github AzureAD/microsoft-identity-web 4.10.0
on GitHub

6 hours ago

New features

  • Add WithExtraBodyParameters fluent API for attaching extra body parameters to token acquisition requests. See #3819.
  • Add IConfidentialClientApplicationProvider extensibility interface and CachePartitionKey support for silent token acquisition. See #3822.

Bug fixes

  • Redirect URI sanitization in authorization scenarios; centralize redirect URI validation in a shared helper. See #3825.
  • Reject dSTS-shaped Authority values with a clearer exception, steering users to use Instance + TenantId instead. See #3805.
  • Improve regex handling and adding length/timeout safeguards for SameSite User Agent. See #3811.

Behavior changes

  • B2C OpenID Connect event handler: LRU cache for issuer address. Issuer address lookups in the B2C OIDC event handler are now cached with an LRU cache, improving performance for repeated lookups. See #3821.

Dependencies updates

  • Update MSAL.NET to 4.84.1. See #3822.
  • Pin Microsoft.Kiota.Abstractions to 1.22.0 for GraphServiceClient. See #3817.
  • Bump uuid and @azure/msal-node in SidecarAdapter TypeScript test app. See #3826.
  • Bump qs in SidecarAdapter TypeScript test app. See #3829.
Check out latest releases or
releases around AzureAD/microsoft-identity-web 4.10.0

Don't miss a new microsoft-identity-web release

NewReleases is sending notifications on new releases.

Get notifications