Bump Microsoft.Identity.Client and 2 others

[dependabot]

Updated Microsoft.Identity.Client from 4.70.2 to 4.79.2.

Release notes

Sourced from Microsoft.Identity.Client's releases.

4.79.2

What's Changed

• Bump winsdk dependency by @​bgavrilMS in Bump winsdk dependency AzureAD/microsoft-authentication-library-for-dotnet#5575
• ImdsV2 probe does not fire when .WithMtlsProofOfPossesstion is not used by @​Robbie-Microsoft in ImdsV2 probe does not fire when .WithMtlsProofOfPossesstion is not used AzureAD/microsoft-authentication-library-for-dotnet#5579
• Downgrade System.Formats.Asn1 to match ID web by @​Avery-Dunn in Downgrade System.Formats.Asn1 to match ID web AzureAD/microsoft-authentication-library-for-dotnet#5583

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.79.0...4.79.2

4.79.0

What's Changed

• Fix instance discovery bug 5546 by @​bgavrilMS in Fix instance discovery bug 5546 AzureAD/microsoft-authentication-library-for-dotnet#5549
• Managed Identity IMDSv2 and new support APIs (ResetForTest, GetSourceAsync) by @​Robbie-Microsoft in Managed Identity IMDSv2 and new support APIs (ResetForTest, GetSourceAsync) AzureAD/microsoft-authentication-library-for-dotnet#5501
• Bearer Requests should Fallback to IMDS in Preview by @​gladjohn in Bearer Requests should Fallback to IMDS in Preview  AzureAD/microsoft-authentication-library-for-dotnet#5562
• Updating MSAL to send client info = 2 on client credential flow by @​trwalke in Updating MSAL to send client info = 2 on client credential flow AzureAD/microsoft-authentication-library-for-dotnet#5529
• Make IMsalMtlsHttpClientFactory interface public by @​cpp11nullptr in Make IMsalMtlsHttpClientFactory interface public AzureAD/microsoft-authentication-library-for-dotnet#5559
• Mark WithClientAssertion API as experimental by @​gladjohn in Mark WithClientAssertion API as experimental AzureAD/microsoft-authentication-library-for-dotnet#5551
• Adjust WithExtraQueryParameters APIs and cache key behavior by @​Avery-Dunn in Adjust WithExtraQueryParameters APIs and cache key behavior AzureAD/microsoft-authentication-library-for-dotnet#5536

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.78.0...4.79.0

4.78.0

Changes

• Update SDK version from 8.0.404 to 8.0.415. #​5543
• Hide / deprecate some obscure APIs. #​5484

Bug Fixes

• Support Android edge-to-edge. #​5499
• Android broker does not support ADFS authority. #​5522

4.77.1

What's Changed

• Fix prototype code to address CodeQL by @​bgavrilMS in Fix prototype code to address CodeQL AzureAD/microsoft-authentication-library-for-dotnet#5472
• Update CHANGELOG.md for MSAL 4.77.0 by @​gladjohn in Update CHANGELOG.md for MSAL 4.77.0 AzureAD/microsoft-authentication-library-for-dotnet#5473
• Mark project as AOT compatible for net 8 by @​neha-bhargava in Mark project as AOT compatible for net 8 AzureAD/microsoft-authentication-library-for-dotnet#5458
• Update public api for MSAL Release 4.77.0 by @​gladjohn in Update public api for MSAL Release 4.77.0 AzureAD/microsoft-authentication-library-for-dotnet#5471
• Adjust issuer validation to accept differing paths by @​Avery-Dunn in Adjust issuer validation to accept differing paths AzureAD/microsoft-authentication-library-for-dotnet#5466
• Added better error message for OIDC error by @​trwalke in Added better error message for OIDC error AzureAD/microsoft-authentication-library-for-dotnet#5433
• Remove failing test project from solution to prevent build breaks. by @​MZOLN in Remove failing test project from solution to prevent build breaks. AzureAD/microsoft-authentication-library-for-dotnet#5481
• Fix MSB3277 “WindowsBase” conflicts in dev apps by enabling WPF build ref by @​gladjohn in Fix MSB3277 “WindowsBase” conflicts in dev apps by enabling WPF build ref AzureAD/microsoft-authentication-library-for-dotnet#5482
• Remove some flaky tests that were just an overkill by @​gladjohn in Remove some flaky tests that were just an overkill AzureAD/microsoft-authentication-library-for-dotnet#5486
• Remove dupe ropc b2c tests by @​gladjohn in Remove dupe ropc b2c tests AzureAD/microsoft-authentication-library-for-dotnet#5487
• Revert changes made for Http2 by @​neha-bhargava in Revert changes made for Http2 AzureAD/microsoft-authentication-library-for-dotnet#5462

