Microsoft 身分識別平臺驗證程式庫Microsoft identity platform authentication libraries

Microsoft 身分識別平臺端點支援業界標準的 OAuth 2.0 和 OpenID connect 1.0 通訊協定。The Microsoft identity platform endpoint supports the industry-standard OAuth 2.0 and OpenID Connect 1.0 protocols. Microsoft 驗證程式庫(MSAL)是設計用來與 Microsoft 身分識別平臺端點搭配使用。The Microsoft Authentication Library (MSAL) is designed to work with the Microsoft identity platform endpoint. 您也可以使用支援 OAuth 2.0 和 OpenID Connect 1.0 的開放原始碼程式庫。You can also use open-source libraries that support OAuth 2.0 and OpenID Connect 1.0.

建議您使用遵循安全性開發週期(SDL)方法的通訊協定網域專家所撰寫的程式庫。We recommend that you use libraries written by protocol domain experts who follow a Security Development Lifecycle (SDL) methodology. 這類方法包括Microsoft 遵循的方式Such methodologies include the one that Microsoft follows. 如果您手動撰寫通訊協定的程式碼,您應該遵循 Microsoft SDL 之類的方法。If you hand code for the protocols, you should follow a methodology such as Microsoft SDL. 請密切注意每個通訊協定的標準規格中的安全性考慮。Pay close attention to the security considerations in the standards specifications for each protocol.


您正在尋找 Azure Active Directory Authentication Library (ADAL)嗎?Are you looking for the Azure Active Directory Authentication Library (ADAL)? 請參閱ADAL 程式庫指南Check out the ADAL library guide.

程式庫類型Types of libraries

Microsoft 身分識別平臺端點適用于兩種類型的程式庫:The Microsoft identity platform endpoint works with two types of libraries:

  • 用戶端程式庫:原生用戶端和伺服器會使用用戶端程式庫來取得存取權杖,以呼叫資源,例如 Microsoft Graph。Client libraries: Native clients and servers use client libraries to acquire access tokens for calling a resource such as Microsoft Graph.
  • 伺服器中介軟體程式庫:Web 應用程式會使用伺服器中介軟體程式庫進行使用者登入。Server middleware libraries: Web apps use server middleware libraries for user sign-in. Web API 會使用伺服器中介軟體程式庫來驗證原生用戶端或其他伺服器所傳送的權杖。Web APIs use server middleware libraries to validate tokens that are sent by native clients or by other servers.

程式庫支援Library support

程式庫的支援類型有兩種︰Libraries come in two support categories:

  • Microsoft 支援:Microsoft 可提供這些程式庫的修正程式,並已完成這些程式庫的 SDL 審查評鑑。Microsoft-supported: Microsoft provides fixes for these libraries and has done SDL due diligence on these libraries.
  • 相容: Microsoft 已在基本案例中測試這些程式庫,並已確認它們可與 Microsoft 身分識別平臺端點搭配使用。Compatible: Microsoft has tested these libraries in basic scenarios and has confirmed that they work with the Microsoft identity platform endpoint. Microsoft 不會提供這些程式庫的修正程式,也不會對這些程式庫進行審核。Microsoft doesn't provide fixes for these libraries and hasn't done a review of these libraries. 問題和功能要求應重新導向至程式庫的開放原始碼專案。Issues and feature requests should be directed to the library’s open-source project.

如需使用 Microsoft 身分識別平臺端點的程式庫清單,請參閱下列各節。For a list of libraries that work with the Microsoft identity platform endpoint, see the following sections.

Microsoft 支援的用戶端程式庫Microsoft-supported client libraries

使用用戶端驗證程式庫來取得權杖,以呼叫受保護的 Web API。Use client authentication libraries to acquire a token for calling a protected web API.

平台Platform 程式庫Library 下載Download 原始程式碼Source code 範例Sample 參考Reference 概念文件Conceptual doc 藍圖Roadmap
Javascript MSAL.jsMSAL.js NPMNPM GitHubGitHub 單一頁面應用程式Single-page app 參考Reference 概念檔Conceptual docs 藍圖Roadmap
Angular JS MSAL Angular JSMSAL Angular JS NPMNPM GitHubGitHub
Angular MSAL 角度(預覽)MSAL Angular (Preview) NPMNPM GitHubGitHub
.NET Framework UWP Xamarin MSAL.NETMSAL.NET NuGetNuGet GitHubGitHub 傳統型應用程式Desktop app MSAL.NETMSAL.NET 概念檔Conceptual docs 藍圖Roadmap
Python MSAL Python (預覽)MSAL Python (Preview) PyPIPyPI GitHubGitHub 範例Samples ReadTheDocsReadTheDocs WikiWiki 藍圖Roadmap
Java MSAL JAVA (預覽)MSAL Java (Preview) MavenMaven GitHubGitHub 範例Samples 參考Reference WikiWiki 藍圖Roadmap
iOS & macOSiOS & macOS MSAL iOS 和 macOSMSAL iOS and macOS GitHubGitHub GitHubGitHub iOS 應用程式macOS 應用程式iOS app, macOS app 參考Reference 概念檔Conceptual docs
Android/Java MSAL AndroidMSAL Android 中央存放庫Central repository GitHubGitHub Android AppAndroid app JavaDocsJavaDocs 概念檔Conceptual docs 藍圖Roadmap

Microsoft 支援的伺服器中介軟體程式庫Microsoft-supported server middleware libraries

使用中介軟體程式庫來協助保護 web 應用程式和 web Api。Use middleware libraries to help protect web applications and web APIs. 以 ASP.NET 或 ASP.NET Core 撰寫的 web 應用程式或 web Api 會使用中介軟體程式庫。Web apps or web APIs written with ASP.NET or ASP.NET Core use the middleware libraries.

平台Platform 程式庫Library 下載Download 原始程式碼Source Code 範例Sample 參考Reference
.NET .NET Core ASP.NET 安全性ASP.NET Security NuGetNuGet GitHubGitHub MVC 應用程式 (英文)MVC app ASP.NET API 參考ASP.NET API reference
.NET 適用於 .NET 的身分識別模型延伸模組IdentityModel Extensions for .NET GitHubGitHub MVC 應用程式 (英文)MVC app 參考Reference
Node.js Azure AD PassportAzure AD Passport NPMNPM GitHubGitHub Web 應用程式Web app

Microsoft 支援的程式庫(依 OS/語言)Microsoft-supported libraries by OS / language

在支援的作業系統與語言方面,對應如下所示:In term of supported operating systems vs languages, the mapping is the following:

WindowsWindows LinuxLinux macOSmacOS iOSiOS AndroidAndroid
Javascript MSAL.jsMSAL.js MSAL.jsMSAL.js MSAL.jsMSAL.js MSAL.jsMSAL.js MSAL.jsMSAL.js
C# ASP.NET、ASP.NET Core、MSAL.Net (.NET FW、Core、UWP)ASP.NET, ASP.NET Core, MSAL.Net (.NET FW, Core, UWP) ASP.NET Core,MSAL.Net (.NET Core)ASP.NET Core, MSAL.Net (.NET Core) ASP.NET Core,MSAL.Net (MacOS)ASP.NET Core, MSAL.Net (MacOS) MSAL.Net (Xamarin. iOS)MSAL.Net (Xamarin.iOS) MSAL.Net (Xamarin)MSAL.Net (Xamarin.Android)
適用于 iOS 和 macOS 的 MSALMSAL for iOS and macOS 適用于 iOS 和 macOS 的 MSALMSAL for iOS and macOS
Java JavaJava msal4jmsal4j msal4jmsal4j msal4jmsal4j MSAL AndroidMSAL Android
Python PythonPython MSAL PythonMSAL Python MSAL PythonMSAL Python MSAL PythonMSAL Python
Node.js Node.JSNode.JS Passport. nodePassport.node Passport. nodePassport.node Passport. nodePassport.node

另請參閱依支援的平臺和語言的案例See also Scenarios by supported platforms and languages

相容的用戶端程式庫Compatible client libraries

平台Platform 程式庫名稱Library name 測試的版本Tested version 原始程式碼Source code 範例Sample
Javascript Hello.jsHello.js 版本1.13。5Version 1.13.5 Hello.jsHello.js SPASPA
Java Scribe JavaScribe Java 3.2.0 版Version 3.2.0 ScribeJavaScribeJava
Java Gluu OpenID Connect 程式庫Gluu OpenID Connect library 版本3.0。2Version 3.0.2 Gluu OpenID Connect 程式庫Gluu OpenID Connect library
Python 要求-OAuthlibRequests-OAuthlib 版本 1.2.0Version 1.2.0 要求-OAuthlibRequests-OAuthlib
Node.js openid-用戶端openid-client 版本2.4。5Version 2.4.5 openid-用戶端openid-client
PHP PHP League oauth2-clientThe PHP League oauth2-client 1.4.2 版Version 1.4.2 oauth2-clientoauth2-client
拼音 OmniAuthOmniAuth omniauth:1.3。1omniauth: 1.3.1
omniauth-oauth2:1.4。0omniauth-oauth2: 1.4.0
OmniAuth OAuth2OmniAuth OAuth2
iOS、macOS、& AndroidiOS, macOS, & Android React Native 應用程式驗證React Native App Auth 版本4.2。0Version 4.2.0 React Native 應用程式驗證React Native App Auth

針對任何符合標準的程式庫,您可以使用 Microsoft 身分識別平臺端點。For any standards-compliant library, you can use the Microsoft identity platform endpoint. 請務必瞭解支援的位置:It’s important to know where to go for support:

  • 如需程式庫程式碼中的問題和新功能要求,請連絡程式庫擁有者。For issues and new feature requests in library code, contact the library owner.
  • 如需服務端通訊協定實作中的問題和新功能要求,請連絡 Microsoft。For issues and new feature requests in the service-side protocol implementation, contact Microsoft.
  • 針對您想要在通訊協定中看到的其他功能,提出功能要求File a feature request for additional features you want to see in the protocol.
  • 如果您發現 Microsoft 身分識別平臺端點不符合 OAuth 2.0 或 OpenID Connect 1.0 的問題,請建立支援要求Create a support request if you find an issue where the Microsoft identity platform endpoint isn't compliant with OAuth 2.0 or OpenID Connect 1.0.

如需有關 Microsoft 身分識別平臺端點的詳細資訊,請參閱microsoft 身分識別平臺總覽For more information about the Microsoft identity platform endpoint, see the Microsoft identity platform overview.