Getting started with user authentication on Azure

The Microsoft identity platform allows a JavaScript developer to authenticate and authorize user identity in your browser, server, or serverless application.

1. Create app registration

The Active directory app registration is required to provide authentication with Microsoft Identity.

The no-code authentication path, Easy Auth, means the hosting environment manages the authentication for your app.

  1. Create your hosting resource, such as an Azure web app or Azure function app.
  2. Enable Easy Auth by adding Authentication to your hosting resource. The process creates the app registration for you.
  3. If you only need to use authentication as a barrier to entry for your app, you are done. If your app needs to access other resources on behalf of the user or service, continue with MSAL integration.

2. Collect app registration information for MSAL integration

To integrate user authentication to access Azure resources on behalf of your users, you need app registration information.

Collect required information for the app registration from the Azure portal to configure the MSAL SDK :

  • Application (client) ID
  • Directory (tenant) ID
  • Client secret

3. Find an MSAL sample for your scenario

The fastest way to get started with the MSAL SDK is to find your scenario, then locate your framework and sample associated with your scenario.

Top JS samples include:

4.Integration with DefaultAzureCredential

Configure your runtime environment so your code can use the DefaultAzureCredential, on behalf of your users or system. This allows your same code to run in local, stage, and production environments, without managing credentials yourself.

Examples of DefaultAzureCredential:

Configure a managed identity for your hosting environment.

The value for the MSAL SDK's DefaultAzureCredential is controlled by the managed identity on the runtime environment.

Helpful tools

  • to inspect your tokens
  • Independent VS Code extension jwt-decoder
  • Microsoft Graph REST API for @me


Next steps