Microsoft identity platform authentication libraries

The Microsoft identity platform endpoint supports the industry-standard OAuth 2.0 and OpenID Connect 1.0 protocols. The Microsoft Authentication Library (MSAL) is designed to work with the Microsoft identity platform endpoint. You can also use open-source libraries that support OAuth 2.0 and OpenID Connect 1.0.

We recommend that you use libraries written by protocol domain experts who follow a Security Development Lifecycle (SDL) methodology. Such methodologies include the one that Microsoft follows. If you hand code for the protocols, you should follow a methodology such as Microsoft SDL. Pay close attention to the security considerations in the standards specifications for each protocol.

Note

Are you looking for the Azure Active Directory Authentication Library (ADAL)? Check out the ADAL library guide.

Types of libraries

The Microsoft identity platform endpoint works with two types of libraries:

  • Client libraries: Native clients and servers use client libraries to acquire access tokens for calling a resource such as Microsoft Graph.
  • Server middleware libraries: Web apps use server middleware libraries for user sign-in. Web APIs use server middleware libraries to validate tokens that are sent by native clients or by other servers.

Library support

Libraries come in two support categories:

  • Microsoft-supported: Microsoft provides fixes for these libraries and has done SDL due diligence on these libraries.
  • Compatible: Microsoft has tested these libraries in basic scenarios and has confirmed that they work with the Microsoft identity platform endpoint. Microsoft doesn't provide fixes for these libraries and hasn't done a review of these libraries. Issues and feature requests should be directed to the library’s open-source project.

For a list of libraries that work with the Microsoft identity platform endpoint, see the following sections.

Microsoft-supported client libraries

Use client authentication libraries to acquire a token for calling a protected web API.

Platform Library Download Source code Sample Reference Conceptual doc Roadmap
JavaScript MSAL.js NPM GitHub Single-page app Reference Conceptual docs Roadmap
Angular JS MSAL Angular JS NPM GitHub
Angular MSAL Angular (Preview) NPM GitHub
.NET Framework UWP Xamarin MSAL.NET NuGet GitHub Desktop app MSAL.NET Conceptual docs Roadmap
Python MSAL Python (Preview) PyPI GitHub Samples ReadTheDocs Wiki Roadmap
Java MSAL Java (Preview) Maven GitHub Samples Reference Wiki Roadmap
iOS & macOS MSAL iOS and macOS GitHub GitHub iOS app, macOS app Reference Conceptual docs
Android / Java MSAL Android Central repository GitHub Android app JavaDocs Conceptual docs Roadmap

Microsoft-supported server middleware libraries

Use middleware libraries to help protect web applications and web APIs. Web apps or web APIs written with ASP.NET or ASP.NET Core use the middleware libraries.

Platform Library Download Source Code Sample Reference
.NET .NET Core ASP.NET Security NuGet GitHub MVC app ASP.NET API reference
.NET IdentityModel Extensions for .NET GitHub MVC app Reference
Node.js Azure AD Passport NPM GitHub Web app

Microsoft-supported libraries by OS / language

In term of supported operating systems vs languages, the mapping is the following:

Windows Linux macOS iOS Android
JavaScript MSAL.js MSAL.js MSAL.js MSAL.js MSAL.js
C# ASP.NET, ASP.NET Core, MSAL.Net (.NET FW, Core, UWP) ASP.NET Core, MSAL.Net (.NET Core) ASP.NET Core, MSAL.Net (MacOS) MSAL.Net (Xamarin.iOS) MSAL.Net (Xamarin.Android)
Swift
Objective-C
MSAL for iOS and macOS MSAL for iOS and macOS
Java Java msal4j msal4j msal4j MSAL Android
Python Python MSAL Python MSAL Python MSAL Python
Node.Js Node.JS Passport.node Passport.node Passport.node

See also Scenarios by supported platforms and languages

Compatible client libraries

Platform Library name Tested version Source code Sample
JavaScript Hello.js Version 1.13.5 Hello.js SPA
Java Scribe Java Version 3.2.0 ScribeJava
Java Gluu OpenID Connect library Version 3.0.2 Gluu OpenID Connect library
Python Requests-OAuthlib Version 1.2.0 Requests-OAuthlib
Node.js openid-client Version 2.4.5 openid-client
PHP The PHP League oauth2-client Version 1.4.2 oauth2-client
Ruby OmniAuth omniauth: 1.3.1
omniauth-oauth2: 1.4.0
OmniAuth
OmniAuth OAuth2
iOS, macOS, & Android React Native App Auth Version 4.2.0 React Native App Auth

For any standards-compliant library, you can use the Microsoft identity platform endpoint. It’s important to know where to go for support:

  • For issues and new feature requests in library code, contact the library owner.
  • For issues and new feature requests in the service-side protocol implementation, contact Microsoft.
  • File a feature request for additional features you want to see in the protocol.
  • Create a support request if you find an issue where the Microsoft identity platform endpoint isn't compliant with OAuth 2.0 or OpenID Connect 1.0.

For more information about the Microsoft identity platform endpoint, see the Microsoft identity platform overview.