Bump Microsoft.Identity.Web from 3.6.2 to 4.0.1

[dependabot[bot]]

Updated Microsoft.Identity.Web from 3.6.2 to 4.0.1.

Release notes

Sourced from Microsoft.Identity.Web's releases.

4.0.0

4.0.0

Breaking Changes

Removed support for .NET 6.0 and .NET 7.0 - Microsoft Identity Web 4.0.0 no longer targets .NET 6.0 and .NET 7.0, following Microsoft's support lifecycle. The supported target frameworks are now .NET 8.0, .NET 9.0, .NET Framework 4.6.2, .NET Framework 4.7.2, and .NET Standard 2.0.

See MIGRATION_GUIDE_V4

New features

• Various improvements to performance logging, authentication, and credential loading capabilities.
• Bumped MSAL.NET to 4.77.1
• Added credential description extensibility. For details, see #​3487
• Added a new CerticateObserverAction type: SuccessfullyUsed and support for multiple certificate observers for improved certificate lifecycle management and telemetry. See #​3505
• Add specification of OID (in addition to upn) when requesting an authorization header for Agent User Identity. See #​3513
• Added ClaimsPrincipal and ClaimsIdentity extension methods for agent identity detection in web APIs enabling developers to easily detect agent identities and retrieve parent agent blueprint from token claims. See #​3515
• Added MicrosoftIdentityMessageHandler for flexible HttpClient authentication. Provides composable alternative to DownstreamApi with per-request authentication configuration. Supports WWW-Authenticate challenge handling. See #​3503
• Support for multiple certificate observers. See #​3506
• The Microsoft.Identity.Web.Sidecar will provide a container solution for validation and token acquisition in any-language. See #​3524

Bug Fixes

• Fixed TokenAcquirerFactory null reference when AppContext.BaseDirectory is root path. See #​3443
• Fixed IDW10405 error when using managed identity with common tenant. See #​3415
• Removed hard dependency on IConfiguration in OidcIdpSignedAssertionLoader. See #​3414

Fundamentals

• Various improvements to .NET support and dependency optimizations.
• Added doc for Agent identities. See Agent identities
• Combined and fixed test collections. See #​3472
• Migrate repository agent rules from .clinerules to agents.md. See #​3475
• Add .NET 6.x setup step to dotnetcore.yml workflow, as the default build agents don't have it any longer. See #​3489
• Renamed NET 7 tests to ThreadingTests for framework independence. See #​3501

3.14.1

3.14.1

Bug fixe

• Support client secrets with agent user identities. See #​3470 for details.

3.14.0

New features

• Support multi-tenant agent user identities. See #​3461 for details.
• Id Web now allows for passing of ExtraBodyParameters. See #​3463 for details.

3.13.1

3.13.1

Dependencies updates

• Microsoft.IdentityModel updated to version 8.14.0.

3.13.0

3.13.0

Dependencies updates

• Microsoft.IdentityModel updated to version 8.13.1.
• Microsoft.Abstractions updated to version 9.3.0 and using IAuthenticationSchemeInformationProvider from that library, deprecating the interface of the same name in Microsoft.Identity.Web (introduced in 3.12.0).

Bug fixes

• Fixed an issue with instantiation of TokenAcquirerFactory when AppContext.BaseDirectory is root path. See PR #​3443 for details.

Fundamentals

• Use cloud user in tests. See PR #​3441 and #​3442 for details.

3.12.0

3.12.0

Dependencies updates

• Updated MSAL to version 4.74.1 part of #​3398.

Bug fix

Reload certificates for all client credential based issues to solve the issue that when a bad certificate was installed on the machine and picked up, and subsequently rotated, a service restart was needed for the new certificate to be used. See issue #​3429 and PR #​3430

New features

• Include the thrown exception in CertificateChangeEventArg. See PR #​3428 for better supportabiliby.
• Support for Agent User identities. See PR #​3435

3.11.0

3.11.0

Dependencies updates

• Updated global.json to the latest .NET 9 runtime framework 9.0.108. See PR #​3422 for details.

Bug fixes

• Fix IDW10405 error when using managed identity with common tenant. See PR #​3415 for details.
• Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration. See PR #​3414 for details.

