ADAL is being depricated and getting replaced by MSAL
zoltan-fedor opened this issue · 3 comments
On June 22nd, MS announced end of support timelines for Azure AD Authentication Library (ADAL) and Azure AD Graph, see https://developer.microsoft.com/en-us/office/blogs/microsoft-graph-or-azure-ad-graph/
Microsoft suggests all applications move away from ADAL and instead leverage Microsoft Authentication Libraries (MSAL)
I must confess I don't fully appreciate the difference between ADAL and MSAL, but basically the question is that for those who are using this library, how can you go about switching from ADAL to MSAL?
Is the difference only whether you are using 1.0 or 2.0?
Hello, that's a great question. Let me try to explain:
ADAL and MSAL are libraries (just like this one) used for interacting with Azure AD. While ADAL will continue to work, it is not going to be supported and developed further. The new direction for .NET, Python, Node.js, JavaScript etc. is to use MSAL which is kept up to date.
This library allows you to interact with Azure AD via OAuth2/OpenID Connect protocols, which Azure AD supports, so there is no need to change for you. Microsoft doesn't have any official ADAL/MSAL implementation for PHP, hence why we have this library.
This library continues to work with Azure AD and all the flows supported.
On the topic of v1 vs v2 - the difference in version is primarily due to breaking changes in signatures. Obviously, if it's possible for you, it's the best to use the latest version - eg. v2 of this library (or not sure if you meant v1.0 or v2.0 endpoints of AAD, let me know please).
Thanks for the great explanation!
If I understand it correctly this library is independent of the ADAL and MSAL libraries and due to this the need to migrate from the deprecated ADAL library to the MSAL one does not apply.
I assume that this also means that the server side of things are the same, so by the deprecation of the ADAL library there won't be some server side functionalities going away that would break this library?
Regarding version 1.0 and 2.0 I have meant the defaultEndPointVersion
setting - see below:
$provider = new TheNetworg\OAuth2\Client\Provider\Azure([
'clientId' => $sso_conf[$env]['clientId'],
'clientSecret' => $sso_conf[$env]['clientSecret'],
'redirectUri' => $sso_conf[$env]['redirectUri'],
'proxy' => $sso_conf[$env]['web_proxy'],
'verify' => false,
'defaultEndPointVersion' => '2.0'
]);
I would add that this excellent and most useful package by Jan got a lot of PHP developers out of a hole since the only other similar one (by Steven Maguire) that acted as 'provider' for PHP League's OAuth 2.0 Client hasn't been updated for several years and was effectively for Windows Live Mail.