Skip to content

Authentication in Nodejs

SharePoint App Registration

Within the PnPjs testing framework we make use of SharePoint App Registration. This uses the SPFetchClient client from the nodejs package. This client works based on the legacy SharePoint App Registration model making use of a client and secret granted permissions through AppInv.aspx. This method works and at the time of writing has no published end date.

See: details on how to register a legacy SharePoint application.

import { SPFetchClient } from "@pnp/nodejs";
import { sp } from "@pnp/sp/presets/all";

    sp: {
        fetchClientFactory: () => {
            return new SPFetchClient("{site url}", "{client id}", "{client secret}");

// execute a library request as normal
const w = await sp.web.get();


We do not currently have support for MSAL in node. At the time of writing this article the @Azure/msal-node package is in alpha and we have chosen to wait until it is more stable before taking on that dependency.


The AdalFetchClient class depends on the adal-node package to authenticate against Azure AD. The example below outlines usage with the @pnp/graph library, though it would work in any case where an Azure AD Bearer token is expected.

See: More details on the node client

import { AdalFetchClient } from "@pnp/nodejs";
import { graph } from "@pnp/graph/presets/all";

// setup the client using graph setup function
    graph: {
        fetchClientFactory: () => {
            return new AdalFetchClient("{tenant}", "{app id}", "{app secret}");

// execute a library request as normal
const g = await graph.groups.get();

console.log(JSON.stringify(g, null, 4));