Microsoft 标识平台身份验证库Microsoft identity platform authentication libraries
Microsoft 标识平台终结点支持行业标准协议 OAuth 2.0 和 OpenID Connect 1.0。The Microsoft identity platform endpoint supports the industry-standard OAuth 2.0 and OpenID Connect 1.0 protocols. Microsoft 身份验证库 (MSAL) 设计为适用于 Microsoft 标识平台终结点。The Microsoft Authentication Library (MSAL) is designed to work with the Microsoft identity platform endpoint. 还可以使用支持 OAuth 2.0 和 OpenID Connect 1.0 的开放源代码库。You can also use open-source libraries that support OAuth 2.0 and OpenID Connect 1.0.
建议使用协议领域的专家根据安全开发生命周期 (SDL) 方法编写的库。We recommend that you use libraries written by protocol domain experts who follow a Security Development Lifecycle (SDL) methodology. 此类方法包括 Microsoft 遵循的方法。Such methodologies include the one that Microsoft follows. 如果手动编写协议代码,应遵循 Microsoft SDL 之类的方法。If you hand code for the protocols, you should follow a methodology such as Microsoft SDL. 请认真对待每个协议的标准规范中的安全注意事项。Pay close attention to the security considerations in the standards specifications for each protocol.
备注
想要使用 Azure Active Directory 身份验证库 (ADAL)?Are you looking for the Azure Active Directory Authentication Library (ADAL)? 请查看 ADAL 库指南。Check out the ADAL library guide.
库的类型Types of libraries
Microsoft 标识平台终结点使用两种类型的库:The Microsoft identity platform endpoint works with two types of libraries:
- 客户端库:本机客户端和服务器使用客户端库获取用于调用某个资源(例如 Microsoft Graph)的访问令牌。Client libraries: Native clients and servers use client libraries to acquire access tokens for calling a resource such as Microsoft Graph.
- 服务器中间件库:Web 应用使用服务器中间件库进行用户登录。Server middleware libraries: Web apps use server middleware libraries for user sign-in. Web API 使用服务器中间件库验证本机客户端或其他服务器发送的令牌。Web APIs use server middleware libraries to validate tokens that are sent by native clients or by other servers.
库支持Library support
库的支持类型有两种:Libraries come in two support categories:
- Microsoft 支持:Microsoft 为这些库提供修补程序,并对这些库进行 SDL 审慎调查。Microsoft-supported: Microsoft provides fixes for these libraries and has done SDL due diligence on these libraries.
- 兼容:Microsoft 已在基本方案中测试这些库并确认它们适用于 Microsoft 标识平台终结点。Compatible: Microsoft has tested these libraries in basic scenarios and has confirmed that they work with the Microsoft identity platform endpoint. Microsoft 不提供这些库的修复程序,且尚未审查这些库。Microsoft doesn't provide fixes for these libraries and hasn't done a review of these libraries. 问题和功能请求应重定向到库的开源项目。Issues and feature requests should be directed to the library's open-source project.
有关适用于 Microsoft 标识平台终结点的库列表,请参阅以下部分。For a list of libraries that work with the Microsoft identity platform endpoint, see the following sections.
Microsoft 支持的客户端库Microsoft-supported client libraries
使用客户端身份验证库获取令牌以调用受保护的 Web API。Use client authentication libraries to acquire a token for calling a protected web API.
Microsoft 支持的服务器中间件库Microsoft-supported server middleware libraries
使用中间件库来保护 Web 应用程序和 Web API。Use middleware libraries to help protect web applications and web APIs. 通过 ASP.NET 或 ASP.NET Core 编写的 Web 应用或 Web API 使用中间件库。Web apps or web APIs written with ASP.NET or ASP.NET Core use the middleware libraries.
