4.13.0

4.13.0

New Features

Client throttling is supported in Public Client Applications MSAL will now implement client side throttling to reduce excessive authentication requests sent to the service: In the case where the Azure AD service replies with an HTTP error implying throttling, MSAL.NET now respects itself the delay imposed by the service by throwing an exception telling the application after which delay/when it will be able to acquire a token again without even attempting to call the service. For details see Issue for details

MSAL now can perform device authentication on Desktop On Operating systems prior to Windows 10 (Windows 7, 8, 8.1 and their server conterparts) MSAL.NET is able to perform device authentication using PKey Authentication. Issue for details

Bug Fixes

MSAL .NET would throw a null ref when no authentication type was specified when creating a confidential client application MSAL .NET now verifies the developer has specified one client credential (client secret, certificate, or client assertion) when using a confidential client application. See Issue for details

MSAL.NET 4.12.0

New Features:

Integrated Windows Auth available on .NET Core on Windows without username. On .NET Core, for the Windows platforms, AcquireTokenByIntegratedWindowsAuthAsync(scopes) works without passing the username.

The scope parameter is now less strict in some of the AcquireTokenXXX methods. MSAL now allows developers to call AcquireToken* methods without scopes. MSAL continues to ask for "offline_access", "profile" and "openid" scopes, which makes token providers (AAD B2B, AAD B2C, ADFS) return Id Tokens, which contain user metadata. Some token providers continue to issue access tokens, which can be used to access the UserInfo metadata endpoint. Issue

Bug fixes:

Fix potential cache consistency issues in multi-threaded environment. Synchronize token cache to avoid cache inconsistency where token cache is shared with many environments.

Fix null reference exception thrown by AcquireTokenForClient when using a cert in .cer format / without a private key. Issue

Fix the spelling in API WithInstanceDicoveryMetadata. Marked the WithInstanceDicovery as deprecated and added WithInstanceDiscoveryMetadata to fix the spelling.

Fix MsalClientException UserMismatchSaveToken sometimes thrown in web apps. Fix the scenario where in web app / web api scenarios where a token cache was shared across multiple users, MSAL would sometimes throw an MsalClientException.

MSAL.NET 4.11.0

4.11.0

New Features:

• MSAL.NET will now remove accounts from the cache that have expired refresh tokens. MSAL.NET will remove both the refresh token and the associated account if the suberror is "bad_token" to avaoid unnecessary calls to AzureAD. Issue

• MSAL.NET uses telemetry schema V2 MSAL.NET has been updated to use Http telemetry schema V2. Issue

Bug Fixes:

• When migrating a Xamarin application from ADAL.NET to MSAL.NET and preserving the keychain, a CryptographicException can be thrown from the BrokerKeyHelper. MSAL.NET now does the broker key keychain look up by Service and Account only. Issue

• WithProofOfPosession produces a token of type POP when it is expected to be PoP MSAl.NET will now produce a token of type PoP when WithProofOfPosession() is used. Issue

4.10.0

4.10.0

Bug fixes:

• Client Credentials flow not working with ADFS 2019 MSAL.NET now uses the token endpoint as audience and adds x5t to the signed assertion it creates from a certificate. Issue
• Certain error messages are not returned from the Andorid Broker MSAL.NET now throw better exceptions that show the root cause of Android broker failures. Issue
• WithProofOfPossesion not exposed on AcquireTokenSilent builder MSAL.NET now exposes the WithProofOfPossesion call on AcquireTokenSilent builder Issue

New Features:

• MSAL.NET now allows configuration of instance metadata end-point WithInstanceDicoveryMetadata method now allows developers to pass an Uri with metadata. Issue

MSAL.NET 4.9.0

4.9.0

New Features:

• Added support for Android Broker to MSAL.NET MSAL.NET will now be able to take advantage of the brokered authentication scenarios using the Microsoft Authenticator and the Intune Company Portal. Issue
• Added client capabilities support to MSAL.NET Issue

Bug Fixes:

• Wrong Authority created in CreateAuthorityForRequest MSAL.NET now properly creates B2C authorities when using the CreateAuthorityForRequest() API. Issue

MSAL.NET 4.8.2

4.8.2

Bug Fixes:

• When using .WithBroker(true), but no broker is installed on the device, MSAL.NET would throw a null ref. MSAL.NET now checks if the user is required to have their device managed, and if not, the user will be guided through the regular authentication process with no broker. If device mangagement is required, the user will be guided to the App Store to install the Authenticator App. #1598 .
• Starting with version 4.8.1, MSAL.NET would throw a MonoTouchException on iOS 10 and 11 devices. Starting with iOS 13 , all WKWebViews report their full page user agent as desktop, previously this was reported as mobile to the server. A check was added in 4.8.1 to switch to use macOS user-agent for all browsers by default. Now, for devices lower than iOS 13, this check will not occur. #1621

4.8.1

Bug fixes:

Fix a Null Reference bug in the main AcquireTokenInteractive scenario on Android. This is the reason why release 4.8.0 was unlisted from NuGet - #1585

Change the internal serialization library logic to prevent Mono errors with DataContract serializers - #1586

MSAL.NET 4.8.0

4.8.0.

Bug fix:
Cannot acquire token in UWP app on HoloLens via a unity plugin as json serialization fails MSAL now uses Newtonsoft.Json for serialization. Issue

AAD Security question registration page unresponsive in Android embedded webview MSAL now properly handles the andoid activity when usin the embedded webview. Issue

"offline_access" scope causes token cache misses MSAL now Proberly filters the cache during silent authentication. Issues

Improved invalid client error message MSAl now has a better error message when an invalid client error is sent back from AAD. Issues

New Features:
MSAL.NET now supports Proof of Possession The PublicClientApplication on every target has support for this. Issue

Token cache serialization for Mac MSAl is now able to serialize and deserialize the token cahce auring authentication on MAC OS. Issues

MSAL now uses "mobile" configuration for iOS Xamarin embedded webview MSAl now properly uses the MKWebview on iPad when using the embedded webview. Issues

MSAL.NET 4.7.1

Bug fix
Interactive authentication with Edge as a system system browser sometimes hanged. Issue #1506

MSAL.NET Version 4.7.0

4.7.0

New Features:
Added Subject Name + Issuer authentication to the acquire token by authorization code and acquire token by refresh token flows with the WithSendX5C() api on the confidential client application. All confidential client authentication flows will now have acces to this feature. Issue