diff --git a/docs/identity-platform/tutorial-v2-nodejs-webapp-msal.md b/docs/identity-platform/tutorial-v2-nodejs-webapp-msal.md index 553ccb80835..3728c0b6bf2 100644 --- a/docs/identity-platform/tutorial-v2-nodejs-webapp-msal.md +++ b/docs/identity-platform/tutorial-v2-nodejs-webapp-msal.md @@ -120,8 +120,12 @@ Fill in these details with the values you obtain from Azure app registration por > [!WARNING] > Any plaintext secret in source code poses an increased security risk. This article uses a plaintext client secret for simplicity only. Use [certificate credentials](./certificate-credentials.md) instead of client secrets in your confidential client applications, especially those apps you intend to deploy to production. - `Enter_the_Graph_Endpoint_Here`: The Microsoft Graph API cloud instance that your app will call. For the main (global) Microsoft Graph API service, enter `https://graph.microsoft.com/` (include the trailing forward-slash). -- `Enter_the_Express_Session_Secret_Here` the secret used to sign the Express session cookie. Choose a random string of characters to replace this string with, such as your client secret. +- `Enter_the_Express_Session_Secret_Here`: The secret used to sign the Express session cookie. Choose a random string of characters to replace this string with, such as your client secret. +> [!IMPORTANT] +> Before deploying this app to Azure App Service or another hosting environment, update `REDIRECT_URI` and `POST_LOGOUT_REDIRECT_URI` to match your deployed application URL. +> +> Also ensure these redirect URIs are configured in your app registration in the Microsoft Entra admin center. Values used for local development, such as `http://localhost:3000/auth/redirect`, won't work after deployment unless your deployed app uses the same URI. 2. Next, create a file named *authConfig.js* in the root of your project for reading in these parameters. Once created, add the following code there: @@ -137,11 +141,11 @@ Fill in these details with the values you obtain from Azure app registration por :::code language="js" source="~/../ms-identity-node/App/routes/auth.js"::: -2. Update the *index.js* route by replacing the existing code with the following code snippet: +1. Update the *index.js* route by replacing the existing code with the following code snippet: :::code language="js" source="~/../ms-identity-node/App/routes/index.js"::: -3. Finally, update the *users.js* route by replacing the existing code with the following code snippet: +1. Finally, update the *users.js* route by replacing the existing code with the following code snippet: :::code language="js" source="~/../ms-identity-node/App/routes/users.js":::