Azure Active Directory v2.0 authentication libraries
The Azure Active Directory (Azure AD) v2.0 endpoint supports the industry-standard OAuth 2.0 and OpenID Connect 1.0 protocols. The Microsoft Authentication Library (MSAL) is designed to work with the Azure AD v2.0 endpoint. It's also possible to use open-source libraries that support OAuth 2.0 and OpenID Connect 1.0.
It's recommended that you use libraries written by protocol domain experts who follow a Security Development Lifecycle (SDL) methodology, like the one followed by Microsoft. If you decide to hand-code support for the protocols, follow a methodology like Microsoft's SDL and pay close attention to the security considerations in the standards specifications for each protocol.
Looking for the Azure AD v1.0 libraries (ADAL)? Checkout the ADAL library guide.
Types of libraries
Azure AD v2.0 endpoint works with two types of libraries:
- Client libraries. Native clients and servers use client libraries to get access tokens for calling a resource, such as Microsoft Graph.
- Server middleware libraries. Web apps use server middleware libraries for user sign-in. Web APIs use server middleware libraries to validate tokens that are sent by native clients or by other servers.
Because you can choose any standards-compliant library when you use the v2.0 endpoint, it’s important to know where to go for support. For issues and feature requests in library code, contact the library owner. For issues and feature requests in the service-side protocol implementation, contact Microsoft. File a feature request for additional features you would like to see in the protocol. Create a support request if you find an issue where the Azure AD v2.0 endpoint is not compliant with OAuth 2.0 or OpenID Connect 1.0.
Libraries come in two support categories:
- Microsoft-supported. Microsoft provides fixes for these libraries and has done SDL due diligence on these libraries.
- Compatible. Microsoft has tested these libraries in basic scenarios and confirmed that they work with the v2.0 endpoint. Microsoft does not provide fixes for these libraries and has not done a review of these libraries. Issues and feature requests should be directed to the library’s open-source project.
For a list of libraries that work with the v2.0 endpoint, see the next sections in this article.
Microsoft-supported client libraries
The MSAL preview libraries are suitable for use in a production environment. Microsoft provides the same production level support for these libraries as the current production libraries (ADAL). During the preview, expect changes to the MSAL API, internal cache format, and other mechanisms of these libraries without notice, which you will be required to take along with bug fixes or feature improvements. This may impact your application. For instance, a change to the cache format may require your users to sign in again. An API change may require you to update your code. When the General Availability (GA) release becomes available, all applications using a preview version of the library must update within six months or they may stop working.
|.NET Client, Windows Store, UWP, Xamarin iOS and Android||MSAL .NET (Preview)||NuGet||GitHub||Desktop App|
|iOS, macOS||MSAL (Preview)||GitHub||GitHub||iOS App|
|Android||MSAL (Preview)||The Central Repository||GitHub||Android App||JavaDocs|
Microsoft-supported server middleware libraries
|.NET 4.x||OWIN OpenID Connect middleware||NuGet||GitHub||MVC App|
|.NET 4.x||OWIN OAuth Bearer middleware for AzureAD||NuGet||GitHub|
|.NET 4.x||JWT Handler for .NET 4.5||NuGet||GitHub|
|.NET Core||ASP.NET OpenID Connect middleware||Microsoft.AspNetCore.Authentication.OpenIdConnect (NuGet)||ASP.NET Security (GitHub)||MVC app|
|.NET Core||ASP.NET OAuth Bearer middleware||Microsoft.AspNetCore.Authentication.OAuth (NuGet)||ASP.NET Security (GitHub)|
|.NET Core||JWT Handler for .NET Core||NuGet||GitHub|
|Node.js||Azure AD Passport||npm||GitHub||Web app|
Compatible client libraries
|Platform||Library name||Tested version||Source code||Sample|
|Android||OIDCAndroidLib||0.2.1||OIDCAndroidLib||Native app sample|
|iOS||NXOAuth2Client||1.2.8||NXOAuth2Client||Native app sample|
|Java||Scribe Java scribejava||Version 3.2.0||ScribeJava|
|PHP||The PHP League oauth2-client||Version 1.4.2||oauth2-client|
For more information about the Azure AD v2.0 endpoint, see the Azure AD app model v2.0 overview.