Skip to content

@jennyf19 jennyf19 released this Apr 30, 2019


Bug Fixes:

  • AcquireTokenSilent sometimes ignored the tenant constraint. If the same user acquired tokens from different tenants, MSAL.NET would return an account, regardless of the tenant. MSAL.NET now returns the token based on the tenant. MSAL issue #1123
  • DeserializeMsalV3 on ITokenCache should have the option to clear the in memory cache. DeserializeMsalV3 is currently a merge operation with existing in-memory data. MSAL.NET now has the option to be able to clear the in memory state and then deserialize the content in. MSAL issue #1109
Assets 2

@jennyf19 jennyf19 released this Apr 19, 2019


New Features:

Bug Fixes:

  • When doing the ADAL.NET fallback from MSAL.NET, MSAL.NET was doing the lookup based on the account.HomeAccountId or requestParameters.LoginHint. In ADAL.NET an account will never have a HomeAccountId (by design), so lookup needs to happen by Account.UserName instead. MSAL.NET issue #1100
  • AcquireTokenInteractive would throw a PlatformNotSupportException on NetCore when using CustomWebUI. MSAL.NET no longer throws an exception when using CustomWebUI on NetCore. MSAL issue #1058
Assets 2

@bgavrilMS bgavrilMS released this Apr 16, 2019 · 85 commits to master since this release


Bug Fixes:

Assets 2

@bgavrilMS bgavrilMS released this Apr 11, 2019

Bug Fixes:

  • ** AcquireTokenInteractive parent param is not intuitive** MSAL issue #918

Breaking Changes in 3.0.4-preview

  • AcquireTokenInteractive now takes a single parameter - the scopes. A new builder method WithParentActivityOrWindow was introduced for passing in a reference to the UI object that spawns the UI (Activity, Window etc.).
Assets 2

@jennyf19 jennyf19 released this Apr 8, 2019


New Features:

Breaking Changes in 3.0.3-preview

  • The ClientCredential class is obsolete. There is no longer a need for the ClientCredential class to be public. This class has been marked as obsolete. MSAL issue #1007
  • The ApiConfig and AppConfig namespaces have been changed to the Microsoft.Identity.Client namespace for discoverability. This provides a better user experience when updating from MSALv2 to MSALv3.0.3x. MSAL issue #1006]
  • Deprecate UIParent and move static classes to a more appropriate class (eg IsSystemWebviewAvailable()). MSAL issue #1005
  • Move all error codes to MSAL.Error. MSAL issue #1004
  • Deprecate the MSALv2 api. Move v2 api methods/properties to the migration aid and remove functionality. MSAL issue #1001
  • The Component property is obsolete. MSAL now transmits client app name and version to authorization and token requests. MSAL issue #978

Bug Fixes:

  • Interactive login from multiple clouds was failing due to instance discovery, as was GetAccounts. This is now fixed. MSAL issue 1048 and 1030
  • MSAL was calling DefaultRequestHeaders which is not thread safe and could result in AcquireTokenSilent being called from multiple places at the same time. MSAL issue #1014
  • SourceLink is available again MSAL issue #953
Assets 2

@trwalke trwalke released this Mar 22, 2019


New Features:

  • Device Code supports both verification_url and verification_uri
  • MsalError contains all the error messages
  • MsalException and its derived exception can now be serialized to JSON and deserialized
  • MSAL.NET for .NET Core moved to .NET Core 2.1.
  • At both the app creation and the token acquisition, you can now pass extra query parameters as a string (in addition to a Dictionary<string,string> introduced in MSAL 3.0.0
  • MSAL.NET symbols are now published to enable SourceLink support

Breaking Changes in 3.0.1-preview

  • AcquireTokenSilent has two overrides that require you to pass-in the account or the loginHint
  • SubError property removed from MsalServiceException
  • merge removed from ITokenCache's DeserializeXX methods
  • WithClaims removed from app creation. it is now available on the AcquireToken methods
  • ICustomWebUi.AcquireAuthorizationCodeAsync now takes a cancellation Token

bug fixes:

Assets 2

@MarkZuber MarkZuber released this Feb 27, 2019

Breaking changes in MSAL.NET 3:

  • UIBehavior was renamed to Prompt (breaking change)
  • TokenCacheNotificationArgs now surfaces an ITokenCache instead of a TokenCache. This will allow MSAL.NET to provide, in the future, various token cache implementations.
  • TokenCacheExtensions was removed and its methods moved to ITokenCache (this is a binary breaking change, but not a source level breaking change)
  • The Serialize and Deserialize methods on TokenCacheExtention (which were serializing/deserializing the cache to the MSAL v2 format) were moved to ITokenCache and renamed SerializeMsaV2 and `DeserializeV2

Changes related to improving app Creation and configuration MSAL issue

  • New class ApplicationOptions helps you build an application, for instance, from a configuration file
  • New interface IMsalHttpClientFactory to pass-in the HttpClient to use by MSAL.NET to communicate with the endpoints of Microsoft identity platform for developers.
  • New classes PublicClientApplicationBuilder and ConfidentialClientApplicationBuilder propose a fluent API to instantiate respectively classes implementing IPublicClientApplication and IConfidentialClientApplication including from configuration files, setting the targetted cloud and audience, but also setting per application logging and telemetry, and setting the HttpClient.
  • New delegates TelemetryCallback and TokenCacheCallback can be set at application construction
  • New enumerations AadAuthorityAudience and AzureCloudInstance help you writing applications for sovereign and national clouds, and help you choose the audience for your application.

