{"id":66066,"date":"2022-11-15T04:14:23","date_gmt":"2022-11-15T12:14:23","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/devops\/?p=66066"},"modified":"2023-03-03T00:10:46","modified_gmt":"2023-03-03T08:10:46","slug":"azure-devops-client-libraries-migrated-to-msal","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/devops\/azure-devops-client-libraries-migrated-to-msal\/","title":{"rendered":"Azure DevOps client libraries migrated to MSAL"},"content":{"rendered":"<p>The <a href=\"https:\/\/www.nuget.org\/packages\/Microsoft.VisualStudio.Services.InteractiveClient\">Microsoft.VisualStudio.Services.InteractiveClient<\/a> library is a public NuGet package that takes care of authenticating to Azure DevOps Services. It abstracts away the acquisition, management and refreshing of authentication tokens, so developers can focus on their goals and stay productive.<\/p>\n<p>Historically, the interactive client library has been dependent on the <em>Microsoft.IdentityModel.Clients. ActiveDirectory<\/em> (or ADAL, for short) to authenticate against Azure Active Directory. With ADAL coming close to the <a href=\"https:\/\/docs.microsoft.com\/azure\/active-directory\/develop\/msal-migration\">end of its lifecycle<\/a>, we have updated the interactive client to use a new authentication library &#8211; <em>Microsoft.Identity.Client<\/em>, also known as MSAL.<\/p>\n<h2>Breaking changes<\/h2>\n<p>The migration demanded reworking large parts of the interactive client, leading to several breaking changes. Arguably, the most prominent change is the shift from ADAL&#8217;s resources to MSAL&#8217;s scopes. In previous versions of interactive client, you would authenticate like this:<\/p>\n<pre><code class=\"cs\">using Microsoft.VisualStudio.Services.Client;\n...\n\/\/ All the provided values are samples\nvar accountProvider = new VSAccountProvider(\"vsInstanceName\");\nvar resource = \"https:\/\/www.contoso.com\";\nvar tenantId = Guid.Parse(\"AadTenantId\");\nvar upn = \"jane.doe@contoso.com\";\naccountProvider.AcquireTokenAsync(resource, tenantId, upn, WinFormsButton.Handle);\n<\/code><\/pre>\n<p>Starting with version 19.209.0-preview you can utilize the more robust and flexible scope parameters:<\/p>\n<pre><code class=\"cs\">using Microsoft.VisualStudio.Services.Client;\n...\n\/\/ All the provided values are samples\nvar accountProvider = new VSAccountProvider(\"vsInstanceName\");\nvar scopes = new string[] { \"https:\/\/www.contoso.com\/.default\" };\nvar tenantId = Guid.Parse(\"AadTenantId\");\nvar upn = \"jane.doe@contoso.com\";\naccountProvider.AcquireTokenAsync(scopes, tenantId, upn, WinFormsButton.Handle);\n<\/code><\/pre>\n<p>Usually, you will be fine using the <a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/develop\/scopes-oidc#the-default-scope\">default scope<\/a>. To help you with the transition from resources to scopes, you can add this simple helper method:<\/p>\n<pre><code class=\"cs\">public static string[] GetDefaultScopes(string resource)\n{\n    var defaultScope =  resource.EndsWith(\"\/\")\n        ? $\"{resource}.default\"\n        : $\"{resource}\/.default\";\n    return new string[] { defaultScope };\n}\n<\/code><\/pre>\n<p>Additional changes involve the removal of all &#8220;ADAL&#8221; references to provide more generic names of methods, delegates, properties, and fields. This includes the optional registry keys <em>adaluri<\/em> and <em>AdalExtraParametersRegistryOverride<\/em>, which have been renamed to <em>accounturi<\/em> and <em>ExtraParametersRegistryOverride<\/em>, respectively. Moreover, several method overloads have been unified into a single method with a list of optional named parameters.<\/p>\n<h2>Changes to Microsoft.TeamFoundationServer.ExtendedClient<\/h2>\n<p>Hand in hand with our push towards using MSAL, we have removed the ADAL references from another client library, namely <a href=\"https:\/\/www.nuget.org\/packages\/Microsoft.TeamFoundationServer.ExtendedClient\">Microsoft.TeamFoundationServer.ExtendedClient<\/a>. The extended client had several deprecated methods and classes dependent on ADAL. Starting with the version 19.207.0-preview, those methods and classes have been fully removed along with the reference to Microsoft.IdentityModel.Clients.ActiveDirectory.<\/p>\n<h2>How to get started<\/h2>\n<p>To get your hands on the newest changes, <a href=\"https:\/\/www.nuget.org\/packages\/Microsoft.VisualStudio.Services.InteractiveClient\/latest\">download the latest version<\/a> from NuGet.org. You can find examples of how to use the libraries in our <a href=\"https:\/\/github.com\/microsoft\/azure-devops-auth-samples\">GitHub samples<\/a>.<\/p>\n<p>Please comment below with any questions, comments, or issues you may have. We take your input seriously and read every bit of feedback. We are excited for you all to try this out and tell us what you think!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Microsoft.VisualStudio.Services.InteractiveClient library is a public NuGet package that takes care of authenticating to Azure DevOps Services. It abstracts away the acquisition, management and refreshing of authentication tokens, so developers can focus on their goals and stay productive. Historically, the interactive client library has been dependent on the Microsoft.IdentityModel.Clients. ActiveDirectory (or ADAL, for short) to [&hellip;]<\/p>\n","protected":false},"author":104702,"featured_media":66059,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1,251],"tags":[],"class_list":["post-66066","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops","category-security"],"acf":[],"blog_post_summary":"<p>The Microsoft.VisualStudio.Services.InteractiveClient library is a public NuGet package that takes care of authenticating to Azure DevOps Services. It abstracts away the acquisition, management and refreshing of authentication tokens, so developers can focus on their goals and stay productive. Historically, the interactive client library has been dependent on the Microsoft.IdentityModel.Clients. ActiveDirectory (or ADAL, for short) to [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/66066","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/users\/104702"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/comments?post=66066"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/66066\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media\/66059"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media?parent=66066"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/categories?post=66066"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/tags?post=66066"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}