diff --git a/Directory.Build.props b/Directory.Build.props
index bec365cf3..8d41b8bde 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -4,7 +4,7 @@
     <!-- This needs to be greater than or equal to the validation baseline version. The conditional logic around TargetNetNext is there
     to avoid NU5104 for packing a release version library with prerelease deps. By adding preview to it, that warning is avoided.
     -->
-    <MicrosoftIdentityWebVersion Condition="'$(MicrosoftIdentityWebVersion)' == ''">4.8.1</MicrosoftIdentityWebVersion>
+    <MicrosoftIdentityWebVersion Condition="'$(MicrosoftIdentityWebVersion)' == ''">4.9.1</MicrosoftIdentityWebVersion>
     <!--This will generate AssemblyVersion, AssemblyFileVersion and AssemblyInformationVersion-->
     <Version>$(MicrosoftIdentityWebVersion)</Version>
     <EnablePackageValidation>true</EnablePackageValidation>
diff --git a/changelog.md b/changelog.md
index 6b41e73f8..eda22f0ad 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,3 +1,20 @@
+## 4.9.0
+
+### New features
+- **Sidecar: per-route override gating.** New `Sidecar:AllowOverrides` configuration section provides explicit, per-route control over whether `optionsOverride.*` query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. `optionsOverride.BaseUrl` is unconditionally rejected on all routes as a hardening measure. See [#3794](https://github.com/AzureAD/microsoft-identity-web/pull/3794).
+
+### Bug fixes
+- Fix `AccountController.Challenge` redirect URI validation to reject percent-encoded protocol-relative bypasses (`%2F%2F`, `%5C%2F`, etc.) that could be decoded by misconfigured reverse proxies. See [#3792](https://github.com/AzureAD/microsoft-identity-web/pull/3792).
+
+### Behavior changes
+- **DownstreamApi: reserved header filtering.** Headers supplied via `DownstreamApiOptions.ExtraHeaderParameters` whose names match reserved HTTP headers (`Authorization`, `Host`, `Content-Length`, `Proxy-Authorization`, `Sec-*`, `Proxy-*`, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (`ReservedHeaderIgnored` / `DuplicateHeaderIgnored`) is emitted so operators can spot misconfigurations. No exception is thrown. See [#3793](https://github.com/AzureAD/microsoft-identity-web/pull/3793).
+
+### Dependencies updates
+- **Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.\* 8.0.x minimum on older TFMs.** Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on `Microsoft.Extensions.DependencyInjection.Abstractions` 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a `CS0433` type collision with the previously-pinned `Microsoft.Extensions.DependencyInjection` 2.1.0. The entire `Microsoft.Extensions.*` stack on these older TFMs has been bumped to 8.x for consistency. **If your application targets net462, net472, or netstandard2.0**, your resolved `Microsoft.Extensions.*` versions will increase (e.g., `Extensions.Http` 3.1.3 → 8.0.0, `Extensions.DependencyInjection` 2.1.0 → 8.0.0, `Extensions.Caching.Memory` 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See [#3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).
+- Bump `System.Text.Json` 8.0.5 → 8.0.6 (CVE-2024-43485). See [#3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).
+- Bump `Microsoft.AspNetCore.DataProtection` to 10.0.7 for CVE fix on net10.0. See [#3796](https://github.com/AzureAD/microsoft-identity-web/pull/3796).
+- Bump `OpenTelemetry.Exporter.OpenTelemetryProtocol` 1.14.0 → 1.15.3. See [#3788](https://github.com/AzureAD/microsoft-identity-web/pull/3788).
+
 ## 4.8.0
 
 ### New features
diff --git a/src/Microsoft.Identity.Web.Certificate/PublicAPI/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Web.Certificate/PublicAPI/PublicAPI.Shipped.txt
index 69e227b54..712489fc7 100644
--- a/src/Microsoft.Identity.Web.Certificate/PublicAPI/PublicAPI.Shipped.txt
+++ b/src/Microsoft.Identity.Web.Certificate/PublicAPI/PublicAPI.Shipped.txt
@@ -37,8 +37,8 @@ Microsoft.Identity.Web.DefaultCredentialsLoader.LoadFirstValidCredentialsAsync(S
 Microsoft.Identity.Web.DefaultCredentialsLoader.ResetCredentials(System.Collections.Generic.IEnumerable<Microsoft.Identity.Abstractions.CredentialDescription!>! credentialDescriptions) -> void
 Microsoft.Identity.Web.ICertificateLoader
 Microsoft.Identity.Web.ICertificateLoader.LoadIfNeeded(Microsoft.Identity.Web.CertificateDescription! certificateDescription) -> void
-static Microsoft.Identity.Web.CertificateDescription.FromBase64Encoded(string! base64EncodedValue, string! password) -> Microsoft.Identity.Web.CertificateDescription!
 static Microsoft.Identity.Web.CertificateDescription.FromBase64Encoded(string! base64EncodedValue) -> Microsoft.Identity.Web.CertificateDescription!
+static Microsoft.Identity.Web.CertificateDescription.FromBase64Encoded(string! base64EncodedValue, string! password) -> Microsoft.Identity.Web.CertificateDescription!
 static Microsoft.Identity.Web.CertificateDescription.FromCertificate(System.Security.Cryptography.X509Certificates.X509Certificate2! x509certificate2) -> Microsoft.Identity.Web.CertificateDescription!
 static Microsoft.Identity.Web.CertificateDescription.FromKeyVault(string! keyVaultUrl, string! keyVaultCertificateName) -> Microsoft.Identity.Web.CertificateDescription!
 static Microsoft.Identity.Web.CertificateDescription.FromPath(string! path, string? password = null) -> Microsoft.Identity.Web.CertificateDescription!
diff --git a/src/Microsoft.Identity.Web.Certificateless/PublicAPI/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Web.Certificateless/PublicAPI/PublicAPI.Shipped.txt
index 072d368a1..6e598f87a 100644
--- a/src/Microsoft.Identity.Web.Certificateless/PublicAPI/PublicAPI.Shipped.txt
+++ b/src/Microsoft.Identity.Web.Certificateless/PublicAPI/PublicAPI.Shipped.txt
@@ -18,8 +18,8 @@ Microsoft.Identity.Web.ClientAssertionProviderBase.ClientAssertionProviderBase()
 Microsoft.Identity.Web.ClientAssertionProviderBase.Expiry.get -> System.DateTimeOffset?
 Microsoft.Identity.Web.ClientAssertionProviderBase.GetSignedAssertionAsync(Microsoft.Identity.Client.AssertionRequestOptions? assertionRequestOptions) -> System.Threading.Tasks.Task<string!>!
 Microsoft.Identity.Web.ManagedIdentityClientAssertion
-Microsoft.Identity.Web.ManagedIdentityClientAssertion.ManagedIdentityClientAssertion(string? managedIdentityClientId, string? tokenExchangeUrl, Microsoft.Extensions.Logging.ILogger? logger) -> void
-Microsoft.Identity.Web.ManagedIdentityClientAssertion.ManagedIdentityClientAssertion(string? managedIdentityClientId, string? tokenExchangeUrl) -> void
 Microsoft.Identity.Web.ManagedIdentityClientAssertion.ManagedIdentityClientAssertion(string? managedIdentityClientId) -> void
+Microsoft.Identity.Web.ManagedIdentityClientAssertion.ManagedIdentityClientAssertion(string? managedIdentityClientId, string? tokenExchangeUrl) -> void
+Microsoft.Identity.Web.ManagedIdentityClientAssertion.ManagedIdentityClientAssertion(string? managedIdentityClientId, string? tokenExchangeUrl, Microsoft.Extensions.Logging.ILogger? logger) -> void
 override Microsoft.Identity.Web.AzureIdentityForKubernetesClientAssertion.GetClientAssertionAsync(Microsoft.Identity.Client.AssertionRequestOptions? assertionRequestOptions) -> System.Threading.Tasks.Task<Microsoft.Identity.Web.ClientAssertion!>!
 override Microsoft.Identity.Web.ManagedIdentityClientAssertion.GetClientAssertionAsync(Microsoft.Identity.Client.AssertionRequestOptions? assertionRequestOptions) -> System.Threading.Tasks.Task<Microsoft.Identity.Web.ClientAssertion!>!
diff --git a/src/Microsoft.Identity.Web.Diagnostics/PublicAPI/InternalAPI.Shipped.txt b/src/Microsoft.Identity.Web.Diagnostics/PublicAPI/InternalAPI.Shipped.txt
index b3ec4183f..9bf9f0311 100644
--- a/src/Microsoft.Identity.Web.Diagnostics/PublicAPI/InternalAPI.Shipped.txt
+++ b/src/Microsoft.Identity.Web.Diagnostics/PublicAPI/InternalAPI.Shipped.txt
@@ -11,13 +11,13 @@ static Microsoft.Identity.Web.Diagnostics.OsHelper.IsMacPlatform() -> bool
 static Microsoft.Identity.Web.Diagnostics.OsHelper.IsWindowsPlatform() -> bool
 static Microsoft.Identity.Web.IdHelper.CreateTelemetryInfo() -> string!
 static Microsoft.Identity.Web.IdHelper.GetIdWebVersion() -> string!
