0.1.5-preview

0.1.5-preview

New Features:

Microsoft Identity Web supports certificates. The developer can now use client and token decryption certificates, which can be retrieved from a variety of sources, like Azure Key Vault, certificate store, a Base54 encoded string, and more. The location of the certificate can be specified in a configuration file or programmatically. See issue and wiki for more details.
Microsoft Identity Web now allows specifying if the x5c claim (the public key of the certificate) should be sent to the STS. Sending the x5c enables easy certificate rollover. To enable this behavior set the SendX5C property in the configuration file. See issue for more details.
Microsoft Identity Web provides an option to force redirect URIs to use the HTTPS scheme, which can be useful in certain scenarios, like app deployment in a container. To enable this behavior set ForceHttpsRedirectUris property in the configuration file. See issue for more details.

Bug Fixes:

Microsoft Identity Web uses System.Text.Json namespace instead of Newtonsoft.Json for working with JSON. See issue for more details.
The documentation now correctly specifies that ClaimsPrincipalExtensions.GetNameIdentifierId returns a uid claim value. See issue for more details.

0.1.4-preview

0.1.4-preview

New Features:
Microsoft Identity Web provides an option to specify if the token acquisition service should be a singleton. See issue for more details.

Bug Fixes:
When logging in with an unauthorized account, the user was redirected to /Account/AccessDenied which did not exist. Microsoft Identity Web UI now properly sets the path on the scheme with the same name. See issue for more details.
In the context of a guest account, Microsoft Identity Web used the loginHint to determine the guest account for accessing the MSAL .NET cache. Now, Microsoft Identity Web retrieves user_info from the authorization server and is able to determine the unique object identifier for guest accounts. See issue for more details.

0.1.3-preview

0.1.3-preview

New Features:
Microsoft Identity Web now allows developers to not pass any scope value in AddWebAppCallsProtectedWebApi. See issue for more details.
When working with containers or reverse proxies, being able to specify the redirectUri and postLogoutRedirectUri is important. Microsoft Identity Web now allows the setting of the RedirectUri and PostLogoutRedirectUri as part of the MicrosoftIdentityOptions. See Issue for more details.

Bug Fixes:
The AddProtectedWebApiCallsProtectedWebApi method registers an event handler for OnTokenValidated without preserving any existing registered event handlers. Now events are chained correctly. See issue for details.
Depending on the endpoint, v1.0 or v2.0, and if the application is B2C or not, the default format of the aud value in the token will be different. Microsoft Identity Web now looks at these parameters to validate the audience.

0.1.2-preview

New Features

• Microsoft Identity Web now uses an IHttpClientFactory to implement resilient HTTP requests. The ASP.NET Core IHttpClientFactory manages the pooling and lifetime of the underlying HttpClientMessageHandler instances, which avoids port exhaustion and common DNS problems that occur when manually managing HttpClient lifetimes. More details on this feature here.

Bug Fixes:

• Performance improvement: AadIssuerValidator class now caches the authority aliases under the correct cache key. See issue for more details.

• When not including the ClientSecret in appsettings.json, a null reference exception was thrown when acquiring the authorization code with MSAL.NET. Microsoft Identity Web now checks all the required options and responds with actionable error messages if any are missing. See issue for more details.

0.1.1-preview

0.1.1-preview

New Features:
Microsoft Identity Web now surfaces the ClaimConstants class. This allows developers to build a unique ClaimsPrincipal. See issue for more details

Bug Fixes:
AddSignIn() now provides a more robust processing of authorities accepting them to end in / or not. See issue for more details
Setting the ValidAudiences in AddProtectedWebApi() now accepts any custom audience (any string). See issue for more details

0.1.0-preview

First release of Microsoft.Identity.Web and Microsoft.Identity.Web.UI as NuGet packages
For documentation see the wiki