• This repository has been archived on 26/Jun/2021
  • Stars
    star
    625
  • Rank 71,862 (Top 2 %)
  • Language
    JavaScript
  • License
    Apache License 2.0
  • Created over 10 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The code for ADAL.js and ADAL Angular has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.

This library, ADAL for JavaScript, will no longer receive new feature improvements, and this repository has been archived. Instead, use the new library MSAL.js (the code for ADAL.js and ADAL Angular has also been moved to the MSAL.js repository).

  • If you are starting a new project, you can get started with the MSAL.js docs for details about the scenarios, usage, and relevant concepts.
  • If your application is using the previous ADAL JavaScript library, you can follow this migration guide to update to MSAL.js.
  • Existing applications relying on ADAL JavaScript will continue to work.

Active Directory Authentication Library (ADAL) for JavaScript

Getting Started Docs Samples Support Feedback

Active Directory Authentication Library for JavaScript (ADAL JS) helps you to use Azure AD for handling authentication in your single page applications. This library works with both plain JS as well as AngularJS applications.

Build Statusnpmnpm

Installation

You have multiple ways of getting ADAL JS:

Via NPM:

npm install adal-angular

Note: Currently there is one NPM package providing both the plain JS library (adal.js) and the AngularJS wrapper (adal-angular.js).

Via CDN:

<!-- Latest compiled and minified JavaScript -->
<script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.18/js/adal.min.js"></script>
<script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.18/js/adal-angular.min.js"></script>

CDN will be updated to latest version 1.0.18.

Via Bower:

$ bower install adal-angular

The adal.js source is here. The adal-angular.js source is here.

Usage

In JavaScript

You can use ADAL JS as follows in a plain JavaScript application without any frameworks.

1- Include a reference to adal.js in your main app page before your application scripts.

<script src="App/Scripts/adal.js"></script>
<script src="App/Scripts/app.js"></script>

2- Initialize ADAL with the AAD app coordinates at app config time. The minimum required config to initialize ADAL is:

window.config = {
   clientId: 'g075edef-0efa-453b-997b-de1337c29185'
};
var authContext = new AuthenticationContext(config);

3- You can trigger the login and logout using the authContext

$signInButton.click(function () {
    authContext.login();
});

$signOutButton.click(function () {
    authContext.logOut();
});

Refer this sample for a full implementation example.

In AngularJS

ADAL also provides an AngularJS wrapper as adal-angular.js. Below you can find a quick reference for the most common operations you need to perform in AngularJS applications to use ADAL JS.

1- Include references to angular.js libraries, adal.js, adal-angular.js in your main app page. The ADAL should be included after Angular, but before your application scripts as shown below.

<script src="/Scripts/angular.min.js"></script>
<script src="/Scripts/angular-route.min.js"></script>
<script src="/Scripts/adal.js"></script>
<script src="/Scripts/adal-angular.js"></script>
<script src="App/Scripts/app.js"></script>

2- Include a reference to the ADAL module in your app module.

var app = angular.module('demoApp', ['ngRoute', 'AdalAngular']);

3- When HTML5 mode is configured, ensure the $locationProvider hashPrefix is set

// using '!' as the hashPrefix but can be a character of your choosing
app.config(['$locationProvider', function($locationProvider) {
	$locationProvider.html5Mode(true).hashPrefix('!');
}]);

Without the hashPrefix set, the AAD login will loop indefinitely as the callback URL from AAD (in the form of, {yourBaseUrl}/#{AADTokenAndState}) will be rewritten to remove the '#' causing the token parsing to fail and login sequence to occur again.