Changes related to improving token acquisition, addressing issues 810, 635, 426, 799 :

  • ClientApplicationBase now implements IClientApplicationBase and has new members:
    • AppConfig of new type IAppConfig contains the configuration of the application
    • UserTokenCache of new type ITokenCache contains the user token cache (for both public and confidential client applications for all flows, but AcquireTokenForClient)
      • New fluent API AcquireTokenSilent
  • PublicClientApplication and IPublicClientApplication have four new fluent APIs: AcquireTokenByIntegratedWindowsAuth, AcquireTokenByUsernamePassword, AcquireTokenInteractive, AcquireTokenWithDeviceCode.
  • ConfidentialClientApplication has new members:
    • AppTokenCache used by AcquireTokenForClient
    • Five new fluent APIs: AcquireTokenByAuthorizationCode, AcquireTokenForClient, AcquireTokenOnBehalfOf, GetAuthorizationRequestUrl, IByRefreshToken.AcquireTokenByRefreshToken
  • New extensibility mechanism to enable public client applications to provide, in a secure way, their own browsing experience to let the user interact with the Microsoft identity platform endpoint (advanced). For this, applications need to implement the ICustomWebUi interface and throw MsalCustomWebUiFailedException exceptions in case of failure. This can be useful in the case of platforms which don't have yet a Web browser. For instance, the Visual Studio Feedback tool is an Electron application which uses this mechanism. MSAL issue
  • MsalServiceException now surfaces two new properties:
    • CorrelationId which can be useful when you interact with Microsoft support.
    • SubError which indicates more details about why the error happened, including hints on how to communicate with the end user. MSAL issue

Changes related to the token cache:

  • New interface ITokenCache contains primitives to serialize and deserialize the token cache and set the delegates to react to cache changes
  • New methods SerializeMsalV3 and DeserializeMsalV3 on ITokenCache serialize/deserialize the token cache to a new layout format compatible with other MSAL libraries on Windows/Linux/MacOS.

A few bug fixes:

Assets 2

@jennyf19 jennyf19 released this Feb 21, 2019 · 567 commits to master since this release


  • MSAL now handles B2C domains from sovereign clouds, including US Government, Blackforest, and Mooncake. B2C domains with *, *, and * are now included in the MSAL allowed domain list for B2C authorities. MSAL issue
  • Improved error message handling to detect issues faster and not hit null reference exceptions. Sometimes, for example, when the instance discovery endpoint is not found, the Oauth2Client in MSAL would hit a null reference exception. MSAL now detects such issues faster and returns a more meaningful error message (e.g. the http response code).
Assets 2

@jennyf19 jennyf19 released this Jan 16, 2019 · 579 commits to master since this release


  • MSAL integrates SourceLink This allows MSAL to embed pdb files and source code in the NuGet package, allowing users to debug into MSAL without replacing their package reference with a project reference. MSAL PR
  • MSAL.NET now supports Xamarin.Mac. We now ship another MSAL assembly, that can be used when building apps using Xamarin.Mac. MSAL.NET for Xamarin.Mac supports interactive authentication via an embedded browser, as well as silent authentication. It does not serialize its token cache to the keychain, instead users are asked to provide their own serialization mechanism as they see fit. A keychain based implementation will likely be implemented in a future release. MSAL PR
  • Easier migration from ADALv2 to MSALv2 due to a new AcquireTokenFromRefreshToken API. ADAL.NET v2.x exposes the refresh token in the AuthenticationResult, as well as methods to acquire a token from a refresh token in the AuthenticationContext. Through the ConfidentialClientApplication, MSAL now implements an explicit interface to help customers migrate from ADAL v2 to MSAL v2. With this method, developers can provide the previously used refresh token along with any scopes. The refresh token will be exchanged for a new one and cached. Please see for more details. MSAL issue
  • Token cache account was not being deleted on Android platform. MSAL PR
  • When using ADAL v4.4.2 and MSAL v2.6 in the same Xamarin project, an error would result of Cannot register two managed types due to the iOS view controllers being registered under the same name. Now the MSAL iOS view controllers are prefixed with MSAL so they are distinct from the ones in ADAL. MSAL issue
  • When using the KeychainSecurityGroup property to enable application sharing of the token cache, developers were required to include the TeamId. Now, MSAL resolves the TeamId at runtime. A new property iOSKeychainSecurityGroup should be used instead. See for details. MSAL issue
Assets 2
You can’t perform that action at this time.