AzureAD · Avery-Dunn · Apr 24, 2026 · Apr 26, 2026 · Apr 27, 2026
@@ -79,21 +79,25 @@
 
   <PropertyGroup Label="Common dependency versions">
     <MicrosoftIdentityModelVersion Condition="'$(MicrosoftIdentityModelVersion)' == ''">8.14.0</MicrosoftIdentityModelVersion>
-    <MicrosoftIdentityClientVersion Condition="'$(MicrosoftIdentityClientVersion)' == ''">4.76.0</MicrosoftIdentityClientVersion>
+    <MicrosoftIdentityClientVersion Condition="'$(MicrosoftIdentityClientVersion)' == ''">4.83.1</MicrosoftIdentityClientVersion>
     <FxCopAnalyzersVersion>3.3.0</FxCopAnalyzersVersion>
     <SystemTextEncodingsWebVersion>4.7.2</SystemTextEncodingsWebVersion>
     <AzureSecurityKeyVaultSecretsVersion>4.6.0</AzureSecurityKeyVaultSecretsVersion>
-    <AzureIdentityVersion>1.11.4</AzureIdentityVersion>
+    <AzureIdentityVersion>1.17.2</AzureIdentityVersion>
     <AzureSecurityKeyVaultCertificatesVersion>4.6.0</AzureSecurityKeyVaultCertificatesVersion>
     <MicrosoftGraphVersion>4.36.0</MicrosoftGraphVersion>
     <MicrosoftGraphBetaVersion>4.57.0-preview</MicrosoftGraphBetaVersion>
     <MicrosoftIdentityAbstractionsVersion>9.3.0</MicrosoftIdentityAbstractionsVersion>
     <!--CVE-2024-43485-->
-    <SystemTextJsonVersion>8.0.5</SystemTextJsonVersion>
+    <SystemTextJsonVersion>8.0.6</SystemTextJsonVersion>
     <!--CVE-2023-29331-->
     <SystemFormatsAsn1Version>8.0.1</SystemFormatsAsn1Version>
     <BannedApiAnalyzersVersion>4.14.0</BannedApiAnalyzersVersion>
     <PublicApiAnalyzersVersion>4.14.0</PublicApiAnalyzersVersion>
+    <!-- Logging.Abstractions needs a separate version variable because Azure.Core 1.50.0
+         (via System.ClientModel 1.8.0) requires Logging.Abstractions >= 8.0.3, but the full
+         Microsoft.Extensions.Logging package has no 8.0.3 release (jumps from 8.0.1 to 9.0.0). -->
+    <MicrosoftExtensionsLoggingAbstractionsVersion>8.0.3</MicrosoftExtensionsLoggingAbstractionsVersion>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(TargetFramework)' == 'net9.0'">
@@ -104,9 +108,10 @@
     <MicrosoftExtensionsCachingMemoryVersion>$(NetNineRuntimeVersion)</MicrosoftExtensionsCachingMemoryVersion>
     <MicrosoftExtensionsHostingVersion>$(NetNineRuntimeVersion)</MicrosoftExtensionsHostingVersion>
     <MicrosoftAspNetCoreDataProtectionVersion>$(AspNetCoreNineRuntimeVersion)</MicrosoftAspNetCoreDataProtectionVersion>
-    <SystemSecurityCryptographyPkcsVersion>$(NetNineRuntimeVersion)</SystemSecurityCryptographyPkcsVersion>
-    <SystemSecurityCryptographyXmlVersion>$(NetNineRuntimeVersion)</SystemSecurityCryptographyXmlVersion>
+    <SystemSecurityCryptographyPkcsVersion>9.0.15</SystemSecurityCryptographyPkcsVersion>
+    <SystemSecurityCryptographyXmlVersion>9.0.15</SystemSecurityCryptographyXmlVersion>
     <MicrosoftExtensionsLoggingVersion>$(NetNineRuntimeVersion)</MicrosoftExtensionsLoggingVersion>
+    <MicrosoftExtensionsLoggingAbstractionsVersion>$(NetNineRuntimeVersion)</MicrosoftExtensionsLoggingAbstractionsVersion>
     <MicrosoftExtensionsConfigurationBinderVersion>$(NetNineRuntimeVersion)</MicrosoftExtensionsConfigurationBinderVersion>
     <SystemFormatsAsn1Version>$(NetNineRuntimeVersion)</SystemFormatsAsn1Version>
     <SystemTextJsonVersion>$(NetNineRuntimeVersion)</SystemTextJsonVersion>
@@ -119,9 +124,10 @@
     <MicrosoftExtensionsCachingMemoryVersion>8.0.1</MicrosoftExtensionsCachingMemoryVersion>
     <MicrosoftExtensionsHostingVersion>8.0.0</MicrosoftExtensionsHostingVersion>
     <MicrosoftAspNetCoreDataProtectionVersion>8.0.1</MicrosoftAspNetCoreDataProtectionVersion>
-    <SystemSecurityCryptographyPkcsVersion>8.0.0</SystemSecurityCryptographyPkcsVersion>
-    <SystemSecurityCryptographyXmlVersion>8.0.1</SystemSecurityCryptographyXmlVersion>
+    <SystemSecurityCryptographyPkcsVersion>8.0.1</SystemSecurityCryptographyPkcsVersion>
+    <SystemSecurityCryptographyXmlVersion>8.0.3</SystemSecurityCryptographyXmlVersion>
     <MicrosoftExtensionsLoggingVersion>8.0.0</MicrosoftExtensionsLoggingVersion>
+    <MicrosoftExtensionsLoggingAbstractionsVersion>8.0.3</MicrosoftExtensionsLoggingAbstractionsVersion>
     <SystemTextEncodingsWebVersion>8.0.0</SystemTextEncodingsWebVersion>
     <MicrosoftExtensionsConfigurationBinderVersion>8.0.0</MicrosoftExtensionsConfigurationBinderVersion>
     <MicrosoftExtensionsDependencyInjectionVersion>8.0.0</MicrosoftExtensionsDependencyInjectionVersion>
@@ -149,7 +155,7 @@
     <MicrosoftAspNetCoreDataProtectionVersion>6.0.0</MicrosoftAspNetCoreDataProtectionVersion>
     <SystemSecurityCryptographyXmlVersion>6.0.1</SystemSecurityCryptographyXmlVersion>
     <!--CVE-2023-29331-->
-    <SystemFormatsAsn1Version>6.0.1</SystemFormatsAsn1Version>
+    <SystemFormatsAsn1Version>8.0.1</SystemFormatsAsn1Version>
     <!--CVE-2023-29331-->
     <SystemSecurityCryptographyPkcsVersion>6.0.4</SystemSecurityCryptographyPkcsVersion>
     <!-- CVE-2022-34716 due to DataProtection 5.0.8 -->
@@ -175,23 +181,21 @@
     <!-- 6.0.0 as 5.x are deprecated -->
     <MicrosoftExtensionsLoggingVersion>6.0.0</MicrosoftExtensionsLoggingVersion>
 
