Releases: AzureAD/microsoft-identity-web
Releases · AzureAD/microsoft-identity-web
3.4.0
3.4.0
- Updated to Microsoft.IdentityModel.* 8.2.1
- Updated to Microsoft.Identity.Abstractions 7.2.0
New features
- Add ROPC flow support for confidential client applications. See 3091, 3129, 3139.
- Allow multi-tenant applications to specify the AppHomeTenantId to be used for client credentials. See 3121, 3132.
- Update to use .NET 9 GA. See 3127.
What's Changed
- Add API and make ROPC call by @neha-bhargava in #3103
- Fixing the ROPC test that broke the build by @jmprieur in #3133
- Use AppHomeTenantId for acquiring app token when TenantId is not tenant by @msbw2 in #3132
- Add extensibility to update parameters for ROPC flow by @neha-bhargava in #3130
- Declare ROPC extensions in net 9 API by @westin-m in #3136
- update dependencies to .net 9 by @jennyf19 in #3141
- Update the extensibility to add user by @neha-bhargava in #3140
- Update to .NET 9 GA. Update some test dependencies. by @pmaytak in #3134
- update playwright and remove net9.0 for UI tests by @jennyf19 in #3148
- Update changelog 3.4.0. by @pmaytak in #3149
- update wilson post-release by @jennyf19 in #3150
New Contributors
- @neha-bhargava made their first contribution in #3103
Full Changelog: 3.3.1...3.4.0
3.3.1
3.3.1
- Updated to Microsoft.IdentityModel.* 8.2.0
Supportability
- Added JSON schema support for Microsoft.Identity.Web configuration. This allows for schema validation in the
appsettings.json
, improving configuration accuracy and developer experience. To use it, add the following at the top of your appsettings.json:
"$schema": "https://github.com/AzureAD/microsoft-identity-web/blob/master/JsonSchemas/microsoft-identity-web.json"
This update enhances the configuration process by providing clear structure and validation for settings used in Microsoft.Identity.Web. See PR #3119 for details.
Fundamentals
- Fix a flaky test in the L1L2Cache tests. See PR #3122 for details.
What's Changed
- Update changelog.md to fix release 3.2.2 which had a breaking change by @jmprieur in #3116
- Bump the notsecurity group with 19 updates by @dependabot in #3115
- Adding a json schema for Microsoft.Identity.Web configuration by @jmprieur in #3119
- Fixed flaky tests by @alexholub113 in #3122
- Update changelog.md 3.3.1 by @jennyf19 in #3123
- Add Ask Mode Change Template by @kellyyangsong in #3110
New Contributors
- @alexholub113 made their first contribution in #3122
Full Changelog: 3.3.0...3.3.1
3.3.0
3.3.0
- Updated to Microsoft.Identity.Client 4.66.0
- Update system.Text.Json to 8.0.5 CVE-2024-43485
- Updated to .NET 9 RC2
New features
- Microsoft.Identity.Web token acquisition now provides an extensibility mechanism to enlight non-standard features. For details, see #2975
Fundamentals
- Split DownstreamApi methods between AoT compatible and incompatible methods by @SaurabhMSFT in #3090
- ASP.NET Core (and other) cross-link updates by @guardrex in #3096. Thank you!
- Onboarded to Threading Analyzers. For details, see #3052
- display code coverage as PR comments
- Fix flaky EncryptionTestAsync on .NET 9.
What's Changed
- Bump System.Text.Json from 8.0.4 to 8.0.5 in /tools/ConfigureGeneratedApplications by @dependabot in #3069
- Bump Microsoft.Identity.Web.DownstreamApi, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @dependabot in #3073
- Bump Microsoft.Identity.Web.MicrosoftGraph, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @dependabot in #3072
- Bump Microsoft.Identity.Web, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration, Microsoft.Extensions.Configuration.Json, Microsoft.Extensions.Options.ConfigurationExtensions and Microsoft.Extensions.Hosting by @dependabot in #3070
- update system.Text.Json to 8.0.5 CVE-2024-43485 by @jennyf19 in #3074
- another update by @jennyf19 in #3075
- Onboard Id Web to Threading Analyzers by @westin-m in #3041
- Update .NET 9 to RC 2 by @msbw2 in #3082
- Align editor config with other libraries by @westin-m in #3079
- Fix reflection in MemoryCache tests to support both versions seen in .NET 9 RCs by @msbw2 in #3085
- Use nuget config file by @SaurabhMSFT in #3083
- Fix EncryptionTestAsync on .NET 9 by @pmaytak in #3088
- Update GitHub Action to run unit tests by @pmaytak in #3089
- Update template-install-dependencies.yaml by @jmprieur in #3092
- Fix DevEx and IDDP builds by @jmprieur in #3093
- Mark IdWeb APIs as shipped by @westin-m in #3086
- Update version by @jmprieur in #3094
- Split aot compatible and incompatible methods by @SaurabhMSFT in #3090
- ASP.NET Core (and other) cross-link updates by @guardrex in #3096
- update to MSAL 4.66 by @jennyf19 in #3095
- Remove swagger dependencies by @msbw2 in #3099
- Upgrade versions by @JoshLozensky in #3098
- Upgrading MSAL version by @JoshLozensky in #3104
- Grouping Dependabot Updates by @JoshLozensky in #3105
- Microsoft.Identity.Web token acquisition extensions by @jmprieur in #3005
- display code coverage as PR comments by @westin-m in #3107
- Use Nuget config file by @SaurabhMSFT in #3112
- Update changelog.md for 3.3.0 by @jmprieur in #3113
New Contributors
Full Changelog: 3.2.2...3.3.0
3.2.2
3.2.1
3.2.1
- Updated to Microsoft.IdentityModel.* 8.1.1
What's Changed
- update id web after releases by @jennyf19 in #3035
- update net 9 version to rc 1 in build script by @westin-m in #3036
- add disable discover enumeration = true for theory tests by @kellyyangsong in #3042
- Bump Microsoft.Identity.Client from 4.64.1 to 4.65.0 by @dependabot in #3040
- Removed ConfigureAwait(false) from flaky tests by @JoshLozensky in #3045
- removed ConfigureAwait(false) from all tests by @JoshLozensky in #3051
- 3.2.1 Changelog by @kellyyangsong in #3054
- update xunit versions by @JoshLozensky in #3053
- IdentityModel 8.1.1 update by @jennyf19 in #3056
Full Changelog: 3.2.0...3.2.1
3.2.0
3.2.0
- Updated to Microsoft.Identity.Abstractions 7.1.0
- Updated to Microsoft.IdentityModel.* 8.1.0
- Updated to Microsoft.Identity.Client 4.64.1
New features
- In .NET 8 and above,
IDownstreamApi
overloads take aJsonTypeInfo<T>
parameter to enable source generated JSON deserialization. See issue #2930 for details.
