Releases: AzureAD/microsoft-identity-web
1.4.0
1.4.0
New Features:
Starting in MSAL .NET 4.24, the .WithForceRefresh() parameter is passed to the on-behalf-of call. Microsoft Identity Web now incudes it in the on-behalf-of call. It is false by default, as part of the TokenAcquisitionOptions. See issue #811 for details.
Microsoft Identity Web now exposes the generic consent handler in Razor pages and MVC controllers in addition to Blazor pages (by registering it on a IServiceCollection. See issue #805 for details.
Bug Fixes:
Microsoft Identity Web was validating the issuer even when ValidateIssuer was set to false. This is now fixed. See issue #797 for details.
Microsoft Identity Web now uses the redirect URI if you provide it as part of the ConfidentialClientApplicationOptions. See issue #784 for details.
Microsoft Identity Web provides a better experience for app developers who use the legacy login.microsoftonline.com/tfp/ authority for B2C applications. See issue #143 for details.
A tenanted authority must be used in the acquire token for app scenario. If common or organizations is used, Microsoft Identity Web will throw an actionable exception. See issue #793 for details.
The wrong constant values were used for LoginHint and DomainHint. See issue 798 and PR for details.
Microsoft Identity Web now supports individual auth with AAD external providers. To enable this, you can now specify a null cookie scheme in AddMicrosoftIdentityWebApp. See issue #133 and issue #809.
1.3.0
1.3.0
New Features:
Microsoft Identity Web now exposes token cache adapters for Memory and IDistributedCache for .NET 4.7.2, so ASP .NET MVC developers can leverage the serializers. See issue #741 for details.
Bug Fixes:
Microsoft Identity Web now guards against an authority ending with //. See issue #747 for details.
During AJAX calls, Microsoft Identity Web ensures the redirect URI is a local redirect URI. See issue #746.
KeyVault flags are now included in the private key path for certificate fetching. See issue #762 for details.
1.2.0
1.2.0
New Features:
Microsoft Identity Web now supports App Services Authentication with Azure AD. See https://aka.ms/ms-id-web/AppServicesAuth and issue #8 for details.
Microsoft Identity Web now enables the usage of the GraphServiceClient to call the Graph APIs with app only permissions. See https://aka.ms/ms-id-web/microsoftGraph and issue #654 for details.
Microsoft Identity Web now supports a variety of generic extension methods for use with the downstream web API calls. See issue #537 for details.
To better support Conditional Access scenarios, TokenAcquisitionOptions now have a Claims property. See issue #677 for details.
Using AJAX to make calls to a .NET Core application is now possible with Microsoft Identity Web. See issues #642 and #603.
In order to enable web APIs called by daemon applications to handle tokens without a roles claim, Microsoft Identity Web now exposes a boolean property in MicrosoftIdentityOptions. See issue #707 for details.
Bug Fixes:
The Microsoft.Identity.Web.UI DLL now includes strong name validation. See issue #682.
The AadIssuerValidator class no longer has a static ConfigurationManager, and is instead an injectable singleton. See issue #402 for details.
Microsoft Identity Web would try to add to the authorization header, at times, resulting in a format exception. Now the existing header is removed and replaced with the current one. See issue #673 for details.
In order to enable developers to use a backchannel proxy, Microsoft Identity Web now enables developers to configure the IHttpClientFactory to include a name option which will be passed to CreateClient via the AadIssuerValidatorOptions. See https://aka.ms/ms-id-web/proxy and issue #551 for more details.
1.1.0
New Features:
When using the InMemory token cache, Microsoft Identity Web enabled developers to MemoryCacheOption, this can improve performance. See issue #639.
Bug Fixes:
The .Clone() in TokenValidationParameters has been removed as it is not needed. See issue #635 for details.
The RequestContent parameter in DownstreamWebApi is now being used as the HttpRequestMessage.Content if available.See issue #618.
Microsoft Identity Web now checks for the tenantId long-claim in AadIssuerValidator.GetTenantIdFromToken. See issue #617 for details.
In the blazorwasm-hosted templates, the Call Graph and Call Downstream Web Api options are now surfaced as separate pages and separate entries in the vertical menu. See issue 509.
In MicrosoftIdentityConsentAndConditionalAccessHandler.HandleException, the redirect uri could be malformed, containing an extra /. This has been fixed. See issue #626 for details.
Fundamentals:
Microsoft Identity Web has completed initial performance and load testing. See wiki article and issue #88 for details.
Microsoft Identity Web dependencies are updated to the latest respective versions. Also the blazorwasm template dependencies have been updated as well. See issues #641 and #631 for details.
1.0.0
GA version of Microsoft.Identity.Web
New Features:
Some constant values used in Microsoft Identity Web are available as public constants. See feature request #548 for details.
Microsoft Identity Web now sends basic telemetry data (sku and version) to AAD and AAD B2C. See issue #327 for details.
Implement TokenAcquisitionOptions which enable developers to customize the token aquisition integration with MSAL .NET. Current options available are extra query parameters, force refresh, and correlation id. See issues #561, #494, and #532.
Bug Fixes:
Microsoft Identity Web now uses a scoped service for TokenAcquisitionServices when calling Microsoft Graph. Previously a Singleton was used and this caused an infinite loop in Blazor server applications, as Blazor requires scoped services. See issues #573 and #531 for details.
Now developers can specify the client secret in the web API scenario either in Microsoft Identity Options or in the Confidential Client Application Options, previously it had to be set in both. See issue #536 for details.
