DEV Community

Danish Naglekar
Danish Naglekar

Posted on • Originally published at powermaverick.dev on

Getting Auth Token in Node JS without msal library

#authentication #azure #msal

In my current project, we had a need to build a Node JS app that will authenticate with an App Registration client id and client secret. First thing that came into my mind was to use msal library. But I hit a snag due to CORS issue and there was very little I could do with the code as it was a boiler plate code and changes were limited.

So, I went to the basics of Web Api call from JavaScript to authenticate with App Registration. For this I use the request object and the code is as below.

const getAuthToken = async function() { let config = require(\_\_dirname + "/../config/config.json"); var request = require('request'); var options = { 'method': 'POST', 'url': 'https://login.microsoftonline.com/3bd27ef8-8d38-4656-86d2-5f0d90a73981/oauth2/token', 'headers': { 'Authorization': 'Basic ' + new Buffer(config.clientId + ":" + config.clientSecret).toString('base64'), 'Content-Type': 'application/x-www-form-encoded' }, form: { 'grant\_type': 'client\_credentials', 'resource': 'https://analysis.windows.net/powerbi/api' } }; return new Promise( (resolve, reject) => { request(options, function (error, response) { if (error) { reject(error); } resolve(JSON.parse(response.body)); }); } );}module.exports.getAuthenticationToken = getAuthToken;
Enter fullscreen mode Exit fullscreen mode

You will notice that the config entries are defined in config.json file. Then we define request object and configure the options object. In this options object we define the method, url and headers needed along with the form. Because this is an authentication request, we need to supply the following headers:

Authorization which will be basic authentication with username and password encoded in base64.

Content-Type will be application/x-www-form-encoded

We also need to pass the body as a form; as highlighted in the code. If you are going to use the token retrieved for some other request then need to pass the request domain in the resource. Under form you should also specify grant_type as client_credentials.

This module returns a Promise object by parsing the response body; as highlighted on the code.

Hope this helps.

Don’t forget to subscribe to my Power Platform Dev Newsletter

Top comments (0)

Read next

darkedges profile image

Creating an Microsoft Entra Enterprise Application using Terraform

DarkEdges -

sushantrahate profile image

Node.js Authentication: Best Practices and Key Strategies

Sushant Rahate -

akhil_mittal profile image

How to Secure Your AWS EKS Application with OAuth 2.0 and SSO Integration Using Amazon Cognito and OAuth2-Proxy

akhil mittal -

mukulbindal profile image

Sentiment Analysis using Azure AI

Mukul Bindal -