Skip to content

AoT - Part 3 - Upgrade to Abstractions 11 that are AoT compatible #3699

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bgavrilMS merged 4 commits into from
Feb 5, 2026
Merged

AoT - Part 3 - Upgrade to Abstractions 11 that are AoT compatible #3699

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4950b40
Upgrade to Abstractions 11 that are AoT compatible
jmprieur Feb 3, 2026
2c44b71
`erge branch 'master' into jmprieur/aoT
jmprieur Feb 3, 2026
4af790d
Merge branch 'master' into jmprieur/aoT
jmprieur Feb 4, 2026
4bc0f1c
Merge branch 'master' into jmprieur/aoT
jmprieur Feb 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions Directory.Build.props
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
<Nullable>enable</Nullable>
<EnableNETAnalyzers>true</EnableNETAnalyzers>
<EnforceCodeStyleInBuild>true</EnforceCodeStyleInBuild>
<LangVersion>13</LangVersion>
<LangVersion>14</LangVersion>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
</PropertyGroup>

Expand Down Expand Up @@ -77,13 +77,13 @@
</ItemGroup>

<PropertyGroup Condition="'$(TargetFramework)' == 'net472' Or '$(TargetFramework)' == 'net462' Or '$(TargetFramework)' == 'netstandard2.0'">
<LangVersion>13</LangVersion>
<LangVersion>14</LangVersion>
</PropertyGroup>

<PropertyGroup Label="Common dependency versions">
<MicrosoftIdentityModelVersion Condition="'$(MicrosoftIdentityModelVersion)' == ''">8.15.0</MicrosoftIdentityModelVersion>
<MicrosoftIdentityClientVersion Condition="'$(MicrosoftIdentityClientVersion)' == ''">4.82.0</MicrosoftIdentityClientVersion>
<MicrosoftIdentityAbstractionsVersion Condition="'$(MicrosoftIdentityAbstractionsVersion)' == ''">10.0.0</MicrosoftIdentityAbstractionsVersion>
<MicrosoftIdentityAbstractionsVersion Condition="'$(MicrosoftIdentityAbstractionsVersion)' == ''">11.0.0</MicrosoftIdentityAbstractionsVersion>
<FxCopAnalyzersVersion>3.3.0</FxCopAnalyzersVersion>
<SystemTextEncodingsWebVersion>4.7.2</SystemTextEncodingsWebVersion>
<AzureSecurityKeyVaultSecretsVersion>4.6.0</AzureSecurityKeyVaultSecretsVersion>
Expand Down
9 changes: 8 additions & 1 deletion src/Microsoft.Identity.Web.Certificate/CertificateDescription.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,12 +161,19 @@ public static CertificateDescription FromStoreWithDistinguishedName(
/// <summary>
/// <inheritdoc/>.
/// </summary>
#if NET10_0_OR_GREATER
public X509Certificate2? Certificate
{
get { return base.GetCertificateInternal(); }
protected internal set { base.SetCertificateInternal(value); }
}
#else
public new X509Certificate2? Certificate
{
get { return base.Certificate; }
protected internal set { base.Certificate = value; }
}

#endif
/// <summary>
/// <inheritdoc/>.
/// </summary>
Expand Down
56 changes: 40 additions & 16 deletions ...oft.Identity.Web.TokenAcquisition/ConfidentialClientApplicationBuilderExtension.Logger.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,13 +67,15 @@ internal static class Logger
/// <param name="ex"></param>
public static void AttemptToLoadCredentialsFailed(
ILogger logger,
CredentialDescription certificateDescription,
Exception ex) =>
s_credentialAttemptFailed(
CredentialDescription certificateDescription,
Exception ex)
{
s_credentialAttemptFailed(
logger,
certificateDescription.Id,
certificateDescription.Skip.ToString(),
ex);
}

/// <summary>
/// Logger for attempting to use a CredentialDescription with MSAL
Expand All @@ -82,12 +84,14 @@ public static void AttemptToLoadCredentialsFailed(
/// <param name="certificateDescription"></param>
public static void AttemptToLoadCredentials(
ILogger logger,
CredentialDescription certificateDescription) =>
s_credentialAttempt(
logger,
certificateDescription.Id,
certificateDescription.Skip.ToString(),
CredentialDescription certificateDescription)
{
s_credentialAttempt(
logger,
certificateDescription.Id,
certificateDescription.Skip.ToString(),
default!);
}

/// <summary>
/// Logger for attempting to use a CredentialDescription with MSAL
Expand All @@ -96,12 +100,14 @@ public static void AttemptToLoadCredentials(
/// <param name="certificateDescription"></param>
public static void FailedToLoadCredentials(
ILogger logger,
CredentialDescription certificateDescription) =>
s_credentialAttemptFailed(
CredentialDescription certificateDescription)
{
s_credentialAttemptFailed(
logger,
certificateDescription.Id,
certificateDescription.Skip.ToString(),
default!);
}

/// <summary>
/// Logger for handling information specific to ConfidentialClientApplicationBuilderExtension.
Expand All @@ -110,14 +116,20 @@ public static void FailedToLoadCredentials(
/// <param name="message">Exception message.</param>
public static void NotUsingManagedIdentity(
ILogger logger,
string message) => s_notManagedIdentity(logger, message, default!);
string message)
{
s_notManagedIdentity(logger, message, default!);
}

/// <summary>
/// Logger for handling information specific to ConfidentialClientApplicationBuilderExtension.
/// </summary>
/// <param name="logger">ILogger.</param>
public static void UsingManagedIdentity(
ILogger logger) => s_usingManagedIdentity(logger, default!);
ILogger logger)
{
s_usingManagedIdentity(logger, default!);
}

/// <summary>
/// Logger for handling information specific to ConfidentialClientApplicationBuilderExtension.
Expand All @@ -126,7 +138,10 @@ public static void UsingManagedIdentity(
/// <param name="signedAssertionFileDiskPath"></param>
public static void UsingPodIdentityFile(
ILogger logger,
string signedAssertionFileDiskPath) => s_usingPodIdentityFile(logger, signedAssertionFileDiskPath, default!);
string signedAssertionFileDiskPath)
{
s_usingPodIdentityFile(logger, signedAssertionFileDiskPath, default!);
}

/// <summary>
/// Logger for handling information specific to ConfidentialClientApplicationBuilderExtension.
Expand All @@ -135,7 +150,10 @@ public static void UsingPodIdentityFile(
/// <param name="signedAssertionUri"></param>
public static void UsingSignedAssertionFromVault(
ILogger logger,
string signedAssertionUri) => s_usingSignedAssertionFromVault(logger, signedAssertionUri, default!);
string signedAssertionUri)
{
s_usingSignedAssertionFromVault(logger, signedAssertionUri, default!);
}

/// <summary>
/// Logger for handling information specific to ConfidentialClientApplicationBuilderExtension.
Expand All @@ -144,7 +162,10 @@ public static void UsingSignedAssertionFromVault(
/// <param name="signedAssertionUri"></param>
public static void UsingSignedAssertionFromCustomProvider(
ILogger logger,
string signedAssertionUri) => s_usingSignedAssertionFromCustomProvider(logger, signedAssertionUri, default!);
string signedAssertionUri)
{
s_usingSignedAssertionFromCustomProvider(logger, signedAssertionUri, default!);
}

/// <summary>
/// Logger for handling information specific to ConfidentialClientApplicationBuilderExtension.
Expand All @@ -153,7 +174,10 @@ public static void UsingSignedAssertionFromCustomProvider(
/// <param name="certThumbprint"></param>
public static void UsingCertThumbprint(
ILogger logger,
string certThumbprint) => s_usingCertThumbprint(logger, certThumbprint, default!);
string? certThumbprint)
{
s_usingCertThumbprint(logger, certThumbprint ?? "null", default!);
}
}
}
}
2 changes: 1 addition & 1 deletion src/Microsoft.Identity.Web.TokenAcquisition/ConfidentialClientApplicationBuilderExtension.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ public static async Task<ConfidentialClientApplicationBuilder> WithClientCredent
{
if (credential.Certificate != null)
{
Logger.UsingCertThumbprint(logger, credential.Certificate.Thumbprint);
Logger.UsingCertThumbprint(logger, credential.Certificate?.Thumbprint);
return credential;
}
}
Expand Down
1 change: 1 addition & 0 deletions src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/net10.0/InternalAPI.Unshipped.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ const Microsoft.Identity.Web.Constants.ClientAssertionContainsInvalidSignature =
const Microsoft.Identity.Web.Constants.CertificateWasRevoked = "AADSTS7000277" -> string!
Microsoft.Identity.Web.TokenAcquisitionExtensionOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOf(Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> void
Microsoft.Identity.Web.TokenAcquisitionExtensionOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync(Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> System.Threading.Tasks.Task!
static Microsoft.Identity.Web.ConfidentialClientApplicationBuilderExtension.Logger.UsingCertThumbprint(Microsoft.Extensions.Logging.ILogger! logger, string? certThumbprint) -> void
static readonly Microsoft.Identity.Web.Constants.s_certificateRelatedErrorCodes -> System.Collections.Generic.HashSet<string!>!
1 change: 1 addition & 0 deletions src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/net462/InternalAPI.Unshipped.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ const Microsoft.Identity.Web.Constants.ClientAssertionContainsInvalidSignature =
const Microsoft.Identity.Web.Constants.CertificateWasRevoked = "AADSTS7000277" -> string!
Microsoft.Identity.Web.TokenAcquisitionExtensionOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOf(Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> void
Microsoft.Identity.Web.TokenAcquisitionExtensionOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync(Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> System.Threading.Tasks.Task!
static Microsoft.Identity.Web.ConfidentialClientApplicationBuilderExtension.Logger.UsingCertThumbprint(Microsoft.Extensions.Logging.ILogger! logger, string? certThumbprint) -> void
static readonly Microsoft.Identity.Web.Constants.s_certificateRelatedErrorCodes -> System.Collections.Generic.HashSet<string!>!
1 change: 1 addition & 0 deletions src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/net472/InternalAPI.Unshipped.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ const Microsoft.Identity.Web.Constants.ClientAssertionContainsInvalidSignature =
const Microsoft.Identity.Web.Constants.CertificateWasRevoked = "AADSTS7000277" -> string!
Microsoft.Identity.Web.TokenAcquisitionExtensionOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOf(Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> void
Microsoft.Identity.Web.TokenAcquisitionExtensionOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync(Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> System.Threading.Tasks.Task!
static Microsoft.Identity.Web.ConfidentialClientApplicationBuilderExtension.Logger.UsingCertThumbprint(Microsoft.Extensions.Logging.ILogger! logger, string? certThumbprint) -> void
static readonly Microsoft.Identity.Web.Constants.s_certificateRelatedErrorCodes -> System.Collections.Generic.HashSet<string!>!
1 change: 1 addition & 0 deletions src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/net8.0/InternalAPI.Unshipped.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ const Microsoft.Identity.Web.Constants.ClientAssertionContainsInvalidSignature =
const Microsoft.Identity.Web.Constants.CertificateWasRevoked = "AADSTS7000277" -> string!
Microsoft.Identity.Web.TokenAcquisitionExtensionOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOf(Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> void
Microsoft.Identity.Web.TokenAcquisitionExtensionOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync(Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> System.Threading.Tasks.Task!
static Microsoft.Identity.Web.ConfidentialClientApplicationBuilderExtension.Logger.UsingCertThumbprint(Microsoft.Extensions.Logging.ILogger! logger, string? certThumbprint) -> void
static readonly Microsoft.Identity.Web.Constants.s_certificateRelatedErrorCodes -> System.Collections.Generic.HashSet<string!>!
1 change: 1 addition & 0 deletions src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/net9.0/InternalAPI.Unshipped.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ const Microsoft.Identity.Web.Constants.ClientAssertionContainsInvalidSignature =
const Microsoft.Identity.Web.Constants.CertificateWasRevoked = "AADSTS7000277" -> string!
Microsoft.Identity.Web.TokenAcquisitionExtensionOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOf(Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> void
Microsoft.Identity.Web.TokenAcquisitionExtensionOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync(Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> System.Threading.Tasks.Task!
static Microsoft.Identity.Web.ConfidentialClientApplicationBuilderExtension.Logger.UsingCertThumbprint(Microsoft.Extensions.Logging.ILogger! logger, string? certThumbprint) -> void
static readonly Microsoft.Identity.Web.Constants.s_certificateRelatedErrorCodes -> System.Collections.Generic.HashSet<string!>!
1 change: 1 addition & 0 deletions ...icrosoft.Identity.Web.TokenAcquisition/PublicAPI/netstandard2.0/InternalAPI.Unshipped.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ const Microsoft.Identity.Web.Constants.ClientAssertionContainsInvalidSignature =
const Microsoft.Identity.Web.Constants.CertificateWasRevoked = "AADSTS7000277" -> string!
Microsoft.Identity.Web.TokenAcquisitionExtensionOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOf(Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> void
Microsoft.Identity.Web.TokenAcquisitionExtensionOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync(Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> System.Threading.Tasks.Task!
static Microsoft.Identity.Web.ConfidentialClientApplicationBuilderExtension.Logger.UsingCertThumbprint(Microsoft.Extensions.Logging.ILogger! logger, string? certThumbprint) -> void
static readonly Microsoft.Identity.Web.Constants.s_certificateRelatedErrorCodes -> System.Collections.Generic.HashSet<string!>!
10 changes: 8 additions & 2 deletions src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.Logger.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,10 @@ internal static class Logger
public static void TokenAcquisitionError(
ILogger logger,
string msalErrorMessage,
Exception? ex) => s_tokenAcquisitionError(logger, msalErrorMessage, ex);
Exception? ex)
{
s_tokenAcquisitionError(logger, msalErrorMessage, ex);
}

/// <summary>
/// Logger for handling information specific to MSAL in token acquisition.
Expand All @@ -61,7 +64,9 @@ public static void TokenAcquisitionMsalAuthenticationResultTime(
string tokenSource,
string correlationId,
string cacheRefreshReason,
Exception? ex) => s_tokenAcquisitionMsalAuthenticationResultTime(
Exception? ex)
{
s_tokenAcquisitionMsalAuthenticationResultTime(
logger,
durationTotalInMs,
durationInHttpInMs,
Expand All @@ -70,6 +75,7 @@ public static void TokenAcquisitionMsalAuthenticationResultTime(
correlationId,
cacheRefreshReason,
ex);
}
}
}
}
2 changes: 1 addition & 1 deletion tests/Microsoft.Identity.Web.Test/CertificatesObserverTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -364,7 +364,7 @@ protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage reques
if (uri.StartsWith(kvp.Key, StringComparison.OrdinalIgnoreCase))
{
if (this.description.Certificate == null ||
!this.ValidCertificates.Any(cert => cert.Thumbprint.Equals(this.description.Certificate.Thumbprint, StringComparison.OrdinalIgnoreCase)))
!this.ValidCertificates.Any(cert => cert.Thumbprint.Equals(this.description.Certificate?.Thumbprint, StringComparison.OrdinalIgnoreCase)))
{
var errorResponse = new
{
Expand Down
Loading