Repository files navigation

TheMicrosoft identity platform, along withAzure Active Directory (Azure AD) andAzure Azure Active Directory B2C (Azure AD B2C) are central to theAzure cloud ecosystem. This tutorial aims to take you through the fundamentals of modern authentication with Angular, using theMicrosoft Authentication Library for Angular (MSAL Angular).

We recommend following the chapters in successive order. However, the code samples are self-contained, so feel free to pick samples by topics that you may need at the moment.

• Node.js v14 LTS or later
• Dotnet Core SDK v6 or later
• Visual Studio Code
• VS Code Azure Tools Extension
• A modern web browser

Please refer to each sample's README for sample-specific prerequisites.

• jwt.ms for inspecting your tokens
• Fiddler for monitoring your network activity and troubleshooting
• CheckMSAL.js FAQ andMSAL Angular FAQ for your questions
• Follow theAzure AD Blog to stay up-to-date with the latest developments

Please refer to each sample's README for sample-specific recommendations.

• ForAzure AD, start the tutorial fromhere
• ForAzure AD B2C, start the tutorial fromhere

Alternatively, choose below the sample you want to review.

	Sign-in with Azure AD Sign-in your users with theAzure AD and learn to work withID Tokens. Learn howsingle sign-on (SSO) works. Learn to secure your apps to operate innational clouds.
	Sign-in with Azure AD B2C Sign-in your customers withAzure AD B2C. Learn to integrate withexternal social identity providers. Learn how to useuser-flows andcustom policies.

	Get an Access Token from Azure AD and call Microsoft Graph Authenticate your users and acquire anAccess Token for Microsoft Graph and then call theMicrosoft Graph API. Learn how to handle continuous access evaluation (CAE) events.

	Protect and call a web API on Azure AD Protect your web API with theAzure AD. Use a client application to sign-in a user, acquire anAccess Token for your web API and call your protected Web API.
	Protect and call a web API on Azure AD B2C Protect your web API withAzure AD B2C. Use a client application to sign-in a user, acquire anAccess Token for your web API and call your protected web API.

	Deploy to Azure Storage and App Service Prepare your app for deployment to variousAzure services. Learn how to package and upload files, configure authentication parameters and useAzure services for managing your operations.

	Call a web API using App Roles Define App Roles and use roles claim in an ID Token to implement Role-based Access Control (RBAC) for your protected web API.
	Call a web API using Security Groups Create Security Groups and use groups claim in an ID Token to implement Role-based Access Control (RBAC) for your protected web API. Handle overage scenarios.

	Call Microsoft Graph using on-behalf-of flow Use OAuth 2.0 on-behalf-of flow to call Microsoft Graph from your client app via a .NET Core web API. Understand combined consent and.default scope. Learn how to handle continuous access evaluation (CAE) events in downstream APIs
	Call a multi-tenant web API from any tenant Develop and provision a multi-tenant SaaS application. Handle provisioning your app to other tenants and control who can access your resources.

Were we successful in addressing your learning objective? Consider taking a moment toshare your experience with us.

Learn more about theMicrosoft identity platform:

• Microsoft identity platform
• Azure Active Directory B2C
• Overview of Microsoft Authentication Library (MSAL)
• Application types for Microsoft identity platform
• Understanding Azure AD application consent experiences
• Understand user and admin consent
• Application and service principal objects in Azure Active Directory
• Microsoft identity platform best practices and recommendations

See more code samples:

• MSAL code samples
• MSAL B2C code samples

UseStack Overflow to get support from the community.Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before.Make sure that your questions or comments are tagged with [ms-identityazure-adazure-ad-b2cmsaljavascript].

If you find a bug in the sample, please raise the issue onGitHub Issues.

To provide a recommendation, visit the followingUser Voice page.

This project welcomes contributions and suggestions. Most contributions require you to agree to aContributor License Agreement (CLA) declaring that you have the right to, and actually do, grant usthe rights to use your contribution. For details, visithttps://cla.opensource.microsoft.com.

This project has adopted theMicrosoft Open Source Code of Conduct.For more information see theCode of Conduct FAQ orcontactopencode@microsoft.com with any additional questions or comments.