Microsoft identity platform code samples
These code samples are built and maintained by Microsoft to demonstrate usage of our authentication libraries with the Microsoft identity platform. Common authentication and authorization scenarios are implemented in several application types, development languages, and frameworks.
- Sign in users to web applications and provide authorized access to protected web APIs.
- Protect a web API by requiring an access token to perform API operations.
Each code sample includes a README.md file describing how to build the project (if applicable) and run the sample application. Comments in the code help you understand how these libraries are used in the application to perform authentication and authorization by using the identity platform.
Single-page applications
These samples show how to write a single-page application secured with Microsoft identity platform. These samples use one of the flavors of MSAL.js.
Web applications
The following samples illustrate web applications that sign in users. Some samples also demonstrate the application calling Microsoft Graph, or your own web API with the user's identity.
Web API
The following samples show how to protect a web API with the Microsoft identity platform, and how to call a downstream API from the web API.
Language/ Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow |
---|---|---|---|
ASP.NET | Call Microsoft Graph | MSAL.NET | On-Behalf-Of (OBO) |
ASP.NET Core | Sign in users and call Microsoft Graph | MSAL.NET | On-Behalf-Of (OBO) |
Java | Sign in users | MSAL Java | On-Behalf-Of (OBO) |
Node.js | • Protect a Node.js web API • Protect a Node.js Web API with Azure AD B2C |
MSAL Node | Authorization bearer |
Desktop
The following samples show public client desktop applications that access the Microsoft Graph API, or your own web API in the name of the user. Apart from the Desktop (Console) with Web Authentication Manager (WAM) sample, all these client applications use the Microsoft Authentication Library (MSAL).
Language/ Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow |
---|---|---|---|
.NET Core | • Call Microsoft Graph • Call Microsoft Graph with token cache • Call Microsoft Graph with custom web UI HTML • Call Microsoft Graph with custom web browser • Sign in users with device code flow • Authenticate users with MSAL.NET in a WinUI desktop application |
MSAL.NET | • Authorization code with PKCE • Device code |
.NET | Invoke protected API with integrated Windows authentication | MSAL.NET | Integrated Windows authentication |
Java | Call Microsoft Graph | MSAL Java | Integrated Windows authentication |
Node.js | Sign in users | MSAL Node | Authorization code with PKCE |
PowerShell | Call Microsoft Graph by signing in users using username/password | MSAL.NET | Resource owner password credentials |
Python | Sign in users | MSAL Python | Resource owner password credentials |
Universal Window Platform (UWP) | Call Microsoft Graph | MSAL.NET | Web account manager |
Windows Presentation Foundation (WPF) | Sign in users and call Microsoft Graph | MSAL.NET | Authorization code with PKCE |
XAML | • Sign in users and call ASP.NET core web API • Sign in users and call Microsoft Graph |
MSAL.NET | Authorization code with PKCE |
Mobile
The following samples show public client mobile applications that access the Microsoft Graph API. These client applications use the Microsoft Authentication Library (MSAL).
Language/ Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow |
---|---|---|---|
.NET Core | • Call Microsoft Graph using MAUI • Call Microsoft Graph using MAUI with broker • Call Active Directory B2C tenant using MAUI |
MSAL MAUI | Authorization code with PKCE |
iOS | • Call Microsoft Graph native • Call Microsoft Graph with Azure AD nxoauth |
MSAL iOS | Authorization code with PKCE |
Java | Sign in users and call Microsoft Graph | MSAL Android | Authorization code with PKCE |
Kotlin | Sign in users and call Microsoft Graph | MSAL Android | Authorization code with PKCE |
Xamarin | • Sign in users and call Microsoft Graph • Sign in users with broker and call Microsoft Graph |
MSAL.NET | Authorization code with PKCE |
Service / daemon
The following samples show an application that accesses the Microsoft Graph API with its own identity (with no user).
Language/ Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow |
---|---|---|---|
.NET Core | • Call Microsoft Graph • Call web API • Using managed identity and Azure key vault |
MSAL.NET | Client credentials grant |
ASP.NET | Multi-tenant with Microsoft identity platform endpoint | MSAL.NET | Client credentials grant |
Java | • Call Microsoft Graph with Secret • Call Microsoft Graph with Certificate |
MSAL Java | Client credentials grant |
Node.js | Call Microsoft Graph with secret | MSAL Node | Client credentials grant |
Python | • Call Microsoft Graph with secret • Call Microsoft Graph with certificate |
MSAL Python | Client credentials grant |
Azure Functions as web APIs
The following samples show how to protect an Azure Function using HttpTrigger and exposing a web API with the Microsoft identity platform, and how to call a downstream API from the web API.
Language/ Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow |
---|---|---|---|
.NET | .NET Azure function web API secured by Azure AD | MSAL.NET | Authorization code |
Node.js | Node.js Azure function web API secured by Azure AD | MSAL Node | Authorization bearer |
Node.js | Call Microsoft Graph API on behalf of a user | MSAL Node | On-Behalf-Of (OBO) |
Python | Python Azure function web API secured by Azure AD | MSAL Python | Authorization code |
Headless
The following sample shows a public client application running on a device without a web browser. The app can be a command-line tool, an app running on Linux or Mac, or an IoT application. The sample features an app accessing the Microsoft Graph API, in the name of a user who signs-in interactively on another device (such as a mobile phone). This client application uses the Microsoft Authentication Library (MSAL).
Language/ Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow |
---|---|---|---|
.NET core | Invoke protected API from text-only device | MSAL.NET | Device code |
Java | Sign in users and invoke protected API from text-only device | MSAL Java | Device code |
Python | Call Microsoft Graph | MSAL Python | Device code |
Microsoft Teams applications
The following sample illustrates Microsoft Teams Tab application that signs in users. Additionally it demonstrates how to call Microsoft Graph API with the user's identity using the Microsoft Authentication Library (MSAL).
Language/ Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow |
---|---|---|---|
Node.js | Teams Tab app: single sign-on (SSO) and call Microsoft Graph | MSAL Node | On-Behalf-Of (OBO) |
Multi-tenant SaaS
The following samples show how to configure your application to accept sign-ins from any Azure Active Directory (Azure AD) tenant. Configuring your application to be multi-tenant means that you can offer a Software as a Service (SaaS) application to many organizations, allowing their users to be able to sign-in to your application after providing consent.
Language/ Platform |
Code sample(s) on GitHub |
Auth libraries |
Auth flow |
---|---|---|---|
ASP.NET Core | ASP.NET Core MVC web application calls Microsoft Graph API | MSAL.NET | OpenID connect |
ASP.NET Core | ASP.NET Core MVC web application calls ASP.NET Core web API | MSAL.NET | Authorization code |
Angular | Angular single-page application calls ASP.NET Core web API | MSAL Angular | Authorization code |
Next steps
If you'd like to delve deeper into more sample code, see:
Feedback
Submit and view feedback for