Skip to content

Latest commit

 

History

History
327 lines (236 loc) · 49 KB

sample-v2-code.md

File metadata and controls

327 lines (236 loc) · 49 KB
titledescriptionauthormanagerms.authorms.datems.reviewerms.servicems.topic
Code samples for authentication and authorization
An index of identity platform code samples, grouped by app types, languages, and frameworks, shows how these libraries enable app authentication and authorization.
OwenRichards1
CelesteDG
owenrichards
01/27/2025
jmprieur
identity-platform
sample

Microsoft identity platform code samples for authentication and authorization

These code samples are built and maintained by Microsoft to demonstrate usage of our authentication libraries with the Microsoft identity platform. Common authentication and authorization scenarios are implemented in several application types, development languages, and frameworks.

  • Sign in users to web applications and provide authorized access to protected web APIs.
  • Protect a web API by requiring an access token to perform API operations.

Each code sample includes a README.md file describing how to build the project (if applicable) and run the sample application. Comments in the code help you understand how these libraries are used in the application to perform authentication and authorization by using the identity platform.

Samples and guides

Use the tabs to sort the samples by application type, or your preferred language/framework.

By app type

Single-page applications

These samples show how to write a single-page application secured with Microsoft identity platform. These samples use one of the flavors of MSAL.js.

[!div class="mx-tdCol2BreakAll"]

Language /
Platform		Code sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
ReactSign in usersMSAL ReactAuthorization code with PKCEQuickstartTutorial
AngularSign in usersMSAL AngularAuthorization code with PKCEQuickstartTutorial
JavaScriptSign in users
Call Microsoft Graph
Call Node.js web API
Deploy to Azure Storage and App Service		MSAL.jsAuthorization code with PKCEQuickstart
Blazor WebAssemblySign in users
Call Microsoft Graph
Deploy to Azure App Service		MSAL.jsAuthorization code with PKCEQuickstart

Web applications

The following samples illustrate web applications that sign in users. Some samples also demonstrate the application calling Microsoft Graph, or your own web API with the user's identity.

Language / PlatformCode sample(s) on GitHubAuth librariesAuth flowQuickstartTutorial
ASP.NETMicrosoft Graph Training Sample
Sign in users and call Microsoft Graph with admin restricted scope		MSAL.NET
Microsoft.Identity.Web
Advanced Token Cache Scenarios		• OpenID connect
• Authorization code
• On-Behalf-Of (OBO)		Quickstart
ASP.NET CoreSign in users
Call Microsoft Graph
Customize token cache
Use the Conditional Access auth context to perform step-up authentication
Call Graph (multitenant)
Call Azure REST APIs
Protect web API
Protect multitenant web API
Use App Roles for access control
Use Security Groups for access control
Deploy to Azure Storage and App Service
Active Directory Federation Services to Microsoft Entra migration		Microsoft.Identity.Web• OpenID connect
• Authorization code
• On-Behalf-Of Flow (OBO)		QuickstartTutorial
BlazorSign in users
Call Microsoft Graph
Call web API		MSAL.NETHybrid flow
Java SpringSign in users
Call Microsoft Graph
Use App Roles for access control
Use Groups for access control
Protect a web API
Deploy to Azure App Service		MSAL JavaAuthorization codeTutorial
Java ServletsSign in users
Call Microsoft Graph
Use App Roles for access control
Use Security Groups for access control
Deploy to Azure App Service		MSAL JavaAuthorization codeQuickstart
Node.js ExpressSign in users
Express web application built with MSAL Node and Microsoft identity platform
Call Microsoft Graph
Call Microsoft Graph via BFF proxy
Use App Roles for access control
Use Security Groups for access control
Deploy to Azure App Service		MSAL Node• Authorization code
• Backend-for-Frontend (BFF) proxy		QuickstartTutorial
Python FlaskSign in users
Template to sign in Microsoft Entra ID, and optionally call a downstream API (Microsoft Graph)		MSAL PythonAuthorization codeQuickstartTutorial
Python DjangoSign in usersMSAL PythonAuthorization code
RubySign in users and call Microsoft GraphOmniAuth OAuth2Authorization code

Web API

The following samples show how to protect a web API with the Microsoft identity platform, and how to call a downstream API from the web API.

