8.9.0

8.9.0

Bug Fixes

• syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See #3213.
• Fixed a null reference issue in KeyInfo. See (#3203)[https://github.com//pull/3203].

New Features

• Introduced a new delegate for reading custom token payload values on JsonWebToken. See #2981.
• Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See #3205.

Fundamentals

• Utilized IList to avoid enumerator allocation during audience validation. See #3204.

8.8.0

8.8.0

New Features

• Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR #3193 for details.
• Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the Switch.Microsoft.IdentityModel.DoNotScrubExceptions AppContextSwitch. See PR #3195 and https://aka.ms/identitymodel/app-context-switches for details.
• Change all plain object locks to System.Thread.Lock objects for .NET 9 or greater. See PRs #3185 and #3189 for details.

8.7.0

Bug Fixes

• Add back internal methods IsRecoverableException and IsRecoverableExceptionType whose signatures were changed in the previous version. See #3181.

New Features

• Make Cnf class public and move it to Microsoft.IdentityModel.Tokens package. See #3165.

What's Changed

• Post Release 8.6.1 cleanup by @mdchennu in #3160
• Updates CodeQL.yaml to exclude test files by @sruke in #3163
• Adds explanation for CodeQL warnings by @sruke in #3167
• Fix typo by @rstm-sf in #3175
• Need to change the locks by @JoshLozensky in #3171
• Move CNF from SHR to M.IM.Tokens by @keegan-caruso in #3168
• Add back IsRecoverableException methods. by @pmaytak in #3183
• Revert "Need to change the locks" by @pmaytak in #3186
• 8.7.0 changelog by @pmaytak in #3184

New Contributors

• @rstm-sf made their first contribution in #3175

Full Changelog: 8.6.1...8.7.0

8.6.1

8.6.1

Bug fix

• Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue #3148 for details.
• Fix a bug in JsonWebTokenHandler where JwtTokenDecryptionParameters's Alg and Enc were not set during token decryption, causing IDX10611 and IDX10619 errors to show null values in the messages. See issue #3003 for details.

Fundamentals

• For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue #2995 for details.

What's Changed

• Update version.props to next version by @jennyf19 in #3145
• Update the public API shipped files by @jmprieur in #3146
• Add global.json file by @mdchennu in #3153
• Trigger metadata refresh for token decryption errors by @pmaytak in #3149
• Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @ksaaf in #3152
• first changelog update by @jennyf19 in #3156

New Contributors

• @mdchennu made their first contribution in #3153
• @ksaaf made their first contribution in #3152

Full Changelog: 8.6.0...8.6.1

8.6.0

8.6.0

New Features

• TokenValidationParameters has a new boolean property TryAllDecryptionKeys that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to true (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See #3128
• Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See #3140

Fundamentals

• Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See 3143
• Add more tests for encrypted tokens. See #3139

What's Changed

• Update CHANGELOG.md by @jennyf19 in #3133
• Update version.props to next version by @jennyf19 in #3137
• Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @pmaytak in #3128
• Change KeyInfo.MatchesKey from internal to protected internal virtual. by @brentschmaltz in #3140
• Fix #3112 by @jmprieur in #3143
• Add more auto-decryption related tests by @pmaytak in #3139
• Update changelog.md for 8.6.0 by @jmprieur in #3144

Full Changelog: 8.5.0...8.6.0

8.5.0

8.5.0

Reverting previous breaking change

• The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that adding IDisposable is a breaking change, so we are following semver guidance and reverting and releasing a minor version (8.5.0).
• Cherry-picked Changes: Included changes from PR #3022 and #3104.

What's Changed

• Update version.props by @jennyf19 in #3126
• fix formatting error by @jennyf19 in #3134
• Revert configuration manager to 8.3.1 by @keegan-caruso in #3132

Full Changelog: 8.4.0...8.5.0

8.4.0

8.4.0

New Features

• App context switch allows blocking or non-blocking calls for configuration. See PR #3106 for details and issue #3082 for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.
• IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See #3094 for details.
• IdentityModel now allows specifying the HTTP protocol version and version policy. See #2808 for details.

Repair items

• Add request count and duration telemetry for configuration requests. See #3022 for details.
• KeyID should be present in exception messages and is no longer PII. See #3104 for details.

Fundamentals

• Fix spelling issues in xml comments. See #3117 for details.
• Fix comment coverage in PR builds. See #3079 for details.

Work related to redesign of IdentityModel's token validation logic #2711

• See #3056. #3100, #3017, and #3111.
• Add internal virtual on TokenHandler. See #3084 for details.

• @prochnowc made their first contribution in #2809

8.3.1

8.3.1

Bug Fixes

• Respect TVP.RequireAudience when set to false. See #3055
• For net4.6.2 select RSACng for PSS support. See #3097
• Fix package downgrade in consuming libraries. See#3062
• Fix integer overflow in AuthenticationEncryptionProvider.cs. See #3063

Fundamentals

• Removed unused property on JsonWebToken ClaimsIdentity. See #3071 for details.
• Upgrade to C# 13. See #2998
• Use new Base64Url API. See #22817
• Add warning quality check. See #3067
• Update dotnet actions. see #3074
• Fix warnings. See #3081
• Test updates in JsonWebToken. See #3080.

