3.6.2

3.6.2

• Updated to Microsoft.Identity.Abstractions 8.0.0

Fundamentals

• Clean-up the tests that were using properties removed in Abstractions 8.0.0. See issue #3212 for details.

What's Changed

• Bump the notsecurity group across 1 directory with 3 updates by @dependabot in #3211
• Suppress TFM Build Warnings by @kllysng in #3210
• Fixing 3212 and cleaning-up technical debt by @jmprieur in #3213

Full Changelog: 3.6.1...3.6.2

3.6.1

3.6.1

• Updated to Microsoft.Identity.Abstractions 7.2.1

3.6.0

3.6.0

• Updated to Microsoft.IdentityModel.* 8.3.1
• Updated to MSAL.NET 4.67.2

Bug fixes

• Checks that B2C tokens don't contain the claims used by Identity Web to represent the home tenant and object ID (obtained from the UserInfo endpoint). See #3131
• Remove explicit locking in OpenIdConnectCachingSecurityTokenProvider. See Issue #3078

Fundamentals

• Fix Null Reference Exception in OwinTokenAcquirerFactory + other OWIN cleanup. See #3183
• Re-add code coverage comments & scope to src files. See #3177

What's Changed

• Update changelog.md by @jmprieur in #3161
• Update global.json by @keegan-caruso in #3163
• Use ExtraQP to inject telemetry SDK ID by @bgavrilMS in #2973
• Fix 3167 (package downgrade when referencing IdentityModel.Tokens from dev) by @jmprieur in #3168
• Add Warning Quality Check Build Task 🔨 by @kllysng in #3169
• Treat warnings as errors by @keegan-caruso in #3166
• Revert: Warning Quality Check Build Task by @alexholub113 in #3172
• fix warnings in idweb and readd warnings as errors by @jennyf19 in #3173
• Add checks to protect the internal claims used by MIW. Ref: issue #2968 by @DOMZE in #3131
• use only src files and re-add comments by @jennyf19 in #3176
• Update dotnet actions by @sebastienros in #3175
• • Fixes 3181 by @jmprieur in #3183
• Add retry logic to stabilize flaky UI tests by @kllysng in #3180
• Add null handling for process output/error data in UiTestHelpers by @kllysng in #3184
• package updates from dependabot by @jennyf19 in #3185
• Fix E2E tests persistent flakiness + build hanging by @kllysng in #3188
• Revert WaitForProcess in UI Tests by @jmprieur in #3189
• Update to use MSAL 4.67.1 by @gladjohn in #3193
• Update to use MSAL 4.67.2 by @gladjohn in #3200
• Remove explicit locking in OpenIdConnectCachingSecurityTokenProvider by @keegan-caruso in #3202
• 3.6.0 changelog by @kllysng in #3203

New Contributors

• @DOMZE made their first contribution in #3131
• @sebastienros made their first contribution in #3175
• @gladjohn made their first contribution in #3193

Full Changelog: 3.5.0...3.6.0

3.5.0

Bug fixes

• Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null. See #3155
• Dont modify the merged options when building the confidential client. See #3137

Fundamentals

• Install all .NET versions in pipeline, including .NET 9. See #3152
• Upgrade to C# 13. See #3138
• Specify sdk version in global.json. See #3156
• Disable Coverage PR comments. See in #3159

What's Changed

• Install all .NET versions in pipeline to fix run tests task by @msbw2 in #3152
• Upgrade to C# 13 by @westin-m in #3138
• Specify sdk version in global.json by @westin-m in #3156
• Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null by @sruke in #3155
• Disable Coverage PR comments by @westin-m in #3159
• Dont modify the merged options when building the confidential client by @keegan-caruso in #3137

Full Changelog: 3.4.0...3.5.0

3.4.0

3.4.0

• Updated to Microsoft.IdentityModel.* 8.2.1
• Updated to Microsoft.Identity.Abstractions 7.2.0

New features

• Add ROPC flow support for confidential client applications. See 3091, 3129, 3139.
• Allow multi-tenant applications to specify the AppHomeTenantId to be used for client credentials. See 3121, 3132.
• Update to use .NET 9 GA. See 3127.

What's Changed

• Add API and make ROPC call by @neha-bhargava in #3103
• Fixing the ROPC test that broke the build by @jmprieur in #3133
• Use AppHomeTenantId for acquiring app token when TenantId is not tenant by @msbw2 in #3132
• Add extensibility to update parameters for ROPC flow by @neha-bhargava in #3130
• Declare ROPC extensions in net 9 API by @westin-m in #3136
• update dependencies to .net 9 by @jennyf19 in #3141
• Update the extensibility to add user by @neha-bhargava in #3140
• Update to .NET 9 GA. Update some test dependencies. by @pmaytak in #3134
• update playwright and remove net9.0 for UI tests by @jennyf19 in #3148
• Update changelog 3.4.0. by @pmaytak in #3149
• update wilson post-release by @jennyf19 in #3150

New Contributors

• @neha-bhargava made their first contribution in #3103

Full Changelog: 3.3.1...3.4.0

3.3.1

3.3.1

• Updated to Microsoft.IdentityModel.* 8.2.0

Supportability

• Added JSON schema support for Microsoft.Identity.Web configuration. This allows for schema validation in the appsettings.json, improving configuration accuracy and developer experience. To use it, add the following at the top of your appsettings.json:
  "$schema": "https://github.com/AzureAD/microsoft-identity-web/blob/master/JsonSchemas/microsoft-identity-web.json"
  This update enhances the configuration process by providing clear structure and validation for settings used in Microsoft.Identity.Web. See PR #3119 for details.

