github AzureAD/microsoft-identity-web 4.12.0

latest releases: 4.12.2, 4.12.1
4 hours ago

New features

  • Implement IAuthorizationHeaderProvider2 (from Microsoft.Identity.Abstractions 12.3.0) on DefaultAuthorizationHeaderProvider and the public BaseAuthorizationHeaderProvider, exposing the metadata-rich CreateAuthorizationHeaderInformation* surface (returning OperationResult<AuthorizationHeaderInformation, AuthorizationHeaderError>) with binding-certificate propagation. DownstreamApi and MicrosoftIdentityMessageHandler now prefer IAuthorizationHeaderProvider2 for mTLS PoP and soft-deprecate the bound-only IBoundAuthorizationHeaderProvider path (kept as a fallback for source/binary compatibility). See #3899.
  • Populate TokenAcquisitionMetadata.ExpiresOn on AcquireTokenResult from the MSAL AuthenticationResult.ExpiresOn value. See #3905.

Bug fixes

  • Finalize the DownstreamApi request (headers, query parameters, content, and customizations) before creating the authorization header, adding Authorization only after signing so request-binding providers do not include it in their signed material. See #3902.

Dependencies updates

  • Update Microsoft.Identity.Abstractions to 12.4.0. See #3899, #3905.
  • Update MSAL.NET (Microsoft.Identity.Client / Microsoft.Identity.Client.KeyAttestation) to 4.85.2. See #3896.
  • Update Microsoft.IdentityModel.Protocols.WsFederation (Microsoft.Identity.Web.OWIN) to 5.7.1. See #3900.

Don't miss a new microsoft-identity-web release

NewReleases is sending notifications on new releases.