Guides

Authentication

Suggest Edits

Setting up authentication in Member Junction (MJ) is crucial for controlling access to the GraphQL API and the MJExplorer app. This article focuses on configuring MSAL (Microsoft Authentication Library) as an authentication provider for MJ, ensuring seamless integration and security.

In MJ, the authentication provider manages access to the GraphQL API and MJExplorer app. The GraphQL API uses environment variables for authentication, while MJExplorer requires specific configuration in its environment files.

Environment Variables for GraphQL API

To successfully authenticate user tokens, the GraphQL API requires the following environment variables, which should be set at runtime:

  • WEB_CLIENT_ID: The application (client) ID from Azure Entra.
  • TENANT_ID: The tenant ID from Azure Entra.

Environment Variables for MJExplorer

For MJExplorer, configure the authentication values in the src/environments/*.ts files. Each environment can have its own authentication settings, and the following variables need to be set at build time:

  • CLIENT_ID: The application (client) ID from Azure Entra.
  • TENANT_ID: The tenant ID from Azure Entra.
  • CLIENT_AUTHORITY: The authority URL, which includes the tenant ID ( e.g. https://login.microsoftonline.com/<TENANT_ID>).

Setting Up MSAL Authentication

Registering Your Application

  1. Sign in to the Microsoft Entra admin center using your Azure account with the necessary privileges.
  2. Register a new application:
    • Go to Identity > Applications > App registrations and select "New registration."
    • Provide a display name and choose "Accounts in this organizational directory only."
    • Register the application and note the Application (client) ID.
  3. Add a Redirect URI:
    • Select "Web" and enter the Redirect URI (e.g., https://yourapp.com/ or http://localhost:4200).

Configuring Credentials

  1. Client Secrets:
    • Go to Certificates & Secrets > Client secrets and add a new client secret.
    • Note the client secret value for use in your application.

Integrating with MJ

MJAPI

Set the environment variables using the data from your Azure Entra configuration:

export WEB_CLIENT_ID=<YOUR_CLIENT_ID>
export TENANT_ID=<YOUR_TENANT_ID>

MJExplorer

In the src/environments/*.ts file, configure the authentication settings:

export const environment = {
  AUTH_TYPE: 'msal',
  CLIENT_ID: '<YOUR_CLIENT_ID>',
  TENANT_ID: '<YOUR_TENANT_ID>',
  CLIENT_AUTHORITY: 'https://login.microsoftonline.com/<YOUR_TENANT_ID>',
  // other settings
};

By following these steps, you can effectively configure MSAL authentication for Member Junction, ensuring secure and efficient access control for your applications. For more detailed instructions, refer to the Microsoft Identity Platform Quickstart Guide.

Updated 3 months ago