![]() You can use MSAL.NET, MSAL Java, and MSAL Python to get tokens from Active Directory Federation Services (AD FS) 2019 or later. Where ADAL had only authentication context class, MSAL exposes the notion of a collection of client apps (public client and confidential client).Azure AD certificate-based authentication (CBA) on mobile.Auth broker support – Device-based Conditional Access policy.Standards compliant with OAuth v2.0 and OpenID Connect (OIDC)Īzure Active Directory (Azure AD) accountsĪdditional Capabilities of MSAL over ADAL Proactively refresh and revoke tokens based on policy or critical events for Microsoft Graph and other APIs that support Continuous Access Evaluation (CAE). MSAL provides multiple benefits over ADAL, including the following features: Features We recommend you use MSAL to increase the resilience of authentication and authorization in client applications that you develop. it simplifies and manages acquiring, managing, caching, and refreshing tokens, and uses best practices for resilience. MSAL is designed to enable a secure solution without developers having to worry about the implementation details. MSAL leverages all the benefits of Microsoft identity platform (v2.0) endpoint. The following diagram shows the v2.0 vs v1.0 endpoint experience at a high level, including the app registration experience, SDKs, endpoints, and supported identities. Since Microsoft identity platform (v2.0) endpoint has changed significantly enough, the new library (MSAL) was built for the new endpoint entirely. If you've developed apps against Azure Active Directory (v1.0) endpoint in the past, you're likely using ADAL. Existing apps that use ADAL will continue to work after the end-of-support date but Microsoft will no longer release security fixes on ADAL. If you choose not to migrate to MSAL before ADAL support ends in June 2023, you put your app's security at risk.
0 Comments
Leave a Reply. |