(Alpha) Microsoft Authentication Library for JavaScript for Node(msal-node) for Node.js based Web apps
![npm version](https://img.shields.io/npm/v/@azure/msal-node.svg?style=flat)
![npm version](https://img.shields.io/npm/dm/@azure/msal-node.svg)
![Coverage Status](https://coveralls.io/repos/github/AzureAD/microsoft-authentication-library-for-js/badge.svg?branch=dev)
Currently msal-node
library is under development, Please track the project progress here. This documentation is also in progress and will be changing as we release our alpha
patches. We do not recommend using this in a production environment yet.
- About
- FAQ
- Releases
- Prerequisites
- Installation
- Usage
- Samples
- Build Library
- Security Reporting
- License
- Code of Conduct
About
The MSAL library for Node.js enables desktop and web applications for Node.js to authenticate users using Azure AD work and school accounts (AAD), Microsoft personal accounts (MSA) and social identity providers like Facebook, Google, LinkedIn, Microsoft accounts, etc. through Azure AD B2C service. It also enables your app to get tokens to access Microsoft Cloud services such as Microsoft Graph.
The @azure/msal-node
package has a dependency on @azure/msal-common
package, which is the common engine for all future javascript based libraries.
OAuth grant types supported and upcoming:
The current alpha version supports the below OAuth grant types:
[Coming Soon] In the upcoming quarters we plan to add support for Confidential client flows:
More details on different grant types supported by Microsoft authentication libraries in general can be found here
Scenarios supported:
The scenarios supported with this library are:
- Destop app that calls web APIs
- Web app that calls web APIs (upcoming)
- Web APIs that call web APIs (upcoming)
- Daemon apps (upcoming)
More details on scenarios and the authentication flows that map to each of them can be found here
FAQ
See here.
Releases
Expect us to detail our major and minor releases moving forward, while leaving out our patch releases. Patch release notes can be found in our change log.
Date | Release | Announcement | Main features |
---|
July 13th, 2020 (Tentative) | @azure/msal-node v1.0.0-alpha.1 | No release notes yet | Full version of the @azure/msal-node package; relies on @azure/msal-common v1.0.0 |
July 6th, 2020 | @azure/msal-node v1.0.0-alpha.0 | No release notes yet | Full version of the @azure/msal-node package; relies on @azure/msal-common v1.0.0-beta.4 |
Prerequisites
Before using @azure/msal-node
you will need to register your app in the azure portal to get a valid clientId
for configuration, and to register the routes that your app will accept redirect traffic on if applicable. Currently we support the below app registrations for @azure/msal-node
:
Installation
Via NPM:
npm install @azure/msal-node
Usage
MSAL basics
Samples
There are multiple samples included in the repository that use MSAL Node to acquire tokens. These samples are currently used for manual testing, and are not meant to be a reference of best practices, therefore use judgement and do not blindly copy this code to any production applications.
- auth-code: Express app using OAuth2.0 authorization code flow.
- device-code: Command line app using OAuth 2.0 device code flow.
- refresh-token: Command line app using OAuth 2.0 refresh flow.
- silent-flow: Express app using OAuth2.0 authorization code flow and refresh token flow to demonstrate silent retrieval of tokens when already logged in or when the app provides a in-disk cache for Single sign on experience
- msal-node-extensions (
Coming soon
): Uses the msal-extensions library to write the MSAL in-memory token cache to a disk.
Build and Test
- If you don't have lerna installed, run
npm install -g lerna
- Run
lerna bootstrap
from anywhere within microsoft-authentication-library-for-js.git
. - Navigate to
microsoft-authentication-library-for-js/lib/msal-common
and run npm run build
- Navigate to
microsoft-authentication-library-for-js/lib/msal-node
and run npm run build
lerna bootstrap
cd lib/msal-common/
npm run build
cd lib/msal-node/
npm run build
Local Development
Below is a list of commands you will probably find useful:
npm run build:modules:watch
Runs the project in development/watch mode. Your project will be rebuilt upon changes. TSDX has a special logger for you convenience. Error messages are pretty printed and formatted for compatibility VS Code's Problems tab. The library will be rebuilt if you make edits.
npm run build
Bundles the package to the dist
folder.
The package is optimized and bundled with Rollup into multiple formats (CommonJS, UMD, and ES Module).
lerna bootstrap
If you are running the project in development/watch mode, or have made changes in msal-common
and need them reflecting across the project, please run lerna bootstrap
to link all the symbols. Please note that npm install
will unlink all the code, hence it is advised to run lerna bootstrap
post installation.
npm run lint
Runs eslint with Prettier
npm test
, npm run test:coverage
, npm run test:watch
Runs the test watcher (Jest) in an interactive mode.
By default, runs tests related to files changed since the last commit.
Generate code coverage by adding the flag --coverage. No additional setup needed. Jest can collect code coverage information from entire projects, including untested files.
Security Reporting
If you find a security issue with our libraries or services please report it to secure@microsoft.com with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.
License
Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License (the "License");
We Value and Adhere to the Microsoft Open Source Code of Conduct
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.