You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
Microsoft.Abstractions updated to version9.3.0 and using IAuthenticationSchemeInformationProvider from that library, deprecating the interface of the same name in Microsoft.Identity.Web (introduced in 3.12.0).
Bug fixes
Fixed an issue with instantiation of TokenAcquirerFactory when AppContext.BaseDirectory is root path. See PR#3443 for details.
Fundamentals
Use cloud user in tests. See PR#3441 and#3442 for details.
Reload certificates for all client credential based issues to solve the issue that when a bad certificate was installed on the machine and picked up, and subsequently rotated, a service restart was needed for the new certificate to be used. See issue#3429 and PR#3430
New features
Include the thrown exception in CertificateChangeEventArg. See PR#3428 for better supportabiliby.
Updatedglobal.json to the latest .NET 9 runtime framework 9.0.108. See PR#3422 for details.
Bug fixes
FixIDW10405 error when using managed identity with common tenant. See PR#3415 for details.
FixOidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration. See PR#3414 for details.
New feature
Add support forExtraHeaderParameters andExtraQueryParameters properties onDownstreamApiOptions to simplify adding custom headers and query parameters to downstream API requests. See PR#3413 for details.
Add better support for Azure SDK. For details seeReadme-Azure and PR#3416
Updates theDefaultAuthorizationHeaderProvider to update theAcquireTokenOptions.LongRunningWebApiSessionKey after the token is acquired so that the key can be used in the next OBO call. See PR#3381 for details.
Fundamentals
Update .NET SDK version to 9.0.107 used when building or running the code. See#3385 for details.
Improved test coverage for managed identity flows. See#3350 for details.
Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added). For details see#3379
Prevented null reference when accessing MergedOptions instance. See#3337.
New feature
Added optional login_hint and domain_hint support to AccountController.SignIn endpoint. See#3244 and#3348.
Fundamentals
Introduced Long-Term Support (LTS) policy. See#3357.
Added tests to validate xms_cc (client capability) forwarding in CCA flows. See#3349.
External contributions
Thank you @evan-buss for your contribution and fixing the issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See#3323. Thank you @neha-bhargava for your contribution and ensuring AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See#3345.
Updated the Json Schema to include extensiblity for signed assertion providers. See#3235
Added support for Federation Identity Credential on any OIDC Idp (FIC+OIDC credential provider). See#3255
Support for acquiring token for Federation Managed Identity (FMI). Supports theFmiPath property ofAcquireTokenOptions. See#3247
Downstream APIs now support Authorization headers with a custom SAML bearer syntax. See#3273
Bug fixes
TokenAcquirerFactory is now thread safe. See#3274
Fix a bug in the parsing of the token in the authority. See#3261
Fundamentals
Removed old Blazorwasm sample, wasm-tools and added new blazor web API:#3259,#3257,#3254
Modified the build so that, in CI/CD internal builds, the NuGet.olg NuGet source is replaced by a managed Nuget source. More verbose information added. See#3263
Fixed CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity. See#3266,
IdentityWeb now provides extensibility toDefaultCredentialsLoader so that partner teams, or an SDK on top of IdWeb, can bring their own credential providers. See#3220 for details.
Bug fixes
The merged options are now being passed to MSAL for the CCA ROPC scenario. See#3207 for details.
Added JSON schema support for Microsoft.Identity.Web configuration. This allows for schema validation in theappsettings.json, improving configuration accuracy and developer experience. To use it, add the following at the top of your appsettings.json: "$schema": "https://github.com/AzureAD/microsoft-identity-web/blob/master/JsonSchemas/microsoft-identity-web.json" This update enhances the configuration process by providing clear structure and validation for settings used in Microsoft.Identity.Web. See PR#3119 for details.
Fundamentals
Fix a flaky test in the L1L2Cache tests. See PR#3122 for details.
In .NET 8 and above,IDownstreamApi overloads take aJsonTypeInfo<T> parameter to enable source generated JSON deserialization. See issue#2930 for details.
