Releases: AzureAD/microsoft-authentication-library-for-dotnet
Releases · AzureAD/microsoft-authentication-library-for-dotnet
4.5.1
4.5.1
Bug Fix:
- Starting in v4.5.0 of MSAL.NET, when using Xamarin Android, a System.TypeInitializationException would be thrown. This is due to the Resource.designer.cs class being included automatically by the MSBuildExtrasSdk. See MSAL.NET issue and Xamarin Android issue for details.
4.5.0
4.5.0
New Features:
- MSAL now supports the device code grant for ADFS 2019. #1403
- MSAL now supports the device code grant for Microsoft personal accounts. #1367
- MSAL.NET now sends telemetry data to the /token endpoint in regards to the error code of the previous request, if applicable. This will enable MSAL.NET to determine reliablity across public client application calls.
Bug Fixes:
- Customers reported a nonce mismatch error when signing in with the Authenticator app on iOS 13. The issue has been resolved and increased logging included in the iOS broker scenario. See issue for more details.
- On iOS 13, when using the system browser, authentication was broken. This was because Apple now requires a presentationContext when signing in with the system browser. More information on this requirement here. And more details in the issue
- At times, MSAL.NET would randomly fail on UWP. MSAL.NET now implements retry logic and has improved logging around the cache in UWP. See this issue and this issue for more details.
- During a client credential flow, MSAL.NET would throw a client exception stating the users should not add their own reserved scopes. MSAL.NET now merges the scopes if they are already in the reserved list and does not throw. See issue for more details.
- At times, during an interactive authentication, MSAL.NET would throw an ArgumentNullException. MSAL.NET now checks for null values when handling the authorization result parsing. See issue for details.
Fundamentals:
- MSAL.NET now uses the new internal Lab API for automated and manual testing. Issue
4.4.0
4.4.0
Bug Fixes:
- Ensures that MSAL.NET works fine with brokers on iOS 13. On iOS 13, iOS, the broker, may or may not return the source application, which is used by MSAL.NET to verify the response is coming from broker. To maintain secure calls, MSAL.NET will now also create a nonce to send in the broker request and will verify the same nonce is returned in the broker response in the case of a missing source application. Issue
- After MSAL.NET acquired a token for a user, and the user signed-out - remove account, MSAL.NET was attempting to acquire the token with the same tenant as the first account, instead of using the tenant specified in the authority when building the application. MSAL.NET now uses the specified tenant. Issue
- Claims are now sent to both the /authorize and /token endpoints. Issue
- MSAL.NET on Xamarin iOS now returns the top-level view controller, which allows calling AcquireAuthorizationAsync() with an app RootViewController as a UINavigationController with an empty navigation stack. See PR for more details
- Full list of issues addressed can be found here
4.3.1
4.3.1
Bug Fixes:
- .WithCertificate with /common audience scenario is broken. Confidential Client authorization flow and OBO were not able to use certificates with the common authority set. More details here
- Do not strip the port from authority Uri. When passing your own authority uri which includes a port, MSAL used to strip out the port from the URI, making the authority unreachable. More details here
- Fix a crash on Android when Chrome isn't installed on the device. Exception is NameNotFoundException: com.android.chrome. More details here
- ConfidentialClient built from options won't allow certificates. When building a confidential client from options, MSAL was forcing developers to use a secret. More details here
- Login screen loses information on device orientation change on Android. Username used to be lost from embedded webview when rotating the device. More details here
4.3.0
4.3.0
New Features:
- Broker support for Xamarin iOS. MSAL.NET now supports brokered authentication with Xamarin iOS. For details see https:aka.ms/msal-net-brokers, along with code snippets, and more details in the 4.3 release blog post. For help migrating from ADAL.NET using iOS broker to MSAL.NET using iOS broker, see this page on migration.
Bug Fixes:
- MSAL.NET was adding an extra
/to the authority when using.WithAuthority(AzureCloudInstance azureCloudInstance, Guid tenantId). This resulted in an MsalServiceException: "AADSTAT9002: Tenantv2.0not found..." More details here. - Starting in MSAL.NET 4.0, a MsalClientException was thrown instead of a MsalServiceException in exceptions coming from the server. This regression is now fixed.
- MSAL.NET required custom error handling when dealing with a network down error. This was especially problematic on Xamarin iOS and Android. MSAL.NET now provides a consistent approach to HTTP errors. Details here.
- MSAL.NET was not correctly catching a network down exception. MSAL.NET now catches the exception and sets it on the correct TaskCompletionSource object. More information here.
