Skip to content

Instantly share code, notes, and snippets.

Created January 19, 2017 10:08
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Securing Single Page Applications with Azure AD
var aadTenant = "",
spaClientId = "{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}", //AAD app client id for this app
serviceClientId = "{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}", //AAD app client id for the service API app
var serviceUrl = "http://localhost:8081/api/doSomething"; // the service API endpoint
var authContext = new AuthenticationContext({
instance: '',
tenant: aadTenant,
clientId: spaClientId,
postLogoutRedirectUri: window.location.origin,
cacheLocation: 'localStorage',
var isCallback = authContext.isCallback(window.location.hash);
if (isCallback) {
//var user = authContext.getCachedUser();
var serviceToken;
function login() {
function getServiceToken() {
authContext.acquireToken(serviceClientId, function (err, res) {
serviceToken = res;
function callService() {
var r = new XMLHttpRequest();"GET", serviceUrl, true);
r.setRequestHeader("Authorization", "Bearer " + serviceToken);
r.onreadystatechange = function () {
Copy link

Thanks for this and especially the blog post which you wrote. Very very helpful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment