| languages |
|
|||
|---|---|---|---|---|
| page_type | sample | |||
| name | Node.js application that protects its endpoint | |||
| description | This Node.js API protects its own protected endpoint using JWT scope validation. | |||
| products |
|
|||
| urlFragment | ms-identity-docs-code-web-api-nodejs |
This Node.js API protects its own endpoint using JWT scope validation.
$ curl http://localhost:8080/ -H "Authorization: Bearer {valid-access-token}"
Hello, world. You were able to access this because you provided a valid access token with the Greeting.Read scope as a claim.- A Microsoft Entra tenant and the permissions or role required for managing app registrations in the tenant.
- Node.js 16+
First, complete the steps in Configure an application to expose a web API to register the sample API and expose its scopes.
Use these settings in your app registration.
| App registration setting |
Value for this sample app | Notes |
|---|---|---|
| Name | Node Web API |
Suggested value for this sample. You can change the app name at any time. |
| Supported account types | Accounts in this organizational directory only (Single tenant) | Suggested value for this sample. |
| Platform type | None | No redirect URI required; don't select a platform. |
| Scopes defined by this API | Scope name: Greeting.ReadWho can consent?: Admins and users Admin consent display name: Read API GreetingsAdmin consent description: Allows the user to see greetings from the API.User consent display name: Read API GreetingsUser consent description: Allows you to see greetings from the API.State: Enabled |
Required scope for this sample. |
ℹ️ Bold text in the tables above matches (or is similar to) a UI element in the Microsoft Entra admin center, while
code formattingindicates a value you enter into a text box in the Microsoft Entra admin center.
auth: {
// 'Directory (tenant) ID' of app registration in the Microsoft Entra admin center - this value is a GUID
tenant: 'Enter_the_Tenant_ID_Here',
// 'Application (client) ID' of app registration in the Microsoft Entra admin center - this value is a GUID
audience: 'Enter_the_Application_Id_Here'
}To install Node.js libraries:
npm installnode app.jsUsing Postman, curl, or a similar application, issue an HTTP GET request to http://localhost:8080/me with an Authorization header of Bearer {VALID-ACCESS-TOKEN}.
For example, if you use curl and everything worked, the sample you should receive a response from the API similar to this:
$ curl http://localhost:8080/ -H "Authorization: Bearer {VALID-ACCESS-TOKEN}"
Hello, world. You were able to access this because you provided a valid access token with the Greeting.Read scope as a claim.This Node.js application uses the Express web framework. The app has a single route that requires an access token. The access token will be validated.
- A missing or invalid (expired, wrong audience, etc) token will result in a
401response. - An otherwise valid token without the proper scope will result in a
403response. - A valid token with the proper scope of
Greeting.Readwill be accepted, and the API will return a "Hello, world" message.
If you can't get the sample working, you've checked Stack Overflow, and you've already searched the issues in this sample's repository, open an issue report the problem.
- Search the GitHub issues in the repository - your problem might already have been reported or have an answer.
- Nothing similar? Open an issue that clearly explains the problem you're having running the sample app.
⚠️ WARNING: Any issue in this repository not limited to running one of its sample apps will be closed without being addressed.
For all other requests, see Support and help options for developers | Microsoft identity platform.
If you'd like to contribute to this sample, see CONTRIBUTING.MD.
This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.