[!div class="mx-tdCol2BreakAll"]

Language /
Platform		Code sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
ASP.NETCall Microsoft GraphMSAL.NETOn-Behalf-Of (OBO)Quickstart
ASP.NET CoreAccess control (protected routes) with the Microsoft identity platformMSAL.NETOn-Behalf-Of (OBO)QuickstartTutorial
JavaProtect your Java Spring Boot web API with the Microsoft identity platformMSAL JavaOn-Behalf-Of (OBO)
Node.jsProtect a Node.js web APIMSAL NodeAuthorization bearer

Desktop

The following samples show public client desktop applications that access the Microsoft Graph API, or your own web API in the name of the user. Apart from the Desktop (Console) with Web Authentication Manager (WAM) sample, all these client applications use the Microsoft Authentication Library (MSAL).

[!div class="mx-tdCol2BreakAll"]

Language /
Platform		Code sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
.NET CoreCall Microsoft Graph
Call Microsoft Graph with token cache
Call Microsoft Graph with custom web UI HTML
Call Microsoft Graph with custom web browser
Sign in users with device code flow
Call Microsoft Graph by signing in users using username/password		MSAL.NET• Authorization code with PKCE
• Device code
• Resource owner password credentials
JavaCall Microsoft GraphMSAL JavaIntegrated Windows authentication
Node.jsSign in usersMSAL NodeAuthorization code with PKCEQuickstartTutorial
PythonSign in usersMSAL PythonResource owner password credentials
Windows Presentation Foundation (WPF)Sign in users and call Microsoft Graph
Windows Presentation Foundation (WPF) user sign-in, protected web API access (Microsoft Graph)
Sign in users and call ASP.NET Core web API
Sign in users and call Microsoft Graph		MSAL.NETAuthorization code with PKCEQuickstartTutorial

Mobile

The following samples show public client mobile applications that access the Microsoft Graph API. These client applications use the Microsoft Authentication Library (MSAL).

[!div class="mx-tdCol2BreakAll"]

Language /
Platform		Code sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
.NET CoreCall Microsoft Graph using MAUI
Call Microsoft Graph using MAUI with broker		MSAL.NETAuthorization code with PKCE
iOSCall Microsoft Graph nativeMSAL iOSAuthorization code with PKCEQuickstartTutorial
JavaSign in users and call Microsoft GraphMSAL AndroidAuthorization code with PKCEQuickstartTutorial
KotlinSign in users and call Microsoft GraphMSAL AndroidAuthorization code with PKCE

Service / daemon

The following samples show an application that accesses the Microsoft Graph API with its own identity (with no user).

[!div class="mx-tdCol2BreakAll"]

Language /
Platform		Code sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
.NET.NET console app that accesses a protected web API
Multitenant with Microsoft identity platform endpoint		MSAL.NETClient credentials grantQuickstartTutorial
.NET CoreCall Microsoft Graph
Call web API
Using managed identity to call MSGraph
Using managed identity to call an API
Worker role calling an API		Microsoft.Identity.WebClient credentials grant
JavaCall Microsoft Graph with Secret
Call Microsoft Graph with Certificate		MSAL JavaClient credentials grantQuickstart
Node.jsCall Microsoft Graph with secretMSAL NodeClient credentials grantQuickstartTutorial
PythonCall Microsoft Graph with secret
Call Microsoft Graph with certificate		MSAL PythonClient credentials grantQuickstart

Browserless (Headless)

The following sample shows a public client application running on a device without a web browser. The app can be a command-line tool, an app running on Linux or Mac, or an IoT application. The sample features an app accessing the Microsoft Graph API, in the name of a user who signs in interactively on another device (such as a mobile phone). This client application uses the Microsoft Authentication Library (MSAL).