Bug fixes:
Azure region is used while creating application keys when the TokenAcquisition service caches application objects, and the TokenAcquirerFactory caches TokenAcquirer. See#3002 for details.
Improved error messages for FIC. See issue#3000 for details.
Fundamentals:
Improved test coverage forGetCacheKey. See PR#3020 for details.
Update to .NET 9-RC1. See issue#3025 for details.
Fix static analysis warnings. See PR#3024 for details.
3.1.0
3.1.0
Updated to Microsoft.IdentityModel.* 8.0.2
Security improvement:
Id Web now usesCaseSensitiveClaimsIdentity by default and provides AppContextSwitches to fallback to usingClaimsIdentity. This means that when you loopup claims with FindFirst(), FindAll() and HasClaim(), you need to provide the right casing for the claim. See PR#2977 for details.
Bug fixes:
For SN/I scenarios, Id Web'sGetTokenAcquirer now setsSendX5C in particular protocols. See issue#2887 for details.
Fix for Instance/Tenant parsing for V2 authority (affected one Entra External IDs scenario). See PR#2954 for details.
Fix regex that threw a format exception:The input string " was not in a correct format when enablingsame-site cookie compatibility with userAgent: "Dalvik/2.1.0 (Linux; U; Android 12; Chromecast Build/STTE.230319.008.H1). See issue#2879 for details.
Microsoft.Identity.Web 3.1.0 now has an upper bound set on its dependency on Microsoft.Identity.Abstractions to version 7x to avoid referencing Microsoft.Identity.Abstractions 8.0.0, which has an interface breaking change, not yet implemented in Microsoft.Identity.Web. See PR#2962 for details.
It's now possible to build a specific version of Microsoft.Identity.Web based on specific versions of Microsoft.IdentityModel and Microsoft.Identity.Abstractions by specifying build variables on the dotnet pack command (MicrosoftIdentityModelVersion, MicrosoftIdentityAbstractionsVersions, and MicrosoftIdentityWebVersion):#2974,#2990
Microsoft.Abstractions updated to version9.3.0 and using IAuthenticationSchemeInformationProvider from that library, deprecating the interface of the same name in Microsoft.Identity.Web (introduced in 3.12.0).
Bug fixes
Fixed an issue with instantiation of TokenAcquirerFactory when AppContext.BaseDirectory is root path. See PR#3443 for details.
Fundamentals
Use cloud user in tests. See PR#3441 and#3442 for details.
Reload certificates for all client credential based issues to solve the issue that when a bad certificate was installed on the machine and picked up, and subsequently rotated, a service restart was needed for the new certificate to be used. See issue#3429 and PR#3430
New features
Include the thrown exception in CertificateChangeEventArg. See PR#3428 for better supportabiliby.
Updatedglobal.json to the latest .NET 9 runtime framework 9.0.108. See PR#3422 for details.
Bug fixes
FixIDW10405 error when using managed identity with common tenant. See PR#3415 for details.
FixOidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration. See PR#3414 for details.
New feature
Add support forExtraHeaderParameters andExtraQueryParameters properties onDownstreamApiOptions to simplify adding custom headers and query parameters to downstream API requests. See PR#3413 for details.
Add better support for Azure SDK. For details seeReadme-Azure and PR#3416
Updates theDefaultAuthorizationHeaderProvider to update theAcquireTokenOptions.LongRunningWebApiSessionKey after the token is acquired so that the key can be used in the next OBO call. See PR#3381 for details.
Fundamentals
Update .NET SDK version to 9.0.107 used when building or running the code. See#3385 for details.
Improved test coverage for managed identity flows. See#3350 for details.
Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added). For details see#3379
Prevented null reference when accessing MergedOptions instance. See#3337.
New feature
Added optional login_hint and domain_hint support to AccountController.SignIn endpoint. See#3244 and#3348.
Fundamentals
Introduced Long-Term Support (LTS) policy. See#3357.
Added tests to validate xms_cc (client capability) forwarding in CCA flows. See#3349.
External contributions
Thank you @evan-buss for your contribution and fixing the issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See#3323. Thank you @neha-bhargava for your contribution and ensuring AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See#3345.
Updated the Json Schema to include extensiblity for signed assertion providers. See#3235
Added support for Federation Identity Credential on any OIDC Idp (FIC+OIDC credential provider). See#3255
Support for acquiring token for Federation Managed Identity (FMI). Supports theFmiPath property ofAcquireTokenOptions. See#3247
Downstream APIs now support Authorization headers with a custom SAML bearer syntax. See#3273
Bug fixes
TokenAcquirerFactory is now thread safe. See#3274
Fix a bug in the parsing of the token in the authority. See#3261
Fundamentals
Removed old Blazorwasm sample, wasm-tools and added new blazor web API:#3259,#3257,#3254
Modified the build so that, in CI/CD internal builds, the NuGet.olg NuGet source is replaced by a managed Nuget source. More verbose information added. See#3263
Fixed CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity. See#3266,
dependenciesPull requests that update a dependency file.NETPull requests that update .NET code
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
UpdatedMicrosoft.Identity.Web from 2.21.1 to 3.14.1.
Release notes
Sourced fromMicrosoft.Identity.Web's releases.
3.14.1
3.14.1
Bug fixe
3.14.0
New features
3.13.1
3.13.1
Dependencies updates
3.13.0
3.13.0
Dependencies updates
Bug fixes
Fundamentals
3.12.0
3.12.0
Dependencies updates
Bug fix
Reload certificates for all client credential based issues to solve the issue that when a bad certificate was installed on the machine and picked up, and subsequently rotated, a service restart was needed for the new certificate to be used. See issue#3429 and PR#3430
New features
3.11.0
3.11.0
Dependencies updates
global.jsonto the latest .NET 9 runtime framework 9.0.108. See PR#3422 for details.Bug fixes
IDW10405error when using managed identity with common tenant. See PR#3415 for details.OidcIdpSignedAssertionLoaderto remove hard dependency on IConfiguration registration. See PR#3414 for details.New feature
ExtraHeaderParametersandExtraQueryParametersproperties onDownstreamApiOptionsto simplify adding custom headers and query parameters to downstream API requests. See PR#3413 for details.What's Changed
New Contributors
Full Changelog:AzureAD/microsoft-identity-web@3.10.0...3.11.0
3.10.0
3.10.0
Dependencies updates
global.jsonto the latest .NET 9 runtime framework 9.0.107 (#3385).New feature
introducing the
Microsoft.Identity.Web.AgentIdentitiespackage .Bug fixes
Fundamentals
3.9.4
3.9.4
Package updates
Bug fix
DefaultAuthorizationHeaderProviderto update theAcquireTokenOptions.LongRunningWebApiSessionKeyafter the token is acquired so that the key can be used in the next OBO call. See PR#3381 for details.Fundamentals
What's Changed
Full Changelog:AzureAD/microsoft-identity-web@3.9.3...3.9.4
3.9.3
3.9.3
Package updates
Fundamentals
.clinerulesto help with AI tooling.What's Changed
Full Changelog:AzureAD/microsoft-identity-web@3.9.2...3.9.3
3.9.2
3.9.2
Package updates
Fundamentals:
What's Changed
Full Changelog:AzureAD/microsoft-identity-web@3.9.1...3.9.2
3.9.1
3.9.1
Package updates
Fundamentals
What's Changed
Full Changelog:AzureAD/microsoft-identity-web@3.9.0...3.9.1
3.9.0
3.9.0
Package updates
Bug fixes
New feature
Fundamentals
External contributions
Thank you @evan-buss for your contribution and fixing the issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See#3323.
Thank you @neha-bhargava for your contribution and ensuring AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See#3345.
