Earlier this year at //Build we showed the enhancements we made around the Microsoft identity platform and how we’ve unified our tools and services for developers. Building on that that momentum, we are excited to announce General Availability of Microsoft Authentication Libraries (MSAL) for Android, iOS and macOS!
Our Best Developer Experience Yet
The Microsoft Authentication Libraries represent our best developer experience for easily integrating authentication into a diverse set of applications. For building modern applications that authenticate Microsoft identities, your app should be using our most advanced and up-to-date libraries and protocols. The Android, iOS, and MacOS MSAL libraries are now generally available in addition to MSAL.NET and MSAL JS, with more libraries coming soon. Our libraries are used by businesses large and small, application developers from across the globe, and for Microsoft applications you use today. Now you can use it to power your identity experience as well.
We listened to your feedback and made significant advances in security, developer usability and user experience. These improvements include:
- MSAL allows you to sign in any user using one API. Your users see one combined experience to sign-in with any Microsoft identity—from Azure AD accounts to personal Microsoft accounts. After sign-in you can access Microsoft Graph or your own APIs. The same API can be used with Azure AD B2C to build a branded sign in experience for social identities and local accounts.
- MSAL maintains sign-in state when upgrading from ADAL. We’ve made improvements to the storage mechanism for tokens and improved reliability when multiple applications are accessing the cache. MSAL also provides a secure interop mechanism so your existing applications using our older SDKs can co-exist with your new applications using MSAL.
- MSAL has been refactored to be more intuitive. The object-oriented interface simplifies integration and manages sign-in state. It includes patterns for building a better app that delivers a better user experience with authentication, more single sign-on capabilities and improvements in consent experience. We also introduced new capabilities to retrieve a list of the accounts known to the application, disassociate accounts from the application, and much more (iOS/Android).
- MSAL can provide device-wide Single Sign-On (SSO) for mobile devices through two ways:
- Using the default browser. Many apps still use form-based sign in or an embedded web experience, reducing the likelihood of device-wide SSO and potentially allowing malicious apps to observe interactions between the end user and the identity provider. The use of MSAL addresses device wide SSO and familiarizes end users with authenticating inside the default browser rather than in an app. In addition, the browser and all MSAL apps on the device have a shared sign-in state.
- Using Brokered Auth via the Authenticator App and Company Portal. iOS and Android devices with the Microsoft Authenticator App or Android devices with the Company Portal installed can take advantage of a highly secure sign-in experience. The identity of the application and user are verified by the Microsoft identity platform with additional security algorithms and encryption. This scenario also has the benefit of device wide SSO and advanced business features such as Conditional Access, Intune Management capabilities, and certificate-based authentication.
- Learn more about SSO on iOS/Mac, Authorization Agents for Android and Brokered Auth on Android by reviewing our documentation.
Get Started Today
Check out our samples and walk throughs to get started, or follow the steps in the README to add MSAL directly to your Android app. If you are using our previous libraries, we’ve included a migration guide to help you move to the our latest MSAL SDK. Explore our wiki to find links to documentation, sample apps, and guidelines for contributing.
Check out our samples and walk throughs to get started. If you are using our previous identity libraries, we’ve included a migration guide to help you move to the our latest MSAL SDK. We also have iOS sample code and macOS sample code to help you learn the basics.
Engage with us
Since the beginning, Microsoft’s identity SDKs have been open source, and we have been engaging with the community by listening to developer feedback on GitHub and Stack Overflow. You’ll find all the same support and help you did with our previous libraries through our github page (iOS+Mac / Android) and on Stack Overflow using the MSAL tag.