github AzureAD/microsoft-identity-web 4.12.1

latest release: 4.12.2
5 hours ago

Bug fixes

  • Preserve ManagedIdentity when converting AcquireTokenOptions to TokenAcquisitionOptions in TokenAcquirer. Previously the ITokenAcquirer.GetTokenForAppAsync / GetTokenForUserAsync paths silently dropped ManagedIdentity and fell back to the confidential-client path, breaking managed-identity mTLS PoP (e.g. MISE Native). See #3914.

Behavior changes

  • Sidecar: outbound HTTP redirects suppressed by default. The sidecar no longer follows outbound HTTP redirects; a new opt-in Sidecar:AllowOutboundRedirects flag (default false) restores the previous behavior. See #3906.
  • Sidecar: per-request isolation of downstream API options. Downstream API options resolved from the singleton IOptionsMonitor are now cloned per request (including fresh ExtraParameters / ExtraHeaderParameters / ExtraQueryParameters dictionaries), preventing request-scoped values from leaking across requests or racing under concurrency. See #3919.

Fundamentals

  • Build the solution in the PR pipeline before running tests. See #3911.
  • Restore OWIN 5.7.1 packages from the internal IDDP feed in the PR pipeline. See #3912.
  • Run the PR pipeline on the Wilson pool so integration/E2E tests can access the lab KeyVault. See #3913.

Don't miss a new microsoft-identity-web release

NewReleases is sending notifications on new releases.