Quickstart: Sign in users and call Microsoft Graph from a Node.js desktop app

In this quickstart, you download and run a code sample that demonstrates how an Electron desktop application can sign in users and acquire access tokens to call the Microsoft Graph API.

This quickstart uses the Microsoft Authentication Library for Node.js (MSAL Node) with the authorization code flow with PKCE.

Prerequisites

• Node.js
• Visual Studio Code or another code editor

Register and download the sample application

Follow the steps below to get started.

Step 1: Register the application

To register your application and add the app's registration information to your solution manually, follow these steps:

1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
2. If you have access to multiple tenants, use the Settings icon in the top menu to switch to the tenant in which you want to register the application from the Directories + subscriptions menu.
3. Browse to Identity > Applications > App registrations and select New registration.
4. Enter a Name for your application, for example msal-node-desktop. Users of your app might see this name, and you can change it later.
5. Select Register to create the application.
6. Under Manage, select Authentication.
7. Select Add a platform > Mobile and desktop applications.
8. In the Redirect URIs section, enter http://localhost.
9. Select Configure.

Step 2: Download the Electron sample project

Download the code sample

Step 3: Configure the Electron sample project

*Extract the project, open the ms-identity-JavaScript-nodejs-desktop-main folder, and then open .authConfig.js file. Replace the value as follows:

Your file should look similar to below:

const AAD_ENDPOINT_HOST = "https://login.partner.microsoftonline.cn/"; // include the trailing slash

const msalConfig = {
    auth: {
        clientId: "00001111-aaaa-2222-bbbb-3333cccc4444",
        authority: `${AAD_ENDPOINT_HOST}/aaaabbbb-0000-cccc-1111-dddd2222eeee`,
    },
    system: {
        loggerOptions: {
            loggerCallback(loglevel, message, containsPii) {
                 console.log(message);
             },
             piiLoggingEnabled: false,
             logLevel: LogLevel.Verbose,
        }
    }
}

const GRAPH_ENDPOINT_HOST = "https://microsoftgraph.chinacloudapi.cn/"; // include the trailing slash

const protectedResources = {
     graphMe: {
         endpoint: `${GRAPH_ENDPOINT_HOST}v1.0/me`,
         scopes: ["https://microsoftgraph.chinacloudapi.cn/user.read"],
     }
};

module.exports = {
     msalConfig: msalConfig,
     protectedResources: protectedResources,
 };

Step 4: Run the application

1. You'll need to install the dependencies of this sample once:

   cd ms-identity-javascript-nodejs-desktop-main
   npm install
   

2. Then, run the application via command prompt or console:

   npm start
   

3. Select Sign in to start the sign-in process.

   The first time you sign in, you're prompted to provide your consent to allow the application to sign you in and access your profile. After you're signed in successfully, you'll be redirected back to the application.

More information

How the sample works

When a user selects the Sign In button for the first time, acquireTokenInteractive method of MSAL Node is called. This method redirects the user to sign-in with the Microsoft identity platform endpoint, obtains an authorization code, and then exchanges it for an access token.

MSAL Node

MSAL Node is the library used to sign in users and request tokens used to access an API protected by Microsoft identity platform. For more information on how to use MSAL Node with desktop apps, see this article.

You can install MSAL Node by running the following npm command.

npm install @azure/msal-node --save

Next steps

To learn more about Electron desktop app development with MSAL Node, see the tutorial: