Releases: AzureAD/microsoft-authentication-library-for-dotnet
4.38.0
4.38.0
New Features:
Disabling cache synchronization for confidential client apps by default to improve performance. See 2848
MSAL now provides the correlation ID used in a to call Azure AD as part of cache callback (TokenCacheNotificationArgs). See 3008
MSAL now provides a new specific API for long running web APIs, in addition to AcquireTokenOnBehalfOf, which no longer requests refresh tokens. The advantage is that the On-Behalf-Of token cache is now smaller and automatically has an eviction, and long running web APIs are easier to write. See https://aka.ms/msal-net-long-running-obo and 2733
Added hybrid SPA support to MSAL. See https://aka.ms/msal-net/spa-auth-code and 2920
Bug Fixes:
Fixed issue where the authentication browser pop up would fail to show without an exception being thrown. See 2839
MSAL WAM now properly signs out guest accounts. See 3016
Reworded in-memory cache warning for web apps not using serialization. See 2990
Fixed issue where Proof-of-Possession token does not rotate properly for confidential client applications. See 3003
MSAL now returns a more descriptive exception when the browser back button is pressed during authentication. See 2991
On the request builder, WithAuthority has been deprecated and WithTenantId was added as an alternative instead. See 2837
MSAL will now only perform regional look up for client credential flows See 3029
4.37.0
4.37.0
New Features:
MSAL.NET now logs an error when common or organizations authority is used in AcquireTokenForClient. See #2887.
Added the ability to enable sending the certificate (as x5c) once when building the confidential client application, rather than on every single token acquisition request. See #2804.
Added additional methods to help create WwwAuthenticateParameters and get tenant ID by calling GetTenantId. See #2907, #2922.
Added an additional async overload for ConfidentialClientApplicationBuilder.CreateClientAssertion. See #2863.
Added an ability to enable a shared token cache between different MSAL client application instances, which can be set with the new WithCacheOptions API call. See Enabling shared cache, #2849.
Added an AuthenticationResult.AuthenticationResultMetadata.TokenEndpoint property from which you can derive which authority was effectively used to fetch the token. This can be used to determine if regional endpoint was used. See #2830.
Added a cache refresh reason and time remaining before proactive token refresh to AuthenticationResult.AuthenticationResultMetadata. See #2832.
Added the ability to specify tenant ID instead of the full authority at the token acquisition APIs level with WithTenantId. See #2280.
Bug Fixes:
Improved support for calling regional endpoints, especially in Azure Functions. See #2803.
Fixed a NullReferenceException when callingAcquireTokenInteractive with a login hint when using .WithBroker on Windows (WAM). See #2903.
Improved the error message when the application is throttled by the identity provider. See #2855.
When proactive token refresh is enabled, MSAL.NET now refreshes the tokens on a background thread to improve performance. See #2795.
Improved caching performance by adding partitioning to the default in-memory user cache used in user flows (like acquire token on-behalf-of, by authorization code). See #2861, #2881.
Improved performance by refactoring date handling when working with access tokens. See #2893.
Fixed a Non-HTTPS URL redirect is not supported in webview exception on Xamarin iOS for Facebook logins. See #2735.
Enabled setting the window title in WebView1 desktop browser. See #2936.
Added WithPrompt to the GetAuthorizationRequestUrl builder to give the ability to specify the interaction experience for the user. See #2896.
Added a more descriptive error message when WithAuthority is set at the request level and WithAzureRegion is used. See #2965.
4.37.0-preview
4.37.0-preview
New Features:
MSAL.NET now logs an error when common or organizations authority is used in the client credentials request. See #2887.
Added the ability to enable sending the certificate (as x5c) once when building the confidential client application, rather than on every single request. See #2804.
Added additional methods to help create WwwAuthenticateParameters. See #2907.
Added an additional async overload for ConfidentialClientApplicationBuilder.CreateClientAssertion. See #2863.
Added an ability to enable a shared token cache between different MSAL client application instances, which can be set with the new WithCacheOptions API call. See Enabling shared cache, #2849.
Bug Fixes:
Improved support for calling regional endpoints, especially in Azure Functions. See #2803.
Fixed a NullReferenceException when callingAcquireTokenInteractive with a login hint in WAM. See #2903.
Improved the error message when the application is throttled by the identity provider. See #2855.
When proactive token refresh is enabled, MSAL.NET now refreshes the tokens on a background thread to improve performance. See #2795.
Improved caching performance by adding partitioning to the default in-memory user cache used in user flows (like acquire token on-behalf-of, by authorization code). See #2861, #2881.
Improved performance by refactoring date handling when working with access tokens. See #2893.
4.36.2
4.36.1
4.36.1
New Features:
Added support for Application ID URIs to be used in confidential client applications. Confidential client applications, specifically web APIs, will now be able to use either the Client ID (GUID) or the Application ID URI, in the confidential client application builder. See #2852
4.36.0
4.36.0
New Features:
Added custom nonce support to Proof-of-Possession requests. See issue #2809.
Added a random jitter (within ten minutes range) to the Refresh In time for a token to optimize for resiliency. See issue #2796.
Bug Fixes:
Added a more descriptive and actionable error message when AAD throttles the requests from the app. See issue #2808.
Improved error messaging related to broker support. See issue #2706.
MSA Pass-through enabled applications using MSAL can now use WAM. See issue #2822.
Improved error messaging when MSAL fails during the user realm discovery. See issue #2835.
Improved performance by removing unnecessary serialization in default app token cache used in client credentials flow. See issue #2826.
4.35.1
4.35.0
Bug Fixes:
-
AcquireTokenByIntegratedWindowsAuth against ADFS provides clearer error message Error messages have been udpated. See issue #2752
-
MSAL no longer performs instance discovery on well known authorities. This will improve performance for customers in regional scenarios See issue #2777
-
MSAL uses preferred_network name on sovereign clouds. Skipping discovery will improve the performance. See issue #2778
-
Error messages in Integrated Windows Authentication are now clearer. The following message related issues are fixed
-
ConfidentialClientApplicationBuilder with auto region discovery no longer throws UriFormatException. This has been fixed by validating region string. See issue #2772
-
Memory leak in AuthorityEndpoint caching has been fixed. This will reduce memory leaks in the apps. See issue #2770
-
ADFS now has consistent values for UserName between STS and cache.. Tenant profiles will provide the consistency. #1559
-
MSAL.NET would throw an ArgumentNullException if the provided CcsRoutingHint was null, now authentication will proceed forward as providing the hint is for resiliency and should not prevent sign-in. See issue #2755
-
The mismtached authorities were throwing exceptions. MSAL now does instance discovery to find the right match. See issue #2736
-
WebView2 was throwing error when KeyDown was handled. This error has been removed. See issue #2685
-
Instance discovery was being performed multiple times on non-public non-sovereign clouds. You will get better performance as now it does discovery only if it is not in the cache. See issue #2701
-
RemoveAsync(account) in confidential client apps now returns suggested web cache key. Empty key is no longer returned. #2643
-
Invalid syntax in XML comments for NoPromptFailedError and NoTokensFoundError has now been fixed. See issue #2756
-
MSAL.NET now enables confidential client apps to disable the internal cache semaphore by setting the
EnableCacheSynchronizationproperty to 'false'. This allows requests to bypass other requests that timeout, for example in the case of using a distributed cache. See PR #2702 for details.
New Features
-
Limits on URL length in embedded browsers was causing errors with auth code. Applications will not fail on the embedded browers due to the limitation. See issue #2743
-
IAccount now provides Tenant profile for each ID token. This will enable customers to get ID tokens in the authentication results. See issue #2583
4.34.0
4.34.0
Bug Fixes:
MSAL now has WithCcsRoutingHint() to enable developers to more easily provide the CCS routing hint during authentication. See issue 2725
New Features
MSAL.NET provides helper methods to extract the authentication parameters from the WWW-Authenticate headers. This allows for dynamic scenarios such as claim challenge, Conditional Access Evaluation and Conditional Access authentication context scenarios. See https://aka.ms/msal-net/wwwAuthenticate and issue #2679 for details.
WAM support is now generally available in MSAL.NET. WithExperimentalFeatures() is no longer required to authenticate with WAM. See https://aka.ms/msal-net-wam for more details
MSAL enables easier cache eviction by exposing SuggestedCacheExpiry which helps determine the cache eviction time for for client credentials scenarios. See issue #2486
MSAL now adds runtime information to logs enabling easier diagnosing of authentication issues on all platforms. See issue 2559
4.33.0
4.33.0
New Features
On-Behalf-Of flow logic now performs refresh token flow eliminating the need to call AcquireTokenSilent and GetAccounts in OBO scenarios. See issue #2623.
Added monitoring flags for global stats. See issue #2646.
MSAL.NET adds CCS routing information for interactive requests using client info.. See issue #2525 and PR #2687.