Skip to content

Configuring your app

Daniel Dobalian edited this page Oct 3, 2018 · 8 revisions

Configure your MSAL.Android app


MSAL.Android is highly extensible and allows developers to customize several factors that can change the end user experience, app performance, geographies, and several other fields. To get started configuring your app, you'll want to become familiar with the MSAL configuration object. We'll walk through how this works and how the different knobs your app can turn.


1. Create your configuration

The configuration object is JSON and lives in a file alongside your app. Feel free to drop it anywhere in your app, but we recommend creating your custom configuration in res/raw/auth_config.json.

2. Tell MSAL where to look

Next, you need to tell MSAL where to look for your configuration. This is done in the instantiation of PublicClientApplication, for example:

sampleApp = new PublicClientApplication(this.getApplicationContext(), R.raw.auth_config);

3. Define your custom configuration

In the configuration, there are some fields that are required and others that are optional. If you don't specify something that's optional, the library likely has a default or will use the data provided somewhere else to complete your app's configuration profile.

Here's an example configuration with just the essentials that targets all Azure AD and Microsoft Account users:

  "client_id" : "<CLIENT_ID_FROM_>",
  "authorization_user_agent" : "DEFAULT",
  "redirect_uri" : "<CLIENT_ID_FROM_>://auth",
  "authorities" : [
      "type": "AAD",
      "audience": {
       "type": "AzureADandPersonalMicrosoftAccount"

Configuration Properties


Property Data Type Required Notes
client_id String Yes Your apps Client ID from
redirect_uri String Yes Your apps Redirect URI from
authorities List<Authority> No The list of authorities your app needs
authorization_user_agent AuthorizationAgent (enum) No Read more in the SSO wiki article, Options: DEFAULT, BROWSER, WEBVIEW
http HttpConfiguration No HTTP configurations like timeout
logging LoggingConfiguration No Level of detail logger captures, Optional configs: pii_enabled (boolean), log_level (values)
token_expiration_buffer int No Time-to-expiration when MSAL will refresh your access token

Authority Properties

Property Data Type Required Notes
type String Yes Mirrors the audience or account type your app targets, Options: AAD, B2C
audience String No Only applies to type=AAD, specifies the identity your app targets, mirror your app registration configuration, Options: AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount, AzureADMultipleOrgs, or AzureADMyOrg
authority_url String Yes/No Only applies to type=ADFS or type=B2C, indicates the authority url or policy your app should use