4.67.1

Bug Fixes

• Added support for Azure Machine Learning (Azure ML) Managed Identity (MSI) to address missing functionality for token acquisition in Azure Machine Learning environments. See Bug #4984

4.67.0

New Features

• MSAL.NET now supports acquiring token for Client Credentials flow with a Subject Name Issuer (SNI) certificate over Mutual TLS (mTLS) for first-party applications. See Issue #4986
• Bumped NET SDK from net6 to net8, aligning MSAL.NET with the latest .NET standards and features. See Feature Request #5025
• Public API analyzer integrated to enhance API compliance and stability. See Feature Request #4931

Bug Fixes

• Improved AcquireTokenSilent logging and handling of Family of Client IDs (FOCI). See Bug #4988
• Fixed issues where DurationTotalInMs in AuthenticationResultMetadata differed from Stopwatch measurements. See Bug #4895
• Resolved incorrect computation of OTel durations in L1 cache and during the creation of POP tokens. See Bug #5036
• Addressed an issue where AbstractAcquireTokenParameterBuilder<T>.WithAdfsAuthority threw exceptions when the tenant ID was null and the authority host URI ended in /adfs. See Bug #4860
• Fixed a parsing issue in Managed Identity to align with Azure.Identity's behavior for handling invalid JSON responses. See Bug #5016

Deprecated

• Removed MSAL v3 migration aids. See Remove #4987

4.66.2

4.66.2

Bug Fixes

• Fixed a bug where MSAL .NET fails to launch the iOS broker on IOS 18.0.1. See Issue #4958

4.66.1

Bug Fixes

• Fixed a bug where MSAL .NET fails to correctly handle the expires_on field for Managed Identity tokens in ISO 8601 format. This fix ensures accurate parsing of ISO 8601 date-time formats during token acquisition. See Issue #4963

4.66.0

4.66.0

New Features

• Enabled extended functionality in the MSAL authentication flow through the implementation of IAuthenticationOperation. This allows for custom extensions in the authentication flow by providing an authentication operation interface. See Issue #4956
• MSAL.NET will now opt-in to regional ESTS when the environment variable MSAL_FORCE_REGION is set (e.g., MSAL_FORCE_REGION=eastus). This automatically directs MSAL to use the specified region for token acquisition. If the region is explicitly set to "DisableMsalForceRegion", MSAL will not opt-in to regional ESTS. Use of the WithAzureRegion(xyz) API takes precedence over the environment variable. See Issue #4930

4.65.2-Preview

• Refactored CDT Prototype
• Moved prototype to separate folder
• Removed dependency on MSAL internals

4.65.0

New Features

• Update telemetry to include the caller SDK details. See Issue #4863
• MSAL.Net now exposes an API to enable developers to cache additional values in the token response. See Issue #4922
• Managed identity .WithClaims() and .WithClientCapabilities() APIs are now generally available. See Issue #4921

Bug Fixes

• Fix a bug where MSAL .Net fails for DSTS authority when using .WithTenantIdFromAuthority(). See Issue #4927

4.64.1

Fix for 4913 - sendX5C for ROPC CCA (#4917)

* Fix for 4913 - sendX5C for ROPC CCA

* fix

4.64.0

4.64.0

New Features

• Added managed identity support for Azure ARC on Linux. See Issue #4358
• Added Username and password support for confidential clients. See Issue #3774

Bug Fixes

• Resolved SHA2 issues that break custom claims during authentication flows. See Issue #4868

4.63.0

New Features

• Implemented Claims API to Bypass Cache When Claims are Present in MSAL with Managed Identity. This is still an experimental API and may change in the future. See Issue #4845

Bug Fixes

• Fixed an issue where SHR POP tokens were broken due to an invalid algorithm. The algorithm has been corrected to PS256 from RS256. See Issue #4839