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.77.0...4.77.1

4.77.0

Features

• Added WinUI 3 support for Desktop Broker flows. Implement WinUI3 support for Desktop package AzureAD/microsoft-authentication-library-for-dotnet#5411
• Introduced extensibility API to allow users to add custom HTTP headers to token acquisition requests (under extensibility). Introduces the extensibility API to allow users to add custom HTTP headers to token acquisition requests (under extensibility) AzureAD/microsoft-authentication-library-for-dotnet#5440

Changes

• Remove passing x-client-os as a query parameter in the authorization URI. Remove passing x-client-os as query param in authorization uri AzureAD/microsoft-authentication-library-for-dotnet#5456
• Bump Microsoft.IdentityModel.Abstractions to a supported version. Bump Microsoft.IdentityModel.Abstractions as current version is out o… AzureAD/microsoft-authentication-library-for-dotnet#5452

Bug fixes

• Remove confusing error text as it only applies to one of many possible causes. Remove confusing error text as it only applies to one of many possible causes AzureAD/microsoft-authentication-library-for-dotnet#5467

4.76.0

What's Changed

• Removal of ExperimentalFeatures flag on WithMtlsProofOfPossession API: by @​gladjohn in Removal of ExperimentalFeatures flag on WithMtlsProofOfPossession API: AzureAD/microsoft-authentication-library-for-dotnet#5402
• #​5400 Fixing issue that leads to multiple active access tokens in the cache for non-tenanted oidc authority by @​andkorsh in #5400 Fixing issue that leads to multiple active access tokens in the cache for non-tenanted oidc authority AzureAD/microsoft-authentication-library-for-dotnet#5401
• Add Service Fabric token revocation support by @​gladjohn in Add Service Fabric token revocation support AzureAD/microsoft-authentication-library-for-dotnet#5421
• Update NativeInterop package version to 0.19.4 by @​ashok672 in Update NativeInterop package version to 0.19.4 AzureAD/microsoft-authentication-library-for-dotnet#5434
• Adding WithExtraBodyParameters api by @​trwalke in Adding WithExtraBodyParameters api AzureAD/microsoft-authentication-library-for-dotnet#5389
• Enable mTLS Proof‑of‑Possession for Client‑Assertion Delegates by @​gladjohn in Enable mTLS Proof‑of‑Possession for Client‑Assertion Delegates AzureAD/microsoft-authentication-library-for-dotnet#5409

New Contributors

• @​andkorsh made their first contribution in #5400 Fixing issue that leads to multiple active access tokens in the cache for non-tenanted oidc authority AzureAD/microsoft-authentication-library-for-dotnet#5401

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.74.1...4.76.0

4.74.1

Bug fixes

• When you configure MSAL with WithOidcAuthority(), the library now confirms that the issuer returned by the OIDC discovery endpoint matches the expected authority (including CIAM patterns) and throws an exception if it does not. Add issuer validation when making call to OIDC endpoint AzureAD/microsoft-authentication-library-for-dotnet#5358

• Re-expose public AuthenticationResult constructor. A public, test-friendly constructor of AuthenticationResult was inadvertently hidden behind [Obsolete] and [EditorBrowsable(Never)]. The constructor is now publicly available again. [Bug] AuthenticationResult has no public constructor AzureAD/microsoft-authentication-library-for-dotnet#5392

4.74.0

Features

• Deprecate ROPC flow in Public Client Applications Deprecate ROPC flow AzureAD/microsoft-authentication-library-for-dotnet#5355.
• AuthenticationResult exposes a new BindingCertificate property that returns the X.509 certificate bound to the access token in mTLS-PoP scenarios. [Feature Request] Return mTLS Client certificate as part of the AuthenticationResult AzureAD/microsoft-authentication-library-for-dotnet#5370.