Work related to redesign of IdentityModel's token validation logic #2711

• #3027, #3028, #3051, #3054

What's Changed

• Update CHANGELOG.md by @jmprieur in #3053
• Extensibility tests: Audience - JWT, SAML and SAML2 by @iNinja in #3027
• Extensibility tests: Lifetime - JWT, SAML and SAML2 by @iNinja in #3028
• Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @iNinja in #3051
• Add logging to the new validation model by @iNinja in #3054
• update version by @brentschmaltz in #3057
• lower version to avoid downgrades. by @brentschmaltz in #3058
• Respect TVP.RequireAudience when set to false by @kllysng in #3055
• Fix package downgrade in consuming libraries by @jmprieur in #3062
• Add slnf for running perf and stress tests by @brentschmaltz in #3066
• Add Warning Quality Check Build Task 🔨 by @kllysng in #3067
• Update template-Build-run-tests-sign.yml by @ciaozhang in #3069
• Removed unused property on JsonWebToken by @keegan-caruso in #3072
• Update setup dotnet actions by @keegan-caruso in #3074
• fixed #2983 and re-add code coverage comments to PRs by @jennyf19 in #3076
• Remove duplicate keyid into var keysAttempted by @bdapoigny in #2899
• Upgrade to C# 13 by @westin-m in #2998
• Use new Base64Url API by @msbw2 in #2817
• Update common.props by @ciaozhang in #3078
• fix warnings by @jennyf19 in #3081
• Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @gparametr in #3063
• Test updates by @pmaytak in #3080
• For net4.6.2 select RSACng for PSS support. by @brentschmaltz in #3085
• changelog for 8.3.1 by @jennyf19 in #3098

New Contributors

• @bdapoigny made their first contribution in #2899
• @gparametr made their first contribution in #3063

Full Changelog: 8.3.0...8.3.1

8.3.0

New features

Work related to redesign of IdentityModel's token validation logic #2711

• SAML and SAML2 new model validation: Token Replay. See #2994
• Extensibility tests: Token Type - JWT (#3030), Issuer - SAML and SAML2 (#3026), Algorithm and Signature - JWT, SAML and SAML2 (#3034), Token Replay - JWT, SAML and SAML2 (#3032), Issuer signing key - JWT, SAML and SAML2 (#3029)
• Avoid code duplication in extensibility testing. See #3041
• Extensibility Testing: Refactor. See #3011
• Remove duplicate code in extensibility tests. See #3044

Bug fixes

• Fix bug with AadIssuerValidator. See #3042
• Fixed SignedHttpRequest flaky test. See #3037

Fundamentals

• Install all .NET versions in pipeline to fix run tests task. See #3018
• Changelog for 8.2.1. See #3009
• Remove unnecessary AoT test project. See in #3045
• Fix powershell script for nuget update. See #3046
• Update to next version. See #3010
• Disable Coverage PR comments. See #3048
• Updates GitHub Action to support long paths, See #3049
• Stack parameters to improve reading of code. See #3031

New Contributors

• @ssmelov made their first contribution in #3042

Full Changelog: 8.2.1...8.3.0

8.2.1

8.2.1

New features

• Update to use .NET 9 GA. See 2990.

Bug fixes

• Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See 2935.
• Update cgmanifest to align with the JSON schema. See 2969.

Fundamentals

• Streamline token creation in SecurityTokenDescriptor. See 2993.
• Prevent inlining to guarantee stack frames in test. See 2999.

Work related to redesign of IdentityModel's token validation logic #2711

• Simplify stack frame caching. See 2976.
• Implement reading SAML and SAML2 tokens. See 2980.
• Implement validating SAML signature. See 2950.
• Add tests for IssuerExtensibility. See 2987.
• Add validation for SAML and SAML2 issuer signing key. See 2965.
• Add validation for SAML and SAML2 algorithm. See 2984.

What's Changed

• Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @brentschmaltz in #2970
• Update to next version after 8.2.0 release by @jennyf19 in #2975
• Consolidating test statics by @trwalke in #2956
• New token validation model: Simplify stack frame caching by @iNinja in #2976
• Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @filipnavara in #2935
• Update cgmanifest to align with the JSON schema by @jeffhandley in #2969
• SAML and SAML2 new model validation: Read Token by @iNinja in #2980
• SAML2 new model validation: Signature by @iNinja in #2961
• JsonWebTokenHandler IssuerExtensibility by @brentschmaltz in #2987
• SAML and SAML2 new model validation: Issuer Signing Key by @iNinja in #2965
• Ignore AotCompatibilityTests on ADO by @jmprieur in #2992
• SAML and SAML2 new model validation: Algorithm by @iNinja in #2984
• Use SecurityTokenDescriptor when creating tokens by @msbw2 in #2991
• Prevent inlining to guarantee stack frames in test by @westin-m in #3002
• Update to .NET 9 GA. Update some test dependencies. by @pmaytak in #2990
• Add Abstractions.Tests to strong name bypass file. by @pmaytak in #3004

New Contributors

• @jeffhandley made their first contribution in #2969

Full Changelog: 8.2.0...8.2.1