4- Initialize ADAL with the AAD app coordinates at app config time. The minimum required config to initialize ADAL is:

adalAuthenticationServiceProvider.init({
        // clientId is the identifier assigned to your app by Azure Active Directory.
        clientId: "e9a5a8b6-8af7-4719-9821-0deef255f68e"
    },
    $httpProvider   // pass http provider to inject request interceptor to attach tokens
);

5- Define which routes you want to secure via ADAL - by adding requireADLogin: true to their definition

$routeProvider.
    when("/todoList", {
        controller: "todoListController",
        templateUrl: "/App/Views/todoList.html",
        requireADLogin: true
    });

Any service invocation code you might have will remain unchanged. ADAL's interceptor will automatically add tokens for every outgoing call.

Anonymous endpoints, introduced in version 1.0.10, is an array of values that will be ignored by the ADAL route/state change handlers. ADAL will not attach a token to outgoing requests that have these keywords or URI. Routes that do not specify the requireADLogin=true property are added to the anonymousEndpoints array automatically.

Optional

If you so choose, in addition (or substitution) to route level protection you can add explicit login/logout UX elements. Furthermore, you can access properties of the currently signed in user directly form JavaScript (via userInfo and userInfo.profile). The userInfo.profile property provides access to the claims in the ID token received from AAD. The claims can be used by the application for validation, to identify the subject's directory tenant, and so on. The complete list of claims with a brief description of each value is here, Claims in Azure AD Security Tokens:

<!DOCTYPE html>
<html>
<head>
    <title>Angular Adal Sample</title>
</head>
<body ng-app="adalDemo" ng-controller="homeController" ng-init="hmCtl.init()">
    <a href="#">Home</a>
    <a href="#/todoList">ToDo List</a>


    <!--These links are added to manage login/logout-->
    <div data-ng-model="userInfo">
        <span data-ng-hide="!userInfo.isAuthenticated">Welcome {{userInfo.userName}} </span>
        <button data-ng-hide="!userInfo.isAuthenticated" data-ng-click="logout()">Logout</button>
        <button data-ng-hide="userInfo.isAuthenticated" data-ng-click="login()">Login</button>

        <div>
            {{userInfo.loginError}}
        </div>
        <div>
            {{testMessage}}
        </div>
    </div>
    <div ng-view>
        Your view will appear here.
    </div>

    <script src="/Scripts/angular.min.js"></script>
    <script src="/Scripts/angular-route.min.js"></script>
    <script src="/Scripts/adal.js"></script>
    <script src="/Scripts/adal-angular.js"></script>
    <script src="App/Scripts/app.js"></script>
    <script src="App/Scripts/homeController.js"></script>
    <script src="App/Scripts/todoDetailController.js"></script>
    <script src="App/Scripts/todoListController.js"></script>
    <script src="App/Scripts/todoService.js"></script>
</body>
</html>

6- You have full control on how to trigger sign in, sign out and how to deal with errors:

'use strict';
app.controller('homeController', ['$scope', '$location', 'adalAuthenticationService', function ($scope, $location, adalAuthenticationService) {
    // this is referencing adal module to do login

    //userInfo is defined at the $rootscope with adalAngular module
    $scope.testMessage = "";
    $scope.init = function () {
        $scope.testMessage = "";
    };

    $scope.logout = function () {
        adalAuthenticationService.logOut();
    };

    $scope.login = function () {
        adalAuthenticationService.login();
    };

    // optional
    $scope.$on("adal:loginSuccess", function () {
        $scope.testMessage = "loginSuccess";
    });

    // optional
    $scope.$on("adal:loginFailure", function () {
        $scope.testMessage = "loginFailure";
        $location.path("/login");
    });

    // optional
    $scope.$on("adal:notAuthorized", function (event, rejection, forResource) {
        $scope.testMessage = "It is not Authorized for resource:" + forResource;
    });

}]);

Multi-Tenant

By default, you have multi-tenant support. ADAL will set tenant to 'common', if it is not specified in the config. This allows any Microsoft account to authenticate to your application. If you are not interested in multi-tenant behavior, you will need to set the tenant property as shown below.

window.config = {
    tenant: "52d4b072-9470-49fb-8721-bc3a1c9912a1", // Optional by default, it sends common
    clientId: 'g075edef-0efa-453b-997b-de1337c29185'
};

If you allow multi-tenant authentication, and you do not wish to allow all Microsoft account users to use your application, you must provide your own method of filtering the token issuers to only those tenants who are allowed to login.

Cache Location

Default storage location is sessionStorage. You can specify localStorage in the config as well.

window.config = {
    clientId: 'g075edef-0efa-453b-997b-de1337c29185',
    cacheLocation: 'localStorage' // optional cache location. Default is sessionStorage
};

Logging

Log levels are mapped as:

0: Error
1: Warning
2: Info
3: Verbose

You can add the code below to app.js to turn on logging. Implement the log method depending on how you want to redirect logs.

Logging = {
    level: 3,
    log: function (message) {
        console.log(message);
    }
};

Security

Tokens are accessible from JavaScript since ADAL.JS is using HTML5 storage. Default storage option is sessionStorage, which keeps the tokens per session. You should prompt users to login again for important operations on your app. You should protect your site for XSS. Please check the article here: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

CORS API usage and IE

ADAL will get access token using Iframe for the given CORS API endpoints in the config. The Iframe needs to access cookies for the same domain that you did the initial sign in. Since IE does not allow to access cookies in an IFrame for localhost, your URL needs to be a fully qualified domain i.e http://yoursite.azurewebsites.com. Chrome does not have this restriction.

To make CORS API call, you need to specify endpoints in the config for your CORS API as shown here.

// endpoint to resource mapping(optional)
var endpoints = {
    "https://yourhost/api": "b6a68585-5287-45b2-ba82-383ba1f60932",
};
adalAuthenticationServiceProvider.init(
    {
        tenant: "52d4b072-9470-49fb-8721-bc3a1c9912a1", // Optional by default, it sends common
        clientId: "e9a5a8b6-8af7-4719-9821-0deef255f68e", // Required
        endpoints: endpoints  // If you need to send CORS API requests.
    },
    $httpProvider   // pass http provider to inject request interceptor to attach tokens
);

Your service will be as shown below to make the call from JS. In your API project, you need to enable CORS API requests to receive pre-flight requests. You can check this sample for CORS API.

'use strict';
app.factory('contactService', ['$http', function ($http) {
    var serviceFactory = {};

    var _getItems = function () {
        $http.defaults.useXDomain = true;
        delete $http.defaults.headers.common['X-Requested-With'];
        return $http.get('http://adaljscors.azurewebsites.net/api/contacts');
    };

    serviceFactory.getItems = _getItems;

    return serviceFactory;
}]);

You can read extended blogs about CORS API below.

Andrew's blog related to CORS and Office365 usage

http://www.andrewconnell.com/blog/adal-js-cors-with-o365-apis-files-sharepoint

Vittorio's blog

http://www.cloudidentity.com/blog/2015/02/19/introducing-adal-js-v1/ http://www.cloudidentity.com/blog/2014/10/28/adal-javascript-and-angularjs-deep-dive/

Trusted Site settings in IE

If you put your site in the trusted site list, cookies are not accessible for iFrame requests. You need to remove protected mode for Internet zone or add the authority URL for the login to the trusted sites as well.

Known issues on Edge

Certain issues have been reported when using ADAL.js with the Microsoft Edge version 40.15063.0.0. Please take a look at this page for details and workarounds before filing a new issue experienced with Edge.

Build and run tests

Run tests

npm install
bower install
npm test

// angular tests
karma start

To use Karma as test runner, you need to install the karma command line.

npm install -g karma
npm install -g karma-cli

Reference doc generation

Install grunt and run the command

grunt doc

Contribution

We encourage and welcome contributions to the library. Please read the contributing guide before starting.

Versions

This is a GA released version. Current version - 1.0.18
Minimum recommended version - 1.0.18
You can find the changes for each version in the change log.

