Microsoft identity platform code samples

These code samples are built and maintained by Microsoft to demonstrate usage of our authentication libraries with the Microsoft identity platform. Common authentication and authorization scenarios are implemented in several application types, development languages, and frameworks.

  • Sign in users to web applications and provide authorized access to protected web APIs.
  • Protect a web API by requiring an access token to perform API operations.

Each code sample includes a README.md file describing how to build the project (if applicable) and run the sample application. Comments in the code help you understand how these libraries are used in the application to perform authentication and authorization by using the identity platform.

Samples and guides

Use the tabs to sort the samples by application type, or your preferred language/framework.

Single-page applications

These samples show how to write a single-page application secured with Microsoft identity platform. These samples use one of the flavors of MSAL.js.

Web applications

The following samples illustrate web applications that sign in users. Some samples also demonstrate the application calling Microsoft Graph, or your own web API with the user's identity.

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
ASP.NET Core ASP.NET Core Series
Sign in users
Sign in users (B2C)
Call Microsoft Graph
Customize token cache
Call Graph (multi-tenant)
Call Azure REST APIs
Protect web API
Protect web API (B2C)
Protect multi-tenant web API
Use App Roles for access control
Use Security Groups for access control
Deploy to Azure Storage and App Service
Microsoft.Identity.Web • OpenID connect
• Authorization code
• On-Behalf-Of
Blazor Blazor Server Series
Sign in users
Sign in users (B2C)
Call Microsoft Graph
Call web API
Call web API (B2C)
MSAL.NET Hybrid flow
ASP.NET Core Advanced Token Cache Scenarios Microsoft.Identity.Web On-Behalf-Of (OBO)
ASP.NET Core Use the Conditional Access auth context to perform step-up authentication Microsoft.Identity.Web Authorization code
ASP.NET Core Active Directory Federation Services to Microsoft Entra migration MSAL.NET • SAML
• OpenID connect
ASP.NET Microsoft Graph Training Sample
Sign in users and call Microsoft Graph
Sign in users and call Microsoft Graph with admin restricted scope
Quickstart: Sign in users
MSAL.NET • OpenID connect
• Authorization code
Java

Spring
Microsoft Entra Spring Boot Starter Series
Sign in users
Sign in users (B2C)
Call Microsoft Graph
Use App Roles for access control
Use Groups for access control
Deploy to Azure App Service
Protect a web API
MSAL Java
• Microsoft Entra ID Boot Starter
Authorization code
Java

Servlets
Spring-less Servlet Series
Sign in users
Sign in users (B2C)
Call Microsoft Graph
Use App Roles for access control
Use Security Groups for access control
Deploy to Azure App Service
MSAL Java Authorization code
Node.js

Express
Express web app series
Quickstart: sign in users
Sign in users
Sign in users (B2C)
Call Microsoft Graph
Call Microsoft Graph via BFF proxy
Deploy to Azure App Service
Use App Roles for access control
Use Security Groups for access control
MSAL Node • Authorization code
• Backend-for-Frontend (BFF) proxy
Python

Flask
Flask Series
Sign in users
Sign in users (B2C)
A template to sign in Microsoft Entra ID or B2C users, and optionally call a downstream API (Microsoft Graph)
Call Microsoft Graph
Deploy to Azure App Service
MSAL Python Authorization code
Python

Django
Django Series
Sign in users
Sign in users (B2C)
Call Microsoft Graph
Deploy to Azure App Service
MSAL Python Authorization code
Ruby Graph Training
Sign in users and call Microsoft Graph
OmniAuth OAuth2 Authorization code

Web API

The following samples show how to protect a web API with the Microsoft identity platform, and how to call a downstream API from the web API.

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
ASP.NET Call Microsoft Graph MSAL.NET On-Behalf-Of (OBO)
ASP.NET Core Sign in users and call Microsoft Graph MSAL.NET On-Behalf-Of (OBO)
Java Sign in users MSAL Java On-Behalf-Of (OBO)
Node.js Protect a Node.js web API
Protect a Node.js Web API with Azure AD B2C
MSAL Node Authorization bearer

Desktop

The following samples show public client desktop applications that access the Microsoft Graph API, or your own web API in the name of the user. Apart from the Desktop (Console) with Web Authentication Manager (WAM) sample, all these client applications use the Microsoft Authentication Library (MSAL).

