new application in the Azure Portal.
- For API Permissions, select
User.Read.All
under Microsoft APIs > Microsoft Graph > Application Permissions. - Select Grant admin consent for {tenant}.
- For API Permissions, select
- Clone this repository
git clone https://github.com/Azure-Samples/ms-identity-javascript-nodejs-console.git
- Open the .env file and provide the required configuration values.
- Replace the string
Enter_the_Tenant_Info_Here
with your tenant ID on Azure AD portal. - Replace the string
Enter_the_Application_Id_Here
with your app/client ID on Azure AD portal. - Replace the string
Enter_the_Client_Secret_Here
with the client secret you created on Azure AD portal. - Replace the string
Enter_the_Cloud_Instance_Id_Here
withhttps://login.microsoftonline.com/
(see note below). - Replace the string
Enter_the_Graph_Endpoint_Here
. withhttps://graph.microsoft.com/
(see note below).
- Replace the string
:information_source: note: This is for multi-tenant applications located on the global Azure cloud. For more information, see: Use MSAL in a national cloud environment
:information_source: note: This is for MS Graph instance located on the global Azure cloud. For more information, see: Use Microsoft Graph in a national cloud environment
- On the command line, navigate to the root of the repository, and type
npm install
.
:information_source: Alternative, type
npm install -g
. This will install the CLI application globally so that it can be called from anywhere.
Run the sample
- On the command line, navigate to the root of the repository and run the sample application with
node . --op getUsers
.
:information_source: If you have installed the sample app globally above, type
msal-node-cli --op getUsers
from anywhere in a command line.
Contributing
If you'd like to contribute to this sample, see CONTRIBUTING.MD.
Code of Conduct
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.