Sign in users in your own Node.js browserless application using the Device Code flow - Overview

In this article, you learn how to build a Node.js browserless application that signs in users. The client application you build uses the OAuth 2.0 device code flow to sign in users interactively, using another device such as a mobile phone.

We've organized the content into three separate articles so it's easy for you to follow:

Overview

The device code flow is an OAuth2.0 grant flow that allows users to sign in to input-constrained devices like smart TVs, IoT devices, and printers. In a typical interactive authentication experience, External ID for customers requires a web browser for user sign-in. In our browserless application scenario, the app uses the Microsoft Authentication Library (MSAL) for Node to obtain tokens through a flow that involves the following steps:

  1. The application receives a code from the authorization server that is used to initiate authentication.
  2. The application prompts the user to use another device and navigate to a URL (for instance, https://microsoft.com/devicelogin), where they're prompted to enter the code.
  3. That URL leads the user through a normal authentication experience, including consent prompts and multi-factor authentication if necessary.
  4. Upon successful authentication, the app receives the required tokens through a back channel to enable it to perform the web API calls it needs.

Prerequisites

If you want to run a sample Node.js browserless application rather than building it from scratch, complete the steps in Sign in users in a sample Node.js browserless application by using the Device Code flow

Next steps

Learn how to prepare your External ID for customers tenant: