Why use MSAL4J
The Microsoft Authentication Library for Java (MSAL for Java or MSAL4J) enables developers to acquire tokens in order to call secured web APIs. These web APIs include Microsoft Graph, other Microsoft APIS, third party web APIs, or your own web API.
Multiple application architectures
MSAL for Java supports all the possible application topologies including:
- Native client (desktop applications) calling an API, such as Microsoft Graph, in the name of the user.
- Daemons/services or web clients (web apps/ web APIs) calling other APIs, such as Microsoft Graph in the name of a user or without a user.
MSAL4J does not support user-agent based clients, which are only supported in JavaScript.
For details about the supported scenarios see the introductory section.
Value of MSAL4J over generic libraries
MSAL4J is a token acquisition library. Depending on your scenario it provides you with various way of getting a token, with a consistent API for a number of platforms.
It also adds value by:
- Maintaining a token cache and automatically refreshing tokens for you when they are close to expiration.
- Helping you specify which audience you want your application to sign-in (your org, several orgs, work and school and Microsoft personal accounts, social identities with Azure AD B2C, users in sovereign and national clouds).
- Helping you troubleshoot your app by exposing actionable exceptions, logging, and telemetry.
Token acquisition
MSAL4J is used to acquire tokens. It's not used to protect a Web API. If you are interested in protecting a Web API with Microsoft Entra ID, check out the following resources: