-
Notifications
You must be signed in to change notification settings - Fork 344
/
changelog.txt
559 lines (430 loc) · 60.7 KB
/
changelog.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
4.15
============
New Features:
**MSAL has been upgraded to use Android X**. MSAL.NET will now use the latest Android SDKs for it's Xamarin.Android platform. [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1653)
**`GetAccounts()` can now filter by user flow for B2C accounts**. MSAL's `GetAccounts()` api will now allow you to pass in a user flow to filter B2C accounts when quering the cache. [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1889)
Bug Fixes:
**MSAL can now migrate from ADALV3 to MSALV3 when multiple resourceId's are used**. MSAL will now ignore ADAL resource strings when fetching RT to enable migration from ADALV3 to MSALV3 cachetokens. [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1815)
**MSAL will now maintain the correlation ID of the authentication request with broker specific interactions throughout it's entire execution**. [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1805)
**MSAL will now return the correct value for `ExpiresOn` in the authentication result during brokered authentication**. [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1806)
**MSAL now has improved logic for `AcquireTokenSilent()`, `GetAccounts()` and `RemoveAccount()` during brokered authentication**. During brokered authentication, MSAL will now check its local cache for tokens first before sending the silent authentication request to broker. `GetAccounts()` will now merge the accounts from the local MSAL and broker caches when returning results. `RemoveAccount()` will now remove the account from both the local cache and the broker cache. [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1820)
**MSAL now has better error reporting during Integrated Windows Authentication**. MSAL will now return the error in the body on WsTrust parse errors. [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/pull/1838)
**MSAL will now handle null intents returned to `SetAuthenticationContinuationEventArgs`**. MSAL will now handle null intents returned to `SetAuthenticationContinuationEventArgs` to avoid throwing null reference exceptions. [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/636)
4.14.0
============
New Features:
**MSAL no longer calls the OIDC metadata endpoint, as it can infer the authorization and token URLs based on the authority URL. This will speed up token acquisition, especially for multi-tenant applications, as fewer network calls will be made. For details see [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1750)
**Client throttling extended support** MSAL will throttle all /token calls during an event in which the server sends a Retry-After header, thus ensuring the Retry-After instruction is observed. MSAL will also throttle server requests that result in `MsalUiRequiredException` being thrown, for example when the user is required to perform MFA but the app keeps trying to acquire a token silently. For details see [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1624)
Bug Fixes:
**MSAL .NET now respects the ValidateAuthority=false flag. See [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1791)
**When the Android broker (Authenticator / Company Portal) is configured but it is not installed, MSAL should revert to using its own cache to try to perform the AcquireTokenSilent call. [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1809)
4.13.0
============
New Features:
**Client throttling is supported in Public Client Applications** MSAL will now implement client side throttling to reduce excessive authentication requests sent to the service: In the case where the Azure AD service replies with an HTTP error implying throttling, MSAL.NET now respects itself the delay imposed by the service by throwing an exception telling the application after which delay/when it will be able to acquire a token again without even attempting to call the service. For details see [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1624)
**MSAL now can perform device authentication on Desktop** On Operating systems prior to Windows 10 (Windows 7, 8, 8.1 and their server conterparts) MSAL.NET is able to perform device authentication using PKey Authentication. [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1543)
Bug Fixes:
**MSAL .NET would throw a null ref when no authentication type was specified when creating a confidential client application** MSAL .NET now verifies the developer has specified one client credential (client secret, certificate, or client assertion) when using a confidential client application. See [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1795)
**GetAccountsAsync() used to return 0 accounts when the broker was not installed** (on Xamarin.Android). MSAL will now return accounts from the local MSAL cache when the broker is not installed and WithBroker(trus) is used. [Issue for details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1775)
4.12.0
============
New Features:
**Integrated Windows Auth available on .NET Core on Windows without username**. On .NET Core, for the Windows platforms, AcquireTokenByIntegratedWindowsAuthAsync(scopes) works without passing the username.
**The scope parameter is now less strict in some of the AcquireTokenXXX methods**. MSAL now allows developers to call AcquireToken* methods without scopes. MSAL continues to ask for "offline_access", "profile" and "openid" scopes, which makes token providers (AAD B2B, AAD B2C, ADFS) return Id Tokens, which contain user metadata. Some token providers continue to issue access tokens, which can be used to access the UserInfo metadata endpoint. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/715)
Bug fixes:
**Fix potential cache consistency issues in multi-threaded environment**. Synchronize token cache to avoid cache inconsistency where token cache is shared with many environments.
**Fix null reference exception thrown by AcquireTokenForClient when using a cert in .cer format / without a private key**. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1719)
**Fix the spelling in API WithInstanceDicoveryMetadata**. Marked the WithInstanceDicovery as deprecated and added WithInstanceDiscoveryMetadata to fix the spelling.
**Fix MsalClientException UserMismatchSaveToken sometimes thrown in web apps**. Fix the scenario where in web app / web api scenarios where a token cache was shared across multiple users, MSAL would sometimes throw an MsalClientException.
4.11.0
============
New Features:
**MSAL.NET will now remove accounts from the cache that have expired refresh tokens**. MSAL.NET will remove both the refresh token and the associated account if the `suberror` is "bad_token" to avaoid unnecessary calls to AzureAD. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/pull/1720)
**MSAL.NET uses telemetry schema V2** MSAL.NET has been updated to use Http telemetry schema V2. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1681)
Bug Fixes:
**When migrating a Xamarin application from ADAL.NET to MSAL.NET and preserving the keychain, a CryptographicException can be thrown from the BrokerKeyHelper.** MSAL.NET now does the broker key keychain look up by Service and Account only. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1628)
**WithProofOfPosession produces a token of type POP when it is expected to be PoP** MSAl.NET will now produce a token of type PoP when WithProofOfPosession() is used. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1711)
4.10.0
============
New Features:
**MSAL.NET now allows configuration of instance metadata end-point** WithInstanceDicoveryMetadata method now allows developers to pass an Uri with metadata. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1603)
Bug fixes:
**Client Credentials flow not working with ADFS 2019** MSAL.NET now uses the token endpoint as audience and adds x5t to the signed assertion it creates from a certificate. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1708)
**Certain error messages are not returned from the Android Broker** MSAL.NET now throws better exceptions that show the root cause of Android broker failures. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1696)
**WithProofOfPossesion not exposed on AcquireTokenSilent builder** MSAL.NET now exposes the WithProofOfPossesion call on AcquireTokenSilent [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1715)
4.9.0
============
New Features: ** Added support for Android Broker to MSAL.NET ** MSAL.NET will now be able to take advantage of the brokered authentication scenarios using the Microsoft Authenticator and the Intune Company Portal. Learn how to levereage the broker [here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Leveraging-the-broker-on-iOS-and-Android#brokered-authentication-for-android) [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1402)
**Added client capabilities support to MSAL.NET** [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1545)
Bug Fixes:
**Wrong Authority created in CreateAuthorityForRequest** MSAL.NET now properly configures the authority when set from acquire Token apis and is not set on the application. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1606)
4.8.2
============
Bug Fixes:
**When using `.WithBroker(true)`, but no broker is installed on the device, MSAL.NET would throw a null ref**. MSAL.NET now checks if the user is required to have their device managed, and if not, the user will be guided through the regular authentication process with no broker. If device mangagement is required, the user will be guided to the App Store to install the Authenticator App. [See more details in the issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1598).
**Starting with version 4.8.1, MSAL.NET would throw a MonoTouchException on iOS 10 and 11 devices**. Starting with iOS 13 , all WKWebViews report their full page user agent as desktop, previously this was reported as mobile to the server. A check was added in 4.8.1 to switch to use macOS user-agent for all browsers by default. Now, for devices lower than iOS 13, this check will not occur. [See issue for more details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1621).
4.8.1
============
**Fix a Null Reference bug in the main AcquireTokenInteractive scenario on Android.** This is the reason why release 4.8.0 was unlisted from NuGet -[Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1585)
**Change the internal serialization library logic to prevent Mono errors with DataContract serializers** -[Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1586)
4.8.0
============
Bug fix:
**Cannot acquire token in UWP app on HoloLens via a unity plugin as json serialization fails** Serialization now works properly in MSAL.NET. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1468)
**AAD Security question registration page unresponsive in Android embedded webview** MSAL.NET now properly handles the andoid activity when using the embedded webview. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1532)
**"offline_access" scope causes token cache misses** MSAL.NET now properly filters the cache during silent authentication. [Issues](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1548)
**Improved invalid client error message** MSAL.NET now has a better error message when an invalid client error is sent back from AAD. [Issues](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1576)
New Features:
**MSAL.NET now supports Proof of Possession** The PublicClientApplication on every target has support for this. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1488)
**Token cache serialization for Mac** MSAL.NET is now able to serialize and deserialize the token cache during authentication on MAC OS. [Issues](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1487)
**MSAL.NET now uses "mobile" configuration for iOS Xamarin embedded webview** MSAL.NET now properly uses the WKWebview on iPad when using the embedded webview. [Issues](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1552)
4.7.1.
============
Bug fix:
**Interactive auth with Edge system browser sometimes hanged. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1506)
4.7.0
============
New Features:
**Added Subject Name + Issuer authentication to the acquire token by authorization code and acquire token by refresh token flows with the WithSendX5C() api on the confidential client application.** All confidential client authentication flows will now have acces to this feature. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1490)
4.6.0
============
New Features:
**MSAL .NET now stores the application token returned from the iOS broker (Authenticator)**. This may result in the user experiencing less prompts. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1396)
**New TokenCacheNotificationArgs.IsApplicationCache property simplifies the development of token cache serialization**. TokenCacheNotificationArgs now include a flag named `IsApplicationCache`, which disambiguates between the app token cache and the user token cache.
Bug Fixes:
- **Device Code Flow would fail with a misleading error message if the app was misconfigured in the Azure Application Portal**. MSAL.NET now provides a better error message. - #1407
- **Setting a non tenanted authority when calling AcquireTokenXX is now ignored**. #1456
- **Setting an authority audience of `AzureADMyOrg` and a tenant ID would fail**. It's now possible to specify `.WithAuthority(audience)` and `.WithTenantId()` #1320
Fundamentals:
- Added tests which check cache format interoperability between MSAL Java and MSAL .NET
See the [MSAL .NET 4.6.0 blog post](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-4.6) for more details.
4.5.1
=============
Bug Fix:
- **Starting in v4.5.0 of MSAL.NET, when using Xamarin Android, a System.TypeInitializationException would be thrown**. This is due to the Resource.designer.cs class being included automatically by the MSBuildExtrasSdk. See [MSAL.NET issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1449) and [Xamarin Android issue](https://github.com/xamarin/xamarin-android/issues/3812) for details.
4.5.0
=============
New Features:
**MSAL now supports the device code grant for ADFS 2019**. [#1403](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1403)
**MSAL now supports the device code grant for Microsoft personal accounts**. [#1367](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/pull/1367)
**MSAL.NET now sends telemetry data to the /token endpoint in regards to the error code of the previous request, if applicable**. This will enable MSAL.NET to determine reliablity across public client application calls.
Bug Fixes:
- **Customers reported a nonce mismatch error when signing in with the Authenticator app on iOS 13**. The issue has been resolved and increased logging included in the iOS broker scenario. See [issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1421) for more details.
- **On iOS 13, when using the system browser, authentication was broken**. This was because Apple now requires a presentationContext when signing in with the system browser. More information on this requirement [here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/iOS-13-issue-with-system-browser-on-MSAL-.NET). And more details in the [issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1399)
- **At times, MSAL.NET would randomly fail on UWP.** MSAL.NET now implements retry logic and has improved logging around the cache in UWP. See this [issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1098) and this [issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1064) for more details.
- **During a client credential flow, MSAL.NET would throw a client exception stating the users should not add their own reserved scopes.** MSAL.NET now merges the scopes if they are already in the reserved list and does not throw. See [issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1422) for more details.
- **At times, during an interactive authentication, MSAL.NET would throw an ArgumentNullException**. MSAL.NET now checks for null values when handling the authorization result parsing. See [issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1418) for details.
Fundamentals:
- **MSAL.NET now uses the new internal Lab API for automated and manual testing**. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1375)
4.4.0
=============
Bug Fixes:
- **Ensures that MSAL.NET works fine with brokers on iOS 13**. On iOS 13, iOS, the broker, may or may not return the source application, which is used by MSAL.NET to verify the response is coming from broker. To maintain secure calls, MSAL.NET will now also create a nonce to send in the broker request and will verify the same nonce is returned in the broker response in the case of a missing source application. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1357)
- **After MSAL.NET acquired a token for a user, and the user signed-out - remove account, MSAL.NET was attempting to acquire the token with the same tenant as the first account, instead of using the tenant specified in the authority when building the application**. MSAL.NET now uses the specified tenant. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1365)
- **Claims are now sent to both the /authorize and /token endpoints**. [Issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1328)
- **MSAL.NET on Xamarin iOS now returns the top-level view controller, which allows calling AcquireAuthorizationAsync() with an app RootViewController as a UINavigationController with an empty navigation stack**. [See PR for more details](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/pull/1378)
Experimental:
- **MSAL.NET now provides two extension methods, enabling you to acquire an SSH certificate**.
4.3.1
=============
Bug Fixes:
- **.WithCertificate with /common audience scenario was broken**. Confidential Client authorization flow and OBO were not able to use certificates with the common authority set. More details [here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/891)
- *MSAL.NET no longer strips the port from the authority URI**. When passing your own authority uri which includes a port, MSAL used to strip out the port from the URI, making the authority unreachable. More details [here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1292)
- **Fixed a crash on Android when Chrome isn't installed on the device**. Exception was NameNotFoundException: com.android.chrome. More details [here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1334)
- **ConfidentialClient built from options didn't allow certificates**. When building a confidential client from options, MSAL was forcing developers to use a secret. More details [here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1332)
- **Login screen loses information on device orientation change on Android**. Username used to be lost from embedded webview when rotating the device. More details [here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/pull/1244)
4.3.0
=============
New Features:
- **Broker support for Xamarin iOS**. MSAL.NET now supports brokered authentication with Xamarin iOS. For details see https:aka.ms/msal-net-brokers, along with code snippets, and more details in the [4.3 release blog post](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-4.3#broker-support-on-xamarinios). For help migrating from ADAL.NET using iOS broker to MSAL.NET using iOS broker, see [this page on migration](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/How-to-migrate-from-using-iOS-Broker-on-ADAL.NET-to-MSAL.NET).
Bug Fixes:
- **MSAL.NET was adding an extra `/` to the authority when using `.WithAuthority(AzureCloudInstance azureCloudInstance, Guid tenantId)`**. This resulted in an MsalServiceException: "AADSTAT9002: Tenant `v2.0` not found..." More details [here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1270).
- **Starting in MSAL.NET 4.0, a MsalClientException was thrown instead of a MsalServiceException in exceptions coming from the server**. Details [here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1276).
- **MSAL.NET required custom error handling when dealing with a network down error**. This was especially problematic on Xamarin iOS and Android. Details [here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/592).
- **MSAL.NET was not correctly catching a network down exception**. MSAL.NET now catches the exception and sets it on the correct TaskCompletionSource object. More information [here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1304).
4.2.1
=============
Bug Fixes:
- **Fixed API availability of WithParentActivityOrWindow on ios/android/windows/mac**. See [this item](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1095)
- **Fixed System browser not on by default in iOS and Android**. See [this item](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1285)
4.2.0
=============
New Features:
- **Allow users to specify their own instance metadata**. For details see https://aka.ms/msal-net-custom-instance-metadata [More information on this feature here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-4.2#improved-application-startup-cost-disconnected-scenarios-and-advanced-scenarios)
- **AcquireTokenSilent should not make calls to the network** [More information on this feature here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-4.2#cache-is-accessed-less-frequently)
- **Improve CA Error Handling** [More information on this feature here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1148)
- **AcquireTokenSilent access the cache too many times** [More information on this feature here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-4.2#improved-application-startup-cost-disconnected-scenarios-and-advanced-scenarios)
- **Allow injecting the Parent Activity/Window in the Client Builder** [More information on this feature here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-4.2#improved-api-on-xamarin)
- **Add framework and version to MsalException ToString()** [More information on this feature here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-4.2#self-troubleshooting-improvements)
Bug Fixes:
- **Resolved the "Key not valid for use in specified state" error when a certificate with a non-exportable key is used on .NET Framework 4.7.2+** [More information on this feature here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1201)
- **Cryptic exceptions when attempting IWA / UP / Device Flow with an app that isn't registered as a public client** [More information on this feature here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1249)
4.1.0
=============
New Features:
- **MSAL.NET now provides options to control the system web browser**. From MSAL.NET 4.0.0, you have been able to use the interactive token acquisition with .NET Core, by delegating the sign-in and consent part to the system web browser on your machine. MSAL.NET 4.1, brings improvements to this experience by helping you run a specific browser if you wish, and by giving you ways to decide what to display to the user in case of a successful authentication, and in case of failure. [More information about this feature here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-4.1#improved-experience-with-the-system-web-browser-on-net-core)
- **MSAL.NET now supports ClientAssertions**. In order to prove their identity, confidential client applications exchange a secret with Azure AD. MSAL.NET 4.1 adds a new capabilities for this advanced scenario: in addition to `.WithClientSecret()` and `.WithCertificate()`, it now provides three new methods: `.WithSignedAssertion()`, `.WithClientClaims()` and `.WithClientAdditionalClaims()`. [More information on this feature here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-4.1#confidential-client-applications-now-support-client-assertions)
Bug Fixes:
- **When using the `ConfidentialClientApplicationOptions` and including, for example `Instance = "https://login.microsoftonline.com/"`, MSAL.NET was concatenating the double-slash**. MSAL.NET will now check for a trailing slash and remove it. There is no action needed on the part of the developer. See [#1196] for details.