Bug fixes

• MSAL now honors the DEFAULT_IDENTITY_CLIENT_ID environment variable when acquiring tokens from Azure Machine Learning managed-identity endpoint. [Feature Request] Support for new Azure ML Managed Identity AzureAD/microsoft-authentication-library-for-dotnet#5350.

4.73.1

What's Changed

• Deprecate AcquireTokenByIntegratedWindowsAuth API by @​ashok672 in Deprecate AcquireTokenByIntegratedWindowsAuth API AzureAD/microsoft-authentication-library-for-dotnet#5345
• Update native interop to 0.19.2 by @​fengga in Update native interop to 0.19.2 AzureAD/microsoft-authentication-library-for-dotnet#5362
• update the deprecated openURL(:) api to openURL(:options:completionHandler) by @​DharshanBJ in update the deprecated openURL(:) api to openURL(:options:completionHandler) AzureAD/microsoft-authentication-library-for-dotnet#5354

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.73.0...4.73.1

4.73.0

What's Changed

• Add mac broker console app support by @​fengga in Add mac broker console app support AzureAD/microsoft-authentication-library-for-dotnet#5274
• Use HTTP 2 on .NET where possible by @​bgavrilMS in Use HTTP 2 on .NET AzureAD/microsoft-authentication-library-for-dotnet#5314
• Expose access token cache count by @​bgavrilMS in Expose access token cache count AzureAD/microsoft-authentication-library-for-dotnet#5330
• Add an extensibility API - WithFmiPathForClientAssertion … by @​bgavrilMS in Fix #5342 - add an extensibility API - WithFmiPathForClientAssertion … AzureAD/microsoft-authentication-library-for-dotnet#5347
• Hide ListOperatingSystemAccounts in intellisense by @​ashok672 in Hide ListOperatingSystemAccounts in intellisense AzureAD/microsoft-authentication-library-for-dotnet#5304
• Reworked retry policy functionality & Created IMDS retry policy by @​Robbie-Microsoft in Reworked retry policy functionality & Created IMDS retry policy AzureAD/microsoft-authentication-library-for-dotnet#5231

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.72.1...4.73.0

4.72.1

4.72.1

Bug Fixes

• Ensure instance of IMsalHttpClientFactory passed by the user is used for managed identity flows that do not require cert validation. See Issue #​5286
• Fix a URL typo in the API comments. See [Engineering task] fix typo microsfoftonline AzureAD/microsoft-authentication-library-for-dotnet#5277

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.72.0...4.72.1

4.72.0

4.72.0

Features

• Added MacOs Broker support. See Issue #​5051

Bug Fixes

• Ensure additional cache parameters are persisted in cache serializationIssue #​5261

4.71.1

Bug Fixes

• Pass the validate function to the http manager. See Issue #​5242
• Change the resource id param for IMDS. See Issue #​5238

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.71.0...4.71.1

4.71.0

Bug Fixes

• Enable the Service Fabric flow to get a httpClient from the factory with ssl validation callback. See Issue #​5220

Full changelog: 4.70.2 .. 4.71.0

Commits viewable in compare view.

Updated Microsoft.Identity.Web.Certificateless from 3.8.3 to 4.2.0.

Release notes

Sourced from Microsoft.Identity.Web.Certificateless's releases.

4.2.0

What's Changed

New features

• Added CAE claims support for FIC + Managed Identity. See #​3647 for details.
• Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.

##Bug fixes

• Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.
• Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.
• Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.
• Added meaningful error message when identity configuration is missing. See #​3637 for details.

Dependencies updates

• Update Microsoft.Identity.Abstractions to version 10.0.0.
• Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636
• Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641

Fundamentals

• Update support policy. #​3656
• Update agent identity coordinates in E2E tests after deauth. #​3640
• Update E2E agent identity configuration to new tenant. #​3646

Full Changelog: AzureAD/microsoft-identity-web@4.1.1...4.2.0

4.1.1

Bug fixes

• Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See #​3612.

New features

• Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See #​3611.

Fundamentals

• Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See #​3610.

