Releases: AzureAD/microsoft-identity-web
1.14.0
1.14.0
New Features:
Microsoft Identity Web now provides a more simplified developer experience with the MSAL.NET token cache, available for ASP.NET, .NET Core, or .NET Framework. See issue #1277 for details.
Microsoft Identity Web supports, out of the box, AAD Cached Credential Service (CCS) which operates as an AAD backup, by sending a routing hint to the /authorize and /token endpoints. See issue #1146 for details.
Bug Fixes:
Fix isue regarding specifying multiple decryption certificates. See issue #1243 for details.
1.13.1
1.13.0
1.13.0
New Features:
Microsoft Identity Web now supports the CancellationToken, in the Distributed and Session cache adapters and in the TokenAcquisitionOptions for the calls to MSAL.NET. See issue #1239 for details.
Bug Fixes:
The order of the LogLevel in TokenAcquisition did not correctly honor the nested log settings. See issue #1250 for details.
Fix a bug with certificate rotation and not pass a null certificate value to Microsoft.IdentityModel. See issue #1243 for details.
When using EasyAuth, fix case insensitivity when specifying the default provider. See issue #1163 for details.
EasyAuth took a breaking change by not adding the logout path environment variable, the logout error with EasyAuth v2 is fixed. See issue #1234 for details.
Microsoft Identity Web now uses the /.well-known/openid-configuration endpoint to determine the issuer values. Now the different clouds work as well. See issue #1167 for details.
A lock in the response stream caused an exception when copying the content to a stream. See issue #1153 for details.
1.12.0
Bug Fixes:
Fix issue with RequiredScope attribute on the Controller when used with RequiredScopesConfigurationKey . See issues #1223, #1197, and #1036.
Fix response_type in MergedOptions. Regression from 1.10 version. See #1215 for details.
Fix RoleClaimType when set as part of the MicrosoftIdentityOptions. Regression from 1.10 version. See #1218 for details.
Microsoft Identity Web UI now displays a better error message when run in a Production environment to assist with debugging. See issue #1213 for details.
Microsoft Identity Web UI now honors a local redirect URI after sign-in. This is if you want to redirect the user to a specific page within the add. See issue #760 for details.
Fix public API spelling of CertificateDescription.FromStoreWithThumbprint. See issue #791 for details.
1.11.0
1.11.0
New Features:
Microsoft Identity Web now supports multiple authentication schemes. This means, you can have several authentication schemes in the same ASP.NET Core app. Such as two Azure AD web apps, or an Azure AD app and an Azure AD B2C app, or a web app and a web API. Basically mixing authentication schemes in the same ASP.NET Core app. See the wiki for details and code samples and related issues: #549, #429, #958, #1126, #971, #173, #955, and #1127.
Fundamentals:
Microsoft Identity Web provides more logging regarding the time spent in the MSAL.NET cache. See logging for information on setting up the logs, and use debug or trace to access the cache specific MSAL.NET logs.
1.10.0
1.9.2
1.9.2
New Features:
Microsoft Identity Web now includes the Proof Key for Code Exchange (PKCE) on the Authorization Code Grant to minimize authorization code interception attacks. See issue #470 for details.
Bug Fixes:
Revert fix for breaking change introduced in Microsoft.IdentityModel. version="6.9"*, which was fixed in v.6.10. See issue #1140 for details.
Standardize the value for "Domain" in appsettings.json of the templates. See issue #1148 for details.
Enable workaround to fix regression in App Services authentication due to case sensitivity. See issue #1163 for details.
1.9.1
Bug Fixes:
Microsoft.IdentityModel. version="6.9" introduced a breaking change in the mapping of the User.Identity.Name claim*. Microsoft.Identity.Web 1.9, started leveraging Microsoft.IdentityModel 6.10 to improve resiliency. With this breaking change Microsoft Identity Web 1.9.1 has a temporary workaround in place until a new Microsoft.IdentityModel version is released with a fix. See issues #1136 and #1140 for details.
Fix obsolete attribute and error message on ReplyForbiddenWithWwwAuthenticateHeaderAsync. See issue #1137 for details.
Documentation:
Fix Stackoverflow tags in ReadMe. See issue #1128.
1.9.0
1.9.0
New Features:
Microsoft Identity Web now exposes a token provider that the Azure SDKs can use. See PR for details.
Microsoft Identity Web now supports .NET Framework 4.6.2. See issue #1086.
Microsoft Identity Web supports calls for regional STS for 1st party only, this is due to MSAL.NET release 4.29, and AzureRegion is available via the ConfidentialClientApplicationOptions.
Bug Fixes:
Microsoft Identity Web now locks on the HttpContext, to better handle multi-threaded applications. See issue #1097 and PR and PR.
Fundamentals:
Microsoft Identity Web now implements LoggerMessage for high performance logging. See issue #1105 for details.
Performance improvements. See PRs #1089, #1098, #1092, and #1085.
Documentation:
Documentation updated to show how to use ClientCapabilities. See issue #1071 and also the wiki.
Clear documentation on what is available in Microsoft Identity Web and when to use MSAL.NET, Microsoft Identity Web, or both. See issue #1057 and Is MSAL.NET right for me?.