- **When using ADFS 2019, if no login-hint was included in the call, a null ref was thrown**. See [#1214] for details.
- **On iOS, for certain older auth libraries, sharing the cache with MSAL.NET, there was an issue with null handling in json**. The json serializer in MSAL.NET no longer writes values to json for which the values are null, this is especially important for foci_id. See [#1189] and [#1176] for details.
- **When using `.WithCertificate()` and `/common/` as the authority in a confidential client flow, the MSAL.NET was creating the `aud` claim of the client assertion as `"https://login.microsoftonline.com/{tenantid}/v2.0"`**. Now, MSAL.NET will honor both a tenant specific authority and common or organizations when creating the `aud` claim. [#891]
- **MSAL.NET will make network calls less often when developers call `GetAccountsAsync` and `AcquireTokenSilent`**. AAD maintains an instance discovery endpoint which lists environment aliases for each cloud. In order to optimize SSO, MSAL fetches this list and caches it - MSAL has to make a network call even in simple cases like `GetAccontsAsync`. This improvement bypasses the need for this network call if the environments used are the standard ones. This work is tracked by [MSAL issue 1174](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1174)
4.0.0
=============
New Features:
- **MSAL now supports ADFS 2019**. You can now connect directly to ADFS 2019. This is especially important if you intend to write an app working with Azure Stack. For more details see [ADFS support](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/ADFS-support)
- **MSAL now provides asynchronous callbacks as part of the ITokenCache interface**. See [Asynchronous token cache serialization](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-4/_edit#asynchronous-token-cache-serialization) for more information, code snippets, and a link to a sample. [MSAL issue 481](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/481)
- **.NET Core now supports interactive authentication**. Given that .NET Core does not provide a Web browser control, until MSAL.NET 4.0, the interactive token acquisition was not supported. Starting from this release, you can now use AcquireTokenInteractive with MSAL.NET. For more information and code snippets, see [.NET Core now supports interactive auth](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-4/_edit#net-core-now-support-interactive-authentication). [MSAL issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/pull/1142)
Breaking Changes in 4.0.0
- **ITokenCache's responsibility splatted between ITokenCache and ITokenCacheSerializer**. In order to enable the async methods you need to use to subscribe to cache events, we have rewritten the non-async ones by calling the async ones. While doing that we splatted the responsibility of the ITokenCache interface between ITokenCache which now contains the methods to subscribe to the cache serialization events, and a new interface ITokenCacheSerializer which exposes the methods that you need to use in the cache serialization events, in order to serialize/deserialize the cache. This API is experimental and may change in future versions of the library without a major version. See more information on the impact [here](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-4/_edit#itokencaches-responsibility-splatted-between-itokencache-and-itokencacheserializer)
- **Replace TelemetryCallback with TelemetryConfig**. Until MSAL.NET 3.0.8, you could subscribe to telemetry by adding a telemetry callback .WithTelemetry(), and then sending to your telemetry pipeline of choice a list of events (which themselves were dictionaries of name, values). From MSAL.NET 4.0, if you want to add telemetry to your application, you need to create a class implementing ITelemetryConfig. MSAL.NET provides such a class (TraceTelemetryConfig) which does not send telemetry anywhere, but uses System.Trace.TraceInformation to trace the telemetry events. You could take it from there and add trace listeners to send telemetry. See [Telemetry](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-4/_edit#breaking-change-replacing-telemetrycallback-by-telemetryconfig) for more information and code snippets.
