PKCE MSAL 2.0 for JS & Secure azure API from Sharepoint online

Question

I have a REST API (build in Node.js) hosted Azure functions secured with Microsoft Azure Active Directory.

I also have a Javascript application hosted in Sharepoint Framework (Sharepoint online) and I want to do an Ajax call from the application to my custom API like this:

$.ajax({
       url: 'https://xxxxx.azurewebsites.net/api/xxxxx',
       method: "GET",
       dataType: "json",
       headers: {
            "accept": "application/json;odata=verbose",
            "Authorization": "Bearer " + token
        },
        success: function(data) {

What I need is a token. Can I use the new PKCE MSAL 2.0 for single page apps to get the token? Or do I still need to use MSAL 1.0 with implicit grant flow? Does anyone has an example in javascript to get a token to access an Azure API made in functions?

Or has someone an idea how I can get the token? This way I found but it's the old way: Consume Secure Azure API from SharePoint online

Stanley Gong Stanley Gong · Accepted Answer · 2020-11-03T02:55:47

Both MSAL 1.0 with implicit grant flow and PKCE MSAL 2.0 all works for this scenario that getting an access token from Azure AD. You can find Azure AD official PKCE MSAL 2.0 code sample here. And this is Azure AD official code sample for MSAL 1.0 with implicit grant flow.

Please let me know if you need more assistance.

PKCE MSAL 2.0 for JS & Secure azure API from Sharepoint online

1 Answers