Client libraries for managed identities authentication
This document provides an overview of the client libraries available for authenticating your applications using managed identities for Azure resources. These libraries include the Azure Identity libraries and Microsoft Authentication Libraries (MSAL).
Some Azure services built client libraries on top of these libraries. For example, the Microsoft.Data.SqlClient package can be used to authenticate to an Azure SQL database using managed identities. Behind the scenes, the Azure Identity library for .NET is being used.
Choosing the right library
MSAL libraries offer lower-level abstractions than libraries like Azure Identity. Both MSAL and Azure Identity libraries allow you to acquire tokens via managed identity. Internally, Azure Identity libraries use MSAL and provide higher-level APIs such as DefaultAzureCredential that remove the need to implement manual switches between identity types when developing and deploying your application.
- If your application already uses one of the libraries, continue using the same library.
- If you're developing a new application and plan to call other Azure resources, use an Azure Identity library. This library provides an improved developer experience by allowing the app to authenticate on local developer machines where managed identities are not available.
- If you need to call other downstream web APIs like Microsoft Graph or your own web API, use MSAL. For .NET applications, use the Microsoft.Identity.Web library, which is built on top of MSAL.
In cases where an Azure service built a client library on top of these libraries, consider using the service-specific client library. For example, for Azure SQL, use the Microsoft.Data.SqlClient package.
Language-specific API references
| Language | Azure Identity | MSAL |
|---|---|---|
| .NET | Azure Identity client library for .NET | MSAL .NET |
| C++ | Azure Identity client library for C++ | |
| Java | Azure Identity client library for Java | MSAL Java |
| JavaScript | Azure Identity client library for JavaScript | MSAL JavaScript |
| Python | Azure Identity client library for Python | MSAL Python |
| Go | Azure Identity client library for Go | MSAL Go |