npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

msal-browser-ext

v2.3.2

Published

Microsoft Authentication Library for js

Downloads

13

Readme

Microsoft Authentication Library for JavaScript (MSAL.js) 2.0 for Browser-Based Single-Page Applications

npm versionnpm versionCoverage Status

| Getting Started | AAD Docs | Library Reference | | --- | --- | --- |

  1. About
  2. FAQ
  3. Releases
  4. Prerequisites
  5. Installation
  6. Usage
  7. Samples
  8. Build and Test
  9. Authorization Code vs Implicit
  10. Security Reporting
  11. License
  12. Code of Conduct

About

Important: MSAL.js 2.0 with Authorization Code Flow is not yet available for B2C tenants (coming soon).

The MSAL library for JavaScript enables client-side JavaScript applications to authenticate users using Azure AD work and school accounts (AAD), Microsoft personal accounts (MSA) and social identity providers like Facebook, Google, LinkedIn, Microsoft accounts, etc. through Azure AD B2C service. It also enables your app to get tokens to access Microsoft Cloud services such as Microsoft Graph.

The @azure/msal-browser package described by the code in this folder uses the msal-common-ext package as a dependency to enable authentication in Javascript Single-Page Applications without backend servers. This version of the library uses the OAuth 2.0 Authorization Code Flow with PKCE. To read more about this protocol, as well as the differences between implicit flow and authorization code flow, see the section below. If you are looking for the version of the library that uses the implicit flow, please see the msal-core library.

This is an improvement upon the current msal-core library which will utilize the authorization code flow in the browser. Most features available in the old library will be available in this one, but there are nuances to the authentication flow in both. The @azure/msal-browser package does NOT support the implicit flow.

FAQ

See here.

Releases

Expect us to detail our major and minor releases moving forward, while leaving out our patch releases. Patch release notes can be found in our change log.

| Date | Release | Announcement | Main features | | ------| ------- | ---------| --------- | | | @azure/msal-browser v2.1.0 | | Throttling, Client and Server Telemetry, Access Token Proof-of-Possession (Tentative) | | July 20th, 2020 | @azure/msal-browser v2.0.0 | Release Notes | Full version of the @azure/msal-browser package; relies on msal-common-ext v1.0.0 | | May 11, 2020 | @azure/msal-browser v2.0.0-beta | No release notes | Beta version of the @azure/msal-browser package; relies on msal-common-ext v1.0.0-beta | | January 17, 2020 | @azure/msal-browser v2.0.0-alpha | No release notes | Alpha version of the @azure/msal-browser package with authorization code flow for SPAs working in dev; relies on msal-common v1.0.0-alpha |

Prerequisites

Installation

Via NPM:

npm install @azure/msal-browser

Via CDN (with SRI Hash):

See here for more info on how to use this package from the Microsoft CDN.

Compiled

<script src="https://alcdn.msauth.net/browser/2.1.0/js/msal-browser.js" integrity="sha384-M9bRB06LdiYadS+F9rPQnntFCYR3UJvtb2Vr4Tmhw9WBwWUfxH8VDRAFKNn3VTc/" crossorigin="anonymous"></script>

Minified

<script src="https://alcdn.msauth.net/browser/2.1.0/js/msal-browser.min.js" integrity="sha384-EmYPwkfj+VVmL1brMS1h6jUztl4QMS8Qq8xlZNgIT/luzg7MAzDVrRa2JxbNmk/e" crossorigin="anonymous"></script>

Usage

Migrating from Previous MSAL Versions

If you have MSAL v1.x currently running in your application, you can follow the instructions here to migrate your application to using the @azure/msal-browser package.

MSAL Basics

  1. Initialization
  2. Logging in a User
  3. Acquiring and Using an Access Token
  4. Managing Token Lifetimes
  5. Managing Accounts
  6. Logging Out a User

Advanced Topics

Samples

The msal-browser-samples folder contains sample applications for our libraries.