4.1.0

New features

• Migrate to .NET 10 GA. #​3449 and #​3590

Dependencies updates

• Bump MSAL.NET to version 4.79.2 and handle changes to deprecated WithExtraQueryParameters APIs. #​3583
• Update Microsoft.IdentityModel and Abstractions versions. #​3604
• Update coverlet.collector to 6.0.4. #​3587
• Update package validation baseline version to 4.0.0. #​3589
• Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. #​3595

Entra ID SDK sidecar

• Restrict hosts to localhost for sidecar. #​3579
• Update http file to match endpoints. #​3555
• Revise sidecar issue template for Entra ID. #​3577

Documentation

• Update README to include Entra SDK container info. #​3578

Fundamentals

• Include NET 9.0 in template-install-dependencies. #​3593
• Fix CodeQL alerts. #​3591
• Suppression file is needed. #​3592

4.0.1

Bugs fixes

• Correctly compute Application Key when credential usage fails.
• Fix bugs where agent user identities didn't work with non-default authentication schemes.

Fundamentals

• Update .net version to CG compliance

Sidecar

• Configure Sidecar to default AllowWebApiToBeAuthorizedByACL to true as the container doesn't do authZ

4.0.0

4.0.0

Breaking Changes

Removed support for .NET 6.0 and .NET 7.0 - Microsoft Identity Web 4.0.0 no longer targets .NET 6.0 and .NET 7.0, following Microsoft's support lifecycle. The supported target frameworks are now .NET 8.0, .NET 9.0, .NET Framework 4.6.2, .NET Framework 4.7.2, and .NET Standard 2.0.

See MIGRATION_GUIDE_V4

New features

• Various improvements to performance logging, authentication, and credential loading capabilities.
• Bumped MSAL.NET to 4.77.1
• Added credential description extensibility. For details, see #​3487
• Added a new CerticateObserverAction type: SuccessfullyUsed and support for multiple certificate observers for improved certificate lifecycle management and telemetry. See #​3505
• Add specification of OID (in addition to upn) when requesting an authorization header for Agent User Identity. See #​3513
• Added ClaimsPrincipal and ClaimsIdentity extension methods for agent identity detection in web APIs enabling developers to easily detect agent identities and retrieve parent agent blueprint from token claims. See #​3515
• Added MicrosoftIdentityMessageHandler for flexible HttpClient authentication. Provides composable alternative to DownstreamApi with per-request authentication configuration. Supports WWW-Authenticate challenge handling. See #​3503
• Support for multiple certificate observers. See #​3506
• The Microsoft.Identity.Web.Sidecar will provide a container solution for validation and token acquisition in any-language. See #​3524

Bug Fixes

• Fixed TokenAcquirerFactory null reference when AppContext.BaseDirectory is root path. See #​3443
• Fixed IDW10405 error when using managed identity with common tenant. See #​3415
• Removed hard dependency on IConfiguration in OidcIdpSignedAssertionLoader. See #​3414

Fundamentals

• Various improvements to .NET support and dependency optimizations.
• Added doc for Agent identities. See Agent identities
• Combined and fixed test collections. See #​3472
• Migrate repository agent rules from .clinerules to agents.md. See #​3475
• Add .NET 6.x setup step to dotnetcore.yml workflow, as the default build agents don't have it any longer. See #​3489
• Renamed NET 7 tests to ThreadingTests for framework independence. See #​3501

3.14.1

3.14.1

Bug fixe

• Support client secrets with agent user identities. See #​3470 for details.

3.14.0

New features

• Support multi-tenant agent user identities. See #​3461 for details.
• Id Web now allows for passing of ExtraBodyParameters. See #​3463 for details.

3.13.1

3.13.1

Dependencies updates

• Microsoft.IdentityModel updated to version 8.14.0.

3.13.0

3.13.0

Dependencies updates

• Microsoft.IdentityModel updated to version 8.13.1.
• Microsoft.Abstractions updated to version 9.3.0 and using IAuthenticationSchemeInformationProvider from that library, deprecating the interface of the same name in Microsoft.Identity.Web (introduced in 3.12.0).

Bug fixes

• Fixed an issue with instantiation of TokenAcquirerFactory when AppContext.BaseDirectory is root path. See PR #​3443 for details.

Fundamentals

• Use cloud user in tests. See PR #​3441 and #​3442 for details.

3.12.0

3.12.0

Dependencies updates

• Updated MSAL to version 4.74.1 part of #​3398.

