Microsoft 标识平台身份验证库Microsoft identity platform authentication libraries
下表显示了针对多种应用程序类型的 Microsoft 身份验证库支持。The following tables show Microsoft Authentication Library support for several application types. 它们包括指向库源代码的链接,获取应用项目包的位置以及库是否支持用户登录(身份验证),访问受保护的 Web API(授权)或两者兼而有之。They include links to library source code, where to get the package for your app's project, and whether the library supports user sign-in (authentication), access to protected web APIs (authorization), or both.
Microsoft 标识平台已由 OpenID Foundation 认证为经认证的 OpenID 提供程序。The Microsoft identity platform has been certified by the OpenID Foundation as a certified OpenID provider. 如果你希望使用 Microsoft 身份验证库 (MSAL) 以外的其他库或 Microsoft 支持的其他库,请选择具有经认证的 OpenID Connect 实现的库。If you prefer to use a library other than the Microsoft Authentication Library (MSAL) or another Microsoft-supported library, choose one with a certified OpenID Connect implementation.
如果选择手动编码自己的 OAuth 2.0 或 OpenID Connect 1.0 的协议级实现,请密切注意每个标准规范中的安全性注意事项,并遵循软件开发生命周期 (SDL) 方法,例如 Microsoft SDL。If you choose to hand-code your own protocol-level implementation of OAuth 2.0 or OpenID Connect 1.0, pay close attention to the security considerations in each standard's specification and follow a software development lifecycle (SDL) methodology like the Microsoft SDL.
单页面应用程序 (SPA)Single-page application (SPA)
单页应用程序完全在浏览器表面上运行,以动态方式或在应用程序加载时提取页面数据(HTML、CSS 和 JavaScript)。A single-page application runs entirely on the browser surface and fetches page data (HTML, CSS, and JavaScript) dynamically or at application load time. 它可以调用 Web API 与后端数据源进行交互。It can call web APIs to interact with back-end data sources.
因为 SPA 的代码完全在浏览器中运行,所以它被视为公共客户端,无法安全存储机密。Because a SPA's code runs entirely in the browser, it's considered a public client that's unable to store secrets securely.
| 语言/框架Language / framework | 项目Project on GitHubGitHub |
包Package | 获取Getting startedstarted |
用户登录Sign in users | 访问 Web APIAccess web APIs | 正式发布 (GA) 或Generally available (GA) or 公共预览版1Public preview1 |
|---|---|---|---|---|---|---|
| AngularAngular | MSAL Angular 2.0MSAL Angular 2.0 | @azure/msal-angular | —— |  |
|
公共预览版Public preview |
| AngularAngular | MSAL AngularMSAL Angular | @azure/msal-angular | 教程Tutorial | |
|
GAGA |
| AngularJSAngularJS | MSAL AngularJSMSAL AngularJS | @azure/msal-angularjs | —— | |
|
公共预览版Public preview |
| JavaScriptJavaScript | MSAL.js 2.0MSAL.js 2.0 | @azure/msal-browser | |
|
GAGA | |
| JavaScriptJavaScript | MSAL.js 1.0MSAL.js 1.0 | @azure/msal-core | 教程Tutorial | |
|
GAGA |
| ReactReact | MSAL ReactMSAL React | @azure/msal-react | —— | |
|
公共预览版Public preview |
1 Azure 预览版的补充使用条款适用于公共预览版中的库。1 Supplemental terms of use for Azure Previews apply to libraries in Public preview.
Web 应用程序Web application
Web 应用程序在服务器上运行代码,该服务器生成 HTML、CSS 和 JavaScript 并将其发送到用户的 Web 浏览器以进行呈现。A web application runs code on a server that generates and sends HTML, CSS, and JavaScript to a user's web browser to be rendered. 系统将用户标识作为用户浏览器(前端)和 Web 服务器(后端)之间的会话来进行维护。The user's identity is maintained as a session between the user's browser (the front end) and the web server (the back end).
由于 Web 应用程序的代码在 Web 服务器上运行,因此它被视为可以安全存储机密的机密客户端。Because a web application's code runs on the web server, it's considered a confidential client that can store secrets securely.
| 语言/框架Language / framework | 项目Project on GitHubGitHub |
包Package | 获取Getting startedstarted |
用户登录Sign in users | 访问 Web APIAccess web APIs | 正式发布 (GA) 或Generally available (GA) or 公共预览版1Public preview1 |
|---|---|---|---|---|---|---|
| .NET.NET | MSAL.NETMSAL.NET | Microsoft.Identity.ClientMicrosoft.Identity.Client | —— |  |
|
GAGA |
| ASP.NET CoreASP.NET Core | ASP.NET 安全性ASP.NET Security | Microsoft.AspNetCore.AuthenticationMicrosoft.AspNetCore.Authentication | —— | |
|
GAGA |
| ASP.NET CoreASP.NET Core | Microsoft.Identity.WebMicrosoft.Identity.Web | Microsoft.Identity.WebMicrosoft.Identity.Web | —— | |
|
GAGA |
| JavaJava | MSAL4JMSAL4J | msal4jmsal4j | 快速入门Quickstart | |
|
GAGA |
| Node.jsNode.js | MSAL NodeMSAL Node | msal-nodemsal-node | 快速入门Quickstart | |
|
GAGA |
| Node.jsNode.js | Azure AD PassportAzure AD Passport | passport-azure-adpassport-azure-ad | 快速入门Quickstart | |
|
GAGA |
| PythonPython | MSAL PythonMSAL Python | msalmsal | 快速入门Quickstart | |
|
GAGA |
1 Azure 预览版的补充使用条款适用于公共预览版中的库。1 Supplemental terms of use for Azure Previews apply to libraries in Public preview.
桌面应用程序Desktop application
桌面应用程序通常是显示用户界面的二进制(编译)代码,旨在在用户桌面上运行。A desktop application is typically binary (compiled) code that surfaces a user interface and is intended to run on a user's desktop.
