Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
@azure/msal-angular
Advanced tools
@azure/msal-angular is a library that allows Angular applications to authenticate users with Microsoft Identity Platform and obtain tokens to call Microsoft APIs such as Microsoft Graph or any API registered with the Microsoft identity platform.
User Authentication
This code demonstrates how to set up the MSAL instance in an Angular application to enable user authentication with Microsoft Identity Platform.
import { MsalModule, MsalService, MSAL_INSTANCE } from '@azure/msal-angular';
import { PublicClientApplication } from '@azure/msal-browser';
export function MSALInstanceFactory() {
return new PublicClientApplication({
auth: {
clientId: 'your-client-id',
authority: 'https://login.microsoftonline.com/your-tenant-id',
redirectUri: 'http://localhost:4200'
}
});
}
@NgModule({
imports: [
MsalModule
],
providers: [{
provide: MSAL_INSTANCE,
useFactory: MSALInstanceFactory
}, MsalService]
})
export class AppModule { }
Token Acquisition
This code demonstrates how to log in a user and acquire an access token silently for calling Microsoft Graph API or other APIs.
import { MsalService } from '@azure/msal-angular';
@Component({
selector: 'app-root',
templateUrl: './app.component.html'
})
export class AppComponent {
constructor(private authService: MsalService) {}
login() {
this.authService.loginPopup().subscribe(response => {
console.log('Login successful', response);
}, error => {
console.error('Login failed', error);
});
}
getToken() {
this.authService.acquireTokenSilent({
scopes: ['user.read']
}).subscribe(response => {
console.log('Token acquired', response.accessToken);
}, error => {
console.error('Token acquisition failed', error);
});
}
}
Guarding Routes
This code demonstrates how to protect routes in an Angular application using MsalGuard to ensure that only authenticated users can access certain routes.
import { MsalGuard } from '@azure/msal-angular';
const routes: Routes = [
{ path: 'profile', component: ProfileComponent, canActivate: [MsalGuard] }
];
@NgModule({
imports: [RouterModule.forRoot(routes)],
exports: [RouterModule]
})
export class AppRoutingModule { }
angular-oauth2-oidc is a library for OAuth2 and OpenID Connect (OIDC) authentication in Angular applications. It provides similar functionalities to @azure/msal-angular, such as user authentication, token management, and route protection. However, it is more generic and can be used with various identity providers, not just Microsoft Identity Platform.
oidc-client is a JavaScript library for OpenID Connect (OIDC) and OAuth2 authentication. It can be used in various JavaScript frameworks, including Angular, to handle user authentication and token management. Unlike @azure/msal-angular, it is not specific to Angular and requires more manual setup for integration with Angular applications.
auth0-angular is a library for integrating Auth0 authentication and authorization into Angular applications. It provides similar functionalities to @azure/msal-angular, such as user authentication, token management, and route protection. Auth0 is a third-party identity provider that supports various authentication methods and social logins.
Getting Started | AAD Docs | Library Reference | Support | Samples |
---|
MSAL for Angular enables Angular web applications to authenticate users using Azure AD work and school accounts (AAD), Microsoft personal accounts (MSA) and social identity providers like Facebook, Google, LinkedIn, Microsoft accounts, etc. through Azure AD B2C service. It also enables your app to get tokens to access Microsoft Cloud services such as Microsoft Graph.
The @azure/msal-angular
package described by the code in this folder wraps the @azure/msal-browser
package and uses it as a peer dependency to enable authentication in Angular Web Applications without backend servers. This version of the library uses the OAuth 2.0 Authorization Code Flow with PKCE. To read more about this protocol, as well as the differences between implicit flow and authorization code flow, see the description provided by @azure/msal-browser. If you are looking for the version of the library that uses the implicit flow, please see the MSAL Angular v1 library.
The current @azure/msal-angular
library improves upon the previous version and utilizes the authorization code flow. Most features available in the old library will be available in this one, but there are nuances to the authentication flow in both. The latest @azure/msal-angular
package does NOT support the implicit flow.
At a minimum, @azure/msal-angular
will follow the support schedule of the main Angular project. We may continue to support certain versions of Angular that are not under Active or LTS support from the main Angular project on a version-by-version basis, as defined below.
MSAL Angular version | MSAL support status | Supported Angular versions |
---|---|---|
MSAL Angular v3 | Active development | 15, 16, 17, 18 |
MSAL Angular v2 | In maintenance | 9, 10, 11, 12, 13, 14 |
MSAL Angular v1 | In maintenance | 6, 7, 8, 9 |
MSAL Angular v0 | Out of support | 4, 5 |
Before using @azure/msal-angular
, register an application in Azure AD to get your clientId
.
For local development, please see the contributing.md
file for more information.
The @azure/msal-angular
package is available on NPM:
npm install @azure/msal-browser @azure/msal-angular@latest
MSAL Angular Basics
Advanced Topics
Documentation specifically for MSAL Angular v2 can be found here. Documentation specifically for MSAL Angular v1 can be found here.
See here for specific features demonstrated by our MSAL Angular v2 samples.
See the contributing.md
file for more information.
To build the @azure/msal-angular
library, you can do the following:
// Install dev dependencies from root of repo
npm install
// Change to the msal-angular package directory
cd lib/msal-angular/
// To run build only for angular package
npm run build
To build both the @azure/msal-angular
library and @azure/msal-browser
libraries, you can do the following:
// Install dev dependencies from root of repo
npm install
// Change to the msal-angular package directory
cd lib/msal-angular/
// To run build for angular and browser packages
npm run build:all
@azure/msal-angular
uses jest to run unit tests and coverage.
// To run tests
npm run test
// To run tests with code coverage
npm run test:coverage
This library controls how users sign-in and access services. We recommend you always take the latest version of our library in your app when possible. We use semantic versioning so you can control the risk associated with updating your app. As an example, always downloading the latest minor version number (e.g. x.y.x) ensures you get the latest security and feature enhanements but our API surface remains the same. You can always see the latest version and release notes under the Releases tab of GitHub.
We enthusiastically welcome contributions and feedback. Please read the contributing guide before you begin.
If you find a security issue with our libraries or services please report it to secure@microsoft.com with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.
Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License (the "License").
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
FAQs
Microsoft Authentication Library for Angular
The npm package @azure/msal-angular receives a total of 37,507 weekly downloads. As such, @azure/msal-angular popularity was classified as popular.
We found that @azure/msal-angular demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.