Bug fix

Reload certificates for all client credential based issues to solve the issue that when a bad certificate was installed on the machine and picked up, and subsequently rotated, a service restart was needed for the new certificate to be used. See issue #​3429 and PR #​3430

New features

• Include the thrown exception in CertificateChangeEventArg. See PR #​3428 for better supportabiliby.
• Support for Agent User identities. See PR #​3435

3.11.0

3.11.0

Dependencies updates

• Updated global.json to the latest .NET 9 runtime framework 9.0.108. See PR #​3422 for details.

Bug fixes

• Fix IDW10405 error when using managed identity with common tenant. See PR #​3415 for details.
• Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration. See PR #​3414 for details.

New feature

• Add support for ExtraHeaderParameters and ExtraQueryParameters properties on DownstreamApiOptions to simplify adding custom headers and query parameters to downstream API requests. See PR #​3413 for details.
• Add better support for Azure SDK. For details see Readme-Azure and PR #​3416

What's Changed

• Update Abstractions version and the public API files after 3.10.0 release by @​jmprieur in Update Abstractions version and the public API files after 3.10.0 release AzureAD/microsoft-identity-web#3407
• Update Directory.Build.props by @​jennyf19 in Update Directory.Build.props AzureAD/microsoft-identity-web#3404
• Fix IDW10405 error when using managed identity with common tenant by @​Copilot in Fix IDW10405 error when using managed identity with common tenant AzureAD/microsoft-identity-web#3415
• Add ExtraHeaderParameters and ExtraQueryParameters support to DownstreamApi by @​Copilot in Add ExtraHeaderParameters and ExtraQueryParameters support to DownstreamApi AzureAD/microsoft-identity-web#3413
• Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration by @​Copilot in Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration AzureAD/microsoft-identity-web#3414
• Update global.json by @​jennyf19 in Update global.json AzureAD/microsoft-identity-web#3422
• Improved experience for Azure SDKs with Microsoft Identity Platform authentication by @​jmprieur in Improved experience for Azure SDKs with Microsoft Identity Platform authentication AzureAD/microsoft-identity-web#3416
• Update 3.11 changelog by @​jennyf19 in Update 3.11 changelog AzureAD/microsoft-identity-web#3423
• update test certs by @​jennyf19 in update test certs AzureAD/microsoft-identity-web#3424

New Contributors

• @​Copilot made their first contribution in Fix IDW10405 error when using managed identity with common tenant AzureAD/microsoft-identity-web#3415

Full Changelog: AzureAD/microsoft-identity-web@3.10.0...3.11.0

3.10.0

3.10.0

Dependencies updates

• Updated MSAL to version 4.73.1 (#​3398).
• Updated global.json to the latest .NET 9 runtime framework 9.0.107 (#​3385).

New feature

• Added support for Agent Identities (#​3396, #​3402).
  introducing the Microsoft.Identity.Web.AgentIdentities package .

Bug fixes

• Processed codeQL issues

Fundamentals

• improved unit tests for OidcFic with the new SignedAssertionFmiPath

3.9.4

3.9.4

Package updates

• Microsoft.IdentityModel updated to version 8.12.1.

Bug fix

• Updates the DefaultAuthorizationHeaderProvider to update the AcquireTokenOptions.LongRunningWebApiSessionKey after the token is acquired so that the key can be used in the next OBO call. See PR #​3381 for details.

Fundamentals

• Update .NET SDK version to 9.0.107 used when building or running the code. See #​3385 for details.
• Improved test coverage for managed identity flows. See #​3350 for details.

What's Changed

• Add Claims and Capability Support to Managed Identity Flows by @​gladjohn in Add Claims and Capability Support to Managed Identity Flows AzureAD/microsoft-identity-web#3350
• Adding fix for OBO cache key error in long running OBO with DefaultAuthorizationHeaderProvider by @​trwalke in Adding fix for OBO cache key error in long running OBO with DefaultAuthorizationHeaderProvider AzureAD/microsoft-identity-web#3381
• Update global.json by @​jennyf19 in Update global.json AzureAD/microsoft-identity-web#3385
• changelog 3.9.4 by @​jennyf19 in changelog 3.9.4 AzureAD/microsoft-identity-web#3386

Full Changelog: AzureAD/microsoft-identity-web@3.9.3...3.9.4

3.9.3

3.9.3

Package updates

• Microsoft.IdentityModel updated to version 8.12.0.

