Microsoft 标识平台的发展Evolution of Microsoft identity platform

Microsoft 标识平台由 Azure Active Directory (Azure AD) 开发人员平台演变而来。Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) developer platform. 借助该平台,开发人员可以生成登录用户的应用程序,以及获取令牌调用 API,例如 Microsoft Graph 或开发人员已生成的 API。It allows developers to build applications that sign in users, get tokens to call APIs, such as Microsoft Graph, or APIs that developers have built. 它包含身份验证服务、开源库、应用程序注册和配置(通过开发人员门户和应用程序 API)、完整的开发人员文档、快速入门示例、代码示例、教程、操作指南和其他开放人员内容。It consists of an authentication service, open-source libraries, application registration, and configuration (through a developer portal and application API), full developer documentation, quickstart samples, code samples, tutorials, how-to guides, and other developer content. Microsoft 标识平台支持行业标准协议,例如 OAuth 2.0 和 OpenID Connect。The Microsoft identity platform supports industry standard protocols such as OAuth 2.0 and OpenID Connect.

许多开发人员以前使用 Azure AD v1.0 平台通过 Azure AD 身份验证库 (ADAL) 向 Azure AD v1.0 终结点请求令牌来对工作和学校帐户(由 Azure AD 预配)进行身份验证、使用 Azure 门户进行应用程序注册和配置,以及使用 Microsoft Graph API 以编程方式进行应用程序配置。Many developers have previously worked with the Azure AD v1.0 platform to authenticate work and school accounts (provisioned by Azure AD) by requesting tokens from the Azure AD v1.0 endpoint, using Azure AD Authentication Library (ADAL), Azure portal for application registration and configuration, and the Microsoft Graph API for programmatic application configuration.

借助 Microsoft 统一标识平台 (v2.0),可以一次性编写代码,然后将任何 Microsoft 标识身份验证到应用程序。With the unified Microsoft identity platform (v2.0), you can write code once and authenticate any Microsoft identity into your application. 对于多个平台,我们建议针对标识平台终结点使用完全受支持的开源 Microsoft 身份验证库 (MSAL)。For several platforms, the fully supported open-source Microsoft Authentication Library (MSAL) is recommended for use against the identity platform endpoints. MSAL 易于使用,为用户提供出色的单一登录 (SSO) 体验,帮助你实现高可靠性和性能,采用 Microsoft 安全开发生命周期 (SDL) 开发。MSAL is simple to use, provides great single sign-on (SSO) experiences for your users, helps you achieve high reliability and performance, and is developed using Microsoft Secure Development Lifecycle (SDL). 调用 API 时,可以将应用程序配置为使用递增同意,这允许你延迟对同意的请求以实现更广的范围,直到应用程序的使用在运行时对此作出保证。When calling APIs, you can configure your application to take advantage of incremental consent, which allows you to delay the request for consent for more invasive scopes until the application’s usage warrants this at runtime. MSAL 还支持 Azure Active Directory B2C,因此,客户可使用其首选的社交、企业或本地帐户标识对应用程序和 API 进行单一登录访问。MSAL also supports Azure Active Directory B2C, so your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs.

借助 Microsoft 标识平台,可将覆盖范围扩展到以下类型的用户:With Microsoft identity platform, expand your reach to these kinds of users:

  • 工作和学校帐户(Azure AD 预配帐户)Work and school accounts (Azure AD provisioned accounts)

可以使用 Azure 门户注册和配置应用程序,并将 Microsoft Graph API 用于编程应用程序配置。You can use the Azure portal to register and configure your application, and use the Microsoft Graph API for programmatic application configuration.

根据自己的进度更新应用程序。Update your application at your own pace. 使用 ADAL 库构建的应用程序继续受支持。Applications built with ADAL libraries continue to be supported. 混合应用程序组合(包含使用 ADAL 生成的应用程序和使用 MSAL 库生成的应用程序)也受支持。Mixed application portfolios, that consist of applications built with ADAL and applications built with MSAL libraries, are also supported. 这意味着使用最新 ADAL 和最新 MSAL 的应用程序将在组合中提供 SSO,SSO 由这些库之间的共享令牌缓存提供。This means that applications using the latest ADAL and the latest MSAL will deliver SSO across the portfolio, provided by the shared token cache between these libraries. 从 ADAL 更新为 MSAL 的应用程序将在升级时保持用户登录状态。Applications updated from ADAL to MSAL will maintain user sign-in state upon upgrade.

Microsoft 标识平台体验Microsoft identity platform experience

下图显示了高级别的 Microsoft 标识体验,包括应用注册体验、SDK、终结点和支持的标识。The following diagram shows the Microsoft identity experience at a high level, including the app registration experience, SDKs, endpoints, and supported identities.

如今的 Microsoft 标识平台

应用注册体验App registration experience

Azure 门户应用注册体验是用于管理已与 Microsoft 标识平台集成的所有应用程序的一种门户体验。The Azure portal App registrations experience is the one portal experience for managing all applications you’ve integrated with Microsoft identity platform. 如果你一直使用的是门户,请开始改为使用 Azure 门户应用注册体验。If you have been using the Portal, start using the Azure portal app registration experience instead.

要与 Azure AD B2C 集成(对社交或本地身份进行身份验证时),需要在 Azure AD B2C 租户中注册应用程序。For integration with Azure AD B2C (when authenticating social or local identities), you’ll need to register your application in an Azure AD B2C tenant. 这种体验也是 Azure 门户的一部分。This experience is also part of the Azure portal.

使用应用程序 API 以编程方式配置与 Microsoft 标识平台集成的应用程序,以对 Microsoft 标识进行身份验证。Use the Application API to programmatically configure your applications integrated with Microsoft identity platform for authenticating any Microsoft identity.

MSAL 库MSAL libraries

可以使用 MSAL 库生成对所有 Microsoft 标识进行身份验证的应用程序。You can use the MSAL library to build applications that authenticate all Microsoft identities. .NET 和 JavaScript 中的 MSAL 库已正式发布。The MSAL libraries in .NET and JavaScript are generally available. 适用于 iOS 和 Android 的 MSAL 库处于预览阶段,适合用于生产环境。MSAL libraries for iOS and Android are in preview and suitable for use in a production environment. 我们为预览版 MSAL 库提供的生产级别支持与我们为正式版 MSAL 和 ADAL 提供的生产级别支持相同。We provide the same production level support for MSAL libraries in preview as we do for versions of MSAL and ADAL that are generally available.

还可使用 MSAL 库将应用程序与 Azure AD B2C 集成。You can also use the MSAL libraries to integrate your application with Azure AD B2C.

用于构建 Web 应用和 Web API 的服务器端库已正式发布:ASP.NETASP.NET CoreServer-side libraries for building web apps and web APIs are generally available: ASP.NET and ASP.NET Core

Microsoft 标识平台终结点Microsoft identity platform endpoint

Microsoft 标识平台 (v2.0) 终结点现已经过 OIDC 认证。Microsoft identity platform (v2.0) endpoint is now OIDC certified. 它适用于 Microsoft 身份验证库 (MSAL) 或任何其他符合标准的库。It works with the Microsoft Authentication Libraries (MSAL) or any other standards-compliant library. 它按照行业标准实现了简明易懂的范围。It implements human readable scopes, in accordance with industry standards.

后续步骤Next steps

深入了解 v1.0 和 v2.0。Learn more about v1.0 and v2.0.