| title | description | author | manager | ms.author | ms.service | ms.subservice | ms.topic | ms.date | ms.custom |
|---|---|---|---|---|---|---|---|---|---|
Authenticate users in an external tenant using a sample Node.js CLI app |
Learn how to authenticate users in an external tenant using a sample Node.js CLI application. |
Dickson-Mwendia |
mwongerapk |
dmwendia |
entra-external-id |
customers |
sample |
08/04/2023 |
developer, devx-track-js |
This guide uses a sample Node Command Line Interface (CLI) application to sign in users in an external tenant. The sample application uses the Microsoft Authentication Library for Node (MSAL Node) to handle authentication.
In this article, you complete the following tasks:
-
Register and configure a client Node.js CLI application in the Microsoft Entra admin center.
-
Create a sign-up and sign-in user flow in the Microsoft Entra admin center, and then associate the CLI application with it.
-
Update the sample CLI application to use your external tenant details.
-
Run and test the sample CLI application.
- Visual Studio Code or another code editor.
- Node.js.
- An external tenant. If you don't already have one, sign up for a free trial.
[!INCLUDE active-directory-b2c-register-app]
[!INCLUDE active-directory-b2c-app-integration-add-platform-configurations]
[!INCLUDE active-directory-b2c-enable-public-client-flow]
Since this app signs in users, add delegated permissions. These permissions allow the app to act on behalf of a signed-in user and access resources that the user has permissions to access.
[!INCLUDE active-directory-b2c-grant-delegated-permissions]
[!INCLUDE active-directory-b2c-app-integration-add-user-flow]
[!INCLUDE active-directory-b2c-app-integration-add-user-flow]
To obtain the sample application, you can either clone it from GitHub or download it as a .zip file.
-
To clone the sample, open a command prompt and navigate to where you wish to create the project, and enter the following command:
git clone https://github.com/Azure-Samples/ms-identity-ciam-javascript-tutorial.git -
Download the .zip file. Extract it to a file path where the length of the name is fewer than 260 characters.
To configure the client application (Node.js CLI app) to use your Microsoft Entra app registration details, open the project in your IDE and follow these steps:
-
Open the App\authConfig.js file.
-
Find the placeholder:
Enter_the_Application_Id_Hereand replace the existing value with the application ID (clientId) ofnode-cli-appapplication copied from the Microsoft Entra admin center.Enter_the_Tenant_Subdomain_Hereand replace it with the Directory (tenant) subdomain. For example, if your tenant primary domain iscontoso.onmicrosoft.com, usecontoso. If you don't have your tenant name, learn how to read your tenant details
You can now test the sample Node.js CLI application.
-
In your terminal, run the following command:
cd 1-Authentication\6-sign-in-node-cli-app\App npm start
-
The browser opens up automatically and you should see a page similar to the following:
:::image type="content" source="media/tutorial-node-cli-app-sign-in/node-cli-app-sign-in-page.png" alt-text="Screenshot of the sign in page in a node CLI application.":::
-
On the sign-in page, type your Email address. If you don't have an account, select No account? Create one, which starts the sign-up flow.
-
If you choose the sign-up option, after filling in your email, one-time passcode, new password, and more account details, you complete the whole sign-up flow. After completing the sign up flow and signing in, you see a page similar to the following screenshot:
:::image type="content" source="media/tutorial-node-cli-app-sign-in/node-cli-app-signed-in-user.png" alt-text="Screenshot showing a signed-in user in a node CLI application.":::
-
Move back to the terminal and see your authentication information including the ID token claims.