Releases: AzureAD/microsoft-authentication-library-for-dotnet
4.43.0
New Features
Added Intune Mobile App Management (MAM) support for Android. See 3185.
MSAL.NET Cache Extensions now protects plaintext cache files with owner only read/write permissions.See 3186, 169.
Bug Fixes
Client capabilities flags are correctly passed to Android Broker. See 3203.
Fixed WithAccount(result.Account)
to work when using WAM. See 3121.
Improved token cache filtering logic. See 3178, and 3233.
Fixed an error in creating UWP package for Microsoft Store upload. See 3184, 3239.
Fixed a bug to correctly sign-out an account from WAM. See 3248.
Correctly showing a browser in WSL2. See 3251.
4.42.1
4.42.0
4.42.0
New Features
Multi Cloud Support Allows 1st party public client apps which target the public cloud to log in users from other clouds. Not supported for broker flows. Details at https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Multi-Cloud-Support-or-Instance-Aware 2524
Expose the region or error used by MSAL in AuthenticationResult.AuthenticationResultMedatadata and in logs. See 2975
App protection (true MAM) support for iOS. See 2894
Bug Fixes
Fix a bug causing an "Sequence Contains No Elements" exception This occurs in rare circumstances when saving the token cache. 3130
Fix a bug causing an "ArgumentOutOfRangeException: the relative expiration value must be positive" exception This occurs in rare circumstances when saving the token cache. 2859
Default OS account login with MSA fails This affects some first party applications (MSA passthrough) when using WAM 3157
WwwAuthenticateParameters should not expose Resource 3144
4.41.0
4.41.0
New Features:
MSAL now uses the WAM AAD plugin's account selector if authority is AAD only. This overcomes the issue of console apps not being able to display the account picker and other issues with Account Picker instability. See 2289
Added OnBeforeTokenRequest
public API which allows to execute a custom delegate before MSAL makes a token request. and enables support for legacy Proof-of-Possession implementations. See 3114
Added kid
in cache keys for client credential flows using Proof-of-Possession. See 3115
Improved the error message when both region and custom metadata are configured. See 3014
Exposed the ability to add a custom header text to auth dialogs such as WAM. See 3125
MSAL now supports using Linux broker via Microsoft Edge. Use WithBroker()
to authenticate with Microsoft Edge system browser, if installed, which integrates with Linux broker to offer a better authentication experience. See 3051
Bug Fixes:
Added support for WAM on Windows Server 2022 and Windows 11, and improved operating system detection for future versions. See 3040
WAM is not supported on Windows Server 2016. MSAL will now fall back to browser if this OS is detected. See 2946
Fix for GetAccountAsync
API by checking for null on accountId
parameter. See 3118
WAM is not supported in pure ADFS environments. MSAL will now fall back to browser if the ADFS authority is used. See 2836
4.40.0
4.40.0
New Features:
Authorization Code for Single Page Applications (SPA) feature is now generally available. WithExperimentalFeatures()
is no longer required when calling WithSpaAuthorizationCode()
. See 2920, wiki, and sample.
Allow POP token envelope to be created externally. See 3059.
Remove obsolete telemetry (MATS) code to improve performance and stability. See 3043.
Log clarification in several places. See here and
here.
Bug Fixes:
Allow res:// error pages to be displayed in embedded WebView. See 3083.
MSAL Logs are now more clear when regional is enabled and tokens are acquired from the cache. See 3073.
4.39.0
4.39.0
New Features:
Added new LogLevel.Always
and logging of important health metrics to help with diagnostics of MSAL. See 3004 and MSAL logging.
Bug Fixes:
Fixed a crash in telemetry API when AcquireToken*
builder is reused`. See 3024.
Fixed sending an incorrect backup authentication system (CCS) value in B2C apps. See 2748.
