Overview of the Microsoft Authentication Library (MSAL)
MSAL gives you many ways to get tokens, with a consistent API for a number of platforms. Using MSAL provides the following benefits:
- No need to directly use the OAuth libraries or code against the protocol in your application.
- Acquires tokens on behalf of a user or on behalf of an application (when applicable to the platform).
- Maintains a token cache and refreshes tokens for you when they are close to expire. You don't need to handle token expiration on your own.
- Helps you specify which audience you want your application to sign in (your org, several orgs, work, and school and Microsoft personal accounts, social identities with Azure AD B2C, users in sovereign, and national clouds).
- Helps you set up your application from configuration files.
- Helps you troubleshoot your app by exposing actionable exceptions, logging, and telemetry.
Application types and scenarios
MSAL can be used in many application scenarios, including the following:
- Web app signing in users
- Web application signing in a user and calling a web API on behalf of the user
- Protecting a web API so only authenticated users can access it
- Web API calling another downstream web API on behalf of the signed-in user
- Desktop application calling a web API on behalf of the signed-in user
- Mobile application calling a web API on behalf of the user who's signed-in interactively.
- Desktop/service daemon application calling web API on behalf of itself
Languages and frameworks
|Library||Supported platforms and frameworks|
|MSAL for Android||Android|
|MSAL Angular||Single-page apps with Angular and Angular.js frameworks|
|MSAL for iOS and macOS||iOS and macOS|
|MSAL Go (Preview)||Windows, macOS, Linux|
|MSAL Java||Windows, macOS, Linux|
|MSAL.NET||.NET Framework, .NET Core, Xamarin Android, Xamarin iOS, Universal Windows Platform|
|MSAL Node||Web apps with Express, desktop apps with Electron, Cross-platform console apps|
|MSAL Python||Windows, macOS, Linux|
|MSAL React||Single-page apps with React and React-based libraries (Next.js, Gatsby.js)|
Migrate apps that use ADAL to MSAL
Active Directory Authentication Library (ADAL) integrates with the Azure AD for developers (v1.0) endpoint, where MSAL integrates with the Microsoft identity platform. The v1.0 endpoint supports work accounts, but not personal accounts. The v2.0 endpoint is the unification of Microsoft personal accounts and work accounts into a single authentication system. Additionally, with MSAL you can also get authentications for Azure AD B2C.
For more information about how to migrate to MSAL, see Migrate applications to the Microsoft Authentication Library (MSAL).