3.8.1

New features

• Updated to Microsoft.IdentityModel.* 8.7.0

Bug fixes

• Pins Microsoft.Extensions.Http dependency version to 3.1.3 for .NET Framework and .NET Standard and uses inbox version for .NET Core. See #3145.

What's Changed

• Post release cleanup by @jmprieur in #3291
• update MIM by @jennyf19 in #3292
• Updates CodeQL.yaml to exclude test files by @sruke in #3294
• Make Microsoft.Extensions.Http dependency framework friendly by @ksaaf in #3296
• Update to IdentityModel 8.7.0 by @pmaytak in #3307

New Contributors

• @ksaaf made their first contribution in #3296

Full Changelog: 3.8.0...3.8.1

3.8.0

3.8.0

New feature

• Updated to Microsoft.IdentityModel.* 8.6.1
• Updated to MSAL.NET 4.69.1
• Updated the Json Schema to include extensiblity for signed assertion providers. See #3235
• Added support for Federation Identity Credential on any OIDC Idp (FIC+OIDC credential provider). See #3255
• Support for acquiring token for Federation Managed Identity (FMI). Supports the FmiPath property of AcquireTokenOptions. See #3247
• Downstream APIs now support Authorization headers with a custom SAML bearer syntax. See #3273

Bug fixes

• TokenAcquirerFactory is now thread safe. See #3274
• Fix a bug in the parsing of the token in the authority. See #3261

Fundamentals

• Removed old Blazorwasm sample, wasm-tools and added new blazor web API: #3259, #3257, #3254
• Modified the build so that, in CI/CD internal builds, the NuGet.olg NuGet source is replaced by a managed Nuget source. More verbose information added. See #3263
• Fixed CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity. See #3266,

What's Changed

• Update changelog.md by @jennyf19 in #3246
• Lozensky/add fmi path by @JoshLozensky in #3247
• Lozensky/perf fix graph service client by @JoshLozensky in #3251
• M.IM 8.6.0 by @jennyf19 in #3252
• Jennyf/blazor prototype by @jennyf19 in #3254
• remove old blazor apps by @jennyf19 in #3257
• Remove step for installing wasm-tools in the build by @gladjohn in #3259
• Fix for Remove NuGet Source steps (now with enhanced logging) by @gladjohn in #3263
• Add CustomSignedAssertion to Credentials.json by @JoshLozensky in #3235
• Fix CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity by @gladjohn in #3266
• Add Support for Custom Saml Bearer in HttpRequest Headers by @sthanu98 in #3273
• comment out the code coverage by @jennyf19 in #3279
• update msal to 4.69.1 by @jennyf19 in #3281
• FIC+OIDC credential provider by @jmprieur in #3255
• Update the IdWeb version number by @jmprieur in #3280
• Locking Down the TokenAcquirerFactory by @JoshLozensky in #3274
• Fix authority parsing logic by @JoshLozensky in #3261
• Update changelog.md for Id.web 3.8.0 by @jmprieur in #3285

New Contributors

• @sthanu98 made their first contribution in #3273

Full Changelog: 3.7.1...3.8.0

3.7.1

3.7.1

• Updated to Microsoft.IdentityModel.* 8.5.0

3.7.0

3.7.0

• Updated to Microsoft.Identity.Abstractions 8.1.0
• Updated to Microsoft.IdentityModel.* 8.4.0

New Feature

• IdentityWeb now provides extensibility to DefaultCredentialsLoader so that partner teams, or an SDK on top of IdWeb, can bring their own credential providers. See #3220 for details.

Bug fixes

• The merged options are now being passed to MSAL for the CCA ROPC scenario. See #3207 for details.

What's Changed

• changelog update by @jennyf19 in #3216
• Pass the assertion options to MSAL for ROPC call by @neha-bhargava in #3217
• Update global.json to 9.0.102 by @jennyf19 in #3222
• Bump the notsecurity group with 3 updates by @dependabot in #3219
• update abstractions to 8.1.0 by @jennyf19 in #3224
• update benchmark by @jennyf19 in #3229
• Adding Extensibility for Custom Signed Assertion Providers by @JoshLozensky in #3226
• Update changelog.md 3.7.0 by @jennyf19 in #3233

Full Changelog: 3.6.2...3.7.0

3.6.2

3.6.2

• Updated to Microsoft.Identity.Abstractions 8.0.0

Fundamentals

• Clean-up the tests that were using properties removed in Abstractions 8.0.0. See issue #3212 for details.

What's Changed

• Bump the notsecurity group across 1 directory with 3 updates by @dependabot in #3211
• Suppress TFM Build Warnings by @kllysng in #3210
• Fixing 3212 and cleaning-up technical debt by @jmprieur in #3213

Full Changelog: 3.6.1...3.6.2

3.6.1

3.6.1

• Updated to Microsoft.Identity.Abstractions 7.2.1

3.6.0

3.6.0

• Updated to Microsoft.IdentityModel.* 8.3.1
• Updated to MSAL.NET 4.67.2

Bug fixes

• Checks that B2C tokens don't contain the claims used by Identity Web to represent the home tenant and object ID (obtained from the UserInfo endpoint). See #3131
• Remove explicit locking in OpenIdConnectCachingSecurityTokenProvider. See Issue #3078

