Microsoft 身份验证库 (MSAL) 的概述Overview of the Microsoft Authentication Library (MSAL)

借助 Microsoft 身份验证库 (MSAL),开发人员能够从 Microsoft 标识平台获取令牌,以便对用户进行身份验证并访问受保护的 Web API。The Microsoft Authentication Library (MSAL) enables developers to acquire tokens from the Microsoft identity platform in order to authenticate users and access secured web APIs. 它可用于提供对 Microsoft Graph、其他 Microsoft API、第三方 Web API 或你自己的 Web API 的安全访问。It can be used to provide secure access to Microsoft Graph, other Microsoft APIs, third-party web APIs, or your own web API. MSAL 支持许多不同的应用程序体系结构和平台,包括 .NET、JavaScript、Java、Python、Android 和 iOS。MSAL supports many different application architectures and platforms including .NET, JavaScript, Java, Python, Android, and iOS.

MSAL 为你提供了许多获取令牌的方法,将一致的 API 用于许多平台。MSAL gives you many ways to get tokens, with a consistent API for a number of platforms. 使用 MSAL 具有以下好处:Using MSAL provides the following benefits:

  • 无需直接在应用程序中对协议使用 OAuth 库或代码。No need to directly use the OAuth libraries or code against the protocol in your application.
  • 代表用户或代表应用程序获取令牌(如果适用于平台)。Acquires tokens on behalf of a user or on behalf of an application (when applicable to the platform).
  • 维护令牌缓存,并在即将过期时为你刷新令牌。Maintains a token cache and refreshes tokens for you when they are close to expire. 你不需要自行处理令牌过期。You don't need to handle token expiration on your own.
  • 帮助你指定你希望应用程序登录的受众(你的组织、若干组织、工作和学校帐户、Azure AD B2C 的社交标识、主权云和国家云中的用户)。Helps you specify which audience you want your application to sign in (your org, several orgs, work, and school accounts, social identities with Azure AD B2C, users in sovereign, and national clouds).
  • 可帮助你通过配置文件设置应用程序。Helps you set up your application from configuration files.
  • 可显示可操作异常、日志和遥测,从而帮助你对应用进行故障排除。Helps you troubleshoot your app by exposing actionable exceptions, logging, and telemetry.

应用程序类型和方案Application types and scenarios

通过使用 MSAL,可从许多应用程序类型获取令牌:Web 应用程序、Web API、单页应用 (JavaScript)、移动和本机应用程序,以及守护程序和服务器端应用程序。Using MSAL, a token can be acquired from a number of application types: web applications, web APIs, single-page apps (JavaScript), mobile and native applications, and daemons and server-side applications.

可以在许多应用程序方案中使用 MSAL,包含以下方案:MSAL can be used in many application scenarios, including the following:

语言和框架Languages and frameworks

Library 支持的平台和框架Supported platforms and frameworks
适用于 Android 的 MSALMSAL for Android AndroidAndroid
MSAL AngularMSAL Angular 采用 Angular 和 Angular.js 框架的单页应用Single-page apps with Angular and Angular.js frameworks
适用于 iOS 和 macOS 的 MSALMSAL for iOS and macOS iOS 和 macOSiOS and macOS
MSAL JavaMSAL Java Windows、macOS、LinuxWindows, macOS, Linux
MSAL.jsMSAL.js JavaScript/TypeScript 框架,例如 Vue.js、Ember.js 或 Durandal.jsJavaScript/TypeScript frameworks such as Vue.js, Ember.js, or Durandal.js
MSAL.NETMSAL.NET .NET Framework、.NET Core、Xamarin Android、Xamarin iOS、通用 Windows 平台.NET Framework, .NET Core, Xamarin Android, Xamarin iOS, Universal Windows Platform
MSAL NodeMSAL Node Express 的 Web 应用、Electron 的桌面应用、跨平台控制台应用Web apps with Express, desktop apps with Electron, Cross-platform console apps
MSAL PythonMSAL Python Windows、macOS、LinuxWindows, macOS, Linux
MSAL ReactMSAL React 采用 React 和基于 React 的库(Next.js、Gatsby.js)的单页应用Single-page apps with React and React-based libraries (Next.js, Gatsby.js)

ADAL 和 MSAL 之间的差异Differences between ADAL and MSAL

Active Directory 身份验证库 (ADAL) 与适用于开发人员的 Azure AD (v1.0) 终结点集成,其中 MSAL 与 Microsoft 标识平台集成。Active Directory Authentication Library (ADAL) integrates with the Azure AD for developers (v1.0) endpoint, where MSAL integrates with the Microsoft identity platform. 此外,借助 MSAL,还可以获取 Azure AD B2C 的身份验证。Additionally, with MSAL you can also get authentications for Azure AD B2C.

有关更多具体信息,请参阅从 ADAL.NET 迁移到 MSAL.NET从 ADAL.js 迁移到 MSAL.jsFor more specific information, read about migrating to MSAL.NET from ADAL.NET and migrating to MSAL.js from ADAL.js.