Microsoft identity platform authentication libraries

The following tables show Microsoft Authentication Library support for several application types. They include links to library source code, where to get the package for your app's project, and whether the library supports user sign-in (authentication), access to protected web APIs (authorization), or both.

The Microsoft identity platform has been certified by the OpenID Foundation as a certified OpenID provider. If you prefer to use a library other than the Microsoft Authentication Library (MSAL) or another Microsoft-supported library, choose one with a certified OpenID Connect implementation.

If you choose to hand-code your own protocol-level implementation of OAuth 2.0 or OpenID Connect 1.0, pay close attention to the security considerations in each standard's specification and follow a software development lifecycle (SDL) methodology like the Microsoft SDL.

Single-page application (SPA)

A single-page application runs entirely on the browser surface and fetches page data (HTML, CSS, and JavaScript) dynamically or at application load time. It can call web APIs to interact with back-end data sources.

Because a SPA's code runs entirely in the browser, it's considered a public client that's unable to store secrets securely.

Language / framework Project on
GitHub
Package Getting
started
Sign in users Access web APIs Generally available (GA) or
Public preview1
Angular MSAL Angular 2.0 @azure/msal-angular Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. Public preview
Angular MSAL Angular @azure/msal-angular Tutorial Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
AngularJS MSAL AngularJS @azure/msal-angularjs Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. Public preview
JavaScript MSAL.js 2.0 @azure/msal-browser Tutorial Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
JavaScript MSAL.js 1.0 @azure/msal-core Tutorial Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
React MSAL React @azure/msal-react Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. Public preview

1 Supplemental terms of use for Microsoft Azure Previews apply to libraries in Public preview.

Web application

A web application runs code on a server that generates and sends HTML, CSS, and JavaScript to a user's web browser to be rendered. The user's identity is maintained as a session between the user's browser (the front end) and the web server (the back end).

Because a web application's code runs on the web server, it's considered a confidential client that can store secrets securely.

Language / framework Project on
GitHub
Package Getting
started
Sign in users Access web APIs Generally available (GA) or
Public preview1
.NET MSAL.NET Microsoft.Identity.Client Library cannot request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
ASP.NET Core ASP.NET Security Microsoft.AspNetCore.Authentication Library can request ID tokens for user sign-in. Library cannot request access tokens for protected web APIs. GA
ASP.NET Core Microsoft.Identity.Web Microsoft.Identity.Web Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
Java MSAL4J msal4j Quickstart Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
Node.js MSAL Node msal-node Quickstart Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
Node.js Azure AD Passport passport-azure-ad Quickstart Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
Python MSAL Python msal Quickstart Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA

1 Supplemental terms of use for Microsoft Azure Previews apply to libraries in Public preview.

Desktop application

A desktop application is typically binary (compiled) code that surfaces a user interface and is intended to run on a user's desktop.

Because a desktop application runs on the user's desktop, it's considered a public client that's unable to store secrets securely.

Language / framework Project on
GitHub
Package Getting
started
Sign in users Access web APIs Generally available (GA) or
Public preview1
Electron MSAL Node @azure/msal-node Tutorial Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
Java MSAL4J msal4j Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
macOS (Swift/Obj-C) MSAL for iOS and macOS MSAL Tutorial Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
UWP MSAL.NET Microsoft.Identity.Client Tutorial Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
WPF MSAL.NET Microsoft.Identity.Client Tutorial Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA

1 Supplemental terms of use for Microsoft Azure Previews apply to libraries in Public preview.

Mobile application

A mobile application is typically binary (compiled) code that surfaces a user interface and is intended to run on a user's mobile device.

Because a mobile application runs on the user's mobile device, it's considered a public client that's unable to store secrets securely.

Platform Project on
GitHub
Package Getting
started
Sign in users Access web APIs Generally available (GA) or
Public preview1
Android (Java) MSAL Android MSAL Quickstart Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
Android (Kotlin) MSAL Android MSAL Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
iOS (Swift/Obj-C) MSAL for iOS and macOS MSAL Tutorial Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
Xamarin (.NET) MSAL.NET Microsoft.Identity.Client Library can request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA

1 Supplemental terms of use for Microsoft Azure Previews apply to libraries in Public preview.

Service / daemon

Services and daemons are commonly used for server-to-server and other unattended (sometimes called headless) communication. Because there's no user at the keyboard to enter credentials or consent to resource access, these applications authenticate as themselves, not a user, when requesting authorized access to a web API's resources.

A service or daemon that runs on a server is considered a confidential client that can store its secrets securely.

Language / framework Project on
GitHub
Package Getting
started
Sign in users Access web APIs Generally available (GA) or
Public preview1
.NET MSAL.NET Microsoft.Identity.Client Quickstart Library cannot request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
Java MSAL4J msal4j Library cannot request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
Node MSAL Node msal-node Quickstart Library cannot request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA
Python MSAL Python msal-python Library cannot request ID tokens for user sign-in. Library can request access tokens for protected web APIs. GA

1 Supplemental terms of use for Microsoft Azure Previews apply to libraries in Public preview.

Next steps

For more information about the Microsoft Authentication Library, see the Overview of the Microsoft Authentication Library (MSAL).