Overview of the Microsoft Authentication Library (MSAL)
The Microsoft Authentication Library (MSAL) enables developers to acquire security tokens from the Microsoft identity platform to authenticate users and access secured web APIs. It can be used to provide secure access to Microsoft Graph, other Microsoft APIs, third-party web APIs, or your own web API. MSAL supports many different application architectures and platforms including .NET, JavaScript, Java, Python, Android, and iOS.
MSAL provides multiple ways to get security tokens, with a consistent API for many platforms. Using MSAL provides the following benefits:
- There is no need to directly use the OAuth libraries or code against the protocol in your application.
- Can acquire tokens on behalf of a user or application (when applicable to the platform).
- Maintains a token cache for you and handles token refreshes when they're close to expiring.
- Helps you specify which audience you want your application to sign in. The sign in audience can include personal Microsoft accounts, social identities with Azure AD B2C organizations, work, school, or users in sovereign and national clouds.
- Helps you set up your application from configuration files.
- Helps you troubleshoot your app by exposing actionable exceptions, logging, and telemetry.
| Application types and scenarios | Tutorials |
|---|---|
| Single-page apps (JavaScript) | Tutorial: Sign-in users to a React Single-page application (SPA) |
| Web applications | Tutorial: Sign-in users to a ASP.NET Core Web application |
| Web APIs | Tutorial: Implement a protected endpoint a ASP.NET Core API |
| Mobile and native applications | Mobile application calling a web API on behalf of the user who's signed-in interactively. |
| Daemons and server-side applications | Desktop/service daemon application calling web API on behalf of itself |
MSAL Languages and Frameworks
You can refer to the following documentation to learn more about the different MSAL libraries.
| MSAL Documentation | MSAL Library | Supported platforms and frameworks |
|---|---|---|
| MSAL.NET | MSAL.NET | .NET Framework, .NET, .NET MAUI, WINUI,Xamarin Android, Xamarin iOS, Universal Windows Platform |
| MSAL for Android | MSAL for Android | Android |
| MSAL Angular | MSAL Angular | Single-page apps with Angular and Angular.js frameworks |
| MSAL for iOS and macOS | MSAL for iOS and macOS | iOS and macOS |
| MSAL Java | MSAL Java | Windows, macOS, Linux |
| MSAL.js | MSAL.js | JavaScript/TypeScript frameworks such as Vue.js, Ember.js, or Durandal.js |
| MSAL Node | MSAL Node | Web apps with Express, desktop apps with Electron, Cross-platform console apps |
| MSAL Python | MSAL Python | Windows, macOS, Linux |
| MSAL React | MSAL React | Single-page apps with React and React-based libraries (Next.js, Gatsby.js) |
| MSAL Go (Preview) | MSAL Go (Preview) | Windows, macOS, Linux |
Migrate apps that use ADAL to MSAL
Active Directory Authentication Library (ADAL) has ended support. We recommend that customers ensure their applications are migrated to MSAL. MSAL integrates with the Microsoft identity platform (v2.0) endpoint, which is the unification of Microsoft personal accounts and work accounts into a single authentication system. ADAL integrates with a v1.0 endpoint which doesn't support personal accounts.
For more information about how to migrate to MSAL, see Migrate applications to the Microsoft Authentication Library (MSAL).