Microsoft Authentication Library (MSAL) for Go

Note

Microsoft Authentication Library (MSAL) for Go is a new addition to the MSAL family of libraries. It has been made available in production-ready preview to gauge customer interest and to gather feedback from the community. We welcome all contributors (see contribution guidelines in the library repository) to help us improve the library.

The Microsoft Authentication Library (MSAL) for Go is part of the Microsoft identity platform for developers. It allows you to sign in users or apps with Microsoft identities (Azure AD and Microsoft Accounts) and obtain tokens to call APIs such as Microsoft Graph or your own APIs registered with the Microsoft identity platform. It is built using industry standard OAuth2 and OpenID Connect protocols.

The latest code resides in the dev branch in the library GitHub repository.

Installation

Setting up Go

To install Go, visit this link.

Installing MSAL Go

go get -u github.com/AzureAD/microsoft-authentication-library-for-go/

Usage

Before using MSAL Go, you will need to register your application with the Microsoft identity platform.

Public surface

The Public API of the library can be found in the following directories under apps.

• confidential - The confidential application API
• public - The public application API
• cache - The cache interface that can be implemented to provide persistence cache storage of credentials

Acquiring tokens with MSAL Go follows this general three step pattern. There might be some slight differences for other token acquisition flows. Here is a basic example:

1. MSAL separates public and confidential client applications. So, you would create an instance of a PublicClientApplication and ConfidentialClientApplication and use this throughout the lifetime of your application.

   • Initializing a public client:

   publicClientApp, err := public.New("client_id", public.WithAuthority("https://login.microsoftonline.com/Enter_The_Tenant_Name_Here"))
   

   • Initializing a confidential client:

   // Initializing the client credential
   cred, err := confidential.NewCredFromSecret("client_secret")
   if err != nil {
       return nil, fmt.Errorf("could not create a cred from a secret: %w", err)
   }
   confidentialClientApp, err := confidential.New("client_id", cred, confidential.WithAuthority("https://login.microsoftonline.com/Enter_The_Tenant_Name_Here"))
   

2. MSAL comes packaged with an in-memory cache. Utilizing the cache is optional, but we would highly recommend it.

   var userAccount public.Account
   accounts := publicClientApp.Accounts()
   if len(accounts) > 0 {
       // Assuming the user wanted the first account
       userAccount = accounts[0]
       // found a cached account, now see if an applicable token has been cached
       result, err := publicClientApp.AcquireTokenSilent(context.Background(), []string{"your_scope"}, public.WithSilentAccount(userAccount))
       accessToken := result.AccessToken
   }
   

   If there's no suitable token in the cache, or you choose to skip this step, send a request to Azure AD to obtain a token. There are different methods to acquire a token based on your application type and scenario. Here, we demonstrate a placeholder flow.

   result, err := publicClientApp.AcquireTokenByOneofTheActualMethods([]string{"your_scope"}, ...(other parameters depending on the function))
   if err != nil {
       log.Fatal(err)
   }
   accessToken := result.AccessToken
   

You can view the developer sample apps on how to use MSAL Go with various application types in various scenarios.

Releases

For a full list of library releases, refer to the Releases section in the library source code repository.

Community help and support

We use Stack Overflow to work with the community on supporting Azure Active Directory and its SDKs, including this one! We highly recommend you ask your questions on Stack Overflow. You can also browse existing questions to see if someone has encountered the problem before. Please use the azure-ad-msal tag when asking your questions.

If you find a bug or have a feature request, please open a new issue in the Issues section.

Submit feedback

If you have any library feedback, make sure to submit your feature requests and bug reports on GitHub.

Security library

This library controls how users sign-in and access services. We recommend using the latest version of our library in your app when possible. We use semantic versioning so you can control the risk associated with updating your app. As an example, always downloading the latest minor version number (e.g. x.y.x) ensures you get the latest security and feature enhancements but our API surface remains the same. You can always see the latest version and release notes under the Releases tab on GitHub.

Security reporting

If you find a security issue with our libraries or services please report it to secure@microsoft.com with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.