Samples and Documentation

We provide a full suite of sample applications and documentation on GitHub to help you get started with learning the Azure Identity system. This includes tutorials for native clients such as Windows, Windows Phone, iOS, OSX, Android, and Linux; and a detailed guide to registering your app with Azure Active Directory. We also provide full walkthroughs for authentication flows such as OAuth2, OpenID Connect, Graph API, and other awesome features.

Community Help and Support

We leverage Stack Overflow to work with the community on supporting Azure Active Directory and its SDKs, including this one! We highly recommend you ask your questions on Stack Overflow (we're all on there!) Also browser existing issues to see if someone has had your question before.

We recommend you use the "adal" tag so we can see it! Here is the latest Q&A on Stack Overflow for ADAL: http://stackoverflow.com/questions/tagged/adal

Submit Feedback

We'd like your thoughts on this library. Please complete this short survey.

Security Reporting

If you find a security issue with our libraries or services please report it to the Microsoft Security Response Center (MSRC) with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.

License

Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License");

We value and adhere to the Microsoft Open Source Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

More Repositories

1

microsoft-authentication-library-for-js

Microsoft Authentication Library (MSAL) for JS
TypeScript
3,652
star
2

microsoft-authentication-library-for-dotnet

Microsoft Authentication Library (MSAL) for .NET
C#
1,393
star
3

azure-activedirectory-identitymodel-extensions-for-dotnet

IdentityModel extensions for .Net
C#
1,048
star
4

microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
Python
815
star
5

AzureADAssessment

Tooling for assessing an Azure AD tenant state and configuration
PowerShell
727
star
6

microsoft-identity-web

Helps creating protected web apps and web APIs with Microsoft identity platform and Azure AD B2C
C#
682
star
7

passport-azure-ad

The code for Passport Azure AD has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.
JavaScript
422
star
8

Azure-AD-Incident-Response-PowerShell-Module

The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.
PowerShell
405
star
9

azure-activedirectory-library-for-dotnet

ADAL authentication libraries for .net
C#
358
star
10

microsoft-authentication-library-for-java

Microsoft Authentication Library (MSAL) for Java http://aka.ms/aadv2
Java
285
star
11

azure-activedirectory-library-for-python

ADAL for Python
Python
259
star
12

microsoft-authentication-library-for-objc

Microsoft Authentication Library (MSAL) for iOS and macOS
Objective-C
256
star
13

MSIdentityTools

Repository for the Microsoft Identity Tools PowerShell module which provides various tools for performing enhanced Identity administration activities.
PowerShell
230
star
14

microsoft-authentication-library-for-go

The MSAL library for Go is part of the Microsoft identity platform for developers (formerly named Azure AD) v2.0. It enables you to acquire security tokens to call protected APIs. It uses industry standard OAuth2 and OpenID Connect.
Go
229
star
15

microsoft-authentication-library-for-android

Microsoft Authentication Library (MSAL) for Android
Java
209
star
16

azure-activedirectory-library-for-nodejs

The code for ADAL Node has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.
JavaScript
208
star
17

azure-activedirectory-library-for-android

The ADAL SDK for Android gives you the ability to add support for Work Accounts to your application with just a few lines of additional code. This SDK gives your application the full functionality of Microsoft Azure AD, including industry standard protocol support for OAuth2, Web API integration with user level consent, and two factor authentication support.
Java
177
star
18

azure-activedirectory-library-for-objc

The ADAL SDK for Objective C gives you the ability to add support for Work Accounts to your iOS and macOS applications with just a few lines of additional code. This SDK gives your application the full functionality of Microsoft Azure AD, including industry standard protocol support for OAuth2, Web API integration with user level consent, and two factor authentication support.
Objective-C
177
star
19

Deployment-Plans

Step by step guidance to deploy Azure Active Directory capabilities such as Conditional Access, Multi Factor Authentication, Self Service Password, and more.
PowerShell
173
star
20

