Before you get started, please ensure you have completed all the prerequisites.
In this document:
In order to use MSAL Node, you need to instantiate a PublicClientApplication object. We support and strongly recommend the use of PKCE (Proof Key for Code Exchange) for any PublicClientApplication. The usage pattern is demonstrated in the PKCE Sample.
import * as msal from "@azure/msal-node";
const clientConfig = {
auth: {
clientId: "your_client_id",
authority: "your_authority",
},
};
const pca = new msal.PublicClientApplication(clientConfig);Configuration options for node have common parameters and specific paremeters per authentication flow.
client_idis mandatory to initialize a public client applicationauthoritydefaults tohttps://login.microsoftonline.com/common/if the user does not set it during configuration
By default, MSAL is configured with the common tenant, which is used for multi-tenant applications and applications allowing personal accounts (not B2C).
const msalConfig = {
auth: {
clientId: "your_client_id",
authority: "https://login.microsoftonline.com/common/",
},
};If your application audience is a single tenant, you must provide an authority with your tenant id like below:
const msalConfig = {
auth: {
clientId: "your_client_id",
authority: "https://login.microsoftonline.com/{your_tenant_id}",
},
};If your application is using a separate OIDC-compliant authority like "https://login.live.com" or an IdentityServer, you will need to provide it in the knownAuthorities field and set your protocolMode to "OIDC".
const msalConfig = {
auth: {
clientId: "your_client_id",
authority: "https://login.live.com",
knownAuthorities: ["login.live.com"],
protocolMode: "OIDC",
},
};For more information on authority, please refer to: Authority in MSAL.
Configuration has more options which are documented here.
Proceed to understand the public APIs provided by msal-node for acquiring tokens here