-static Microsoft.Identity.Web.Throws.ArgumentException(string! paramName, string? message, System.Exception? innerException) -> void
 static Microsoft.Identity.Web.Throws.ArgumentException(string! paramName, string? message) -> void
-static Microsoft.Identity.Web.Throws.ArgumentNullException(string! paramName, string? message) -> void
+static Microsoft.Identity.Web.Throws.ArgumentException(string! paramName, string? message, System.Exception? innerException) -> void
 static Microsoft.Identity.Web.Throws.ArgumentNullException(string! paramName) -> void
+static Microsoft.Identity.Web.Throws.ArgumentNullException(string! paramName, string? message) -> void
+static Microsoft.Identity.Web.Throws.ArgumentOutOfRangeException(string! paramName) -> void
 static Microsoft.Identity.Web.Throws.ArgumentOutOfRangeException(string! paramName, object? actualValue, string? message) -> void
 static Microsoft.Identity.Web.Throws.ArgumentOutOfRangeException(string! paramName, string? message) -> void
-static Microsoft.Identity.Web.Throws.ArgumentOutOfRangeException(string! paramName) -> void
 static Microsoft.Identity.Web.Throws.IfBufferTooSmall(int bufferSize, int requiredSize, string! paramName = "") -> void
 static Microsoft.Identity.Web.Throws.IfMemberNull<TParameter, TMember>(TParameter argument, TMember member, string! paramName = "", string! memberName = "") -> TMember
 static Microsoft.Identity.Web.Throws.IfNull<T>(T argument, string! paramName = "") -> T
@@ -27,5 +27,5 @@ static Microsoft.Identity.Web.Throws.IfNullOrEmpty<T>(System.Collections.Generic
 static Microsoft.Identity.Web.Throws.IfNullOrMemberNull<TParameter, TMember>(TParameter argument, TMember member, string! paramName = "", string! memberName = "") -> TMember
 static Microsoft.Identity.Web.Throws.IfNullOrWhitespace(string? argument, string! paramName = "") -> string!
 static Microsoft.Identity.Web.Throws.IfOutOfRange<T>(T argument, string! paramName = "") -> T
-static Microsoft.Identity.Web.Throws.InvalidOperationException(string! message, System.Exception? innerException) -> void
 static Microsoft.Identity.Web.Throws.InvalidOperationException(string! message) -> void
+static Microsoft.Identity.Web.Throws.InvalidOperationException(string! message, System.Exception? innerException) -> void
diff --git a/src/Microsoft.Identity.Web.GraphServiceClient/PublicAPI/NetCore/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Web.GraphServiceClient/PublicAPI/NetCore/PublicAPI.Shipped.txt
index 1a3971297..eab501d56 100644
--- a/src/Microsoft.Identity.Web.GraphServiceClient/PublicAPI/NetCore/PublicAPI.Shipped.txt
+++ b/src/Microsoft.Identity.Web.GraphServiceClient/PublicAPI/NetCore/PublicAPI.Shipped.txt
@@ -11,9 +11,9 @@ Microsoft.Identity.Web.GraphServiceClientOptions.User.set -> void
 Microsoft.Identity.Web.GraphServiceCollectionExtensions
 Microsoft.Identity.Web.MicrosoftGraphExtensions
 Microsoft.Identity.Web.RequestOptionsExtension
+static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, Microsoft.Extensions.Configuration.IConfiguration! configurationSection) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.Identity.Web.GraphServiceClientOptions!>! configureMicrosoftGraphOptions) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
-static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.MicrosoftGraphExtensions.AddMicrosoftGraph(this Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder! builder, Microsoft.Extensions.Configuration.IConfigurationSection! configurationSection) -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
 static Microsoft.Identity.Web.MicrosoftGraphExtensions.AddMicrosoftGraph(this Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder! builder, string! graphBaseUrl = "https://graph.microsoft.com/v1.0", System.Collections.Generic.IEnumerable<string!>? defaultScopes = null) -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
 static Microsoft.Identity.Web.MicrosoftGraphExtensions.AddMicrosoftGraph(this Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder! builder, System.Action<Microsoft.Identity.Web.GraphServiceClientOptions!>! configureMicrosoftGraphOptions) -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
diff --git a/src/Microsoft.Identity.Web.GraphServiceClient/PublicAPI/NetFramework/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Web.GraphServiceClient/PublicAPI/NetFramework/PublicAPI.Shipped.txt
index 8ea74be83..4dd3f8813 100644
--- a/src/Microsoft.Identity.Web.GraphServiceClient/PublicAPI/NetFramework/PublicAPI.Shipped.txt
+++ b/src/Microsoft.Identity.Web.GraphServiceClient/PublicAPI/NetFramework/PublicAPI.Shipped.txt
@@ -10,9 +10,9 @@ Microsoft.Identity.Web.GraphServiceClientOptions.User.get -> System.Security.Cla
 Microsoft.Identity.Web.GraphServiceClientOptions.User.set -> void
 Microsoft.Identity.Web.GraphServiceCollectionExtensions
 Microsoft.Identity.Web.RequestOptionsExtension
+static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, Microsoft.Extensions.Configuration.IConfiguration! configurationSection) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.Identity.Web.GraphServiceClientOptions!>! configureMicrosoftGraphOptions) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
-static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.RequestOptionsExtension.WithAppOnly(this System.Collections.Generic.IList<Microsoft.Kiota.Abstractions.IRequestOption!>! options, bool appOnly = true, string? tenant = null) -> System.Collections.Generic.IList<Microsoft.Kiota.Abstractions.IRequestOption!>!
 static Microsoft.Identity.Web.RequestOptionsExtension.WithAuthenticationOptions(this System.Collections.Generic.IList<Microsoft.Kiota.Abstractions.IRequestOption!>! options, Microsoft.Identity.Web.GraphAuthenticationOptions! optionsValue) -> System.Collections.Generic.IList<Microsoft.Kiota.Abstractions.IRequestOption!>!
 static Microsoft.Identity.Web.RequestOptionsExtension.WithAuthenticationOptions(this System.Collections.Generic.IList<Microsoft.Kiota.Abstractions.IRequestOption!>! options, System.Action<Microsoft.Identity.Web.GraphAuthenticationOptions!>! optionsValue) -> System.Collections.Generic.IList<Microsoft.Kiota.Abstractions.IRequestOption!>!
diff --git a/src/Microsoft.Identity.Web.GraphServiceClientBeta/PublicAPI/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Web.GraphServiceClientBeta/PublicAPI/PublicAPI.Shipped.txt
index b3a6ce656..d1e2360f3 100644
--- a/src/Microsoft.Identity.Web.GraphServiceClientBeta/PublicAPI/PublicAPI.Shipped.txt
+++ b/src/Microsoft.Identity.Web.GraphServiceClientBeta/PublicAPI/PublicAPI.Shipped.txt
@@ -1,5 +1,5 @@
 #nullable enable
 Microsoft.Identity.Web.GraphBetaServiceCollectionExtensions
+static Microsoft.Identity.Web.GraphBetaServiceCollectionExtensions.AddMicrosoftGraphBeta(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.GraphBetaServiceCollectionExtensions.AddMicrosoftGraphBeta(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, Microsoft.Extensions.Configuration.IConfiguration! configurationSection) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.GraphBetaServiceCollectionExtensions.AddMicrosoftGraphBeta(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.Identity.Web.GraphServiceClientOptions!>! configureMicrosoftGraphOptions) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
-static Microsoft.Identity.Web.GraphBetaServiceCollectionExtensions.AddMicrosoftGraphBeta(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
diff --git a/src/Microsoft.Identity.Web.MicrosoftGraph/PublicAPI/NetCore/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Web.MicrosoftGraph/PublicAPI/NetCore/PublicAPI.Shipped.txt
index 402f0f049..24f4758da 100644
--- a/src/Microsoft.Identity.Web.MicrosoftGraph/PublicAPI/NetCore/PublicAPI.Shipped.txt
+++ b/src/Microsoft.Identity.Web.MicrosoftGraph/PublicAPI/NetCore/PublicAPI.Shipped.txt
@@ -13,8 +13,8 @@ static Microsoft.Identity.Web.BaseRequestExtensions.WithAuthenticationOptions<T>
 static Microsoft.Identity.Web.BaseRequestExtensions.WithAuthenticationScheme<T>(this T baseRequest, string! authenticationScheme) -> T
 static Microsoft.Identity.Web.BaseRequestExtensions.WithScopes<T>(this T baseRequest, params string![]! scopes) -> T
 static Microsoft.Identity.Web.BaseRequestExtensions.WithUser<T>(this T baseRequest, System.Security.Claims.ClaimsPrincipal! user) -> T
-static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.Identity.Web.MicrosoftGraphOptions!>! configureMicrosoftGraphOptions) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
+static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.Identity.Web.MicrosoftGraphOptions!>! configureMicrosoftGraphOptions) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.MicrosoftGraphExtensions.AddMicrosoftGraph(this Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder! builder, Microsoft.Extensions.Configuration.IConfigurationSection! configurationSection) -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
 static Microsoft.Identity.Web.MicrosoftGraphExtensions.AddMicrosoftGraph(this Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder! builder, string! graphBaseUrl = "https://graph.microsoft.com/v1.0", string! defaultScopes = "user.read") -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
 static Microsoft.Identity.Web.MicrosoftGraphExtensions.AddMicrosoftGraph(this Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder! builder, System.Action<Microsoft.Identity.Web.MicrosoftGraphOptions!>! configureMicrosoftGraphOptions) -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
diff --git a/src/Microsoft.Identity.Web.MicrosoftGraph/PublicAPI/NetFramework/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Web.MicrosoftGraph/PublicAPI/NetFramework/PublicAPI.Shipped.txt
index b2621f520..e79c0573d 100644
--- a/src/Microsoft.Identity.Web.MicrosoftGraph/PublicAPI/NetFramework/PublicAPI.Shipped.txt
+++ b/src/Microsoft.Identity.Web.MicrosoftGraph/PublicAPI/NetFramework/PublicAPI.Shipped.txt
@@ -12,5 +12,5 @@ static Microsoft.Identity.Web.BaseRequestExtensions.WithAuthenticationOptions<T>
 static Microsoft.Identity.Web.BaseRequestExtensions.WithAuthenticationScheme<T>(this T baseRequest, string! authenticationScheme) -> T
 static Microsoft.Identity.Web.BaseRequestExtensions.WithScopes<T>(this T baseRequest, params string![]! scopes) -> T
 static Microsoft.Identity.Web.BaseRequestExtensions.WithUser<T>(this T baseRequest, System.Security.Claims.ClaimsPrincipal! user) -> T
-static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.Identity.Web.MicrosoftGraphOptions!>! configureMicrosoftGraphOptions) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
+static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.Identity.Web.MicrosoftGraphOptions!>! configureMicrosoftGraphOptions) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
diff --git a/src/Microsoft.Identity.Web.MicrosoftGraphBeta/PublicAPI/NetCore/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Web.MicrosoftGraphBeta/PublicAPI/NetCore/PublicAPI.Shipped.txt
index 402f0f049..24f4758da 100644
--- a/src/Microsoft.Identity.Web.MicrosoftGraphBeta/PublicAPI/NetCore/PublicAPI.Shipped.txt
+++ b/src/Microsoft.Identity.Web.MicrosoftGraphBeta/PublicAPI/NetCore/PublicAPI.Shipped.txt
@@ -13,8 +13,8 @@ static Microsoft.Identity.Web.BaseRequestExtensions.WithAuthenticationOptions<T>
 static Microsoft.Identity.Web.BaseRequestExtensions.WithAuthenticationScheme<T>(this T baseRequest, string! authenticationScheme) -> T
 static Microsoft.Identity.Web.BaseRequestExtensions.WithScopes<T>(this T baseRequest, params string![]! scopes) -> T
 static Microsoft.Identity.Web.BaseRequestExtensions.WithUser<T>(this T baseRequest, System.Security.Claims.ClaimsPrincipal! user) -> T
-static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.Identity.Web.MicrosoftGraphOptions!>! configureMicrosoftGraphOptions) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
+static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.Identity.Web.MicrosoftGraphOptions!>! configureMicrosoftGraphOptions) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.MicrosoftGraphExtensions.AddMicrosoftGraph(this Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder! builder, Microsoft.Extensions.Configuration.IConfigurationSection! configurationSection) -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
 static Microsoft.Identity.Web.MicrosoftGraphExtensions.AddMicrosoftGraph(this Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder! builder, string! graphBaseUrl = "https://graph.microsoft.com/v1.0", string! defaultScopes = "user.read") -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
 static Microsoft.Identity.Web.MicrosoftGraphExtensions.AddMicrosoftGraph(this Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder! builder, System.Action<Microsoft.Identity.Web.MicrosoftGraphOptions!>! configureMicrosoftGraphOptions) -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
diff --git a/src/Microsoft.Identity.Web.MicrosoftGraphBeta/PublicAPI/NetFramework/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Web.MicrosoftGraphBeta/PublicAPI/NetFramework/PublicAPI.Shipped.txt
index b2621f520..e79c0573d 100644
--- a/src/Microsoft.Identity.Web.MicrosoftGraphBeta/PublicAPI/NetFramework/PublicAPI.Shipped.txt
+++ b/src/Microsoft.Identity.Web.MicrosoftGraphBeta/PublicAPI/NetFramework/PublicAPI.Shipped.txt
@@ -12,5 +12,5 @@ static Microsoft.Identity.Web.BaseRequestExtensions.WithAuthenticationOptions<T>
 static Microsoft.Identity.Web.BaseRequestExtensions.WithAuthenticationScheme<T>(this T baseRequest, string! authenticationScheme) -> T
 static Microsoft.Identity.Web.BaseRequestExtensions.WithScopes<T>(this T baseRequest, params string![]! scopes) -> T
 static Microsoft.Identity.Web.BaseRequestExtensions.WithUser<T>(this T baseRequest, System.Security.Claims.ClaimsPrincipal! user) -> T
-static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.Identity.Web.MicrosoftGraphOptions!>! configureMicrosoftGraphOptions) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
+static Microsoft.Identity.Web.GraphServiceCollectionExtensions.AddMicrosoftGraph(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.Identity.Web.MicrosoftGraphOptions!>! configureMicrosoftGraphOptions) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetCore/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetCore/PublicAPI.Shipped.txt
index fed3386fe..bc4fc11c5 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetCore/PublicAPI.Shipped.txt
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetCore/PublicAPI.Shipped.txt
@@ -53,6 +53,8 @@ Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.Certificate.set ->
 Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.CertificateChangeEventArg() -> void
 Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.CredentialDescription.get -> Microsoft.Identity.Abstractions.CredentialDescription?
 Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.CredentialDescription.set -> void
+Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.CredentialSourceLoaderParameters.get -> Microsoft.Identity.Abstractions.CredentialSourceLoaderParameters?
+Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.CredentialSourceLoaderParameters.set -> void
 Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.ThrownException.get -> System.Exception?
 Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.ThrownException.set -> void
 Microsoft.Identity.Web.Experimental.ICertificatesObserver
@@ -61,6 +63,9 @@ Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider
 Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.BaseAuthorizationHeaderProvider(System.IServiceProvider! serviceProvider) -> void
 Microsoft.Identity.Web.HttpRequestMessageAuthenticationExtensions
 Microsoft.Identity.Web.IAuthenticationSchemeInformationProvider
+Microsoft.Identity.Web.ICredentialsProvider
+Microsoft.Identity.Web.ICredentialsProvider.GetCredentialAsync(Microsoft.Identity.Abstractions.CredentialSourceLoaderParameters? credentialSourceLoaderParameters, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.Identity.Abstractions.CredentialDescription?>!
+Microsoft.Identity.Web.ICredentialsProvider.NotifyCertificateUsed(Microsoft.Identity.Abstractions.CredentialSourceLoaderParameters? sourceLoaderParameters, Microsoft.Identity.Abstractions.CredentialDescription! certificateDescription, System.Security.Cryptography.X509Certificates.X509Certificate2! certificate, bool successful, System.Exception? exception) -> void
 Microsoft.Identity.Web.Internal.WebApiBuilders
 Microsoft.Identity.Web.ITokenAcquisition
 Microsoft.Identity.Web.ITokenAcquisition.GetAccessTokenForAppAsync(string! scope, string? authenticationScheme, string? tenant = null, Microsoft.Identity.Web.TokenAcquisitionOptions? tokenAcquisitionOptions = null) -> System.Threading.Tasks.Task<string!>!
@@ -79,8 +84,8 @@ Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder
 Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder.AddDistributedTokenCaches() -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
 Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder.AddInMemoryTokenCaches(System.Action<Microsoft.Identity.Web.TokenCacheProviders.InMemory.MsalMemoryTokenCacheOptions!>? configureOptions = null, System.Action<Microsoft.Extensions.Caching.Memory.MemoryCacheOptions!>? memoryCacheOptions = null) -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
 Microsoft.Identity.Web.MicrosoftIdentityAuthenticationException
-Microsoft.Identity.Web.MicrosoftIdentityAuthenticationException.MicrosoftIdentityAuthenticationException(string! message, System.Exception! innerException) -> void
 Microsoft.Identity.Web.MicrosoftIdentityAuthenticationException.MicrosoftIdentityAuthenticationException(string! message) -> void
+Microsoft.Identity.Web.MicrosoftIdentityAuthenticationException.MicrosoftIdentityAuthenticationException(string! message, System.Exception! innerException) -> void
 Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder
 Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.ConfigurationSection.get -> Microsoft.Extensions.Configuration.IConfigurationSection?
 Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.ConfigurationSection.set -> void
@@ -89,8 +94,10 @@ Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.Services.get -
 Microsoft.Identity.Web.MicrosoftIdentityHttpClientBuilderExtensions
 Microsoft.Identity.Web.MicrosoftIdentityMessageHandler
 Microsoft.Identity.Web.MicrosoftIdentityMessageHandler.MicrosoftIdentityMessageHandler(Microsoft.Identity.Abstractions.IAuthorizationHeaderProvider! headerProvider, Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions? defaultOptions = null, Microsoft.Extensions.Logging.ILogger<Microsoft.Identity.Web.MicrosoftIdentityMessageHandler!>? logger = null) -> void
+Microsoft.Identity.Web.MicrosoftIdentityMessageHandler.MicrosoftIdentityMessageHandler(Microsoft.Identity.Abstractions.IAuthorizationHeaderProvider! headerProvider, Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions? defaultOptions, Microsoft.Identity.Client.IMsalMtlsHttpClientFactory? mtlsHttpClientFactory, Microsoft.Extensions.Logging.ILogger<Microsoft.Identity.Web.MicrosoftIdentityMessageHandler!>? logger = null) -> void
 Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions
 Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions.MicrosoftIdentityMessageHandlerOptions() -> void
+Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions.MicrosoftIdentityMessageHandlerOptions(Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions! other) -> void
 Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions.Scopes.get -> System.Collections.Generic.IList<string!>!
 Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions.Scopes.set -> void
 Microsoft.Identity.Web.MicrosoftIdentityOptions
@@ -190,10 +197,10 @@ static Microsoft.Identity.Web.HttpRequestMessageAuthenticationExtensions.GetAuth
 static Microsoft.Identity.Web.HttpRequestMessageAuthenticationExtensions.WithAuthenticationOptions(this System.Net.Http.HttpRequestMessage! request, Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions! options) -> System.Net.Http.HttpRequestMessage!
 static Microsoft.Identity.Web.HttpRequestMessageAuthenticationExtensions.WithAuthenticationOptions(this System.Net.Http.HttpRequestMessage! request, System.Action<Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions!>! configure) -> System.Net.Http.HttpRequestMessage!
 static Microsoft.Identity.Web.Internal.WebApiBuilders.EnableTokenAcquisition(System.Action<Microsoft.Identity.Client.ConfidentialClientApplicationOptions!>! configureConfidentialClientApplicationOptions, string! authenticationScheme, Microsoft.Extensions.DependencyInjection.IServiceCollection! services, Microsoft.Extensions.Configuration.IConfigurationSection? configuration) -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
+static Microsoft.Identity.Web.MicrosoftIdentityHttpClientBuilderExtensions.AddMicrosoftIdentityMessageHandler(this Microsoft.Extensions.DependencyInjection.IHttpClientBuilder! builder) -> Microsoft.Extensions.DependencyInjection.IHttpClientBuilder!
 static Microsoft.Identity.Web.MicrosoftIdentityHttpClientBuilderExtensions.AddMicrosoftIdentityMessageHandler(this Microsoft.Extensions.DependencyInjection.IHttpClientBuilder! builder, Microsoft.Extensions.Configuration.IConfiguration! configuration, string! sectionName) -> Microsoft.Extensions.DependencyInjection.IHttpClientBuilder!
 static Microsoft.Identity.Web.MicrosoftIdentityHttpClientBuilderExtensions.AddMicrosoftIdentityMessageHandler(this Microsoft.Extensions.DependencyInjection.IHttpClientBuilder! builder, Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions! options) -> Microsoft.Extensions.DependencyInjection.IHttpClientBuilder!
 static Microsoft.Identity.Web.MicrosoftIdentityHttpClientBuilderExtensions.AddMicrosoftIdentityMessageHandler(this Microsoft.Extensions.DependencyInjection.IHttpClientBuilder! builder, System.Action<Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions!>! configureOptions) -> Microsoft.Extensions.DependencyInjection.IHttpClientBuilder!
-static Microsoft.Identity.Web.MicrosoftIdentityHttpClientBuilderExtensions.AddMicrosoftIdentityMessageHandler(this Microsoft.Extensions.DependencyInjection.IHttpClientBuilder! builder) -> Microsoft.Extensions.DependencyInjection.IHttpClientBuilder!
 static Microsoft.Identity.Web.PrincipalExtensionsForSecurityTokens.GetBootstrapToken(this System.Security.Principal.IPrincipal! claimsPrincipal) -> Microsoft.IdentityModel.Tokens.SecurityToken?
 static Microsoft.Identity.Web.ServiceCollectionExtensions.AddTokenAcquisition(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, bool isTokenAcquisitionSingleton = false) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.TestOnly.TokenAcquirerFactoryTesting.ResetTokenAcquirerFactoryInTest() -> void
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetCore/PublicAPI.Unshipped.txt b/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetCore/PublicAPI.Unshipped.txt
index 9897c9040..7dc5c5811 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetCore/PublicAPI.Unshipped.txt
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetCore/PublicAPI.Unshipped.txt
@@ -1,8 +1 @@
 #nullable enable
-Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.CredentialSourceLoaderParameters.get -> Microsoft.Identity.Abstractions.CredentialSourceLoaderParameters?
-Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.CredentialSourceLoaderParameters.set -> void
-Microsoft.Identity.Web.ICredentialsProvider
-Microsoft.Identity.Web.ICredentialsProvider.GetCredentialAsync(Microsoft.Identity.Abstractions.CredentialSourceLoaderParameters? credentialSourceLoaderParameters, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.Identity.Abstractions.CredentialDescription?>!
-Microsoft.Identity.Web.ICredentialsProvider.NotifyCertificateUsed(Microsoft.Identity.Abstractions.CredentialSourceLoaderParameters? sourceLoaderParameters, Microsoft.Identity.Abstractions.CredentialDescription! certificateDescription, System.Security.Cryptography.X509Certificates.X509Certificate2! certificate, bool successful, System.Exception? exception) -> void
-Microsoft.Identity.Web.MicrosoftIdentityMessageHandler.MicrosoftIdentityMessageHandler(Microsoft.Identity.Abstractions.IAuthorizationHeaderProvider! headerProvider, Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions? defaultOptions, Microsoft.Identity.Client.IMsalMtlsHttpClientFactory? mtlsHttpClientFactory, Microsoft.Extensions.Logging.ILogger<Microsoft.Identity.Web.MicrosoftIdentityMessageHandler!>? logger = null) -> void
-Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions.MicrosoftIdentityMessageHandlerOptions(Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions! other) -> void
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetFramework/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetFramework/PublicAPI.Shipped.txt
index 401ec8796..9725c15f6 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetFramework/PublicAPI.Shipped.txt
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetFramework/PublicAPI.Shipped.txt
@@ -52,6 +52,8 @@ Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.Certificate.set ->
 Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.CertificateChangeEventArg() -> void
 Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.CredentialDescription.get -> Microsoft.Identity.Abstractions.CredentialDescription?
 Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.CredentialDescription.set -> void
+Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.CredentialSourceLoaderParameters.get -> Microsoft.Identity.Abstractions.CredentialSourceLoaderParameters?
+Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.CredentialSourceLoaderParameters.set -> void
 Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.ThrownException.get -> System.Exception?
 Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.ThrownException.set -> void
 Microsoft.Identity.Web.Experimental.ICertificatesObserver
@@ -60,6 +62,9 @@ Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider
 Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.BaseAuthorizationHeaderProvider(System.IServiceProvider! serviceProvider) -> void
 Microsoft.Identity.Web.HttpRequestMessageAuthenticationExtensions
 Microsoft.Identity.Web.IAuthenticationSchemeInformationProvider
+Microsoft.Identity.Web.ICredentialsProvider
+Microsoft.Identity.Web.ICredentialsProvider.GetCredentialAsync(Microsoft.Identity.Abstractions.CredentialSourceLoaderParameters? credentialSourceLoaderParameters, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.Identity.Abstractions.CredentialDescription?>!
+Microsoft.Identity.Web.ICredentialsProvider.NotifyCertificateUsed(Microsoft.Identity.Abstractions.CredentialSourceLoaderParameters? sourceLoaderParameters, Microsoft.Identity.Abstractions.CredentialDescription! certificateDescription, System.Security.Cryptography.X509Certificates.X509Certificate2! certificate, bool successful, System.Exception? exception) -> void
 Microsoft.Identity.Web.Internal.WebApiBuilders
 Microsoft.Identity.Web.ITokenAcquisition
 Microsoft.Identity.Web.ITokenAcquisition.GetAccessTokenForAppAsync(string! scope, string? authenticationScheme, string? tenant = null, Microsoft.Identity.Web.TokenAcquisitionOptions? tokenAcquisitionOptions = null) -> System.Threading.Tasks.Task<string!>!
@@ -71,8 +76,8 @@ Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder
 Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder.AddDistributedTokenCaches() -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
 Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder.AddInMemoryTokenCaches(System.Action<Microsoft.Identity.Web.TokenCacheProviders.InMemory.MsalMemoryTokenCacheOptions!>? configureOptions = null, System.Action<Microsoft.Extensions.Caching.Memory.MemoryCacheOptions!>? memoryCacheOptions = null) -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
 Microsoft.Identity.Web.MicrosoftIdentityAuthenticationException
-Microsoft.Identity.Web.MicrosoftIdentityAuthenticationException.MicrosoftIdentityAuthenticationException(string! message, System.Exception! innerException) -> void
 Microsoft.Identity.Web.MicrosoftIdentityAuthenticationException.MicrosoftIdentityAuthenticationException(string! message) -> void
+Microsoft.Identity.Web.MicrosoftIdentityAuthenticationException.MicrosoftIdentityAuthenticationException(string! message, System.Exception! innerException) -> void
 Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder
 Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.ConfigurationSection.get -> Microsoft.Extensions.Configuration.IConfigurationSection?
 Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.ConfigurationSection.set -> void
@@ -81,8 +86,10 @@ Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.Services.get -
 Microsoft.Identity.Web.MicrosoftIdentityHttpClientBuilderExtensions
 Microsoft.Identity.Web.MicrosoftIdentityMessageHandler
 Microsoft.Identity.Web.MicrosoftIdentityMessageHandler.MicrosoftIdentityMessageHandler(Microsoft.Identity.Abstractions.IAuthorizationHeaderProvider! headerProvider, Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions? defaultOptions = null, Microsoft.Extensions.Logging.ILogger<Microsoft.Identity.Web.MicrosoftIdentityMessageHandler!>? logger = null) -> void
+Microsoft.Identity.Web.MicrosoftIdentityMessageHandler.MicrosoftIdentityMessageHandler(Microsoft.Identity.Abstractions.IAuthorizationHeaderProvider! headerProvider, Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions? defaultOptions, Microsoft.Identity.Client.IMsalMtlsHttpClientFactory? mtlsHttpClientFactory, Microsoft.Extensions.Logging.ILogger<Microsoft.Identity.Web.MicrosoftIdentityMessageHandler!>? logger = null) -> void
 Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions
 Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions.MicrosoftIdentityMessageHandlerOptions() -> void
+Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions.MicrosoftIdentityMessageHandlerOptions(Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions! other) -> void
 Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions.Scopes.get -> System.Collections.Generic.IList<string!>!
 Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions.Scopes.set -> void
 Microsoft.Identity.Web.MicrosoftIdentityOptions
@@ -189,10 +196,10 @@ static Microsoft.Identity.Web.HttpRequestMessageAuthenticationExtensions.GetAuth
 static Microsoft.Identity.Web.HttpRequestMessageAuthenticationExtensions.WithAuthenticationOptions(this System.Net.Http.HttpRequestMessage! request, Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions! options) -> System.Net.Http.HttpRequestMessage!
 static Microsoft.Identity.Web.HttpRequestMessageAuthenticationExtensions.WithAuthenticationOptions(this System.Net.Http.HttpRequestMessage! request, System.Action<Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions!>! configure) -> System.Net.Http.HttpRequestMessage!
 static Microsoft.Identity.Web.Internal.WebApiBuilders.EnableTokenAcquisition(System.Action<Microsoft.Identity.Client.ConfidentialClientApplicationOptions!>! configureConfidentialClientApplicationOptions, string! authenticationScheme, Microsoft.Extensions.DependencyInjection.IServiceCollection! services, Microsoft.Extensions.Configuration.IConfigurationSection? configuration) -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
+static Microsoft.Identity.Web.MicrosoftIdentityHttpClientBuilderExtensions.AddMicrosoftIdentityMessageHandler(this Microsoft.Extensions.DependencyInjection.IHttpClientBuilder! builder) -> Microsoft.Extensions.DependencyInjection.IHttpClientBuilder!
 static Microsoft.Identity.Web.MicrosoftIdentityHttpClientBuilderExtensions.AddMicrosoftIdentityMessageHandler(this Microsoft.Extensions.DependencyInjection.IHttpClientBuilder! builder, Microsoft.Extensions.Configuration.IConfiguration! configuration, string! sectionName) -> Microsoft.Extensions.DependencyInjection.IHttpClientBuilder!
 static Microsoft.Identity.Web.MicrosoftIdentityHttpClientBuilderExtensions.AddMicrosoftIdentityMessageHandler(this Microsoft.Extensions.DependencyInjection.IHttpClientBuilder! builder, Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions! options) -> Microsoft.Extensions.DependencyInjection.IHttpClientBuilder!
 static Microsoft.Identity.Web.MicrosoftIdentityHttpClientBuilderExtensions.AddMicrosoftIdentityMessageHandler(this Microsoft.Extensions.DependencyInjection.IHttpClientBuilder! builder, System.Action<Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions!>! configureOptions) -> Microsoft.Extensions.DependencyInjection.IHttpClientBuilder!
-static Microsoft.Identity.Web.MicrosoftIdentityHttpClientBuilderExtensions.AddMicrosoftIdentityMessageHandler(this Microsoft.Extensions.DependencyInjection.IHttpClientBuilder! builder) -> Microsoft.Extensions.DependencyInjection.IHttpClientBuilder!
 static Microsoft.Identity.Web.PrincipalExtensionsForSecurityTokens.GetBootstrapToken(this System.Security.Principal.IPrincipal! claimsPrincipal) -> Microsoft.IdentityModel.Tokens.SecurityToken?
 static Microsoft.Identity.Web.ServiceCollectionExtensions.AddTokenAcquisition(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, bool isTokenAcquisitionSingleton = false) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.TestOnly.TokenAcquirerFactoryTesting.ResetTokenAcquirerFactoryInTest() -> void
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetFramework/PublicAPI.Unshipped.txt b/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetFramework/PublicAPI.Unshipped.txt
index 9897c9040..7dc5c5811 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetFramework/PublicAPI.Unshipped.txt
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/NetFramework/PublicAPI.Unshipped.txt
@@ -1,8 +1 @@
 #nullable enable
-Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.CredentialSourceLoaderParameters.get -> Microsoft.Identity.Abstractions.CredentialSourceLoaderParameters?
-Microsoft.Identity.Web.Experimental.CertificateChangeEventArg.CredentialSourceLoaderParameters.set -> void
-Microsoft.Identity.Web.ICredentialsProvider
-Microsoft.Identity.Web.ICredentialsProvider.GetCredentialAsync(Microsoft.Identity.Abstractions.CredentialSourceLoaderParameters? credentialSourceLoaderParameters, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.Identity.Abstractions.CredentialDescription?>!
-Microsoft.Identity.Web.ICredentialsProvider.NotifyCertificateUsed(Microsoft.Identity.Abstractions.CredentialSourceLoaderParameters? sourceLoaderParameters, Microsoft.Identity.Abstractions.CredentialDescription! certificateDescription, System.Security.Cryptography.X509Certificates.X509Certificate2! certificate, bool successful, System.Exception? exception) -> void
-Microsoft.Identity.Web.MicrosoftIdentityMessageHandler.MicrosoftIdentityMessageHandler(Microsoft.Identity.Abstractions.IAuthorizationHeaderProvider! headerProvider, Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions? defaultOptions, Microsoft.Identity.Client.IMsalMtlsHttpClientFactory? mtlsHttpClientFactory, Microsoft.Extensions.Logging.ILogger<Microsoft.Identity.Web.MicrosoftIdentityMessageHandler!>? logger = null) -> void
-Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions.MicrosoftIdentityMessageHandlerOptions(Microsoft.Identity.Web.MicrosoftIdentityMessageHandlerOptions! other) -> void
diff --git a/src/Microsoft.Identity.Web.TokenCache/PublicAPI/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Web.TokenCache/PublicAPI/PublicAPI.Shipped.txt
index 893405212..887990f27 100644
--- a/src/Microsoft.Identity.Web.TokenCache/PublicAPI/PublicAPI.Shipped.txt
+++ b/src/Microsoft.Identity.Web.TokenCache/PublicAPI/PublicAPI.Shipped.txt
@@ -42,17 +42,17 @@ Microsoft.Identity.Web.TokenCacheProviders.MsalAbstractTokenCacheProvider.Initia
 Microsoft.Identity.Web.TokenCacheProviders.MsalAbstractTokenCacheProvider.InitializeAsync(Microsoft.Identity.Client.ITokenCache! tokenCache) -> System.Threading.Tasks.Task!
 Microsoft.Identity.Web.TokenCacheProviders.MsalAbstractTokenCacheProvider.MsalAbstractTokenCacheProvider(Microsoft.AspNetCore.DataProtection.IDataProtector? dataProtector = null) -> void
 Microsoft.Identity.Web.TokenCacheProviders.MsalAbstractTokenCacheProvider.MsalAbstractTokenCacheProvider(Microsoft.AspNetCore.DataProtection.IDataProtector? dataProtector, Microsoft.Extensions.Logging.ILogger<Microsoft.Identity.Web.TokenCacheProviders.MsalAbstractTokenCacheProvider!>! logger) -> void
-override Microsoft.Identity.Web.TokenCacheProviders.Distributed.MsalDistributedTokenCacheAdapter.ReadCacheBytesAsync(string! cacheKey, Microsoft.Identity.Web.TokenCacheProviders.CacheSerializerHints! cacheSerializerHints) -> System.Threading.Tasks.Task<byte[]?>!
 override Microsoft.Identity.Web.TokenCacheProviders.Distributed.MsalDistributedTokenCacheAdapter.ReadCacheBytesAsync(string! cacheKey) -> System.Threading.Tasks.Task<byte[]?>!
-override Microsoft.Identity.Web.TokenCacheProviders.Distributed.MsalDistributedTokenCacheAdapter.RemoveKeyAsync(string! cacheKey, Microsoft.Identity.Web.TokenCacheProviders.CacheSerializerHints! cacheSerializerHints) -> System.Threading.Tasks.Task!
+override Microsoft.Identity.Web.TokenCacheProviders.Distributed.MsalDistributedTokenCacheAdapter.ReadCacheBytesAsync(string! cacheKey, Microsoft.Identity.Web.TokenCacheProviders.CacheSerializerHints! cacheSerializerHints) -> System.Threading.Tasks.Task<byte[]?>!
 override Microsoft.Identity.Web.TokenCacheProviders.Distributed.MsalDistributedTokenCacheAdapter.RemoveKeyAsync(string! cacheKey) -> System.Threading.Tasks.Task!
-override Microsoft.Identity.Web.TokenCacheProviders.Distributed.MsalDistributedTokenCacheAdapter.WriteCacheBytesAsync(string! cacheKey, byte[]! bytes, Microsoft.Identity.Web.TokenCacheProviders.CacheSerializerHints? cacheSerializerHints) -> System.Threading.Tasks.Task!
+override Microsoft.Identity.Web.TokenCacheProviders.Distributed.MsalDistributedTokenCacheAdapter.RemoveKeyAsync(string! cacheKey, Microsoft.Identity.Web.TokenCacheProviders.CacheSerializerHints! cacheSerializerHints) -> System.Threading.Tasks.Task!
 override Microsoft.Identity.Web.TokenCacheProviders.Distributed.MsalDistributedTokenCacheAdapter.WriteCacheBytesAsync(string! cacheKey, byte[]! bytes) -> System.Threading.Tasks.Task!
-override Microsoft.Identity.Web.TokenCacheProviders.InMemory.MsalMemoryTokenCacheProvider.ReadCacheBytesAsync(string! cacheKey, Microsoft.Identity.Web.TokenCacheProviders.CacheSerializerHints! cacheSerializerHints) -> System.Threading.Tasks.Task<byte[]?>!
+override Microsoft.Identity.Web.TokenCacheProviders.Distributed.MsalDistributedTokenCacheAdapter.WriteCacheBytesAsync(string! cacheKey, byte[]! bytes, Microsoft.Identity.Web.TokenCacheProviders.CacheSerializerHints? cacheSerializerHints) -> System.Threading.Tasks.Task!
 override Microsoft.Identity.Web.TokenCacheProviders.InMemory.MsalMemoryTokenCacheProvider.ReadCacheBytesAsync(string! cacheKey) -> System.Threading.Tasks.Task<byte[]?>!
+override Microsoft.Identity.Web.TokenCacheProviders.InMemory.MsalMemoryTokenCacheProvider.ReadCacheBytesAsync(string! cacheKey, Microsoft.Identity.Web.TokenCacheProviders.CacheSerializerHints! cacheSerializerHints) -> System.Threading.Tasks.Task<byte[]?>!
 override Microsoft.Identity.Web.TokenCacheProviders.InMemory.MsalMemoryTokenCacheProvider.RemoveKeyAsync(string! cacheKey) -> System.Threading.Tasks.Task!
-override Microsoft.Identity.Web.TokenCacheProviders.InMemory.MsalMemoryTokenCacheProvider.WriteCacheBytesAsync(string! cacheKey, byte[]! bytes, Microsoft.Identity.Web.TokenCacheProviders.CacheSerializerHints! cacheSerializerHints) -> System.Threading.Tasks.Task!
 override Microsoft.Identity.Web.TokenCacheProviders.InMemory.MsalMemoryTokenCacheProvider.WriteCacheBytesAsync(string! cacheKey, byte[]! bytes) -> System.Threading.Tasks.Task!
+override Microsoft.Identity.Web.TokenCacheProviders.InMemory.MsalMemoryTokenCacheProvider.WriteCacheBytesAsync(string! cacheKey, byte[]! bytes, Microsoft.Identity.Web.TokenCacheProviders.CacheSerializerHints! cacheSerializerHints) -> System.Threading.Tasks.Task!
 static Microsoft.Identity.Web.ClaimsPrincipalExtensions.GetDisplayName(this System.Security.Claims.ClaimsPrincipal! claimsPrincipal) -> string?
 static Microsoft.Identity.Web.ClaimsPrincipalExtensions.GetDomainHint(this System.Security.Claims.ClaimsPrincipal! claimsPrincipal) -> string?
 static Microsoft.Identity.Web.ClaimsPrincipalExtensions.GetHomeObjectId(this System.Security.Claims.ClaimsPrincipal! claimsPrincipal) -> string?