Fundamentals

• Fix Null Reference Exception in OwinTokenAcquirerFactory + other OWIN cleanup. See #3183
• Re-add code coverage comments & scope to src files. See #3177

What's Changed

• Update changelog.md by @jmprieur in #3161
• Update global.json by @keegan-caruso in #3163
• Use ExtraQP to inject telemetry SDK ID by @bgavrilMS in #2973
• Fix 3167 (package downgrade when referencing IdentityModel.Tokens from dev) by @jmprieur in #3168
• Add Warning Quality Check Build Task 🔨 by @kllysng in #3169
• Treat warnings as errors by @keegan-caruso in #3166
• Revert: Warning Quality Check Build Task by @alexholub113 in #3172
• fix warnings in idweb and readd warnings as errors by @jennyf19 in #3173
• Add checks to protect the internal claims used by MIW. Ref: issue #2968 by @DOMZE in #3131
• use only src files and re-add comments by @jennyf19 in #3176
• Update dotnet actions by @sebastienros in #3175
• • Fixes 3181 by @jmprieur in #3183
• Add retry logic to stabilize flaky UI tests by @kllysng in #3180
• Add null handling for process output/error data in UiTestHelpers by @kllysng in #3184
• package updates from dependabot by @jennyf19 in #3185
• Fix E2E tests persistent flakiness + build hanging by @kllysng in #3188
• Revert WaitForProcess in UI Tests by @jmprieur in #3189
• Update to use MSAL 4.67.1 by @gladjohn in #3193
• Update to use MSAL 4.67.2 by @gladjohn in #3200
• Remove explicit locking in OpenIdConnectCachingSecurityTokenProvider by @keegan-caruso in #3202
• 3.6.0 changelog by @kllysng in #3203

New Contributors

• @DOMZE made their first contribution in #3131
• @sebastienros made their first contribution in #3175
• @gladjohn made their first contribution in #3193

Full Changelog: 3.5.0...3.6.0

3.5.0

Bug fixes

• Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null. See #3155
• Dont modify the merged options when building the confidential client. See #3137

Fundamentals

• Install all .NET versions in pipeline, including .NET 9. See #3152
• Upgrade to C# 13. See #3138
• Specify sdk version in global.json. See #3156
• Disable Coverage PR comments. See in #3159

What's Changed

• Install all .NET versions in pipeline to fix run tests task by @msbw2 in #3152
• Upgrade to C# 13 by @westin-m in #3138
• Specify sdk version in global.json by @westin-m in #3156
• Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null by @sruke in #3155
• Disable Coverage PR comments by @westin-m in #3159
• Dont modify the merged options when building the confidential client by @keegan-caruso in #3137

Full Changelog: 3.4.0...3.5.0

3.4.0

3.4.0

• Updated to Microsoft.IdentityModel.* 8.2.1
• Updated to Microsoft.Identity.Abstractions 7.2.0

New features

• Add ROPC flow support for confidential client applications. See 3091, 3129, 3139.
• Allow multi-tenant applications to specify the AppHomeTenantId to be used for client credentials. See 3121, 3132.
• Update to use .NET 9 GA. See 3127.

What's Changed

• Add API and make ROPC call by @neha-bhargava in #3103
• Fixing the ROPC test that broke the build by @jmprieur in #3133
• Use AppHomeTenantId for acquiring app token when TenantId is not tenant by @msbw2 in #3132
• Add extensibility to update parameters for ROPC flow by @neha-bhargava in #3130
• Declare ROPC extensions in net 9 API by @westin-m in #3136
• update dependencies to .net 9 by @jennyf19 in #3141
• Update the extensibility to add user by @neha-bhargava in #3140
• Update to .NET 9 GA. Update some test dependencies. by @pmaytak in #3134
• update playwright and remove net9.0 for UI tests by @jennyf19 in #3148
• Update changelog 3.4.0. by @pmaytak in #3149
• update wilson post-release by @jennyf19 in #3150

New Contributors

• @neha-bhargava made their first contribution in #3103

Full Changelog: 3.3.1...3.4.0

3.3.1

3.3.1

• Updated to Microsoft.IdentityModel.* 8.2.0

Supportability

• Added JSON schema support for Microsoft.Identity.Web configuration. This allows for schema validation in the appsettings.json, improving configuration accuracy and developer experience. To use it, add the following at the top of your appsettings.json:
  "$schema": "https://github.com/AzureAD/microsoft-identity-web/blob/master/JsonSchemas/microsoft-identity-web.json"
  This update enhances the configuration process by providing clear structure and validation for settings used in Microsoft.Identity.Web. See PR #3119 for details.

Fundamentals

• Fix a flaky test in the L1L2Cache tests. See PR #3122 for details.

What's Changed

• Update changelog.md to fix release 3.2.2 which had a breaking change by @jmprieur in #3116
• Bump the notsecurity group with 19 updates by @dependabot in #3115
• Adding a json schema for Microsoft.Identity.Web configuration by @jmprieur in #3119
• Fixed flaky tests by @alexholub113 in #3122
• Update changelog.md 3.3.1 by @jennyf19 in #3123
• Add Ask Mode Change Template by @kellyyangsong in #3110

New Contributors

• @alexholub113 made their first contribution in #3122

Full Changelog: 3.3.0...3.3.1