- **In confidential client applications, MSAL.NET was not returning a URL in the `GetAuthorizationRequestUrl` flow**. MSAL.NET now returns a URL in both overloads of `GetAuthorizationRequestUrl`. [MSAL issues 1193](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1193) and [issue 1184](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1184)
Bug Fixes:
- **In confidential client applications, MSAL.NET now sends the X5C via AcquireTokenSilent,** as it does with AcquireTokenInteractive using the IClientAssertionCertificate overload. Msal [issue 1149](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1149)
- **MSAL.NET now correctly handles the X509 cert on .NET Core**. [MSAL issue 1139](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1139)
- **MSAL.NET now resolves the TeamID in the Keychain Access Group for the default configuration**. Keychain sharing groups should be prefixed with the TeamID. Now, if the developer does not explicitly set the keychain access group through the WithIosKeychainSecurityGroup api, MSAL.NET will use the default "com.microsoft.adalcache", appended with the TeamID. Previously the TeamID was not included.[MSAL issue 1137](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1137)
3.0.8
=============
Bug Fixes:
- **AcquireTokenSilent sometimes ignored the tenant constraint**. If the same user acquired tokens from different tenants, MSAL.NET would return an account, regardless of the tenant. MSAL.NET now returns the token based on the tenant. [MSAL issue #1123](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1123)
- **DeserializeMsalV3 on ITokenCache should have the option to clear the in memory cache**. DeserializeMsalV3 is currently a merge operation with existing in-memory data. MSAL.NET now has the option to be able to clear the in memory state and then deserialize the content in. [MSAL issue #1109](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1109)
3.0.6-preview
=============
New Features:
- **MSAL.NET now creates an HttpClient that uses the AndroidClientHandler** for Android 4.1 and higher. See [documentation for more information](https://docs.microsoft.com/en-us/xamarin/android/app-fundamentals/http-stack?tabs=windows). [MSAL issue #1076](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1076)
Bug Fixes:
- **When doing the ADAL.NET fallback from MSAL.NET, MSAL.NET was doing the lookup based on the account.HomeAccountId or requestParameters.LoginHint**. In ADAL.NET an account will never have a HomeAccountId (by design), so lookup needs to happen by Account.UserName instead. [MSAL.NET issue #1100](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1100)
- **AcquireTokenInteractive would throw a PlatformNotSupportException on NetCore when using CustomWebUI**. MSAL.NET no longer throws an exception when using CustomWebUI on NetCore. [MSAL issue #1058](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1058)
3.0.5-preview
=============
Bug Fixes:
- **Exception: Failure to parse missing json on first login** [MSAL issue #1052](https://github.com/AzureAD/microsoft-authentication-
library-for-dotnet/issues/1052)
- **B2C ROPC support** [MSAL issue #926](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/926)
- **FOCI is hiding the true cause of refresh token failures** [MSAL issue #1067](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1067)
3.0.4-preview
=============
Bug Fixes:
- ** AcquireTokenInteractive parent param is not intuitive** [MSAL issue #918](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/918)
Breaking Changes in 3.0.4-preview
- **AcquireTokenInteractive** now takes a single parameter - the scopes. A new builder method WithParentActivityOrWindow was introduced for passing in a reference to the UI object that spawns the UI (Activity, Window etc.).
3.0.3-preview
=============
New Features:
- **MSAL now supports custom B2C domains**. [MSAL issue #1025](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1025)
- **MSAL now initializes an HttpClient with NSUrlSessionHnadler()** for iOS 7+. [MSAL issue #1019](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1019)
Breaking Changes in 3.0.3-preview
- **The ClientCredential class is obsolete**. There is no longer a need for the ClientCredential class to be public. This class has been marked as obsolete. [MSAL issue #1007](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1007)
- **The ApiConfig and AppConfig namespaces have been changed** to the Microsoft.Identity.Client namespace for discoverability. This provides a better user experience when updating from MSALv2 to MSALv3.0.3x. [MSAL issue #1006](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1006)]
- **Deprecate UIParent** and move static classes to a more appropriate class (eg `IsSystemWebviewAvailable()`). [MSAL issue #1005](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1005)
- **Move all error codes to `MSAL.Error`**. [MSAL issue #1004](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1004)
- **Deprecate the MSALv2 api**. Move v2 api methods/properties to the migration aid and remove functionality. [MSAL issue #1001](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1001)
- **The `Component` property is obsolete**. MSAL now transmits client app name and version to authorization and token requests. [MSAL issue #978](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/978)
Bug Fixes:
- **Interactive login from multiple clouds was failing** due to instance discovery, as was GetAccounts. This is now fixed. [MSAL issue 1048](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1048) and [1030](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1030)
- **MSAL was calling `DefaultRequestHeaders`** which is not thread safe and could result in AcquireTokenSilent being called from multiple places at the same time. [MSAL issue #1014](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1014)
- **SourceLink is available again** [MSAL issue #953](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/953)
3.0.2-preview
=============
bug fixes:
[UI can hang due to not having proper SynchronizationContext for UI interaction](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1009)
3.0.1-preview
=============
New Features:
- Device Code supports both verification_url and verification_uri
- MsalError contains all the error messages
- MsalException and its derived exception can now be serialized to JSON and deserialized
- MSAL.NET for .NET Core moved to .NET Core 2.1.
- At both the app creation and the token acquisition, you can now pass extra query parameters as a string (in addition to a Dictionary<string,string> introduced in MSAL 3.0.0
- MSAL.NET symbols are now published to enable SourceLink support
Breaking Changes in 3.0.1-preview
- AcquireTokenSilent has two overrides that require you to pass-in the account or the loginHint
- SubError property removed from MsalServiceException
- merge removed from ITokenCache's DeserializeXX methods
- WithClaims removed from app creation. it is now available on the AcquireToken methods
- ICustomWebUi.AcquireAuthorizationCodeAsync now takes a cancellation Token
bug fixes:
[When the client id entered is invalid, the error messages can be better](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/727)
[PublicClientApplicationBuilder.CreateWithApplicationOptions does not respect the audience](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/969)
[ASWebAuthenticationSession is skipped due to AppCenter build flags](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/919)
3.0.0-preview
=============
- For more info on the release, along with code samples, checkout https://aka.ms/msal-net-3x
Breaking changes in MSAL.NET 3:
- `UIBehavior` was renamed to `Prompt` (breaking change)
- `TokenCacheNotificationArgs` now surfaces an `ITokenCache` instead of a `TokenCache`. This will allow MSAL.NET to provide, in the future, various token cache implementations.
