- Why use MSAL4J
- Register your app with AAD
- Client Applications
- Acquiring tokens
- Calling a protected API
- Token Cache
- Claims Challenge
- Migrate from ADAL
- Using MSAL4J with B2C
- ADFS Support
- National Clouds
- Configuring Http Client
- Handle SameSite cookie changes on Chrome
Clone this wiki locally
The Microsoft Authentication Library for Java (MSAL4J) enables applications to integrate with the Microsoft identity platform. It allows you to sign in users or apps with Microsoft identities (Azure AD, Microsoft accounts and Azure AD B2C accounts) and obtain tokens to call Microsoft APIs such as Microsoft Graph or your own APIs registered with the Microsoft identity platform. It is built using industry standard OAuth2 and OpenID Connect protocols.
Pre-requisite: Before using MSAL4J you will have to register your applications with Azure AD.
Learn about the supported scenarios.
To start using MSAL4J, instantiate and configure the client application.
Refer FAQ for common issues and known bugs.
|Mar 25 2022||1.11.3||Allow client assertions as callbacks and as per-request parameters|
|Feb 9 2022||1.11.2||Updated oauth2-oidc-sdk version to address security vulnerability|
|Feb 3 2022||1.11.1||Fixed Retrofit security vulnerabilities|
|Jul 6 2021||1.11.0||Adds ability to override authority in AcquireToken callsSupport for ADFS 2019|
|Jun 16 2021||1.10.1||Improved behavior when using regional authorities. Scope override issue in OBO flow has been fixed.|
|Apr 26 2021||1.10.0||Instance aware support for interactive requests. Default cache lookup for on-behalf-of and client credential flows.|
|Feb 12 2021||1.9.1||Update com.fasterxml.jackson.core.jackson-databind to 2.12.1|
|Feb 2 2021||1.9.0||Add support for Azure region discovery|
|Dec 14 2020||1.8.1||New ClaimsRequest class to allow ID token claims to be requested as part of any token request|
|Oct 29 2020||1.8.0||ITenantProfile added to IAuthenticationResult for easier access to ID token claims|
|Sep 27 2020||1.7.1||sendX5c API added to IConfidentialClientApplication to specify if the x5c claim|
|Sep 6 2020||1.7.0||Tenant profiles added to IAccount. Support of certificate chain has been added.|
|Aug 17 2020||1.6.2||Fix for "NullPointerException during accessing B2C authority aliases". Adding extraScopesToConsent parameter to AuthorizationRequestUrlParameters builder.|