Before you get started, please ensure you have completed all the prerequisites.
In this document:
In order to use MSAL Node, you need to instantiate a ConfidentialClient object.
import * as msal from "@azure/msal-node";
const clientConfig = {
auth: {
clientId: "your_client_id",
authority: "your_authority",
clientSecret: "your_secret", // OR
clientCertificate: {
thumbprint: "cert_thumbprint",
privateKey: "cert_privateKey"
}, // OR
clientAssertion: "assertion"
}
};
const pca = new msal.ConfidentialClientApplication(clientConfig);Configuration options for node have common parameters and specific paremeters per authentication flow.
clientIdis mandatory to initializae a public client applicationauthoritydefaults tohttps://login.microsoftonline.com/common/if the user does not set it during configuration- A Client credential is mandatory for confidential clients. Client credential can be a:
clientSecretis secret string generated set on the app registration.clientCertificateis a certificate set on the app registration. Thethumbprintis a X.509 SHA-1 thumbprint of the certificate, and theprivateKeyis the PEM encoded private key.x5cis the optional X.509 certificate chain used in subject name/issuer auth scenarios.clientAssertionis string that the application uses when requesting a token. The certificate used to sign the assertion should be set on the app registration. Assertion should be of type urn:ietf:params:oauth:client-assertion-type:jwt-bearer.
By default, MSAL is configured with the common tenant, which is used for multi-tenant applications and applications allowing personal accounts (not B2C).
authority: 'https://login.microsoftonline.com/common/'If your application audience is a single tenant, you must provide an authority with your tenant id like below:
authority: 'https://login.microsoftonline.com/{your_tenant_id}'Configuration has more options which are documented here.
Proceed to understand the public APIs provided by msal-node for acquiring tokens here