- `TokenCacheExtensions` was removed and its methods moved to `ITokenCache` (this is a binary breaking change, but not a source level breaking change)
- The `Serialize` and `Deserialize` methods on `TokenCacheExtention` (which were serializing/deserializing the cache to the MSAL v2 format) were moved to `ITokenCache` and renamed `SerializeMsaV2` and `DeserializeV2
Changes related to improving app Creation and configuration [MSAL issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/810)
- New class `ApplicationOptions` helps you build an application, for instance, from a configuration file
- New interface `IMsalHttpClientFactory` to pass-in the HttpClient to use by MSAL.NET to communicate with the endpoints of Microsoft identity platform for developers.
- New classes `PublicClientApplicationBuilder` and `ConfidentialClientApplicationBuilder` propose a fluent API to instantiate respectively classes implementing `IPublicClientApplication` and `IConfidentialClientApplication` including from configuration files, setting the targetted cloud and audience, but also setting per application logging and telemetry, and setting the `HttpClient`.
- New delegates `TelemetryCallback` and `TokenCacheCallback` can be set at application construction
- New enumerations `AadAuthorityAudience` and `AzureCloudInstance` help you writing applications for sovereign and national clouds, and help you choose the audience for your application.
Changes related to improving token acquisition, addressing issues [810](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/810), [635](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/635), [426](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/426), [799](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/799) :
- `ClientApplicationBase` now implements `IClientApplicationBase` and has new members:
- `AppConfig` of new type `IAppConfig` contains the configuration of the application
- `UserTokenCache` of new type `ITokenCache` contains the user token cache (for both public and confidential client applications for all flows, but `AcquireTokenForClient`)
- New fluent API `AcquireTokenSilent`
- `PublicClientApplication` and `IPublicClientApplication` have four new fluent APIs: `AcquireTokenByIntegratedWindowsAuth`, `AcquireTokenByUsernamePassword`, `AcquireTokenInteractive`, `AcquireTokenWithDeviceCode`.
- `ConfidentialClientApplication` has new members:
- `AppTokenCache` used by `AcquireTokenForClient`
- Five new fluent APIs: `AcquireTokenByAuthorizationCode`, `AcquireTokenForClient`, `AcquireTokenOnBehalfOf`, `GetAuthorizationRequestUrl`, `IByRefreshToken.AcquireTokenByRefreshToken`
- New extensibility mechanism to enable public client applications to provide, in a secure way, their own browsing experience to let the user interact with the Microsoft identity platform endpoint (advanced). For this, applications need to implement the `ICustomWebUi` interface and throw `MsalCustomWebUiFailedException` exceptions in case of failure. This can be useful in the case of platforms which don't have yet a Web browser. For instance, the Visual Studio Feedback tool is an Electron application which uses this mechanism. [MSAL issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/863)
- `MsalServiceException` now surfaces two new properties:
- `CorrelationId` which can be useful when you interact with Microsoft support.
- `SubError` which indicates more details about why the error happened, including hints on how to communicate with the end user. [MSAL issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/559)
Changes related to the token cache:
- New interface `ITokenCache` contains primitives to serialize and deserialize the token cache and set the delegates to react to cache changes
- New methods `SerializeMsalV3` and `DeserializeMsalV3` on `ITokenCache` serialize/deserialize the token cache to a new layout format compatible with other MSAL libraries on Windows/Linux/MacOS.
A few bug fixes:
- [Update Xamarin dependencies](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/810)
- [Send client headers to the user realm endpoint](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/820)
2.7.1
=============
- **MSAL now handles B2C domains from sovereign clouds, including US Government, Blackforest, and Mooncake**. B2C domains with *.b2clogin.us, *.b2clogin.cn, and *.b2clogin.de are now included in the MSAL allowed domain list for B2C authorities. [MSAL issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/897)
- **Improved error message handling to detect issues faster and not hit null reference exceptions**. Sometimes, for example, when the instance discovery endpoint is not found, the Oauth2Client in MSAL would hit a null reference exception. MSAL now detects such issues faster and returns a more meaningful error message (e.g. the http response code).
2.7.0
=============
- **MSAL integrates SourceLink https://github.com/dotnet/sourcelink.** This allows MSAL to embed pdb files and source code in the NuGet package, allowing users to debug into MSAL without replacing their package reference with a project reference. [MSAL PR](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/pull/750)
- **MSAL.NET now supports Xamarin.Mac**. We now ship another MSAL assembly, that can be used when building apps using Xamarin.Mac. MSAL.NET for Xamarin.Mac supports interactive authentication via an embedded browser, as well as silent authentication. It does not serialize its token cache to the keychain, instead users are asked to provide their own serialization mechanism as they see fit. A keychain based implementation will likely be implemented in a future release. [MSAL PR](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/pull/756)
- **Easier migration from ADALv2 to MSALv2 due to a new AcquireTokenFromRefreshToken API**. ADAL.NET v2.x exposes the refresh token in the `AuthenticationResult`, as well as methods to acquire a token from a refresh token in the `AuthenticationContext`. Through the `ConfidentialClientApplication`, MSAL now implements an explicit interface to help customers migrate from ADAL v2 to MSAL v2. With this method, developers can provide the previously used refresh token along with any scopes. The refresh token will be exchanged for a new one and cached. Please see https://aka.ms/msal-net-migration-adal2-msal2 for more details. [MSAL issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/690)
- **Token cache account was not being deleted on Android platform**. [MSAL PR](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/pull/754)
- **When using ADAL v4.4.2 and MSAL v2.6 in the same Xamarin project, an error would result of `Cannot register two managed types` due to the iOS view controllers being registered under the same name**. Now the MSAL iOS view controllers are prefixed with `MSAL` so they are distinct from the ones in ADAL. [MSAL issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/776)
- **When using the `KeychainSecurityGroup` property to enable application sharing of the token cache, developers were required to include the TeamId**. Now, MSAL resolves the TeamId at runtime. A new property `iOSKeychainSecurityGroup` should be used instead. See https://aka.ms/msal-net-ios-keychain-security-group for details. [MSAL issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/777)
2.6.2
=============
Move AuthenticationContinuationHelper class back to the Microsoft.Identity.Client namespace to avoid breaking changes to existing apps.
