Microsoft Authentication Library (MSAL) for .NET
monoandroid12.0
and xamarinios10
binaries. Existing applications should migrate to modern frameworks like .NET MAUI. See 4715 and Announcing the Upcoming Deprecation of MSAL.NET for Xamarin and UWP.uap10.0.17763
binary. Existing applications should migrate to modern frameworks like WinUI 3. See 4717 and Announcing the Upcoming Deprecation of MSAL.NET for Xamarin and UWP.Microsoft.Identity.Client
, which will no longer include net6.0-windows7.0
binary. Existing desktop applications targeting net6.0-windows
should reference Microsoft.Identity.Client.Broker
when using interactive authentication with Windows Broker and call WithBroker(BrokerOptions)
; or reference Microsoft.Identity.Client.Desktop
when authenticating with browser and call WithWindowsEmbeddedBrowserSupport()
. There are no changes to the usage of the system browser. See 4468.TicketCacheWriter
and TicketCacheReader
were corrected to be internal. Public API in KerberosSupplementalTicketManager
should be used. See #4726.When OnBeforeTokenRequest
extensibility API is used, MSAL now correctly uses the user-provided OnBeforeTokenRequestData.RequestUri
to set the token request endpoint. See 4701.
Addressed an issue where attempts to acquire a token via certificate authentication resulted in a Microsoft.Identity.Client.MsalServiceException (Error code: AADSTS5002730), signaling an "Invalid JWT token. Unsupported key for the signing algorithm."
This was due to a known bug in Microsoft Entra ID (Azure AD) that affects the handling of JWT tokens signed with certain algorithms, specifically SHA2 and PSS. See 4690
monoandroid90
and monoandroid10.0
binaries and instead include monoandroid12.0
. Xamarin.Android apps should now target framework version 12 (corresponding to Android API level 31) or above. See 3530.net45
binary. Existing applications should target at least .NET 4.6.2. See 4314.MsalServiceException
instead of MsalManagedIdentityException
in managed identity flows. See 4483.SemaphoreFullException
happening in managed identity flows. See 4472.WithForceRefresh
support for silent flows using the Windows broker. See 4457.x-ms-pkeyauth
HTTP header was incorrectly sent on Mac and Linux platforms. See 4445.