[!div class="mx-tdCol2BreakAll"]

Language /
Platform		Code sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
.NET CoreInvoke protected API from text-only deviceMSAL.NETDevice code
JavaSign in users and invoke protected API from text-only deviceMSAL JavaDevice code
PythonCall Microsoft GraphMSAL PythonDevice code

Azure Functions as web APIs

The following samples show how to protect an Azure Function using HttpTrigger and exposing a web API with the Microsoft identity platform, and how to call a downstream API from the web API.

[!div class="mx-tdCol2BreakAll"]

Language /
Platform		Code sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
PythonPython Azure function web API secured by Microsoft Entra IDMSAL PythonAuthorization code

Microsoft Teams applications

The following sample illustrates Microsoft Teams Tab application that signs in users. Additionally it demonstrates how to call Microsoft Graph API with the user's identity using the Microsoft Authentication Library (MSAL).

[!div class="mx-tdCol2BreakAll"]

Language /
Platform		Code sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Node.jsTeams Tab app: single sign-on (SSO) and call Microsoft GraphMSAL NodeOn-Behalf-Of (OBO)

Multitenant SaaS

The following samples show how to configure your application to accept sign-ins from any Microsoft Entra tenant. Configuring your application to be multitenant means that you can offer a Software as a Service (SaaS) application to many organizations, allowing their users to be able to sign-in to your application after providing consent.

[!div class="mx-tdCol2BreakAll"]

Language /
Platform		Code sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
ASP.NET CoreASP.NET Core MVC web application calls Microsoft Graph API
ASP.NET Core MVC web application calls ASP.NET Core web API		MSAL.NET• OpenID connect
• Authorization code

By language/framework

C#

The following samples show how to build applications using the C# language and frameworks

.NET Core

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
DesktopCall Microsoft Graph
Call Microsoft Graph with token cache
Call Microsoft Graph with custom web UI HTML
Call Microsoft Graph with custom web browser
Sign in users with device code flow
Call Microsoft Graph by signing in users using username/password		MSAL.NET• Authorization code with PKCE
• Device code
MobileCall Microsoft Graph using MAUI
Call Microsoft Graph using MAUI with broker		MSAL.NETAuthorization code with PKCE
Service/daemonCall Microsoft Graph
Call web API
Using managed identity and Azure key vault		MSAL.NETClient credentials grant
HeadlessInvoke protected API from text-only deviceMSAL.NETDevice code

ASP.NET

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Web applicationMicrosoft Graph Training Sample
Sign in users and call Microsoft Graph with admin restricted scope		MSAL.NET• OpenID connect
• Authorization code		Quickstart
Web APICall Microsoft GraphMSAL.NETOn-Behalf-Of (OBO)
Service/
daemon		Multitenant with Microsoft identity platform endpointMSAL.NETClient credentials grant

ASP.NET Core

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Web applicationSign in users
Call Microsoft Graph
Customize token cache
Use the Conditional Access auth context to perform step-up authentication
Call Graph (multitenant)
Call Azure REST APIs
Protect web API
Protect multitenant web API
Use App Roles for access control
Use Security Groups for access control
Deploy to Azure Storage and App Service
Active Directory Federation Services to Microsoft Entra migration
Active Directory Federation Services to Microsoft Entra migrationUse the Conditional Access auth context to perform step-up authenticationAdvanced Token Cache Scenarios		Microsoft.Identity.Web• OpenID connect
• Authorization code
• On-Behalf-Of		QuickstartTutorial
Web APISign in users and call Microsoft GraphMSAL.NETOn-Behalf-Of (OBO)QuickstartTutorial
Multitenant SaaSASP.NET Core MVC web application calls Microsoft Graph API
ASP.NET Core MVC web application calls ASP.NET Core web API		MSAL.NETOpenID connect

Blazor

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Single-page applicationSign in users
Call Microsoft Graph
Deploy to Azure App Service		MSAL.jsImplicit FlowQuickstart
Web applicationSign in users
Call Microsoft Graph
Call web API		MSAL.NETImplicit/Hybrid flow

iOS

The following samples show how to build applications for the iOS platform.

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
MobileCall Microsoft Graph nativeMSAL iOSAuthorization code with PKCEQuickstartTutorial

JavaScript

Vanilla JavaScript

The following samples show how to build applications for the JavaScript language and platform.

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Single-page applicationSign in users
Call Microsoft Graph
Call Node.js web API
Deploy to Azure Storage and App Service		MSAL.jsAuthorization code with PKCEQuickstart

Angular

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Single-page applicationSign in usersMSAL AngularAuthorization code with PKCEQuickstartTutorial

Node.js

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Web APIProtect a Node.js web APIMSAL NodeAuthorization bearer
DesktopSign in usersMSAL NodeAuthorization code with PKCETutorial
Service, daemonCall Microsoft Graph with secretMSAL NodeClient credentials grantQuickstart
Microsoft Teams applicationsTeams Tab app: single sign-on (SSO) and call Microsoft GraphMSAL NodeOn-Behalf-Of (OBO)

Node.js (Express)

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Web applicationSign in users
Call Microsoft Graph
Deploy to Azure App Service
Use App Roles for access control
Use Security Groups for access control
Web app that sign in users		MSAL NodeAuthorization codeQuickstartTutorial

React

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Single-page applicationSign in usersMSAL React• Authorization code with PKCE
QuickstartTutorial

Java

The following samples show how to build applications for the Java language and platform.

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Web APISign in usersMSAL JavaOn-Behalf-Of (OBO)
DesktopCall Microsoft GraphMSAL JavaIntegrated Windows authentication
MobileSign in users and call Microsoft GraphMSAL AndroidAuthorization code with PKCE
Service/
daemon		Call Microsoft Graph with Secret
Call Microsoft Graph with Certificate		MSAL JavaClient credentials grantQuickstart

Java Spring

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Web applicationMicrosoft Entra Spring Boot Starter Series
Sign in users
Call Microsoft Graph
Use App Roles for access control
Use Groups for access control
Deploy to Azure App Service
Protect a web API		MSAL Java
• Microsoft Entra ID Boot Starter		Authorization codeTutorial

Java Servlet

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Web applicationSpring-less Servlet Series
Sign in users
Call Microsoft Graph
Use App Roles for access control
Use Security Groups for access control
Deploy to Azure App Service		MSAL JavaAuthorization code

Python

The following samples show how to build applications for the Python language and platform.

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Azure Functions as web APIsPython Azure function web API secured by Microsoft Entra IDMSAL PythonAuthorization code
DesktopSign in usersMSAL PythonResource owner password credentials
HeadlessCall Microsoft GraphMSAL PythonDevice code
DaemonCall Microsoft Graph with secret
Call Microsoft Graph with certificate		MSAL PythonClient credentials grantQuickstart

Flask

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Web applicationSign in users
A template to sign in Microsoft Entra ID, and optionally call a downstream API (Microsoft Graph)		MSAL PythonAuthorization codeQuickstartTutorial

Django

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Web applicationSign in users
Integrating Microsoft Entra ID with a Python web application written in Django		MSAL PythonAuthorization code

Kotlin

The following samples show how to build applications with Kotlin.

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
MobileSign in users and call Microsoft GraphMSAL AndroidAuthorization code with PKCE

Ruby

The following samples show how to build applications with Ruby.

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
Web applicationGraph Training
Sign in users and call Microsoft Graph		OmniAuth OAuth2Authorization code

Windows Presentation Foundation (WPF)

The following samples show how to build applications with Windows Presentation Foundation (WPF).

[!div class="mx-tdCol2BreakAll"]

App typeCode sample(s)
on GitHub		Auth
libraries		Auth flowQuickstartTutorial
DesktopSign in users and call Microsoft GraphMSAL.NETAuthorization code with PKCE
DesktopSign in users and call ASP.NET Core web API
Sign in users and call Microsoft Graph		MSAL.NETAuthorization code with PKCEQuickstartTutorial

Related content

If you'd like to delve deeper into more sample code, see:

close