Fundamentals

• Fix a flaky test in the L1L2Cache tests. See PR #3122 for details.

What's Changed

• Update changelog.md to fix release 3.2.2 which had a breaking change by @jmprieur in #3116
• Bump the notsecurity group with 19 updates by @dependabot in #3115
• Adding a json schema for Microsoft.Identity.Web configuration by @jmprieur in #3119
• Fixed flaky tests by @alexholub113 in #3122
• Update changelog.md 3.3.1 by @jennyf19 in #3123
• Add Ask Mode Change Template by @kellyyangsong in #3110

New Contributors

• @alexholub113 made their first contribution in #3122

Full Changelog: 3.3.0...3.3.1

3.3.0

3.3.0

• Updated to Microsoft.Identity.Client 4.66.0
• Update system.Text.Json to 8.0.5 CVE-2024-43485
• Updated to .NET 9 RC2

New features

• Microsoft.Identity.Web token acquisition now provides an extensibility mechanism to enlight non-standard features. For details, see #2975

Fundamentals

• Split DownstreamApi methods between AoT compatible and incompatible methods by @SaurabhMSFT in #3090
• ASP.NET Core (and other) cross-link updates by @guardrex in #3096. Thank you!
• Onboarded to Threading Analyzers. For details, see #3052
• display code coverage as PR comments
• Fix flaky EncryptionTestAsync on .NET 9.

What's Changed

• Bump System.Text.Json from 8.0.4 to 8.0.5 in /tools/ConfigureGeneratedApplications by @dependabot in #3069
• Bump Microsoft.Identity.Web.DownstreamApi, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @dependabot in #3073
• Bump Microsoft.Identity.Web.MicrosoftGraph, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @dependabot in #3072
• Bump Microsoft.Identity.Web, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration, Microsoft.Extensions.Configuration.Json, Microsoft.Extensions.Options.ConfigurationExtensions and Microsoft.Extensions.Hosting by @dependabot in #3070
• update system.Text.Json to 8.0.5 CVE-2024-43485 by @jennyf19 in #3074
• another update by @jennyf19 in #3075
• Onboard Id Web to Threading Analyzers by @westin-m in #3041
• Update .NET 9 to RC 2 by @msbw2 in #3082
• Align editor config with other libraries by @westin-m in #3079
• Fix reflection in MemoryCache tests to support both versions seen in .NET 9 RCs by @msbw2 in #3085
• Use nuget config file by @SaurabhMSFT in #3083
• Fix EncryptionTestAsync on .NET 9 by @pmaytak in #3088
• Update GitHub Action to run unit tests by @pmaytak in #3089
• Update template-install-dependencies.yaml by @jmprieur in #3092
• Fix DevEx and IDDP builds by @jmprieur in #3093
• Mark IdWeb APIs as shipped by @westin-m in #3086
• Update version by @jmprieur in #3094
• Split aot compatible and incompatible methods by @SaurabhMSFT in #3090
• ASP.NET Core (and other) cross-link updates by @guardrex in #3096
• update to MSAL 4.66 by @jennyf19 in #3095
• Remove swagger dependencies by @msbw2 in #3099
• Upgrade versions by @JoshLozensky in #3098
• Upgrading MSAL version by @JoshLozensky in #3104
• Grouping Dependabot Updates by @JoshLozensky in #3105
• Microsoft.Identity.Web token acquisition extensions by @jmprieur in #3005
• display code coverage as PR comments by @westin-m in #3107
• Use Nuget config file by @SaurabhMSFT in #3112
• Update changelog.md for 3.3.0 by @jmprieur in #3113

New Contributors

• @guardrex made their first contribution in #3096

Full Changelog: 3.2.2...3.3.0

3.2.2

3.2.2

• Updated to Microsoft.IdentityModel.* 8.1.2

3.2.1

3.2.1

• Updated to Microsoft.IdentityModel.* 8.1.1

What's Changed

• update id web after releases by @jennyf19 in #3035
• update net 9 version to rc 1 in build script by @westin-m in #3036
• add disable discover enumeration = true for theory tests by @kellyyangsong in #3042
• Bump Microsoft.Identity.Client from 4.64.1 to 4.65.0 by @dependabot in #3040
• Removed ConfigureAwait(false) from flaky tests by @JoshLozensky in #3045
• removed ConfigureAwait(false) from all tests by @JoshLozensky in #3051
• 3.2.1 Changelog by @kellyyangsong in #3054
• update xunit versions by @JoshLozensky in #3053
• IdentityModel 8.1.1 update by @jennyf19 in #3056

Full Changelog: 3.2.0...3.2.1

3.2.0

3.2.0

• Updated to Microsoft.Identity.Abstractions 7.1.0
• Updated to Microsoft.IdentityModel.* 8.1.0
• Updated to Microsoft.Identity.Client 4.64.1
   

New features

• In .NET 8 and above, IDownstreamApi overloads take a JsonTypeInfo<T> parameter to enable source generated JSON deserialization. See issue #2930 for details.

Bug fixes:

• Azure region is used while creating application keys when the TokenAcquisition service caches application objects, and the TokenAcquirerFactory caches TokenAcquirer. See #3002 for details.
• Improved error messages for FIC. See issue #3000 for details.

Fundamentals:

• Improved test coverage for GetCacheKey. See PR #3020 for details.
• Update to .NET 9-RC1. See issue #3025 for details.
• Fix static analysis warnings. See PR #3024 for details.