Fundamentals

• Add .clinerules to help with AI tooling.
• Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added). For details see #​3379

What's Changed

• Update M.IM 8.11 by @​jennyf19 in Update M.IM 8.11 AzureAD/microsoft-identity-web#3373
• add ai assist rules by @​jennyf19 in add ai assist rules AzureAD/microsoft-identity-web#3376
• Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 AzureAD/microsoft-identity-web#3379
• changelog 3.9.3 by @​jennyf19 in changelog 3.9.3 AzureAD/microsoft-identity-web#3380

Full Changelog: AzureAD/microsoft-identity-web@3.9.2...3.9.3

3.9.2

3.9.2

Package updates

• Microsoft.IdentityModel updated to version 8.11.0.
• MSAL.NET updated to version MSAL.NET 4.72.1.

Fundamentals:

• Fix invalid comparisons in prop and csproj files. For details see #​3297.

What's Changed

• Release notes and cleanup by @​jmprieur in Release notes and cleanup AzureAD/microsoft-identity-web#3367
• Remove invalid comparisons by @​keegan-caruso in Remove invalid comparisons AzureAD/microsoft-identity-web#3368
• update to MSAL 4.72.1 by @​jennyf19 in update to MSAL 4.72.1 AzureAD/microsoft-identity-web#3369
• update 3.9.2 by @​jennyf19 in update 3.9.2 AzureAD/microsoft-identity-web#3372

Full Changelog: AzureAD/microsoft-identity-web@3.9.1...3.9.2

3.9.1

3.9.1

Package updates

• Microsoft.Identity.Abstractions updated to version 9.1.0.

Fundamentals

• Fix AoT warnings. For details see #​3366.

What's Changed

• Fix AoT warnings (and update to Abstractions 9.1.0) by @​jmprieur in Fix AoT warnings (and update to Abstractions 9.1.0) AzureAD/microsoft-identity-web#3366

Full Changelog: AzureAD/microsoft-identity-web@3.9.0...3.9.1

3.9.0

3.9.0

Package updates

• Microsoft.IdentityModel updated to version 8.10.0.
• MSAL.NET updated to version MSAL.NET 4.72.0.

Bug fixes

• Fixed issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See #​3323.
• Resolved IL warnings from AddDownstreamApis in NativeAOT projects. See #​3355.
• Ensured AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See #​3345.
• Prevented null reference when accessing MergedOptions instance. See #​3337.

New feature

• Added optional login_hint and domain_hint support to AccountController.SignIn endpoint. See #​3244 and #​3348.

Fundamentals

• Introduced Long-Term Support (LTS) policy. See #​3357.
• Added tests to validate xms_cc (client capability) forwarding in CCA flows. See #​3349.

External contributions

Thank you @​evan-buss for your contribution and fixing the issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See #​3323.
Thank you @​neha-bhargava for your contribution and ensuring AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See #​3345.

3.8.4

3.8.4

Package updates

• Microsoft.IdentityModel updated to version 8.8.0.
• MSAL.NET updated to version MSAL.NET 4.71.0.

Bug fixes

• Fixed the issue where FmiPath was not persisted when copying/reinitializing AcquireTokenOptions. See #​3336.

New feature

• Added support for Linux-friendly devcontainers. See #​3333 and #​3339.

Fundamentals

• Removed System.Text.Json as an explicit dependency for .NET Core targets. See #​3331.

Commits viewable in compare view.

Updated Microsoft.IdentityModel.Abstractions from 8.8.0 to 8.14.0.

Release notes

Sourced from Microsoft.IdentityModel.Abstractions's releases.

8.14.0

8.14.0

Bug Fixes

• Switch back to use ValidationResult instead of OperationResult when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See #​3299 for details.

8.13.1

8.13.1

Dependencies

Microsoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0

Bug Fixes

• Fixed a decompression failure happening for large JWE payloads. See #​3286 for details.

Work related to redesign of IdentityModel's token validation logic #​2711

• Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See #​3284 for details.

8.13.0

8.13.0

8.13.0

Fundamentals

• CaseSensitiveClaimsIdentity.SecurityToken setter is now protected internal (was internal). See PR #​3278 for details.
• Update .NET SDK version to 9.0.108 used when building or running the code. See PR #​3274 for details.
• Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See #​3280 for details.

