1# Console Application Examples
2 
3This document provides complete working examples of console applications that authenticate with Microsoft Entra ID using MSAL (Microsoft Authentication Library).
4 
5## Table of Contents
6 
7- [C# (.NET) Example](#c-net-example)
8- [Python Example](#python-example)
9- [JavaScript (Node.js) Example](#javascript-nodejs-example)
10 
11## C# (.NET) Example
12 
13### Prerequisites
14 
15```bash
16dotnet new console -n EntraAuthConsole
17cd EntraAuthConsole
18dotnet add package Microsoft.Identity.Client
19```
20 
21### Complete Code
22 
23```csharp
24using Microsoft.Identity.Client;
25using System;
26using System.Linq;
27using System.Threading.Tasks;
28 
29namespace EntraAuthConsole
30{
31    class Program
32    {
33        // Configuration - replace with your values
34        private const string ClientId = "YOUR_APPLICATION_CLIENT_ID";
35        private const string TenantId = "YOUR_TENANT_ID";
36        private static readonly string[] Scopes = new[] { "User.Read" };
37 
38        static async Task Main(string[] args)
39        {
40            try
41            {
42                // Build the MSAL client
43                var app = PublicClientApplicationBuilder
44                    .Create(ClientId)
45                    .WithAuthority(AzureCloudInstance.AzurePublic, TenantId)
46                    .WithRedirectUri("http://localhost")
47                    .Build();
48 
49                // Try to get token silently from cache first
50                var accounts = await app.GetAccountsAsync();
51                AuthenticationResult result;
52 
53                try
54                {
55                    result = await app.AcquireTokenSilent(Scopes, accounts.FirstOrDefault())
56                        .ExecuteAsync();
57                    Console.WriteLine("Token acquired from cache");
58                }
59                catch (MsalUiRequiredException)
60                {
61                    // Interactive authentication required
62                    result = await app.AcquireTokenInteractive(Scopes)
63                        .WithPrompt(Prompt.SelectAccount)
64                        .ExecuteAsync();
65                    Console.WriteLine("Token acquired interactively");
66                }
67 
68                // Display user information
69                Console.WriteLine($"\nWelcome, {result.Account.Username}!");
70                Console.WriteLine($"Token expires: {result.ExpiresOn}");
71 
72                // Call Microsoft Graph API
73                await CallGraphApiAsync(result.AccessToken);
74            }
75            catch (MsalException ex)
76            {
77                Console.WriteLine($"Error acquiring token: {ex.Message}");
78            }
79        }
80 
81        private static async Task CallGraphApiAsync(string accessToken)
82        {
83            using var httpClient = new System.Net.Http.HttpClient();
84            httpClient.DefaultRequestHeaders.Authorization = 
85                new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken);
86 
87            var response = await httpClient.GetAsync("https://graph.microsoft.com/v1.0/me");
88            
89            if (response.IsSuccessStatusCode)
90            {
91                var content = await response.Content.ReadAsStringAsync();
92                Console.WriteLine("\nUser profile from Microsoft Graph:");
93                Console.WriteLine(content);
94            }
95            else
96            {
97                Console.WriteLine($"API call failed: {response.StatusCode}");
98            }
99        }
100    }
101}
102```
103 
104### Run the Application
105 
106```bash
107dotnet run
108```
109 
110### Device Code Flow (for headless scenarios)
111 
112```csharp
113// Use this for servers or devices without a browser
114result = await app.AcquireTokenWithDeviceCode(Scopes, deviceCodeResult =>
115{
116    Console.WriteLine(deviceCodeResult.Message);
117    return Task.CompletedTask;
118}).ExecuteAsync();
119```
120 
121---
122 
123## Python Example
124 
125### Prerequisites
126 
127```bash
128pip install msal requests
129```
130 
131### Complete Code
132 
133```python
134import msal
135import requests
136import json
137 
138# Configuration - replace with your values
139CLIENT_ID = "YOUR_APPLICATION_CLIENT_ID"
140TENANT_ID = "YOUR_TENANT_ID"
141AUTHORITY = f"https://login.microsoftonline.com/{TENANT_ID}"
142SCOPES = ["User.Read"]
143 
144def acquire_token_interactive():
145    """Acquire token using interactive flow (opens browser)"""
146    app = msal.PublicClientApplication(
147        CLIENT_ID,
148        authority=AUTHORITY
149    )
150    
151    # Try to get token from cache first
152    accounts = app.get_accounts()
153    result = None
154    
155    if accounts:
156        # Try silent acquisition
157        result = app.acquire_token_silent(SCOPES, account=accounts[0])
158        if result:
159            print("Token acquired from cache")
160    
161    if not result:
162        # Interactive authentication
163        result = app.acquire_token_interactive(
164            scopes=SCOPES,
165            prompt="select_account"
166        )
167        print("Token acquired interactively")
168    
169    return result
170 
171def acquire_token_device_code():
172    """Acquire token using device code flow (for headless scenarios)"""
173    app = msal.PublicClientApplication(
174        CLIENT_ID,
175        authority=AUTHORITY
176    )
177    
178    flow = app.initiate_device_flow(scopes=SCOPES)
179    
180    if "user_code" not in flow:
181        raise Exception(f"Failed to create device flow: {flow.get('error_description')}")
182    
183    # Display instructions to user
184    print(flow["message"])
185    
186    # Wait for user to complete authentication
187    result = app.acquire_token_by_device_flow(flow)
188    return result
189 
190def call_graph_api(access_token):
191    """Call Microsoft Graph API with access token"""
192    headers = {
193        'Authorization': f'Bearer {access_token}',
194        'Content-Type': 'application/json'
195    }
196    
197    response = requests.get(
198        'https://graph.microsoft.com/v1.0/me',
199        headers=headers
200    )
201    
202    if response.status_code == 200:
203        user_data = response.json()
204        print("\nUser profile from Microsoft Graph:")
205        print(json.dumps(user_data, indent=2))
206    else:
207        print(f"API call failed: {response.status_code}")
208        print(response.text)
209 
210def main():
211    # Choose authentication method
212    print("Select authentication method:")
213    print("1. Interactive (opens browser)")
214    print("2. Device code (for headless scenarios)")
215    choice = input("Enter choice (1 or 2): ")
216    
217    try:
218        if choice == "1":
219            result = acquire_token_interactive()
220        elif choice == "2":
221            result = acquire_token_device_code()
222        else:
223            print("Invalid choice")
224            return
225        
226        if "access_token" in result:
227            print(f"\nWelcome, {result.get('id_token_claims', {}).get('preferred_username', 'User')}!")
