Microsoft 标识平台身份验证库Microsoft identity platform authentication libraries

Microsoft 标识平台终结点支持行业标准协议 OAuth 2.0 和 OpenID Connect 1.0。The Microsoft identity platform endpoint supports the industry-standard OAuth 2.0 and OpenID Connect 1.0 protocols. Microsoft 身份验证库 (MSAL) 设计为适用于 Microsoft 标识平台终结点。The Microsoft Authentication Library (MSAL) is designed to work with the Microsoft identity platform endpoint. 还可以使用支持 OAuth 2.0 和 OpenID Connect 1.0 的开放源代码库。You can also use open-source libraries that support OAuth 2.0 and OpenID Connect 1.0.

建议使用协议领域的专家根据安全开发生命周期 (SDL) 方法编写的库。We recommend that you use libraries written by protocol domain experts who follow a Security Development Lifecycle (SDL) methodology. 此类方法包括 Microsoft 遵循的方法Such methodologies include the one that Microsoft follows. 如果手动编写协议代码,应遵循 Microsoft SDL 之类的方法。If you hand code for the protocols, you should follow a methodology such as Microsoft SDL. 请认真对待每个协议的标准规范中的安全注意事项。Pay close attention to the security considerations in the standards specifications for each protocol.


想要使用 Azure Active Directory 身份验证库 (ADAL)?Are you looking for the Azure Active Directory Authentication Library (ADAL)? 请查看 ADAL 库指南Check out the ADAL library guide.

库的类型Types of libraries

Microsoft 标识平台终结点使用两种类型的库:The Microsoft identity platform endpoint works with two types of libraries:

  • 客户端库:本机客户端和服务器使用客户端库获取用于调用某个资源(例如 Microsoft Graph)的访问令牌。Client libraries: Native clients and servers use client libraries to acquire access tokens for calling a resource such as Microsoft Graph.
  • 服务器中间件库:Web 应用使用服务器中间件库进行用户登录。Server middleware libraries: Web apps use server middleware libraries for user sign-in. Web API 使用服务器中间件库验证本机客户端或其他服务器发送的令牌。Web APIs use server middleware libraries to validate tokens that are sent by native clients or by other servers.

库支持Library support

库的支持类型有两种:Libraries come in two support categories:

  • Microsoft 支持:Microsoft 为这些库提供修补程序,并对这些库进行 SDL 审慎调查。Microsoft-supported: Microsoft provides fixes for these libraries and has done SDL due diligence on these libraries.
  • 兼容:Microsoft 已在基本方案中测试这些库并确认它们适用于 Microsoft 标识平台终结点。Compatible: Microsoft has tested these libraries in basic scenarios and has confirmed that they work with the Microsoft identity platform endpoint. Microsoft 不提供这些库的修复程序,且尚未审查这些库。Microsoft doesn't provide fixes for these libraries and hasn't done a review of these libraries. 问题和功能请求应重定向到库的开源项目。Issues and feature requests should be directed to the library's open-source project.

有关适用于 Microsoft 标识平台终结点的库列表,请参阅以下部分。For a list of libraries that work with the Microsoft identity platform endpoint, see the following sections.

Microsoft 支持的客户端库Microsoft-supported client libraries

使用客户端身份验证库获取令牌以调用受保护的 Web API。Use client authentication libraries to acquire a token for calling a protected web API.

平台Platform Library 下载Download 源代码Source code 示例Sample 参考Reference 概念文档Conceptual doc 路线图Roadmap
Javascript MSAL.jsMSAL.js NPMNPM GitHubGitHub 单页应用Single-page app 参考Reference 概念文档Conceptual docs 路线图Roadmap
Angular MSAL AngularMSAL Angular NPMNPM GitHubGitHub Angular SPAAngular SPA 参考Reference 概念文档Conceptual docs 路线图Roadmap
.NET framework UWP Xamarin MSAL.NETMSAL.NET NuGetNuGet GitHubGitHub 桌面应用Desktop app MSAL.NETMSAL.NET 概念文档Conceptual docs 路线图Roadmap
Python MSAL PythonMSAL Python PyPIPyPI GitHubGitHub 示例Samples ReadTheDocsReadTheDocs WikiWiki 路线图Roadmap
Java MSAL JavaMSAL Java MavenMaven GitHubGitHub 示例Samples 参考Reference WikiWiki 路线图Roadmap
iOS 和 macOSiOS & macOS MSAL iOS 和 macOSMSAL iOS and macOS GitHubGitHub GitHubGitHub iOS 应用macOS 应用iOS app, macOS app 参考Reference 概念文档Conceptual docs
Android / Java MSAL AndroidMSAL Android 中央存储库Central repository GitHubGitHub Android 应用Android app JavaDocsJavaDocs 概念文档Conceptual docs 路线图Roadmap

Microsoft 支持的服务器中间件库Microsoft-supported server middleware libraries

使用中间件库来保护 Web 应用程序和 Web API。Use middleware libraries to help protect web applications and web APIs. 通过 ASP.NET 或 ASP.NET Core 编写的 Web 应用或 Web API 使用中间件库。Web apps or web APIs written with ASP.NET or ASP.NET Core use the middleware libraries.

