Daemon app that calls web APIs - move to production

Now that you know how to acquire and use a token for a service-to-service call, learn how to move your app to production.

Deployment - multitenant daemon apps

If you're an ISV creating a daemon application that can run in several tenants, make sure that the tenant admin:

• Provisions a service principal for the application.
• Grants consent to the application.

You'll need to explain to your customers how to perform these operations. For more info, see admin consent.

Enable logging

To help in debugging and authentication failure troubleshooting scenarios, the Microsoft Authentication Library provides built-in logging support. Logging in each library is covered in the following articles:

• Logging in MSAL.NET
• Logging in MSAL for Android
• Logging in MSAL.js

• Logging in MSAL for iOS/macOS
• Logging in MSAL for Java
• Logging in MSAL for Python

Here are some suggestions for data collection:

• Users might ask for help when they have problems. A best practice is to capture and temporarily store logs. Provide a location where users can upload the logs. MSAL provides logging extensions to capture detailed information about authentication.

• If telemetry is available, enable it through MSAL to gather data about how users sign in to your app.

Validate your integration

Test your integration by following the Microsoft identity platform integration checklist.

Build for resilience

Learn how to increase resiliency in your app. For details, see Increase resilience of authentication and authorization applications you develop

Code samples

.NET

• Reference documentation for:
  • Instantiating ConfidentialClientApplication.
  • Calling AcquireTokenForClient.
• Other samples/tutorials:

  • microsoft-identity-platform-console-daemon features a small .NET daemon console application that displays the users of a tenant querying Microsoft Graph.

    

    The same sample also illustrates a variation with certificates:

    

  • microsoft-identity-platform-aspnet-webapp-daemon features an ASP.NET MVC web application that syncs data from Microsoft Graph by using the identity of the application instead of on behalf of a user. This sample also illustrates the admin consent process.

    

Java

Try the quickstart Acquire a token and call Microsoft Graph API from a Java console app using app's identity.

Node.js

• For more information, see:
  • Understanding Configuration
  • Instantiating ConfidentialClientApplication
  • FAQ
• Other samples/tutorials:
  • MSAL Node console daemon sample

Python

Try the quickstart Acquire a token and call Microsoft Graph API from a Python console app using app's identity.

Next steps

Here are a few links to help you learn more:

.NET

Try the quickstart Acquire a token and call Microsoft Graph API from a .NET console app using app's identity.

Java

Try the quickstart Acquire a token and call Microsoft Graph API from a Java console app using app's identity.

Node.js

Try the quickstart Acquire a token and call Microsoft Graph API from a Node.js console app using app's identity.

Python

Try the quickstart Acquire a token and call Microsoft Graph API from a Python console app using app's identity.