Remarque
L’accès à cette page nécessite une autorisation. Vous pouvez essayer de vous connecter ou de modifier des répertoires.
L’accès à cette page nécessite une autorisation. Vous pouvez essayer de modifier des répertoires.
The Microsoft Authentication Library for JavaScript enables both client-side and server-side JavaScript applications to authenticate users using Microsoft Entra ID for work and school accounts, Microsoft personal accounts (MSA), and social identity providers like Facebook, Google, LinkedIn, Microsoft accounts, etc. through Azure AD B2C service. It also enables your app to get tokens to access Microsoft Cloud services such as Microsoft Graph.
Core and wrapper libraries
The lib folder contains the source code for MSAL.js libraries in active development. You'll also find all the details about installing the libraries in their respective README.md files.
Microsoft Authentication Library for Node.js (v5.0.6): A Node.js library that enables authentication and token acquisition with the Microsoft Identity platform in JavaScript applications. Implements the following OAuth 2.0 protocols and is OpenID-compliant. See the source on GitHub.
Microsoft Authentication Library for JavaScript (v5.4.0): A browser-based, framework-agnostic browser library that enables authentication and token acquisition with the Microsoft Identity platform in JavaScript applications. Implements the OAuth 2.0 Authorization Code Flow with PKCE, and is OpenID-compliant. See the source on GitHub.
Native authentication support in MSAL: MSAL JS provides native authentication APIs that allow applications to implement a native experience with end-to-end customizable flows in their web applications. With native authentication, user can fully customize the user interface, including design elements, logo placement, and layout, ensuring a consistent and branded look. The native authentication feature is available for SPAs on External ID for customers
Microsoft Authentication Library for React (v5.0.6): A wrapper of the msal-browser library for apps using React. See the source on GitHub.
Microsoft Authentication Library for Angular (v5.1.1): A wrapper of the msal-browser library for apps using Angular framework. See the source on GitHub.
Microsoft Authentication Extensions for Node: The Microsoft Authentication Extensions for Node offers secure mechanisms for client applications to perform cross-platform token cache serialization and persistence. It gives additional support to the Microsoft Authentication Library for Node (MSAL).
What's new in v5
MSAL.js v5 introduces several key features:
- Cross-Origin-Opener-Policy (COOP) support: Enables popup authentication flows in environments with strict COOP headers.
- Model Context Protocol (MCP) authentication: Supports authentication flows for AI agent and tool integrations.
- Nested App Authentication (NAA): Enables authentication for apps running inside Microsoft 365 host applications using
createNestablePublicClientApplication. - localStorage AES-GCM encryption: Encrypts the token cache in localStorage using AES-GCM for improved security.
- Factory functions: Use
createStandardPublicClientApplicationorcreateNestablePublicClientApplicationto initialize MSAL with async configuration. - Platform broker (WAM) integration: Enable Windows Authentication Manager (WAM) brokered authentication via the
allowPlatformBrokerconfiguration option.
For migration guides to MSAL JavaScript v5.x, see:
- MSAL Browser v4 to v5 migration
- MSAL Node v3 to v5 migration
- MSAL Angular v4 to v5 upgrade
- MSAL React migration guide
Libraries in Long-term Support (LTS)
The following table shows the active and LTS versions for each MSAL.js library:
| Library | Active version | LTS version |
|---|---|---|
| msal-browser | v5.x | v2.x |
| msal-node | v5.x | v1.x |
| msal-react | v5.x | v1.x |
| msal-angular | v5.x | v2.x |
The LTS libraries, hosted on the msal-lts branch, are no longer in active development but still receive critical security bug fix support.
Note
The msal-lts branch also includes v3.x and v4.x of msal-browser, which have transitioned out of active support.
- Microsoft Authentication Library for JavaScript v2.x
- Microsoft Authentication Library for Node.js v1.x
- Microsoft Authentication Library for React v1.x
- Microsoft Authentication Library for Angular v2.x
Package structure
There are a number of different packages meant for different platforms. You can see the relationship between packages and different authentication flows they implement in the package structure below.
Samples
The code samples demonstrate usage of the Microsoft authentication libraries for JavaScript with the identity platform. Each code sample includes a README.md file describing how to build the project (if applicable) and run the sample application.
For a complete list of samples targeting JavaScript and other languages, frameworks, and platforms, please refer to the Microsoft identity platform code samples.
For native authentication features, the sample apps demonstrate how to use native authentication in React and Angular web applications. Each code sample includes a README.md file describing how to build the project and run the sample application. Current native authentication API doesn't support Cross-Origin Resource Sharing (CORS), the sample app will run using local proxy.
Package versioning
All of our libraries follow semantic versioning. We recommend using the latest version of each library to ensure you have the latest security patches and bug fixes.
Security reporting
If you find a security issue with our libraries or services please report it to the Microsoft Security Response Center (MSRC) with as much detail as possible.