由于桌面应用程序在用户的桌面上运行,因此它被视为无法安全存储机密的公共客户端。Because a desktop application runs on the user's desktop, it's considered a public client that's unable to store secrets securely.
| 语言/框架Language / framework | 项目Project on GitHubGitHub |
包Package | 获取Getting startedstarted |
用户登录Sign in users | 访问 Web APIAccess web APIs | 正式发布 (GA) 或Generally available (GA) or 公共预览版1Public preview1 |
|---|---|---|---|---|---|---|
| ElectronElectron | MSAL NodeMSAL Node | @azure/msal-node | 教程Tutorial | |
|
GAGA |
| JavaJava | MSAL4JMSAL4J | msal4jmsal4j | —— | |
|
GAGA |
| macOS (Swift/Obj-C)macOS (Swift/Obj-C) | 适用于 iOS 和 macOS 的 MSALMSAL for iOS and macOS | MSALMSAL | 教程Tutorial | |
|
GAGA |
| UWPUWP | MSAL.NETMSAL.NET | Microsoft.Identity.ClientMicrosoft.Identity.Client | 教程Tutorial | |
|
GAGA |
| WPFWPF | MSAL.NETMSAL.NET | Microsoft.Identity.ClientMicrosoft.Identity.Client | 教程Tutorial | |
|
GAGA |
1 Azure 预览版的补充使用条款适用于公共预览版中的库。1 Supplemental terms of use for Azure Previews apply to libraries in Public preview.
移动应用程序Mobile application
移动应用程序通常是显示用户界面的二进制(编译)代码,旨在在用户的移动设备上运行。A mobile application is typically binary (compiled) code that surfaces a user interface and is intended to run on a user's mobile device.
由于移动应用程序在用户的移动设备上运行,因此它被视为无法安全存储机密的公共客户端。Because a mobile application runs on the user's mobile device, it's considered a public client that's unable to store secrets securely.
| 平台Platform | 项目Project on GitHubGitHub |
包Package | 获取Getting startedstarted |
用户登录Sign in users | 访问 Web APIAccess web APIs | 正式发布 (GA) 或Generally available (GA) or 公共预览版1Public preview1 |
|---|---|---|---|---|---|---|
| Android (Java)Android (Java) | MSAL AndroidMSAL Android | MSALMSAL | 快速入门Quickstart | |
|
GAGA |
| Android (Kotlin)Android (Kotlin) | MSAL AndroidMSAL Android | MSALMSAL | —— | |
|
GAGA |
| iOS (Swift/Obj-C)iOS (Swift/Obj-C) | 适用于 iOS 和 macOS 的 MSALMSAL for iOS and macOS | MSALMSAL | 教程Tutorial | |
|
GAGA |
| Xamarin (.NET)Xamarin (.NET) | MSAL.NETMSAL.NET | Microsoft.Identity.ClientMicrosoft.Identity.Client | —— | |
|
GAGA |
1 Azure 预览版的补充使用条款适用于公共预览版中的库。1 Supplemental terms of use for Azure Previews apply to libraries in Public preview.
服务/守护程序Service / daemon
服务和守护程序通常用于服务器到服务器通信以及其他无人参与(有时称为无外设)的通信。Services and daemons are commonly used for server-to-server and other unattended (sometimes called headless) communication. 因为没有用户在键盘上输入凭据或同意访问资源,所以在请求对 Web API 资源的授权访问时,这些应用程序将以自身而非用户身份进行身份验证。Because there's no user at the keyboard to enter credentials or consent to resource access, these applications authenticate as themselves, not a user, when requesting authorized access to a web API's resources.
在服务器上运行的服务或守护程序被视为可以安全存储其机密的机密客户端。A service or daemon that runs on a server is considered a confidential client that can store its secrets securely.
| 语言/框架Language / framework | 项目Project on GitHubGitHub |
包Package | 获取Getting startedstarted |
用户登录Sign in users | 访问 Web APIAccess web APIs | 正式发布 (GA) 或Generally available (GA) or 公共预览版1Public preview1 |
|---|---|---|---|---|---|---|
| .NET.NET | MSAL.NETMSAL.NET | Microsoft.Identity.ClientMicrosoft.Identity.Client | 快速入门Quickstart | |
|
GAGA |
| JavaJava | MSAL4JMSAL4J | msal4jmsal4j | —— | |
|
GAGA |
| 节点Node | MSAL NodeMSAL Node | msal-nodemsal-node | 快速入门Quickstart | |
|
GAGA |
| PythonPython | MSAL PythonMSAL Python | msal-pythonmsal-python | —— | |
|
GAGA |
1 Azure 预览版的补充使用条款适用于公共预览版中的库。1 Supplemental terms of use for Azure Previews apply to libraries in Public preview.
后续步骤Next steps
有关 Microsoft 身份验证库的详细信息,请参阅 Microsoft 身份验证库 (MSAL) 概述。For more information about the Microsoft Authentication Library, see the Overview of the Microsoft Authentication Library (MSAL).