平台Platform | 库Library | 下载Download | 源代码Source Code | 示例Sample | 参考Reference |
---|---|---|---|---|---|
![]() ![]() |
ASP.NET 安全性ASP.NET Security | NuGetNuGet | GitHubGitHub | MVC 应用MVC app | ASP.NET API 参考ASP.NET API reference |
![]() |
适用于 .NET 的 IdentityModel 扩展IdentityModel Extensions for .NET | GitHubGitHub | MVC 应用MVC app | 参考Reference | |
![]() |
Azure AD PassportAzure AD Passport | NPMNPM | GitHubGitHub | Web 应用Web app |
按 OS/语言划分的 Microsoft 支持的库Microsoft-supported libraries by OS / language
至于支持的操作系统和语言,映射如下:In term of supported operating systems vs languages, the mapping is the following:
平台Platform | WindowsWindows | LinuxLinux | macOSmacOS | iOSiOS | AndroidAndroid |
---|---|---|---|---|---|
![]() |
MSAL.jsMSAL.js | MSAL.jsMSAL.js | MSAL.jsMSAL.js | MSAL.jsMSAL.js | MSAL.jsMSAL.js |
ASP.NET、ASP.NET Core、MSAL.Net(.NET FW、Core、UWP)ASP.NET, ASP.NET Core, MSAL.Net (.NET FW, Core, UWP) | ASP.NET Core、MSAL.Net (.NET Core)ASP.NET Core, MSAL.Net (.NET Core) | ASP.NET Core、MSAL.Net (macOS)ASP.NET Core, MSAL.Net (macOS) | MSAL.Net (Xamarin.iOS)MSAL.Net (Xamarin.iOS) | MSAL.Net (Xamarin.Android)MSAL.Net (Xamarin.Android) | |
SwiftSwift Objective-CObjective-C |
适用于 iOS 和 macOS 的 MSALMSAL for iOS and macOS | 适用于 iOS 和 macOS 的 MSALMSAL for iOS and macOS | |||
![]() |
msal4jmsal4j | msal4jmsal4j | msal4jmsal4j | MSAL AndroidMSAL Android | |
![]() |
MSAL PythonMSAL Python | MSAL PythonMSAL Python | MSAL PythonMSAL Python | ||
![]() |
Passport.nodePassport.node | Passport.nodePassport.node | Passport.nodePassport.node |
另请参阅按支持的平台和语言划分的方案See also Scenarios by supported platforms and languages
兼容的客户端库Compatible client libraries
平台Platform | 库名称Library name | 测试的版本Tested version | 源代码Source code | 示例Sample |
---|---|---|---|---|
![]() |
Hello.jsHello.js | 版本 1.13.5Version 1.13.5 | Hello.jsHello.js | SPASPA |
![]() |
Vue MSALVue MSAL | 版本 3.0.3Version 3.0.3 | vue-msalvue-msal | |
![]() |
Scribe JavaScribe Java | 版本 3.2.0Version 3.2.0 | ScribeJavaScribeJava | |
![]() |
Gluu OpenID Connect 库Gluu OpenID Connect library | 版本 3.0.2Version 3.0.2 | Gluu OpenID Connect 库Gluu OpenID Connect library | |
![]() |
Requests-OAuthlibRequests-OAuthlib | 版本 1.2.0Version 1.2.0 | Requests-OAuthlibRequests-OAuthlib | |
![]() |
openid-clientopenid-client | 版本 2.4.5Version 2.4.5 | openid-clientopenid-client | |
![]() |
The PHP League oauth2-clientThe PHP League oauth2-client | 版本 1.4.2Version 1.4.2 | oauth2-clientoauth2-client | |
![]() |
OmniAuthOmniAuth | omniauth:1.3.1omniauth: 1.3.1 omniauth-oauth2:1.4.0omniauth-oauth2: 1.4.0 |
OmniAuthOmniAuth OmniAuth OAuth2OmniAuth OAuth2 |
|
iOS、macOS 和 AndroidiOS, macOS, & Android | React Native 应用身份验证React Native App Auth | 版本 4.2.0Version 4.2.0 | React Native 应用身份验证React Native App Auth |
对于任何符合标准的库,都可以使用 Microsoft 标识平台终结点。For any standards-compliant library, you can use the Microsoft identity platform endpoint. 了解去哪里寻求支持非常重要:It's important to know where to go for support:
- 有关库代码中的问题和新功能请求,请联系库所有者。For issues and new feature requests in library code, contact the library owner.
- 有关服务端协议实现中的问题和新功能请求,请联系 Microsoft。For issues and new feature requests in the service-side protocol implementation, contact Microsoft.
- 若要在协议中看到其他功能,请提出功能请求。File a feature request for additional features you want to see in the protocol.
相关内容Related content
有关 Microsoft 标识平台终结点的详细信息,请参阅 Microsoft 标识平台概述。For more information about the Microsoft identity platform endpoint, see the Microsoft identity platform overview.