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
.NET Core Call Microsoft Graph
Call Microsoft Graph with token cache
Call Microsoft Graph with custom web UI HTML
Call Microsoft Graph with custom web browser
Sign in users with device code flow
Authenticate users with MSAL.NET in a WinUI desktop application
MSAL.NET • Authorization code with PKCE
• Device code
.NET Invoke protected API with integrated Windows authentication MSAL.NET Integrated Windows authentication
Java Call Microsoft Graph MSAL Java Integrated Windows authentication
Node.js Sign in users MSAL Node Authorization code with PKCE
.NET Core Call Microsoft Graph by signing in users using username/password MSAL.NET Resource owner password credentials
Python Sign in users MSAL Python Resource owner password credentials
Universal Window Platform (UWP) Call Microsoft Graph MSAL.NET Web account manager
Windows Presentation Foundation (WPF) Sign in users and call Microsoft Graph MSAL.NET Authorization code with PKCE
Windows Presentation Foundation (WPF) Sign in users and call ASP.NET Core web API
Sign in users and call Microsoft Graph
MSAL.NET Authorization code with PKCE

Mobile

The following samples show public client mobile applications that access the Microsoft Graph API. These client applications use the Microsoft Authentication Library (MSAL).

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
.NET Core Call Microsoft Graph using MAUI
Call Microsoft Graph using MAUI with broker
Call Active Directory B2C tenant using MAUI
MSAL.NET Authorization code with PKCE
iOS Call Microsoft Graph native MSAL iOS Authorization code with PKCE
Java Sign in users and call Microsoft Graph MSAL Android Authorization code with PKCE
Kotlin Sign in users and call Microsoft Graph MSAL Android Authorization code with PKCE
Xamarin Sign in users and call Microsoft Graph
Sign in users with broker and call Microsoft Graph
MSAL.NET Authorization code with PKCE

Service / daemon

The following samples show an application that accesses the Microsoft Graph API with its own identity (with no user).

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
.NET Core Call Microsoft Graph
Call web API
Using managed identity and Azure Key Vault
MSAL.NET Client credentials grant
ASP.NET Multi-tenant with Microsoft identity platform endpoint MSAL.NET Client credentials grant
Java Call Microsoft Graph with Secret
Call Microsoft Graph with Certificate
MSAL Java Client credentials grant
Node.js Call Microsoft Graph with secret MSAL Node Client credentials grant
Python Call Microsoft Graph with secret
Call Microsoft Graph with certificate
MSAL Python Client credentials grant

Azure Functions as web APIs

The following samples show how to protect an Azure Function using HttpTrigger and exposing a web API with the Microsoft identity platform, and how to call a downstream API from the web API.

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
.NET .NET Azure function web API secured by Microsoft Entra ID MSAL.NET Authorization code
Python Python Azure function web API secured by Microsoft Entra ID MSAL Python Authorization code

Browserless (Headless)

The following sample shows a public client application running on a device without a web browser. The app can be a command-line tool, an app running on Linux or Mac, or an IoT application. The sample features an app accessing the Microsoft Graph API, in the name of a user who signs-in interactively on another device (such as a mobile phone). This client application uses the Microsoft Authentication Library (MSAL).

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
.NET Core Invoke protected API from text-only device MSAL.NET Device code
Java Sign in users and invoke protected API from text-only device MSAL Java Device code
Python Call Microsoft Graph MSAL Python Device code

Microsoft Teams applications

The following sample illustrates Microsoft Teams Tab application that signs in users. Additionally it demonstrates how to call Microsoft Graph API with the user's identity using the Microsoft Authentication Library (MSAL).

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
Node.js Teams Tab app: single sign-on (SSO) and call Microsoft Graph MSAL Node On-Behalf-Of (OBO)

Multi-tenant SaaS

The following samples show how to configure your application to accept sign-ins from any Microsoft Entra tenant. Configuring your application to be multi-tenant means that you can offer a Software as a Service (SaaS) application to many organizations, allowing their users to be able to sign-in to your application after providing consent.

Language/
Platform
Code sample(s)
on GitHub
Auth
libraries
Auth flow
ASP.NET Core ASP.NET Core MVC web application calls Microsoft Graph API MSAL.NET OpenID connect
ASP.NET Core ASP.NET Core MVC web application calls ASP.NET Core web API MSAL.NET Authorization code
Angular Angular single-page application calls ASP.NET Core web API MSAL Angular Authorization code

Next steps

If you'd like to delve deeper into more sample code, see: