Azure Active Directory v2.0 authentication libraries

The Azure Active Directory (Azure AD) v2.0 endpoint supports the industry-standard OAuth 2.0 and OpenID Connect 1.0 protocols. You can use various libraries from Microsoft and other organizations with the v2.0 endpoint.

When you build an application that uses the v2.0 endpoint, we recommend that you use libraries that are written by protocol domain experts who follow a Security Development Lifecycle (SDL) methodology, like the one followed by Microsoft. If you decide to hand-code support for the protocols, we recommend you follow SDL methodology and pay close attention to the security considerations in the standards specifications for each protocol.

Note

Looking for the Azure AD v1.0 libraries (ADAL)? Checkout the ADAL library guide.

Types of libraries

Azure AD v2.0 endpoint works with two types of libraries:

  • Client libraries. Native clients and servers use client libraries to get access tokens for calling a resource, such as Microsoft Graph.
  • Server middleware libraries. Web apps use server middleware libraries for user sign-in. Web APIs use server middleware libraries to validate tokens that are sent by native clients or by other servers.

Library support

Because you can choose any standards-compliant library when you use the v2.0 endpoint, it’s important to know where to go for support. For issues and feature requests in library code, contact the library owner. For issues and feature requests in the service-side protocol implementation, contact Microsoft.

Libraries come in two support categories:

  • Microsoft-supported. Microsoft provides fixes for these libraries, and has done SDL due diligence on these libraries.
  • Compatible. Microsoft has tested these libraries in basic scenarios and confirmed that they work with the v2.0 endpoint. Microsoft does not provide fixes for these libraries and has not done a review of these libraries. Issues and feature requests should be directed to the library’s open-source project.

For a list of libraries that work with the v2.0 endpoint, see the next sections in this article.

Microsoft-supported client libraries

Important

The MSAL preview libraries are suitable for use in a production environment. We provide the same production level support for these libraries as we do our current production libraries (ADAL). During the preview we may make changes to the MSAL API, internal cache format, and other mechanisms of these libraries without notice, which you will be required to take along with bug fixes or feature improvements. This may impact your application. For instance, a change to the cache format may impact your users, such as requiring them to sign in again. An API change may require you to update your code. When we provide the General Availability release we will require you to update to the General Availability version within six months, as applications written using a preview version of library may no longer work.

Platform Library Download Source Code Sample Reference
.NET Client, Windows Store, UWP, Xamarin iOS and Android MSAL .NET (Preview) NuGet GitHub Desktop App
JavaScript MSAL.js (Preview) GitHub GitHub Single Page App
iOS, macOS MSAL (Preview) GitHub GitHub iOS App
Android MSAL (Preview) The Central Repository GitHub Android App JavaDocs

Microsoft-supported server middleware libraries

Platform Library Download Source Code Sample Reference
.NET 4.x OWIN OpenID Connect middleware NuGet CodePlex MVC App
.NET 4.x OWIN OAuth Bearer middleware for AzureAD NuGet CodePlex
.NET 4.x JWT Handler for .NET 4.5 NuGet GitHub
.NET Core ASP.NET OpenID Connect middleware Microsoft.AspNetCore.Authentication.OpenIdConnect (NuGet) ASP.NET Security (GitHub) MVC app
.NET Core ASP.NET OAuth Bearer middleware Microsoft.AspNetCore.Authentication.OAuth (NuGet) ASP.NET Security (GitHub)
.NET Core JWT Handler for .NET Core NuGet GitHub
Node.js Azure AD Passport npm GitHub Web app

Compatible client libraries

Platform Library name Tested version Source code Sample
Android OIDCAndroidLib 0.2.1 OIDCAndroidLib Native app sample
iOS NXOAuth2Client 1.2.8 NXOAuth2Client Native app sample
JavaScript Hello.js 1.13.5 Hello.js SPA

Compatible server middleware libraries

Platform Library name Tested version Source code Sample
Java Scribe Java scribejava Version 3.2.0 ScribeJava
PHP The PHP League oauth2-client Version 1.4.2 oauth2-client
Python-Flask Flask-OAuthlib 0.9.3 Flask-OAuthlib Web App
Ruby OmniAuth omniauth:1.3.1
omniauth-oauth2:1.4.0
OmniAuth
OmniAuth OAuth2

For more information about the Azure AD v2.0 endpoint, see the Azure AD app model v2.0 overview.