New feature

• Add support for ExtraHeaderParameters and ExtraQueryParameters properties on DownstreamApiOptions to simplify adding custom headers and query parameters to downstream API requests. See PR #​3413 for details.
• Add better support for Azure SDK. For details see Readme-Azure and PR #​3416

What's Changed

• Update Abstractions version and the public API files after 3.10.0 release by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3407
• Update Directory.Build.props by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3404
• Fix IDW10405 error when using managed identity with common tenant by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3415
• Add ExtraHeaderParameters and ExtraQueryParameters support to DownstreamApi by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3413
• Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3414
• Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3422
• Improved experience for Azure SDKs with Microsoft Identity Platform authentication by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3416
• Update 3.11 changelog by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3423
• update test certs by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3424

New Contributors

• @​Copilot made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3415

Full Changelog: https://github.com/AzureAD/microsoft-identity-web/compare/3.10.0...3.11.0

3.10.0

3.10.0

Dependencies updates

• Updated MSAL to version 4.73.1 (#​3398).
• Updated global.json to the latest .NET 9 runtime framework 9.0.107 (#​3385).

New feature

• Added support for Agent Identities (#​3396, #​3402).
  introducing the Microsoft.Identity.Web.AgentIdentities package .

Bug fixes

• Processed codeQL issues

Fundamentals

• improved unit tests for OidcFic with the new SignedAssertionFmiPath

3.9.4

3.9.4

Package updates

• Microsoft.IdentityModel updated to version 8.12.1.

Bug fix

• Updates the DefaultAuthorizationHeaderProvider to update the AcquireTokenOptions.LongRunningWebApiSessionKey after the token is acquired so that the key can be used in the next OBO call. See PR #​3381 for details.

Fundamentals

• Update .NET SDK version to 9.0.107 used when building or running the code. See #​3385 for details.
• Improved test coverage for managed identity flows. See #​3350 for details.

What's Changed

• Add Claims and Capability Support to Managed Identity Flows by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3350
• Adding fix for OBO cache key error in long running OBO with DefaultAuthorizationHeaderProvider by @​trwalke in https://github.com/AzureAD/microsoft-identity-web/pull/3381
• Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3385
• changelog 3.9.4 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3386

Full Changelog: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.3...3.9.4

3.9.3

3.9.3

Package updates

• Microsoft.IdentityModel updated to version 8.12.0.

Fundamentals

• Add .clinerules to help with AI tooling.
• Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added). For details see #​3379

What's Changed

• Update M.IM 8.11 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3373
• add ai assist rules by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3376
• Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3379
• changelog 3.9.3 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3380

Full Changelog: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.2...3.9.3

3.9.2

3.9.2

Package updates

• Microsoft.IdentityModel updated to version 8.11.0.
• MSAL.NET updated to version MSAL.NET 4.72.1.

Fundamentals:

• Fix invalid comparisons in prop and csproj files. For details see #​3297.

What's Changed

• Release notes and cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3367
• Remove invalid comparisons by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3368
• update to MSAL 4.72.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3369
• update 3.9.2 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3372

Full Changelog: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.1...3.9.2

3.9.1

3.9.1

Package updates

• Microsoft.Identity.Abstractions updated to version 9.1.0.

Fundamentals

• Fix AoT warnings. For details see #​3366.

What's Changed

• Fix AoT warnings (and update to Abstractions 9.1.0) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3366

Full Changelog: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.0...3.9.1

3.9.0

3.9.0

Package updates

• Microsoft.IdentityModel updated to version 8.10.0.
• MSAL.NET updated to version MSAL.NET 4.72.0.

Bug fixes

• Fixed issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See #​3323.
• Resolved IL warnings from AddDownstreamApis in NativeAOT projects. See #​3355.
• Ensured AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See #​3345.
• Prevented null reference when accessing MergedOptions instance. See #​3337.

New feature

• Added optional login_hint and domain_hint support to AccountController.SignIn endpoint. See #​3244 and #​3348.

Fundamentals

• Introduced Long-Term Support (LTS) policy. See #​3357.
• Added tests to validate xms_cc (client capability) forwarding in CCA flows. See #​3349.

External contributions

Thank you @​evan-buss for your contribution and fixing the issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See #​3323. Thank you @​neha-bhargava for your contribution and ensuring AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See #​3345.

3.8.4

3.8.4

Package updates

• Microsoft.IdentityModel updated to version 8.8.0.
• MSAL.NET updated to version MSAL.NET 4.71.0.

Bug fixes

• Fixed the issue where FmiPath was not persisted when copying/reinitializing AcquireTokenOptions. See #​3336.

New feature

• Added support for Linux-friendly devcontainers. See #​3333 and #​3339.

Fundamentals

• Removed System.Text.Json as an explicit dependency for .NET Core targets. See #​3331.