@@ -64,8 +64,8 @@ static Microsoft.Identity.Web.ClaimsPrincipalExtensions.GetObjectId(this System.
 static Microsoft.Identity.Web.ClaimsPrincipalExtensions.GetTenantId(this System.Security.Claims.ClaimsPrincipal! claimsPrincipal) -> string?
 static Microsoft.Identity.Web.ClaimsPrincipalExtensions.GetUserFlowId(this System.Security.Claims.ClaimsPrincipal! claimsPrincipal) -> string?
 static Microsoft.Identity.Web.TokenCacheExtensions.AddDistributedTokenCache(this Microsoft.Identity.Client.IConfidentialClientApplication! confidentialClientApp, System.Action<Microsoft.Extensions.DependencyInjection.IServiceCollection!>! initializeDistributedCache) -> Microsoft.Identity.Client.IConfidentialClientApplication!
-static Microsoft.Identity.Web.TokenCacheExtensions.AddInMemoryTokenCache(this Microsoft.Identity.Client.IConfidentialClientApplication! confidentialClientApp, System.Action<Microsoft.Extensions.DependencyInjection.IServiceCollection!>! initializeMemoryCache) -> Microsoft.Identity.Client.IConfidentialClientApplication!
 static Microsoft.Identity.Web.TokenCacheExtensions.AddInMemoryTokenCache(this Microsoft.Identity.Client.IConfidentialClientApplication! confidentialClientApp) -> Microsoft.Identity.Client.IConfidentialClientApplication!
+static Microsoft.Identity.Web.TokenCacheExtensions.AddInMemoryTokenCache(this Microsoft.Identity.Client.IConfidentialClientApplication! confidentialClientApp, System.Action<Microsoft.Extensions.DependencyInjection.IServiceCollection!>! initializeMemoryCache) -> Microsoft.Identity.Client.IConfidentialClientApplication!
 static Microsoft.Identity.Web.TokenCacheProviders.Distributed.DistributedTokenCacheAdapterExtension.AddDistributedTokenCaches(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.TokenCacheProviders.InMemory.InMemoryTokenCacheProviderExtension.AddInMemoryTokenCaches(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 virtual Microsoft.Identity.Web.TokenCacheProviders.MsalAbstractTokenCacheProvider.GetSuggestedCacheKey(Microsoft.Identity.Client.TokenCacheNotificationArgs! args) -> string!
diff --git a/src/Microsoft.Identity.Web/PublicAPI/NetCore/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Web/PublicAPI/NetCore/PublicAPI.Shipped.txt
index 6f962fb40..7aeaf9f9f 100644
--- a/src/Microsoft.Identity.Web/PublicAPI/NetCore/PublicAPI.Shipped.txt
+++ b/src/Microsoft.Identity.Web/PublicAPI/NetCore/PublicAPI.Shipped.txt
@@ -32,6 +32,13 @@ Microsoft.Identity.Web.AuthorizeForScopesAttribute.Scopes.set -> void
 Microsoft.Identity.Web.AuthorizeForScopesAttribute.UserFlow.get -> string?
 Microsoft.Identity.Web.AuthorizeForScopesAttribute.UserFlow.set -> void
 Microsoft.Identity.Web.AzureFunctionsAuthenticationHttpContextExtension
+Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler
+Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.BlazorAuthenticationChallengeHandler(Microsoft.AspNetCore.Components.NavigationManager! navigation, Microsoft.AspNetCore.Components.Authorization.AuthenticationStateProvider! authenticationStateProvider, Microsoft.Extensions.Configuration.IConfiguration! configuration) -> void
+Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.ChallengeUser(System.Security.Claims.ClaimsPrincipal! user, string![]? scopes = null, string? claims = null) -> void
+Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.ChallengeUserWithConfiguredScopesAsync(string! configurationSection) -> System.Threading.Tasks.Task!
+Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.GetUserAsync() -> System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal!>!
+Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.HandleExceptionAsync(System.Exception! exception) -> System.Threading.Tasks.Task<bool>!
+Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.IsAuthenticatedAsync() -> System.Threading.Tasks.Task<bool>!
 Microsoft.Identity.Web.ClaimsPrincipalFactory
 Microsoft.Identity.Web.CookiePolicyOptionsExtensions
 Microsoft.Identity.Web.DownstreamWebApi
@@ -75,6 +82,7 @@ Microsoft.Identity.Web.ILoginErrorAccessor.SetMessage(Microsoft.AspNetCore.Http.
 Microsoft.Identity.Web.IMicrosoftIdentityAuthenticationDelegatingHandlerFactory
 Microsoft.Identity.Web.IMicrosoftIdentityAuthenticationDelegatingHandlerFactory.CreateAppHandler(string? serviceName) -> System.Net.Http.DelegatingHandler!
 Microsoft.Identity.Web.IMicrosoftIdentityAuthenticationDelegatingHandlerFactory.CreateUserHandler(string? serviceName) -> System.Net.Http.DelegatingHandler!
+Microsoft.Identity.Web.LoginLogoutEndpointRouteBuilderExtensions
 Microsoft.Identity.Web.MicrosoftIdentityAppAuthenticationMessageHandler
 Microsoft.Identity.Web.MicrosoftIdentityAppAuthenticationMessageHandler.MicrosoftIdentityAppAuthenticationMessageHandler(Microsoft.Identity.Web.ITokenAcquisition! tokenAcquisition, Microsoft.Extensions.Options.IOptionsMonitor<Microsoft.Identity.Web.MicrosoftIdentityAuthenticationMessageHandlerOptions!>! namedMessageHandlerOptions, string? serviceName = null) -> void
 Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilderExtension
@@ -197,8 +205,8 @@ override Microsoft.Identity.Web.TokenAcquisitionAppTokenCredential.GetToken(Azur
 override Microsoft.Identity.Web.TokenAcquisitionAppTokenCredential.GetTokenAsync(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.ValueTask<Azure.Core.AccessToken>
 override Microsoft.Identity.Web.TokenAcquisitionTokenCredential.GetToken(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken) -> Azure.Core.AccessToken
 override Microsoft.Identity.Web.TokenAcquisitionTokenCredential.GetTokenAsync(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.ValueTask<Azure.Core.AccessToken>
-override Microsoft.Identity.Web.TokenCacheProviders.Session.MsalSessionTokenCacheProvider.ReadCacheBytesAsync(string! cacheKey, Microsoft.Identity.Web.TokenCacheProviders.CacheSerializerHints! cacheSerializerHints) -> System.Threading.Tasks.Task<byte[]?>!
 override Microsoft.Identity.Web.TokenCacheProviders.Session.MsalSessionTokenCacheProvider.ReadCacheBytesAsync(string! cacheKey) -> System.Threading.Tasks.Task<byte[]?>!
+override Microsoft.Identity.Web.TokenCacheProviders.Session.MsalSessionTokenCacheProvider.ReadCacheBytesAsync(string! cacheKey, Microsoft.Identity.Web.TokenCacheProviders.CacheSerializerHints! cacheSerializerHints) -> System.Threading.Tasks.Task<byte[]?>!
 override Microsoft.Identity.Web.TokenCacheProviders.Session.MsalSessionTokenCacheProvider.RemoveKeyAsync(string! cacheKey) -> System.Threading.Tasks.Task!
 override Microsoft.Identity.Web.TokenCacheProviders.Session.MsalSessionTokenCacheProvider.WriteCacheBytesAsync(string! cacheKey, byte[]! bytes) -> System.Threading.Tasks.Task!
 static Microsoft.Identity.Web.AccountExtensions.ToClaimsPrincipal(this Microsoft.Identity.Client.IAccount! account) -> System.Security.Claims.ClaimsPrincipal!
@@ -210,8 +218,8 @@ static Microsoft.Identity.Web.ClaimsPrincipalFactory.FromHomeTenantIdAndHomeObje
 static Microsoft.Identity.Web.ClaimsPrincipalFactory.FromTenantIdAndObjectId(string! tenantId, string! objectId) -> System.Security.Claims.ClaimsPrincipal!
 static Microsoft.Identity.Web.ClaimsPrincipalFactory.FromUsernamePassword(string! username, string! password) -> System.Security.Claims.ClaimsPrincipal!
 static Microsoft.Identity.Web.CookiePolicyOptionsExtensions.DisallowsSameSiteNone(string! userAgent) -> bool
-static Microsoft.Identity.Web.CookiePolicyOptionsExtensions.HandleSameSiteCookieCompatibility(this Microsoft.AspNetCore.Builder.CookiePolicyOptions! options, System.Func<string!, bool>! disallowsSameSiteNone) -> Microsoft.AspNetCore.Builder.CookiePolicyOptions!
 static Microsoft.Identity.Web.CookiePolicyOptionsExtensions.HandleSameSiteCookieCompatibility(this Microsoft.AspNetCore.Builder.CookiePolicyOptions! options) -> Microsoft.AspNetCore.Builder.CookiePolicyOptions!
+static Microsoft.Identity.Web.CookiePolicyOptionsExtensions.HandleSameSiteCookieCompatibility(this Microsoft.AspNetCore.Builder.CookiePolicyOptions! options, System.Func<string!, bool>! disallowsSameSiteNone) -> Microsoft.AspNetCore.Builder.CookiePolicyOptions!
 static Microsoft.Identity.Web.DownstreamWebApiExtensions.AddDownstreamWebApi(this Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder! builder, string! serviceName, Microsoft.Extensions.Configuration.IConfiguration! configuration) -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
 static Microsoft.Identity.Web.DownstreamWebApiExtensions.AddDownstreamWebApi(this Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder! builder, string! serviceName, System.Action<Microsoft.Identity.Web.DownstreamWebApiOptions!>! configureOptions) -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
 static Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.CallWebApiForUserAsync<TOutput>(this Microsoft.Identity.Web.IDownstreamWebApi! downstreamWebApi, string! serviceName, System.Action<Microsoft.Identity.Web.DownstreamWebApiOptions!>? downstreamWebApiOptionsOverride = null, System.Security.Claims.ClaimsPrincipal? user = null, string? authenticationScheme = null) -> System.Threading.Tasks.Task<TOutput?>!
