Azure Active Directory v2.0 authentication libraries

The Azure Active Directory (Azure AD) v2.0 endpoint supports the industry-standard OAuth 2.0 and OpenID Connect 1.0 protocols. The Microsoft Authentication Library (MSAL) is designed to work with the Azure AD v2.0 endpoint. It's also possible to use open-source libraries that support OAuth 2.0 and OpenID Connect 1.0.

It's recommended that you use libraries written by protocol domain experts who follow a Security Development Lifecycle (SDL) methodology, like the one followed by Microsoft. If you decide to hand-code for the protocols, you should follow a methodology like Microsoft's SDL and pay close attention to the security considerations in the standards specifications for each protocol.


Looking for the Azure AD v1.0 library (ADAL)? Checkout the ADAL library guide.

Types of libraries

Azure AD v2.0 endpoint works with two types of libraries:

  • Client libraries: Native clients and servers use client libraries to get access tokens for calling a resource, such as Microsoft Graph.
  • Server middleware libraries: Web apps use server middleware libraries for user sign-in. Web APIs use server middleware libraries to validate tokens that are sent by native clients or by other servers.

Library support

Libraries come in two support categories:

  • Microsoft-supported: Microsoft provides fixes for these libraries and has done SDL due diligence on these libraries.
  • Compatible: Microsoft has tested these libraries in basic scenarios and confirmed that they work with the v2.0 endpoint. Microsoft does not provide fixes for these libraries and has not done a review of these libraries. Issues and feature requests should be directed to the library’s open-source project.

For a list of libraries that work with the v2.0 endpoint, see the next sections in this article.

Microsoft-supported client libraries

Client authentication libraries are used to acquire a token to call a protected Web API

Platform Library Download Source code Sample Reference Conceptual doc Roadmap
JavaScript MSAL.js (Preview) NPM GitHub Single-page app wiki
Angular JS MSAL Angular JS NPM GitHub
Angular MSAL Angular(Preview) NPM GitHub
.NET Framework UWP Xamarin MSAL .NET (Preview) NuGet GitHub Desktop app MSAL.NET wiki Roadmap
iOS / Objective C or swift MSAL obj_c (Preview) GitHub GitHub iOS app
Android / Java MSAL (Preview) Central repository GitHub Android app JavaDocs

Microsoft-supported server middleware libraries

Middleware libraries are used to protect Web applications and Web APIs. For web app or Web API written with ASP.NET or ASP.NET Core, the middleware libraries are used by ASP.NET / ASP.NET Core

Platform Library Download Source Code Sample Reference
.NET .NET Core ASP.NET Security NuGet ASP.NET Security (GitHub) MVC app ASP.NET API reference
.NET IdentityModel Extensions for .NET GitHub MVC app Reference
Node.js Azure AD Passport NPM GitHub Web app

Compatible client libraries

Platform Library name Tested version Source code Sample
JavaScript Hello.js 1.13.5 Hello.js SPA
Java Scribe Java Version 3.2.0 ScribeJava
Java Gluu OpenID Connect library Version 3.0.2 Gluu OpenID Connect library
Python Requests-OAuthlib Version 1.2.0 Requests-OAuthlib
Node.js openid-client Version 2.4.5 openid-client
PHP The PHP League oauth2-client Version 1.4.2 oauth2-client
Ruby OmniAuth omniauth:1.3.1
OmniAuth OAuth2
iOS Android React Native App Auth Version 4.2.0 React Native App Auth

For any standards-compliant library you can use the v2.0 endpoint, thus it’s important to know where to go for support.

  • For issues and new feature requests in library code, contact the library owner.
  • For issues and new feature requests in the service-side protocol implementation, contact Microsoft.
  • File a feature request for additional features you would like to see in the protocol.
  • Create a support request if you find an issue where the Azure AD v2.0 endpoint is not compliant with OAuth 2.0 or OpenID Connect 1.0.

For more information about the Azure AD v2.0 endpoint, see the Azure AD app model v2.0 overview.