@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
=@@@@
@@@@
@@@@
@@@@ @@@@
@@@@ @@@@@
@@@@@ @@@@@
@@@@@ @@@@@
:@@@@ *@@@@
@@@@ :@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@= @@@@
@`
[deroad's blog]
[home]
# 2023-12-12 | Microsoft MSAL and C++
{
I found myself with the request of implementing SSO authentication
for a C++ application.
Now according to each sources from Microsoft (internal and publicly
avaliable) MSAL for C++ is not currently available and under development.
Online you can find some workaround where C++ code calls .NET code to
perform the authentication and get a Azure Active Directory (now renamed
Microsoft Entra ID) token.
But what if i tell you you don't need any .NET code and you can do this
using only C++ (or even in C) and with an official library from Microsoft?
Well, let me tell you that this is your lucky day, if your target is Win x64!
First of all, MSAL libraries are only available for .NET, Python, NodeJS
and Golang.
- The .NET and Python libraries supports secure brokers on Windows x64
- The NodeJS library supports secure brokers only when executed on Edge or
on Chrome (only if it has the Microsoft Windows Accounts extension).
Now, let's ignore .NET and NodeJS libraries and let's take a look on Python.
The Python MSAL is made of 2 components: The msal and the pymsalruntime
module.
What is the pymsalruntime ?
Well it's a module which includes the dynamic library (msalruntime.dll) that
performs all the "secure" operations that Microsoft calls "Secure Broker".
The question i asked myself is: Can i use this DLL and just build a native
Windows x64 binary capable of performing oauth flows?
Well the answer was yeah! and Microsoft also provides the headers for this!!
The sources are also under MIT license so you can just use it in any
commercial product.
All you need to do is download the pymsalruntime source code from pypi and
include it in your project!
Since i really like working with meson and ninja, i created a small wrap and
project to allow the usage of the msalruntime.dll as a dependency of
another project.
You can find my example of C++ project using the msalruntime.dll here.
A few notes if you are willing to use this path:
- There is no support from Microsoft, so most of the time you will need to
read the python MSAL module to understand how to initialize correctly the
library
- There are some hardcoded values that you will need to know about like:
- MSALRUNTIME_SetRequestedScopes() accepts one or multiple scopes (space
separated).
- MSALRUNTIME_SetRedirectUri() accepts the value "placeholder" if you
plan to use the Microsoft Secure Broker popup to authenticate (this
allows supports of FIDO and Windows Hello).
- If you don't want your main GUI to be frozen while authenticating, then
you will need to call MSALRUNTIME_SetAdditionalParameter as follow:
MSALRUNTIME_SetAdditionalParameter(hndl, L"msal_gui_thread", L"true");
- The MSAL library uses os_char* as string type, well those are just
wchar_t* strings; you will need to cast them each time you will call
any method which requires them. In C++ you can use std::wstring and
pass mystring.c_str() as the argument.
- To debug while developing your code, i strongly suggest to attach to
the logger via MSALRUNTIME_RegisterLogCallback.
- You will need to use locks because all the calls are asyncronous.
- The library allows for those methods writing to a buffer to get the
buffer length before actually writing to a buffer (check the source
code in the repo for more information)
}
# References:
pymsalruntime
https://pypi.org/project/pymsalruntime/
msalruntime example using c++
https://github.com/wargio/native-msal-cpp-windows64