The latest articles on DEV Community by random_person (@holymartian07). https://dev.to/holymartian07 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3162040%2F2433b80d-0cec-4544-90d7-59374ce1d361.png https://dev.to/holymartian07 en random_person Wed, 14 May 2025 13:40:52 +0000 https://dev.to/holymartian07/azure-active-directory-integration-in-angular-and-react-e18 https://dev.to/holymartian07/azure-active-directory-integration-in-angular-and-react-e18 <p>Overview<br> This guide provides a full walkthrough for implementing authentication and authorization using Azure Active Directory (AAD) in Angular and React applications. It includes architecture flow, access request procedures, official library usage, and security best practices. It is complemented by fully working demo apps as reference implementations.</p> <h2> Architecture Flow </h2> <p>1.1 Components Overview<br> Client App (SPA): Angular or React frontend</p> <blockquote> <p>Azure AD: Identity Provider (IdP)</p> </blockquote> <p>Protected API (Optional): Backend with protected endpoints (Node.js, .NET, etc.)</p> <p>1.2 Authentication Flow<br> User accesses the SPA.</p> <p>SPA redirects user to Azure AD for login.</p> <p>Azure AD authenticates the user.</p> <p>Azure AD returns an ID Token and optionally an Access Token.</p> <p>SPA stores the token and uses it to access protected resources or APIs.</p> <h2> Requesting Access / App Registration in Azure </h2> <p>2.1 Register Your App in Azure AD<br> Go to Azure Portal</p> <p>Navigate to Azure Active Directory &gt; App registrations</p> <p>Click New registration</p> <p>Set:</p> <p>Name: My Angular App or My React App</p> <p>Redirect URI:</p> <p>Angular: <a href="http://localhost:4200/" rel="noopener noreferrer">http://localhost:4200/</a></p> <p>React: <a href="http://localhost:3000/" rel="noopener noreferrer">http://localhost:3000/</a></p> <p>Click Register</p> <p>2.2 Configure Authentication<br> Under Authentication tab:</p> <p>Enable ID tokens</p> <p>Add redirect URIs for local dev and production</p> <p>2.3 Expose an API (optional)<br> In Expose an API:</p> <p>Add scopes like api.read, api.write for backend access control</p> <h2> Angular Integration </h2> <p>3.1 Install Required Packages<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>npm install @azure/msal-browser @azure/msal-angular </code></pre> </div> <p>3.2 MSAL Configuration (in app.module.ts)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import { PublicClientApplication, InteractionType } from '@azure/msal-browser'; import { MsalModule, MsalInterceptorConfiguration, MsalGuardConfiguration, MSAL_INSTANCE, MSAL_GUARD_CONFIG, } from '@azure/msal-angular'; export function MSALInstanceFactory() { return new PublicClientApplication({ auth: { clientId: '&lt;YOUR-CLIENT-ID&gt;', authority: 'https://login.microsoftonline.com/&lt;TENANT-ID&gt;', redirectUri: 'http://localhost:4200', }, cache: { cacheLocation: 'localStorage', storeAuthStateInCookie: true, }, }); } @NgModule({ imports: [ MsalModule.forRoot( MSALInstanceFactory(), { interactionType: InteractionType.Redirect, authRequest: { scopes: ['user.read'] }, }, { interactionType: InteractionType.Redirect, protectedResourceMap: new Map([ ['https://graph.microsoft.com/v1.0/me', ['user.read']], ]), } ), ], }) export class AppModule {} </code></pre> </div> <p>3.3 Use MsalGuard for Route Protection<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const routes: Routes = [ { path: 'profile', component: ProfileComponent, canActivate: [MsalGuard], }, ]; 3.4 Login and Logout ts Copy Edit import { MsalService } from '@azure/msal-angular'; constructor(private authService: MsalService) {} login() { this.authService.loginRedirect(); } logout() { this.authService.logoutRedirect(); } </code></pre> </div> <h2> React Integration </h2> <p>4.1 Install Required Packages<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>npm install @azure/msal-browser @azure/msal-react </code></pre> </div> <p>4.2 MSAL Configuration<br> // src/authConfig.js<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>export const msalConfig = { auth: { clientId: '&lt;YOUR-CLIENT-ID&gt;', authority: 'https://login.microsoftonline.com/&lt;TENANT-ID&gt;', redirectUri: 'http://localhost:3000', }, }; export const loginRequest = { scopes: ['user.read'], }; </code></pre> </div> <p>4.3 Wrap App with MsalProvider<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import { PublicClientApplication } from '@azure/msal-browser'; import { MsalProvider } from '@azure/msal-react'; import { msalConfig } from './authConfig'; import App from './App'; const msalInstance = new PublicClientApplication(msalConfig); const root = ReactDOM.createRoot(document.getElementById('root')); root.render( &lt;MsalProvider instance={msalInstance}&gt; &lt;App /&gt; &lt;/MsalProvider&gt; ); </code></pre> </div> <p>4.4 Use AuthenticatedTemplate and Login Hooks<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import { useMsal, useIsAuthenticated, AuthenticatedTemplate, UnauthenticatedTemplate, } from '@azure/msal-react'; const LoginButton = () =&gt; { const { instance } = useMsal(); return &lt;button onClick={() =&gt; instance.loginRedirect()}&gt;Login&lt;/button&gt;; }; const LogoutButton = () =&gt; { const { instance } = useMsal(); return &lt;button onClick={() =&gt; instance.logoutRedirect()}&gt;Logout&lt;/button&gt;; }; const MainContent = () =&gt; { const isAuthenticated = useIsAuthenticated(); return ( &lt;&gt; &lt;AuthenticatedTemplate&gt; &lt;h2&gt;Welcome!&lt;/h2&gt; &lt;LogoutButton /&gt; &lt;/AuthenticatedTemplate&gt; &lt;UnauthenticatedTemplate&gt; &lt;h2&gt;Please sign in.&lt;/h2&gt; &lt;LoginButton /&gt; &lt;/UnauthenticatedTemplate&gt; &lt;/&gt; ); }; </code></pre> </div> <ol> <li>Best Practices 5.1 Token Storage Use localStorage only if necessary; prefer sessionStorage to reduce token lifetime risks.</li> </ol> <p>Avoid storing tokens in cookies unless HTTP-only and secure.</p> <p>5.2 Security Recommendations<br> Always validate scopes.</p> <p>Refresh tokens securely (MSAL handles this internally).</p> <p>Use HTTPS for redirect URIs.</p> <p>Enable Conditional Access policies in Azure AD for sensitive apps.</p> <p>5.3 Environment Management<br> Never hardcode client IDs in shared codebases</p> <p>Use environment variables for:</p> <p>Client ID</p> <p>Tenant ID</p> <p>Redirect URIs</p> <ol> <li>Resources Microsoft Identity Platform Docs</li> </ol> <p>MSAL.js GitHub</p> <p>React + MSAL Sample</p> <p>Angular + MSAL Sample</p>