Tutorial: Set up a Node.js web app to sign in users by using Microsoft identity platform

In this tutorial, you learn how to build a Node/Express.js web app that signs in users into customer facing app in an external tenant or employees in a workforce tenant. The tutorial also demonstrates how to acquire an access token for calling Microsoft Graph API.

This tutorial is part 1 of a 3-part series.

In this tutorial you'll;

  • Set up a Node.js project
  • Install dependencies
  • Add app views and UI components


Create the Node.js project

  1. In a location of choice in your computer, create a folder to host your node application, such as ciam-sign-in-node-express-web-app.

  2. In your terminal, change directory into your Node web app folder, such as cd ciam-sign-in-node-express-web-app, then run the following command to create a new Node.js project:

    npm init -y

    The init -y command creates a default package.json file for your Node.js project.

  3. Create additional folders and files to achieve the following project structure:

        ├── server.js
        └── app.js
        └── authConfig.js
        └── package.json
        └── .env
        └── auth/
            └── AuthProvider.js
        └── controller/
            └── authController.js
        └── routes/
            └── auth.js
            └── index.js
            └── users.js
        └── views/
            └── layouts.hbs
            └── error.hbs
            └── id.hbs
            └── index.hbs   
        └── public/stylesheets/
            └── style.css

Install app dependencies

To install required identity and Node.js related npm packages, run the following command in your terminal

npm install express dotenv hbs express-session axios cookie-parser http-errors morgan @azure/msal-node   

Build app UI components

  1. In your code editor, open views/index.hbs file, then add the following code:

        {{#if isAuthenticated }}
        <p>Hi {{username}}!</p>
        <a href="/users/id">View ID token claims</a>
        <a href="/auth/signout">Sign out</a>
        <p>Welcome to {{title}}</p>
        <a href="/auth/signin">Sign in</a>

    In this view, if the user is authenticated, we show their username and links to visit /auth/signout and /users/id endpoints, otherwise, user needs to visit the /auth/signin endpoint to sign in. We define the express routes for these endpoints later in this article.

  2. In your code editor, open views/id.hbs file, then add the following code:

        <h1>Azure AD for customers</h1>
        <h3>ID Token</h3>
                {{#each idTokenClaims}}
        <a href="/">Go back</a>

    We use this view to display ID token claims that Microsoft Entra External ID returns to this app after a user successfully signs in.

  3. In your code editor, open views/error.hbs file, then add the following code:


    We use this view to display any errors that occur when the app runs.

  4. In your code editor, open views/layout.hbs file, then add the following code:

        <!DOCTYPE html>
                <link rel='stylesheet' href='/stylesheets/style.css' />

    The layout.hbs file is in the layout file. It contains the HTML code that we require throughout the application view.

  5. In your code editor, open public/stylesheets/style.css, file, then add the following code:

        body {
          padding: 50px;
          font: 14px "Lucida Grande", Helvetica, Arial, sans-serif;
        a {
          color: #00B7FF;