平台Platform Library 下载Download 源代码Source Code 示例Sample 参考Reference
.NET .NET Core ASP.NET 安全性ASP.NET Security NuGetNuGet GitHubGitHub MVC 应用MVC app ASP.NET API 参考ASP.NET API reference
.NET 适用于 .NET 的 IdentityModel 扩展IdentityModel Extensions for .NET GitHubGitHub MVC 应用MVC app 参考Reference
Node.js Azure AD PassportAzure AD Passport NPMNPM GitHubGitHub Web 应用Web app

按 OS/语言划分的 Microsoft 支持的库Microsoft-supported libraries by OS / language

至于支持的操作系统和语言,映射如下:In term of supported operating systems vs languages, the mapping is the following:

WindowsWindows LinuxLinux macOSmacOS iOSiOS AndroidAndroid
Javascript MSAL.jsMSAL.js MSAL.jsMSAL.js MSAL.jsMSAL.js MSAL.jsMSAL.js MSAL.jsMSAL.js
C# ASP.NET、ASP.NET Core、MSAL.Net(.NET FW、Core、UWP)ASP.NET, ASP.NET Core, MSAL.Net (.NET FW, Core, UWP) ASP.NET Core、MSAL.Net (.NET Core)ASP.NET Core, MSAL.Net (.NET Core) ASP.NET Core、MSAL.Net (macOS)ASP.NET Core, MSAL.Net (macOS) MSAL.Net (Xamarin.iOS)MSAL.Net (Xamarin.iOS) MSAL.Net (Xamarin.Android)MSAL.Net (Xamarin.Android)
适用于 iOS 和 macOS 的 MSALMSAL for iOS and macOS 适用于 iOS 和 macOS 的 MSALMSAL for iOS and macOS
Java JavaJava msal4jmsal4j msal4jmsal4j msal4jmsal4j MSAL AndroidMSAL Android
Python PythonPython MSAL PythonMSAL Python MSAL PythonMSAL Python MSAL PythonMSAL Python
Node.Js Node.JSNode.JS Passport.nodePassport.node Passport.nodePassport.node Passport.nodePassport.node

另请参阅按支持的平台和语言划分的方案See also Scenarios by supported platforms and languages

兼容的客户端库Compatible client libraries

平台Platform 库名称Library name 测试的版本Tested version 源代码Source code 示例Sample
Javascript Hello.jsHello.js 版本 1.13.5Version 1.13.5 Hello.jsHello.js SPASPA
Java Scribe JavaScribe Java 版本 3.2.0Version 3.2.0 ScribeJavaScribeJava
Java Gluu OpenID Connect 库Gluu OpenID Connect library 版本 3.0.2Version 3.0.2 Gluu OpenID Connect 库Gluu OpenID Connect library
Python Requests-OAuthlibRequests-OAuthlib 版本 1.2.0Version 1.2.0 Requests-OAuthlibRequests-OAuthlib
Node.js openid-clientopenid-client 版本 2.4.5Version 2.4.5 openid-clientopenid-client
PHP The PHP League oauth2-clientThe PHP League oauth2-client 版本 1.4.2Version 1.4.2 oauth2-clientoauth2-client
Ruby OmniAuthOmniAuth omniauth:1.3.1omniauth: 1.3.1
omniauth-oauth2:1.4.0omniauth-oauth2: 1.4.0
OmniAuth OAuth2OmniAuth OAuth2
iOS、macOS 和 AndroidiOS, macOS, & Android React Native 应用身份验证React Native App Auth 版本 4.2.0Version 4.2.0 React Native 应用身份验证React Native App Auth

对于任何符合标准的库,都可以使用 Microsoft 标识平台终结点。For any standards-compliant library, you can use the Microsoft identity platform endpoint. 了解去哪里寻求支持非常重要:It's important to know where to go for support:

  • 有关库代码中的问题和新功能请求,请联系库所有者。For issues and new feature requests in library code, contact the library owner.
  • 有关服务端协议实现中的问题和新功能请求,请联系 Microsoft。For issues and new feature requests in the service-side protocol implementation, contact Microsoft.
  • 若要在协议中看到其他功能,请提出功能请求File a feature request for additional features you want to see in the protocol.

有关 Microsoft 标识平台终结点的详细信息,请参阅 Microsoft 标识平台概述For more information about the Microsoft identity platform endpoint, see the Microsoft identity platform overview.