Microsoft Authentication Library (MSAL) Preview for Android
Getting Started | Sample Code | Library Reference | Support |
---|
The MSAL library for Android gives your app the ability to begin using the Microsoft Cloud by supporting Microsoft Azure Active Directory and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect. The library also supports Azure AD B2C.
Important Note about the MSAL Preview
This library is suitable for use in a production environment. We provide the same production level support for this library as we do our current production libraries. During the preview we may make changes to the API, internal cache format, and other mechanisms of this library, which you will be required to take along with bug fixes or feature improvements. This may impact your application. For instance, a change to the cache format may impact your users, such as requiring them to sign in again. An API change may require you to update your code. When we provide the General Availability release we will require you to update to the General Availability version within six months, as applications written using a preview version of library may no longer work.
Example
// Instantiates MSAL Public Client App
PublicClientApplication myApp = new PublicClientApplication(
this.getApplicationContext(),
CLIENT_ID);
// Acquires a token from AzureAD
myApp.acquireToken(this, SCOPES, getAuthInteractiveCallback());
// ...
// The access token can now be used to access a protected service!
String accessToken = authenticationResult.getAccessToken();
For a full example, checkout the full code sample.
Installation
Binaries via Gradle (Recommended way)
Add to your app's Build.Gradle:
repositories {
mavenCentral()
}
dependencies {
compile('com.microsoft.identity.client:msal:0.1.1') {
// if your app includes android support
// libraries or GSON in its dependencies
// uncomment below
// exclude group: 'com.android.support', module: 'appcompat-v7'
// exclude group: 'com.google.code.gson'
}
}
AAR package inside libs folder
You can get the AAR file from maven central and drop into libs folder in your project.
Community Help and Support
We use Stack Overflow with the community to provide support. We highly recommend you ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before.
If you find and bug or have a feature request, please raise the issue on GitHub Issues.
To provide a recommendation, visit our User Voice page.
Contribute
We enthusiastically welcome contributions and feedback. You can clone the repo and start contributing now.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
Security Library
This library controls how users sign-in and access services. We recommend you always take the latest version of our library in your app when possible. We use semantic versioning so you can control the risk associated with updating your app. As an example, always downloading the latest minor version number (e.g. x. y.x) ensures you get the latest security and feature enhanements but our API surface remains the same. You can always see the latest version and release notes under the Releases tab of GitHub.
Security Reporting
If you find a security issue with our libraries or services please report it to [email protected] with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.
Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License (the "License");
Using MSAL
-
Make sure you've included MSAL in your app's build.gradle.
-
Before you can get a token from Azure AD v2.0 or Azure AD B2C, you'll need to register an application. For Azure AD v2.0, use the app registration portal. For Azure AD B2C, checkout how to register your app with B2C.
Requirements
- Android SDK 21+
- Chrome
Step 1: Configure the AndroidManifest.xml
- Give your app Internet permissions
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
- Configure your Intent filter, make sure you add your App/Client ID
<!--Intent filter to capture System Browser calling back to our app after Sign In-->
<activity
android:name="com.microsoft.identity.client.BrowserTabActivity">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="msal<YOUR_CLIENT_ID>"
android:host="auth" />
</intent-filter>
</activity>
Step 2: Instantiate MSAL and Acquire a Token
- Create a new PublicClientApplication instance. Make sure to fill in your app/client id
PublicClientApplication myApp = new PublicClientApplication(
this.getApplicationContext(),
CLIENT_ID);
- Acquire a token
myApp.acquireToken(this, "User.Read", getAuthInteractiveCallback());
Step 3: Configure the Auth helpers
- Create an onActivityResult method
/* Handles the redirect from the System Browser */
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
sampleApp.handleInteractiveRequestRedirect(requestCode, resultCode, data);
}
- Create the getAuthInteractiveCallback method
private AuthenticationCallback getAuthInteractiveCallback() {
return new AuthenticationCallback() {
@Override
public void onSuccess(AuthenticationResult authenticationResult) {
/* Successfully got a token, use it to call a protected resource */
String accessToken = authenticationResult.getAccessToken();
}
@Override
public void onError(MsalException exception) {
/* Failed to acquireToken */
if (exception instanceof MsalClientException) {
/* Exception inside MSAL, more info inside MsalError.java */
}
else if (exception instanceof MsalServiceException) {
/* Exception when communicating with the STS, likely config issue */
}
}
@Override
public void onCancel() {
/* User canceled the authentication */
}
}
;
}
Step 4: Use the token!
The access token can now be used in an HTTP Bearer request.