MSAL.PS

PowerShell
164
star
21

SCIMReferenceCode

Reference code to build a SCIM endpoint to automate provisioning
C#
162
star
22

azure-activedirectory-library-for-java

Java
161
star
23

microsoft-authentication-extensions-for-dotnet

Secure cross-platform token cache for MSAL public client apps
C#
83
star
24

IdentityProtectionTools

Sample PowerShell module and scripts for managing Azure AD Identity Protection service
PowerShell
71
star
25

azure-activedirectory-library-for-cordova

ADAL for Cordova
59
star
26

Apple-SSO-Tools

Apple Enterprise SSO troubleshooting script
Shell
54
star
27

omniauth-azure-activedirectory

Ruby
50
star
28

microsoft-authentication-cli

A command line utility for Azure authentication.
C#
42
star
29

microsoft-authentication-library-common-for-android

Common code used by both the Active Directory Authentication Library (ADAL) and the Microsoft Authentication Library (MSAL)
Java
41
star
30

azure-activedirectory-library-for-ruby

The ADAL for Ruby library makes it easy for Ruby applications to authenticate to AAD in order to access AAD protected web resources.
Ruby
36
star
31

active-directory-b2c-wordpress-plugin-openidconnect

A plugin for WordPress that allows users to authenticate with Azure AD B2C using OpenID Connect.
PHP
31
star
32

microsoft-authentication-library-common-for-objc

Common code used by both the Active Directory Authentication Library (ADAL) and the Microsoft Authentication Library (MSAL)
Objective-C
30
star
33

azure-activedirectory-powershell

This is a repo for Azure AD PowerShell scrips and samples
PowerShell
30
star
34

rms-sdk-for-cpp

RMS SDK for C++
C
29
star
35

microsoft-authentication-extensions-for-python

Microsoft Authentication Library extensions (MSAL EX) provides a persistence API that can save your data on disk, encrypted on Windows, macOS and Linux. Concurrent data access will be coordinated by a file lock mechanism.
Python
29
star
36

entra-id-inbound-provisioning

Samples, scripts and resources to help you get started with Microsoft Entra API-driven inbound provisioning
PowerShell
24
star
37

azure-activedirectory-powershell-for-admins

PowerShell
11
star
38

AzureAD-Governance-Assessment

Scripts to run an AAD Governance Assessment
PowerShell
10
star
39

microsoft-identity-abstractions-for-dotnet

Contains interfaces and data classes used in the .NET Microsoft authentication libraries (MSAL, IdentityModel, Microsoft.Identity.Web, ...)
C#
9
star
40

azure-activedirectory-powershell-tokenkey

Scripts to override the Azure Active Directory token signing key.
PowerShell
8
star
41

rms-sdk-ui-for-ios

RMS SDK UI Components for iOS
Objective-C
8
star
42

MSCloudIDUtils

Sample PowerShell logic for interacting with Azure Active Directory identity and resources using the Microsoft Identity Platform
PowerShell
7
star
43

availability-proxy-for-rest-services

C#
6
star
44

azure-activedirectory-cordova-plugin-graph

JavaScript
5
star
45

microsoft-authentication-extensions-for-java

Microsoft Authentication extensions for MSAL.Java
Java
4
star
46

Cross-tenant-synchronization

3
star
47

rms-sdk-ui-for-android

RMS SDK UI Components for Android
Java
3
star
48

docs

API Documentation
HTML
2
star
49

declaredaccess

Collection of experimental projects for simplifying the use of identity by moving from imperative programming models to declarative programming models.
HTML
2
star
50

rms-sdk-ui-for-windowsstore

RMS SDK for Windows Store Applications
C#
2
star
51

rms-sdk-ui-for-winphone

C#
2
star
52

microsoft-authentication-extensions-for-go

Secure cross-platform token cache for MSAL public client apps
1
star
53

ADALLoginKit

A Helper Library to bootstrap AzureAD Samples
Objective-C
1
star
54

java-flavors-plugin

Plugin to support configuration of "flavors" for java projects.
Groovy
1
star