Microsoft Authentication Library (MSAL) for .NET
When OnBeforeTokenRequest
extensibility API is used, MSAL now correctly uses the user-provided OnBeforeTokenRequestData.RequestUri
to set the token request endpoint. See 4701.
Addressed an issue where attempts to acquire a token via certificate authentication resulted in a Microsoft.Identity.Client.MsalServiceException (Error code: AADSTS5002730), signaling an "Invalid JWT token. Unsupported key for the signing algorithm."
This was due to a known bug in Microsoft Entra ID (Azure AD) that affects the handling of JWT tokens signed with certain algorithms, specifically SHA2 and PSS. See 4690
monoandroid90
and monoandroid10.0
binaries and instead include monoandroid12.0
. Xamarin.Android apps should now target framework version 12 (corresponding to Android API level 31) or above. See 3530.net45
binary. Existing applications should target at least .NET 4.6.2. See 4314.MsalServiceException
instead of MsalManagedIdentityException
in managed identity flows. See 4483.SemaphoreFullException
happening in managed identity flows. See 4472.WithForceRefresh
support for silent flows using the Windows broker. See 4457.x-ms-pkeyauth
HTTP header was incorrectly sent on Mac and Linux platforms. See 4445.net461
binary. Existing .NET 4.6.1 apps will now reference .NET Standard 2.0 MSAL binary. See 4315.AcquireTokenSilent
calls. See 4395.WithAuthority
on the request builders. Set the authority on the application builders. Use WithTenantId
or WithTenantIdFromAuthority
on the request builder to update the tenant ID. See 4406.netcoreapp2.1
binary. Existing .NET Core 2.1 apps will now reference .NET Standard 2.0 MSAL binary. See 4313.x-client-info
). See 4167.Microsoft.Identity.Client.NativeInterop
reference to version 0.13.12, which includes bug fixes and stability improvements. See 4374.ArgumentException
if an authority is in incorrect format (e.g., doesn't start with HTTPS, has spaces, etc.) See 4280.AuthenticationResult.AuthenticationResultMetadata.Telemetry
that currently contains telemetry from the Windows broker (WAM). See 4159.AcquireTokenForManagedIdentity
and WithAppTokenProvider
) to prevent the throttling exceptions thrown by the managed identity endpoints. See 4196.