3.8.4
3.8.4
Package updates
Bug fixes
New feature
Fundamentals
3.8.3
3.8.3
Package updates
New feature
TokenAcquistion.csadds its service provider to the acquisition options. See issue#3315 for details.3.8.2
3.8.2
New feature
TokenCacheNotificationArgsindicates that distributed cache is configured when it should not have been. See#3304.3.8.1
New features
Bug fixes
What's Changed
New Contributors
Full Changelog:AzureAD/microsoft-identity-web@3.8.0...3.8.1
3.8.0
3.8.0
New feature
FmiPathproperty ofAcquireTokenOptions. See#3247Bug fixes
Fundamentals
What's Changed
New Contributors
Full Changelog:AzureAD/microsoft-identity-web@3.7.1...3.8.0
3.7.1
3.7.1
3.7.0
3.7.0
New Feature
DefaultCredentialsLoaderso that partner teams, or an SDK on top of IdWeb, can bring their own credential providers. See#3220 for details.Bug fixes
What's Changed
Full Changelog:AzureAD/microsoft-identity-web@3.6.2...3.7.0
3.6.2
3.6.2
Fundamentals
What's Changed
Full Changelog:AzureAD/microsoft-identity-web@3.6.1...3.6.2
3.6.1
3.6.1
3.6.0
3.6.0
Bug fixes
OpenIdConnectCachingSecurityTokenProvider. See Issue#3078Fundamentals
What's Changed
New Contributors
Full Changelog:AzureAD/microsoft-identity-web@3.5.0...3.6.0
3.5.0
Bug fixes
Fundamentals
What's Changed
Full Changelog:AzureAD/microsoft-identity-web@3.4.0...3.5.0
3.4.0
3.4.0
New features
What's Changed
New Contributors
Full Changelog:AzureAD/microsoft-identity-web@3.3.1...3.4.0
3.3.1
3.3.1
Supportability
appsettings.json, improving configuration accuracy and developer experience. To use it, add the following at the top of your appsettings.json:"$schema": "https://github.com/AzureAD/microsoft-identity-web/blob/master/JsonSchemas/microsoft-identity-web.json"This update enhances the configuration process by providing clear structure and validation for settings used in Microsoft.Identity.Web. See PR#3119 for details.
Fundamentals
What's Changed
New Contributors
Full Changelog:AzureAD/microsoft-identity-web@3.3.0...3.3.1
3.3.0
3.3.0
New features
Fundamentals
What's Changed
New Contributors
Full Changelog:AzureAD/microsoft-identity-web@3.2.2...3.3.0
3.2.2
3.2.2
3.2.1
3.2.1
What's Changed
Full Changelog:AzureAD/microsoft-identity-web@3.2.0...3.2.1
3.2.0
3.2.0
New features
IDownstreamApioverloads take aJsonTypeInfo<T>parameter to enable source generated JSON deserialization. See issue#2930 for details.Bug fixes:
Fundamentals:
GetCacheKey. See PR#3020 for details.3.1.0
3.1.0
Security improvement:
CaseSensitiveClaimsIdentityby default and provides AppContextSwitches to fallback to usingClaimsIdentity. This means that when you loopup claims with FindFirst(), FindAll() and HasClaim(), you need to provide the right casing for the claim. See PR#2977 for details.Bug fixes:
GetTokenAcquirernow setsSendX5Cin particular protocols. See issue#2887 for details.The input string " was not in a correct formatwhen enablingsame-site cookie compatibility with userAgent: "Dalvik/2.1.0 (Linux; U; Android 12; Chromecast Build/STTE.230319.008.H1). See issue#2879 for details.Fundamentals:
AzureKeyVault@2in AzureDevOps,#2981.What's Changed
New Contributors
Full Changelog:AzureAD/microsoft-identity-web@3.0.1...3.1.0
3.0.1
3.0.1
3.0.0
3.0.0
CVE package updates
CVE-2024-30105
See PR#2929 for details.