  • You can run any VanillaJSTestApp2.0 sample by changing the authConfig.js file in the respective folder to match your app registration and running the npm command npm start -- -s <sample-name> -p <port> in the VanillaJSTestApp2.0 folder.
  • You can run the TypescriptTestApp2.0 sample by changing the AuthModule.ts file to match your app registration and running the npm command npm start in the TypescriptTestApp2.0 folder.

Additionally, the msal-angular-v2-samples folder contains an Angular 10 sample app that uses msal-browser.

  • You can run the angular10-browser sample by changing the app.module.ts file to match your app registration and running the npm command npm start in the angular-10-browser-sample folder.

Here is a complete list of samples for the MSAL.js 2.x library:

| Sample | Description | How to Run | | ------ | ----------- | ---------- | | TypeScript Sample | A TypeScript sample showing usage of MSAL 2.0 with the Microsoft Graph API. | npm start | | Basic Auth Sample | A vanilla Javascript sample showing basic usage of the MSAL 2.0 library (@azure/msal-browser package) with the Microsoft Graph API. | npm start -- -s default | | Multiple Resources Sample | A vanilla JS sample showing usage of MSAL 2.0 with authentication on page load with a redirect. | npm start -- -s multipleResources | | On Page Load Sample | A vanilla JS sample showing usage of MSAL 2.0 with authentication on page load with a redirect. | npm start -- -s onPageLoad | | ssoSilent() Sample | A vanilla JS sample showing usage of the ssoSilent API, allowing you to sign in a user silently if a context exists on the authentication server. | npm start -- -s ssoSilent | | Internet Explorer 11 Sample | A vanilla JS sample showing usage of @azure/msal-browser in an application designed to run in Internet Explorer 11. | npm start -- -s ie11-sample | | Angular 10 Sample | An Angular 10 sample showing usage of MSAL 2.0 with the Microsoft Graph API. | npm start |

More instructions to run the samples can be found in the README.md file of the VanillaJSTestApp2.0 folder.

Build and Test

Build Library

// Change to the root of the msal repo
cd microsoft-authentication-library-for-js/
// Install npm dependencies and bootstrap packages
npm install
// Build library
npm run build
// To run build only for the browser package
npm run build -- --scope @azure/msal-browser

Alternate Build Instructions

If you are having issues with lerna, you can try the following:

// Change to the msal-browser package directory
cd lib/msal-browser/
// Ensure you are using the local build of msal-common
npm link msal-common-ext
// To run build only for browser package
npm run build
// To run build for common and browser package
npm run build:all

Running Tests

@azure/msal-browser uses mocha and chai to run unit tests, as well as Istanbul's nyc tool for code coverage.

// To run tests
npm test
// To run tests with code coverage
npm run test:coverage:only
  • If you are having issues with lerna, change to the msal-browser directory and run the commands directly there.

Implicit Flow vs Authorization Code Flow with PKCE

MSAL.js 1.x implemented the Implicit Grant Flow, as defined by the OAuth 2.0 protocol and OpenID.

Our goal is that the library abstracts enough of the protocol away so that you can get plug and play authentication, but it is important to know and understand the implicit flow from a security perspective. The MSAL 1.x client for single-page applications runs in the context of a web browser which cannot manage client secrets securely. It uses the implicit flow, which optimized for single-page applications and has one less hop between client and server so tokens are returned directly to the browser. These aspects make it naturally less secure. These security concerns are mitigated per standard practices such as: use of short lived tokens (and so no refresh tokens are returned), the library requiring a registered redirect URI for the app, and library matching the request and response with a unique nonce and state parameter. You can read more about the disadvantages of the implicit flow here.

The MSAL library will now support the Authorization Code Flow with PKCE for Browser-Based Applications without a backend web server. We plan to continue support for the implicit flow in the msal-core library.

You can learn further details about @azure/msal-browser functionality documented in our docs folder and find complete code samples.

Security Reporting

If you find a security issue with our libraries or services please report it to [email protected] with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.

License

Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License.

We Value and Adhere to the Microsoft Open Source Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.