3.0.0-preview1

3.0.0-preview1

Breaking changes

• Remove netcoreapp3.1 support, see issue #2262 for details.
• Remove net5.0 support from Microsoft.Identity.Web.UI, see issue #2711 for details.

New features

• Microsoft.Identity.Web can be conditionally built on .net9.0-preview, see issue #2702 for details.
• Microsoft.Identity.Web nows processes the AcceptHeader and ContentType if provided, see issue #2806 for details.
• Target Microsoft.IdentityModel 7x in OWIN targets, see issue #2785 for details.

2.18.1

2.18.1

• Updated to Microsoft.IdentityModel.* 7.5.1

Bug fix

• Fix for FIC due to appending ./default, see issue #2796 for details.

2.18.0

2.18.0

• Update to Microsoft.Identity.Abstractions 5.3.0
• Update Azure.Security libraries to 4.6.0

New features

• Added support for Managed Identity Federated Identity Credential. See issue #2749 for details.
• Added support to read a section to register multiple downstream APIs. See issue #2255 for details.

Bug fix

• TokenAcquirer factory is now thread safe and can handle multiple azure regions. See issue #2765 for details.

2.17.5

2.17.5

• Updated to MSAL 4.59.1.

2.17.4

2.17.4

Bug fix

• Fix assertions being removed from dict before callback is executed in TokenAcquisition. See issue #2734 for details.

2.17.3

2.17.3

• Updated to Microsoft.IdentityModel.* 7.5.0, see release notes.

2.17.2

2.17.2

New features

• Added support for CIAM custom user domains. You can now use an Open ID connect authority in the "Authority" property of the configuration instead of using "Instance" and "Tenant". See issue #2690 for details.

2.17.1

2.17.1

• Updated to Microsoft.IdentityModel.* 7.4.0

New features

• DownstreamApi now automatically processes claims challenge from web APIs which are CAE enabled, provided you set "ClientCapablities" : ["cp1"] in the configuation. See issue #2550.

Bug fixes

• Fixes the use of ServiceDescriptor for containers which have keyed services present. This can be an issue on .NET 8.0. See issue #2676 for details.

Engineering excellence

• Calls to ConfidentialClientApplicationBuilderExtension.WithClientCredentials are fully async. See issue #2566 for details.

2.17.0

2.17.0

• Updated to Microsoft.IdentityModel.* 7.3.1 and MSAL.NET 4.59.0

New features

• Added support for Microsoft.NET.Sdk.Worker. See Worker calling APIs
• Added support for Managed identity when calling a downstream API on behalf of the app. See Calling APIs with Managed Identity and PR 2650. For details see PR #2645

Bug fixes

• In OWIN applications, GetTokenForUserAsync now respects the ClaimsPrincipal. See issue #2629 for details.
• After setting AddTokenAcquisition(useSingleton:true) to use token acquisition as a singleton, if you use .AddMicrosoftGraph and/or .AddDownstreamApi after this call,
  the GraphServiceClient and IDownstreamApis are now registered as a singleton service. For details see PR #2645
• Added check Against Injection Attacks. For details see PR 2619

Engineering excellence

• Added a benchmark running on PR merges, available from https://azuread.github.io/microsoft-identity-web/benchmarks on GitHub pages

2.16.1

2.16.1

• Update Microsoft.Identity.Abstractions 5.1.0 and Microsoft.IdentityModel.* 7.1.2

Bug Fixes

• In OWIN, Id Web now respects the passed in user argument. See issue #2585 for details.