Bug fixes:
- Azure region is used while creating application keys when the TokenAcquisition service caches application objects, and the TokenAcquirerFactory caches TokenAcquirer. See #3002 for details.
- Improved error messages for FIC. See issue #3000 for details.
Fundamentals:
3.1.0
3.1.0
- Updated to Microsoft.IdentityModel.* 8.0.2
Security improvement:
- Id Web now uses
CaseSensitiveClaimsIdentity
by default and provides AppContextSwitches to fallback to usingClaimsIdentity
. This means that when you loopup claims with FindFirst(), FindAll() and HasClaim(), you need to provide the right casing for the claim. See PR #2977 for details.
Bug fixes:
- For SN/I scenarios, Id Web's
GetTokenAcquirer
now setsSendX5C
in particular protocols. See issue #2887 for details. - Fix for Instance/Tenant parsing for V2 authority (affected one Entra External IDs scenario). See PR #2954 for details.
- Fix regex that threw a format exception:
The input string " was not in a correct format
when enabling same-site cookie compatibility with userAgent: "Dalvik/2.1.0 (Linux; U; Android 12; Chromecast Build/STTE.230319.008.H1). See issue #2879 for details. - Microsoft.Identity.Web 3.1.0 now has an upper bound set on its dependency on Microsoft.Identity.Abstractions to version 7x to avoid referencing Microsoft.Identity.Abstractions 8.0.0, which has an interface breaking change, not yet implemented in Microsoft.Identity.Web. See PR #2962 for details.
Fundamentals:
- Fix flakey tests: #2972, #2984, #2982,
- Update to
AzureKeyVault@2
in AzureDevOps, #2981. - Update to .NET 9-preview7, #2980 and #2991.
- It's now possible to build a specific version of Microsoft.Identity.Web based on specific versions of Microsoft.IdentityModel and Microsoft.Identity.Abstractions by specifying build variables on the dotnet pack command (MicrosoftIdentityModelVersion, MicrosoftIdentityAbstractionsVersions, and MicrosoftIdentityWebVersion): #2974, #2990
What's Changed
- Add X5C to MSAuth POP by @bgavrilMS in #2950
- Update CSPROJ with README by @localden in #2956
- Fix Instance/Tenant Parsing for V2 Authority by @jackj-msft in #2954
- Check that regex succeeded and value is an integer. by @brentschmaltz in #2958
- Set upper bound on Abstractions by @westin-m in #2962
- Removing 2.x versions post 3.0.0-preview1 by @JoshLozensky in #2967
- Fix test instability by @keegan-caruso in #2971
- Fix AT POP tests by @keegan-caruso in #2972
- Update to net 9 preview 7 by @westin-m in #2980
- Updating AzureKeyVault task to version 2 by @JoshLozensky in #2981
- [test] updates for one build by @jennyf19 in #2974
- Disable ciam test by @keegan-caruso in #2983
- Ensure that SimulateOidc is built before IntegrationTests (that use it) by @jmprieur in #2984
- skip more CIAM E2E tests by @jennyf19 in #2985
- remove grpc in E2E test by @jennyf19 in #2986
- Jennyf/fix slice by @jennyf19 in #2988
- reenable other ciam test by @jennyf19 in #2989
- Jennyf/client sem ver by @jennyf19 in #2990
- Fix Id Web Build by @FuPingFranco in #2991
- Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors and AppContextSwitches for fallback by @pmaytak in #2977
New Contributors
- @localden made their first contribution in #2956
- @jackj-msft made their first contribution in #2954
Full Changelog: 3.0.1...3.1.0
3.0.1
2.21.0
3.0.0
3.0.0
CVE package updates
-
See PR #2929 for details.
-
Updated to Microsoft.IdentityModel.* 8.0.0, Microsoft.Identity.Lab API 1.0.2, Microsoft.Identity.Abstractions 6.0.0
-
See rel/v2 changelog for full list of added features to 3.0.0.
Fundamentals:
- Update lab cert and lab version. See PR #2923 for details.