228            print(f"Token expires in: {result.get('expires_in')} seconds")
229            
230            # Call Microsoft Graph API
231            call_graph_api(result["access_token"])
232        else:
233            print(f"Error acquiring token: {result.get('error')}")
234            print(f"Description: {result.get('error_description')}")
235    
236    except Exception as e:
237        print(f"Error: {e}")
238 
239if __name__ == "__main__":
240    main()
241```
242 
243### Run the Application
244 
245```bash
246python console_app.py
247```
248 
249---
250 
251## JavaScript (Node.js) Example
252 
253### Prerequisites
254 
255```bash
256npm init -y
257npm install @azure/msal-node axios
258```
259 
260### Complete Code
261 
262```javascript
263const msal = require('@azure/msal-node');
264const axios = require('axios');
265 
266// Configuration - replace with your values
267const config = {
268    auth: {
269        clientId: "YOUR_APPLICATION_CLIENT_ID",
270        authority: "https://login.microsoftonline.com/YOUR_TENANT_ID",
271    }
272};
273 
274const scopes = ["User.Read"];
275 
276// Interactive authentication (opens browser)
277async function acquireTokenInteractive() {
278    const pca = new msal.PublicClientApplication(config);
279    
280    const authCodeUrlParameters = {
281        scopes: scopes,
282        redirectUri: "http://localhost:3000",
283    };
284 
285    // This opens the browser for authentication
286    const response = await pca.acquireTokenInteractive(authCodeUrlParameters);
287    return response;
288}
289 
290// Device code flow (for headless scenarios)
291async function acquireTokenDeviceCode() {
292    const pca = new msal.PublicClientApplication(config);
293    
294    const deviceCodeRequest = {
295        deviceCodeCallback: (response) => {
296            console.log("\n" + response.message);
297        },
298        scopes: scopes,
299    };
300 
301    const response = await pca.acquireTokenByDeviceCode(deviceCodeRequest);
302    return response;
303}
304 
305// Client credentials flow (service-to-service, no user)
306async function acquireTokenClientCredentials() {
307    const confidentialConfig = {
308        auth: {
309            clientId: "YOUR_APPLICATION_CLIENT_ID",
310            authority: "https://login.microsoftonline.com/YOUR_TENANT_ID",
311            clientSecret: "YOUR_CLIENT_SECRET", // From app registration
312        }
313    };
314    
315    const cca = new msal.ConfidentialClientApplication(confidentialConfig);
316    
317    const clientCredentialRequest = {
318        scopes: ["https://graph.microsoft.com/.default"],
319    };
320 
321    const response = await cca.acquireTokenByClientCredential(clientCredentialRequest);
322    return response;
323}
324 
325// Call Microsoft Graph API
326async function callGraphApi(accessToken) {
327    const options = {
328        headers: {
329            Authorization: `Bearer ${accessToken}`
330        }
331    };
332 
333    try {
334        const response = await axios.get('https://graph.microsoft.com/v1.0/me', options);
335        console.log('\nUser profile from Microsoft Graph:');
336        console.log(JSON.stringify(response.data, null, 2));
337    } catch (error) {
338        console.error('API call failed:', error.response?.status, error.message);
339    }
340}
341 
342// Main function
343async function main() {
344    console.log("Select authentication method:");
345    console.log("1. Device code flow (recommended for CLI)");
346    console.log("2. Client credentials (service-to-service)");
347    
348    // For demonstration, using device code flow
349    // In production, get user input with readline or similar
350    const choice = "1";
351    
352    try {
353        let result;
354        
355        if (choice === "1") {
356            result = await acquireTokenDeviceCode();
357        } else if (choice === "2") {
358            result = await acquireTokenClientCredentials();
359        }
360        
361        if (result.accessToken) {
362            console.log('\nAuthentication successful!');
363            console.log(`Token expires: ${new Date(result.expiresOn)}`);
364            
365            // Call Microsoft Graph API
366            await callGraphApi(result.accessToken);
367        } else {
368            console.error('Failed to acquire token');
369        }
370    } catch (error) {
371        console.error('Error:', error.message);
372    }
373}
374 
375main();
376```
377 
378### Run the Application
379 
380```bash
381node console_app.js
382```
383 
384## Next Steps
385 
386- Review [oauth-flows.md](oauth-flows.md) for flow details
387- See [api-permissions.md](api-permissions.md) for permission setup
388- Check [troubleshooting.md](troubleshooting.md) for common issues
389 
390## Additional Resources
391 
392- [MSAL Libraries](https://learn.microsoft.com/entra/msal/)
393