Table of contents
- Register the application
- Build and run the sample
- Community Help and Support
- How to get a token
- How to refresh a token
- How to call a backend Web API
- How to sign a user out of your application
Register the application
Sign in to the Azure Portal to register an application.
If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the desired Azure AD tenant.
In the left-hand navigation pane, select the Azure Active Directory service, and then select App registrations (Preview) > New registration.
When the Register an application page appears, enter a name for your application.
Under Supported account types, select Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox, Outlook.com).
Select the Web platform under the Redirect URI section and set the value to
When finished, select Register. On the app Overview page, note down the Application ID value.
This quickstart requires the Implicit grant flow to be enabled. In the left-hand navigation pane of the registered application, select Authentication.
In Advanced settings, under Implicit grant, enable both ID tokens and Access tokens checkboxes. ID tokens and Access tokens are required since this app needs to sign in users and call an API.
Build and run the sample
Download or clone the repository for this sample.
Using your favorite IDE, open app.js in App/scripts.
Replace the clientId GUID with the application ID of your registered Azure application that you pasted in the clipboard.
open Web.config in the root of the application.
Replace the value of the Ida::Audience application setting with the application ID of your registered Azure application (same GUID that you pasted to the clipboard). Note that Ida::Tenant is not currently set in the Web.config as all AAD V2 web APIs are currently multi-tenant.
Run the application in Visual Studio, for choose, from the toolback under the main menubar, which browser to use and use the Debug | Start without debugging command. The browser opens, navigating to
When the page gets displayed, click on the Login button.
When the popup window appears, sign-in with your personal or work or school account and grant the requested permissions.
Click on User to see information about the Signed-in user, and TodoList to edit the todo list (you can add, delete, edit new items)
The sample was tested with Chrome, Edge and Internet Explorer. For Internet explorer, be sure to read the msal.js FAQ Using msal.js with Internet Explorer
About the code.
The creation of the user agent application is done in app.js, configured by the clientID.
when the user presses the login button (sign-in happens, in app.js by a call to loginPopup().
when the user presses the logout button (sign-out happens, in app.js through a call to logout().
Community Help and Support
We use Stack Overflow with the community to provide support. We highly recommend you ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [msal.js].
If you find and bug or have a feature request, please raise the issue on GitHub Issues.
To provide a recommendation, visit our User Voice page.
If you'd like to contribute to this sample, see CONTRIBUTING.MD.
This library controls how users sign-in and access services. We recommend you always take the latest version of our library in your app when possible.
If you find a security issue with our libraries or services please report it to firstname.lastname@example.org with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.
Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License (the "License");