The Microsoft Authentication Library for JavaScript enables both client-side and server-side JavaScript applications to authenticate users using Microsoft Entra ID for work and school accounts, Microsoft personal accounts (MSA), and social identity providers like Facebook, Google, LinkedIn, Microsoft accounts, etc. through Azure AD B2C service. It also enables your app to get tokens to access Microsoft Cloud services such as Microsoft Graph.
Core and wrapper libraries
The lib folder contains the source code for MSAL.js libraries in active development. You'll also find all the details about installing the libraries in their respective README.md files.
Microsoft Authentication Library for Node.js: A Node.js library that enables authentication and token acquisition with the Microsoft Identity platform in JavaScript applications. Implements the following OAuth 2.0 protocols and is OpenID-compliant:
Microsoft Authentication Library for JavaScript: A browser-based, framework-agnostic browser library that enables authentication and token acquisition with the Microsoft Identity platform in JavaScript applications. Implements the OAuth 2.0 Authorization Code Flow with PKCE, and is OpenID-compliant.
Native authentication support in MSAL: MSAL JS provides native authentication APIs that allow applications to implement a native experience with end-to-end customizable flows in their web applications. With native authentication, user can fully customize the user interface, including design elements, logo placement, and layout, ensuring a consistent and branded look.The native authentication feature is available for SPAs on External ID for customers
Microsoft Authentication Library for React: A wrapper of the msal-browser library for apps using React.
Microsoft Authentication Library for Angular: A wrapper of the msal-browser library for apps using Angular framework.
Microsoft Authentication Extensions for Node: The Microsoft Authentication Extensions for Node offers secure mechanisms for client applications to perform cross-platform token cache serialization and persistence. It gives additional support to the Microsoft Authentication Library for Node (MSAL).
Libraries in Long-term Support (LTS)
The following libraries, hosted on the msal-lts branch, are no longer in active development, but they are still receiving critical security bug fix support.
- Microsoft Authentication Library for JavaScript v2.x
- Microsoft Authentication Library for Node.js v1.x
- Microsoft Authentication Library for React v1.x
- Microsoft Authentication Library for Angular v2.x
Package structure
There are a number of different packages meant for different platforms. You can see the relationship between packages and different authentication flows they implement in the package structure below.
Samples
The code samples demonstrate usage of the Microsoft authentication libraries for JavaScript with the identity platform. Each code sample includes a README.md file describing how to build the project (if applicable) and run the sample application.
For a complete list of samples targeting JavaScript and other languages, frameworks, and platforms, please refer to the Microsoft identity platform code samples.
For native authentication features, the sample apps demonstrate how to use native authentication in React and Angular web applications. Each code sample includes a README.md file describing how to build the project and run the sample application. Current native authentication API doesn't support Cross-Origin Resource Sharing (CORS), the sample app will run using local proxy.
Package versioning
All of our libraries follow semantic versioning. We recommend using the latest version of each library to ensure you have the latest security patches and bug fixes.
Security reporting
If you find a security issue with our libraries or services please report it to the Microsoft Security Response Center (MSRC) with as much detail as possible.