4.38.0
4.38.0
New Features:
Disabling cache synchronization for confidential client apps by default to improve performance. See 2848
MSAL now provides the correlation ID used in a to call Azure AD as part of cache callback (TokenCacheNotificationArgs
). See 3008
MSAL now provides a new specific API for long running web APIs, in addition to AcquireTokenOnBehalfOf
, which no longer requests refresh tokens. The advantage is that the On-Behalf-Of token cache is now smaller and automatically has an eviction, and long running web APIs are easier to write. See https://aka.ms/msal-net-long-running-obo and 2733
Added hybrid SPA support to MSAL. See https://aka.ms/msal-net/spa-auth-code and 2920
Bug Fixes:
Fixed issue where the authentication browser pop up would fail to show without an exception being thrown. See 2839
MSAL WAM now properly signs out guest accounts. See 3016
Reworded in-memory cache warning for web apps not using serialization. See 2990
Fixed issue where Proof-of-Possession token does not rotate properly for confidential client applications. See 3003
MSAL now returns a more descriptive exception when the browser back button is pressed during authentication. See 2991
On the request builder, WithAuthority
has been deprecated and WithTenantId
was added as an alternative instead. See 2837
MSAL will now only perform regional look up for client credential flows See 3029
4.37.0
4.37.0
New Features:
MSAL.NET now logs an error when common
or organizations
authority is used in AcquireTokenForClient
. See #2887.
Added the ability to enable sending the certificate (as x5c) once when building the confidential client application, rather than on every single token acquisition request. See #2804.
Added additional methods to help create WwwAuthenticateParameters
and get tenant ID by calling GetTenantId
. See #2907, #2922.
Added an additional async overload for ConfidentialClientApplicationBuilder.CreateClientAssertion
. See #2863.
Added an ability to enable a shared token cache between different MSAL client application instances, which can be set with the new WithCacheOptions
API call. See Enabling shared cache, #2849.
Added an AuthenticationResult.AuthenticationResultMetadata.TokenEndpoint
property from which you can derive which authority was effectively used to fetch the token. This can be used to determine if regional endpoint was used. See #2830.
Added a cache refresh reason and time remaining before proactive token refresh to AuthenticationResult.AuthenticationResultMetadata
. See #2832.
Added the ability to specify tenant ID instead of the full authority at the token acquisition APIs level with WithTenantId
. See #2280.
Bug Fixes:
Improved support for calling regional endpoints, especially in Azure Functions. See #2803.
Fixed a NullReferenceException
when callingAcquireTokenInteractive
with a login hint when using .WithBroker on Windows (WAM). See #2903.
Improved the error message when the application is throttled by the identity provider. See #2855.
When proactive token refresh is enabled, MSAL.NET now refreshes the tokens on a background thread to improve performance. See #2795.
Improved caching performance by adding partitioning to the default in-memory user cache used in user flows (like acquire token on-behalf-of, by authorization code). See #2861, #2881.
Improved performance by refactoring date handling when working with access tokens. See #2893.
Fixed a Non-HTTPS URL redirect is not supported in webview
exception on Xamarin iOS for Facebook logins. See #2735.
Enabled setting the window title in WebView1 desktop browser. See #2936.
Added WithPrompt
to the GetAuthorizationRequestUrl
builder to give the ability to specify the interaction experience for the user. See #2896.
Added a more descriptive error message when WithAuthority
is set at the request level and WithAzureRegion
is used. See #2965.
4.37.0-preview
4.37.0-preview
New Features:
MSAL.NET now logs an error when common
or organizations
authority is used in the client credentials request. See #2887.
Added the ability to enable sending the certificate (as x5c) once when building the confidential client application, rather than on every single request. See #2804.
Added additional methods to help create WwwAuthenticateParameters
. See #2907.
Added an additional async overload for ConfidentialClientApplicationBuilder.CreateClientAssertion
. See #2863.
Added an ability to enable a shared token cache between different MSAL client application instances, which can be set with the new WithCacheOptions
API call. See Enabling shared cache, #2849.
Bug Fixes:
Improved support for calling regional endpoints, especially in Azure Functions. See #2803.
Fixed a NullReferenceException
when callingAcquireTokenInteractive
with a login hint in WAM. See #2903.
Improved the error message when the application is throttled by the identity provider. See #2855.
When proactive token refresh is enabled, MSAL.NET now refreshes the tokens on a background thread to improve performance. See #2795.
Improved caching performance by adding partitioning to the default in-memory user cache used in user flows (like acquire token on-behalf-of, by authorization code). See #2861, #2881.
Improved performance by refactoring date handling when working with access tokens. See #2893.