2.6.1
=============
- **Setting ForceRefresh = true in AcquireTokenSilent used to skip access token cache lookup** MSAL now handles ForceRefresh=true correctly and circumvents looking up an access token in the cache, instead using the refresh token to acquire a new access token. [MSAL issue #695](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/695)
- **Ensured cache lookup filters on the specified tenantId, otherwise the cache lookup would always find the token for the home tenant** This enables MSAL to acquire tokens for resources outside the home tenant. [MSAL issues #694](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/694)
2.6.0-preview
=============
- **For more info on the release, see https://aka.ms/msal-net-2-6 for details**
- **Improved error messages for Integrated Windows Auth**: MSAL now returns better error messages for managed users using Integrated Windows Auth. [ADAL issue #1398](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1398)
- **New parameter for UIBehavior**: B2C developers can now use NoPrompt as a UIBehavior. For example, when envoking the edit profile policy to avoid the account selection UI and move directly to the edit profile UI. [MSAL issue #588](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/588)
- **UIParent is available on all platforms**: The UIParent constructor now takes in (object parent, bool useEmbeddedWebview) and is available on all platforms. [MSAL issue #676](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/676)
- **Remove dependency on Newtonsoft.Json**: MSAL now uses Microsoft.Identity.Json [MSAL PR](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/pull/1430)
- **Deprecate `HasStateChanged`**: MSAL was not using this flag, so it has been deprecated [ADAL issue #1186](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1186)
- **Obsolete public WebUI net45 types from Internal.UI namespace**: [MSAL](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/pull/1438)
- **NetStandard Unification**: MSAL.NET helps you build multi-platform applications more easily by rationalizing the .NET Standard 1.3 platform. For details see blog post about this release available from: https://aka.ms/msal-net-2-6
- **Public namespace change**: If you implement dual serialization (AdalV3/Unified cache), and therefore are using Microsoft.Identity.Core.Cache to access some of the public cache classes, please note the namespace has changed to Microsoft.Identity.Client.Cache. You will get this error when updating packages: The type or namespace name 'Core' does not exist in the namespace 'Microsoft.Identity' (are you missing an assembly reference?). Just replace Core with Client in the using statement.
- **Move MSAL code to the MSAL repo**
2.5.0-preview
=============
- **Improved the testability of apps using MSAL.NET**: MSAL.NET was not easily mockable because the AuthenticationResult was an immutable sealed class with no public constructors. AuthenticationResult now has a public constructor for testing. [MSAL issue #682](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/682)
- **Improved support for Azure AD B2C**: apps constructors now understand to b2clogin.com based authorities, Developer no longer needs to set ValidateAuthority=false, as the library handles this now. [MSAL issue #686](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/686)
- **GetAccountsAsync() can now be called when the device / computer is offline**. It was making an network call to the instance discovery endpoint to determine the environments (equivalent clouds base URLs) for caching, which meant GetAccountsAsync() did not work off-line. This has been fixed and GetAccountsAsync() is not dependent on a network call and works off-line. [MSAL issue #630](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/630)
2.4.1-preview
=============
Hot fix release includes:
- Fix performance issue [1406] for degredation in .NET Framework compared to .NET Core
2.4.0-preview
=============
Improvements and fixes to the token cache
- The serialized token cache can now be shared by different applications, therefore providing SSO if the same user signs-in in both applications
- See [PR](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/pull/1365) and [MSAL Issue #653](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/654)
- On .NET Core, the Token cache was shared by all instances of applications in memory. This is now fixed (See MSAL.NET issue #656 and [PR](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/pull/1360))
- Fixes consistency issues for advanced token cache migration scenarios from ADAL v3.x to ADAL v4.x to MSAL v2.x
- [MSAL Issue #652](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/652)
- [MSAL Issue #651](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/651)
- Cache lookups were optimized. Work done in conjunction with ADAL.iOS and MSAL.iOS native) [PR](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/pull/1350)
More browsers are now supported on Xamarin.Android when you choose to use system web browsers.
- Removed chrome dependency for system browser on Android devices. See https://aka.ms/msal-net-system-browsers for more information. [MSAL issue #664](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/664)
Azure AD B2C improvement
- Add support for b2clogin.com for b2c authorities [MSAL issue #669](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/669) [#632](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/632)
2.3.1-preview
=============
This release includes:
- Fix for device code flow where server is now expecting device_code as the body parameter.
