@azure/msal-browser

What is @azure/msal-browser?

The @azure/msal-browser package is a library that enables browser-based applications to authenticate users using Azure Active Directory and to obtain tokens to access protected APIs. It implements the OAuth 2.0 and OpenID Connect protocols in a client-side JavaScript application.

What are @azure/msal-browser's main functionalities?

Authentication

This feature allows users to sign in and obtain an ID token through a popup window.

const msalConfig = {
  auth: {
    clientId: 'your-client-id',
    authority: 'https://login.microsoftonline.com/common',
    redirectUri: 'your-redirect-uri'
  }
};

const myMSALObj = new msal.PublicClientApplication(msalConfig);

function signIn() {
  myMSALObj.loginPopup()
    .then(loginResponse => {
      console.log('id_token acquired at: ' + new Date().toString());
      if (myMSALObj.getAccount()) {
        console.log('Logged in');
      }
    }).catch(error => {
      console.error(error);
    });
}

Acquiring Tokens

This feature is used to acquire tokens silently or through a popup if required by the application.

const tokenRequest = {
  scopes: ['user.read'],
  forceRefresh: false
};

function getTokenPopup(request) {
  return myMSALObj.acquireTokenSilent(request)
    .catch(error => {
      console.warn('silent token acquisition fails. acquiring token using popup');
      if (error instanceof msal.InteractionRequiredAuthError) {
        return myMSALObj.acquireTokenPopup(request)
          .then(tokenResponse => {
            return tokenResponse;
          }).catch(error => {
            console.error(error);
          });
      } else {
        console.warn(error);
      }
    });
}

Single Sign-Out

This feature allows users to sign out of the application and clear the user's session.

function signOut() {
  const logoutRequest = {
    account: myMSALObj.getAccount()
  };
  myMSALObj.logout(logoutRequest);
}

Other packages similar to @azure/msal-browser

oidc-client

The oidc-client package is a low-level JavaScript library for implementing OpenID Connect (OIDC) clients in the browser. It provides more granular control over the authentication process compared to @azure/msal-browser but requires more setup and understanding of the OIDC protocol.

react-adal

The react-adal package is a React library that provides Azure Active Directory Authentication in ReactJS applications. It is specifically tailored for React applications and uses the ADAL.js library under the hood. It is less modern and feature-rich compared to @azure/msal-browser, which uses the newer MSAL.js library.

angular-auth-oidc-client

The angular-auth-oidc-client package is an Angular library for implementing OpenID Connect and OAuth2 in Angular applications. It is designed specifically for Angular and provides a similar feature set to @azure/msal-browser but is tailored to the Angular framework.

README

Microsoft Authentication Library for JavaScript (MSAL.js) for Browser-Based Single-Page Applications

Getting Started	AAD Docs	Library Reference

1. About
2. FAQ
3. Changelog
4. Roadmap
5. Prerequisites
6. Installation
7. Usage
   • Migrating from Previous MSAL Versions
   • MSAL Basics
   • Advanced Topics
8. Samples
9. Build and Test
10. Authorization Code vs Implicit
11. Framework Wrappers
12. Security Reporting
13. License
14. Code of Conduct

About

The MSAL library for JavaScript enables client-side JavaScript applications to authenticate users using Azure AD work and school accounts (AAD), Microsoft personal accounts (MSA) and social identity providers like Facebook, Google, LinkedIn, Microsoft accounts, etc. through Azure AD B2C service. It also enables your app to get tokens to access Microsoft Cloud services such as Microsoft Graph.

The @azure/msal-browser package described by the code in this folder uses the @azure/msal-common package as a dependency to enable authentication in JavaScript Single-Page Applications without backend servers. This version of the library uses the OAuth 2.0 Authorization Code Flow with PKCE. To read more about this protocol, as well as the differences between implicit flow and authorization code flow, see the section below.

This is an improvement upon the previous @azure/msal library which will utilize the authorization code flow in the browser. Most features available in the old library will be available in this one, but there are nuances to the authentication flow in both. The @azure/msal-browser package does NOT support the implicit flow.

FAQ

See here.

Roadmap

See here.

Prerequisites

• @azure/msal-browser is meant to be used in Single-Page Application scenarios.

• Before using @azure/msal-browser you will need to register a Single Page Application in Azure AD to get a valid clientId for configuration, and to register the routes that your app will accept redirect traffic on.

Installation

Via NPM

npm install @azure/msal-browser

Usage

Migrating from Previous MSAL Versions

• Migrating from MSAL v1.x to MSAL v2.x
• Migrating from MSAL v2.x to MSAL v3.x

MSAL Basics

1. Initialization
2. Logging in a User
3. Acquiring and Using an Access Token
4. Managing Token Lifetimes
5. Managing Accounts
6. Logging Out a User

Advanced Topics

• Configuration Options
• Request and Response Details
• Cache Storage
• Performance Enhancements
• Instance Aware Flow

Samples

The msal-browser-samples folder contains sample applications for our libraries.

More instructions to run the samples can be found in the README.md file of the VanillaJSTestApp2.0 folder.

More advanced samples backed with a tutorial can be found in the Azure Samples space on GitHub:

• JavaScript SPA calling Express.js web API
• JavaScript SPA calling Microsoft Graph via Express.js web API using on-behalf-of flow
• Deployment tutorial for Azure App Service and Azure Storage

We also provide samples for addin/plugin scenarios:

• Office Addin-in using MSAL.js
• Teams Tab using MSAL.js
• Chromium Extension using MSAL.js

Build and Test

See the contributing.md file for more information.

Building the package

To build the @azure/msal-browser library, you can do the following:

// Change to the msal-browser package directory
cd lib/msal-browser/
// To run build only for browser package
npm run build

To build both the @azure/msal-browser library and @azure/msal-common libraries, you can do the following:

// Change to the msal-browser package directory
cd lib/msal-browser/
// To run build only for browser package
npm run build:all

Running Tests

@azure/msal-browser uses jest to run unit tests.

// To run tests
npm test
// To run tests with code coverage
npm run test:coverage

Framework Wrappers

If you are using a framework such as Angular or React you may be interested in using one of our wrapper libraries:

• Angular: @azure/msal-angular v2
• React: @azure/msal-react

Security Reporting

If you find a security issue with our libraries or services please report it to secure@microsoft.com with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.

License

Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License.

We Value and Adhere to the Microsoft Open Source Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.