-    <!-- Microsoft.Extensions.Configuration.Binder 6.* are obsoleted -->
-    <MicrosoftExtensionsConfigurationBinderVersion>6.0.0</MicrosoftExtensionsConfigurationBinderVersion>
-    <MicrosoftExtensionsDependencyInjectionVersion>2.1.0</MicrosoftExtensionsDependencyInjectionVersion>
+    <MicrosoftExtensionsConfigurationBinderVersion>8.0.0</MicrosoftExtensionsConfigurationBinderVersion>
+    <MicrosoftExtensionsDependencyInjectionVersion>8.0.0</MicrosoftExtensionsDependencyInjectionVersion>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(TargetFramework)' == 'netstandard2.0' Or '$(TargetFramework)' == 'net472'">
     <MicrosoftAspNetCoreDataProtectionVersion>2.1.0</MicrosoftAspNetCoreDataProtectionVersion>
     <!-- CVE-2022-34716 due to DataProtection 2.1.0 -->
     <SystemSecurityCryptographyPkcsVersion>7.0.2</SystemSecurityCryptographyPkcsVersion>
     <SystemSecurityCryptographyXmlVersion>4.7.1</SystemSecurityCryptographyXmlVersion>
-    <MicrosoftExtensionsLoggingVersion>4.7.1</MicrosoftExtensionsLoggingVersion>
     <MicrosoftExtensionsCachingMemoryVersion>2.1.0</MicrosoftExtensionsCachingMemoryVersion>
     <MicrosoftExtensionsHostingVersion>2.1.1</MicrosoftExtensionsHostingVersion>
     <MicrosoftExtensionsHttpVersion>3.1.3</MicrosoftExtensionsHttpVersion>
     <MicrosoftExtensionsLoggingVersion>2.1.0</MicrosoftExtensionsLoggingVersion>
-    <MicrosoftExtensionsDependencyInjectionVersion>2.1.0</MicrosoftExtensionsDependencyInjectionVersion>
-    <MicrosoftExtensionsConfigurationBinderVersion>2.2.4</MicrosoftExtensionsConfigurationBinderVersion>
+    <MicrosoftExtensionsDependencyInjectionVersion>8.0.0</MicrosoftExtensionsDependencyInjectionVersion>
+    <MicrosoftExtensionsConfigurationBinderVersion>8.0.0</MicrosoftExtensionsConfigurationBinderVersion>
   </PropertyGroup>
 
   <ItemGroup>

@@ -66,7 +66,6 @@ public async Task LoadIfNeededAsync(CredentialDescription credentialDescription,
                     ExcludeAzureDeveloperCliCredential = true,
                     ExcludeAzurePowerShellCredential = true,
                     ExcludeInteractiveBrowserCredential = true,
-                    ExcludeSharedTokenCacheCredential = true,
                     ExcludeVisualStudioCodeCredential = true,
                     ExcludeVisualStudioCredential = true
                 };

@@ -17,7 +17,7 @@
     <PackageReference Include="Azure.Security.KeyVault.Secrets" Version="$(AzureSecurityKeyVaultSecretsVersion)" />
     <PackageReference Include="Azure.Identity" Version="$(AzureIdentityVersion)" />
     <PackageReference Include="Azure.Security.KeyVault.Certificates" Version="$(AzureSecurityKeyVaultCertificatesVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(MicrosoftExtensionsLoggingVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(MicrosoftExtensionsLoggingAbstractionsVersion)" />
     <PackageReference Include="Microsoft.Identity.Abstractions" Version="$(MicrosoftIdentityAbstractionsVersion)" />
   </ItemGroup>
 

@@ -91,6 +91,11 @@ private void Log(
           string message,
           bool containsPii)
         {
+            if (_logger == null)
+            {
+                return;
+            }
+
             switch (level)
             {
                 case Client.LogLevel.Always:

@@ -19,7 +19,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(MicrosoftExtensionsLoggingVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(MicrosoftExtensionsLoggingAbstractionsVersion)" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens " Version="$(MicrosoftIdentityModelVersion)" />
     <PackageReference Include="Microsoft.Identity.Client" Version="$(MicrosoftIdentityClientVersion)" />
   </ItemGroup>

@@ -516,7 +516,7 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
 
             await UpdateRequestAsync(httpRequestMessage, content, effectiveOptions, appToken, user, cancellationToken);
 
-            using HttpClient client = string.IsNullOrEmpty(serviceName) ? _httpClientFactory.CreateClient() : _httpClientFactory.CreateClient(serviceName);
+            using HttpClient client = string.IsNullOrEmpty(serviceName) ? _httpClientFactory.CreateClient() : _httpClientFactory.CreateClient(serviceName!);
 
             // Send the HTTP message           
             var downstreamApiResult = await client.SendAsync(httpRequestMessage, cancellationToken).ConfigureAwait(false);

@@ -62,10 +62,10 @@ public static IAppBuilder AddMicrosoftIdentityWebApi(
                     configuration?.GetSection(configurationSection).Bind(option);
                 }));
 
-            string instance = configuration.GetValue<string>($"{configurationSection}:Instance");
-            string tenantId = configuration.GetValue<string>($"{configurationSection}:TenantId");
-            string clientId = configuration.GetValue<string>($"{configurationSection}:ClientId");
-            string audience = configuration.GetValue<string>($"{configurationSection}:Audience");
+            string? instance = configuration.GetValue<string>($"{configurationSection}:Instance");
+            string? tenantId = configuration.GetValue<string>($"{configurationSection}:TenantId");
+            string? clientId = configuration.GetValue<string>($"{configurationSection}:ClientId");
+            string? audience = configuration.GetValue<string>($"{configurationSection}:Audience");
             string authority = instance + tenantId + "/v2.0";
             TokenValidationParameters tokenValidationParameters = new()
             {
@@ -121,10 +121,10 @@ public static IAppBuilder AddMicrosoftIdentityWebApp(
                     configuration?.GetSection(configurationSection).Bind(option);
                 }));
 
-            string instance = configuration.GetValue<string>($"{configurationSection}:Instance");
-            string tenantId = configuration.GetValue<string>($"{configurationSection}:TenantId");
-            string clientId = configuration.GetValue<string>($"{configurationSection}:ClientId");
-            string postLogoutRedirectUri = configuration.GetValue<string>($"{configurationSection}:SignedOutCallbackPath");
+            string? instance = configuration.GetValue<string>($"{configurationSection}:Instance");
+            string? tenantId = configuration.GetValue<string>($"{configurationSection}:TenantId");
+            string? clientId = configuration.GetValue<string>($"{configurationSection}:ClientId");
+            string? postLogoutRedirectUri = configuration.GetValue<string>($"{configurationSection}:SignedOutCallbackPath");
             string authority = instance + tenantId + "/v2.0";
 
             OpenIdConnectAuthenticationOptions options = new()

@@ -23,8 +23,8 @@
     </None>
   </ItemGroup>
   <ItemGroup>
-   <PackageReference Include="Microsoft.Extensions.Configuration" Version="3.1.24" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="3.1.24" />
+   <PackageReference Include="Microsoft.Extensions.Configuration" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="8.0.0" />
     <PackageReference Include="Microsoft.Extensions.Http" Version="$(MicrosoftExtensionsHttpVersion)" />
     <PackageReference Include="Microsoft.Graph" Version="$(MicrosoftGraphVersion)" />
     <PackageReference Include="Microsoft.IdentityModel.Logging" Version="$(MicrosoftIdentityModelVersion)" />

@@ -25,15 +25,15 @@ public class OwinTokenAcquirerFactory : TokenAcquirerFactory
         /// <returns></returns>
         protected override string DefineConfiguration(IConfigurationBuilder builder)
         {
-            _ = builder.AddInMemoryCollection(new Dictionary<string, string>()
+            _ = builder.AddInMemoryCollection(new Dictionary<string, string?>()
             {
-                ["AzureAd:Instance"] = EnsureTrailingSlash(ConfigurationManager.AppSettings["ida:Instance"] ?? ConfigurationManager.AppSettings["ida:AADInstance"] ?? "https://login.microsoftonline.com/"),
-                ["AzureAd:ClientId"] = ConfigurationManager.AppSettings["ida:ClientId"],
-                ["AzureAd:TenantId"] = ConfigurationManager.AppSettings["ida:Tenant"] ?? ConfigurationManager.AppSettings["ida:TenantId"],
-                ["AzureAd:Audience"] = ConfigurationManager.AppSettings["ida:Audience"],
-                ["AzureAd:ClientSecret"] = ConfigurationManager.AppSettings["ida:ClientSecret"],
-                ["AzureAd:SignedOutCallbackPath"] = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"],
-                ["AzureAd:RedirectUri"] = ConfigurationManager.AppSettings["ida:RedirectUri"],
+                ["AzureAd:Instance"] = EnsureTrailingSlash(System.Configuration.ConfigurationManager.AppSettings["ida:Instance"] ?? System.Configuration.ConfigurationManager.AppSettings["ida:AADInstance"] ?? "https://login.microsoftonline.com/"),
+                ["AzureAd:ClientId"] = System.Configuration.ConfigurationManager.AppSettings["ida:ClientId"],
+                ["AzureAd:TenantId"] = System.Configuration.ConfigurationManager.AppSettings["ida:Tenant"] ?? System.Configuration.ConfigurationManager.AppSettings["ida:TenantId"],
+                ["AzureAd:Audience"] = System.Configuration.ConfigurationManager.AppSettings["ida:Audience"],
+                ["AzureAd:ClientSecret"] = System.Configuration.ConfigurationManager.AppSettings["ida:ClientSecret"],
+                ["AzureAd:SignedOutCallbackPath"] = System.Configuration.ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"],
+                ["AzureAd:RedirectUri"] = System.Configuration.ConfigurationManager.AppSettings["ida:RedirectUri"],
             });
 
             return HostingEnvironment.MapPath("~/");

@@ -18,11 +18,11 @@ public JwtBearerOptionsMerger(IMergedOptionsStore mergedOptions)
         private readonly IMergedOptionsStore _mergedOptionsMonitor;
 
         public void PostConfigure(
-#if NET7_0_OR_GREATER
+#if !NET6_0
             string? name,
 #else
             string name,
-#endif            
+#endif
             JwtBearerOptions options)
         {
             MergedOptions mergedOptions = _mergedOptionsMonitor.Get(name ?? string.Empty);

@@ -26,7 +26,7 @@
   <ItemGroup Condition="'$(TargetFrameworkIdentifier)' == '.NETFramework' Or '$(TargetFramework)' == 'netstandard2.0'">
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(MicrosoftExtensionsConfigurationBinderVersion)" />
     <PackageReference Include="Microsoft.Extensions.Http" Version="$(MicrosoftExtensionsHttpVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="3.1.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="8.0.0" />
   </ItemGroup>
 
   <ItemGroup>

@@ -16,7 +16,7 @@ public ConfidentialClientApplicationOptionsMerger(IMergedOptionsStore mergedOpti
         private readonly IMergedOptionsStore _mergedOptionsMonitor;
 
         public void PostConfigure(
-#if NET7_0_OR_GREATER
+#if !NET6_0
             string? name,
 #else
             string name,

@@ -16,11 +16,11 @@ public MicrosoftIdentityApplicationOptionsMerger(IMergedOptionsStore mergedOptio
         private readonly IMergedOptionsStore _mergedOptionsMonitor;
 
         public void PostConfigure(
-#if NET7_0_OR_GREATER
+#if !NET6_0
             string? name,
 #else
             string name,
-#endif            
+#endif
             MicrosoftIdentityApplicationOptions options)
         {
             MergedOptions.UpdateMergedOptionsFromMicrosoftIdentityApplicationOptions(options, _mergedOptionsMonitor.Get(name ?? string.Empty));

@@ -15,7 +15,7 @@ public MicrosoftIdentityOptionsMerger(IMergedOptionsStore mergedOptions)
         private readonly IMergedOptionsStore _mergedOptionsMonitor;
 
         public void PostConfigure(
-#if NET7_0_OR_GREATER
+#if !NET6_0
             string? name,
 #else
             string name,

@@ -1 +1,7 @@
 #nullable enable
+*REMOVED*Microsoft.Identity.Web.ConfidentialClientApplicationOptionsMerger.PostConfigure(string! name, Microsoft.Identity.Client.ConfidentialClientApplicationOptions! options) -> void
+Microsoft.Identity.Web.ConfidentialClientApplicationOptionsMerger.PostConfigure(string? name, Microsoft.Identity.Client.ConfidentialClientApplicationOptions! options) -> void
+*REMOVED*Microsoft.Identity.Web.MicrosoftIdentityApplicationOptionsMerger.PostConfigure(string! name, Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions! options) -> void
+Microsoft.Identity.Web.MicrosoftIdentityApplicationOptionsMerger.PostConfigure(string? name, Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions! options) -> void
+*REMOVED*Microsoft.Identity.Web.MicrosoftIdentityOptionsMerger.PostConfigure(string! name, Microsoft.Identity.Web.MicrosoftIdentityOptions! options) -> void
+Microsoft.Identity.Web.MicrosoftIdentityOptionsMerger.PostConfigure(string? name, Microsoft.Identity.Web.MicrosoftIdentityOptions! options) -> void
@@ -1 +1,7 @@
 #nullable enable
+*REMOVED*Microsoft.Identity.Web.ConfidentialClientApplicationOptionsMerger.PostConfigure(string! name, Microsoft.Identity.Client.ConfidentialClientApplicationOptions! options) -> void
+Microsoft.Identity.Web.ConfidentialClientApplicationOptionsMerger.PostConfigure(string? name, Microsoft.Identity.Client.ConfidentialClientApplicationOptions! options) -> void
+*REMOVED*Microsoft.Identity.Web.MicrosoftIdentityApplicationOptionsMerger.PostConfigure(string! name, Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions! options) -> void
+Microsoft.Identity.Web.MicrosoftIdentityApplicationOptionsMerger.PostConfigure(string? name, Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions! options) -> void
+*REMOVED*Microsoft.Identity.Web.MicrosoftIdentityOptionsMerger.PostConfigure(string! name, Microsoft.Identity.Web.MicrosoftIdentityOptions! options) -> void
+Microsoft.Identity.Web.MicrosoftIdentityOptionsMerger.PostConfigure(string? name, Microsoft.Identity.Web.MicrosoftIdentityOptions! options) -> void
@@ -1 +1,7 @@
 #nullable enable
+*REMOVED*Microsoft.Identity.Web.ConfidentialClientApplicationOptionsMerger.PostConfigure(string! name, Microsoft.Identity.Client.ConfidentialClientApplicationOptions! options) -> void
+Microsoft.Identity.Web.ConfidentialClientApplicationOptionsMerger.PostConfigure(string? name, Microsoft.Identity.Client.ConfidentialClientApplicationOptions! options) -> void
+*REMOVED*Microsoft.Identity.Web.MicrosoftIdentityApplicationOptionsMerger.PostConfigure(string! name, Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions! options) -> void
+Microsoft.Identity.Web.MicrosoftIdentityApplicationOptionsMerger.PostConfigure(string? name, Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions! options) -> void
+*REMOVED*Microsoft.Identity.Web.MicrosoftIdentityOptionsMerger.PostConfigure(string! name, Microsoft.Identity.Web.MicrosoftIdentityOptions! options) -> void
+Microsoft.Identity.Web.MicrosoftIdentityOptionsMerger.PostConfigure(string? name, Microsoft.Identity.Web.MicrosoftIdentityOptions! options) -> void