快速入门:使用授权代码流在 Node Web 应用中让用户登录并获取访问令牌Quickstart: Sign in users and get an access token in a Node web app using the auth code flow

在本快速入门中,你将下载并运行一个代码示例,该示例演示 Node.js Web 应用如何通过使用授权代码流让用户登录。In this quickstart, you download and run a code sample that demonstrates how a Node.js web app can sign in users using the authorization code flow. 此代码示例还演示如何获取访问令牌来调用 Microsoft Graph API。The code sample also demonstrates how to get an access token to call Microsoft Graph API.

有关说明,请参阅示例工作原理See How the sample works for an illustration.

本快速入门通过身份验证代码流使用适用于 Node.js 的 Microsoft 身份验证库 (MSAL Node)。This quickstart uses the Microsoft Authentication Library for Node.js (MSAL Node) with the authorization code flow.

先决条件Prerequisites

注册并下载快速入门应用程序Register and download your quickstart application

步骤 1:注册应用程序Step 1: Register your application

  1. 登录 Azure 门户Sign in to the Azure portal.
  2. 如果有权访问多个租户,请使用顶部菜单中的“目录 + 订阅”筛选器 ,选择要在其中注册应用程序的租户。
  3. 在“管理”下,选择“应用注册” > “新建注册” 。Under Manage, select App registrations > New registration.
  4. 输入应用程序的 名称Enter a Name for your application. 应用的用户可能会看到此名称,你稍后可对其进行更改。Users of your app might see this name, and you can change it later.
  5. 在“支持的帐户类型”下,选择“任何组织目录中的帐户”。 Under Supported account types, select Accounts in any organizational directory.
  6. 将“重定向 URI”值设为 http://localhost:3000/redirectSet the Redirect URI value to http://localhost:3000/redirect.
  7. 选择“注册”。Select Register.
  8. 在应用的“概述”页上,记下“应用程序(客户端) ID”值,供稍后使用 。On the app Overview page, note the Application (client) ID value for later use.
  9. 在“管理”下,选择“证书和机密” > “新建客户端机密” 。Under Manage, select Certificates & secrets > New client secret. 将说明留空并保留默认过期时间,然后选择“添加”。Leave the description blank and default expiration, and then select Add.
  10. 记下“客户端密码”的值以供稍后使用 。Note the Value of the Client Secret for later use.

步骤 1:在 Azure 门户中配置应用程序Step 1: Configure the application in Azure portal

要使此快速入门的代码示例正常运行,需要创建一个客户端密码,并将答复 URL 添加为 http://localhost:3000/redirectFor the code sample for this quickstart to work, you need to create a client secret and add a reply URL as http://localhost:3000/redirect.

已配置 应用程序已使用这些属性进行配置。Already configured Your application is configured with these attributes.

步骤 2:下载项目Step 2: Download the project

若要使用 Node.js 在 Web 服务器中运行项目,请下载核心项目文件To run the project with a web server by using Node.js, download the core project files.

使用 Node.js 在 Web 服务器中运行项目Run the project with a web server by using Node.js

步骤 3:配置 Node 应用Step 3: Configure your Node app

提取项目,打开文件夹“ms-identity-node-main”,然后打开“index.js”文件 。Extract the project, and open the folder ms-identity-node-main, then open the index.js file. clientID 设置为“应用程序(客户端) ID”。Set the clientID with the Application (client) ID. clientSecret 设置为“客户端密码”的值 。Set the clientSecret with the Value of the Client secret.

const config = {
   auth: {
       clientId: "Enter_the_Application_Id_Here",
       authority: "https://login.partner.microsoftonline.cn/common",
       clientSecret: "Enter_the_Client_Secret_Here"
   },
   system: {
       loggerOptions: {
           loggerCallback(loglevel, message, containsPii) {
               console.log(message);
           },
           piiLoggingEnabled: false,
           logLevel: msal.LogLevel.Verbose,
       }
   }
};

修改 config 部分中的值,如下所述:Modify the values in the config section as described here:

  • Enter_the_Application_Id_Here 是已注册应用程序的应用程序(客户端)ID。Enter_the_Application_Id_Here is the Application (client) ID for the application you registered.

    若要查找“应用程序(客户端) ID”的值,请转到 Azure 门户中应用注册的“概览”页面 。To find the value of Application (client) ID, go to the app registration's Overview page in the Azure portal.

  • Enter_the_Client_Secret_Here 是注册的应用程序的“客户端密码”的值 。Enter_the_Client_Secret_Here is the Value of the Client secret for the application you registered.

    若要检索客户端密码或生成新的客户端密码,请在“管理”下选择“证书和机密”。To retrieve or generate a new Client secret, under Manage, select Certificates & secrets.

默认 authority 值表示主要 Azure 云:The default authority value represents the main Azure cloud:

authority: "https://login.partner.microsoftonline.cn/common",

步骤 3:应用已配置并可以运行Step 3: Your app is configured and ready to run

步骤 4:运行项目Step 4: Run the project

使用 Node.js 运行项目:Run the project by using Node.js:

  1. 若要启动服务器,请从项目目录中运行以下命令:To start the server, run the following commands from within the project directory:

    npm install
    npm start
    
  2. 浏览到 http://localhost:3000/Browse to http://localhost:3000/.

  3. 选择“登录”启动登录过程。Select Sign In to start the sign-in process.

    首次登录时,系统会提示你允许应用程序访问你的个人资料并将你登录。The first time you sign in, you're prompted to provide your consent to allow the application to access your profile and sign you in. 成功登录后,你将在命令行中看到一条日志消息。After you're signed in successfully, you will see a log message in the command line.

详细信息More information

示例工作原理How the sample works

该示例在运行时将在 localhost 端口 3000 上托管 Web 服务器。The sample, when run, hosts a web server on localhost, port 3000. 当 Web 浏览器访问此站点时,该示例会立即将用户重定向到 Microsoft 身份验证页面。When a web browser accesses this site, the sample immediately redirects the user to a Microsoft authentication page. 因此,该示例不包含任何 html,也不显示元素。Because of this, the sample does not contain any html or display elements. 身份验证成功后会显示消息“成功”。Authentication success displays the message, "OK".

MSAL NodeMSAL Node

MSAL Node 库会让用户登录,并请求用于访问受 Microsoft 标识平台保护的 API 的令牌。The MSAL Node library signs in users and requests the tokens that are used to access an API that's protected by Microsoft identity platform. 可通过 Node.js 包管理器 (npm) 下载最新版本:You can download the latest version by using the Node.js Package Manager (npm):

npm install @azure/msal-node