2.3.0-preview
=============
This release includes:
- Fix for cross-thread exception when setting the ownerWindow [ADAL issue #1277](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet)
- Ensure error codes are public [MSAL issue #638](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/638)
- Add device code flow api to iOS and Android platforms [MSAL issue #642](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/642)
2.2.1-preview
=============
This release contains bug fixes on top of MSAL 2.2.0-preview:
- Due to static initialization, there was a race condition which appeared randomly. [MSAL issue #629](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/629)
- For iOS, TeamId is now accessible when the device is locked. [MSAL issue #626](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/626)
- For iOS, MSAL returns a useful error message, and an [aka.ms link](https://aka.ms/msal-net-enable-keychain-groups), when keychain access groups have not been set in the Entitlements.plist. [MSAL issue #633](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/633)
- Cache serialization for [.NetCore](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/637)
- Improve logging for device code flow to handle "authorization_pending" exceptions as info messages [MSAL issue #631](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/631)
2.2.0-preview
=============
- MSAL.NET 2.2.0 now supports Device Code Flow. For details see https://aka.ms/msal-device-code-flow
- Xamarin.iOS applications using the system web view now benefit from the integration with SFAuthenticationSession for iOS11 and ASWebAuthenticationSession for iOS12+ [MSAL issue 489](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/489)
- A clear MsalClientException message is now returned when the application is not able to access keychain, with instructions. See https://aka.ms/msal-net-enable-keychain-access for details.
- Removed double-logging in log files and callbacks. https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/pull/1289
- Improved 429 server error handling by exposing the Http Response headers in MsalServiceException. See https://aka.ms/msal-net-retry-after
- UWP cache fix. The key of the storage on UWP should be 255 characters or less. When using several scopes the key could exceed 255 characters. Now hashing scopes and environment on UWP. [612](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/612)
2.1.0-preview
=============
- Integrated Windows Authentication and Username / Password authentication flows. For details see https://aka.ms/msal-net-iwa and https://aka.ms/msal-net-up
2.0.1-preview
=============
This release contains bug fixes on top of MSAL 2.0.0-preview:
- When using MSAL 2.0.0-preview with Azure AD B2C, the cache was never hit. (See MSAL#[604](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/604)),
and the accounts were not removed correctly (See MSAL #[613](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/613))
- The TokenCacheExtensions.Deserialize was throwing if a null array of bytes was passed as arguments instead of silently not doing anything.
(See MSAL #[603](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/603))
- When migrating a token cache from ADAL v3 or ADAL v4 to MSAL 2.0, the override of acquire token silent without authority used to work incorrectly (cache was missed)
2.0.0-preview
=============
This release contains:
- Remove support for Windows 8/8.1 and Windows phone 8/8.1
- Add support for .NETCore (Netcoreapp1.0 for portable desktop and web apps) and Uap10.0 for Windows 10 Applications
- Define the notion of Account (through the IAccount interface), instead of User. This breaking change provides the right semantics:
the fact that the same user can have several accounts, in different Azure AD directories.
- The methods and properties returning IAccount are now all asynchronous, as in some cases getting the information might require querying the identity provider.
- The types that had fields or properties of type IUser in MSAL.NET 1.x now reference IAccount.
- In the Xamarin.iOS platform, PublicClientApplication has a new property named KeychainSecurityGroup.
This Xamarin iOS specific property enables you to direct the application to share the token cache with other applications sharing the same keychain security group.
If you provide this key, you must add the capability to your Application Entitlement. For more info, see https://aka.ms/msal-net-sharing-cache-on-ios. This API may change in a future release.
- In the previous versions of MSAL.NET, Xamarin.Android and Xamarin.iOS used the System web browser interacting with Chrome tabs.
This was great if you wanted to benefit from SSO, but that was not working on some Android phones which device manufacturers did not provide Chrome, or if the end user had disabled Chrome.
As an app developer, you can now leverage an embedded browser. To support this, the UIParent class now has a constructor taking a Boolean to specify if you want to choose the embedded browser.
It also has a static method, IsSystemWebviewAvailable(), to help you decide if you want to use it.
For more details about this possibility see the article in MSAL’s conceptual documentation: https://aka.ms/msal-net-uses-web-browser.
Also the web view implementation might change in the future
- If migrating from MSAL 1.x to MSAL 2.x, you’ll get a number of compilation errors, but they are pretty straightforward to fix. In most cases you will only need to:
- Replace IUser by IAccount
- Replace the calls to application.Users to asynchronous calls to application.GetAccountsAsync
- In advanced multi-account applications, where you were using the IUser.Identifier, you will now need to use the IAccount.HomeAccount.Identifier.
We have provided meaningful and actionable compiler errors that will tell you exactly what to do and will link to documentation to help you migrate.
- To preserve the single-sign-on (SSO) state, the new versions of ADAL(v4) and MSAL(v2) share the same token cache, are capable of reading the ADAL 3.x token cache and are
capable of writing the ADAL 3.x token cache in addition to the new cache format (named unified cache), see https://aka.ms/adal-net-to-msal-net.
- For more info on the release, checkout https://aka.ms/msal-net-2-released
1.1.4-preview
=============
Hot fix of null pointer in iOS TokenCacheAccessor(#570)
1.1.3-preview
=============
This release contains updates to Xamarin.Android.Support v27.0.2 and MonoAndroid8.1 (#553 #520).
1.1.2-preview
=============
This release fixes references issues for Xamarin Android (for instance #520 & #524).
When you create a new Xamarin Forms project and reference MSAL this now works out of the box.
If you want to migrate an existing project to MSAL 1.1.2, please read this [wiki]
(https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Troubleshooting-Xamarin.Android-issues-with-MSAL) page.
1.1.1-preview
=============
This release contains -
- Added support to use RSACng in .net 4.7 (#448)
- Expose claims as an attribute for MSALUiRequiredException (#459)
- Updated Xamarin Forms Android support libraries to 25.3.1 (#450)
- Added Arlington URL to list of trusted authorities (#495)
- Changes for GDPR complicance with PiiLogs (#492)
- Several bug fixes
1.1.0-preview
=============
This release marks the seconds preview of the library which brings in several features and changes -
- Support for NetStandard
- Client Certificate Assertion in NetCore
- Support for system webviews in iOS/Android
- Updated Object Model
- Updated to JSON cache storage
- Several bug fixes