Microsoft identity platform code samples
These code samples are built and maintained by Microsoft to demonstrate usage of our authentication libraries with the Microsoft identity platform. Common authentication and authorization scenarios are implemented in several application types, development languages, and frameworks.
- Sign in users to web applications and provide authorized access to protected web APIs.
- Protect a web API by requiring an access token to perform API operations.
Each code sample includes a README.md file describing how to build the project (if applicable) and run the sample application. Comments in the code help you understand how these libraries are used in the application to perform authentication and authorization by using the identity platform.
Samples and guides
Use the tabs to sort the samples by application type, or your preferred language/framework.
Single-page applications
These samples show how to write a single-page application secured with Microsoft identity platform. These samples use one of the flavors of MSAL.js.
Language / Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow | Quickstart | Tutorial |
---|---|---|---|---|---|
React | • Sign in users | MSAL React | Authorization code with PKCE | Quickstart | Tutorial |
Angular | • Sign in users | MSAL Angular | Authorization code with PKCE | Quickstart | Tutorial |
JavaScript | • Sign in users • Call Microsoft Graph • Call Node.js web API • Deploy to Azure Storage and App Service |
MSAL.js | Authorization code with PKCE | Quickstart | |
Blazor WebAssembly | • Sign in users • Call Microsoft Graph • Deploy to Azure App Service |
MSAL.js | Authorization code with PKCE | Quickstart |
Web applications
The following samples illustrate web applications that sign in users. Some samples also demonstrate the application calling Microsoft Graph, or your own web API with the user's identity.
Web API
The following samples show how to protect a web API with the Microsoft identity platform, and how to call a downstream API from the web API.
Language / Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow | Quickstart | Tutorial |
---|---|---|---|---|---|
ASP.NET | • Call Microsoft Graph | MSAL.NET | On-Behalf-Of (OBO) | Quickstart | |
ASP.NET Core | • Access control (protected routes) with the Microsoft identity platform | MSAL.NET | On-Behalf-Of (OBO) | Quickstart | Tutorial |
Java | • Protect your Java Spring Boot web API with the Microsoft identity platform | MSAL Java | On-Behalf-Of (OBO) | ||
Node.js | • Protect a Node.js web API | MSAL Node | Authorization bearer |
Desktop
The following samples show public client desktop applications that access the Microsoft Graph API, or your own web API in the name of the user. Apart from the Desktop (Console) with Web Authentication Manager (WAM) sample, all these client applications use the Microsoft Authentication Library (MSAL).
Mobile
The following samples show public client mobile applications that access the Microsoft Graph API. These client applications use the Microsoft Authentication Library (MSAL).
Language / Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow | Quickstart | Tutorial |
---|---|---|---|---|---|
.NET Core | • Call Microsoft Graph using MAUI • Call Microsoft Graph using MAUI with broker |
MSAL.NET | Authorization code with PKCE | ||
iOS | • Call Microsoft Graph native | MSAL iOS | Authorization code with PKCE | Quickstart | Tutorial |
Java | • Sign in users and call Microsoft Graph | MSAL Android | Authorization code with PKCE | Quickstart | Tutorial |
Kotlin | • Sign in users and call Microsoft Graph | MSAL Android | Authorization code with PKCE | ||
Xamarin | • Sign in users and call Microsoft Graph • Sign in users with broker and call Microsoft Graph |
MSAL.NET | Authorization code with PKCE |
Service / daemon
The following samples show an application that accesses the Microsoft Graph API with its own identity (with no user).
Language / Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow | Quickstart | Tutorial |
---|---|---|---|---|---|
.NET | • .NET console app that accesses a protected web API • Multitenant with Microsoft identity platform endpoint |
MSAL.NET | Client credentials grant | Quickstart | Tutorial |
.NET Core | • Call Microsoft Graph • Call web API • Using managed identity and Azure Key Vault |
MSAL.NET | Client credentials grant | ||
Java | • Call Microsoft Graph with Secret • Call Microsoft Graph with Certificate |
MSAL Java | Client credentials grant | Quickstart | |
Node.js | • Call Microsoft Graph with secret | MSAL Node | Client credentials grant | Quickstart | Tutorial |
Python | • Call Microsoft Graph with secret • Call Microsoft Graph with certificate |
MSAL Python | Client credentials grant | Quickstart |
Browserless (Headless)
The following sample shows a public client application running on a device without a web browser. The app can be a command-line tool, an app running on Linux or Mac, or an IoT application. The sample features an app accessing the Microsoft Graph API, in the name of a user who signs in interactively on another device (such as a mobile phone). This client application uses the Microsoft Authentication Library (MSAL).
Language / Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow | Quickstart | Tutorial |
---|---|---|---|---|---|
.NET Core | • Invoke protected API from text-only device | MSAL.NET | Device code | ||
Java | • Sign in users and invoke protected API from text-only device | MSAL Java | Device code | ||
Python | • Call Microsoft Graph | MSAL Python | Device code |
Azure Functions as web APIs
The following samples show how to protect an Azure Function using HttpTrigger and exposing a web API with the Microsoft identity platform, and how to call a downstream API from the web API.
Language / Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow | Quickstart | Tutorial |
---|---|---|---|---|---|
Python | • Python Azure function web API secured by Microsoft Entra ID | MSAL Python | Authorization code |
Microsoft Teams applications
The following sample illustrates Microsoft Teams Tab application that signs in users. Additionally it demonstrates how to call Microsoft Graph API with the user's identity using the Microsoft Authentication Library (MSAL).
Language / Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow | Quickstart | Tutorial |
---|---|---|---|---|---|
Node.js | • Teams Tab app: single sign-on (SSO) and call Microsoft Graph | MSAL Node | On-Behalf-Of (OBO) |
Multitenant SaaS
The following samples show how to configure your application to accept sign-ins from any Microsoft Entra tenant. Configuring your application to be multitenant means that you can offer a Software as a Service (SaaS) application to many organizations, allowing their users to be able to sign-in to your application after providing consent.
Language / Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow | Quickstart | Tutorial |
---|---|---|---|---|---|
ASP.NET Core | • ASP.NET Core MVC web application calls Microsoft Graph API • ASP.NET Core MVC web application calls ASP.NET Core web API |
MSAL.NET | • OpenID connect • Authorization code |
Related content
If you'd like to delve deeper into more sample code, see: