InteractiveBrowserCredential class

Enables authentication to Microsoft Entra ID inside of the web browser using the interactive login flow.

Constructors

InteractiveBrowserCredential(InteractiveBrowserCredentialNodeOptions | InteractiveBrowserCredentialInBrowserOptions)

Creates an instance of InteractiveBrowserCredential with the details needed.

This credential uses the Authorization Code Flow. On Node.js, it will open a browser window while it listens for a redirect response from the authentication service. On browsers, it authenticates via popups. The loginStyle optional parameter can be set to redirect to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.

For Node.js, if a clientId is provided, the Microsoft Entra application will need to be configured to have a "Mobile and desktop applications" redirect endpoint. Follow our guide on setting up Redirect URIs for Desktop apps that calls to web APIs.

Methods

authenticate(string | string[], GetTokenOptions)

Authenticates with Microsoft Entra ID and returns an access token if successful. If authentication fails, a CredentialUnavailableError will be thrown with the details of the failure.

If the token can't be retrieved silently, this method will always generate a challenge for the user.

On Node.js, this credential has Proof Key for Code Exchange (PKCE) enabled by default. PKCE is a security feature that mitigates authentication code interception attacks.

getToken(string | string[], GetTokenOptions)

Authenticates with Microsoft Entra ID and returns an access token if successful. If authentication fails, a CredentialUnavailableError will be thrown with the details of the failure.

If the user provided the option disableAutomaticAuthentication, once the token can't be retrieved silently, this method won't attempt to request user interaction to retrieve the token.

Constructor Details

InteractiveBrowserCredential(InteractiveBrowserCredentialNodeOptions | InteractiveBrowserCredentialInBrowserOptions)

Creates an instance of InteractiveBrowserCredential with the details needed.

This credential uses the Authorization Code Flow. On Node.js, it will open a browser window while it listens for a redirect response from the authentication service. On browsers, it authenticates via popups. The loginStyle optional parameter can be set to redirect to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.

For Node.js, if a clientId is provided, the Microsoft Entra application will need to be configured to have a "Mobile and desktop applications" redirect endpoint. Follow our guide on setting up Redirect URIs for Desktop apps that calls to web APIs.

new InteractiveBrowserCredential(options: InteractiveBrowserCredentialNodeOptions | InteractiveBrowserCredentialInBrowserOptions)

Parameters

options

InteractiveBrowserCredentialNodeOptions | InteractiveBrowserCredentialInBrowserOptions

Options for configuring the client which makes the authentication requests.

Method Details

authenticate(string | string[], GetTokenOptions)

Authenticates with Microsoft Entra ID and returns an access token if successful. If authentication fails, a CredentialUnavailableError will be thrown with the details of the failure.

If the token can't be retrieved silently, this method will always generate a challenge for the user.

On Node.js, this credential has Proof Key for Code Exchange (PKCE) enabled by default. PKCE is a security feature that mitigates authentication code interception attacks.

function authenticate(scopes: string | string[], options?: GetTokenOptions): Promise<undefined | AuthenticationRecord>

Parameters

scopes

string | string[]

The list of scopes for which the token will have access.

options
GetTokenOptions

The options used to configure any requests this TokenCredential implementation might make.

Returns

Promise<undefined | AuthenticationRecord>

getToken(string | string[], GetTokenOptions)

Authenticates with Microsoft Entra ID and returns an access token if successful. If authentication fails, a CredentialUnavailableError will be thrown with the details of the failure.

If the user provided the option disableAutomaticAuthentication, once the token can't be retrieved silently, this method won't attempt to request user interaction to retrieve the token.

function getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>

Parameters

scopes

string | string[]

The list of scopes for which the token will have access.

options
GetTokenOptions

The options used to configure any requests this TokenCredential implementation might make.

Returns

Promise<AccessToken>