Quickstart: Sign in users and call Microsoft Graph from a Node.js desktop app
In this quickstart, you download and run a code sample that demonstrates how an Electron desktop application can sign in users and acquire access tokens to call the Microsoft Graph API.
This quickstart uses the Microsoft Authentication Library for Node.js (MSAL Node) with the authorization code flow with PKCE.
Prerequisites
- Node.js
- Visual Studio Code or another code editor
Register and download the sample application
Follow the steps below to get started.
Step 1: Register the application
Tip
Steps in this article might vary slightly based on the portal you start from.
To register your application and add the app's registration information to your solution manually, follow these steps:
- Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
- If you have access to multiple tenants, use the Settings icon in the top menu to switch to the tenant in which you want to register the application from the Directories + subscriptions menu.
- Browse to Identity > Applications > App registrations and select New registration.
- Enter a Name for your application, for example
msal-node-desktop
. Users of your app might see this name, and you can change it later. - Select Register to create the application.
- Under Manage, select Authentication.
- Select Add a platform > Mobile and desktop applications.
- In the Redirect URIs section, enter
http://localhost
. - Select Configure.
Step 2: Download the Electron sample project
Step 3: Configure the Electron sample project
*Extract the project, open the ms-identity-JavaScript-nodejs-desktop-main folder, and then open .authConfig.js file. Replace the value as follows:
Variable | Description | Example(s) |
---|---|---|
Enter_the_Cloud_Instance_Id_Here |
The Azure cloud instance in which your application is registered | https://login.partner.microsoftonline.cn/ (include the trailing forward-slash) |
Enter_the_Tenant_Id_Here |
Tenant ID or Primary domain | contoso.microsoft.com or aaaabbbb-0000-cccc-1111-dddd2222eeee |
Enter_the_Application_Id_Here |
Client ID of the application you registered | 00001111-aaaa-2222-bbbb-3333cccc4444 |
Enter_the_Redirect_Uri_Here |
Redirect Uri of the application you registered | msal00001111-aaaa-2222-bbbb-3333cccc4444://auth |
Enter_the_Graph_Endpoint_Here |
The Microsoft Graph API cloud instance that your app will call | https://microsoftgraph.chinacloudapi.cn/ (include the trailing forward-slash) |
Your file should look similar to below:
const AAD_ENDPOINT_HOST = "https://login.partner.microsoftonline.cn/"; // include the trailing slash
const msalConfig = {
auth: {
clientId: "00001111-aaaa-2222-bbbb-3333cccc4444",
authority: `${AAD_ENDPOINT_HOST}/aaaabbbb-0000-cccc-1111-dddd2222eeee`,
},
system: {
loggerOptions: {
loggerCallback(loglevel, message, containsPii) {
console.log(message);
},
piiLoggingEnabled: false,
logLevel: LogLevel.Verbose,
}
}
}
const GRAPH_ENDPOINT_HOST = "https://microsoftgraph.chinacloudapi.cn/"; // include the trailing slash
const protectedResources = {
graphMe: {
endpoint: `${GRAPH_ENDPOINT_HOST}v1.0/me`,
scopes: ["https://microsoftgraph.chinacloudapi.cn/user.read"],
}
};
module.exports = {
msalConfig: msalConfig,
protectedResources: protectedResources,
};
Step 4: Run the application
You'll need to install the dependencies of this sample once:
cd ms-identity-javascript-nodejs-desktop-main npm install
Then, run the application via command prompt or console:
npm start
Select Sign in to start the sign-in process.
The first time you sign in, you're prompted to provide your consent to allow the application to sign you in and access your profile. After you're signed in successfully, you'll be redirected back to the application.
More information
How the sample works
When a user selects the Sign In button for the first time, acquireTokenInteractive
method of MSAL Node is called. This method redirects the user to sign-in with the Microsoft identity platform endpoint, obtains an authorization code, and then exchanges it for an access token.
MSAL Node
MSAL Node is the library used to sign in users and request tokens used to access an API protected by Microsoft identity platform. For more information on how to use MSAL Node with desktop apps, see this article.
You can install MSAL Node by running the following npm command.
npm install @azure/msal-node --save
Next steps
To learn more about Electron desktop app development with MSAL Node, see the tutorial: