Skip to content

Latest commit

 

History

History

auth-code-with-certs

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
certs
certs
 
 
.npmrc
.npmrc
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

README.md

MSAL Node Standalone Sample: Certificate Credentials

This sample demonstrates an MSAL Node confidential client application that lets users authenticate against Microsoft Entra ID.

This sample requires a certificate. A set of example certificate (public and private key) is placed in the certs folder. You can use them for testing but we recommend you generate your own certificate. Certificate generation and related topics are discussed in Using Certificates with MSAL Node.

Setup

Locate the folder where package.json resides in your terminal. Then type:

    npm install

Register

  1. Navigate to the Microsoft Entra admin center and select the Microsoft Entra ID service.
  2. Select the App Registrations blade on the left, then select New registration.
  3. In the Register an application page that appears, enter your application's registration information:
    • In the Name section, enter a meaningful application name that will be displayed to users of the app, for example ms-identity-nodejs-webapp.
    • Under Supported account types, select Accounts in this organizational directory only.
    • In the Redirect URI (optional) section, select Web in the combo-box and enter the following redirect URI: https://localhost:3000/redirect.
  4. Select Register to create the application.
  5. In the app's registration screen, find and note the Application (client) ID and Directory (Tenant) ID. You use these values in your app's configuration file(s) later.
  6. In the app's registration screen, select the Certificates & secrets blade in the left.
    • Click on Upload certificate and select the certificate file to upload.
    • Click Add. Once the certificate is uploaded, the thumbprint, start date, and expiration values are displayed.

Using secrets and certificates securely

Secrets should never be hardcoded. The dotenv npm package can be used to store secrets or certificates in a .env file (located in project's root directory) that should be included in .gitignore to prevent accidental uploads of the secrets.

Certificates can also be read-in from files via NodeJS's fs module. However, they should never be stored in the project's directory. Production apps should fetch certificates from Azure KeyVault, or other secure key vaults.

Please see certificates and secrets for more information.

Before running the sample, you will need to replace the values in the configuration object:

import "dotenv/config"; // process.env now has the values defined in a .env file

const config = {
    auth: {
        clientId: "ENTER_CLIENT_ID",
        authority: "https://login.microsoftonline.com/ENTER_TENANT_ID",
        clientCertificate: {
            thumbprint: process.env.clientCertificate,
            privateKey: process.env.privateKey,
        }
    }
};

Run the app

In the same folder, type:

    npm start

The server should start at port 3000. Navigate to https://localhost:3000 in your browser, which will trigger the token acquisition process.

More information