What's Changed

• Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in Make CaseSensitiveClaimsIdentity.SecurityToken setter protected AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3278
• Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in Update .NET SDK version in global.json from 9.0.107 to 9.0.108 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3274
• Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in Update RsaSecurityKey.cs to remove Pkcs 1 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3280
• changelog for 8.13 by @​jennyf19 in changelog for 8.13 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3282

New Contributors

• @​Copilot made their first contribution in Update .NET SDK version in global.json from 9.0.107 to 9.0.108 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3274

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.1...8.13.0

8.12.1

8.12.1

Fundamentals

• Update .NET SDK version to 9.0.107 used when building or running the code. See #​3263 for details.
• To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR #​3261 for details.
• Experimental code leaked into TokenValidationResult from early prototypes. See PR #​3259 for details.

What's Changed

• Remove experimental code from TokenValidationResult by @​brentschmaltz in Remove experimental code from TokenValidationResult AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3259
• Moved files to experimental folder by @​brentschmaltz in Moved files to experimental folder AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3261
• Update global.json to latest by @​jennyf19 in Update global.json to latest AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3263

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.0...8.12.1

8.12.0

8.12.0

New Features

• Enhance ConfigurationManager with event handling
  Added event handling capabilities to the ConfigurationManager, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see #​3253

Bug Fixes

• Add expected Base64UrlEncoder.Decode overload for NET6 and 8
  Introduced the expected overload of Base64UrlEncoder.Decode for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.
  For details see #​3249

Fundamentals

• Add AI assist rules
  Incorporated AI assist rules to enhance AI agents effectiveness.
  For details see #​3255
• Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0
  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).
  For details see #​3256
• Move suppression of RS006 to csproj
  Centralized suppression of RS006 warnings in project files for easier management.
  For details see #​3230

What's Changed

• Move suppression of RS006 to csproj. by @​brentschmaltz in Move suppression of RS006 to csproj. AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3230
• Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in Add expected Base64UrlEncoder.Decode overload for NET6 and 8 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3250
• add ai assist rules by @​jennyf19 in add ai assist rules AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3255
• Enhance ConfigurationManager with event handling by @​GeoK in Enhance ConfigurationManager with event handling AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3254
• Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3256
• Update CHANGELOG.md for 8.12.0 by @​jmprieur in Update CHANGELOG.md for 8.12.0 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3258

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.11.0...8.12.0

8.11.0

8.11.0

New Features:

• Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue #​3245 for details.
• Added a new public async API: JsonWebTokenHandler.DecryptTokenWithConfigurationAsync, which decrypts a JWE token using keys from either TokenValidationParameters or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR #​3243 for details.

What's Changed

• few updates by @​jennyf19 in few updates AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3242
• Changelog for 8.10.0 by @​sruke in Changelog for 8.10.0 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3241
• Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in Exposes publicly override of AadIssuerValidator factory taking a delegate AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3244
• update current version to 8.10.0 by @​brentschmaltz in update current version to 8.10.0 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3246
• Add DecryptTokenWithConfiguration API by @​pmaytak in Add DecryptTokenWithConfiguration API AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3243
• changelog for 8.11 by @​jennyf19 in changelog for 8.11 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3248

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.10.0...8.11.0

8.10.0

8.10.0

Bug Fixes

• Corrected casing of the Type attribute in SubjectConfirmationData. See #​3206.
• Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See #​3220.
• Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See #​3226.

Fundamentals

• Introduced Long-Term Support (LTS) policy. See #​3228 and #​3232.

8.9.0

8.9.0

Bug Fixes

• syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See Don't lose TimeZone kind when creating sync after AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3213.
• Fixed a null reference issue in KeyInfo. See fix keyinfo null ref AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3203.

New Features

• Introduced a new delegate for reading custom token payload values on JsonWebToken. See Replace JsonWebToken ReadPayloadValue with a delegate AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2981.
• Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See add an overload for ReadJsonWebToken to take a ReadOnlyMemory, add te… AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3205.

Fundamentals

• Utilized IList to avoid enumerator allocation during audience validation. See Use IList to avoid enumerator allocation AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3204.

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[tracyboehrer]

Resolved by #552

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.