4.46.0

New Features

• Added AcquireTokenByUsernamePassword flow in WAM broker preview. See 3308.
• Added support for Proof-of-Possession tokens to AcquireTokenByUsernamePassword flow in WAM broker preview. See 3308.
• Added WithTenantIdFromAuthority API to request builder. See 3429.
• Exposed new Identity Logger in the TokenCacheNotificationArgs. See 3404.
• [Security] Increased size of PKCE verifier. See 1777.
• Enabled multi-cloud support in WAM. See 3477.

Bug Fixes

• Deprecated and replaced SecureString usage with strings. See 2437.
• Refactored authority related code to use URI class instead of strings. See 3487.
• Fixed authority resolution for B2C authorities. See 3471.
• Improved WAM broker preview behavior for remembered accounts. See 3437.
• Obsoleted with a warning AcquireTokenSilent(scopes, login_hint) for confidential client applications as it's not applicable in those scenarios. See 3403.
• Now passing intune_mam_resource to the mobile broker. See 3490.
• Fixed DSTS endpoints. See 3492.
• Cancellation tokens are now correctly passed to Windows broker and embedded web views. See 3225.
• Move app token provider feature to extensibility namespace and clarified its use. See 3475.

Fundamentals

• Improved and simplified .NET Standard platform specific code. See 3451.
• Fix line endings in unit test files to enable running on Linux. See 3425.

4.46.0-Preview2

New Features

This preview package adds support for.NET MAUI. It adds .NET 6 iOS and Android targets. The package also works with UWP. Refer to MauiStatus.md for details.

4.45.0

Important changes for UWP apps

Upgrade the minimum target platform to 10.0.17763.0.
Upgrade Microsoft.NETCore.UniversalWindowsPlatform to 6.1.9 or above.
Add a reference to Microsoft.IdentityModel.Abstractions, for projects that use package.json.

New Features

Logs are now consistent when you use several .NET authentication libraries from Microsoft. See 3028.
Exposed tenant ID and scopes in TokenCacheNotificationArgs. See 3389.
Added new WithClientAssertion API that exposes the token endpoint. See 3352.
Added additional descriptive information to error logs. See 3278.
Updated support from .NET Standard 1.3 to.NET Standard 2.0. See 1991.

Bug Fixes

Tenant profiles are now returned when calling GetAccounts with broker enabled. See 3349.
Fixed parsing of authentication result from broker preview. See 3354.
Fixed DSTS endpoints. See 3492.
Privacy and Terms of Use links are now visible in embedded picker UI on smaller screens. See 3153.
Fixed broker Proof-of-Possession token appearing as Bearer when calling GetAuthorizationHeader(). See 3353.
Ensured MSAL doesn't check local cache for tokens when using Proof-of-Possession with the broker preview. See 3363.

4.44.0

New Features

Added support in MSAL for dSTS authority See 3198.
Enabled Azure.Identity (Azure SDK) to benefit from MSAL.NET token cache when used for Managed Identity See 3137.

Experimental Features

MSAL.NET now has a new WAM preview which is an abstraction layer based on MSAL C++ with support for Proof-of-Possession access tokens. This fixes some issues with current WAM implementation. See 3192 and wiki.

Bug Fixes

Improved exception handling in case of an Operation Cancelled Exception See 3283.
Fixed AcquireTokenSilent to not display a login prompt unnecessarily for operating system accounts in WAM. See 3294.
Fixed NullReferenceException in IsBrokerAvailable() See 3261.
Fixed a race condition to improve stability of region autodiscovery. See 3277.
Fixed a bug in instance discovery by adding pre-production environment (PPE) domains to known endpoints. See 3265.

Fundamentals

Improved automated performance microbenchmarks to better reflect common scenarios See 3297 and wiki.

4.43.2

Bug Fix

MSAL will now allow the use of different scopes when acquiring access tokens using a cached refresh token in long running On-Behalf-Of processes. See 2817.

4.43.1

Bug Fix

MSAL now uses WebView1 instead of WebView2 for AcquireTokenInteractive with AAD or ADFS authority because WebView2 doesn't support SSO. See 3270.

4.43.0

New Features

Added Intune Mobile App Management (MAM) support for Android. See 3185.
MSAL.NET Cache Extensions now protects plaintext cache files with owner only read/write permissions.See 3186, 169.

Bug Fixes

Client capabilities flags are correctly passed to Android Broker. See 3203.
Fixed WithAccount(result.Account) to work when using WAM. See 3121.
Improved token cache filtering logic. See 3178, and 3233.
Fixed an error in creating UWP package for Microsoft Store upload. See 3184, 3239.
Fixed a bug to correctly sign-out an account from WAM. See 3248.
Correctly showing a browser in WSL2. See 3251.

4.42.1

Bug Fixes

Fixed a bug affecting WAM authentication with new accounts when the authority ends in /organizations. See 3217.
Fixed an error in creating UWP package for Microsoft Store upload. See 3184.

4.42.0

4.42.0

New Features

Multi Cloud Support Allows 1st party public client apps which target the public cloud to log in users from other clouds. Not supported for broker flows. Details at https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Multi-Cloud-Support-or-Instance-Aware 2524
Expose the region or error used by MSAL in AuthenticationResult.AuthenticationResultMedatadata and in logs. See 2975
App protection (true MAM) support for iOS. See 2894

Bug Fixes

Fix a bug causing an "Sequence Contains No Elements" exception This occurs in rare circumstances when saving the token cache. 3130
Fix a bug causing an "ArgumentOutOfRangeException: the relative expiration value must be positive" exception This occurs in rare circumstances when saving the token cache. 2859
Default OS account login with MSA fails This affects some first party applications (MSA passthrough) when using WAM 3157
WwwAuthenticateParameters should not expose Resource 3144

4.41.0

4.41.0

New Features:

MSAL now uses the WAM AAD plugin's account selector if authority is AAD only. This overcomes the issue of console apps not being able to display the account picker and other issues with Account Picker instability. See 2289
Added OnBeforeTokenRequest public API which allows to execute a custom delegate before MSAL makes a token request. and enables support for legacy Proof-of-Possession implementations. See 3114
Added kid in cache keys for client credential flows using Proof-of-Possession. See 3115
Improved the error message when both region and custom metadata are configured. See 3014
Exposed the ability to add a custom header text to auth dialogs such as WAM. See 3125
MSAL now supports using Linux broker via Microsoft Edge. Use WithBroker() to authenticate with Microsoft Edge system browser, if installed, which integrates with Linux broker to offer a better authentication experience. See 3051

Bug Fixes:

Added support for WAM on Windows Server 2022 and Windows 11, and improved operating system detection for future versions. See 3040
WAM is not supported on Windows Server 2016. MSAL will now fall back to browser if this OS is detected. See 2946
Fix for GetAccountAsync API by checking for null on accountId parameter. See 3118
WAM is not supported in pure ADFS environments. MSAL will now fall back to browser if the ADFS authority is used. See 2836