Quickstart: Sign in users in a single-page app by using native authentication JavaScript SDK

Applies to: External tenants (learn more)

In this Quickstart, you use a single-page application (SPA) to demonstrate how to authenticate users by using native authentication SDK. The sample app demonstrates user sign-up, sign-in, and sign-out for both email with password and email one-time passcode authentication flows.

Prerequisites

• An Azure account with an active subscription. If you don't already have one, Create an account for free.
• This Azure account must have permissions to manage applications. Any of the following Microsoft Entra roles include the required permissions:
  • Application Administrator
  • Application Developer
• An external tenant. If you don't have one, create a new external tenant in the Microsoft Entra admin center.
• A user flow. For more information, see create self-service sign-up user flows for apps in external tenants. Under Identity providers, select your preferred method of authentication, that's, Email with password or Email one-time passcode. For this code sample, use the following user attributes in your user flow as the sample app collects them from the user:
  • Given Name
  • Surname
  • Job Title
  • Country/Region
• If you haven't already done so, Register an application in the Microsoft Entra admin center. Make sure to:
  • Record the Application (client) ID and Directory (tenant) ID for later use.
  • Grant admin consent to the app registration.
• Associate your app registration with the user flow
• Node.js.
• Visual Studio Code or another code editor.

Enable public client and native authentication flows

To specify that this app is a public client and can use native authentication, enable public client and native authentication flows:

1. From the app registrations page, select the app registration for which you want to enable public client and native authentication flows.
2. Under Manage, select Authentication.
3. Under Advanced settings, allow public client flows:
   1. For Enable the following mobile and desktop flows select Yes.
   2. For Enable native authentication, select Yes.
4. Select Save button.

Clone or download sample SPA

To obtain the sample application, you can either clone it from GitHub or download it as a .zip file.

• To clone the sample, open a command prompt and navigate to where you wish to create the project, and enter the following command:

  git clone https://github.com/Azure-Samples/ms-identity-ciam-native-javascript-samples.git
  

• Download the sample. Extract it to a file path where the length of the name is fewer than 260 characters.

Install project dependencies

Configure the sample React app

Configure CORS proxy server

The native authentication API doesn't support Cross-Origin Resource Sharing (CORS) so you must set up a proxy server between your SPA app and the APIs.

This code sample includes a CORS proxy server that forwards requests to native authentication API URL endpoints. The CORS proxy server is a Node.js server that listens on port 3001.

To configure the proxy server, open the proxy.config.js file, then the find the placeholder:

• tenantSubdomain and replace it with the Directory (tenant) subdomain. For example, if your tenant primary domain is contoso.onmicrosoft.com, use contoso. If you don't have your tenant subdomain, learn how to read your tenant details.
• tenantId and replace it with the Directory (tenant) ID. If you don't have your tenant ID, learn how to read your tenant details.

Run and test your app

You've now configured the sample app and it's ready to run.

Related content

• Build a React single-page app that uses native authentication SDK to authenticate users.
• Build your Angular single-page app that uses native authentication SDK to authenticate users.