Releases: AzureAD/microsoft-authentication-library-for-dotnet
4.42.1
4.42.0
4.42.0
New Features
Multi Cloud Support Allows 1st party public client apps which target the public cloud to log in users from other clouds. Not supported for broker flows. Details at https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Multi-Cloud-Support-or-Instance-Aware 2524
Expose the region or error used by MSAL in AuthenticationResult.AuthenticationResultMedatadata and in logs. See 2975
App protection (true MAM) support for iOS. See 2894
Bug Fixes
Fix a bug causing an "Sequence Contains No Elements" exception This occurs in rare circumstances when saving the token cache. 3130
Fix a bug causing an "ArgumentOutOfRangeException: the relative expiration value must be positive" exception This occurs in rare circumstances when saving the token cache. 2859
Default OS account login with MSA fails This affects some first party applications (MSA passthrough) when using WAM 3157
WwwAuthenticateParameters should not expose Resource 3144
4.41.0
4.41.0
New Features:
MSAL now uses the WAM AAD plugin's account selector if authority is AAD only. This overcomes the issue of console apps not being able to display the account picker and other issues with Account Picker instability. See 2289
Added OnBeforeTokenRequest public API which allows to execute a custom delegate before MSAL makes a token request. and enables support for legacy Proof-of-Possession implementations. See 3114
Added kid in cache keys for client credential flows using Proof-of-Possession. See 3115
Improved the error message when both region and custom metadata are configured. See 3014
Exposed the ability to add a custom header text to auth dialogs such as WAM. See 3125
MSAL now supports using Linux broker via Microsoft Edge. Use WithBroker() to authenticate with Microsoft Edge system browser, if installed, which integrates with Linux broker to offer a better authentication experience. See 3051
Bug Fixes:
Added support for WAM on Windows Server 2022 and Windows 11, and improved operating system detection for future versions. See 3040
WAM is not supported on Windows Server 2016. MSAL will now fall back to browser if this OS is detected. See 2946
Fix for GetAccountAsync API by checking for null on accountId parameter. See 3118
WAM is not supported in pure ADFS environments. MSAL will now fall back to browser if the ADFS authority is used. See 2836
4.40.0
4.40.0
New Features:
Authorization Code for Single Page Applications (SPA) feature is now generally available. WithExperimentalFeatures() is no longer required when calling WithSpaAuthorizationCode(). See 2920, wiki, and sample.
Allow POP token envelope to be created externally. See 3059.
Remove obsolete telemetry (MATS) code to improve performance and stability. See 3043.
Log clarification in several places. See here and
here.
Bug Fixes:
Allow res:// error pages to be displayed in embedded WebView. See 3083.
MSAL Logs are now more clear when regional is enabled and tokens are acquired from the cache. See 3073.
4.39.0
4.39.0
New Features:
Added new LogLevel.Always and logging of important health metrics to help with diagnostics of MSAL. See 3004 and MSAL logging.
Bug Fixes:
Fixed a crash in telemetry API when AcquireToken* builder is reused`. See 3024.
Fixed sending an incorrect backup authentication system (CCS) value in B2C apps. See 2748.
4.38.0
4.38.0
New Features:
Disabling cache synchronization for confidential client apps by default to improve performance. See 2848
MSAL now provides the correlation ID used in a to call Azure AD as part of cache callback (TokenCacheNotificationArgs). See 3008
MSAL now provides a new specific API for long running web APIs, in addition to AcquireTokenOnBehalfOf, which no longer requests refresh tokens. The advantage is that the On-Behalf-Of token cache is now smaller and automatically has an eviction, and long running web APIs are easier to write. See https://aka.ms/msal-net-long-running-obo and 2733
Added hybrid SPA support to MSAL. See https://aka.ms/msal-net/spa-auth-code and 2920
Bug Fixes:
Fixed issue where the authentication browser pop up would fail to show without an exception being thrown. See 2839
MSAL WAM now properly signs out guest accounts. See 3016
Reworded in-memory cache warning for web apps not using serialization. See 2990
Fixed issue where Proof-of-Possession token does not rotate properly for confidential client applications. See 3003
MSAL now returns a more descriptive exception when the browser back button is pressed during authentication. See 2991
On the request builder, WithAuthority has been deprecated and WithTenantId was added as an alternative instead. See 2837
MSAL will now only perform regional look up for client credential flows See 3029
4.37.0
4.37.0
New Features:
MSAL.NET now logs an error when common or organizations authority is used in AcquireTokenForClient. See #2887.
