6.15.0

New Features

• Added support for the Last Known Good feature (#1723)
• Made logging more legible by displaying Non-PII information in clear text (#1757)
• Added new GitHub Templates to report bugs (#1756)
• Added the OpenID standard scope "address" (#1787)

Enhancements

• Added multi-auth scheme support in AadIssuerValidator (#1753)
• Added default values for TokenValidationParameters (#1767)
• Improved logging to indicate issuer is an empty string (#1758) (#1761)
• Improved exception handling when metadata retrieval results in a failure (#1776)
• Added string optimizations (#1765)
• Improved performance of Saml2 attributes consolidation (#1764)
• Updated comments to use references (#1769)
• Added new unit test samples that make negative testing easier for consumers of this library. These show the most common problem token types and gives examples for validation. (#1748)

Bug Fixes

• Fixed broken links to ietf.org (#1723)

6.14.1

Bug Fixes:

The AadIssuerValidator in Microsoft.IdentityModel.Validators now uses the entire authority (instance + tenant ID), not just the authority host when validating the issuer. This was an issue which arose when using multiple authentication schemes. See issue #1752 .

6.14.0

New Features

A new assembly, Microsoft.IdentityModel.Validators, is available! It provides an issuer validator for the Microsoft identity platform (AAD and AAD B2C), working for single and multi-tenant applications and v1 and v2 token types. See #1736 and Microsoft.Identity.Web issue.

Bug Fixes

Fixes to determine when IsValid property has been checked. Includes a warning so developers ensure that token validation succeeded before reading the claims. See #1718.

aka.ms link added for issuer validation failure. See issue #1732.

Fix broken rfc link. See issue #1728.

Add const for the OIDC scope "phone". See #1720.

Use https for hyperlinks in XLM. See #1719.

6.13.1

Updating comments to help improve correct usage
#1705

SignedHttpRequests
New exceptions and delegate for validation.
#1704

Base64UrlEncoder performance improvements
#1698

Improve comments to clarify API usage and avoid unintentional validation weakening
#1687

Modify how internal caching runs tasks
Change to starting the event queue task via the Task.Run() method so it is on the default task scheduler and will not interfere with caller's task scheduler as some custom task schedulers might be single threaded and execution can be blocked. The second change is replacing the BlockingCollection with ConcurrentQueue to prevent resource leaks
#1696

Adding the BaseConfigurationManager and BaseConfiguration
This simplifies access to first class properties such as RefreshInterval etc.
Some of the properties in TokenValidationParameter were left as internal as they are required for a future feature that requires additional work.
#1695

NOTE: Version 6.13.0 should NOT be used. In version 6.13.0, users were experiencing an issue where they could not use a ConfigurationManager where T is a custom class. This has been addressed in 6.13.1.

6.12.2

BugFixes

Stop the event queue task when event queue is empty (#1685)

6.12.1

BugFixes

• Fix double instantiation of Uri in IsHttps() (#1676)

Enhancements and features

• Enable deterministic builds for CI builds (#1672).
• Remove wait on first force refresh (#1674)
• Send additional data to metadata end point (#1678)

6.12.0

Bug fixes

• Addressed security bugs (#1656, #1661, #1657).
• Fixed the task leaking issue in the EventBasedLRUCache (#1667).

Enhancements and features

• Added support for decryption using AesGcm (#1606).

6.11.1

Bug fix:

• Fixing incorrect parameters when writing Saml2ProxyConditions (#1646).

6.11.0

Enhancements and Features

Send SKU and Version details to metadata end point #1632

6.10.2

Removed name entry from claim type mapping #1629