Before you get started, please ensure you have completed all the prerequisites.
In this document:
In order to use MSAL Node, you need to instantiate a PublicClientApplication object. We support and strongly recommend the use of PKCE (Proof Key for Code Exchange) for any PublicClientApplication. The usage pattern is demonstrated in the PKCE Sample.
import * as msal from "@azure/msal-node";
const clientConfig = {
auth: {
clientId: "your_client_id",
authority: "your_authority",
},
};
const pca = new msal.PublicClientApplication(clientConfig);
Configuration options for node have common
parameters and specific
paremeters per authentication flow.
client_id
is mandatory to initialize a public client applicationauthority
defaults tohttps://login.microsoftonline.com/common/
if the user does not set it during configuration
By default, MSAL is configured with the common
tenant, which is used for multi-tenant applications and applications allowing personal accounts (not B2C).
const msalConfig = {
auth: {
clientId: "your_client_id",
authority: "https://login.microsoftonline.com/common/",
},
};
If your application audience is a single tenant, you must provide an authority with your tenant id like below:
const msalConfig = {
auth: {
clientId: "your_client_id",
authority: "https://login.microsoftonline.com/{your_tenant_id}",
},
};
If your application is using a separate OIDC-compliant authority like "https://login.live.com"
or an IdentityServer, you will need to provide it in the knownAuthorities
field and set your protocolMode
to "OIDC"
.
const msalConfig = {
auth: {
clientId: "your_client_id",
authority: "https://login.live.com",
knownAuthorities: ["login.live.com"],
protocolMode: "OIDC",
},
};
For more information on authority, please refer to: Authority in MSAL.
Configuration has more options which are documented here.
Proceed to understand the public APIs provided by msal-node
for acquiring tokens here