Muokkaa

Jaa


Quickstart: Sign in users and call Microsoft Graph from a Node.js desktop app

In this quickstart, you download and run a code sample that demonstrates how an Electron desktop application can sign in users and acquire access tokens to call the Microsoft Graph API.

This quickstart uses the Microsoft Authentication Library for Node.js (MSAL Node) with the authorization code flow with PKCE.

Prerequisites

Register and download the sample application

Follow the steps below to get started.

Step 1: Register the application

Tip

Steps in this article might vary slightly based on the portal you start from.

To register your application and add the app's registration information to your solution manually, follow these steps:

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
  2. If you have access to multiple tenants, use the Settings icon in the top menu to switch to the tenant in which you want to register the application from the Directories + subscriptions menu.
  3. Browse to Identity > Applications > App registrations and select New registration.
  4. Enter a Name for your application, for example msal-node-desktop. Users of your app might see this name, and you can change it later.
  5. Select Register to create the application.
  6. Under Manage, select Authentication.
  7. Select Add a platform > Mobile and desktop applications.
  8. In the Redirect URIs section, enter http://localhost.
  9. Select Configure.

Step 2: Download the Electron sample project

Download the code sample

Step 3: Configure the Electron sample project

*Extract the project, open the ms-identity-JavaScript-nodejs-desktop-main folder, and then open .authConfig.js file. Replace the value as follows:

Variable Description Example(s)
Enter_the_Cloud_Instance_Id_Here The Azure cloud instance in which your application is registered https://login.microsoftonline.com/ (include the trailing forward-slash)
Enter_the_Tenant_Id_Here Tenant ID or Primary domain contoso.microsoft.com or aaaabbbb-0000-cccc-1111-dddd2222eeee
Enter_the_Application_Id_Here Client ID of the application you registered 00001111-aaaa-2222-bbbb-3333cccc4444
Enter_the_Redirect_Uri_Here Redirect Uri of the application you registered msal00001111-aaaa-2222-bbbb-3333cccc4444://auth
Enter_the_Graph_Endpoint_Here The Microsoft Graph API cloud instance that your app will call https://graph.microsoft.com/ (include the trailing forward-slash)

Your file should look similar to below:

const AAD_ENDPOINT_HOST = "https://login.microsoftonline.com/"; // include the trailing slash

const msalConfig = {
    auth: {
        clientId: "00001111-aaaa-2222-bbbb-3333cccc4444",
        authority: `${AAD_ENDPOINT_HOST}/aaaabbbb-0000-cccc-1111-dddd2222eeee`,
    },
    system: {
        loggerOptions: {
            loggerCallback(loglevel, message, containsPii) {
                 console.log(message);
             },
             piiLoggingEnabled: false,
             logLevel: LogLevel.Verbose,
        }
    }
}

const GRAPH_ENDPOINT_HOST = "https://graph.microsoft.com/"; // include the trailing slash

const protectedResources = {
     graphMe: {
         endpoint: `${GRAPH_ENDPOINT_HOST}v1.0/me`,
         scopes: ["User.Read"],
     }
};

module.exports = {
     msalConfig: msalConfig,
     protectedResources: protectedResources,
 };

Step 4: Run the application

  1. You'll need to install the dependencies of this sample once:

    cd ms-identity-javascript-nodejs-desktop-main
    npm install
    
  2. Then, run the application via command prompt or console:

    npm start
    
  3. Select Sign in to start the sign-in process.

    The first time you sign in, you're prompted to provide your consent to allow the application to sign you in and access your profile. After you're signed in successfully, you'll be redirected back to the application.

More information

How the sample works

When a user selects the Sign In button for the first time, acquireTokenInteractive method of MSAL Node is called. This method redirects the user to sign-in with the Microsoft identity platform endpoint, obtains an authorization code, and then exchanges it for an access token.

MSAL Node

MSAL Node is the library used to sign in users and request tokens used to access an API protected by Microsoft identity platform. For more information on how to use MSAL Node with desktop apps, see this article.

You can install MSAL Node by running the following npm command.

npm install @azure/msal-node --save

Next steps

To learn more about Electron desktop app development with MSAL Node, see the tutorial: