Bump Microsoft.Identity.Client from 4.79.2 to 4.83.1

[dependabot]

Updated Microsoft.Identity.Client from 4.79.2 to 4.83.1.

Release notes

Sourced from Microsoft.Identity.Client's releases.

4.83.1

Bug Fixes

• Fixed IMDS endpoint cache not being reset during test cleanup [Bug] ImdsManagedIdentitySource.s_cachedBaseEndpoint was never cleared by ApplicationBase.ResetStateForTest() AzureAD/microsoft-authentication-library-for-dotnet#5830

4.83.0

New Features

• Agent Skills: Added Agent Skills catalog with complete coverage of both Confidential Client Authentication and mTLS PoP flows #​5733
• mTLS PoP Skills Guide: Added comprehensive guide for GitHub Copilot Chat covering MSAL.NET authentication, mTLS Proof of Possession, and Federated Identity Credentials #​5790

Changes

• Credential Guard Attestation: Integrated native DLL handling for Credential Guard attestation with centralized versioning #​5674

Bug Fixes

• IMDSv2 mTLS Auto-Recovery: Implemented automatic recovery from SCHANNEL handshake failures by evicting cached certificates and re-minting #​5761
• Managed Identity Fallback Behavior: Restored classic fallback behavior in MSAL MI unless GetManagedIdentitySourceAsync() is explicitly invoked #​5815
• Attestation Token Expiration: Exposed expires_on field in attestation tokens for better token lifecycle management #​5741
• Service Fabric API Version: Updated Service Fabric managed identity API version from 2019-07-01-preview to 2020-05-01 #​5781
• Cached Token Validation: Enhanced ValidateCachedTokenAsync to work properly with multiple APIs beyond the initial scope #​5764
• Client Credentials Tenant ID: Updated result to properly pass tenant ID in client credentials flow #​5754
• Experimental Flag Removal: Removed experimental flag requirement from IAuthenticationOperation and WithAuthenticationExtension #​5699
• OpenTelemetry Exception Handling: Expanded OTel exception handling for Azure Functions compatibility #​5720
• ICustomWebUi Security Warning: Added security warnings to ICustomWebUi documentation #​5704

Infrastructure & Dependencies

• GitHub Actions Workflow: Added GitHub Actions workflow for Managed Identity WebAPI automated build and deployment to Azure #​5751
• .NET SDK Security Update: Updated .NET SDK from version 8.0.415 to 8.0.418 to address high severity security vulnerabilities #​5779 #​5783

4.82.1

Bug Fixes

• Remove experimental flag requirement from IAuthenticationOperation #​5699
• Add security warning to ICustomWebUi documentation #​5704

Changes

• Adds support for implicit mTLS (Mutual TLS) transport for client assertion delegates #​5670

4.82.0

4.82.0

Highlights

This release expands extensibility for confidential-client authentication (certificates + client assertions), adds additional sovereign cloud environments, and hardens security-sensitive flows (mTLS PoP and system browser auth) with clearer validation and safer defaults.

Features

• Certificate-based confidential client extensibility: Introduced CertificateOptions and updated WithCertificate extensibility APIs to accept it, including support for passing sendX5C configuration through the options model. (#​5655)
• Sovereign cloud support: Added instance discovery / authority validation support for Bleu (France), Delos (Germany), and GovSG (Singapore) cloud environments. (#​5671)
• Client assertion customization: Added WithExtraClientAssertionClaims on AcquireTokenForClientParameterBuilder to enable supplying additional signed claims in client assertions (intended for advanced scenarios and higher-level libraries). (#​5650)
• mTLS PoP guardrails: Added validation and explicit error handling when mTLS PoP is requested for unsupported environments and/or non-login.* hosts. (#​5684)
• System browser hardening: Added response_mode=form_post support for the default system browser (loopback) flow. MSAL will enforce form_post and process the authorization response from POST data. (#​5678)

Changes

• Key Attestation packaging rename: Microsoft.Identity.Client.MtlsPop renamed to Microsoft.Identity.Client.KeyAttestation (assembly/package naming update). (#​5653)

4.81.0

What's Changed

• Expose API SendX5C from ROPC CCA flow by @​neha-bhargava in Expose API SendX5C from ROPC CCA flow AzureAD/microsoft-authentication-library-for-dotnet#5635
• Refactor and simplify Microsoft.Identity.Test.LabInfrastructure by @​Avery-Dunn in Refactor and simplify Microsoft.Identity.Test.LabInfrastructure AzureAD/microsoft-authentication-library-for-dotnet#5631
• Remove Headers from MsalServiceException.ToString() to prevent logging sensitive data by @​Copilot in Remove Headers from MsalServiceException.ToString() to prevent logging sensitive data AzureAD/microsoft-authentication-library-for-dotnet#5642

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.80.0...4.81.0

4.80.0

Features

• Added extensibility APIs—WithCertificate, OnMsalServiceFailure, and OnCompletion—to enable callback handling for certificate injection, retry on MSAL service failure events, and completion notifications #​5573
• Extend IAuthenticationOperation interface with Async methods in IAuthenticationOperation2 #​5376
• Enable IAuthenticationOperation2 to reject MSAL cached tokens and fetch new ones from ESTS #​5567

Changes

• IMDS Source Detection Logic Improvement #​5602
• Update DesktopOsHelper.IsMac to work properly on .NET 10 + macOS 26 #​5541

Bug Fixes

• Fix KeyNotFoundException during retry when headers lack correlation ID #​5617
• Implement Service Exception for IMDS Probe #​5615

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)