Updated to Microsoft.IdentityModel.* 8.0.0, Microsoft.Identity.Lab API 1.0.2, Microsoft.Identity.Abstractions 6.0.0
Seerel/v2 changelog for full list of added features to 3.0.0.
Fundamentals:
3.0.0-preview3
3.0.0-preview3
3.0.0-preview2
3.0.0-preview2
New features:
3.0.0-preview1
3.0.0-preview1
Breaking changes
New features
.net9.0-preview, see issue#2702 for details.AcceptHeaderandContentTypeif provided, see issue#2806 for details.Commits viewable incompare view.
UpdatedMicrosoft.Identity.Web.UI from 2.21.1 to 3.14.1.
Release notes
Sourced fromMicrosoft.Identity.Web.UI's releases.
3.14.1
3.14.1
Bug fixe
3.14.0
New features
3.13.1
3.13.1
Dependencies updates
3.13.0
3.13.0
Dependencies updates
Bug fixes
Fundamentals
3.12.0
3.12.0
Dependencies updates
Bug fix
Reload certificates for all client credential based issues to solve the issue that when a bad certificate was installed on the machine and picked up, and subsequently rotated, a service restart was needed for the new certificate to be used. See issue#3429 and PR#3430
New features
3.11.0
3.11.0
Dependencies updates
global.jsonto the latest .NET 9 runtime framework 9.0.108. See PR#3422 for details.Bug fixes
IDW10405error when using managed identity with common tenant. See PR#3415 for details.OidcIdpSignedAssertionLoaderto remove hard dependency on IConfiguration registration. See PR#3414 for details.New feature
ExtraHeaderParametersandExtraQueryParametersproperties onDownstreamApiOptionsto simplify adding custom headers and query parameters to downstream API requests. See PR#3413 for details.What's Changed
New Contributors
Full Changelog:AzureAD/microsoft-identity-web@3.10.0...3.11.0
3.10.0
3.10.0
Dependencies updates
global.jsonto the latest .NET 9 runtime framework 9.0.107 (#3385).New feature
introducing the
Microsoft.Identity.Web.AgentIdentitiespackage .Bug fixes
Fundamentals
3.9.4
3.9.4
Package updates
Bug fix
DefaultAuthorizationHeaderProviderto update theAcquireTokenOptions.LongRunningWebApiSessionKeyafter the token is acquired so that the key can be used in the next OBO call. See PR#3381 for details.Fundamentals
What's Changed
Full Changelog:AzureAD/microsoft-identity-web@3.9.3...3.9.4
3.9.3
3.9.3
Package updates
Fundamentals
.clinerulesto help with AI tooling.What's Changed
Full Changelog:AzureAD/microsoft-identity-web@3.9.2...3.9.3
3.9.2
3.9.2
Package updates
Fundamentals:
What's Changed
Full Changelog:AzureAD/microsoft-identity-web@3.9.1...3.9.2
3.9.1
3.9.1
Package updates
Fundamentals
What's Changed
Full Changelog:AzureAD/microsoft-identity-web@3.9.0...3.9.1
3.9.0
3.9.0
Package updates
Bug fixes
New feature
Fundamentals
External contributions
Thank you @evan-buss for your contribution and fixing the issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See#3323.
Thank you @neha-bhargava for your contribution and ensuring AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See#3345.
3.8.4
3.8.4
Package updates
Bug fixes
New feature
Fundamentals
3.8.3
3.8.3
Package updates
New feature
TokenAcquistion.csadds its service provider to the acquisition options. See issue#3315 for details.3.8.2
3.8.2
New feature
TokenCacheNotificationArgsindicates that distributed cache is configured when it should not have been. See#3304.3.8.1
New features
Bug fixes
What's Changed
New Contributors
Full Changelog:AzureAD/microsoft-identity-web@3.8.0...3.8.1
3.8.0
3.8.0
New feature
FmiPathproperty ofAcquireTokenOptions. See#3247Bug fixes
Fundamentals
What's Changed
Description has been truncated