[Question] Difference between this project and azure-sdk-for-go (using its azidentity)

AzureAD / microsoft-authentication-library-for-go

The MSAL library for Go is part of the Microsoft identity platform for developers (formerly named Azure AD) v2.0. It enables you to acquire security tokens to call protected APIs. It uses industry standard OAuth2 and OpenID Connect.

MIT License

218 stars 87 forks source link

[Question] Difference between this project and azure-sdk-for-go (using its azidentity) #492

Closed TheCreatorAMA closed 1 week ago

TheCreatorAMA commented 1 week ago

I was looking at go packages to handle EntraID Auth and was wondering the difference between this project and a project that the microsoft docs pointed out here? If anyone could provide some explanation that would be appreciated.

chlowell commented 1 week ago

azidentity is the authentication library for the Azure SDK. It's useable in other contexts but it exists to support Azure SDK clients as used by developers who aren't Microsoft employees. MSAL (this project) is lower-level and more general purpose in that it isn't designed to integrate with any particular service client and is in principle open to supporting a broader range of scenarios. I believe the most significant feature difference today is that only azidentity supports managed identity authentication.

TheCreatorAMA commented 1 week ago

Is there one that would make sense to implement an OBO flow?

chlowell commented 1 week ago

Both support the OBO flow, actually with the same implementation: azidentity's OnBehalfOfCredential wraps MSAL's confidential Client.

TheCreatorAMA commented 1 week ago

Alright thanks for explaining! I appreciate the answers.