Web apps calling web APIs no longer require a response_type of id_token, so it no longer needs to be checked in the AAD portal app registration. See issue #589.
Fundamentals:
Remove obsolete attributes for the 1.0.0 (GA) version. See issue #584 for details.
0.4.0-preview
0.4.0-preview
New Features:
ITokenAcquisition now exposes the AuthenticationResult for the user from MSAL. See issue #543 for details.
Now, to use Microsoft GraphServiceClient, you need to reference Microsoft.Identity.Web.MicrosoftGraph or Microsoft.Identity.Web.MicrosoftGraphBeta. See issue #506 for details.
Bug Fixes:
CallWebApiForUserAsync handles a successful response better. See issue #503 for details.
Microsoft Identity Web can now handle two schemes in web APIs. See issues #429, #468, and #474 for details.
Fundamentals:
Add integration test coverage for web app and web API scenarios. Issues #97, #95, and #102.
0.3.1-preview
0.3.1-preview
Bug Fixes
In B2C web app scenarios, only signing-in users, the password reset and edit profile redirects were not working. Microsoft Identity Web now only sends the response_type of only idToken when in the web app scenario. See issue on password reset and edit profile for details.
0.3.0-preview
0.3.0-preview
API Breaking Changes:
See https://aka.ms/ms-id-web/0.3.0-preview for more specific details.
| Before | After |
|---|---|
| services.AddMicrosoftWebAppAuthentication() | services.AddMicrosoftIdentityWebAppAuthentication() |
| services.AddAuthentication().AddMicrosoftWebApp() | services.AddAuthentication().AddMicrosoftIdentityWebApp() |
| services.AddMicrosoftWebApiAuthentication() | services.AddMicrosoftIdentityWebApiAuthentication() |
| services.AddAuthentication().AddMicrosoftWebApi() | services.AddAuthentication().AddMicrosoftIdentityWebApi() |
| services.AddAuthentication().AddMicrosoftWebApp().AddMicrosoftWebAppCallsWebApi() | services.AddAuthentication().AddMicrosoftIdentityWebApp().EnableTokenAcquisitionToCallDownstreamApi() |
| services.AddAuthentication().AddMicrosoftWebApi().AddMicrosoftWebApiCallsWebApi() | services.AddAuthentication().AddMicrosoftIdentityWebApi().EnableTokenAcquisitionToCallDownstreamApi() |
| services.AddInMemoryTokenCaches() | .EnableTokenAcquisitionToCallDownstreamApi().AddInMemoryTokenCaches() |
| services.AddDistributedTokenCaches() | .EnableTokenAcquisitionToCallDownstreamApi().AddDistributedTokenCaches() |
| services.AddSessionTokenCaches() | .EnableTokenAcquisitionToCallDownstreamApi().AddSessionTokenCaches() |
| services.AddMicrosoftGraph() | .EnableTokenAcquisitionToCallDownstreamApi().AddMicrosoftGraph() |
| services.AddDownstreamApiService() | .EnableTokenAcquisitionToCallDownstreamApi().AddDownstreamApi() |
See issue #378 and the wiki for more information on the new API.
AddInMemoryTokenCaches method now accepts an optional MsalMemoryTokenCacheOptions delegate parameter. See issue for details: #426.
GetAccessTokenForAppAsync method now accepts an optional tenant parameter, which allows applications authorized in multiple tenants to request tokens. See issue for details: #413.
New Features:
Microsoft Identity Web now provides methods that simplify calling Microsoft Graph and any downstream APIs. See wiki and issues for details: #403, #427.
Bug Fixes:
Previously domain hint was added to the request only if the login hint was present also. The presence of domain and login hints is now validated separately. See issue for details: #415.
Fixed a NullReferenceException on NavigationManager that occurred on Blazor server with Azure SignalR when using a pre-rendering mode. See issue for details: #437.
0.2.3-preview
0.2.3-preview
New features:
ReplyForbiddenWithWwwAuthenticateHeaderAsync method in ITokenAcquisition now has an additional optional HttpResponse parameter, which can be provided in cases when the current HttpContext is null. See issue for details: #414.
Enable Micorosoft.Identity.Web to work with any version of .NET 5.0 by setting depencencies version to 5.0.0-* for JwtBearer and OpenIdConnect dependencies. See issue for details: #380.
0.2.2-preview
0.2.2-preview
New features:
The AadIssuerValidator class is now public. See issue for details: #332.
Bug fixes:
Starting in 0.2.1-preview, a MicrosoftIdentityWebChallengeUserException was added, but customers might use the MsalUiRequiredException, for instance by the Graph SDK. See issue for details: #398.
In a multi-tenant scenario, when calling a downstream API, Microsoft Identity Web was not returning the token for the specific tenant ID. The correct token based on the tenant, if specified, is returned. See issues for details: #344 and MSAL .NET.
When the scopes provided are invalid, an exception will be thrown in addition to recording a response back to the controller. This ensures the controller does not continue processing as authentication is not possible. See issue for details: #389.
When calling a downstream web API, Microsoft Identity Web now checks the token from the HttpContext instead of doing an acquire token silent call. This will save on cycles as MSAL .NET already does the necessary cache look up. See issue for details: #381.
When validating the application roles, only the first role claim was used, which would result in a failure with multiple roles. Microsoft Identity Web now uses all the roles and throws an exception if the roles are invalid. See issue for details: #374.
A more descriptive exception is thrown when a B2C issuer claim contains tfp. See wiki and issue for details: #274.