@@ -220,6 +228,7 @@ static Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.GetForUserAsync<
 static Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.PostForUserAsync<TOutput, TInput>(this Microsoft.Identity.Web.IDownstreamWebApi! downstreamWebApi, string! serviceName, string! relativePath, TInput inputData, System.Action<Microsoft.Identity.Web.DownstreamWebApiOptions!>? downstreamWebApiOptionsOverride = null, System.Security.Claims.ClaimsPrincipal? user = null, string? authenticationScheme = null) -> System.Threading.Tasks.Task<TOutput?>!
 static Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.PutForUserAsync<TInput>(this Microsoft.Identity.Web.IDownstreamWebApi! downstreamWebApi, string! serviceName, string! relativePath, TInput inputData, System.Action<Microsoft.Identity.Web.DownstreamWebApiOptions!>? downstreamWebApiOptionsOverride = null, System.Security.Claims.ClaimsPrincipal? user = null, string? authenticationScheme = null) -> System.Threading.Tasks.Task!
 static Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.PutForUserAsync<TOutput, TInput>(this Microsoft.Identity.Web.IDownstreamWebApi! downstreamWebApi, string! serviceName, string! relativePath, TInput inputData, System.Action<Microsoft.Identity.Web.DownstreamWebApiOptions!>? downstreamWebApiOptionsOverride = null, System.Security.Claims.ClaimsPrincipal? user = null, string? authenticationScheme = null) -> System.Threading.Tasks.Task<TOutput?>!
+static Microsoft.Identity.Web.LoginLogoutEndpointRouteBuilderExtensions.MapLoginAndLogout(this Microsoft.AspNetCore.Routing.IEndpointRouteBuilder! endpoints) -> Microsoft.AspNetCore.Builder.IEndpointConventionBuilder!
 static Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilderExtension.AddSessionTokenCaches(this Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder! builder) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.MicrosoftIdentityAuthenticationMessageHandlerHttpClientBuilderExtensions.AddMicrosoftIdentityAppAuthenticationHandler(this Microsoft.Extensions.DependencyInjection.IHttpClientBuilder! builder, string! serviceName, Microsoft.Extensions.Configuration.IConfiguration! configuration) -> Microsoft.Extensions.DependencyInjection.IHttpClientBuilder!
 static Microsoft.Identity.Web.MicrosoftIdentityAuthenticationMessageHandlerHttpClientBuilderExtensions.AddMicrosoftIdentityAppAuthenticationHandler(this Microsoft.Extensions.DependencyInjection.IHttpClientBuilder! builder, string! serviceName, System.Action<Microsoft.Identity.Web.MicrosoftIdentityAuthenticationMessageHandlerOptions!>! configureOptions) -> Microsoft.Extensions.DependencyInjection.IHttpClientBuilder!
@@ -230,6 +239,7 @@ static Microsoft.Identity.Web.MicrosoftIdentityBlazorServiceCollectionExtensions
 static Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApi(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder! builder, Microsoft.Extensions.Configuration.IConfiguration! configuration, string! configSectionName = "AzureAd", string! jwtBearerScheme = "Bearer", bool subscribeToJwtBearerMiddlewareDiagnosticsEvents = false) -> Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration!
 static Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApi(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder! builder, Microsoft.Extensions.Configuration.IConfigurationSection! configurationSection, string! jwtBearerScheme = "Bearer", bool subscribeToJwtBearerMiddlewareDiagnosticsEvents = false) -> Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration!
 static Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApi(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder! builder, System.Action<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions!>! configureJwtBearerOptions, System.Action<Microsoft.Identity.Web.MicrosoftIdentityOptions!>! configureMicrosoftIdentityOptions, string! jwtBearerScheme = "Bearer", bool subscribeToJwtBearerMiddlewareDiagnosticsEvents = false) -> Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilder!
+static Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApiAot(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder! builder, System.Action<Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions!>! configureOptions, string! jwtBearerScheme, System.Action<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions!>? configureJwtBearerOptions) -> Microsoft.AspNetCore.Authentication.AuthenticationBuilder!
 static Microsoft.Identity.Web.MicrosoftIdentityWebApiServiceCollectionExtensions.AddMicrosoftIdentityWebApiAuthentication(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, Microsoft.Extensions.Configuration.IConfiguration! configuration, string! configSectionName = "AzureAd", string! jwtBearerScheme = "Bearer", bool subscribeToJwtBearerMiddlewareDiagnosticsEvents = false) -> Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration!
 static Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApp(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder! builder, Microsoft.Extensions.Configuration.IConfiguration! configuration, string! configSectionName = "AzureAd", string! openIdConnectScheme = "OpenIdConnect", string? cookieScheme = "Cookies", bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents = false, string? displayName = null) -> Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration!
 static Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApp(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder! builder, Microsoft.Extensions.Configuration.IConfigurationSection! configurationSection, string! openIdConnectScheme = "OpenIdConnect", string? cookieScheme = "Cookies", bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents = false, string? displayName = null) -> Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration!
diff --git a/src/Microsoft.Identity.Web/PublicAPI/NetCore/PublicAPI.Unshipped.txt b/src/Microsoft.Identity.Web/PublicAPI/NetCore/PublicAPI.Unshipped.txt
index 138bbfb40..7dc5c5811 100644
--- a/src/Microsoft.Identity.Web/PublicAPI/NetCore/PublicAPI.Unshipped.txt
+++ b/src/Microsoft.Identity.Web/PublicAPI/NetCore/PublicAPI.Unshipped.txt
@@ -1,11 +1 @@
 #nullable enable
-Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler
-Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.BlazorAuthenticationChallengeHandler(Microsoft.AspNetCore.Components.NavigationManager! navigation, Microsoft.AspNetCore.Components.Authorization.AuthenticationStateProvider! authenticationStateProvider, Microsoft.Extensions.Configuration.IConfiguration! configuration) -> void
-Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.ChallengeUser(System.Security.Claims.ClaimsPrincipal! user, string![]? scopes = null, string? claims = null) -> void
-Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.ChallengeUserWithConfiguredScopesAsync(string! configurationSection) -> System.Threading.Tasks.Task!
-Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.GetUserAsync() -> System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal!>!
-Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.HandleExceptionAsync(System.Exception! exception) -> System.Threading.Tasks.Task<bool>!
-Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.IsAuthenticatedAsync() -> System.Threading.Tasks.Task<bool>!
-Microsoft.Identity.Web.LoginLogoutEndpointRouteBuilderExtensions
-static Microsoft.Identity.Web.LoginLogoutEndpointRouteBuilderExtensions.MapLoginAndLogout(this Microsoft.AspNetCore.Routing.IEndpointRouteBuilder! endpoints) -> Microsoft.AspNetCore.Builder.IEndpointConventionBuilder!
-static Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApiAot(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder! builder, System.Action<Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions!>! configureOptions, string! jwtBearerScheme, System.Action<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions!>? configureJwtBearerOptions) -> Microsoft.AspNetCore.Authentication.AuthenticationBuilder!
diff --git a/src/Microsoft.Identity.Web/PublicAPI/NetCore_Pre10/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Web/PublicAPI/NetCore_Pre10/PublicAPI.Shipped.txt
index 6f962fb40..912e49ccc 100644
--- a/src/Microsoft.Identity.Web/PublicAPI/NetCore_Pre10/PublicAPI.Shipped.txt
+++ b/src/Microsoft.Identity.Web/PublicAPI/NetCore_Pre10/PublicAPI.Shipped.txt
@@ -32,6 +32,13 @@ Microsoft.Identity.Web.AuthorizeForScopesAttribute.Scopes.set -> void
 Microsoft.Identity.Web.AuthorizeForScopesAttribute.UserFlow.get -> string?
 Microsoft.Identity.Web.AuthorizeForScopesAttribute.UserFlow.set -> void
 Microsoft.Identity.Web.AzureFunctionsAuthenticationHttpContextExtension
+Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler
+Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.BlazorAuthenticationChallengeHandler(Microsoft.AspNetCore.Components.NavigationManager! navigation, Microsoft.AspNetCore.Components.Authorization.AuthenticationStateProvider! authenticationStateProvider, Microsoft.Extensions.Configuration.IConfiguration! configuration) -> void
+Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.ChallengeUser(System.Security.Claims.ClaimsPrincipal! user, string![]? scopes = null, string? claims = null) -> void
+Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.ChallengeUserWithConfiguredScopesAsync(string! configurationSection) -> System.Threading.Tasks.Task!
+Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.GetUserAsync() -> System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal!>!
+Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.HandleExceptionAsync(System.Exception! exception) -> System.Threading.Tasks.Task<bool>!
+Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.IsAuthenticatedAsync() -> System.Threading.Tasks.Task<bool>!
 Microsoft.Identity.Web.ClaimsPrincipalFactory
 Microsoft.Identity.Web.CookiePolicyOptionsExtensions
 Microsoft.Identity.Web.DownstreamWebApi
@@ -75,6 +82,7 @@ Microsoft.Identity.Web.ILoginErrorAccessor.SetMessage(Microsoft.AspNetCore.Http.
 Microsoft.Identity.Web.IMicrosoftIdentityAuthenticationDelegatingHandlerFactory
 Microsoft.Identity.Web.IMicrosoftIdentityAuthenticationDelegatingHandlerFactory.CreateAppHandler(string? serviceName) -> System.Net.Http.DelegatingHandler!
 Microsoft.Identity.Web.IMicrosoftIdentityAuthenticationDelegatingHandlerFactory.CreateUserHandler(string? serviceName) -> System.Net.Http.DelegatingHandler!
