Skip to content
Permalink
dev
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

microsoft-authentication-library-for-js/lib/msal-node/docs/initialize-confidential-client-application.md

Go to file
 
 
Cannot retrieve contributors at this time
Initialization of MSAL Initializing the ConfidentialClientApplication object Configuration Basics Configure Authority Advanced Configuration Next Steps
65 lines (49 sloc) 3.33 KB
Raw Blame
Open in GitHub Desktop

Initialization of MSAL

Before you get started, please ensure you have completed all the prerequisites.

In this document:

Initializing the ConfidentialClientApplication object

In order to use MSAL Node, you need to instantiate a ConfidentialClient object.

import * as msal from "@azure/msal-node";

const clientConfig = {
    auth: {
        clientId: "your_client_id",
        authority: "your_authority",
        clientSecret: "your_secret", // OR
        clientCertificate: {
            thumbprint: "cert_thumbprint",
            privateKey: "cert_privateKey"
        }, // OR
        clientAssertion: "assertion"
    }
};
const pca = new msal.ConfidentialClientApplication(clientConfig);

Configuration Basics

Configuration options for node have common parameters and specific paremeters per authentication flow.

  • clientId is mandatory to initialize a public client application
  • authority defaults to https://login.microsoftonline.com/common/ if the user does not set it during configuration
  • A Client credential is mandatory for confidential clients. Client credential can be a:
    • clientSecret is secret string generated set on the app registration.
    • clientCertificate is a certificate set on the app registration. The thumbprint is a X.509 SHA-1 thumbprint of the certificate, and the privateKey is the PEM encoded private key. x5c is the optional X.509 certificate chain used in subject name/issuer auth scenarios.
    • clientAssertion is string that the application uses when requesting a token. The certificate used to sign the assertion should be set on the app registration. Assertion should be of type urn:ietf:params:oauth:client-assertion-type:jwt-bearer.

Configure Authority

By default, MSAL is configured with the common tenant, which is used for multi-tenant applications and applications allowing personal accounts (not B2C).

    authority: 'https://login.microsoftonline.com/common/'

If your application audience is a single tenant, you must provide an authority with your tenant id like below:

    authority: 'https://login.microsoftonline.com/{your_tenant_id}'

For more information on authority, please refer to: Authority in MSAL.

Advanced Configuration

Configuration has more options which are documented here.

Next Steps

Proceed to understand the public APIs provided by msal-node for acquiring tokens here