-
Notifications
You must be signed in to change notification settings - Fork 143
Why use MSAL4J
MSAL4J (Microsoft Authentication Library for Java) enables developers to acquire tokens in order to call secured Web APIs. These Web APIs can be the Microsoft Graph, other Microsoft APIS, 3rd party Web APIs, or your own Web API.
MSAL4J supports all the possible application topologies including:
- native client (desktop applications) calling the Microsoft Graph in the name of the user,
- daemons/services or web clients (Web Apps/ Web APIs) calling the Microsoft Graph in the name of a user, or without a user.
With the exception of:
- User-agent based client which is only supported in JavaScript
For details about the supported scenarios see Scenarios.
MSAL4J is a token acquisition library. Depending on your scenario it provides you with various way of getting a token, with a consistent API for a number of platforms. It also adds value by:
- maintaining a token cache and refreshes tokens for you when they are close to expire.
you don't need to handle expiration on your own.
- helping you specify which audience you want your application to sign-in (your org, several orgs, work and school and Microsoft personal accounts, Social identities with Azure AD B2C, users in sovereign and national clouds)
- helping you troubleshoot your app by exposing actionable exceptions, logging and telemetry.
MSAL4J is used to acquire tokens. It's not used to protect a Web API. If you are interested in protecting a Web API with Azure AD, you might want to check out:
- Home
- Why use MSAL4J
- Register your app with AAD
- Scenarios
- Client Applications
- Acquiring tokens
- IAuthenticationResult
- Calling a protected API