/ms-identity-javascript-nodejs-console

A Node.js console daemon application secured by MSAL Node and calling Microsoft Graph API via OAuth 2.0 client credentials flow

Primary LanguagePowerShellMIT LicenseMIT

page_type languages products description urlFragment
sample
javascript
nodejs
ms-graph
microsoft-entra-id
Demonstrates how to use MSAL Node to acquire an access token for a protected resource such as Microsoft Graph in a console daemon application using the application's own identity (client credentials flow)
ms-identity-javascript-nodejs-console

A Node.js console daemon application secured by MSAL Node on Microsoft identity platform

This sample demonstrates how to use MSAL Node to acquire an access token for a protected resource such as Microsoft Graph in a console daemon application using the application's own identity with the (client credentials flow).

Caution

This sample is intended as a daemon application - an application that securely runs on a server. You should not use this sample for any public client scenarios. Distributing client secrets with your applications can lead to exfiltration and misuse of the credentials.

Features

This sample demonstrates the following MSAL Node concepts:

  • Configuration
  • Acquiring an access token
  • Calling a web API

Contents

File/folder Description
AppCreationScripts/ Contains Powershell scripts for automating app registration.
bin/index.js Application entry.
bin/auth.js Main authentication logic resides here.
bin/fetch.js Contains an Axios HTTP client for calling endpoints.
.env Environment variables of authentication parameters.

Getting Started

Prerequisites

Setup

  1. Register a new application in the Microsoft Entra admin center.
    1. For API Permissions, select User.Read.All under Microsoft APIs > Microsoft Graph > Application Permissions.
    2. Select Grant admin consent for {tenant}.
  2. Clone this repository git clone https://github.com/Azure-Samples/ms-identity-javascript-nodejs-console.git
  3. Open the .env file and provide the required configuration values.
    1. Replace the string Enter_the_Tenant_Info_Here with your tenant ID on Microsoft Entra admin center.
    2. Replace the string Enter_the_Application_Id_Here with your app/client ID on Microsoft Entra admin center.
    3. Replace the string Enter_the_Client_Secret_Here with the client secret you created on Microsoft Entra admin center.
    4. Replace the string Enter_the_Cloud_Instance_Id_Here with https://login.microsoftonline.com/ (see note below).
    5. Replace the string Enter_the_Graph_Endpoint_Here. with https://graph.microsoft.com/ (see note below).

ℹ️ note: This is for multi-tenant applications located on the global Azure cloud. For more information, see: Use MSAL in a national cloud environment

ℹ️ note: This is for MS Graph instance located on the global Azure cloud. For more information, see: Use Microsoft Graph in a national cloud environment

  1. On the command line, navigate to the root of the repository, and type npm install.

ℹ️ Alternative, type npm install -g. This will install the CLI application globally so that it can be called from anywhere.

Run the sample

  1. On the command line, navigate to the root of the repository and run the sample application with node . --op getUsers.

ℹ️ If you have installed the sample app globally above, type msal-node-cli --op getUsers from anywhere in a command line.

Contributing

If you'd like to contribute to this sample, see CONTRIBUTING.MD.

Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.