@azure/msal-node
Advanced tools
Package description
The @azure/msal-node package is a Microsoft library that enables Node.js applications to authenticate users and access secured resources in the Microsoft identity platform, such as Microsoft 365, Azure, and other resources that rely on Microsoft accounts. It supports various OAuth 2.0 and OpenID Connect flows.
Authentication
This code sample demonstrates how to configure the MSAL client and get an authorization code URL, which is the first step in the OAuth 2.0 authorization code flow.
const msal = require('@azure/msal-node');
const config = {
auth: {
clientId: 'your_client_id',
authority: 'https://login.microsoftonline.com/common',
clientSecret: 'your_client_secret',
}
};
const cca = new msal.ConfidentialClientApplication(config);
const authCodeUrlParameters = {
scopes: ['user.read'],
redirectUri: 'http://localhost:3000/redirect',
};
cca.getAuthCodeUrl(authCodeUrlParameters).then((response) => {
console.log(response);
});Acquiring Tokens
This code sample shows how to exchange an authorization code for an access token, which can be used to access secured resources.
const tokenRequest = {
code: 'authorization_code_received_from_auth_code_url',
scopes: ['user.read'],
redirectUri: 'http://localhost:3000/redirect',
};
cca.acquireTokenByCode(tokenRequest).then((response) => {
console.log(response);
}).catch((error) => {
console.error(error);
});Silent Token Acquisition
This code sample illustrates how to silently acquire an access token using a cached account, which is useful for renewing tokens without user interaction.
const silentTokenRequest = {
account: cca.getAccountByHomeId('user_home_id'),
scopes: ['user.read'],
};
cca.acquireTokenSilent(silentTokenRequest).then((response) => {
console.log(response);
}).catch((error) => {
if (error instanceof msal.InteractionRequiredAuthError) {
// Fallback to interactive method if silent acquisition fails
}
});Passport-azure-ad is a collection of Passport Strategies to help you integrate with Azure Active Directory. It is similar to @azure/msal-node but uses the Passport.js framework, which is popular for handling authentication in Node.js applications.
The oidc-client package provides a client-side library for web applications that need to perform OpenID Connect (OIDC) and OAuth 2.0 protocols. Unlike @azure/msal-node, which is designed for server-side Node.js applications, oidc-client is intended for use in browser-based applications.
Simple-oauth2 is a Node.js library for interacting with OAuth 2.0 and simplifying the process of adding token-based authentication to applications. It provides a simpler and more lightweight alternative to @azure/msal-node, but it does not have specific integrations with Microsoft identity platform.
Readme
| Getting Started | AAD Docs | Library Reference |
|---|
Currently msal-node is under development, please track the project progress here. This documentation is also in progress and will be changing as we release our alpha patches. We do not recommend using this in a production environment yet.
MSAL Node enables applications to authenticate users using Azure AD work and school accounts (AAD), Microsoft personal accounts (MSA) and social identity providers like Facebook, Google, LinkedIn, Microsoft accounts, etc. through Azure AD B2C service. It also enables your app to get tokens to access Microsoft Cloud services such as Microsoft Graph.
The current alpha version supports the following ways of acquiring tokens:
[Coming Soon] In the upcoming quarters we plan to add support for:
More details on different grant types supported by Microsoft authentication libraries in general can be found here.
The scenarios supported with this library are:
More details on scenarios and the authentication flows that map to each of them can be found here.
See here.
Expect us to detail our major and minor releases moving forward, while leaving out our patch releases. Patch release notes can be found in our change log.
| Date | Release | Announcement | Main features |
|---|---|---|---|
| July 13th, 2020 (Tentative) | @azure/msal-node v1.0.0-alpha.1 | No release notes yet | Full version of the @azure/msal-node package; relies on @azure/msal-common v1.0.0 |
| July 6th, 2020 | @azure/msal-node v1.0.0-alpha.0 | No release notes yet | Full version of the @azure/msal-node package; relies on @azure/msal-common v1.0.0-beta.4 |
Before using @azure/msal-node you will need to register your app in the azure portal to get a valid clientId for configuration, and to register the routes that your app will accept redirect traffic on if applicable. Currently we support the below app registrations for @azure/msal-node:
npm install @azure/msal-node
There are multiple samples included in the repository that use MSAL Node to acquire tokens. These samples are currently used for manual testing, and are not meant to be a reference of best practices, therefore use judgement and do not blindly copy this code to any production applications.
npm install -g lernalerna bootstrap from anywhere within microsoft-authentication-library-for-js.git.microsoft-authentication-library-for-js/lib/msal-common and run npm run buildmicrosoft-authentication-library-for-js/lib/msal-node and run npm run build// to link msal-node and msal-common packages
lerna bootstrap
// Change to the msal-node package directory
cd lib/msal-common/
// To run build only for node package
npm run build
// Change to the msal-node package directory
cd lib/msal-node/
// To run build only for node package
npm run build
Below is a list of commands you will probably find useful:
npm run build:modules:watchRuns the project in development/watch mode. Your project will be rebuilt upon changes. TSDX has a special logger for you convenience. Error messages are pretty printed and formatted for compatibility VS Code's Problems tab. The library will be rebuilt if you make edits.
npm run buildBundles the package to the dist folder.
The package is optimized and bundled with Rollup into multiple formats (CommonJS, UMD, and ES Module).
lerna bootstrapIf you are running the project in development/watch mode, or have made changes in msal-common and need them reflecting across the project, please run lerna bootstrap to link all the symbols. Please note that npm install will unlink all the code, hence it is advised to run lerna bootstrap post installation.
npm run lintRuns eslint with Prettier
npm test, npm run test:coverage, npm run test:watchRuns the test watcher (Jest) in an interactive mode. By default, runs tests related to files changed since the last commit. Generate code coverage by adding the flag --coverage. No additional setup needed. Jest can collect code coverage information from entire projects, including untested files.
If you find a security issue with our libraries or services please report it to secure@microsoft.com with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.
Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
FAQs
Unknown package
The npm package @azure/msal-node receives a total of 2,135,610 weekly downloads. As such, @azure/msal-node popularity was classified as popular.
We found that @azure/msal-node demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cyber insurance rates are dropping as the market matures, according to a new report projecting global premiums to reach $43 billion by 2030, driven by international market uptake and growth in the SME sector.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.