3.0.9
3.0.9
Bug Fixes:
-- ** Set exception on TCS so it is thrown in correct place **. If an exception is thrown on .NET 45 targets with Interactive login flows in the WebUI, the exception can go uncaught and escape the thread which can cause process level crashes. This is now properly caught and set onto the TaskCompletionSource for propagation of the error. MSAL Issue 1304
4.2.1
4.2.0
New Features:
- Allow users to specify their own instance metadata. For details see https://aka.ms/msal-net-custom-instance-metadata More information on this feature here
- AcquireTokenSilent should not make calls to the network More information on this feature here
- Improve CA Error Handling More information on this feature here
- AcquireTokenSilent access the cache too many times More information on this feature here
- Allow injecting the Parent Activity/Window in the Client Builder More information on this feature here
- Add framework and version to MsalException ToString() More information on this feature here
Bug Fixes:
- Resolved the "Key not valid for use in specified state" error when a certificate with a non-exportable key is used on .NET Framework 4.7.2+ More information on this feature here
- Cryptic exceptions when attempting IWA / UP / Device Flow with an app that isn't registered as a public client More information on this feature here
4.1.0
New Features:
- MSAL.NET now provides options to control the system web browser. From MSAL.NET 4.0.0, you have been able to use the interactive token acquisition with .NET Core, by delegating the sign-in and consent part to the system web browser on your machine. MSAL.NET 4.1, brings improvements to this experience by helping you run a specific browser if you wish, and by giving you ways to decide what to display to the user in case of a successful authentication, and in case of failure. More information about this feature here
- MSAL.NET now supports ClientAssertions. In order to prove their identity, confidential client applications exchange a secret with Azure AD. MSAL.NET 4.1 adds a new capabilities for this advanced scenario: in addition to
.WithClientSecret()and.WithCertificate(), it now provides three new methods:.WithSignedAssertion(),.WithClientClaims()and.WithClientAdditionalClaims(). More information on this feature here
Bug Fixes:
- When using the
ConfidentialClientApplicationOptionsand including, for exampleInstance = "https://login.microsoftonline.com/", MSAL.NET was concatenating the double-slash. MSAL.NET will now check for a trailing slash and remove it. There is no action needed on the part of the developer. See [#1196] for details. - When using ADFS 2019, if no login-hint was included in the call, a null ref was thrown. See [#1214] for details.
- On iOS, for certain older auth libraries, sharing the cache with MSAL.NET, there was an issue with null handling in json. The json serializer in MSAL.NET no longer writes values to json for which the values are null, this is especially important for foci_id. See [#1189] and [#1176] for details.
- When using
.WithCertificate()and/common/as the authority in a confidential client flow, the MSAL.NET was creating theaudclaim of the client assertion as"https://login.microsoftonline.com/{tenantid}/v2.0". Now, MSAL.NET will honor both a tenant specific authority and common or organizations when creating theaudclaim. [#891] - MSAL.NET will make network calls less often when developers call
GetAccountsAsyncandAcquireTokenSilent. AAD maintains an instance discovery endpoint which lists environment aliases for each cloud. In order to optimize SSO, MSAL fetches this list and caches it - MSAL has to make a network call even in simple cases likeGetAccontsAsync. This improvement bypasses the need for this network call if the environments used are the standard ones. This work is tracked by MSAL issue 1174
4.0.0
4.0.0
New Features:
- MSAL now supports ADFS 2019. You can now connect directly to ADFS 2019. This is especially important if you intend to write an app working with Azure Stack. For more details see ADFS support
- MSAL now provides asynchronous callbacks as part of the ITokenCache interface. See Asynchronous token cache serialization for more information, code snippets, and a link to a sample. MSAL issue 481
- .NET Core now supports interactive authentication. Given that .NET Core does not provide a Web browser control, until MSAL.NET 4.0, the interactive token acquisition was not supported. Starting from this release, you can now use AcquireTokenInteractive with MSAL.NET. For more information and code snippets, see .NET Core now supports interactive auth. MSAL issue
Breaking Changes in 4.0.0
- ITokenCache's responsibility splatted between ITokenCache and ITokenCacheSerializer. In order to enable the async methods you need to use to subscribe to cache events, we have rewritten the non-async ones by calling the async ones. While doing that we splatted the responsibility of the ITokenCache interface between ITokenCache which now contains the methods to subscribe to the cache serialization events, and a new interface ITokenCacheSerializer which exposes the methods that you need to use in the cache serialization events, in order to serialize/deserialize the cache. This API is experimental and may change in future versions of the library without a major version. See more information on the impact here
- Replace TelemetryCallback with TelemetryConfig. Until MSAL.NET 3.0.8, you could subscribe to telemetry by adding a telemetry callback .WithTelemetry(), and then sending to your telemetry pipeline of choice a list of events (which themselves were dictionaries of name, values). From MSAL.NET 4.0, if you want to add telemetry to your application, you need to create a class implementing ITelemetryConfig. MSAL.NET provides such a class (TraceTelemetryConfig) which does not send telemetry anywhere, but uses System.Trace.TraceInformation to trace the telemetry events. You could take it from there and add trace listeners to send telemetry. See Telemetry for more information and code snippets.
- In confidential client applications, MSAL.NET was not returning a URL in the
GetAuthorizationRequestUrlflow. MSAL.NET now returns a URL in both overloads ofGetAuthorizationRequestUrl. MSAL issues 1193 and issue 1184
Bug Fixes:
- In confidential client applications, MSAL.NET now sends the X5C via AcquireTokenSilent, as it does with AcquireTokenInteractive using the IClientAssertionCertificate overload. Msal issue 1149
- MSAL.NET now correctly handles the X509 cert on .NET Core. MSAL issue 1139
- MSAL.NET now resolves the TeamID in the Keychain Access Group for the default configuration. Keychain sharing groups should be prefixed with the TeamID. Now, if the developer does not explicitly set the keychain access group through the WithIosKeychainSecurityGroup api, MSAL.NET will use the default "com.microsoft.adalcache", appended with the TeamID. Previously the TeamID was not included.MSAL issue 1137