3.8.3

3.8.3

Package updates

• Updated to Microsoft.IdentityModel.* 8.8.0
• Updated to MSAL.NET 4.70.1

New feature

• TokenAcquistion.cs adds its service provider to the acquisition options. See issue #​3315 for details.

3.8.2

3.8.2

• Updated to Microsoft.Identity.Abstractions 9.0.0

New feature

• An exception is now thrown if MSAL TokenCacheNotificationArgs indicates that distributed cache is configured when it should not have been. See #​3304.
• Added support for federated identity credentials with AT_POP. See #​3299.

3.8.1

New features

• Updated to Microsoft.IdentityModel.* 8.7.0

Bug fixes

• Pins Microsoft.Extensions.Http dependency version to 3.1.3 for .NET Framework and .NET Standard and uses inbox version for .NET Core. See #​3145.

What's Changed

• Post release cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3291
• update MIM by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3292
• Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/microsoft-identity-web/pull/3294
• Make Microsoft.Extensions.Http dependency framework friendly by @​ksaaf in https://github.com/AzureAD/microsoft-identity-web/pull/3296
• Update to IdentityModel 8.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3307

New Contributors

• @​ksaaf made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3296

Full Changelog: https://github.com/AzureAD/microsoft-identity-web/compare/3.8.0...3.8.1

3.8.0

3.8.0

New feature

• Updated to Microsoft.IdentityModel.* 8.6.1
• Updated to MSAL.NET 4.69.1
• Updated the Json Schema to include extensiblity for signed assertion providers. See #​3235
• Added support for Federation Identity Credential on any OIDC Idp (FIC+OIDC credential provider). See #​3255
• Support for acquiring token for Federation Managed Identity (FMI). Supports the FmiPath property of AcquireTokenOptions. See #​3247
• Downstream APIs now support Authorization headers with a custom SAML bearer syntax. See #​3273

Bug fixes

• TokenAcquirerFactory is now thread safe. See #​3274
• Fix a bug in the parsing of the token in the authority. See #​3261

Fundamentals

• Removed old Blazorwasm sample, wasm-tools and added new blazor web API: #​3259, #​3257, #​3254
• Modified the build so that, in CI/CD internal builds, the NuGet.olg NuGet source is replaced by a managed Nuget source. More verbose information added. See #​3263
• Fixed CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity. See #​3266,

What's Changed

• Update changelog.md by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3246
• Lozensky/add fmi path by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3247
• Lozensky/perf fix graph service client by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3251
• M.IM 8.6.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3252
• Jennyf/blazor prototype by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3254
• remove old blazor apps by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3257
• Remove step for installing wasm-tools in the build by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3259
• Fix for Remove NuGet Source steps (now with enhanced logging) by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3263
• Add CustomSignedAssertion to Credentials.json by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3235
• Fix CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3266
• Add Support for Custom Saml Bearer in HttpRequest Headers by @​sthanu98 in https://github.com/AzureAD/microsoft-identity-web/pull/3273
• comment out the code coverage by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3279
• update msal to 4.69.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3281
• FIC+OIDC credential provider by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3255
• Update the IdWeb version number by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3280
• Locking Down the TokenAcquirerFactory by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3274
• Fix authority parsing logic by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3261
• Update changelog.md for Id.web 3.8.0 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3285

New Contributors

• @​sthanu98 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3273

Full Changelog: https://github.com/AzureAD/microsoft-identity-web/compare/3.7.1...3.8.0

3.7.1

3.7.1

• Updated to Microsoft.IdentityModel.* 8.5.0

3.7.0

3.7.0

• Updated to Microsoft.Identity.Abstractions 8.1.0
• Updated to Microsoft.IdentityModel.* 8.4.0

New Feature

• IdentityWeb now provides extensibility to DefaultCredentialsLoader so that partner teams, or an SDK on top of IdWeb, can bring their own credential providers. See #​3220 for details.

Bug fixes

• The merged options are now being passed to MSAL for the CCA ROPC scenario. See #​3207 for details.

What's Changed

• changelog update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3216
• Pass the assertion options to MSAL for ROPC call by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3217
• Update global.json to 9.0.102 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3222
• Bump the notsecurity group with 3 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3219
• update abstractions to 8.1.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3224
• update benchmark by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3229
• Adding Extensibility for Custom Signed Assertion Providers by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3226
• Update changelog.md 3.7.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3233

Full Changelog: https://github.com/AzureAD/microsoft-identity-web/compare/3.6.2...3.7.0

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)