Added the ability to enable sending the certificate (as x5c) once when building the confidential client application, rather than on every single token acquisition request. See #2804.
Added additional methods to help create WwwAuthenticateParameters and get tenant ID by calling GetTenantId. See #2907, #2922.
Added an additional async overload for ConfidentialClientApplicationBuilder.CreateClientAssertion. See #2863.
Added an ability to enable a shared token cache between different MSAL client application instances, which can be set with the new WithCacheOptions API call. See Enabling shared cache, #2849.
Added an AuthenticationResult.AuthenticationResultMetadata.TokenEndpoint property from which you can derive which authority was effectively used to fetch the token. This can be used to determine if regional endpoint was used. See #2830.
Added a cache refresh reason and time remaining before proactive token refresh to AuthenticationResult.AuthenticationResultMetadata. See #2832.
Added the ability to specify tenant ID instead of the full authority at the token acquisition APIs level with WithTenantId. See #2280.
Bug Fixes:
Improved support for calling regional endpoints, especially in Azure Functions. See #2803.
Fixed a NullReferenceException when callingAcquireTokenInteractive with a login hint when using .WithBroker on Windows (WAM). See #2903.
Improved the error message when the application is throttled by the identity provider. See #2855.
When proactive token refresh is enabled, MSAL.NET now refreshes the tokens on a background thread to improve performance. See #2795.
Improved caching performance by adding partitioning to the default in-memory user cache used in user flows (like acquire token on-behalf-of, by authorization code). See #2861, #2881.
Improved performance by refactoring date handling when working with access tokens. See #2893.
Fixed a Non-HTTPS URL redirect is not supported in webview exception on Xamarin iOS for Facebook logins. See #2735.
Enabled setting the window title in WebView1 desktop browser. See #2936.
Added WithPrompt to the GetAuthorizationRequestUrl builder to give the ability to specify the interaction experience for the user. See #2896.
Added a more descriptive error message when WithAuthority is set at the request level and WithAzureRegion is used. See #2965.
4.37.0-preview
4.37.0-preview
New Features:
MSAL.NET now logs an error when common or organizations authority is used in the client credentials request. See #2887.
Added the ability to enable sending the certificate (as x5c) once when building the confidential client application, rather than on every single request. See #2804.
Added additional methods to help create WwwAuthenticateParameters. See #2907.
Added an additional async overload for ConfidentialClientApplicationBuilder.CreateClientAssertion. See #2863.
Added an ability to enable a shared token cache between different MSAL client application instances, which can be set with the new WithCacheOptions API call. See Enabling shared cache, #2849.
Bug Fixes:
Improved support for calling regional endpoints, especially in Azure Functions. See #2803.
Fixed a NullReferenceException when callingAcquireTokenInteractive with a login hint in WAM. See #2903.
Improved the error message when the application is throttled by the identity provider. See #2855.
When proactive token refresh is enabled, MSAL.NET now refreshes the tokens on a background thread to improve performance. See #2795.
Improved caching performance by adding partitioning to the default in-memory user cache used in user flows (like acquire token on-behalf-of, by authorization code). See #2861, #2881.
Improved performance by refactoring date handling when working with access tokens. See #2893.
4.36.2
4.36.1
4.36.1
New Features:
Added support for Application ID URIs to be used in confidential client applications. Confidential client applications, specifically web APIs, will now be able to use either the Client ID (GUID) or the Application ID URI, in the confidential client application builder. See #2852