I come from a security IAM background and work with developers in setting up SSO(OIDC) and authorization to API's via OAuth 2.0. I am trying to write up some guidance on how our developers should be setting things up on their side to receive a token and how to verify it before letting the user into their application. We are going to be recommending the use of the MSAL's when ever possible. In reference to OIDC , with my lack of programming knowledge I am trying to figure out if the MSAL's are a one stop shop for acquiring an id token, verifying the token, and allowing the user into the application? Or if the MSAL's are purely for acquiring a token, and refreshing the token.