+Microsoft.Identity.Web.LoginLogoutEndpointRouteBuilderExtensions
 Microsoft.Identity.Web.MicrosoftIdentityAppAuthenticationMessageHandler
 Microsoft.Identity.Web.MicrosoftIdentityAppAuthenticationMessageHandler.MicrosoftIdentityAppAuthenticationMessageHandler(Microsoft.Identity.Web.ITokenAcquisition! tokenAcquisition, Microsoft.Extensions.Options.IOptionsMonitor<Microsoft.Identity.Web.MicrosoftIdentityAuthenticationMessageHandlerOptions!>! namedMessageHandlerOptions, string? serviceName = null) -> void
 Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilderExtension
@@ -197,8 +205,8 @@ override Microsoft.Identity.Web.TokenAcquisitionAppTokenCredential.GetToken(Azur
 override Microsoft.Identity.Web.TokenAcquisitionAppTokenCredential.GetTokenAsync(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.ValueTask<Azure.Core.AccessToken>
 override Microsoft.Identity.Web.TokenAcquisitionTokenCredential.GetToken(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken) -> Azure.Core.AccessToken
 override Microsoft.Identity.Web.TokenAcquisitionTokenCredential.GetTokenAsync(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.ValueTask<Azure.Core.AccessToken>
-override Microsoft.Identity.Web.TokenCacheProviders.Session.MsalSessionTokenCacheProvider.ReadCacheBytesAsync(string! cacheKey, Microsoft.Identity.Web.TokenCacheProviders.CacheSerializerHints! cacheSerializerHints) -> System.Threading.Tasks.Task<byte[]?>!
 override Microsoft.Identity.Web.TokenCacheProviders.Session.MsalSessionTokenCacheProvider.ReadCacheBytesAsync(string! cacheKey) -> System.Threading.Tasks.Task<byte[]?>!
+override Microsoft.Identity.Web.TokenCacheProviders.Session.MsalSessionTokenCacheProvider.ReadCacheBytesAsync(string! cacheKey, Microsoft.Identity.Web.TokenCacheProviders.CacheSerializerHints! cacheSerializerHints) -> System.Threading.Tasks.Task<byte[]?>!
 override Microsoft.Identity.Web.TokenCacheProviders.Session.MsalSessionTokenCacheProvider.RemoveKeyAsync(string! cacheKey) -> System.Threading.Tasks.Task!
 override Microsoft.Identity.Web.TokenCacheProviders.Session.MsalSessionTokenCacheProvider.WriteCacheBytesAsync(string! cacheKey, byte[]! bytes) -> System.Threading.Tasks.Task!
 static Microsoft.Identity.Web.AccountExtensions.ToClaimsPrincipal(this Microsoft.Identity.Client.IAccount! account) -> System.Security.Claims.ClaimsPrincipal!
@@ -210,8 +218,8 @@ static Microsoft.Identity.Web.ClaimsPrincipalFactory.FromHomeTenantIdAndHomeObje
 static Microsoft.Identity.Web.ClaimsPrincipalFactory.FromTenantIdAndObjectId(string! tenantId, string! objectId) -> System.Security.Claims.ClaimsPrincipal!
 static Microsoft.Identity.Web.ClaimsPrincipalFactory.FromUsernamePassword(string! username, string! password) -> System.Security.Claims.ClaimsPrincipal!
 static Microsoft.Identity.Web.CookiePolicyOptionsExtensions.DisallowsSameSiteNone(string! userAgent) -> bool
-static Microsoft.Identity.Web.CookiePolicyOptionsExtensions.HandleSameSiteCookieCompatibility(this Microsoft.AspNetCore.Builder.CookiePolicyOptions! options, System.Func<string!, bool>! disallowsSameSiteNone) -> Microsoft.AspNetCore.Builder.CookiePolicyOptions!
 static Microsoft.Identity.Web.CookiePolicyOptionsExtensions.HandleSameSiteCookieCompatibility(this Microsoft.AspNetCore.Builder.CookiePolicyOptions! options) -> Microsoft.AspNetCore.Builder.CookiePolicyOptions!
+static Microsoft.Identity.Web.CookiePolicyOptionsExtensions.HandleSameSiteCookieCompatibility(this Microsoft.AspNetCore.Builder.CookiePolicyOptions! options, System.Func<string!, bool>! disallowsSameSiteNone) -> Microsoft.AspNetCore.Builder.CookiePolicyOptions!
 static Microsoft.Identity.Web.DownstreamWebApiExtensions.AddDownstreamWebApi(this Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder! builder, string! serviceName, Microsoft.Extensions.Configuration.IConfiguration! configuration) -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
 static Microsoft.Identity.Web.DownstreamWebApiExtensions.AddDownstreamWebApi(this Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder! builder, string! serviceName, System.Action<Microsoft.Identity.Web.DownstreamWebApiOptions!>! configureOptions) -> Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder!
 static Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.CallWebApiForUserAsync<TOutput>(this Microsoft.Identity.Web.IDownstreamWebApi! downstreamWebApi, string! serviceName, System.Action<Microsoft.Identity.Web.DownstreamWebApiOptions!>? downstreamWebApiOptionsOverride = null, System.Security.Claims.ClaimsPrincipal? user = null, string? authenticationScheme = null) -> System.Threading.Tasks.Task<TOutput?>!
@@ -220,6 +228,7 @@ static Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.GetForUserAsync<
 static Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.PostForUserAsync<TOutput, TInput>(this Microsoft.Identity.Web.IDownstreamWebApi! downstreamWebApi, string! serviceName, string! relativePath, TInput inputData, System.Action<Microsoft.Identity.Web.DownstreamWebApiOptions!>? downstreamWebApiOptionsOverride = null, System.Security.Claims.ClaimsPrincipal? user = null, string? authenticationScheme = null) -> System.Threading.Tasks.Task<TOutput?>!
 static Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.PutForUserAsync<TInput>(this Microsoft.Identity.Web.IDownstreamWebApi! downstreamWebApi, string! serviceName, string! relativePath, TInput inputData, System.Action<Microsoft.Identity.Web.DownstreamWebApiOptions!>? downstreamWebApiOptionsOverride = null, System.Security.Claims.ClaimsPrincipal? user = null, string? authenticationScheme = null) -> System.Threading.Tasks.Task!
 static Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.PutForUserAsync<TOutput, TInput>(this Microsoft.Identity.Web.IDownstreamWebApi! downstreamWebApi, string! serviceName, string! relativePath, TInput inputData, System.Action<Microsoft.Identity.Web.DownstreamWebApiOptions!>? downstreamWebApiOptionsOverride = null, System.Security.Claims.ClaimsPrincipal? user = null, string? authenticationScheme = null) -> System.Threading.Tasks.Task<TOutput?>!
+static Microsoft.Identity.Web.LoginLogoutEndpointRouteBuilderExtensions.MapLoginAndLogout(this Microsoft.AspNetCore.Routing.IEndpointRouteBuilder! endpoints) -> Microsoft.AspNetCore.Builder.IEndpointConventionBuilder!
 static Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilderExtension.AddSessionTokenCaches(this Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder! builder) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
 static Microsoft.Identity.Web.MicrosoftIdentityAuthenticationMessageHandlerHttpClientBuilderExtensions.AddMicrosoftIdentityAppAuthenticationHandler(this Microsoft.Extensions.DependencyInjection.IHttpClientBuilder! builder, string! serviceName, Microsoft.Extensions.Configuration.IConfiguration! configuration) -> Microsoft.Extensions.DependencyInjection.IHttpClientBuilder!
 static Microsoft.Identity.Web.MicrosoftIdentityAuthenticationMessageHandlerHttpClientBuilderExtensions.AddMicrosoftIdentityAppAuthenticationHandler(this Microsoft.Extensions.DependencyInjection.IHttpClientBuilder! builder, string! serviceName, System.Action<Microsoft.Identity.Web.MicrosoftIdentityAuthenticationMessageHandlerOptions!>! configureOptions) -> Microsoft.Extensions.DependencyInjection.IHttpClientBuilder!
diff --git a/src/Microsoft.Identity.Web/PublicAPI/NetCore_Pre10/PublicAPI.Unshipped.txt b/src/Microsoft.Identity.Web/PublicAPI/NetCore_Pre10/PublicAPI.Unshipped.txt
index 515fc6c14..7dc5c5811 100644
--- a/src/Microsoft.Identity.Web/PublicAPI/NetCore_Pre10/PublicAPI.Unshipped.txt
+++ b/src/Microsoft.Identity.Web/PublicAPI/NetCore_Pre10/PublicAPI.Unshipped.txt
@@ -1,10 +1 @@
 #nullable enable
-Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler
-Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.BlazorAuthenticationChallengeHandler(Microsoft.AspNetCore.Components.NavigationManager! navigation, Microsoft.AspNetCore.Components.Authorization.AuthenticationStateProvider! authenticationStateProvider, Microsoft.Extensions.Configuration.IConfiguration! configuration) -> void
-Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.ChallengeUser(System.Security.Claims.ClaimsPrincipal! user, string![]? scopes = null, string? claims = null) -> void
-Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.ChallengeUserWithConfiguredScopesAsync(string! configurationSection) -> System.Threading.Tasks.Task!
-Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.GetUserAsync() -> System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal!>!
-Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.HandleExceptionAsync(System.Exception! exception) -> System.Threading.Tasks.Task<bool>!
-Microsoft.Identity.Web.BlazorAuthenticationChallengeHandler.IsAuthenticatedAsync() -> System.Threading.Tasks.Task<bool>!
-Microsoft.Identity.Web.LoginLogoutEndpointRouteBuilderExtensions
-static Microsoft.Identity.Web.LoginLogoutEndpointRouteBuilderExtensions.MapLoginAndLogout(this Microsoft.AspNetCore.Routing.IEndpointRouteBuilder! endpoints) -> Microsoft.AspNetCore.Builder.IEndpointConventionBuilder!
\ No newline at end of file